Barracuda Load Balancer ADC BT 240

Download Report

Transcript Barracuda Load Balancer ADC BT 240

Barracuda Load Balancer ADC
BT 240
Market Overview
Market Requirements
Horizontally scale application server
Extend life of existing application farm
Protect against application layer attacks
Need to rapidly deploy application
Introducing the Barracuda Load Balancer ADC
Acceleration
Availability
Security
Control
Features and Benefits
Availability Features
Load Balancing
Health Check
Persistency
Scheduling
GSLB
Load Balancing
Common Applications Deployed
Internet sites / Intranet Sites
Hosted applications
Other IP services
Real Server Monitoring
Server Monitoring
Last Resort Server
Application Layer Health Check
9
Load Balancing Algorithms
How traffic is divided among servers
Default Scheduling Policy
Adaptive Schedule Methods
Default Scheduling Policies
Round Robin / Weighted Round Robin
Least Requests
100
80
Adaptive Scheduling Policy
Automatically assigns weights based on
CPU being utilized on the server
Terminal Session
Global Server Load Balancing (GSLB)
Direct traffic to multiple data centers using DNS resolution
User can be directed to a data center site based on
Health Checks between two sites
Redundant GSLBs possible
Persistency
What is Persistency ?
Different methods of doing Persistency
GLBS and DNS
Application Control
Content Rules /
L7 Routing
Instant SSL
Web Translation
Content Based Rules
Layer 7 Rules to route traffic to different server based on
headers
Dynamic pages
bn.com/php/*
Examples
Graphics
bn.com/images/*
Documents
•
•
•
bn.com/docs/*
Send application traffic to database servers
Send requests for images to another server
Send requests for documents to another
server
Content Rewrite
Instant SSL
Web Translation
Application Acceleration
Caching
Compression
SSL Offloading
HTTP Caching and Compression
Caching
Compression
SSL Encryption and Decryption
HTTP
SSL
SSL
HTTP
Network Security
Network Security Capabilities
Layer 4 Firewall
Configure layer 4 ACL’s based on IP, Ports and Protocols.
Network Address Translation
Ability to configure a Source NAT rule for the backend servers to
communicate outbound.
VLAN
Supports 802.1Q Vlan port trunking
Routes
Configure static routes on the box
Geo Location Based ACL’s
Allow requests only from certain Geographic location
Block requests based on a Geographic location
Link Bonding
Link Bonding : Ability to bond multiple links
Round Robin
Active- Backup
Dynamic Link Aggregation
Application Security
Layer 7 Web Application Firewall
Inbound inspection
(protect against layer 7 attacks)
Outbound inspection
(protect against data theft)
Inspect Application Layer Data
Deep Packet Inspection
Data Theft Protection
IP Address
User
TCP port
Traditional Firewalls
focus here
Denial of service (DoS)
Distributed DoS
SYN flood
Ping of death
TCP session hijacking
Packet fragmentation
HTTP header
Cookie
URL
Form data
Web Application Firewalls
start here
SQL injection
AV Protection
Cross site scripting
Data Theft Protection
Buffer overflow
Credit Cards, SSN,
Web worms
Sensitive Information
Cookie Poisoning
Session Hijacking
Forceful browsing
Parameter tampering
Web Apps
OWASP Top 10 Attacks
Protection Against OWASP Top 10 Attacks
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards
Distributed Denial Of Service Attacks
Bandwidth Based DDOS
Geo-IP based protection
Resource based DDOS
Slow Loris and Pyloris
A low bandwidth attack tool that focuses the attack on resource than bandwidth
Plug & Play Deployment & Management
Level of Customization
High
Custom & Positive Security
Medium
Template-Based Security
Low
Default Security
Manageability
High Availability
Active-Passive Pair
Manual or automatic failback
Online Demonstrations
Demo site
http://demo.barracuda.com
Open to the public
Vital Demonstration Pages
Availability
Status
Services
Server Health
Security
Network Security
Network Firewall
NAT’s
Acceleration
Caching and Compression
GSLB
Control
Content Based Routing
Web Address Translation
Application Security
Security Policy
Advance security
Internal patterns
Sizing and Product Selection
Model Comparison By Capacity
Model
240
340
440
640
840
2 x 10/100
2 x Gb
2x Gb
8x Gb
2x
10 Gb Cu
Max. Throughput
(Mbps)
95
950
950
5 Gbps
10 Gbps
Real Server Support
10
35
50
250
?
-
150
200
15000
?
Ethernet
SSL Offloading/
Acceleration
(TPS)
8x 1 Gb Cu
2x 10Gb Cu
2x10 Gb SFP
Optional Networking Modules Available on 640 and 840
Virtual Appliances Available
Feature Differences
All Models
Layer 4 Load Balancing
Barracuda Load Balancer ADC 340 and higher
High Availability
VLAN
Layer 7 Load Balancing
SSL offloading
Content based routing
Feature Differences
Barracuda Load Balancer ADC 440 and higher
Programming Interface/API
Global Server Load Balancing
HTTP Compression
Content Caching
Barracuda Load Balancer ADC 640 and higher
Application Security Subscription
Multi port option & optional networking modules
Frequently Asked Questions
F.A.Q
Does the Barracuda Load Balancer ADC balance traffic load
across WAN links?
No. The Load Balancer balances traffic sent to servers.
The Barracuda Link Balancer balances traffic across links.
F.A.Q.
Can’t I just use DNS to load balance my applications?
DNS does not provide health checking or failure detection
DNS only provides round-robin scheduling policy
Inefficient for most applications
DNS does not necessarily provide user session persistence
F.A.Q.
Can I load balance SSL traffic with persistence without
having to decrypt it on the Barracuda Load Balancer ADC?
Yes
It is not necessary to decrypt packets when load balancing SSL traffic.
SSL Offloading is possible but not mandatory
Layer 4 IP persistence can be used
Layer 7 Cookie, HTTP Header or URL based persistence is not possible without
decryption
*Functionality lost
Deep packet inspection on HTTPS traffic cannot be accomplished without
decrypting the traffic.
F.A.Q.
How does the Barracuda Load Balancer ADC handle Layer
7 persistence (cookies)?
If an application creates its own cookie, specify the cookie name in the
Load Balancer configuration
All traffic with cookie will be directed to the same server
If a cookie does not already exist, the Barracuda Load Balancer creates
and inserts a unique cookie for a new client
When the client returns cookie in responses, the Load Balancer will direct all
these responses to the same server
F.A.Q
Can the Application Security module do a Deep packet
inspection for SMTP traffic and protecting against Spams.
No, the Application Security Modules does a deep packet inspection on
web traffic (HTTP / HTTPS) and FTP traffic. For protection against
SPAM on your SMTP server you will required a Barracuda Spam and
Virus Firewall.
F.A.Q
Can the Application security module protect my SOAP
application ?
No, the XML Firewall currently is not available in the Application
Subscription modules. Barracuda does have a Web Application Firewall
that has a XML Firewall built in.
More information
Web site
http://www.barracuda.com/loadbalancer
Customer case studies
White papers
Demo walk through
Documentation
Demo page
http://adc.barracuda.com
Next Steps
Take the BT240 test
Listen in upcoming demo
Introduce the products to Resellers/ VAR’s
Make Your Quota!
Thank You