Traffic Management and Application Acceleration This chapter introduces concepts for load balancing and application acceleration (when enabled) and explains how to configure your data center for traffic management policies. It includes these topics: Configuring Farms Configuring Servers Traffic Management Policies SSL Offloading and Authentication Application Acceleration Layer 7 Traffic Management Layer 7 Modification Layer 7 Server Persistency Client Table Management Network Address Translation (NAT) Configuring AppDirector Advanced Global Parameters The following workflow helps you to understand how to configure traffic management and acceleration for AppDirector and distinguishes between Acceleration enabled and disabled functionalities. AppDirector load balances traffic to application servers that provide various application services, such as FTP, Web, e-mail, ERP, CRM, Streaming, VoIP, and so on. To receive the requested service, user traffic is directed to a homogenous and redundant group of servers. This is managed by AppDirector, which decides to which group of servers to direct the request to provide the service required by the client. to which server within the required group to direct the traffic to optimize the service provided and to ensure its operation. The main elements involved in configuring server load balancing on AppDirector are: 1. Farm — A group of application servers that provide the same service. A farm can provide multiple services and a server can be part of multiple farms. 2. Virtual IP address (VIP) — A single point of entry through which clients can access a variety of services. 3. Layer 7 Policy — A set of rules that let you select a farm based on application data (Layer 7). 4. Layer 4 Policy — A set of rules that let you select a farm based on Layer 4 and Layer 7 data if required (by linking to a Layer 7 policy) and activate application acceleration capabilities. The Layer 4 data used to classify traffic using Layer 4 polices are: a. Destination IP address (VIP) b. Layer 4 Protocol (TCP, UDP, ICMP, SCTP, Any or Other) c. Layer 4 Port d. Source IP address range When traffic reaches the services point of entry (VIP) AppDirector Matches the Layer 4 data in the packet to Layer 4 policies configured on AppDirector until the best match is found. Once a matching Layer 4 Policy is found, AppDirector processes the traffic according to the services required for this Layer 4 Policy. As an example, the following actions are performed for HTTPS traffic processing: 1. SSL processing is performed by AppDirector, if required, to off-load it from the servers. 2. If HTTP caching is enabled, AppDirector can respond from the cache, to off-load it from servers if the requested object is in the cache. In this case steps 3-5 are not relevant. 3. If a Layer 7 policy is attached, AppDirector processes the application request searching for the Layer 7 policy criteria to select the target farm, if not the target farm is the one directly attached to the Layer 4 policy. 4. Traffic is forwarded to the server best able to deliver the requested service within the target farm. 5. If HTTP caching is enabled, cache objects from the response according to configuration. 6. HTTP response can be compressed if required. 7. Response is SSL encrypted before being sent to client.