Datasheet
Product Bulletin
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 8
Fast Description Benefit
Session ID Stickiness Stickiness or persistence is the mechanism that allows the same
client to maintain multiple simultaneous or subsequent
connections with the same real server for the duration of a
session.
When customers visit an e-commerce site and start to add items
to their shopping carts, it is important that all the requests from a
client get directed to the same server so that all the items are
contained in one shopping cart on one server. An instance of a
customer's shopping cart is typically local to a particular Web
server and is not duplicated across multiple servers.
E-commerce applications are not the only types of applications
that require stickiness. Any web application that maintains client
information and state may require stickiness, such as banking
applications or online trading.
ACE can stick a client to an appropriate server based on Source
and/or destination IP address, Cookies, Hypertext Transfer
Protocol (HTTP) header and SSL Session ID.
Secure Socket Layer (SSL) ensures the secure transmission of
data between a client and a server.
The client and server use the SSL handshake protocol to
establish an SSL session between the two devices. A new
session ID is created every time the client and the SSL server go
through a complete negotiation of session parameters, unique to
each session.
ACE can stick a client to an appropriate server based on SSL
Session ID.
Secure session persistence
over SSL
Session ID Reuse Secure Socket Layer (SSL) ensures the secure transmission of
data between a client and a server.
The client and server use the SSL handshake protocol to
establish an SSL session between the two devices.
In a standard SSL handshake, a new session ID is created every
time the client and the SSL server go through a complete
negotiation of session parameters, unique to each session.
ACE can accelerate subsequent SSL session setups between
the client and the ACE by reusing SSL IDs stored in its session
cache from previously negotiated session parameters.
Accelerate SSL client
connection setup.
Client Authentication In a standard SSL implementation a server authenticates itself to
clients by sending an
X509 certificate (digital identification for authentication).
However, there is no similar assurance that the client is who it
claims to be.
Client authentication feature on ACE, acting as an SSL server,
addresses this problem by requiring the client to provide X509
certificate.
ACE (server) verifies the following information on the certificate:
●
A recognized CA issued the certificate.
●
The valid period of the certificate is still in effect.
●
The certificate signature is valid and not tampered.
●
The CA has not revoked the certificate.
Permits only legitimate clients
to access servers
Table 3.
Secure Description Benefit
Rate Limiting ACE software release 2.1 adds new rate limiting capabilities:
●
Connection rate: The number of connections per second
received by the ACE destined to a real server
●
Bandwidth rate: The number of bytes per second applied to
the network traffic exchanged between the ACE and a real
server, in both directions
Rate-limiting based traffic policing is supported at the per virtual
server level.
Rate- limiting based load-balancing is supported at the per
real/rserver level.
This features also provides feedback to load-balancing decision;
it takes real servers exceeding rate limits out of load-balancing
and puts them back into load-balancing when the rate is below
the limits.
The rate limit parameters can be applied to a set of real servers,
virtual servers or both.
Protects Server resources