RSS
|
  ArrowPoint CSS-100 Switch: Layer-by-Layer Load-Balancing |
|
Peeling Back the Layers The CSS-100 supports advanced Layer 4 and Layer 5 functions. At Layer 4, you can define full access-control lists, so you can filter or forward traffic based on TCP or UDP port number. At Layer 5, URLs can be specifically load-balanced, or pattern matching can switch and balance entire directory trees. Layer 5 matching is handled via an on-board MIPS processor.
The CSS-100 protects your Web servers against denial-of-service attacks. Each incoming TCP session is first handled by the switch, verifying that the session is indeed a proper HTTP request. If it is not, you can configure the switch to discard the packet. By negotiating each session in this manner, you can safeguard the fragile TCP stack on your Web server from troublemakers. When load-balancing SSL (Secure Sockets Layer) connections, the CSS-100 makes sticky connections based on the host IP address. When an SSL connection is detected from a host (as in an e-commerce transaction), all packets from that IP address will go to the same server. Sessions may also be tracked based on cookies from the client. You can manage the CSS-100 in-band via serial, out-of-band via Fast Ethernet or serial, or via a built-in Java configuration program, called FlowMinder. Send your comments on this article to Joel Conover at jconover@nwc.com. |
|
 Print This Page E-mail this URL |
The CSS-100 provides extensive logging features, which can track top Web page hits, as well as load-balancing information. I used these stats to verify the proper function of the CSS-100 and to observe the number of HTTP GETs my client performed for each Web page.
