COLORADO SPRINGS, Colo. — Foundry Networks Inc. is debuting a new operating system for its ServerIron switch that will allow the load-balancing platform to control high-level traffic based on XML tags, HTTP headers, and firewall functions.
As part of the IronWorks 9.0 release, firmware for FPGAs already used in the ServerIron switch will upgrade the chips to better cope with denial-of-service attacks by making the switch act as a TCP SYN proxy.
Chandra Kopparapu, vice president and general manager of Foundry's service provider business unit, said existing ServerIron customers with maintenance contracts would receive all application updates free as part of the new IronWorks OS release. The operating system will ship with all new ServerIron switches beginning this summer.
Foundry is best known for its edge routers and switches for enterprise and metro carrier applications. The ServerIron server-load balancers, introduced three years ago, pit the company directly against rivals like Alteon Websystems Inc. and F5 Inc.
Kopparapu said a key factor in effective load-balancer design is not merely offering best access performance but having a purpose-built architecture that will allow switching based on many attributes of traffic at Layers 4 (transport) through 7 (application).
The new software allows traffic to be switched based on XML tags and HTTP header fields. Foundry has been careful to distinguish the former feature from the specialized XML content switches offered by newer specialists like Sarvega Inc.
The ServerIron switch now serves two distinct proxy functions. For HTTP client traffic, the switch terminates all TCP traffic and operates as an HTTP proxy, aggregating multiple client links to the server. In DoS attacks, when SYN floods are initiated by malicious users, the switch acts as a TCP SYN proxy (SYN is a flag for the first stage of a TCP handshake).
Foundry made two improvements to its network management software as part of the OS release. Configuration updates for ServerIron switches are now handled directly through IronView network management software. For more detailed monitoring of switches, Foundry is using the sFlow flow analysis mechanism specified in the Internet Engineering Task Force RFC 3176 standard. The packet sampling used in sFlow is directly implemented in ServerIron ASICs, and is able to be analyzed by the network management system.
Foundry is implementing a new capability for the ServerIron which will allow the switch to be used in a unique application, as a means of selecting links from an enterprise to two different Internet service providers. The link load balancing function measures link bandwidth and response time, and compares pricing of an ISP link as a function of time, packets and bandwidth. It then chooses the most effective link dynamically.
Foundry has specified a low-end ServerIron switch, the XL, to be used as a dedicated ISP link manager, handling four T3 lines or two OC-3 lines at a cost of $11,495.
In smaller enterprises, separate ServerIron switches could be used for external ISP link and internal firewall balancing, Kopparapu said, which is why Foundry made a smaller switch. In larger companies, one switch can serve both ISP and firewall functions, though Foundry will recommend only higher-end systems that offer more ASIC-based performance, to serve required dual functions.
