Sun has entered the crowded content-switching market with a novel twist: Its Sun Secure Application Switch N2120V lets users define multiple switching and routing domains on a single box.
In our tests, we found it relatively easy to set up multiple domains. Performance also was good, with support for up to 1.25 million concurrent connections and as many as 230,000 new connections set up each second, making the Sun box a fit for all but the very largest data centres.
N2000 series switches offer many of the same features as competing application acceleration devices from Array, Citrix, Crescendo, F5 Networks, Foundry Networks and Juniper. These include load balancing, content switching, TCP multiplexing, SSL acceleration and protection against denial-of-service attacks.
Virtualisation is where the N2000 devices differ. The Sun N2120V lets users define multiple switch and router instances (called vswitches and vrouters) on the same hardware, each with unique broadcast domains.
One N2120V can be configured with up to 10 instances of virtual switches and routers, each with routing tables that can reuse the same address space. Virtual switches and routers can span multiple physical devices, with up to 128 interfaces per vrouter.
Virtualisation is useful for companies looking to partition routing information between different divisions, locations or customers. This feature also lets network managers define different domains - or tiers - based on application type.
A vswitch sitting in the access tier of the Sun box provides clients with a single virtual IP address, behind which there might be dozens or hundreds of servers, often using private addresses that require network address translation.
A load balancer in the Web tier parcels out client requests to Web servers. Often embedded in these Web requests are calls to back-end databases or other applications in the application tier.
A content vswitch with application awareness parses these calls and sends them to servers in the application tier.
While many vendors' application front-end devices can handle this three-tier design, Sun's device allows multiple instances of each tier to be defined on the same switch.
For example, two sets of application tiers might be set up, one apiece for database and streaming media servers. With competing products, a separate physical device is needed for each tier to avoid overlapping address space.
Virtualisation can enhance security because there is no leakage between different virtual domains. While the N2120V supports access control lists, Sun said they are not necessary because different virtual routers cannot reach one another.
While virtualisation offers novel partitioning capabilities, the N2120V does not perform caching and cannot compress HTTP data, a useful method of speeding data delivery to users on low-speed dial-up or DSL lines.
In our performance tests, we assessed the N2120V as a content switch and as a simple Layer 4 load balancer. In both configurations, we measured the device's concurrent connection capacity and maximum connection establishment rates.
We configured the switch in a two-tiered configuration, with clients and a virtual IP address residing in an access tier, and Web and SSL servers and a load balancer residing in a Web tier.
We also set up an out-of-band Ethernet management port in the access tier. In this case we used the serial console to set the maximum number of concurrent telnet users to '0' - a setting that usually means there is no maximum.
However, with the N2120V, the setting means no one can use telnet, even if it's enabled. There are other cases where the command line interface (CLI) lacks polish.
For example, its hierarchical menus resemble Cisco's IOS in some ways, but unlike IOS there is no way to restrict verbose output with a pipe command or regular-expression searching. The CLI also lacks connectivity tools such as a ping and telnet client.
We found the Web-based GUI faster and more intuitive. Once we located the various vswitches and vrouters, it was simple to monitor or reconfigure them with this interface.
We also verified that the Flash-based animations in the GUI worked in multiple browsers, including Firefox, Internet Explorer and Safari.
With the Sun switch configured as a content switch, we measured Web and SSL scalability in terms of capacity and rate.
We used the Spirent Avalanche 2500 system to establish up to 230,000 unique HTTP 1.0 sessions at the same time.
With HTTPS traffic we topped out at 144,000 concurrent sessions. In the rate tests, we established 59,501 HTTP sessions per second and 9396 SSL sessions with the Sun device set up as a content switch.
Both sets of results reflect the limits of our test bed and not the Sun switch.
We then configured the N2120V as a conventional load balancer, without the content inspection features enabled.
Not surprisingly, the switch scales to higher levels when content inspection is disabled, handling up to 1.25 million concurrent HTTP 1.0 sessions. In the rate tests, we topped out at nearly 100,977 connections per second.
Once again, this rate was because of a limitation of our test bed. Sun claimed the system's actual limit is closer to 200,000 connections per second. There are plenty of application acceleration devices on the market, each with high performance and a passel of properties that take them well beyond the conventional load balancer.
Where the Sun device really shines is virtualisation. It offers most of the same features as its competitors, but goes a step beyond in replicating those features as many times as users need them.
N2120V CONTENT SWITCH
Overall rating: 4.1 Company: Sun Cost: US$49,087 as tested. Pros: Virtualisation allows easy segmentation of groups of clients and servers; good performance; easy-to-use Web GUI. Cons: No caching, compression features; command line interface lacks polish.
The product is distributed by Alstom IT.
Newman is president of Network Test, an independent engineering services consultancy in Westlake Village, Calif. He can be reached at firstname.lastname@example.org.