Brocade Communications Systems Brocade Serveiron 1000 User Manual

• SYN-Guard: Protects server farms against multiple forms of DoS attacks, such as

TCPSYN and ACK attacks, by monitoring and tracking session flows. Only valid

connection requests are actually sent to servers. ServerIron ADX switches are
capable of defeating DoS attacks at the industry’s highest rate of up to 120 million
SYN/sec.

• High-availability application switching: Utilizes active-standby mode, whereby the

standby ServerIron ADX switch assumes control and preserves the state of existing
sessions in the event the primary load-balancing device fails. In active-active mode,
both ServerIron ADX switches work simultaneously and provide a backup for each

other while supporting stateful failover.

• HTTP multiplexing (server connection offload): Increases server performance,

availability, response time, and security by offloading connection management from

the servers. Using persistent HTTP 1.0 and 1.1 connections to the server, ServerIron
ADX switches stream a large number of client connections to very few server
connections. Connection offload enables the servers to dedicate resources for high-
performance application content delivery.

• Application rate limiting: Protects server farms by controlling the rate of TCP and UDP

connections on an application-port basis, thereby guarding against malicious attacks
from high-bandwidth users.

• High-performance access control: Uses extended ACLs to restrict access to specific

applications from a given address or subnet.

• Application redirection: Uses HTTP redirect to send traffic to remote servers if the

requested service or content is not available on the local server farm.

• Hardware SSL acceleration: Utilize dedicated SSL hardware for high-performance SSL

offload, both in SSL terminate and proxy modes

• Advanced firewall and security device load balancing: Increases firewall and

perimeter security performance by distributing Internet traffic loads across multiple
firewalls and other perimeter security appliances. This approach overcomes

scalability limitations, increases throughput, and improves resiliency by eliminating
perimeter security devices—such as firewalls, anti-virus gateways, VPN devices, and
intrusion appliances—as single points of failure.

• Transparent Cache Switching (TCS): Balances Web traffic across multiple caches,

eliminating the need to configure each client browser, improving Internet response
time, decreasing WAN access costs, and increasing overall Web caching solution
resiliency. ServerIron ADX switches improve service availability by implementing

cache health checking, redirecting client requests to the next available cache server
or directly to the origin server in the event of a cache or server farm failure.

Q Do ServerIron ADX switches provide SSL offload and application server acceleration?
A The ServerIron ADX 1000, 4000, and 10000 series, provide industry-leading high-

performance SSL offload, in both SSL terminate and SSL proxy modes. The ADX 1000
models 1008-1, 1016-2, 1016-4 and 1216-4, that is shipped post February 1

st

, 2010, is

shipped with built-in SSL hardware and can be upgraded for SSL offload through simple
software license upgrade. The ADX 4000 and ADX 10000 chassis can be field-upgraded

for SSL by adding an SSL expansion module on top of the management module. The ADX
1000 with 4 application cores can process up to 28,672 TPS (transactions per second),
and the ADX 10000 chassis with two SSL expansion modules can process up to
230,000 SSL TPS.

10 of 14