Deploying Content Switching

Content Switching Mark Verbloot Systems Engineer mverbloo@cisco.com Agenda • Foundational concepts • Content switching • Deployment scenarios • Summary Foundational Concepts Traditional Web Growth “ UNIVERSITY In 1996 we had 3 Web Servers In 1998 we had 160 Web Servers In 1999 we had over 800 Web Servers Chris Dodds CFO Charles Schwab Inc. April 2000 UNIVERSITY ” Web Traffic Characteristics • Asymmetric Primarily Server to Client • Short Lived Flows High “Call” Set up rates Short Flow Duration 5-50 Larger Packets (Server to Client) • Multi-Protocol Web TCP, UDP, HTTP, FTP, RTP, etc. 80% HTTP Initiated Internet 5-10 Small Packets (Client to Server) • 90/10 Rule Hot Content & “Flash Crowds” Increasing % Dynamically generated • Connection Duration Depends on RTT - Bandwidth Bottlenecks – Server Load Content Size Protocol Server Behavior Under Load • Servers are finite resources • Server response time is influenced by: Kbps 8 7 6 5 4 3 2 1 0 4am 8am Noon 4pm 8pm 12am CPU utilization Stack NIC Applications Response Time Secs Max Server Capacity Time of Day Content Switch performance >= Sum (servers performance) + bursting capacity Inflection Point Hits per Second Content Switches are used to • Scale server based services (applications) • Services are constrained by: Distance Bandwidth Server capacity • Scale traditional enterprise apps: (TN-3270—Telnet, FTP) • Scale SP service offerings and Intranet apps Hosting, E-Commerce CANNOT SHOULD NOT - Give up security and high availability - Introduce single point of failure - Create bottlenecks or force network architecture changes MUST PROVIDE - L2/L3 Edge Services and provide seamless interoperability Scaling Properties 7 6 5 4 3 2 1 0 4am 8am Noon 4pm 8pm 12am Response Time Secs 8 Scaling Properties •Performance Metrics •Scaling Metrics Inflection Point Server Capacity Hits per Second METRIC: a carefully specified quantity relating to performance and reliability RFC2230 - Framework of IP Performance Metrics Key Performance Metrics Connections Per Second Concurrent Connections Throughput Key Scaling Metrics Real Servers VIPs Content Rules/Policies Connections Per Second CPS must be >= Max number of Content Requests to Site During Peak Time • Typically limited by uplink bandwidth Real workloads show 20 flow setups/1 mbps On a 100 Mbps uplink, 2000 CPS On a 1 Gbps uplink, 20,000 CPS • Inversely proportional to Ave. content size • Perspective 1 million hits/day = 11.6 requests/sec!! 1 billion hits/day = 11,574 requests/sec!! “HIT EQUIVALENT TO HTTP request” Concurrent Connections • Function of: Connections per second (CPS) Connection duration (CD) • CC = CPS * CD • Example 1 million hits/day, 15 sec ave. connection duration CC = 11.6 CPS * 15 = 174 1 billion hits/day, 15 sec ave. connection duration CC = 11,574 CPS *15 = 173,610 Throughput (PPS) • Comparable to L2/L3 switches • Function of average packet size • Asymmetric nature of web traffic drives Low forwarding performance requirements inbound (i.e. client to server) Larger average packet size outbound (i.e. server to client) • In general, wire rate at L2 is sufficient ‘cause average transaction size is not efficient’ 100 Mbps = 74,000 PPS 1 Gpbs = 740,000 PPS Summary of Considerations • Overall performance is limited by server farm access speed • Consider the ratio of short lived – long lived flows • Understand the peak demands Load Balancing Techniques What Is Load Balancing Virtual Server 1 10.10.10.50 http www.testnet.com 10.10.10.50 ftp.testnet.com 10.10.10.50 Real Server Real Server Real Server Real Server Real Server Virtual Server 2 10.10.10.50 ftp A DNS Server Clients C Load Balancing Traditional Approach • Horizontal scaling vs. vertical scaling • Horizontal scaling techniques DNS round robin • SLB scaling: Mapping a single IP address to many real servers Round Robin DNS Data Center 1 Internet Client Intranet Data Center 2 SLOW • Round robin DNS rotates sequentially through small host list • Offline servers still participate • All servers receive equal traffic volume regardless of their capacity • Server load is not considered when directing traffic to each server • DNS caching issues SLB Overview Virtual Server 1 10.10.10.50 http www.testnet.com 10.10.10.50 ftp.testnet.com 10.10.10.50 Real Server Real Server Real Server Real Server Real Server Virtual Server 2 10.10.10.50 ftp A DNS Server Clients C SLB Modes of Operation • Basic SLB modes On packets destined to the virtual server’s IP address Dispatch Rewrites the destination MAC address using the selected real server’s MAC addresses Directed or NAT Rewrites the IP and MAC addresses using the selected real server’s IP and MAC addresses Dispatch Mode Client IP 10.10.20.50 MAC 0000.000c.0001 Server1 Router IP 10.10.20.1 MAC 0000.0000.a001 Router IP 10.10.10.1 MAC 0000.0000.a002 MAC 0000.0000.dd01 eth0 10.10.10.100 eth0:0 10.10.10.50 IP Network Virtual IP Address 10.10.10.50 Server2 MAC 0000.0000.dd02 eth0 10.10.10.101 eth0:0 10.10.10.50 DST MAC Address 0000.0000.a001 SRC MAC Address 0000.000c.0001 SRC IP Address 10.10.20.50 DST IP Address 10.10.10.50 Protocol Headers (TCP/UDP) Data DST MAC Address 0000.0000.dd01 SRC MAC Address 0000.0000.a002 SRC IP Address 10.10.20.50 DST IP Address 10.10.10.50 Protocol Headers (TCP/UDP) Data Directed Mode / NAT Client IP 10.10.20.50 MAC 0000.000c.0001 Server1 Router IP 10.10.20.1 MAC 0000.0000.a001 Router IP 10.10.10.1 MAC 0000.0000.a002 MAC 0000.0000.dd01 eth0 10.10.10.2 IP Network Virtual IP Address 10.10.10.50 Server2 MAC 0000.0000.dd02 eth0 10.10.10.3 DST MAC Address 0000.0000.1d00 SRC MAC Address 0000.000c.0001 SRC IP Address 10.10.20.50 DST IP Address 10.10.10.50 Protocol Headers (TCP/UDP) Data DST MAC Address 0000.0000.dd01 SRC MAC Address 0000.0000.a002 SRC IP Address 10.10.20.50 DST IP Address 10.10.10.2 Protocol Headers (TCP/UDP) Data Load Balancing Algorithms • Server Load Balancing Non Sticky Round robin, weighted RR, least conns, max conns, dynamic Sticky Source ip, source ip-dest port, cookie, SSL-ID, URL • Firewall Load Balancing SRC / DST IP hash, non hashed • Cache Load Balancing Domain Hash • SSL termination device load balancing Content Switching Beyond Layer 4 Layer 5 rules match on content & forces delayed binding Layer 7 Layer 6 Layer 5 IP & Related Protocols Owner acme.com content layer5_rule vip address 192.168.1.1 protocol tcp port 80 url “\*” Layer 4 rules match on socket or VIP & socket Owner acme.com content layer4_rule vip address 192.168.1.1 protocol tcp port 80 Layer 3 rules match on VIP only Layer 4 Layer 3 Layer 2 Layer 1 Owner acme.com content layer3_rule vip address 192.168.1.1 What is Content Switching Select Web based • • • server / Server farm URL components on Wildcard + Extension / Extension Qualifier List (EQL) Exact Directory Path / List of matching paths (URQL) Exact Host Tag, Wildcard Domain, or Domain Qualifier List (DQL) Eg *.html, *.gif, *.cgi Eg /sport/*, /finance/*, /finance/dept1/* Eg www.cisco.com, www.cis*.com, *.cisc*.com Content Switching : Benefits • Removes the need for “BLIND” content replication • Partition content to server farms by type: *.cgi, *.html • Partition content by Domain Name for Virtual Hosting or Customers with >1 Domain Name • Partition large sites by Directory Content Switching Static Images TCP Session Handshake HTTP-GET Internet CSS proxies session Until it receives HTTP-GET and Header information. Streaming Media Dynamic Content Lola IP: 171.68.62.5 Reg. HTML Content Switching Static Images TCP Session Handshake HTTP-GET Streaming Media Dynamic Content Lola IP: 171.68.62.5 CSS parses HTTP Header Selects appropriate Delivery Device for transaction. Reg. HTML Content Switching Static Images TCP Session Handshake Streaming Media Dynamic Content T n GE si-o es TP HS PT TC Lola IP: 171.68.62.5 CSS establishes TCP Session with host. Sends URL Request. Reg. HTML Content Switching Static Images TCP Session Handshake Streaming Media Dynamic Content P TC ion ss Se CSS Splices Connections Lola IP: 171.68.62.5 Reg. HTML Content Switching Static Images Streaming Media CSS Splices Connections Object is delivered to The client device Lola IP: 171.68.62.5 Dynamic Content Reg. HTML What is Delayed Binding? Client Consult layer5 rules for match on content SYN SYN/ACK ACK HTTP GET:index.html Initiate TCP session to server based on balance method in matching rule SYN SYN/ACK SLB Device Front & Back TCP connections are spliced together HTTP Response Subsequent HTTP Gets ACK HTTP GET index.html HTTP Response Server HTTP header Field Load Balancing • User-Agent Load Balancing Ability to direct users based on agent field (Netscape or IE, WAP , PDA etc.) • Language Load Balancing Ability to direct users based on language field • Pragma / Cache-Control Users can be directed to origin server when pragma / cachecontrol field equals “no-cache”. • Host Ability to direct users based on Internet host and port number being requested inside the URL HTTP 1.1 Persistence Remapping • Ability to remap flows to different backend servers or origin servers without issuing a redirect. • Addresses Microsoft’s IE version 5.0 multiple gets limitation • Significant performance gains Redirection cause increase in RTT • Simplifies partitioning of content Sticky Load Balancing The Persistence Problem Hey, where some Let’s buy did my grocery list go? groceries! 10.0.0.1 ? Lola IP: 171.68.62.5 Internet www.grocery.com 10.0.0.2 10.0.0.3 10.0.0.4 HTTP SSL Solving the Persistence Problem – Cookie Sticky I love shopping Let’s buy some on the web! groceries! 10.0.0.1 Internet www.grocery.com 10.0.0.2 Lola IP: 171.68.62.5 Cookie Server 10.0.0.4 SLB Tracks cookie info 10.0.0.3 10.0.0.4 Issues: • Performance • Maintenance • Only for Clear Text HTTP HTTP SSL Passive Cookie Client SYN SYN/ACK ACK HTTP GET w/o Cookie SLB Device Server SYN SYN/ACK ACK HTTP GET w/o Cookie HTTP Response Set Cookie HTTP Response Set Cookie Subsequent HTTP Gets will have Cookie embedded Active Cookie Client SYN SYN/ACK ACK HTTP GET w/o Cookie SYN SYN/ACK ACK HTTP GET w/o Cookie HTTP Response w Cookie set by SLB HTTP Response w/o Cookie SLB Device Server Solving the Persistence Problem – SSL Sticky ILet’s buy some love shopping on the web! groceries! 10.0.0.1 Internet www.grocery.com 10.0.0.2 Lola IP: 171.68.62.5 10.0.0.3 SSL Session ID:4 SLB Tracks SSL ID # 10.0.0.4 Issues: • IE 5.0 SSL Timeout • Performance • All Traffic must be SSL HTTP SSL Solving the Persistence Problem – HTTP Redirection ILet’s buy some love shopping on the web! groceries! 14.56.72.1 Internet www.grocery.com 14.56.72.2 Lola IP: 171.68.62.5 14.56.72.3 Redirect to www4.grocery.com www4.grocery.com 14.56.72.4 Issues: • Maintenance • DNS Server must have all domain names • Bookmarks on Web Browser HTTP SSL Solving the Persistence Problem – SSL Offload I love shopping Let’s buy some on the web! groceries! SSL Appliance 14.56.72.1 Internet www.grocery.com 14.56.72.2 Lola IP: 171.68.62.5 14.56.72.3 SSL terminated and Cookie can still be used www4.grocery.com 14.56.72.4 HTTP SSL Solving the Persistence Problem – Redesign the Site I love shopping Let’s buy some on the web! groceries! 10.0.0.1 Internet www.grocery.com 10.0.0.2 Lola IP: 171.68.62.5 10.0.0.3 Session Persistence Agent 10.0.0.4 Backend Database holds state information HTTP SSL Session Persistence Session Persistence Method No Proxy No Proxy HTTP Only E-Commerce Traffic Traffic No Proxy SSL Only Traffic One or More One or More Proxies Proxies HTTP E-Commerce Only Traffic Traffic One or More Proxies SSL Only Traffic Source IP Sticky Cookie Sticky SSL Sticky HTTP Redirection SSL Offload SSL Acceleration Hardware Based SSL Termination Device • Performs all SSL protocol processing, including SSL handshake and decryption/encryption SSL Termination Appliance Allows back-end Web servers to handle content-specific tasks at peak performance level • Handles all certificate information and key negotiation during SSL session • Devices can be load balanced for scalability • Typically 1U rack-mountable, redundant 10/100 ports How the Solution Works SECURE SECURE CONTENT CONTENT REQUEST SERVED • Content switch directs incoming HTTP-S requests to the SSLdevice • Once decrypted (HTTP Port 81), content switch has clear-text visibility into request • Request is sent back to SSL-device, encrypted, and sent back to user WAN ROUTER INTERNET USER HTTP-S HTTP L2/3 SWITCH CISCO CSS 11000 SERIES SWITCH SSL-RACK ACCELERATORS ORIGIN WEB SERVERS Firewall Load Balancing FWLB - Description • Allows firewall throughput to scale by distributing traffic over multiple firewalls • Support for transparent and proxy devices • Typically uses a deterministic load balancing algorithm • Different vendor firewalls can be balanced within the same cluster • Supported on CSS and CSM CSS Firewall Load Balancing Master CSS Vlan 10 Backup CSS Firewall Routes : fwa1 fwb1 bottom_CSS VLAN30 fwa2 fwb2 bottom_CSS VLAN30 fwa2 fwb2 fwa1 fwb1 Vlan 20 VIP A Active VIP A Backup Master CSS Vlan 30 Backup CSS Firewall Routes : fwb1 fwa1 top_CSS 0.0.0.0 fwb2 fwb1 top_CSS 0.0.0.0 Optional Backup Links CSM Firewall Load Balancing – option 1 Conventional “Sandwich” configuration • Non hash based algorithm support for non buddied protocols + + CSM Firewall Load Balancing – option 2 Single switch configuration • Possible security policy concerns + Global Server Load Balancing Multi Site Load Balancing • Global Server Load Balancing is invoked before Content Load Balancing or Firewall Load Balancing • It works for any type of IP service, not just HTTP traffic. • Typical uses are: Site Redundancy Scalability via multiple Data Centers (Distributed Load Balancing) Intelligent Data Center Load Balancing (Proximity or Least-Loaded) Distribution of Content over Multiple Sites CSS Dist-3 WWW CSS Dist-4 WWW CSS Dist-2 WWW CE CE CSS Dist-5 WWW CE CE CSS Dist-1 CE WWW Content Routing / Internet CAPP CSS Dist-6 CE WWW CSS Core-1 Group CE CE Group CE CE CSS Core-2 Group CE CE Group CE CE WWW DB WWW DB DNS Delegation Insertion DNS Proxy Authoritative DNS is delegated for subdomains by: Inserting an NS record for www.foo.com on the authoritative server for foo.com Inserting an A record for cr1.foo.com into foo.com Adding an SOA between ns1.foo.com and cr1.foo.com Root DNS for “.com” Authoritative DNS for “foo.com” --ns1.foo.com Authoritative DNS for www.foo.com --cr1.foo.com Multi Site Load Balancing - Overview • Global Server Load Balancing can be implemented using 3 methods :The Content Aware Peering Protocol (CAPP) is used by the CSS / CSM to exchange server load and availability information. Content Routers (appliances) probe content routing agents (CRAs) such as the CSS to determine geographic proximity. The redundant site takes the place of the primary site using the same IP address – Route Health Injection Multi Site Load Balancing - CAPP • When two or more CSS / CSM communicate, they use CAPP (formerly named ArrowPoint Peering Protocol (APP)). • An CAPP session allows the exchange of content information. • CAPP communicates over TCP port 5001 by default. • The CAPP session is in the clear by default. It can be encrypted. Multisite load Balancing - ‘Boomerang’ Race System Client DNS CR Measures RTT to Edge Delivery Nodes Determines Difference in OneWay Trip Time 30ms OWTT 60ms RTT 50ms OWTT 100ms RTT CRA CSS Core-1 Group CE CE Group CE CE CSS Core-2 Group CE CE Group CE CE CRA WWW DB WWW DB Multisite load Balancing - ‘Boomerang’ Race System Client DNS CR Receives Lookup Forwards A-Record to Edge Sites- staggering based on known delay Agents formulate response The Race is on! t +20ms CRA CSS Core-1 Group CE CE Group CE CE CSS Core-2 Group CE CE Group CE CE CRA WWW DB WWW DB CSM – Route Health Injection Client A Router 13 Router 11 Client B Router 10 Router 12 CSM 1 VIP x.y.w.z CSM 2 VIP x.y.w.z CSM – Route Health Injection Client A Router 13 Router 11 Client B Router 10 Router 12 CSM 1 VIP x.y.w.z CSM 2 VIP x.y.w.z CSM – Route Health Injection Client A Router 13 Router 11 Client B Router 10 Router 12 CSM 1 VIP x.y.w.z CSM 2 VIP x.y.w.z NAT Peering Sydney Data Centre Primary Servers Internet Overflow Servers Original Requests & Content Request passed onto alternate location Melbourne Data centre Content delivered directly to user Management of Content Switched Networks Content Switch Management • Issues : • 1 VIP maps to multiple Real addresses • Visibility of L2 and L3 paths • Control over L4 – L7 services • Central control is desirable Layer 3 Layer 3 Layer 2 Hosting Solution Engine 1105 Features—Benefits • Real time fault and performance monitoring of Cisco routers, switches, SLB devices, PIX and Cat 6k IDS modules • L4-7 service activation • Basic historical data reporting for all monitored devices/services • Historical data reporting—Alerted on recent service degradation • Service activation—Simplify your daily tedious task • Personalized views—I don’t have time to navigate, just show me the critical info Feature Support for Devices Devices Supported Real-time Monitoring Historical Data Reporting X X X X X X X X X -7 Service Provisioning GSR, 7xxx, 17xx, 26xx, 36xx Routers Catalyst 29xx, 35xx, 5xxx Switches Catalyst 4xxx, 6xxx and CSS 11xxx Content Switching Module— Catalyst 6000 Localdirector PIX Firewalls, Cat 6k IDS Module X X X X X X Design Guidelines Content Networking Services • It’s really all about CONTENT • How to protect it! • How to deliver it! • How to distribute it! • How to manage it! • The available elements are: • • • • Caches Content Switches Content Routers Content Managers CDM CDM Content routers Content engines Content switches Content Managers The GOAL is scale access to the content Web Servers Application & Database Servers CSS Operation • Using the CSS Redundancy is box-to-box or VRRP/VIP Content Rules are followed from least-to-most specific Scripting capabilities are powerful Topological Proximity allows the use CSS switches in a distributed fashion Dynamic load awareness allows real time traffic distribution CSM Operation HSR P prim ary IP Core HSRP stand by MSFC CSM Clients VLAN(s) Bridge mode: if CSM bridges between client and server VLANs Router Mode: if CSM routes between client and server VLANs Primary LRP Stan dby LRP Servers VLAN(s) In Router mode Only traffic destined to VIP goes through CSM Static route in CSM point to gateway of last resort In Bridge mode All traffic is bridged through the CSM Static route in CSM point to gateway of last resort Real Server addresses are reachable directly High Availability • No single point of failure introduced by content switch • System should offer predictable failover times • Whatever you design should be easy to implement and troubleshoot • Design should not compromise network architecture HA comes in two flavors Active-Active and Active-Standby Each Flavor could be used for • State-less Failover Connection state information is not maintained • Stateful Failover Connection state information is maintained Sticky table stateful failover is sometimes offered High Availability Alternatives • active-active Same or different VIPs active on both switches High Performance & redundant LB environment Common Characteristics • active-standby VIP active on single switch Highly redundant SLB environment HSRP and MHSRP or IP Routing to Upstream Switches HSRP, VRRP or RP on Content Switch VIPA Internet Server Farms VIPB High Availability Active-Active Configuration is more complex so it implies - potentially higher convergence times _bi-directional exchange of state tables_ - potentially more overhead during when using stateful failover configurations -imposes more configuration overhead • Active-Active for different VIPs is OK as long as your staff has the “know how” • Active-Active for the same VIP is not OK _because it forces network architecture_ -upstream devices need to know which next hop to send a specific packet to (PBR), or -Content switches need to exchanged state information very freque ntly _does not scale well_ VIPA Even Internet Odd VIPB VIPC VIPC Server Farms High Availability Active-Standby • Used when trying to achieve simple HA configuration • Configuration does not depend on content switch architecture • Configuration is less complex so it implies - potentially lower convergence times _no need for bi-directional exchange of state tables_ - potentially less overhead during when using stateful failover configurations - predictable traffic paths are achievable _use primary at all times except when failures occur_ -requires less skill when troubleshooting - lower configuration overhead VIPA VIPB Internet Server Farms VIPA VIPB Common Configuration • Active – Standby with .1Q trunks IP Core HSRP Primary STP Root 802.1q trunk VIP A-Active VIP B-Active HSRP Standby STP secondary Root 802.1q trunk VIP A-Standby VIP B-Standby Primary VRRP 802.1q trunk Standby VRRP 802.1q trunk Interoperability Alternatives Are Based on Default Gateway Support Location • Gateway Mode L3 services off CSS or CSM • Transparent Mode CSS or CSM appears as a transparent bridge • Aggregate Mode L4/L5 services are aggregated to set of L3 services available to the server farm Ideal alternative offers most L2—L5 services Gateway Mode: Using the CSS as the default gateway • CSS provides default Gateway support to server farm IP Core • Server farm is L2 adjacent to content switch • VRRP used for Default gateway redundancy VIP redundancy VIP A-Active VIP B-Active HSRP Primary HSRP Standby VIP A-Standby VIP B-Standby • Or use the box-to-box redundant configuration Primary VRRP Default Gateway Standby VRRP Transparent Mode: Using the CSS like a transparent bridge • Aggregation Switch provides Default Gateway support to server farm before traffic reaches CSS Content Switch “bridges” inbound and outbound VLANs Server farm is L2 adjacent to Content Switch VRRP used for VIP redundancy Next Hop Redundancy HSRP Primary Default Gateway VIP A-Active VIP B-Active HSRP Standby VIP A-Standby VIP B-Standby IP Core • • • • Or use the box-to-box redundant configuration Primary VRRP Standby VRRP Aggregate Mode: Using the CSS to aggregate L4/L5 services • Aggregation switch provides default Gateway support to server farm after traffic has gone through CSS Server farm is ** NOT** L2 adjacent to content switch VRRP used for VIP redundancy VIP A-Active VIP B-Active Default Gateway VIP A-Standby VIP B-Standby IP Core • • HSRP Primary HSRP Standby • • Or use the box-to-box redundant configuration Potential datapath bypasses content switches for non-LB traffic Primary VRRP PBR Required Standby VRRP PBR Required Gateway Mode: Using the CSM as the Default Gateway • CSM provides default Gateway support to server farm (secure mode) • Server farm is L2 adjacent to content switch • RP used for Default Gateway redundancy VIP redundancy IP Core HSRP primary HSRP standby VIP A – Active VIP B - Active VIP A-Standby VIP B-Standby • Static routes are used on the CSM Primary RP Standby RP Transparent Mode: Using the CSM like a transparent bridge • • • • • • Service or aggregation switches provide default gateway support to server farm (basic mode) CSM “bridges” client and server VLANs Server farms are L2 HSRP adjacent to CSM One-to-one mapping between client and serverprimary VLANs RP used for VIP A – Active • VIP redundancy VIP B - Active Static routes are used on the CSM IP Core HSRP standby VIP A-Standby VIP B-Standby Primary RP Standby RP Aggregate Mode: Using the CSM to aggregate L4/L5 services Aggregation Switch provides Default Gateway support to server farm after traffic has gone through CSM • Server farm is ** NOT** L2 adjacent to Content Switch • RP used for VIP redundancy • Static routes are used on the CSM HSRP primary IP Core HSRP standby PBR required VIP A-Standby VIP B-Standby Standby RP PBR required PBR required VIP A - Active VIP B - Active Primary RP PBR required • One-to-one mapping between client and server VLANs WEB Site Acceleration Using Reverse Proxying ISP-1/ Co-Lo Partner ISP-2 • Accelerate content-rich services • Increased web site capacity Cache Engine 500 Series Cache Engine 500 Series • Higher availability Content Switch PIX™ / security / Firewall manageability Gigabit Fast Ethernet Backup Links Web Servers Content Switch Database Servers Reverse Proxy Caching Co-lo Static Content Dynamic Content ISP-2 Static Content Dynamic Content Static content is usually 70% or more of a web page. This is because a web page may be dynamically formatted, but the ‘thick’ objects usually are not – i.e. GIF, JPG, MPG, etc… Content Switching Solutions Cisco Content Switching Module 200,000 CPS L4 Catalyst 6500 CSM • Specific L4-L7 Feature Set • True URL/Cookie Switching • 1 Million concurrent connections • 4 Gbps line-rate NAT • Integrated Solution leveraging all 6500 services & enabling any/all ports for content switching • All-in-One Solution for MAN/POP design where rack space is at premium. 18 Billion Connections/Day! 2.0 release: multicard support • Multiple CSM’s in the same chassis • • Config submodes for different CSM’s IOS-SLB can coexist Content Switching Platforms Today Major CSM Features/Benefits : •Very High L4 & L5 SLB Performance •Stateful Failover on Persistence •All benefits of Cat6K (L2,3 funct.) Major CSS Features/Benefits: •URL & Cookie Switching •Dedicated Content Switch •Extensive L7 Feature Set •Full Support for HTTP 1.1 •Firewall Load Balancing •SSL LB •Integrated GSLB •Extensive Server Health Checks •Flash Crowd Protection •Load balance Content engines •Generic Header Parsing •HTTPs Web Configuration Tool CSS 11800 Performance CPS (L4-L7) CSM w/Cat6K SCA11000 for SSL Acceleration CSS 11050 CSS 11150 8FE/1GE 12FE/2GE 64FE/32GE 336FE + 2GE / 114GE Density (# ports) Content Networking Products Cisco IP/TV Cisco Content Engines Cisco Content Routers Cisco Content Services Switches Cisco Content Switching Module Cisco Content Distribution Managers Cisco Secure Content Accelerator Cisco Hosting Solution Engine Summary • Understand the problem • Talk to the application developers • Design a solution with management in mind Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 93