Documente Academic
Documente Profesional
Documente Cultură
Expand agrees, upon request to provide, at the cost of distribution only, a complete machine-readable copy
of the source code for JfreeChart, Cewolf, or JBoss software. This offer is valid for three (3) years from
installation of the Software.
The Software is accompanied by the following third party product: Apache Copyright © 1999-2004, The
Apache Software Foundation, which is subject to the Apache License Version 2.0 (found at
www.apache.org/licenses/LICENSE-2.0).
The Software is accompanied by the following third party product: TouchGraph Software: (Copyright ©2001-
2002 Alexander Shapiro. All rights reserved) developed by TouchGraph LLC (http://www.touchgraph.com/),
which is subject to the TouchGraph LLC. Apache-Style Software License.
The Software is accompanied by the following third party product: JavaMail, which is subject to the
following terms: Copyright 1994-2004 Sun Microsystems, Inc. All Rights Reserved
Neither the name of Sun Microsystems, Inc. or the names of contributors may be used to endorse or
promote products derived from this software without specific prior written permission.
This software is provided “AS IS,” without a warranty of any kind. ALL EXPRESS OR IMPLIED
CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
EXCLUDED. SUN MICROSYSTEMS, INC. (“SUN”) AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS
SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR
PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING
OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
You acknowledge that this software is not designed, licensed or intended for use in the design,
construction, operation or maintenance of any nuclear facility.
The Software is accompanied by the following third party product: AdventNet SNMP API 4 (Release 4.0.0),
which is subject to the following terms: Copyright (c) 1996-2002 AdventNet, Inc. All Rights Reserved. This
software may not be distributed in any modified form without the prior consent from AdventNet, Inc.
-6
2
RFC/Standard List for AcceleratorOS 6.0
Modules RFC /Standard #
Router Protocols
RIP 1058
RIPv2 1723, 2082
OSPFv2 2328, 2370
WCCP 3040
Router Polling 2096
Networking
Spanning Tree Protocol IEEE 802.1D
VLAN 802.1Q IEEE 802.1Q
HSRP 2281
VRRP 3768
SCPS ISO 15893:2000
CCSDS-714.0-B-1
MIL-STD-2045-44000
NetFlow 3954
Management
MIB-2 1213
Telnet COM port 2217
Telnet service 818
TFTP 1350
FTP 959
HTTP, HTTPS 2045, 2616, 2818
NTP 1361
SSH, SCTF, SFTP IETF drafts
Security
HMAC 2104 (HMAC), 2403(96),
2404 (96), 1321 (MD5)
HMAC 2404
MD5 Signing 1321
Radius 2138, 2865
TACACS+ 1492
HW
-7
Safety approvals UL 1950,
CAN/CSA C22.2,
EN60950/A4,
No. 950-95
EMC approvals FCC Part 15 Class B
EN55022:1998 Class B
EN55024:1998
IEC EN61000-4-2:1995
IEC EN61000-4-3:1995
IEC EN61000-4-4:1995
IEC EN61000-4-5:1995
IEC EN61000-4-6:1996
IEC EN61000-4-11:1994
IEC EN61000-3-2:2000
IEC EN61000-3-3:1995
CISPR16-1:1999
CISPR16-2:1999
ITU IEC 60950-1:2001, EN
60950-1:2001.
QMS ISO 9001:2000, EN 46001,
ISO 13485
Manufacturing ISO 9000
Environmental and Vibration ETSI EN 300019-2(1999-09),
tests ESTI EN 300019-2(1994),
Bellcore standard: GR-63-
ORE.
MTBF Telcordia (Bellcore)
-8
2
Chapter 1 Preface: Introducing the Accelerator
Features and Benefits ....................................................................................................... 2
Redefining Application Traffic Management ...................................................... 2
Next-generation WAN Compression ................................................................................ 3
Application-specific Acceleration ........................................................................ 3
Layer-7 QoS and Bandwidth Management ...................................................................... 5
Layer-7 Monitoring and Reporting ....................................................................... 5
Footprint for Value-Add Branch Office Features ................................................ 6
Rapid Deployment, Dependable Results ............................................................. 6
Maximum Uptime and Reliability ......................................................................... 6
The Accelerator Product Line ........................................................................................... 7
How the Accelerator Works .............................................................................................. 8
IP-Based Network .................................................................................................. 8
On-Path ...................................................................................................... 8
On-LAN ....................................................................................................... 9
Configuration and Management ....................................................................................... 10
Chapter 11 Security
Studying the AcceleratorOS AAA .................................................................................... 306
Configuring AAA via the WebUI ....................................................................................... 308
Configuring Users ................................................................................................. 309
Deleting Users ........................................................................................... 310
Setting Authentication Preferences ..................................................................... 310
Setting Authentication Servers ................................................................ 311
Setting the Authentication Method .......................................................... 312
Defining the Security Settings ............................................................................. 313
Configuring AAA via the CLI ............................................................................................. 314
Configuring the Radius Server ............................................................................. 314
Configuring the TACACS Server .......................................................................... 315
Configuring Authentication .................................................................................. 315
Configuring Users’ Accounts ............................................................................... 315
Viewing AAA Configuration .................................................................................. 316
Auditing Administration Activities ................................................................................... 319
Locking/unlocking the Keypad ......................................................................................... 320
Setting the Keypad Lock Definitions ................................................................... 321
Defining Other LCD Settings ................................................................................ 322
Turning Bypass On
Locking the Keypad .................................................................................. 322
Unlocking the LCD .................................................................................... 323
Locking the LCD ........................................................................................ 323
Setting the LCD Unlock Sequence .......................................................... 323
Chapter 12 Troubleshooting
Carrying out the Troubleshooting Procedure ................................................................. 326
Recovering the Password ................................................................................................. 327
Checking the Event Log .................................................................................................... 328
Checking Info Events ............................................................................................ 328
Checking Warning Events .................................................................................... 328
Checking Error Events .......................................................................................... 328
Checking Fatal Events .......................................................................................... 329
Studying Log Message Formats .......................................................................... 330
Using the Show Tech-Support Command ....................................................................... 331
Checking the Link Status .................................................................................................. 332
Checking Ethernet Settings .............................................................................................. 334
Checking Lack of Acceleration ......................................................................................... 337
Accessing Remote Devices .................................................................................. 337
2
Checking Link Malfunction ............................................................................................... 338
Checking for Corrupted Terminal ..................................................................................... 339
Checking HSRP Malfunction ............................................................................................. 340
Checking QoS Malfunction ............................................................................................... 341
Appendix G Glossary
A .......................................................................................................................................... 413
B .......................................................................................................................................... 414
C .......................................................................................................................................... 414
D .......................................................................................................................................... 415
E ........................................................................................................................................... 415
H .......................................................................................................................................... 415
I ............................................................................................................................................ 416
J ........................................................................................................................................... 417
L ........................................................................................................................................... 417
M .......................................................................................................................................... 417
N .......................................................................................................................................... 418
O .......................................................................................................................................... 418
P ........................................................................................................................................... 419
Q .......................................................................................................................................... 420
R .......................................................................................................................................... 420
S ........................................................................................................................................... 421
T ........................................................................................................................................... 422
U .......................................................................................................................................... 423
V ........................................................................................................................................... 423
W .......................................................................................................................................... 424
2
Appendix H Index
1
1 Preface: Introducing the Accelerator
Expand Networks’ Accelerator is the ideal Application Traffic Management System for
ensuring optimal application performance over the WAN. The Accelerator is a Layer-3
WAN device that dramatically improves application response times through a
combination of bandwidth compression, Layer-7 QoS and acceleration plug-ins for
specific applications.
This chapter includes:
Features and Benefits, on page 2.
Next-generation WAN Compression, on page 3.
Layer-7 QoS and Bandwidth Management, on page 5.
The Accelerator Product Line, on page 7.
How the Accelerator Works, on page 8.
Configuration and Management, on page 11.
C h a p te r 1 P. 1
P re fa c e : I n t ro d u c i n g t h e A c c e l e r a t o r
1
Features and Benefits
The Accelerator’s new and improved algorithms provide the highest WAN compression
performance available, in an easy to install package that fits seamlessly into various
network topologies such as MPLS, QoS clouds, Noisy networks, High BER networks,
Load balanced networks, and networks experiencing many out-of-order errors.
Application-specific Acceleration
Application-specific acceleration is a breakthrough approach that works in combination
with next-generation compression for improving application response times.
Improves application response times by 100% to 400%, peaks of 1000%+
Extensible architecture based on application acceleration plug-ins for additional application
support
TCP acceleration enables TCP transfer speeds in excess of WAN link speed, even
under challenging latency and packet loss conditions. The TCP acceleration plug-in is
standards-based, meeting the SCPS standard (www.scps.org) that was developed by
NASA and the DoD for performance optimization in high latency links.
HTTP acceleration provides faster web application response times for chatty HTTP
transactions by eliminating repetitive download of frequently accessed objects, applets,
and so on.
FTP acceleration provides faster response times due to elimination of long FTP
transactions by keeping local copies of frequently accessed files.
HTTP acceleration enables compression of encrypted traffic by accelerating and
encrypting traffic to the client browser, and ensures faster response times from secure
application servers by optimizing TCP connections to browsers and web servers.
Chapter 1 3
P r e f a c e : I n t r o d u c i n g t h e A c c e l e ra to r
1
The Accelerator's full-scale WAFS and CIFS acceleration optimizes file access over
the WAN, solving remote server data access from the data center over the WAN.
Server consolidation is made possible without paying the price in WAN application
performance. Expand’s enhanced WAFS offering addresses the key performance,
availability and management issues raised by server consolidation:
LAN-like application performance: With Expand’s acceleration architecture a
replicated copy of the file is kept in the remote cache, thereby maintaining LAN-like
performance for file transfers.
Virtual-Server: Expand’s enhanced WAFS offer retains critical remote branch system
services such as: DNS, DHCP, and print.
Addressing ‘WAN-Outs’: In the event of a network outage, remote users can continue
working because files are served from a local cache.
Chapter 1 5
P r e f a c e : I n t r o d u c i n g t h e A c c e l e ra to r
1
Footprint for Value-Add Branch Office Features
The Accelerators offer much more than just a bandwidth increase. These intelligent
devices deliver a branch office platform that consolidates multiple devices.
Full NetFlow compliance replaces the need for costly probes
Open architecture for future enhancements
Chapter 1 7
P r e f a c e : I n t r o d u c i n g t h e A c c e l e ra to r
1
How the Accelerator Works
Accelerators can be deployed in any network environment, whether the WAN is a
private line, frame relay, VPN, IP, ATM, xDSL, ISDN, wireless local loop, or satellite.
Accelerators can be connected on the LAN side of the router. Some of the
Accelerator’s benefits can be realized with no far-end Accelerator.
IP-Based Network
In an IP network, you can position the Accelerator on the LAN-side of the router or
directly on the LAN.
The Accelerator can be located either On-Path or On-LAN.
On-Path
On-Path configuration places the Accelerator between the LAN and the router on both
sides of the IP network. The data from the LAN segment passes through the
Accelerator that performs traffic optimization, including compression and QoS, before
the data reaches the router. See the sample On-Path application in the following figure.
However, if resilience is to be enhanced, you can install two or more Accelerators for
redundancy purposes.
The most common configuration involves creating two links (two Accelerators), one of
which is assigned a higher priority (metric - ranging from 11 to 10,000), so it will be
used as the default link for the connection. If this link fails, traffic switches to the other
link.
If all transparent Proxy services (such as HTTP acceleration or TCP acceleration) are
disabled, you can assign ingoing traffic through one link and outgoing traffic through
the other link. However, if such services are enabled, this setting will not work and
sessions will be disconnected.
Chapter 1 9
P r e f a c e : I n t r o d u c i n g t h e A c c e l e ra to r
1
Another optional configuration is shown below:
A c c e l e r a t o r O S U s e r G u i d e 11
12 AcceleratorOS User Guide
2
2 Installing the Accelerator
Accelerator installation is accomplished in two parts: Hardware Installation and
AcceleratorOS Software Setup.
This chapter describes the procedures used for installing the Accelerator, connecting
the required cables and inserting the Compact Flash card (for non hard drive-based
Accelerator models), and includes the following sections:
Checking the Accelerator Packing List, on page 12, lists the components supplied in
the Accelerator package.
Mounting the Accelerator, on page 14, describes how to install the Accelerator in a
rack or on a tabletop.
Performing Accelerator Hardware Installation, on page 15, describes how to connect
the required cables for the Accelerator in order to complete the hardware installation.
C h a p te r 2 P. 11
I n s ta l l i n g t h e A c c e l e r a t o r
2
Checking the Accelerator Packing List
Before beginning the hardware installation, open the package and check that the
following components are included:
Accelerator As ordered
Accessories Box Includes the following:
Ethernet Interface One straight and one
cables crossed Ethernet
cable (180 cm, 71")
Console Cable For connecting the
console port to a
console terminal
Power cord(s) Fitted with the
appropriate power
connector for your
area (US, Europe, UK,
or Rest of World) or
with no connector
(170 cm, 67")
Installation brackets For mounting in a
standard 19" rack
Small screws For rack mount
installation, plus spare
screws
Software License
Agreement
Documentation CD Contains Accelerator
documentation
Chapter 2 13
I n s t a ll i n g t h e A c c e l e ra to r
2
Mounting the Accelerator
The Accelerator can be either rack-mounted or placed on a tabletop. The Accelerator
package includes brackets to enable rack-mounting of the device.
To rack mount the Accelerator:
1. Attach one bracket to each side of the
Accelerator by using the screws provided for
each side.
2. Use the rack mounting screws to attach the
Accelerator to the left and right sides of the rack.
1820/4820/4830
6810/6830//6840
Chapter 2 15
I n s t a ll i n g t h e A c c e l e ra to r
2
Connecting the Network Cables
Network Cable connection is accomplished differently depending on where the
Accelerator is installed: On-LAN or On-Path.
Accelerator 1820/4820/4920
Accelerator 4830/4930
Accelerator 6910/6940
Accelerator 6830/6930
Chapter 2 17
I n s t a ll i n g t h e A c c e l e ra to r
2
On-Path Setup Installation
Connect the supplied straight cable with the green connector to the corresponding green
Ethernet port 0/0.
Connect the other side of this cable to the LAN (switch or hub).
Connect the supplied orange cross-over cable to corresponding orange Ethernet port 0/1.
Connect the other side of this cable to the router’s Ethernet port.
Accelerator 1820/4820/4920
Accelerator 4830/4930
Accelerator 1820/4820/4920
Chapter 2 19
I n s t a ll i n g t h e A c c e l e ra to r
2
Accelerator 4830/4930
Accelerator 6830/6930
To connect via the Ethernet 0 port, connect a standard Category 5 Ethernet cross-over
cable (not provided) to the Accelerator’s Ethernet 0 port. Connect the other side to a PC.
Chapter 2 21
I n s t a ll i n g t h e A c c e l e ra to r
2
Working with Bypass Mode
When working in On-Path mode, the Accelerator can work in bypass mode to enable
transparent data transmission in the unlikely event of Accelerator failure. The move to
bypass mode is carried out automatically by the bypass switch on the Accelerator. In
addition, all models support invoking the bypass mode through the CLI.
Setup
Local IP
Subnet Mask
Default Gateway
When asked if you want to save the setup, select Yes or No and press Enter.
Chapter 2 25
I n s t a ll i n g t h e A c c e l e ra to r
2
At this point, management can be performed via the Accelerator’s Web UI, via the CLI,
Telnet, SSH, or via ExpandView - Centralized Management. To work with ExpandView,
you will need to define the ExpandView server IP address via the CLI.
For other LCD settings, see section Locking/unlocking the Keypad, on page 320.
Chapter 2 27
I n s t a ll i n g t h e A c c e l e ra to r
2
Studying The WebUI Menu
The following buttons, which are common to all WebUI menu screens, let you carry out
basic operations as follows:
Setup Wizard Click the Setup Wizard link at any time to open
the Setup Wizard.
Chapter 2 29
I n s t a ll i n g t h e A c c e l e ra to r
2
Performing Setup via the Wizard
The Accelerator’s Setup Wizard guides you on the step-by-step configuration of the
basic parameters necessary to get your Accelerator up and running.
Any parameters set via the front-panel LCD will be displayed in the Wizard.
To access the setup wizard:
1. The first time you access the Accelerator’s
WebUI, the Setup Wizard opens automatically.
On subsequent uses, to return to the Setup
Wizard, click the Setup Wizard button.
2. Read carefully the explanations that appear in
the Welcome screen and click Next to move to
the My Accelerator screen, which lets you define
the local Accelerator settings.
Subnet Mask Enter the Subnet Mask to identify this Accelerator’s local
subnet.
Deployment Size From the drop-down list, select the approximate number
of Accelerators to which the local Accelerator will be
connected: 1 - 5,
6 - 10, 11 - 20, 21 - 50, 51 - 100, 101 - 200 or 201 - 500.
Setting an accurate network size enables the Accelerator
to better optimize traffic. In network topologies such as
Mesh and Hub, knowing the network size is important for
the Accelerator in order to know how to divide its system
resources correctly among connected Accelerators.
Chapter 2 31
I n s t a ll i n g t h e A c c e l e ra to r
2
Bandwidth Set the precise bandwidth (in Kbps) of the WAN. 0 is not a
valid bandwidth
Caching Defines the active cache method: WAFS only (for CIFS
traffic), Web Cache only (for HTTP servers), or both.
Name Set a name for the link that will let you identify it in the
future. Up to 31 characters, no spaces, no special
characters.
Encapsulation IPComp:
IPComp encapsulation (tunneled encapsulation)
compresses the entire packet. This means that the IP
header, the transport header and the payload are
compressed and the packet traversing the network will
have an IPComp header.
IPComp is the default setting, which enables the best
compression rate.
Router Transparency (RTM):
In Router Transparency encapsulation, only the packets’
payload is compressed, leaving the original IP header and
the original TCP/UDP header in their original forms so that
their information is available across the network.
Router Transparency encapsulation is appropriate in an
environment where header preservation is necessary,
including QoS deployments, monitoring (NetFlow), Load
Balancing, Billing, encryption, MPLS networks and certain
firewall environments.
Chapter 2 33
I n s t a ll i n g t h e A c c e l e ra to r
2
NOTE: Encapsulation settings can be asymmetric. This means
that one Accelerator can be set to Router Transparency
while the other Accelerator is set to IPComp in the
opposite direction. This is useful when RTM mode is
desired and one of the Accelerators is On-LAN and the
other is On-Path. However, IPComp encapsulation will
not function if the IPComp protocol is blocked by a
firewall. Therefore, ensure that the IPComp protocol is
not blocked before selecting either IPComp or RTM
encapsulation
Use the Delete button to remove added links from the Links Table.
Chapter 2 35
I n s t a ll i n g t h e A c c e l e ra to r
2
Reviewing Wizard Configuration
The Summary screen of the Setup Wizard lets you review the parameters set via the
Wizard before saving them to the Accelerator.
If the configuration is correct, press the Submit button to save the settings to the
Accelerator.
The parameters on this screen are identical to the parameters configurable via the
Setup Wizard’s Basic screen (with the exception of Routing Strategy settings; see
section Setting Routing Strategy, on page 38). For more information see section
Performing Setup via the Wizard, on page 30. In addition, the Basic screen lets you add
a Description to identify the Accelerator.
The Basic screen includes specific details concerning the Accelerator device, as
follows:
Platform Accelerator type
Chapter 2 37
I n s t a ll i n g t h e A c c e l e ra to r
2
Setting Routing Strategy
The Basic screen lets you set the Routing Strategy.
Routing strategy defines how to route traffic. In environments such as router polling and
dynamic routing networks, it is necessary that the Accelerator route all traffic, and
therefore you should set Routing strategy to Routing only. In environments in which
non-link traffic and inbound traffic should not be directed to the router (normally, when
non-link traffic is transmitted by the Accelerator, it is directed to the router; but this can
cause problems if the destination is a Layer-2 address or for incoming traffic), it is
necessary to set the Routing strategy to Bridge route, which does not route non-link
and inbound traffic - only traffic destined to an accelerated link or a virtual link.
Routing-Only –typically used in On-LAN deployments, or in environments that require the
Accelerator to route all traffic (networks that use Dynamic Routing policies, and so on).
Bridge Route – typically used in On-Path deployments, where traffic is not necessarily
routed through the router.
NOTE: The 30-day period counts only days during which the
Accelerator is powered on.
Chapter 2 39
I n s t a ll i n g t h e A c c e l e ra to r
2
To license an Accelerator:
1. Identify the Accelerator’s Serial number (product
ID) in the upper right hand corner of the Basic
screen of the WebUI.
2. Find the Feature Request Number (I-key) on the
Accelerator Feature Licensing document included
in the Accelerator’s Accessories box.
3. Go to Expand’s Customer Extranet via: http://
extranet.expand.com. If you have not yet
registered in the Extranet, do so and then log in.
4. Click on the Licensing tab.
5. Under My Products, click the Add Product link.
6. In the popup window, enter the software version
number, the Site Name, and the Reseller.
Copy the Serial Number from the Accelerator
WebUI.
Re-enter the serial number.
Click the Submit button.
7. In the next popup window, enter the Feature
Request Number in the I-key field.
Click the Activate button.
The popup window will display the details of the
license which you are attempting to use.
8. Copy the information listed in the first line:
LICENSE KEY IS:
This is the number that you will need to input into
the Accelerator to activate the license.
9. In the Accelerator’s WebUI, click Setup followed
by My Accelerator, and then Licensing.
10. Click the Activate New License button and enter
the Accelerator’s serial number.
11. Paste the License Key as copied from the
Extranet and click Activate.
12. To update the new license features, select the
Refresh acceleration on all links box.
When the 30-day grace period has passed, if the Accelerator was not properly licensed,
acceleration will be disabled. If an Accelerator is not licensed and Acceleration is set to
ON, Acceleration will not function properly and packet drops will occur.
To renew the license, contact Expand’s Help Desk.
When the Accelerator license has expired, or if the Accelerator was installed but its
license was not yet activated, the Accelerator’s status is Active, meaning: it would pass
the data but not accelerate it (Work in pass-through mode), as shown below:
Acc30_6(config)# show interface link summary
To move the Accelerator to accelerating status, you have to activate the refresh
acceleration command, as follows:
Acc30_6(config)# interface link 1 refresh-acceleration
Afterwards, the Accelerator will start accelerating the traffic passing through it, as
shown below:
Acc30_6(config)# show interface link summary
Chapter 2 41
I n s t a ll i n g t h e A c c e l e ra to r
2
1 28.0.214.6 L-28.0.214.6 2000 N/A |
accelerating
Purpose Enters enable mode. This is necessary for beginning work with
the Accelerator. Once you have entered Enable mode, the
prompt at the end of the command line changes from > to #.
Purpose At any point you can use the Exit command to log out of the
Accelerator. The Exit command exits each level of the CLI
hierarchy one at a time, so you may need to use the Exit
command a number of times to leave the Accelerator session.
Purpose The configure terminal or config command lets you enter the
Accelerator’s main configuration mode, in which most
configuration of the Accelerator takes place.
Purpose Sets a name for the Accelerator. Changing the hostname will
affect the prompt (in the Example, the hostname set is ACC1).
The hostname cannot contain spaces, and cannot contain
special characters. The hostname can be up to 60 characters.
You can also set the hostname from the conf mode.
Setting an IP Address
Command ACC1(local interface)#IP address
x.x.x.x x.x.x.x [Mandatory]
or
ACC1(local interface)# IP address
x.x.x.x/x
Chapter 2 45
I n s t a ll i n g t h e A c c e l e ra to r
2
Setting a Default Gateway
Command ACC1(local interface)#ip default-
gateway x.x.x.x [Mandatory]
Purpose Set the precise bandwidth (in Kbps) of the WAN. 0 is not a
valid bandwidth.
Purpose Enters the valid license key into the Accelerator. [Mandatory]
Chapter 2 47
I n s t a ll i n g t h e A c c e l e ra to r
2
Saving/Uploading the Basic Configuration
Command ACC1(config)#write
C h a p te r 3 P. 4 9
Preparing the Network Integration
3
Integrating the Accelerator into Your Network
The steps involved in integrating the Accelerator in your network depend entirely on the
structure of the network and the various technologies and devices already in place on
your network.
The following section describes the steps needed to get the Accelerator up and running
for various network topologies and technologies. Your network may need one or any
combination of the following settings.
To configure OSPF:
Refer to these steps:
1. In the Accelerator’s WebUI, click on the Setup
tab, and then the My Accelerator tab, followed by
the My Routes menu.
2. Under Dynamic Routing, click the OSPF button.
3. Set the parameters as necessary. For more
information on OSPF, see section Configuring
OSPF, on page 86.
To configure RIP:
1. In the Accelerator’s WebUI, click on the Setup
tab, and then the My Accelerator tab, followed by
the My Routes menu.
2. Click the RIP button.
3. Set the parameters as necessary. For more
information on RIP, see section Configuring RIP,
on page 93.
Chapter 3 51
P re p a r i n g t h e N e t w o r k I n t e g r a t i o n
3
For networks that use dynamic routing other than OSPF or RIP (such as EIGRP, ISIS or
IGRP), use Router Polling to set up the Accelerator’s network:
Chapter 3 53
P re p a r i n g t h e N e t w o r k I n t e g r a t i o n
3
Chapter 3 55
P re p a r i n g t h e N e t w o r k I n t e g r a t i o n
3
To enable the Accelerator to operate within an HSRP
group:
1. In the WebUI, click on Setup followed by
Networking and then HSRP.
2. You can configure the Accelerator either by using
the Auto Detect mode or by manually adding
HSRP configuration.
The auto detect mode enables filling up the
HSRP table automatically with the details of the
HSRP groups detected on the network.
Alternatively, you can manually add HSRP
groups to the Accelerator.
Ensure that the Accelerator “joins” all relevant
HSRP groups.
For more information, see section Configuring
HSRP, on page 243.
Chapter 3 57
P re p a r i n g t h e N e t w o r k I n t e g r a t i o n
3
Installing in a High Latency Environment
In high latency and high-packet-loss environments, TCP, which was designed to ensure
reliable IP transmission, does not perform well. The TCP limitations are expressed in
the long times required for file transfers over the WAN, degraded web performance and
unresponsive applications. TCP Acceleration feature enables optimization and better
utilization of WANs that suffer from distance-induced TCP limitations. For more
information on TCP Acceleration, see section Studying TCP Acceleration, on page 184.
Use the following table to determine whether your network suffers from high-latency
and would benefit from enabling TCP Acceleration:
Window Size
8 KB 16 KB 32 KB 64 KB
Chapter 3 59
P re p a r i n g t h e N e t w o r k I n t e g r a t i o n
3
Using Advanced QoS
This section covers the topic of QoS, its uses and the way it is implemented in the
AcceleratorOS. The section includes the following topics:
What is QoS?
How to Know what’s on Your Network
How to Prioritize Applications
What is QoS?
QoS (Quality of Service) is a general term for control mechanisms that can assign
different priorities to different users or data flows, or guarantee a certain level of
performance to a data flow, according to requests from the application program. Quality
of Service guarantees are important if the network capacity is limited, especially for
real-time streaming multimedia applications, such as VoIP and IP-TV. Such applications
often require fixed bit rate and may be delay-sensitive, which makes it difficult to
transmit them in public networks that use ordinary first-in-first-out protocols. You can
use the QoS feature to accelerate packets passing through the Accelerator based on
policy and reservation criteria arranged in advance. QoS lets you use the bandwidth
you pay for more effectively. However, to manage traffic, you first need to know how
much of and what kind of traffic is on your network.
C h a p te r 4 P. 6 3
C o n f ig u ri n g A c c e le r a t o r N e t w o r k i n g
4
Optimizing the Network Topology
The Accelerator enables support of many complex network topologies. Some of these
environments have special considerations when setting up the Accelerator.
If the Topology-Size is set to a number that is too large, the Accelerator will not use all
its resources, resulting in lower acceleration percentages than would be possible if the
Topology-Size were set accurately.
If the Topology-Size is set to a number that is too small, too many negotiation
messages will be sent between the Accelerator and the network. In addition, the
amount of time it takes for the Accelerator to reboot and to recover from a
disconnected link will be longer than necessary.
Chapter 4 65
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Configuring Core Allocation via the CLI
Setting the deployment size
Command ACC1(config)#core-allocation
ACC1(CORE ALLOC)#resource policy
topology-size [number of Accelerators in
deployment]
Chapter 4 67
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Environment Type Customized Configuration
Chapter 4 69
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Configuring Secondary IP Addresses
You can set on the Accelerator up to 10 Secondary IPs, for connection to multiple
subnets on the same network. Out-of-band management is set here. If Out-of-band
management is used, it is counted as one of the ten Secondary IP addresses available.
When a link is first created or re-established, auto-negotiation occurs between the local
and remote ends of the link and uses the inbound and outbound bandwidth settings to
determine the resources to be allocated for each link.
Chapter 4 71
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Studying the Links Screen
The Links screen lets you add, edit and manage Accelerator links.
Adding Links
Add links to the Accelerator via the Setup - My Links menu.
To add a link:
1. In the Accelerator WebUI, click on the Setup tab,
and then the My Links menu.
The Links screen opens by default.
Name Set a name for the Link that will let you
identify the link in the future. Up to 32
characters, no spaces.
Chapter 4 73
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
3. Click the Add button.
For particularly complex networks, the Accelerator enables advanced Link
configuration.
For Advanced Configuration options, see section Setting VRRP Group Number, on page
251.
Editing Links
You can use the Edit Links screen to fine-tune and modify existing links. This screen
lets you set basic link parameters, acceleration, tunneling and TCP Acceleration
parameters for the link.
To edit an existing link:
1. In the Links table, either click the name of the
link to be edited, or click the row of the link to be
edited, and click the Edit button
2. In the Edit Link screen that opens now, use the
Parameters section to edit parameters such as
Link Name, Destination IP, Link Metric,
Bandwidth Out and MTU (Maximum Transfer
Unit).
3. Use the Acceleration section to define whether to
accelerate the link and to use header
compression.
4. Use the Tunneling section to define parameters
such as the encapsulation type (IPComp or
Transparent), SRC preservation and Include
checksum.
Use the Link Subnets screen to set the link’s subnets. For configuration details, see
section Configuring Remote Subnets Manually, on page 80.
Chapter 4 75
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Adding and Editing Links via the CLI
The CLI procedure for adding and editing links is the same as for creating the first link.
For more information, see section Performing Setup via the LCD, on page 25.
In the figure above, S1 is Accelerator 2’s direct subnet, while S2 and S3 are also
subnets of Accelerator 2. Accelerator 1 must forward traffic destined for devices that
are part of S2 and S3 to Accelerator 2 via Link1. In order for Accelerator 1 to do this, it
must detect S1, S2 and S3 as subnets of Accelerator 2.
Accelerator 2 automatically detects S1 and adds it as its local subnet. You can
manually add S2 and S3 to Accelerator 2’s Subnets list, or use routing protocols to
add them dynamically. If the network supports OSPF or RIP the Accelerator can
function as an OSPF or RIP device to receive routing information. If other dynamic
protocols are in use, the Accelerator can poll routers to learn their routing tables. Then,
Accelerator 2 must advertise its subnet list to Accelerator 1, enabling Accelerator 1 to
properly route packets destined to S1, S2 and S3 to Accelerator 2 via Link 1.
Chapter 4 77
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Configuring Subnets Manually
If the Accelerator network does not work with dynamic routing, or if a subnet was not
detected via OSPF or RIP, you have to add and edit subnets manually.
Add route rule When adding a subnet, the Add route rule
checkbox lets you create a static route rule to
define how to reach the subnet. This will add an
entry in the My Routes table, which displays
access to the subnet via the next hop.
Next hop Add a next hop via which the subnet will be
accessed.
Chapter 4 79
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Editing a Subnet
Once a subnet has been added to the Accelerator, you can use the following steps to
edit it.
To edit a subnet:
1. In the My Subnets screen, highlight one subnet in
the Local Subnet table, and click the Edit button.
2. Edit the IP address, Subnet mask, Metric and
Advertise status as necessary and click the
Submit button.
When subnets that are set to be advertised are
edited, the change is broadcasted to all
connected Accelerators:
Chapter 4 81
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Configuring Subnets via the CLI
Configuring Subnets
Command ACC1(config)#subnets
Adding a Subnet
Command ACC1(SUBNETS)#network x.x.x.x x.x.x.x
Deleting a Subnet
Command ACC1(SUBNETS)#no network x.x.x.x x.x.x.x
Purpose Deletes the subnet (can optionally add the subnet mask).
Viewing subnets
Command ACC1(SUBNETS)#show
Chapter 4 83
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Setting Dynamic Routing
NOTE: Static routes created via the My Subnets menu will also
appear in the Route Rules table. For more information,
see section Configuring Subnets Manually, on page 78.
Once the static route is created, no connection exists
between the route-rule added and the subnet. Any
change made in one of them will not affect the other.
Due to the continuous changes in routing and the vast complexity of collecting
necessary routing parameters, many advanced networks use dynamic routing protocols
to enable routers to exchange routing data automatically. In addition to allowing manual
routing configuration, the Accelerator supports dynamic routing protocols, including
OSPF and RIP v1 and v2 and Router Polling. Supporting dynamic routing protocols
enables the Accelerator to use alternate routes in the event of router failure. In addition,
the Accelerator learns the cost and length of each route (per bandwidth in the case of
OSPF and per hop in the case of RIP), and can forward accelerated packets to the
best router. The Accelerator can also load-balance best routes.
A subnet whose Advertised status is manually manipulated will continue to function
dynamically within the routing protocol, but will maintain the manually altered
Advertising status.
NOTE: Once Subnets are located by using OSPF or RIP, you can
perform manual modifications.
For example, subnets located via RIP are set by default
as Not Advertised; however, you can modify them to be
Advertised subnets.
For Manual Subnet configuration information, see
section Configuring Subnets Manually, on page 78.
Chapter 4 85
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Configuring OSPF
Configuring OSPF is accomplished via the Setup - My Accelerator - My Routes Menu.
To configure OSPF:
1. Click on the OSPF button.
2. Set the parameters as follows.
Chapter 4 87
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Setting area ID
Command ACC1(config-ospf)#area number or
(x.x.x.x)
Enabling Authentication
Command ACC1(config-ospf)# authentication-mode
enable/disable/MD5
Setting Networks
Command ACC1(config-ospf)# network (ip
address) x.x.x.x (subnet mask) x.x.x.x
Setting Neighbors
Command ACC1(config-ospf)# neighbor x.x.x.x
Chapter 4 89
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Router Polling Enable or Disable Router Polling.
Enables the Accelerator to retrieve route rules from
the router’s routing table.
SNMP Version Sets the SNMP version to be used for polling the
router.
Purpose Enables the Accelerator to retrieve route rules from the router’s
routing table.
Setting Polling
Command ACC1(router-polling)#polling [enable |
disable]
Purpose Sets the frequency with which the router is polled (in seconds).
Default is 180 seconds
Purpose Sets the SNMP version to be used for polling the router.
Purpose Sets the SNMP community to be used for polling the router.
Chapter 4 91
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Working with RIP
Once the Accelerator is set to work with RIP, it detects all subnets (including the
Accelerator’s local network) connected to all routers on all connected networks and
adds these to the Accelerator’s subnet and route tables.
By default, all subnets detected via RIP are set to “Not Advertised”. Advertised subnets
are the Accelerator’s subnets, which are broadcasted to other Accelerators when link
negotiations occur.
Chapter 4 93
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Key: When a non-encrypted authentication
password is needed to communicate with other
devices in the RIP network, insert the key used.
This key is a common string (non-encrypted) that
must be set according to what is set across all
devices on the network using RIP.
MD5: When an MD5 authentication password is
needed to communicate with other RIP devices,
insert the encrypted key used. This must be the
password that is set across all devices on the
network that use RIP. Set the ID number according
to this authentication password’s ID number across
the RIP network.
Enabling authentication
Command ACC1(config-rip)# authentication-mode
enable/disable/MD5
Setting Networks
Command ACC1(config-rip)# network (ip
address) x.x.x.x (subnet mask) x.x.x.x
Purpose Sets the networks to which RIP will broadcast the Accelerator’s
routes.
Setting neighbors
Command ACC1(config-rip)# neighbor x.x.x.x
Purpose Defines an RIP neighbor for the Accelerator via the IP address.
Chapter 4 95
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
RIP Route Injection adds a route rule to the router’s routing table, which forwards all
traffic from the Accelerator’s subnets to the Accelerator. The Accelerator will then return
the packets to the router after they have been processed by the Accelerator. The
routes to these subnets, set on the Accelerator, are learned by the router during RIP
negotiation.
NOTE: RIP must be in Active mode and set to version 2 for RIP
Route Injection to operate. For more information, see
section Working with RIP, on page 92.
WCCP, the Web Cache Communication Protocol, is another way in which the router
can learn to forward all traffic from the Accelerator’s subnets to the On-LAN
Accelerator. WCCP, a protocol usually used for directing Web traffic to a local Web
Cache Server before forwarding requests across the WAN, enables the Accelerator to
receive TCP/UDP traffic from the router (service groups 77 and 78).
By creating an IP GRE tunnel between the Accelerator and the router, the Accelerator
is able to receive and process all relevant traffic and return it to the router before it
traverses the WAN, as follows:
1. The Accelerator is set as a WCCP device.
2. The router directs traffic to the Accelerator.
3. The Accelerator returns accelerated traffic to the router in a GRE tunnel.
4. Data is removed from the GRE tunnel, and sent to its destination.
Activating WCCP
Command ACC1(packet interception WCCP)#wccp-
mode [enable | disable]
Chapter 4 97
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Setting WCCP Authentication
Command ACC1(packet interception
WCCP)#authentication [none | password
word]
Chapter 4 99
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Configuring DHCP Servers
Managing the DHCP server/s on your system requires a configuration file.
By default, the DHCP server is disabled. To enable it, you have to download the
sample DHCP configuration file and save it on your system. When you have a
configuration file, you can either use the current file or customize the file and then
upload the customized file.
A DHCP relay agent may receive a client DHCP packet forwarded from a BOOTP/
DHCP relay agent closer to the client and may or may not already have a DHCP
relay agent option on it.
Chapter 4 101
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Chapter 4 103
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Studying Sample CLI Subnet Configuration
Network
Chapter 5 P. 1 0 5
Monitoring the Network
5
Introduction to Monitoring
All statistics generated for these graphic reports are saved in the Accelerator history
log, so that if Windows closes or if an Accelerator reboots, you can easily re-access the
chart or graph via the Accelerator Web UI.
The graphs are automatically updated, according to a set frequency. The Accelerator
samples the data behind-the-scenes and stores it in a compact way, which lets you
view data up to the minute over a period of up to a year. This sampled data represents
the average over the selected period of time.
Expand recommends that you open a maximum of five charts per-Accelerator
simultaneously. The monitoring feature, available via the Monitor tab, lets you view
statistics and graphs for From WAN, To LAN, To WAN, and From LAN traffic, as
described in the following figure:
Chapter 5 107
M o n i t o r in g t h e N e t w o r k
5
View Last Scroll down in the View Last drop-down menu to select
the period for which the graph is displayed. The default
period is 30 minutes.
Link Speed You can set the link speed in the fields above the graph
to add a line to the displayed graph, enabling you to see
the limit of throughput that can actually traverse the link.
By default, when Auto is selected in the link speed
column, the link speed is set to the bandwidth set for the
link selected. When total is selected in the Link column,
the default link speed (when Auto is selected in the Link
speed column) is set to either the total bandwidth set for
all links or the sum of all WAN bandwidths; total is the
lower value of the two.
Chapter 5 109
M o n i t o r in g t h e N e t w o r k
5
Peak Data Select the Show checkbox if you want to see the peak
lines representing the highest statistics achieved for the
reported period. All graphs displayed give an average of
the performance for any given interval. Therefore,
viewing Peaks is necessary for understanding the
Accelerator’s overall performance.
This Throughput Statistics per Link graph lets you monitor how much traffic passed
through the Accelerator. It lets you compare between accelerated throughput, (what
actually goes over your WAN link) and the pre-accelerated throughput, which is the
throughput that would have been used without the Accelerator’s compression
mechanisms. The blue area represents the actual bandwidth used with the Accelerator,
while the yellow represents the amount of bandwidth that would have been used
without the Accelerator.
C h a p te r 5 111
M o n i t o r in g t h e N e t w o r k
5
Viewing Utilization Statistics per Link
The Utilization Statistics per Link graph lets you monitor how much of the links is
being utilized. The traffic displayed is accelerated traffic, and therefore cannot exceed
100% of the link speed. Selecting the link speed is necessary in order for the Utilization
graph to display accurate data.
The Acceleration Statistics per Link graph lets you view acceleration percentages for
inbound and outbound traffic on the Accelerator per interface/link or for the total for the
Accelerator.
112 AcceleratorOS 6.1 User Guide
5
Understanding Acceleration
The Acceleration percentage describes how effectively the Accelerator is processing
and compressing the traffic. This statistic does not take into account traffic that
bypasses the acceleration mechanism. Acceleration percentages are calculated as
follows:
To Calculate acceleration:
Refer to the Monitor > Links > Statistics menu for data to be used
in the following procedure.
1. Multiply the number of In Packets by 14.
(This will account for the Ethernet Layer-2
header.)
Subtract this number from the number of In
Bytes.
2. Divide this number by the sum of the Out Packets
multiplied by 14 and subtracted from Out bytes.
3. Subtract 1 from the sum.
4. Multiply the ratio by 100 to arrive at the
acceleration percentage.
InBytes:
Incoming bytes (from LAN) - Do not tunnel bytes- Routing bytes- Passthrough bytes
InPackets:
Incoming packets (from LAN) - Do not tunnel packets - Routing packets - Passthrough
packets
C h a p te r 5 11 3
M o n i t o r in g t h e N e t w o r k
5
OutBytes:
Outgoing bytes (to the WAN) - Do not tunnel bytes - Routing bytes - Passthrough bytes -
System messages bytes
OutPackets:
Outgoing packets (to the WAN) - Do not tunnel packets - Routing packets - Passthrough
packets - System messages packets.
Do not tunnel Traffic set with the “Do Not Tunnel” decision, Non-link
traffic, Virtual link traffic
For example: in a simple scenario in which the packet size is 1000 bytes:
If InBytes = 300,000 and OutBytes = 100,000 then:
C h a p te r 5 11 5
M o n i t o r in g t h e N e t w o r k
5
In Packets Number of input packets.
C h a p te r 5 11 7
M o n i t o r in g t h e N e t w o r k
5
Out Outbound Acceleration percentage
Acceleration
Since Clear Data transferred over the link selected that was
collected since the Accelerator’s counters were
last cleared. Data is listed in KB, in percentages,
or in number of packets.
C h a p te r 5 11 9
M o n i t o r in g t h e N e t w o r k
5
Viewing Detailed Traffic Discovery
To view detailed traffic discovery for detected applications:
1. In the Accelerator WebUI, click Monitor, followed
by Traffic Discovery and then Detected
Applications.
2. Click on the Details column.
3. The Traffic Discovery dialog box appears.
Chapter 5 121
M o n i t o r in g t h e N e t w o r k
5
Viewing Monitored Applications
The Monitored Applications menu lets you view all monitored applications traversing the
network. You can view the applications coming in both directions (from LAN to WAN
and conversely), the throughput before and after the acceleration, and the acceleration
rate.
Chapter 5 123
M o n i t o r in g t h e N e t w o r k
5
Chapter 5 125
M o n i t o r in g t h e N e t w o r k
5
Application Select an application to view, or select Top 10
or From List.
Top 10 will display results for the ten
applications that are most prevalent on your
network.
From List will display the ten applications
selected in the Monitored Applications window.
Link Speed You can set the link speed in the fields above
the graph to add a line to the displayed graph,
which lets you see the limit of throughput that
can actually traverse the link.
Peak Data Select the Peak checkbox if you want to see the
peak lines representing the best statistics
achieved for the reported period. Because all
graphs displayed give an estimate of the
performance for any given interval, it is
necessary to view the peaks for a full picture of
the Accelerator’s overall performance.
Setting up Graphs
Only applications defined as “monitored” applications are displayed in the application
graphs. The Traffic Discovery menu lets you view all applications traversing the
network.
The Throughput Statistics per Application graph lets you monitor how much traffic
per application passed through the Accelerator. It lets you to compare between
accelerated throughput, (what actually goes over your WAN link) and the pre-
accelerated throughput, which is the throughput that would have been passed without
our advanced compression mechanisms. The blue area represents your bandwidth
gains with the Accelerator, allowing you to see just how much the Accelerator is really
adding to the line.
You can view the graph per each application, for the top 10 applications or for ten
selected applications.
To enable monitoring of a discovered application:
1. In the Accelerator’s WebUI, click on Monitor
followed by Applications, followed by Monitor applications.
2. In the Applications table, highlight the
applications to be monitored and use the arrow
keys to add or remove them from the monitored
applications table.
3. In the Apply to Link field, scroll down to select the
link whose traffic you want to display.
Chapter 5 127
M o n i t o r in g t h e N e t w o r k
5
Viewing Utilization Statistics per Application
The Utilization Statistics per Application graph lets you monitor how much of the
link/s is being utilized. The traffic displayed is accelerated traffic, and therefore cannot
exceed 100% of the link speed.
The Acceleration Statistics per Application graph lets you view acceleration
percentages for inbound and outbound applications on the Accelerator per interface/
tunnel or for the total for the Accelerator.
Compression graphs display, in percents, the amount by which data traffic over the
physical link was reduced by the Accelerator.
Chapter 5 129
M o n i t o r in g t h e N e t w o r k
5
Monitoring Applications
This section explains how to use and understand the Accelerator’s advanced graphic
reporting and statistics feature that enables monitoring of accelerated applications.
Applications are either predefined or user-defined. By default, 50 of the predefined
applications are considered Monitored applications (see Pre-Defined Applications, on
page 353), and all user-defined applications are Monitored by default. Monitored
applications are applications for which statistics are saved in the Accelerator to be
displayed in graphs and charts. You can monitor simultaneously up to 50 applications
on each Accelerator, and up to 10 applications on each link.
Chapter 5 131
M o n i t o r in g t h e N e t w o r k
5
Viewing Summary Graphs
The Accelerator lets you view a selection of important performance graphs to provide
you with an overview of your network performance. The Summary menu lets you view
several graphs via a single screen. The data used in the graphs is based on the total
traffic on all Accelerator links.
To view summary graphs:
1. In the Accelerator’s WebUI, click on Monitor
followed by Summary.
2. Select the link, view last, link speed and peak
data options
All statistic items, in both inbound and outbound directions, are displayed according to:
Data Lists type of statistic gathered
Chapter 5 133
M o n i t o r in g t h e N e t w o r k
5
Since Clear Data transferred over the link selected that was
collected since the Accelerator’s counters were
last cleared. Data is listed in KB, in percentages,
or in number of packets.
Chapter 5 135
M o n i t o r in g t h e N e t w o r k
5
Clearing Statistics
Command ACC1# clear counters link all
[ name]
Purpose Clears all counters. Adding a name at the end of the command
will clear statistics for a specific link only.
Chapter 5 137
M o n i t o r in g t h e N e t w o r k
5
Identifying the Traffic
NetFlow detects the local subnets’ source and destination addresses, and determines
the traffic direction according to these addresses: the local address will be detected as
LAN, while the other address will be detected as WAN. However, local subnets that
were configured in the Accelerator to be excluded (namely: to be connected through a
non-link) are detected as WAN.
NetFlow is completely transparent to the existing network, including end stations,
application software and network devices like LAN switches. In addition, NetFlow is
performed independently on each internetworking device, and need not be operational
on each router in the network. NetFlow exports data to a remote workstation for
collection and further processing. NetFlow does consume CPU resources; therefore, it
is important to understand the resources required on your Accelerator before enabling
NetFlow.
The Accelerator communicates data to Collector as it is set to act as any other probe
on the network, forwarding its packet statistics to the NetFlow Collectors, such as
Scrutinizer™ and PRTG™, which let you monitor and analyze Accelerator packets.
Enabling NetFlow
Command ACC1# netflow
ACC1(netflow)# ip flow-export [x.x.x.x]
port [1 to 65535] version [5]interface
ethernet
[0, 0/0, 0/1] template [full, long,
short]
Chapter 6 P. 1 4 1
A p p l y in g Q o S
6
Accelerator QoS
QoS, or Quality of Service, is designed to help manage traffic across the network in
order to combat the congestion, latency and greedy and rogue applications that all
contribute to poor application and network performance. Organizations need to be able
to allocate bandwidth to mission-critical applications, slow down non-critical
applications, and stop bandwidth abuse in order to efficiently deliver networked
applications to the branch office.
Chapter 6 143
Applying QoS
6
Carrying Out Basic QoS Configuration
Basic QoS configuration is accomplished via the My Applications menu, which is
populated by all traffic types detected on your network. This menu lets you create new,
user-defined applications for traffic not categorized automatically as a predefined
application, and to set basic traffic shaping parameters for predefined and user-defined
applications - how should the network prioritize and handle each application.
Viewing My Applications
The My Applications Menu in the Accelerator WebUI lets you view traffic per
application, filtered by a certain criteria.
To view traffic per application:
1. Click on Setup followed by My Applications.
2. In the My Applications screen, select Discovered
traffic, Defined Applications, Monitored
Applications or All from the pull-down menu.
Classified traffic lists the traffic per system recognized application. Unclassified traffic
lists the traffic that is not recognized by any of the system-defined applications, per port
number.
The table displayed on the My Applications Menu details the Outbound Traffic (by
default, only classified traffic is displayed). Basic data about the settings for each traffic
type is provided, including Application Name, Minimum bandwidth set (if assigned),
Maximum bandwidth set (if assigned), Priority assigned, and acceleration status. The
From-LAN statistics pull-down menu lets you customize the statistics type to be viewed
for the applications, LAN to WAN (outbound traffic) or WAN to LAN (inbound traffic):
Chapter 6 145
Applying QoS
6
Creating New Applications
New applications should be created for all traffic types that do not already exist in the
list of predefined (classified) traffic applications, or as subsets of these applications to
further filter the traffic type selected.
To create an application:
1. In the My Applications menu, click the Create
Application button. The Create Application menu
opens.
2. Update the following parameters to define the
Application and how it is handled:.
Chapter 6 147
Applying QoS
6
The end-result is better, more consistent Citrix
performance; and support of up to four times
more Citrix users on the existing infrastructure.
Aggregation is performed at the link-level and
improves acceleration for traffic with small to
medium packets (like Citrix/ICA traffic or Telnet
traffic), and aggregates compressed packets.
The Aggregation class sets the class to which
this application is related. Aggregation reduces
the size of the traffic by aggregating
compressed packets, before sending them
over the WAN.
The compressed packets will be aggregated in
the link per class. The classes are defined via
the CLI and set the aggregation packet limit,
and will allow a pre-defined delay (window)
before sending the packets.
For aggregation class configuration details,
see Configuring Aggregation Classes, on page
177.
Chapter 6 149
Applying QoS
6
Over-IP To define an application based on a specific
protocol:
1.Select Over IP from the drop-down menu.
2.In the From field enter the first
protocol number to be considered,
in the To field enter the last
protocol number to be considered.
To define a single protocol, enter
the number into the From field and
leave the To field empty.
3.Click the Add button.
The Criteria created appears in the
Criteria Table.
Criteria Table The criteria table lists all the criteria that must
be met in order for traffic to be considered part
of this application.
To delete entries in the Criteria Table, highlight
them and click the Delete button.
Chapter 6 151
Applying QoS
6
Maximum The Maximum bandwidth limit setting will put a
bandwidth (limit) ceiling on the amount of bandwidth that an
application can consume. This is useful for
bandwidth-greedy applications such as FTP or
P2P, to limit the amount of bandwidth they
consume.
Chapter 6 153
Applying QoS
6
NOTE: If you are running a version of AcceleratorOS previous
to 5.0(6), it is important to note that two new
preconfigured applications were added in this version
that may affect user-defined applications on the same
ports. If applications have been configured for port of
1928 (saved for the expand-internal application) or 2598
(citrix-ica-sr), rename these applications exactly as in
the preconfigured application before performing an
upgrade.
If an application exists for a list of ports or range of ports
that include the specified port numbers (1928 and 2598),
remove these ports from the list or range, and create
applications expand-internal with port 1928, and citrix-
ica-sr with port 2598. Then change the policy rules to
match also this application.
Modifying Applications
Selecting an application lets you modify the application definition (the type of traffic,
also known as the traffic rule, or filter) and set up the way the traffic is treated (or
prioritized, also known as shaping).
To modify an application:
1. In the My Applications menu, click the application
name. The Edit Application menu opens.
2. The Edit Application menu lets you modify all
application parameters as listed in Creating New
Applications, above.
Chapter 6 155
Applying QoS
6
Application Criteria You cannot modify the Application Criteria box
from within the Create Web Application box.
The Layer-4 information for this web-based
application is taken from the web definition. To
modify the Layer-4 criteria, return to the My
Applications menu and click on HTTP to edit
the web application.
Layer-7 Information The Layer-7 information box lets you set the
application-specific details necessary for
filtering this web application. Enter any or all
data to be treated as criteria for matching this
web application type. This means that all traffic
considered as part of this web application will
have to meet all criteria listed in this box, as
follows:
Host Name: the host name of the web
application. The Host Name is the internet
address up until the first “/”, for example, for
the address http://172.10.10.10/
loginindex.asp, the Host Name is
172.10.10.10.
URL Name: the URL name is the internet
address after the first “/”. In the example
above, “extranet” can be used as the URL
name.
MIME Type: enter the content type.
User Agent: enter the name of the HTTP
client (Netscape, Mozilla, and so on)
All Layer-7 information criteria use pattern
matching, meaning that, for example, if the
Host Name is www.expand.com, using expand
as the host name is sufficient (up to 128
character string for all HTTP Layer-7
parameters).
Chapter 6 157
Applying QoS
6
Application criteria You cannot modify the Application Criteria box
from within the Create Citrix Application box.
The Layer-4 information for this Citrix based
application is taken from the Citrix definition.
To modify the Layer-4 criteria, return to the My
Applications menu and click on Citrix to edit
the Citrix application.
Layer-7 Information The Layer-7 information box lets you set the
application details necessary for filtering a
specific Citrix application. Enter any or all data
to be treated as criteria for matching this Citrix
application type. This means that all traffic
considered as part of this Citrix application will
have to meet all the criteria listed in this box,
as follows:
Published application: List the Citrix
application type, such as Word, Calc and
Notepad.
Client: List the user name of the device to
be set to be considered part of this traffic
type. For example, to set the priority of the
CEO’s Citrix Client to Real-time for Excel,
enter the name of the CEO’s PC into the
Client field.
Layer-7 information for Citrix is not pattern
matching, meaning that the published
application listed must be the full name of the
application traffic that is intended (these
parameters can use strings up to 20
characters).
For more information on working with Citrix, see section Acceleration and Citrix Traffic,
on page 366.
Chapter 6 161
Applying QoS
6
For example, if two applications have a priority of 210, but one application is created
for all traffic in ports ranging from 2020 to 2060 and the other application is created for
traffic on port number 2032, the 2032 traffic will be handled first.
Another example of higher specificity is when one application defines Layer-7 values
and another application with the same priority order defines values only up to Layer-4
values; the Layer-7 application shaping will be applied to the traffic.
Like the WAN bandwidth setting, the bandwidth set for a link can never be
exceeded. The bandwidth set for the links is divided by the WAN according to the
priority of the traffic coming across the links. This means that if the WAN bandwidth
is 128 Kbps, and Link 1 is set to 128 Kbps and Link 2 is set to 128 Kbps, if one link
has high priority traffic, the lower priority traffic on the other link could be starved.
However, if the Link bandwidth is set to a portion of the WAN bandwidth, then the
link will not exceed this portion, and bandwidth will be left over for other links.
3. Diagnostic Mode Traffic
Traffic set with a priority setting of Diagnostic Mode overrides the QoS mechanism.
162 AcceleratorOS 6.1 User Guide
6
Diagnostic Mode traffic has all the bandwidth of the WAN at its disposal and
supersedes all other traffic and all other QoS settings.
The Diagnostic Mode Traffic setting should be used only in emergency cases,
where an application is not responding to the QoS mechanism; Diagnostic Mode
traffic will be forced to override the QoS mechanism.
4. Bandwidth Limits
Maximum bandwidth limits set for applications are honored and the traffic
throughput is limited according to this setting.
5. Bursts
In addition to the hierarchy, if, after all bandwidth is allocated, there is spare
bandwidth, and an application is set to allow bursts, this application will use all
spare bandwidth even if it is set to ordinarily have a maximum bandwidth limit.
For example, if on a 64 Kbps link FTP is limited to 16 Kbps, with burst allowed
FTP will be able to use the entire 64 Kbps if there is no other traffic on the link,
and when there is traffic, the limit of 16 Kbps will be enforced on FTP.
In order for bursts on applications to be allowed, the WAN has to be configured to
allow bursts (by default it is allowed). The WAN Burst parameter also lets you set a
maximum burst bandwidth, meaning that if the WAN bandwidth is 1 MB, you can
set the WAN burst to limit burst traffic to 900 Kbps in order to avoid maximum
utilization situations because of burst traffic. By default the WAN bursts are allowed
to use the entire WAN bandwidth. In certain environments, lowering the WAN burst
by up to 10% may be useful in order to protect the line from congestion caused by
bursts.
NOTE: QoS settings take effect when the WAN link is full.
Any limitations and guarantees placed on traffic will
apply only if not enough bandwidth exists for all
traffic to flow freely.
6. Desired Bandwidth
Minimum bandwidth Desired set for applications is allocated to all applications on
which a desired minimum bandwidth was set. This is true even for low priority
applications.
For example, in a 64 Kbps link, the applications will divide up the 64 Kbps plus the
Acceleration percentage, like a cake, with the desired bandwidth applications
Chapter 6 163
Applying QoS
6
reserving the first piece. As long as there is no congestion, all applications set to
Desired receive their guaranteed bandwidth. When there is congestion, if high
priority applications are guaranteed bandwidth, they will receive it before low priority
applications that were guaranteed bandwidth. If there is not enough bandwidth for
numerous high priority applications that were guaranteed a desired bandwidth, the
desired bandwidth will be divided proportionately between those applications.
Desired bandwidth is useful especially to prevent starvation of lower priority
applications. Setting a desired bandwidth for a low priority application will ensure
that it receives some small amount of bandwidth even when the high priority
applications are consuming the bulk of the bandwidth.
While the Minimum bandwidth desired is allocated hierarchically according to the
application priority (first to real-time, then to high, then to average, and so on), the
desired bandwidth setting is handled before relative spare bandwidth distribution
among prioritized applications. For this reason it is important to use the Minimum
bandwidth desired setting carefully.
For example: If VoIP is prioritized as high priority traffic on a 1 Mbps connection,
and HTTP traffic receives low priority, but a minimum desired bandwidth setting of
800 Kbps, these 800 Kbps will be allocated to HTTP traffic and the remaining 200
Kbps will be divided proportionally between the VoIP application and the HTTP
traffic.
7. Priority
The relative QoS priority set to the application is considered and bandwidth is
divided proportionally among the applications as follows:
Block: Blocked traffic is discarded.
Real-time: Traffic set to real time receives “strict priority”. This means that as long
as real-time traffic is traversing the network it will receive the entire bandwidth. All
lower priority traffic types will wait until there is free bandwidth, thus starving all
lower priority applications (unless a Minimum bandwidth (desired) was set for
them). For this reason it is important to use the Real-time setting with great care. If
a chatty/bandwidth-greedy application constantly transmits traffic, it is possible that
no other application will receive bandwidth (except those set with a Minimum
bandwidth (desired)).
High/Average/Low: High, average and low traffic priorities divide the bandwidth that
is still available (after desired and real-time traffic) in a proportional method based
on time. High priority traffic waits the shortest amount of time before waiting to be
sent, average priority traffic waits longer than the high priority and low priority traffic
waits longer than the average traffic to be sent. This does not mean that high
priority traffic transmits completely before average traffic starts transmitting, rather
high traffic transmits at a faster rate.
164 AcceleratorOS 6.1 User Guide
6
Setting the priority to high/average/low is appropriate for most traffic types, setting
the relative importance between the applications without causing starvation.
In advanced configuration, you can set the WAN to handle QoS according to
“strict-priority.” This would set the priorities to act deterministically rather than
proportionally: high priority traffic receives all the available bandwidth (after desired
and real-time traffic), average priority traffic receives bandwidth only if no high
priority traffic exists, and so on. If there is constant high-priority traffic, average and
low priority traffic will be starved completely.
Chapter 6 165
Applying QoS
6
Creating QOS Rules
Advanced QoS configuration is accomplished by creating and editing rules as they
appear in the QoS menu.
To create a rule:
1. In the Accelerator’s WebUI, click on the QoS tab,
and then select QoS Rules.
2. In the View rules for application drop-down menu,
select the application on which to apply the rule.
If the application does not exist, you can use the
Setup - My Applications menu to create a new
application; for more information see section
Creating New Applications, on page 146.
While the QoS menu enables fine-tuning of the
definition of the traffic type to be filtered into an
application, making Layer-4 modifications to the
application itself must be done via the Setup - My
Applications menu.
3. Click the Create new rule button. The Create Rule
Menu opens.
4. In the Rule Name field, give a name to the rule.
This is necessary for identifying the rule if it
needs to be modified at a later date.
5. Use the Define and Prioritize sections to enter the
necessary information per your networking
requirements.
Chapter 6 167
Applying QoS
6
Destination IP If you want to filter the application by its
destination IP address:
Other: This will be displayed if advanced
configuration was made via the CLI,
which is more complex than the WebUI
display.
Any: Set the Destination IP to Any if the
application should consider traffic going
to any device (this is the default)
Single IP: Select single IP if only traffic
headed to a single device should receive
the treatment defined in this rule. Input
the IP address.
Subnet: Select Subnet if only traffic
toward a particular subnet should
receive the treatment defined in this rule.
Input the subnet address and the subnet
mask.
Range: Select range if a particular range
of destination IP addresses should
receive the treatment defined in this rule.
Input the first and last IP address to be
considered.
List: Select List and enter up to four
destination IP addresses to receive the
treatment defined in this rule.
Chapter 6 169
Applying QoS
6
Chapter 6 171
Applying QoS
6
To make a decision for a specific application:
1. Select an application from the Application Name
drop-down list.
2. Select the aggregation class. Your choices are as
follows:
Citrix - enables Citrix acceleration on Citrix, telnet and ms-
terminal-server applications.
Default - enables acceleration on small-packet, encrypted
applications such as pop3s, https and ftps.
Custom 1 - enables acceleration on a specific, user-defined link.
Custom 2 - enables acceleration on a specific, user-defined link.
3. Select the Tunnel box to send the application as
tunneled.
4. Select the Accelerate box to accelerate the
application. This box can be selected only if you
previously selected the Tunnel box.
5. Click Add to add the newly defined settings.
If a decision already exists for this application, a
message will appear, requesting your
confirmation to modify the existing settings. Click
OK to confirm.
6. To delete a specific application from the list,
highlight the application name in the table and
click the Delete button.
Chapter 6 173
Applying QoS
6
Configuring QoS via the CLI
The following lists the commands necessary to perform QoS configuration as described
above via the CLI. For more complete explanation of the features detailed below, see
the WebUI configuration above.
Purpose Define a new web application and criteria on the basis of the
specified parameter/s.
Purpose Defines the filter for what type of traffic is handled by this rule
per IP, tos bits and/or application name.
Chapter 6 175
Applying QoS
6
Purpose Defines the importance of the rule.
Purpose Sets the traffic type to override the entire QoS mechanism and
pass through critical/Diagnostic traffic.
Purpose Sets the traffic defined for this rule to be allowed to send bursts
Enabling Bursts
Command ACC1(config)#wan
ACC1(WAN)#burst [number]
Chapter 6 177
Applying QoS
6
Purpose Sets the Citrix aggregation classes globally.
Citrix Aggregation on a link has 4 predefined classes that
enable different Citrix Aggregation settings to be configured
and applied to different types of traffic:
default
custom-1
custom-2
citrix
Different applications may require different Citrix Aggregation
class configuration (for example: different window size and
aggregated packet size). Several well-known applications are
defined as belonging to 'default' or 'citrix' aggregation class (for
example: Citrix and Telnet applications predefined to belong to
the 'citrix' class, which is pre-configured to properly handle
these applications).
You can disable, enable or configure each class.
You can set each application that exists in the Accelerator to
belong to one of the Citrix Aggregation classes. For information
on setting and defining Layer-7 applications, see section
Creating New Applications, on page 146.
By default, Citrix is enabled but default, custom-1 and custom-
2 are disabled.
The Citrix Aggregation class parameter configuration is only
available per-link. The Global command is for ease of use. It
is not saved in the configuration file; rather it goes over each
link and changes its configuration to enable/disable.
To view Citrix Aggregation statistics, use the show
interface link command from the config prompt.
Chapter 6 179
Applying QoS
6
Purpose Sets the post aggregation threshold, number in bytes 40 to
3000 or automatic.
The threshold, set in bytes, is the maximum size of aggregated
packets. That is, when an aggregate packet reaches this size,
it can be sent. You can configure THRESHOLD in range 40-
MTU. The default value is auto, which means that the threshold
will be calculated dynamically according to available bandwidth
as follows:
512 bytes - for bandwidth that is less than or
equal to 512 Kbps
1024 bytes - for bandwidth that is greater than
512 Kbps and less then 1Mbps
MTU (usually 1500 bytes but no more than
3000) - for bandwidth that is more than 1Mbps
If fragmentation is configured in the link, the
threshold auto value will not be larger than the
fragmentation size.
Chapter 6 181
Applying QoS
6
Chapter 7 P. 1 8 3
O p t im iz i n g A c c e le r a t i o n S e r v i c e s
7
Studying TCP Acceleration
TCP, which was designed to ensure reliable IP transmission, performs well on LANs
but does not deal well with the high latency and high-packet-loss found on many
WANs. These limitations are expressed in the long times required for file transfers over
the WAN, degraded web performance and unresponsive applications.
SCPS, the Space Communication Protocol Standards developed by NASA and the US
Air Force, is a collection of standards-based TCP enhancements designed to reduce
the impact of TCP limitations in Long-Haul WANs.
Expand Networks has integrated SCPS into its Accelerator product line by creating the
TCP Acceleration feature, designed to optimize and better utilize WANs that suffer from
distance-induced TCP limitations.
Once the connection is established, TCP data packets are sent in accordance with the
TCP window set - each time the window threshold is met, the receiver responds with
an acknowledge packet, as described in the following figure:
The time wasted waiting for ACK packets to be sent in a TCP connection dramatically
increases latency.
Chapter 7 185
Optimizing Acceleration Services
7
Slow Start:
Because TCP transmissions have no way to know the size of the bandwidth over which
they are being transmitted, each transmission begins slowly, gradually increasing speed
until a packet is dropped - at which point TCP assumes that it has reached the maximum
bandwidth. On high-bandwidth long-distance lines, this slow start wastes much expensive
bandwidth.
The more latency present, the slower the session will start.
Congestion Avoidance:
TCP assumes that any packet lost is due to congestion. Any time a packet is dropped,
TCP reduces transmission rate by half, slowly increasing it until the maximum rate at which
no drops are experienced. On long-distance lines over which packet drops are often the
result of factors other than congestion, transmission is being slowed down unnecessarily.
While these TCP functions are useful in controlling and managing congestion over the
LAN, they cause expensive long-distance links to appear slow.
Chapter 7 187
Optimizing Acceleration Services
7
A larger window enables more packets to be sent before an acknowledge packet is
sent, minimizing the number of acknowledge packets sent and lowering latency.
3584
With TCP
Acceleration Newly created
No TCP
3072 bandwidth
Acceleration
2560
Kbps
2048
1024
512
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
Time
Throughput Link Speed
Computing Latency
The Accelerator automatically configures TCP Acceleration settings according to the
computation that follows.
The network in the diagram above will be used for example purposes. The math used
for calculating the theoretical maximum throughput is based on this drawing. Substitute
the values from your specific network in order to learn the TCP theoretical limitation for
a single session in your network.
Chapter 7 189
Optimizing Acceleration Services
7
The network poses 150 milliseconds (msec) of latency between the client (C) and the
server (S). You can use a ping for determining the end-to-end latency between a client
and server by sending a ping 100 times from the client to the server during business
hours with a 750 byte payload. This payload size ensures some stress on the network,
and should provide a better measurement for latency than simply sending a 64 or 32
byte ping as some operating systems do. An example of this ping command used on
Windows is:
ping x.x.x.x –l 750 –n 100
(x.x.x.x = the server’s ip address, –l is the payload size, and -n is the amount of pings)
You can use the following formula to calculate the theoretical limitation:
Bandwidth equals the window size divided by the round trip time
8 KB 16 KB 32 KB 64 KB
Kbps Kbps
Chapter 7 191
Optimizing Acceleration Services
7
Configuring TCP Acceleration
You can use the WebUI to configure basic TCP Acceleration, such as typical RTT and
typical acceleration rate. In addition, you can set here the send and receive windows’
sizes.
Another significant setting possible through the TCP Acceleration screen is the
congestion control, which can be set to one of the following options:
None - no congestion avoidance is used
Standard - the congestion avoidance conforms to the standard TCP/IP protocol (Reno)
Vegas
TCP Vegas reduces latency and increases overall through-out, by carefully matching
the sending rate to the rate at which packets are successfully being transmitted by the
network.
The Vegas algorithm maintains shorter queues, and is therefore suitable either for low-
bandwidth-delay paths, such as DSL, where the sender is constantly over-running
buffers, or for high-bandwidth-delay WAN paths, where recovering from losses is a
highly time-consuming process for the sender. The shorter queues should also
enhance the performance of other flows that traverse the same bottlenecks.
If after enabling TCP Acceleration the Accelerator does not perform as expected, you
should check the size of the window set by Windows:
To check the size of the window set by Windows:
1. Click the Start button on the main menu bar,
followed by Run. In the Open field, type
regedit.
2. In the Registry Editor, navigate to the following
location:
HKEY_local_machine\system\Curre
ntControlSet\Services\Tcpip\par
ameters
3. Search the listed parameters. If
TcpWindowSize is not listed, the window size
is set to the Windows’ default of 8 KB.
If TcpWindowSize is listed, double-click on
the registry entry to view the value set.
Chapter 7 193
Optimizing Acceleration Services
7
Outbound Bandwidth in Bytes/Sec: convert the outgoing bandwidth to Bytes per second,
for example T1 = 1,544 Kbps (193,000 Bytes per second)
Compression Ratio: expected acceleration in a compression ratio format (200%
acceleration = 3, 350% acceleration = 4.5)
Round trip time: in seconds (for example 500 ms round trip is 0.5 seconds, 650ms
round-trip is 0.65 seconds)
For example, a T1 line with 600 ms round trip time with outbound acceleration of
230%:
Bandwidth in bytes/sec - 193000
Compression ratio – 3.3
193000*3.3*0.6*3 = 1146420
To set the send window size and the receive window size to this value, use the
following CLI commands:
Command ACC1(conf)#tcp-acceleration
ACC1(TCP-ACC)#window send [number]
ACC1(TCP-ACC)#window receive [number]
For more TCP Acceleration configuration details, see section Configuring TCP
Acceleration, on page 192.
Chapter 7 195
Optimizing Acceleration Services
7
Configuring TCP via the CLI
For information on how to work with the CLI, see section Using CLI Configuration, on
page 277.
When entering commands, you can enter a unique command prefix instead of the full
command word and AcceleratorOS will recognize the command. For example, enter
conf for configure. If you press <Tab> after typing the unique prefix, the full command
word will be displayed.
Purpose The typical round trip time has a default setting of 500. If the
typical rtt is known to be otherwise, updating this parameter is
necessary in order to get accurate TCP Acceleration settings
when working with automatic window sizes.
Purpose The settings made globally are applied per link by using the
use-global-tcp-acceleration command.
Chapter 7 197
Optimizing Acceleration Services
7
NOTE: TCP Vegas increases overall throughout by carefully
matching the sending rate to the rate at which packets
are successfully being transmitted by the network.
The Vegas algorithm maintains shorter queues, and is
therefore suitable for low-bandwidth-delay paths, such
as DSL, where the sender is constantly over-running
buffers, or high-bandwidth-delay WAN paths, where
recovering from losses is a highly time-consuming
process for the sender. The shorter queues should also
enhance the performance of other flows that traverse
the same bottlenecks
Purpose Sets the number of packets for which ACKs will be sent.
(An ACK will be sent each X packets.)
Purpose Sets the maximum time that should be waited before sending
an ACK packet. An ACK packet is sent this often if the number
of packets set by the ACK rate packet were not received.
Purpose Sets the starting point for the bytes of memory used for the
outgoing TCP window buffer.
When set to auto, the send window size will be automatically
configured based on the Round Trip Time value.
Purpose Sets a limit on the outgoing TCP window buffer, ensuring that
the buffer does not consume too much memory.
Purpose Sets the starting point for the bytes of memory used for the
incoming TCP window buffer. When set to auto, the send
window size will be automatically configured based on the
Round Trip Time value.
Chapter 7 199
Optimizing Acceleration Services
7
Purpose Sets a limit on the incoming TCP window buffer, ensuring that
the buffer does not consume too much memory.
Setting Snack
Command ACC1(TCP-ACC)#snack [enable, disable]
Purpose Sets the maximum time that should be waited before sending a
SNACK packet.
Setting Nagle
Command ACC1(TCP-ACC)#nagle [enable, disable]
The upper part of the WAFS screen indicates the WAFS operation mode: either FB
(FileBank) or FBD (FileBank Director). This mode is defined during installation and
cannot be changed here.
The lower part lets you select whether to enable WAFS transparency. If you enable
this feature, the FB will poll the FBD for all file servers it recognizes, as well as each
server that is added or removed. All IP addresses of these file servers are resolved,
and all traffic destined to the servers is redirected to the Accelerator.
Purpose Displays the list of servers that are excluded from WAFS
transparency.
FileBank Categories
The following sections describe the WAFS management screen work categories, as
viewed when the WAFS operation mode is FB (FileBank):
FileBank System, on page 203
File Services, on page 205
Additional Services, on page 204
FileBank Utilities, on page 204
FileBank System
The System category includes the following subsections:
Setup Wizard - lets you set up FileBank in several simple steps. Once Setup is
complete, the FileBank can function. You should run the Setup Wizard prior to activating
FileBank. All parameters set via the Setup Wizard can be modified within the GUI.
Boot services - lets you control FileBank service and device status. Controlling the
service status lets you start, stop or restart FileBank service. Controlling the device
status lets you reboot or shut down the FileBank device.
Chapter 7 203
Optimizing Acceleration Services
7
FileBank Services
This section describes FileBank File Services functions, which are as follows:
FileBank Directors - displays the current FileBank Director(s) for the FileBank, and lets
you Add or Delete FileBank Directors as necessary.
Virtual Servers - lets you configure FileBank to automatically add a prefix and/or suffix to
the original file server name defined at the FileBank Director site, to represent the local
virtual server. This helps distinguishing the local virtual server name from the Central File
Server name.
Windows Domain - lets you join the FileBank to the domain, use domain administrator
credentials (Username and Password), set the domain name, and add or delete
authentication servers.
Cache Settings - gives you cache statistics, and lets you control basic cache
functionality: cache validation frequency, and manual cache invalidation.
Fetch Settings - lets you define which data will be fetched from the Data Center for pre-
population of the Cache. Once fetched, this data resides in the Cache and can be
accessed immediately. Thus pre-population optimizes first-time access to this data.
System Users - lets you add and delete FileBank system users.
Filters - provides smart filters to enhance performance and bandwidth optimization over
the WAN.
Replication Services - the method by which the system can be set to optimize the
handling of very large files over the bandwidth-limited WAN link.
Additional Services
This section describes the FileBank Additional Services, which are:
Print Services - FileBank can be configured to serve as the local branch print server.
This screen lets you add network printers, view a list of already existing printers, and
delete printers, as required.
FileBank Utilities
This section describes the FileBank utilities, which are as follows:
System Diagnostics - lets you run a diagnostic test on the FileBank device to ensure
that the device is working properly. The results of the test will be displayed in the Results
area of this screen.
File Services
This section describes the following functions offered by FileBank Director:
FileBank Director Settings - lets you define the Listen Port Assignments settings and
set the FileBank Director ID. The TCP (data transfer) and UDP ("keep alive") ports are set
to 4049 by default, but can be changed if necessary.
System Users - used for managing internal users that are used by specific Expand
services (for example: Replication Service).
Chapter 7 205
Optimizing Acceleration Services
7
File Servers - to add file severs to be exported through the Expand WAFS solution and
the FileBank Director, enter the file server name —and optionally an alias—in this screen.
Filters - allow Expand to avoid unnecessary compression attempts on files that are
already compressed, thereby improving overall system performance.
Replication Services - the method by which the system can be set to optimize the
handling of very large files over the bandwidth-limited WAN link.
The Web Acceleration plug-in serves requested objects from its cache. If the object is
not in the cache, it retrieves the object on behalf of the client from the original server,
caches it (when relevant) and serves the client's request.
Web Acceleration guarantees network transparency. When the Accelerator is deployed
on the network, there is no need for any configuration modification of connected LAN
clients.
In On-Path deployments, HTTP transparency will also apply to the server side, meaning
that if a sniffer is used between an Accelerator and the default gateway, HTTP packets
will be seen to contain the client and server IP addresses. FTP traffic will be transparent
only on the client side.
In On-LAN deployments, transparency will apply only to the client side. A sniffer placed
between an Accelerator and the default gateway will see packets containing the
Accelerator and server IP addresses. This later is necessary to guarantee that replies will
travel via the Accelerator’s Web Cache engine and not be delivered directly to the client.
Web Acceleration supports both FTP and HTTP caching.
FTP caching: the Web Acceleration cache guarantees that objects sent to the client from
the cache are always fresh (only supported if the FTP server supports MDTM ex, vsftpd as
well as SIZE headers). Both Passive and Active FTP caching modes are supported.
HTTP caching: the object will have an aging time in the cache until it is retrieved again
from the server.
Chapter 7 207
Optimizing Acceleration Services
7
Configuring WEB Acceleration via the WebUI
The WebUI lets you configure HTTP acceleration and FTP acceleration.
SeT
Chapter 7 209
Optimizing Acceleration Services
7
Setting HTTP Acceleration Rules
The HTTP Acceleration Rules screen lets you configure Direct and No Cache rules
supported by HTTP acceleration.
To set HTTP Acceleration rules:
1. Under Services click Web Acceleration, followed
by HTTP Acceleration, and then select Rules.
2. In the Type field, scroll down to select either
Direct Rule or No Cache Rule.
You should enter regular expressions in the edit
fields of both rules.
The expression entered in Direct Rule should be
valid on a URL, and determines that all requests
that match this expression are always forwarded
directly to the origin server, without using the
proxy server. For example: if you apply rule direct
avaya, all requests that match the avaya regular
expression will be forwarded directly to the origin
server.
The expression entered in No Cache rule
determines that traffic directed to a specific URL,
which matches this specific expression (for
example: no cache avaya) will be neither cached
nor retrieved from the cache, and after the traffic
is retrieved from the server it will not be cached.
In both cases (Direct and No Cache rules) you
can define multiple rules.
Chapter 7 2 11
Optimizing Acceleration Services
7
Configuring FTP Acceleration
Server Port Number Lets you manually set the port number used for
caching (default: 21).
Chapter 7 213
Optimizing Acceleration Services
7
Configuring WEB Acceleration via the CLI
Some parameters common to both HTTP and FTP Acceleration are configurable via
the CLI as follows:
Chapter 7 215
Optimizing Acceleration Services
7
Metacharacter Description Example
[^c1-c2] Matches any [^158A-C] matches any
characters except characters except 1, 5, 8 and
those in the range. upper case a, b and c letters.
+ Matches one or more 9+ matches 9, 99, 999.
occurrences of the
character or regular
expression
immediately
preceding it.
Of course, you can combine several regular expressions to look more specifically, as
indicated in the following examples:
^http://www\.*\.com - looks for every website that starts with http://www. and ends with
.com.
\.sol\. - looks for every occurrence of the .sol. string.
Chapter 7 217
Optimizing Acceleration Services
7
NOTE: Before configuring a rule direct regular expression, you
must configure in the client’s browser the same settings
configured in the Accelerator.
For example: If you want to set a rule direct to all sites
beginning with http://www.g4tv, then in Internet
Explorer select Tools > Internet Options, and then the
Connections tab. In the bottom section of this tab, click
the LAN Settings button and select the checkbox Use a
Proxy server for your LAN. Then, click the Advanced
button and in the Exceptions section of the Proxy
Settings tab, indicate http://www.g4tv as the beginning
of an address for which proxy server will not be used.
In Mozilla Firefox, Select Tools > Options, and in the
Connection section click the Use Connection Settings
button. In the Connection Settings dialog box, type http://
www.g4tv in the No proxy for field.
NOTE: The CLI does not allow regular expression using the
following characters: # ‘ “ ,. A message error will be
displayed as a result of any attempt to insert such a
character
Purpose Sets the default port on which HTTP traffic generally arrives.
The default is 80.
Chapter 7 219
Optimizing Acceleration Services
7
Setting Content to be Cached
Command ACC1(http-acceleration)#cache-content
[enterprise | internet | all]
Purpose Sets the size of the cache (between 1 and 60 GB). Default is
16 GB.
Approximately 10 MB of RAM is needed for each 1 GB of data
cached.
Purpose Sets the maximum size for objects stored in the cache. Default
is 4096 KB.
Setting logs
Command ACC1(http-acceleration)#log-level
[alert | error | info | warning]
Purpose You can set the Accelerator’s log file to accumulate events that
occur in HTTP Acceleration. To set the type of alerts to be
accumulated, set the lowest level of alert to be logged. By
default, logging is disabled. When enabled, the default level is
Error.
Chapter 7 221
Optimizing Acceleration Services
7
Purpose Sets the FTP translation mode as follows:
Active: Changes the Client translation mode to Active.
Active mode FTP may cause the client side firewall to interpret
the connection from the server as an outside system initiating a
connection to an internal client. This type of connection is
usually blocked.
Passive: Changes the Client translation mode to Passive.
In passive mode FTP the client initiates both connections to the
server, solving the problem of firewalls filtering the incoming
data port connection to the client from the server.
By default, the mode set on the FTP client is used on the
Accelerator.
When None is set, no translation is carried out.
Purpose Sets the default port on which FTP traffic generally arrives. The
default is 21.
Purpose Sets the amounts of time (in seconds, between 1 and 600) for
a client to remain connected with no traffic being cached.
Default is 60 seconds.
Purpose You can set the Accelerator’s log file to accumulate events for
that occur in FTP Acceleration. To set the type of alerts to be
accumulated, set the lowest level of alert to be logged. By
default, logging is disabled. When enabled, the default level is
Error.
Chapter 7 223
Optimizing Acceleration Services
7
Enabling Citrix Acceleration
Citrix Acceleration optimizes applications by using small packets such as Citrix, rdp,
and telnet. To configure Citrix Acceleration for such optimizations, match application to
class and enable the class on all links. To define advanced configuration settings, such
as class configuration and link-specific settings, use the CLI.
The application names are predefined in the system. To add a new application, use the
Setup > My Applications menu.
The aggregation classes are as follows:
Citrix - enables Citrix acceleration on Citrix, telnet and ms-terminal-server applications.
Default - enables Citrix acceleration on small-packet, encrypted applications such as
pop3s, https and ftps.
Custom 1 - enables Citrix acceleration on a specific, user-defined link.
Custom 2 - enables Citrix acceleration on a specific, user-defined link.
The new match now appears in the Matching Application to Class table.
To apply a specific Citrix aggregation class on all links:
1. Select the Enable option for the relevant class.
2. Click the Apply to All Links button.
3. When prompted whether you want to configure
Citrix acceleration on all links, click OK.
Chapter 7 225
Optimizing Acceleration Services
7
Chapter 8 P. 2 2 9
Setting Advanced Parameters
8
Handling WANs
The Accelerator arrives preconfigured with one default WAN. To define the bandwidth
setting for this default WAN, select Setup - My Accelerator - Basic menu, and then click
the Advanced Settings button to open the Advanced Settings screen.
On large networks (for example in cases where there are two routers or one router with
multiple WAN interfaces) in which the Accelerator will optimize the traffic of more than
one WAN, you can add additional WANs to the Accelerator.
Adding a WAN
Command ACC1(config)#wan [name]
Chapter 8 231
Setting Advanced Parameters
8
Handling Interfaces
The Accelerator automatically detects the MAC address and Speed and Duplex
settings for each of its interfaces. You can perform all required speed and duplex
setting modifications via the My Interfaces menu. The interface name corresponds to
the name printed on the back panel of the Accelerator and cannot be modified. The
MAC address is permanent and cannot be modified.
The Speed and Duplex settings let you define the link as either 10 or 100 Mbits (or
1000 Mbits for the Accelerator 6800 series) and as either Half or Full duplex.
The Auto setting will automatically configure the Accelerator to the detected link speed
and duplex setting (this is the default setting).
NOTE: Setting wrong interface speed and duplex values for the
Accelerator may result in many errors on the line
towards the router, and even loss of connectivity. If you
are uncertain as to the speed and duplex setting
required, you can use the Auto setting; however it is
recommended to manually set the speed and duplex.
Chapter 8 233
Setting Advanced Parameters
8
The following figure depicts working with VLAN in an On-LAN configuration.
In the setup depicted, VLAN 1, 2 and 3 are defined in the Accelerator. VLAN 1 is
defined as native, meaning that it takes its IP address from the Accelerator’s Local
interface. A second 802.1q trunk is created from the Layer-2 switch to the Accelerator
enabling VLAN support in an On-LAN environment.
Chapter 8 235
Setting Advanced Parameters
8
The Accelerator is connected directly to a Layer-2 switch via a VLAN (802.1q) trunk.
VLAN 1, 2 and 3 are defined in the Accelerator and VLAN 1 is defined as Native.
To include the Accelerator in a VLAN group:
1. In the WebUI, click the Setup tab, followed by
Advanced, and then VLAN Interfaces.Changed -
used to be My Interfaces. and then click a button
to see VLAN Interfaces - March 8, 2007.
2. In the VLAN Interfaces menu, enter the
necessary VLAN ID number (0 to 4095).
3. The Accelerator must have an extra IP address
and Subnet Mask for each VLAN group it joins.
To enter an IP address and subnet mask to be
used within the VLAN group, select the IP
address radio button and enter the IP address and
subnet mask into the supplied fields.`
To use the Accelerator’s original IP address and
subnet mask as its address within the VLAN
group, select the Native IP setting radio button.
When Native is selected, it is possible to select
the Tagged checkbox to include the VLAN tag in
the packets sent from the Native VLAN.
4. Click the Add button.
All VLAN interfaces added will appear in the
VLAN Interfaces table, at the bottom of the
screen.
Setting VLAN
Command ACC1(config)#interface vlan [number]
x.x.x.x x.x.x.x (enter ip address and
subnet mask)
or
native
or
native tagged
Chapter 8 237
Setting Advanced Parameters
8
Creating Static ARP Entries
If you want to make a replacement within the ARP table, you can add a static ARP
entry, by mapping a specific IP address to a specific MAC address.
To map a static ARP entry:
1. In the WebUI, click the Setup tab, followed by
Networking, and then ARP.
In the ARP menu, add the IP address and MAC
address to be mapped.
2. If this change is to be permanent, select the
permanent checkbox. Otherwise, this entry will
remain until the next Accelerator reboot, or until it
is deleted from the ARP table.
3. Click the Add Static Entry button.
The entry appears in the ARP table.
If you want to delete the entry, click the Delete
button. To delete the entire ARP table, including
all its entries, click the Clear All button.
Chapter 8 239
Setting Advanced Parameters
8
Defining Authentication Settings
Command ACC1(config)#arp cache limits [ three
numbers between 128000 and 8000000]
The Accelerator lets you modify the password necessary for logging in.
VRRP works in much the same way. In general, the Master device is configured to
have the highest priority and will be active in the group. It acquires the Virtual IP
address of the group, but does not have management functionality of the Virtual IP,
only the transfer capabilities. The Backup devices perform the standby function. The
VRRP can include many backup devices, and this protocol does not support knowing,
at any given time, which backup device will take over in the event of failure.
Hosts continue to forward IP packets to a consistent IP and MAC address, and the
changeover of devices is transparent. The recovery time of the VRRP is about 3 times
faster than HSRP (the HSRP default is 10 seconds instead of 3 seconds in VRRP).
Accelerators can take part in HSRP and VRRP and work in tandem with the routers
that provide backup for the network. The following figures display an Accelerator
Chapter 8 241
Setting Advanced Parameters
8
application working with routers in a virtual HSRP and VRRP group. The Accelerator
and routers are configured with the MAC address and the IP network address of the
virtual HSRP/VRRP group.
The Accelerator is configured to have the highest priority and work as the Active/Master
device. It is configured with the IP address and MAC address of the virtual router and
forwards any packets addressed to the virtual router.
In HSRP, one of the routers acts as the Standby router, so that if, due to severe power
failure or any other unlikely event, the Accelerator stops transferring packets, the router
protocol gets into effect and the router assumes the duties of the Accelerator and
becomes the Active device.
In VRRP, both routers are configured as backup routers. Therefore, if due to severe
power failure or any other unlikely event the Accelerator stops transferring packets, one
of the backup routers assumes the duties of the Accelerator.
Chapter 8 243
Setting Advanced Parameters
8
Setting Manual HSRP Configuration
If the Automatic detection does not find an HSRP group, or an HSRP group is to be
manually added or edited, you can modify the parameters as follows.
To manually modify the HSRP configuration:
1. In the WebUI, click the Setup tab, followed by
Networking, and then HSRP.
2. In the HSRP menu, enter the Group ID number (0
- 255), the Virtual IP address, the Priority (0 -
255), the Virtual MAC address and the status of
the Accelerator in the group (whether the Joined
option is Disabled or Enabled).
3. Click Add.
The HSRP group immediately appears in the
HSRP table.
4. To modify the information, highlight the row in the
HSRP table and click the Edit button to modify
the following parameters:.
Chapter 8 245
Setting Advanced Parameters
8
Preempt Preempt is used for determining how to
react when a higher priority router joins the
group. When enabled, the higher priority
router will prevail, when disabled, the higher
priority router will assume the Standby
mode until the current Active router
experiences a failure.
Setting the Accelerator to enable preempt is
useful when you want the Accelerator to
remain active as much as possible. On the
other hand, the change-over between one
device and another can take two to three
seconds, during which the network has no
default gateway, so you have to use
preempt carefully.
Chapter 8 247
Setting Advanced Parameters
8
Autodetecting HSRP Groups
Command ACC1(config)#HSRP autodetect enable/
disable
Chapter 8 249
Setting Advanced Parameters
8
Priority Setting the Accelerator’s priority lets you
select its status in the VRRP group.
If two devices in the VRRP group have the
same priority, the Active router will be set
according to IP address. Expand does not
recommend this setup.
Once the Accelerator is set to have the
highest priority, it will become the active
router in the VRRP group.
Configuring DNS
The Domain Name Server (DNS) Configuration screen lets you manage Domain Name
Servers and define domain name, domain name search path and static hosts..
To set a domain name:
1. In the WebUI, click the Setup tab, followed by
Networking, and then DNS.
2. Enter the domain name in the Domain Name field.
3. Select whether to enable or disable IP Domain
Lookup.
4. Click Add.
The domain now appears in the Domain Name
Table.
Chapter 8 251
Setting Advanced Parameters
8
To delete an existing server:
1. In the servers table, highlight the line that
contains the server address, in order to select it.
2. Click Delete.
You will be prompted to confirm the deletion.
3. Click OK.
The server is now removed from the Servers
Table.
Use the steps mentioned above in order to add or delete domain names and static
hosts.
Chapter 8 253
Setting Advanced Parameters
8
Link Name Set a name for the link, which will let you
identify it in the future (this is especially
important for large deployments).
Chapter 8 255
Setting Advanced Parameters
8
Aggregation Enables aggregating small packets on this
link. If packets arrive smaller than the set
size (68 to 6000), then the QoS mechanism
will aggregate them and send them together
across the link. This applies only to traffic
set with a CoS value of low, medium and
high priority.
You do not have to configure aggregation
symmetrically on both ends. Aggregation is
accomplished on outgoing packets before
the packets are compressed.
Aggregation is only applied on congested
links, to avoid adding unnecessary latency
on non-problematic links.
Chapter 8 257
Setting Advanced Parameters
8
ToS You can either preserve the original ToS
setting of the packets or set a new ToS
value for this application.
To preserve the original
ToS value, select the
Preserve radio button.
To set a new ToS value for
this traffic, select the Set
radio button and select
ToS value, Code Point or
CoS ToS from the drop-
down menu. Set a value.
NOTE: Setting this value is not required if
Transparent Mode is selected.
The Status/Compression column in the Links Table reveals the status of each link, the
mouse-over callout provides further detail as to the status as follows:
Load Error Internal error occurred during definition of
the link in the system
Chapter 8 259
Setting Advanced Parameters
8
Accelerating Link is active and acceleration is on
Chapter 8 261
Setting Advanced Parameters
8
Using Dynamic Bandwidth
The Bandwidth Adjustment section lets you define settings to detect traffic congestion
on a link, and adjust the outgoing bandwidth accordingly. This feature is disabled by
default and should be used judiciously.
The feature should be used on low to medium bandwidth links, which can suffer from
changing outgoing bandwidth.
The bandwidth adjustment mechanism samples internal messages (of the link’s internal
protocol). Based on these messages, the bandwidth adjustment algorithm detects a
state of congestion and decreases the user-defined outgoing bandwidth. Once the
mechanism detects that the state of congestion no longer exists, the bandwidth will
gradually be restored to its user-defined size.
The bandwidth adjustment parameters are as follows:
Minimum Defines the minimum value to which the bandwidth will
Bandwidth be reduced as a result of congestion. This value is
calculated as percentage of the user-defined outgoing
bandwidth size. Default: 50%
Increase Rate Defines the rate by which the link’s bandwidth will be
gradually restored to its former size.
Increasing the bandwidth is much less critical than
decreasing it in case of congestion, and therefore the
default set of the increase is 2%.
Decrease Rate Defines the rate by which the link’s bandwidth will be
decreased by intervals in case of congestion.
Decreasing the bandwidth in case of congestion is a
critical measure, and therefore the default set of the
decrease is 10%.
First Decrease Defines the rate of the first decrease to be higher than
Rate the following bandwidth decreases. If you do not want to
set a special value to the first decrease, leave the default
value None.
Decrease Interval The interval (in seconds) between each of the bandwidth
decreases. Default: 2 seconds.
Chapter 8 263
Setting Advanced Parameters
8
Purpose Enables packets to be fragmented on this link. If packets arrive
larger than the set size (68 to 6000), then the QoS mechanism
will break them up. This is useful for handling latency on low
bandwidth links. This only applies to traffic set with a CoS
value of low, medium and high priority.
Fragmentation does not have to be configured symmetrically
on both ends. Fragmentation is accomplished on outgoing
packets before the packets are compressed.
Forcing Tunneling
Command ACC1(LINK)# force enable/disable
Purpose Sets the link to force all traffic into the tunnel.
Including Checksum
Command ACC1(LINK)# checksum enable/disable
Chapter 8 265
Setting Advanced Parameters
8
Sample Network Configuration
hostname Acc20
!
interface local
ip address 10.101.20.6 255.255.255.0
ip default-gateway 10.101.20.2
!
no terminal-timeout
interface link 1
description L-10.101.21.6
bandwidth 2400
metric 31
aggregation post class default window 20 limit 700 threshold 1499
aggregation post class default enable
link destination 10.101.21.6
bandwidth adjust
adjust enable
minimal-bandwidth 85
decrease rate first 40
!
tcp-acceleration
use-global-tcp-acceleration disable
tcp-acceleration enable
congestion-control vegas
!
!
interface link virtual 2
description Virtual-Link
metric 41
subnet add 1.1.1.1 255.255.255.255
!
interface ethernet 0
ip address 1.1.1.1 255.255.0.0
!
application 3331 udp 3331
application 2525 udp 2525
NOTE: Both peers must configure the link in dialup mode with
the same timeout.
Configuring Dial-on-Demand
Setting the keepalive dialer will activate the Dial-on-Demand mode. This can only be
configured via the CLI, as follows.
Purpose Sets the number of seconds to wait while the link is quiet
before dropping the link.
Chapter 8 269
Setting Advanced Parameters
8
Chapter 9 P. 2 7 1
Configuring Management Options
9
Studying the ExpandView System
Expand Networks' ExpandView is a centralized monitoring and management system for
Expand Accelerators. ExpandView gives you total visibility, via a Dynamic Network
Map, into global WAN operations, thus enabling global changes to be implemented in
minutes. Detailed graphs and reports, easy-to-use QoS templates and tight integration
with Expand's award-winning Accelerators make ExpandView the ideal Centralized
monitoring and management system for ensuring optimal application performance over
the WAN.
Chapter 9 273
C o n f ig u ri n g M a n a g e me n t Op t i o n s
9
Purpose Sets the port to use for interaction with the ExpandView server.
Chapter 9 275
C o n f ig u ri n g M a n a g e me n t Op t i o n s
9
Using Out-of-Band Management
You can manage the Accelerator remotely from a management station on a LAN
external to the accelerated network. When Out-of-band management is used, Ethernet
0 cannot participate in VLAN or HSRP/VRRP, should not be part of OSPF or RIP
router polling support, and should not use WCCP or RIP route injection.
To use Out-of-band management:
1. Connect the Accelerator’s Ethernet 0 to the
remote network.
2. Set Ethernet 0 to be removed from the
Accelerator’s bridging capabilities
3. Add a separate IP address for this interface.
Disabling Bridging
Command ACC1(config)#interface ethernet 0
ACC1(interface)# bridged-state disable
Chapter 9 277
C o n f ig u ri n g M a n a g e me n t Op t i o n s
9
Mode Access Method Prompt Exit Method
Getting Help
You have to enter only enough characters for the Accelerator to recognize the command
as unique. For example, the following string is enough for the Accelerator to recognize the
show startup configuration command:
Acc1# show startup config
You can use the question mark (?) and arrow keys to help you enter commands.
For a list of available commands under each command, enter a question mark:
Acc1(config)#?
To complete a command, enter a few known characters followed by a tab:
Acc1(config)#sh
For a list of command variables, enter the command followed by a space and a question
mark:
Acc1(config)# show?
To redisplay a command you previously entered, press the up-arrow key. You can continue
to press the up arrow key earlier entered commands.
Chapter 9 279
C o n f ig u ri n g M a n a g e m e n t O p t i o n s
9
Accessing Configuration Options
To access configuration options:
1. Run your terminal-based application, configuring
it as follows:
Baud rate: 9600 bps
Parity: none
Data bits: 8
Stop bits: 1
2. Connect to AcceleratorOS Command Line
Interface (CLI). Press <Enter> several times until
the Accelerator prompt is displayed:
accelerator>.
3. Type enable, and press <Enter> to enter the
privilege mode (privilege mode 15 enables
complete configuration).
4. A # symbol at the end of the prompt indicates that
configuration options are enabled, as shown
below.
accelerator>enable
accelerator#.
Chapter 9 281
C o n f ig u ri n g M a n a g e m e n t O p t i o n s
9
NOTE: Each variable must be preceded by a $ sign.
The default banner is:
"$OEM_PROD_NAME, Accelerator $SERIES Series”
“$SOFTWARE_VERSION”
“” (empty-line)
Chapter 9 283
C o n f ig u ri n g M a n a g e m e n t O p t i o n s
9
Using SNMP
The Accelerator supports SNMP versions 1, 2c and 3, functioning as an SNMP agent
for monitoring performance statistics from a Network Management System (NMS). In
addition, the Accelerator can send SNMP traps to the NMS and other network devices.
To work with the Accelerator’s SNMP management, the network’s SNMP settings must
be updated in the Accelerator. Define the following SNMP Communities and enable
traps (if desired).
To enable SNMP:
1. In the Accelerator’s WebUI, click on Setup,
followed by Advanced, and then SNMP.
2. Select the Enable SNMP checkbox.
The default Read Community is public.
3. If you want the Accelerator to receive SNMP
traps, select the Enable Traps checkbox, and
enter the Community Name and Manager IP.
4. Click the Submit button in the bottom right hand
corner.
Purpose Sets the name of the SNMP trap community. The default is
Public.
Purpose Sets the name of the SNMP read community. The default is
Public.
Purpose Sets the password SNMP v.3 password. The default password
is expand_initial_password and should be changed.
Chapter 9 285
C o n f ig u ri n g M a n a g e me n t Op t i o n s
9
NOTE: When monitoring for specific MIBs, add the index
number of the processor even if only one processor
exists. Failing to add the index number will result in an
error message.
For example: using the snmpget command with the
syntax
snmpget -v 1 -c expand 10.65.0.209
1.3.6.1.4.1.3405.1.3.1.1.2.1.3
will return the following error:
There is no such variable name in this MIB.
Failed object: SNMPv2-
SMI:enterprises.3405.1.3.1.1.2.1.3
Chapter 9 287
C o n f ig u ri n g M a n a g e m e n t O p t i o n s
9
Facility The Facility setting sets the Syslog level (0-
23), as follows:
Command ACC1(config)#logging
ACC1(logging)#syslog active [disable |
enable]
Command ACC1(config)#logging
ACC1(logging)#syslog facility [number]
Command ACC1(config)#logging
ACC1(logging)#syslog server ip [IP address
(x.x.x.x)]
Command ACC1(config)#logging
ACC1(logging)#syslog severity minimum
[info | warning | error | fatal] maximum
[fatal | error | warning | info]
Chapter 9 289
C o n f ig u ri n g M a n a g e m e n t O p t i o n s
9
Sending Updates via Email
The Accelerator allows log error messages to be sent via email to notify you of
Accelerator status changes.
To set the email logging feature:
1. In the Accelerator’s WebUI, click on Setup,
followed by Advanced, and then Logging.
2. To enable email notification to be sent, ensure
that the enabled checkbox in the Mail section is
selected.
3. Enter the following parameters as necessary:
Server port Enter the port number that the email server
uses. The default is 25.
Command ACC1(config)#logging
ACC1(logging)#mail from [name]
Purpose Sets the name to appear in the From field of emails sent from
the Accelerator.
Command ACC1(config)#logging
ACC1(logging)#mail recipient [name]
Purpose Sets the name to appear in the To field of emails sent from the
Accelerator.
Command ACC1(config)#logging
ACC1(logging)#mail server ip[ip address
(x.x.x.x)]
Command ACC1(config)#logging
ACC1(logging)#mail server port[port
number]
Command ACC1(config)#logging
ACC1(logging)#mail severity minimum
[info | warning | error | fatal] maximum
[error | fatal | info | warning]
Purpose Defines which events are sent, from the minimum to the
maximum.
Chapter 9 291
C o n f ig u ri n g M a n a g e m e n t O p t i o n s
9
Chapter 10 P. 2 9 3
U s i n g t h e A c c e le ra to r To o l s
10
Upgrading the AcceleratorOS Software
You can upgrade the AcceleratorOS software by uploading software from a remote
server or from the local drive.
To upgrade software:
1. In the WebUI, click on the Tools tab, followed by
Upgrade.
2. Scroll down in the Copy method field, to select the
way the file will be copied (FTP, TFTP or HTTP).
3. In the fields provided, enter the user name,
password and IP address of the device from
which the files are to be copied.
4. Enter the path to the file, followed by the file
name (the file will be a .tgz file).
5. Click the Upgrade button to copy the file to the
user area.
6. Reboot the Accelerator with the new file name.
After rebooting, the Accelerator will extract the file
and run it.
7. At least 10 MB of free space is provided on the
Compact Flash card for file extraction.
Alternatively, select Locally stored on Accelerator
to upgrade to an AcceleratorOS version that is
stored locally on the Accelerator.
Chapter 10 295
U s i n g t h e A c c e l e r a t o r To o l s
10
Using the Configuration Tools
Changes made to the Accelerator’s configuration are automatically saved to the
Accelerator’s Running Configuration and will be applied until changed or until the
Accelerator is shut down.
Any changes that you want to remain configured on the Accelerator, even after
shutdown, must be saved to the Accelerator’s Startup Configuration.
Chapter 10 297
U s i n g t h e A c c e l e r a t o r To o l s
10
Purpose Restores the Accelerator’s configuration to the Factory Default
Settings.
Chapter 10 299
U s i n g t h e A c c e l e r a t o r To o l s
10
Pinging via the WebUI
The Accelerator lets you use the WebUI to Ping network devices and remote
Accelerators.
To ping a network device:
1. In the Accelerator’s WebUI, click Tools followed
by General Tools.
2. Under Ping, in the Destination IP Address field,
enter the IP address of the device to which the
ping will be sent.
3. In the Packet Size field, enter the size of the ping
packets to be sent (default is 64 bytes).
4. In the Number of Times field, enter the number of
times to try sending packets to the remote device.
5. Click the Ping button.
Chapter 10 301
U s i n g t h e A c c e l e r a t o r To o l s
10
to the Startup configuration. The Accelerator will reboot using the previously saved
Startup configuration unless other changes were saved.
To reboot the Accelerator:
1. In the Accelerator’s WebUI, click Tools followed
by General Tools.
2. Under Reboot, click the Reboot button.
Almost all parameters shown in this screen are for display only and cannot be changed.
The only parameter that you can set is Requested Maximum Links.
To set up the requested maximum links:
1. In the Accelerator’s WebUI, click Setup followed
by My Accelerator.
2. Select the Basic tab.
3. Under Basic, click the Advanced Setting
Configuration button.
4. In the Maximum Links section, enter a value in
the Requested Max Links field.
3 04 A c c e l e r a t o r O S U s e r G u i d e
11
11 Security
This chapter describes the various methods for ensuring security within the
Accelerator.
This chapter includes the following sections:
Studying the AcceleratorOS AAA, on page 306
Configuring AAA via the WebUI, on page 308
Configuring AAA via the CLI, on page 314
Auditing Administration Activities, on page 319
Locking/unlocking the Keypad, on page 320
C h a p t e r 11 P. 3 0 5
Security
11
Studying the AcceleratorOS AAA
The Accelerator lets you manage access by means of Authentication, Authorization,
and Accounting (sometimes called Auditing), also known as AAA.
The Accelerator, normally installed in enterprises, government and military
organizations, requires strict security for the networks with which it interacts. Therefore,
the Accelerator’s AAA enables the system to be secured.
Authentication: Validates users' identity in advance of granting login. The
Accelerator’s authentication lets you define the users and set the location in which
passwords are stored. Each user must be defined locally in the Accelerator as well as in
remote AAA servers.
Authorization: Lets users access networks and commands. The Accelerator’s
authorization lets you define the users and their roles.
Accounting: Tracks usage patterns of individual users, service, host, time of day, day
of week, and so on. The Accelerator’s accounting lets you receive logs detailing who
signed in, when, and whether their attempt to access the Accelerator succeeded or failed.
To view the log of these events, use the logging > show events command.
These events can be sent via email or sent to a Syslog server.
The Accelerator’s AAA functionality includes the Accelerator’s ability to use remotely
accessed user-repositories for authenticating users. This functionality enables
controlling different levels of users in the system with different authorities and lists the
auditing functions performed for various operations.
You can configure the Accelerator to make use of a security server via either the
TACACS+ or RADIUS security protocols, or both.
Authentication is the part of the system that will let users define how they authenticate
to the system, allowing the authentication to be based on external authentication
servers. On the authentication side, the new functionality will include per-user settings
to control access to the Accelerator as well as passwords quality verification
functionality and password aging (to be implemented at a later stage).
The Accelerator’s AAA supports multiple users per Accelerator, allowing end-users to
define additional accounts besides the default expand user.
AAA includes control over provided management services, and allows limiting access to
certain management options available on the Accelerator, as well as control access to
the services from a defined set of sources (subnets for ACL).
Setting different user roles, allowing different access levels to the system is supported
with pre-defined roles available in the system. Definition of new roles is user-
configurable.
C h a p te r 11 307
Security
11
Configuring AAA via the WebUI
Configuration of AAA parameters is accomplished via the WebUI, in several steps:
Configuring Users, on page 309
Setting Authentication Preferences, on page 310
Defining the Security Settings, on page 313
C h a p te r 11 309
Security
11
Note: when working with a TACACS server, you must add
each user name into the Accelerator.
Deleting Users
To delete an Accelerator user:
1. In the WebUI, click on Setup followed by Security.
2. In the Users menu, highlight the line in the Users
Table that includes the name of the user to be
deleted. Click the delete button.
3. Click the Submit button to apply settings.
C h a p te r 11 3 11
Security
11
Setting the Authentication Method
The authentication method lets you define which servers are to be checked. If more
than one authentication type is used, select the server types in the order in which they
are to be authenticated.
C h a p te r 11 313
Security
11
Configuring AAA via the CLI
You can set the following basic AAA parameters via the CLI.
Command ACC1(conf)#aaa
ACC1(aaa)#transport input
(telnet|ssh|console|web|secure-
web|ftp|snmp|tftp) (enable|disable)
Command ACC1(conf)#aaa
ACC1(aaa)#radius name [server name] timeout
Purpose Sets the timeout in seconds between 0 and 5000 to wait for a
server to reply. The default timeout is 180 seconds.
Command ACC1(conf)#aaa
ACC1(aaa)#tacacs name [server name] timeout
Purpose Sets the timeout in seconds between 0 and 5000 to wait for a
server to reply. The default timeout is 180 seconds.
Configuring Authentication
Command ACC1(conf)#aaa
ACC1(aaa)#authentication login [local |
radius | tacacs]
Command ACC1(conf)#aaa
ACC1(aaa)#user [user name] role
[administrator| netadmin|monitor]
password local [password | none]
C h a p te r 11 315
Security
11
Purpose Creates users and sets the user’s access level:
Administrators have complete access to the
Accelerator and its commands. netadmins have complete
access to the Accelerator and its commands with the exception
of the Security commands. monitors can access the
Accelerator’s CLI but cannot modify configuration.
Only administrator users can write a configuration.
To set a local password, type in the user name and local
password and press Enter. You will be prompted to enter a
password.
If local is set to none, then passwords will only be necessary
for the remote authentication servers.
Purpose To set a local password, type in the user name and local
password and press Enter. You will be prompted to enter a
password.
-
First Authentication Method.......Local
Second Authentication Method......Radius
Third Authentication Method.......TACACS+
Maximum Failed Login Attempts.....5
C h a p te r 11 317
Security
11
-+
C h a p te r 11 319
Security
11
Locking/unlocking the Keypad
The LCD keypad on the front panel of the Accelerator 4820/4920, the Accelerator 1820
and Accelerator 6840/6940 can be locked. To set the lock key combination sequence,
see section Installing the Accelerator, on page 11.
NOTE: If you lock the keypad via the WebUI or via the CLI, you
cannot use the keypad’s unlock sequence to unlock the
keypad. In such a case, the unlock operation can be
carried out only via the CLI or the WebUI
1. In the Keypad screen, in the Unlock Sequence fields, scroll down in the fields to
select the button to be pressed in the order intended.
2. Click the Submit button.
C h a p te r 11 321
Security
11
Defining Other LCD Settings
Turning Bypass On
Product ID
Management IP
Management Mask
Purpose Sets a lock sequence for the LCD: R=right, L=left, U=up,
D=down, E=enter.
The sequence set should be 5-characters, any order.
C h a p te r 11 323
Security
11
Chapter 12 P. 3 2 5
Tr o u b l e s h o o t i n g
12
Carrying out the Troubleshooting Procedure
If there is a problem with your Accelerator, try using the following steps to help
diagnose the source of the problem:
Check the Event log
Check the topology and host settings - is the default gateway set correctly?
What is being affected? All the links? Particular links?
Use Tools to find the source of the problem
Put the local Accelerator and then the remote Accelerator into bypass mode
Chapter 12 327
Tr o u b l e s h o o t i n g
12
Checking the Event Log
The first thing to do when you encounter problems with Accelerator performance is to
check the Event log for any unusual errors.
The following logging levels are supported:
Checking Info Events, on page 328: Informational messages
Checking Warning Events, on page 328: Warning conditions exist
Checking Error Events, on page 328: Error conditions exist
Checking Fatal Events, on page 329: Unit failure
These levels are related to the severity levels used by email and broadcast functions.
When used with these, the user can define the minimum and maximum event logging
(range) that will be emailed or broadcasted.
Chapter 12 329
Tr o u b l e s h o o t i n g
12
Studying Log Message Formats
Log messages are displayed in the following format:
TIMESTAMP: <LEVEL of SEVERITY> #OCCURRENCE: Message-text;
Timestamp: Log date and time, in the following format: dd/mmm/yy hh:mm:ss
Level of Severity: Debug, information, warning, error, or fatal.
Occurrence: The number of times this log has been recorded.
Message-text: Text string containing detailed information about the event being reported.
Check the Accelerator’s system time when viewing any event the Accelerator
generates. All events are given a timestamp relative to the Accelerator’s local time.
To view the Accelerator system time:
ACC1#show clock
System time is: THU SEP 04
17:37:57 2003
Time zone offset: 0 minutes.
Chapter 12 331
Tr o u b l e s h o o t i n g
12
Checking the Link Status
The status of the link may point to the source of a problem. An initial probe is used
during the Accelerator’s initial link connection stage. If this probe fails, it attempts to
retry until the Accelerator responds. If a link is inactive, a keepalive will be
automatically sent to the remote Accelerator. If 10 keepalive packets do not receive a
response, the Accelerator assumes that the remote Accelerator is down and the local
Accelerator automatically passes the link traffic transparently through to the WAN.
ACC1# show interface link summary
--------------------------------------------------------
LINK|DEST IP ADDRESS|DESCRIPTION|BANDWIDTH|LINK STATUS
----+---------------+-----------+---------+-----------
1 | 10.2.0.6 | L-10.2.0.6|15000/N/A |dropped
non | N/A | non-link | 100000/ N/A | virtual
---------------------------------------------------------
Link Status states are as follows:
Link Status
Chapter 12 333
Tr o u b l e s h o o t i n g
12
Checking Ethernet Settings
Although Ethernet level compatibility is not an issue unique to the Accelerator, it should
be considered in all hardware installations. If an Accelerator goes into hardware
bypass, the two devices that are cabled to the Accelerator are directly connected, and
any incompatibilities between them may cause problems.
Ensure that Ethernet settings are correct.
Description.............................ethernet 0/0
MAC.....................................00:02:B3:C8:4E:9
C
Hardware type...........................mii
Link mode...............................auto (100Mbit-
Full) - link is up
Link detected...........................yes
Supports auto-negotiation...............yes
Supports link modes.....................10baseT/Half
10baseT/Full
100baseT/Half 100baseT/Full
Chapter 12 335
Tr o u b l e s h o o t i n g
12
Ensure that Speed and Duplex settings are set correctly. Expand recommends using
the following command to manually set Speed and Duplex values:
Command Syntax link-mode
100Mbit-full 100 Mega bit
full duplex
100Mbit-half 100 Mega bit
half duplex
10Mbit-full 10 Mega bit
full duplex
10Mbit-half 10 Mega bit
half duplex
auto Auto
Default N/A
Chapter 12 337
Tr o u b l e s h o o t i n g
12
Checking Link Malfunction
If the link is not operating as expected, ensure that the Accelerator configuration
reflects the hardware and software infrastructure. Some external devices may require
that the Accelerator be transparent - consider using RTM encapsulation.
Perhaps performance is being affected by misapplied MPLS or load balancing in the
network.
Consider the following:
Is bypass disabled on the other side of the link?
Are the bandwidth settings correct?
Is Acceleration enabled on both sides of the link?
Is the MTU size set correctly and not larger than the maximum MTU of the link path?
Are the correct subnets advertised to the remote site?
Is there bandwidth oversubscription on the WAN or on a link?
Are packets being dropped on the link?
In case there is a firewall in the path, are IPComp and TCP port 1928 open?
Is the correct link destination address configured?
Chapter 12 339
Tr o u b l e s h o o t i n g
12
Checking HSRP Malfunction
Ensure that you “join” the HSRP group - in previous Accelerator versions, adding an HSRP
group automatically included the Accelerator in the group. In AcceleratorOS 5.0 and above,
after HSRP group parameters are updated, the Accelerator must join the group. In the CLI
this is accomplished using the join command.
Ensure that the correct HSRP group is configured - check the configuration on the other
units in the group.
Ensure that the correct Priority is configured so the Accelerator will not conflict with the
same priority on another unit in the group.
Ensure that the correct virtual IP address is configured.
If authentication is used, ensure that you use the same password (default cisco)
Chapter 12 341
Tr o u b l e s h o o t i n g
12
Appendix A P. 3 4 3
N e t F l o w M o n it o r e d S t a t is t i c s
A
Table 1: Field Type Definitions (Sheet 2 of 9)
SRC_TOS 5 1 Type of
Service byte
setting when
entering
incoming
interface
TCP_FLAGS 6 1 Cumulative
of all the
TCP flags
seen for this
flow
L4_SRC_PO 7 2 TCP/UDP
RT source port
number for
example:
FTP, Telnet,
or equivalent
IPV4_SRC_ 8 4 IPv4 source
ADDR address
SRC_MASK 9 1 The number
of contiguous
bits in the
source
address
subnet mask,
namely: the
subnet mask
in slash
notation
INPUT_SNM 10 N Input
P interface
index; default
for N is 2, but
you can use
higher values
Appendix A 345
N e t F l o w M o n it o r e d S t a t i s t i c s
A
Table 1: Field Type Definitions (Sheet 4 of 9)
DST_AS 17 N (default is Destination
2) BGP
autonomous
system
number
where N
could be 2 or
4
BGP_IPV4_ 18 4 Next-hop
NEXT_HOP router's IP in
the BGP
domain
LAST_SWIT 21 4 System
CHED uptime at
which the
last packet of
this flow was
switched
FIRST_SWIT 22 4 System
CHED uptime at
which the
first packet of
this flow was
switched
IPV6_SRC_ADDR 27 16 IPv6 Source
Address
IPV6_DST_A 28 16 IPv6
DDR Destination
Address
IPV6_SRC_ 29 1 Length of the
MASK IPv6 source
mask in
contiguous
bits
Appendix A 347
N e t F l o w M o n it o r e d S t a t i s t i c s
A
Table 1: Field Type Definitions (Sheet 6 of 9)
FLOW_ACTI 36 2 Timeout
VE_TIMEOU value (in
T seconds) for
active flow
entries in the
NetFlow
cache
FLOW_INAC 37 2 Timeout
TIVE_TIMEO value (in
UT seconds) for
inactive flow
entries in the
NetFlow
cache
ENGINE_TY 38 1 Type of flow
PE switching
engine: RP =
0, VIP/
Linecard = 1
ENGINE_ID 39 1 ID number of
the flow
switching
engine
TOTAL_BYT 40 N (default is Counter with
ES_EXP 4) length N x 8
bits for bytes
for the
number of
bytes
exported by
the
Observation
Domain
Appendix A 351
N e t F l o w M o n it o r e d S t a t i s t i c s
A
Te mplate F i e ld s
The following is a list of NetFlow version 9 template fields exported for each predefined
Expand template: full, long and short.
Full Template
%BYTES %PKTS %PROT %TOS %TCP_FLAGS %L4_SRC_PORT %IP_SRC_ADDR
%SRC_MASK %INPUT_SNMP %L4_DST_PORT %IP_DST_ADDR %DST_MASK
%OUTPUT_SNMP %IP_NEXT_HOP %SRC_AS %DST_AS %LAST_SWITCHED
%FIRST_SWITCHED %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK
%IPV6_DST_MASK %ENGINE_TYPE %ENGINE_ID %TOTAL_BYTES_EXP
%TOTAL_PKTS_EXP %TOTAL_FLOWS_EXP %IP_PROTOCOL_VERSION
%DIRECTION %FRAGMENTED %FINGERPRINT %VLAN_TAG
%NW_LATENCY_SEC %NW_LATENCY_NSEC %APPL_LATENCY_SEC
%APPL_LATENCY_NSEC %PAYLOAD
Long Template
%BYTES %PKTS %PROT %TOS %TCP_FLAGS %L4_SRC_PORT %IP_SRC_ADDR
%SRC_MASK %INPUT_SNMP %L4_DST_PORT %IP_DST_ADDR %DST_MASK
%OUTPUT_SNMP %IP_NEXT_HOP %SRC_AS %DST_AS %LAST_SWITCHED
%FIRST_SWITCHED %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK
%IPV6_DST_MASK %ENGINE_TYPE %ENGINE_ID %TOTAL_BYTES_EXP
%TOTAL_PKTS_EXP %TOTAL_FLOWS_EXP %IP_PROTOCOL_VERSION
%DIRECTION %FRAGMENTED %FINGERPRINT %VLAN_TAG
Short Template
%BYTES %PKTS %PROT %TOS %TCP_FLAGS %L4_SRC_PORT %IP_SRC_ADDR
%SRC_MASK %L4_DST_PORT %IP_DST_ADDR %DST_MASK %IP_NEXT_HOP
%SRC_AS %DST_AS %LAST_SWITCHED %FIRST_SWITCHED
%IP_PROTOCOL_VERSION %DIRECTION %FRAGMENTED %FINGERPRINT
%VLAN_TAG
Appendix B P. 3 5 3
P r e - D e f in e d A p p li c a t i o n s
B
Table 1: Predefined Applications (Sheet 2 of 12)
Application Port/Protocol Number Automatically Monitored?
auditd 48 No
tacacs 49 No
xns-time 52 No
domain 53 Yes
xns-ch 54 No
isi-gl 55 No
xns-auth 56 No
priv-term 57 No
xns-mail 58 No
priv-file 59 No
ni-mail 61 No
acas 62 No
whois++ 63 No
covia 64 No
tacacs-ds 65 No
sql*net 66 No
gopher 70 No
priv-dialout 75 No
deos 76 No
priv-rje 77 No
vettcp 78 No
finger 79 No
http-www 80 Yes
hosts2-ns 81 No
xfer 82 No
mit-ml-dev 83 No
ctf 84 No
mfcobol 86 No
priv-termlink 87 No
su-mit-tg 89 No
354 AcceleratorOS 6.1 User Guide
B
Table 1: Predefined Applications (Sheet 3 of 12)
Application Port/Protocol Number Automatically Monitored?
dnsix 90 No
mit-dov 91 No
npp 92 No
dcp 93 No
objcall 94 No
dixie 96 No
swift-rvf 97 No
tacnews 98 No
metagram 99 No
newacct 100 No
hostname 101 No
iso-tsap 102 No
gppitnp 103 No
acr-nema 104 No
csnet-ns 105 No
3com-tsmux 106 No
snagas 108 No
pop2 109 No
pop3 110 Yes
mcidas 112 No
auth 113 No
audionews 114 No
ansanotify 116 No
uucp-path 117 No
sqlserv 118 No
nntp 119 No
erpc 121 No
smakynet 122 No
ansatrader 124 No
locus-map 125 No
Appendix B 355
P r e - D e f in e d A p p l ic a ti o n s
B
Table 1: Predefined Applications (Sheet 4 of 12)
Application Port/Protocol Number Automatically Monitored?
unitary 126 No
locus-con 127 No
gss-xlicen 128 No
pwdgen 129 No
cisco-fna 130 No
cisco-tna 131 No
cisco-sys 132 No
ingres-net 134 No
endpoint-mapper 135 No
profile 136 No
netbios-ns 137 Yes
netbios-dgm 138 Yes
netbios-ssn 139 Yes
emfis-data 140 No
emfis-cntl 141 No
bl-idm 142 No
imap2 143 Yes
uma 144 No
uaac 145 No
iso-tp0 146 No
iso-ip 147 No
jargon 148 No
aed-512 149 No
sql-net 150 No
bftp 152 No
netsc-prod 154 No
netsc-dev 155 No
sqlsrv 156 No
knet-cmp 157 No
pcmail-srv 158 No
356 AcceleratorOS 6.1 User Guide
B
Table 1: Predefined Applications (Sheet 5 of 12)
Application Port/Protocol Number Automatically Monitored?
nss-routing 159 No
snmp 161 Yes
snmptrap 162 Yes
xns-courier 165 No
s-net 166 No
namp 167 No
rsvd 168 No
send 169 No
print-srv 170 No
multiplex 171 No
cl-1 172 No
xyplex-mux 173 No
mailq 174 No
vmnet 175 No
genrad-mux 176 No
nextstep 178 No
bgp 179 No
ris 180 No
unify 181 No
audit 182 No
ocbinder 18 No
ocserver 184 No
remote-kis 185 No
kis 186 No
aci 187 No
mumps 188 No
qft 189 No
gacp 190 No
prospero 191 No
osu-nms 192 No
Appendix B 357
P r e - D e f in e d A p p l ic a ti o n s
B
Table 1: Predefined Applications (Sheet 6 of 12)
Application Port/Protocol Number Automatically Monitored?
srmp 193 No
irc 194 No
dn6-nlm-aud 195 No
dn6-smm-red 196 No
dls 197 No
dls-mon 198 No
smux 199 No
src 200 No
at-rtmp 201 No
at-nbp 202 No
at-3-5-7-8 203 No
at-echo 204 No
at-zis 206 No
quickmail 209 No
z39-50 210 No
914c-g 211 No
anet 212 No
vmpwscs 214 No
softpc 215 No
cai-lic 216 No
dbase 217 No
mpp 218 No
uarps 219 No
imap3 220 No
fln-spx 221 No
rsh-spx 222 Yes
cdc 223 No
peer-direct 242 No
sur-meas 243 No
daynachip 244 No
358 AcceleratorOS 6.1 User Guide
B
Table 1: Predefined Applications (Sheet 7 of 12)
Application Port/Protocol Number Automatically Monitored?
link 245 No
dsp3270 246 No
bh-fhs 248 No
ldap 389 Yes
https 443 Yes
smtps 465 No
exec 512 No
login 513 No
shell 514 No
printer 515 No
talk 517 No
ntalk 518 No
ibm-db2 523 No
uucp 540 No
rtsp 554 No
nntps 563 No
banyan-vip 573 No
alternate-http 591, 8008, 8080 No
sshell 614 No
ldaps 636 No
doom 666 No
ftps-data 989 No
ftps 990 No
telnets 992 No
ircs 994 No
pop3s 995 No
notes 1352 Yes
timbuktu-srv 1419 No
ms-sql-server 1433 No
ms-sql-monitor 1434 No
Appendix B 359
P r e - D e f in e d A p p l ic a ti o n s
B
Table 1: Predefined Applications (Sheet 8 of 12)
Application Port/Protocol Number Automatically Monitored?
ms-sna-server 1477 No
ms-sna-base 1478 No
citrix-ica 1494 Yes
sybase_sqlany 1498 Yes
t-120 1503 No
oracl-tns 1521, 1526, 1527 No
ingres-lock 1524 No
oracl-srv 1525 Yes
oracl-coauthor 1529 No
oracl-remdb 1571 No
oracl-names 1575 No
america-online No
h323 1720 No
oracl-em1 1748 No
oracl-em2 1754 No
ms-streaming 1755 No
ms-sms No
ms-mqs 1801, 2101, 2103, No
2105
oracl-vp2 1808 No
oracl-vp1 1809 No
openwindows 2000 No
gupta-sqlbase 2155 No
cvs-pserver 2401 No
citrix-ica-sr 2598 No
sybase-sqlanywhere 2638 No
ccmail 3264 No
ms-terminal-server 3389 Yes
sap-r3 3200 No
ibm-db2-conn-svc 3700 No
Appendix B 361
P r e - D e f in e d A p p l ic a ti o n s
B
Table 1: Predefined Applications (Sheet 10 of 12)
Application Port/Protocol Number Automatically Monitored?
bootps 67 No
bootpc 68 No
tftp 69 Yes
kerberos 88 Yes
cfdptkt 120 No
ntp 123 Yes
xdmcp 177 No
ipx-tunnel 213 No
subnet-bcast-tftp 247 No
backweb 370 No
timbuktu 407 No
biff 512 No
who 513 No
syslog 514 No
ip-xns-rip 520 No
streamworks-xing- 1558 No
mpeg
citrix-icabrowser 1604 No
h323-gatekeeper- 1718 No
disc
h323-gatekeeper- 1719 No
stat
ms-mqs-discovery 1801 No
ms-mqs-ping 3527 No
rtp 5004 No
rtcp 5005 No
pc-anywhere-stat 5632 No
ivisit 9943, 9945, 56768 No
l2tp 1701 No
sgcp 2427 No
hsrp 1985 No
362 AcceleratorOS 6.1 User Guide
B
Table 1: Predefined Applications (Sheet 11 of 12)
Application Port/Protocol Number Automatically Monitored?
timed 525 No
nfs 2049 Yes
dhcp 546, 547, 647, 847 Yes
mimix-dr1 Yes
mimix-ha1 Yes
mimix-rj 3777 Yes
novel-netware-over- 396 Yes
ip
icmp 1 Yes
igmp 2 Yes
ipencap 4 Yes
egp 8 Yes
igp 9 Yes
trunk-1 23 Yes
trunk-2 24 Yes
leaf-1 25 Yes
leaf-2 26 Yes
ipv6 41 Yes
rsvp 46 Yes
gre 47 Yes
ipv6-crypt 50 Yes
ipv6-auth 51 Yes
ipv6-icmp 58 Yes
eigrp 88 Yes
ospf 89 Yes
ipip 94 Yes
pim 103 Yes
scps 105 Yes
ipcomp 108 Yes
ipx-in-ip 111 Yes
Appendix B 363
P r e - D e f in e d A p p l ic a ti o n s
B
Table 1: Predefined Applications (Sheet 12 of 12)
Application Port/Protocol Number Automatically Monitored?
vrrp 112 Yes
l2tp-over-ip 115 Yes
stp 118 Yes
isis 124 Yes
Appendix C P. 3 6 5
Accelerator Integration
C
Acceleration and Citrix Traffic
The Accelerator utilizes network resources efficiently and delivers improved
acceleration results for Citrix-hosted applications. Citrix users repeatedly access the
same content from the network. The Accelerator enhances support for Citrix
applications because, acceleration allows more Citrix data to traverse the WAN. The
Accelerator achieves this increase in throughput by:
Consolidating Citrix header data in pure IP implementations - IP header represents
significant overhead in small packets generated by Citrix. It constitutes almost 30% of the
Citrix packet. The Accelerator removes repeat-header information and sends this data only
once across the network.
Consolidating Citrix payload in all environments – the Accelerator extracts data from small
packets originating from different Citrix users, and sends packets optimized for specific
WAN conditions. The Accelerator eliminates all redundant data transmissions across the
WAN.
Controlling latency and jitter – the Accelerator reduces latency and jitter, especially over
slow WAN links that are commonly used for Citrix deployments.
The end result is better, more consistent Citrix performance; and support of up to four
times more Citrix users on the existing infrastructure.
Citrix has its own internal compression mechanism. The results achieved by this
mechanism are not at all comparable to the throughput increase achieved by the
Accelerator. When accelerating Citrix traffic, Citrix’s internal compression mechanism
must be disabled so that the Accelerator can access the original data.
Appendix C 367
A c c e l e ra to r I n t e g r a t i o n
C
Disabling Citrix Encryption and Compression
Citrix is a popular application installed on top of Microsoft’s Remote Desktop Protocol
(RDP) that was created in joint development by Microsoft and Citrix. Citrix, also
referred to as ICA, adds quite a few features that RDP does not have and therefore is
popular for terminal and thin client deployments.
Both RDP and Citrix have the ability to compress traffic sent to and from the servers.
However, these capabilities are limited, and do not perform as well as Expand’s
Accelerators.
Both RDP and Citrix have the ability to encrypt traffic sent to and from the servers.
However, because encryption is random by definition, its very nature limits the ability of
the Accelerators to remove repetitive data.
Appendix C 369
A c c e l e ra to r I n t e g r a t i o n
C
Appendix C 371
A c c e l e ra to r I n t e g r a t i o n
C
To disable compression and encryption in NFUSE and
NFUSE Elite Server
Compression and encryption configurations are set during the publishing of
the application and are stored within a file called template.ica. The location of
this file can vary, however it is typically stored on the web server within the
web directory (if necessary, consult with a Citrix administrator for the specific
location).
Compression is enabled by default even though there is not a specific entry
within the template.ica file that mentions this.
1.Edit and the template.ica file by adding a line entered under the
application name that reads Compress=Off. If there are multiple
applications, the command Compress=Off will need to be entered
multiple times.
For additional information on turning off compression, see Citrix
documentation: CTX554864 and CTX101865.
2.To disable encryption, publish the application again with the lowest
encryption level of Basic.
3.In addition in the event that SSL certificates are used for web
connections (web connections that begin with HTTPS: instead of
HTTP). SSL is will also provide encryption for the session. SSL must be
removed and not required for the connections.
For RDP
Only compression can be set on the client and not encryption as previously discussed
regarding the Citrix client. The place to set these values depends on how the RDP
session is being launched. For most environments this will be done through the Client
Connection Manager.
Appendix C 373
A c c e l e ra to r I n t e g r a t i o n
C
To disable compression on the RDP client:
1.Within the Client Connection Manager, right click the connection and
choose Properties. Navigate to the Connection Options tab and
deselect the box labeled Enable data compression if it is selected.
2.When the session for RDP is launched from the ‘raw’ Terminal Services
Client icon, the option for compression is presented when choosing the
server to log into.
Appendix C 375
A c c e l e ra to r I n t e g r a t i o n
C
Identifying Citrix Layer-7 Applications
Monitoring Citrix/ICA Layer-7 traffic requires each Layer-7 application running through
Citrix to open a separate TCP session; the Accelerator does not support Citrix session
sharing.
Citrix Applications work as follows: Applications are published, meaning that the
Administrator defines certain applications on the server for users to use on their
desktop. The Administrator also assigns names for these applications. The users can
either download the applications and their names from the server, or define them
manually.
When applications are downloaded, for each Citrix application session run between the
client and the server, Citrix creates a TCP session for running the application and a
UDP session that serves as a control for the application.
The Accelerator’s Layer-7 monitoring is aware of both of these sessions, and identifies
the open sessions by the new published application name. If Citrix is configured to
work in single-session (virtual channel) TCP, in which each application does not open a
new TCP session, the Accelerator will not have access to the Layer-7 information it
needs.
When applications are added manually, it is still necessary for the Accelerator to
monitor the control session (UDP) that is never encrypted or compressed.
To disable session sharing in the Citrix server:
1.At the command prompt of the Citrix server, open the registry editor by
entering the regedit command.
2.Create the following entry in the server’s registry (which overrides
session sharing):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\C
ontrol\Citrix\WFSHELL\TWI
3.Add the following value:
Name: SeamlessFlags
Data type: REG_DWORD
Data value: 1
4.Setting this registry value to 1 overrides session sharing.
Note that this flag is SERVER GLOBAL.
376 AcceleratorOS 6.1 User Guide
C
Warning: Editing the registry or using a Registry Editor incorrectly
can cause serious, system-wide problems that may
require you to reinstall Windows NT to correct them.
Microsoft does not guarantee that problems resulting
from the incorrect use of Registry Editor can be solved.
Back up your registry first and use Registry Editor at
your own risk.
Appendix C 377
A c c e l e ra to r I n t e g r a t i o n
C
Configuring NetFlow
The following configuration modifications are needed in order to use NetFlow with the
Expand Accelerator. While previous versions of AcceleratorOS included RMON, the
AcceleratorOS 6.0 integrates NetFlow support for detailed reporting. With
AcceleratorOS version 6 and NetFlow it is possible to extract statistics like in RMON’s
Top Talker.
The main focus of NetFlow is Traffic Measurement, Traffic Monitoring, Network
Optimization and Planning and Detection of Network Security Violations, as follows.
Appendix C 379
A c c e l e ra to r I n t e g r a t i o n
C
Configuring Accelerator NetFlow
accelerator#config
accelerator (config) #netflow
accelerator (NetFlow) #?
exit exit current node
ip ip NetFlow command
no remove collector
show show NetFlow parameters
Here is an example of the config needed if 172.16.80.21 is the PC running the
NetFlow application:
accelerator(NetFlow) ip flow-export 172.16.80.21 port 2055 version 5
interface ethernet 0/0
KNOWN LIMITATION – You can enable NetFlow only on ethernet or bridge and not
per link or virtual link.
You can configure only one NetFlow probe.
Appendix C 381
A c c e l e ra to r I n t e g r a t i o n
C
To undo this procedure and restore SAP compression, delete this variable, or set the
Variable Value to 0.
Appendix D P. 3 8 5
System Specifications
D
Accelerator 6800 Series
Data rates: Up to 45 Mbps
Control Interfaces
Ethernet RJ-45 10/100/1000 BaseT
Management: or
Fiber SC 1000 BaseSX - multimode, 850 nm
Console: RS-232
Baud rate: 9600 bps
Ethernet: Two RJ-45 10/100/1000 BaseT
or
Two Fiber SC 1000 BaseSX
USB: USB-2.2 Type A, female, 480 Mb
Power 6810: 100-240 VAC, 50-60 Hz, 1.74 - 0.87A
6840: 100-240 VAC, 50-60 Hz, 2.6 - 1.13A
Power Consumption 6810: 200W
6840: 260W
Flash Memory 128 MB
DDR Memory 6810: 1 GB
6840: DDR register EEC Memory 4 GB
Physical
Height: 3.40” (8.8 cm) (2U)
Length: 6810: 17.6” (44.7 cm) or 19.6” (49.7 cm) with
brackets
6840: 19” (43.8 cm)
Depth: 6810: 17” (43.2 cm)
6840: 20” (51 cm)
Environment
Temperature: 0 - 40 C (32 - 104 F)
Humidity: Up to 90%, non-condensing
Heat Dissipation 6810: 655 BTU
6840: 900 BTU
Appendix D 387
Sy st em Sp e c i f i c a t i o n s
D
Accelerator 1800/4800/4900 Series
Data Rates 4820: up to 6 Mbps
1810: up to 256 Kbps
Control Interfaces
Ethernet 10/100 BaseT, RJ-45
Management:
Console: EIA-232/V.24
Baud rate: 9600 bps
Ethernet: Two 10/100 BaseT RJ-45
Auxilary: DB-9, can be connected to a PC (via a null cable)
USB 1.1 compliant USB port
Power 120W, 100-240 VAC, 50/60 Hz
Power Consumption 50W
Flash Memory 64 MB
SDRAM Memory 512 MB for 4800 Series
256 MB for 1800 Series
LCD 20 character, 2-line LCD (4820 only)
Keypad 5 button keypad (4820 only)
Physical
4800/1800 Series
Height: 1.70” (4.4 cm) (IU)
Length: 17” (43.2 cm) or 19” (48.3 cm) with brackets
Depth: 13.2 (33.7 cm)
Weight: 6.2 lb (2.8 kg)
Environment
Temperature: 0 - 40 C (32 - 104 F)
Humidity: Up to 90%, non-condensing
Heat Dissipation 170 BTU/H
Appendix E P. 3 8 9
M IM E Ty p e s
E
Application
andrew-inset
applefile
atomicmail
batch-SMTP
beep+xml
cals-1840
cnrp+xml
commonground
cpl+xml
csta+xml
CSTAdata+xml
cybercash
dca-rft
dec-dx
dialog-info+xml
dicom
dns
dvcs
EDI-Consent
EDIFACT
EDI-X12
epp+xml
eshop
fits
font-tdpfr
http
hyperstudio
iges
im-iscomposing+xml
index
index.cmd
index.obj
index.response
index.vnd
iotp
390 AcceleratorOS 6.1 User Guide
E
ipp
isup
kpml-request+xml
kpml-response+xml
mac-binhex40
macwriteii
marc
mathematica
mbox
mikey
mpeg4-generic
msword
news-message-id
news-transmission
ocsp-request
ocsp-response
octet-stream
oda
ogg
parityfec
pdf
pgp-encrypted
pgp-keys
pgp-signature
pidf+xml
pkcs10
pkcs7-mime
pkcs7-signature
pkix-cert
pkixcmp
pkix-crl
pkix-pkipath
postscript
prs.alvestrand.titrax-sheet
prs.cww
prs.nprend
prs.plucker
Appendix E 391
M IM E Ty p e s
E
rdf+xml
qsig
reginfo+xml
remote-printing
resource-lists+xml
riscos
rls-services+xml
rtf
samlassertion+xml
samlmetadata+xml
sbml+xml
sdp
set-payment
set-payment-initiation
set-registration
set-registration-initiation
sgml
sgml-open-catalog
shf+xml
sieve
simple-filter+xml
simple-message-summary
slate
soap+xml
spirits-event+xml
timestamp-query
timestamp-reply
tve-trigger
vemmi
vnd.3gpp.pic-bw-large
vnd.3gpp.pic-bw-small
vnd.3gpp.pic-bw-var
vnd.3gpp.sms
vnd.3M.Post-it-Notes
vnd.accpac.simply.aso
vnd.accpac.simply.imp
vnd.acucobol
392 AcceleratorOS 6.1 User Guide
E
vnd.acucorp
vnd.adobe.xfdf
vnd.aether.imp
vnd.amiga.ami
vnd.anser-web-certificate-issue-initiation
vnd.anser-web-funds-transfer-initiation
vnd.audiograph
vnd.blueice.multipass
vnd.bmi
vnd.businessobjects
vnd.canon-cpdl
vnd.canon-lips
vnd.cinderella
vnd.claymore
vnd.commerce-battelle
vnd.commonspace
vnd.cosmocaller
vnd.contact.cmsg
vnd.criticaltools.wbs+xml
vnd.ctc-posml
vnd.cups-postscript
vnd.cups-raster
vnd.cups-raw
vnd.curl
vnd.cybank
vnd.data-vision.rdz
vnd.dna
vnd.dpgraph
vnd.dreamfactory
vnd.dxr
vnd.ecdis-update
vnd.ecowin.chart
vnd.ecowin.filerequest
vnd.ecowin.fileupdate
vnd.ecowin.series
vnd.ecowin.seriesrequest
vnd.ecowin.seriesupdate
Appendix E 393
M IM E Ty p e s
E
vnd.enliven
vnd.epson.esf
vnd.epson.msf
vnd.epson.quickanime
vnd.epson.salt
vnd.epson.ssf
vnd.ericsson.quickcall
vnd.eudora.data
vnd.fdf
vnd.ffsns
vnd.fints
vnd.FloGraphIt
vnd.framemaker
vnd.fsc.weblaunch
vnd.fujitsu.oasys
vnd.fujitsu.oasys2
vnd.fujitsu.oasys3
vnd.fujitsu.oasysgp
vnd.fujitsu.oasysprs
vnd.fujixerox.ddd
vnd.fujixerox.docuworks
vnd.fujixerox.docuworks.binder
vnd.fut-misnet
vnd.genomatix.tuxedo
vnd.grafeq
vnd.groove-account
vnd.groove-help
vnd.groove-identity-message
vnd.groove-injector
vnd.groove-tool-message
vnd.groove-tool-template
vnd.groove-vcard
vnd.hbci
vnd.hcl-bireports
vnd.hhe.lesson-player
vnd.hp-HPGL
vnd.hp-hpid
394 AcceleratorOS 6.1 User Guide
E
vnd.hp-hps
vnd.hp-PCL
vnd.hp-PCLXL
vnd.httphone
vnd.hzn-3d-crossword
vnd.ibm.afplinedata
vnd.ibm.electronic-media
vnd.ibm.MiniPay
vnd.ibm.modcap
vnd.ibm.rights-management
vnd.ibm.secure-container
vnd.informix-visionary
vnd.intercon.formnet
vnd.intertrust.digibox
vnd.intertrust.nncp
vnd.intu.qbo
vnd.intu.qfx
vnd.ipunplugged.rcprofile
vnd.irepository.package+xml
vnd.is-xpr
vnd.japannet-directory-service
vnd.japannet-jpnstore-wakeup
vnd.japannet-payment-wakeup
vnd.japannet-registration
vnd.japannet-registration-wakeup
vnd.japannet-setstore-wakeup
vnd.japannet-verification
vnd.japannet-verification-wakeup
vnd.jisp
vnd.kde.karbon
vnd.kde.kchart
vnd.kde.kformula
vnd.kde.kivio
vnd.kde.kontour
vnd.kde.kpresenter
vnd.kde.kspread
vnd.kde.kword
Appendix E 395
M IM E Ty p e s
E
vnd.kenameaapp
vnd.kidspiration
vnd.Kinar
vnd.koan
vnd.liberty-request+xml
vnd.llamagraphics.life-balance.desktop
vnd.llamagraphics.life-balance.exchange+xml
vnd.lotus-1-2-3
vnd.lotus-approach
vnd.lotus-freelance
vnd.lotus-notes
vnd.lotus-organizer
vnd.lotus-screencam
vnd.lotus-wordpro
vnd.mcd
vnd.mediastation.cdkey
vnd.meridian-slingshot
vnd.mfmp
vnd.micrografx.flo
vnd.micrografx.igx
vnd.mif
vnd.minisoft-hp3000-save
vnd.mitsubishi.misty-guard.trustweb
vnd.Mobius.DAF
vnd.Mobius.DIS
vnd.Mobius.MBK
vnd.Mobius.MQY
vnd.Mobius.MSL
vnd.Mobius.PLC
vnd.Mobius.TXF
vnd.mophun.application
vnd.mophun.certificate
vnd.motorola.flexsuite
vnd.motorola.flexsuite.adsi
vnd.motorola.flexsuite.fis
vnd.motorola.flexsuite.gotap
vnd.motorola.flexsuite.kmr
396 AcceleratorOS 6.1 User Guide
E
vnd.motorola.flexsuite.ttc
vnd.motorola.flexsuite.wem
vnd.mozilla.xul+xml
vnd.ms-artgalry
vnd.ms-asf
vnd.mseq
vnd.ms-excel
vnd.msign
vnd.ms-lrm
vnd.ms-powerpoint
vnd.ms-project
vnd.ms-tnef
vnd.ms-works
vnd.ms-wpl
vnd.musician
vnd.music-niff
vnd.nervana
vnd.netfpx
vnd.noblenet-directory
vnd.noblenet-sealer
vnd.noblenet-web
vnd.nokia.landmark+xml
vnd.nokia.landmark+wbxml
vnd.nokia.landmarkcollection+xml
vnd.nokia.radio-preset
vnd.nokia.radio-presets
vnd.novadigm.EDM
vnd.novadigm.EDX
vnd.novadigm.EXT
vnd.obn
vnd.omads-email+xml
vnd.omads-file+xml
vnd.omads-folder+xml
vnd.osa.netdeploy
vnd.palm
vnd.paos.xml
vnd.pg.format
Appendix E 397
M IM E Ty p e s
E
vnd.picsel
vnd.pg.osasli
vnd.powerbuilder6
vnd.powerbuilder6-s
vnd.powerbuilder7
vnd.powerbuilder75
vnd.powerbuilder75-s
vnd.powerbuilder7-s
vnd.previewsystems.box
vnd.publishare-delta-tree
vnd.pvi.ptid1
vnd.pwg-multiplexed
vnd.pwg-xhtml-print+xml
vnd.Quark.QuarkXPress
vnd.rapid
vnd.RenLearn.rlprint
vnd.s3sms
vnd.sealed.doc
vnd.sealed.eml
vnd.sealed.mht
vnd.sealed.net
vnd.sealed.ppt
vnd.sealed.xls
vnd.sealedmedia.softseal.html
vnd.sealedmedia.softseal.pdf
vnd.seemail
vnd.shana.informed.formdata
vnd.shana.informed.formtemplate
vnd.shana.informed.interchange
vnd.shana.informed.package
vnd.smaf
vnd.sss-cod
vnd.sss-dtf
vnd.sss-ntf
vnd.street-stream
vnd.sus-calendar
vnd.svd
398 AcceleratorOS 6.1 User Guide
E
vnd.swiftview-ics
vnd.syncml.ds.notification
vnd.syncml.+xml
vnd.triscape.mxs
vnd.trueapp
vnd.truedoc
vnd.ufdl
vnd.uiq.theme
vnd.uplanet.alert
vnd.uplanet.alert-wbxml
vnd.uplanet.bearer-choice
vnd.uplanet.bearer-choice-wbxml
vnd.uplanet.cacheop
vnd.uplanet.cacheop-wbxml
vnd.uplanet.channel
vnd.uplanet.channel-wbxml
vnd.uplanet.list
vnd.uplanet.listcmd
vnd.uplanet.listcmd-wbxml
vnd.uplanet.list-wbxml
vnd.uplanet.signal
vnd.vcx
vnd.vectorworks
vnd.vidsoft.vidconference
vnd.visio
vnd.visionary
vnd.vividence.scriptfile
vnd.vsf
vnd.wap.sic
vnd.wap.slc
vnd.wap.wbxml
vnd.wap.wmlc
vnd.wap.wmlscriptc
vnd.webturbo
vnd.wordperfect
vnd.wqd
vnd.wrq-hp3000-labelled
Appendix E 399
M IM E Ty p e s
E
vnd.wt.stf
vnd.wv.csp+xml
vnd.wv.csp+wbxml
vnd.wv.ssp+xml
vnd.xara
vnd.xfdl
vnd.yamaha.hv-dic
vnd.yamaha.hv-script
vnd.yamaha.hv-voice
vnd.yamaha.smaf-audio
vnd.yamaha.smaf-phrase
vnd.yellowriver-custom-menu
watcherinfo+xml
whoispp-query
whoispp-response
wita
wordperfect5.1
x400-bp
xhtml+xml
xml
xml-dtd
xml-external-parsed-entity
xmpp+xml
xop+xml
zip
Appendix E 405
M IM E Ty p e s
E
Model
iges
mesh
vnd.dwf
vnd.flatland.3dml
vnd.gdl
vnd.gs-gdl
vnd.gtw
vnd.mts
vnd.parasolid.transmit.binary
vnd.parasolid.transmit.text
vnd.vtu
vrml
Appendix E 407
M IM E Ty p e s
E
Te xt
calendar
css
csv
directory
dns
ecmascript (obsolete)
enriched
example
html
javascript (obsolete)
parityfec
plain
RED
rfc822-headers
richtext
rtx
sgml
t140
troff
uri-list
vnd.IPTC.NewsML [IPTC]
vnd.IPTC.NITF [IPTC] xml
xml-external-parsed-entity
Appendix E 409
M IM E Ty p e s
E
When contacting the TAC, it is essential that information about the nature of the
problem be at your disposal. To gather Accelerator troubleshooting information, use
the show tech-support command as described above.
Appendix F P. 4 11
C o n t a c t i n g TA C
F
AAA Protocols
AAA stands for Authentication, authorization, and accounting, a system used in IP-
based networking for controlling access to computer resources, enforcing policies, and
tracking the activity of users over a network
Authentication provides a means for identifying a user, usually by having the user
enter a valid user name and valid password before access is granted.
Authorization grants or denies a user access to network resources, after the user has
logged in to a system (namely: has been authenticated via the username and
password).
Accounting tracks the user activity while accessing the network and measures the
resources a user consumes during access, such as the amount of data a user has
sent and/or received during a session. This data is used for purposes such as auditing,
billing and trend analysis.
The AcceleratorOS supports the AAA functionality as a fundamental method for
ensuring security within the Accelerator. For details, see section Security, on page
305.
ARP
ARP (Automatic Resolution Protocol) is a low-level protocol within the TCP-IP suite,
which maps IP addresses to a physical address, for example: a corresponding
Ethernet or MAC address.
The AcceleratorOS lets you add a static ARP entry, by mapping a specific IP address
to a specific MAC address. For details, see section Creating Static ARP Entries, on
page 238.
Appendix G P. 4 1 3
Glossary
G
B
Citrix/ICA
Citrix ICA stands for Citrix® Independent Computing Architecture. This protocol enables
Citrix to separate screen updates and user input processing from the rest of the
application’s logic. When using a Citrix ICA Client, all application logic executes on the
server and only screen updates, mouse movements and keystrokes are transmitted via
the Citrix ICA session.
Almost any application can run on a Citrix server, and therefore use Citrix ICA.
The AcceleratorOS uses Citrix (Post Acceleration) Aggregation, which handles and
optimizes the transfer of small packets by aggregating several small packets into one
big packet. For details, see section Configuring Aggregation Classes, on page 177.
CIFS
Common Internet File System (CIFS) is a standard proposed by Microsoft for remote
file-system access protocol for use over the Internet. CIFS lets groups of users work
together and share documents across the Internet or within corporate Intranets, by
enabling programs to make requests for files and services on remote computers on the
Internet.
The WAFS solution integrated within the AcceleratorOS accelerates CIFS traffic. For
details, see section Application-specific Acceleration, on page 3.
DHCP
DHCP stands for Dynamic Host Configuration Protocol, a protocol for assigning
dynamic IP addresses to devices on a network. Dynamic addressing enable a device
to have a different IP address every time it connects to the network.
The AcceleratorOS offers DHCP server functionality in the remote branch. For details,
see section Configuring DHCP Servers, on page 100.
Ethernet
The most widely-installed LAN standard, which is used for connecting network
peripherals, such as scanners, printers and computers, within the same building or
campus.
The original form of Ethernet is officially known as the IEEE 802.3 Ethernet standard.
However, with the advance of technology and networks speed, several faster
adaptations have emerged, with data rates of 10 Mbits/sec, 100 Mbits/sec (Fast
Ethernet), and 1,000 Mbits/sec (Gigabit Ethernet).
All Accelerator models have a dedicated Ethernet port, which supports both 10 Mbits/
sec and 100 Mbits/sec rates. For details, see section Connecting the Network Cables,
on page 16. You can also use the WebUI for viewing a statistic detailing of the data
displayed on the monitoring graphs. For details, see section Viewing Ethernet Statistics,
on page 133.
Hop
An intermediate connection between two network devices, for example: transferring a
data packet from one router to the next in a routed network such as the Internet.
Appendix G 415
Glossary
G
The larger the number of hops in a routing process, the longer it takes for a data
packet to travel from source to destination.
In On-LAN configuration, the Expand Accelerator becomes the next hop for traffic on
the LAN destined to the WAN. For details, see section On-LAN, on page 9.
HSRP
HSRP (Hot Standby Routing Protocol) is Cisco routing protocol that enables automatic
switching to a backup router in the event of failure. Using HSRP, several routers act as
a single virtual router, so that if a certain router fails, the routing responsibilities are
transferred to another router in a process that is transparent to the user.
Using HSRP, Expand Accelerators can take part in HSRP/VRRP groups with available
routers or Layer-3 switches (or even other available Accelerators) to provide backup in
the rare case of Accelerator failure. For details, see section On-LAN, on page 9.
HTTP
HTTP (Hypertext Transfer Protocol) is an application protocol that runs on top of the
TCP/IP suite of protocols and is used for transferring files of any type on the World
Wide Web between Web clients and Web servers.
The AcceleratorOS offers HTTP acceleration. For details, see section Configuring HTTP
Acceleration, on page 211
IPCOMP
The IP Payload Compression protocol (IPComp) reduces the size of IP dekagrams by
compressing the datagrams to increase the communication performance between two
partners. The intent is to increase overall communication performance when the
communication is over slow or congested links. IPComp does not provide any security
and must be used along with either an AH or an ESP transform when the
communication occurs over a VPN connection.
When setting up a link, the AcceleratorOS lets you select IPCOMP as one of the
methods to encapsulate the packets streaming through your network. For details, see
section Adding Links, on page 72.
416 AcceleratorOS 6.1 User Guide
G
J
Jitter
In Voice over IP (VoIP), jitter refers to a packet delay that affects the quality of the
voice conversation. Expand’s Citrix Acceleration plug-in reduces latency and jitter, especially
over slow WAN links.
Latency
Latency refers to the time it takes a packet to cross a network connection, from sender
to receiver. In networking, latency and bandwidth determine the speed of your
connection; high latency and low bandwidth lead to slow, inefficient connection speed.
Latency typically increases when moving from LAN to WAN.
Real-time applications, such as robotics and aircraft, and interactive applications, such
as desktop conferencing, are extremely sensitive to high latency.
The AcceleratorOS offers several measures for combatting high latency, such as: WAN
compression, TCP acceleration and using QoS for prioritizing the traffic. For details see
section Application-specific Acceleration, on page 3, and chapter Applying QoS, on
page 141.
MIME Type
A file identification method, based on the MIME encoding system. The MIME type has
become the de facto standard for identifying content on the Internet. For example, an
e-mail message that contains an attachment has a MIME type embedded in its header,
in order to identify the attachment type.
MIME Type is one of the main parameters used for detecting applications to provide
the QoS service. Expand supports many MIME types. For details and examples of the
most common MIME types supported by the AcceleratorOS, see MIME Types.
Appendix G 417
Glossary
G
MPLS
MPLS (Multi Protocol Label Switching) is a packet switching protocol, which adds a 32-
bit label to each packet to improve network efficiency and to enable routers to direct
packets along predefined routes in accordance with the required quality of service
(QoS). The label is added when the packet enters the MPLS network, and is based on
an analysis of the packet header. The label contains information on the route along
which the packet may travel, and the forwarding equivalence class (FEC) of the packet.
Packets with the same FEC are routed through the network in the same way.The use
of FECs allows guaranteeing QoS levels to be guaranteed, and MPLS allows creating
IP tunnels through a network, so that VPNs can be implemented without encryption.
MPLS is one of the various network topologies to which the AcceleratorOS fits
seamlessly, providing the highest WAN compression performance available. For details,
see section Features and Benefits, on page 2.
Nagle
The Nagle algorithm is used for reducing LAN and other network congestion from TCP
applications, by automatically concatenating several small buffer messages. This
process (called nagling) increases the efficiency of a network application system by
decreasing the number of packets that must be sent. When properly applied, the
naggling process enables TCP applications to use network resources more efficiently.
For additional details, see section Setting Nagle, on page 200.
OSPF
OSPF (Open Shortest Path First) is a routing protocol that determines the best path for
routing IP traffic over a TCP/IP network based on distance between nodes and several
quality parameters.
Packet Header
Packet header is the portion of data packet that is placed at the beginning of a block of
data being stored or transmitted. In internet transmissions, the header contains data
necessary for successful transmission, such as the sender’s and recipient’s IP
addresses and timing information.
Expand’s Router Transparency encapsulation (RTM) enables compressing only the
packets’ payload, while leaving the original IP header and the original TCP/UDP
header in their original forms so that their information is available across the network.
For details, see Encapsulation, on page 33.
Policy-Based Routing
Policy-based routing (PBR) enables routing packets based on policies set by network
administrators, instead of by using routing tables. This technique may be useful when
needing to specify a path or a higher priority for certain traffic, or when the packet
should be forwarded based on a different criteria than set by the routing table.
PBR is one of the methods used for redirecting WAN traffic through the Accelerator, to
enable the Accelerator’s deployment in On-LAN mode. For details, see section
Enabling Packet Interception, on page 95.
Appendix G 419
Glossary
G
Q
QoS
QoS, which stands for Quality of Service, is a mechanism for controlling and ensuring
resource reservation. Setting a QoS policy helps system administrators prioritze the
traffic that flows across the network, in order to prevent greedy and rogue applications
from dumping the network, and to combat the congestion and latency that all contribute
to poor application and network performance. Using QoS enables organizations to
allocate bandwidth to mission-critical applications, slow down non-critical applications,
and stop bandwidth abuse in order to efficiently deliver networked applications to the
branch office.
The AcceleratorOS offers a powerful yet simple QoS solution, which lets system
adminstrators quickly obtain a comprehensive picture of the traffic that traverses the
network, and easily apply the QoS policy. For details see chapter Applying QoS, on
page 141.
RADIUS
RADIUS (Remote Authentication Dial-In User Service) is an open and scalable client/
server security system. RADIUS is one of the AAA Protocols used for applications such
as network access or IP mobility, and it is intended to work in both local and roaming
situations.
The RADIUS server is one of the authentication servers that the AcceleratorOS lets
you set and manage in the Accelerator. For details, see Setting Authentication
Preferences, on page 310.
RIP
RIP (Routing Information Protocol) is a routing protocol used for exchanging the entire
routing table among routers in an autonomous network, such as a corporate LAN or an
interconnected group of such LANs. The routing table transmission takes place every
30 seconds, thereby making RIP more suitable for small homogenous networks. In
420 AcceleratorOS 6.1 User Guide
G
larger, more complicated networks the major alternative to RIP, OSPF, is generally
used.
The AcceleratorOS can be configured to work with dynamic routing protocols, such as
OSPF and RIP. For details, see section Working with RIP, on page 92.
SCPS
SCPS (Space Communication Protocol Standard) is a protocol suite, designed to
enable communication over challenging environments such as satellite and wireless
links. This suite was jointly developed by NASA and the Department of Defense
USSPACECOM, as TCP/IP was frequently found inefficient in such environments, due
to latency created by long transmission path lengths and the noise associated with
wireless links. However, SCPS’ transport protocol (SCPS-TP) functioning over the
existing terrestrial Internet system was found to be as good as that of TCP/IP, and
SCPS was adopted as a standard by ISO. For additional details regarding SCPS, see
SCPS website ((http://www.scps.org).
Expand’s TCP Acceleration uses the SCPS protocol package to reduce the impact of TCP
limitations. For more details, see section Studying SCPS, Expand’s TCP Acceleration
Solution, on page 187.
SNACK
SNACK (Selective Negative Acknowledgement) is a method used by the SPCS-TP
protocol for reducing the amount of data that needs to be transmitted and increasing
the retransmissions’s speed. SNACK does that by sending only a request for missing
packets, unlike TCP, which retransmits the missing packet as well as all packets
already transmitted after the missing packet.
For additional details, see section Error Detection and Proactive Resolution:, on page
188.
Appendix G 421
Glossary
G
T
TACACS+
TACACS+ (Terminal Access Controller Access Control System+) is a TCP-based
authentication protocol, which enables administration of user passwords in a central
database that resides on a separate server, instead of in individual routers, thereby
providing an easily scalable network security solution. TACACS+ is an open protocol
that can be ported to any username or password database.
The AcceleratorOS lets you set Authentication Servers (Radius, TACACS+ and Local)
and manage these servers and their preference order in the Accelerator. For details,
see section Setting Authentication Preferences, on page 310.
TCP
TCP (Transmission Control Protocol) is used, together with the Internet protocol (IP) for
sending data in the form of message units between computer over the Internet. TCP
manages the assembling of a message or file into smaller packets that are transmitted
over the Internet and received by a TCP layer that reassembles the packets into the
original message. In the Open System Interconnection (OSI) model, TCP is in Layer-4,
the Transport Layer.
TCP performs well on LANs but does not deal well with the high latency and high-
packet-loss found on many WANs. For details, see section Studying SCPS, Expand’s
TCP Acceleration Solution, on page 187.
Tunneling
A technology that enables one network (usually a private, corporate network) to send
its data via another network’s connections (usually a public network). Tunneling works
by encapsulating the private network data and protocol information within the public
network transmission units so that the private network protocol information appears to
the public network as data. Tunneling allows the use of the Internet, which is a public
network, to convey data on behalf of a private network.
AcceleratorOS lets you set a link so that all its traffic is forced into the tunnel. For
details, see section Forcing Tunneling, on page 265.
UDP
UDP (User Datagram Protocol), just like TCP, is a communication protocol used
together with the Internet protocol (IP) for sending data in the form of message units
between computer over the Internet. However, unlike TCP, UDP transfers packets as a
whole and does not provide the services of dividing, reassembling and sequencing the
packets. Therefore, this protocol is suitable for network applications that want to save
processing time because they have very small data units to exchange and very little
reassembling to do.
In the Open System Interconnection (OSI) model, UDP is in Layer-4, the Transport
Layer.
Expand’s encapsulation accelerates the transmission of either UDP or TCP packets, by
compressing either the entire packet or only the packet’s payload. For details, see
section Encapsulation, on page 33.
VRRP
VRRP (Virtual Router Redundancy Protocol) is an Internet protocol that enables having
one or more backup routers when using a statically configured router on a LAN. Two
or more routers are set up with VRRP, and one is elected the "master." The master
router continuously sends advertisement packets to the backups, and if the
advertisements stop, one of the backup routers becomes the master. All routers share
a "virtual IP" address, so they are all seen as one address. VRRP can also be used for
load sharing.
Using HSRP, Expand Accelerators can take part in HSRP/VRRP groups with available
routers or Layer-3 switches (or even other available Accelerators) to provide backup in
the rare case of Accelerator failure. For details, see section On-LAN, on page 9
Appendix G 423
Glossary
G
W
WCCP
The Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing
technology that specifies interactions between one or more routers (or Layer 3
switches) and one or more web-caches. The purpose of the interaction is to establish
and maintain the transparent redirection of selected types of traffic flowing through a
group of routers.
“Transparent” in this context means that end users need not configure their browsers to
use a web proxy, but rather use the target URL to request content, and have their
requests automatically redirected to a cache engine. The traffic redirection optimizes
resource usage and lowers response times.
WCCP is one of the methods used for redirecting WAN traffic through the Accelerator
in order for the ON-LAN deployment to work. For additional details, see section
Enabling Packet Interception, on page 95.
Appendix H 441
Index
H