Perimeter Load Balancing
The network perimeter
The perimeter between an organization’s internal systems and the wider public Internet is one of the most important, and sensitive, areas of network infrastructure. Considerable attention needs to be paid to this area of architecture to ensure that external users receive a seamless, reliable service, and that internal networks are well defended from attacks such as Distributed Denial-of-Service (DDoS).
The perimeter is where traffic policy is enforced on what can enter and leave an organization. A well-secured perimeter is essential but, as ever in networking, it is a delicate balancing act between maximising security and guaranteeing seamless, efficient, resilient access for end users.
Architectural designs of network perimeters vary in complexity, depending on network performance requirements and the needs of ‘defending in depth’ security. The usual first line of defence consists of border or gateway routers, one or more firewalls and, in some cases, separate Intrusion Prevention Systems (IPS). Sophisticated load balancing in this area of the network can pay dividends in terms of performance and reliability.
1 The perimeter can also formally separate different zones of an organization’s network.
Perimeter Load Balancing
Given the competing requirements and security issues operating at the perimeter efficient load balancing can be important. Judicious use of load balancer technology ensures effective and reliable distribution of data traffic, as well as efficient, scalable employment of server resource capacity.
Modern perimeter networks tend to make use of application delivery controllers (ADCs), the next stage in the development of load balancing technology. Typically, ADCs are paired with a firewall or with an application server (e.g. web server). Firewall load balancing (FWLB), which pairs ADCs with network firewalls, improves traffic throughput rates by supporting the availability of pools of multiple firewalls, and offers additional support in the form of traffic optimization, caching, and dynamic defence systems. For example, Secure Sockets Layer (SSL) encryption, which is used for secure web transactions, is a firewall processor-intensive task and can significantly hit wall performance. A load balancer with SSL off-load capabilities can take this burden from the firewalls, freeing them to focus on their primary function – security services.
FWLB also enables easier firewall maintenance, supports disaster recovery strategies and helps to ensure resilient, adaptable perimeter operations. This technique can also support the load balancing of specialist firewall technologies such as web Application Firewalls, which protect web servers from specialist attacks such as SQL injections, cookie poisoning and cross-site scripting (XSS).
Perimeter Load Balancers come in a variety of form factors, depending on the business needs of the organization, and include proprietary hardware appliances and virtualized solutions running on top of hypervisors such as Microsoft® Hyper-V® and VMware ESXi™.
How it Works
activereach perimeter load balancers for UK business
activereach offers a range of world-class expertise, equipment and support for the provision of perimeter load balancers for UK business. We can assist organizations with the procurement, installation and support of advanced perimeter load balancing and ADC technologies, operating through a variety of form factors – hardware, virtual systems or hybrids.
activereach’s advanced technology offer includes:
- Advanced Layer 4/Layer 7 server and firewall load balancing with up to 150 Gbps throughput.
- Comprehensive Layer 7 application persistence support.
- Advanced load balancing algorithm support including Round Robin and Fastest Response.
- Perimeter link load balancing technologies, including in-bound traffic.
- Perimeter link ‘health’ monitoring via Ping, HTTP, TCP port checking.
- Leading-edge application acceleration techniques include SSL offload, HTTP compression, TCP reuse, and RAM caching.
- Combined ADC and carrier-grade Network Address Translation (NAT) (CGN/CGNAT) solutions.
- Centralized management control support and use of intuitive, web-based user interfaces.
- Advanced scripting language control for maximum application support and configurability.
To find out more about perimeter load balancing solutions from activereach, please call a Networking & Security Specialist on 0845 625 9025.