Uploaded bysteveshah
PPTX, PDF677 views

#lspe: Dynamic Scaling

The document discusses the scalability features and performance optimization of the Netscaler product, highlighting various technical aspects such as load management, data structures, and API capabilities. It emphasizes the importance of efficient data structures for handling increased loads and outlines strategies for dynamic scaling through clustering and real-time analytics. Additionally, it covers the API's role in enabling automation and monitoring of performance metrics within the Netscaler ecosystem.

Embed presentation

Downloaded 14 times
#lspe: Dynamic Scaling Shock Absorbers and APIs Steve Shah Sr. Director, Product Management February 21, 2013
Disclaimer • I’m going to talk about a product. ᵒIt’s kind of necessary in order to make this talk useful. ᵒBut a lot of you have this product or know someone that does! ᵒThe product is pretty cool… ᵒIt can also sing and dance. ᵒMaking coffee is on the roadmap. • Sorry. ᵒYes, I am marketing scum. ᵒNo, I will not to do a hard sell. • My Competition ᵒGoogle it. No really… It’s not hard to find them. ᵒTheir product has various approaches too. I encourage you to ask them.
What is NetScaler? Performan Availability ce Offload Security NetScaler powers some of the world’s largest infrastructures.
1998 to 2012: From Load Balancing to Virtual Networking 1998 1999 2002 2003 2005 2006 2008 2009 2011 L4 SLB L7 SLB SSL SSLVPN AppFW ICA XML VPX SDX GSLB CMP RHI SIP IPv6 nCore EdgeSight AppFlow MUX DNS AAA-TM DataStream RHI = Route Health Injection Secret Decoder Ring: ICA = App Proxy for ICA SLB = Server Load Balancing IPv6 = IPv6 Routing, Switching, LB GSLB = Global Server Load Balancing XML = XML Security, Routing MUX = HTTP Multiplexing VPX = Virtual NetScaler SSL = SSL Acceleration nCore = multi-core scaling CMP = HTTP Compression SDX = Multi-tenant NetScaler DNS = DNS Load Balancing / Proxy
Agenda • Things That Impact Scalability • Shock Absorbers • Out Scaling • Your ADC has an API!
Things That Impact Scalability Touching on a bit of theory…
Load is Not Linear • There are startup costs for enabling features in an ADC (memory and CPU) • However, each incremental request takes a small fraction of resources • As load increases, some global functions can take resources as well ᵒE.g., flushing unused IP fragments, running timers, management overhead, etc.
Data Structures and Big O • I/O, Data structures, and String processing are big factors • The two that get you are data structures and string ᵒACLs, VLANs, connection table, connection state, persistence table, etc. ᵒHTTP request processing and policy execution • Know your Big O – understand their impact ᵒBig O notation is how programmers describe efficiency of algorithms ᵒE.g., O(n) vs. O(log n) vs. O(1)
Shock Absorbers Coping with Load
Launching v8: The Role of Data Structures • Story time… launching a major service and what we learned • Major new roll-out – expected to double the number of servers to handle • Early testing revealed that large numbers of slow connections are meh • Invest in your data structures! Clean up on several core structures •  Average connection lookup time driven to near constant time: O(1) •  Stir in a team that dreams in assembly language and can see cache misalignment by glancing at code and shave another 20% off connection lookup times (absolute times) • Lesson: drive your apps to good data structures. Drive your vendors to do better.
MaxConns and SurgeQ Incoming load Peak perf – we want to stay there Typical server performance curve
MaxConns and SurgeQ Queue incoming requests in the ADC Set max conns here Server stays operating at maximum throughput
Story time: When 4 Hurricanes Hit
Out-Scaling
The SR-71 Approach: Go Faster Treat a collection of NS devices • Single System like a grand unified “big” device ᵒconfigured and managed as a single logical system • Scalable The Sheet-metal Test Steps: ᵒscales with number of devices • Take a cluster of NS, and an L2 switch. (distributes work) • Configure the devices to your liking. • Wrap the whole thing with sheet-metal, such that only the network ports remain exposed. • Fault Tolerant Test: ᵒHandles device failure, addition… Must be able to configure and use this contraption as if it were just another NS box. • Dynamic • connect wires into any visible port(s), create LAGs at will, enable L2 mode, MBF … • point GUI to Cluster’s IP and configure away
Clustering • Create a single system image out of a collection of instances ᵒInstances = virtual machines, physical instances, or instances on multi-tenant boxes • True shared management + data plane (the sheet metal test) • Shared state for key data structures (persistence, health check, etc.) • Linear scale by adding instances (up to 32) • Ability to manage faults with proportional degradation
Real-time Policy Based Analytics Actions Bandwidth Compress Connections Cache Top ‘N Requests Log Response Time Drop Frequency Respond Policy Based Decision Traffic Selection Feedback loop
Scaling Globally Active Mirror Site Site Global Server Load Balancing Route Health Injection (GSLB) (RHI) NetScaler uses DNS to send users to the closest site based NetScaler dynamically updates routing tables to direct on administrator defined metrics (geography, topology, clients to the active site based on real-time health site performance, availability) monitoring of backend infrastructure.
Your ADC Has an API!
API in a Nutshell: Your ADC Has This API Interfaces Client Toolkits Policy Statistics Scripting OOP Reverse Bulk Granular SOAP RESTful Perl/PHP/Python/ Java/C#/ASP/ JSON/XML PowerShell .NET based Call-Out Reporting Reporting
More RESTful - HTTP Status Code REQUEST RESPONSE Success Case: Success Case GET http://<nsip>/nitro/v1/config/lbvserver/lbv1 HTTP 200 OK Failure Case: POST http://<nsip>/nitro/v1/config/lbvserver Failure Case: Content- Type:application/vnd.com.citrix.netscaler.lbvser HTTP/1.0 409 Conflict ver+json { {"lbvserver": "errorcode": 273, {"name":"lbv111", "servicetype":"HTTP"} "message": "Resource already exists", } "severity": "ERROR" } Citrix Confidential - Do Not Distribute
Example: Using Java Indicate we want “rollback on failure” in this session Prepare 3 lbvservers to be added in one bulk operation Output Print results No attempt to add “lb3” because of Rollback behavior
AutoSense and AutoScale NetScalerautomatically is auto-provisionedabnormal behavior withbindings Traffic is monitoring engine auto-detects byin new serviceon NetScaler NetScaler NetScaler scaled for the newly added services does servers NetScaler triggers AutoScale capability CloudStack CloudStack “auto-provisions”CloudStack provides CloudStackAutoScale policy On successful AutoScale, adds server instances Latency, Throughput … NetScaler automatically new new service resources and descriptions monitors servers to CPU, Memory, based on M M M Internet M M M CloudStack
Work better. Live better.

More Related Content

PDF
OSCON Data 2011 -- NoSQL @ Netflix, Part 2
bySid Anand
 
PDF
Google Compute and MapR
byMapR Technologies
 
PDF
Intuit CTOF 2011 - Netflix for Mobile in the Cloud
bySid Anand
 
PDF
AKUDA Labs: Pulsar
byAKUDA Labs
 
PDF
HadoopCon2015 Multi-Cluster Live Synchronization with Kerberos Federated Hadoop
byYafang Chang
 
PPTX
Ai tour 2019 Mejores Practicas en Entornos de Produccion Big Data Open Source...
bynnakasone
 
PPTX
AWS Re:Invent - High Availability Architecture at Netflix
byAdrian Cockcroft
 
PPTX
Zero-downtime Hadoop/HBase Cross-datacenter Migration
byScott Miao
 
OSCON Data 2011 -- NoSQL @ Netflix, Part 2
bySid Anand
 
Google Compute and MapR
byMapR Technologies
 
Intuit CTOF 2011 - Netflix for Mobile in the Cloud
bySid Anand
 
AKUDA Labs: Pulsar
byAKUDA Labs
 
HadoopCon2015 Multi-Cluster Live Synchronization with Kerberos Federated Hadoop
byYafang Chang
 
Ai tour 2019 Mejores Practicas en Entornos de Produccion Big Data Open Source...
bynnakasone
 
AWS Re:Invent - High Availability Architecture at Netflix
byAdrian Cockcroft
 
Zero-downtime Hadoop/HBase Cross-datacenter Migration
byScott Miao
 

What's hot

PPTX
Windows Azure Design Patterns
byDavid Pallmann
 
PDF
HDFS Selective Wire Encryption
byKonstantin V. Shvachko
 
PPTX
Gluecon 2013 - NetflixOSS Cloud Native Tutorial Introduction
byAdrian Cockcroft
 
PPTX
Fraud Detection Architecture
byGwen (Chen) Shapira
 
PDF
Cmg06 utilization is useless
byAdrian Cockcroft
 
PDF
On ABR Streaming and CDN Performance
byDavid Sayed
 
PDF
[212]big models without big data using domain specific deep networks in data-...
byNAVER D2
 
PPTX
Gluecon 2013 - Netflix Cloud Native Tutorial Details (part 2)
byAdrian Cockcroft
 
PPTX
Netflix Play API: Why we built an evolutionary architecture
bySuudhan Rangarajan
 
PDF
Netflix Architecture Tutorial at Gluecon
byAdrian Cockcroft
 
PPTX
How to Make Hadoop Easy, Dependable and Fast
byMapR Technologies
 
PPTX
bdNOG 7 - Re-engineering the DNS - one resolver at a time
byAPNIC
 
PDF
Database backed coherence cache
byaragozin
 
PPTX
Aspera on demand for AWS (S3 inc) overview
byBhavik Vyas
 
PDF
Reactor, Reactive streams and MicroServices
byStéphane Maldini
 
PPTX
Denial of Service in Software Defined Netoworks
byMohammad Faraji
 
PPTX
From distributed caches to in-memory data grids
byMax Alexejev
 
PPTX
Clustrix Database Percona Ruby on Rails benchmark
byClustrix
 
Windows Azure Design Patterns
byDavid Pallmann
 
HDFS Selective Wire Encryption
byKonstantin V. Shvachko
 
Gluecon 2013 - NetflixOSS Cloud Native Tutorial Introduction
byAdrian Cockcroft
 
Fraud Detection Architecture
byGwen (Chen) Shapira
 
Cmg06 utilization is useless
byAdrian Cockcroft
 
On ABR Streaming and CDN Performance
byDavid Sayed
 
[212]big models without big data using domain specific deep networks in data-...
byNAVER D2
 
Gluecon 2013 - Netflix Cloud Native Tutorial Details (part 2)
byAdrian Cockcroft
 
Netflix Play API: Why we built an evolutionary architecture
bySuudhan Rangarajan
 
Netflix Architecture Tutorial at Gluecon
byAdrian Cockcroft
 
How to Make Hadoop Easy, Dependable and Fast
byMapR Technologies
 
bdNOG 7 - Re-engineering the DNS - one resolver at a time
byAPNIC
 
Database backed coherence cache
byaragozin
 
Aspera on demand for AWS (S3 inc) overview
byBhavik Vyas
 
Reactor, Reactive streams and MicroServices
byStéphane Maldini
 
Denial of Service in Software Defined Netoworks
byMohammad Faraji
 
From distributed caches to in-memory data grids
byMax Alexejev
 
Clustrix Database Percona Ruby on Rails benchmark
byClustrix
 

Similar to #lspe: Dynamic Scaling

PDF
Citrix - More Applications, More Security, More Availability
bydataplex systems limited
 
PPTX
Clavister security for virtualized environment
bynicolasotira
 
PDF
NetScaler and advanced networking in cloudstack
byDeepak Garg
 
PDF
ALOHA Load Balancer - Virtual Appliance
byEXCELIANCE
 
PDF
Load Balancing und Beschleunigung mit Citrix Net Scaler
byDigicomp Academy AG
 
PDF
Big datadc skyfall_preso_v2
byabramsm
 
PDF
Scalable Architecture 101
byConFoo
 
PDF
ALOHA Load Balancer - Rackable Appliance
byEXCELIANCE
 
PPTX
BIG-IP Policy Enforcement Manager
byF5 Networks
 
PDF
Ebs architecture con9036_pdf_9036_0001
byjucaab
 
PPTX
Citrix Netscaler Intro
byRui Lopes
 
PPSX
11 Net Scaler Xa1
byLiudmila Li
 
PPTX
BIG-IP ADCs and ADF
byF5 Networks
 
PDF
Cisco open network environment
bydeepers
 
PPTX
Rl net scaler-ha&dr_xendesktop_set2012
byRui Lopes
 
PDF
Alcatellucentsdn2013
bydeepersnet
 
PPT
Large-scale projects development (scaling LAMP)
byAlexey Rybak
 
PDF
OCCI status update
bybefreax
 
PDF
Http front-ends
byTheo Schlossnagle
 
PDF
Building high traffic http front-ends. theo schlossnagle. зал 1
byrit2011
 
Citrix - More Applications, More Security, More Availability
bydataplex systems limited
 
Clavister security for virtualized environment
bynicolasotira
 
NetScaler and advanced networking in cloudstack
byDeepak Garg
 
ALOHA Load Balancer - Virtual Appliance
byEXCELIANCE
 
Load Balancing und Beschleunigung mit Citrix Net Scaler
byDigicomp Academy AG
 
Big datadc skyfall_preso_v2
byabramsm
 
Scalable Architecture 101
byConFoo
 
ALOHA Load Balancer - Rackable Appliance
byEXCELIANCE
 
BIG-IP Policy Enforcement Manager
byF5 Networks
 
Ebs architecture con9036_pdf_9036_0001
byjucaab
 
Citrix Netscaler Intro
byRui Lopes
 
11 Net Scaler Xa1
byLiudmila Li
 
BIG-IP ADCs and ADF
byF5 Networks
 
Cisco open network environment
bydeepers
 
Rl net scaler-ha&dr_xendesktop_set2012
byRui Lopes
 
Alcatellucentsdn2013
bydeepersnet
 
Large-scale projects development (scaling LAMP)
byAlexey Rybak
 
OCCI status update
bybefreax
 
Http front-ends
byTheo Schlossnagle
 
Building high traffic http front-ends. theo schlossnagle. зал 1
byrit2011
 

Recently uploaded

PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
MuleSoft Vibes is an AI-powered assistant
byVikalp Bhalia
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
DOCX
Cloud Security, Serverless Security. Cybersecurity
byEdcelPacayraDuena
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
software-security-intro in information security.ppt
byismaeelsahib032
 
MuleSoft Vibes is an AI-powered assistant
byVikalp Bhalia
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Cloud Security, Serverless Security. Cybersecurity
byEdcelPacayraDuena
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 

#lspe: Dynamic Scaling

  • 1.
    #lspe: Dynamic Scaling ShockAbsorbers and APIs Steve Shah Sr. Director, Product Management February 21, 2013
  • 2.
    Disclaimer • I’m goingto talk about a product. ᵒIt’s kind of necessary in order to make this talk useful. ᵒBut a lot of you have this product or know someone that does! ᵒThe product is pretty cool… ᵒIt can also sing and dance. ᵒMaking coffee is on the roadmap. • Sorry. ᵒYes, I am marketing scum. ᵒNo, I will not to do a hard sell. • My Competition ᵒGoogle it. No really… It’s not hard to find them. ᵒTheir product has various approaches too. I encourage you to ask them.
  • 3.
    What is NetScaler? Performan Availability ce Offload Security NetScaler powers some of the world’s largest infrastructures.
  • 4.
    1998 to 2012:From Load Balancing to Virtual Networking 1998 1999 2002 2003 2005 2006 2008 2009 2011 L4 SLB L7 SLB SSL SSLVPN AppFW ICA XML VPX SDX GSLB CMP RHI SIP IPv6 nCore EdgeSight AppFlow MUX DNS AAA-TM DataStream RHI = Route Health Injection Secret Decoder Ring: ICA = App Proxy for ICA SLB = Server Load Balancing IPv6 = IPv6 Routing, Switching, LB GSLB = Global Server Load Balancing XML = XML Security, Routing MUX = HTTP Multiplexing VPX = Virtual NetScaler SSL = SSL Acceleration nCore = multi-core scaling CMP = HTTP Compression SDX = Multi-tenant NetScaler DNS = DNS Load Balancing / Proxy
  • 5.
    Agenda • Things ThatImpact Scalability • Shock Absorbers • Out Scaling • Your ADC has an API!
  • 6.
    Things That ImpactScalability Touching on a bit of theory…
  • 7.
    Load is NotLinear • There are startup costs for enabling features in an ADC (memory and CPU) • However, each incremental request takes a small fraction of resources • As load increases, some global functions can take resources as well ᵒE.g., flushing unused IP fragments, running timers, management overhead, etc.
  • 8.
    Data Structures andBig O • I/O, Data structures, and String processing are big factors • The two that get you are data structures and string ᵒACLs, VLANs, connection table, connection state, persistence table, etc. ᵒHTTP request processing and policy execution • Know your Big O – understand their impact ᵒBig O notation is how programmers describe efficiency of algorithms ᵒE.g., O(n) vs. O(log n) vs. O(1)
  • 9.
  • 10.
    Launching v8: TheRole of Data Structures • Story time… launching a major service and what we learned • Major new roll-out – expected to double the number of servers to handle • Early testing revealed that large numbers of slow connections are meh • Invest in your data structures! Clean up on several core structures •  Average connection lookup time driven to near constant time: O(1) •  Stir in a team that dreams in assembly language and can see cache misalignment by glancing at code and shave another 20% off connection lookup times (absolute times) • Lesson: drive your apps to good data structures. Drive your vendors to do better.
  • 11.
    MaxConns and SurgeQ Incoming load Peak perf – we want to stay there Typical server performance curve
  • 12.
    MaxConns and SurgeQ Queue incoming requests in the ADC Set max conns here Server stays operating at maximum throughput
  • 13.
    Story time: When 4Hurricanes Hit
  • 14.
  • 15.
    The SR-71 Approach:Go Faster Treat a collection of NS devices • Single System like a grand unified “big” device ᵒconfigured and managed as a single logical system • Scalable The Sheet-metal Test Steps: ᵒscales with number of devices • Take a cluster of NS, and an L2 switch. (distributes work) • Configure the devices to your liking. • Wrap the whole thing with sheet-metal, such that only the network ports remain exposed. • Fault Tolerant Test: ᵒHandles device failure, addition… Must be able to configure and use this contraption as if it were just another NS box. • Dynamic • connect wires into any visible port(s), create LAGs at will, enable L2 mode, MBF … • point GUI to Cluster’s IP and configure away
  • 16.
    Clustering • Create asingle system image out of a collection of instances ᵒInstances = virtual machines, physical instances, or instances on multi-tenant boxes • True shared management + data plane (the sheet metal test) • Shared state for key data structures (persistence, health check, etc.) • Linear scale by adding instances (up to 32) • Ability to manage faults with proportional degradation
  • 17.
    Real-time Policy Based Analytics Actions Bandwidth Compress Connections Cache Top ‘N Requests Log Response Time Drop Frequency Respond Policy Based Decision Traffic Selection Feedback loop
  • 18.
    Scaling Globally Active Mirror Site Site Global Server Load Balancing Route Health Injection (GSLB) (RHI) NetScaler uses DNS to send users to the closest site based NetScaler dynamically updates routing tables to direct on administrator defined metrics (geography, topology, clients to the active site based on real-time health site performance, availability) monitoring of backend infrastructure.
  • 19.
    Your ADC Hasan API!
  • 20.
    API in aNutshell: Your ADC Has This API Interfaces Client Toolkits Policy Statistics Scripting OOP Reverse Bulk Granular SOAP RESTful Perl/PHP/Python/ Java/C#/ASP/ JSON/XML PowerShell .NET based Call-Out Reporting Reporting
  • 21.
    More RESTful -HTTP Status Code REQUEST RESPONSE Success Case: Success Case GET http://<nsip>/nitro/v1/config/lbvserver/lbv1 HTTP 200 OK Failure Case: POST http://<nsip>/nitro/v1/config/lbvserver Failure Case: Content- Type:application/vnd.com.citrix.netscaler.lbvser HTTP/1.0 409 Conflict ver+json { {"lbvserver": "errorcode": 273, {"name":"lbv111", "servicetype":"HTTP"} "message": "Resource already exists", } "severity": "ERROR" } Citrix Confidential - Do Not Distribute
  • 22.
    Example: Using Java Indicate we want “rollback on failure” in this session Prepare 3 lbvservers to be added in one bulk operation Output Print results No attempt to add “lb3” because of Rollback behavior
  • 23.
    AutoSense and AutoScale NetScalerautomatically is auto-provisionedabnormal behavior withbindings Traffic is monitoring engine auto-detects byin new serviceon NetScaler NetScaler NetScaler scaled for the newly added services does servers NetScaler triggers AutoScale capability CloudStack CloudStack “auto-provisions”CloudStack provides CloudStackAutoScale policy On successful AutoScale, adds server instances Latency, Throughput … NetScaler automatically new new service resources and descriptions monitors servers to CPU, Memory, based on M M M Internet M M M CloudStack
  • 24.

Editor's Notes

  • #4 NetScaler enhances the deliver of your customers web applications across four principle dimensions (click). These include Availability, Performance, Offload, and Security; all built on a common IT interface and providing an excellent ROI.Within each feature category there are numerous techniques (CLICK) delivered by NetScaler and I will elaborate on each.Customers gain:100% application availability via our world-class L4-L7 load balancing capabilities and intelligent service health monitoring featuresAccelerated application performance by 5x through static and dynamic content caching and compressionAn average of 60% in application infrastructure savings through connection pooling and offloading SSL processing from servers; this is especially important for Web 2.0 applicationsEnd-to-end application security with integrated Access Gateway Enterprise for secure remote access and an application firewall for protectionagainst application layer attacks