OPSEC Partners

Intercept
In order to add value to traffic flows, the ITM device first must intercept the traffic. This first requires the ITM device to be outfitted with an appropriate port count and connectivity to fit into the existing network topology. As traffic flows through the device, it must be intercepted in order for it to be inspected, transformed, and directed.Interception usually takes two forms: simple and delayed binding. Simple interception allows the simple inspection and traffic transformations usually associated with Layer 4 load balancing. Delayed binding allows advanced, deep inspection to determine the type of transformation and direction required.

Inspect: Requires Processing Power and SSL
Once the traffic is intercepted, the device must then inspect the traffic in order to determine exactly what it is, and how it should be treated. This is where processing power becomes very important. Simple inspection may include evaluating traffic based on Layer 4 criteria, such as IP and port information. Most businesses, however, are demanding that their ITM device be capable of inspecting their traffic at a level deeper than Layer 4 and beyond basic URL-based traffic inspection. Initially, the market demanded that ITM devices be able to inspect the full http header in order to make traffic management decisions on cookies or other information contained therein.

Most recently, however, demand has shifted again, requiring that the ITM device be able to inspect any portion of the data field or payload within IP packets to make traffic management decisions and effectively manage applications delivered over Internet technologies.In order to effectively inspect traffic, the ITM device must be able to apply all of its processing capabilities to the traffic flowing through the device; this is where the decision must be made. Furthermore, the ITM device must be able to apply a high degree of processing power in order to provide the level of inspection required on the actual payloads of packets - then make traffic management decisions based on the results, and the customized business rules that an organization has.

Secure Socket Layer
Additionally, SSL or encrypted traffic poses a special challenge during the inspection step, as the ITM device is blind to what the encrypted traffic really is. In order for the ITM device to inspect and make decisions on SSL traffic, the device must also be able to act as a termination point for the encrypted traffic and un-encrypt it ("bring it into the clear") in order to perform the inspection task. Since most businesses are securing an increasing amount of their traffic and applications using SSL, it is imperative that the ITM device include this functionality and be able to perform this task.

Transform: Requires Intelligence
Once the traffic has been inspected, the ITM device must then perform any necessary transformations on the traffic. Transformations can include simple things such as changing the destination IP addresses and port addresses in order to get the traffic to the desired asset being load balanced. Transformations can also be more advanced, such as re-encrypting traffic using SSL so traffic sent to the servers is protected, re-writing URL values for things like Akamaization (changing content without manually re-writing code), or inserting cookies into HTTP headers for persistence so applications avoid time-consuming alterations.

Direct: Requires Intelligence
Finally, the ITM device must direct traffic to one of the assets being load balanced. The decision of where to direct traffic is based on availability and responsiveness of the assets, and advanced business rules for the traffic.

BIG-IP is an adaptive solution that can evolve with the demands placed on today's web services and applications for the enterprise, hosted, and wireless carrier provider networks, saving both entities considerable time and money, and opening new revenue opportunities.