Transcription
Repl-ACE Cisco ACE with Stingray
ReplACE Cisco ACE with Stingray Traffic ManagerContentsAre you shifting to a virtual data center, private/public/hybrid cloud? . 3Optimize, secure, and accelerate performance with Stingray products . 3Stingray Traffic Manager and Cisco ACE functional comparison . 4Cisco ACE performance figures. 6Deployment . 6Cisco ACE . 6Stingray Traffic Manager . 6Benefits provided by Stingray (not available with Cisco ACE) . 7Implementing Cisco ACE features with Stingray products . 9Features not available in Stingray . 10Stingray Traffic Manager Features: Examples and Applications . 11Conclusion . 11About Riverbed . 12 2012 Riverbed Technology. All rights reserved.2
ReplACE Cisco ACE with Stingray Traffic ManagerAre you shifting to a virtual data center, private/public/hybrid cloud?Recently, Cisco announced that they are deprioritizing Cisco ACE — often a prelude to eliminatingdevelopment on a product line. As a result, many customers want to know what the next step is for theirapplication delivery controller (ADC) strategy. For ACE customers who are shifting to virtual data centers,private clouds, public clouds, and even hybrid clouds, they know an ADC that can easily map to thesedeployment models is needed.Riverbed Stingray is a family of software and virtual ADCs that provide this capability. While not a one-toone feature match for Cisco ACE, Stingray provides the right features, and often times more featurescompared to ACE.This document provides a high-level feature comparison of Riverbed Stingray Traffic Manager softwarevs. Cisco ACE. You will get enough information to determine if Stingray is right for your environment.Optimize, secure, and accelerate performance with Stingray productsWhile many developers and operations teams limit their focus to a basic load balancer, Stingray productcustomers quickly learn that they can get all the benefits of a load balancer and much more with an ADC.Stingray product family includes three core components to optimize, secure, and accelerate performance ofonline applications:§ Stingray Traffic Manager software: full-featured software ADC that delivers a faster userexperience. It increases server efficiency by up to 3x and boost the throughput of applicationservers by up to 50 percent, while at the same time reducing response times through dynamiccaching, and both local and global load balancing.§ Stingray Aptimizer: industry-leading web content optimization platform that accelerates webapplication load times by up to 4x — driving more web transactions, productivity, and usersatisfaction.§ Stingray Application Firewall: sophisticated application firewall that delivers deep applicationsecurity. 2012 Riverbed Technology. All rights reserved.3
ReplACE Cisco ACE with Stingray Traffic ManagerStingray Traffic Manager and Cisco ACE functional comparisonStingrayTrafficManagerCiscoACEFull ProxyNAT, Full ProxyBasic Load BalancingYesYesBasic Session PersistenceYesYesBasic health monitoringYesYesUp to 64 that can be clustered2 modules which supportonly HASSL accelerationYesYesHTTP optimizations (Keepalives)YesOnly when Layer 7switching is enabledHTTP CompressionYesYesSSL offloadYesYesContent CompressionYesYesAdvanced health monitorsYesYesScriptable health monitorsYesLimited to just minimalTCL scriptingContent CachingYesLimitedYes with AptimizerNoRate shapingYesNoService Level MonitoringYesNoBandwidth Shaping*YesLimited to Server SideonlyIntegrated XML processing*YesNoIntegrated Web Firewalling*YesNoEmbedded Rules LanguageYesNoFull request inspection / rewritingYesLimitedFull response inspection / rewritingYesLimitedYes (Java)NoMode of operationFault ToleranceWeb Content OptimizationGeneral-purpose rules language 2012 Riverbed Technology. All rights reserved.4
ReplACE Cisco ACE with Stingray Traffic ManagerNo (limited to virtualcontext on the hardwaredevice. No VirtualAppliance for VMware,KVM, XENDevices don't supportAPIVirtualizationYesWeb, CLI and API interfacesYesGSLB and SLB integration on SinglePlatformYesNoYes with Service Protectionclass and IPTablesYesAuto Config Sync in HAYesYesConsolidated Historicalgraphing/ReportingYesYesStateful HANoOnly for Layer 4 TrafficFull NAT controlYesYesBridged, Routed and One ArmDeployment modesSupports One Armed andRouted Deployment ModesYesDirect Server Return supportNoYesEnterprise Manager for DevicesMulti-Site Manager includedwith STM 1000,2000,4000YesTransparent services LB supportNoYesRadius LB supportNoYesMAC –Sticky supportNoYesReverse-IP sticky supportNoYesLimitedYesLayer 2-3 ACLsRBAC 2012 Riverbed Technology. All rights reserved.5
ReplACE Cisco ACE with Stingray Traffic ManagerCisco ACE performance figuresUse this table for the performance numbers of Cisco ACE, numbers based on the published datasheet:FeatureACE4710ACE30 ModuleThroughput4 Gbps16 GbpsCompression2 Gbps6 GbpsSSL throughput1 Gbps6 GbpsSSL TPS7500 SSL TPS using 1024-bit keys30,000 SSL TPS using 1024-bit keysDeploymentCisco ACEAvailable as a service module for Catalyst 6500 switches and 7600 routers and as a standalone ACE 4710appliance, Cisco ACE can be deployed in bridged, routed or one-armed mode for enterprise customers andservice providers, depending on architecture requirements.Stingray Traffic ManagerBy contrast, Stingray Traffic Manager software operates in full-proxy mode: network deployments can beeither one-armed mode or routed mode. However, Stingray Traffic Manager may not be suitable whenenterprises are running many transparent services, or for deployments where the network needs to bebridged or routed while load balancing in transparent mode. Your Riverbed Stingray Sales Specialist may beable to advise on specific implementations and deployments.Stingray Traffic Manager software runs without modification on Linux, Solaris operating systems and may beported with relative ease to other Unix-like platforms. Stingray Traffic Manager ships as a variety of VirtualAppliances for VMware, Xen, Oracle, and Microsoft1 hypervisors, or may simply be run as software.1Microsoft HyperV support in beta 2012 Riverbed Technology. All rights reserved.6
ReplACE Cisco ACE with Stingray Traffic ManagerBenefits provided by Stingray (not available with Cisco ACE) TrafficScript Rules Language:o Unlimited content inspection depth for all TCP/UDP protocols, including high-level protocolspecific functions for XML/XPath, HTTP, SIP, and RTSPo Analyze and rewrite entire client requests and server responseso Base traffic management decisions on any part of the request and response contento Create location-sensitive traffic management policieso Forward proxy mode allows inspection, manipulation, and routing of outbound traffic to arbitrarydestinations Java Extensions:o Full traffic control / manipulation using Java Extensions written to “Servlet” specificationo High-performance integration with the Stingray traffic management kernelo Allows for use of any Java class libraries, e.g. database access, XML processing, documentwatermarking Advanced Health Monitoring:o Predefined and customizable active application health monitors; supports custom monitors inany executable formato Powerful, customizable actions (including SNMP, email, SYSLOG, SOAP, and customexecutable) in the event of a node failure or other evento Monitor the health and status of traffic managers, servers, and application dependencies Advanced Session Persistence:o Application-specific session persistence methods: JSESSIONID and ASP/ASP.NETo Persistence based on any parameter or value in the requesto Automatic session detection dynamically sets up cluster-aware persistenceo Resilient session replication across a TrafficCluster Connection control:o Connection draining removes nodes from server pools non-disruptively Bandwidth Shaping:o Active, real-time bandwidth management, applied per service, per connection group or perindividual connectiono Apply bandwidth classes intelligently using TrafficScripto Bandwidth usage information coordinated across a cluster of Stingray Traffic Managers 2012 Riverbed Technology. All rights reserved.7
ReplACE Cisco ACE with Stingray Traffic Manager Request Rate Shaping:o Define maximum limits on events, e.g. requests of particular type, globally or per usero Protect application infrastructure from being overwhelmed with requestso Enforce differentiated levels of service per user or per class of userso Prevent individual malicious or greedy clients from impacting shared services Service Level Monitoring:o Set service level performance thresholds on a per-service/per-URL/per-customer basiso Alerting/logging/ remedial actions if performance falls outside of service level limitso Differentiated traffic management policies based on service performance Web Content Optimization(Aptimizer):o Improve web performance for high traffic public-facing web pages, corporate websites, ecommerce sites, business productivity tools, and custom applications by using File Mergingcapabilities (Merge javascript, style sheets, image spriting, background image in-lining)o Reduce bandwidth and data-traffic costs ( dynamic gzip/deflate)o Reduce costs of alternative approaches by offloading developers from having to dooptimizations manually ( dynamic page caching, auto URL versioning, dynamic page layout)o Support for mobile browsers on Android, iOS, Blackberry, and Windows Mobile Web Application Firewall:o Full web application firewall providing security to PCI DSS standardso Simultaneous protection (active) and detection (passive) modeso Wizards for easy configuration; expert mode for fine-tuning of policies and rule sets Stingray Traffic Manager software provides XML processing capabilities in TrafficScript:o Use of XPath for parsing XML documents to extract specific data from the XML document,which can then be used to make routing decisions on the traffic.o Validation of an XML document against a DTD or XML schema.o Perform XSLT transformations on XML document and content. 2012 Riverbed Technology. All rights reserved.8
ReplACE Cisco ACE with Stingray Traffic ManagerImplementing Cisco ACE features with Stingray productsUsing a combination of features available from Stingray products these Cisco ACE capabilities can beimplemented.IP/protocol-based ACLs (access control lists)ACLs (Access Control Lists) are used in the ACE product to filter (allow/deny) traffic based on layer 2(EtherType) or Layer 3/4 (Extended) packet information. ACLs are less useful when load-balancing in FullProxy mode (either with ACE or with Stingray Traffic Manager). This is because ‘full proxy’ mode is typicallyconfigured in a ‘deny all’ mode (all incoming traffic is ignored), then a proxy is explicitly configured for aparticular IP/port/protocol combination.Where this functionality is required in a Stingray Traffic Manager software environment, it is achieved:a) using Service Protection Policyb) using iptables/netfilter or similar capability in the underlying OSNAT methodsACE supports several NAT methods: interface-based dynamic NAT, interface-based dynamic PAT, serverfarm-based dynamic NAT, static NAT, static port redirection. These methods are necessary to tune howNAT-based load balancing methods function.Full-proxy load balancing does not require NAT support by virtue of its mode of operation.Where required, Stingray Traffic Manager software supports two additional NAT capabilities: IP Transparency: Stingray Traffic Manager software can spoof the source IP address whenconnecting to a server, making server-side connection appear to originate from the client. This is auseful capability when the server performs logging or access control based on the client source IPaddress; Interface NAT: Stingray Traffic Manager Virtual Appliance can be configured to route traffic betweennetworks and apply SNAT on nominated interfaces. This is a useful capability when back-endservers on private networks need to route to an external, public network.Other NAT capabilities may be achieved by configuration of the underlying OS that the Stingray TrafficManager software runs on, but this is rarely necessary in practice. 2012 Riverbed Technology. All rights reserved.9
ReplACE Cisco ACE with Stingray Traffic ManagerVirtual contextsCisco ACE has the capability to fully virtualize load-balancing services within an ACE Service Module orAppliance (up to 250 virtual contexts in a service module, up to 20 contexts in an appliance). In addition,role-based access control can be configured separately within each virtualized context.Stingray Traffic Manager software can be virtualized in a similar manner using a hypervisor such asVMware, at minimal performance impact compared to running the software natively. This deliversvirtualization, sandboxing, resource control, and RBAC.Stingray Traffic Manager software supports additional RBAC. Users are authorized against either an internaldatabase or an external LDAP/TACACS /RADUIS database and given permissions that define the actions(none/read/write) the user can perform to a high degree of granularity.Features not available in StingrayRadius Load BalancingCisco ACE has a set of load balancing capabilities to support Radius protocol, which includes Radius AVpair based persistence. This feature is very critical in Mobile SP deployments where AAA traffic to WAPgateways and billing sub-systems needs to load balanced and persisted.Stingray Traffic Manager software currently does not support Radius Load balancing and advancepersistence of Radius traffic based on Radius AV pair.Asymmetric Server Normalization (a.k.a Direct Server Return)Cisco ACE supports Direct Server Return/Asymmetric Server Normalization modes. This feature is usedpredominantly when large data needs to be transferred to clients without the Cisco ACE device being thebottleneck for throughput.Stingray Traffic Manager software does not support Direct Server Return mode, but your Riverbed StingraySales Specialist may be able to advise on specific implementations and deployments. 2012 Riverbed Technology. All rights reserved.10
ReplACE Cisco ACE with Stingray Traffic ManagerStingray Traffic Manager Features: Examples and ApplicationsStingray Traffic Manager software’s advanced traffic management features, customized by TrafficScript andJava Extensions allow an application developer or administrator to construct complex traffic managementpolicies that address deficiencies in the application or add further capabilities to the application. Examplesand applications include: Content Modification: rewrite errors in responses, add dynamic information (page load times, metatags, geographic information), enable additional functionality (Google Analytics and other trackingapplications), embed information from other data sources (e.g. RSS feeds), watermark content (images,PDF documents), and switch users to low-bandwidth versions of a service. Rate Shaping: mitigate the impact of web spiders, apply rate limits dynamically when services slowdown and apply rate limits to users who visit from high-traffic referral sites. Fixing Application Problems: mask and work around errors such as 404 Not Found / 503 Too Busy,send custom error pages, or offload an entire web site onto the traffic manager. Address Security Problems: recent attacks addressed at Bind and IIS, filter out bad requests,authenticate users, rate-shape denial of service attacks, prevent over-usage of usernames andpasswords and filter out undesired content in responses (e.g. social security numbers). Control of Traffic Management functionality: fine-grained and adaptive control of content caching,selective bandwidth management, detailed session persistence and full control of SNAT (IP addressspoofing).ConclusionMoving to Stingray, as reported by Cisco ACE customers, simultaneously helped them deliver a betterapplication experience while cutting costs and simplifying ADC deployment. Stingray fulfills the mostimportant ADC requirements and provides significant advantages around application integration, advancedfunctionality, and ease of deployment in virtualized environments.Stingray can scale, speedup, secure your application traffic, and help businesses: Accelerate applications and help maximize application performance and capacity to ultimatelyenhance end-user experience and boost return on infrastructure investmentImprove the reliability and availability of applications and help organizations scale and deliverservices easily and more cost-effectivelyProvide tools that help IT control and secure network traffic, and filter and scrub application requestsand responses betterHelp organizations manage their application delivery infrastructure, simplifying applicationmaintenance, upgrades, and migration processes, and enable you to deliver adaptable and agileservices faster and more reliablyIf you would like more information on migrating from ACE to Stingray,contact Riverbed now to find out about our special incentives to help youmake the switch. 2012 Riverbed Technology. All rights reserved.11
ReplACE Cisco ACE with Stingray Traffic ManagerAbout RiverbedRiverbed delivers performance for the globally connected enterprise. With Riverbed, enterprises can successfully and intelligentlyimplement strategic initiatives such as virtualization, consolidation, cloud computing, and disaster recovery without fear ofcompromising performance. By giving enterprises the platform they need to understand, optimize and consolidate their IT,Riverbed helps enterprises to build a fast, fluid and dynamic IT architecture that aligns with the business needs of theorganization. Additional information about Riverbed (NASDAQ: RVBD) is available at www.riverbed.com. 2012 Riverbed Technology. All rights reserved.Riverbed , Cloud Steelhead , Granite , Interceptor , RiOS , Steelhead , Think Fast , Virtual Steelhead , Whitewater , Mazu , Cascade , Cascade Pilot ,Shark , AirPcap , SkipWare , TurboCap , WinPcap , Wireshark , and Stingray are trademarks or registered trademarks of Riverbed Technology, Inc. in theUnited States and other countries. Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed Technology. All othertrademarks used herein belong to their respective owners. The trademarks and logos displayed herein cannot be used without the prior written consent ofRiverbed Technology or their respective owners.Akamai and the Akamai wave logo are registered trademarks of Akamai Technologies, Inc. SureRoute is a service mark of Akamai. Apple and Mac areregistered trademarks of Apple, Incorporated in the United States and in other countries. Cisco is a register
customers quickly learn that they can get all the benefits of a load balancer and much more with an ADC. Stingray product family includes three core components to optimize, secure, and accelerate performance of online applications: ! Stingray Traffic Manager software: full-feat
