Citrix Netscaler – Application Delivery Controllers
Compared to 15 years ago when load balancers first came on the scene, applications have exploded. A variety of content such as blogs, content sharing, wiki, shared calendar and social media exist that load balancers ( ADC ) must now serve. A plethora of “chattier” protocols exists with different requirements. Every application has different network requirements for the functions they provide. And each application has different expectations for the service levels for the application itself. Slow networks and high server load means you cannot run applications and web-based services efficiently. Data is slow to load and productivity slips. Application delivery controllers ( ADC ) or load balancers can detect and adapt to changing network conditions for public, private, and hybrid cloud traffic patterns.
ADC act as network control points to protect our networks. We use them to improve application service levels delivered across networks. Challenges for securing the data centre range from preventing denial of service attacks from the network to application. Also, how do you connect data centres to link on-premise to remote cloud services and support traffic bursts between both locations? When you look at the needs of data centre, the network is the control point and nothing is more important that this control point. ADC allow you to insert control points and enforce policies at different points of the network.
The Company was founded in 1998, first product launch in 2000. The first product was a simple Transmission Control Protocol (TCP) proxy. All it did was sat behind a load balancer, proxy TCP connections at layer 4 and offload them from backend servers. As the web developed, issues of scalability were the load on the backend servers from servicing the increasing amount of TCP connections. They wrote their own performance-orientated custom TCP stack. They have a quick PCI architecture. No, interrupts. Netscaler has written the code with x86 architecture in mind. The way x86 is written is to have very fast processors and slower dynamic random-access memory (DRAM). The processor should work on the local cache, but that does not work for the way network traffic flows. Netscaler has special code where processes a packet while permitting entry to another packet. This gives them great latency statistics.
TriScale technology changes the way ADC are provisioned and managed. It brings cloud agility to data centres. Triscale allows networks to scale-up, scale-out and scale-in via consolidation.
For high availability (HA) Netscaler has active / standby and clustering only. They oppose active / active. Active / active deployments are not truly active. Most setups are accomplished by setting one application via one load balancer and another application via 2nd-load balancer. It does not give you any more capacity. You cannot oversubscribe if one fails the other node has to take over and service additional load from the failed load balancer. Netscaler skipped this and went straight to clustering. They can cluster up to 32 allowing a cloud of Netscalers. Clustering is basically a cloud of Netscalers. All are active, sharing state and configurations so if one of your ADC’s goes down, others can pick up transparently. All nodes know all information about sessions and that information is shared.
Stateless vs Stateful
Netscalers offer-dynamic failover for protocols that are long-lived, like Structured Query Language (SQL) sessions and other streaming protocols. Different from when you are load-balancing Hypertext Transfer Protocol (HTTP). HTTP is a generic and stateless application-level protocol. No information is kept across requests and applications have to remember per-user state. Every HTTP request is a valid standalone request per the protocol. If you lose an HTTP requests no one knows or cares that much. Clients simply try again. High availability is generally not an issue for web traffic. With HTTP 2.0, the idea of sustaining the connection during failover means that the session never gets torn down and restarted.
HTTP ( stateless ) lives on top of TCP ( stateful ). Transmission Control Protocol (TCP) is stateful in the sense that it maintains state in the form of TCP windows size (how much data endpoints can receive) and packet order ( packet receipts confirmation). TCP endpoints must remember what state the other is in. Stateless protocols can be built on top of stateful protocol and stateful protocols can be built on top of stateless protocol. Applications built on top of HTTP aren’t necessarily stateless. Applications implement state over HTTP. For example, a client sends a request for data and is first authenticated before data transfer. This is common for websites requiring users to visit a login page before sending a message.
In the enterprise, you can have network overlays (vxlan) that allow virtualization of segments. Now, we need network services like firewalls and load balancers to do the same thing. Netscaler offer scale in service that allows a single platform to become multiple. Not a software partition, it’s a hardware partition. 100% of CPU, crypto, and network resource are all isolated. Enabling the management of individual instances without affecting others. If you experience big traffic spike on one load balancer, it does not affect other load balancing instances on that device.
Every application or application owner can have dedicated ADC. This approach lets you meet the requirement of the application without having to worry about contention or overrun from other application configurations. It lets you run a number of independent Netscaler instances on a single 2RU appliance. Every application owner looks like they have a dedicated ADC and from the network view it looks like each application is running on its own appliance. Behind the scenes, Netscaler consolidated all this down to a single device. So, what Netscaler did was to get the MPX platform and add a load of VPX on it to create an SDX product. When you spin up the VPX on the SDX you allocate isolated resources such as CPU and disk space.
Scale-up: pay as you grow
Scale up is a software licence key upgrade that increases performance. It offers customers much more flexibility. If you buy an MPX, you not locked into specific performance metrics of that box. With a licence upgrade, you can double its throughput, packets per second, connections per second and Secure Sockets Layer (SSL) transactions per second.
Netscaler and Software-defined networking (SDN)
When we usually talk about SDN we talk about Layer 2 and Layer 3 networks and what it takes to separate the control and data plane. The majority of SDN discussions are Layer 2 and Layer 3 centric conversations. Layer 4 to Layer 7 solutions need to integrate into SDN network. Netscaler is developing centralised control capabilities specifically for integrating Layer 4 to Layer 7 solutions into SDN networks.
So, how can SDN directly benefit the application at Layer 7? As application grow larger there need to be ways to auto-deploy applications. Storage and compute have been automated for some time now. The network is more complex so it’s harder to virtualize. This is where SDN comes into play. SDN takes all the complexity away from managing networks.