What is Content Switching?
Application & Virtual Server Load Balancing via Deep Packet Inspection
Content switches (also sometimes called application switches) are a class of network devices that are becoming increasingly common in medium to large sized data centers and web-facing infrastructures.
Traditional switches work at Layer 2 of the OSI model and direct incoming frames to the appropriate exit port based on destination MAC addresses. Content switches, however, inspect the contents of data packets all the way from Layer 4 to Layer 7 and can be configured to perform advanced functions depending on what they find.
Vendor Solutions
Many vendors now offer content switching products:
- Cisco: CSM (Content Switching Module), ACE (Application Control Engine), ACE 4710 appliance
- F5 Networks: BigIP LTM (Local Traffic Manager), GTM (Global Traffic Manager)
In functional terms, these devices are dedicated computers running a real OS (e.g., Linux variant on F5 BigIP LTMs) with specialized hardware for packet manipulation and switching.
Example Use Case
Suppose end-user PCs on the internet need access to an application running on a server farm:
- A single target IP address must be presented.
- Incoming sessions must be routed and shared across servers.
- Resilience is needed to handle failures automatically.
A content switch provides all these features and more.
Virtual Servers
On the content switch, you can define a virtual server which:
- Offers a single IP address externally.
- Specifies ports, protocols, sources, and other parameters.
- Offloads SSL termination, certificate management, and authentication.
- Controls timeouts, session limits, and access policies.
This offloading reduces complexity and workload on backend servers.
Load Balancing
Content switches enable:
- Defining resource pools of servers.
- Configuring distribution methods (round robin, least connections, quietest server first).
- Automated failover if servers go offline.
- Persistence handling so that user sessions consistently stay with the same server.
Cisco uses “probes” to monitor application availability and adjust routing automatically.
Deep Packet Inspection (DPI)
Content switches inspect traffic up to Layer 7, enabling:
- Access control based on usernames, passwords, cookies, or HTTP headers.
- Intelligent routing decisions based on application data.
- Dynamic data modification or redirection.
- Support for global enterprises (e.g., Microsoft Update routing users to appropriate server farms).
High-end devices (F5, Cisco) allow custom scripting languages (e.g., I-Rules on F5) for advanced packet handling.
Scalability
Scaling with content switches is simple:
- Add new backend servers into the pool as demand grows.
- Commodity servers can be used since the switch handles complex processing.
- Easy application-level updates across all servers via central control.
Deployment Topologies
Content switches can be deployed in multiple ways:
- Straight-through mode
- Content-switch-on-a-stick
- Resilient pairs or clusters for high availability
- Failover configurations that preserve session persistence during switchover
Summary
Content switches provide far more than traditional L2/L3 switching. By inspecting packets up to Layer 7, they enable:
- Intelligent load balancing based on content and server load.
- Continuous health monitoring and automatic failover.
- Advanced traffic management and differentiated services.
- SSL termination, access control, and QoS.
- Increased application resilience, scalability, and flexibility.
- Support for virtual hosting and flexible content distribution.
