Similar documents
i n g S e c u r it y 3 1B# ; u r w e b a p p li c a tio n s f r o m ha c ke r s w ith t his å ] í d : L : g u id e Scanned by CamScanner


H ig h L e v e l O v e r v iew. S te p h a n M a rt in. S e n io r S y s te m A rc h i te ct

I n la n d N a v ig a t io n a co n t r ib u t io n t o eco n o m y su st a i n a b i l i t y

1.- L a m e j o r o p c ió n e s c l o na r e l d i s co ( s e e x p li c a r á d es p u é s ).


ACE-1/onearm #show service-policy client-vips

SCO TT G LEA SO N D EM O Z G EB R E-



PSTN. Gateway. Switch. Supervisor PC. Ethernet LAN. IPCC Express SERVER. CallManager. IP Phone. IP Phone. Cust- DB

EM EA. D is trib u te d D e n ia l O f S e rv ic e


T c k D E GR EN S. R a p p o r t M o d u le Aa n g e m a a k t o p 19 /09 /2007 o m 09 :29 u u r BJB M /V. ja a r.

Workload Management Services. Data Management Services. Networking. Information Service. Fabric Management


L a h ip e r t e n s ió n a r t e r ia l s e d e f in e c o m o u n n iv e l d e p r e s ió n a r t e r ia l s is t ó lic a ( P A S ) m a y o r o

AN EVALUATION OF SHORT TERM TREATMENT PROGRAM FOR PERSONS DRIVING UNDER THE INFLUENCE OF ALCOHOL P. A. V a le s, Ph.D.


P R E F E I T U R A M U N I C I P A L D E J A R D I M



Campus Sustainability Assessment and Related Literature

A n d r e w S P o m e r a n tz, M D


W h a t is m e tro e th e rn e t


w ith In fla m m a to r y B o w e l D ise a se. G a s tro in te s tin a l C lin ic, , K a s h iw a z a, A g e o C ity, S a ita m a




E S T A D O D O C E A R Á P R E F E I T U R A M U N I C I P A L D E C R U Z C Â M A R A M U N I C I P A L D E C R U Z


P R E F E I T U R A M U N I C I P A L D E J A R D I M



1. Oblast rozvoj spolků a SU UK 1.1. Zvyšování kvalifikace Školení Zapojení do projektů Poradenství 1.2. Financování


<?xml version="1.0" encoding="utf-8"?> <soapenv:envelope xmlns:soapenv="

B a rn e y W a r f. U r b a n S tu d ie s, V o l. 3 2, N o. 2, ±3 7 8


3 k t h R e m e A c c e s s b t t t V T T c h t h p V T. Cl ic e ot rad io ut on nex o PN unnel yp e and oose e ap rop riat e PN unnel Int erfac e. 4.

M P L S /V P N S e c u rity , C is c o S y s te m s, In c. A ll rig h ts re s e rv e d.

Put the human back in Human Resources.

C e r t ifie d Se c u r e W e b


UFPA Brazil. d e R e d e s Ó p tic a s e s e u s Im p a c to s n o F u tu r o d a In te r n e t




UNIK4250 Security in Distributed Systems University of Oslo Spring Part 7 Wireless Network Security

Using Predictive Modeling to Reduce Claims Losses in Auto Physical Damage

Frederikshavn kommunale skolevæsen

B R T S y s te m in S e o u l a n d In te g r a te d e -T ic k e tin g S y s te m


Opis przedmiotu zamówienia - zakres czynności Usługi sprzątania obiektów Gdyńskiego Centrum Sportu


Workload Management Services. Data Management Services. Networking. Information Service. Fabric Management

GENERAL INFORMAT ION:

III Bienal de Autismo Página 1 / 43




J a re k G a w o r, J o e B e s te r, M a th e m a tic s & C o m p u te r. C o m p u ta tio n In s titu te,

Clôtures tous types. Serrurerie sur mesure. Portails / Automatisme. Aménagements extérieurs. Maçonnerie. Terrasse / Allée.


R e t r o f i t o f t C i r u n i s g e C o n t r o l

Software Quality Requirements and Evaluation, the ISO Series

An E mpir ical Analysis of Stock and B ond M ar ket Liquidity

CIS CO S Y S T E M S. G u ille rm o A g u irre, Cis c o Ch ile , C is c o S y s te m s, In c. A ll rig h ts re s e rv e d.



B rn m e d s rlig e b e h o v... 3 k o n o m i S s k e n d e tils k u d o g k o n o m is k frip la d s... 7 F o r ld re b e ta lin g...



S y ste m s. T h e D atabase. D atabase m anagem e n t sy ste m

The SmartView Tracker

U S B Pay m e n t P r o c e s s i n g TM

JCUT-3030/6090/1212/1218/1325/1530

/*

CUSTOMER INFORMATION SECURITY AWARENESS TRAINING

Overview of Spellings on


MS IN EARLY CHILDHOOD STUDIES

Bewährte Six Sigma Tools in der Praxis

Online Department Stores. What are we searching for?

Creating a best fit between Business Strategy and Web Services Capabilities using Problem Frames Modeling approach

Understanding, Modelling and Improving the Software Process. Ian Sommerville 1995 Software Engineering, 5th edition. Chapter 31 Slide 1

Victims Compensation Claim Status of All Pending Claims and Claims Decided Within the Last Three Years



d e f i n i c j i p o s t a w y, z w i z a n e j e s t t o m. i n. z t y m, i p o jі c i e t o


SEPTEMBER Unit 1 Page Learning Goals 1 Short a 2 b 3-5 blends 6-7 c as in cat 8-11 t p

bow bandage candle buildings bulb coins barn cap corn

Combinación de bandas óptima para la discriminación de sabanas colombianas, usando imagen Landsat ETM+ZYXWVUTSRQPONMLKJIHGFEDCB

proxy cert request dn, cert, Pkey, VOMS cred. (short lifetime) certificate: dn, ca, Pkey mod_ssl pre-process: parameters->


Transcription:

UNDERSTANDING FLOW PROCESSING WITHIN THE CISCO ACE M ODULE Application de liv e r y pr odu cts can distr ib u te tr af f ic to applications and w e b se r v ice s u sing v ar y ing le v e ls of application m e ssag ing. T h is docu m e nt e x plains h ow th e v ar y ing le v e ls of analy sis e f f e ct th e tr af f ic f low b e tw e e n th e clie nt and se r v ice to h e lp e nsu r e th e m ost e f f e citv e soltu ion can b e de ploy e d u sing th e C isco AC E M odu le. SCOPE Th do de ib ip ic io io d, in is d, d in it ide d is AC du. An is ie, is AC du, d ic io ic io is ide d if dif in ic io io dl in. A U D I EN CE Th e do c u m e n t is in t e n de d a s a t e c h n ic a l r e f e r e n c e f o r n e t w o r k in g p r o f e s s io n a l s f a m il ia r w it h c o n t e n t s w it c h in g, n e t w o r k de s ig n, a n d m a in t a in in g a p p l ic a t io n de l iv e r y de p l o y m e n t s w it h a de s ir e t o b e t t e r u n de r s t a n d h o w t h e C is c o AC E M o du l e in t e r a c t s w it h c l ie n t s a n d a p p l ic a t io n s a t a t r a n s p o r t a n d a p p l ic a t io n p r o t o c o l l e v e l. V I W h e n r e s e a r c h g v a r u s a p p l a t n l e r y p r o c t s b e c o m e s a p p a r e n t t h a t a p p l a t n s c a n b e p r o c e s s e a t v a r u s l e v e l s t o a l l o w f o r m o r e t e l l e n t c n m a k g f o r t r u t g c l n t r e q u e s t s t o a p p l a t n s e r v e r s e e f f e c t e n e s s o f a n a p p l a t n l e r y p r o c t b a s e o n a n e q u a l t r u t n o f l o a a c r o s s m u l t l e s e r v e r s l o a s h a r g b e t w e e n t a c e n t e r s p r o v g p e r s t e n c e f o r a u s e r t h r o u g h v a r u s w e b a p p a n t a b a s e t r s o f a s e r v e e n s u r g a p p l a t n a v a a b y s p e a l o c a l s e r v e r f a u r e a n s o f o r t h W h a t a c e n t e r a p p l a t n t r a f f s p e c t e v a r y g g r e e s b a s e o n t h e O S I m o l p l a t n t r u t n o r l o a b a l a n c g c a n o c c u r a t t h e I P l e v e l w h e r e t h e l o a b a l a n c g n e b a s e o n t h e s t a t n I P a e s s k n o w n a s t h e v t u a l I P a e s s ( V I P ) o f t h e c l n t s c o n n e c t n a p p l a t n s h a v e a a n c e t h e y h a v e m o v e f r o m b e g h o s t e o n m u l t l e s e r v e r s w h a s g l e s e r v e r f a r m t o t r s o f s e r v e r f a r m s e c o m m o n t r s a r e w e b a p p l a t n a n t a b a s e w h e a c h t r h a v g s o w n a t e s e r v e r f a r m ( s ) e a a n c e m e n t o f a p p l a t n s h a s e n t h e n e e f o r m o r e t e l l e n t m e t h o o f l o a b a l a n c g w h t h e n e t w o r k y s a p p l a t n l e r y p r o c t s m u s t p r o v t r a n a l l o a b a l a n c g a n h a v e t h e a b y t o m a k e t r u t n c n s b y a n a l y z g t h e a p p l a t n m e s s a g e s OV ER EW in io ic io de iv du it ic io d io in ig de is io in dis ib in ie ic io. Th iv ic io de iv du is d : dis ib io d ip, d in da, idin is 1 io,, d da ie ic, in ic io il il it de it il, d. it in da, ic io ic is in d in in de, d de. Ap ic io dis ib io, d in,, d in is do d de in io ddr, ir ddr, ie io. As ic io dv d d in d ip it in in ie. Th ie, ic io, d da it ie in it de dic d. Th dv ic io dr iv d in ig ds d in it in. To da ic io de iv du ide dit io d in d il it dis ib io de is io in ic io. 1 Session persistence or stickiness refers to the ability of the application switch to recognize multiple d istinct client connections as belonging to the same session or business transaction and d irect them to the same serv er for the entire d uration of the transaction. All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 1 of 13

Ap p l ic a t io n de c is io n s 2 c a n b e m a de a t v a r io u s l e v e l s o f t h e a p p l ic a t io n c o m m u n ic a t io n s u c h a s : u p o n e a c h n e w TC P c o n n e c t io n, p e r a p p l ic a t io n r e q u e s t, a n d in s o m e s c e n a r io s c o m p l e t e a p p l ic a t io n in s p e c t io n is r e q u ir e d t o p r o p e r l y h a n dl e a p p l ic a t io n s e s s io n s. D u e t o t h e v a r y in g de g r e e s o f w o r k r e q u ir e d t o p r o p e r l y h a n dl e e a c h t y p e o f a p p l ic a t io n f l o w, it is im p o r t a n t t o f u l l y u n de r s t a n d t h e im p a c t t o t h e a p p l ic a t io n de l iv e r y s r e s o u r c e s w h e n de p l o y in g a p p l ic a t io n s. CI SCO A CE A R CH I TECTU R E O n e o f t h e m a in g o a l s o f a n y a p p l ic a t io n de l iv e r y p r o du c t is t o p r o v ide a h ig h l e v e l o f p e r f o r m a n c e. Th e C is c o AC E M o du l e is de s ig n e d t o t a k e f u l l a dv a n t a g e o f n e t w o r k p r o c e s s o r s t o p r o c e s s f l o w s q u ic k l y a n d e f f ic ie n t l y f o r s im p l e L 3 - L 4 l o a d b a l a n c in g a s w e l l a s a p p l ic a t io n a w a r e ( L 7 ) l o a d b a l a n c in g. C l ie n t f l o w s, o r c o n n e c t io n s, r e q u ir e v a r y in g l e v e l s o f p r o c e s s in g a n d m e m o r y de p e n din g u p o n h o w t h e y a r e h a n dl e d w it h in t h e C is c o AC E M o du l e. Th e t a b l e b e l o w s h o w s t h e l e v e l s o f f l o w p r o c e s s in g a l o n g w it h t h e t y p e o f p r o c e s s in g p e r l e v e l, a n d t h e f e a t u r e s o r f u n c t io n a l it y p r o v ide d a t e a c h l e v e l o f p r o c e s s in g. Th e r e m a in de r o f t h e do c u m e n t e x p l a in s t h e t y p e s o f f l o w p r o c e s s in g in de t a il. T y p t u B f B L B Level of Flow Processing e of Processing Fea re or Fu nct ion Layer 3 and Layer 4 alancing on irst pack et asic oad alancing Applies to T CP / U D P f or L 4 ru les S ou rce I P stick y Applies to all other I P protocols T CP / I P N orm aliz ation 3 S elect serv er or f arm b ased on sou rce I P Layer 7 T C P S p l i c i ng ( U n-p ro x y) T erm inate T CP connection H T T P L 7 ru les on f irst req u est ( U R L L B ) B u f f er req u est, inspect, L B Cook ie stick y ( persistence) Create hard w are shortcu t G eneric T CP payload parsing Layer 7 R e-p ro x y T CP splicing + ab ility to parse su b seq u ent H T T P req u ests w ithin sam e T CP H T T P L 7 ru les w ith H T T P 1. 1 connection k eepaliv e ( persistence reb alance ) Layer 7 F u l l P ro x y F u lly term inate Client T CP connections S S L of f load T CP re-u se H T T P 1. 1 pipelining P rotocol inspections ( F T P, S I P, ) Th e s e 4 dis t in c t l e v e l s o f f l o w p r o c e s s in g a l l o w t h e C is c o AC E M o du l e t o e f f ic ie n t l y u s e it s n e t w o r k p r o c e s s o r s t o p r o v ide in du s t r y l e a din g p e r f o r m a n c e in c o n n e c t io n s p e r s e c o n d a n d a p p l ic a t io n t h r o u g h p u t. Tr a dit io n a l l o a d b a l a n c in g ( b a s e d o n t h e de s t in a t io n I P a ddr e s s, w h ic h is k n o w n a s t h e V I P ) is k n o w n a s L a y e r 3 ( L 3 ) l o a d b a l a n c in g, a s it o n l y l o a d b a l a n c e s t r a f f ic f o r c l ie n t s a t t e m p t in g t o r e a c h a n I P a ddr e s s. Th e C is c o AC E M o du l e a l s o s u p p o r t s t h e u s e o f a w il dc a r d V I P ( 0.0.0.0 ), w h ic h m a t c h e s a l l in c o m in g c o n n e c t io n w it h in a V L AN. L a y e r 4 ( L 4 ) l o a d b a l a n c in g is b a s e d o n b o t h a v ir t u a l I P a ddr e s s a n d t h e de s t in a t io n p o r t. Th is t y p e o f l o a d b a l a n c in g is s t il l a v e r y c o m m o n f o r m o f l o a d b a l a n c in g. An e x a m p l e o f L 4 l o a d b a l a n c in g is a c l ie n t s e n din g a n H TTP r e q u e s t t o a v ir t u a l I P a ddr e s s a n d de f in e d p o r t, 1 7 2.1 6.1.1 0 0 :8 0. L ik e t h e V I P, a p o r t c a n b e z e r o, h o w e v e r w h e n a L 4 p o r t is de f in e d a s z e r o it is h a n dl e d a s a L 3 m a t c h. L 3 a n d L 4 l o a d b a l a n c in g a r e s im p l e de c is io n s b a s e d o n t h e in f o r m a t io n w it h in t h e f ir s t p a c k e t. O n c e t h e de c is io n is m a de, a c o n n e c t io n I D is c r e a t e d t o a l l o w s u b s e q u e n t p a c k e t s w it h s im il a r I P da t a t o b e s e n t t o t h e s a m e s e r v e r. M a n y a p p l ic a t io n s r e q u ir e a c l ie n t t o u s e t h e s a m e s e r v e r f o r t h e du r a t io n o f t h e a p p l ic a t io n s e s s io n. F o r t h e s e a p p l ic a t io n s s o u r c e I P s t ic k in e s s c a n b e a p p l ie d t o p r o v ide c l ie n t p e r s is t e n c e. S in c e t h is t y p e o f s t ic k in e s s o n l y r e q u ir e s t h e c l ie n t s s o u r c e I P a n d t h e r e a l s e r v e r w h ic h w a s s e l e c t e d, it c a n o p e r a t e a t L a y e r 3, s in c e it o n l y r e q u ir e s I P in f o r m a t io n. W it h in t h e C is c o AC E M o du l e, L a y e r 3 a n d L a y e r 4 is e x t r e m e l y f a s t. 2 D etermine the application serv ice ( load balancing, inspection, application optimization, and so forth) which can be applied to an application session 3 T he ability to v erify T C P and I P options, blocking connections and packets which are not compliant with stand ard T C P / I P specifications or with user-configurable rules. All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 2 of 13

M T e c h n i c a l I m p l e m e n t a t i o n Th e n e t w o r k p r o c e s s o r is h a n dl in g t h e c o n n e c t io n o n t h e f ir s t p a c k e t, q u e r y in g t h e l o a d b a l a n c e r p r o c e s s f o r t h e b e s t r e a l s e r v e r t o u s e, a n d t h e n e s t a b l is h in g a h a r dw a r e s h o r t c u t f o r t h is f l o w t o t h e r e a l s e r v e r. Th is v e r y q u ic k p r o c e s s in g a l l o w s t h e C is c o AC E M o du l e t o de l iv e r 3 4 8 K C P S a n d t r a n s f e r 1 6 G b p s o f c l ie n t / s e r v e r t r a f f ic. F o r L 3 a n d L 4 p r o c e s s in g t h e C is c o AC E M o du l e c a n s u p p o r t u p t o 4 M c o n c u r r e n t c o n n e c t io n s. Figu re 1. L a y e r 3 a n d L a y e r 4 f l o w p r o c e s s i n g C l i e n t C i s c o A C E M o d u l e Se r v e r TCP SY N SE Q 2 3 4 5 TCP SY N : SE Q 5 6 7 8 A CK 2 3 4 6 TCP SE Q 2 3 4 6 A CK 5 6 7 9 a t c h e s V I P S e l e c t s S e r v e r R e w r it e s L 2 / L 3 / L 4 TCP SY N SE Q 2 3 4 5 TCP SY N SE Q 5 6 7 8 A CK 2 3 4 6 TCP SE Q 2 3 4 6 A CK 5 6 7 9 TCP D a t a : SE Q 2 3 4 6 A C K 5 6 7 9 TCP SE Q 5 6 7 8 A CK 2 7 8 9 TCP D a t a : SE Q 5 6 7 8 A CK 2 7 8 9 TCP SE Q 2 7 8 9 A CK 5 9 8 7 TCP D a t a SE Q 2 3 4 6 A C K 5 6 7 9 TCP SE Q 5 6 7 8 A CK 2 7 8 9 TCP D a t a SE Q 5 6 7 8 A CK 2 7 8 9 TCP SE Q 2 7 8 9 A CK 5 9 8 7 All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 3 of 13

W h il e t r a dit io n a l l o a d b a l a n c in g ( L 3 a n d L 4 ) h a s b e e n t h e m o s t c o m m o n, a s a p p l ic a t io n s b e c o m e m o r e e v o l v e d t h e y r e q u ir e a p p l ic a t io n de l iv e r y p r o du c t s t o l o o k f u r t h e r in t o t h e c l ie n t -s e r v e r c o n n e c t io n s t o m a k e m o r e in t e l l ig e n t de c is io n s. Ap p l ic a t io n de l iv e r y p r o du c t s h a v e c l a im e d a p p l ic a t io n a w a r e n e s s t o v a r y in g l e v e l s b y u s in g t h e t e r m s L a y e r 5 ( L 5 ) L a y e r 7 ( L 7 ). Th e a c t u a l a w a r e n e s s s t il l de p e n ds u p o n t h e a p p l ic a t io n, de s p it e t h e m o r e g l o b a l L 5 -L 7 c l a im. Th e dis t in c t io n m a de b e t w e e n L 5 a n d L 7 is t h a t L 5 is c o n s ide r e d t h e S S L s e s s io n I D p e r s is t e n c e o r H TTP U R L de c is io n m a k in g. U p o n a dv a n c in g in t o L 7, a n a p p l ic a t io n de l iv e r y p r o du c t m u s t u n de r s t a n d m o r e a b o u t t h e a p p l ic a t io n t o a l l o w t h e p a r s in g o f a c l ie n t r e q u e s t. Th is u n de r s t a n din g is u s e d t o f in d, f o r e x a m p l e, a s p e c if ic f ie l d in a c l ie n t r e q u e s t a n d m a k e a n in t e l l ig e n t de c is io n s u c h a s p e r m it o r de n y t h e r e q u e s t, p ic k t h e b e s t s e r v e r t o r e c e iv e t h e r e q u e s t, r e dir e c t t o a n o t h e r de s t in a t io n, a n d s o f o r t h. Th is de c is io n, b a s e d u p o n t h e f ie l d s e x is t e n c e o r t h e a c t u a l v a l u e it c o n t a in s r e q u ir e s a n a l y s is o f t h e r e q u e s t b e f o r e m a k in g a n y s u c h de c is io n. B y f u l l y a n a l y z in g t h e c o m m u n ic a t io n b e t w e e n a c l ie n t a n d a p p l ic a t io n a t L 7, t h e a p p l ic a t io n de l iv e r y p r o du c t is a b l e t o p r o v ide a ddit io n a l s e r v ic e s s u c h a s S S L a c c e l e r a t io n, TC P R e u s e, a p p l ic a t io n a c c e l e r a t io n, a p p l ic a t io n s e c u r it y, a n d s o f o r t h. W h e n a n a p p l ic a t io n is c o m p l e t e l y in s p e c t e d a t L 7, t h e m a in dif f e r e n c e b e t w e e n L 3 -L 4 a n d L 5 -L 7 is t h a t t h e L 3 -L 4 c o n n e c t io n s c a n b e t r a n s p a r e n t l y l o a d b a l a n c e d, w h il e t h e L 5 -L 7 c o n n e c t io n s m u s t b e TC P t e r m in a t e d a n d t h e c l ie n t r e q u e s t in s p e c t e d b e f o r e a l o a d b a l a n c in g de c is io n c a n b e m a de. D u e t o t h e a ddit io n a l o v e r h e a d o f TC P t e r m in a t io n, L 5 -L 7 c o n n e c t io n r a t e s ( C P S ) a r e l o w e r t h a n s im p l e L 3 -L 4 l o a d b a l a n c in g. I n a L a y e r 5-7 c a s e, t h e r e a r e t h r e e dif f e r e n t l e v e l s o f p r o c e s s in g. Th e s e a r e t y p ic a l l y r e f e r r e d t o a s t h r e e m f o r h a n dl in g L a y e r 7 p r o c e s s in g. e t h o ds 1 e s p l e s t c a s e w h e r e P t e r m a t e t h e l t a p a r s e a n t h e n t h e P c o n n e c t n s a r e s p l e b a c k t o g e t h e r t h e p r o c e s s g n e t o h a n e m a n y L 7 c n s ; c o o k s t k e s s U R L p a r s g a n g e n e r p r o t o c o l p a r s g w h h a n e w f e a t u r e t r o c e C c o E M o l e r e l e a s e 2 2 e n e x t m e t h o o f p r o c e s s g c a l l e L 7 r e r o x y w h h t h e a b y t o r e r o x y a f l o w o n c e h a s b e e n s p l e t o g e t h e r L 7 r e r o x y u s e f u l f o r a p p l a t n s h o s t g c l n t s t h r o u g h a r e v e r s e r o x y s e r v e r o r a p p l a t n s p l o y e w h t r s o f s e r v e s t h a t m a y r e q u e t h e a p p l a t n l e r p r o c t t o m a k e a p p l a t n c n s f o r e a c h r e q u e s t w h a P c o n n e c t n p e r f e c t e x a m p l e a p p l a t n l e r y o f w e b t r a f f w h e r e m u l t l e H 1 G E r e q u e s t s c a n b e s e n t o v e r a s g l e P c o n n e c t n a l l o w s e a c h r e q u e s t t o b e s e n t t o a f e r e n t g r o u p o f s e r v e r s b a s e o n t h e c o n t e n t o f t h e r e q u e s t 3 e t h m e t h o o f p r o c e s s g L 7 f u l l p r o x y t h l e v e l t h e P c o n n e c t n n e v e r s p l e b a c k t o g e t h e r u s t h e C c o E M o l e p r o c e s s e s e v e r y p a c k e t o f t h e a p p l a t n s e s s n b e t w e e n t h e c l n t a n s e r v e r a s t w o t c t c o n n e c t n s a n h a s t h e a c t n o f b e g a P p r o x y t o b o t h t h e c l n t a n s e r v e r f o r t h e r a t n o f t h e a p p l a t n f l o w L 7 f u l l p r o x y a l l o w s t h e C c o E M o l e t o s u p p o r t P R e u s e H 1 P e l g S S L c e l e r a t n a n a p p l a t n s p e c t n s / n o r m a l a t n s f o r p r o t o c o l s c l u g H F S I P a n S k n y t h o u g h t h e t h r e e L 7 l e v e l s o f p r o c e s s g a r e s a r t h e r e s o u r c e r e q u e m e n t s a s s o c t e w h e a c h m e t h o c a n v a r y s n a n t l y e C c o E M o l e w l a l w a y s p k t h e o p t a l m e t h o b a s e o n t h e r e q u e m e n t s f o r t h e s p e c p r o t o c o l o r a p p l a t n b e g h a n e u s p o r t a n t t o u n r s t a n h o w f l o w s a r e b e g h a n e t h e s e t h r e e l e v e l s o f L 7 p r o c e s s g l L 7 p r o c e s s g b e g s w h t h e n e t w o r k p r o c e s s o r o f t h e C c o E M o l e c o m g P S Y N s a r e r e c e e t h e C c o E M o l e c r e a t e s a n L 4 a n L 7 c o n n e c t n o b j e c t a n s e n a S Y N / K t o t h e c l n t e c l n t r e t u r n s a n K t o c o m p l e t e t h e P 3 a y h a n h a k e a n s e n t h e l a p p l a t n r e q u e s t e r e q u e s t b u f f e r e t o a l l o w f o r p a r s g s p e c t n a n l o a b a l a n c g w h e r e m a t c h e s o n H S I P R I U S R D P H e a r s o r g e n e r P p a y l o a t a o c c u r t e r e n o u g h t a h a s b e e n r e c e e t o m a k e a c n t h e C c o E M o l e e s t a b l h e s a n e w P c o n n e c t n t o t h e s t a t n U p o n e s t a b l h g t h e s t a t n P c o n n e c t n t h e c l n t s r e q u e s t f o r w a r t o t h e s t a t n s e r v e r O n c e t h e s e r v e r a c k n o w l e e s t h a t a l l o f t h e b u f f e r e c l n t t a h a s b e e n r e c e e t h e C c o E M o l e c r e a t e s a h a r a r e s h o r t c u t a n r e l e a s e s t h e L 7. Th im is TC is in d, in it ia da is d, d TC io ic d. Th is is in do dl de is io ie ic in, in, d ic in ic is in du d in is AC du.0.. Th d in is d -p, ic is il it -p it ic d. -p is ic io in ie -p ic io de d it ie ic ir ic io de iv du ic io de is io it in TC io. A is ic io de iv ic, ip TTP.1 T in TC io. Th is dif d.. Th ir d d in is. At is TC io is ic d. Th is AC du ic io io ie d dis in io d io in TC ie d du io ic io. is AC du TC, TTP.1 ip in in, Ac io, d ic io in io iz io in din TTP, TP,, d in. Al in im il, ir ia d it d ig if ic. Th is AC du il ic im d d ir if ic ic io in dl d. Th, it is im de d in dl d in in. Al in in it in is AC du. As in in TC iv d, is AC du d io d ds AC ie. Th ie AC TC -w ds d ds in it ia ic io. Th is d in, in io, d d in. Th is is TTP,, AD, de, ic TC d da. Af da iv d de is io, is AC du is TC io de in io. is in de in io TC io ie is de d de in io. dg d ie da iv d, is AC du dw d All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 4 of 13

M T e c h n i c a l I m p l e m e n t a t i o n c o n n e c t n f o r m a t n a l l o w s t h e r e m a r o f t h e f l o w t o b e h a n e v e r y f a s t s c e t h e s a m e h a r a r e s h o r t c u t a s a n L 3 o r L 4 c o n n e c t n p r o c e s s o f s p l g P c o n n e c t n s a l l o w s C c o E M o l e t o f r e e u p t h e L 7 c o n n e c t n o b j e c t u s w h e a c o n n e c t n p r o c e s s e a t L 7 o n e o f t h e 5 1 2 K L 7 c o n n e c t n o b j e c t s r e q u e h o w e v e r a s t h e c o n n e c t n s p l e b a c k t o g e t h e r t h e L 7 c o n n e c t n o b j e c t f r e e a n t h e c o n n e c t n o n l y o c c u p s a L 4 c o n n e c t n o b j e c t o f w h h t h e r e a r e 4 M e P s p l g c a n b e s e e n w h a l s n f e r t r a c e s t a k e n o n t h e c l n t a n s e r v e r s o f t h e C c o E M o l e e C c o E M o l e a e r t e s a P w w s e o f 1 7 4 0 8 w h e p r o x y g a P c o n n e c t n W h e n t h e P c o n n e c t n e s t a b l h b y t h e c l n t t o t h e V I P t h e P c o n n e c t n c o m p l e t e l y t e r m a t e b y t h e C c o E M o l e t o a l l o w t h e c l n t r e q u e s t t o b e b u f f e r e a n p a r s e O n c e a m a t c h m a t h e C c o E M o l e e s t a b l h e s a n e w P c o n n e c t n t o t h e s e l e c t e r e a l s e r v e r I f P R e u s e c o n f u r e t h e C c o E M o l e w l r e u s e a n e x t g P c o n n e c t n a v a a b l e o n e n o t a v a a b l e a n e a n e w P c o n n e c t n w l b e e s t a b l h e u s g a P w w s e o f 1 7 4 0 8 t e r t h e s e r v e r s P c o n n e c t n e s t a b l h e t h e c l n t s r e q u e s t w l b e f o r w a r t o t h e s e r v e r O n c e a l l o f t h e b u f f e r e t a w h t h e C c o E M o l e h a s b e e n a c k n o w l e e s a f e t o P p l e t h e c l n t a n s e r v e r c o n n e c t n s t o g e t h e r I n t h e s n f e r t r a c e t h n e o n c e t h e s e r v e r s P w w s e s e e n t h e c l n t s t r a c e a n w h e n t h e c l n t P w w s e s e e n o n t h e s e r v e r s s F r o m t h p o t o n t h e c l n t w l c o m m u n a t e t o t h e s e r v e r v t h e h a r a r e s h o r t c u t w h t h e C c o E M o l e L 7 t h e C c o E M o l e m u s t r e m a t h e p a t h o f c l n t a n s e r v e r c o m m u n a t n t o a l l o w t h e h a r a r e s h o r t c u t t o p r o p e r l y m o y t h e s e q u e n c e a n a c k n o w l e e m e n t s f o r t h e r e m a r o f t h e c l n t s s e s s n e r e q u e m e n t n o t s p e c t o t h e C c o E M o l e a r e q u e m e n t f o r a n y a p p l a t n l e r y p r o c t w h h t e r m a t e s P c o n n e c t n s ( r e g a r e s s o f w h e t h e r t h e y t h e n s p l e t h e f l o w s o r c o n t u e b e g a f u l l p r o x y a l l o f t h e t e ) b e c a u s e e a c h s o f t h e a p p l a t n l e r y v e h a s a n e s t a b l h e P c o n n e c t n t h o u g h t h e s e q u e n c e n u m b e r s t h e a c k n o w l e e m e n t n u m b e r s a n p o s s l y t h e p o r t n u m b e r s c a n b e a u s t e q u k l y b y a n a p p l a t n l e r y p r o c t t h e r e n o w a y t o m o y t h e c l n t a n s e r v e r c o n n e c t n t o r e m o v e t h e n e e f o r t h e s e a u s t m e n t s u s a n y P c o n n e c t n s t e r m a t e a n s p e c t e a t L 7 m u s t c o n t u e t o t r a v e r s e t h e a p p l a t n l e r p r o c t f o r t h e l e t e o f t h e P c o n n e c t n I n F u r e 2 b e l o w t h e L 7 P s p l g c a n b e c l e a r l y s e e n b y t h e a c t n o f t h e C c o E M o l e w h h a t e b y b a c k g r o u n o f l h t b l u e e P s p l g o c c u r s w h e n t h e C c o E M o l e t a k e s t h e a c t n o f c r e a t g a h a r a r e s h o r t c u t w h h l a b e l e w h a g r a y b a c k g r o u n t h e p o t w h e r e t h e c o n n e c t n s p l e t o g e t h e r t h e C c o E M o l e s P w w s e o f 1 7 4 0 8 c a n n o l o n g e r b e s e e n t h e t r a c e s a n t h e c l n t s a n s e r v e r s w w s e a r e t r a n s p a r e n t l y p a s s e t h r o u g h t h e C c o E M o l e e c h a n g e f l v a l u e s n o t e b l u e t o a r e a g t h e p a c k e t f l o w io in io. Th is in de dl d, in it is in dw io. Th is ic in TC io is AC du io. Th il io is d io is ir d, io is ic d io is d, d io ie io, ic. Th TC ic in it in du if ie d ide is AC du. Th is AC du dv is TC in do iz il in TC io. TC io is is ie, TC io is in d is AC du ie d d d. is de is AC du is TC io d. TC is ig d is AC du il is in TC io if il, if is il d idl, TC io il is d in TC in do iz. Af ide TC io is is d, ie il de d. d da it in is AC du dg d it is TC -S ic ie d io. if is is do TC in do iz is in ie ide, d ie TC in do iz is ide. is in ie il ic ia dw it in is AC du. At is AC du in in ie d ic io dw dif d dg in de ie io. Th ir is if ic is AC du, it is ir ic io de iv du ic in TC io dl ic in in im. Th is is ide ic io de iv de ic is d TC io. Al, dg, d ib dj d ic ic io de iv du, is dif ie d io d dj. Th TC io in d d in d, in ic io de iv du if im TC io. ig, TC ic in io is AC du, ic is in dic d d ig. Th TC ic in is AC du io in dw, ic is d it d. At in io is ic d is AC du TC in do iz in, d ie d in do iz d is AC du. Th in ie d is de d in ide in din. Figu re 2. L a y e r 7 ( T C P Sp l i c i n g ) f l o w p r o c e s s i n g C l i e n t C i s c o A C E M o d u l e Se r v e r TCP SY N SE Q 6 8 8 6 TCP SY N SE Q 7 8 6 3 A CK 6 8 8 7 a t c h e s V I P TC P Te r m in a t e d R e s p o n d w it h a S Y N / AC K All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 5 of 13

C l i e n t C i s c o A C E M o d u l e Se r v e r T C P SE Q 6 8 8 7 A CK 7 8 6 4 Aw a it in g D a t a TCP D a t a SE Q 6 8 8 7 A C K 7 8 6 4 B u f f e r a n d P a r s e D a t a TCP SE Q 7 8 6 4 A CK 7 1 6 5 C l ie n t R e q u e s t R e c e iv e d E s t a b l is h N e w TC P C o n n R e c e iv e S Y N / AC K R e s p o n d w it h AC K S e n d C l ie n t R e q u e s t R e q u e s t R e c e iv e d TCP SY N SE Q 1 4 2 4 TCP SY N SE Q 8 7 5 2 A CK 1 4 2 5 TCP SE Q 1 4 2 5 A CK 8 7 5 3 TCP D a t a SE Q 1 4 2 5 A C K 8 7 5 3 TCP SE Q 8 7 5 3 A CK 1 7 0 3 TCP D a t a SE Q 7 8 6 4 A C K 7 1 6 5 TCP SE Q 7 1 6 5 A CK 8 5 2 3 TCP D a t a SE Q 7 1 6 5 A C K 8 5 2 3 R e c e iv e R e s p o n s e C r e a t e H W AC K f r o m C l ie n t TCP D a t a SE Q 8 7 5 3 A C K 1 7 0 3 TCP SE Q 1 7 0 3 A CK 9 4 1 2 TCP D a t a SE Q 1 7 0 3 A C K 9 4 1 2 All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 6 of 13

C l i e n t C i s c o A C E M o d u l e Se r v e r TCP D a t a SE Q 8 5 2 3 A CK 7 3 9 0 TCP D a t a SE Q 9 4 1 2 A CK 1 9 2 8 TCP SE Q 7 3 9 0 A CK 9 1 8 1 TCP SE Q 1 9 2 8 A CK 0 0 7 0 P r io r t o H TTP 1.1, TC P S p l ic in g w a s s u f f ic ie n t t o e f f e c t iv e l y l o a d b a l a n c e a p p l ic a t io n s u s in g L 7 in s p e c t io n s. O n c e H TTP 1.1 b e c a m e w ide l y de p l o y e d o n b o t h c l ie n t s a n d s e r v e r s, a p p l ic a t io n s b e g a n t o r e q u ir e l o a d b a l a n c in g p e r H TTP R e q u e s t, w h ic h c o u l d b e s e n t o v e r a n e s t a b l is h e d TC P c o n n e c t io n. Th is f u n c t io n a l it y a l l o w s e a c h c l ie n t r e q u e s t t o b e dis t r ib u t e d t o t h e a p p l ic a t io n t ie r a n d r e a l s e r v e r w h ic h c a n b e s t r e s p o n d t o t h e c l ie n t r e q u e s t. To da y t h e r e is a c o m m o n r e q u ir e m e n t f o r a p p l ic a t io n de l iv e r y p r o du c t s t o m a k e L 7 de c is io n s b a s e d o n e a c h c l ie n t r e q u e s t, w it h m in im a l im p a c t t o a p p l ic a t io n de l iv e r y p e r f o r m a n c e. Th e C is c o AC E M o du l e u s e s a TC P r e -p r o x y m e t h o d k n o w n a s p e r s is t e n c e -r e b a l a n c e t o m e e t t h e s e r e q u ir e m e n t s. Th e C is c o AC E M o du l e u s e s t h e s e r v e r in f o r m a t io n t o de t e r m in e w h e n t o r e -p r o x y t h e TC P c o n n e c t io n a f t e r a h a r dw a r e s h o r t c u t is e s t a b l is h e d. B y c a l c u l a t in g t h e TC P s e q u e n c e n u m b e r t o de t e r m in e w h e n t h e s e r v e r w il l h a v e s e n t t h e l a s t b y t e o f da t a, t h e C is c o AC E M o du l e c a n de t e c t w h e n t o r e -p r o x y t h e TC P c o n n e c t io n t o r e c e iv e t h e n e x t c l ie n t r e q u e s t. W h e n c h u n k e d e n c o din g is u s e d b y t h e s e r v e r, t h e C is c o AC E M o du l e c o n t in u e s t o p r o x y t h e c o n n e c t io n u n t il t h e l a s t c h u n k o f da t a b e g in s f r o m t h e s e r v e r. Th e p r o c e s s o f TC P r e -p r o x in g a l l o w s t h e C is c o AC E M o du l e t o m o r e e f f ic ie n t l y u s e it s n e t w o r k p r o c e s s t o k e e p p e r f o r m a n c e v e r y h ig h, in e n v ir o n m e n t s w h e r e e a c h c l ie n t r e q u e s t m u s t b e in s p e c t e d. B e l o w in F ig u r e 3, t h e L 7 TC P r e -p r o x y p r o c e s s is in dic a t e d b y t h e a c t io n o f t h e C is c o AC E M o du l e, w h ic h is de n o t e d in w it h a b a c k g r o u n d o f l ig h t b l u e a n d g r a y. N o t ic e t h e c l ie n t r e q u e s t a n d t h e f ir s t p a c k e t o f t h e s e r v e r r e s p o n s e is r e s p o n de d t o b y t h e C is c o AC E M o du l e u s in g a TC P w in do w s iz e o f 1 7 4 0 8. Af t e r e a c h r e q u e s t t h e TC P c o n n e c t io n is u n p r o x ie d a t w h ic h p o in t t h e TC P w in do w s iz e o f 1 7 4 0 8 c a n n o l o n g e r b e s e e n in t h e t r a c e s, a n d t h e c l ie n t s a n d s e r v e r s w in do w s iz e a r e t r a n s p a r e n t l y p a s s e d t h r o u g h t h e C is c o AC E M o du l e. All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 7 of 13

M T e c h n i c a l I m p l e m e n t a t i o n Figu re 3. L a y e r 7 T C P R e -p r o x y f l o w p r o c e s s i n g C l i e n t C i s c o A C E M o d u l e Se r v e r TCP SY N SE Q 6 8 8 6 TCP SY N SE Q 7 8 6 3 A CK 6 8 8 7 T C P SE Q 6 8 8 7 A CK 7 8 6 4 a t c h e s V I P TC P Te r m in a t e d R e s p o n d w it h a S Y N / AC K Aw a it D a t a TCP D a t a SE Q 6 8 8 7 A C K 7 8 6 4 B u f f e r a n d P a r s e D a t a TCP SE Q 7 8 6 4 A CK 7 1 6 5 C l ie n t R e q u e s t R e c e iv e d E s t a b l is h N e w TC P C o n n R e c e iv e S Y N / AC K R e s p o n d w it h AC K S e n d C l ie n t R e q u e s t R e q u e s t R e c e iv e d TCP SY N SE Q 1 4 2 4 TCP SY N SE Q 8 7 5 2 A CK 1 4 2 5 TCP SE Q 1 4 2 5 A CK 8 7 5 3 TCP D a t a SE Q 1 4 2 5 A C K 8 7 5 3 TCP SE Q 8 7 5 3 A CK 1 7 0 3 All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 8 of 13

M T e c h n i c a l I m p l e m e n t a t i o n TCP D a t a SE Q 7 8 6 4 A C K 7 1 6 5 R e c e iv e R e s p o n s e C r e a t e H W TCP D a t a SE Q 8 7 5 3 A C K 1 7 0 3 TCP SE Q 7 1 6 5 A CK 8 5 2 3 TCP D a t a SE Q 7 1 6 5 A C K 8 5 2 3 AC K f r o m C l ie n t R e -P r o x y o n S E Q B u f f e r a n d P a r s e TCP SE Q 8 5 2 3 A CK 7 3 9 0 C l ie n t R e q u e s t a t c h e d n e w S e r v e r f a r m Te a r D o w n p r e v io u s TC P E s t a b l is h N e w TC P C o n n R e c e iv e S Y N / AC K R e s p o n d w it h AC K S e n d C l ie n t R e q u e s t R e q u e s t R e c e iv e d TCP SE Q 1 7 0 3 A CK 9 4 1 2 TCP D a t a SE Q 1 7 0 3 A C K 9 4 1 2 TCP R ST SE Q 1 7 0 3 A C K 9 4 1 2 TCP SY N SE Q 9 8 4 8 TCP SY N SE Q 1 3 2 7 A CK 9 8 4 9 TCP SE Q 9 8 4 9 A CK 1 3 2 8 TCP D a t a SE Q 9 8 4 8 A C K 1 3 2 8 TCP SE Q 1 3 2 8 A CK 0 1 3 0 TCP D a t a SE Q 8 5 2 3 A C K 7 3 9 0 TCP SE Q 7 3 9 0 A CK 9 1 8 1 R e c e iv e R e s p o n s e C r e a t e H W AC K f r o m C l ie n t TCP D a t a SE Q 1 3 2 8 A C K 0 1 3 0 TCP SE Q 0 1 3 0 A CK 1 9 8 1 All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 9 of 13

M T e c h n i c a l I m p l e m e n t a t i o n Th e C is c o AC E M o du l e is a l s o c a p a b l e o f p r o v idin g L 7 F u l l P r o x y t o p r o v ide a ddit io n a l s e r v ic e s s u c h a s : H TTP 1.1 P ip e l in in g, w h ic h a l l o w s t h e c l ie n t t o s e n d m u l t ip l e H TTP r e q u e s t b e f o r e r e c e iv in g a r e s p o n s e TC P R e u s e t o o f f l o a d TC P t e r m in a t io n f r o m a p p l ic a t io n s e r v e r s S S L c e l e r a t n w h h o f f l o a a p p l a t n s e r v e r a n a l l o w s t h e C c o E M o l e t o s p e c t c r y p t e S S L t r a f f Ac io, ic ds ic io d is AC du in de d ic Ap p l ic a t io n s e c u r it y w h e r e t h e a p p l ic a t io n de l iv e r y p r o du c t in s p e c t s t h e a p p l ic a t io n p r o t o c o l f o r m is u s e, p r o p e r f o r m a t t in g, a n d t u n n e l in g p r e v e n t io n Th e b e n e f it o f f u l l y p r o x in g a TC P c o n n e c t io n a t L 7 is t h a t it a l l o w s t h e C is c o AC E M o du l e t o in s p e c t a l l o f t h e c o m m u n ic a t io n s b e t w e e n t h e c l ie n t a n d s e r v e r, w h ic h e n a b l e s t h e C is c o AC E M o du l e t o p r o v ide t h e f e a t u r e s r e q u ir e d in t o da y s a p p l ic a t io n a n d da t a c e n t e r s o l u t io n. B y t e r m in a t in g t h e c l ie n t s ide c o n n e c t io n t h e C is c o AC E M o du l e c a n f u l l y s u p p o r t t h e u s e o f H TTP 1.1 P ip e l in in g w h ic h a l l o w s t h e c l ie n t t o s e n d m r e s p o n s e. D u e t o t h e n a t u r e o f p r o x ie d c o n n e c t io n s, t h e C is c o AC E M it is s e n t a n d p r o p e r l y dis t r ib u t e it t o t h e c o r r e c t a p p l ic a t io n t ie r a n d r e a l s e r v e r. W u l t ip l e H TTP r e q u e s t s b e f o r e r e c e iv in g a o du l e is a b l e t o a n a l y z e e a c h c l ie n t r e q u e s t a s h e n t h e TC P R e u s e f e a t u r e is e n a b l e d t h e AC E m o du l e c a n o p e n TC P c o n n e c t io n s t o t h e s e r v e r a n d p r e v e n t t h e m f r o m b e in g t o r n do w n, t h u s f u t u r e c l ie n t r e q u e s t s c a n b e h a n dl e d o v e r t h e s e e x is t in g TC P c o n n e c t io n s, s ig n if ic a n t l y r e du c in g t h e o v e r h e a d o f t h e a p p l ic a t io n s e r v e r s o p e r a t in g s y s t e m r e q u ir e d f o r o p e n in g a n d c l o s in g TC P c o n n e c t io n s. Th e C is c o AC E M o du l e c a n p r o v ide t h e s a m e l e v e l o f f e a t u r e s u p p o r t a n d f u n c t io n a l it y f o r c l ie n t a n d s e r v e r c o m m u n ic a t io n s s e c u r e d b y S S L o r TL S. W h e n c o n f ig u r e d f o r S S L a c c e l e r a t io n t h e s e c u r e d da t a is de c r y p t e d w it h in t h e C is c o AC E M o du l e s n e t w o r k p r o c e s s o r a l l o w in g t h e de c r y p t e d t r a f f ic t o b e in s p e c t e d a n d p a r s e d t o p r o v ide c o m p l e t e L 7 in s p e c t io n s u p p o r t. Th e de c r y p t e d t r a f f ic c a n t h e n b e s e n t t o t h e a p p l ic a t io n s e r v e r s dir e c t l y, r e du c in g t h e o v e r h e a d o f S S L t e r m s e r v e r, o r t h e C is c o AC E M o du l e c a n r e -e n c r y p t t h e t r a f f ic t o p r o v ide a s e c u r e e n d t o e n d s o l u t io n. in a t io n o n t h e I n F ig u r e 4, t h e L 7 f u l l p r o x y p r o c e s s in g is il l u s t r a t e d. I n c o n t r a s t t o t h e p r e v io u s L 7 p r o c e s s e s, a f u l l y p r o x ie d c o n n e c t io n w il l n e v e r h a v e a h a r dw a r e s h o r t c u t c r e a t e d a s t h e C is c o AC E M o du l e m u s t p a r s e e v e r y b y t e o f da t a e x c h a n g e d b e t w e e n t h e c l ie n t a n d s e r v e r. B e l o w o n e c a n s e e t h e c l ie n t a n d s e r v e r a l w a y s c o m m u n ic a t e w it h t h e C is c o AC E M o du l e u s in g a TC P w in do w s iz e o f 1 7 4 0 8. Figu re 4. L a y e r 7 F u l l P r o x y f l o w p r o c e s s i n g C i s c o A C E M o d u l e C l i e n t Se r v e r TCP SY N SE Q 6 8 8 6 a t c h e s V I P TC P Te r m in a t e d TCP SY N SE Q 7 8 6 3 A CK 6 8 8 7 T C P SE Q 6 8 8 7 A CK 7 8 6 4 R e spond w ith a S Y N / AC K Aw ait D ata All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 10 of 13

TCP D a t a SE Q 6 8 8 7 A C K 7 8 6 4 TCP SE Q 7 8 6 4 A CK 7 1 6 5 B u f f e r and P ar se D ata C lie nt R e q u e st R e ce iv e d E stab lish N e w T C P C onn TCP SY N SE Q 1 4 2 4 R e ce iv e S Y N / AC K R e spond w ith AC K S e nd C lie nt R e q u e st R e q u e st R e ce iv e d TCP SY N SE Q 8 7 5 2 A CK 1 4 2 5 TCP SE Q 1 4 2 5 A CK 8 7 5 3 TCP D a t a SE Q 1 4 2 5 A C K 8 7 5 3 TCP SE Q 8 7 5 3 A CK 1 7 0 3 TCP D a t a SE Q 7 8 6 4 A C K 7 1 6 5 TCP SE Q 7 1 6 5 A CK 8 5 2 3 TCP D a t a SE Q 7 1 6 5 A C K 8 5 2 3 TCP D a t a SE Q 8 5 2 3 A CK 7 3 9 0 TCP SE Q 7 3 9 0 A CK 9 1 8 1 R e ce iv e d R e sponse C lie nt R e ce iv e d R e sponse S e cond R e q u e st S e cond R e sponse C lie nt R e ce iv e d R e sponse TCP D a t a SE Q 8 7 5 3 A C K 1 7 0 3 TCP SE Q 1 7 0 3 A CK 9 4 1 2 TCP D a t a SE Q 1 7 0 3 A C K 9 4 1 2 TCP D a t a SE Q 9 4 1 2 A CK 1 9 2 8 TCP SE Q 1 9 2 8 A CK 0 0 7 0 All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 11 of 13

U D e l e r g a p p l a t n s a n c o n t e n t t o y s m a n g D a t a e n t e r s o r w e b p o r t a l s r e q u e a c o m p l e t e s e t o f c o n f u r a b l e f e a t u r e s a n b e h a v r s b a s e o n p r o t o c o l s a n s p e c a p p l a t n e n v o n m e n t s M o r n a p p l a t n l e r y p r o c t s h a v e e v o l v e t o s u p p o r t s o p h t a t e f e a t u r e s w h t h e r k o f r e c g t h e p e r f o r m a n c e a s t h e c o m p l e x y o f t h e r e q u e f u n c t n a l s c r e a s e s a v o s u c h p e r f o r m a n c e g r a t n s t h e C c o E h a s b e e n s n e t o a p t s s e s s n p r o c e s s g m e c h a n m s ( p l e m e n t e h h p e e n e t w o r k p r o c e s s o r s ) t o e v e r y c c u m s t a n c e b a s e o n u s e r o n f u r a b l e f e a t u r e s a n p a r a m e t e r s a l l o w s t h e C c o E t o s e l e c t t h e m o s t e f f n t p r o c e s s g m e t h o f o r e a c h n e w c o n n e c t n e C c o E f u l l y s u p p o r t s t h e m o r e f l e x l e f u l l r o x y m o t r e a t g c l n t a n s e r v e r c o n n e c t n s p e n n t l y t h u s s u p p o r t g a a n c e f e a t u r e s l e P r e s e H 1 p e l g o r S S L o f f l o a b u t a t t h e s a m e t e c a p a b l e o f o p t g s r e s o u r c e u t a t n a l w a y s u s g t h e f a s t e s t p o s s l e s e s s n p r o c e s s g m e t h o f o r e a c h n e w c o n n e c t n e a b y t o a p t a p p l a t n s e s s n p r o c e s s g m e c h a n m s b a s e o n t h e f e a t u r e r e q u e m e n t s o n a p e r c o n n e c t n b a s h e l p s m a k e C c o E M o l e t h e a l p r o c t f o r a p p l a t n l e r y r e q u e m e n t s CON CL SI ON iv in ic io d in da de din -C ir ig d io, d d if ic ic io ir. de ic io de iv du d is ic d, it is du in ir, it ir d io it ie in. To id de da io, is AC de ig d da it io in is im d in ig -s d ir, d -c ig d. Th is is AC ic ie in d io. Th is AC ib -p de, in ie d io in de de, in dv d ik TC -u, TTP.1 ip in in d, im it is im iz in it il iz io, in ib io in d io. Th il it da ic io io in is d ir - io is is AC du ide du ic io de iv ir. All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 12 of 13

P r i n t e d i n U S A C7 8-3 3 17 27-01 10/06 All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 13 of 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information