Datasheet
Product Bulletin
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 8
Table 1. New Features in Cisco ACE Module Software Release 2.1.0
Available Description Benefit
Generic Protocol Parsing
(GPP)
ACE has native understanding of the following protocols: HTTP,
FTP, DNS, ICMP, SIP, RTSP, Extended RTSP, Radius and
RDP. However, data center owners may have to deal with many
other applications –custom applications, legacy applications,
packaged applications, etc.
Cisco ACE’s GPP feature enables you to configure application
switching and persistence policies based on any information in
traffic payload for custom and packaged applications without
requiring any programming.
The Cisco ACE performs payload parsing via hardware using a
powerful regular expression engine to obtain maximum
performance unlike other software-based solutions.
ACE can switch custom and
packaged applications without
any programming.
Cisco ACE supports the ability to insert, delete or rewrite HTTP
headers in both client requests and server responses.
HTTP Header Insertion
ACE provides an ability to insert HTTP header in request,
response or both.
Consider an example when ACE uses source NAT to translate
the clients IP address, often the servers need a way to identify
that client.
To identify a client whose source IP address has been NAT’ed,
you can instruct the ACE to insert a generic header and string
value of source IP address before the request is sent to the
server.
Increased client visibility for
applications to perform
logging and auditing.
HTTP Header Rewrite
ACE provides an ability to rewrite HTTP header in request,
response or both.
Consider an example where a client wants to connect to a
secured Web application. In this scenario, client sends a HTTPS
request to the application. An external application switch
terminates the SSL connection and sends clear text to the
application. Since the application is unaware that incoming client
HTTPS request was terminated on the application switch, the
application may redirect the client to a non secured HTTP URL
rather than to the secured HTTPS URL.
To solve this problem, Cisco ACE application switch modifies the
redirected URL from HTTP to HTTPS in the “Location” header
before sending the response to the client.
Secure delivery of SSL
content back to the client
HTTP Header
Manipulation
Delete HTTP Header
HTTP header deletion can be used to strip sensitive HTTP
headers from server responses.
For example, by default many web servers include the
information about the web server such as version, O/S in HTTP
response header. This information could potentially be used to
generate malicious attacks.
In this example, Cisco ACE can automatically delete such
headers, thus hiding the server type and version from clients.
Secured Web applications
Partial Server-Farm
Failover
Currently, if a backup server-farm is configured, the primary
server-farm would failover to the backup only when all the real
servers in that server-farm go down.
Partial Server-farm Failover feature allows the user to specify a
minimum percentage (eg. X%) of real servers to be active in the
farm before the primary server-farm fails over to the backup
server-farm.
When the primary server-farm fails over to the backup, all
currently established connections will continue to exist on the
primary server-farm. All new requests are routed to the backup
server-farm.
For the primary server-farm to return to service, a minimum
percentage (eg. Y% > X%) of real servers should be active.
Cisco ACE provides capability
to manage which server farm
(primary or backup) receives
new traffic based on the
number of available Real
Servers (RServers).
TCP Dump ACE can capture real-time packet information for the network
traffic that passes through the ACE.
The ACE buffers the captured packets, and you can copy the
buffered contents to a file in flash memory on the ACE or export
to Ethereal.
Enhanced Troubleshooting