ACE features and capabilities

  • L3-L7 load balancing – you can check IP, port, cookie.
  • SSL encryption and decryption in HW – servers in general doesnt have special HW for encryption and decryption. It hits its CPU. thats why its better to put this to LB.
  • HTTP Optimization and Compression – saves bandwidth in HTTP communication, HTTP optimization keeps track of cookies and tries to scrable passwords and username which can be included in cookies in clear text.
  • Protocol inspection – same like on FW, How can you LB FTP which opens connection in random port? You make sure ACE understand FTP and makes sure that client will initiate FTP on port ACE has specified, not the random port. This is also security improvement, you dont want to have VIP listening on every port.
  • Normalization (security) – feature polled from FW. It has lot of function. It is by default on and it checks the packet if they are not dangerous. If they are the packet is dropped.
  • Virtualization – you can create contexts in ACE like in ASA.
  • High Availability/Fault Tolerance – its between two physical devices. See Aliases.
  • Smart probing and mitigation of server failures – with ACE you can create probe and do whatever test you want. TCP probe, HTTP probe, scripted probe, there is no limit here.
  • Aliases – this is form of HSRP. Its IP address which you configure on your ACEs and it is shared between ACES. Servers are then referring to this alias IP instead of physical IP. IP is active just on active ACE and when active goes down the standby take control and send gratuitous ARP with MAC of the active LB so switches updates the MAC table
  • RHI – route health injection. It is form of automating route propagation. ACE will send his VIP route as a host route to upstream gateway.
Získejte registraci domén s tld .online, .space, .store, .tech zdarma!
Stačí si k jedné z těchto domén vybrat hosting Plus nebo Mega a registraci domény od nás dostanete za 0 Kč!