How to shop for Application Delivery Controllers

How to shop for Application Delivery Controllers

The key difference between Application Delivery Controllers (ADC) is the way they can be integrated into your organization's network topology. Most organizations may deploy a server load balancer/ADC in-line as a Layer-3 reverse-proxy-server.

This configuration requires public/global addresses on the external interface and private addresses on the internal interface. On the back-end, IPv4 servers use RFC1918 IPv4 addresses, but with IPv6 it is not necessary to use private Unique Local Addresses (ULA) for the internal networks. ADCs that operate this way are fully-stateful and perform TCP Normalization and traffic inspection, which benefits security.


Other products may operate virtually in-line as a proxy server, but not be directly in the traffic path. These solutions may require the use of source-NAT, Policy-Based Routing, or act as the server's default gateway to force the traffic through the ADC. These products can allow Direct Server Return and may lack stateful awareness of the connections.

Other systems may operate at Layer-2 and create a bridge between two virtual LANs or subnets. These products may use a Bridges Virtual Interface or proxy and/or source-NAT to get the traffic to go through the appliance.

There are also more products being offered as a virtual appliance at the hypervisor layer. The server VMs use the virtual appliance as their proxy-server or default gateway. Many organizations prefer virtual appliance solutions because they are easy to test and can be deployed quickly with the virtual networking, virtual switch, and virtual firewalls being deployed in server-virtualization environments. These virtualization-layer products help organizations with their public or private cloud initiatives.

Another feature that is important for organizations using these IPv6-enabled ADCs to front-end IPv4-only web application servers is URL rewriting. If the external FQDN for the IPv6 Web site is different than the IPv4 internal web application's embedded links, then those links will need to be re-written to the IPv6-FQDN. This feature will ensure that the site does not automatically fall back to the IPv4-embedded links and keeps the client believing that the entire site is reachable over IPv6.

Return to main test.

Read more about lan and wan in Network World's LAN & WAN section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about ADCetwork

Show Comments