WAN Optimization is all about utilizing the WAN resources effectively. At very high level main features one should look for are:
- Usability and Experience
- Application Detection and providing differential QoS based on applications.
- Load balancing and failover of the connections across multiple WAN links
- De-Duplication of the data among offices
WAN optimization has been and will continue for at least a year or two to be a special device in Enterprise networks. As the value of WAN optimization is realized, more and more routing, switching, ADC and network security vendors are adding this as an additional feature in their offerings as a blade or as a software component running on some cores of Multicore processors. Buyers should not be just looking at the tick mark on WAN optimization, but should check the details.
- No configuration changes to the client and server machines and their applications should be expected as part of WAN optimization device installation in the network: Client machines (Desktops, Laptops, Mobiles etc..) and Server machines (Running HTTP Server, Email Server, CIFS Server) should not even know that WAN optimization device is installed in the network. No changes to be expected to be made to the machines or applications running on those machines when these devices are added or removed.
- No changes to the existing network infrastructure devices should be expected when WAN optimization devices are installed in the network, except for the cases where there is asymmetric routing. It is understandable that, In case of asymmetric routing, routers need to be configured to redirect the packets to WAN optimization devices using WCCPv2 protocol.
- WAN optimization device should not be appearing as a L3 hop: WAN optimization devices are expected to provide Layer 2 transparency. WAN Optimization Device is expected to intercept the packets at the Layer 2 level by acting as a L2 bridge.
- IPv4 and IPv6 Support: During this migration times to IPv6 from IPv4, both types of networks, clients and servers are possible. WAN Optimization device is expected to support IPv4, IPv6 networks, clients and servers.
- When WAN Optimization device is inline of traffic, it is expected that the device has high availability feature using Active-Backup method at the minimum : If one device fails, other device should be able to take over the WAN optimization functionality. UDP connections must work fine even after backup device takes over the WAN optimization functionality. Existing TCP connections might break, but it must ensure that new connections go successfully through the backup device.
- Device is expected to provide GUI for configuration.
- WAN optimization devices should have facility to learn other devices and their reachability information dynamically. WAN devices are also expected to provide configuration facility to add/remove reachability information of other WAN devices statically.
- Any configuration made on a device should be propagated to other devices if some incarnation of this configuration is required on other peer devices.
- It is normally expected that any configuration change done gets reflected immediately. that is, no restart should be necessary for the configuration to be effective.
- Configuration through secure mechanism is expected: SSH for CLI access, HTTPS for GUI.
- Configuration consistency across device restarts is expected.
- For Common Critiria and other certifications, Configuration facility are expected to have role based management with multiple roles with multiple users belonging to the roles. It is also expected that audit trail is created upon configuration changes. Audit logs are expected to have all the configuration information changed for the changed records.
- Any configuration update on the Active device should reflect in the backup device without any additional effort by administrator.
- Centralized Management System to configure multiple WAN optimization devices from a single console is normally expected when number of WAN optimization devices are more than few (example: more than 4).
- Device is expected to provide multiple kinds of reports and statistics to the admin.
- Reports related to amount of WAN bandwidth savings that occurred over specific time period.
- Due to de-duplication, Due to compression, Due to Caching etc..
- On different protocols (HTTP, NFS, CIFS etc..)
- Reports related to Integrity of dedup repositories.
- Reports related to possible savings if more memory/hard drive capability is added.
- Reports related to traffic belonging to different applications over specific period of time.
- Reports related to amount of WAN utilization and under-utilization.
- Multiple different types of statistics collected over significant amount of time and represented in specific time periods such as hours, weeks, months etc..
- Debug statistics which aid in field debugging.
- Tracing facilities in field with different levels of traces.
Application Detection and providing differential QoS based on applications:
One of the features to utilize the WAN links effectively is to identify the applications and apply traffic management facilities such scheduling, marking and bandwidth control. Lower priority application such as P2P and non-interactive/non-realtime applications can be ensured to use lesser bandwidth when higher priority application data is pending to be sent on the WAN links.
Many applications can be detected by based on the Destination Port of TCP or UDP protocols. Application detection is expected to be provided by the WAN Optimization device to detect applications that do port hopping. Examples: P2P and IM applications. Application detection is also required to detect HTTP connections being used for social networking, DDL (Direct Download Links) etc.. Application detection identifies the application ID for each connection. QoS policies would need to have application ID as one of the criteria elements to choose the policy so that the policy rule specific actions such as bandwidth control and prioritization of traffic on to the WAN link can be applied.
Load balancing and fail-over of the connections across multiple WAN links
It appears that many deployments go with more number of WAN links to satisfy their bandwidth requirements than going for a bigger pipe. I believe it is less expensive. Also it provides organization to scale the bandwidth as the organization grows. Having multiple WAN links rather than single big pipe also avoid network discontinuity if one link fails. These WAN links normally are also taken from different ISPs so as to avoid discontinuity in case of one ISP failure.
WAN optimization functionality is expected to provide capability to support multiple links going towards WAN. These devices are expected to balance the traffic (based on hash result of IP packet header fields such as source IP, Destination IP etc.) across multiple WAN links. Also these devices are expected to transfer the existing connections on a failed WAN link to new links. These devices are also expected to maintain order of packets in a flow and hence the balancing criteria configurations selection should be provided to administrators.
De-Duplication of the data among offices
This is one important feature to reduce the amount of traffic exchanged (on WAN links) among offices of an organization. Basic purpose of de-duplication is to ensure duplicate data is not seen on the wire. Peer WAN optimization devices are expected to hide these details from clients and servers which are exchanging the data. Handling and processing of deduplication happens among WAN optimization devices. Different vendors may have implemented this in different ways. It is important to check the de-dup efficiency. Some of the features to look for are:
- Block-level Deduplication with configurable block size is to be expected by the administrators.
- De duplication must be across the protocols. That is, if the data is downloaded by a client from a server using HTTP protocol first time and same data is downloaded by the client from the same server, but using CIFS, it is expected that actual data is not seen on the WAN link. That is deduplication must happen across protocols.
- Dedup feature efficiency when the data is not changed on the server, but being downloaded by the client again. In this case, it is expected that no data, but only the blocks identifiers would be sent on the WAN link, that is, 100% dedup efficiency expected.
- Minimal changes to the data on the server should also lead to near 100% dedup efficiency. For example, if the additional data of few bytes is added in the beginning of the file in the server, only the changed data or atmost one or two additional blocks of data is expected to be seen on the WAN link when client downloads the changed file. This change in the data should not lead to transfer of complete file content. In further attempts of same file download should have again 100% dedup efficiency assuming that the file is not changed on the server.
- Blocks that are stored by the WAN optimization should be persistent. This data should be available after any device restarts. Example scenario: A file is downloaded by the client machine from server machine. WAN optimization devices cache the blocks of data. Restart the device and download the same file from the server. There should be 100% dedup efficiency. It is understandable that devices take some time to recreate the internal serach lists from the disk when the device restarts. During this time the any download of the file will not be able to achieve 100% dedup. But when the system is ready with internal lists, it should lead to 100% dedup efficiency.
- Look for amount of disk space and memory the device has. Dedup efficiency is directly proportional to this. Some devices don't support the disk drives for storing the dedup data. It would have multiple problems:
- Dedup efficiency will not be good as DDR space is limited to store both search lists and data blocks.
- When device restarts, there is no data in the DDR which leads to learning the data afresh.
- Dedup efficiency, when tools like fragroute are used, is as good as the cases when it is not used. It appears that some WAN optimization devices don't work well in these scenarios. One might argue that fragroute is a lab tool, but it is necessary to remember that fragroute is simulating some real network conditions. For example, it is normal practice to break the TCP segments to smaller segments to reduce head-of-line blocking created by large TCP packets to allow VOIP RTP traffic. 'Frag Route' tool can be used to do multiple things such as:
- Breaking the TCP segments to smaller segments.
- Breaking IP datagrams to multiple IP fragments.
- Reordering of TCP segments and IP datagrams/fragments.
- Whatever disk size the WAN optimization devices have, it may not be sufficient when compared with amount of new data that is flowing on the WAN links. It is expected that WAN optimization devices throw the blocks which were not used for a long time to make space for new data. New data should be given higher priority all the time. One way to test to ensure this is to fill the disk by sending unique blocks of data. Then let the client download a big file from the server and ensure that there si 100% dedup efficiency when the client downloads the same file again.
- Support for Protocol adapters : Expect protocol adapters for different protocols for following reasons.
- Some protocols such as CIFS are chatty. To reduce the chattiness, some intelligence of protocol is required to do operations such as 'read-ahead'.
- Knowing data boundary would make deduplication efficient. WAN Optimization can wait for data with this boundary intelligence and then do dedup processing. There is higher chance of finding the dedup blocks.
- Doing ALG functionality to figure out data connections such as RTP to apply special processing to reduce any latency and jitter.
- Decoding and Decompression of data before dedup processing occurs.
- SSL Support : For SSL termination and SSL connection establishment.
- Support for dedup feature for real time and/or streaming traffic: When reliability channels are used between WOC devices, then real time traffic quality can suffer. Hence it is expected from WAN optimization devices to use non-reliable channel for real time traffic.
WAN optimization devices are expected to provide compression feature to reduce the data on the WAN link. Dedup functionality reduces the data by not sending duplicate data. Compression reduces the data that is being sent. Hence both functions are expected in the WAN optimization products.
- It is expected that compression is beyond packet level compression. It should be across the reliable channel (connection) normally established among WAN optimization devices. Compression by maintaining its history can do better job of reducing the data over time.
Caching feature completely eliminates any data including dedup block identifier data going on the wire if the file is not changed across downloads. It is only possible to do this in HTTP protocol.
- WAN Optimization device should act as HTTP Proxy supporting HTTP/1.0 and HTTP/1.1
- SSL Termination to ensure that it does both Caching and Deduplication across WAN Optimization devices. Peer WAN Optimization device can make SSL connection to the Server.
Security on data at Rest: WAN optimization device stores the dedup data in the hard drive. It could be confidential data. Expect WAN optimization to support secure storage of the data.
- Crypto file system versus normal file system: Devices must ensure that confidential data is stored in crypto file sysetm.
- Encryption key used by crypto file system must not be stored in the same device. Expect it to provide KMIP or equivalent functionality to get the keys from Key Management Server. It ensures that when device is stolen, thieves don't get hands on the clear data.
Reliability & Data Consistency:
As part of dedup and caching, data is stored in the disks. Expect some functionality to ensure that the data written to the disk is same as data being read. RAID is one method by which it can ensure that kind of integrity upon any disk related errors.
As always, it is always good to get the devices and evaluate them in your network for significant of time before buying them.