Virtualization for Web Application Delivery

Overview
There is a lot of talk today about virtualization with vendors offering virtual servers to virtual applications and even virtual network devices. Most vendors have different definitions for virtualization, and it has become more difficult to determine which parts of virtualization are useful, and which are mostly marketing hype. One market that currently displays a lot of hype but minimal real solutions is the Application Delivery Controller (ADC) or server load balancing market.

Application Delivery Controller (ADC) Overview
Application Delivery Controllers (aka server load balancers or traffic managers) provide service virtualization.  These devices virtualize the service provided by individual servers. Service virtualization is performed to achieve the following:

• Scalability
• High availability
• Redundancy and Reliability

Application Delivery Controllers are network devices and come in many shapes and sizes: 

• Stackable units/Chassis units
• 10/100M to 1G/10G connectivity
• Enterprise class devices/Carrier grade devices
• Several ports to hundreds of ports
• 10M to 40G throughput
• Hundreds of connections per second to millions of connections per second

Application Delivery Contoller Platform Challenges
Customer requirements vary widely and vendors typically offer a range of Web Application Delivery products from the low end to the high end. For some customers, vendors’ high end products are not big enough and to other customers, vendors’ entry level products may be too big.  If a customer requires scalability beyond a single high-end device, it is desirable to leverage multiple high-end devices, viewed as a single load balancer. For customers whom a given device is too big, it is desirable to scale down the device to provide a number of virtual load balancers.

This ability to scale up or scale down is nothing but device virtualization. Vendors may offer one or both forms of device virtualization: scale-up virtualization and scale down virtualization.

Scale-up Virtualization
Let’s take a closer look at scaling up. The concept of clustering is very similar; however, clustering solutions have typically lacked linear scalability. With clustering, additional server load balancers are added to meet increasing Web Application Delivery requirements. However, the overall efficiency of the solution decreases. For example, if you double the number of server load balancers, you may only get a 70% increase in capacity. The more processing units or devices added, the smaller the increase in performance for each addition. Scale-up virtualization delivers linear scalability. This means you get full access to the performance capabilities of each independent unit as it is added to the virtual load balancer stack.

Scale up virtualization allows multiple server load balancers to work together and be managed as a single device. This includes availability for all resources for all virtual applications running on the server load balancer. In other words, a single application should be able to scale across multiple units, with a linear performance increase for every additional server load balancer model.

Through scaling up, customers should receive total performance scalability with every additional device added for all functionality, e.g.:

• Layer 4 connections per second (CPS)
• Layer 4 throughput
• Layer 7 transactions per second (TPS)
• Layer 7 throughput
• SSL transactions per second
• HTTP caching transactions per second
• HTTP caching throughput

When multiple devices are combined to act as one device, this creates a virtual load balancer. The virtual load balancer solution should offer rich functionality, performance, flexibility, high availability and ease of management.

Virtual Web Application Delivery
Today, there are plenty of Web Application Delivery solutions that will run in an active/active state, allowing them to pass application traffic across multiple server load balancer platforms at the same time. However, for true virtualization, multiple physical units need to seamlessly act as a single device. This means that a single virtual application should be able to scale beyond the performance of a single unit, and scale performance linearly with each additional unit.

However, in today’s incumbent active/active solutions, the traffic of a single application cannot scale beyond a single unit, and traffic distribution has to be defined manually by the administrator. There are also solutions that incorporate a chassis with multiple blades. This also isn’t virtualization. It’s a single unit with add on processing capabilities. Even with a fully loaded chassis-based solution, you still have a single point of failure, requiring that at least two chassis solutions be deployed for redundancy. 

In true virtualization, a failure of any single server load balancer will translate into a reduction of processing capabilities, and not a complete failure. When customers deploy a virtual server load balancer in an N+1 configuration, they now have full redundancy. The other thing to consider is that a chassis solution adds to the upfront cost of a virtual server load balancer solution. The chassis solution will also eventually limit server load balancer scalability to the number of available slots.  With a virtual chassis solution, where there is no hardware chassis, you can achieve both N+1 redundancy, and linear scalability without the traditional downsides of hardware chassis solutions.

Scale-down Virtualization
Scale-down virtualization includes chopping up predefined slices of independent server load balancers. This includes complete role based administration, allowing an administrator to define which virtual slice or slices a user has access to for management, and which functions within those slices they have access to control. In addition, the devices should be able to limit resources available to each virtual slice. In essence, each slice should operate completely independent as if it were its own separate server load balancer.

Because of the unique capability of a server load balancer to process data at Layer 7, it is not sufficient to just separate the data and control planes like you might see in a router or other typical network device. Since any virtual slices could potentially fully utilize all available processing capacity in the data or control plane, it is critical to limit the amount of CPU processing available for each slice.

For example, if a single slice has a badly configured Layer 7 processing rule, and it fully utilizes all CPU processing capacity in the data layer, any other slice also running a Layer 7 processing rule would be impacted. By limiting the actual CPU processing capacity of a virtual slice, this issue subsides.

Other resources should also be configurable on each virtual slice. This includes memory, connections per second, concurrent connections, bandwidth, SSL transactions per second, network ports, and all the other controlled metrics like Network Address Translations (NATs), Access Control Lists (ACLs), persistence tables, etc. There also needs to be completely independent traffic routing capabilities for each virtual slice. This guarantees data separation for virtual slices that might be operating in different security zones.

When a single ADC device is virtualized into a number of small virtual load balancers, the VLBs should offer full functionality, performance, high availability and manageability.

Conclusion
The definition of virtualization for Web Application Delivery should include both scaling up and scaling down performance linearly. Resources can now be multiplied or divided for use between any number of applications, groups, or companies. The result is a solution that scales to any level in a linear fashion for both performance and price.

About Bruno Van Dierendonck, Senior Systems Engineer for A10 Networks
Bruno has more than 15 years of experience in the networking market, building high-performance application networks for organizations of all sizes. His career includes eight years within the Web Application Delivery market, providing advanced server load balancing solutions for growing and high-volume networks.

About A10 Networks
A10 Networks was founded in 2004 with a mission to provide innovative networking and security solutions. A10 Networks makes high-performance products that help organizations accelerate, optimize and secure their applications. A10 Networks is headquartered in Silicon Valley with offices in the United States, Japan, China and Taiwan. For more information, visit www.a10networks.com.