Applies To:

Show Versions Show Versions

Manual Chapter: Setting Up the WAN Optimization Module
Manual Chapter
Table of Contents   |   << Previous Chapter

This document is a high-level overview of setting up the BIG-IP® WAN Optimization ModuleTM. It covers the general procedures for using the Configuration utility in a point-to-point topology with traffic initiated on both sides of the WAN. The procedures in this guide assume that you accept the default values during system setup. For more details, refer to referenced documentation.
WAN Optimization Modules work in pairs on opposite sides of the WAN to optimize the traffic that flows between them. A simple point-to-point configuration might include a WAN Optimization Module running on a BIG-IP system in one data center, and a second WAN Optimization Module running on a BIG-IP system in another data center on the other side of the WAN. Other configuration possibilities include point-to-multipoint (also called hub and spoke) and mesh deployments.
Figure 1.1 shows an example of the flow of traffic across the WAN through a pair of WAN Optimization Modules. This configuration assumes that traffic is initiated on both sides of the WAN.
We refer to each BIG-IP system that has a WAN Optimization Module as an endpoint. From the standpoint of each BIG-IP device, it is the local endpoint. The WAN Optimization Module on another BIG-IP system with which the local endpoint interacts is a remote endpoint. After you identify the endpoints, communication between the WAN Optimization Modules takes place in an iSession connection between the two devices.
When you configure the local WAN Optimization Module, you also identify any advertised routes, which are subnets that can be reached through the local endpoint. When viewed on a remote system, these subnets appear as remote advertised routes.
To optimize traffic, you select the applications you want to optimize, and the BIG-IP system sets up the necessary virtual servers and associated profiles. The system creates a virtual server on the initiating side of the WAN, with which it associates a profile that listens for TCP traffic of a particular type (HTTP, CIFS, MAPI, FTP). The local BIG-IP system also creates a virtual server, called an iSession listener, to receive traffic from the other side of the WAN, and it associates a profile that terminates the iSession connection and forwards the traffic to its destination. For some applications, the system creates an additional virtual server to further process the application traffic. If you are familiar with the BIG-IP system, you know about virtual servers and profiles. To learn about these components, refer to the Configuration Guide for BIG-IP® Local Traffic ManagerTM.
The default iSession profile, which the system applies to application optimization, includes symmetric adaptive compression. Also by default, symmetric data deduplication is enabled. For information about these features and their settings, refer to the Configuration Guide for the BIG-IP® WAN Optimization ModuleTM.
Because WAN optimization is tightly integrated as a module on the BIG-IP system, you need to be familiar with basic system and Local Traffic Manager concepts when setting up the WAN Optimization Module.
For details on installing the hardware, refer to the platform guide for the BIG-IP system you have. You can learn about BIG-IP system installation in the BIG-IP® Systems: Getting Started Guide.
For general BIG-IP system administration information on topics such as creating accounts, self IP addresses, VLANs, routes, and interfaces, refer to the TMOS® Management Guide for BIG-IP® Systems.
For details about Local Traffic Manager, such as configuring virtual servers, profiles, and SSL traffic, refer to the Configuration Guide for BIG-IP® Local Traffic ManagerTM.
For details about the WAN Optimization Module, such as step-by-step procedures and options, refer to the Configuration Guide for the BIG-IP® WAN Optimization ModuleTM.
Before you begin configuring a WAN Optimization Module, you must complete the following initial configuration tasks on the BIG-IP system that includes the module. For details about logging in, running the Setup utility, and provisioning the modules, refer to the BIG-IP® Systems: Getting Started Guide.
1.
Assign the management IP address, netmask, and default route for the BIG-IP system, using the LCD panel on the front of the unit or connecting to the serial console. Most likely, you completed this task when you initially set up the hardware.
2.
Run the Setup utility, which includes licensing the BIG-IP system, using the browser-based Configuration utility.
3.
Provision the Local Traffic Manager and WAN Optimization Modules, using the browser-based Configuration utility.
If you are configuring the BIG-IP system in bridge mode, you configure two VLANs and a VLAN group. and then associate a self IP address with the VLAN group. This configuration allows the BIG-IP system to bridge the LAN and WAN subnets. For details about configuring VLANs, refer to the TMOS® Management Guide for BIG-IP® Systems.
1.
Create a VLAN (for example, lan) with which you associate an internal interface (port),
This VLAN is for traffic that is to be optimized by the BIG-IP system you are configuring.
2.
Create a VLAN (for example, wan) with which you associate an external interface (port).
This VLAN terminates existing inbound iSession connections.
3.
Create a VLAN group (for example, bridge) that includes the internal and external VLANs you created.
4.
Create a self IP address, associating with it the VLAN group you created, and setting the Port Lockdown value to Allow None.
If you are configuring the BIG-IP system in routed mode, you configure separate self IP addresses for the internal and external interfaces. Also, you need to create a passthrough virtual server which you can use to check the connection before you try to optimize traffic.
1.
Create a VLAN (for example, lan) with which you associate an internal interface (port).
2.
Create a VLAN (for example, wan) with which you associate an external interface (port).
4.
Create a WAN self IP address with which you associate the external VLAN you created, and set the Port Lockdown value to Allow None.
6.
Configure a virtual server with the Destination set to network IP address 0.0.0.0 and mask 0.0.0.0, and the virtual server Type set to Fowarding (IP).
The purpose of this virtual server is to forward all IP traffic. You will create a separate virtual server for optimized traffic when you configure the WAN Optimization Module. For information about configuring virtual servers, refer to the Configuration Guide for BIG-IP® Local Traffic ManagerTM.
In this deployment, the BIG-IP system has a single connection to the WAN router (or LAN switch). The WAN router (or switch) redirects all relevant traffic to the BIG-IP system, typically using WCCPv2. If you are configuring the BIG-IP system in one-arm mode, you configure the router to redirect the designated traffic to the WAN Optimization Module. On the BIG-IP system, you configure a single self IP address. For an illustration of this configuration, see Figure 1.3.
2.
Create a self IP address with which you associate the external VLAN, and set the Port Lockdown value to Allow None.
5.
If you are using WCCPv2, configure the router parameters on the BIG-IP system (click WCCP under Network).
For details, refer to Configuring WCCPv2 Redirection in the Configuration Guide for the BIG-IP® WAN Optimization ModuleTM.
After you have finished configuring the BIG-IP systems on both sides of the WAN, verify connectivity across the WAN through the BIG-IP systems. From a client or server on one side of the WAN, ping or verify TCP connectivity between a client device and server across the WAN.
After you have established connectivity through the BIG-IP systems, you are ready to configure the WAN Optimization Modules. The following procedure covers the main tasks you perform, using the Configuration utility.
For a point-to-point topology, the default settings are sufficient. Refer to the Configuration Guide for the BIG-IP® WAN Optimization ModuleTM for details about modifying these settings to match your network.
1.
Log on to the BIG-IP system that has the WAN Optimization Module you want to configure.
The default logon value for both user name and password is admin.
2.
On the Main tab of the navigation pane, expand WAN Optimization, and click Quick Start to open the Quick Start screen.
If you have not configured the minimum prerequisites, the WOM Prerequisites screen is displayed, and you cannot configure the WAN Optimization Module. To continue, you must define at least one VLAN and one self IP on the BIG-IP system. The Required Action column contains links to complete these configuration tasks.
3.
In the WAN Self IP Address box, type the local endpoint IP address.
This IP address must be in the same subnet as a self IP address on the BIG-IP system. To make sure that dynamic discovery properly detects this endpoint, the IP address must be the same as a self IP address on the BIG-IP system.
4.
Leave the Discovery setting at Enabled.
This setting specifies that the system automatically discovers remote endpoints, which complete iSession connections, and advertised routes, which are subnets that are reachable through the local endpoint you are configuring.
If you disable the Discovery setting, you must manually configure any remote endpoints and advertised routes. You can use the links on the Quick Start screen. For information about manually configuring remote endpoints and advertised routes, refer to the Configuration Guide for the BIG-IP® WAN Optimization ModuleTM.
5.
Specify the VLANs on which the virtual servers on this system receive incoming traffic, by moving the VLANs from the Available list to the Selected list.
LAN VLANs
Select the VLANs on which the virtual servers that initiate application traffic through an iSession connection receive incoming LAN traffic destined for the WAN.
WAN VLANs
Select the VLANs on which the virtual servers on the receiving side receive application traffic from the WAN through an iSession connection.
6.
Under Authentication and Encryption, for Outbound iSession to WAN, select the SSL profile to use for all encrypted outbound iSession connections.
To get WAN optimization up and running you can use the default selection serverssl, but you need to customize this profile for your production environment by clicking the plus (+) sign, which opens the New Server SSL Profile screen. For information about creating SSL profiles, refer to the Configuration Guide for the BIG-IP® WAN Optimization ModuleTM.
7.
For Inbound iSession from WAN, select the SSL profile to use on the incoming iSession connection.
To get WAN optimization up and running you can use the default selection wom-default-clientssl.
Note: If you configure the iSession connection to not always encrypt the traffic between the endpoints, this profile must be a client SSL profile for which the Non-SSL Connections setting is enabled, such as the default selection wom-default-clientssl. To create a custom SSL profile, click the plus (+) sign, which opens the New Server SSL Profile screen. For information about creating SSL profiles, refer to the Configuration Guide for the BIG-IP® WAN Optimization ModuleTM.
8.
For Application Data Encryption, leave the setting at Disabled, unless you want the added feature of encrypting application traffic over the WAN. The value you select for this setting applies to all the optimized applications you select in the next step.
9.
Select the applications you want to optimize by checking the adjacent check boxes in the Create Optimized Applications list.
10.
Click Apply.
The system creates the necessary virtual servers and associated profiles to optimize the selected application traffic, as indicated by the green check marks in the Optimizations Enabled column.
For some applications, such as HTTP and MAPI, the system creates a virtual server only for initiating traffic.
Note: If you select MAPI, the system creates a virtual server for each Exchange server. For details about optimizing MAPI traffic, refer to the Configuration Guide for the BIG-IP® WAN Optimization ModuleTM.
One to receive traffic from the other side of the WAN, after it has been terminated by the iSession terminating virtual server
Note: If you are using a one-arm deployment, you must manually create the virtual servers to receive CIFS and FTP traffic, because the system detects only one VLAN. For details about configuring virtual servers for CIFS and FTP traffic, refer to the Configuration Guide for the BIG-IP® WAN Optimization ModuleTM.
11.
After you begin to send traffic to a location behind another locally configured endpoint, the BIG-IP system automatically adds that endpoint as a remote endpoint and the server destination as an advertised route on that remote endpoint.
After you have finished configuring the pair of WAN Optimization Modules, you can verify the WAN Optimization setup and test connectivity between the local and remote endpoints, as follows.
1.
On the Main tab of the navigation pane, expand WAN Optimization, and click Diagnostics to open the troubleshooting screen.
2.
Click Run for the Diagnose WOM Configuration setting to verify that the WAN Optimization Module has been configured correctly.
Note: If you have not sent traffic through the designated network, dynamic discovery may not have discovered the remote endpoint.
4.
Repeat steps 13 on the WAN Optimization Module on the other side of the WAN to verify that the other WAN Optimization Module has been configured correctly.
5.
In the Ping box, type the IP address of the remote endpoint, and click Run to make sure traffic is flowing through the designated network.
6.
In the Traceroute box, type the destination IP address of the route you want to display, and click Run to display routing details.
Although WAN Optimization Modules are deployed in pairs, one on either side of the WAN, the network topology need not be the same on both sides.
Figure 1.2 depicts a network deployment in which one of the two BIG-IP systems was configured in bridge mode, and the other in routed mode. The IP addresses are for example only. For an illustration of a one-arm deployment, see Figure 1.3.
Figure 1.3 depicts a simple one-arm deployment on both sides of the WAN. The IP addresses are for example only.
Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)