Applies To:

Show Versions Show Versions

Manual Chapter: Configuring WAN Optimization for the First Time
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

WAN Optimization Modules work in pairs on opposite sides of the WAN to optimize the traffic that flows between them. One of the modules runs on a local BIG-IP system and another runs on a remote BIG-IP system. A simple configuration might include one WAN Optimization Module running on a BIG-IP system in a data center where company servers reside, and a second WAN Optimization Module running on a BIG-IP system on the other side of the WAN in a branch office. Another typical configuration might involve two WAN Optimization Modules running on BIG-IP systems in two data centers set up to replicate a database over the WAN.
The rest of this chapter describes how to log on to the system using the Configuration utility and perform the basic configuration required for WAN Optimization Modules to start processing and optimizing traffic.
Because WAN optimization is tightly integrated as a module on the BIG-IP system, you need to be familiar with basic system and Local Traffic Manager concepts when setting up the WAN Optimization Module. For general BIG-IP system administration information about topics, such as creating accounts, self IP addresses, VLANs, routes, and interfaces, refer to the TMOSTM Management Guide for BIG-IP® Systems. For details on Local Traffic Management, such as configuring virtual servers, profiles, and SSL traffic, refer to the Configuration Guide for BIG-IP® Local Traffic Management.
Before you can begin with initial configuration of the WAN Optimization Module, you need to complete the following tasks on the BIG-IP systems:
Refer to the platform guide for the BIG-IP system for details on installing the hardware. You can learn about BIG-IP system installation in the BIG-IP® Systems: Getting Started Guide.
You can then set up the WAN Optimization Modules using the browser-based interface, called the Configuration utility. You can access the Configuration utility from any computer that is connected to the management network and can run a web browser. You also use the Configuration utility to administer the appliance and perform additional configuration.
For example, if the Management IP address of the appliance is 192.168.168.102, type https://192.168.168.102 in the web browser.
The Authentication Required screen opens where you can log on.
2.
Type the user name and password.
The default user name is admin, and the default password is admin (unless it was changed by a local administrator during initial configuration).
3.
Click OK.
The Welcome screen of the BIG-IP system opens. If you provisioned the WAN Optimization Module on the system, WAN Optimization is one of the selections in the navigation pane.
You need at least two WAN Optimization Modules to optimize traffic. The WAN Optimization Module on the system where you are working is called the local endpoint. The WAN Optimization Module on the system on the other side of the WAN is called the remote endpoint.
You need to have completed the basic configuration of the BIG-IP systems and have created at least one self IP address on each one according to your networking setup. A self IP address is an IP address on the BIG-IP system that you use to access devices that are logically connected using a VLAN (virtual local area network). Self IP addresses have a security feature called port lockdown that allows you to configure specific protocols and services from which the self IP address can accept traffic. For details on configuring self IP addresses and VLANs, refer to the TMOSTM Management Guide for BIG-IP® Systems.
When configuring the local endpoint, you need to choose an IP address that is network addressable to associate with WAN optimization; the IP address you use needs to be in the same subnet as one of the self IP addresses on the BIG-IP system (or you can use a self IP address with the qualifications specified in the note below).
Note: If you decide to use a self IP address for WAN optimization, you typically use the self IP address associated with the external (or WAN) VLAN. For proper functioning, the self IP address should have its Port Lockdown value set to Allow None to avoid conflicts (for management and other control functions) with other TCP applications. To access any of the services normally available on a self IP address, the self IP address you use for WAN optimization needs to have its Port Lockdown value set to Allow Custom so you can open the ports that those services need.
You should generally use a distinct IP address as the local endpoint IP address, one that is not used for other virtual servers handling other functions. If you configured this BIG-IP system as a redundant system, you should use the floating IP address as the local endpoint IP address.
When configuring a local endpoint, you also need to specify client and server SSL profiles because the system encrypts the traffic traveling between endpoints using Secure Sockets Layer (SSL) technology. When the local WAN Optimization Module makes an outbound connection from here to a remote endpoint, the serverssl profile encrypts the traffic. When receiving traffic, the clientssl profile decrypts the traffic.
A Tunnel Port setting lets you specify the port on the local endpoint where the two WAN Optimization Modules exchange information including the advertised routes, software versions, and system capabilities. The default value is port 443 because most firewalls allow SSL traffic. For this setting, you need to choose a port that is open for your network between the pair of WAN Optimization Modules.
1.
On the Main tab of the navigation pane, expand WAN Optimization and click Configuration.
The Local Endpoint - Basic screen opens.
2.
In the IP Address box, type the IP address to use for the local endpoint.
Important: The IP address must be in the same subnet as a self IP address on the BIG-IP system. If you use a self IP address, it should have Port Lockdown set to Allow None to avoid potential port conflicts. If this system is configured for high availability, use the floating IP address as the IP address.
3.
From the SSL Profile (Server) list, select the SSL profile to use for outbound connections if there is no SSL profile specified on the remote endpoint. You can use the default value, serverssl.
4.
In the Tunnel Port box, type the number of the port on the local endpoint that handles control connections. It must be a port that is allowed access through the firewall. Valid values are 1 through 65535. By default, this port is set to 443. Also, when port transparency is disabled on the isession profile, all iSession connections terminate on this port.
Note: If the BIG-IP system is behind a firewall, you need to open the port you specify as the Tunnel Port to allow traffic to flow through the firewall.
5.
Set the Allow NAT check box according to your networking configuration:
If enabled (checked), the system allows other WAN Optimization Modules behind a NAT (network address translation) router to connect to this one. This is the default setting.
If disabled (cleared), the system does not accept connections where the source address changed as a result of network address translation. This is the correct choice if you are not using NAT.
6.
From the Source Address list, select the appropriate address to use as the source IP address for the TCP connection between the WAN Optimization Module and the server where the request is being satisfied. This setting is relevant only on the receiving WAN Optimization Module:
client specifies that the system should use the client IP address from the tunnel data as the source IP address. (This is the default setting.)
wom specifies that the system should use the endpoint local IP address as the source IP address.
tunnel specifies that the system should use the source IP address in the header of the tunnel connection as the source IP address.
7.
Verify that State is set to Enable (meaning that optimization can occur between the local and remote endpoints).
8.
Verify that Create iSession Virtual Server is set to Yes to automatically create a terminating virtual server.
9.
For SSL Profile (Client), select the SSL profile to associate with the iSession virtual server for incoming traffic.
The default value is clientssl. This setting only appears if you set Create iSession Virtual Server to Yes.
10.
Click Update to save the local endpoint configuration.
Note: In this configuration, the local endpoint automatically creates a virtual server called isession-virtual. This virtual server is the virtual server on the receiving or server side that receives tunnel traffic. It reverses the optimization operations before sending the client request to the server. You can examine the isession-virtual by clicking it in the WAN Optimization Configuration, Optimization Policies screen.
If traffic behind the BIG-IP system comes from multiple subnets, you need to advertise the routes or subnets for which you want to optimize traffic on the WAN Optimization Module. Often, BIG-IP systems on the receiving (or server) side may connect to multiple subnets. You may not need to advertise the routes or subnets on the WAN Optimization Module that is on the initiating (or client) side.
Remote endpoints use the advertised routes to make routing and optimization decisions. When requests arrive at a remote endpoint, the remote system creates a tunnel to the local endpoint through which it can optimize traffic.
1.
If you are not already here, in the navigation pane, expand WAN Optimization and click Configuration.
The Local Endpoint - Basic screen opens.
2.
Next to Advertised Routes Configuration, click Create.
The New Remote Endpoint screen opens.
3.
In the Alias box, type a string to serve as a name for the subnet.
For example:
4.
In the Subnet Address box, type the IP address for the subnet.
For example:
5.
In the Netmask box, type the subnet mask. For example:
6.
The Enabled check box is selected by default, meaning the WAN Optimization Module optimizes traffic from this subnet. If you do not want the traffic optimized yet, clear the check box.
Click Repeat to save this route and add more advertised routes.
Click Finished if you are done adding advertised routes.
If you are configuring more than two WAN Optimization Modules on your network, you need to specify the number of endpoints you expect to configure in the near future. The WAN Optimization Module uses the information to divide the cache (disk or memory) it uses for symmetric data deduplication. The greater the number of remote endpoints, the smaller the amount of storage space that is allocated for deduplication. For additional details on deduplication cache, refer to Checking the size of deduplication cache.
You do not need to specify the number of remote endpoints on the initiating (or client) side, and can leave that value set to the default of 1.
1.
On the Main tab of the navigation pane, expand WAN Optimization and click Configuration.
The Local Endpoint - Basic screen opens.
2.
In the Maximum Number of Remote Endpoints box, type the number of WAN Optimization Modules you expect to connect to this one. The default value is 1.
Note: Changing this value clears the deduplication cache. You should rarely need to change this setting.
3.
Click Update to clear deduplication cache and reallocate storage on all of the endpoints.
The local WAN Optimization Module needs to be able connect to at least one remote endpoint. The WAN Optimization Module may be able to automatically discover the remote endpoint. Dynamic discovery, which locates a remote endpoint on the network when traffic is directed to a location behind that remote endpoint, is enabled on the WAN Optimization Module by default.
If the BIG-IP system is located behind a firewall or if you are working in a highly secure facility, dynamic discovery may not work in your networking environment. In that case, you need to manually add the remote endpoint. To learn more about dynamic discovery, refer to Dynamically discovering remote endpoints.
On the Main tab of the navigation pane, expand WAN Optimization and click Remote Endpoints. Check whether the remote endpoint on the receiving side is listed.
1.
On the Main tab of the navigation pane, expand WAN Optimization and click Configuration.
The Local Endpoint - Basic screen opens.
2.
On the menu bar, click Remote Endpoints.
The Remote Endpoints screen opens.
3.
Click the Create button.
The New Remote Endpoint screen opens.
4.
In the IP Address box, type the IP address of the remote WAN Optimization Module. For example:
5.
From the SSL Profile (Server) list, select the SSL profile to use on the connection to this remote WAN Optimization Module.
If specified, this setting overrides the SSL profile setting on the Local Endpoint - Basic screen. The default is None.
6.
In the Tunnel Port box, type the number of the port on the remote endpoint used for the exchange of information with the local endpoint. The default port is 443.
Note: The value you set here must match the value specified as the Tunnel Port on the Local Endpoint screen of the WAN Optimization Module on the other side of the WAN.
7.
From the Source Address list, select the appropriate address to use as the source address for TCP connections coming from the remote endpoint and traveling between the receiving WAN Optimization Module and the server:
none specifies that the system should use the Source Address value set on the Local Endpoint Configuration - Basic screen. (This is the default setting.)
client specifies that the system should use the client IP address from the tunnel data as the source IP address.
wom specifies that the system should use the endpoint local IP address as the source IP address.
tunnel specifies that the system should use the source IP address in the header of the tunnel connection as the source IP address.
8.
Verify that State is set to Enabled (meaning that optimization can occur between the local and remote endpoints).
9.
Verify that Routing is set to Enabled (meaning that there is a route from the local to the remote endpoint and a connection can be established between the two).
Click Repeat to save this endpoint and add another remote endpoint.
Click Finished if you are done adding remote endpoints.
You set up optimization policies to determine what traffic you want to optimize over the WAN. The WAN Optimization Module provides common application optimization policies for CIFS, MAPI, and HTTP. You can create additional custom policies for other applications for which you want to optimize traffic.
You particularly need to set up optimization policies on the initiating (or client) side. The optimization policies are essentially virtual servers (to determine what traffic to optimize) that have WAN optimization profiles (to determine how it is to be handled). If no traffic is being initiated from this side of the network, you do not need to create optimization policies on this WAN Optimization Module.
If the BIG-IP systems are in a mesh configuration and traffic could be initiated from a client on the network behind either device, you can set up optimization policies on both WAN Optimization Modules.
1.
On the Main tab of the navigation pane, expand WAN Optimization and click Configuration.
The Local Endpoint - Basic screen opens.
2.
On the menu bar, click Optimization Policies.
The Optimization Policies screen opens listing the virtual servers that have been created, if any.
3.
Click the Create button.
The Common Application Optimization Policies screen opens listing the preconfigured policies that are available.
4.
Check the Select box next to the type of traffic you want to optimize (CIFS, MAPI, or HTTP), and then click Apply.
The system creates a virtual server for each one selected, and automatically assigns an iSession profile (required for WAN optimization), an SSL profile, and other profiles appropriate for the application.
5.
On the Optimization Policies screen, click the name of each of the optimization policies you created (for example, cifs_optimize, mapi_optimize, and http_optimize). On the properties screen for each one:
a)
From VLAN Traffic list, select Enabled On.
This displays the VLAN List setting.
b)
For the VLAN List setting, from the Available box, select the VLAN on the internal (LAN) side through which connections come in, and click the Move button (<<) to move that VLAN to the Selected box.
c)
Click Finished.
6.
On the Optimization Policies screen, click the isession-virtual name. On the properties screen:
a)
From VLAN Traffic list, select Enabled On.
This displays the VLAN List setting.
b)
For the VLAN List setting, from the Available box, select the VLAN connected to the WAN link, and click the Move button (<<) to move that VLAN to the Selected box.
c)
Click Finished.
After you finish configuring the WAN Optimization Module on one side of the WAN, you can configure the one (or more) on the other side by following the same steps.
If you have additional WAN Optimization Modules to configure, continue to set them up in the same way. For point-to-multipoint configuration, set up one WAN Optimization Module as the hub and the other WAN Optimization Modules as remote appliances on the hub. On each of the remote appliances, set up the hub only as a remote endpoint; do not add the other systems as remote endpoints. For a mesh configuration, on each BIG-IP system, set up all other WAN Optimization Modules as remote endpoints.
Finally, you should test connectivity between the local and remote endpoints from the initiating side. Here are some suggestions:
Make a request from a client on one side of the WAN for information from one of the servers on the other side of the WAN.
If you configure the WAN Optimization Modules on either side of the WAN by following the procedures in this chapter and using many of the defaults provided, the systems are mostly set up to optimize the types of traffic you selected (CIFS, MAPI, and HTTP) using compression and deduplication. MAPI optimization requires additional configuration; see Optimizing MAPI traffic.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)