Applies To:

Show Versions Show Versions

Manual Chapter: Basic BIG-IP WOM Setup
Manual Chapter
Table of Contents   |   Next Chapter >>

About WAN optimization using BIG-IP WOM

The BIG-IP® WAN Optimization Manager™ systems work in pairs on opposite sides of the WAN to optimize the traffic that flows between them. A simple point-to-point configuration might include WAN Optimization Manager (WOM®) running on a BIG-IP system in one data center, and a second BIG-IP WOM running in another data center on the other side of the WAN. Other configuration possibilities include point-to-multipoint (also called hub and spoke) and mesh deployments.

The following illustration shows an example of the flow of traffic across the WAN through a pair of BIG-IP WOM devices. In this example, traffic can be initiated on both sides of the WAN.

Example of a traffic flow through a BIG-IP WOM Example of a traffic flow through a BIG-IP WOM pair

The BIG-IP WOM as an endpoint. From the standpoint of each BIG-IP WOM, it is the local endpoint. Any BIG-IP WOM with which the local endpoint interacts is a remote endpoint. After you identify the endpoints, communication between the WOM pair takes place in an iSession™ connection between the two devices. When you configure the local WOM, you also identify any advertised routes, which are subnets that can be reached through the local endpoint. When viewed on a remote system, these subnets appear as remote advertised routes.

To optimize traffic, you select the applications you want to optimize, and BIG-IP WOM sets up the necessary virtual servers and associated profiles. The system creates a virtual server on the initiating side of the WAN, with which it associates a profile that listens for TCP traffic of a particular type (HTTP, CIFS, MAPI, FTP). The local BIG-IP WOM also creates a virtual server, called an iSession listener, to receive traffic from the other side of the WAN, and it associates a profile that terminates the iSession connection and forwards the traffic to its destination. For some applications, the system creates an additional virtual server to further process the application traffic.

The default iSession profile, which the system applies to application optimization, includes symmetric adaptive compression. Also by default, symmetric data deduplication is enabled.

About the WAN Optimization Quick Start screen

The Quick Start screen for WAN optimization provides all the settings you need to configure WAN Optimization Manager™ (WOM®) on one side of the WAN. After you have set up the BIG-IP® WOM® systems on both sides of the WAN, you can begin optimizing the application traffic you specify. An important advantage of configuring WOM using the Quick Start screen is that the system automatically selects TCP parameter settings based on the hardware. If you do not use the Quick Start screen, the system uses the generalized default TCP settings, which might not be optimal for your hardware.

The Quick Start screen is for the initial BIG-IP WOM setup. To change the settings for any WOM objects after you have completed the initial configuration on the Quick Start screen, use the screen that pertains to that object. For example, to change the settings for the local endpoint, use the Local Endpoint screen.

Setting up WAN optimization using the Quick Start screen

You cannot view the Quick Start screen until you have defined at least one VLAN and at least one self IP on a configured BIG-IP® system that is provisioned for WOM®.
Use the Quick Start screen to quickly set up WAN Optimization Manager™ on a single screen of the BIG-IP system using the default settings. To optimize WAN traffic, you must configure BIG-IP WOM on both sides of the WAN.
  1. Log in to the BIG-IP WOM system that you want to configure. The default login value for both user name and password is admin.
  2. On the Main tab, click WAN Optimization > Quick Start .
  3. In the WAN Self IP Address field, type the local endpoint IP address. This IP address must be in the same subnet as a self IP address on the BIG-IP system. To make sure that dynamic discovery properly detects this endpoint, the IP address must be the same as a self IP address on the BIG-IP WOM system.
  4. Verify that the Discovery setting is set to Enabled. If you disable the Discovery setting, or discovery fails, you must manually configure any remote endpoints and advertised routes.
  5. Specify the VLANs on which the virtual servers on this system receive incoming traffic.
    Option Description
    LAN VLANs Select the VLANs that receive incoming LAN traffic destined for the WAN.
    WAN VLANs Select the VLANs that receive traffic from the WAN through an iSession™ connection.
  6. In the Authentication area, for the Outbound iSession to WAN setting, select the SSL profile to use for all encrypted outbound iSession connections. To get WAN optimization up and running, you can use the default selection serverssl, but you need to customize this profile for your production environment.
  7. For the Inbound iSession from WAN setting, select the SSL profile to use on the incoming iSession connection. To get WAN optimization up and running, you can use the default selection wom-default-clientssl.
    Note: If you configure the iSession connection to not always encrypt the traffic between the endpoints, this profile must be a client SSL profile for which the Non-SSL Connections setting is enabled, such as wom-default-clientssl.
  8. In the IP Encapsulation area, from the IP Encapsulation Type list, select the encapsulation type, if any, for outbound iSession traffic.
    1. If you select IPsec, select an IPsec policy from the IPSEC Policy list that appears, or retain the default, default-ipsec-policy-isession.
    2. If you select IPIP, the system uses the IP over IP tunneling protocol, and no additional encapsulation setting is necessary.
    3. If you select GRE, select a GRE profile from the GRE Profile list that appears, or retain the default, gre.
  9. Select the applications you want to optimize by selecting the adjacent check boxes in the Create Optimized Applications list. To secure and encrypt data, enable the Data Encryption setting for each optimized application you select. If you selected IPsec for the IP Encapsulation Type, the IPsec policy you selected determines encryption of TCP traffic.
  10. Click Apply.

The system creates the necessary virtual servers and associated profiles to optimize the selected application traffic, as indicated by the green check marks in the Optimizations Enabled column on the Quick Start screen. If your network supports IPv6, the BIG-IP WOM automatically creates virtual servers for both IPv6 and IPv4 networks, and uses the appropriate virtual server based on the IP addressing in your network.

For some applications, such as HTTP and MAPI, the system creates a virtual server only for initiating traffic. For other applications, such as CIFS and FTP, the system creates two virtual servers: one to initiate traffic destined for the other side of the WAN and another to receive traffic from the other side of the WAN, after the traffic is terminated by the iSession terminating virtual server.

Note: If you are using a one-arm deployment, you must manually create the virtual servers to receive CIFS and FTP traffic, because the system detects only one VLAN.
To complete the setup, repeat this task on the BIG-IP system on the other side of the WAN.

About forwarding non-TCP traffic through an iSession over IPsec tunnel

When you configure WAN Optimization Manager™ (WOM®) using the Quick Start screen, you can specify IPsec encapsulation for outbound iSession™ traffic. The BIG-IP® WOM system automatically creates the necessary virtual servers for optimizing TCP traffic. If you also want to send secured and encrypted non-TCP traffic, you can create a forwarding virtual server and associate an iSession profile to send non-TCP traffic through the iSession over IPsec tunnel.

Creating a virtual server for non-TCP iSession traffic

If you are using IPsec to encrypt iSession™ traffic, you can create a forwarding virtual server to also send non-TCP traffic through the IPsec tunnel. Creating the virtual server avoids the need for any special routing for non-TCP traffic, such as UDP and ICMP.
  1. On the main tab, click Local Traffic > Virtual Servers .
  2. Click the Create button.
  3. Type a unique name for the virtual server, such as non_tcp_traffic.
  4. For the Type setting, select Forwarding (IP) from the list.
  5. For the Destination setting:
    1. For Type, select Network.
    2. In the Address field, type the IP address 0.0.0.0.
    3. In the Mask field, type the netmask 0.0.0.0.
  6. In the Configuration area of the screen, from the Protocol list, select *All Protocols.
  7. From the VLAN Traffic and Tunnel Traffic list, select All VLANs and Tunnels.
  8. In the WAN Optimization area of the screen, from the iSession list, select an iSession profile.
  9. Click Finished.
The completed screen looks similar to the following example.
Example of a completed virtual server screen for non-TCP iSession traffic Example of a completed virtual server screen for non-TCP iSession traffic

About bandwidth management

You can use the rate shaping feature of the BIG-IP® system to enforce a throughput policy on incoming traffic. Throughput policies are useful for prioritizing and restricting bandwidth on selected traffic patterns.

The rate shaping feature works by first queuing selected packets under a rate class, and then dequeuing the packets at the indicated rate and in the indicated order specified by the rate class. A rate class is a rate-shaping policy that defines throughput limitations, and a packet scheduling method to be applied to all traffic handled by the rate class.

You configure rate shaping by creating one or more rate classes and then assigning the rate class to a packet filter or to a virtual server. The BIG-IP system packet filters are based on the Berkeley Software Design Packet Filter (BPF) architecture. Alternatively, you can use the iRules® feature to instruct the BIG-IP systems to apply a rate class to a particular connection.

Note: If you use a packet filter or iRule to direct traffic to a rate class for iSession traffic, you must disable the Reuse Connection setting for outbound traffic, using the iSession profile associated with this traffic.
Table of Contents   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)