The IPFE acts as a specialized layer-3 router. The various servers to which the IPFE routes are divided into Target Sets. Each of the target sets are assigned a shared Target Set Address. The IPFE Architecture assumes that either two connections are maintained at all times, in active/active or active/standby, or that a single connection is maintained, with a backup address to which it can establish a connection if the first connection fails.
A packet is routed through the router and the IPFE to the application server without rewriting of the packet. This means that neither the source IP address nor the destination IP address changes as it passes through the IPFE. The IPFE behaves as an IP router and does not act as a network address translator (NAT).
The IPFE (IP Front End) is a packet-based load balancer that makes a large DSR cluster accessible to incoming connections through a minimal number of IP addresses. These incoming connections can be TCP, unihomed SCTP, or multihomed SCTP. The IPFE distributes these connections among a list of target IP addresses by forwarding incoming packets. The list is called the Target Set IP List, and an outward-facing IP address is called a Target Set Address (TSA). A packet arriving at the IPFE and destined for the TSA is forwarded to an address in the Target Set IP List.
When paired with a second IPFE instance, the IPFE supports active-standby or active-active high availability (HA). The mated pair of IPFEs expose typically one or two TSAs per configured IP version.
The IPFE stores an association record about each connection. The association contains the information necessary to identify packets belonging to a connection and to identify the application server that the IPFE has selected for the connection. The IPFE routes all packets associated with a particular connection to the selected application server.
Since the IPFE has no visibility into the transaction state between client and application server, it cannot know if an association no longer represents an active connection. The IPFE makes available a per Target Set configuration parameter, known as Delete Age, that specifies the elapse of time after which an association is to be deleted. The IPFE will treat packets that had their associations deleted as new packets and will run the application server selection function for them.
It will create a new association by choosing an application server from the Target Set IP List, if a packet is not matched by any association. The choice is based on the Load Balance Algorithm setting.
A Target Set can be created as either IPv4 or IPv6. However a Target Set cannot support mixed address types. This means that SCTP multihomed endpoints can contain address types of either IPv4 or IPv6 but not both.
The IPFE provides a configurable parameter which limits the IPFE's throughput rate and prevents the maxing out of its CPU, in case of signaling storms. Throttling causes the IPFE to drop packets in order to keep the load from overwhelming the IPFE. The packet/second rate limit implementation creates an even dropping of packets that would cause client TCP/SCTP stacks to withhold their rates to just below the threshold, as happens when there is an overloaded router in the path.