Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The network’s role in improving application security, reliability and efficiency

David Klebanov | March 21, 2011
Access to data center resources needs to be fast, secure and reliable, a significant challenge for the data center network infrastructure which is tasked to adhere to the following principles

Some load-balancers can also perform traffic optimization for a variety of Application Layer protocols, however more comprehensive functionality is often offered by dedicated traffic optimizing appliances, which have richer feature-set and L7 protocol support. Traffic optimization plays a critical role in conserving WAN link bandwidth and in most cases greatly contributes to increased network performance.

Topological positioning of traffic optimization functionality often coincides with the data center L2/L3 boundary due to a popular traffic redirection method using the WCCP protocol. Branch offices often implement traffic optimizing appliances at the edge and use WCCP redirection as well. Cisco, for example, incorporates WAN optimization functionality into a network module, which can be inserted into ISR G1 or G2 edge router for even further simplified branch topology.


Improved performance can be mainly attributed to three factors. Data redundancy elimination performs caching function where repetitive blocks of data are not transmitted across the WAN, but rather the intent to transmit them is signaled between the WAN optimizing appliances on both ends of the link. The data itself is generated on the appliance closer to the data recipient, which saves WAN bandwidth.

TCP flow optimization aims to improve slow-start behavior of the TCP/IP stack and makes TCP window size "recover" faster and more efficiently following packet loss.

Finally, application specific acceleration relies on well-known behavioral characteristics, however, you have to be careful when dealing with home-grown applications, which do not behave according to what WAN optimizing appliances expect. This can actually break them, rather than accelerate their performance.

WAN optimization shares similar challenges with the load-balancing when traffic is encrypted. Encrypted traffic needs to be decrypted by either WAN optimizing appliances or a front-end SSL termination point in order to make full use of the application delivery acceleration.

Virtual appliances

Multi-tenancy and infrastructure-as-a-service concepts, which feed into the cloud computing models, represent a different set of design considerations in regard to the data center infrastructure service delivery. Cloud computing makes use of pervasive server virtualization technologies, where server mobility for the purposes of distributed resource management or disaster recovery becomes essential component of the solution portfolio.

As discussed, stateful service appliances rely on traffic flow symmetry to have visibility into bi-directional communication between clients and servers. This principle has heavy implications when virtual server mobility is concerned, because it means that even after the mobility event, bi-directional client-server communication needs to pass through the original set of service appliances where the initial traffic flow state was created prior to the VM move, even if that means that Data Center Interconnect link needs to be crossed. Such flow will incur additional network latency and potentially run into bandwidth issues resulting from the fact that original service appliances act as a "fan-out" for this type of traffic.


Previous Page  1  2  3  4  5  Next Page 

Sign up for Computerworld eNewsletters.