Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Nortel Networks Alteon Application Switch 2424-SSL

Nitty Gritty

Let's get this out in the open--configuring the Alteon 2424 proved to be a challenge. The 2424 requires very little configuration for a standard Layer 4. However, I had to configure five separate VLANs, find LC-to-SC media converters and ensure that all the networking was functioning before I could get a look at the Layer 4-7 pieces of the device. And if you're used to a Cisco Systems IOS-like CLI, the requirement to associate an IP address with a VLAN via an interface seems strange.

To set up the 2424 to do basic Layer 4 load balancing for eight Web servers (emulated by Spirent Communications' WebReflector), I configured four separate VLANs for the Web servers (two per port on the WebReflector) and another VLAN for the 2424 connectivity to a Cisco Catalyst 6500.

One of the more noteworthy aspects of the 2424--something particular to Alteon switches--is that it lets you specify individual ports for client or server processing, or both. I enabled ports to which the WebReflector was connected for server processing, while I designated the single port into the Catalyst 6500, through which clients would access the Web site, for client processing. Although such work is tedious, it lets the 2424 eliminate internal processing for specific ports and concentrate cycles only on necessary functionality.

A new feature in the 2424 is its ability to enable/disable delayed binding at Layer 4, a default aspect of Layer 7 switching (routing traffic at the application layer is dependent on having the application data available to examine). When delayed binding is enabled at Layer 4, the 2424 makes no determination as to which back-end server should process the request until after the TCP handshake is completed and the HTTP headers have been received. This helps prevent DoS attacks by SYN floods, since the use of delayed binding doesn't let the initial SYN reach a back-end server until after the validity of the request is confirmed.

  • 1