Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1
Cisco ACE 4710 Appliance SEVT Update
Leo Chan Consulting Systems Engineer DataCenter Big Bet Team, APAC
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 2
Agenda
Introducing Cisco ACE 4710 Appliance
ACE 4710 Architecture vs F5
Application Acceleration Deep Dive
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 3
Introducing the ACE 4710 Appliance
AVAILABLE • Virtual devices guarantee application resources & performance • Built-in security for well known protocols • Per-application sub-second failure recovery
GREEN • Virtual instead of physical devices minimizes device sprawl • Up to 400% lower power and cooling consumption over F5 • Forklift-Free upgrades via software licenses • 75% faster application roll outs
FAST • Up to 4X faster than competitor in real-world tests • 6 patents on HTTP acceleration • Asymmetric application acceleration up to 500%
3. Why You Want It
Web & App Servers
Catalyst 6500
ACE 4710 Appliance
1. Where It Sits 2. What It Does
Load Balancing
Application Acceleration
SSL Encryption
Compression
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 4
Cisco ACE 4710 Appliance - Specifications
Front
Rear
1 RU, 4 x 10/100/1000 Copper Ethernet Ports, 8GB Memory
Max Throughput: 1-4Gbps, 2G Compression, 7500 SSL TPS (Scalable via Performance License)
Built-in Security Inspection Engine for common Datacenter protocols
Embedded Browser-based Graphical User Interface
Feature license options: Virtualization (max 20 contexts), App Acceleration
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 5
Unmatched License-Based Scalability – Cisco ACE 4710 appliance
+ Comprehensive Suite of Patented Application Acceleration Technologies
Investment Protection and Pay-As-You-Grow
Throughput
1 Gbps
2 Gbps
Virtual Devices
5
20
SSL
1K TPS
5K TPS
7.5K TPS
Compression
100 Mbps
500 Mbps
1 Gbps
4 Gbps
2 Gbps
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 6
ACE 4710 Appliance Extends ACE Portfolio
XML Switching
ACE 4710 1 Gbps
ACE 4710 2 Gbps
Appliance (1-4 Gbps)
ACE AppScope ACE GSS
20K DNS RPS
ACE XML
Gateway Manager
ACE Networking
Manager
Global Products and Tools
Application Switching
ACE XML Gateway 30,000 TPS
ACE Module 8 Gbps
ACE Module 16 Gbps
ACE Module 4 Gbps
Module (4-16 Gbps) +
Multi-Module (64 Gbps)
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 7
One physical device
Traditional device Single configuration file Single routing table Limited RBAC Limited resource allocation
100%
Multiple virtual devices (partitioned control and data path)
25% 25% 20% 15% 15%
Cisco Application Services Virtualization Distinct configuration files Separate routing tables RBAC with Contexts, Roles, Domains Management and data resource control Independent application rule sets Global administration and monitoring
Cisco ACE Virtual Devices
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 8
Fully integrated Role Based Access Control Four main levels of actions over categories
of commands Create/Delete Modify Debug Monitor
Roles are defined by specifying which actions can be performed on the sets of commands
Eight Pre-defined roles New roles can be created to adapt to different
organization structures
ACE 4710 Role Based Administration
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 9
Cisco ACE 4710: Base Features Recap
ACE 4710 runs v1.8 software, 99% identical to the ACE module v1.6 features + more Supports the following load balancing algorithms/predictors:
Least connections, Round robin, Hash on src, dst, cookie, header, URL
15 different native health probe types: icmp, tcp, udp, echo {tcp|udp}, finger, http, https, ftp, telnet, dns, smtp, imap, pop, radius Custom health probes using Toolkit Command Language (TCL)
Supported sticky/persistence methods Source and/or destination IP address, HTTP Header (includes URL), Cookie: Dynamic cookie learning, Cookie Insert Supports replication of sticky table entries on the standby ACE
Active/Active Stateful Redundancy using multi-contexts e.g. Context A: active in Unit 1, standby in Unit 2 Context B: active in Unit 2, standby in Unit 1
Built-in Stateful Firewall And DoS Protection For DC Protocols: ICMP, DNS, RTSP, FTP, Strict FTP, HTTP, HTTPS High performance NATing and ACLs: 64k NAT entries, 40K ACLs
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 10
Cisco ACE 4710 Appliance Manageability
XML Interface Configuration, Provisioning and Monitoring All features on ACE can be configured using XML over HTTP / HTTPS
SNMP SNMP agent is virtualized to allow SNMP settings per virtual device
ACE supports SNMP v1, v2c and v3
CLI: Modular Policy Command (MPC) Structured IOS-like CLI based on C3PL (Cisco Common Class-based Policy Language) Familiar class-map, policy-map; New HTTP parameter map
Embedded Device Manager Intuitive Graphical User Interface for simplified and standardized service provisioning for basic,
advanced, and expert users
Secure user access through SSL-encrypted HTTP GUI
Role-based access control (RBAC) to isolate users to specific capabilities and domain
Application Network Manager Centralized provisioning, operations, and monitoring of multiple Cisco Application Control
Engine (ACE) devices, including ACE modules and ACE 4710 appliances
Definable threshold crossing alerts with external notifications
Pre-Staging of service updates for later deployment during a maintenance window
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 11
ACE 4710 Embedded Device Manager: Network Configuration
Configuration by “point and click” with no CLI required!
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 12
ACE 4710 Embedded Device Manager Configure Basic Server Load Balancing
Easy to use Server Load Balancing
configuration.
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 13
ACE 4710 Embedded Device Manager Configure Basic Server Load Balancing
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 14
Application Acceleration
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 15
Cisco ACE 4710 Appliance Accelerates Web Application Performance
ACE 4710 Appliance
Branch
VPN Users
Remote Users
Custom Apps
500% Improvement in Response Times 80% Decrease in Bandwidth Usage
Comprehensive Suite of
Patented Technologies
SERVER OFFLOAD
LATENCY REDUCTION
BANDWIDTH REDUCTION
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 16
Cisco ACE 4710 Server Offload – More Efficient Servers Challenges: Server resource contention forces customers to deploy large
number of web and application servers.
Solution: Cisco ACE 4710 can offload many functions from servers and allow more efficient use of operating system resources for applications
TCP Reuse: Reduces number of established TCP connections to the server farm
SSL Acceleration: Offloads web server from SSL connection handling HTTP Compression: Compresses web content on behalf of the web
server Dynamic Caching: Reduces application and database load by increasing
cache TTL based on application server load ACE 4710
Appliance
Compression
Benefits: Reduced size of application server farms Improved application response for dynamic content for all users even at
peak load
TCP
SSL
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 17
Cisco ACE 4710 Bandwidth Optimization
Challenges : Poor application response for remote users with low bandwidth connections (Roaming Users, 56k Dial-up, Shared DSL/Cable modem)
Solution: Cisco ACE 4710 improves congested last-mile content delivery by optimizing bandwidth usage between datacenter and client web browser.
HTTP Compression: Reduces HTML, XML, and embedded HTML object sizes Delta Optimization: Sends only differences for dynamic HTML pages JIT Acceleration (Dynamic Etag): Avoids repeated downloads of objects already in
browser cache
Benefits: Acceleration of download times for modem and broadband users Acceleration of static, dynamic, and secure content 80% Reduction in site bandwidth requirements Reduction in the required number of Web servers and increased site capacity
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 18
Cisco ACE 4710 Latency Reduction
Challenges: Poor application response for remote users with high latency connections
Remote Branch Office, Remote/Roaming Users, Satellite Connection
Solution: Cisco ACE 4710 appliance improves slow last-mile content delivery by efficiently managing communication between Web browser and Web server.
Flash Forward: Minimize requests made by the web browser across the WAN for objects such as java script, style sheets, images, flash, etc.
Benefits: Improved application response for remote users Reduced network congestion Reduction in the required number of Web servers and increased site
capacity
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 19
Cisco ACE 4710 Server Offload - Dynamic Caching Enables the Cisco ACE 4710 to fulfill requests for dynamic or personalized
information Offloads application servers and databases Significantly improves application response time, reduces the server load, and
enables more concurrent users to be served Improved scalability and lower ongoing server upgrade costs Example: http://xyz.com/dosomething.jsp?action=browse&level=1 (cacheable content) http://xyz.com/dosomething.jsp?action=browse&level=2 (cacheable content) http://xyz.com/dosomething.jsp?action=login&username=john (non-cacheable content)
Remote User Shared DSL
Roaming User 56k Dial-up
Branch Office 128k Leased
line
Problem: Client requests dynamic content from server
Problems: Dynamic content requires significant
application server and database resources.
Application and database server save
CPU and Memory resources.
ACE 4710: Up to date content returned
directly from ACE dynamic cache.
Dynamic Caching
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 20
Embedded objects referenced in HTML container pages are served with Expires: which sets expiry in the future.
On 2nd visit, Browser will not send GET for objects in cache if the current date & time is not greater than the object expiry date.
This reduces the total number of HTTP requests for subsequent visits to the same page.
Benefits: Decreased page download time Decreased network congestion Decreased number of requests to origin server
Cisco ACE 4710 Flash Forward
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 21
Object Download Without FlashForward
Client Server
HTTP Request “foo.gif”
Forward Response 200 OK “foo.gif”
Each subsequent request on “index.html” will trigger HTTP IMS Request “foo.gif”
Forward Response 304 “Not Modified” (if “foo.gif” is not modified)
Forward Response 200 OK “foo.gif” (if the “foo.gif” has changed)
HTTP Request: “index.html”
Forward Response 200 OK “index.html” (contains object “foo.gif” )
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 22
Object Download With FlashForward
Client ACE Server
HTTP Request “foo_ACE1111.gif”
Forward Request “foo.gif”
Response 200 OK Forward Response 200 OK “foo_ACE1111.gif” with a long expiry time Browser Never Checks Freshness on “foo_ACE1111.gif” for subsequent requests on “index.html”
HTTP IMS Request “foo.gif” HTTP “304 NM” Response
HTTP IMS Request “foo.gif”
Response 200 OK Forward Response 200 OK “foo_ACE2222.gif”
HTTP Request “index.html” Request “index.html”
Response 200 OK (contains “foo.gif”)
HTTP Response 200 OK (contains “foo_ACE1111.gif”)
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 23
Cisco ACE 4710 Delta Optimization ACE delta optimization applied to dynamic web applications such as
.Net J2EE SAP Oracle Siebel Lotus
Enables dynamic update of client browser caches with content differences or deltas
Observes and modifies HTML content that flows through it to achieve bandwidth savings and user download performance.
Results in bandwidth savings and improved end-user experience
Remote User Shared DSL
Roaming User 56k Dial-up
Branch Office 128k Leased
line
Dynamic HTML page updates on each
visit – 150K
Problem: Entire 150K page served on each
visit
ACE 4710 Solution: Only differences sent
across the WAN
Delta Optimization
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 24
Cisco ACE 4710 Just-in-time Object Acceleration (Dynamic E-Tag)
Enables acceleration of large non-cacheable embedded objects such as: Active-X Controls Java Applets Dynamically generated images such as charts or graphs
Useful for dynamic HTML content larger than 250 KB and marked by the origin server as expired or not cacheable.
Eliminates the need for users to download these objects on each request. Results reduced bandwidth utilization and application response time.
Remote User Shared DSL
Roaming User 56k Dial-up
Branch Office 128k Leased
line
ACE 4710
ACE 4710: Eliminates download of large
non-cacheable objects
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 25
Performance (plan to increase in the future SW release): • Up to 250 Mbps throughput • 1000 concurrent connections
ACE 4710 Application Optimization Supported Features - Release A1.8 or Above Optimization Feature Function
FlashForward ACE 4710 enables effective use of web browser cache to reduce number of HTTP 304 responses necessary to view a web page.
Delta Optimization ACE 4710 optimizes the delivery of dynamic web content by only serving differences between visits to a web page.
ETag ACE 4710 enables effective use of web browser cache to reduce number of HTTP 200 responses necessary to view a web page.
Dynamic Cache ACE 4710 optimizes the delivery of dynamic web content by only serving dynamic data from ACE in memory cache.
AppScope ACE 4710 enables monitoring of HTTP transaction response times with reporting on the AVS 3180.
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 26
Application Acceleration With A Single Click
“EZ”configures ACE to accelerate web
applications for delivery over the WAN.
“Custom” provides control to modify existing acceleration policies or create new ones based
on templates.
A single click enables application acceleration
Define Your Regular SLB
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 27
Summary – More Than Just SLB The Ultimate Integrated Device For Your Apps and Server Farms
Software License-Based Scalability UNMATCHED
Network and Application Security COMPREHENSIVE
Virtualized Application Delivery Appliance with Full Role-Based Administration ONLY
Advanced Application Acceleration MOST
Energy-Efficient Application Delivery Appliance MOST
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 28