Imagine browsing your favorite websites on your computer or playing a browser-based game when things start slowing down. You click the window in frustration hoping that the site responds, to no avail. Finally, the browser alerts you that something is making it run too slow and you need to reset it.
The problem is not the browser design or the websites that you are surfing. It is the fact that you are browsing too many resource-intensive sites through multiple web browsing applications. You may be using Firefox, Chrome, Internet Explorer, Edge, Opera, Safari, and/or a combination of the many other browsers on the market.
Content isolation, not resource reservation
You may have different web browsing applications open because each one is independent of the other. All login information, cookies, history and other content is only relevant to the browser that is accessing that site. When you log onto a site in Firefox, those credentials do not cross over to Internet Explorer. Each browser is an isolated container for all of the content that it receives.
As a gamer, it is not uncommon for me to have different browsers accessing the same online game using different accounts. There are multiple reasons why this is beneficial, but there is a performance cost associated with this application access model.
All of these open web browsers fight for the same resources on your computer. When the resources are exhausted, the browsers start to fail. There are no restrictions that one can place on each browser version to ensure the performance of it or the other browsers. If one website starts to consume a large amount of computer resources, it can impact the performance of all of the other browsers and applications open on the computer.
If the user wants to properly isolate the different browsers so that there is no potential for one browser to impact another, then it is necessary to create virtual containers that can restrict CPU, memory, and network usage within that container. This is what virtual machines are designed to do within the application hosting environment.
Not all applications are equal
Application delivery controllers (ADC) are built to manage and manipulate the access to applications by acting as a reverse proxy. Businesses often host multiple applications on the ADC due to cost, design, and functionality. Minimal thought is given to the resource needs, SLA requirements, and criticality of the application to the business. But this creates an environment that is susceptible to negative interactions.
In this architecture, if one of the hosted applications receives an increase in connections or requires custom policies that consumes excessive resources, then all of the other applications hosted on the ADC are negatively impacted. There are a finite amount of network, compute, and memory resources available within the ADC.
In the business world, this becomes a problem. Application availability is critical and it is unacceptable to have one application affect the availability of others within the network infrastructure. Application performance is not always predictable. Flash mobs, internet virality, natural disasters, and other events can impact an application’s usage. It is not acceptable to have a non-critical application surge and impact the resources available to critical services.
Route Domains are not virtualization
Some ADC vendors offer route domains as a solution to partition applications and tenants within the application delivery infrastructure. Route domains are based on virtual routing and forwarding (VRF) functions introduced when multi-protocol label switching (MPLS) was created. Route domains are a version of VRF-lite where the ADC is able to contain multiple forwarding information bases (FIB) that are separate and distinct.
In other words, the ADC is able to have separate layer 3 domains configured, with their own IP networks and routing tables. This is like having multiple browsers on a computer, where each route domain is equivalent to a unique browser instance.
The similarities within this analogy extend to the resource consumption problem. Just because there is virtual separation of content and application delivery, does not mean that there is separation of resource usage.
It is possible and probable that one application within one route domain will consume enough resources to affect the performance and availability of another application in another route domain. An unexpected, but probable, event is all that is required for the application to perform outside its normal parameters and impact all of the other applications configured on the ADC.
Enterprises and managed service providers that require multi-tenant services for their application delivery infrastructure need to look beyond route domains as a viable solution. True virtualization of the ADC through virtual machines is the only way to properly isolate and contain the applications.
The virtualization of the ADC through virtual instances that can allocate and reserve the compute, memory, and bandwidth available to the application must be a requirement when designing a proper application delivery infrastructure. Anything less is shortchanging your application users – your customers.