Hardware Switching and Traffic Management

RADWARE's new Application Switch provides ASIC-based layer four server load balancing, creating a more robust platform for Internet traffic management by ISPs, web hosters, and ASPs.

by Lisa Phifer VP Core Competence, Inc. [August 2, 2000]

Last week, RADWARE announced the RADWARE Application Switch, a new hardware platform that provides a souped-up foundation for next generation RADWARE Internet traffic management products. "With this move, we hope to put to bed any lingering questions about our performance," said Mike Long, RADWARE Vice President of Marketing and Technology. "With our new platform, we're adding 2 Gigabit Ethernet ports, 8 10/100 ports, multi-layer switching in ASICs, and the Motorola PowerPC 750 CPU. We're getting the best of both worlds — speed and layer 4/7 switching in hardware."

Revving The Engine
The new platform will put RADWARE traffic management products like Web Server Director (WSD), Cache Server Director (CSD), FireProof, and LinkProof in a unique position, sandwiched between "fast but dumb" L2 hardware switches and "smart but slow" L4/L7 server load balancers.

Switches like the Alteon 180e, Arrowpoint (Cisco) CS-150, and the Foundry ServerIronXL employ RISC processors, high speed backplanes, and Gigabit ports for wirespeed layer 2 switching, but resort to software add-ons for layer 4/7 processing. Load balancers like F5 Networks' BIG-IP Controller and Cisco's Local Director remain Intel-based, providing layer 4/7 traffic management in software without a hardware switching fabric. By migrating its multi-layer software onto Application Specific Integrated Circuits (ASICs) in a box with more horsepower, RADWARE hopes to have created a long-term platform on which to better grow new, innovative traffic management features.

"We're calling it an application switch for two reasons," said Long. "We're still primarily dealing with application protocols and content: we're checking the application running on a server or cache or firewall, not just system and network health." But RADWARE's new platform employs an ASIC-based multi-layer switching fabric. "Although you could use it as just a layer 2 switch, that's not what we expect our customers to do with it," said Long. "We're not trying to compete as an L2 switch. We're still positioning ourselves as an Internet traffic management company."

An analysis of server load balancers published by the Dell'Oro Group in May ranked RADWARE sixth in total market share, trailing the competitors noted above. To crack the top five, RADWARE needed to expand beyond the constraints imposed by its previous Intel platform. According to RADWARE Chief Technical Officer Hooman Beheshti, "We have a lot of room to grow in this new product family. We'll be better able to upgrade to new PowerPC processors. And this new CPU gives us the ability to do other things — bandwidth management, for example — that take advantage of our unique location in the network"

Platform to Benefit ISPs and ASPs
Why should ISPs, ASPs, and their customers care? According to a study by Andersen Consulting, 35% of online shoppers who experience problems on a site abandon that site for another. "Given high customer acquisition costs, eTailers can't continue to lose one of every three consumers and expect to survive."

RADWARE products are used by ISPs as intelligent front-ends to optimize resource utilization and provide high-availability. CSD distributes incoming web requests to cache servers, FireProof balances outgoing traffic across firewalls and VPN servers, and LinkProof enables dynamic traffic distribution across WAN links in multi-homed networks. All products will benefit from the new platform, but the first to be migrated onto the Application Switch is RADWARE's WSD server load balancing product family.

WSD-Pro shares load across clustered application servers to optimize utilization, ensure transparent fail-over, resist denial-of-service attacks, and keep tabs on site and server performance. WSD for Distributed Sites (WSD-DS) spreads traffic across multiple server farms by transparently redirecting clients based on virtual site/server load and capacity. WSD for Network Proximity (WSD-NP) combines proximity-based redirection and server load balancing by factoring in dynamic distance/time measurements across the Internet backbone. Web and other application hosters use WSD to circumvent bottlenecks, speed response time, prioritize service, and avoid embarrassing and costly site outages.

The Application Switch bumps up the price of the revamped WSD product family about 10%. The new WSD-Pro runs $19.5K; similar increases apply to the WSD-DS ($27.5K) and WSD-NP ($34.5K). In the near-term, "Customers will see improved performance, Gigabit connectivity, and can take advantage of the L2 switching capability," said Long. "Once this platform is out there, we'll start taking advantage of the new platform by shipping new software. The PowerPC and multiprocessor architecture puts a lot of potential in place for us to grow in new directions. We'll have to see what our customers want to do with it before we decide how many flavors of this thing to release."

Measuring Performance Improvement
What kind of performance increase should we expect to see with the Application Switch? According to Beheshti, "Our new backplane is non-blocking 9.6 GB, so when deployed as a layer 2 switch, packets are switched at wirespeed. The processor itself has 5 to 6 times the oomph of what we had before. Early testing has shown a 3 to 4 fold increase — even 5 fold, depending upon the size of the file."

Of course, measuring performance depends on many factors. "Over 100 Mbps, with 1000-byte files, we're seeing over 9000 transactions per second," said Beheshti. "Some vendors generate very high numbers by measuring performance with 3-byte files. As the size of the file is increased, transactions per second go down, but overall throughput goes up." Beheshti's measurements were taken over the same request and return path, but responses can also take a more direct return path. According to Long, "When we measure out-of-path returns, we see an even greater growth in performance. We expect our new platform performs as well as anybody in the market today."

Ultimately, consumers will look to independent third-party tests for comparable performance benchmarks. For example, a March Tolly Group test demonstrated that, on a single 100 Mbps port, Alteon's ACEdirector 3 server load balancer achieved 6,300 transactions per second. Tolly also measured the TCP session-processing rate of the Alteon 180e, Foundry ServerIron, and F5 BIG/IP HA, yielding an entirely different metric.

Direct comparison is really only possible in a head-to-head test of similarly-configured products. One might reasonably expect RADWARE to undergo third-party testing of its new Application Switch to further bolster performance claims.

Service Providers Need Fast And Dependable
One question that significant platform change introduces is stability. ISPs and ASPs need to know that a server load balancer is dependable before placing it in front of a production network. While Beheshti acknowledged that moving to a real-time operating system and rewriting drivers for the Application Switch was a major undertaking, "All of our core software is the same. We didn't want to change hardware and software in the same release, we wanted to do this gradually. Regression testing has been done for awhile, and we've ironed out problems in the drivers, ASICs, etc.. We stopped being able to break it ourselves in the lab awhile ago, and we're having our toughest customers have a go at it now."

Long echoed this sentiment: "We've been very conservative in our approach. We've got multiple betas in progress and a great test lab," he said. "Over 60% of our sales are in the US, so after Israel completes beta testing in their market, we put it through another round of extended testing here in the US. We're assigning an engineer to each beta box and getting daily feedback. We want to make absolutely sure the product works before we make it generally available to our customers."

Application Switch-based WSD products are in the early beta test stage in the US now. RADWARE does not anticipate a lengthy second beta. "We're not going to ship it until we're happy. We can't honestly say exactly when that will be, but we expect it to occur during 3Q00," said Long.

—End