Wide Area Network Optimization

of 14 /14
® Wide Area Network Optimization

Embed Size (px)

description

 

Transcript of Wide Area Network Optimization

  • 1. Wide Area Network Optimization

2. GLOBAL TECHNOLOGY RESOURCES INC. White Paper: Wide Area Network Optimization IntroductionMany of todays applications are performance-driven and demand everything that thenetwork can provide. Unfortunately, the networks in use today are built uponprotocols that were developed one or more decades ago. While technologies marchforward, many of these protocols have remained stagnant, which can be the cause ofperformance issues within networks today.The networking industry has found ways to mitigate many of the side-effects of theshortcomings of Transmission Control Protocol (TCP) as well as bandwidth-starvedand high-latency WAN links. The solution is typically referred to as Wide AreaNetwork (WAN) Optimization. Many different vendors have created WANoptimization solutions and have particular names for the product lines (Cisco WAAS,Citrix WANScaler, Juniper WX, BlueCoat ProxySG, Riverbed Steelhead, SilverPeak NX, etc.).The Need for WAN OptimizationBefore delving into WAN optimization technologies, lets discuss why WANoptimization is needed. TCP is the primary protocol in use on the Internet and LANstoday. TCP was developed during the late 70s and early 80s to be used onARPANET/DARPANET (the predecessor to the Internet). It has remained relativelystatic since its initial adoption, while networking demands have changed.The effects mentioned below tend to be magnified on Long Fat Networks (LFNs),causing even greater user application performance issues.TCP ChatterTCP requires that a connection be established before any data is transmitted.Because of the way that a connection is initiated (a three-way handshake process),this alone can introduce delays within network applications. Many applications willopen/close several TCP connections during the transmission of data between theclient and server. Modern web-based applications can open up hundreds ofconnections at a time for a single user. GTRI WAN Optimization White Paper Issue: 001Date: 28 APR 2008 Public Information Copyright 2008 Global Technology Resources, Inc.. All rights reserved.Page 1 3. Figure 1: TCP three-way connection handshake process Once the host has determined that its done talking, it will close the session via afour-way handshake process. This is additional time and traffic for each TCPconnection. Figure 2: TCP four-way connection teardown process TCP Slow-start and Window SizeOnce a connection is established, TCP will send a predetermined amount of data andwait for an acknowledgement before sending any additional data. This is referred toas the TCP window size. This alone makes for slow and inefficient communicationsbetween hosts as the typical window sizes are remnants of the dial-up era.Because of the size of the window field within the TCP header (16-bytes), themaximum window size is limited to 64KB (65,535 bytes). Using the maximumwindow size, hosts are only able to transfer up to 10Mbps of traffic on a single TCPconnection (65,535 bytes * 8 = 524,280 bits / 5 ms = 10,485,600 bps). This meansthat whether you have a 1Gbps, 100Mbps or 10Gbps connection between the hosts,theyll only get 10Mbps max out of each TCP connection.TCP Window scaling overcomes the 64KB window size barrier, allowing for windowsizes up to 1GB (1,073,725,440 bytes). Window scaling relies upon both endpointssupporting and properly negotiating this feature. This is unrealistic to rely on such afeature in WAN environment, as so many pieces are out of your control (unless youhave control over each intermediary hop between your sites, you may be able tosatisfactorily overcome this barrier).TCP slow-start introduces additional inefficiencies in the way devices communicate.The way TCP was designed, if acknowledgements are received on an on-going basis,the window size is increased in a linear fashion (the congestion window size isincreased for each acknowledgement received). If packet loss occurs, the device willreduce the transmission rate by 50%! Once traffic is flowing without any packet loss,it would linearly increase the transmission rate. If packet loss was encountered, itwould cut the transmission rate again by 50%. While this design may have beensuitable for a low-bandwidth environment, todays networks offer a tremendousamount of bandwidth making the 50% transmission rate drop unacceptable. GTRI WAN Optimization White Paper Issue: 001Date: 28 APR 2008 Public Information Copyright 2008 Global Technology Resources, Inc.. All rights reserved.Page 2 4. Congestion Window Number of RTTs Figure 3: Example TCP transmission rate TCP AcknowledgementsMost TCP stacks will send the window-size worth of data and wait for anacknowledgement. If packet loss has occurred, the acknowledgement will includethe last received packet. The sending host will resend all data since the lastacknowledgement, thus wasting bandwidth. Typically the end-host will have most ofthe data but a small chunk. Resending the entire chunk is inefficient andunnecessary.File-Sharing Protocol OverheadThe most common protocol used today for accessing network files is the CommonInternet File System (CIFS). CIFS utilizes the Server Message Block (SMB)protocol for communicating between hosts. The SMB protocol is extremely chatty,placing a tremendous amount of overhead on the network. As an example, a 47.5KBWord document was opened over a network connection. To open this small file, 64%of the packets were SMB, representing 87.9KB of traffic for the 47.5KB file! TheSMB overhead alone is nearly double the actual file size. GTRI WAN Optimization White Paper Issue: 001Date: 28 APR 2008 Public Information Copyright 2008 Global Technology Resources, Inc.. All rights reserved.Page 3 5. Figure 4: Example file transfer protocol statistics Many other applications have a similar amount of chatty protocol overhead, eitherwithin the higher-layer protocol itself (ie. SMB) or inherited from TCP.WAN Optimization FeaturesWhile WAN optimization does decrease bandwidth requirements, the main goal is toincrease network application performance by decreasing the response time. WANoptimization is about saving time, not bandwidth (although this is a side-effect).Remember that WAN optimization doesnt create bandwidth, but it does addintelligence to what is sent.To demonstrate different WAN optimization features, the following hypotheticalnetwork will be used. GTRI WAN Optimization White Paper Issue: 001Date: 28 APR 2008 Public Information Copyright 2008 Global Technology Resources, Inc.. All rights reserved.Page 4 6. Figure 5: Simplified Sample Network with WAN Optimization Devices WAN optimization devices provide an emulation of a LAN-like environment acrossWAN connections.WAN optimization devices offer some (or all) of the following benefits: TCP tweaks Rather than go through the pain and misery associated with typical TCP slow- start behaviour and small initial window sizes, the WAN optimization devices set a very large initial TCP window size, allowing for greater amounts of data to be transferred without an acknowledgement. When packet loss is detected, the WAN optimization device doesnt drop its transmission rate by 50%, but by a very small amount (typically 10% or less). The WAN optimization device also notes at what transmission rate the loss was experienced and attempts to tread this rate to keep a sustained transfer rate. This eliminates the see-saw effect seen on typical TCP connections. Many WAN optimization devices will also use selective-acknowledgements, eliminating the need to resend entire chunks of data. When packet loss occurs, the WAN optimization device will simply re-send the missing piece of data (not the entire chunk). This decreases re-assembly time and final delivery of the data. TCP off-loading The WAN optimization devices terminate the TCP connections for the local site. A single TCP connection (or a configurable number depending on vendor) is maintained and kept open between the WAN optimization devices, eliminating the typically-required new-TCP-connection-per-client. This is a tremendous time saver! Tokenization As traffic passes through the WAN optimization device, it looks for common (recurring) binary sequences. When it finds a sequence, it will assign a token to the sequence and transmit the token (in place of the sequence) to the remote WAN optimization device, which will replace the received token with the previously-exchanged binary data (returning the packet to its original binary data). By reducing the amount of data sent over the WAN link (ratios differ amongst vendors, but can be from 100:1 up to 300:1 compression ratio), precious time is saved. Compression The traffic can be compressed using proprietary or industry-standard algorithms, such as the Limpel-Ziv (LZ) compression algorithm to provide additional savings in the amount of data transmitted (which directly affects the response time). Caching GTRI WAN Optimization White Paper Issue: 001Date: 28 APR 2008 Public Information Copyright 2008 Global Technology Resources, Inc.. All rights reserved.Page 5 7. WAN optimization devices can accelerate the response times of CIFS clients by caching files, directory structures, etc. Unless the file has been pre-loaded on the WAN optimization device, caching wont help the first user to request the file (this is when the WAN optimization device caches the file). Subsequent users will see a tremendous performance increase, as the file is being read off of the local WAN optimization device. There are numerous CIFS-specific acceleration features available on WAN optimization devices. Other office network services such as print servers can be accelerated with WAN optimization devices. All of this happens transparently to end-users no proxies or default router changes need occur on the clients. They simply see a high performance increase in the applications they access! Buffering WAN optimization devices offer similar functionality as that found with the Nagle algorithm, allowing the device to buffer short bursts of traffic so that they can be sent in a consistent and efficient manner (while still ensuring that packets are sent in order). Quality of Service Many WAN optimization devices allow for transparent integration within an existing network infrastructure, allowing existing QoS policies to be maintained. Some devices offer QoS features, allowing classifying, marking and rate-shaping network traffic, typically supporting the network (layer-3), transport (layer-4) and application (layer-7), allowing for granular QoS policies. This can allow an organization to control how different applications perform on the WAN, allowing for managed unfairness. Traffic Avoidance Why accelerate traffic that is prohibited at the other end of the WAN link? Many WAN optimization devices allow for filtering of traffic (such as web content filtering), allowing for local restriction of traffic that doesnt comply with the network usage policies within the organization. This can typically be accomplished at the network, transport or application layers, allowing the organization to be very specific on restricting and avoiding prohibited traffic. This can include restricting access to selected files or network shares, URLs or other traffic. Mobile Client Support So far the discussion has surrounded optimizing entire LANs. This is a good start, but much of the workforce today is increasing their mobile dependence and demands. Many WAN optimization devices offer client software that can be installed on mobile user systems, allowing for optimization and acceleration of remote users. Many of the mobile WAN optimization clients are offered on Microsoft Windows-based computers (typically used on mobile workforce laptops or SOHO computers).GTRI WAN Optimization White Paper Issue: 001Date: 28 APR 2008 Public Information Copyright 2008 Global Technology Resources, Inc.. All rights reserved.Page 6 8. Secure Encryption Several WAN optimization vendors support encryption of data that is stored on the local hard drive (HD) within the device. Support for encryption of site-to-site traffic is offered by certain vendors as well. This is a requirement for many high- security environments and can be satisfied with a properly-implemented and chosen WAN optimization solution. Device Auto-Discovery Many WAN optimization vendors support auto-discovery of their devices. This is typically accomplished by marking a unique value in the options header field as well as altering the sequence number for traffic between WAN optimization devices. By analyzing these fields, the WAN optimization devices are able to see the presence of other devices in the path and intelligently make a decision on what features to use.WAN Optimization Implementation OptionsSince WAN optimization devices affect the traffic between WAN optimizationdevices (reducing, compressing, tokenizing, etc.), its important to ensure that trafficflows through the WAN optimization devices. Keep in mind that WAN optimizationdevices are required at both ends of the WAN link for a fully-working system. Thefollowing outlines several of the typical WAN optimization implementation options: In-path (inline) This is the simplest method. Simply place the WAN optimization device before or after your WAN gateway router so that the different optimizations can take effect. The way to have a redundant configuration is to daisy-chain two WAN optimization devices in serial (should one fail, the remaining device will take over). No load-balancing occurs in an inline implementation. Figure 6: In-Path (Inline) Example Out-of-Path (WCCP) WCCP was developed by Cisco, but is used across the industry as an ideal way of implementing WAN optimization and content-caching devices. The WCCP (and WCCPv2) protocol is used to communicate between the WAN optimization device(s) and the gateway router. The benefits that WCCP offers is that its very easy to have multiple WAN optimization devices at a single site for redundancy, as well as load-balance traffic across different WAN optimization devices. WCCP redirects traffic from the gateway router to the WAN optimization device, which processes the data, sending it to the WAN optimization device at the other GTRI WAN Optimization White Paper Issue: 001Date: 28 APR 2008 Public Information Copyright 2008 Global Technology Resources, Inc.. All rights reserved.Page 7 9. end of the WAN link (the traffic must pass back through the gateway router to the remote site). Some additional configuration steps (typically only required on the gateway WAN router) are required for this method, but they can provide additional features.Figure 7: Out-of-Path (WCCP) ExampleSome vendors require configuring a Generic Routing Encapsulation (GRE) tunnel between the WAN optimization device and the router running WCCP for return traffic from the WAN optimization device to the gateway router. This can add additional complexity and overhead to the network environment, but may be the best choice for certain environments. Many of the advantages and disadvantages of tunnels are discussed later in this document. Out-of-Path (Policy-Based Routing) This is rather invasive and a difficult method to implement. Its not possible to load-balance across different WAN optimization devices with this method, although its possible to have a redundant configuration. Because of the complexity and difficulty to maintain, this method typically isnt recommended. The implementation design is very similar in looks to the WCCP example, but differs greatly in how traffic gets to the WAN optimization device. While this can be used for HA environments, other implementation options are typically recommended. Routed (Default Route for LAN using VRRP) Some vendors support having the WAN optimization device act as the default gateway for the local LAN. This makes the WAN optimization device act as a router and typically uses a protocol such as VRRP to ensure that should the WAN optimization device fail, the real gateway router would takeover and act as the gateway for the LAN. GTRI WAN Optimization White Paper Issue: 001Date: 28 APR 2008 Public Information Copyright 2008 Global Technology Resources, Inc.. All rights reserved.Page 8 10. Figure 8: Routed (Default Route for LAN using VRRP) ExampleWAN Optimization LimitationsTypes of TrafficThe majority of WAN optimization vendors support optimization of TCP traffic only.While some vendors support optimization of UDP traffic, its imperative to evaluatethe performance constraints closely of the WAN optimization device as most UDPtraffic is delay-sensitive and might experience issues with the extremely minor delaysthat a WAN optimization solution might introduce. VoIP traffic is a perfect exampleof an application that may or may not receive any benefit from a WAN optimizationsolution.Network DelaysDepending on the method of implementation, minor delays may be introduced intothe network. When a WAN optimization device is implemented in-path (inline), asmall amount of delay (~10-15 s) can be introduced for non-optimized traffic. Theexact amount of delay varies between vendors and is so insignificant that it might notadversely impact your environment. Other implementation methods (such as WCCP)wont introduce any additional delays for non-optimized traffic as the router sendsonly optimized-eligible traffic to the WAN optimization device.Proper Device SizingSince a great deal of traffic is processed by each WAN optimization device (ifproperly configured), the device must be sized appropriately for your environment.Each WAN optimization device is designed to support a number of TCP connectionsand is rated for a certain throughput. If the device isnt sized properly and a devicedoesnt support the required number of TCP connections or throughput rate, some ofyour traffic will receive the benefits of WAN optimization, while other traffic thatexceeds the capacity of the WAN optimization device will not receive any benefits.High-AvailabilityWAN optimization can be implemented in high-availability (HA) environments.Depending on the selected implementation, fault-tolerance and high resiliency can be GTRI WAN Optimization White Paper Issue: 001Date: 28 APR 2008 Public Information Copyright 2008 Global Technology Resources, Inc.. All rights reserved.Page 9 11. achieved, allowing for redundancy should a WAN optimization device fail or exceedthe number of supported TCP connections. Its important for HA environments toensure that the implementation method chosen is the best for their HA situation.GRE and/or IPSec TunnelsSome WAN optimization devices support or require tunnels between devices(to/from the gateway router, to/from remote sites, etc.). There are pros and cons oftunnels, many of which are mentioned below. Most of these drawbacks have to dowith the fact that the original headers are encapsulated within new headers (to tunnelthe data). Hidden Payload When tunnelling, the original packet is encapsulated within another header, requiring two decapsulations when reading the original payload. This can cause issues for traffic accounting systems, Intrusion Detection Systems (IDS)/Intrusion Prevention Systems (IPS) solutions as well as firewalls as these devices arent able to see within the encapsulated payload. This may or may not be a real drawback as WAN optimization devices inherently change the original payload when it traverses the WAN (compression, tokenization, etc.). If an IDS/IPS device is between the WAN endpoints, its possible that the IDS/IPS wont provide any benefit for optimized traffic (or worse yet, cause false-positives on the optimized traffic). Additional QoS configuration requirements Since the original packet is encapsulated, the QoS markings are lost. These must either be replicated by the WAN optimization device or the device must support appropriately classifying and marking traffic to ensure that the QoS policies are enforced throughout the network environment. Complexity and management overhead Typically two tunnels are required between each site that will be involved in WAN optimization. This means that for two sites, Site-to-site tunnel configurations require 2 x (number_of_sites - 1) tunnels for the environment. If the environment only involves two or three sites, this isnt that much of an administrative burden (2 or 4 tunnels). Imagine an implementation involving a dozen sites this would require 22 tunnels for a fully-meshed WAN optimization network. This tunnel requirement could be reduced by redesigning the network to be in a hub-and-spoke configuration, where each remote site talks only to a core (hub) site. With this type of a configuration the formula to calculate the number of tunnels is (number_of_sites 1). In the example of a 12-site environment, only 11 tunnels would be required for a hub-and-spoke design. When it comes to troubleshooting, this adds in another layer of troubleshooting steps (to troubleshoot the tunnels). If QoS is used, another point within the network will be involved in the classification and marking of traffic. QoS best-practices dictate classifying and GTRI WAN Optimization White Paper Issue: 001Date: 28 APR 2008 Public Information Copyright 2008 Global Technology Resources, Inc.. All rights reserved. Page 10 12. marking traffic as close to the source as possible. Typical WAN gateway routers will react upon the already-marked traffic utilizing QoS traffic rate management features. Introducing QoS classification and marking into a border device such as a WAN optimization device means that should the access-layer device QoS configuration change, the same changes will need to be replicated to the WAN optimization devices. If this occurs on different platforms from different vendors this could require additional skillsets and teams within the organization. Encryption If site-to-site traffic encryption is a requirement for your environment, tunnels will be required at some point in your network. The WAN optimization devices that create tunnels to/from other WAN optimization devices can typically enable encryption very easily, as tunnels are already created and managed simply tell the hardware (or software depending on the vendor) to start encrypting the traffic traversing the tunnel. Without the option of creating tunnels terminating to/from the WAN optimization devices, it becomes necessary to provide encryption via other devices (firewalls, routers, etc. terminating IPSec tunnels).WAN Optimization for Mobile UsersIf your environment has needs for optimizing mobile users (remote laptop or desktopusers), its important to assess what kind of operating systems youll be optimizing.Many vendors today support only MS Windows as the client operating system,although most are working on clients for Apple OS X and Linux. Depending on theoperating systems used within your organization, you may or may not be able todeploy support for your mobile users.Partnering for Success with Global Technology Resources, Inc.Global Technology Resources, Inc. (GTRI) was founded in 1998, and has quicklybecome one of the leading high-end solutions providers and technology consultingfirms in the U.S. At GTRI we leverage our experience for your business. Ourseasoned consultants have an average of 10 years of experience in IT and networkingcombined with project experience ranging from small business to Fortune 1000 andcarrier class networks.GTRI has developed a framework (called the Strategic Delivery Framework, or SDFfor short) that eliminates risk for our customers and ensures a successful project.This framework has several different phases, a couple of phases key to a WANoptimization project being the envisioning, proposal and planning phases. WANoptimization projects benefit greatly not only from the GTRI real-world experience,but also from the holistic way that we approach the project using the SDF. GTRI WAN Optimization White Paper Issue: 001Date: 28 APR 2008 Public Information Copyright 2008 Global Technology Resources, Inc.. All rights reserved. Page 11 13. GTRI offers assistance in the selection of WAN optimization solutions, industry-leading implementation services as well as day-zero support (offered by the GTRIGlobalSure team). This full-cycle approach ensures the following: The best solution will be selected for your environment The implementation will meet and/or exceed industry best-practices Ongoing 24x7x356 support can be achieved through the GTRI GlobalSure program Future optimizations your organization may needcaneasilybe accommodated by skilled GTRI professionalsGTRI WAN Optimization SolutionsSince there are numerous WAN optimization vendors in the marketplace today,features differ amongst vendors and models. This can increase the complexity inchoosing a suitable WAN optimization solution. Its critical to choose a partner thatthoroughly understands the technologies involved with a WAN optimization solution.GTRI is well-versed with WAN optimization technologies from the leading vendors.By working with GTRI, youll be able to ensure that the solution you choose meetsyour needs and the benefits it can provide to your organization. Be sure to discussyour particular environment and needs with your local GTRI professional to beginthe SDF process towards the selection of a WAN optimization solution that will meetyour requirements. The SDF can reduce project risk by going through the propersteps (start at the envisioning phase, working into the proposal and planning phases).GTRI maintains a testing lab within the GTRI headquarters office that can demoseveral different WAN optimization solutions. If youve decided that youre ready tosee a practical application of WAN optimization technologies within your actualenvironment, GTRI has a mobile demo kit containing WAN optimization devices androuters, allowing for simulation of typical WAN links and showing the benefits ofWAN optimization technologies within your environment! No settings need bechanged on your network simply plug the kit into your network and it can obtain anIP address automatically. A laptop can be connected to the demo kit, simulating aclient on the remote side of the simulated WAN circuit. The software you use inyour environment can be installed and executed on this laptop (or laptops) to showwhat WAN optimization can provide for your environment. Contact GTRI today tohave a free WAN optimization demo shown at your location today!SummaryUser perception is king if users are experiencing unacceptable application responsetimes, both user productivity and morale will suffer. Before contacting your serviceprovider to see about a larger WAN connection, evaluate WAN optimization. Agood WAN optimization solution can make a T1 appear like a T3 connection, with GTRI WAN Optimization White Paper Issue: 001Date: 28 APR 2008 Public Information Copyright 2008 Global Technology Resources, Inc.. All rights reserved. Page 12 14. no additional recurring line costs. Remember that big pipes (LFNs) still sufferfrom the same protocol deficiencies as smaller pipes.WAN optimization solutions address many different aspects of poor networkapplication performance, without deviating from the TCP RFCs. WAN optimizationcan be configured in a non-intrusive manner, allowing your organizations existingQoS and firewall policies to remain in place (no major changes required). Thissimplistic, non-intrusive design also reduces the implementation effort, thecomplexity of the environment and the ongoing maintenance.Other implementations may desire to alter the network topology slightly byimplementing a solution that utilizes tunnels. Additional benefits can be gained withthis type of setup or they may not be best for your environment. GTRI can help youdetermine the best solution for your environment.The integration of WAN optimization components is greater than the sum of thefeatures. This is why its critical to have a thorough knowledge of WANoptimization features and solutions as well as the underlying network topology andapplication requirements. GTRI has highly trained professionals who can provideguidance in the selection of a WAN optimization solution, industry-leadingprofessional implementation services and unique operational tools (SDF) to ensure asuccessful project.For more information, please contact: 990 South Broadway, Suite 400Denver, CO 80209Email: [email protected]: (877) 603-1984 (toll-free)(303) 455-8800 (Colorado) GTRI WAN Optimization White Paper Issue: 001Date: 28 APR 2008 Public Information Copyright 2008 Global Technology Resources, Inc.. All rights reserved. Page 13