Application Delivery Network (ADN) - WebMux Network Traffic Manager
Application Delivery Network is the primary functionality of AVANU's WebMux Network Traffic Manager. WebMux assures high availability by managing, controlling, and securing local Layers 4-7 traffic for TCP/UDP IP applications and services to and from the network back-end servers. Back-end servers are where applications are processed to serve your users and clients. Other valuable functions of WebMux include Global Server Load Balancing (GSLB) and its FireEdge™ for Apps Web Application Firewall (WAF).
Common applications include:
Web Services • E-Commerce • FTP Servers • Internet gaming • POP servers • IoT device services • Call centers
Mobile device services • Social media • Terminal servers • Video streaming • Web servers
Internal operations (accounting, database record management, etc.)
Applications from popular developers large and small are supported including Microsoft®, Cisco®, IBM®, Oracle®, Pexip®, and Unify®.
Their popular applications include Skype® for Business, Lync® Server, Exchange® Server, SharePoint®, Xbox® Live Games, Internet Information Services (IIS) for Windows® Server, WebLogic® Application Server, WebSphere®, Unity®, Unify® Unified Communications to name a few.
After extensive testing and validation, Microsoft in 2005 chose WebMux as one of the first three hardware load balancer (HLB) to support its Unified Communications (UC) Office Live Communications Server (LCS) Enterprise and Standard platform for its excellent features, performance, reliability, and affordability.
The overall general benefits of an application delivery network load balancing solution for your network infrastructure are:
Performance
The traffic to servers are distributed among the server farm so that a site can handle more than a single server alone. Other features, such as SSL Offloading and HTTP cache, help reduce impact on server resources.
Scalability
After a farm has been created, more servers can be added to handle the work load as needed without interruption to the network.
Redundancy/Fault Tolerance
A farm contains several servers that serve the same site. If a server should fail, the WebMux health check will detect the failed server and send requests to the remaining servers. Therefore, keeping the site online.
Reduce Site Maintenance Downtime
Servers in a farm can be taken offline for maintenance without interrupting the site.
Load Balancing Methods - Operation Modes
WebMux accommodates four (4) different load balancing methods or operation modes where each has its advantage. The referral of Arms refers to the number of physical networks. There are one or two LAN connections (typically External and Internal). Both IPv4 and IPv6 are supported and work in all operation modes.
One-Armed Single Network is a special case of bridging in which the WebMux bridges internally on one interface (that can be bonded for higher capacity). The bridge loop issue is eliminated.
Note that all traffic is "source NATted" (aka SNAT)--so the WebMux becomes the client and the server does not see the IP address of the client.
A limitation of this configuration is that an additional IP address must be assigned to the WebMux for each 65,000 simultaneous connections--because of that SNAT configuration and client-server relationship.
One-Armed Direct Server Return (DSR) the highest-performance option in cases where it is supported, also known as "Direct Routing" or "Out-of-Path (OOP)". The WebMux becomes the traffic director for incoming traffic but the return traffic can route back bypassing the WebMux (unless the WebMux does SSL termination).
Note that this requires a simple configuration of a "loopback adapter" on the servers and also note there is no performance advantage if SSL or TLS termination is required as the WebMux becomes the endpoint for the SSL/TLS security relationship.
Two-Armed Network Address Translation (NAT) is the required configuration when you have two subnets. It is the common "Destination" NAT configuration in which the clients connect to an IP address on the WebMux and the WebMux proxies to the back-end servers.
The servers "see" the IP address of the client, as if the WebMux was not there.
This is the required configuration when there are two IP subnets (Internet-side and Internal).
Two-Armed Transparent makes the WebMux an inline bridge--seeing all of the traffic below the IP layer and able to manage traffic without IP address changes.
Note that, being a bridge, you must avoid bridge loops--having a circular path through inter-connected bridges. Also, being inline and Two-Arms, the load-balanced traffic flows through the WebMux.
Load Balancing Scheduling Methods
Least connections
Least connections-persistent
Round robin
Round robin-persistent
Weighted fastest response
Weighted fastest response-persistent
Weighted least connection
Weighted least connections-persistent
Weighted round robin
Weighted round robin-persistent
Network Topologies
Direct Server Return (DSR)
Full-NAT
Half-NAT
Ethernet Bridge
Security
Access Control List System
Authentication - LDAP, TACACS+
Automatic Attack Detection (AAD)
Digital Monitoring/Built-in Physical Intrusion Protection (HW appliance)
DoS/DDos Protection (Flood Control™ UDP/TCP level)
IP Address Filtering
SSL Acceleration
SSL Certificates (Third Party Support)
SSL Certificate signing request (CSR)
SSL Encryption Strength (bits) 1024, 2048, 4096, 8192
SSL TCP protocols support
SSL FIPS 140-2 Levels 1 and 2 compliant
SSL Termination/Offloading
TCP Protocols Support
Web Application Firewall (FireEdge™ for Apps WAF)
Other
WebMux IP Support
ASP
Basic Layer 2 Protocols (i.e., STP, MSTP, RSTP...)
DNS
FTP
HTTP
HTTPS (SSL)
IMAP
LDAP
NNTP
POP3
RDP (Terminal Services)
SMTP
SNMP
SSH
Streaming media
TCP/UDP based services
TFTP
WebMux Other Operation Modes
Active/Passive redundant operation
Active/Active WAN
Application GUI and wizard setup
Application health checking
Adaptive balancing
Bonding/teaming ports (802.3ad/LACP)
Content encoding (HTTP compression)
IP persistence
Link interface bonding
REST API
Reverse proxy
Multiple gateway network failover
SSL termination/offloading
Multiple VLAN trunking (IEEE 802.1Q)
Web-based GUI