BIG-IP WAN Optimization Manager Configuration Guide. Version 11.2

Transcription

1 BIG-IP WAN Optimization Manager Configuration Guide Version 11.2

2

3 Table of Contents Table of Contents Legal Notices...5 Acknowledgments...7 Chapter 1: Basic BIG-IP WOM Setup...11 About WAN optimization using BIG-IP WOM...12 About the WAN Optimization Quick Start screen...12 Setting up WAN optimization using the Quick Start screen...13 About forwarding non-tcp traffic through an isession over IPsec tunnel...14 Creating a virtual server for non-tcp isession traffic...14 About bandwidth management...15 Chapter 2: Disk Management for Datastor...17 About disk management...18 Provisioning solid-state drives for datastor...19 Monitoring SSD usage...21 Chapter 3: WOM Configuration on the Chassis...23 About WOM configuration on the chassis...24 Setting up WOM on vcmp...24 Chapter 4: WOM Virtual Edition...27 About BIG-IP WOM Virtual Edition...28 Hypervisor guest definition...28 Licensing considerations...28 Configuration considerations...28 Provisioning extra VE disk for datastor...29 Chapter 5: Endpoints...31 About endpoints...32 About local endpoints and high availability...32 Customizing local endpoint settings...32 About isession listeners...33 Adding isession listeners...33 Chapter 6: Discovery...35 About discovery on BIG-IP WOM

4 Table of Contents About dynamic discovery of remote endpoints...36 Modifying dynamic discovery of remote endpoints...36 Manually adding remote endpoints for WAN optimization...36 About subnet discovery...37 Modifying automatic discovery of advertised routes...38 Verifying subnet discovery...39 Adding advertised routes manually...39 Chapter 7: Deduplication...41 What is symmetric data deduplication?...42 Which codec do I choose?...42 Enabling symmetric data deduplication...42 Disabling symmetric data deduplication...43 Chapter 8: Optimized Applications...45 About optimized applications for WAN Optimization...46 About isession profiles...46 Customizing compression settings for isession traffic...46 Screen capture showing compression settings...47 About optimization of SSL applications...48 Manually configuring optimized applications for outbound traffic...49 Manually configuring optimized applications for inbound traffic...50 About CIFS traffic optimization...50 Adjusting CIFS optimization over the WAN...51 About MAPI optimization...51 Enabling Microsoft Exchange compression for MAPI optimization...52 Enabling automatic discovery of Exchange Servers for MAPI optimization...52 Chapter 9: Diagnostics...53 About WAN optimization diagnostics...54 WOM diagnostic error messages...54 Troubleshooting network connectivity for WAN Optimization Manager...55 Running WAN optimization configuration diagnostics

5 Legal Notices Publication Date This document was published on May 7, Publication Number MAN Copyright Copyright 2012, F5 Networks, Inc. All rights reserved. F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5 assumes no responsibility for the use of this information, nor any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent, copyright, or other intellectual property right of F5 except as specifically described by applicable user licenses. F5 reserves the right to change specifications at any time without notice. Trademarks 3DNS, Access Policy Manager, Acopia, Acopia Networks, Advanced Client Authentication, Advanced Routing, APM, Application Security Manager, ARX, AskF5, ASM, BIG-IP, Cloud Extender, CloudFucious, CMP, Data Manager, DevCentral, DevCentral [DESIGN], DNS Express, DSC, DSI, Edge Client, Edge Gateway, Edge Portal, EM, Enterprise Manager, F5, F5 [DESIGN], F5 Management Pack, F5 Networks, F5 World, Fast Application Proxy, Fast Cache, FirePass, Global Traffic Manager, GTM, IBR, Intelligent Browser Referencing, Intelligent Compression, IPv6 Gateway, iapps, icontrol, ihealth, iquery, irules, irules OnDemand, isession, IT agility. Your way., L7 Rate Shaping, LC, Link Controller, Local Traffic Manager, LTM, Message Security Module, MSM, Netcelera, OneConnect, Packet Velocity, Protocol Security Module, PSM, Real Traffic Policy Builder, Scale N, SSL Acceleration, StrongBox, SuperVIP, SYN Check, TCP Express, TDR, TMOS, Traffic Management Operating System, TrafficShield, Transparent Data Reduction, VIPRION, vcmp, WA, WAN Optimization Manager, WANJet, WebAccelerator, WOM, and ZoneRunner, are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries, and may not be used without F5's express written consent. All other product and company names herein may be trademarks of their respective owners. Patents This product may be protected by U.S. Patents 7,126,955; 7,286,476; 7,882,084; 8,121,117. This list is believed to be current as of May 7, Export Regulation Notice This product may include cryptographic software. Under the Export Administration Act, the United States government may consider it a criminal offense to export this product from the United States. RF Interference Warning This is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures.

6 Legal Notices FCC Compliance This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This unit generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user, at his own expense, will be required to take whatever measures may be required to correct the interference. Any modifications to this device, unless expressly approved by the manufacturer, can void the user's authority to operate this equipment under part 15 of the FCC rules. Canadian Regulatory Compliance This Class A digital apparatus complies with Canadian ICES-003. Standards Compliance This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to Information Technology products at the time of manufacture. 6

7 Acknowledgments This product includes software developed by Bill Paul. This product includes software developed by Jonathan Stone. This product includes software developed by Manuel Bouyer. This product includes software developed by Paul Richards. This product includes software developed by the NetBSD Foundation, Inc. and its contributors. This product includes software developed by the Politecnico di Torino, and its contributors. This product includes software developed by the Swedish Institute of Computer Science and its contributors. This product includes software developed by the University of California, Berkeley and its contributors. This product includes software developed by the Computer Systems Engineering Group at the Lawrence Berkeley Laboratory. This product includes software developed by Christopher G. Demetriou for the NetBSD Project. This product includes software developed by Adam Glass. This product includes software developed by Christian E. Hopps. This product includes software developed by Dean Huxley. This product includes software developed by John Kohl. This product includes software developed by Paul Kranenburg. This product includes software developed by Terrence R. Lambert. This product includes software developed by Philip A. Nelson. This product includes software developed by Herb Peyerl. This product includes software developed by Jochen Pohl for the NetBSD Project. This product includes software developed by Chris Provenzano. This product includes software developed by Theo de Raadt. This product includes software developed by David Muir Sharnoff. This product includes software developed by SigmaSoft, Th. Lockert. This product includes software developed for the NetBSD Project by Jason R. Thorpe. This product includes software developed by Jason R. Thorpe for And Communications, This product includes software developed for the NetBSD Project by Frank Van der Linden. This product includes software developed for the NetBSD Project by John M. Vinopal. This product includes software developed by Christos Zoulas. This product includes software developed by the University of Vermont and State Agricultural College and Garrett A. Wollman. This product includes software developed by Balazs Scheidler which is protected under the GNU Public License.

8 Acknowledgments This product includes software developed by Niels Mueller which is protected under the GNU Public License. In the following statement, This software refers to the Mitsumi CD-ROM driver: This software was developed by Holger Veit and Brian Moore for use with 386BSD and similar operating systems. Similar operating systems includes mainly non-profit oriented systems for research and education, including but not restricted to NetBSD, FreeBSD, Mach (by CMU). This product includes software developed by the Apache Group for use in the Apache HTTP server project ( This product includes software licensed from Richard H. Porter under the GNU Library General Public License ( 1998, Red Hat Software), This product includes the standard version of Perl software licensed under the Perl Artistic License ( 1997, 1998 Tom Christiansen and Nathan Torkington). All rights reserved. You may find the most current standard version of Perl at This product includes software developed by Jared Minch. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit ( This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product contains software based on oprofile, which is protected under the GNU Public License. This product includes RRDtool software developed by Tobi Oetiker ( and licensed under the GNU General Public License. This product contains software licensed from Dr. Brian Gladman under the GNU General Public License (GPL). This product includes software developed by the Apache Software Foundation ( This product includes Hypersonic SQL. This product contains software developed by the Regents of the University of California, Sun Microsystems, Inc., Scriptics Corporation, and others. This product includes software developed by the Internet Software Consortium. This product includes software developed by Nominum, Inc. ( This product contains software developed by Broadcom Corporation, which is protected under the GNU Public License. This product contains software developed by MaxMind LLC, and is protected under the GNU Lesser General Public License, as published by the Free Software Foundation. This product includes software developed by the Computer Systems Engineering Group at Lawrence Berkeley Laboratory. Copyright Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: This product includes software developed by the Computer Systems Engineering Group at Lawrence Berkeley Laboratory. 8

9 BIG-IP WAN Optimization Manager Configuration Guide 4. Neither the name of the University nor of the Laboratory may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes software developed by Sony Computer Science Laboratories Inc. Copyright Sony Computer Science Laboratories Inc. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY SONY CSL AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SONY CSL OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes software written by Steffen Beyer and licensed under the Perl Artistic License and the GPL. This product includes software developed by Bob Withers. This product includes software developed by Jean-Loup Gaily and Mark Adler. This product includes software developed by Markus FXJ Oberhumer. This product includes software developed by Guillaume Fihon. 9

10 Acknowledgments 10

11 Chapter 1 Basic BIG-IP WOM Setup Topics: About WAN optimization using BIG-IP WOM About the WAN Optimization Quick Start screen About forwarding non-tcp traffic through an isession over IPsec tunnel About bandwidth management

12 Basic BIG-IP WOM Setup About WAN optimization using BIG-IP WOM The BIG-IP WAN Optimization Manager systems work in pairs on opposite sides of the WAN to optimize the traffic that flows between them. A simple point-to-point configuration might include WAN Optimization Manager (WOM ) running on a BIG-IP system in one data center, and a second BIG-IP WOM running in another data center on the other side of the WAN. Other configuration possibilities include point-to-multipoint (also called hub and spoke) and mesh deployments. The following illustration shows an example of the flow of traffic across the WAN through a pair of BIG-IP WOM devices. In this example, traffic can be initiated on both sides of the WAN. Figure 1: Example of a traffic flow through a BIG-IP WOM pair The BIG-IP WOM as an endpoint. From the standpoint of each BIG-IP WOM, it is the local endpoint. Any BIG-IP WOM with which the local endpoint interacts is a remote endpoint. After you identify the endpoints, communication between the WOM pair takes place in an isession connection between the two devices. When you configure the local WOM, you also identify any advertised routes, which are subnets that can be reached through the local endpoint. When viewed on a remote system, these subnets appear as remote advertised routes. To optimize traffic, you select the applications you want to optimize, and BIG-IP WOM sets up the necessary virtual servers and associated profiles. The system creates a virtual server on the initiating side of the WAN, with which it associates a profile that listens for TCP traffic of a particular type (HTTP, CIFS, MAPI, FTP). The local BIG-IP WOM also creates a virtual server, called an isession listener, to receive traffic from the other side of the WAN, and it associates a profile that terminates the isession connection and forwards the traffic to its destination. For some applications, the system creates an additional virtual server to further process the application traffic. The default isession profile, which the system applies to application optimization, includes symmetric adaptive compression. Also by default, symmetric data deduplication is enabled. About the WAN Optimization Quick Start screen The Quick Start screen for WAN optimization provides all the settings you need to configure WAN Optimization Manager (WOM ) on one side of the WAN. After you have set up the BIG-IP WOM systems on both sides of the WAN, you can begin optimizing the application traffic you specify. An important advantage of configuring WOM using the Quick Start screen is that the system automatically selects TCP parameter settings based on the hardware. If you do not use the Quick Start screen, the system uses the generalized default TCP settings, which might not be optimal for your hardware. 12

13 BIG-IP WAN Optimization Manager Configuration Guide The Quick Start screen is for the initial BIG-IP WOM setup. To change the settings for any WOM objects after you have completed the initial configuration on the Quick Start screen, use the screen that pertains to that object. For example, to change the settings for the local endpoint, use the Local Endpoint screen. Setting up WAN optimization using the Quick Start screen You cannot view the Quick Start screen until you have defined at least one VLAN and at least one self IP on a configured BIG-IP system that is provisioned for WOM. Use the Quick Start screen to quickly set up WAN Optimization Manager on a single screen of the BIG-IP system using the default settings. To optimize WAN traffic, you must configure BIG-IP WOM on both sides of the WAN. 1. Log in to the BIG-IP WOM system that you want to configure. The default login value for both user name and password is admin. 2. On the Main tab, click WAN Optimization > Quick Start. 3. In the WAN Self IP Address field, type the local endpoint IP address. This IP address must be in the same subnet as a self IP address on the BIG-IP system. To make sure that dynamic discovery properly detects this endpoint, the IP address must be the same as a self IP address on the BIG-IP WOM system. 4. Verify that the Discovery setting is set to Enabled. If you disable the Discovery setting, or discovery fails, you must manually configure any remote endpoints and advertised routes. 5. Specify the VLANs on which the virtual servers on this system receive incoming traffic. Options Description LAN VLANs WAN VLANs Select the VLANs that receive incoming LAN traffic destined for the WAN. Select the VLANs that receive traffic from the WAN through an isession connection. 6. In the Authentication area, for the Outbound isession to WAN setting, select the SSL profile to use for all encrypted outbound isession connections. To get WAN optimization up and running, you can use the default selection serverssl, but you need to customize this profile for your production environment. 7. For the Inbound isession from WAN setting, select the SSL profile to use on the incoming isession connection. To get WAN optimization up and running, you can use the default selection wom-default-clientssl. Note: If you configure the isession connection to not always encrypt the traffic between the endpoints, this profile must be a client SSL profile for which the Non-SSL Connections setting is enabled, such as wom-default-clientssl. 8. In the IP Encapsulation area, from the IP Encapsulation Type list, select the encapsulation type, if any, for outbound isession traffic. a) If you select IPsec, select an IPsec policy from the IPSEC Policy list that appears, or retain the default, default-ipsec-policy-isession. b) If you select IPIP, the system uses the IP over IP tunneling protocol, and no additional encapsulation setting is necessary. 13

14 Basic BIG-IP WOM Setup c) If you select GRE, select a GRE profile from the GRE Profile list that appears, or retain the default, gre. 9. Select the applications you want to optimize by selecting the adjacent check boxes in the Create Optimized Applications list. To secure and encrypt data, enable the Data Encryption setting for each optimized application you select. If you selected IPsec for the IP Encapsulation Type, the IPsec policy you selected determines encryption of TCP traffic. 10. Click Apply. The system creates the necessary virtual servers and associated profiles to optimize the selected application traffic, as indicated by the green check marks in the Optimizations Enabled column on the Quick Start screen. If your network supports IPv6, the BIG-IP WOM automatically creates virtual servers for both IPv6 and IPv4 networks, and uses the appropriate virtual server based on the IP addressing in your network. For some applications, such as HTTP and MAPI, the system creates a virtual server only for initiating traffic. For other applications, such as CIFS and FTP, the system creates two virtual servers: one to initiate traffic destined for the other side of the WAN and another to receive traffic from the other side of the WAN, after the traffic is terminated by the isession terminating virtual server. Note: If you are using a one-arm deployment, you must manually create the virtual servers to receive CIFS and FTP traffic, because the system detects only one VLAN. To complete the setup, repeat this task on the BIG-IP system on the other side of the WAN. About forwarding non-tcp traffic through an isession over IPsec tunnel When you configure WAN Optimization Manager (WOM ) using the Quick Start screen, you can specify IPsec encapsulation for outbound isession traffic. The BIG-IP WOM system automatically creates the necessary virtual servers for optimizing TCP traffic. If you also want to send secured and encrypted non-tcp traffic, you can create a forwarding virtual server and associate an isession profile to send non-tcp traffic through the isession over IPsec tunnel. Creating a virtual server for non-tcp isession traffic If you are using IPsec to encrypt isession traffic, you can create a forwarding virtual server to also send non-tcp traffic through the IPsec tunnel. Creating the virtual server avoids the need for any special routing for non-tcp traffic, such as UDP and ICMP. 1. On the main tab, click Local Traffic > Virtual Servers. 2. Click the Create button. 3. Type a unique name for the virtual server, such as non_tcp_traffic. 4. For the Type setting, select Forwarding (IP) from the list. 5. For the Destination setting: a) For Type, select Network. b) In the Address field, type the IP address c) In the Mask field, type the netmask In the Configuration area of the screen, from the Protocol list, select *All Protocols. 14

15 BIG-IP WAN Optimization Manager Configuration Guide 7. From the VLAN Traffic and Tunnel Traffic list, select All VLANs and Tunnels. 8. In the WAN Optimization area of the screen, from the isession list, select an isession profile. 9. Click Finished. The completed screen looks similar to the following example. Figure 2: Example of a completed virtual server screen for non-tcp isession traffic About bandwidth management You can use the rate shaping feature of the BIG-IP system to enforce a throughput policy on incoming traffic. Throughput policies are useful for prioritizing and restricting bandwidth on selected traffic patterns. The rate shaping feature works by first queuing selected packets under a rate class, and then dequeuing the packets at the indicated rate and in the indicated order specified by the rate class. A rate class is a rate-shaping policy that defines throughput limitations, and a packet scheduling method to be applied to all traffic handled by the rate class. You configure rate shaping by creating one or more rate classes and then assigning the rate class to a packet filter or to a virtual server. The BIG-IP system packet filters are based on the Berkeley Software Design Packet Filter (BPF) architecture. Alternatively, you can use the irules feature to instruct the BIG-IP systems to apply a rate class to a particular connection. 15

16 Basic BIG-IP WOM Setup Note: If you use a packet filter or irule to direct traffic to a rate class for isession traffic, you must disable the Reuse Connection setting for outbound traffic, using the isession profile associated with this traffic. 16

17 Chapter 2 Disk Management for Datastor Topics: About disk management

18 Disk Management for Datastor About disk management You can use disk management to allocate dedicated disk space for the datastor service, which increases the data storage that BIG-IP WOM uses for deduplication. Additional disk space is available in the following deployments. Selected higher-end BIG-IP WOM platforms support the use of solid-state drives (SSDs) that come in a dual-disk drive sled and are installed along with hard disk drives. If you are installing BIG-IP WOM Virtual Edition, you can select an extra disk deployment configuration. The following figure shows the Disk Management screen in a BIG-IP WOM platform that has SSDs installed. In this example, datastor is still on the primary disk; it has not been allocated to the SSDs. 18

19 BIG-IP WAN Optimization Manager Configuration Guide Figure 3: Example of the Disk Management screen Provisioning solid-state drives for datastor Before beginning this procedure, you must have licensed WAN Optimization Manager (WOM ). By default, datastor, which is the data storage used for optimization, is provisioned on the primary hard disk drive (HDD). To use solid-state drives (SSDs) on BIG-IP WOM, you must manually allocate the disk space on each SSD to the datastor service. If you install SSDs after you have provisioned WOM, you must 19

20 Disk Management for Datastor first de-provision WOM, and then delete the datastor application volume from the primary disk, before you assign the datastor service to the SSD volume. 1. On the Main tab, click System > Resource Provisioning. 2. In the Resource Provisioning (Licensed Modules) area, from the WAN Optimization (WOM) list, select None (Disabled). 3. Click Update. 4. Click OK to proceed. The BIG-IP system restarts without WOM in the configuration, which might take a minute or so. 5. Click Continue. 6. On the Main tab under System, click Disk Management. 7. If the Logical View shows Datastor allocation on HD1, delete it by performing the following steps. If datastor is not allocated to HD1, skip this step. Note: Datastor does not span the primary disk and the SSDs. If datastor is allocated to the primary disk, it will not use the SSDs. a) Click the disk label, for example HD1. The General Properties screen opens for the logical disk you selected. b) In the Contained Application Volumes area, select the check box for Datastor, and click Delete. 8. On the Disk Management screen, click the SSD disk label, for example, SSD1. The General Properties screen opens for the logical disk you selected. 9. For the Mode setting, select Datastor. The following figure shows the Datastor option selected. Figure 4: Example of Logical Disk screen with Datastor selected 10. Click Update. 11. Repeat the datastor selection steps for each SSD displayed on the Disk Management screen. 12. On the Main tab under System, click Resource Provisioning. 20

21 BIG-IP WAN Optimization Manager Configuration Guide 13. In the Resource Provisioning (Licensed Modules) area, from the WAN Optimization (WOM) list, select Nominal. 14. Click Update. 15. Click OK to proceed. The BIG-IP system restarts with WOM in the configuration, which might take a minute or so. 16. Click Continue. The datastor service is now allocated to the SSDs. The datastor volume spans the installed SSDs. You can verify the result by checking the Disk Management screen. The logical view displays the datastor allocation for each disk. Monitoring SSD usage If you are using solid-state drives (SSDs) for datastor, you can view the SSD allocation and monitor the SSD lifespan. 1. On the Main tab under System, click Disk Management. 2. Use the Disk Management screen to view details about the SSDs, including the following. To view the general properties of a disk, in the Logical View area, click the disk label. In the Physical View area, note which bays contain the SSDs. In the Data Disks area, view the Media Wearout Indicator to monitor disk usage. 21

22 Disk Management for Datastor 22

23 Chapter 3 WOM Configuration on the Chassis Topics: About WOM configuration on the chassis Setting up WOM on vcmp

24 WOM Configuration on the Chassis About WOM configuration on the chassis Chassis support provides the ability to optimize your WAN traffic on BIG-IP systems in the following deployments. Provision WOM Lite along with other BIG-IP modules to use the full power of a single chassis. On the chassis, you must provision WOM Lite, in addition to any other modules you have licensed. Provision Virtual Clustered Multiprocessing (vcmp ) to have the flexibility of running multiple BIG-IP guests, each of which can include WOM Lite on a single chassis. In both cases you must configure the base license and provisioning, and then configure individual modules or vcmp guests and respective virtual BIG-IP systems. Setting up WOM on vcmp Before you start this task, you must license and provision vcmp on the BIG-IP system. This task provides basic steps for setting up WAN Optimization Manager (WOM ) Lite in a vcmp environment. The basic steps can be used for setting up any other BIG-IP module. For more information about vcmp configuration, consult the BIG-IP documentation set at F5 DevCentral ( Note: vcmp supports only WOM Lite, which does not require a separate license on LTM. It does not include deduplication. 1. Configure the LAN and WAN VLANs on the hypervisor cluster, and assign the proper ports. 2. Create a guest on the BIG-IP vcmp platform. The following screen capture shows an example of a guest configuration for WOM. 24

25 BIG-IP WAN Optimization Manager Configuration Guide Figure 5: Example of guest configuration for WOM on vcmp 3. Log in using the cluster IP address of the guest you created, which is in the example shown. 4. Provision WOM Lite. a) On the Main tab, click System > Resource Provisioning. b) In the Resource Provisioning (Unlicensed Modules) area of the screen, from the WAN Optimization Lite (WOML) list, select Lite (No license required). 5. Configure WOM using the Quick Start screen. For WAN optimization to take place, you must also configure a BIG-IP WOM device on the other side of the WAN to complete the isession connection. 25

26 WOM Configuration on the Chassis 26

27 Chapter 4 WOM Virtual Edition Topics: About BIG-IP WOM Virtual Edition Hypervisor guest definition Licensing considerations Configuration considerations

28 WOM Virtual Edition About BIG-IP WOM Virtual Edition BIG-IP WOM Virtual Edition (VE) is a version of the BIG-IP WOM system that runs as a virtual machine (VM) in specifically supported hypervisors. BIG-IP VE emulates a hardware-based BIG-IP WOM system running a VE-compatible version of BIG-IP software. Hypervisor compatibility, specifications, and instructions for setting up VE for any BIG-IP system are documented elsewhere. An additional consideration for BIG-IP WOM VE is the extra disk option, with which you can allocate datastor for symmetric deduplication to the disk. Hypervisor guest definition The VMware virtual machine guest environment for the BIG-IP WOM VE, at minimum, must include the following: 2 x virtual CPUs (reserve 2 GHz) 4 GB RAM with a 2-core CPU 8 GB RAM with a 4-core CPU 2 GB RAM with 2-core CPU (upgrade path from version 10.2.x) 1 x virtual Flexible (PCnet32 LANCE) network adapter (for management) 3 x virtual VMXNET3 network adapters 1 x 100 GB SCSI disk, by default 1 x up to 500 GB SCSI disk, as an extra disk option Licensing considerations The BIG-IP WOM VE product license determines the maximum allowed throughput rate. Three license options are available for BIG-IP WOM VE: WOM VE Lab License WOM VE Production License: 200M or 1G Aggregate throughput limited to 10 Mbps on the LAN side Aggregate throughput limited to 200 Mbps or 1 Gbps on the LAN side To view the rate limit, you can display the BIG-IP VE licensing page within the BIG-IP Configuration utility. Lab editions have no guarantee of throughput rate and are not supported for production environments. Configuration considerations You configure BIG-IP WOM VE just as you would any BIG-IP VE system. If you select one of the extra disk options during configuration, you can then allocate the additional disk space for symmetric deduplication datastor. If more disk space is required when using VE, you can size the extra disk from the default of 50GB to 255GB. 28

29 BIG-IP WAN Optimization Manager Configuration Guide If you configure BIG-IP WOM with an extra disk, you must then delete the datastor volume that is on the primary disk, and assign it to the extra disk. Provisioning extra VE disk for datastor Before beginning this procedure, you must have licensed and configured BIG-IP WOM Virtual Edition (VE). If you selected one of the extra disk options when you configured BIG-IP WOM VE, you must manually allocate the disk space to the datastor service, after you delete the datastor application volume from the primary disk. Datastor cannot span the primary disk and the extra disk. 1. On the Main tab, click System > Resource Provisioning. You must de-provision WOM before you can delete the datastor allocation from the primary disk. 2. In the Resource Provisioning (Licensed Modules) area. from the WAN Optimization (WOM) list, select None (Disabled). 3. Click Update. 4. Click OK to proceed. The BIG-IP system restarts without WOM in the configuration, which may take a minute or so. 5. Click Continue. 6. On the Main tab under System, click Disk Management. 7. In the Logical View area, click HD1. The General Properties screen opens for the primary disk. 8. In the Contained Application Volumes area, select the check box for Datastor, and click Delete. 9. On the Disk Management screen, click HD2. The General Properties screen opens for the extra disk. 10. In the General Properties area, for the Mode setting, select Datastor. 11. Click Update. 12. On the Main tab under System, click Resource Provisioning. 13. In the Resource Provisioning (Licensed Modules) area, from the WAN Optimization (WOM) list, select Nominal. 14. Click Update. 15. Click OK to proceed. The BIG-IP system restarts with WOM in the configuration, which may take a minute or so. 16. Click Continue. The datastor is now allocated to the extra disk. You can verify the result by checking the Disk Management screen. 29

30 WOM Virtual Edition 30

31 Chapter 5 Endpoints Topics: About endpoints About local endpoints and high availability Customizing local endpoint settings About isession listeners

32 Endpoints About endpoints For a BIG-IP device, the local endpoint is the WAN Optimization Manager (WOM ) on the system where you are working. The remote endpoint is the WAN Optimization Manager on another BIG-IP system (on the other side of the WAN), with which the local endpoint interacts. After you identify the endpoints, communication between the WAN Optimization Managers takes place in an isession connection between the two BIG-IP WOM devices. About local endpoints and high availability You can configure two BIG-IP WOM systems for high availability by setting them up as redundant systems. Both systems must be installed on the same hardware platform. When you configure two BIG-IP WOM systems for high availability, specify the floating IP address as the WAN self IP address of the local endpoint. For WAN optimization, you can use only the active/standby redundancy mode (not the active-active mode). Otherwise, you can set up redundancy as you would for any BIG-IP system. Customizing local endpoint settings Typically, you configure the local endpoint using the Quick Start screen. However, if you want to delete or disable the local endpoint, change the IP port, or specify the handling of non-isession, NAT, or SNAT traffic, you can adjust these settings on the Local Endpoint Properties screen. Note: You cannot modify the local endpoint IP address. To change it, you must first delete the current local endpoint IP address, and then add a new one. 1. On the Main tab, click WAN Optimization > Local Endpoint. 2. Take the action or actions that support your requirements. Option Action To disable the local endpoint To change the IP port To handle non-isession traffic For the State setting, clear the Enabled check box. In the Tunnel Port field, type a different number. This is the IP port that the BIG-IP WOM uses for control connections. It must be a port that is allowed access through the firewall. The range is from 1 to For the No isession Route setting, select one of the options for handling traffic for which there is no remote endpoint to complete the isession connection. Passthrough: Specifies that the traffic flow continues without an isession connection. Drop: Specifies that the traffic flow continues without an isession connection. 32

33 BIG-IP WAN Optimization Manager Configuration Guide Option To disallow NAT traffic To change the SNAT setting To delete the local endpoint Action Clear the Allow NAT check box. From the SNAT list, select an option. None: Indicates that the system uses the original connection client IP address. Local: Indicates that the system uses the endpoint IP address closest to the destination. Use this setting to make sure the return route also goes through the BIG-IP WOM system, so that both sides of the connection can be optimized. This setting is useful if responses returning from the server to the client would not normally pass through the BIG-IP WOM system. Remote: Indicates that the system uses the source IP address of the incoming isession connection. Use this setting when an appliance that uses NAT is located between the BIG-IP WOM endpoints. Click Delete. 3. Click Update. About isession listeners An isession listener is a virtual server created on the local endpoint, which terminates isession connections for inbound traffic from the WAN on the specified port. When you use the Quick Start screen to configure WAN Optimization Manager (WOM ), the system creates the default isession listener isession-virtual on the local endpoint, which monitors all incoming traffic (all ports) and terminates isession connections. Note: If you delete the system-created isession-virtual listener without creating a new isession listener, WOM cannot optimize traffic. Adding isession listeners You can add isession listeners for specific application traffic that you want the system to handle differently from the isession listener that the system creates automatically. 1. On the Main tab, click WAN Optimization > Local Endpoint > isession Listeners. 2. Click the Create button. The New isession Listener screen opens. The IP Address field displays the IP address of the local endpoint, which cannot be modified on this screen. 3. In the Name field, type a name for the isession listener. 4. For the Port setting, type the service port used by the application, or select an application from the list. When you select from the list, the Port field displays the associated default port. 5. For the Enabled VLANs setting, specify the VLANs on which this isession listener listens for incoming traffic. Move the VLANs from the Available list to the Selected list. 6. From the isession Profile list, select the isession profile to associate with this isession listener. 33

34 Endpoints 7. From the Authentication and Encryption list, select the SSL profile you want the system to use for inbound isession connections from the WAN that are terminated by this isession listener. You can use the default values clientssl and wom-default-clientssl to get the WAN Optimization Manager up and running, but you need to customize this profile for your production environment. 8. Click Finished. 34

35 Chapter 6 Discovery Topics: About discovery on BIG-IP WOM About dynamic discovery of remote endpoints About subnet discovery

36 Discovery About discovery on BIG-IP WOM To simplify configuration, particularly in large networks, BIG-IP WOM performs two types of discovery. Dynamic discovery of remote endpoints occurs when the local BIG-IP WOM detects a remote endpoint on the other side of the WAN. Local subnet discovery occurs when a client request to a server triggers the server-side BIG-IP WOM to discover and display the subnet that is connected to the server. About dynamic discovery of remote endpoints Dynamic discovery is a process through which WAN Optimization Manager (WOM ) identifies and adds remote endpoints automatically. The process occurs when the BIG-IP WOM receives traffic that is matched by a virtual server with an isession profile, but does not recognize the remote destination. When a BIG-IP WOM receives a request destined for a location on the network behind the BIG-IP WOM on the other side of the WAN, the first BIG-IP WOM sends out TCP options or ICMP probes to discover, authenticate, and initiate communication with the new remote endpoint. Note: A TCP request from the client to the server is the action that triggers discovery, not a ping between two endpoints. Modifying dynamic discovery of remote endpoints You can modify the dynamic discovery settings, such as specifying the number and types of probe messages, or disabling dynamic discovery. 1. On the Main tab, click WAN Optimization > Remote Endpoints > Discovery. 2. From the Dynamic Discovery list, select Advanced to view all the settings. 3. Modify the settings, as required. 4. Click Update to save changes. Manually adding remote endpoints for WAN optimization If the BIG-IP WOM unit is located behind a firewall or you are working in a highly secure facility and dynamic discovery does not work in your networking environment, you can manually add one or more remote endpoints. 1. On the Main tab, click WAN Optimization > Remote Endpoints. 2. Click the Create button. 3. In the Name field, type a descriptive name for the remote endpoint, such as site_b. 4. In the IP Address field, type the IP address that the local endpoint uses to communicate with the remote BIG-IP WOM. 5. For the State setting, specify whether optimization can occur between the local and remote endpoints. 36

37 BIG-IP WAN Optimization Manager Configuration Guide If you disable this setting after traffic is flowing, existing connections continue until they are completed. 6. For the Outbound Connections setting, specify whether there is a route through which the local endpoint can establish connections with this remote endpoint. 7. From the Authentication and Encryption list, select the name of the SSL profile used to connect to this remote endpoint. Any setting other than Default overrides the Outbound isession to WAN setting on the local endpoint. 8. In the Tunnel Port field, type the number of the port on the remote endpoint that BIG-IP WOM uses for control connections. You must specify a port that is allowed access through the firewall. The range is from 1 to From the SNAT list, select the address the system uses as the source IP address of the TCP connection between the BIG-IP WOM and the server. Select one of the following options: Option Description Default None Local Indicates that the system uses the SNAT value set for the local endpoint. Indicates that the system uses the original connecting client IP address. Indicates that the system uses the endpoint IP address closest to the destination. Use this setting to make sure the return route also goes through the BIG-IP system so that both sides of the connection can be optimized. Tip: This setting is useful if responses returning from the server to the client would not normally pass through the BIG-IP system. Remote Indicates that the system uses the source IP address of the incoming isession connection. Use this setting when an appliance that uses NAT is located between the WOM endpoints. 10. Click Finished. About subnet discovery An advertised route is a subnet that can be reached through a WAN Optimization Manager (WOM ). After the WAN Optimization Managers in a pair have been configured and connected, they automatically exchange advertised route specifications between the endpoints. The local endpoint needs to advertise the subnets to which it is connected so that the remote endpoint can determine the destination addresses for which traffic can be optimized. Advertised routes configured on the local endpoint become remote advertised routes on the remote endpoint; that is, the BIG-IP WOM on the other side of the WAN. When a BIG-IP WOM device is deployed in a large scale network with large number of servers, and many of them belong to different subnets, manually configuring local optimization subnets can be very time consuming. Subnet Discovery is designed to ease such configuration challenges. With local subnet discovery, instead of requiring manual configuration of local subnets for traffic optimization, the BIG-IP WOM system automatically discovers the local optimization subnet when traffic flows from the client side BIG-IP WOM device to a server-side BIG-IP WOM device. Note: A TCP request from the client to the server is the action that triggers discovery, not a ping between two endpoints. 37

38 Discovery Modifying automatic discovery of advertised routes You can modify the settings that pertain to the discovery of subnets that can be reached through the local endpoint. These settings determine how BIG-IP WOM learns about discovered subnets, and when to display the subnets. Using these settings, you can control the number and reach of the discovered subnets that are included. 1. On the Main tab, click WAN Optimization > Advertised Routes > Discovery. 2. From the Configuration list, select Advanced to view all the settings. 3. Ensure that the Discover Routes check box is selected. Note: For server discovery to take place, the setting Discover Other Endpoints on the Remote Endpoints Dynamic Discovery screen of the WOM, at the other end of the connection, must not be set to Disabled. 4. In the Stop discovery after field, type the maximum number of servers or subnets (advertised routes) you want the system to discover before it stops looking. 5. In the Do not add servers with RTT greater than field, type the maximum round-trip time in milliseconds. The system does not add discovered servers that have an RTT over this value. 6. In the Minimum prefix length for IPv4 address field, type the minimum prefix length for route aggregation in IPv4 networks. If you use the default value of 32/128, BIG-IP WOM adds the host address as the advertised route. If you change this value to 24, the system adds the /24 network in which the server resides as the advertised route. 7. In the Minimum prefix length for IPv6 address field, type the minimum prefix length for route aggregation in IPv6 networks. 8. In the Allow idle time for routes field, specify the minimum and maximum lengths of time a discovered route can be idle (no optimized traffic coming through) without being removed. You can specify these limits in days, hours, or minutes, and the unit of measure must be the same for both limits. This setting does not affect manually configured routes. 9. In the Do not add routes with ip ttl less than field, leave the default value of 5, or type a number between 0 and 255. The BIG-IP WOM system matches the value you set with the IP TTL value of the discovery packets from the server. If the packet has an IP TTL value less than the configured value, it means the server is farther away than you want, so the system does not add the advertised route (server). 10. To save the discovered subnets in the configuration, ensure that the Automatically save discovered routes check box is selected. 11. In the Filter Mode field, you can exclude from discovery a subset you specify in the Subnet Filter field. You can also narrow the scope of the subnet discovery by selecting Include and specifying only the subnets to include in discovery. Important: If you select Include without entering an IP address in the Subnet Filter field, the system does not discover any subnets. 12. Click Update to save changes. 38

39 BIG-IP WAN Optimization Manager Configuration Guide After the BIG-IP WOM system discovers a subnet and adds the route to the list, the system automatically optimizes traffic to any hosts in that subnet without rediscovery. Verifying subnet discovery After sending a client request from the local BIG-IP WOM to a server behind a remote BIG-IP WOM, you can perform this procedure to verify that the destination subnet is discovered. 1. Using the browser interface on the client-side BIG-IP WOM, on the Main tab, click WAN Optimization > Remote Endpoints. The Remote Endpoints List screen opens. 2. Verify that the status indicator is green, and the IP address is correct for the remote endpoint you are checking. 3. On the menu bar, click Routes, and verify that the list includes the IP address of the destination subnet. This subnet is also displayed on the Advertised Routes List screen of the browser interface on the server-side BIG-IP WOM. Adding advertised routes manually An advertised route is a subnet that can be reached through the local endpoint. You can add advertised routes manually, for example, if you disabled the Discovery setting on the Quick Start screen. 1. On the Main tab, expand WAN Optimization and click Advertised Routes. 2. Click Create. The New Advertised Routes screen opens. 3. In the Name field, type a name for a the subnet. 4. In the Address field, type the IP address of the subnet. 5. In the Netmask field, type the subnet mask. 6. In the Label field, type a descriptive label to identify the subnet. 7. For the Mode setting, specify whether traffic on the subnet is included in optimization. If you select Excluded, the local and remote endpoints exchange subnet configuration information, but traffic on this subnet is excluded from optimization. Note: You can define a subset of IP addresses to exclude from optimization within a larger included subnet. An excluded endpoint advertised route must be a valid address range subset of an included endpoint advertised route. 8. Depending on how many advertised routes you want to add, click the appropriate button. Options Description Repeat Finished Save this route and add more advertised routes. You have finished adding advertised routes. 39

40 Discovery 40

41 Chapter 7 Deduplication Topics: What is symmetric data deduplication? Which codec do I choose?

42 Deduplication What is symmetric data deduplication? WAN Optimization Manager (WOM) uses symmetric data deduplication to reduce the amount of bandwidth consumed across a WAN link for repeated data transfers. This feature is available only with a WOM license. With data deduplication, the system performs pattern matching on the transmitted WAN data, rather than caching. If any part of the transmitted data has already been sent, BIG-IP WOM replaces the previously transmitted data with references. As data flows through the pair, each WOM records the byte patterns and builds a synchronized dictionary. If an identical pattern of bytes traverses the WAN more than once, the BIG-IP WOM closest to the sender replaces the byte pattern with a reference to it, compressing the data. When the reference reaches the other side of the WAN, the remote BIG-IP WOM replaces the reference with the data, restoring the data to its original format. Which codec do I choose? Symmetric data deduplication (SDD) offers two versions, called codecs. SDD v3 is appropriate for most WOM installations, particularly in large networks, such as hub and spoke, or mesh deployments. SSD v2 is an alternative for installations with fewer than eight high-speed links, such as for data replication between data centers. For deduplication to occur, the same codec must be selected on both isession endpoints. If the selected codecs do not match, deduplication does not occur, although other WOM features, such as compression, still take place. Enabling symmetric data deduplication Ensure that you have licensed and provisioned WAN Optimization Manager (WOM) on the BIG-IP system. Symmetric data deduplication (SDD) reduces the amount of bandwidth consumed across a WAN link. You can enable symmetric data deduplication on the isession connection between the local endpoint and any remote endpoints. SDD is enabled by default when you provision WOM. 1. On the Main tab, expand WAN Optimization and click Symmetric Deduplication. 2. In the Maximum Number of Remote Endpoints field, type the number of BIG-IP WOM systems that you expect to connect to this one. This number specifies the maximum number of remote endpoints that can have symmetric data deduplication enabled, and thus, share the available cache. Any added WOM remote endpoint that exceeds this number receives no cache for deduplication. If you select SSD v2 in the Codec field, the maximum supported is 8. If you select SSD v3, the set value is For the Enable Symmetric Deduplication setting, select Yes. 4. For the Mode setting, select the method of storage for symmetric data deduplication. 42

43 BIG-IP WAN Optimization Manager Configuration Guide Options Disk Description Specifies that WOM uses the disk, in addition to memory, for storing information used for optimization. Note: If you enable data storage on the disk, you must restart the datastor service from the command line using the command sequence bigstart restart datastor for the change to take effect. Memory Specifies that WOM uses only memory for storing information used for optimization. Note: This setting can provide benefits for higher speed links. 5. For the Codec setting, select the SDD version. Options SDD v3 Description Supports a high spoke count, such as for connecting remote sites and for mesh topologies. SSD v2 Supports a topology with fewer than eight spokes, such as replicating data between data centers. For SDD to occur between isession endpoints, you must select the same codec on both the local and remote BIG-IP WOM systems. 6. Click Update to save changes. Important: Updating any of these settings causes the deduplication cache to clear. Symmetric data deduplication starts after an isession connection is established with a remote endpoint that also has symmetric data deduplication enabled, provided that the number of remote endpoints does not exceed the value in the Maximum Number of Remote Endpoints field. If you changed the Codec setting, the system applies the new setting to any new data flows. However, if you enabled or disabled SDD, you must then restart the BIG-IP WOM from the command line using the command sequence bigstart restart. Disabling symmetric data deduplication You can disable symmetric data deduplication on the isession connections between the local endpoint and any remote endpoints. 1. On the Main tab, expand WAN Optimization and click Symmetric Deduplication. 2. For the Enable Symmetric Deduplication setting, select No. 3. Click Update to save the change. 4. Restart the BIG-IP WOM from the command line by typing bigstart restart. Symmetric data deduplication stops on all isession connections between the local endpoint and any remote endpoints, and the deduplication cache clears. 43

44 Deduplication 44

45 Chapter 8 Optimized Applications Topics: About optimized applications for WAN Optimization About isession profiles About optimization of SSL applications Manually configuring optimized applications for outbound traffic Manually configuring optimized applications for inbound traffic About CIFS traffic optimization About MAPI optimization

46 Optimized Applications About optimized applications for WAN Optimization An optimized application in the WAN Optimization Manager (WOM ) context is a virtual server with which the BIG-IP system associates an isession profile and other relevant WAN optimization profiles. WAN optimization on the BIG-IP system requires an optimized application on the initiating side of the WAN and an isession listener (isession-terminating virtual server) on the receiving side of the WAN to complete the connection for all application traffic. For some types of application traffic, such as CIFS and FTP, the system also requires an application-specific virtual server (also listed as an optimized application) on the receiving side. After the isession listener terminates the connection, BIG-IP WOM directs the traffic to this virtual server for additional handling. Being able to create more than one virtual server for an application on the receiving side allows you to apply different profiles to selected application traffic that has different destinations. For each application you select on the Quick Start screen, BIG-IP WOM automatically configures an optimized application. In addition, you can customize the system-supplied optimized applications and manually create new ones to specify where and how you want BIG-IP WOM to optimize specified application traffic. About isession profiles The isession profile tells the system how to optimize traffic. WAN optimization requires an isession profile at both ends of the isession connection. WAN Optimization Manager (WOM ) includes the parent isession profile isession, which is appropriate for all application traffic, and other isession profiles that have been pre-configured for specific applications. The name of each pre-configured isession profile indicates the application for which it was configured, such as isession-cifs. When you configure optimized applications on the Quick Start screen, the system automatically associates an isession profile with every virtual server it creates for the selected optimized applications. The system also associates the system-supplied isession profile isession with the isession listener isession-virtual it creates for inbound traffic. You must associate an isession profile with any virtual server you create for a custom optimized application for outbound traffic, and with any isession listener you create for inbound traffic. Customizing compression settings for isession traffic In certain circumstances, you might want to change the symmetric compression settings for application traffic you specify. The compression settings are in the isession profile. Instead of changing the parent profile named isession, create a custom isession profile, and give it a descriptive name. 1. On the Main tab, click Local Traffic > Profiles > Services > isession. The isession profile list screen opens. 2. Click Create. The New isession Profile screen opens. 3. In the Name field, type a name for the profile. 4. In the Compression Settings area, select the Custom check box. The settings in the area become available for configuring. 46

47 BIG-IP WAN Optimization Manager Configuration Guide 5. Select the Custom check box. The fields in the Settings area become available for revision. 6. Enable compression and select at least one compression method. To establish and maintain a connection, at least one compression option must be the same on both BIG-IP WOM devices. Option Compression Deflate LZO Bzip2 Adaptive Deduplication Description This option activates the compression feature, according to the method or methods you choose. This high quality compression algorithm is typically slower than LZO, unless the system platform supports hardware acceleration. If you enable Deflate and disable Adaptive, you can also select the Deflate Level. The Lempel_Ziv_Oberhumer algorithm is best for interactive protocols (such as telnet) or high-bandwidth protocols that compress easily (such as those used for data replication). The bzip2 data compression algorithm improves compression ratios on low-bandwidth data links. This option chooses the best algorithm for current traffic from among those that are enabled, and changes as traffic conditions change. If it selects Deflate, it also selects an optimum Deflate Level. This option tells the system to use symmetric data deduplication. Note: For deduplication to take place, the isession listener that receives this traffic must have associated with it an isession profile that also has this setting enabled. 7. Click Finished. When you have finished, the custom isession profile appears on the isession list screen. For this profile to take effect, you must associate it with a virtual server for outbound traffic to the WAN. Screen capture showing compression settings The following screen capture shows the pertinent compression settings. Note: If adaptive compression is disabled, you must manually select a compression codec for isession traffic. If you leave the other codecs enabled, the BIG-IP WOM system selects the bzip2 compression algorithm by default, and that might not be the algorithm you want. 47

48 Optimized Applications Figure 6: isession profile screen with compression settings emphasized About optimization of SSL applications To handle SLL encrypted traffic all the way from the request initiator (client) to the receiver (server), include the following settings when you configure the optimized application virtual servers. To decrypt the original traffic, add a client SSL profile to the optimized application virtual server. Encryption of the isession connection itself is based on the configuration of the endpoints and the Application Data Encryption setting in the selected isession profile, unless you are using IPsec encapsulation. If you selected IPsec for the IP Encapsulation Type, the IPsec policy you selected determines encryption. To re-encrypt the isession traffic on the other side of the WAN, add an optimized virtual server on the server side, with the appropriate server SSL profile, to handle the application traffic after the isession connection is terminated. The following illustration shows a pair of BIG-IP WOM systems configured for SSL application traffic. It shows the additional profiles you need to add to the virtual servers to decrypt incoming traffic from the WAN, encrypt it through the isession connection, decrypt it at the receiving side, and then re-encrypt it to send it to its destination. 48

49 BIG-IP WAN Optimization Manager Configuration Guide Figure 7: Optimized application virtual server configuration with SSL encryption Manually configuring optimized applications for outbound traffic For common applications, the easiest way to configure optimized applications is on the Quick Start screen. You can manually configure an optimized application by creating a virtual server for outbound traffic for an application that is not listed on the Quick Start screen, such as HTTPS. 1. On the Main tab, click WAN Optimization > Optimized Applications > Create Outbound. 2. In the Name field, type a name that reflects the type of application traffic you want to optimize. 3. In the Port field, type the service port used by the application, or select an application from the list. If you select from the list, the associated default port appears. If the application you select uses a different port on your system, select Other and type the port number. 4. If you selected CIFS, FTP, or MAPI, select the corresponding application profile from the Application Profile list that appears. The list displays only those profiles that pertain to the application you specified in the Port setting. 5. If you are optimizing IPv6 traffic, select the Create IPv6 Virtual check box. The system automatically creates an IPv4 virtual server for this outbound application traffic, and if you select the check box, it also creates an IPv6 virtual server. 6. For the Enabled LAN VLANs setting, select the VLANs on which the virtual server for this optimized application receives incoming LAN traffic destined for the WAN. 7. Select the isession profile to associate with this virtual server. The isession Profile list includes system-supplied profiles that have been created with optimal settings for specific applications. Note: The default profile isession does not include application data encryption. To specify the use of an SSL profile on the outbound connection, select isession-encrypt or a customized isession profile that includes application data encryption. 8. Click Finished. 49

50 Optimized Applications The BIG-IP WOM system creates a virtual server, associates the profiles you specified, and thus, configures an optimized application. Make sure that an isession listener is configured on the local endpoint of the BIG-IP WOM that receives this application traffic. Manually configuring optimized applications for inbound traffic The system-supplied isession listener, isession-virtual, completes the optimized connection for all inbound application traffic. Some applications, such as CIFS and FPT, require an additional application virtual server for incoming traffic. This virtual server provides further processing of the traffic after the isession listener terminates the isession connection. 1. On the Main tab, click WAN Optimization > Optimized Applications > Create Inbound. 2. Specify whether this virtual server is a single host or network address. 3. For the Destination setting Address, type the IP address you want to use to receive specified application traffic from the WAN. Typically, this value is , which matches traffic to all destination servers. 4. Type a name that reflects the type of application traffic you want to optimize. 5. Type the service port used by the application, or select an application from the list. If you select from the list, the associated default port appears. If the application you select uses a different port on your system, select Other and type the port number. If you select a port and application for which at least one application profile exists on the system, the Application Profile setting appears. 6. If the Application Profile setting is available, select a profile for this traffic. 7. For the Enabled LAN VLANs setting, select the VLANs on which the virtual server for this optimized application receives incoming WAN traffic. 8. Click Finished. The system creates a virtual server to handle the specified inbound application traffic. After the isession listener terminates the connection, the system directs the specified traffic to the virtual server you created. The ability to create more than one application virtual server on the receiving side allows you to apply different profiles to selected application traffic with different destinations. About CIFS traffic optimization Common Internet File System (CIFS) is a remote file access protocol that forms the basis of Microsoft Windows file sharing. Various CIFS implementations (for example, Samba) are also available on other operating systems such as Linux. CIFS is the protocol most often used for transferring files over the network. WAN Optimization Manager (WOM ) can optimize CIFS traffic, resulting in faster performance for transferring CIFS files, opening Microsoft applications, and saving files. CIFS optimization is particularly useful when two offices that are located far apart frequently need to share and exchange files. Important: By default, Microsoft Windows clients do not require Server Message Block (SMB) signing, except when communicating with their domain controller. If SMB signing settings have been changed, make sure that SMB signing is optional on all servers and clients. 50

51 BIG-IP WAN Optimization Manager Configuration Guide Adjusting CIFS optimization over the WAN The system-supplied CIFS profile is configured to optimize CIFS traffic over the WAN through an isession connection. You can adjust the optimization settings for CIFS traffic to fit a particular situation by modifying the CIFS profile. Instead of changing the parent profile named cifs, create a custom CIFS profile, and give it a descriptive name. 1. On the Main tab, click Local Traffic > Profiles > Services > CIFS. The Profiles list screen opens. 2. Click Create. The New CIFS Profile screen opens. 3. In the Name field, type a name for the profile. 4. Select the Custom check box in both the Data Optimizations and Other Optimizations areas. 5. Adjust the options for the settings, as needed. The default value for all the options is Enabled. Note: The settings must match between the CIFS profiles associated with the virtual servers at both ends of the isession connection. If a setting is disabled in the CIFS profile associated with the virtual server at one end, the option is disabled. Option Write Behind Read Ahead Record and Replay Office 2003 Extended Fast Close Description Specifies whether the system speeds up CIFS file uploads to the server by fulfilling write requests through the BIG-IP WOM system that is closer to the request initiator. The system speeds up CIFS file downloads by prefetching the file data on the BIG-IP WOM system that is closer to the request initiator. The system opens CIFS files faster by performing more intelligent read-ahead operations. The system performs read-ahead operations based on parsing the Microsoft CDF file and understanding its structure. The system speeds up file close operations by fulfilling them through the BIG-IP WOM system that is closer to the request initiator. Fast Set File Information The system speeds up file metadata change requests by fulfilling the requests through the BIG-IP WOM system that is closer to the request initiator. 6. Click Finished. When you have finished, the custom CIFS profile appears in the CIFS list screen. For this profile to take effect, you must associate it with a virtual server configured to intercept CIFS traffic. About MAPI optimization Messaging Application Program Interface (MAPI) is the protocol that Microsoft Exchange Server and Outlook clients use to exchange messages. Optimization of MAPI traffic across the WAN requires a 51

52 Optimized Applications virtual server for each Exchange-based server so that the BIG-IP system can use the IP addresses of the Exchange-based servers to locate MAPI traffic. You can configure WAN Optimization Manager (WOM ) to automatically discover the Exchange-based servers and create virtual servers for them, or you can create the virtual servers manually using Local Traffic Manager. The advantage to automatic discovery is that when new Exchange-based servers are added to the network, or the IP addresses of existing servers change, BIG-IP WOM discovers the changes and creates new MAPI virtual servers for the new and moved Exchange-based servers. Enabling Microsoft Exchange compression for MAPI optimization The system-supplied profile named mapi is configured to optimize MAPI traffic over the WAN through an isession connection. By default, Microsoft Exchange native compression is disabled, which allows WAN Optimization Manager (WOM ) to use symmetric adaptive compression for better results than if you enabled native compression. If you want to enable native compression, you can modify the MAPI profile, as follows. 1. On the Main tab, click Local Traffic > Profiles > Services > MAPI. The MAPI profile list screen opens. 2. Click mapi. Alternatively, you can click Create, and save the new MAPI profile you create with a different name. 3. For the Native Compression setting, select Enabled. 4. Click Update. BIG-IP WOM now uses Microsoft Exchange native compression rather than symmetric adaptive compression for MAPI traffic when an optimized application virtual server with which this profile is associated intercepts MAPI traffic. For this profile to take effect, you must associate it with a virtual server (such as mapi_optimize_client) that is configured to intercept MAPI traffic. To verify this association, view the Application Profile column at WAN Optimization > Optimized Applications. Enabling automatic discovery of Exchange Servers for MAPI optimization The system-supplied profile named mapi is configured to optimize MAPI traffic over the WAN through an isession connection. By default, the BIG-IP WOM system does not discover the Microsoft Exchange Servers automatically, which means that you must configure the virtual servers manually. To set up automatic discovery, modify the MAPI profile, as follows. 1. On the Main tab, click Local Traffic > Profiles > Services > MAPI. The MAPI profile list screen opens. 2. Click mapi. Alternatively, you can click Create, and save the new MAPI profile you create with a different name. 3. For the Discover Exchange Servers setting, select Enabled. 4. Click Update. The BIG-IP with WOM system automatically discovers Exchange-based servers for MAPI traffic when an optimized application virtual server with which this profile is associated intercepts MAPI traffic. For this profile to take effect, you must associate it with a virtual server (such as mapi_optimize_client) that is configured to intercept MAPI traffic. To verify this association, review the Application Profile settings at WAN Optimization > Optimized Applications. 52

53 Chapter 9 Diagnostics Topics: About WAN optimization diagnostics WOM diagnostic error messages Troubleshooting network connectivity for WAN Optimization Manager Running WAN optimization configuration diagnostics

54 Diagnostics About WAN optimization diagnostics On-screen diagnostic messages help you troubleshoot problems in the WAN Optimization Manager (WOM ) configuration itself, or in a connection, such as between the two endpoints, between a client or server and the adjacent BIG-IP WOM, or another point in the routing setup. Figure 8: WAN Optimization Diagnostics screen WOM diagnostic error messages This table describes the types of messages that appear when you run the diagnostic tools provided on the WAN Optimization Diagnostics screen. Message Type INFO OK WARN Description For informational purposes, indicates, for instance, whether deduplication is enabled on the local BIG-IP WOM system. A verification check for WOM configuration. Indicates that some functions might not be fully operational. 54

55 BIG-IP WAN Optimization Manager Configuration Guide Message Type FAIL Description The highest severity level, displayed in red, indicates that WOM is not able to function. You must fix this problem before proceeding. Troubleshooting network connectivity for WAN Optimization Manager Before you start this task, you must have finished configuring WAN Optimization Manager (WOM ) on BIG-IP systems on opposite sides of the WAN, and the systems have discovered their remote endpoints. You can use these diagnostics from the local BIG-IP system to the remote server to verify the BIG-IP system-to-server routes, in case the remote BIG-IP system is not configured correctly. 1. On the Main tab, expand WAN Optimization and click Diagnostics. 2. In the Diagnose Network Connections field, type the IP address of a remote WOM endpoint, and click the Run button. Network connection diagnostic information appears on the screen. Use this information to determine whether there is a connection between the local endpoint and the remote endpoint you specify. 3. Use the data displayed on the screen to make corrections. 4. In the Ping field, type the IP address of a host, for example, a remote BIG-IP system, and click the Run button. Use this utility to determine whether other BIG-IP systems can be reached through the routed WAN network. If ping fails, verify the configuration of your VLANs, self IP addresses, and default gateway. 5. Use the data displayed on the screen to make corrections, such as properly defining the local and remote routes. Ping results appear on the screen. If a ping fails, you can use Traceroute to pinpoint the location of a failure in the network. 6. In the Traceroute field, type the destination IP address you want to reach, and click the Run button. 7. Use the data displayed on the screen to correct any routing problems. This data can reveal whether the problem is in the WAN, or is local to either of the BIG-IP systems. You can also view the observed latency, if any, along the WAN path. Running WAN optimization configuration diagnostics Before you start this task, you must have finished configuring WAN Optimization Manager (WOM ) on BIG-IP systems on opposite sides of the WAN. The WOM configuration diagnostics verify that you have set up WAN Optimization Manager properly. 1. On the Main tab, expand WAN Optimization and click Diagnostics. 2. Next to Diagnose WOM Configuration, click the Run button to verify that BIG-IP WOM is configured correctly. Note: If you have not sent traffic through the designated network, dynamic discovery might not have discovered the remote endpoint. 55

56 Diagnostics In the following example, the SDD codec mismatch on the peers causes a warning message, because WAN optimization features other than deduplication are functional. 56

57 BIG-IP WAN Optimization Manager Configuration Guide Figure 9: Example of screen after running Diagnose WOM Configuration. 57