Home |  Log In  |    
Traction Networks LLC - Buy Refurbished Load Balancing Solutions NOTE: Expert LTM, GTM, APM, ASM, AFM, BIGIP and 3DNS Consulting from Tractionet!
Please Click here to contact us to discuss your BIG-IP consulting needs!  
Or call us at 1-208-362-3345 to discuss your BIG-IP or 3DNS needs!     
Home   FAQs    Customer Service    Learn More    News    About    Contact   
Global Load Balancing (6)
Server Load Balancing (30)
Firewalls (2)
Blade Servers (2)
Link Balancing /Link Aggregation (6)

Specials ...
New Products ...

Browse Manufacturers:

Industry News

New ServerIron OS provides Link Balancing and Denial of Service protection

Foundry Networks Inc. is debuting a new operating system for its ServerIron switch that will allow the load-balancing platform to control high-level traffic based on XML tags, HTTP headers, and firewall functions.

As part of the IronWorks 9.0 release, firmware for FPGAs already used in the ServerIron switch will upgrade the chips to better cope with denial-of-service attacks by making the switch act as a TCP SYN proxy.

Foundry is best known for its edge routers and switches for enterprise and metro carrier applications. The ServerIron server-load balancers, introduced three years ago, pit the company directly against rivals like Alteon Websystems Inc. and F5 Inc.

A key factor in effective load-balancer design is not merely offering best access performance but having a purpose-built architecture that will allow switching based on many attributes of traffic at Layers 4 (transport) through 7 (application).

The new software allows traffic to be switched based on XML tags and HTTP header fields. Foundry has been careful to distinguish the former feature from the specialized XML content switches offered by newer specialists like Sarvega Inc.

The ServerIron switch now serves two distinct proxy functions. For HTTP client traffic, the switch terminates all TCP traffic and operates as an HTTP proxy, aggregating multiple client links to the server. In DoS attacks, when SYN floods are initiated by malicious users, the switch acts as a TCP SYN proxy (SYN is a flag for the first stage of a TCP handshake).

Foundry made two improvements to its network management software as part of the OS release. Configuration updates for ServerIron switches are now handled directly through IronView network management software. For more detailed monitoring of switches, Foundry is using the sFlow flow analysis mechanism specified in the Internet Engineering Task Force RFC 3176 standard. The packet sampling used in sFlow is directly implemented in ServerIron ASICs, and is able to be analyzed by the network management system.

Foundry is implementing a new capability for the ServerIron which will allow the switch to be used in a unique application, as a means of selecting links from an enterprise to two different Internet service providers. The link load balancing function measures link bandwidth and response time, and compares pricing of an ISP link as a function of time, packets and bandwidth. It then chooses the most effective link dynamically.

In smaller enterprises, separate ServerIron switches could be used for external ISP link and internal firewall balancing which is why Foundry made a smaller switch. In larger companies, one switch can serve both ISP and firewall functions, though Foundry will recommend only higher-end systems that offer more ASIC-based performance, to serve required dual functions.

Click for Live Support!

Read our FAQs