This chapter provides conceptual guidelines concerning WANJet appliance
installation and configuration. The Quick Start Card included in the shipping box with your WANJet appliance provides the initial hardware installation and setup instructions. You can also find the Quick Start Card on the AskF5SM
Knowledge Base web site, https://support.f5.com
An alternate inline configuration is also possible. The way you choose to
deploy the WANJet appliance depends on your current network topology and requirements.
Inline deployment is the most common way to deploy WANJet appliances.
In this configuration, you place WANJet appliances directly in the path of traffic, or inline
, between a WAN router and LAN switch.
is a simple one-to-one topology where you place WANJet appliances at each end of the WAN between their respective WAN routers and LAN switches.
Each WANJet appliance is configured to search for traffic that matches
specified source and destination subnets, and ports. If the local WANJet appliance detects a match, it processes the traffic and sends it through a tunnel to the remote WANJet appliance, which, in turn, reverses the process and delivers the packets exactly as they originally were. If there is no match, the local WANJet appliance acts as a bridge, and passes the packets unaltered to the WAN.
shows inline deployment with two WANJet appliances in a point-to-point configuration, connecting a corporate data center and one remote office.
Refer to Basic point-to-point configuration
, for a more detailed example of this configuration.
is more complex and involves three or more WANJet appliances. Figure 2.2
illustrates a point-to-multipoint deployment that consists of five appliances that connect to each other across intranets and the Internet.
As with the point-to-point configuration, the WANJet appliance processes
traffic that matches user-specified source and destination subnets and ports, and then delivers the traffic across the WAN through a tunnel to the appropriate WANJet appliance.
In this configuration (also called hub and spoke), one appliance is set up as
the hub with the four other appliances as remote appliances on the hub. But each of the remote appliances points only to one remote appliance, the hub. If in Figure 2.2
WANJet1 is configured as the hub, WANJet2, WANJet3, WANJet4, and WANJet5 are remote appliances on WANJet1. On WANJet2, WANJet3, WANJet4, and WANJet5, only WANJet1 is configured as a remote appliance.
also involves three or more WANJet appliances. In this configuration, you configure all other appliances as remote appliances. If a mesh configuration were shown in Figure 2.2
, WANJet1 would have WANJet2, WANJet3, WANJet4, and WANJet5 configured as remote appliances. WANJet2 would have WANJet1, WANJet3, WANJet4, and WANJet5 configured as remote appliances, and so on.
Refer to Mesh configuration
, for an example of this configuration.
Additionally, there is another way to configure WANJet appliances as
redundant peers inline. You can deploy two WANJet appliances in sequence (with the WAN port of one connecting to the LAN port of the second). You configure both to optimize the same network traffic. The WANJet appliance closer to the clients or servers performs the optimizations, while the WANJet appliance behind it bridges all traffic.
If the optimizing WANJet appliance fails in this configuration, the
fail-to-wire feature passes unoptimized traffic to the second WANJet appliance, which performs the optimization. A sequential redundant system setup like this one eliminates the potential drawback to the basic inline topology, that a WANJet appliance in the fail-to-wire state can create a network path with no optimization. This type of sequential redundant system setup is attractive when the network topology itself does not contain redundant paths (often the case with a branch office network), but you want redundancy of WANJet appliances.
In certain cases, it is not desirable or even possible to deploy the WANJet
appliance inline. For example, in the case of a collapsed backbone where the WAN router and LAN switch are in one physical device, you may not be able to deploy the WANJet appliance inline.
If you would prefer not to deploy the WANJet appliance inline, you can use one-arm deployment
. In this deployment, the WANJet appliance has a single (hence the term one-arm
) connection to the WAN router (or LAN switch). The WAN router (or switch) redirects all relevant traffic to the WANJet appliance. You can use one of the following methods to redirect traffic.
| || |Static routing
: The LAN switch redirects all traffic to the WANJet appliance.
| || |Policy-based routing
: The router redirects traffic to the WANJet appliance according to the rules you configure on the WAN router.
| || |Transparent proxy using WCCPv2
: The WANJet appliance communicates with the WAN router using WCCPv2 to tell the router how to redirect traffic to the WANJet appliance.
shows a simple one-arm deployment in a corporation that has two networks. Network 1 includes the servers, and Network 2 is where the clients are located.
shows the basic topology and traffic flow for a one-arm deployment.
On the WANJet appliance, you set up one-arm deployment on the
Operational Mode screen by selecting One-arm
as the Topology
setting. The following paragraphs describe the one-arm topology options. For more information on how to configure one-arm deployment, refer to Configuring one-arm topology
Static routing is the simplest one-arm deployment. The WANJet appliance
connects to a LAN switch, which connects to all the clients on the network and to the router. All WAN-bound traffic flows through the WANJet appliance, which processes it according to defined policies, and sends the traffic on to the WAN. You do not have to reconfigure the WAN router.
If you are using static routing, you configure the WANJet appliance as the
default gateway on every client in the LAN. You can reconfigure the clients by either individually modifying each clients default gateway IP address, or by updating the DHCP server to provide the WANJet appliance IP address as the default gateway for all its DHCP clients.
Static routing supports only one subnet (all clients must be in the same
subnet as the WANJet appliance), and there is no redundancy. If the WANJet appliance were to fail, clients would no longer have a way to forward traffic to the WAN, just as if a WAN router had failed. In a deployment where support for multiple subnets and redundancy is not as crucial, this deployment mode might be ideal due to its simplicity.
You can deploy the WANJet appliance using a one-arm configuration as a
transparent proxy. As the name implies, the transparent method is totally transparent on the network, and requires no modification to any client settings. However, you must reconfigure the WAN router.
A WANJet appliance deployed as a transparent proxy does not change the
source IP address of traffic flowing through it. You need to configure the routers in your network to redirect traffic to the WANJet appliance by means of policy-based routing or WCCPv2 protocol.
If you are using policy-based routing, you define a policy on the router to
redirect specific traffic to the WANJet appliance. Routers normally forward traffic based on a destination IP address. With policy-based routing, routers forward packets according to other criteria, such as the source IP address, the packet size, the protocol, or some other characteristic or combination of characteristics. You configure a policy or policies on the router to define which criteria to use, and where to forward the traffic. In addition, you must configure the WANJet appliance for policy-based routing. For information about configuring the WANJet appliance for one-arm deployment using policy-based routing, see Configuring one-arm topology
For further information on policy-based routing scenarios, consult the
documentation for your routing device, and contact F5 Networks support for additional information on configuration of WANJet appliances with policy-based routing.
You can use Web Cache Communication Protocol (WCCP) to tell the router
what kinds of traffic to redirect to the WANJet appliance. Cisco Systems®
developed WCCP to specify interactions between one or more routers (or Layer 3 switches) and one or more devices. The purpose of the interaction is to establish and maintain the transparent redirection of selected types of traffic flowing through a group of routers. WCCPv2 supports traffic redirection to other devices, such as the WANJet appliance.
To use WCCPv2, enable WCCPv2 on one or more routers connected to the
WANJet appliance, and configure the WCCP parameters for the routers on the WANJet appliance. The WANJet appliance receives all the network traffic from each router, and determines which traffic to optimize, and which traffic to apply services to. It sends the rest of the traffic back to the router for proper forwarding.
The advantage of this deployment method is that it is more tolerant of a
failure. If the router detects a WANJet appliance failure, the router handles the traffic properly without sending it back to the WANJet appliance.
If the WANJet appliance is placed behind a firewall, you must open certain
ports for the WANJet appliance to operate properly. Table 2.1
lists the ports that you must open to allow the traffic to pass through the firewall.
Quick Start Card included in the shipping box for instructions on installing WANJet appliances and connecting them to your network. If you have a WANJet 500 or 300, refer also to the appropriate platform guide
for additional details concerning hardware installation.
Use the following site information worksheet to capture relevant site data.
When you complete the site information sheet, we recommend that you attach a detailed network diagram for each WANJet appliance site.