Applies To:
Show VersionsWANJet
- 4.0.0
7
Advanced Configuration
Optimization Policies
You can use Optimization Policies to specify the TCP/UDP ports to which WANJet's ACM5 and TDR optimization algorithms are applied.
You can also add a new machine or subnet to the list of machines/subnets for which data is processed by the WANJet and update or remove machines and subnets for which data is already being processed.
Subnets
The procedures to add, remove, or modify subnets are different for the local and remote WANJet appliances.
By default, the IncludeWANJet Subnet check box is checked on the Optimization Policies screen. If you clear this check box, the WANJet subnet is removed from the subnet list and the traffic for this subnet is no longer processed. Clear the IncludeWANJet Subnet check box if you want to process only traffic from the subnets that are listed below the check box.
Adding, editing, or removing subnets on a local WANJet appliance
To add a new subnet to the local WANJet
- In the navigation pane, expand Optimization and click Optimization Policy.
The WANJet Optimization Policy screen displays. - Clear the Optimize all Subnets check box.
- Click the Add button located below the Local Subnets list.
The Add Local Subnet screen displays in a separate window. - In the Local Subnet box, type the IP address for the new local machine/subnet. For example:
- In the Netmask box, type the netmask for the local machine/subnet. For example:
- In the Alias box, type a name for the new machine/subnet. For example:
- Click one of the following buttons:
- Click the OK button.
The window closes. - Click the Save button at the bottom of the WANJet Optimization Policy screen.
To update or remove a machine or subnet on the local WANJet
- In the navigation pane, expand Optimization and click Optimization Policy.
The WANJet Optimization Policy screen displays. - Clear the Optimize all Subnets check box.
- From the list of local subnets, click the link of the machine/subnet that you want to remove or edit.
The Edit Local Subnet screen displays. - Click Remove to remove this subnet from the list, or to edit the settings.
- Click the OK button.
The window closes. - Click the Save button at the bottom of the WANJet Optimization Policy screen.
You cannot update or remove the local the WANJet's own subnet.
Adding a subnet for a remote WANJet appliance
Always add the gateway of any remote WANJet as one of its subnets and confirm that the status of this subnet is disabled.
To add a new subnet to a remote WANJet
- In the navigation pane, expand Operational Settings and click Optimization Policy.
The Optimization Policy screen displays. - From the Remote WANJet list, select the remote WANJet to which you want to add subnets.
- Click the Add button located below the Remote Subnets table.
The Add Remote Subnet screen displays. - In the Supported Subnet box, type the IP address of the machine/subnet that you want to make visible to the remote WANJet.
- In the Netmask box, type the netmask of the remote subnet.
- In the Machine(s) Alias box, type a name for the machine/subnet.
- If you do not want the WANJet to process the traffic for this subnet at this time, click Disabled. Otherwise, leave it at the default of Enabled.
- Click the OK button.
The window closes. - Click the Save button at the bottom of the WANJet Optimization Policy screen.
Port Settings
You can set the processing mode and the Type of Service (ToS) priority that are assigned to packets for each port on a remote the WANJet appliance. You can assign these separately for TCP and UDP packets so that you can, for example, optimize TCP traffic on a port while allowing UDP traffic to pass through untouched.
By default, some commonly used ports (corresponding to Active FTP, SMTP, HTTP, POP3, IMAP and HTTPS) have ACM5 optimization enabled. All of these ports, except 443 (HTTPS), also have TDR-1 compression enabled. You can edit the settings for these ports by clicking the corresponding link. All other ports have optimization disabled by default.
Passive FTP sessions are difficult to optimize specifically, since the server port used by Passive FTP varies from session to session. If you need to optimize Passive FTP, enable optimization for all TCP ports and disable optimization for ports that do not require it (typically ports used by real-time applications such, as VoIP telephony).
Configuring specific ports
To set the processing mode for a specific port or a range of ports
- In the navigation pane, expand Optimization and click Optimization Policy.
The WANJet Optimization Policy screen displays. - Click the Add button, located beneath the Protocol Optimization Policies table.
The Add Port/Service Name screen displays. - From the Service Name list, select a service or application that uses the network. The corresponding default port used by the service appears in the From Port box.
Alternatively, in the From Port box, type the port number. To specify a range of ports, type the first port in the range in the From Port box, and the last port in range in the to box. - From the Processing Mode list, select one of the options:
- From the TOS Priority list, select a priority for the port(s):
7 - Network Control
6 - Internet Control
5 - Critical
4 - Flash Overdrive
3 - Flash
2 - Immediate
1 - Priority
0 - Routine - Select a WANJet optimization option by checking one of the optimization option check boxes.
- Click the OK button.
The window closes and the WANJet Optimization Policy screen displays with a new row in the Protocol Optimization Policies table with the details that you entered. You can click on the port number (in the Service Name column) to edit these settings. - Click the Save button at the bottom of the WANJet Optimization Policy screen to apply the new port settings.
The following options are available only if you have selected ACM5 as the processing mode.
Configuring All Other Ports
In addition to defining optimization policies for specific ports, you can change the default policies that have been set up for all TCP and UDP ports. (Any policies defined for individual ports will override these default policies.)
To set the default processing mode for all TCP/UDP ports
- In the navigation pane, expand Optimization and click Optimization Policy.
The WANJet Optimization Policy screen displays. - From the Remote WANJet menu, choose the remote WANJet to which you are connecting.
- In the third table in the Service Name column, for TCP or UDP protocol, click All Ports. (This reads All other ports if optimization polices are defined for specific ports.)
The Edit Port Service Name screen displays. - From the Service Name list, select a service or application that uses the network. The corresponding default port used by the service appears in the From Port box.
Alternatively, in the From Port box, type the port number. To specify a range of ports, type the first port in the range in the From Port box and the last port in range in the to box. - From the Processing Mode list, select one of the options:
- From the TOS Priority list, select a priority for the port(s):
7 - Network Control
6 - Internet Control
5 - Critical
4 - Flash Overdrive
3 - Flash
2 - Immediate
1 - Priority
0 - Routine - Select a WANJet optimization option by checking one of the optimization option check boxes.
- Click OK.
The Optimization Policy screen displays with a new row in the third table that contains the details that you entered. You can click on the port number (in the Service Name column) to edit these settings. - Click the Save button to apply the new port settings.
The following options are only available if you have selected ACM5 as the processing mode.
Operational mode setting
From the Operational Mode screen, you can:
To configure the operational mode settings
- From the navigation pane, expand Optimization and click Operational Mode.
The Operational Mode screen displays. - For the Mode setting, select one of the following options:
- For the Topology setting, specify the way the WANJet is connected to the network by clicking one of the options:
- In-Line - This is the most common network topology. In-line means that the WANJet is located between the LAN (or the LAN switch) and the WAN gateway (or the LAN router).
- One-Arm - Select this option if your WANJet is located on a separate, independent link. If you select this option, see the following section One-arm topology , for additional instructions.
- Click the Save button.
One-arm topology
This option allows the WANJet to be deployed out-of-line, with one physical connection to the LAN and no direct connection to the WAN
For more information about this configuration, see One-Arm Deployment
When you select One-Arm topology for the operational mode setting, a new section titled Redirection Method displays.
From the Redirection Method section, select one of the following options:
- Static Routing
Use this option if each client on your LAN is configured to route network traffic through the WANJet. - Transparent Proxy
Use this option if LAN traffic designated for optimization is directed to the WANJet by a router. - Non-Transparent Proxy
Use this option if you want the WANJet appliance to act as the default gateway for all clients in the LAN. In this configuration, every client on the LAN must be configured to use the WANJet appliance's IP address as its default gateway.
If you select Transparent Proxy, a new section titled Discovery Method displays. From this section, select one of the following options:
- Static
Use this option if passthrough traffic is not routed to the WANJet. In this case, only network traffic that is scheduled for ACM5 optimization is routed through the WANJet. This traffic is lost if the WANJet is not running. - WCCPv2
Use this option if the WANJet communicates with your network router using the Web Cache Coordination Protocol (WCCP). In this case, all network traffic is routed through the WANJet, but the router by-passes the appliance if WANJet is not running. If you select this option, see the following section, WCCP-based discovery , for additional instructions.
WCCP-based discovery
The WANJet appliance can use the WCCP protocol to advertise itself to a LAN router as a web cache. Local routers and web caches together form a service group. Routers redirect traffic to the group-member web caches, for example, the local WANJet appliance(s), in accordance with an algorithm defined for the service group.
For detailed specifications about the WCCP protocol, see http://www.faqs.org/rfcs/rfc3040.html.
If you select WCCPv2 in the Discovery Method section, four new controls display.
To configure WCCP-based discovery
- In the Service ID box, type the service group identifier. This must be a number between 51 and 100, and must match the service ID configured on the LAN router.
- In the Priority box, type the priority assigned by the router to the service group. This number determines the order in which redirection rules are followed. This must be a number between 0 and 255, and must match the priority configured on the LAN router.
- In the Router box, type the IP address that the LAN router uses to communicate with the WANJet appliance.
- Check the Authenticate check box.
- If WCCP is configured to require authentication between the WANJet appliance and the LAN router, type a password in the Password box.
- Click the Save button.
Tuning settings
From the Tuning screen, you can guarantee maximum output by specifying the link bandwidth and the Round Trip Time (RTT) for the WAN link.
To modify Tuning settings
- In the navigation pane, expand Optimization and click Tuning.
The WANJet Tuning screen displays. - In the Bandwidth box, type a value for your WAN link bandwidth. The default bandwidth is 45 megabits per second. You can use the list to change the units to kilobits per second for lower-bandwidth links.
- In the RTT box, type the value for the average round trip time for the WAN link. The default RTT is 300 milliseconds.
- Check the Congested Control check box if you want the WANJet appliance to handle the traffic if congestion occurs in the case of packet loss. The Congested Control check box is checked by default.
- In the Queue Size box, type the maximum number of outgoing packets to keep in the queue before dropping (in case of network problems). The default Queue Size is 10240 packets.
- Click the Save button.
The WANJet Tuning screen refreshes, and the changes are committed to the WANJet appliance.
Updating a configuration
When you initially configure the local WANJet appliance (as described in Chapter 4, Initial Configuration ) you specify the network settings for the WANJet appliance, such as IP address, ports, subnets, redundant peers, and connected remote WANJet appliances.
From the Local WANJet appliance screen, you can edit the network information for the local WANJet, such as defining redundant peers, adding subnets, and defining VLANs to the local WANJet. The initial values displayed on the Local WANJet appliance screen are the ones that you specified during initial configuration.
You must replicate any changes that you make to the WANJet's IP address, port, or subnet address, on each remote WANJet to which the local WANJet appliance is connected. See Replicating configuration changes on remote WANJet appliances in the following section.
Modifying a local WANJet appliance network configuration
To modify the local WANJet appliance configuration, perform the following steps.
To modify the local WANJet appliance network configuration
- In the navigation pane, expand Configuration and click Local WANJet.
The Local WANJet appliance screen displays. - Modify the values as required. The values are defined as follows:
- WANJet Alias
The name that is used for the local WANJet appliance. This name is displayed at the upper-left corner of the home when you log onto the WANJet Web UI. - WANJet IP
The IP address that is assigned to the local WANJet on your network. If you change this value, you must change it on each remote WANJet that accesses the local WANJet appliance. See Replicating configuration changes on remote WANJet appliances in the following section. - WANJet Netmask
Subnet mask assigned to the WANJet on your network. - WAN Gateway
The gateway the WANJet appliance uses to reach the WAN. - LAN Router
The gateway that the WANJet appliance uses to reach the LAN. - WANJet Port
The main port number that the local WANJet appliance uses to communicate with remote WANJet. The default port is 3701. If you change this value, you must change it on each remote WANJet that accesses the local WANJet appliance. See Replicating configuration changes on remote WANJet appliances in the following section. - License Key
For the local installation of the WANJet appliance. If this box is blank or contains an invalid key, the WANJet appliance does not process data. - Redundant Peer IP
IP address of the redundant WANJet appliance. If you check the Redundant Peer IP check box, the IP address box displays. - Click the Save button.
Replicating configuration changes on remote WANJet appliances
If you make any changes to the IP address, port setting, or subnet address on a local WANJet appliance, you must replicate the changes everywhere they appear, including to connected remote WANJet appliances.
For example, if you have four connected WANJet appliances named B1, B2, B3, and B4, and you bring up the Web UI for B1, the Web UI shows B1 as the local WANJet and B2, B3, and B4 as its remote WANJets. Therefore, if you change the IP address for B1, you must also change the IP address for B1 for the remote WANJet appliances (B2, B3, and B4) so that it matches.
To update the remote WANJet appliance settings from the local WANJet appliance
- Log onto the Web UI of the WANJet appliance.
- In the navigation pane, expand Configuration and click Remote WANJets.
The Local WANJet screen displays. - Click the IP address of the remote WANJet appliance that you want to edit.
The Manage Remote WANJet screen displays in a separate window. - Edit the settings as required.
- Click the OK button.
The Manage Remote WANJet The Remote WANJet screen closes. - Click the Save button at the bottom of the Remote WANJets screen.
- Repeat steps 3 through 6 for each remote WANJet appliance that connects to the local WANJet appliance for which you changed settings.
Once complete, the local WANJet appliance should be able to communicate with all connected remote WANJet appliances.
Alternatively, you can change the settings for the connected WANJet appliances by logging into each WANJet appliance's Web UI.
Virtual LANs
A Virtual LAN (VLAN) is a computer network that has logically defined (rather than physically defined) boundaries. You must use the Web UI to make the WANJet explicitly aware of any VLANs that are linked to your network. This is required because VLANs are often implemented by adding tags to Ethernet frames. These tags must be preserved during optimization.
Managing VLANs on a WANJet appliance
You can manage VLANs on a WANJet appliance using the following procedures.
To add a VLAN to a WANJet
- In the navigation pane, expand Configuration and click Local WANJet.
The Local WANJet appliance screen displays - Click the VLAN Settings link beneath the table.
The VLAN Setting screen displays with all of the currently defined VLANs. - Click the Add button.
The Add VLAN screen displays in a separate window. - In the WANJet Virtual IP box, type the virtual IP address assigned to the local WANJet on this VLAN. That is, the IP address that other machines on the VLAN use to communicate with the local WANJet appliance.
- In the VLAN Netmask box, type the subnet mask for the VLAN.
- In the VLAN Gateway box, type the virtual IP address of the gateway machine for the VLAN.
- In the VLAN Tag box, type the VLAN ID that the WANJet appliance uses to preserve tagged Ethernet frames that pass to and from the VLAN.
- Click the OK button.
The Add VLAN screen closes. - Click the Save button.
After you add the VLAN to the WANJet, you must perform the following tasks:
- Add the VLAN as one of the subnets of the local WANJet so that the WANJet can optimize the traffic coming from this VLAN.
For instructions, see Subnets . - Add the VLAN to any remote WANJets that are linked to the local appliance, and also add it as one of their subnets. This is necessary if the remote WANJets are to handle optimized data from the VLAN.
For instructions, see Replicating configuration changes on remote WANJet appliances and Subnets .
To edit or remove a WANJet VLAN
- In the navigation pane, expand Configuration and click Local WANJet.
The Local WANJet appliance screen displays - Click the VLAN Settings link beneath the table.
The VLAN Setting screen displays with all of the currently defined VLANs. - Click the IP address for the VLAN you want to edit or remove.
The Edit VLAN screen displays in a separate window. - Edit the VLAN information or click the Remove button to remove it.
- Click the OK button.
The Edit VLAN screen closes. - Click the Save button.
If you remove a VLAN from a local WANJet, you must also remove it from the list of subnets supported by that WANJet.
Remote WANJet appliances
To optimize the data that is sent over a network link, you need a pair of WANJets, each running the WANJet software. A remote WANJet reverses the optimization process for data that is sent from the local WANJet. For this configuration to work, the local WANJet must be aware of the remote WANJet. If you do not specify a remote WANJet to receive the processed data, network traffic passes through the local WANJet without being optimized.
To add a remote WANJet
- In the navigation pane, expand Configuration and click Remote WANJet.
The Remote WANJet screen displays. - Click the Add button.
The Manage Remote WANJet appliance screen displays. - From the WANJet Type list, select Single.
Or, if you have two connected WANJet appliance peers on the same remote LAN, select Redundant. (See Redundant peers for an explanation about these node types.) - In the WANJet IP box, type the IP address for the remote WANJet appliance.
- If you selected Redundant in Step 3 , type the IP address for the peer WANJet appliance in the Node 2 box. Otherwise, skip to Step 6 .
- In the WANJet Alias box, type a name for the remote WANJet appliance. The name must have fewer than 14 characters.
- In the WANJet Port box, type the main port number on which the remote WANJet appliance listens for data from the local WANJet appliance. The default port number is 3701.
- In the Shared Key box, type the shared key that authenticates between the local and remote WANJets. You can set a unique shared key for every pair of WANJet.
- If the local WANJet appliance has a LAN router specified for it, you can select a Maximum Transmission Unit (MTU) for the remote WANJet appliance. The MTU is defined as the size of the largest datagram able to pass across a network connection. Select one of the following options:
- Click the OK button.
The Manage Remote WANJet screen closes. - Click the Save button.
You now need to add the gateway of the remote WANJet as a disabled subnet. For information about how to add a subnet, see Subnets .
To edit or remove a remote WANJet
- In the navigation pane, expand Configuration and click Remote WANJet.
The Remote WANJet screen displays. - Click the IP address for the WANJet appliance that you want to edit or remove.
The Manage Remote WANJet appliance screen displays. - Edit the information or click the Remove button to remove the remote WANJet appliance.
- Click OK button.
The Remote WANJet appliance screen displays. - Click the Save button.
If you remove a remote WANJet appliance, the local WANJet no longer sees it, and any data sent to the removed remote WANJet appliance's network passes through without being optimized.
Redundant peers
Redundancy offers a continuous mode of operation and eliminates a central point of failure for LAN switching and routing. The WANJet supports redundancy using a second WANJet on a LAN, connected to a redundant router. The second WANJet is known as a redundant peer. If one of the LAN's routers fail, the corresponding WANJet detects that the router is down and continues service through the remaining active router and WANJet.
Not only does this redundant system offer you a continuous mode of operation, but it also provides load-balancing under normal network conditions by distributing network traffic over two WANJets.
To access a redundant peer through the Web UI, you must add both the primary peer and the redundant peer to the Remote WANJet's table of a F5 appliance that is remote from the peers' LAN.
For example, if you have a primary peer called WANJet A with a redundant peer called WANJet A-1, both of which are connected to the remote appliances B and C, you will have to perform the following steps to access WANJet A and A-1 from WANJet B and C.
Changing the interface speed
The WANJet supports different speeds in both half-duplex and full duplex. By default, the WANJet appliance is set to auto-negotiate and negotiates both interface speeds automatically; however, you can use the following procedure to manually specify the speed of the network interfaces that the WANJet uses to communicate with the LAN and the WAN.
To specify network interface settings
- In the navigation pane, expand Configuration and click Interfaces.
The NIC Configuration screen displays. - From the eth0 list, select the interface that corresponds with the link between the LAN switch and the WANJet appliance. The speed duplex value between the LAN and the WAN media type must match.
- From the eth1 menu, select the interface that corresponds with the link between the WAN router and the WANJet appliance. The speed duplex value between the LAN and the WAN media type must match.
- Click the Save button.
Managing static routes
The Static Routes table contains information about the gateway (router) that you specify to route the data for a specific network. Data packets sent to the defined gateway use the relevant static route to identify their destination.
When you specify a LAN router for your local WANJet, all subnets configured for the local WANJet use it to identify the destinations of packets.
To specify a gateway for each subnet, remove the IP address from the LAN Router box on the Local WANJet appliance page. See Updating a configuration for specific instructions.
To add a static route
- In the navigation pane, expand Configuration and click Routes.
The WANJet Routes screen displays. - In the Network box, type the subnet's IP address for which you want to route data to a specific gateway.
- In the Netmask box, type the netmask for the network.
- In the Next Hop box, type the IP address for the gateway to which the data should be routed. Data packets use this gateway to send them to their destination.
- In the MTU box, type the maximum packet size of datagrams that you want transferred through this route.
- Click the Save button.
To edit or remove an existing static route
Configuring Syslog and SNMP settings
You can configure the WANJet appliance to retrieve Syslog, SNMP, and RMON2 reports from specific servers and specify whether RMON2 data is gathered before or after the WANJet processes it. You can also define the community string for viewing SNMP reports.
To configure Syslog and SNMP settings
- In the navigation pane, expand Configuration and click Monitoring.
The WANJet Syslog and SNMP screen displays. - Check the Syslog Server IP check box and type the IP address of the server that receives WANJet Syslog data.
- Specify which log to store:
- Check the SNMP Server IP check box and type the IP address of the SNMP server to which the WANJet sends error messages. (For more information about viewing SNMP reports, see SNMP reports .)
- To view RMON2 data, check the Enable RMON2 Logs check box and select an option:
- Raw WANJet
To view RMON2 logs before the WANJet processes traffic. - WANJet Data
To view RMON2 logs after the WANJet processes traffic. - In the Community String box, type the shared community string used to access the SNMP reports on WANJet.
- Click the Save button.
The Syslog and SNMP page refreshes, and the changes are committed to WANJet.
Email alerts
You can configure the WANJet appliance to send an email containing system snapshots (with logged information) to a specified email address in the event of system failure.
For information about how to download system snapshots directly, refer to Diagnostic Log.
To configure email alerts
- In the navigation pane, expand Configuration and click Email Alert.
The WANJet Email Alert screen displays. - In the Email address box, type the email address to which you want the system snapshot sent.
- In the From Email address box, type the email address from which you want the email to appear to be sent.
- In the SMTP Server IP box, type the IP address (not the domain name) of an SMTP mail server that is accessible from the WANJet appliance from which this email can be forwarded.
- In the SMPT Server Port box, type the port number for the mail server to which the SMTP request for the email alert will be sent.
- To automatically email system snapshots, check the Enabled check box.
- Click the Test Me button to confirm that the WANJet can access the mail server and send the email. You can use the test feature to send a simple test message, create a new system snapshot to send, or send all past system snapshots. F5 Networks recommends that you send a test message, because the WANJet does not attempt to resend failed emails.
- After you have confirmed that the email alert that you configured works, click the Save button.
This does not need to be a valid email address, but it should look like a valid address in order to pass through spam filters. F5 Networks recommends that you use the alias of the WANJet from which the snapshot was taken as the first part of the address (before the @ symbol), and your company's domain name as the second part of the address. For example, WJ_NewYork@f5.com.
Email alerts are disabled by default, but F5 Networks recommends that you enable them after you configure the settings on the Email Alert screen.