The Total Uptime Cloud Platform supports a variety of different protocols for use with the Cloud Load Balancer, Web Application Firewall and other networking solutions. These protocols were created to support additional features and functionality, usually at Layer 7, way beyond the standard TCP and UDP protocols also offered. Before you add a port/protocol combination, you may wish to understand the different protocol types and how each can be used. The following list describes the types of protocols we support and why it might make sense to choose a custom protocol vs. standard TCP or UDP.
The HTTP protocol is exclusively for servers (load balanced or standalone) that accept HTTP traffic, such as standard web sites and web applications. The HTTP service type enables the cloud platform to provide compression*, content filtering*, caching*, and client keep-alive support for Layer 7 web servers. This protocol type will also support HTTP persistence, virtual server IP port insertion*, redirect port rewriting*, Web 2.0 Push*, and URL redirection support*. (*Many of these features are available with specific subscription plans, or may be coming soon.)
Because HTTP is a TCP-based application, you can also use the TCP protocol type for web servers. If you do so, however, the cloud platform is only able to perform Layer 4 load balancing (if load balancing is enabled). It cannot provide any of the Layer 7 features noted above if available.
The SSL protocol is for servers that accept HTTPS traffic, such as SSL secured web sites & applications, secure portals like Exchange OWA, ActiveSync etc. The SSL service type enables the cloud platform to encrypt and decrypt SSL traffic and perform SSL offloading and acceleration for your secure web applications. It also supports HTTP persistence, content switching*, rewrite*, virtual server IP port insertion*, Web 2.0 Push*, and URL redirection*. (*Many of these features are available with specific subscription plans, or may be coming soon.)
You can also use the SSL_PROXY, SSL_TCP, or TCP protocol types for HTTPS traffic. If you do so, however, the cloud platform can only perform Layer 4 load balancing. It cannot provide SSL offloading, acceleration or any of the Layer 7 features described above
The FTP protocol is for servers that accept FTP traffic, of course. This protocol type enables the cloud platform to support specific features such as Passive FTP’s ephemeral port range. Additionally, it protects FTP servers by completely proxying traffic between a client and server on separate ports. However, if active FTP is your only requirement or you do not need any of these enhanced features, you may wish to use TCP or ANY instead, and possibly even with a wildcard “*” port number.
TCP is the basic protocol everyone is familiar with. It is for servers that accept many different types of TCP traffic, or that accept a type of TCP traffic for which one of our more specific protocol types is not available. You can also use the ANY protocol type for these servers too, but that would also allow UDP and ICMP traffic, which should be blocked unless absolutely necessary.
The SSL_TCP protocol is used for servers that accept non-HTTP-based SSL traffic, to support SSL offloading and Layer 4 load balancing (if enabled).
You can also use the TCP protocol type for these services.
The UDP protocol is another basic protocol everyone is familiar with and is for servers that accept UDP traffic. You can also use the ANY protocol type too, but it would also allow TCP and ICMP. NOTE: The use of UDP should be used with caution, because most volumetric DDoS attacks are UDP in nature. If allowing UDP, please try to specify the exact port number instead of the wildcard (*) port for maximum protection.
SSL_PROXY, which is sometimes referred to as the SSL Pass-through protocol, is for servers that accept SSL traffic when you do not want the Cloud Platform to perform SSL offloading or acceleration, or don’t want to upload SSL certificates into the platform. Alternatively, you can use the SSL_TCP protocol type as well. When using SSL_PROXY or SSL_TCP, SSL Certificate negotiation and supported ciphers will be directly between the client and the server(s).
The NNTP protocol is for servers that accept Network News Transfer Protocol (NNTP) traffic, typically Usenet sites. (To be discontinued.)
The DNS protocol is for servers that accept DNS traffic, typically name servers. With the DNS protocol type, the Cloud Platform validates the packet format of each DNS request and response. It can also cache DNS responses, if caching is part of your subscription.
You can also use the UDP protocol type for these services. If you do, however, the Cloud Platform can only perform Layer 4 load balancing (if load balancing is desired). It cannot provide support for the DNS-specific features mentioned above.
The ANY protocol is used for servers that accept any type of TCP, UDP, or ICMP traffic. The ANY parameter is used primarily with firewall load balancing and link load balancing, but it can also be used to allow all protocols through to your server, if desired. To allow all ports at the same time, use the wildcard “*” character for the port number in addition to the ANY protocol. This protocol should be used with caution. For firewalling and security purposes, it is far better to use a specific protocol and port which will block traffic to unsupported ports at the edge of our network vs. at your firewall.
The SIP-UDP protocol is for servers that accept UDP-based Session Initiation Protocol (SIP) traffic. SIP initiates, manages, and terminates multimedia communications sessions, and has emerged as the standard for Internet telephony (VoIP).
You can also use the UDP protocol type for these services. If you do, however, the Cloud Platform performs only Layer 4 load balancing and cannot provide support for SIP-specific features.
DNS-TCP is used for servers that accept DNS traffic over the TCP port vs. the standard UDP, where the Cloud Platform acts as a proxy for TCP traffic sent to DNS servers. With services of the DNS-TCP protocol type, the Cloud Platform validates the packet format of each DNS request and response and can cache DNS responses, just as with the DNS service type, if part of your subscription.
You can also use the TCP protocol type for these services. If you do, however, the Cloud Platform only performs Layer 4 load balancing of external DNS name servers. It cannot provide support for any DNS-specific features.
The RTSP protocol is used for servers that accept Real Time Streaming Protocol (RTSP) traffic. RTSP provides delivery of multimedia and other streaming data. Select this protocol to support audio, video, and other types of streamed media.
You can also use the TCP protocol type for these services. If you do, however, the Cloud Platform performs only Layer 4 load balancing. It cannot parse the RTSP stream or provide support for RTSPID persistence or RTSP NAT.
The DHCPRA protocol is for servers that accept DHCP traffic. The DHCPRA protocol type can be used to relay DHCP requests and responses between VLANs.