《BNL PDN Enhancements》.ppt

BNL PDN Enhancements Perimeter Load Balancers Scaleable Performance Fault Tolerance Server Maintainability User Convenience Perimeter Security Cisco Content Sensitive Switches Dual Cisco 11506 units for fault tolerance Dual Cisco 4506 switches for proxies Rated at 40GB/Sec. Maximum throughput Virtualizes site perimeter services Extreme scaleable and flexibility High availability and redundancy Content Switches cont. ACL based proxy service access (secure) Provides expandable pools of servers and services Transparent to end users A single IP address / DNS name for all servers in the service pool (Virtual IP) Load balanced user access to proxies based on Least Number of Connections algorithm Content Switches cont. Proxies assigned RFC 1918 (Private IP) space (additional isolation) Linear scalability Individual servers can be added to or removed from the service pool at will. This facilitates software upgrades, maintenance, and patch support for the actual servers. CSS VIP Security Behavior similar to Pix Firewall Outbound traffic permitted by default Inbound traffic subject to ACL optional Protects all pool services Internet scans show no or minimal services (Only the advertised services) Performance Overview Services virtualized and “Pooled” together Approximately Linear Scalability / 28 for individual service pools 14 slaves max Separate management and load traffic paths Proxy Services Virtual IP’s SMTP HTTP SSH TELNET HTTP/Reverse FTP Others as we grow Summary Cisco CSS provides a high throughput scalable solution for most BNL perimeter services Security enhancements are additional features IP v6 Test Bed Deployment Campus Network and Host Security Low Cost Built from “recycled” 7513 free S