big-ip wan optimization manager configuration guide forwarding non-tcp traffic through an isession...

BIG-IP® WAN Optimization Manager™

Configuration Guide

Version 11.3

Table of Contents

Legal Notices.....................................................................................................................................5

Chapter 1: Basic BIG-IP WOM Setup....................................................................7About WAN optimization using BIG-IP WOM...........................................................................8

About the WAN Optimization Quick Start screen.....................................................................8

Setting up WAN optimization using the Quick Start screen...........................................9

About forwarding non-TCP traffic through an iSession over IPsec tunnel..............................10

Creating a virtual server for non-TCP iSession traffic.................................................10

About bandwidth management...............................................................................................11

Chapter 2: Disk Management for Datastor........................................................13About disk management.........................................................................................................14

Provisioning solid-state drives for datastor..................................................................15

Monitoring SSD usage.................................................................................................17

Chapter 3: WOM Configuration on the Chassis................................................19About WOM configuration on the chassis..............................................................................20

Setting up WOM on vCMP.....................................................................................................20

Chapter 4: WOM Virtual Edition..........................................................................23About BIG-IP WOM Virtual Edition.........................................................................................24

Hypervisor guest definition.....................................................................................................24

Licensing considerations........................................................................................................24

Configuration considerations..................................................................................................24

Provisioning extra VE disk for datastor........................................................................25

Chapter 5: Endpoints..........................................................................................27About endpoints.....................................................................................................................28

About local endpoints and high availability.............................................................................28

Customizing local endpoint settings.......................................................................................28

About iSession listeners.........................................................................................................29

Adding iSession listeners............................................................................................29

Chapter 6: Discovery...........................................................................................31About discovery on BIG-IP WOM...........................................................................................32

About dynamic discovery of remote endpoints.......................................................................32

3

Table of Contents

Modifying dynamic discovery of remote endpoints......................................................32

Manually adding remote endpoints for WAN optimization...........................................32

About subnet discovery..........................................................................................................33

Modifying automatic discovery of advertised routes....................................................34

Verifying subnet discovery...........................................................................................35

Adding advertised routes manually.............................................................................35

Chapter 7: Deduplication....................................................................................37What is symmetric data deduplication?..................................................................................38

Which codec do I choose?.....................................................................................................38

Enabling symmetric data deduplication.......................................................................38

Disabling symmetric data deduplication......................................................................39

Chapter 8: Optimized Applications....................................................................41About optimized applications for WAN Optimization..............................................................42

About iSession profiles...........................................................................................................42

Customizing compression settings for iSession traffic.................................................42

Screen capture showing compression settings...........................................................43

About optimization of SSL applications..................................................................................44

Manually configuring optimized applications for outbound traffic...........................................45

Manually configuring optimized applications for inbound traffic.............................................46

About CIFS traffic optimization...............................................................................................46

Adjusting CIFS optimization over the WAN.................................................................47

About MAPI optimization........................................................................................................47

Enabling Microsoft Exchange compression for MAPI optimization..............................48

Enabling automatic discovery of Exchange Servers for MAPI optimization................48

Chapter 9: Diagnostics........................................................................................49About WAN optimization diagnostics......................................................................................50

WOM diagnostic error messages...........................................................................................50

Troubleshooting network connectivity for WAN Optimization Manager..................................51

Running WAN optimization configuration diagnostics............................................................51

Acknowledgments..........................................................................................................................55

4

Table of Contents

Legal Notices

Publication Date

This document was published on November 15, 2012.

Publication Number

MAN-0380-03

Copyright

Copyright © 2012, F5 Networks, Inc. All rights reserved.

F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumesno responsibility for the use of this information, nor any infringement of patents or other rights of thirdparties which may result from its use. No license is granted by implication or otherwise under any patent,copyright, or other intellectual property right of F5 except as specifically described by applicable userlicenses. F5 reserves the right to change specifications at any time without notice.

Trademarks

Access Policy Manager, Advanced Client Authentication, Advanced Routing, APM, Application SecurityManager, ARX, AskF5, ASM, BIG-IP, BIG-IQ, Cloud Extender, CloudFucious, Cloud Manager, ClusteredMultiprocessing, CMP, COHESION, Data Manager, DevCentral, DevCentral [DESIGN], DNS Express,DSC, DSI, Edge Client, Edge Gateway, Edge Portal, ELEVATE, EM, Enterprise Manager, ENGAGE, F5,F5 [DESIGN], F5 Management Pack, F5 Networks, F5 World, Fast Application Proxy, Fast Cache, FirePass,Global Traffic Manager, GTM, GUARDIAN, IBR, Intelligent Browser Referencing, Intelligent Compression,IPv6 Gateway, iApps, iControl, iHealth, iQuery, iRules, iRules OnDemand, iSession, L7 Rate Shaping,LC, Link Controller, Local Traffic Manager, LTM, Message Security Manager, MSM, OneConnect,OpenBloX, OpenBloX [DESIGN], Packet Velocity, Policy Enforcement Manager, PEM, Protocol SecurityManager, PSM, Real Traffic Policy Builder, Rosetta Diameter Gateway, ScaleN, Signaling DeliveryController, SDC, SSL Acceleration, StrongBox, SuperVIP, SYN Check, TCP Express, TDR, TMOS, TrafficManagement Operating System, Traffix Diameter Load Balancer, Traffix Systems, Traffix Systems(DESIGN), Transparent Data Reduction, UNITY, VAULT, VIPRION, vCMP, virtual ClusteredMultiprocessing, WA, WAN Optimization Manager, WebAccelerator, WOM, and ZoneRunner, aretrademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and may not be usedwithout F5's express written consent.

All other product and company names herein may be trademarks of their respective owners.

Patents

This product may be protected by U.S. Patents 7,126,955; 7,286,476; 7,882,084; 8,121,117. This list isbelieved to be current as of November 15, 2012.

Export Regulation Notice

This product may include cryptographic software. Under the Export Administration Act, the United Statesgovernment may consider it a criminal offense to export this product from the United States.

RF Interference Warning

This is a Class A product. In a domestic environment this product may cause radio interference, in whichcase the user may be required to take adequate measures.

FCC Compliance

This equipment has been tested and found to comply with the limits for a Class A digital device pursuantto Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmfulinterference when the equipment is operated in a commercial environment. This unit generates, uses, andcan radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,may cause harmful interference to radio communications. Operation of this equipment in a residential areais likely to cause harmful interference, in which case the user, at his own expense, will be required to takewhatever measures may be required to correct the interference.

Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authorityto operate this equipment under part 15 of the FCC rules.

Canadian Regulatory Compliance

This Class A digital apparatus complies with Canadian ICES-003.

Standards Compliance

This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable toInformation Technology products at the time of manufacture.

6

Legal Notices

Chapter

1

Basic BIG-IP WOM Setup

Topics:

• About WAN optimization using BIG-IP WOM• About the WAN Optimization Quick Start

screen• About forwarding non-TCP traffic through an

iSession over IPsec tunnel• About bandwidth management

About WAN optimization using BIG-IP WOM

The BIG-IP® WAN Optimization Manager™ systems work in pairs on opposite sides of the WAN to optimizethe traffic that flows between them. A simple point-to-point configuration might include WAN OptimizationManager (WOM®) running on a BIG-IP system in one data center, and a second BIG-IP WOM running inanother data center on the other side of the WAN. Other configuration possibilities include point-to-multipoint(also called hub and spoke) and mesh deployments.

The following illustration shows an example of the flow of traffic across the WAN through a pair of BIG-IPWOM devices. In this example, traffic can be initiated on both sides of the WAN.

Figure 1: Example of a traffic flow through a BIG-IP WOM pair

The BIG-IP WOM as an endpoint. From the standpoint of each BIG-IP WOM, it is the local endpoint. AnyBIG-IP WOM with which the local endpoint interacts is a remote endpoint. After you identify the endpoints,communication between the WOM pair takes place in an iSession™ connection between the two devices.When you configure the local WOM, you also identify any advertised routes, which are subnets that canbe reached through the local endpoint. When viewed on a remote system, these subnets appear as remoteadvertised routes.

To optimize traffic, you select the applications you want to optimize, and BIG-IP WOM sets up the necessaryvirtual servers and associated profiles. The system creates a virtual server on the initiating side of the WAN,with which it associates a profile that listens for TCP traffic of a particular type (HTTP, CIFS, MAPI, FTP).The local BIG-IP WOM also creates a virtual server, called an iSession listener, to receive traffic from theother side of the WAN, and it associates a profile that terminates the iSession connection and forwards thetraffic to its destination. For some applications, the system creates an additional virtual server to furtherprocess the application traffic.

The default iSession profile, which the system applies to application optimization, includes symmetricadaptive compression. Also by default, symmetric data deduplication is enabled.

About the WAN Optimization Quick Start screen

The Quick Start screen for WAN optimization provides all the settings you need to configure WANOptimization Manager™ (WOM®) on one side of the WAN. After you have set up the BIG-IP® WOM®

systems on both sides of the WAN, you can begin optimizing the application traffic you specify. An importantadvantage of configuring WOM using the Quick Start screen is that the system automatically selects TCPparameter settings based on the hardware. If you do not use the Quick Start screen, the system uses thegeneralized default TCP settings, which might not be optimal for your hardware.

8


The Quick Start screen is for the initial BIG-IP WOM setup. To change the settings for any WOM objectsafter you have completed the initial configuration on the Quick Start screen, use the screen that pertains tothat object. For example, to change the settings for the local endpoint, use the Local Endpoint screen.

Setting up WAN optimization using the Quick Start screen

You cannot view the Quick Start screen until you have defined at least one VLAN and at least one self IPon a configured BIG-IP® system that is provisioned for WOM®.

Use the Quick Start screen to quickly set up WAN Optimization Manager™ on a single screen of the BIG-IPsystem using the default settings. To optimize WAN traffic, you must configure BIG-IP WOM on bothsides of the WAN.

1. Log in to the BIG-IP WOM system that you want to configure.

The default login value for both user name and password is admin.

2. On the Main tab, click WAN Optimization > Quick Start.

3. In the WAN Self IP Address field, type the local endpoint IP address, if it is not already displayed.

This IP address must be in the same subnet as a self IP address on the BIG-IP system. To make surethat dynamic discovery properly detects this endpoint, the IP address must be the same as a self IPaddress on the BIG-IP WOM system.

4. Verify that the Discovery setting is set to Enabled.

If you disable the Discovery setting, or discovery fails, you must manually configure any remoteendpoints and advertised routes.

5. Specify the VLANs on which the virtual servers on this system receive incoming traffic.

DescriptionOptions

Select the VLANs that receive incoming LAN traffic destined for theWAN.

LAN VLANs

Select the VLANs that receive traffic from the WAN through aniSession™ connection.

WAN VLANs

6. In the Authentication area, for the Outbound iSession to WAN setting, select the SSL profile to usefor all encrypted outbound iSession connections.

To get WAN optimization up and running, you can use the default selection serverssl, but you need tocustomize this profile for your production environment.

7. For the Inbound iSession from WAN setting, select the SSL profile to use on the incoming iSessionconnection.

To get WAN optimization up and running, you can use the default selection wom-default-clientssl.

Note: If you configure the iSession connection to not always encrypt the traffic between theendpoints, this profile must be a client SSL profile for which the Non-SSL Connections settingis enabled, such as wom-default-clientssl.

8. In the IP Encapsulation area, from the IP Encapsulation Type list, select the encapsulation type, if any,for outbound iSession traffic.

a) If you select IPsec, select an IPsec policy from the IPSEC Policy list that appears, or retain thedefault, default-ipsec-policy-isession.

b) If you select IPIP, the system uses the IP over IP tunneling protocol, and no additional encapsulationsetting is necessary.

9

BIG-IP® WAN Optimization Manager™ Configuration Guide

c) If you select GRE, select a GRE profile from the GRE Profile list that appears, or retain the default,gre.

9. Select the applications you want to optimize by selecting the adjacent check boxes in the Create OptimizedApplications list.

To secure and encrypt data, enable the Data Encryption setting for each optimized application youselect. If you selected IPsec for the IP Encapsulation Type, the IPsec policy you selected determinesencryption of TCP traffic.

10. Click Apply.

The system creates the necessary virtual servers and associated profiles to optimize the selected applicationtraffic, as indicated by the green check marks in the Optimizations Enabled column on the Quick Startscreen. If your network supports IPv6, the BIG-IP WOM automatically creates virtual servers for both IPv6and IPv4 networks, and uses the appropriate virtual server based on the IP addressing in your network.

For some applications, such as HTTP and MAPI, the system creates a virtual server only for initiatingtraffic. For other applications, such as CIFS and FTP, the system creates two virtual servers: one to initiatetraffic destined for the other side of the WAN and another to receive traffic from the other side of the WAN,after the traffic is terminated by the iSession terminating virtual server.

Note: If you are using a one-arm deployment, you must manually create the virtual servers toreceive CIFS and FTP traffic, because the system detects only one VLAN.

To complete the setup, repeat this task on the BIG-IP system on the other side of the WAN.

About forwarding non-TCP traffic through an iSession over IPsec tunnel

When you configure WAN Optimization Manager™ (WOM®) using the Quick Start screen, you can specifyIPsec encapsulation for outbound iSession™ traffic. The BIG-IP® WOM system automatically creates thenecessary virtual servers for optimizing TCP traffic. If you also want to send secured and encrypted non-TCPtraffic, you can create a forwarding virtual server and associate an iSession profile to send non-TCP trafficthrough the iSession over IPsec tunnel.

Creating a virtual server for non-TCP iSession traffic

If you are using IPsec to encrypt iSession™ traffic, you can create a forwarding virtual server to also sendnon-TCP traffic through the IPsec tunnel. Creating the virtual server avoids the need for any special routingfor non-TCP traffic, such as UDP and ICMP.

1. On the main tab, click Local Traffic > Virtual Servers.

2. Click the Create button.

3. Type a unique name for the virtual server, such as non_tcp_traffic.

4. For the Type setting, select Forwarding (IP) from the list.

5. For the Destination setting:

a) For Type, select Network.b) In the Address field, type the IP address 0.0.0.0.c) In the Mask field, type the netmask 0.0.0.0.

6. In the Configuration area of the screen, from the Protocol list, select *All Protocols.

10


7. From the VLAN Traffic and Tunnel Traffic list, select All VLANs and Tunnels.

8. In the WAN Optimization area of the screen, from the iSession list, select an iSession profile.

9. Click Finished.

The completed screen looks similar to the following example.

Figure 2: Example of a completed virtual server screen for non-TCP iSession traffic

About bandwidth management

You can use the rate shaping feature of the BIG-IP® system to enforce a throughput policy on incomingtraffic. Throughput policies are useful for prioritizing and restricting bandwidth on selected traffic patterns.

The rate shaping feature works by first queuing selected packets under a rate class, and then dequeuing thepackets at the indicated rate and in the indicated order specified by the rate class. A rate class is a rate-shapingpolicy that defines throughput limitations, and a packet scheduling method to be applied to all traffic handledby the rate class.

You configure rate shaping by creating one or more rate classes and then assigning the rate class to a packetfilter or to a virtual server. The BIG-IP system packet filters are based on the Berkeley Software DesignPacket Filter (BPF) architecture. Alternatively, you can use the iRules® feature to instruct the BIG-IP systemsto apply a rate class to a particular connection.

11


Note: If you use a packet filter or iRule to direct traffic to a rate class for iSession traffic, you mustdisable the Reuse Connection setting for outbound traffic, using the iSession profile associatedwith this traffic.

12


Chapter

2

Disk Management for Datastor

Topics:

• About disk management

About disk management

You can use disk management to allocate dedicated disk space for the datastor service, which increases thedata storage that BIG-IP® WOM® uses for deduplication. Additional disk space is available in the followingdeployments.

• Selected higher-end BIG-IP WOM platforms support the use of solid-state drives (SSDs) that come ina dual-disk drive sled and are installed along with hard disk drives.

• If you are installing BIG-IP WOM Virtual Edition, you can select an extra disk deployment configuration.

The following figure shows the Disk Management screen in a BIG-IP WOM 11000 platform that has SSDsinstalled. In this example, datastor is still on the primary disk; it has not been allocated to the SSDs.

14


Figure 3: Example of the Disk Management screen

Provisioning solid-state drives for datastor

Before beginning this procedure, you must have licensed WAN Optimization Manager™ (WOM®).

By default, datastor, which is the data storage used for optimization, is provisioned on the primary harddisk drive (HDD). To use solid-state drives (SSDs) on BIG-IP® WOM, you must manually allocate the diskspace on each SSD to the datastor service. If you install SSDs after you have provisioned WOM, you must

15


first de-provision WOM, and then delete the datastor application volume from the primary disk, before youassign the datastor service to the SSD volume.

1. On the Main tab, click System > Resource Provisioning.

2. In the Resource Provisioning (Licensed Modules) area, from the WAN Optimization (WOM) list,select None (Disabled).

3. Click Update.

4. Click OK to proceed.The BIG-IP system restarts without WOM in the configuration, which might take a minute or so.

5. Click Continue.

6. On the Main tab under System, click Disk Management.

7. If the Logical View shows Datastor allocation on HD1, delete it by performing the following steps.

If datastor is not allocated to HD1, skip this step.

Note: Datastor does not span the primary disk and the SSDs. If datastor is allocated to theprimary disk, it will not use the SSDs.

a) Click the disk label, for example HD1.The General Properties screen opens for the logical disk you selected.

b) In the Contained Application Volumes area, select the check box for Datastor, and click Delete.

8. On the Disk Management screen, click the SSD disk label, for example, SSD1.The General Properties screen opens for the logical disk you selected.

9. For the Mode setting, select Datastor.The following figure shows the Datastor option selected.

Figure 4: Example of Logical Disk screen with Datastor selected

10. Click Update.

11. Repeat the datastor selection steps for each SSD displayed on the Disk Management screen.

12. On the Main tab under System, click Resource Provisioning.

16


13. In the Resource Provisioning (Licensed Modules) area, from the WAN Optimization (WOM) list,select Nominal.

14. Click Update.

15. Click OK to proceed.The BIG-IP system restarts with WOM in the configuration, which might take a minute or so.

16. Click Continue.

The datastor service is now allocated to the SSDs. The datastor volume spans the installed SSDs. You canverify the result by checking the Disk Management screen. The logical view displays the datastor allocationfor each disk.

Monitoring SSD usage

If you are using solid-state drives (SSDs) for datastor, you can view the SSD allocation and monitor theSSD lifespan.


2. Use the Disk Management screen to view details about the SSDs, including the following.

• To view the general properties of a disk, in the Logical View area, click the disk label.• In the Physical View area, note which bays contain the SSDs.• In the Data Disks area, view the Media Wearout Indicator to monitor disk usage.

17


18


Chapter

3

WOM Configuration on the Chassis

Topics:

• About WOM configuration on the chassis• Setting up WOM on vCMP

About WOM configuration on the chassis

Chassis support provides the ability to optimize your WAN traffic on BIG-IP® systems in the followingdeployments.

• Provision WOM® Lite along with other BIG-IP modules to use the full power of a single chassis. Onthe chassis, you must provision WOM Lite, in addition to any other modules you have licensed.

• Provision Virtual Clustered Multiprocessing (vCMP™) to have the flexibility of running multiple BIG-IPguests, each of which can include WOM Lite on a single chassis.

In both cases you must configure the base license and provisioning, and then configure individual modulesor vCMP guests and respective virtual BIG-IP systems.

Setting up WOM on vCMP

Before you start this task, you must license and provision vCMP™ on the BIG-IP® system.

This task provides basic steps for setting up WAN Optimization Manager™ (WOM®) Lite in a vCMPenvironment. The basic steps can be used for setting up any other BIG-IP module. For more informationabout vCMP configuration, consult the BIG-IP documentation set at F5 DevCentral™

(http://devcentral.f5.com).

Note: vCMP supports only WOM Lite, which does not require a separate license on LTM®. It doesnot include deduplication.

1. Configure the LAN and WAN VLANs on the hypervisor cluster, and assign the proper ports.

2. Create a guest on the BIG-IP vCMP platform.The following screen capture shows an example of a guest configuration for WOM.

20


Figure 5: Example of guest configuration for WOM on vCMP

3. Log in using the cluster IP address of the guest you created, which is 192.168.15.30 in the exampleshown.

4. Provision WOM Lite.

a) On the Main tab, click System > Resource Provisioning.b) In the Resource Provisioning (Unlicensed Modules) area of the screen, from the WAN Optimization

Lite (WOML) list, select Lite (No license required).

5. Configure WOM using the Quick Start screen.

For WAN optimization to take place, you must also configure a BIG-IP WOM device on the other side ofthe WAN to complete the iSession™ connection.

21


22


Chapter

4

WOM Virtual Edition

Topics:

• About BIG-IP WOM Virtual Edition• Hypervisor guest definition• Licensing considerations• Configuration considerations

About BIG-IP WOM Virtual Edition

BIG-IP® WOM® Virtual Edition (VE) is a version of the BIG-IP WOM system that runs as a virtual machine(VM) in specifically supported hypervisors. BIG-IP VE emulates a hardware-based BIG-IP WOM systemrunning a VE-compatible version of BIG-IP® software. Hypervisor compatibility, specifications, andinstructions for setting up VE for any BIG-IP system are documented elsewhere. An additional considerationfor BIG-IP WOM VE is the extra disk option, with which you can allocate datastor for symmetricdeduplication to the disk.

Hypervisor guest definition

The VMware virtual machine guest environment for the BIG-IP® WOM® VE, at minimum, must includethe following:

• 2 x virtual CPUs (reserve 2 GHz)• 4 GB RAM with a 2-core CPU• 8 GB RAM with a 4-core CPU• 2 GB RAM with 2-core CPU (upgrade path from version 10.2.x)• 1 x virtual Flexible (PCnet32 LANCE) network adapter (for management)• 3 x virtual VMXNET3 network adapters• 1 x 100 GB SCSI disk, by default• 1 x up to 500 GB SCSI disk, as an extra disk option

Licensing considerations

The BIG-IP® WOM® VE product license determines the maximum allowed throughput rate. Three licenseoptions are available for BIG-IP WOM VE:

WOM VE Lab LicenseAggregate throughput limited to 10 Mbps on the LAN side

WOM VE Production License: 200M or 1GAggregate throughput limited to 200 Mbps or 1 Gbps on the LAN side

To view the rate limit, you can display the BIG-IP VE licensing page within the BIG-IP Configurationutility. Lab editions have no guarantee of throughput rate and are not supported for production environments.

Configuration considerations

You configure BIG-IP® WOM® VE just as you would any BIG-IP VE system. If you select one of the extradisk options during configuration, you can then allocate the additional disk space for symmetric deduplication

24

WOM Virtual Edition

datastor. If more disk space is required when using VE, you can size the extra disk from the default of 50GBto 255GB.

If you configure BIG-IP WOM with an extra disk, you must then delete the datastor volume that is on theprimary disk, and assign it to the extra disk.

Provisioning extra VE disk for datastor

Before beginning this procedure, you must have licensed and configured BIG-IP® WOM® Virtual Edition(VE).

If you selected one of the extra disk options when you configured BIG-IP WOM VE, you must manuallyallocate the disk space to the datastor service, after you delete the datastor application volume from theprimary disk. Datastor cannot span the primary disk and the extra disk.

1. On the Main tab, click System > Resource Provisioning.

You must de-provision WOM before you can delete the datastor allocation from the primary disk.

2. In the Resource Provisioning (Licensed Modules) area. from the WAN Optimization (WOM) list,select None (Disabled).

3. Click Update.

4. Click OK to proceed.The BIG-IP system restarts without WOM in the configuration, which may take a minute or so.

5. Click Continue.


7. In the Logical View area, click HD1.The General Properties screen opens for the primary disk.

8. In the Contained Application Volumes area, select the check box for Datastor, and click Delete.

9. On the Disk Management screen, click HD2.The General Properties screen opens for the extra disk.

10. In the General Properties area, for the Mode setting, select Datastor.

11. Click Update.

12. On the Main tab under System, click Resource Provisioning.

13. In the Resource Provisioning (Licensed Modules) area, from the WAN Optimization (WOM) list,select Nominal.

14. Click Update.

15. Click OK to proceed.The BIG-IP system restarts with WOM in the configuration, which may take a minute or so.

16. Click Continue.

The datastor is now allocated to the extra disk. You can verify the result by checking the Disk Managementscreen.

25


26

WOM Virtual Edition

Chapter

5

Endpoints

Topics:

• About endpoints• About local endpoints and high availability• Customizing local endpoint settings• About iSession listeners

About endpoints

For a BIG-IP® device, the local endpoint is the WAN Optimization Manager™ (WOM®) on the systemwhere you are working. The remote endpoint is the WAN Optimization Manager on another BIG-IP system(on the other side of the WAN), with which the local endpoint interacts. After you identify the endpoints,communication between the WAN Optimization Managers takes place in an iSession™ connection betweenthe two BIG-IP WOM devices.

About local endpoints and high availability

You can configure two BIG-IP® WOM® systems for high availability by setting them up as redundantsystems. Both systems must be installed on the same hardware platform. When you configure two BIG-IPWOM systems for high availability, specify the floating IP address as the WAN self IP address of the localendpoint. For WAN optimization, you can use only the active-standby redundancy mode (not the active-activemode). Otherwise, you can set up redundancy as you would for any BIG-IP system.

Customizing local endpoint settings

Typically, you configure the local endpoint using the Quick Start screen. However, if you want to deleteor disable the local endpoint, change the IP port, or specify the handling of non-iSession, NAT, or SNATtraffic, you can adjust these settings on the Local Endpoint Properties screen.

Note: You cannot modify the local endpoint IP address. To change it, you must first delete thecurrent local endpoint IP address, and then add a new one.

1. On the Main tab, click WAN Optimization > Local Endpoint.

2. Take the action or actions that support your requirements.

ActionOption

For the State setting, clear the Enabled check box.To disable the localendpoint

In the Tunnel Port field, type a different number. This is the IP port thatthe BIG-IP® WOM® uses for control connections. It must be a port that isallowed access through the firewall. The range is from 1 to 65535.

To change the IP port

For the No iSession Route setting, select one of the options for handlingtraffic for which there is no remote endpoint to complete the iSessionconnection.

To handle non-iSessiontraffic

• Passthrough: Specifies that the traffic flow continues without aniSession connection.

• Drop: Specifies that the traffic flow continues without an iSessionconnection.

28

Endpoints

ActionOption

Clear the Allow NAT check box.To disallow NAT traffic

From the SNAT list, select an option.To change the SNATsetting

• None: Indicates that the system uses the original connection client IPaddress.

• Local: Indicates that the system uses the endpoint IP address closestto the destination. Use this setting to make sure the return route alsogoes through the BIG-IP WOM system, so that both sides of theconnection can be optimized. This setting is useful if responses returningfrom the server to the client would not normally pass through the BIG-IPWOM system.

• Remote: Indicates that the system uses the source IP address of theincoming iSession connection. Use this setting when an appliance thatuses NAT is located between the BIG-IP WOM endpoints.

Click Delete.To delete the localendpoint

3. Click Update.

About iSession listeners

An iSession listener is a virtual server created on the local endpoint, which terminates iSession™ connectionsfor inbound traffic from the WAN on the specified port. When you use the Quick Start screen to configureWAN Optimization Manager™ (WOM®), the system creates the default iSession listener isession-virtualon the local endpoint, which monitors all incoming traffic (all ports) and terminates iSession connections.

Note: If you delete the system-created isession-virtual listener without creating a new iSessionlistener, WOM cannot optimize traffic.

Adding iSession listeners

You can add iSession™ listeners for specific application traffic that you want the system to handle differentlyfrom the iSession listener that the system creates automatically.

1. On the Main tab, click WAN Optimization > Local Endpoint > iSession Listeners.

2. Click the Create button.The New iSession Listener screen opens. The IP Address field displays the IP address of the localendpoint, which cannot be modified on this screen.

3. In the Name field, type a name for the iSession listener.

4. For the Port setting, type the service port used by the application, or select an application from the list.

When you select from the list, the Port field displays the associated default port.

5. For the Enabled VLANs setting, specify the VLANs on which this iSession listener listens for incomingtraffic. Move the VLANs from the Available list to the Selected list.

6. From the iSession Profile list, select the iSession profile to associate with this iSession listener.

29


7. From the Authentication and Encryption list, select the SSL profile you want the system to use forinbound iSession connections from the WAN that are terminated by this iSession listener.

You can use the default values clientssl and wom-default-clientssl to get the WAN OptimizationManager™ up and running, but you need to customize this profile for your production environment.

8. Click Finished.

30

Endpoints

Chapter

6

Discovery

Topics:

• About discovery on BIG-IP WOM• About dynamic discovery of remote

endpoints• About subnet discovery

About discovery on BIG-IP WOM

To simplify configuration, particularly in large networks, BIG-IP® WOM® performs two types of discovery.

• Dynamic discovery of remote endpoints occurs when the local BIG-IP WOM detects a remote endpointon the other side of the WAN.

• Local subnet discovery occurs when a client request to a server triggers the server-side BIG-IP WOMto discover and display the subnet that is connected to the server.

About dynamic discovery of remote endpoints

Dynamic discovery is a process through which WAN Optimization Manager™ (WOM®) identifies and addsremote endpoints automatically. The process occurs when the BIG-IP® WOM receives traffic that is matchedby a virtual server with an iSession™ profile, but does not recognize the remote destination. When a BIG-IPWOM receives a request destined for a location on the network behind the BIG-IP WOM on the other sideof the WAN, the first BIG-IP WOM sends out TCP options or ICMP probes to discover, authenticate, andinitiate communication with the new remote endpoint.

Note: A TCP request from the client to the server is the action that triggers discovery, not a pingbetween two endpoints.

Modifying dynamic discovery of remote endpoints

You can modify the dynamic discovery settings, such as specifying the number and types of probe messages,or disabling dynamic discovery.

1. On the Main tab, click WAN Optimization > Remote Endpoints > Discovery.

2. From the Dynamic Discovery list, select Advanced to view all the settings.

3. Modify the settings, as required.

4. Click Update to save changes.

Manually adding remote endpoints for WAN optimization

If the BIG-IP® WOM®unit is located behind a firewall or you are working in a highly secure facility anddynamic discovery does not work in your networking environment, you can manually add one or moreremote endpoints.

1. On the Main tab, click WAN Optimization > Remote Endpoints.

2. Click the Create button.

3. In the Name field, type a descriptive name for the remote endpoint, such as site_B.

4. In the IP Address field, type the IP address that the local endpoint uses to communicate with the remoteBIG-IP WOM.

5. For the State setting, specify whether optimization can occur between the local and remote endpoints.

32

Discovery

If you disable this setting after traffic is flowing, existing connections continue until they are completed.

6. For the Outbound Connections setting, specify whether there is a route through which the local endpointcan establish connections with this remote endpoint.

7. From the Authentication and Encryption list, select the name of the SSL profile used to connect tothis remote endpoint.

Any setting other than Default overrides the Outbound iSession to WAN setting on the local endpoint.

8. In the Tunnel Port field, type the number of the port on the remote endpoint that BIG-IP WOM usesfor control connections.

You must specify a port that is allowed access through the firewall. The range is from 1 to 65535.

9. From the SNAT list, select the address the system uses as the source IP address of the TCP connectionbetween the BIG-IP WOM and the server. Select one of the following options:

DescriptionOption

Indicates that the system uses the SNAT value set for the local endpoint.Default

Indicates that the system uses the original connecting client IP address.None

Indicates that the system uses the endpoint IP address closest to the destination.Use this setting to make sure the return route also goes through the BIG-IP systemso that both sides of the connection can be optimized.

Local

Tip: This setting is useful if responses returning from the server to theclient would not normally pass through the BIG-IP system.

Indicates that the system uses the source IP address of the incoming iSessionconnection. Use this setting when an appliance that uses NAT is located betweenthe WOM endpoints.

Remote

10. Click Finished.

About subnet discovery

An advertised route is a subnet that can be reached through a WAN Optimization Manager™ (WOM®).After the WAN Optimization Managers in a pair have been configured and connected, they automaticallyexchange advertised route specifications between the endpoints. The local endpoint needs to advertise thesubnets to which it is connected so that the remote endpoint can determine the destination addresses forwhich traffic can be optimized. Advertised routes configured on the local endpoint become remote advertisedroutes on the remote endpoint; that is, the BIG-IP® WOM on the other side of the WAN.

When a BIG-IP WOM device is deployed in a large scale network with large number of servers, and manyof them belong to different subnets, manually configuring local optimization subnets can be very timeconsuming. Subnet Discovery is designed to ease such configuration challenges. With local subnet discovery,instead of requiring manual configuration of local subnets for traffic optimization, the BIG-IP WOM systemautomatically discovers the local optimization subnet when traffic flows from the client side BIG-IP WOMdevice to a server-side BIG-IP WOM device.

Note: A TCP request from the client to the server is the action that triggers discovery, not a pingbetween two endpoints.

33


Modifying automatic discovery of advertised routes

You can modify the settings that pertain to the discovery of subnets that can be reached through the localendpoint. These settings determine how BIG-IP® WOM® learns about discovered subnets, and when todisplay the subnets. Using these settings, you can control the number and reach of the discovered subnetsthat are included.

1. On the Main tab, click WAN Optimization > Advertised Routes > Discovery.

2. From the Configuration list, select Advanced to view all the settings.

3. Ensure that the Discover Routes check box is selected.

Note: For server discovery to take place, the setting Discover Other Endpoints on the RemoteEndpoints Dynamic Discovery screen of the WOM, at the other end of the connection, must notbe set to Disabled.

4. In the Stop discovery after field, type the maximum number of servers or subnets (advertised routes)you want the system to discover before it stops looking.

5. In the Do not add servers with RTT greater than field, type the maximum round-trip time inmilliseconds. The system does not add discovered servers that have an RTT over this value.

6. In the Minimum prefix length for IPv4 address field, type the minimum prefix length for routeaggregation in IPv4 networks.

If you use the default value of 32/128, BIG-IP WOM adds the host address as the advertised route. Ifyou change this value to 24, the system adds the /24 network in which the server resides as the advertisedroute.

7. In the Minimum prefix length for IPv6 address field, type the minimum prefix length for routeaggregation in IPv6 networks.

8. In the Allow idle time for routes field, specify the minimum and maximum lengths of time a discoveredroute can be idle (no optimized traffic coming through) without being removed.

You can specify these limits in days, hours, or minutes, and the unit of measure must be the same forboth limits. This setting does not affect manually configured routes.

9. In the Do not add routes with ip ttl less than field, leave the default value of 5, or type a numberbetween 0 and 255.

The BIG-IP WOM system matches the value you set with the IP TTL value of the discovery packetsfrom the server. If the packet has an IP TTL value less than the configured value, it means the server isfarther away than you want, so the system does not add the advertised route (server).

10. To save the discovered subnets in the configuration, ensure that the Automatically save discoveredroutes check box is selected.

11. In the Filter Mode field, you can exclude from discovery a subset you specify in the Subnet Filterfield.

You can also narrow the scope of the subnet discovery by selecting Include and specifying only thesubnets to include in discovery.

Important: If you select Include without entering an IP address in the Subnet Filter field, thesystem does not discover any subnets.


34

Discovery

After the BIG-IP WOM system discovers a subnet and adds the route to the list, the system automaticallyoptimizes traffic to any hosts in that subnet without rediscovery.

Verifying subnet discovery

After sending a client request from the local BIG-IP WOM to a server behind a remote BIG-IP WOM, youcan perform this procedure to verify that the destination subnet is discovered.

1. Using the browser interface on the client-side BIG-IP WOM, on the Main tab, click WAN Optimization> Remote Endpoints.The Remote Endpoints List screen opens.

2. Verify that the status indicator is green, and the IP address is correct for the remote endpoint you arechecking.

3. On the menu bar, click Routes, and verify that the list includes the IP address of the destination subnet.

This subnet is also displayed on the Advertised Routes List screen of the browser interface on theserver-side BIG-IP WOM.

Adding advertised routes manually

An advertised route is a subnet that can be reached through the local endpoint. You can add advertisedroutes manually, for example, if you disabled the Discovery setting on the Quick Start screen.

1. On the Main tab, expand WAN Optimization and click Advertised Routes.

2. Click Create.The New Advertised Routes screen opens.

3. In the Name field, type a name for a the subnet.

4. In the Address field, type the IP address of the subnet.

5. In the Netmask field, type the subnet mask.

6. In the Label field, type a descriptive label to identify the subnet.

7. For the Mode setting, specify whether traffic on the subnet is included in optimization.

If you select Excluded, the local and remote endpoints exchange subnet configuration information, buttraffic on this subnet is excluded from optimization.

Note: You can define a subset of IP addresses to exclude from optimization within a largerincluded subnet. An excluded endpoint advertised route must be a valid address range subsetof an included endpoint advertised route.

8. Depending on how many advertised routes you want to add, click the appropriate button.

DescriptionOptions

Save this route and add more advertised routes.Repeat

You have finished adding advertised routes.Finished

35


36

Discovery

Chapter

7

Deduplication

Topics:

• What is symmetric data deduplication?• Which codec do I choose?

What is symmetric data deduplication?

WAN Optimization Manager™ (WOM) uses symmetric data deduplication to reduce the amount of bandwidthconsumed across a WAN link for repeated data transfers. This feature is available only with a WOM®

license.

With data deduplication, the system performs pattern matching on the transmitted WAN data, rather thancaching. If any part of the transmitted data has already been sent, BIG-IP® WOM replaces the previouslytransmitted data with references. As data flows through the pair, each WOM records the byte patterns andbuilds a synchronized dictionary. If an identical pattern of bytes traverses the WAN more than once, theBIG-IP WOM closest to the sender replaces the byte pattern with a reference to it, compressing the data.When the reference reaches the other side of the WAN, the remote BIG-IP WOM replaces the referencewith the data, restoring the data to its original format.

Which codec do I choose?

Symmetric data deduplication (SDD) offers two versions, called codecs. SDD v3 is appropriate for mostWOM® installations, particularly in large networks, such as hub and spoke, or mesh deployments. SSD v2is an alternative for installations with fewer than eight high-speed links, such as for data replication betweendata centers.

For deduplication to occur, the same codec must be selected on both iSession endpoints. If the selectedcodecs do not match, deduplication does not occur, although other WOM features, such as compression,still take place.

Enabling symmetric data deduplication

Ensure that you have licensed and provisioned WAN Optimization Manager™ (WOM) on the BIG-IP®

system.

Symmetric data deduplication (SDD) reduces the amount of bandwidth consumed across a WAN link. Youcan enable symmetric data deduplication on the iSession™ connection between the local endpoint and anyremote endpoints. SDD is enabled by default when you provision WOM®.

1. On the Main tab, expand WAN Optimization and click Symmetric Deduplication.

2. In the Maximum Number of Remote Endpoints field, type the number of BIG-IP WOM systems thatyou expect to connect to this one.

This number specifies the maximum number of remote endpoints that can have symmetric datadeduplication enabled, and thus, share the available cache. Any added WOM remote endpoint thatexceeds this number receives no cache for deduplication. If you select SSD v2 in the Codec field, themaximum supported is 8. If you select SSD v3, the set value is 128.

3. For the Enable Symmetric Deduplication setting, select Yes.

4. For the Mode setting, select the method of storage for symmetric data deduplication.

38

Deduplication

DescriptionOptions

Specifies that WOM uses the disk, in addition to memory, for storing informationused for optimization.

Disk

Note: If you enable data storage on the disk, you must restart the datastorservice from the command line using the command sequence bigstartrestart datastor for the change to take effect.

Specifies that WOM uses only memory for storing information used for optimization.Memory

Note: This setting can provide benefits for higher speed links.

5. For the Codec setting, select the SDD version.

DescriptionOptions

Supports a high spoke count, such as for connecting remote sites and formesh topologies.

SDD v3

Supports a topology with fewer than eight spokes, such as replicating databetween data centers.

SSD v2

For SDD to occur between iSession endpoints, you must select the same codec on both the local andremote BIG-IP WOM systems.


Important: Updating any of these settings causes the deduplication cache to clear.

Symmetric data deduplication starts after an iSession connection is established with a remote endpoint thatalso has symmetric data deduplication enabled, provided that the number of remote endpoints does notexceed the value in the Maximum Number of Remote Endpoints field.

If you changed the Codec setting, the system applies the new setting to any new data flows. However, ifyou enabled or disabled SDD, you must then restart the BIG-IP WOM from the command line using thecommand sequence bigstart restart.

Disabling symmetric data deduplication

You can disable symmetric data deduplication on the iSession™ connections between the local endpointand any remote endpoints.

1. On the Main tab, expand WAN Optimization and click Symmetric Deduplication.

2. For the Enable Symmetric Deduplication setting, select No.

3. Click Update to save the change.

4. Restart the BIG-IP WOM from the command line by typing bigstart restart.

Symmetric data deduplication stops on all iSession connections between the local endpoint and any remoteendpoints, and the deduplication cache clears.

39


40

Deduplication

Chapter

8

Optimized Applications

Topics:

• About optimized applications for WANOptimization

• About iSession profiles• About optimization of SSL applications• Manually configuring optimized applications

for outbound traffic• Manually configuring optimized applications

for inbound traffic• About CIFS traffic optimization• About MAPI optimization

About optimized applications for WAN Optimization

An optimized application in the WAN Optimization Manager™ (WOM®) context is a virtual server withwhich the BIG-IP® system associates an iSession™ profile and other relevant WAN optimization profiles.WAN optimization on the BIG-IP system requires an optimized application on the initiating side of theWAN and an iSession listener (iSession-terminating virtual server) on the receiving side of the WAN tocomplete the connection for all application traffic.

For some types of application traffic, such as CIFS and FTP, the system also requires an application-specificvirtual server (also listed as an optimized application) on the receiving side. After the iSession listenerterminates the connection, BIG-IP WOM directs the traffic to this virtual server for additional handling.Being able to create more than one virtual server for an application on the receiving side allows you to applydifferent profiles to selected application traffic that has different destinations.

For each application you select on the Quick Start screen, BIG-IP WOM automatically configures anoptimized application. In addition, you can customize the system-supplied optimized applications andmanually create new ones to specify where and how you want BIG-IP WOM to optimize specified applicationtraffic.

About iSession profiles

The iSession™ profile tells the system how to optimize traffic. WAN optimization requires an iSessionprofile at both ends of the iSession connection. WAN Optimization Manager™ (WOM®) includes the parentiSession profile isession, which is appropriate for all application traffic, and other iSession profiles thathave been pre-configured for specific applications. The name of each pre-configured iSession profileindicates the application for which it was configured, such as isession-cifs.

When you configure optimized applications on the Quick Start screen, the system automatically associatesan iSession profile with every virtual server it creates for the selected optimized applications. The systemalso associates the system-supplied iSession profile isession with the iSession listener isession-virtualit creates for inbound traffic.

You must associate an iSession profile with any virtual server you create for a custom optimized applicationfor outbound traffic, and with any iSession listener you create for inbound traffic.

Customizing compression settings for iSession traffic

In certain circumstances, you might want to change the symmetric compression settings for applicationtraffic you specify. The compression settings are in the iSession™ profile. Instead of changing the parentprofile named isession, create a custom iSession profile, and give it a descriptive name.

1. On the Main tab, click Local Traffic > Profiles > Services > iSession.The iSession profile list screen opens.

2. Click Create.The New iSession Profile screen opens.

3. In the Name field, type a unique name for the profile.

4. In the Compression Settings area, select the Custom check box.The settings in the area become available for configuring.

42


5. Select the Custom check box.

6. Enable compression and select at least one compression method.

To establish and maintain a connection, at least one compression option must be the same on both BIG-IPWOM® devices.

DescriptionOption

This option activates the compression feature, according to the method or methodsyou choose.

Compression

This high quality compression algorithm is typically slower than LZO, unless thesystem platform supports hardware acceleration. If you enable Deflate and disableAdaptive, you can also select the Deflate Level.

Deflate

The Lempel_Ziv_Oberhumer algorithm is best for interactive protocols (such astelnet) or high-bandwidth protocols that compress easily (such as those used fordata replication).

LZO

The bzip2 data compression algorithm improves compression ratios onlow-bandwidth data links.

Bzip2

This option chooses the best algorithm for current traffic from among those thatare enabled, and changes as traffic conditions change. If it selects Deflate, it alsoselects an optimum Deflate Level.

Adaptive

This option tells the system to use symmetric data deduplication.Deduplication

Note: For deduplication to take place, the iSession listener that receivesthis traffic must have associated with it an iSession profile that also hasthis setting enabled.

7. Click Finished.

When you have finished, the custom iSession profile appears on the iSession list screen.

For this profile to take effect, you must associate it with a virtual server for outbound traffic to the WAN.

Screen capture showing compression settings

The following screen capture shows the pertinent compression settings.

Note: If adaptive compression is disabled, you must manually select a compression codec foriSession™ traffic. If you leave the other codecs enabled, the BIG-IP® WOM® system selects the bzip2compression algorithm by default, and that might not be the algorithm you want.

43


Figure 6: iSession profile screen with compression settings emphasized

About optimization of SSL applications

To handle SLL encrypted traffic all the way from the request initiator (client) to the receiver (server), includethe following settings when you configure the optimized application virtual servers.

• To decrypt the original traffic, add a client SSL profile to the optimized application virtual server.• Encryption of the iSession connection itself is based on the configuration of the endpoints and the

Application Data Encryption setting in the selected iSession profile, unless you are using IPsecencapsulation. If you selected IPsec for the IP Encapsulation Type, the IPsec policy you selecteddetermines encryption.

• To re-encrypt the iSession traffic on the other side of the WAN, add an optimized virtual server on theserver side, with the appropriate server SSL profile, to handle the application traffic after the iSessionconnection is terminated.

The following illustration shows a pair of BIG-IP® WOM®systems configured for SSL application traffic.It shows the additional profiles you need to add to the virtual servers to decrypt incoming traffic from theWAN, encrypt it through the iSession connection, decrypt it at the receiving side, and then re-encrypt it tosend it to its destination.

44


Figure 7: Optimized application virtual server configuration with SSL encryption

Manually configuring optimized applications for outbound traffic

For common applications, the easiest way to configure optimized applications is on the Quick Start screen.You can manually configure an optimized application by creating a virtual server for outbound traffic foran application that is not listed on the Quick Start screen, such as HTTPS.

1. On the Main tab, click WAN Optimization > Optimized Applications > Create Outbound.

2. In the Name field, type a name that reflects the type of application traffic you want to optimize.

3. In the Port field, type the service port used by the application, or select an application from the list.

If you select from the list, the associated default port appears. If the application you select uses a differentport on your system, select Other and type the port number.

4. If you selected CIFS, FTP, or MAPI, select the corresponding application profile from the ApplicationProfile list that appears.

The list displays only those profiles that pertain to the application you specified in the Port setting.

5. If you are optimizing IPv6 traffic, select the Create IPv6 Virtual check box.

The system automatically creates an IPv4 virtual server for this outbound application traffic, and if youselect the check box, it also creates an IPv6 virtual server.

6. For the Enabled LAN VLANs setting, select the VLANs on which the virtual server for this optimizedapplication receives incoming LAN traffic destined for the WAN.

7. Select the iSession™ profile to associate with this virtual server.

The iSession Profile list includes system-supplied profiles that have been created with optimal settingsfor specific applications.

Note: The default profile isession does not include application data encryption. To specifythe use of an SSL profile on the outbound connection, select isession-encrypt or a customizediSession profile that includes application data encryption.

8. Click Finished.

45


The BIG-IP® WOM® system creates a virtual server, associates the profiles you specified, and thus, configuresan optimized application.

Make sure that an iSession listener is configured on the local endpoint of the BIG-IP WOM that receivesthis application traffic.

Manually configuring optimized applications for inbound traffic

The system-supplied iSession™ listener, isession-virtual, completes the optimized connection for allinbound application traffic. Some applications, such as CIFS and FPT, require an additional applicationvirtual server for incoming traffic. This virtual server provides further processing of the traffic after theiSession listener terminates the iSession connection.

1. On the Main tab, click WAN Optimization > Optimized Applications > Create Inbound.

2. Specify whether this virtual server is a single host or network address.

3. For the Destination setting Address, type the IP address you want to use to receive specified applicationtraffic from the WAN.

Typically, this value is 0.0.0.0, which matches traffic to all destination servers.

4. Type a name that reflects the type of application traffic you want to optimize.

5. Type the service port used by the application, or select an application from the list.

If you select from the list, the associated default port appears. If the application you select uses a differentport on your system, select Other and type the port number.

If you select a port and application for which at least one application profile exists on the system, theApplication Profile setting appears.

6. If the Application Profile setting is available, select a profile for this traffic.

7. For the Enabled LAN VLANs setting, select the VLANs on which the virtual server for this optimizedapplication receives incoming WAN traffic.

8. Click Finished.

The system creates a virtual server to handle the specified inbound application traffic. After the iSessionlistener terminates the connection, the system directs the specified traffic to the virtual server you created.The ability to create more than one application virtual server on the receiving side allows you to applydifferent profiles to selected application traffic with different destinations.

About CIFS traffic optimization

Common Internet File System (CIFS) is a remote file access protocol that forms the basis of Microsoft®

Windows® file sharing. Various CIFS implementations (for example, Samba) are also available on otheroperating systems such as Linux™. CIFS is the protocol most often used for transferring files over thenetwork. WAN Optimization Manager™ (WOM®) can optimize CIFS traffic, resulting in faster performancefor transferring CIFS files, opening Microsoft applications, and saving files. CIFS optimization is particularlyuseful when two offices that are located far apart frequently need to share and exchange files.

Important: By default, Microsoft Windows clients do not require Server Message Block (SMB)signing, except when communicating with their domain controller. If SMB signing settings havebeen changed, make sure that SMB signing is optional on all servers and clients.

46


Adjusting CIFS optimization over the WAN

The system-supplied CIFS profile is configured to optimize CIFS traffic over the WAN through an iSession™

connection. You can adjust the optimization settings for CIFS traffic to fit a particular situation by modifyingthe CIFS profile. Instead of changing the parent profile named cifs, create a custom CIFS profile, andgive it a descriptive name.

1. On the Main tab, click Local Traffic > Profiles > Services > CIFS.The Profiles list screen opens.

2. Click Create.The New CIFS Profile screen opens.

3. In the Name field, type a unique name for the profile.

4. Select the Custom check box in both the Data Optimizations and Other Optimizations areas.

5. Adjust the options for the settings, as needed. The default value for all the options is Enabled.

Note: The settings must match between the CIFS profiles associated with the virtual servers atboth ends of the iSession connection. If a setting is disabled in the CIFS profile associated withthe virtual server at one end, the option is disabled.

DescriptionOption

Specifies whether the system speeds up CIFS file uploads to the server byfulfilling write requests through the BIG-IP® WOM® system that is closerto the request initiator.

Write Behind

The system speeds up CIFS file downloads by prefetching the file data onthe BIG-IP WOM system that is closer to the request initiator.

Read Ahead

The system opens CIFS files faster by performing more intelligentread-ahead operations.

Record and Replay

The system performs read-ahead operations based on parsing theMicrosoft® CDF file and understanding its structure.

Office 2003 Extended

The system speeds up file close operations by fulfilling them through theBIG-IP WOM system that is closer to the request initiator.

Fast Close

The system speeds up file metadata change requests by fulfilling therequests through the BIG-IP WOM system that is closer to the requestinitiator.

Fast Set File Information

6. Click Finished.

When you have finished, the custom CIFS profile appears in the CIFS list screen.

For this profile to take effect, you must associate it with a virtual server configured to intercept CIFS traffic.

About MAPI optimization

Messaging Application Program Interface (MAPI) is the email protocol that Microsoft® Exchange Serverand Outlook® clients use to exchange messages. Optimization of MAPI traffic across the WAN requires a

47


virtual server for each Exchange-based server so that the BIG-IP® system can use the IP addresses of theExchange-based servers to locate MAPI traffic.

You can configure WAN Optimization Manager™ (WOM®) to automatically discover the Exchange-basedservers and create virtual servers for them, or you can create the virtual servers manually using Local TrafficManager™. The advantage to automatic discovery is that when new Exchange-based servers are added tothe network, or the IP addresses of existing servers change, BIG-IP WOM discovers the changes and createsnew MAPI virtual servers for the new and moved Exchange-based servers.

Enabling Microsoft Exchange compression for MAPI optimization

The system-supplied profile named mapi is configured to optimize MAPI traffic over the WAN throughan iSession connection. By default, Microsoft® Exchange native compression is disabled, which allowsWAN Optimization Manager™ (WOM®) to use symmetric adaptive compression for better results than ifyou enabled native compression. If you want to enable native compression, you can modify the MAPIprofile, as follows.

1. On the Main tab, click Local Traffic > Profiles > Services > MAPI.The MAPI profile list screen opens.

2. Click mapi.

Alternatively, you can click Create, and save the new MAPI profile you create with a different name.

3. For the Native Compression setting, select Enabled.

4. Click Update.

BIG-IP® WOM® now uses Microsoft Exchange native compression rather than symmetric adaptivecompression for MAPI traffic when an optimized application virtual server with which this profile isassociated intercepts MAPI traffic.

For this profile to take effect, you must associate it with a virtual server (such as mapi_optimize_client)that is configured to intercept MAPI traffic. To verify this association, view the Application Profile columnat WAN Optimization > Optimized Applications.

Enabling automatic discovery of Exchange Servers for MAPI optimization

The system-supplied profile named mapi is configured to optimize MAPI traffic over the WAN throughan iSession connection. By default, the BIG-IP® WOM® system does not discover the Microsoft® ExchangeServers automatically, which means that you must configure the virtual servers manually. To set up automaticdiscovery, modify the MAPI profile, as follows.

1. On the Main tab, click Local Traffic > Profiles > Services > MAPI.The MAPI profile list screen opens.

2. Click mapi.

Alternatively, you can click Create, and save the new MAPI profile you create with a different name.

3. For the Discover Exchange Servers setting, select Enabled.

4. Click Update.

The BIG-IP® with WOM® system automatically discovers Exchange-based servers for MAPI traffic whenan optimized application virtual server with which this profile is associated intercepts MAPI traffic.

For this profile to take effect, you must associate it with a virtual server (such as mapi_optimize_client)that is configured to intercept MAPI traffic. To verify this association, review the Application Profile settingsat WAN Optimization > Optimized Applications.

48


Chapter

9

Diagnostics

Topics:

• About WAN optimization diagnostics• WOM diagnostic error messages• Troubleshooting network connectivity for

WAN Optimization Manager• Running WAN optimization configuration

diagnostics

About WAN optimization diagnostics

On-screen diagnostic messages help you troubleshoot problems in the WAN Optimization Manager™

(WOM®) configuration itself, or in a connection, such as between the two endpoints, between a client orserver and the adjacent BIG-IP® WOM, or another point in the routing setup.

Figure 8: WAN Optimization Diagnostics screen

WOM diagnostic error messagesThis table describes the types of messages that appear when you run the diagnostic tools provided on theWAN Optimization Diagnostics screen.

DescriptionMessage Type

For informational purposes, indicates, for instance,whether deduplication is enabled on the localBIG-IP® WOM® system.

INFO

A verification check for WOM configuration.OK

Indicates that some functions might not be fullyoperational.

WARN

50

Diagnostics

DescriptionMessage Type

The highest severity level, displayed in red, indicatesthat WOM is not able to function. You must fix thisproblem before proceeding.

FAIL

Troubleshooting network connectivity for WAN Optimization Manager

Before you start this task, you must have finished configuring WAN Optimization Manager™ (WOM®) onBIG-IP® systems on opposite sides of the WAN, and the systems have discovered their remote endpoints.

You can use these diagnostics from the local BIG-IP system to the remote server to verify the BIG-IPsystem-to-server routes, in case the remote BIG-IP system is not configured correctly.

1. On the Main tab, expand WAN Optimization and click Diagnostics.

2. In the Diagnose Network Connections field, type the IP address of a remote WOM endpoint, and clickthe Run button.

Network connection diagnostic information appears on the screen. Use this information to determinewhether there is a connection between the local endpoint and the remote endpoint you specify.

3. Use the data displayed on the screen to make corrections.

4. In the Ping field, type the IP address of a host, for example, a remote BIG-IP system, and click the Runbutton.

Use this utility to determine whether other BIG-IP systems can be reached through the routed WANnetwork. If ping fails, verify the configuration of your VLANs, self IP addresses, and default gateway.

5. Use the data displayed on the screen to make corrections, such as properly defining the local and remoteroutes.Ping results appear on the screen. If a ping fails, you can use Traceroute to pinpoint the location of afailure in the network.

6. In the Traceroute field, type the destination IP address you want to reach, and click the Run button.

7. Use the data displayed on the screen to correct any routing problems. This data can reveal whether theproblem is in the WAN, or is local to either of the BIG-IP systems. You can also view the observedlatency, if any, along the WAN path.

Running WAN optimization configuration diagnostics

Before you start this task, you must have finished configuring WAN Optimization Manager™ (WOM®) onBIG-IP® systems on opposite sides of the WAN.

The WOM configuration diagnostics verify that you have set up WAN Optimization Manager properly.

1. On the Main tab, expand WAN Optimization and click Diagnostics.

2. Next to Diagnose WOM Configuration, click the Run button to verify that BIG-IP WOM is configuredcorrectly.

Note: If you have not sent traffic through the designated network, dynamic discovery might nothave discovered the remote endpoint.

51


In the following example, the SDD codec mismatch on the peers causes a warning message, becauseWAN optimization features other than deduplication are functional.

52

Diagnostics

Figure 9: Example of screen after running Diagnose WOM Configuration.

53


3. Correct any configuration errors as indicated on the screen.

4. After you correct any errors, click the Run button to run the configuration diagnostics again.

5. Repeat these steps on the BIG-IP WOM on the other side of the WAN to verify that the other WOMsystem is configured correctly.

54

Diagnostics

Acknowledgments

This product includes software developed by Bill Paul.

This product includes software developed by Jonathan Stone.

This product includes software developed by Manuel Bouyer.

This product includes software developed by Paul Richards.

This product includes software developed by the NetBSD Foundation, Inc. and its contributors.

This product includes software developed by the Politecnico di Torino, and its contributors.

This product includes software developed by the Swedish Institute of Computer Science and its contributors.

This product includes software developed by the University of California, Berkeley and its contributors.

This product includes software developed by the Computer Systems Engineering Group at the LawrenceBerkeley Laboratory.

This product includes software developed by Christopher G. Demetriou for the NetBSD Project.

This product includes software developed by Adam Glass.

This product includes software developed by Christian E. Hopps.

This product includes software developed by Dean Huxley.

This product includes software developed by John Kohl.

This product includes software developed by Paul Kranenburg.

This product includes software developed by Terrence R. Lambert.

This product includes software developed by Philip A. Nelson.

This product includes software developed by Herb Peyerl.

This product includes software developed by Jochen Pohl for the NetBSD Project.

This product includes software developed by Chris Provenzano.

This product includes software developed by Theo de Raadt.

This product includes software developed by David Muir Sharnoff.

This product includes software developed by SigmaSoft, Th. Lockert.

This product includes software developed for the NetBSD Project by Jason R. Thorpe.

This product includes software developed by Jason R. Thorpe for And Communications, http://www.and.com.

This product includes software developed for the NetBSD Project by Frank Van der Linden.

This product includes software developed for the NetBSD Project by John M. Vinopal.

This product includes software developed by Christos Zoulas.

This product includes software developed by the University of Vermont and State Agricultural College andGarrett A. Wollman.

This product includes software developed by Balazs Scheidler ([email protected]), which is protected underthe GNU Public License.

This product includes software developed by Niels Mueller ([email protected]), which is protected underthe GNU Public License.

In the following statement, This software refers to the Mitsumi CD-ROM driver: This software was developedby Holger Veit and Brian Moore for use with 386BSD and similar operating systems. Similar operatingsystems includes mainly non-profit oriented systems for research and education, including but not restrictedto NetBSD, FreeBSD, Mach (by CMU).

This product includes software developed by the Apache Group for use in the Apache HTTP server project(http://www.apache.org/).

This product includes software licensed from Richard H. Porter under the GNU Library General PublicLicense (© 1998, Red Hat Software), www.gnu.org/copyleft/lgpl.html.

This product includes the standard version of Perl software licensed under the Perl Artistic License (© 1997,1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current standardversion of Perl at http://www.perl.com.

This product includes software developed by Jared Minch.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit(http://www.openssl.org/).

This product includes cryptographic software written by Eric Young ([email protected]).

This product contains software based on oprofile, which is protected under the GNU Public License.

This product includes RRDtool software developed by Tobi Oetiker (http://www.rrdtool.com/index.html)and licensed under the GNU General Public License.

This product contains software licensed from Dr. Brian Gladman under the GNU General Public License(GPL).

This product includes software developed by the Apache Software Foundation (http://www.apache.org/).

This product includes Hypersonic SQL.

This product contains software developed by the Regents of the University of California, Sun Microsystems,Inc., Scriptics Corporation, and others.

This product includes software developed by the Internet Software Consortium.

This product includes software developed by Nominum, Inc. (http://www.nominum.com).

This product contains software developed by Broadcom Corporation, which is protected under the GNUPublic License.

This product contains software developed by MaxMind LLC, and is protected under the GNU Lesser GeneralPublic License, as published by the Free Software Foundation.

This product includes Intel QuickAssist kernel module, library, and headers software licensed under theGNU General Public License (GPL).

This product includes software licensed from Gerald Combs ([email protected]) under the GNU GeneralPublic License as published by the Free Software Foundation; either version 2 of the License, or any laterversion. Copyright ©1998 Gerald Combs.

This product includes software developed by Thomas Williams and Colin Kelley. Copyright ©1986 - 1993,1998, 2004, 2007

Permission to use, copy, and distribute this software and its documentation for any purpose with or withoutfee is hereby granted, provided that the above copyright notice appear in all copies and that both thatcopyright notice and this permission notice appear in supporting documentation. Permission to modify thesoftware is granted, but not the right to distribute the complete modified source code. Modifications are to

56

Acknowledgments

be distributed as patches to the released version. Permission to distribute binaries produced by compilingmodified sources is granted, provided you

1. distribute the corresponding source modifications from the released version in the form of a patch filealong with the binaries,

2. add special version identification to distinguish your version in addition to the base release versionnumber,

3. provide your name and address as the primary contact for the support of your modified version, and4. retain our contact information in regard to use of the base software.

Permission to distribute the released version of the source code along with corresponding source modificationsin the form of a patch file is granted with same provisions 2 through 4 for binary distributions. This softwareis provided "as is" without express or implied warranty to the extent permitted by applicable law.

This product includes software developed by the Computer Systems Engineering Group at LawrenceBerkeley Laboratory. Copyright ©1990-1994 Regents of the University of California. All rights reserved.Redistribution and use in source and binary forms, with or without modification, are permitted providedthat the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and thefollowing disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and thefollowing disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the followingacknowledgment: This product includes software developed by the Computer Systems EngineeringGroup at Lawrence Berkeley Laboratory.

4. Neither the name of the University nor of the Laboratory may be used to endorse or promote productsderived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND ANYEXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AREDISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANYDIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED ANDON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THISSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes software developed by Sony Computer Science Laboratories Inc. Copyright ©

1997-2003 Sony Computer Science Laboratories Inc. All rights reserved. Redistribution and use in sourceand binary forms, with or without modification, are permitted provided that the following conditions aremet:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and thefollowing disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and thefollowing disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY SONY CSL AND CONTRIBUTORS "AS IS" AND ANY EXPRESSOR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIESOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. INNO EVENT SHALL SONY CSL OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUTNOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY

57


OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDINGNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product contains software developed by Google, Inc. Copyright ©2011 Google, Inc.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associateddocumentation files (the "Software"), to deal in the Software without restriction, including without limitationthe rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portionsof the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS ORIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHERLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS INTHE SOFTWARE.

This product includes software written by Steffen Beyer and licensed under the Perl Artistic License andthe GPL.

This product includes software developed by Bob Withers.

This product includes software developed by Jean-Loup Gaily and Mark Adler.

This product includes software developed by Markus FXJ Oberhumer.

This product includes software developed by Guillaume Fihon.

58

Acknowledgments

Index

A

advertised routesadding manually 35description 33modifying automatic discovery of 34verifying discovery 35

B

bandwidth managementoverview for WOM 11

C

chassis supportand WOM 20

CIFS optimizationabout 46adjusting 47

CIFS profilescustomizing 47

codecchoosing for deduplication 38

compressionconfiguring for WOM 42, 43

D

datastorallocating to SSDs 15and Virtual Edition 24

deduplicationchoosing a codec 38described 38disabling 39enabling 38

diagnosticsand error messages 50running for WAN optimization 51testing WOM connectivity across WAN 51troubleshooting WAN optimization 50

discoveryand advertised routes 33description 32enabling for advertised routes 34modifying for remote endpoints 32of local subnets 33of remote endpoints 32

disk managementallocating datastor to SSDs 15of SSDs 14

dynamic discoveryfor BIG-IP WOM 32

E

endpoints 28See also local endpoints.

error messagesand diagnostics 50

Exchange Serversenabling discovery for MAPI optimization 48

H

high availabilityand local endpoints 28

hypervisor guest definition 24

I

iSession listenersabout 29adding 29

iSession profilesabout 42modifying compression 42, 43

L

lifespanof SSDs 17

local endpointsand high availability 28customizing 28description 28

M

MAPI optimizationabout 47enabling discovery of Exchange Servers 48enabling Microsoft Exchange native compression 48

N

non-TCP iSession trafficforwarding with IPsec encapsulation 10

O

optimized applicationsabout 42

59

Index

optimized applications (continued)configuring for inbound traffic 46configuring for outbound traffic 45for SSL encrypted traffic 44

P

profilesabout iSession 42about MAPI 47customizing CIFS optimization 47

Q

Quick Start screenabout 8using to configure WOM 9

R

rate shapingoverview for WOM 11

redundancyand BIG-IP WOM 28

remote endpointsabout discovery of 32adding manually 32description 28modifying discovery of 32verifying discovery 35

S

SDD, See symmetric data deduplicationsolid-state drives (SSDs)

about 14

solid-state drives (SSDs) (continued)monitoring usage 17provisioning for WOM 15

subnetsabout discovery of 33verifying discovery 35

symmetric data deduplicationdescribed 38disabling 39enabling 38

T

troubleshootingrunning WAN optimization diagnostics 51testing WOM connectivity across WAN 51

V

vCMPand WOM 20setting up for WOM 20

Virtual Edition (VE)and configuration considerations 24and guest definition 24and licensing considerations 24for BIG-IP WOM 24provisioning extra drive 25

virtual serverscreating for non-TCP iSession traffic 10forwarding non-TCP iSession traffic 10

W

WAN optimizationoverview 8

60

Index

big-ip wan optimization manager configuration guide forwarding non-tcp traffic through an isession...

Documents