Cisco ACE 4710 Appliance SEVT Update - Cisco - Global Home ... · • 75% faster application roll...

© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1

Cisco ACE 4710 Appliance SEVT Update

Leo Chan Consulting Systems Engineer DataCenter Big Bet Team, APAC


Agenda

  Introducing Cisco ACE 4710 Appliance

 ACE 4710 Architecture vs F5

 Application Acceleration Deep Dive


Introducing the ACE 4710 Appliance

AVAILABLE •  Virtual devices guarantee application resources & performance •  Built-in security for well known protocols •  Per-application sub-second failure recovery

GREEN •  Virtual instead of physical devices minimizes device sprawl •  Up to 400% lower power and cooling consumption over F5 •  Forklift-Free upgrades via software licenses •  75% faster application roll outs

FAST •  Up to 4X faster than competitor in real-world tests •  6 patents on HTTP acceleration •  Asymmetric application acceleration up to 500%

3. Why You Want It

Web & App Servers

Catalyst 6500

ACE 4710 Appliance

1. Where It Sits 2. What It Does

Load Balancing

Application Acceleration

SSL Encryption

Compression


Cisco ACE 4710 Appliance - Specifications

Front

Rear

1 RU, 4 x 10/100/1000 Copper Ethernet Ports, 8GB Memory

Max Throughput: 1-4Gbps, 2G Compression, 7500 SSL TPS (Scalable via Performance License)

Built-in Security Inspection Engine for common Datacenter protocols

Embedded Browser-based Graphical User Interface

Feature license options: Virtualization (max 20 contexts), App Acceleration


Unmatched License-Based Scalability – Cisco ACE 4710 appliance

+ Comprehensive Suite of Patented Application Acceleration Technologies

Investment Protection and Pay-As-You-Grow

Throughput

1 Gbps

2 Gbps

Virtual Devices

5

20

SSL

1K TPS

5K TPS

7.5K TPS

Compression

100 Mbps

500 Mbps

1 Gbps

4 Gbps

2 Gbps


ACE 4710 Appliance Extends ACE Portfolio

XML Switching

ACE 4710 1 Gbps

ACE 4710 2 Gbps

Appliance (1-4 Gbps)

ACE AppScope ACE GSS

20K DNS RPS

ACE XML

Gateway Manager

ACE Networking

Manager

Global Products and Tools

Application Switching

ACE XML Gateway 30,000 TPS

ACE Module 8 Gbps

ACE Module 16 Gbps

ACE Module 4 Gbps

Module (4-16 Gbps) +

Multi-Module (64 Gbps)


One physical device

Traditional device Single configuration file Single routing table Limited RBAC Limited resource allocation

100%

Multiple virtual devices (partitioned control and data path)

25% 25% 20% 15% 15%

Cisco Application Services Virtualization Distinct configuration files Separate routing tables RBAC with Contexts, Roles, Domains Management and data resource control Independent application rule sets Global administration and monitoring

Cisco ACE Virtual Devices


  Fully integrated Role Based Access Control   Four main levels of actions over categories

of commands Create/Delete Modify Debug Monitor

  Roles are defined by specifying which actions can be performed on the sets of commands

  Eight Pre-defined roles   New roles can be created to adapt to different

organization structures

ACE 4710 Role Based Administration


Cisco ACE 4710: Base Features Recap

  ACE 4710 runs v1.8 software, 99% identical to the ACE module v1.6 features + more   Supports the following load balancing algorithms/predictors:

Least connections, Round robin, Hash on src, dst, cookie, header, URL

  15 different native health probe types: icmp, tcp, udp, echo {tcp|udp}, finger, http, https, ftp, telnet, dns, smtp, imap, pop, radius Custom health probes using Toolkit Command Language (TCL)

  Supported sticky/persistence methods Source and/or destination IP address, HTTP Header (includes URL), Cookie: Dynamic cookie learning, Cookie Insert Supports replication of sticky table entries on the standby ACE

  Active/Active Stateful Redundancy using multi-contexts e.g. Context A: active in Unit 1, standby in Unit 2 Context B: active in Unit 2, standby in Unit 1

  Built-in Stateful Firewall And DoS Protection For DC Protocols: ICMP, DNS, RTSP, FTP, Strict FTP, HTTP, HTTPS High performance NATing and ACLs: 64k NAT entries, 40K ACLs


Cisco ACE 4710 Appliance Manageability

XML Interface   Configuration, Provisioning and Monitoring   All features on ACE can be configured using XML over HTTP / HTTPS

SNMP   SNMP agent is virtualized to allow SNMP settings per virtual device

  ACE supports SNMP v1, v2c and v3

CLI: Modular Policy Command (MPC)   Structured IOS-like CLI based on C3PL (Cisco Common Class-based Policy Language)   Familiar class-map, policy-map; New HTTP parameter map

Embedded Device Manager   Intuitive Graphical User Interface for simplified and standardized service provisioning for basic,

advanced, and expert users

  Secure user access through SSL-encrypted HTTP GUI

  Role-based access control (RBAC) to isolate users to specific capabilities and domain

Application Network Manager   Centralized provisioning, operations, and monitoring of multiple Cisco Application Control

Engine (ACE) devices, including ACE modules and ACE 4710 appliances

  Definable threshold crossing alerts with external notifications

  Pre-Staging of service updates for later deployment during a maintenance window


ACE 4710 Embedded Device Manager: Network Configuration

Configuration by “point and click” with no CLI required!


ACE 4710 Embedded Device Manager Configure Basic Server Load Balancing

Easy to use Server Load Balancing

configuration.


ACE 4710 Embedded Device Manager Configure Basic Server Load Balancing


Application Acceleration


Cisco ACE 4710 Appliance Accelerates Web Application Performance

ACE 4710 Appliance

Branch

VPN Users

Remote Users

Custom Apps

500% Improvement in Response Times 80% Decrease in Bandwidth Usage

Comprehensive Suite of

Patented Technologies

SERVER OFFLOAD

LATENCY REDUCTION

BANDWIDTH REDUCTION


Cisco ACE 4710 Server Offload – More Efficient Servers   Challenges: Server resource contention forces customers to deploy large

number of web and application servers.

  Solution: Cisco ACE 4710 can offload many functions from servers and allow more efficient use of operating system resources for applications

 TCP Reuse: Reduces number of established TCP connections to the server farm

 SSL Acceleration: Offloads web server from SSL connection handling  HTTP Compression: Compresses web content on behalf of the web

server  Dynamic Caching: Reduces application and database load by increasing

cache TTL based on application server load ACE 4710

Appliance

Compression

  Benefits:  Reduced size of application server farms  Improved application response for dynamic content for all users even at

peak load

TCP

SSL


Cisco ACE 4710 Bandwidth Optimization

  Challenges : Poor application response for remote users with low bandwidth connections (Roaming Users, 56k Dial-up, Shared DSL/Cable modem)

  Solution: Cisco ACE 4710 improves congested last-mile content delivery by optimizing bandwidth usage between datacenter and client web browser.

HTTP Compression: Reduces HTML, XML, and embedded HTML object sizes Delta Optimization: Sends only differences for dynamic HTML pages JIT Acceleration (Dynamic Etag): Avoids repeated downloads of objects already in

browser cache

  Benefits: Acceleration of download times for modem and broadband users Acceleration of static, dynamic, and secure content 80% Reduction in site bandwidth requirements Reduction in the required number of Web servers and increased site capacity


Cisco ACE 4710 Latency Reduction

  Challenges: Poor application response for remote users with high latency connections

 Remote Branch Office, Remote/Roaming Users, Satellite Connection

  Solution: Cisco ACE 4710 appliance improves slow last-mile content delivery by efficiently managing communication between Web browser and Web server.

 Flash Forward: Minimize requests made by the web browser across the WAN for objects such as java script, style sheets, images, flash, etc.

  Benefits:  Improved application response for remote users  Reduced network congestion  Reduction in the required number of Web servers and increased site

capacity


Cisco ACE 4710 Server Offload - Dynamic Caching   Enables the Cisco ACE 4710 to fulfill requests for dynamic or personalized

information   Offloads application servers and databases   Significantly improves application response time, reduces the server load, and

enables more concurrent users to be served   Improved scalability and lower ongoing server upgrade costs Example: http://xyz.com/dosomething.jsp?action=browse&level=1 (cacheable content) http://xyz.com/dosomething.jsp?action=browse&level=2 (cacheable content) http://xyz.com/dosomething.jsp?action=login&username=john (non-cacheable content)

Remote User Shared DSL

Roaming User 56k Dial-up

Branch Office 128k Leased

line

Problem: Client requests dynamic content from server

Problems: Dynamic content requires significant

application server and database resources.

Application and database server save

CPU and Memory resources.

ACE 4710: Up to date content returned

directly from ACE dynamic cache.

Dynamic Caching


 Embedded objects referenced in HTML container pages are served with Expires: which sets expiry in the future.

 On 2nd visit, Browser will not send GET for objects in cache if the current date & time is not greater than the object expiry date.

 This reduces the total number of HTTP requests for subsequent visits to the same page.

 Benefits: Decreased page download time Decreased network congestion Decreased number of requests to origin server

Cisco ACE 4710 Flash Forward


Object Download Without FlashForward

Client Server

HTTP Request “foo.gif”

Forward Response 200 OK “foo.gif”

Each subsequent request on “index.html” will trigger HTTP IMS Request “foo.gif”

Forward Response 304 “Not Modified” (if “foo.gif” is not modified)

Forward Response 200 OK “foo.gif” (if the “foo.gif” has changed)

HTTP Request: “index.html”

Forward Response 200 OK “index.html” (contains object “foo.gif” )


Object Download With FlashForward

Client ACE Server

HTTP Request “foo_ACE1111.gif”

Forward Request “foo.gif”

Response 200 OK Forward Response 200 OK “foo_ACE1111.gif” with a long expiry time Browser Never Checks Freshness on “foo_ACE1111.gif” for subsequent requests on “index.html”

HTTP IMS Request “foo.gif” HTTP “304 NM” Response

HTTP IMS Request “foo.gif”

Response 200 OK Forward Response 200 OK “foo_ACE2222.gif”

HTTP Request “index.html” Request “index.html”

Response 200 OK (contains “foo.gif”)

HTTP Response 200 OK (contains “foo_ACE1111.gif”)


Cisco ACE 4710 Delta Optimization   ACE delta optimization applied to dynamic web applications such as

.Net J2EE SAP Oracle Siebel Lotus

  Enables dynamic update of client browser caches with content differences or deltas

  Observes and modifies HTML content that flows through it to achieve bandwidth savings and user download performance.

  Results in bandwidth savings and improved end-user experience




line

Dynamic HTML page updates on each

visit – 150K

Problem: Entire 150K page served on each

visit

ACE 4710 Solution: Only differences sent

across the WAN

Delta Optimization


Cisco ACE 4710 Just-in-time Object Acceleration (Dynamic E-Tag)

  Enables acceleration of large non-cacheable embedded objects such as: Active-X Controls Java Applets Dynamically generated images such as charts or graphs

  Useful for dynamic HTML content larger than 250 KB and marked by the origin server as expired or not cacheable.

  Eliminates the need for users to download these objects on each request.   Results reduced bandwidth utilization and application response time.




line

ACE 4710

ACE 4710: Eliminates download of large

non-cacheable objects


Performance (plan to increase in the future SW release): • Up to 250 Mbps throughput • 1000 concurrent connections

ACE 4710 Application Optimization Supported Features - Release A1.8 or Above Optimization Feature Function

FlashForward ACE 4710 enables effective use of web browser cache to reduce number of HTTP 304 responses necessary to view a web page.

Delta Optimization ACE 4710 optimizes the delivery of dynamic web content by only serving differences between visits to a web page.

ETag ACE 4710 enables effective use of web browser cache to reduce number of HTTP 200 responses necessary to view a web page.

Dynamic Cache ACE 4710 optimizes the delivery of dynamic web content by only serving dynamic data from ACE in memory cache.

AppScope ACE 4710 enables monitoring of HTTP transaction response times with reporting on the AVS 3180.


Application Acceleration With A Single Click

“EZ”configures ACE to accelerate web

applications for delivery over the WAN.

“Custom” provides control to modify existing acceleration policies or create new ones based

on templates.

A single click enables application acceleration

Define Your Regular SLB


Summary – More Than Just SLB The Ultimate Integrated Device For Your Apps and Server Farms

Software License-Based Scalability UNMATCHED

Network and Application Security COMPREHENSIVE

Virtualized Application Delivery Appliance with Full Role-Based Administration ONLY

Advanced Application Acceleration MOST

Energy-Efficient Application Delivery Appliance MOST


Date post:	28-May-2020
Category:	Documents
Upload:	others
View:	7 times
Download:	0 times

Cisco ACE 4710 Appliance SEVT Update - Cisco - Global Home ... · • 75% faster application roll...

Documents