The ADC, one component of an ADN, evolved from layer 4-7 switches in the late 1990s when it became apparent that traditional load balancing techniques were not robust enough to handle the increasingly complex mix of application traffic being delivered over a wider variety of network connectivity options.
The application delivery controller (ADC) is assigned a single virtual IP address (VIP) that represents the pool of servers.
Increasingly the ADN comprises a redundant pair of ADC on which is integrated a number of different feature sets designed to provide security, availability, reliability, and acceleration functions.
This has the effect of reducing the overhead imposed by establishing and tearing down the TCP connection with the server, improving the responsiveness of the application.
A separate class of devices known as WAN Optimization Controllers (WOC) provide this functionality, but the technology has been slowly added to the ADN portfolio over the past few years as this class of device continues to become more application aware, providing additional features for specific applications such as CIFS and SMB.
Advanced health checking techniques allow the ADC to intelligently determine whether or not the content being returned by the server is correct and should be delivered to the client.
Typical industry standard load balancing algorithms available today include: The ADN provides fault tolerance at the server level, within pools or farms.
[16] The ADN also ensures application availability and reliability through its ability to seamlessly "failover" to a secondary device in the event of a hardware or software failure.
SSL uses PKI to establish a secure connection between the client and the ADN, making it difficult for attackers to decrypt the data in transit or hijack the session.
[citation needed] The use of a virtual IP address (VIP) and position of the ADN in the network provides the means through which certain resources can be cloaked, or hidden, from the client.
Many commercial ADN companies have acquired and integrated these functions and present such features as part of a defense in depth strategy often cited by security professionals.
This results in exposure to potential network layer attacks including Denial of Service (DoS) from ICMP and SYN floods.
The ADN generally employs a number of protections against typical network layer attacks though it does not implement the full security offered by an IPS.
Some of the Network Layer Security technologies that may be employed by ADN devices include: Delayed binding, also called TCP splicing, is the postponement of the connection between the client and the server in order to obtain sufficient information to make a routing decision.
Some application switches and routers delay binding the client session to the server until the proper handshakes are complete so as to prevent Denial of Service attacks.