Delayed binding refers to the ability of a loadbalancer to mitigate DDoS attacks. ACE calls this "Syn-Cookie" and it is applied under each interface vlan the clients will be connecting to VIPs on. What it does -> The ACE would recieve a SYN and send a SYN,ACK to the client to verify a valid ACK comes back prior to choosing a server and forwarding on a SYN to the server and completing a 3 way handshake.
A second method, more specific to L5 HTTP flows, would be to utilize http inspection to look for specific parameters in a HTTP request header and permit or drop traffic based on that. You would configure a L5 vip with inspect http to do this. ACE again is proxying the connection, just up to a higher level since it waits to recieve the HTTP request from the client prior to making a loadbalance decision.
ANS TAC Escalation
Many hardware load balancers have a feature generically known as delayed binding, or TCP Splicing. This
feature allows the load balancer to allow a TCP three-way handshake between the client and the virtual IP address (a.k.a. the hardware load balancer) configured in front of the Web server(s). After this handshake has been completed, the client will send in the HTTP request header, which the load balancer can inspect to determine what action to perform on the HTTP request.
Basically, delayed binding ensures that your Web server or proxy will never see any of the incomplete requests being sent out by client.
The below configuration on ACE esures that we terminate all http traffic through load balancer.
class-map type http loadbalance match-any DELAYED_BINDING
match http url .*
policy-map type loadbalance first-match web_services