Applies To:

Show Versions Show Versions

Manual Chapter: Configuring BIG-IP WOM in Routed Mode
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Configuring the BIG-IP system in routed mode

A routed deployment is one method of deploying a BIG-IP system directly in the path of traffic, such as between a WAN router and LAN switch. In routed mode, the BIG-IP system is nontransparent on the network, with separate LAN-side and WAN-side self IP addresses. This setup ensures that requests from clients go to the WAN Optimization Manager (WOM), which optimizes the traffic before it reaches the server.

Illustration of a routed deployment of BIG-IP WOM

This illustration shows a pair of BIG-IP WOM systems in a routed deployment (Site B) on one side of the WAN, and a one-arm deployment on the other side.

Example of a routed deployment of BIG-IP WOM Example of a routed deployment of BIG-IP WOM

About WAN optimization using BIG-IP WOM

The BIG-IP WAN Optimization Manager systems work in pairs on opposite sides of the WAN to optimize the traffic that flows between them. A simple point-to-point configuration might include WAN Optimization Manager (WOM) running on a BIG-IP system in one data center, and a second BIG-IP WOM running in another data center on the other side of the WAN. Other configuration possibilities include point-to-multipoint (also called hub and spoke) and mesh deployments.

The following illustration shows an example of the flow of traffic across the WAN through a pair of BIG-IP WOM devices. In this example, traffic can be initiated on both sides of the WAN.

Example of a traffic flow through a BIG-IP WOM Example of a traffic flow through a BIG-IP WOM pair

The BIG-IP WOM as an endpoint. From the standpoint of each BIG-IP WOM, it is the local endpoint. Any BIG-IP WOM with which the local endpoint interacts is a remote endpoint. After you identify the endpoints, communication between the WOM pair takes place in an iSession connection between the two devices. When you configure the local WOM, you also identify any advertised routes, which are subnets that can be reached through the local endpoint. When viewed on a remote system, these subnets appear as remote advertised routes.

To optimize traffic, you select the applications you want to optimize, and BIG-IP WOM sets up the necessary virtual servers and associated profiles. The system creates a virtual server on the initiating side of the WAN, with which it associates a profile that listens for TCP traffic of a particular type (HTTP, CIFS, MAPI, FTP). The local BIG-IP WOM also creates a virtual server, called an iSession listener, to receive traffic from the other side of the WAN, and it associates a profile that terminates the iSession connection and forwards the traffic to its destination. For some applications, the system creates an additional virtual server to further process the application traffic.

The default iSession profile, which the system applies to application optimization, includes symmetric adaptive compression. Also by default, symmetric data deduplication is enabled.

Before you begin configuring WAN optimization

Before you configure BIG-IPWAN Optimization Manager (WOM), make sure that you have completed the following general pre-requisites.

  • You must have an existing routed IP network between the two locations where the BIG-IP WOM devices will be installed.
  • One BIG-IP WOM system is located on each side of the WAN network you are using for WAN optimization.
  • The BIG-IP WOM hardware is installed with an initial network configuration applied. The two BIG-IP WOM devices must be running on one of the following platforms: 1600, 3600, 3900, 6900, 8900, 8950 or 11000, VIPRION 4400/2400.
    Note: VIPRION platforms currently support only WOM-Lite.
  • Both units must be running the same BIG-IP software version and have the WOM license enabled. This license can be the WOM Standalone, WOM Add-on license with the BIG-IP LTM, or the Edge Gateway license, which includes WOM.
  • WOM is provisioned at the level Nominal or Dedicated.
  • The management IP address is configured on the BIG-IP system.
  • You must have administrative access to both the Web management and SSH command line interfaces on the BIG-IP system.
  • If there are firewalls, you must have TCP port 443 open in both directions. Optionally, you can allow TCP port 22 for SSH access to the command line interface for configuration verification, but not for actual BIG-IP WOM traffic. After you configure BIG-IP WOM, you can perform this verification from the Configuration utility (WAN Optimization > Diagnostics).
  • If you are using NAT traversal, open UDP ports 4500 and 500 in both directions.

Task summary

If you are configuring BIG-IP WOM in routed mode, you configure separate self IP addresses for the internal and external interfaces. Also, you need to create a passthrough virtual server that you can use to verify the connection before you try to optimize traffic.

Note: Make sure that you associate the LAN and WAN VLANs with the appropriate interfaces (ports).

Task list

Creating VLANs on BIG-IP WOM

Create VLANs for the internal and external interfaces on the BIG-IP WOM system.
  1. On the Main tab, click Network > VLANs. The VLAN List screen opens.
  2. Click Create. The New VLAN screen opens.
  3. In the Name field, type lan.
  4. In the Tag field, type a numeric tag, from 1 to 4094, for the VLAN. Leave the field blank if you want the BIG-IP system to automatically assign a VLAN tag. The VLAN tag identifies the traffic from hosts in the associated VLAN.
  5. For the Interfaces setting, click an internal interface (port) in the Available list, and move the selected interface to the Untagged or Tagged list, depending on your network configuration. This VLAN is for the traffic that the BIG-IP WOM system you are configuring will optimize.
  6. Click Repeat. The VLAN lan is added to the VLAN list, and the New VLAN screen opens.
  7. In the Name field, type wan.
  8. In the Tag field, type a numeric tag, from 1 to 4094, for the VLAN. Leave the field blank if you want the BIG-IP system to automatically assign a VLAN tag. The VLAN tag identifies the traffic from hosts in the associated VLAN.
  9. For the Interfaces setting, click an external interface (port) in the Available list, and move the selected interface to the Untagged or Tagged list, depending on your network configuration. This VLAN terminates the existing inbound iSession connections.
  10. Click Finished. The screen refreshes, and displays the two new VLANs in the list.

Creating self IP addresses for internal and external VLANs

VLANs must exist on the BIG-IP system for both internal and external interfaces (ports).
Self IP addresses enable the BIG-IP system, and other devices on the network, to route application traffic through the associated VLAN. Create self IP addresses on BIG-IP WOM to assign to the internal and external VLANs.
  1. On the Main tab, click Network > Self IPs. The Self IPs screen opens.
  2. Click Create. The New Self IP screen opens.
  3. In the Name field, type a descriptive name for the self IP, for example lan.
  4. In the IP Address field, type an IP address that is not in use and resides on the internal VLAN.
  5. In the Netmask field, type the network mask for the specified IP address.
  6. From the VLAN/Tunnel list, select lan, which is the VLAN group you created.
  7. In the Traffic Group field, clear the check box, and select traffic-group-local-only (non-floating) from the drop-down menu.
  8. Click Repeat. The screen refreshes, and displays a new self IP screen.
  9. In the Name field, type a descriptive name for the self IP, for example wan.
  10. In the IP Address field, type an IP address that is not in use and resides on the external VLAN.
  11. In the Netmask field, type the network mask for the specified IP address.
  12. From the VLAN/Tunnel list, select the external VLAN, for example, wan.
  13. From the Port Lockdown list, select Allow None. This selection avoids potential conflicts (for management and other control functions) with other TCP applications. However, to access any of the services typically available on a self IP address, select Allow Custom, so that you can open the ports that those services need.
  14. In the Traffic Group field, clear the check box, and select traffic-group-local-only (non-floating) from the drop-down menu.
  15. Click Finished. The screen refreshes, and displays the new self IP address in the list.

Creating a default gateway

You must define a route on the local BIG-IP WOMsystem for sending traffic to its destination. In the example shown, the route defined uses the default gateway to send traffic to the router.
  1. On the Main tab, click Network > Routes.
  2. Click Add. The New Route screen opens.
  3. In the Name field, type a name for the default gateway, such as default-gateway.
  4. From the Type list, select Default IPv4 Gateway.
  5. From the Resource list, select Use Gateway. The gateway represents a next-hop or last-hop address in the route.
  6. For the Gateway Address setting, select IP Address and type the IP address of the gateway.

Creating a passthrough virtual server

A virtual server represents a destination IP address for application traffic. You can use a passthrough virtual server to verify a connection before trying to optimize traffic using WAN Optimization Manager (WOM).
  1. On the Main tab, click Local Traffic > Virtual Servers. The Virtual Server List screen displays a list of existing virtual servers.
  2. Click the Create button. The New Virtual Server screen opens.
  3. In the Name field, type a unique name for the virtual server.
  4. For the Destination setting:
    1. For Type, select Network.
    2. In the Address field, type the IP address 0.0.0.0.
    3. In the Mask field, type the netmask 0.0.0.0.
  5. From the Service Port list, select *All Ports.
  6. For the State setting, retain the default value, Enabled.
  7. In the Configuration area of the screen, from the Type list, select Forwarding (IP).
  8. From the Protocol list, select *All Protocols.
  9. From the VLAN Traffic and Tunnel Traffic list, select All VLANs and Tunnels.
  10. Click Finished.
The purpose of this virtual server is to forward all IP traffic. You will create a separate virtual server for optimized traffic when you configure WOM.

Checking connectivity

Important: Use this task as a checkpoint before proceeding with WOM setup.
You can verify connectivity from the command-line interface.
  1. Ping the gateway using the command-line access to the BIG-IP WOM system.
  2. Ping end-to-end across the WAN. In the example shown, this is between Server 1 and Server 2.
  3. Initiate a TCP file transfer between Server 1 and Server 2.

Setting up WAN optimization using the Quick Start screen

You cannot view the Quick Start screen until you have defined at least one VLAN and at least one self IP on a configured BIG-IP system that is provisioned for WAN Optimization Manager(WOM).
To optimize WAN traffic, you must configure BIG-IP WOM on both sides of the WAN. You can use the Quick Start screen to quickly set up WAN Optimization Manager, using the default settings, on a single screen of each BIG-IP system.
  1. On the Main tab, click WAN Optimization > Quick Start.
  2. In the WAN Self IP Address field, type the local endpoint IP address. This IP address must be in the same subnet as a self IP address on the BIG-IP system. To make sure that dynamic discovery properly detects this endpoint, the IP address must be the same as a self IP address on the BIG-IP WOM system.
  3. Verify that the Discovery setting is set to Enabled. If you disable the Discovery setting, or discovery fails, you must manually configure any remote endpoints and advertised routes.
  4. Specify the VLANs on which the virtual servers on this system receive incoming traffic.
    • For the LAN VLANs setting, select the VLANs that receive incoming LAN traffic destined for the WAN.
    • For the WAN VLANs setting, select the VLANs that receive traffic from the WAN through an iSession connection.
  5. In the Authentication area, for the Outbound iSession to WAN setting, select the SSL profile to use for all encrypted outbound iSession connections. To get WAN optimization up and running, you can use the default selection serverssl, but you need to customize this profile for your production environment.
  6. For the Inbound iSession from WAN setting, leave the default selection wom-default-clientssl or select another SSL profile for which the Non-SSL Connections setting is enabled.
  7. In the IP Encapsulation area, from the IP Encapsulation Type list, select the encapsulation type, if any, for outbound iSession traffic. In the example shown, the selection was None.
    1. If you select IPsec, select an IPsec policy from the IPSEC Policy list that appears, or retain the default, default-ipsec-policy-isession.
    2. If you select IPIP, the system uses the IP over IP tunneling protocol, and no additional encapsulation setting is necessary.
    3. If you select GRE, select a GRE profile from the GRE Profile list that appears, or retain the default, gre.
  8. Select the applications you want to optimize by selecting the adjacent check boxes in the Create Optimized Applications list. To secure and encrypt data, enable the Data Encryption setting for each optimized application you select. If you selected IPsec for the IP Encapsulation Type, the IPsec policy you selected determines encryption of TCP traffic.
  9. Click Apply.
The system creates the necessary virtual servers and associated profiles to optimize the selected application traffic, as indicated by the green check marks in the Optimizations Enabled column on the Quick Start screen. If your network supports IPv6, the BIG-IP WOM automatically creates virtual servers for both IPv6 and IPv4 networks, and then selects the appropriate virtual server to use. For some applications, such as HTTP and MAPI, the system creates a virtual server only for initiating traffic. For other applications, such as CIFS and FTP, the system creates two virtual servers: one to initiate traffic destined for the other side of the WAN, and another to receive traffic from the other side of the WAN, after the traffic is terminated by the iSession terminating virtual server. The following example shows a completed Quick Start screen.
Example of completed WOM Quick Start screen Example of completed WOM Quick Start screen
To complete the setup, repeat this task on the BIG-IP WOM system on the other side of the WAN.

Validating WOM configuration

At this point, you have finished configuring WAN Optimization Manager (WOM) on BIG-IP systems at opposite sides of the WAN, and the systems have discovered their remote endpoints.
Important: Use this task as a checkpoint to allow for troubleshooting before you complete the setup.
You can validate the WOM configuration using the browser and command-line interfaces.
  1. Run diagnostics to verify the WOM configuration.
    1. On the Main tab, click WAN Optimization > Diagnostics.
    2. Next to Diagnose WOM Configuration, click Run.
    3. Correct any configuration errors as indicated on the screen.
  2. Transfer data between the servers at the two sites, and verify that the transfer was successful.
  3. Using the command-line interface, enter tmsh show wom remote-endpoint all, and verify the remote endpoint IP address and the STATE: Ready message. The following listing is an example of the results for this command. ----------------------------------------------------------- Remote endpoint: 10.150.3.1 ----------- ----------------------------------------------------------- Status HOSTNAME: clientside3600.example.net MGMT ADDR: 192.X.X.X VERSION: 11.0.0 UUID: 1a28:79aa:d38:6914:e76a:5b9a:b76:1657 enabled STATE: ready ----------- BEHIND NAT: no CONFIG STATUS: none DEDUP CACHE: 43.5G REFRESH count: 0 REFRESH timestamp: 12/31/69 16:00:00 ALLOW ROUTING: disabled ----------------------------------------------------------- Endpoint Isession Statistic: _tunnel_data_10.150.3.1 ----------------------------------------------------------- Connections Current Maximum Total Connections OUT IDLE: 0 0 0 Connections OUT ACTIVE: 0 0 0 Connections IN ACTIVE: 1 1 1 Direction Action Raw Opt Out (to WAN) bits Deduplication 838.8M 839.4M Out (to WAN) bits Compression 841.9M 842.0M Direction Action Opt Raw In (from WAN) bits Decompression 1.2K 1.2K In (from WAN) bits Deduplication 1.2K 880
  4. Using the browser interface, view the green status indicator on the Remote Endpoints screen.
  5. On the Main tab, click WAN Optimization > Dashboard, and view the traffic optimization data.

Viewing pertinent configuration details from the command line

Ensure that you have configured the BIG-IP WOM system in a routed mode deployment.
You can view details of the routed mode deployment configuration from the command line.
  1. Log on to the WOM command-line interface using the root account.
  2. At the command prompt, type tmsh list all-properties. The following listing is an example of the pertinent information displayed on the command line for a routed mode configuration. ltm profile tcp wom-tcp-lan-optimized { abc enabled ack-on-push enabled app-service none close-wait-timeout 5 cmetrics-cache disabled congestion-control high-speed defaults-from tcp-lan-optimized deferred-accept disabled delay-window-control disabled delayed-acks disabled description none dsack disabled ecn disabled fin-wait-timeout 5 idle-timeout 600 init-cwnd 0 init-rwnd 0 ip-tos-to-client 0 keep-alive-interval 1800 limited-transmit enabled link-qos-to-client 0 max-retrans 8 md5-signature disabled md5-signature-passphrase none nagle enabled partition Common pkt-loss-ignore-burst 0 pkt-loss-ignore-rate 0 proxy-buffer-high 1228800 proxy-buffer-low 98304 proxy-mss disabled proxy-options disabled receive-window-size 65535 reset-on-timeout enabled rfc1323 enabled selective-acks enabled selective-nack disabled send-buffer-size 65535 slow-start disabled syn-max-retrans 3 syn-rto-base 0 tcp-options none time-wait-recycle enabled time-wait-timeout 2000 verified-accept disabled zero-window-timeout 20000 } ltm profile tcp wom-tcp-wan-optimized { abc enabled ack-on-push disabled app-service none close-wait-timeout 5 cmetrics-cache enabled congestion-control high-speed defaults-from tcp-wan-optimized deferred-accept disabled delay-window-control disabled delayed-acks disabled description none dsack disabled ecn disabled fin-wait-timeout 5 idle-timeout 600 init-cwnd 0 init-rwnd 0 ip-tos-to-client 0 keep-alive-interval 1800 limited-transmit enabled link-qos-to-client 0 max-retrans 8 md5-signature disabled md5-signature-passphrase none nagle enabled partition Common pkt-loss-ignore-burst 8 pkt-loss-ignore-rate 10000 proxy-buffer-high 196608 proxy-buffer-low 131072 proxy-mss disabled proxy-options disabled receive-window-size 2048000 reset-on-timeout enabled rfc1323 enabled selective-acks enabled selective-nack enabled send-buffer-size 2048000 slow-start disabled syn-max-retrans 3 syn-rto-base 0 tcp-options none time-wait-recycle enabled time-wait-timeout 2000 verified-accept disabled zero-window-timeout 300000 } ltm virtual http_optimize_client { app-service none auth none auto-lasthop default clone-pools none cmp-enabled yes connection-limit 0 description none destination 0.0.0.0:http enabled fallback-persistence none gtm-score 0 http-class none ip-protocol tcp last-hop-pool none mask any mirror disabled nat64 disabled partition Common persist none pool none profiles { isession-http { context serverside } wom-tcp-lan-optimized { context clientside } wom-tcp-wan-optimized { context serverside } } rate-class none rules none snat none source-port preserve traffic-classes none translate-address disabled translate-port enabled vlans { /Common/LAN } vlans-enabled } ltm virtual http_optimize_client_v6 { app-service none auth none auto-lasthop default clone-pools none cmp-enabled yes connection-limit 0 description none destination ::.http enabled fallback-persistence none gtm-score 0 http-class none ip-protocol tcp last-hop-pool none mask any6 mirror disabled nat64 disabled partition Common persist none pool none profiles { isession-http { context serverside } wom-tcp-lan-optimized { context clientside } wom-tcp-wan-optimized { context serverside } } rate-class none rules none snat none source-port preserve traffic-classes none translate-address disabled translate-port enabled vlans { /Common/LAN } vlans-enabled } ltm virtual isession-virtual { app-service none auth none auto-lasthop default clone-pools none cmp-enabled yes connection-limit 0 description none destination 10.150.2.1:any enabled fallback-persistence none gtm-score 0 http-class none ip-protocol tcp last-hop-pool none mask 255.255.255.255 mirror disabled nat64 disabled partition Common persist none pool none profiles { isession { context clientside } wom-default-clientssl { context clientside } wom-tcp-lan-optimized { context serverside } wom-tcp-wan-optimized { context clientside } } rate-class none rules none snat none source-port preserve traffic-classes none translate-address enabled translate-port disabled vlans none vlans-disabled } ltm virtual pass-through { app-service none auth none auto-lasthop default clone-pools none cmp-enabled yes connection-limit 0 description none destination 0.0.0.0:any enabled fallback-persistence none gtm-score 0 http-class none ip-forward ip-protocol any last-hop-pool none mask any mirror disabled nat64 disabled partition Common persist none pool none profiles { fastL4 { context all } } rate-class none rules none snat none source-port preserve traffic-classes none translate-address disabled translate-port disabled vlans none vlans-disabled } net interface 1.1 { app-service none description none enabled flow-control tx-rx force-gigabit-fiber disabled mac-address 0:1:d7:b3:d5:c4 media none media-active 1000T-FD media-fixed auto media-max 1000T-FD media-sfp auto mtu 1500 prefer-port sfp stp enabled stp-auto-edge-port enabled stp-edge-port true stp-link-type auto vendor none } net interface 1.2 { app-service none description none enabled flow-control tx-rx force-gigabit-fiber disabled mac-address 0:1:d7:b3:d5:c5 media none media-active none media-fixed auto media-max 1000T-FD media-sfp auto mtu 1500 prefer-port sfp stp enabled stp-auto-edge-port enabled stp-edge-port true stp-link-type auto vendor none } net route dgw { description none gw 10.150.2.254 mtu 0 network default partition Common } net self WAN-side { address 10.150.2.1/24 allow-service none app-service none description none floating disabled inherited-traffic-group false partition Common traffic-group traffic-group-local-only unit 0 vlan WAN } net self Lan-side { address 10.150.4.1/24 allow-service { default } app-service none description none floating disabled inherited-traffic-group false partition Common traffic-group traffic-group-local-only unit 0 vlan LAN } net vlan LAN { app-service none auto-lasthop default description none failsafe disabled failsafe-action failover-restart-tm failsafe-timeout 90 interfaces { 1.6 { app-service none untagged } } learning enable-forward mac-masquerade none mtu 1500 partition Common source-checking disabled tag 4093 } net vlan WAN { app-service none auto-lasthop default description none failsafe disabled failsafe-action failover-restart-tm failsafe-timeout 90 interfaces { 1.1 { app-service none untagged } } learning enable-forward mac-masquerade none mtu 1500 partition Common source-checking disabled tag 4094 } sys datastor { cache-size 788 description none disk enabled high-water-mark 90 low-water-mark 80 store-size 247580 } sys disk application-volume datastor { logical-disk HD1 owner datastor preservability discardable resizeable false size 247580 volume-set-visibility-restraint none sys log-rotate { common-backlogs 24 common-include none description none include none mysql-include none syslog-include none tomcat-include none wa-include none } sys management-route default { app-service none description none gateway 192.31.3.129 mtu 1500 network default } sys provision wom { app-service none cpu-ratio 0 description none disk-ratio 0 level nominal memory-ratio 0 } sys provision woml { app-service none cpu-ratio 0 description none disk-ratio 0 level none memory-ratio 0 } sys software image BIGIP-11.0.0.7185.0.iso { build 7185.0 build-date "Wed Jun 1 00 44 31 PDT 2011" checksum 1de50076ca71c371abf57c58e02a46d8 file-size "988 MB" last-modified "Mon Jun 6 12:09:06 2011" product BIG-IP verified yes version 11.0.0 } wom advertised-route Sever-side { app-service none description none dest 10.150.4.0/24 include enabled label serverside metric 0 origin configured } wom deduplication { description none dictionary-size 256 disk-cache-size 247580 enabled max-endpoint-count 1 } wom endpoint-discovery { auto-save enabled description none discoverable enabled discovered-endpoint enabled icmp-max-requests 1024 icmp-min-backoff 5 icmp-num-retries 10 max-endpoint-count 0 mode enable-all } wom local-endpoint { addresses { 10.150.2.1 } allow-nat enabled description none endpoint enabled ip-encap-mtu 0 ip-encap-profile { "" } ip-encap-type none no-route passthru server-ssl serverssl snat none tunnel-port https } wom profile isession isession-http { adaptive-compression enabled app-service none compression enabled compression-codecs { deflate lzo bzip2 } } wom local-endpoint { addresses { 10.150.2.1 } allow-nat enabled description none endpoint enabled ip-encap-mtu 0 ip-encap-profile { "" } ip-encap-type none no-route passthru server-ssl serverssl snat none tunnel-port https } wom profile isession isession-http { adaptive-compression enabled app-service none compression enabled compression-codecs { deflate lzo bzip2 } data-encryption disabled deduplication enabled defaults-from isession deflate-compression-level 1 description none mode enabled partition Common port-transparency enabled reuse-connection enabled target-virtual virtual-match-all } wom remote-endpoint Sever-side { address 10.150.3.1 allow-routing enabled app-service none description none endpoint enabled ip-encap-mtu 0 ip-encap-profile none ip-encap-type default origin configured server-ssl none snat default tunnel-encrypt enabled tunnel-port https } wom server-discovery { auto-save enabled description none filter-mode exclude idle-time-limit 0 ip-ttl-limit 5 max-server-count 50 min-idle-time 0 min-prefix-length-ipv4 32 min-prefix-length-ipv6 128 mode enabled rtt-threshold 10 subnet-filter none time-unit days }

Implementation result

After you complete the tasks in this implementation, BIG-IP WOM is configured in a routed deployment. For WAN optimization, you must also configure WOM on the other side of the WAN. The other BIG-IP WOM deployment can be in bridge, routed, or one-arm mode.

Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)