Manual Chapter : WANJet® Appliance Administrator Guide: 6 - Advanced Configuration

Applies To:

Show Versions Show Versions

WANJet

  • 4.2.10, 4.2.3, 4.2.2, 4.2.1, 4.2.0
Manual Chapter

6

Advanced Configuration


Creating optimization policies

You use optimization policies to specify where and how you want the WANJet appliance to optimize traffic, including the local and remote subnets on the local and remote appliances. Optimization policies specify the TCP and UDP ports on which the WANJet appliance applies its Transparent Data Reduction (TDR) optimization algorithms.

To develop optimization policies, you set up subnets and ports:

  • Specify the subnets for which you want to optimize traffic.
    See the next section, Managing subnets , for details on how to determine the subnets for which the WANJet appliance will optimize traffic.
  • Specify how you want traffic to be optimized on ports.
    See Managing port settings , for how to optimize ports.

Managing subnets

The procedures to add, remove, or modify subnets are different for local and remote WANJet appliances.

Adding, editing, or removing subnets on a local WANJet appliance

You can optimize all subnets connected to the local WANJet appliance or create a list of subnets for which you want to optimize traffic. You can add, update, or remove subnets from the list.

When you first open the Optimization Policies screen, the subnet in which the WANJet appliance resides is the only subnet on the list of local subnets to optimize, and the Include WANJet Subnet setting is enabled. The Optimize all Subnets check box is cleared by default.

To optimize all traffic on all subnets including the subnet in which the local WANJet resides, check the Optimize all Subnets box. When you check this option, the tables of local and remote subnets are removed from the screen.

To optimize traffic only on specific subnets, clear the Optimize all Subnets check box, and add the subnets for which you want to optimize traffic.

To optimize all subnets connecting to the local WANJet appliance

  1. In the navigation pane, expand Optimization and click Optimization Policy.
    The WANJet Optimization Policy screen opens.
  2. Check the Optimize all Subnets box.
    Other local and remote WANJet options are removed from the screen.
  3. Click the Save button at the bottom of the WANJet Optimization Policy screen.

To add a new subnet to the local WANJet appliance

  1. In the navigation pane, expand Optimization and click Optimization Policy.
    The WANJet Optimization Policy screen opens.
  2. Clear the Optimize all Subnets check box, if it is checked.
  3. Click the Add button below the Local Subnets list.
    The Add Local Subnet popup screen opens.
  4. In the Local Subnet box, type the IP address of the subnet. For example:
  5. 10.8.0.0
  6. In the Netmask box, type the netmask of the subnet. For example:
  7. 255.255.0.0
  8. In the Alias box, type a name for the subnet. For example:
  9. Subnet B
  10. Set the Operational Status to one of the options:
    • Enabled
      To have the WANJet appliance optimize the traffic for the subnet.
    • Disabled
      To prevent the WANJet appliance from optimizing the traffic for the subnet.
  11. Click the OK button.
    The window closes.
  12. Click the Save button at the bottom of the WANJet Optimization Policy screen.
    Traffic on subnets that you added will be optimized for all new connections.

To update or remove a subnet on the local WANJet appliance

  1. In the navigation pane, expand Optimization and click Optimization Policy.
    The WANJet Optimization Policy screen opens.
  2. Clear the Optimize all Subnets check box.
  3. In the list of local subnets, click the link of the subnet that you want to remove or edit.
    The Edit Local Subnet screen opens.
  4. Edit the settings, or click Remove to remove this subnet.
  5. Click the OK button.
    The screen closes.
  6. Click the Save button at the bottom of the WANJet Optimization Policy screen.
    Changes to subnets take effect for all new connections.
Note

You cannot update or remove the IP address of the subnet in which the WANJet appliance is located.

Adding, editing, or removing subnets on a remote WANJet appliance

Important

Always add the gateway of any remote WANJet appliance as one of its subnets, and confirm that the status of this subnet is disabled.

To add a new subnet to a remote WANJet appliance

  1. In the navigation pane, expand Optimization and click Optimization Policy.
    The Optimization Policy screen opens.
  2. From the Remote WANJet list, select the remote WANJet appliance to which you want to add subnets.
  3. Click the Add button, located below the Remote Subnets table.
    The Add Remote Subnet screen opens.
  4. In the Supported Subnet box, type the IP address of the machine/subnet that you want to make visible to the remote WANJet appliance.
  5. In the Netmask box, type the netmask of the remote subnet.
  6. In the Machine(s) Alias box, type a name for the machine/subnet.
  7. If you do not want the WANJet appliance to process the traffic for this subnet at this time, click Disabled. Otherwise, leave it at the default of Enabled.
  8. Click the OK button.
    The window closes.
  9. Click the Save button at the bottom of the WANJet Optimization Policy screen.
    The WANJet appliance optimizes traffic for all new connections on the subnets that you added.

To update or remove a subnet on a remote WANJet appliance

  1. In the navigation pane, expand Optimization and click Optimization Policy.
    The WANJet Optimization Policy screen opens.
  2. From the Remote WANJet list, select the IP address of the remote WANJet appliance that you want to modify.
  3. In the list of remote subnets, click the subnet that you want to remove or edit.
    The Edit Remote Subnet screen opens.
  4. Edit the settings, or click Remove to remove this subnet.
  5. Click the OK button.
    The screen closes.
  6. Click the Save button at the bottom of the WANJet Optimization Policy screen.
    Changes to subnets take effect for new connections.

Managing port settings

You can adjust the processing mode and the Type of Service (ToS) priority that are assigned to packets for each port on a remote WANJet appliance. You can assign these values separately for TCP and UDP packets so that you can, for example, optimize TCP traffic on a port while allowing UDP traffic to pass through untouched.

It is typical to have optimization enabled on commonly used ports such as those used for Active FTP, SMTP, HTTP, POP3, IMAP, and HTTPS. You can also consider enabling TDR-1 compression on these ports, except 443 (HTTPS). You can edit the settings for ports that have been added by clicking the corresponding link.

Note

It is difficult to optimize Passive FTP sessions because the server port that Passive FTP uses varies from session to session. However, if you need to optimize Passive FTP, enable optimization for all TCP ports and disable optimization for ports that do not require it (typically ports used by real-time applications such, as VoIP telephony).

Configuring ports and services

You can customize the optimization policy for ports, or services that use specific ports. To do this, you need to add the ports (or services) and indicate how you want the system to handle connections through that port. For example, for any port or service, you can specify whether data is optimized or passed through, set its ToS priority, and select the type of optimization.

To add ports or services

  1. In the navigation pane, expand Optimization and click Optimization Policy.
    The WANJet Optimization Policy screen opens.
  2. Click the Add button located beneath the Protocol Optimization Policies table.
    The Add Port/Service Name popup screen opens.
  3. From the Service Name list, select the service or application for which you want to customize the optimization policy. The default port used by the service appears in the From Port box.

    If you do not know the name of the service, in the From Port box, type the port number. To specify a range of ports, type the first port in the range in the From Port box, and the last port in range in the To box.
  4. Note: Refer to http://www.iana.org/assignments/port-numbers for a list of commonly assigned TCP/UDP port numbers and the services and applications that use them. Keep in mind that these may differ on your system.
  5. From the Processing Mode list, select one of the options:
    • Passthrough
      Leave traffic over this port in its raw state.
    • Optimized
      Apply WANJet appliance optimization to traffic over this port.
  6. From the TOS Priority list, select a priority for the port(s):

    7 - Network Control
    6 - Internet Control
    5 - Critical
    4 - Flash Overdrive
    3 - Flash
    2 - Immediate
    1 - Priority
    0 - Routine
  7. Note: Refer to http://www.ietf.org/rfc/rfc0791.txt for more information about ToS priority levels.
  8. Select a WANJet appliance optimization option by checking one of the optimization option check boxes.
  9. The following options are available only if you have selected Optimized as the processing mode.

    Check box
    Optimization description
    TDR-1
    Check this box to compress network traffic on the specified port. This is not necessary if the traffic would not benefit from compression, for instance if it consists largely of JPEG or ZIP files.
    TDR-2
    Check this box to apply the WANJet appliance's TDR-2 intelligent caching algorithm.
    Encryption
    Check this box if network traffic on the specified port is encrypted to use SSL.
    Connection Intercept
    Check this box to reset any connection over the specified port that was opened before the new settings were applied.

     

  10. Click the OK button.
    The window closes and the WANJet Optimization Policy screen displays with a new row in the Protocol Optimization Policies table with the details that you entered. You can click the port number (in the Service Name column) to edit these settings.
  11. Click the Save button at the bottom of the WANJet Optimization Policy screen to apply the new port settings.
    The new port settings take effect immediately for all new connections.

Configuring all other ports

In addition to defining optimization policies for specific ports, you can change the default policies that have been set up for all TCP and UDP ports. (Any policies defined for individual ports will override these default policies.) Instead of listing specific ports or services in the list of optimization policies, the table shows All ports or All other ports.

To set the default processing mode for all TCP/UDP ports

  1. In the navigation pane, expand Optimization and click Optimization Policy.
    The WANJet Optimization Policy screen opens.
  2. From the Remote WANJet box, choose the IP address of the remote WANJet appliance to which you want to connect.
  3. In the Protocol Optimization Policies table, in the Service Name column, for TCP or UDP protocol, click All Ports. (This reads All other ports if optimization polices are defined for specific ports.)
    The Edit Port/Service Name popup screen opens.
  4. From the Processing Mode list, select one of the options:
    • Passthrough
      Leave traffic over this port in its raw state.
    • Optimized
      Apply WANJet appliance optimization to traffic over this port.
  5. From the TOS Priority list, select a priority for the port(s):

    7 - Network Control
    6 - Internet Control
    5 - Critical
    4 - Flash Overdrive
    3 - Flash
    2 - Immediate
    1 - Priority
    0 - Routine
  6. Note: Refer to http://www.ietf.org/rfc/rfc0791.txt for more information about ToS priority levels.
  7. If you selected Optimized as the processing mode in step 5, check the optimization options you want to enable.
    Check box
    Optimization description
    TDR-1
    Check this box to compress network traffic on the specified port. This is not necessary if the traffic would not benefit from compression, for instance if it consists largely of JPEG or ZIP files.
    TDR-2
    Check this box to apply the WANJet appliance's TDR-2 intelligent caching algorithm.
    Encryption
    Check this box if network traffic on the specified port is encrypted to use SSL.
    Connection Intercept
    Check this box to reset any connection over the specified port that was opened before the new settings were applied.
  8. Click OK.
    The Optimization Policy screen displays with a new row in the third table that contains the details that you entered. You can click the port number (in the Service Name column) to edit these settings.
  9. Click the Save button to apply the new port settings.
    The new port settings take effect immediately for all new connections.

Enabling Connection Intercept

When you start the WANJet appliance, some connections may have already been established. Connection Intercept lets you reset connections that were initiated before you started the WANJet appliance. You can use Connection Intercept to reset connections for specific ports or services, without having to reboot the relevant servers or restart those services.

Using the Connection Intercept option is particularly effective when performing any of the following tasks:

  • Installing the WANJet appliance on your network
  • Upgrading the WANJet appliance
  • Changing the WANJet appliance's mode from inactive to active
  • Restarting the WANJet appliance

The ports on which you implement Connection Intercept require the following settings:

  • Optimized as the processing mode
  • Connection Intercept option enabled
Note

You can use the following process to optimize any port. The best usage for Connection Intercept is when you want to reset connections on a range of ports, without having to either reboot the relevant servers or restart a whole range of services. The WANJet appliance allows you to reset connections automatically, without having to restart the server or manually reset the connections.

To enable connection intercept

  1. In the navigation pane, expand Optimization and click Optimization Policy.
    The WANJet Optimization Policy screen opens.
  2. In the Protocol Optimization Policies section, in the Service Name column, click the service or port for which you want to enable Connection Intercept.
    The Edit Port/Service Name popup screen opens.
  3. Note: If the service is not listed, you need to add it. Refer to Configuring ports and services .
  4. For the Processing Mode, select Optimized.
  5. Check the Connection Intercept box.
  6. Click OK.
    The Edit Port/Service Name screen closes, and you see the WANJet Optimization Policy screen.
  7. Verify that the WANJet appliance operational mode is set to Active.
  8. Click the Save button to apply the changes.
    The WANJet appliance enables Connection Intercept on all configured ports, and resets existing connections on these ports so that data transfers are optimized.

For additional details about using the Connection Intercept option, refer to Configuring ports and services .

Example: Connection Intercept implementation

One of the uses of Connection Intercept is for client systems that use the CIFS (Common Internet File System) protocol to request file services from server systems over a network. Here we provide an example of how to use Connection Intercept to automatically reset CIFS connections.

In this example, the customer is concerned that they may have existing CIFS connections, already in progress, that are not being optimized after starting the WANJet appliance. It shows how to enable the Connection Intercept option on the CIFS ports (typically ports 139 and 445). This causes the WANJet appliance to automatically reset connections that are not being optimized, without having to restart each of the connections manually.

To automatically reset CIFS connections

  1. In the navigation pane, expand Optimization and click Optimization Policy.
    The WANJet Optimization Policy screen opens.
  2. In the Protocol Optimization Policies section, in the Service Name column, click 139 (Netbios-ssn).
    The Edit Port/Service Name popup screen opens.
  3. Note: If the Netbios-ssn service is not listed, you need to add it. Refer to Configuring ports and services .
  4. For the Processing Mode, select Optimized.
  5. Check the Connection Intercept box.
  6. Click OK.
    The Edit Port/Service Name screen closes, and you see the WANJet Optimization Policy screen.
  7. In the Protocol Optimization Policies section, in the Service Name column, click 445 (Microsoft-ds).
    The Edit Port/Service Name popup screen opens.
  8. For the Processing Mode, select Optimized.
  9. Check the Connection Intercept box.
  10. Click OK.
    The Edit Port/Service Name screen closes, and you see the WANJet Optimization Policy screen again.
  11. In the navigation pane, expand Optimization and click Operational Mode.
    The Operational Mode screen opens.
  12. Verify that Mode is set to Active.
  13. Click the Save button to apply the changes.
    This implements Connection Intercept on ports 139 and 445. The next time you restart the WANJet appliance, it resets connections on these ports, and then optimizes the traffic.

Setting operational modes

You can set operational modes on the WANJet appliance. From the Operational Mode screen, you can:

  • Specify the operating mode of the WANJet appliance (whether it is active or inactive).
  • Determine how you want to handle traffic in case of failure (on WANJet 400 and 500 only).
  • Specify how to deploy the WANJet appliance in your network topology (inline or one-arm).

To configure the operational mode settings

  1. In the navigation pane, expand Optimization and click Operational Mode.
    The Operational Mode screen opens.
  2. For the Mode setting, select one of the following options:
    • Active
      Enables optimization.
    • Inactive
      Optimization does not occur and the WANJet appliance is completely transparent to network traffic.
  3. For the Failure Mode setting (WANJet 400/500 only), select one of the following options:
    • Fail to Wire (default)
      If the WANJet appliance fails for any reason, network traffic continues to flow and bypasses the WANJet appliance. On the WANJet 500, if the power is off on the WANJet appliance, this option is always in effect even if you select Fail Close.
    • Fail Close
      If the WANJet appliance fails for any reason, the appliance breaks the link and stops traffic from passing through.
    Note: If you select Fail Close on a WANJet 400, you must also make a hardware adjustment on the appliance. Refer to To enable Fail Close on the WANJet 400 hardware , following, for instructions on how to open the unit and change the setting on the NIC.
  4. For the Topology setting, specify the way the WANJet appliance is connected to the network by clicking one of the options:
    • In-Line
      This is the most common network topology. Inline means that the WANJet appliance is located between the LAN (or the LAN switch) and the WAN gateway (or the LAN router).
    • One-Arm
      Select this option if your WANJet appliance is located on a separate, independent link. Refer to Configuring one-arm topology , for additional instructions.
  5. Click the Save button.

To enable Fail Close on the WANJet 400 hardware

  1. Set the Failure Mode setting to Fail Close as described in the previous procedure, To configure the operational mode settings . (Do not forget to click Save to save the changed setting.)
  2. Shut down the WANJet 400 appliance. See Shutting down and restarting the WANJet appliance , located in Chapter 5.
  3. Turn the WANJet appliance upside down. On the bottom of the unit, unscrew the four screws on the left and right edges of the unit.
  4. Slide the cover off the top of the WANJet 400 appliance.
  5. Facing the front of the WANJet 400 appliance, locate the PXG2BP NIC card on the right near the front of the unit.
  6. Tip the WANJet 400 appliance over onto the left side so you can see the buttons on the NIC card better.
  7. On the upper right of the NIC card, locate the two switches (labeled BYPASS MODE).
  8. The ENB switch is on the left (towards the front of the card), and is turned off by default. The DIS switch is on the right (towards the back of the card), and is turned on by default.

  9. Turn the appliance on. If a warning beep sounds, press the red reset button on the back of the unit next to the power supplies.
  10. On the NIC card, press the ENB switch on the left (the one towards the front of the appliance). You hear an audible click.
  11. Turn the appliance off and replace the cover.

To re-enable Fail to Wire on the WANJet 400 hardware

  1. Set the Failure Mode setting to Fail to Wire as described in the procedure, To configure the operational mode settings . (Do not forget to click Save to save the changed setting.)
  2. Shut down the WANJet 400 appliance.
  3. Turn the WANJet appliance upside down. On the bottom of the unit, unscrew the four screws that are on the left and right edges of the unit.
  4. Slide the cover off the top of the WANJet 400 appliance.
  5. Facing the front of the WANJet 400 appliance, locate the PXG2BP NIC card on the right near the front of the unit.
  6. Tip the WANJet 400 appliance over onto the left side so you can see the buttons on the NIC card better.
  7. On the upper right of the NIC card, locate the two switches (labeled BYPASS MODE).
  8. The ENB switch is on the left (towards the front of the card), and was previously turned on. The DIS switch is on the right (towards the back of the card), and is off.

  9. Turn the appliance on. If a warning beep sounds, press the red reset button on the back of the unit next to the power supplies.
  10. On the NIC card, press the DIS switch on the right (the one towards the center of the appliance). You hear an audible click.
  11. Turn the appliance off and replace the cover.

Adjusting tuning settings

From the Tuning screen, you can guarantee maximum throughput by specifying the link bandwidth and the Round Trip Time (RTT) for the WAN link. The maximum bandwidth value is a global setting that relates to the WANJet appliance license that your company purchased. You should only modify the tuning settings when initially setting up the WANJet appliance (after licensing), or if the bandwidth of your WAN link changes. Once they are set, you rarely need to change the tuning settings.

To modify tuning settings

  1. In the navigation pane, expand Optimization and click Tuning.
    The WANJet Tuning screen opens.
  2. In the Bandwidth box, type a value for your WAN link bandwidth. You can set it to the bandwidth for which the appliance is licensed or lower. The default bandwidth varies depending on the license purchased and the platform. You can adjust the value lower than the default (but not higher), and use the list to change the units to kilobits per second for lower-bandwidth links.
    F5 Networks does not recommend changing this value.
  3. In the RTT box, type the value for the average round trip time for the WAN link. You determine the RTT by using the ping utility to send a request to a device on the other side of the WAN link and reviewing the command output. The default RTT is 300 milliseconds.
  4. Check the Congestion Control box to have the WANJet appliance handle traffic if congestion occurs in the case of packet loss. The Congestion Control box is checked by default.
  5. Review the value in the Queue Size box. It contains the maximum number of outgoing packets to keep in the queue before dropping them (in case of network problems). The WANJet automatically calculates the Queue Size based on the values specified for Bandwidth and RTT. F5 Networks does not recommend changing this value.
  6. Click the Save button.
    The WANJet Tuning screen refreshes, and the WANJet appliance saves the changes.

Updating a configuration

When you initially configure the local WANJet appliance (as described in Chapter 4, Initial Configuration ) you specify the network settings for the WANJet appliance, such as IP address, ports, subnets, redundant peers, and connected remote WANJet appliances.

From the Local WANJet appliance screen, you can edit the network information for the local WANJet appliance, such as defining redundant peers, adding subnets, and defining VLANs to the local WANJet appliance. The initial values displayed on the Local WANJet appliance screen are the ones that you specified during initial configuration.

Important

You must replicate any changes that you make to the WANJet appliance's IP address, port, or subnet address on each remote WANJet appliance to which the local WANJet appliance is connected. See Replicating configuration changes on remote WANJet appliances .

Modifying a local WANJet appliance network configuration

If you need to modify the local WANJet appliance configuration, perform the following steps.

To modify the local WANJet appliance network configuration

  1. In the navigation pane, expand Configuration and click Local WANJet.
    The Local WANJet appliance screen opens.
  2. Modify the values as required. The values are defined as follows:
    • WANJet Alias
      The name that is used for the local WANJet appliance. This name is displayed at the upper-left corner of the home when you log onto the Web UI.
    • WANJet IP
      The IP address that is assigned to the local WANJet appliance on your network. If you change this value, you must change it on each remote WANJet appliance that accesses the local appliance. See Replicating configuration changes on remote WANJet appliances .
    • WANJet Netmask
      Subnet mask assigned to the WANJet appliance on your network.
    • WAN Gateway
      The gateway the WANJet appliance uses to reach the WAN.
    • LAN Router
      The gateway that the WANJet appliance uses to reach the LAN.
    • WANJet Port
      The main port number that the local WANJet appliance uses to communicate with remote WANJet appliance. The default port is 3701. If you change this value, you must change it on each remote WANJet appliance that accesses the local WANJet appliance. See Replicating configuration changes on remote WANJet appliances .
    • Redundant Peer IP
      IP address of the redundant WANJet appliance. If you check the Redundant Peer IP check box, the IP address box displays.
  3. Click the Save button.

Configuring delayed acceptance

The WANJet appliance generally accepts incoming connections from the LAN, then attempts to connect with the server on the remote LAN. If the server is unreachable, the WANJet appliance closes the original client-side LAN connection. A delayed connection acceptance feature, enabled by default, postpones acceptance of LAN requests coming from ports 445 and 139 until the server connection is verified.

You can configure the ports that will delay accepting requests, or disable the setting, as needed. This setting is particularly useful for ports that use CIFS (that is, ports 445 and 139).

To configure delayed connection acceptance settings

  1. In the navigation pane, expand Configuration and click Local WANJet.
    The Local WANJet screen opens.
  2. Click Settings for Delayed Acceptance.
  3. Check the Enable box to enable delayed connection acceptance (if it is not selected already).
  4. In the Ports box, type the numbers of any ports for which you want to delay the acceptance of a connection until verifying that the server is reachable. Separate multiple ports with colons (for example, 139:445).
  5. Click Save to make the changes.

Replicating configuration changes on remote WANJet appliances

If you make any changes to the IP address, port setting, or subnet address on a local WANJet appliance, you must replicate the changes everywhere they appear, including to connected remote WANJet appliances.

For example, if you have four connected WANJet appliances named B1, B2, B3, and B4, and you log on to the Web UI for B1, the Web UI shows B1 as the local WANJet appliance and B2, B3, and B4 as its remote WANJet appliances. Therefore, if you change the IP address for B1, you must also change the IP address for B1 for the remote WANJet appliances (B2, B3, and B4) so that it matches.

To update the remote WANJet appliance settings from the local WANJet appliance

  1. Log on to the Web UI of the WANJet appliance.
  2. In the navigation pane, expand Configuration and click Remote WANJets.
    The Local WANJet screen opens.
  3. Click the IP address of the remote WANJet appliance that you want to edit.
    The Manage Remote WANJet popup screen opens.
  4. Edit the settings as required.
  5. Click the OK button.
    The Manage Remote WANJet screen closes.
  6. Click the Save button at the bottom of the Remote WANJets screen.
  7. Repeat steps 3 through 6 for each remote WANJet appliance that connects to the local WANJet appliance for which you changed settings.

Once complete, the local WANJet appliance should be able to communicate with all connected remote WANJet appliances.

Note

Alternatively, you can change the settings for the connected WANJet appliances by logging on to each WANJet appliance's Web UI.

Managing virtual LANs

A virtual LAN (VLAN) is a segment of a computer network that has logically defined (rather than physically defined) boundaries. VLANs provide a way to structure a large network for increased security, separating systems with sensitive data, special projects, or separate departments. You need to configure the WANJet appliance so it can optimize traffic from those VLANs.

Unless you want to have separate WANJet appliances on every VLAN, you must use the Web UI to add the WANJet appliance to any VLANs that are linked to your network and for which you want to optimize traffic. When added, the WANJet appliance becomes part of the VLAN and can optimize traffic on the VLAN. You need to add the WANJet appliance to the VLAN because VLANs are often implemented by adding tags to Ethernet frames. These tags must be preserved during optimization. See To add a VLAN to a WANJet appliance in the next section for how to add WANJet appliances to VLANs.

Traffic emanating from VLANs is tagged with a VLAN tag (also called a VLAN ID). By default, the WANJet appliance handles only untagged traffic. If you want to optimize traffic on VLANs in your networking environment, you need to configure the VLANs on the WANJet appliance. By configuring the VLANs and their VLAN tags, you include the WANJet appliance in those VLANs. The WANJet appliance recognizes the tags and can optimize traffic from those VLANs.

The WANJet appliance IP address is automatically listed in the WANJet VLAN settings table with a VLAN tag of 0 (meaning no tag is assigned).

You can:

  • Add VLANs. The WANJet appliance optimizes traffic tagged with those VLAN tags; it also optimizes untagged traffic that meets the optimization policy guidelines.
  • Configure the local WANJet appliance IP address with a VLAN tag. The WANJet appliance optimizes traffic tagged with that VLAN tag. If you add additional VLANs, it optimizes traffic from those VLANs as well, but it does not optimize untagged traffic.

You can also modify VLAN information or delete VLANs no longer configured. The following procedures describe how to perform these VLAN management tasks.

To add a VLAN to a WANJet appliance

  1. In the navigation pane, expand Configuration and click Local WANJet.
    The Local WANJet appliance screen opens.
  2. Click the VLAN Settings link beneath the table.
    The VLAN Setting screen displays with all of the currently defined VLANs.
  3. Click the Add button.
    The Add VLAN screen opens in a separate window.
  4. In the WANJet Virtual IP box, type the virtual IP address assigned to the local WANJet appliance on this VLAN. That is, the IP address that other machines on the VLAN use to communicate with the local WANJet appliance.
  5. In the VLAN Netmask box, type the subnet mask for the VLAN.
  6. In the VLAN Gateway box, type the virtual IP address of the gateway machine for the VLAN.
  7. In the VLAN Tag box, type the VLAN ID that the WANJet appliance uses to preserve tagged Ethernet frames that pass to and from the VLAN. Valid values are 2 through 4094 (0 means assign no VLAN tag, and 1 is reserved).
  8. Click the OK button.
    The Add VLAN screen closes.
  9. Click the Save button.
    The VLAN is automatically added as a local subnet as part of the optimization policy on the local WANJet appliance. It is also added as a remote subnet on any remote WANJet appliances that are linked to the local appliance.

To configure the local WANJet appliance IP address with a VLAN tag

  1. In the navigation pane, expand Configuration and click Local WANJet.
    The Local WANJet appliance screen opens.
  2. Click the VLAN Settings link beneath the table.
    The VLAN Setting screen opens.
  3. Click the IP address of the local WANJet appliance (it is automatically listed first in the table).
    The Edit VLAN Tag Associated with WANJet IP popup screen opens in a separate window. You can edit only the VLAN Tag.
  4. In the VLAN Tag box, type the ID of the VLAN to which the local WANJet appliance belongs.
  5. Click the OK button.
    The popup screen closes.
  6. Click the Save button.
    The WANJet appliance optimizes only tagged traffic from this point on. To be optimized, the traffic needs to be tagged with the VLAN tag of the local WANJet appliance or with the tags of other VLANs that you added on the WANJet VLAN Settings screen.

To edit or remove a VLAN on the WANJet appliance

  1. In the navigation pane, expand Configuration and click Local WANJet.
    The Local WANJet appliance screen displays
  2. Click the VLAN Settings link beneath the table.
    The VLAN Setting screen displays with all of the currently defined VLANs.
  3. Click the IP address of the VLAN configuration you want to edit or remove.
    The Edit VLAN popup screen opens in a separate window.
  4. Edit the VLAN information, or click the Remove button to remove it.
  5. Note: On the local WANJet appliance, you can edit only the VLAN Tag, not the WANJet IP address, WANJet Netmask, or the WANJet Gateway. You cannot remove the local WANJet appliance.
  6. Click the OK button.
    The Edit VLAN screen closes.
  7. Click the Save button.
Important

If you remove a VLAN from a local WANJet appliance, you must also remove it from the list of subnets supported by that WANJet appliance.

Managing remote WANJet appliances

To optimize the data that is sent over a network link, you need a pair of WANJet appliances, each running the WANJet appliance software. A remote WANJet appliance reverses the optimization process for data that is sent from the local WANJet appliance. For this configuration to work, the local WANJet appliance must be aware of the remote WANJet appliance. If you do not specify a remote WANJet appliance to receive the processed data, network traffic passes through the local WANJet appliance without being optimized.

To add a remote WANJet appliance

  1. In the navigation pane, expand Configuration and click Remote WANJet.
    The Remote WANJet screen opens.
  2. Click the Add button.
    The Manage Remote WANJet appliance screen opens.
  3. From the WANJet Type list, select Single.
    Or, if you have two connected WANJet appliance peers on the same remote LAN, select Redundant. (See Configuring redundant peers for an explanation about these node types.)
  4. In the WANJet IP box, type the IP address for the remote WANJet appliance.
  5. If you selected Redundant in Step 3 , for Redundant Peer, type the IP address for the peer WANJet appliance in the Node 2 box. Otherwise, the field is not available, and you can skip to Step 6 .
  6. Note: The Node 2 box appears only if you select Redundant from the WANJet appliance type menu.
  7. In the WANJet Alias box, type a name for the remote WANJet appliance. The name must have fewer than 14 characters.
  8. In the WANJet Port box, type the main port number on which the remote WANJet appliance listens for data from the local WANJet appliance. The default port number is 3701.
  9. Note: If you change the WANJet appliance port number, you must change it for all connected WANJet appliances.
  10. In the Shared Key box, type the shared key that authenticates between the local and remote WANJet appliances. You can set a unique shared key for every pair of WANJet appliances.
  11. Leave the Local GRE IP and Remote GRE IP addresses blank unless you are using GRE tunneling between two routers with a one-arm WANJet appliance configuration (see Using transparent proxy with generic routing encapsulation tunneling , located in Chapter 3, for details on this configuration).
  12. If you are using GRE tunneling, for Local GRE IP, type the IP address of the local end of the GRE tunnel, and for Remote GRE IP, type the IP address of the remote end of the GRE tunnel.

  13. If you specified an IP address in the LAN Router field on the Local WANJet screen, you can select an MTU (Maximum Transmission Unit) type. The MTU is the maximum packet size in bytes that can be transmitted across a link. For MTU, select one of the following MTU types:
    • Direct
      The default value for this type is 1500 bytes, and is the most common MTU type used for the IP protocol.
    • VPN
      The default MTU for this option is 1400 bytes.
    • Other
      You can specify the MTU value required by your network.
  14. Click the OK button.
    The Manage Remote WANJet screen closes.
  15. Click the Save button.

You now need to add the gateway of the remote WANJet appliance as a disabled subnet. For more information, see Managing subnets .

To edit or remove a remote WANJet appliance

  1. In the navigation pane, expand Configuration and click Remote WANJet.
    The Remote WANJet screen opens.
  2. Click the IP address for the WANJet appliance that you want to edit or remove.
    The Manage Remote WANJet appliance screen opens.
  3. Edit the information or click the Remove button to remove the remote WANJet appliance.
  4. Note: If you edit a port number, you must change that port number on all connected WANJet appliances. If you remove a WANJet appliance, you remove all associated subnets and ports.
  5. Click the OK button.
    The Manage Remote WANJet appliance screen closes.
  6. Click the Save button.
Important

If you remove a remote WANJet appliance, the local WANJet appliance no longer recognizes it, and any data sent to the removed remote WANJet appliance's network passes through without being optimized.

Changing the interface speed

The WANJet appliance supports both half-duplex and full-duplex data transmission for the LAN (eth0), WAN (eth1) and Management port (eth3) interfaces. The available speeds (for example, 100 BaseTX or 10 BaseT) vary depending on the WANJet platform you are using.

By default, the interface speeds of all WANJet platforms are set to Auto Negotiate, causing them to negotiate the interface speeds automatically; however, you can use the following procedure to manually specify the speed of the network interfaces that the WANJet appliance uses to communicate with the LAN, the WAN, and the management network.

To change network interface settings

  1. In the navigation pane, expand Configuration and click Interfaces.
    The NIC Configuration screen opens.
  2. From the Media Type list for eth0, select the interface speed and duplex setting that corresponds with the link between the LAN switch and the WANJet appliance (the default is Auto Negotiate). The speed and duplex values for the LAN and the WAN interfaces must match.
  3. From the Media Type list for eth1, select the interface speed and duplex setting that corresponds with the link between the WAN router and the WANJet appliance (the default is Auto Negotiate). The speed and duplex values for the LAN and the WAN interfaces must match.
  4. From the Media Type list for eth3, select the interface speed and duplex setting that corresponds with the link between the management network and the WANJet appliance (the default is Auto Negotiate). The speed and duplex values do not need to match those of the LAN and WAN interfaces.
  5. Click the Save button.

Managing static routes

The Static Routes table contains information about the gateway (router) that you specify to route the data for a specific network. Data packets sent to the defined gateway use the relevant static route to identify their destination.

When you specify a LAN router for your local WANJet appliance, all subnets configured for the local WANJet appliance use it to identify the destinations of packets.

Note

To specify a gateway for each subnet, remove the IP address from the LAN Router box on the Local WANJet appliance page. See Updating a configuration , for specific instructions.

To add a static route

  1. In the navigation pane, expand Configuration and click Routes.
    The WANJet Routes screen opens.
  2. In the Network box, type the subnet's IP address for which you want to route data to a specific gateway.
  3. In the Netmask box, type the netmask for the network.
  4. In the Next Hop box, type the IP address for the gateway to which the data should be routed. Data packets use this gateway to send them to their destination.
  5. In the MTU box, type the maximum packet size of datagrams that you want transferred through this route.
  6. Click the Save button.

To edit or remove an existing static route

  1. In the navigation pane, expand System Settings and click Routes.
    The WANJet Routes screen opens.
  2. Modify the Network and/or Netmask settings as required, or clear the Network settings for the route that you want to remove.
  3. Click the Save button.

Configuring Syslog and SNMP settings

You can configure the WANJet appliance to retrieve Syslog, SNMP, and RMON2 reports from specific servers, and specify whether RMON2 data is gathered before (raw data) or after the WANJet appliance processes it (WANJet data). You can explicitly specify which IP address to use for SNMP: either the Management IP (the default) or the WANJet data IP (also called the bridge IP). You can also define the community string for viewing SNMP reports.

To configure Syslog and SNMP settings

  1. In the navigation pane, expand Configuration and click Monitoring.
    The WANJet Syslog and SNMP screen opens.
  2. Check the Syslog Server IP check box and type the IP address of the server that receives Syslog data from the WANJet appliance.
  3. Specify which log to store:
    • Application
      Stores only the application error log on the server that you specified.
    • All
      Stores all error logs on the server that you specified.
  4. Check the SNMP Server IP check box and type the IP address of the SNMP server to which the WANJet appliance sends error messages. (For more information about viewing SNMP reports, see SNMP reports , located in Chapter 8.)
  5. To view RMON2 data, check the Enable RMON2 Logs check box and select an option:
    • Raw Data
      To view RMON2 logs before the WANJet appliance processes traffic.
    • WANJet Data
      To view RMON2 logs after the WANJet appliance processes traffic.
    Note: For information about RMON2 data, refer to RMON2 Reports , located in Chapter 8. For details on the Raw Data and WANJet Data settings, see RMON2 configuration settings , located in Chapter 8.
  6. For SNMP IP, select which IP address you want SNMP to use as the source address in response to SNMPv1 GET requests, and for sending SNMP traps. The choices are Management IP (set by default) or WANJet IP.
  7. In the Community String box, type the shared community string that enables the SNMP server to access SNMP reports on the WANJet appliance. The community string is a text string (up to 32 characters including a-z, A-Z, 0-9, hyphen, and underscore) set on the SNMP server to authenticate access.
  8. Click the Save button.
    The Syslog and SNMP page refreshes, and the changes are committed to the WANJet appliance.

Configuring email alerts

You can configure the WANJet appliance to send an email that includes a system snapshot (containing current system information) to a specific email address in the event of system failure.

Note

For information about how to download system snapshots directly, refer to Diagnostic Log , located in Chapter 8.

To configure email alerts

  1. In the navigation pane, expand Configuration and click Email Alert.
    The WANJet Email Alert screen opens.
  2. In the Email address box, type the email address to which you want the system snapshot sent. If you want the email alert to go directly to F5 Networks, type WANJetSupport@f5.com.
  3. In the From Email address box, type the email address from which you want the email to appear to be sent.
  4. This does not need to be a valid email address, but it should look like a valid address to pass through spam filters. F5 Networks recommends that you use the alias of the WANJet appliance from which the snapshot was taken as the first part of the address (before the @ symbol), and your company's domain name as the second part of the address. For example, WJ_NewYork@company.com.

  5. In the SMTP Server IP box, type the IP address (not the domain name) of an SMTP mail server that is accessible from the WANJet appliance.
  6. In the SMTP Server Port box, type the port number for the mail server to which the SMTP request for the email alert will be sent.
  7. Note: Typically, the port for SMTP is 25; however, the default port that the WANJet appliance uses for email alerts is 443 (which is normally used by SSL traffic). The WANJet appliance uses port 443, because it is more likely to be allowed through by a firewall. Verify that the mail server specified in the SMTP Server IP box is set up to forward traffic on port 443 to port 25.
  8. To automatically email system snapshots, check the Enabled box.
  9. Email alerts are disabled by default, but F5 Networks recommends that you enable them after you configure the settings on the WANJet Email Alert screen.

  10. Click the Test Me button to confirm that the WANJet appliance can access the mail server and send the email. You can use the test feature to send a simple test message, create a new system snapshot to send, or send all past system snapshots. F5 Networks recommends that you send a test message, because the WANJet appliance does not attempt to resend failed emails.
  11. After you have confirmed that the email alert that you configured works, click the Save button.

Configuring redundant peers

The WANJet appliance supports high availability through redundant pairs, or peers. Redundancy offers a continuous mode of operation and eliminates a central point of failure for LAN switching and routing. The WANJet appliance supports redundancy using a second WANJet appliance on a LAN, connected to a redundant router. The second WANJet appliance is known as a redundant peer. If one of the LAN's routers fail, the corresponding WANJet appliance detects that the router is down and continues service through the remaining active router and WANJet appliance.

Not only does this redundant system offer you a continuous mode of operation, but it also provides load balancing under normal network conditions by distributing network traffic over two WANJet appliances. Figure 6.1 shows an example of redundant peer configuration.

 

 

Figure 6.1 Redundant peer configuration

To access redundant peers through the Web UI of a remote WANJet appliance, you must add both the primary peer (WANJet1) and the redundant peer (WANJet2) to the remote WANJet appliance (WANJet3). For example, to configure the WANJet appliances shown in Figure 6.1 , you need to perform the following tasks:

  • On WANJet1, set up WANJet2 as a redundant peer, and WANJet3 as a remote WANJet appliance.
  • On WANJet2, set up WANJet1 as a redundant peer, and WANJet3 as a remote WANJet appliance.
  • On WANJet3, add both WANJet1 and WANJet2 as remote WANJet appliances, set its type as Redundant, then specify WANJet2's IP address as the Redundant Peer.

For information about how to add remote WANJet appliances, see Managing remote WANJet appliances .

To set up a local WANJet appliance as a redundant peer

  1. In the navigation pane, expand Configuration and click Local WANJet.
    The Local WANJet screen opens.
  2. Check the Redundant Peer IP box.
    A new field appears next to the check box.
  3. In the new Redundant Peer IP field, type the IP address of the WANJet appliance that is the redundant peer of this WANJet appliance.
  4. Click the Save button.
    The Local WANJet screen refreshes, and the changes are committed to the WANJet appliance.

Configuring one-arm topology

You can deploy the WANJet appliance out-of-line in a one-arm topology, with one physical connection to the LAN and no direct connection to the WAN.

 

Figure 6.2 One-arm deployment

For more information about this configuration, see One-arm deployment , located in Chapter 3.

To configure the WANJet appliance in a one-arm configuration

  1. Perform initial configuration of the WANJet appliance as described on the Quick Start Card.
  2. Position the WANJet appliance so that it connects to a router that is inline, connecting the WAN port of the WANJet appliance to the router (see Figure 6.2 ).
  3. Log on to the WANJet appliance, as described in Logging on to the WANJet Web UI , located in Chapter 4.
  4. In the navigation pane, expand Optimization and click Operational Mode.
    The Operational Mode screen opens.
  5. For the Topology setting, select One-Arm.
    When you select One-Arm topology for the operational mode setting, a new section entitled Redirection Method appears.
  6. For the Redirection Method setting, select one of the following options:
    • Static Routing
      Use this option if each client on your LAN is configured to route network traffic through the WANJet appliance. Go to step 8.
    • Transparent Proxy
      Use this option if LAN traffic designated for optimization is directed to the WANJet appliance by a router (also for GRE tunneling). Go to step 7.
    • Non-Transparent Proxy
      Use this option if you want the WANJet appliance to act as the default gateway for all clients in the LAN. In this configuration, every client on the LAN must be configured to use the WANJet appliance's IP address as its default gateway. Go to step 8.
  7. If you select Transparent Proxy in step 3, a new section entitled Discovery Method appears. From this section, select one of the following options:
    • Static
      Use this option if passthrough traffic is not routed to the WANJet appliance. (Use this option also for GRE tunneling.) When you choose Static as the Discovery Method, only network traffic that is scheduled for optimization is routed through the WANJet appliance. This traffic is lost if the WANJet appliance is not running. If you select this option, skip to step 9.
    • WCCP v2
      Use this option if the WANJet appliance communicates with your network router using the Web Cache Coordination Protocol (WCCP). In this case, all network traffic is routed through the WANJet appliance, but the router by-passes the appliance if the WANJet appliance is not running. If you select this option, proceed to step 8.
  8. If you select WCCP v2 as the discovery method in step 7, configure the following settings:
    1. In the Service ID box, type the service group identifier. This must be a number between 51 and 100, and must match the service ID configured on the LAN router.
    2. In the Priority box, type the priority assigned by the router to the service group. This number determines the order in which redirection rules are followed. This must be a number between 0 and 255, and must match the priority configured on the LAN router.
    3. In the Router box, type the IP address that the LAN router uses to communicate with the WANJet appliance.
    4. Check the Authenticate box.
    5. If WCCP is configured to require authentication between the WANJet appliance and the LAN router, type a password in the Password box.
  9. Click the Save button.

Introducing high-availability features

When combined with a redundant network topology, the WANJet appliance's high-availability features ensure that a failure in a networking device connected to WANJet appliance peers does not result in loss of connectivity or loss of application optimization.

The following WANJet appliance functions work with the high-availability features of the network:

  • Bridging of traffic not configured for optimization
  • Fail-to-wire mode for all traffic
  • Peer port for redundant data path and peer health checks
  • Load balancing and health checks of remote WANJet appliance peers

The following sections discuss each feature in detail and provide information on integrating these features into the network architecture. Additionally, standard and alternate network configurations are discussed.

WANJet appliance bridging functionality

When deployed in an inline configuration (LAN and WAN ports connected), the WANJet appliance acts as a Layer 2 bridge for network traffic that is not configured for WAN optimization. Ethernet frames with unoptimized traffic are bridged between the LAN and WAN interfaces.

The ability to act as a bridge for traffic that is not optimized allows the WANJet appliance to be incorporated into redundant network topologies and to support the high-availability features of other network devices. Protocols such as the Address Resolution Protocol (ARP), the Spanning Tree Protocol (STP), the Virtual Router Redundancy Protocol (VRRP) and the Hot Standby Redundancy Protocol (HSRP) function normally in the presence of a WANJet appliance.

Redundancy protocols typically create a shared Virtual IP address (VIP). The VIP is the default gateway for the hosts on the LAN. One router uses the VIP to actively pass traffic, while the other router acts as a standby. The redundancy protocol sends multicast packets between the active and standby routers to indicate that the active router is healthy and continues to pass traffic. These packets are bridged through the active router's WANJet appliance and LAN switches, and bridged back through the peer WANJet appliance to the standby router.

If a failure in a network component (other than the WANJet appliance) prevents the multicast packets from reaching the standby router, the standby router becomes the active router by sending out an ARP packet indicating that it now owns the VIP (this process is often called gratuitous ARP). The gratuitous ARP packet is a Layer 2 broadcast packet, which is bridged by the WANJet appliance to the LAN hosts. LAN hosts then begin using the new router (but with the same IP address, namely the VIP) as their default gateway to send traffic to other networks.

Note

WANJet appliances themselves can use the VIP as their default gateway IP address. If WANJet appliances connect directly from their WAN ports to their routers, both WANJet appliances must use the non-virtual IP address of their connected router's interface.

To use the VIP as the WANJet appliances' default gateway (to achieve redundant default gateways for the WANJet appliances), both of the WANJet appliance WAN ports must connect to switches or other Layer 2 devices that then connect to both routers. Depending on the details of the topology and configuration of your Layer 2 devices and routers, this may introduce Layer 2 loops that require resolution through the Spanning Tree Protocol or other means.

WANJet appliance fail-to-wire feature

A core feature of WANJet appliance high availability is its fail-to-wire feature (set by default). Fail-to-wire functionality guarantees that a failure of a WANJet appliance does not block data traveling between the LAN and WAN ports when the WANJet appliance is deployed in an inline topology (as opposed to one-armed topology). When a failure in WANJet appliance occurs, the WANJet appliance network interface hardware opens a path that connects the LAN and WAN ports directly. Refer to Setting operational modes , for how to configure the fail-to-wire setting.

A WANJet appliance in fail-to-wire state acts effectively as a patch panel connecting two Ethernet cables. In the event of a WANJet appliance failure, data continues to flow between the two connected devices (such as switches, routers, or another WANJet appliance) on either side of the WANJet appliance. By allowing data to pass between connected devices in this manner, WANJet appliance failure does not result in the loss of network connectivity for clients, servers, and other networking devices.

You can configure fail-to-wire to occur regardless of the type of failure in the WANJet appliance, including software bugs, hardware bugs, or hardware failures in components, such as memory chips or hard disks (except physical damage to the WANJet appliance's fail-to-wire hardware components), and loss of power to the WANJet appliance.

The fail-to-wire feature requires that the Ethernet parameters (that is, duplex and speed) of the connected devices' network interfaces are the same, as they would be if cabled directly together.

Duplex and speed

You must set the duplex and speed appropriately for the ports on the connected devices. F5 Networks recommends configuring the WANJet appliance interfaces and the interfaces of connected devices to autonegotiate duplex and speed.

After you configure the connected to autonegotiate, F5 Network recommends checking the Diagnostics report (see Diagnostics reports , located in Chapter 8) to determine whether both the LAN and WAN interfaces have autonegotiated the same settings. If so, fail-to-wire will work correctly in case of failure. If duplex, speed, or both settings have different values, you need to manually set the parameters on all devices to the same values.

Cable type

Cabling two network devices together may require use of an Ethernet cable with standard wiring (often called a straight-through cable), or may require an Ethernet cable with pinouts 1, 2, 3, and 6 of one connector wired to pinouts 3, 6, 1 and 2 (respectively) of the connector on the other end (often called a crossover cable). The WANJet appliance Gigabit Ethernet network interfaces can automatically sense which cable type is present (auto-sensing MDI/MDI-X), so during normal operation cable type should not be an issue.

However, in fail-to-wire mode, the effective cable type (that is, the combination of the two cable types) may or may not be appropriate for the two connected devices. As per the Gigabit Ethernet specification, Gigabit Ethernet network interfaces perform auto-sensing of the crossover cable, and configure themselves appropriately. If one or both devices possess Gigabit Ethernet interfaces, you can use any combination of the two cable types for the two cables connected to the WANJet appliance. If neither connected device possesses a Gigabit Ethernet network interface, you must choose the cable type based on the type of devices that effectively connect during fail-to-wire mode.

WANJet appliance fail-close feature

An alternative configuration to fail-to-wire exists. You can configure the WANJet appliance to fail-close, which breaks the connectivity between connected devices. This may be desirable if an administrator wishes to create a redundant network architecture in which all traffic is routed to the peer WANJet appliance when a WANJet appliance failure occurs. When used with the redundancy features of the other network components, fail-closed can prevent the creation of an unoptimized path through the network. Fail-close requires a hardware modification on the WANJet 400 appliance.

If you cannot use fail-close, but requirements do not permit a path in the network that does not have optimization, you can use the router connected to the WAN port to perform policy-based routing of unoptimized traffic, directing it to the active peer WANJet appliance for optimization.

Consult the documentation for your routing device, and contact F5 Networks support for additional information on high-availability configuration of WANJet appliances with policy routing.

WANJet appliance peer port

Every WANJet appliance model has an Ethernet port labeled Peer. You connect the peer ports of two WANJet appliances using a crossover cable when the WANJet appliances are deployed as a redundant pair. The peer network has two functions: passing network traffic being optimized by a peer, and sending heartbeat packets between the peers.

Passing network traffic being optimized by a peer

The peer network provides an alternate path for network traffic that is being optimized by a given WANJet appliance, but due to a failure in the network the normal path to the WANJet appliance is not available. When a failure on the network prevents traffic from reaching a WANJet appliance, redundant paths in a network should permit this traffic to take a path to the peer WANJet appliance. However, this peer has no knowledge of established optimized sessions belonging to the other WANJet appliance, because WANJet appliances do not pass information about existing sessions to each other.

Instead of passing state information, the WANJet appliances pass actual traffic from one WANJet appliance to the other (and possibly receive it back) over the peer network. The WANJet appliance passes packets to the peer if it does not recognize the packets as part of one of its own existing optimized sessions, or if the packet has not yet been identified as part of an unoptimized session that should be bridged between LAN and WAN ports.

The peer network uses multiple VLANs; a WANJet appliance sending packets to its peer selects the VLAN based on the interface from which the packet was received (LAN or WAN), and whether the packet is being sent to a peer (first transit of peer network) or returned from a peer (second transit of peer network). In this way, the VLAN tag represents the meta-information associated with each packet that is needed to make decisions on packet handling.

Packets arriving on the LAN or WAN ports

The WANJet appliance checks all packets arriving on the LAN or WAN ports to determine how to handle them. A SYN packet is a type of packet that TCP uses when initiating a connection to another computer. The WANJet appliance handles SYN packets differently from other packets and applies the following logic when deployed in a peer configuration:

If the packet is a SYN packet

The WANJet appliance checks the source IP address and destination port against the optimization rules:

  • If a matching rule is found, the WANJet appliance that received the packet optimizes the packet's session.
  • If a matching rule is not found, the WANJet appliance that received the packet bridges the packet.
If the packet is not a SYN packet

The WANJet appliance checks the source and destination IP addresses and ports against the table of existing optimized sessions:

  • If a matching record is found, the WANJet appliance that received the packet optimizes the packet

If a matching record is not found, the WANJet appliance then checks the source and destination IP addresses, and the ports against the table of connections to be bridged:

  • If a matching record is found, the WANJet appliance that received the packet bridges the packet.
  • If a matching record is not found, the WANJet appliance forwards the packet over the peer network to the peer WANJet appliance.

Packets arriving on the peer port

If the packet is in the VLAN representing the first transit of the peer network, the WANJet appliance checks the source and destination IP addresses and ports against the table of existing optimized sessions:

  • If a matching record is found, the WANJet appliance that received the packet on the peer port optimizes the packet.
  • If a matching record is not found, the WANJet appliance returns the packet over the peer network to the WANJet appliance that first received the packet.

If the packet is in the VLAN representing the second transit of the peer network (no matching record found by the peer after the first transit of peer network), the packet's source and destination IP addresses and ports are added to the table of connections to be bridged, and the packet is bridged in the direction indicated by the VLAN in which it was sent.

Unlike the LAN and WAN ports, the peer port does not perform Layer 2 bridging. Connecting WANJet appliance peer ports does not create bridge loops.

Heartbeat packets between peers

The WANJet appliance also uses the peer port to send heartbeat packets to its peer. These heartbeats are standard ICMP echo requests and responses. Failure to obtain a response after a request causes the requesting WANJet appliance to mark its peer as down, and to stop sending across the peer connection those packets which may be part of previously optimized sessions.

WANJet appliance remote peer load balancing and failure detection

To configure a pair of WANJet appliances as peers, you must add the IP addresses of the two peers to all remote WANJet appliances. When a remote WANJet appliance starts, it attempts to establish optimized TCP tunnels to both peers. If the network topology allows packets from the remote WANJet appliance to both of the peer IP addresses, the remote WANJet appliance passes optimized sessions to both peers, achieving a basic form of load balancing.

If the remote sites themselves have peers, you configure both remote peers with the IP addresses of the peers. For example, Site 1 has WANJet appliance peers A and B. Site 2 has WANJet appliance peers C and D. WANJet appliances A and B each attempt to establish tunnels to WANJet appliances C and D, and WANJet appliances C and D each attempt to establish tunnels to WANJet appliances A and B.

A WANJet appliance that establishes two tunnels to remote peers constantly monitors the optimized TCP tunnel connection. If one connection fails, either due to failure of a remote WANJet appliance or failure in the network path, the WANJet appliance considers the remote WANJet appliance to be down, and redirects new optimized traffic to the remaining remote peer until the tunnel can be reestablished. In our example, if a networking device at Site 2 fails, causing WANJet appliance C to be inaccessible, then WANJet appliances A and B send new connections only to WANJet appliance D.

When a remote WANJet appliance experiences a failure, existing optimized sessions to the failed WANJet appliance are lost, and must be reestablished at the application level. Many applications perform this step without end-user interaction (for example, CIFS file sharing). Some applications require end-user interaction. A web browser connected to an HTTP server might require the user to reclick on a link or hit the refresh button, for example. The WANJet appliance does not exchange state information about existing connections with its peer. See WANJet appliance peer port , for more information.

Alternate high-availability configurations

Most high-availability configurations use redundant WANJet appliance peers inline in a topology with parallel data paths. However, you can also deploy redundant WANJet appliances using other topologies, such as the one-arm configuration or an advanced inline configuration.

High-availability and one-arm configuration

When you deploy WANJet appliances in a one-arm topology, you have several options to direct traffic for optimization. The most common of these options is using the Web Cache Control Protocol (WCCP). WCCP contains load-balancing and fault tolerance mechanisms, which permit the use of multiple WANJet appliances.

In this scenario, peer functionality using the peer port and peer network is unnecessary. The WCCP-enabled router or other device that directs traffic to WANJet appliances performs all needed tasks to handle failures of the WANJet appliances or failures in the intervening network.

The number of WANJet appliances employed for redundancy is not limited to two; you can place multiple WANJet appliances, up to the limits of the WCCP device.

In addition to WCCP, you can use policy-based routing to direct traffic to the WANJet appliances in a one-arm deployment. The devices performing policy-based routing may provide health-checking mechanisms to verify the routing through the WANJet appliances.

Alternatively, you can use the peer functionality in combination with fail-to-wire to allow a WANJet appliance to seamlessly optimize traffic if its peer fails. For further information on redundancy in policy-based routing scenarios, consult the documentation for your routing device, and contact F5 Networks support for additional information on high-availability configuration of WANJet appliances with policy routing.

Alternate inline configuration for high availability

Additionally, there is another configuration for redundant WANJet appliances that are deployed inline. You can deploy two WANJet appliances in sequence (with the WAN port of one connecting to the LAN port of the second). You configure both to optimize the same network traffic. The WANJet appliance closer to the clients or servers performs the optimizations, while the WANJet appliance behind it bridges all traffic.

If the optimizing WANJet appliance fails in this configuration, the fail-to-wire feature passes unoptimized traffic to the second WANJet appliance, which performs the optimization. Sequential deployment eliminates the potential drawback to the basic inline topology, that a WANJet appliance in the fail-to-wire state can create a network path with no optimization. This deployment scenario is attractive when the network topology itself does not contain redundant paths (often the case with a branch office network), but you want redundancy of WANJet appliances.