Sea Tel International Networks

Sea Tel International Networks

Products Category
Contact Us

Tel: +852 23892981
Fax: +852 35902333
E-mail: sales@sea-tel.com
MSN: info@sea-tel.com Skype: bluelgd

Partners
Sea Tel international HP cisco h3c juniper huawei avaya dlink alcatel-lucent Brocade Net Gear Extreme
News

New Features in Cisco ACE Module Software Release 2.1.0

Author:Sea Tel International Co., Limited Date:3/5/2013 10:05:56 PM
New Features in Cisco ACE Module Software Release 2.1.0

Available
Description
Benefit
GenericProtocolParsing
(GPP)
ACEhasnativeunderstandingofthefollowingprotocols:HTTP, FTP,DNS,ICMP,SIP,RTSP,ExtendedRTSP,Radiusand RDP.However,datacenterownersmayhavetodealwithmany otherapplicationscustomapplications,legacyapplications, packagedapplications,etc.
CiscoACE’sGPPfeatureenables youtoconfigureapplication switchingandpersistencepoliciesbasedonanyinformationin trafficpayloadforcustomandpackagedapplicationswithout requiringanyprogramming.
TheCiscoACEperformspayloadparsingviahardwareusinga powerfulregularexpressionenginetoobtainmaximum performanceunlikeothersoftware-basedsolutions.
ACEcanswitchcustomand packagedapplicationswithout anyprogramming.
HTTPHeader
Manipulation
CiscoACEsupportstheabilitytoinsert,deleteorrewriteHTTP
headersinbothclientrequestsandserverresponses. HTTPHeaderInsertion
ACEprovidesanabilitytoinsertHTTPheaderinrequest, responseorboth.
ConsideranexamplewhenACEusessourceNATtotranslate theclientsIP address,oftentheserversneeda waytoidentify thatclient.
ToidentifyaclientwhosesourceIP addresshasbeenNATed, youcaninstructtheACEtoinsertagenericheaderandstring valueofsourceIP addressbeforetherequestissenttothe server.
Increasedclientvisibilityfor applicationstoperform loggingandauditing.
HTTPHeaderRewrite
ACEprovidesanabilitytorewriteHTTPheaderinrequest, responseorboth.
Consideranexamplewhereaclientwantstoconnecttoa securedWebapplication.Inthisscenario,clientsendsaHTTPS requesttotheapplication.Anexternalapplicationswitch terminatestheSSLconnectionandsendscleartexttothe application.Sincetheapplicationis unawarethatincomingclient HTTPSrequestwasterminatedontheapplicationswitch,the applicationmayredirecttheclienttoanonsecuredHTTPURL ratherthantothesecuredHTTPSURL.
Tosolvethisproblem,CiscoACEapplicationswitchmodifiesthe redirectedURLfromHTTPtoHTTPSinthe“Locationheader beforesendingtheresponsetotheclient.
SecuredeliveryofSSL
contentbacktotheclient
DeleteHTTPHeader
HTTPheaderdeletioncanbeusedtostripsensitiveHTTP
headersfromserverresponses.
Forexample,bydefaultmanywebserversincludethe informationaboutthewebserversuchasversion,O/SinHTTP responseheader.Thisinformationcouldpotentiallybeusedto generatemaliciousattacks.
Inthisexample,CiscoACEcanautomaticallydeletesuch headers,thushidingtheservertypeandversionfromclients.
SecuredWebapplications
PartialServer-Farm
Failover
Currently,ifabackupserver-farmisconfigured,theprimary server-farmwouldfailovertothebackuponlywhenallthereal serversinthatserver-farmgodown.
PartialServer-farmFailoverfeatureallowstheusertospecifya minimumpercentage(eg.X%)ofrealserverstobeactiveinthe farmbeforetheprimaryserver-farmfailsovertothebackup server-farm.
Whentheprimaryserver-farmfailsovertothebackup,all currentlyestablishedconnectionswillcontinuetoexistonthe primaryserver-farm.Allnewrequestsareroutedtothebackup server-farm.
Fortheprimaryserver-farmtoreturntoservice,aminimum percentage(eg.Y%>X%)ofrealserversshouldbeactive.
CiscoACEprovidescapability tomanagewhichserverfarm (primaryorbackup)receives newtrafficbasedonthe numberofavailableReal Servers(RServers).
TCPDump
ACEcancapturereal-timepacketinformationforthenetwork trafficthatpassesthroughtheACE.
TheACEbuffersthecapturedpackets,andyoucancopythe bufferedcontentstoafileinflashmemoryontheACEorexport toEthereal.
EnhancedTroubleshooting

Available
Description
Benefit
SourceNATforVIP
SourceNATforVIPallowstoincludeaVirtualIP (VIP)address inthenetworkaddresstranslation(NAT)poolfordynamicNAT andPAT
ThisfeaturecanbeusedtoSource-NATRealServer-originated connections(boundtotheclient)usingtheVIPaddress.
Savereal worldIP addresses ontheclient-sidenetwork
SourceNATforSever
Farm
EnablessourceNATtoabackupServerFarmmultiplehops awayduringthefailureofaprimaryServerFarm
ACEcanapplydynamicNATforbothprimaryandbackupServer
Farms,formultipleoutgoingServerVLAN’s.
Providescontinuous applicationavailabilityeven duringthePrimaryServer Farmfailure.
AdaptiveResponse
Predictor
CiscoACEaddsseveralnewintelligentload-balancing predictors.
CiscoACEpredictorselectsaserverbasedonits responsetime. Responsetimesarecalculatedoverauser-configurednumberof
samplesandsupportsthefollowingthreemeasurementoptions:
SYN-to-SYN-ACK:ServerresponsetimebetweenSYNsent fromACEtoSYN-ACKreceivedfromserver
SYN-to-Close:ServerresponsetimebetweenSYNsentfrom
ACEtoFIN/RSTreceivedfromserver.
ApplicationRequesttoResponse:Serverresponsetimebetween HTTPrequestsentfromACEtoHTTPresponsereceivedfrom server.
ACEswitchesapplications basedonreal-time server/application performancedatameasured acrossavarietyofuser- configuredcriteria.
Least-LoadedPredictor
ThisACEpredictorselectstheleast-loadedserverbasedonthe valueofupto8SNMPMIBobjectsdefinedbytheuser.These objectscanbeserverresourceslikeCPUutilization,memory resources,disk driveavailability,etc.Userscanassociate weightswitheachofthemeasuredobjectsforultimategranular controlinapplicationswitching.
Least-Bandwidth
Predictor
ThisACEpredictorselectstheserverthatprocessedtheleast amountofapplicationtrafficbetweenACEandtherealservers, inbothdirections,overauser-configuredsamplingperiodand numberofsamples.
KeepaliveAppliance
Protocol(KAL-AP)
Keepalive-ApplianceProtocol(KAL-AP)ontheACEapplication switchesallowscommunicationwithACEGlobalSiteSelector (GSS),toreport
VIPandrealServersavailability
Theaboveinformationis usedbytheCiscoACEGSSfor intelligentglobalserverloadbalancing(GSLB)acrossdata centers.
KAL-APcommunicationbetweentheACEGSScanbesecured usingMD5encryption.
Globalserverload-balancing (GSLB)toprovidebusiness continuity
SimpleNetwork ManagementProtocol (SNMP)Probes
ThemainpurposeofanSNMPmessageistocontrol(set)or monitor(get)parametersonanSNMPagent,eg.webserver. SNMPusesanObjectIdentifier(OID)tospecifytheexact parametertosetorgetinanSNMPagent.
ThisSNMP-basedserverloadprobeallowstheusertoconfigure aqueryconsistingofuptoeightSMNPobjectidentifiers(OIDs) to probetheserver.Inaddition,theusercanassociateweights witheachoftheseOIDs.
Theinformationretrievedbythisprobefromtheserversis used asinputtotheLeast-loadedpredictordescribedabove.
Intelligentserverhealth monitoringusingcustomized probesinanSNMP environment
ScriptedProbes
InadditiontoexistingflexibilitytoauthorspecificToolkit CommandLanguage(TCL)scriptsuniquetocustomer environmentsforserverhealthmonitoring,ACEsupportis extendedtoexecuteACECLIcommandsviaTCLScripts
Intelligentserverhealth monitoringusingcustomized TCLscripts
HTTPReturnCode
Parsing
Thisfeatureenablesconfigurationofathresholdvaluebasedon thenumberofspecificHTTPreturncodesseeninaspecified timeframe.Whenthisthresholdis reached,theCiscoACEcan automaticallyremoveaserverfromservice.
HTTPreturncodeparsingisinvaluableinascenariowhereitis desirabletoremoveaserverfromserviceif,forexample,apage cannotbefound(e.g.manyHTTP404NotFoundresponsesare seen).Inthiscase,traditionalTCP-basedHTTPserver availabilityprobeswouldindicatetheserveris availableand responding,butwouldnotprovideinformationaboutwhetheror theserveris abletofulfillrequestsforcontent.HTTPreturncode parsingis neededinthisscenariotoprovideadditionalserver- levelinformationwithwhichtodetermineserveravailability.
Enhancedin-bandserver healthmonitoringfor improvedapplication availability

Contact Sea Tel International Co., Limited for more information.