Applies To:

Show Versions Show Versions

Manual Chapter: Configuring WAN Optimization
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Because WAN optimization is tightly integrated as a module on the BIG-IP® system, you need to be familiar with basic system and Local Traffic Manager concepts when setting up the WAN Optimization Module. For general BIG-IP system administration information about topics, such as creating accounts, self IP addresses, VLANs, routes, and interfaces, refer to the TMOS® Management Guide for BIG-IP® Systems. For details on Local Traffic Manager system, such as configuring virtual servers, profiles, and SSL traffic, refer to the Configuration Guide for BIG-IP® Local Traffic Manager.
Before you begin with initial configuration of the WAN Optimization Module, make sure you complete the following tasks on the BIG-IP systems:
If you have not licensed the WAN Optimization Module, you can provision it at the Lite level to use some of the functionality, such as iSession connectivity, compression, and optimization of HTTP traffic.
Refer to the platform guide for the BIG-IP system for details on installing the hardware. For guidance on installing the BIG-IP system software, refer to the BIG-IP® Systems: Getting Started Guide.
You must have completed the basic configuration of the BIG-IP systems and have created at least one self IP address on each one according to your networking setup. A self IP address is an IP address on the BIG-IP system that you use to access devices that are logically connected using a VLAN (virtual local area network). Self IP addresses have a security feature called port lockdown that allows you to configure specific protocols and services from which the self IP address can accept traffic. For details on configuring self IP addresses and VLANs, refer to the TMOS® Management Guide for BIG-IP® Systems.
You can then set up the WAN Optimization Modules using the browser-based interface, called the Configuration utility. You can access the Configuration utility from any computer that is connected to the management network and can run a web browser. You also use the Configuration utility to administer the appliance and perform additional configuration.
After you complete the initial BIG-IP system configuration, you can log on to the system using the Management IP address. To configure each WAN Optimization Module, you must log on to each BIG-IP system that includes a licensed WAN Optimization Module.
For example, if the Management IP address of the appliance is 192.168.168.102, type https://192.168.168.102 in the web browser.
2.
Type the user name and password.
The default user name is admin, and the default password is admin (unless it was changed by a local administrator during initial configuration).
3.
Click OK.
The Welcome screen of the BIG-IP system opens. If you provisioned the WAN Optimization Module on the system, WAN Optimization is one of the selections in the navigation pane.
The Quick Start screen provides a single screen for all the settings that you need to begin optimizing the applications you specify. You can always modify individual settings later, based on your network requirements.
To display the Quick Start screen, on the Main tab of the navigation pane, expand WAN Optimization and click Quick Start. For more information about using the Quick Start screen to set up WAN optimization, refer to the guide BIG-IP® WAN Optimization Module: Quick Setup.
Important: When you use the Quick Start screen, the system automatically selects TCP parameter settings based on the hardware. If you do not use the Quick Start screen, the system uses the generalized default TCP settings, which might not be optimized for your hardware.
Optimizing traffic requires at least two WAN Optimization Modules. The WAN Optimization Module on the system where you are working is called the local endpoint. From this point of view, the WAN Optimization Module on the system on the other side of the WAN is called the remote endpoint.
Dynamic discovery is a process through which the WAN Optimization Module identifies and adds remote endpoints and routes automatically when traffic is directed to a location behind that remote endpoint. By default, dynamic discovery is enabled.
Note: If you use a self IP address for WAN optimization, you typically use the self IP address associated with the external (or WAN) VLAN. For proper functioning, the self IP address should have its Port Lockdown value set to Allow None to avoid conflicts (for management and other control functions) with other TCP applications. However, to access any of the services normally available on a self IP address, the self IP address you use for WAN optimization needs to have its Port Lockdown value set to Allow Custom so you can open the ports that those services need.
If you want to modify the local endpoint configuration or use values other than the default values, refer to Table 3.1 (following) for the local endpoint settings and their descriptions.
1.
On the Main tab of the navigation pane, expand WAN Optimization and click Local Endpoint.
3.
Click the Update button.
Specifies the IP address of the local WAN Optimization Module. The IP address must be in the same subnet as at least one of the self IP addresses (such as the WAN facing self IP address) or a self IP address with Port Lockdown set to Allow None. To make sure that dynamic discovery properly detects this endpoint, use an IP address that is the same as a self IP address on the BIG-IP system. If the system is configured for high availability, use the floating IP address.
Specifies whether WAN optimization is enabled or disabled on the BIG-IP system. When disabled, any connections between the local and remote endpoints are terminated. This is an easy way to disable WAN optimization on a BIG-IP device.
Specifies the default SSL profile to use for all encrypted outbound connections. You can override this setting for a particular iSession connection by selecting a different SSL profile from the Authentication and Encryption list on the remote endpoint (see Configuring remote endpoints).
Note: You can use the pre-configured value, serverssl, to get the WAN Optimization Module up and running, but you need to customize this profile for your production environment. For information about customizing SSL profiles, see Chapter 4, Securing Your WAN Optimization Deployment.
Specifies the number of the port on the local endpoint that the WAN Optimization Module uses for control connections. It must be a port that is allowed access through the firewall. The range is from 1 to 65535. When port transparency is disabled on the isession profile, all iSession connections terminate on this port.
Note: If the BIG-IP system is behind a firewall, you need to open the port you specify as the Tunnel Port to allow traffic to flow through the firewall.
If enabled (checked), the system accepts connections where the source IP address in the iSession header differs from the IP address of the tunnel. This occurs if you are using a NAT (network address translation) router.
If disabled (cleared), the system does not accept connections where the source address changed as a result of network address translation. This is the correct choice if you are not using NAT.
Specifies the address the system uses as the source IP address of the TCP connection on incoming traffic from the WAN Optimization Module to the server.
None: Indicates that the system uses the original connecting client IP address.
Local: Indicates that the system uses the endpoint IP address closest to the destination. Use this setting to make sure the return route also goes through the BIG-IP system, so that both sides of the connection can be optimized. This is useful if responses returning from the server to the client would not normally pass through the BIG-IP system.
Remote: Indicates that the system uses the source IP address of the incoming iSession connection. Use this setting when an appliance that uses NAT is located between the WAN Optimization endpoints.
An iSession listener is a virtual server created on the local endpoint, which terminates iSession connections for inbound traffic from the WAN on the specified port. By default, the system creates an iSession listener named isession-virtual on the local endpoint, which monitors all incoming traffic (all ports). You can add iSession listeners for specific application traffic that you want the system to handle differently.
Important: Do not add additional profiles to the iSession-terminating virtual server. Instead, create another virtual server to match traffic after the iSession connection has been terminated by isession-virtual, and associate any additional profiles with this new virtual server.
1.
On the Main tab of the navigation pane, expand WAN Optimization, point to Local Endpoint, and click iSession Listeners.
2.
Click the Create button to open the New iSession Listener screen.
The IP address is displayed but unavailable for modification, because it is the same as the IP address of the local endpoint, which you set on the Local Endpoint screen.
3.
In the Name box, type a name for the iSession listener.
4.
In the Port box, type the service port for the application traffic for which the iSession connections are terminated by this virtual server, or select an application from the list. When you select from the list, the value in the box changes to reflect the associated default port.
5.
Specify the VLANs on which this virtual server listens for incoming traffic. Use the Move button (<<) to move the VLANs from the Available list to the Selected list.
6.
In the iSession Profile box, select the iSession profile to associate with this virtual server.
7.
In the Authentication and Encryption box, select the SSL profile you want the system to use for inbound iSession connections from the WAN that are terminated by this virtual server.
You can use the default values serverssl and wom-default-clientssl to get the WAN Optimization Module up and running, but you need to customize this profile for your production environment. For information about customizing SSL profiles, see Chapter 4, Securing Your WAN Optimization Deployment.
 
Click Repeat to save this iSession listener and add more iSession listeners.
 
Click Finished if you are done adding iSession listeners.
An advertised route is a subnet that can be reached by way of the WAN Optimization Module. When the WAN Optimization Modules in a pair are communicating, they automatically exchange advertised route specifications between the endpoints. The local endpoint needs to advertise the subnets to which it is connected so that the remote endpoint can determine the destination addresses for which it can optimize traffic. Advertised routes configured on the local endpoint become remote advertised routes on the remote endpoint, that is, the WAN Optimization Module on the other side of the WAN. By default, the system discovers remote advertised routes automatically. For information about setting parameters for automatic discovery, see Modifying automatic discovery of advertised routes, following.
1.
On the Main tab of the navigation pane, expand WAN Optimization and click Advertised Routes.
2.
Click the Create button to open the Advertised Routes Configuration screen.
3.
In the Address box, type the IP address for the subnet.
For example:
4.
In the Netmask box, type the subnet mask.
For example:
5.
In the Label box, type a descriptive label to identify the subnet.
For example:
6.
In the Mode box, specify whether traffic on the subnet is included in optimization.
If you select Excluded, the local and remote endpoints exchange subnet configuration information, but traffic on this subnet is excluded from optimization.
Note: This setting allows you to define a subset of IP addresses to exclude from optimization within a larger included subnet. An excluded endpoint advertised route must be a valid address range subset of an included endpoint advertised route.
 
Click Repeat to save this route and add more advertised routes.
 
Click Finished if you are done adding advertised routes.
By default, the automatic discovery of advertised routes is enabled. You can modify the settings that pertain to dynamic discovery, as follows.
1.
On the Main tab of the navigation pane, expand WAN Optimization, point to Advertised Routes, and click Discovery.
2.
For Discover Servers, specify whether the system automatically discovers servers that can be reached through the local endpoint.
 
Check the Enabled check box to enable dynamic discovery.
 
Clear the Enabled check box to disable dynamic discovery.
Note: For server discovery to take place, the setting Discover Other Endpoints on the Remote Endpoints Dynamic Discovery screen must not be set to Disabled.
3.
In the Stop discovery after box, type the maximum number of servers you want the system to discover before it stops looking. The default value is 50 servers.
4.
In the Do not add servers with RTT greater than box, type the maximum round-trip time in milliseconds for discovered servers to be added. The default value is 10 milliseconds.
5.
Click the Update button.
A remote endpoint is the IP address used to reach a WAN Optimization Module running on a BIG-IP system that is located on the other side of the WAN. You must configure WAN Optimization Modules symmetrically, so that a local endpoint connects to one or more remote endpoints.
The WAN Optimization Module can configure remote endpoints automatically using dynamic discovery, which is enabled by default.
If the BIG-IP system is located behind a firewall or you are working in a highly secure facility, dynamic discovery may not work in your networking environment. In that case, you can manually add the remote endpoint.
You can modify the dynamic discovery settings to fit your situation. The BIG-IP system designates some settings as basic and other as advanced. Make sure you select the Advanced option on the screen to view all configurable settings.
1.
On the Main tab of the navigation pane, expand WAN Optimization, point to Remote Endpoints, and click Discovery.
2.
From the Dynamic Discovery list, select Advanced to see all the settings.
3.
Referring to Table 3.2 (following) for descriptions of the settings, modify the values as required,
4.
Click the Update button.
Allow Remote Endpoints to Discover This Endpoint
When checked (enabled), specifies that the WAN Optimization Module responds to probing messages it receives from WAN Optimization Modules on remote BIG-IP systems.
Use TCP options and ICMP Probes: The system sends both TCP and ICMP messages.
Disabled: The system does not send messages to discover other WAN Optimization Modules on remote BIG-IP systems in the network.
Use ICMP Probes Only: The system sends only ICMP probe messages.
Use TCP Options Only: The system sends only TCP messages
Use TCP options and ICMP probes
Automatically Include Discovered Remote Endpoints
When checked (enabled), specifies that the system starts optimizing application traffic to an advertised route as soon as subnet is discovered and the local and remote endpoints have exchange configuration information.
Specifies the highest number of endpoints for the system to discover before it stops sending probe messages. The range is from 0 to 255. The default value of 0 indicates no limit.
Maximum Number of outstanding ICMP Requests
Specifies that when the number of ICMP probe message requests exceeds this threshold, the system stops sending probe message requests until at least one message is cleared from the queue by either a timeout or a response. The range is shown in parentheses.
Maximum Number of Retries per Request
Specifies the maximum number of times the system sends an ICMP probe message request for a single flow. The range is shown is parentheses.
Minimum Wait Time Before Retry
Specifies the minimum number of seconds the system waits before abandoning an ICMP probe message request and resending it. The range is shown in parentheses.
1.
On the Main tab of the navigation pane, expand WAN Optimization and click Remote Endpoints.
2.
Click the Create button.
3.
Type the IP address the local endpoint uses to communicate with the WAN Optimization Module on a remote BIG-IP system.
4.
Referring to Table 3.3 (following) for descriptions of the settings, modify the values as required.
 
Click Repeat to save this endpoint and add another remote endpoint.
 
Click Finished if you have finished adding remote endpoints.
Specifies the IP address that the local endpoint uses to communicate with the WAN Optimization Module on a remote BIG-IP system.
Specifies whether WAN optimization is enabled or disabled on the BIG-IP system. When checked (enabled), the local endpoint can perform WAN optimization. When disabled, the local endpoint cannot establish connections with the remote endpoint. Existing connections continue until they are completed.
Specifies, when checked (enabled), that there is a route from the local endpoint to this remote endpoint, and the remote endpoint accepts traffic from the local endpoint. If disabled, the local endpoint does not initiate outbound connections to the remote endpoint.
Specifies the name of the SSL profile used to connect to this remote endpoint. This setting overrides the SSL profile specified for the Authentication and Encryption setting on the local endpoint. For information about customizing SSL profiles, see Chapter 4, Securing Your WAN Optimization Deployment.
Specifies the number of the port on the remote endpoint that the WAN Optimization Module uses for control connections. It must be a port that is allowed access through the firewall. The range is from 1 to 65535.
Note: The value you set here must match the value specified as the Tunnel Port on the Local Endpoint Configuration screen of the WAN Optimization Module on the other side of the WAN.
Specifies the address the system uses as the source IP address of the TCP connection between the WAN Optimization Module and the server.
Default: Indicates that the system uses the SNAT value set for the local endpoint.
None: Indicates that the system uses the original connecting client IP address.
Local: Indicates that the system uses the endpoint IP address closest to the destination. Use this setting to make sure the return route also goes through the BIG-IP system so that both sides of the connection can be optimized. This setting is useful if responses returning from the server to the client would not normally pass through the BIG-IP system
Remote: Indicates that the system uses the source IP address of the incoming iSession connection. Use this setting when an appliance that uses NAT is located between the WAN Optimization Module endpoints
You can configure two BIG-IP systems for high availability by setting them up in a redundant system configuration. Both systems need to be installed on the same hardware platform (for example, both systems must be BIG-IP 3600). For complete instructions on how to set up redundant system configurations, refer to the TMOS® Management Guide for BIG-IP® Systems.
When configuring two BIG-IP systems with WAN Optimization Modules for high availability, specify the floating IP address as the IP address of the local endpoint.
When using the WAN Optimization Module, you can use only the active/standby redundancy mode (not the active-active mode). Otherwise, you can set up redundancy as you would for any BIG-IP system.
The WAN Optimization Module provides pre-configured optimized applications for CIFS, MAPI, FTP, HTTP, Oracle Streams, and Microsoft SQL Server Replication. The easiest way to optimize traffic for these applications is to use the Create Optimized Applications list on the Quick Start screen. For instructions on using the Quick Start screen, refer to the guide BIG-IP® WAN Optimization Module: Quick Setup.
After you have finished configuring the WAN Optimization Module on one side of the WAN, you can configure the one (or more) on the other side by following the same procedure, as described in Configuring the endpoints and routes. You can also follow the procedure in the section Configuring the WAN Optimization Modules in the guide BIG-IP® WAN Optimization Module: Quick Setup. The following tips apply to configurations other than the simple point-to-point configuration:
 
Point-to-multipoint
Set up one WAN Optimization Module as the hub and the other WAN Optimization Modules as remote appliances on the hub. On each of the remote appliances, set up the hub only as a remote endpoint; do not add the other systems as remote endpoints.
 
Mesh
On each BIG-IP system, set up all other WAN Optimization Modules as remote endpoints.
After you have finished configuring the pair of WAN Optimization Modules, you can verify the WAN Optimization setup, and test connectivity between the local and remote endpoints, as follows.
1.
On the Main tab of the navigation pane, expand WAN Optimization, and click Diagnostics to open the Troubleshoot screen.
2.
Next to Diagnose WOM Configurations, click the Run button to verify that the WAN Optimization Module has been configured correctly.
Note: If you have not sent traffic through the designated network, dynamic discovery may not have discovered the remote endpoint.
4.
Repeat step 2 on the WAN Optimization Module on the other side of the WAN to verify that the other WAN Optimization Module has been configured correctly.
6.
In the Ping box, type the IP address of the remote endpoint, and click Run to make sure traffic is flowing through the designated network.
7.
In the Traceroute box, type the destination IP address of the route you want to display, and click Run to display routing details.
The BIG-IP system provides a dashboard that you can use to monitor overall system performance and WAN optimization performance. The dashboard displays system statistics graphically, showing gauges and graphs, and you can view the same statistics in table views. The system updates the information every three seconds. In addition to the standard views, you can customize your dashboard to include the charts and gauges you select and save those custom views. You can export the custom views and import them into another BIG-IP system. You can also save historical data to a CSV file.
Expand WAN Optimization in the navigation pane and click Dashboard. The dashboard opens in a separate browser window.
Important: For you to run the dashboard, the computer on which you are working must have Adobe® Flash Player (version 9 or later) installed on it.
You can use the dashboard to view bandwidth gain, virtual server usage by the WAN Optimization Module, optimization effectiveness, and details about remote endpoints.
Click the ? in the upper right corner of any panel to display the online help.
The dashboard includes online help for information about how to interpret the statistics on each of the panels that appear on the screens.
Note: When you are viewing historical data, the Y axis labels and data tips may display zeros even though the lines indicate some small values. This is a result of the rounding algorithm.
 
From the Views menu on the WAN Optimization dashboard screen, select standard/Overview.
 
The Standard WAN Optimization view provides four windows of data. Depending on the window, you can change the data displayed by using the following buttons, as available:
The Bandwidth Gain window displays the amount of improved throughput for data transfers. You can view the bandwidth gain for the overall system or for specific types of traffic. For each type of traffic, you can separately view the bandwidth gain for data input and output.
The Top Virtual Servers window lists the virtual servers that are handling the largest percentage of traffic being optimized over the WAN (since the statistics were last cleared). Virtual servers on the WAN Optimization Module all have an iSession profile, and they generally manage different types of application traffic for specific services or ports. By looking at the busiest virtual servers, you can tell what types of traffic have been sent between the two systems.
For example, a default virtual server called http_optimize_client optimizes HTTP traffic on port 80. If this is the top virtual server, predominant traffic on the system includes web pages and other HTTP traffic. Typically, the virtual servers that handle application traffic show most activity in the To WAN direction. The virtual server named isession-virtual is a virtual server that terminates the iSession connection, and it shows most activity in the From WAN direction.
The Optimizations window displays the optimization effectiveness and breakdown for deduplication and CIFS, and displays the types of compression that the system used.
You can use a filter to view deduplication or compression optimization statistics for All endpoints, or you can select a particular endpoint for which to view optimization. The remote endpoint filter appears only if you have more than one remote endpoint configured on the WAN Optimization Module. You can apply the filter only to deduplication and compression statistics, not for CIFS traffic.
The Remote Endpoints window lists the remote BIG-IP systems that are running the WAN Optimization Module and with which the local WAN Optimization Module can communicate.
Names of systems that are not in the Ready state are preceded by a red status light with an X. The WAN Optimization Module cannot reach these remote systems because, for example, they could be in the process of negotiating capabilities, the remote system could be offline, down, or authenticating, or authentication could have failed. If a system was never reachable from the local endpoint, the dashboard lists its IP address instead of its name in the first column.
After you have explored the data available on the dashboard, you can create and save custom views, that is, groups of gauges, graphs, and tables that display the particular data you want.
1.
From the dashboard, click the Custom View button .
The blank canvas screen opens, including the Dashboard Windows Chooser.
2.
Drag and drop the charts and gauges you want onto the canvas.
The Grid, Direction, and Filter buttons are active in this view.
3.
To remove a chart or gauge from the canvas, click the X in the upper right corner of the chart or gauge.
5.
In the pop-up window, type a name for your custom view and type or select a name for the view set to which you want to assign this view.
You must save every view to a view set. This option is available only when the canvas displays at least one dashboard window.
The views and view set lists you save become available in the Views list on the dashboard. You can also export a view set, which you can then import onto another BIG-IP system.
You can use the rate shaping feature of the BIG-IP system to enforce a throughput policy on incoming traffic. Throughput policies are useful for prioritizing and restricting bandwidth on selected traffic patterns.
The rate shaping feature works by first queuing selected packets under a rate class, and then dequeing the packets at the indicated rate and in the indicated order specified by the rate class. A rate class is a rate-shaping policy that defines throughput limitations, and a packet scheduling method to be applied to all traffic handled by the rate class.
To configure rate shaping, use the Rate Shaping screens within the Network section of the Configuration utility to create one or more rate classes and then assign the rate class to a packet filter. You can also use the iRules feature to instruct the BIG-IP systems to apply a rate class to a particular connection.
How you configure rate shaping for the WAN Optimization Module depends on what traffic you want to restrict. In general, the procedure is as follows.
 
Associate the rate class with a packet filter you create in the Network section of the Configuration utility, and apply it to the traffic you want to restrict.
Note: If you use a packet filter or iRule to direct traffic to a rate class for iSession traffic, you must disable the Reuse Connection setting for outbound traffic, using the iSession profile associated with this traffic.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)