Accelerator OS

Transcription

Accelerator OS

Accelerator OS
Software Configuration Guide
Software version 6.1.2
Revision 3.0
Pub no. AOSUG_612_GA_141108
This guide is delivered subject to the following conditions and restrictions:
This guide contains proprietary information belonging to Expand Networks Inc. Such information is supplied solely
for the purpose of assisting explicitly and properly authorized users of the Expand product series.
No part of its contents may be used for any other purpose, disclosed to any person or firm or reproduced by any
means, electronic, photographic or mechanical, without the express prior written permission of Expand Networks,
Inc.
The text and graphics are for the purpose of illustration and reference only. The specifications on which they are
based are subject to change without notice.
The software described in this guide is furnished under a license. The software may be used or copied only in
accordance with the terms of that agreement.
Information in this guide is subject to change without notice. Corporate and individual names and data used in
examples herein are fictitious unless otherwise noted.
Copyright© 2008 Expand Networks Inc. All rights reserved.
AcceleratorOS™, Accelerator 00™, Accelerator 6800/6810/6920/6840/4800/4810/4820/4920/1800/1810/1820/
1920™ and ECT™ are trademarks of Expand Networks Inc.
Flex 2.5™ includes software developed by the University of California, Berkeley and its contributors. Copyright©
1990, The Regents of the University of California. All rights reserved.
Other company and brand product and service names are trademarks or registered trademarks of their
respective holders.
Table of Contents
Chapter 1: Introducing the Accelerator................................... 1
Features and Benefits ........................................................................................ 2
Resiliancy and Redundancy....................................................................... 2
Redefining Application Traffic Management............................................... 2
Next-generation WAN Compression .......................................................... 3
Application-specific Acceleration ........................................................ 3
Layer-7 QoS and Bandwidth Management ................................................ 4
Layer-7 Monitoring and Reporting ...................................................... 5
Branch Office Features ....................................................................... 5
Rapid Deployment/Dependable Results............................................. 6
Maximum Uptime and Reliability ........................................................ 6
The Accelerator Product Line ............................................................................ 7
How the Accelerator Works................................................................................ 8
IP-Based Network ...................................................................................... 8
On-Path .............................................................................................. 8
On-LAN............................................................................................... 8
Configuration and Management......................................................................... 11
Chapter 2:Preparing Network Integration ............................... 13
Working with Bypass Mode................................................................................ 14
Reviewing the Setup Checklist .......................................................................... 15
Performing Setup via the LCD ........................................................................... 17
Performing Setup via the WebUI........................................................................ 19
Studying The WebUI Menu ........................................................................ 19
Performing Setup via the Wizard ....................................................................... 21
Configuring the Wizard............................................................................... 21
Defining Advanced Settings ....................................................................... 22
Setting Links via the Wizard ....................................................................... 22
IV
C o nt e nts
Setting the Time ......................................................................................... 24
Modifying the Password ............................................................................. 25
Reviewing Wizard Configuration ................................................................ 25
Modifying Basic Setup Configuration ......................................................... 26
Setting Routing Strategy..................................................................... 27
Licensing the Accelerator................................................................................... 28
Activating the I-Key .................................................................................... 29
Activating the License Key ......................................................................... 29
Logging into and out of the Accelerator ............................................................. 30
Integrating the Accelerator into Your Network.................................................... 31
Integrating into a Standard Network........................................................... 31
Integrating into Networks that use Dynamic Routing ................................. 32
Networks Using External QoS or Monitoring Devices................................ 33
Working in Noisy Link Environments.......................................................... 34
Installing On-LAN at a Data Center............................................................ 35
Installing in a High Latency Environment ................................................... 37
Installing in a Web-Intensive Environment ................................................. 38
Using Advanced QoS................................................................................. 39
What is QoS? ..................................................................................... 39
How to Know what’s on Your Network................................................ 39
How to Prioritize Applications ............................................................. 39
Chapter 3:Configuring Networking.......................................... 41
Optimizing the Network Topology ...................................................................... 42
Taking into Account Network-Specific Considerations ............................... 42
Defining WAN Setup .......................................................................................... 44
Setting the Bandwidth ................................................................................ 44
Configuring the WAN.................................................................................. 44
Configuring Secondary IP Addresses ................................................................ 45
Creating and Editing Links ................................................................................. 46
Studying the Links Screen.......................................................................... 47
Adding Links............................................................................................... 47
Editing Links............................................................................................... 50
Using a Virtual IP Address.................................................................. 51
Adding and Editing Links via the CLI.................................................. 52
Setting Subnet Routing ...................................................................................... 53
Configuring Subnets Manually ................................................................... 54
Ac ce ler at o rOS 6 .1 .2 Us er Gui d e
V
Editing a Subnet.................................................................................. 55
Configuring Remote Subnets Manually ...................................................... 56
Adding Static Routes .......................................................................................... 58
Setting Dynamic Routing.................................................................................... 59
Working with OSPF .................................................................................... 59
Configuring OSPF............................................................................... 60
Working with Router Polling ....................................................................... 61
Enabling Packet Interception ............................................................................. 63
Working with RIP ........................................................................................ 63
Configuring RIP................................................................................... 63
RIP Route Injection ............................................................................. 64
Using RIP for Packet Interception....................................................... 65
Working with WCCP ................................................................................... 65
Using WCCP for Packet Interception.................................................. 66
Setting WCCP on the Router .............................................................. 69
Setting the Accelerator’s Time ........................................................................... 70
Configuring DHCP Servers ................................................................................ 71
Activating DHCP Relay Agent .................................................................... 71
Setting ExpandView Connectivity Parameters ................................................... 73
Chapter 4:Monitoring the Network........................................... 75
Introduction to Monitoring................................................................................... 76
Working with Monitoring ..................................................................................... 77
Installing the JAVA Applet........................................................................... 77
Using Verisign Security Certificate ............................................................. 78
Studying The Monitoring Window ............................................................... 78
Using Link Statistics and Graphs........................................................................ 80
Viewing Throughput Statistics per Link....................................................... 80
Viewing Utilization Statistics per Link ......................................................... 80
Viewing Acceleration Statistics per Link ..................................................... 81
Understanding Acceleration................................................................ 81
Viewing Compression Statistics per Link.................................................... 82
Viewing Statistics per Link .......................................................................... 83
Discovering Traffic.............................................................................................. 86
Viewing Detected Applications ................................................................... 86
Viewing Detailed Traffic Discovery ............................................................. 86
Viewing Monitored Applications.................................................................. 87
R ev isi o n 3. 0
VI
C o nt e nts
Discovering Layer-7 Applications............................................................... 88
Viewing Applications’ Statistics and Graphs ...................................................... 89
Setting up Graphs............................................................................... 90
Viewing Utilization Statistics per Application .............................................. 90
Viewing Throughput Statistics per Application ........................................... 90
Viewing Acceleration Statistics per Application .......................................... 91
Viewing Compression Statistics per Application ........................................ 91
Viewing Bandwidth Distribution Statistics per Application .......................... 92
Monitoring Applications .............................................................................. 92
Gathering Statistics for Detected Applications ........................................... 93
Viewing Summary Graphs ................................................................................. 95
Viewing Ethernet Statistics................................................................................. 96
Configuring Ethernet Display via the WebUI.............................................. 96
Configuring NetFlow Support............................................................................. 98
Identifying the Traffic .................................................................................. 98
Enabling NetFlow via the WebUI ........................................................ 99
Chapter 5:Applying QoS........................................................... 101
Accelerator QoS................................................................................................. 102
Studying the QoS Solution ......................................................................... 102
Carrying Out Basic QoS Configuration .............................................................. 104
Viewing My Applications ............................................................................ 104
Creating New Applications ......................................................................... 105
Modifying Applications ............................................................................... 109
Layer-7 Applications................................................................................... 110
Creating Web Applications......................................................................... 110
Creating Citrix Applications ........................................................................ 112
Setting Advanced QoS Parameters ................................................................... 115
How QoS Works......................................................................................... 115
Understanding QoS Rules .................................................................. 116
How Traffic Filtering is Applied................................................................... 117
How Traffic Shaping is Applied .................................................................. 118
Studying QoS Bandwidth Allocation ................................................... 118
Setting Inbound QoS.................................................................................. 121
Creating QOS Rules .................................................................................. 122
Editing QoS Rules...................................................................................... 126
Making Decisions for Specific Applications ................................................ 127
VII
QoS Troubleshooting ......................................................................................... 129
Chapter 6:Optimizing Acceleration Services.......................... 131
Studying TCP Acceleration ................................................................................ 132
Understanding the Shortcomings of TCP ................................................... 132
Studying SCPS, Expand’s TCP Acceleration Solution ............................... 134
Scaling the Transmission Windows .................................................... 134
Error Detection and Proactive Resolution........................................... 135
Congestion Avoidance ........................................................................ 136
Local Network Isolation....................................................................... 136
Link Outage Support ........................................................................... 136
Asymmetric Networks Optimization .................................................... 136
Computing Latency ............................................................................. 137
Configuring TCP Acceleration .................................................................... 139
Enabling TCP Acceleration ................................................................. 141
Understanding Web Acceleration....................................................................... 143
Configuring Web Acceleration via the WebUI ............................................ 144
Configuring HTTP Acceleration .......................................................... 144
Enabling and Disabling HTTP Caching............................................... 145
Settting the Cache Size ...................................................................... 145
Setting Cache Content........................................................................ 145
Clearing HTTP Cache......................................................................... 145
Returning to Default Settings .............................................................. 146
Setting Advanced HTTP Parameters.................................................. 146
Setting HTTP Acceleration Rules ............................................................... 148
Excluding from Caching via the WebUI .............................................. 149
Configuring FTP Acceleration..................................................................... 149
Enabling and Disabling FTP Caching ................................................. 150
Settting the Cache Size ...................................................................... 150
Setting Cache Content........................................................................ 150
Clearing FTP Cache ........................................................................... 150
Returning to Default Settings .............................................................. 151
Setting Advanced FTP Parameters .................................................... 151
Configuring DNS Acceleration.................................................................... 152
Configuring DNS Acceleration ............................................................ 152
Enabling Citrix Acceleration ............................................................................... 156
R ev isi o n 3. 0
VIII
C o nt e nts
Chapter 7:Configuring and Managing WAFS.......................... 159
Introduction to WAFS ......................................................................................... 160
Expand Networks’ WAFS Solution ............................................................. 160
Supported Servers ..................................................................................... 162
File Servers ........................................................................................ 162
Authentication Servers ....................................................................... 162
Supported Clients....................................................................................... 162
Expand Hardware Device Specifications ............................................ 162
Domains ..................................................................................................... 163
Authentication ............................................................................................ 164
Getting Started with WAFS ................................................................................ 165
Overview .................................................................................................... 165
Enabling WAFS Configuration ........................................................................... 166
Configuring the File Server/Domain Controller .......................................... 166
Defining Shared Directories................................................................ 166
Defining User Permissions ................................................................. 167
Defining Network Settings.......................................................................... 168
Enabling WAFS Operation Mode ............................................................... 171
Excluding Servers or Subnets from WAFS ................................................ 173
Configuring the Data Center and Branch Office ................................................ 174
Setting Up the File Bank Director............................................................... 174
File Server Settings ............................................................................ 175
Summary ............................................................................................ 176
Confirmation and Application.............................................................. 176
Setting Up the File Bank ............................................................................ 178
Overview............................................................................................. 178
Domain Settings ................................................................................. 179
File Bank Director Settings ................................................................. 181
Summary ............................................................................................ 182
Confirmation and Application.............................................................. 182
Installing the License File................................................................................... 184
WAFS Management and Operation Modes ....................................................... 186
The WAFS Management Screen ............................................................... 186
FileBank Director Categories ..................................................................... 187
FileBank Director System........................................................................... 187
File Services............................................................................................... 188
FileBank Director Utilities ........................................................................... 188
FileBank Categories................................................................................... 188
IX
FileBank System ................................................................................. 189
FileBank Services ............................................................................... 189
Additional Services ............................................................................. 190
FileBank Utilities ................................................................................. 190
Managing the Data Center ................................................................................. 191
Starting the Data Center ............................................................................. 191
Managing File Services .............................................................................. 192
Defining FileBank Director Settings .................................................... 193
Managing System Users..................................................................... 194
Adding File Servers............................................................................. 195
Managing the Compression Filters List............................................... 197
Configuring FileBank Services ................................................................... 199
FileBank Directors............................................................................... 199
Virtual Servers .................................................................................... 200
Windows Domain ................................................................................ 201
Cache Settings.................................................................................... 202
Time to Live (TTL) settings ................................................................. 202
Invalidate Cache ................................................................................. 203
System Users...................................................................................... 203
STF Filters .......................................................................................... 204
Setting Advanced FileBank Features ................................................................. 205
Configuring the Fetch Mechanism.............................................................. 205
Fetch Mechanism Overview................................................................ 205
Fetch User .......................................................................................... 206
Fetch Jobs .......................................................................................... 206
Fetch Settings ..................................................................................... 207
Fetch Activation .......................................................................................... 208
Creating Fetch Jobs............................................................................ 208
Replication Service..................................................................................... 209
Replication User.................................................................................. 210
Replication File Types......................................................................... 210
Replication Schedule .......................................................................... 211
Replication Paths ................................................................................ 211
Replication Service Activation .................................................................... 211
Service Activation on FileBank Director.............................................. 211
Service Activation on FileBank ........................................................... 212
Initial Pre-population of Large Files on FileBank ................................ 212
Configuring Replication Services................................................................ 212
Replication User.................................................................................. 213
R ev isi o n 3. 0
X
C o nt e nts
Printing Services for the FileBank...................................................................... 215
Configuring Additional Services ................................................................. 215
Print Services ..................................................................................... 215
Configuring Print Services (FileBank) ........................................................ 216
Adding a Network Printer to FileBank................................................. 216
Assigning Printing Administrators....................................................... 217
Point’N’Print Configuration ................................................................. 217
Uploading Printer Drivers ................................................................... 218
First Client Driver Installation.............................................................. 219
Verifying Point’n’Print Installation ....................................................... 220
Manual Client Driver Installation ......................................................... 220
Verifying Driver Installation ................................................................. 221
Printing Setup Troubleshooting .......................................................... 222
Using WAFS Printing Services........................................................................... 225
Adding a WAFS Printer via Windows ......................................................... 225
WAN-OUT Operation ......................................................................................... 227
Cached Content ......................................................................................... 227
Accessing Files and Directories ................................................................. 227
Security ...................................................................................................... 227
Partially Completed Transactions............................................................... 228
Partial Disconnection ................................................................................. 228
Reconnection ............................................................................................. 228
DNS Masquerading............................................................................................ 229
DNS Masquerading Benefits...................................................................... 229
DNS Masquerading Configuration ............................................................. 230
Monitoring WAFS Functionality.......................................................................... 234
Running System Diagnostics ..................................................................... 234
Viewing Logs.............................................................................................. 234
Troubleshooting ................................................................................................. 236
Troubleshooting Tools ................................................................................ 236
Networking ................................................................................................. 236
Windows Domain Join................................................................................ 238
Service ....................................................................................................... 239
Possible Error Messages ........................................................................... 240
Network name no longer exists .......................................................... 240
The network path was not found ........................................................ 240
Access denied .................................................................................... 240
Performance............................................................................................... 242
XI
Advanced Expand Services........................................................................ 244
DHCP Services ................................................................................... 244
DNS Services...................................................................................... 244
Chapter 8:Setting Advanced Parameters................................ 247
Handling WANs .................................................................................................. 248
Handling Interfaces ............................................................................................ 250
Working with VLAN..................................................................................... 251
Creating Static ARP Entries ............................................................................... 255
Defining Authentication Settings ........................................................................ 256
Configuring DNS ................................................................................................ 257
Managing Links .................................................................................................. 259
Setting Remote Subnets for the Links ........................................................ 262
Editing Existing Links.................................................................................. 263
Dial-on-Demand ................................................................................................. 264
Chapter 9:Configuring Management Options......................... 265
Studying the ExpandView System...................................................................... 266
Using Dynamic Network Map ..................................................................... 266
Simplifying WAN Optimization .................................................................... 267
Generating Advanced Alerts for World-Class NOCs .................................. 267
Generating Proactive Reports for Network Provisioning ............................ 267
Defining Scalable QoS ............................................................................... 268
Updating ExpandView Server’s IP Address........................................ 268
Using Out-of-Band Management........................................................................ 269
Using SNMP....................................................................................................... 270
Receiving Log Error Messages .......................................................................... 271
Sending Updates to a Syslog Server.......................................................... 271
Sending Updates via Email ........................................................................ 272
Chapter 10:Resilancy and Redundancy .................................. 275
RAID................................................................................................................... 276
RAID Support in Accelerators' Hard Drives ................................................ 276
Router Redundancy Protocols ........................................................................... 278
R ev isi o n 3. 0
XII
C o nt e nts
HSRP ......................................................................................................... 279
Enabling HSRP Automatic Detection ................................................. 280
Setting Manual HSRP Configuration .................................................. 280
VRRP ......................................................................................................... 283
Chapter 11:Security................................................................... 287
Studying the AcceleratorOS AAA....................................................................... 288
Configuring AAA via the WebUI......................................................................... 290
Configuring Users ...................................................................................... 290
Deleting Users .................................................................................... 291
Setting Authentication Preferences............................................................ 291
Setting Authentication Servers ........................................................... 291
Setting the Authentication Method...................................................... 292
Defining the Security Settings .................................................................... 293
Auditing Administration Activities ....................................................................... 294
Locking/unlocking the Keypad ........................................................................... 295
Setting the Keypad Lock Definitions .......................................................... 295
Defining Other LCD Settings...................................................................... 296
Chapter 12:Troubleshooting .................................................... 299
Carrying out the Troubleshooting Procedure ..................................................... 300
Recovering the Password .................................................................................. 301
Checking the Event Log..................................................................................... 302
Checking Info Events ................................................................................. 302
Checking Warning Events .......................................................................... 302
Checking Error Events ............................................................................... 302
Checking Fatal Events ............................................................................... 303
Studying Log Message Formats................................................................. 303
Displaying Information for Troubleshooting........................................................ 305
Displaying Information via the WebUI ........................................................ 305
Displaying Statistics in a Compressed, Archived File ................................ 306
Checking the Link Status ................................................................................... 307
Checking Ethernet Settings ............................................................................... 308
Checking Lack of Acceleration........................................................................... 311
Accessing Remote Devices ....................................................................... 311
XIII
Checking Link Malfunction ................................................................................. 312
Checking for Corrupted Terminal........................................................................ 313
Checking HSRP Malfunction .............................................................................. 314
Checking QoS Malfunction................................................................................. 315
Chapter 13:Using the Accelerator Tools ................................. 317
Upgrading the AcceleratorOS Software ............................................................. 318
Using the Configuration Tools ............................................................................ 320
Using the General Tools ..................................................................................... 322
Pinging via the WebUI ................................................................................ 322
Sending a Traceroute Packet ..................................................................... 323
Rebooting the Accelerator via the WebUI .................................................. 323
Gathering Statistics for Technical Support.................................................. 324
Managing User Files .......................................................................................... 325
Viewing System Information............................................................................... 326
Archiving Log Files ............................................................................................. 327
Enabling Accdump ............................................................................................. 328
Appendix A:NetFlow Monitored Statistics .............................. 331
Template Fields .................................................................................................. 334
Full Template .............................................................................................. 334
Long Template ............................................................................................ 334
Short Template ........................................................................................... 334
Appendix B:Pre-Defined Applications..................................... 335
Appendix C:Accelerator Integration ........................................ 345
Acceleration and Citrix Traffic............................................................................. 346
Disabling Citrix NFuse Compression.......................................................... 346
Disabling Citrix Encryption and Compression ............................................ 347
Defining Settings on the Server .......................................................... 348
Setting/checking ICA or RDP listener traffic ....................................... 348
Speed Screen Latency Reduction Manager ....................................... 351
Defining Settings on the Client ................................................................... 351
Turning Compression off in the PNAgent Client ......................................... 352
Understanding the PNA Problem........................................................ 352
Resolving the PNA Problem ............................................................... 352
Identifying Citrix Layer-7 Applications ........................................................ 353
R ev isi o n 3. 0
XIV
C o nt e nts
Configuring NetFlow .......................................................................................... 355
Studying Traffic Measurement.................................................................... 355
Studying Traffic Monitoring......................................................................... 356
Configuring Accelerator NetFlow ............................................................... 356
Disabling Compression on SAP......................................................................... 358
Calculating Acceleration Figures with an Application other than ExpandView .. 360
Appendix D:MIME Types .......................................................... 363
Application ......................................................................................................... 364
Audio.................................................................................................................. 378
Image ................................................................................................................. 381
Message ............................................................................................................ 383
Model ................................................................................................................. 384
Multipart ............................................................................................................. 385
Text .................................................................................................................... 386
Video.................................................................................................................. 387
Appendix E:Contacting TAC .................................................... 389
Appendix F:tcpdump Optional Flags ...................................... 391
Appendix G:Specifications and Warranty............................... 405
Accelerator 6800 / 6900 Series.......................................................................... 406
Accelerator 7900 Series..................................................................................... 409
Standards........................................................................................................... 410
RFC / Standard List ................................................................................... 410
Terms and Conditions of Sale ............................................................................ 412
Acceptance ................................................................................................ 412
Price and Payment..................................................................................... 412
Title and Security Interest........................................................................... 412
Risk of Loss................................................................................................ 413
Warranty..................................................................................................... 413
Product Returns ......................................................................................... 413
License Grant............................................................................................. 413
Limitation of Liability................................................................................... 414
Default........................................................................................................ 414
Indemnity.................................................................................................... 414
General ...................................................................................................... 414
XV
Open Source Provisions............................................................................. 415
Chapter H:Command Line Interface ........................................ 417
Understanding the CLI Configuration ................................................................. 418
Understanding Command Modes............................................................... 418
Basic CLI Procedures................................................................................. 419
Getting Started ................................................................................................... 420
Licensing the Accelerator ................................................................................... 421
Displaying the Licensing State of a Specific Accelerator ............................ 422
Performing Basic Setup ..................................................................................... 423
Viewing the Basic Configuration................................................................. 423
Logging into the Accelerator....................................................................... 424
Logging out of the Accelerator .......................................................... 425
Setting Addresses ...................................................................................... 425
Setting the IP Address and Subnet Mask ........................................... 425
Setting a Default Gateway .................................................................. 426
Setting a Secondary IP Address ......................................................... 426
Setting the Deployment Type ..................................................................... 427
Setting Routing Strategy ..................................................................... 427
Setting a Device Name............................................................................... 427
Setting the Default WAN Bandwidth ................................................... 428
Working with Remote Devices.................................................................... 428
Setting the Remote Device ................................................................. 428
Setting the IP Address of the Remote Device..................................... 429
Setting the Bandwidth to a Remote Device ........................................ 429
Setting the Link to Work with IPcomp ................................................. 429
Setting the Link to Work with Router Transparency............................ 430
Configuring Subnets ................................................................................... 430
Adding a Subnet ................................................................................. 431
Advertising a Subnet and Adding a Metric.......................................... 431
Deleting a Subnet ............................................................................... 431
Excluding a Subnet from an Interface................................................. 432
Viewing subnets .................................................................................. 432
Configuring Subnets ........................................................................... 432
Saving/Uploading the Basic Configuration ................................................. 433
Customizing the CLI ........................................................................................... 434
Creating a Custom Banner ......................................................................... 434
R ev isi o n 3. 0
XVI
C o nt e nts
Applying the Banner................................................................................... 435
Configuration Commands .................................................................................. 436
Entering Configuration Mode ..................................................................... 436
Accessing Configuration Options ............................................................... 437
Alias Management ..................................................................................... 438
Showing Alias Information .................................................................. 438
Changing/Deleting Alias Prefix ........................................................... 439
Showing Virtual Server’s Alias Information......................................... 439
Adding an Alias to a Virtual Server ..................................................... 439
Deleting a Virtual Server’s Alias ......................................................... 440
Configuring OSPF ...................................................................................... 440
Enabling OSPF................................................................................... 440
Setting area ID.................................................................................... 441
Enabling Authentication...................................................................... 441
Setting the Locality Metric .................................................................. 441
Setting Networks ................................................................................ 442
Setting an Authentication Key ............................................................ 442
Setting Neighbors ............................................................................... 442
Viewing OSPF Configuration .............................................................. 443
Configuring Router Polling ......................................................................... 443
Entering the Router Polling Menu Tree .............................................. 443
Setting Polling..................................................................................... 444
Setting Polling Protocols..................................................................... 444
Setting Polling Interval........................................................................ 444
Setting Polling Router......................................................................... 445
Setting Router Polling SNMP Version ................................................ 445
Setting Router Polling SNMP Community .......................................... 445
Configuring RIP ......................................................................................... 446
Enabling RIP....................................................................................... 446
Enabling Authentication...................................................................... 446
Setting an Authentication Key ............................................................ 447
Setting Networks ................................................................................ 447
Setting Neighbors ............................................................................... 447
Setting RIP to Passive Mode.............................................................. 448
Viewing RIP Configuration.................................................................. 448
Configuring WCCP..................................................................................... 448
Enabling WCCP.................................................................................. 449
Activating WCCP ................................................................................ 449
Displaying WCCP Mode, Services, and Routers Lists ....................... 449
XVII
Setting WCCP Authentication ............................................................. 450
Setting WCCP Priority......................................................................... 450
Setting WCCP Router IP..................................................................... 451
Setting WCCP TCP Service ID ........................................................... 451
Setting WCCP UDP Service ID........................................................... 451
Configuring Core Allocation...................................................................... 452
Using the SNTP Server .............................................................................. 453
Enabling the SNTP Server.................................................................. 453
Setting the Interval for Polling the SNTP Server for Time Updates .... 453
Setting the SNTP Server’s IP Address ............................................... 454
Configuring DHCP Servers......................................................................... 454
Uploading the DHCP Configuration File ............................................. 455
Reloading the DHCP Configuration File ............................................. 455
Testing the DHCP Configuration File .................................................. 455
Displaying the DHCP Status Information ............................................ 456
Displaying the End Date of the DHCP Lease Period .......................... 456
Configuring an Accelerator to Carry out DHCP Relay ........................ 457
Configuring WEB Acceleration ................................................................... 458
Setting Web Acceleration.................................................................... 458
Displaying the End Date of the DHCP Lease Period .......................... 458
Clearing the Cache ............................................................................. 459
Viewing Web Acceleration Parameters............................................... 459
Configuring HTTP Acceleration .................................................................. 459
Enabling/Disabling HTTP Acceleration ............................................... 460
Configuring the Proxy Server IP and Port........................................... 460
Specifying Directly Forwarded Requests ............................................ 461
Preventing the Caching of Specific Pages .......................................... 462
Preserving the Client’s Original Source Port....................................... 463
Configuring Transparency Support ..................................................... 463
Setting the HTTP Port......................................................................... 464
Setting Content to be Cached............................................................. 464
Setting the Cache Size ....................................................................... 464
Setting the Maximum Object Size....................................................... 465
Setting the Connection Timeout.......................................................... 465
Setting logs ......................................................................................... 466
Configuring FTP Acceleration..................................................................... 466
Enabling/Disabling FTP Acceleration.................................................. 467
Setting the Cache Size ....................................................................... 467
R ev isi o n 3. 0
XVIII
C o nt e nts
Setting Content to be Cached ............................................................ 467
Setting the Connection Timeout ......................................................... 468
Allocating Cache per a Specific User ................................................. 468
Setting Minimal Value for the Cache Object Size ............................... 468
Enabling/disabling Unicode Display ................................................... 469
Excluding Servers from Caching ........................................................ 469
Clearing the List of Excluded Servers ................................................ 470
Studying a Subnet Configuration Network ................................................. 470
Configuring Ethernet Display .................................................................... 471
Viewing Interface Statistics ................................................................. 471
Viewing Interface Statistics per Specific Link...................................... 472
Enabling L-7 Traffic Discovery............................................................ 472
Viewing L-7 Traffic .............................................................................. 472
Viewing Application Statistics ............................................................. 473
Setting Applications as Monitored ...................................................... 473
Viewing Application Traffic.................................................................. 473
Enabling / Disabling Statistics History ................................................ 474
Clearing Counters or Statistics ........................................................... 474
Enabling NetFlow ....................................................................................... 474
Setting the Max Queue Length........................................................... 475
Configuring QoS......................................................................................... 475
Viewing Detected Applications ........................................................... 476
Creating a New Application ................................................................ 476
Creating a Web Application ................................................................ 477
Enabling / Disabling Application Acceleration .................................... 477
Enabling / Disabling Application Tunneling......................................... 478
Globally Filtering an Application ......................................................... 478
Filtering an Application per Link ......................................................... 479
Setting the Application Criteria ........................................................... 479
Setting the Order for the Rule............................................................. 479
Setting Minimum Bandwidth (Desired) ............................................... 480
Setting Maximum Bandwidth (Limit) ................................................... 480
Prioritizing the Application .................................................................. 480
Critical Application Pass-through........................................................ 481
Setting Bursts for a Rule..................................................................... 481
Setting the WAN to Work in Strict-priority Mode ................................. 482
Enabling Bursts .................................................................................. 482
Managing Aggregation Classes ................................................................. 482
Configuring Aggregation Classes ....................................................... 483
XIX
Defining the Post Aggregation Class .................................................. 484
Enabling / Disabling Aggregation Classes per Link ............................ 485
Setting Aggregation Limit ................................................................... 485
Setting Aggregation Threshold ........................................................... 486
Setting Aggregation Window............................................................... 486
Applying an Aggregation Class to an Application ............................... 487
Configuring DNS Acceleration.................................................................... 488
Enabling / Disabling DNS Acceleration............................................... 488
Defining Static Hosts........................................................................... 488
Removing Definitions of Static Hosts .................................................. 489
Setting The Cache Size ...................................................................... 489
Displaying the Cache Contents........................................................... 490
Enabling / Disabling DNS Masquerading............................................ 490
Defining the TTL Period ...................................................................... 490
Defining the Query Timeout Period..................................................... 491
Defining the Transparency Mode ........................................................ 491
Displaying the DNS Acceleration Statistics......................................... 492
Enabling / Disabling the Use of the Accelerator DNS ......................... 492
Enabling Traffic Encryption......................................................................... 493
Displaying the Traffic Encryption (crypto) on a Specific Link .............. 493
Displaying the Current Crypto Configuration of a Specific Accelerator493
Displaying the Crypto Details of a Specific Accelerator ...................... 494
Displaying the Process of the IPsec Policy Creation on a Specific Accelerator
494
Configuring ARP......................................................................................... 495
Adding Entries to the ARP Cache....................................................... 495
Clearing the ARP Cache..................................................................... 495
Setting the Limit on the ARP Cache ................................................... 495
Setting Additional Limits on the ARP Cache....................................... 496
Additional Configurations............................................................................ 496
Adding a WAN..................................................................................... 496
Modifying Interface Speed and Duplex ............................................... 497
Setting VLAN ...................................................................................... 497
Autodetecting HSRP Groups .............................................................. 498
Setting HSRP Group Number ............................................................. 498
Setting VRRP Group Number ............................................................. 499
Disabling Bridging ............................................................................... 500
Setting an IP address for Eth 0 ........................................................... 500
R ev isi o n 3. 0
XX
C o nt e nts
Defining Link Settings ................................................................................ 501
Assigning a Link to a WAN ................................................................. 501
Setting a Link to Work in Large Cache Mode ..................................... 501
Enabling Packet Fragmentation ......................................................... 502
Enabling Packet Aggregation ............................................................. 502
Setting a Link to be Accelerated......................................................... 503
Setting IPcomp Preservation .............................................................. 503
Forcing Tunneling ............................................................................... 504
Including Checksum ........................................................................... 504
Configuring Expand View Settings ............................................................. 505
Enabling / Disabling the ExpandView Agent....................................... 505
Setting the ExpandView Server IP Address ....................................... 505
Setting the ExpandView Server Port .................................................. 506
Displaying ExpandView Status ........................................................... 506
Configuring SNMP ..................................................................................... 506
Enabling / Disabling SNMP ................................................................ 507
Enabling / Disabling SNMP Traps ...................................................... 507
Setting SNMP Trap Community.......................................................... 507
Setting SNMP Community.................................................................. 508
Setting SNMP Version 3 Authentication ............................................. 508
Configuring the Log.................................................................................... 509
Enabling / Disabling the Log............................................................... 509
Setting the Syslog Facility Number..................................................... 509
Setting the Syslog Server’s IP Address.............................................. 510
Defining Sent Events .......................................................................... 510
Enabling / Disabling Event Notification............................................... 511
Creating an Accelerator Messenger Account ..................................... 511
Setting the Notification Recipient........................................................ 511
Setting the Mail Server’s IP Address .................................................. 512
Setting the Mail Server’s Port Number ............................................... 512
Setting SNMP Version3 Authentication .............................................. 513
Creating Log Archives................................................................................ 513
Creating a Log Archive ....................................................................... 513
Deleting a Log Archive ....................................................................... 514
Uploading Log Archive Files............................................................... 514
Displaying Log Archive Files .............................................................. 515
Using Configuration Tools .......................................................................... 515
Displaying the Configuration Settings................................................. 515
Saving the Running Configuration...................................................... 516
XXI
Reverting Back to the Last Saved Startup .......................................... 516
Restoring the Configuration to Factory Default Settings..................... 516
Sending a Ping.................................................................................... 517
Sending a Traceroute.......................................................................... 517
Displaying the Packets’ TraceRoute ................................................... 517
Viewing Technical Support Statistics................................................... 518
Enabling Accdump Files ............................................................................. 518
Accessing the AccDump Configuration Menu..................................... 518
Enabling / Disabling ACCDump .......................................................... 519
Configuring Tcpdump File Size ........................................................... 519
Configuring Tcpdump File Format....................................................... 519
Configuring Tcpdump File Number ..................................................... 520
Configuring Tcpdump Optional Flags.................................................. 520
Uploading Tcpdump Files.................................................................... 520
Selecting the TCPDump Interface ...................................................... 521
Selecting the TCPDump Filter Expressions........................................ 521
Configuring WAFS.............................................................................................. 523
Basic Operations ........................................................................................ 523
Starting the WAFS Module.................................................................. 524
Stopping the WAFS Module ................................................................ 524
Restarting the WAFS Module.............................................................. 524
Rebooting the WAFS Module.............................................................. 525
Shutting down the System .................................................................. 525
Pinging a Remote Machine................................................................. 525
Quiting the CLI .................................................................................... 526
Cache ......................................................................................................... 526
Displaying Cache-related Information................................................. 526
Displaying Cache Time To Live for Directories or Files....................... 526
Resetting Cached Information ............................................................ 527
Print Administration Activities ..................................................................... 527
Displaying Print Administrators ........................................................... 527
Adding and Deleting Print Administrator Users................................... 528
Adding and Deleting Print Administrator Groups ................................ 528
Displaying a List of Local Printers....................................................... 529
Displaying a Printing Driver’s Status ................................................... 529
Setting Drivers ............................................................................................ 529
Setting Automatic Client Driver Installation......................................... 529
Setting Manual Client Driver Installation ............................................. 530
Storing Printer Drivers on the File Bank.............................................. 530
R ev isi o n 3. 0
XXII
C o nt e nts
Storing Printer Drivers on the File Server ........................................... 530
Using Domain Users for Migrating Drivers ......................................... 531
Managing CUPS ........................................................................................ 531
Restarting the CUPS Service ............................................................. 531
Checking the CUPS Service............................................................... 532
Working with Printer Ports.......................................................................... 532
Displaying the Printer Ports’ List......................................................... 532
Adding and Deleting Printer Ports ...................................................... 533
Forcing the Printer and the Share Name to be Equal......................... 533
Adding a Printer.................................................................................. 533
Deleting a Printer................................................................................ 534
Managing Printers ...................................................................................... 534
Changing an Existing Printer URI....................................................... 534
Displaying a List of all Existing Printers.............................................. 535
Printing a Test Page ........................................................................... 535
Managing WAFS Transparency ................................................................. 535
Enabling / Disabling WAFS Transparency......................................... 536
Excluding Certain Servers from WAFS Transparency........................ 536
Creating Excluded Servers ........................................................................ 536
Displaying the Excluded Servers’ List ................................................ 537
Clearing the Excluded Servers’ List.................................................... 537
Managing CIFS .......................................................................................... 537
Displaying the CIFS Status ................................................................. 537
Compression Filters ................................................................................... 538
Displaying Current Compression Filter’s List...................................... 538
Adding/deleting a Filter to/from a List ................................................. 538
Managing Time and Dates ......................................................................... 539
Changing the System’s Date and Time .............................................. 539
Displaying the System’s Date and Time ............................................. 539
Additional Options ...................................................................................... 539
Diagnostics ......................................................................................... 540
Setting a Domain Name ..................................................................... 540
Displaying the Current Domain Name ................................................ 541
Joining a FileBank to a Domain.......................................................... 541
Switching to a UNIX Command Prompt ............................................. 541
Exiting or Quitting the Shell ................................................................ 542
Fetch .......................................................................................................... 542
Managing Fetch Jobs and Instances .................................................. 542
FileBank Director Configuration Settings ................................................... 543
XXIII
Displaying a List of FileBank Directors ............................................... 543
Adding or Deleting a FileBank Director:.............................................. 544
Defining the IP Port............................................................................. 544
Enabling Disconnected Operation Handling ....................................... 544
Forcing Disconnected Mode ............................................................... 545
Refreshing the List of Servers and Shares ......................................... 545
Getting Disk Utilization Reports .......................................................... 545
Getting WAFS Help .................................................................................... 546
Displaying Help for All Available Commands ...................................... 546
Displaying Command-specific Help Information ................................. 546
Licensing WAFS ......................................................................................... 547
Installing a License ............................................................................. 547
Displaying the License File ................................................................. 547
Checking the Validity of a License File ............................................... 547
WAFS Log Files.......................................................................................... 548
Uploading Logs to a URL.................................................................... 548
Displaying Event Log .......................................................................... 548
Defining Minimal Level for Events to Log............................................ 549
Displaying Log Level........................................................................... 549
Displaying the Syslog Status............................................................... 550
Displaying All Log Archive Files.......................................................... 550
Generating a New Log Archive File .................................................... 550
Uploading a Log Archive File .............................................................. 551
Managing Replication Services .................................................................. 551
Starting an Unscheduled Replication .................................................. 551
Preparing for Replication .................................................................... 552
Stopping Replication ........................................................................... 552
Displaying the Replication Status........................................................ 552
Enabling / Disabling Replication ......................................................... 553
Displaying Replication Logs................................................................ 553
Displaying a Specific Log .................................................................... 553
Setting Up Replication Service ........................................................... 554
Managing the Replication User........................................................... 554
Managing the Replication Filters......................................................... 554
Managing the Replication Instances ................................................... 555
Managing the Replication Paths ......................................................... 555
Managing the Replication User .................................................................. 555
Displaying the Current Replication User ............................................. 556
Defining the Replication User ............................................................. 556
R ev isi o n 3. 0
XXIV
C o nt e nts
Deleting the Replication User ............................................................. 557
Displaying the Current Replication Filters .......................................... 557
Clearing All Replication Filters............................................................ 557
Adding or Deleting a Replication Filter ............................................... 558
Listing the Replication Instances ........................................................ 558
Displaying all Replication Paths ......................................................... 558
Adding a New Replication Path .......................................................... 559
Deleting a Replication Paths .............................................................. 559
Deleting All Replication Paths ............................................................ 559
Scheduling Events ..................................................................................... 560
Displaying Actions for Scheduling ...................................................... 560
Displaying Scheduled Events ............................................................. 560
Adding Scheduled Events .................................................................. 561
Deleting Scheduled Events ................................................................ 561
Clearing All Scheduled Events ........................................................... 561
Service Management ................................................................................. 562
Enabling or Disabling the Current Service.......................................... 562
Checking whether the Current Service is Enabled ............................. 562
Displaying the List of Services............................................................ 563
Activating a Service ............................................................................ 563
Creating a <Default ¬¹ Font>FileBank Director<Default ¬¹ Font> Service563
Creating a <Default ¬¹ Font>FileBank Director<Default ¬¹ Font> HA 564
Creating a <Default ¬¹ Font>FileBank<Default ¬¹ Font> Service....... 564
Software ..................................................................................................... 565
Displaying Version Numbers .............................................................. 565
Statistics ..................................................................................................... 565
Displaying File Statistics ..................................................................... 565
Uploading Yearly Statistics ................................................................. 566
Displaying the Current Status ............................................................. 566
Stf_filters .................................................................................................... 566
Displaying Current STF Filters ........................................................... 567
Clearing the List of Current STF Filters .............................................. 567
Adding or Deleting a Filter .................................................................. 567
Transaction Monitoring............................................................................... 568
Displaying the Requested Transactions ............................................. 568
Stopping the Transaction of a Specific ID ........................................... 568
TTCP.......................................................................................................... 569
Measuring the Receiving Host............................................................ 569
Measuring the Sending Host .............................................................. 569
XXV
Displaying the System’s Current Uptime ............................................ 569
User ............................................................................................................ 570
Displaying a List of All Users .............................................................. 570
Adding or Deleting a User................................................................... 570
Changing a User’s Password.............................................................. 571
Configuring Virtual Memory Statistics......................................................... 571
Displaying Virtual Memory Statistics ................................................... 571
Wins............................................................................................................ 572
Setting a WINS Server Address.......................................................... 572
Deleting Current WINS Server............................................................ 572
Displaying Current WINS Server ........................................................ 572
Configuring Security ........................................................................................... 574
Accessing the Transport Type .................................................................... 574
Enabling or Disabling Access to the Transport Type .......................... 574
Configuring Servers.................................................................................... 574
Configuring the IP Address and Port .................................................. 575
Setting the Radius Server Timeout ..................................................... 575
Configuring the TACACS Server......................................................... 575
Setting the TACACS Server Timeout .................................................. 576
Configuring Authentication.................................................................. 576
Displaying the Authentication Server .................................................. 577
Defining/Deleting the Authentication Server ....................................... 577
Configuring Users’ Accounts ...................................................................... 577
Enabling / Disabling a User’s Account ................................................ 577
Creating and Setting a User’s Access ................................................ 578
Setting the Local Password ................................................................ 578
Viewing AAA Configuration ........................................................................ 579
Unlocking or Locking the Keypad ....................................................... 581
Upgrading the Software OS........................................................................ 582
Copying the New Bundle File.............................................................. 582
Rebooting the Accelerator after Copying the New Bundle File........... 582
Technical Support Information............................................................................ 583
Initiating ByPass Mode ............................................................................... 583
Showing Technical Support Information ..................................................... 583
Listing Log Events............................................................................... 583
Appendix I:Glossary.................................................................. 585
Appendix J:Index....................................................................... 601
R ev isi o n 3. 0
XXVI
C o nt e nts
Chapter 1: Introducing the Accelerator
Expand Networks’ Accelerator is the ideal Application Traffic Management System
for ensuring optimal application performance over the WAN. The Accelerator is a
Layer-3 WAN device that dramatically improves application response times through
a combination of bandwidth compression, Layer-7 QoS and acceleration plug-ins
for specific applications.
This chapter includes the following sections:
Features and Benefits, on page 2.
Next-generation WAN Compression, on page 3.
Layer-7 QoS and Bandwidth Management, on page 4.
The Accelerator Product Line, on page 7.
How the Accelerator Works, on page 8.
Configuration and Management, on page 11.
2
C h ap t er 1: Introducing the Accelerator
Features and Benefits
The Accelerator’s new and improved algorithms provide the highest WAN
compression performance available, in an easy to install package that fits
seamlessly into various network topologies such as MPLS, QoS clouds, Noisy
networks, High BER networks, Load balanced networks, and networks
experiencing many out-of-order errors.
Features include::
Resiliancy and Redundancy
Redefining Application Traffic Management
Next-generation WAN Compression
Layer-7 QoS and Bandwidth Management
Resiliancy and Redundancy
Redundant striped swappable drives in Accelerator Hardware elevate
fault tolerance and create a virtually seamless work enviornment.
For more information, see RAID, on page 276.
Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy
Protocol (VRRP) provide network resilience for IP networks, ensuring
that user traffic immediately and transparently recovers from first-hop
failures in network edge devices or access circuits.HRSP. For more
informaiton, see Router Redundancy Protocols, on page 278.
Redundant Links
iLO - integrated Lights Out technology allows you virtual control
regardlgess of appliance status or location.
Redefining Application Traffic
Management
The Accelerator takes application traffic management to the next level by reducing
WAN costs and improving application performance. In addition to bandwidth
compression capabilities, the Accelerator provides a rich set of features that
improve application response times and provide Layer-7 visibility and control tools,
which enable network managers to align network resources with business priorities.
Acceleration of application response times is achieved through next-generation
Fe at u r es a nd B en e fi ts
3
WAN compression, application-specific acceleration, Layer-7 QoS capabilities and
sophisticated monitoring and reporting.
Next-generation WAN Compression
The Accelerators’ bandwidth expansion algorithms provide an effective alternative to
WAN upgrades with a 3 to 9 month ROI.
Typical capacity gains of 100% to 400%+ additional capacity, peaks of
1000%+.
Combination of byte-level caching, packet header reduction and
adaptive packet compression.
High performance, low latency algorithms
Packets incur a maximum of 1 millisecond latency passing through
the device.
100% lossless, works on all applications.
Supports up to 350 remote sites and 45 Mbps in a single device.
Unique On-LAN deployments enable rack-and-stack above 350
sites and 45 Mbps.
Verified in over 27,000 production installations.
Network transparent RTM (Router Transparency Mode) enables 100%
IP header preservation, ensuring guaranteed compatibility with any
kind of WAN device. RTM also preserves Layer 4 for TCP & UDP
traffic.
Dynamic routing enables effortless installation even in complex
networks that use OSPF, RIP and other routing protocols.
Application-specific Acceleration
Application-specific acceleration is a breakthrough approach that works in
combination with next-generation compression for improving application response
times.
Improves application response times by 100% to 400%, peaks of
1000%+
Extensible architecture based on application acceleration plug-ins for
additional application support
TCP acceleration enables TCP transfer speeds in excess of WAN
link speed, even under challenging latency and packet loss
conditions. The TCP acceleration plug-in is standards-based,
R ev isi o n 2. 0
4
meeting the SCPS standard (www.scps.org) that was developed by
NASA and the DoD for performance optimization in high latency
links.
HTTP acceleration provides faster web application response times
for chatty HTTP transactions by eliminating repetitive download of
frequently accessed objects, applets, and so on.
FTP acceleration provides faster response times due to elimination
of long FTP transactions by keeping local copies of frequently
accessed files.
DNS acceleration eliminates DNS wait times for applications (for
example: web portals) by keeping copies of frequently accessed
DNS translations cached at the edge Accelerator.
HTTPS acceleration enables compression of encrypted traffic by
accelerating and encrypting traffic to the client browser, and
ensures faster response times from secure application servers by
optimizing TCP connections to browsers and web servers.
The Accelerator's full-scale WAFS and CIFS acceleration optimizes
file access over the WAN, solving remote server data access from the
data center over the WAN. Server consolidation is made possible
without paying the price in WAN application performance. Expand
Networks’ enhanced WAFS offering addresses the key performance,
availability and management issues raised by server consolidation:
LAN-like application performance: With Expand Networks’
acceleration architecture a replicated copy of the file is kept in the
remote cache, thereby maintaining LAN-like performance for file
transfers.
Virtual-Server: Expand Networks’ enhanced WAFS offer retains
critical remote branch system services such as: DNS, DHCP, and
print.
Addressing ‘WAN-Outs’: In the event of a network outage, remote
users can continue working because files are served from a local
cache.
Layer-7 QoS and Bandwidth
Management
The Accelerators’ Instant QoS functionality stops bandwidth abuse, guarantees
network resources for critical applications like VoIP and lets network managers
prioritize network applications according to business objectives.
Fe at u r es a nd B en e fi ts
5
Low operational cost QoS solution, Layer-7 application discovery
Easy to set up—Instant QoS Maximum flexibility for advanced users
QoS can be applied for both inbound andoutbound traffic.
Bandwidth limits: desired, maximum
Burst-ability control
Strict priority for real-time traffic
Shaping with High, Medium, Low
Discard rogue applications
Packet fragmentation assures VoIP/video latency budget
Integrates with existing environments
Mark, honor and preserve QoS based on application or QoS
markings
Extensible architecture
Additional application classification
QoS troubleshooting/diagnostics mode
Layer-7 Monitoring and Reporting
The Accelerators and the ExpandView stand-alone Application Traffic Management
System provide powerful monitoring and graphical reporting for full application-level
visibility and cost-effective end-to-end network management.
Automatic application detection with hundreds of predefined classes.
Dozens of historical and real-time reports for WAN and links
Throughput, performance, acceleration
Applications and hosts
Throughput, performance, acceleration
System-wide, per link, Peer, IP subnet, application inbound and
outbound user customizable
Complex rules available for the advanced user, such as nested
rules and order matching
Export and print functions
End-to-end view with ExpandView
Branch Office Features
The Accelerators offer much more than just a bandwidth increase. These intelligent
devices deliver a branch office platform that consolidates multiple devices.
Full NetFlow compliance replaces the need for costly probes
R ev isi o n 2. 0
6
Open architecture for future enhancements
Rapid Deployment/Dependable Results
With minimal configuration and no network architecture changes.
2 minute configuration via front panel keypad
Up and running in minutes with environment auto-detection
Easy-to-use WebUI and central deployment stations
Familiar Cisco-like CLI minimizes staff retraining
Secure management with HTTPS, SSH, SNMP (v2c/v3)
Integrates with existing user authentication and administration
systems
RADIUS, TACACS+, and Windows Directory
Validated in over 1,000 enterprise and service provider networks
Maximum Uptime and Reliability
The Accelerators’ resilience features and standards-based implementation
guarantee unsurpassed uptime and availability.
Network integrity preserved with standards-based implementation,
HSRP/VRRP failover
External flash card for effortless device swap-out (for non-hard drivebased models: Switch-to-wire and software watchdogs) assure zero
network downtime
Remote access never compromised
Out-of-band management
Network integrity preserved with standards-based implementation
IPComp tunnels
Router Transparency Mode
SCPS for TCP Acceleration
SNMP for device management
NetFlow probe
T h e A cc el er a to r P r o d uc t L in e
The Accelerator Product Line
7
The Accelerator product line consists Accelerators that will cater to a range of
facilities from the small office to the Enterprise Network. Check the corporate web
site (www.expand.com) for new hardware releases.
R ev isi o n 2. 0
8
How the Accelerator Works
Accelerators can be deployed in any network environment, whether the WAN is a
private line, frame relay, VPN, IP, ATM, xDSL, ISDN, wireless local loop, or
satellite. You can connect Accelerators on the LAN side of the router. Some of the
Accelerator’s benefits can be realized with no far-end Accelerator.
IP-Based Network
In an IP network, you can position the Accelerator on the LAN-side of the router or
directly on the LAN.
The Accelerator can be located either On-Path or On-LAN.
On-Path
On-Path configuration places the Accelerator between the LAN and the router on
both sides of the IP network. The data from the LAN segment passes through the
Accelerator that performs traffic optimization, including compression and QoS,
before the data reaches the router. See the sample On-Path application in the
following figure.
In this configuration, internal-bypass circuitry ensures the Accelerator fails-to-wire,
enabling invisible protection of the network in the unlikely event of failure. If the
Accelerator fails-to-wire, traffic will continue passing, but will not be accelerated
(bypass mode).
On-LAN
On-LAN configuration places the Accelerator directly on the LAN as a host. The
Accelerator becomes the next hop for traffic on the LAN destined to the WAN. The
H o w t h e A cc el er a t o r Wo r k s
9
accelerated data is redirected to the far-end Accelerator (On-LAN or On-Path)
where the data is reconstructed before reaching its destination IP address.
Usually, one Accelerator is installed on the LAN segment. However, if resilience is
to be enhanced, you can install two or more Accelerators for redundancy purposes.
The most common configuration up to Version 6.1.2 involves creating two links (two
Accelerators), one of which is assigned a higher priority (metric - ranging from 11 to
10,000), so it will be used as the default link for the connection. If this link fails,
traffic switches to the other link.
If all transparent Proxy services (such as HTTP acceleration or TCP acceleration)
are disabled, you can assign ingoing traffic through one link and outgoing traffic
through the other link.
Another optional configuration is shown below:
In this configuration, Hot Standby Routing Protocol (HSRP) or Virtual Router
Redundancy Protocol (VRRP) enables the Accelerator to take part in HSRP/VRRP
groups. Starting from Version 6.1.2, a link can be destined to an HSRP/VRRP
virtual IP, providing redundancy in cases where an active Accelerator fails.
If an AcceleratorOS link is established, and the Source IP of this link is defined to
be the HSRP Group’s Virtual IP, the link switches to the next Accelerator in the rare
R ev isi o n 2. 0
10
case of primary Accelerator failure, and all of this link’s services are kept. When the
primary Accelerator is available again, the link switches back to it.
Co n fi g ur at io n an d M an ag em e nt
Configuration and Management
11
You can configure and monitor the AcceleratorOS via a user-friendly Web User
Interface (WebUI). The WebUI is accessible from Microsoft Internet Explorer via the
HTTP protocol or the secured HTTPS protocol. Console-based administration can
be accomplished using a directly connected terminal or terminal software using a
serial connection, a Telnet session, or a secured SSH-based connection. You can
carry out initial configuration by using the front-panel LCD.
The Accelerator operating system, AcceleratorOS, provides a wide range of
management features.
Like most networking equipment, the Accelerator requires some basic
initial configuration in order to function. This configuration is performed
locally by using the front-panel LCD, or an RS-232 console, Telnet
console or browser-based management console, and includes
specifying the Accelerator’s IP address. The initial configuration also
involves defining passwords, and the time and date at the Accelerator
site. The Accelerator’s user-friendly Installation Wizard guides you
through the steps necessary to get your Accelerator up and running.
For Quick Installation Instructions, see the Accelerator Quick Installation Guide.
R ev isi o n 2. 0
12
Chapter 2: Preparing Network Integration
This chapter assumes that you have successfully installed and turned on the
Accelerator without any errors. If you have not been able to install or turn on the
Accelerator successfully, see Troubleshooting, on page 299 and Contacting TAC,
on page 389.The AcceleratorOS lets you set up the Accelerator either via the LCD,
in conjunction with the Accelerator’s Wizard, or via the Wizard alone, by using the
Accelerator’s default IP address (10.0.99.99). In addition, you can use the CLI to
perform complete setup.
This chapter contains the following topics:
Working with Bypass Mode, on page 14.
Reviewing the Setup Checklist, on page 15.
Performing Setup via the LCD, on page 17.
Performing Setup via the WebUI, on page 19
Performing Setup via the Wizard, on page 21
Licensing the Accelerator, on page 28
Logging into and out of the Accelerator, on page 30
Integrating the Accelerator into Your Network, on page 31
14
C h ap t er 2: Preparing Network Integration
Working with Bypass Mode
When working in On-Path mode, the Accelerator can work in bypass mode to
enable transparent data transmission in the unlikely event of Accelerator failure.
The move to bypass mode is carried out automatically by the bypass switch on the
Accelerator. In addition, all models support invoking the bypass mode through the
CLI.
!
CAUTION! When bypass is enabled you will lose connectivity to the CLI/WebUI,
! unless Out-of-Band management is used.
Re vie w in g t h e S et u p Ch ec kl ist
Reviewing the Setup Checklist
15
Follow this checklist to ensure that you have all of the information necessary to
complete Accelerator setup:
Network Checklist
Information
Needed
For more information
see:
What are the port settings of
the devices that will be
attached to the Accelerator
(switch/router)?
Speed: 10/100/
1000
Duplex: Half / Full
What is the IP address of the
Default Gateway?
IP Address:
What will the IP address of the
Accelerator be? Will there be
secondary IP addresses or
VLAN IP Addresses?
IP Address:
Subnet
Secondary (up to
10):
VLAN:
Performing Setup via
the Wizard, on page 21
Does this Accelerator have
more than one subnet in its
network?
Subnet:
Acc IP Address:
Subnet:
Acc IP Address:
Subnet:
Acc IP Address:
Setting Subnet Routing,
on page 53
Do you have HSRP or VRRP
configured?
Yes: HSRP /
VRRP (circle one)
No
HSRP, on page 279
Do you have OSPF
configured?
Yes / No
If yes, OSPF Area
ID:
or IP address:
Configuring OSPF, on
page 440.
Do you have RIP configured?
Yes / No
Version: 1/2
If yes, RIP
Authentication:
Configuring RIP, on
page 446
IP address of the remote
Accelerator?
IP Address:
WAN bandwidth?
Does your network include
VLAN 802.1q trunking?
Yes / No
Working with VLAN, on
page 251
Does your network use
external traffic monitoring
software on the router?
Yes / No
Encapsulation, on
page 23
R ev isi o n 2. 0
16
Network Checklist
(Continued)
Do you have any ToS
implementation?
MPLS?
Diffserv?
Any kind of applications that
modify the ToS field?
Information
Needed
Yes / No
Yes / No
Yes / No
For more information
see:
MPLS, on page 43.
ToS on page 261.
Yes / No
Do you currently use SNMP?
Yes / No
If Yes, what is the
community name?
Using SNMP, on page
270.
Do you currently collect SNMP
traps?
Yes / No
If Yes, what is the
IP address of the
trap receiver?
Enabling / Disabling
SNMP Traps , on
page 507.
Do you currently use a Syslog
server?
Yes / No
If Yes, what is the
IP address of the
Syslog Daemon?
Sending Updates to a
Do you currently use NetFlow?
Yes / No
Configuring NetFlow
Support, on page 98.
Does your network have high
latency lines above 40 ms?
Yes / No
If yes, enable
TCP Acceleration
Studying TCP
Acceleration, on page
132.
Syslog Server, on page
271.
P er f o r m in g S e tu p v ia t he L C D
Performing Setup via the LCD
17
Accelerator configuration is made simple with the front-panel LCD.
AcceleratorOS v6.xx should be displayed, where xx is the maintenance
release number (for example 6.1.2) in addition to a status display (Ready, Bypass,
or various error messages).
Press Enter to start configuration.
To navigate between the fields:
Follow these steps:
Press the right/left arrows until the cursor is below the word/value you
want to select or change.
Press the up/down arrows to change the value of the numbers.
Press Enter to navigate to the next screen.
Enter setup by making sure the cursor is under Setup and pressing
Enter.
Setup
Local IP
Subnet Mask
R ev isi o n 2. 0
18
Default Gateway
When asked if you want to save the setup, select Yes or No and press Enter.
At this point, management can be performed via the Accelerator’s
Web UI, via the CLI, Telnet, SSH, or via ExpandView- Centralized
Management. To work with ExpandView, you will need to define the
ExpandView server IP address via the CLI.
For other LCD settings, see section Locking/unlocking the Keypad, on page 295.
P er f o r m in g S e tu p v ia t he Web U I
Performing Setup via the WebUI
19
The Accelerator’s Web User Interface (WebUI) provides you with a user-friendly
interface for configuring the Accelerator.
To access the WebUI:
1. The Accelerator comes pre-configured with the IP address: 10.0.99.99
255.255.255.0
If no other IP address was assigned via the LCD, use this default address to
access the Accelerator.
If the Accelerator is connected directly to a management PC, ensure that you set
the PC to the same subnet as the Accelerator’s IP address.
2. In the Address field of your web browser, enter the Accelerator’s IP Address.
Alternatively, the Accelerator WebUI supports access via Secure HTTP, by typing
https:// before the Accelerator IP address.
3. The Accelerator’s WebUI opens and prompts you to log in to use the WebUI.
When prompted, log in to the Accelerator by entering a user name and password.
The default user name and password (both case sensitive) that must be used
on initial login are as follows:
user name: expand
password: Expand
The first time you access the WebUI, the Setup Wizard automatically opens and
guides you through the steps of basic Accelerator configuration.
Studying The WebUI Menu
The following buttons, which are common to all WebUI menu screens, let you carry
out basic operations as follows:
WebUI Menu Item
Description
Setup Wizard
Click the Setup Wizard link at any time to open the
Setup Wizard.
Write
Click the Write link at any time to write the current
configuration.
Change Password
Click the Change Password link at any time to modify
your login password. The password is case sensitive,
but the number of characters is not limited.
R ev isi o n 2. 0
20
Logout
Click the Logout link at any time to log out of the
Accelerator.
Clicking on this button at any time on any page in the
interface will set that page as the default startup page
“home page” each time you log into the WEB/UI.
There is no confirmation to this action.
Click the Refresh button at any time to refresh the
data in the WebUI.
Click the Help button at any time to open the
Accelerator’s online help. This help is pop-up based
so make sure your browser’s settings allow pop-ups.
P er fo r m in g S et up via t h e Wi z ar d
Performing Setup via the Wizard
21
The Accelerator’s Setup Wizard guides you on the step-by-step configuration of the
basic parameters (all parameters that are set via the front-panel LCD), which are
necessary to get your Accelerator up and running.
To access the Setup Wizard:
1. The first time you access the Accelerator’s WebUI, the Setup Wizard opens
automatically.
On subsequent uses, to return to the Setup Wizard, click the Setup Wizard
button.
If the Accelerator is connected directly to a management PC, ensure that you set
the PC to the same subnet as the Accelerator’s IP address.
2. Read carefully the explanations that appear in the Welcome screen and click
Next to move to the My Accelerator screen, which lets you define the local
Accelerator settings.
i
NOTE: To carry out any modifications and additions after initial
configuration, always use the Basic screen or the My Links screen and not
the Wizard. The Wizard resets other parameters to their default values
when accessed.
Configuring the Wizard
Set the following parameters on the Wizard’s My Accelerator screen:
Device Name
Set a name for the Accelerator of up to 60 characters, without
spaces and special characters.
IP Address
Enter the IP address of the Accelerator.
Subnet Mask
Enter the Subnet Mask to identify this Accelerator’s local subnet.
Default Gateway
Enter the network’s Default Gateway to which the Accelerator will
forward the traffic it intercepts.
Licensing
Enter the Accelerator’s serial number (product ID). Select either
Evaluation, License Key or License File, and enter the license key
or file number. For more information on Licensing, see
Licensing the Accelerator, on page 28.
R ev isi o n 2. 0
22
Defining Advanced Settings
Clicking the Advanced Settings Configuration button opens the Advanced
Settings screen, which lets you set advanced information about the Accelerator’s
setup, as follows:
!
!
i
Deployment Type
On-Path: See ‚ÄúOn-Path‚Äù on page 8.
On-LAN: See ‚ÄúOn-LAN‚Äù on page 8.
For additional information on both types of deployment, see the
Quick Installation Guide supplied with your Accelerator
Deployment Size.
From the drop-down list, select the approximate number of
Accelerators to which the local Accelerator will be connected: 1 5, 6 - 10, 11 - 20, 21 - 50, 51 - 100, 101 - 200 or 201 - 500.
Setting an accurate network size enables the Accelerator to
better optimize traffic. In network topologies such as Mesh and
Hub, knowing the network size is important for the Accelerator in
order to know how to divide its system resources correctly among
connected Accelerators.
Bandwidth
Set the precise bandwidth (in Kbps) of the WAN. 0 is not a valid
bandwidth
Caching
Defines the active cache method: WAFS only (for CIFS traffic),
Web Cache only (for HTTP servers), or both or None.
Maximum Links
Used for defining the maximum number of requested links. You
can set here any number between 1 and 450.
CAUTION! The WAN bandwidth setting is used by the Accelerator’s QoS
mechanism. Ensure that the WAN bandwidth is not set too low, otherwise the
Accelerator’s QoS mechanism may drop packets and cause applications to
disconnect.
NOTE: For the Accelerator’s application optimization to work properly, you
are advised to set an accurate WAN bandwidth defining the physical link
that the Accelerator sits on. Either select the WAN Bandwidth from the pulldown menu or select Other and enter a specific figure into the provided
field along with its correct unit (bps, Kbps, Mbps, Gbps).
If you are unsure of your WAN bandwidth setting, use the default setting of
100 Mbps.
Setting Links via the Wizard
The My Links screen, accessed via the Wizard, lets you set up the basic
parameters necessary to define your network and begin working with the
Accelerator.
23
Follow these steps to set Link information and click Next to advance to the next
screen:
i
i
i
Destination IP
Enter the IP Address of the remote device.
Name
Set a name for the link that will let you identify it in the future. Up
to 31 characters, no spaces, no special characters.
Bandwidth
Set the speed of the link that connects the local Accelerator to the
remote Accelerator. This should be either the local WAN
bandwidth or the remote WAN bandwidth -whichever is lower. To
accomplish asymmetrical bandwidth settings, use either the
advanced link parameters or the CLI.
Encapsulation
IPComp:
IPComp encapsulation (tunneled encapsulation) compresses the
entire packet. This means that the IP header, the transport
header and the payload are compressed and the packet
traversing the network will have an IPComp header.
IPComp is the default setting, which enables the best
compression rate.
Router Transparency (RTM):
In Router Transparency encapsulation, only the packets’ payload
is compressed, leaving the original IP header and the original
TCP/UDP header in their original forms so that their information is
available across the network.
Router Transparency encapsulation is appropriate in an
environment where header preservation is necessary, including
QoS deployments, monitoring (NetFlow), Load Balancing, Billing,
encryption, MPLS networks and certain firewall environments.
NOTE: When using router transparency mode, the payload of packets
destined to the router (SNMP requests, Telnet, and so on) will be
compressed, making them unreadable by the router. In this event, it is
necessary to set up a decision policy that does not tunnel specific
applications, (like SNMP see Creating New Applications, on page 105),
or to exclude specific subnets or IP addresses from being accelerated on
the link (see Setting Remote Subnets for the Links, on page 262).
NOTE: Encapsulation settings can be asymmetric. This means that you can set
one Accelerator to Router Transparency while setting the other Accelerator to
IPComp in the opposite direction. This is useful for setting RTM mode when one
of the Accelerators is On-LAN and the other is On-Path. However, IPComp
encapsulation will not function if the IPComp protocol is blocked by a firewall.
Therefore, ensure that the IPComp protocol is not blocked before selecting either
IPComp or RTM encapsulation
NOTE: TCP port 1928 is needed for establishing a connection between
Accelerators. Ensure that this port is not blocked by a firewall that is installed
between the Accelerators.
R ev isi o n 2. 0
24
Use the Delete button to remove added links from the Links Table.
i
NOTE: Deleting the non-link is impossible, because this link name is a logical
entity that represents all un-specified traffic in the QoS and Monitoring engines
Click Next to advance to the next screen of the Wizard.
Setting the Time
Verifying that the Accelerator’s time is accurately set is extremely important in order
to have an accurate reading of when events occur and when statistic items are
gathered and updated.
25
Modifying the Password
Security reasons necessitate changing the default password before exiting the setup
Wizard. In the Password screen, enter and confirm a new password, and then click
the Next button.
NOTE: The following values are not accepted as passwords:
An empty field (i.e. a blank password)
Expand (the default original password)
i
Reviewing Wizard Configuration
The Summary screen of the Setup Wizard lets you review the parameters set via
the Wizard before saving them to the Accelerator.
If the configuration is correct, press the Submit button to save the settings to the
Accelerator.
!
!
CAUTION! Clicking Finish saves the configuration as the Accelerator’s Startup
Config.
R ev isi o n 2. 0
26
Modifying Basic Setup Configuration
To modify the basic Accelerator setup, you can make changes via the Basic screen
in the Setup menu of the WebUI.
i
NOTE: To carry out any modifications and additions after initial
configuration, always use the Basic screen or the My Links screen and
not the Wizard. The Wizard resets other parameters to their default
values when accessed.
The parameters on this screen are identical to the parameters configurable via the
Setup Wizard’s Basic screen, with the exception of Routing Strategy settings (see
Setting Routing Strategy, on page 27). For more information see Performing
Setup via the Wizard, on page 21. In addition, the Basic screen lets you add a
description to identify the Accelerator.
The Basic screen includes specific details concerning the Accelerator device, as
follows:
Platform
Accelerator type
Product ID
The product ID is the unique number identifying the Accelerator,
and is used when licensing the product
AcceleratorOS
Version
Software (AcceleratorOS) version running on the Accelerator
System Up-Time
The last time the device was rebooted, and how much time has
elapsed since.
Current Time
Time set in the Accelerator
27
Setting Routing Strategy
The Basic screen lets you set the Routing Strategy.
Routing strategy defines how to route traffic. In environments such as router polling
and dynamic routing networks, the Accelerator must route all traffic, and therefore
you should set Routing strategy to Routing only. In other environments, non-link
traffic and inbound traffic should not be directed to the router (normally, when nonlink traffic is transmitted by the Accelerator, it is directed to the router; but this can
cause problems if the destination is a Layer-2 address or for incoming traffic). In
such environments you have to set the Routing strategy to Bridge route, which does
not route non-link and inbound traffic - only traffic destined to an accelerated link or
a virtual link.
Routing-Only –typically used in On-LAN deployments, or in
environments that require the Accelerator to route all traffic (for
example: networks that use Dynamic Routing policies).
Bridge Route – typically used in On-Path deployments, where traffic
is not necessarily routed through the router.
i
NOTE: Enabling TCP Acceleration requires you to use “Routing-Only” routing
strategy.
R ev isi o n 2. 0
28
Licensing the Accelerator
Accelerators are shipped with a 30-day grace period, during which you must
register the product and a install a license. Once the 30-day grace period has
passed, the Accelerator will continue to pass data in passthrough mode and will not
optimize traffic in any way.
In addition to standard Accelerator license, there is also an additional license for
WAFS features. For the WAFS license installation information, see Installing the
License File, on page 184.
Viewing the license status is possible as follows:
Via the Licensing tab of the My Accelerator screen.
By entering the CLI—Licensing the Accelerator, on page 421.
i
i
NOTE: The 30-day period counts only days during which the Accelerator
is powered on.
NOTE: In the unlikely event of Accelerator failure, if you use a non hard
drive-based Accelerator, you can immediately replace the Accelerator in
the field by inserting the Compact Flash from an Accelerator with a
permanent license into another Accelerator. This will enable the second
Accelerator to function with a 30-day evaluation license, allowing you
time to register the new Accelerator.
Licensing an Accelerator involves two steps:
Activating the I-Key, on page 29.
Activating the License Key, on page 29.
Both steps are described in the Licensing Guide that was sent to you by E-mail
when you purchased your product. A simplified version is included here for
convienence. To renew or upgrade your license, contact Expand’s Help Desk.
Li ce ns in g t he A cc ele ra to r
29
Activating the I-Key
To Activate the I-Key:
1. Identify the Accelerator’s Serial number (product ID) in the upper right hand
corner of the Basic screen of the WebUI.
2. Open your E-mail and copy the I-Key that was sent to you with your order
confirmation.
3. Go to www.expand.com. Click the My Expand Link. When directed to the
Customer Portal, enter your login information and click Log In. If you have not yet
registered click First Time Here to do so and then log in.
4. Click on the Licensing tab. Then click Manage End-User Keys.
5. Click the Add Product link.
6. In the popup window, enter the software version number, the Site Name, and the
Reseller. Copy the Serial Number from the Accelerator WebUI. Re-enter the
serial number. Click the Submit button and a new popup window opens.
7. In the I-Key field, enter the I-Key and click the Activate button. The popup
window now displays the details of the license key.
8. Copy the information listed in the first line: LICENSE KEY IS:
This is the number that you need to enter into the Accelerator to activate the
license. Keep this information in a safe place. Go to the next section to continue.
Activating the License Key
To Activate the License Key:
1. In the Accelerator’s WebUI, click Setup followed by My Accelerator, and then
Licensing.
2. Click the Activate New License button and enter the Accelerator’s serial number,
paste the License Key as copied from the Portal and click Activate.
3. Select or deselect the checkbox that enables refreshing the Acceleration on all
links with the new license feature. To update the new license features, select the
Refresh acceleration on all links box.
R ev isi o n 2. 0
30
Logging into and out of the
Accelerator
In the setup of the Accelerator, you set a password. You will need this password
to log into the software.
To log into the Accelerator:
1. Open a web browser.
2. Enter the IP address of the Accelerator. The login screen appears.
3. If your browser has popups disabled, change the properties so that popups are
enabled.
4. Verify that the platform and software version shown on the screen are correct.
5. In the User Name field, enter the user name you used in the Setup Wizard. This
is case senstitive.
6. In the Password field, enter the password you used in the Setup Wizard. This is
case sensititve.
7. Click Submit.
To logout of the Accelerator:
1. From any screen in the WebUI, click Logout. There is no confirmation. You are
immediately logged out.
In te g r at in g t h e A cc el er a to r in t o Yo u r N et w o r k
I ntegrati ng the Accelerator i nto Your
Network
31
The steps involved in integrating the Accelerator in your network depend entirely on
the structure of the network and the various technologies and devices already in
place on your network.
The following section describes the steps needed to get the Accelerator up and
running for various network topologies and technologies. Your network may need
one or any combination of the following settings.
This section contains the following topics:
Integrating into a Standard Network, on page 31.
Integrating into Networks that use Dynamic Routing, on page 32.
Networks Using External QoS or Monitoring Devices, on page 33.
Working in Noisy Link Environments, on page 34.
Installing On-LAN at a Data Center, on page 35.
Installing in a High Latency Environment, on page 37.
Installing in a Web-Intensive Environment, on page 38.
Using Advanced QoS, on page 39.
Integrating into a Standard Network
The Accelerator Installation Wizard is designed to get the Accelerator up and
running on a standard network, namely: a network that installs the Accelerators in a
point-to-point, or point-to-multipoint configuration, with one router and one or more
remote sites.
After concluding the first stage of using the wizard, as detailed in the Quick
Installation Guide, proceed with the configuration by referring to one of the following
sections, depending on the network environment:
Integrating into Networks that use Dynamic Routing, on page 32
Networks Using External QoS or Monitoring Devices, on page 33
Working in Noisy Link Environments, on page 34.
Installing On-LAN at a Data Center, on page 35.
Installing in a High Latency Environment, on page 37.
Installing in a Web-Intensive Environment, on page 38.
Using Advanced QoS, on page 39.
R ev isi o n 2. 0
32
Integrating into Networks that use
Dynamic Routing
Follow these steps to install the Accelerator on a network that already uses
dynamic routing.
Use the Installation Wizard to set up basic Accelerator properties.
Use the following steps for networks that use OSPF dynamic routing.
To configure OSPF:
1.
In the Accelerator’s WebUI, click on the Setup tab, and then the My Accelerator
tab, followed by the My Routes menu.
2.
3.
Under Dynamic Routing, click the OSPF button.
Set the parameters as necessary. For more information on OSPF, see
Configuring OSPF, on page 62 for networks that use RIP dynamic routing.
To configure RIP:
1.
In the Accelerator’s WebUI, click on the Setup tab, and then the My Accelerator
2.
3.
Click the RIP button.
Set the parameters as necessary. For more information on RIP, see Configuring
RIP, on page 63.
33
For networks that use dynamic routing other than OSPF or RIP (such as EIGRP,
ISIS or IGRP), see Working with Router Polling, on page 61.
Networks Using External QoS or
Monitoring Devices
When QoS is deployed on the network (not via the Accelerator, but by using thirdparty software), setting up the Accelerator is necessary for enabling the QoS device
to continue having access to the traffic traversing the Accelerator.
To set the Accelerator to enable external QoS:
1.
In the WebUI, in the Setup menu, click My Links.
2.
Select the link to be affected by a QoS device and set it to work in Router
Transparency mode. For more information on Router Transparency mode and
Link configuration, see Adding Links, on page 47.
R ev isi o n 2. 0
34
3. If all links from the Accelerator are to be affected by the QoS device, you may
find it useful to modify the default Link parameters, in order to make all newly
created links use Router Transparency Mode as the default setting.
To use Router Transparency Mode as the default setting:
a. Select the My links command from the Setup menu.
b. Click the Advanced button.
c. Set the default link parameters as needed.
d. Click the Save to template link button.
Working in Noisy Link Environments
If you add the Accelerator to a particularly noisy environment, with a high number
of BERs, drops or collisions (for example, satellite links or a connection with radio
transmissions), the following configuration modifications may help optimize
Accelerator performance.
To set the Accelerator to work in noisy links
environments:
1.
In the Setup menu, under My Links, click the Advanced button. In the Create
New Link screen, ensure that the Include checksum checkbox is selected (this is
the default setting). Checksum causes the Accelerator to automatically resend
packets on which errors are detected.
2.
Consider enabling TCP Acceleration if links are high-latency, as described in
section Installing in a High Latency Environment, on page 37.
35
Installing On-LAN at a Data Center
Installing an Accelerator On-LAN at the data center requires taking extra measures
in order to enable redirecting all relevant traffic to the Accelerator. When working in
On-LAN mode, the Accelerator needs to intercept packets from the LAN before they
are handled by the router. This is accomplished either via RIP Route Injection, or
via the Web Cache Communication Protocol (WCCP). For more information, see
section Enabling Packet Interception, on page 63.
To Configure Packet Interception:
1.
Click on Setup followed by Networking and then Packet Interception.
2. In the Packet-Interception menu, select either RIP or WCCP packet-interception.
3. If RIP is selected, enter a number in the Maximum Subnets field (default: 1000)
and click the Submit button.
4. If WCCP is selected:
R ev isi o n 2. 0
36
a. Select the Authentication checkbox and enter a password (case sensitive) into
the Authentication field.
b. Enter the WCCP router IP address.
c. Enter the TCP service ID and UDP service ID (51 to 99).
d. Click the Submit button.
For information on configuring the router to support WCCP mode, see section
Setting WCCP on the Router, on page 69.
If resilience is necessary, and HSRP or VRRP is implemented among the routers at
the central site, you can configure the Accelerator to operate within an HSRP or a
VRRP group. For more information see section Router Redundancy Protocols, on
page 278.
To enable the Accelerator to operate within an HSRP
group:
1. Click on Setup followed by Networking and then HSRP.
2. You can configure the Accelerator either by using the Auto Detect mode or by
manually adding HSRP configuration.
The auto detect mode enables filling up the HSRP table automatically with the
details of the HSRP groups detected on the network. Alternatively, you can
manually add HSRP groups to the Accelerator.
Ensure that the Accelerator “joins” all relevant HSRP groups.
For more information, see section HSRP, on page 279.
37
To enable the Accelerator to operate within a VRRP
group:
1. Click on Setup followed by Networking and then VRRP.
2. In the VRRP menu, enter the Group ID number, the Virtual IP address, the Priority
(0 - 254), the preempt status and the timer setting.
3. Click Add.
The VRRP group immediately appears in the Groups table.
For more information, see section VRRP, on page 283.
Installing in a High Latency
Environment
TCP, which was designed to ensure reliable IP transmission, does not perform well
in high latency and high-packet-loss environments. The TCP limitations are
expressed in the long times required for file transfers over the WAN, degraded web
performance and unresponsive applications. TCP Acceleration enables optimization
and better utilization of WANs that suffer from distance-induced TCP limitations. For
more information on TCP Acceleration, see section Studying TCP Acceleration, on
page 132.
Use the following table to determine whether your network suffers from high-latency
and would benefit from enabling TCP Acceleration:
Window Size
8 KB
16 KB
32 KB
64 KB
R ev isi o n 2. 0
Round Trip Time
38
5
0
160 Kbps
320 Kbps
640
Kbps
1280
Kbps
1
0
0
80 Kbps
160 Kbps
320
Kbps
640
Kbps
1
5
0
53 Kbps
106 Kbps
212
Kbps
424
Kbps
2
0
0
40 Kbps
80 Kbps
160
Kbps
320
Kbps
5
0
0
16 Kbps
32 Kbps
64 Kbps
128
Kbps
1
0
0
0
8 Kbps
16 Kbps
32 Kbps
64
Kbps
To enable TCP Acceleration:
1.
In the Accelerator’s WebUI, click on Services and then TCP Acceleration.
2.
In the TCP Acceleration field, select the Enable TCP Acceleration on All
Links box.
Enter the typical RTT and Typical Acceleration rate as described in section
Studying TCP Acceleration, on page 132.
3. In the bottom right corner, click the Submit button.
For more information on TCP Acceleration configuration settings, see section
Configuring TCP Acceleration, on page 139.
Installing in a Web-Intensive
Environment
If your network runs many Web-based applications, or a lot of Web browsing takes
place between branch offices to the central office’s Internet link, DNS Acceleration
may decrease some of the network congestion.
39
Using Advanced QoS
This section covers the topic of QoS, its uses and the way it is implemented in the
AcceleratorOS. The section includes the following topics:
What is QoS?
How to Know what’s on Your Network
How to Prioritize Applications
What is QoS?
QoS (Quality of Service) is a general term for the control mechanisms that can
assign different priorities to different users, applications, or data flows. These
control mechanisms or priority levels guarantee a certain level (or quality) of
performance of the data flow (service) and simultaneously addresses the requests
from the application. Quality of Service guarantees are important if the network
capacity is limited, especially for real-time multimedia streaming applications, such
as VoIP and IPTV. Such applications often require a fixed bit rate, are delaysensitive, and cannot tolerate packets dropping or being delivered in the wrong
order. You can use the QoS feature to prevent such factors and to accelerate
packets passing through the Accelerator based on your policy and reservation
criteria. QoS allows you to maximize the bandwidth you pay for more effectively.
The key to managing the traffic and achieving bandwidth effectiveness, is closely
tied to your knowledge of the type of traffic that is on your network and to the
demands of your users.
How to Know what’s on Your Network
The Accelerator’s traffic detection, or sniffing, feature lets you obtain a complete
picture of your bandwidth use. Traffic is classified according to hundreds of
predefined applications, and statistics are gathered as to how much of each traffic
type is traversing (or clogging) your network. Often you may find that the
applications that should be receiving the most bandwidth are in fact being slowed
down by bandwidth-greedy applications that are secondary, or even unwanted and
potentially harmful.
How to Prioritize Applications
Once you know which applications are on your network and how they affect your
traffic flow, understanding the building blocks of QoS is essential in order to
prioritize applications correctly.
R ev isi o n 2. 0
40
Traffic shaping is accomplished primarily by guaranteeing or limiting the amount of
bandwidth an application can receive, and by prioritizing applications.
Setting a Minimum Bandwidth desired allocates a certain amount of bandwidth for a
specific application during periods of congestion. You should set desired bandwidth
for mission-critical, time-sensitive applications such as VoIP, which needs 8 to 16
Kb allocated throughput to function.
Setting Maximum Bandwidth limit puts a ceiling on the amount of bandwidth that an
application can consume. This is useful for bandwidth-greedy applications such as
FTP or P2P, to limit the amount of bandwidth they consume.
Additionally, you can allocate bandwidth proportionately among applications by
setting the priority to Low, Medium or High. You can give critical traffic a higher
priority than all these by setting it to RealTime. To prevent the flow of undesired
traffic on the network, set it to Blocked.
Applications that you may want to prioritize include VoIP, Citrix and video
conferencing.
Chapter 3: Configuring Networking
This chapter describes how to perform networking configuration on the Accelerator,
including:
Optimizing the Network Topology, on page 42
Defining WAN Setup, on page 44
Configuring Secondary IP Addresses, on page 45
Creating and Editing Links, on page 46
Setting Subnet Routing, on page 53
Adding Static Routes, on page 58
Setting Dynamic Routing, on page 59
Enabling Packet Interception, on page 63
Setting the Accelerator’s Time, on page 70
Configuring DHCP Servers, on page 71
Setting ExpandView Connectivity Parameters, on page 73
42
C h ap t er 3: Configuring Networking
Optimizing the Network Topology
The Accelerator enables support of many complex network topologies. Some of
these environments have special considerations when setting up the Accelerator.
Point-to-Point
The Accelerator’s default settings are designed with a
basic point-to-point network in mind. For point-to-point
networks as well as for branch offices connected to
headquarters, the basic Wizard configuration should
suffice.
This is the default setting.
Mesh and Hub
In a mesh or hub-and-spoke topology it is recommended
for the Accelerator to have a correct estimate of the size
of the network and the number of Accelerators
connected. To adjust the size of the deployment, see
Defining Advanced Settings, on page 22.
If the Topology-Size is set to a number that is too large, the Accelerator will not use
all its resources, resulting in lower acceleration percentages than would be possible
if the Topology-Size were set accurately.
If the Topology-Size is set to a number that is too small, too many negotiation
messages will be sent between the Accelerator and the network. In addition, the
amount of time it takes for the Accelerator to reboot and to recover from a
disconnected link will be longer than necessary.
Taking into Account NetworkSpecific Considerations
The Accelerator’s advanced algorithms support multiple complex networks with no
added or special configuration. The algorithms automatically optimize Accelerator
benefits per network setup. The following are special configuration
recommendations for particular networks:
Environment Type
Customized Configuration
Noisy environments
Noisy environments are handled automatically via the
Accelerator. The Accelerator’s basic configuration settings
can automatically optimize problematic networks of this
type.
Out-of-order
Out-of-order environments are handled automatically via the
Accelerator. The Accelerator’s basic configuration settings
can automatically optimize problematic networks of this
type.
O pt i mi z in g t he N et w o r k Top o lo g y
Environment Type
Customized Configuration
Load balancing
In load-balanced environments, you should set the
Accelerator to Source IP preservation (CLI configuration
only) to maintain the semblance of a session, or RTM
encapsulation if necessary.
You can perform load balancing per packet or per session.
In a load-balanced environment you should either enable
IPcomp via the CLI, (see section Setting IPcomp
Preservation, on page 503) or use transparent mode to
preserve session information.
MPLS
In MPLS networks, enable ToS bit preservation and source
IP preservation. Often it is important to enable router
transparency instead, to work with the network’s QoS
deployment (see section Setting IPcomp Preservation, on
page 503).
QoS cloud or working in
conjunction with a QoS
device
Enable router transparency, or ToS bit preservation &/or
43
Source IP Preservation (see section Setting IPcomp
Preservation, on page 503). Depending on the fields in
use, enabling one or more of the IPComp preservation
modes may be necessary in order to use RTM.
Monitoring device in a
cloud
Enable router transparency, or ToS bit preservation &/or
Source IP Preservation (see section Setting IPcomp
Preservation, on page 503). Depending on the fields in
use, enabling one or more of the IPComp preservation
modes may be necessary in order to use RTM.
R ev isi o n 2. 0
44
Defining WAN Setup
Each Accelerator has a default WAN. The settings on this WAN define the physical
connection of the Accelerator to the WAN.
The WAN bandwidth setting is the total physical bandwidth of the link between the
Accelerator and the network.
The default WAN is automatically generated and will suffice for most networks. For
details regarding the configuration of complex networks, on which more than one
WAN is necessary, see Handling WANs, on page 248.
Setting the Bandwidth
Correct functioning of the Accelerator’s bandwidth management and flow control
mechanisms requires you to configure an accurate bandwidth for the WAN. The
Bandwidth setting is enforced once it is set. Ensure that you set the Outbound
Bandwidth for the local Accelerator. The Accelerator applies no policy for Inbound
Bandwidth unless otherwise specified. Setting inbound QoS on a link requires
setting the Bandwidth of the inbound link. For more information see Setting
Inbound QoS, on page 121.
Configuring the WAN
In addition to Bandwidth, you can assign Links per WAN, and configure QoS
settings to be applied on the WAN level. For more information about QoS, see
Applying QoS, on page 101.
To carry out basic WAN configuration, use either the Setup - Basic menu in the
WebUI, or the Setup Wizard. For more information on WAN Bandwidth and Links,
see Setting Advanced Parameters, on page 247.
Co n f ig u r in g S e co n da r y IP Ad d r es se s
Configuring Secondary IP Addresses
45
You can set on the Accelerator up to 20 Secondary IPs, for connection to multiple
subnets on the same network. Out-of-band management is set here. If Out-of-band
management is used, it is counted as one of the twenty Secondary IP addresses
available.
Starting from Version 6.1.2, you can set several IPs on the same subnet, whereas
prior to this version, a secondary IP address belonged to a different subnet.
To set the number of Accelerators in the network:
1. In the Accelerator’s WebUI, click on Setup > My Accelerator, followed by
Secondary IP.
2. Enter the IP address and Subnet Mask to be used, select whether to advertise the
IP address and click the Add button.
3. The IP address appears in the Secondary IP List table.
4. To edit or delete an address that is in the table, highlight the row in the Secondary
IP List table, select the address, and click Edit to edit, or Delete to delete.
R ev isi o n 2. 0
46
Creating and Editing Links
A Link is a logical connection between the Accelerator and a connected remote
site and its subnets. The Accelerator optimizes network performance to remote
sites with Accelerators deployed via “Accelerated Links”, and to remote sites
without Accelerators deployed via “Virtual Links”.
The Accelerator’s benefits are greatest when working with another Accelerator on
the other side.
The Accelerator can provide QoS services to Virtual Links, when no other
Accelerators are present on the remote sites.
In addition, the Accelerator enables configuration of a single “Non-link”. The Nonlink is the default link for all traffic not assigned to any known subnet or remote
Accelerator. Internet traffic is one example of traffic assigned to the Non-link. You
can manage this Non-link like any other link, and that lets you determine traffic
QoS and bandwidth restrictions for all traffic not destined for your remote networks
and Accelerators.
When a link is first created or re-established, auto-negotiation occurs between the
local and remote ends of the link and uses the inbound and outbound bandwidth
settings to determine the resources to be allocated for each link.
C r ea ti n g an d E d it in g L i nk s
47
Studying the Links Screen
The Links screen lets you add, edit and manage Accelerator links.
Creating a link requires assigning a destination IP address and an outbound
bandwidth to the link.
The following sections detail the operations you can carry out via the Links screen:
Adding Links, on page 47.
Editing Links, on page 50.
i
NOTE: Packet Fragmentation does not work in RTM mode.
Adding Links
Add links to the Accelerator via the Setup - My Links menu. Note that TCP port
1928 is needed for establishing a connection between Accelerators. Ensure that this
port is not blocked by a firewall that is installed between the Accelerators.
To add a link:
1. In the Accelerator WebUI, click on the Setup tab, and then the My Links menu.
The Links screen opens by default.
R ev isi o n 2. 0
48
2. Set the basic link properties, as follows:
Property
Description
Source IP
IP address of the sending device.
By default, the Accelerator’s primary IP is displayed. You can
either leave this choice or select another source IP address.
The Source IP field, lets you define a source IP for each new
link you create, and also changes the source link while the link
is active. In addition, you may use a virtual IP address for
redundancy purposes. In this case the virtual IP will be a link
which, in case of machine failure, can be redirected to another
machine, unlike a link whose source is a primary IP address.
For more details see Using
a Virtual IP Address, on
page 51.
The valid link source IPs are as follows:
Primary IP
Secondary IP
VLAN IP
HSRP IP
VRRP IP
Name
Set a name for the link to let you identify the link in the future.
Up to 32 characters, no spaces.
Destination IP
IP address of the remote device.
Bandwidth
Set the link’s bandwidth, namely: the maximum throughput
allowed to traverse the link.
IPComp
IPComp encapsulation enables the best compression rate.
IPComp encapsulation (tunnelled encapsulation) defines
complete compression of the packets intercepted by the
Accelerator. This means that the IP header, the TCP/UDP
header and the payload are compressed and the packet
traversing the network will have an Accelerator-proprietary
IPComp header.
i
Property
Description
Router Transparency
(RTM)
In Router Transparency encapsulation, only the packet’s
payload is compressed, leaving the original IP header and the
original TCP/UDP header in their original forms so that their
information is available across the network.
Router Transparency encapsulation is appropriate in an
environment where header preservation is necessary, including
QoS deployments, monitoring (NetFlow), load balancing,
billing, encryption, MPLS networks and certain firewall
environments.
RTM support for On-LAN deployments is available in
AcceleratorOS 5.0(6) and higher.
49
NOTE: If you leave the Source IP field empty, the default value is the
machine’s primary IP address.
3. If you are finished, click the Add button.
For particularly complex networks, the Accelerator enables advanced link
configuration.
To set additional advanced configuration settings:
1. Click the Advanced button.
2. Open the different sections by clicking on the + sign next to the section title.
Use the Parameters section to edit parameters such as Link Name,
Destination IP, Source IP, Link Metric, Bandwidth Out and MTU
(Maximum Transfer Unit).
Use the Acceleration section to define whether to accelerate the
link and to use header compression.
Use the Tunneling section to define parameters such as the
encapsulation type (IPComp, or Transparent), preservation and
Include checksum.
In the TCP Acceleration settings section, select whether to use
the global TCP acceleration settings or to customize these settings
by defining the typical round-trip time (RTT) and the typical
acceleration rate.
In the TCP Acceleration Advanced section, select the type of
acceleration you want to implement (Global, link specific, or none).
If you choose link specific, you will need to fill in additonal fields.
In the Post Acceleration Aggregation section, select whether to
enable Citrix (post acceleration) aggregation on your links. Citrix
Aggregation operates per link.
R ev isi o n 2. 0
50
In the Bandwidth Adjustment section, select the Enable
Bandwidth Adjustment check box and fill in the percentage and
interval rates.
In the IPsec section, select the Enable IP Sec checkbox and select
a policy name and enter a local and remote IP address.
3. To save the settings, click Submit, click Back to Links to return to the My Link
screen.
For Advanced Configuration options, see Additional Configurations, on page 496.
Editing Links
You can use the Edit Links screen to fine-tune and modify existing links. This
screen lets you set basic link parameters, acceleration, tunneling and TCP
Acceleration parameters for the link.
To edit an existing link:
1. In the Links table, either click the name of the link to be edited, or click the row of
the link to be edited, and click the Edit button.
The Edit Link screen appears:
51
2. In the Edit Link screen that opens, use the Parameters section to edit
parameters such as Link Name, Destination IP, Link Metric, Bandwidth Out and
MTU (Maximum Tranmission Unit).
3. Use the Acceleration section to define whether to accelerate the link and to use
header compression.
4. Use the Tunneling section to define parameters such as the encapsulation type
(IPComp or Transparent).
5. In the TCP Acceleration settings section, select whether to use the global TCP
acceleration settings or to customize these settings by defining the typical roundtrip time (RTT) and the typical acceleration rate.
6. In the Post Acceleration Aggregation section, select whether to enable Citrix
(post acceleration) aggregation on your links. Citrix Aggregation operates per link.
Each link can have Citrix Aggregation enabled or disabled independently of other
links. For details, see Creating Citrix Applications, on page 112.
7.
i
NOTE: When configuring a link, you are advised to set a link metric for it,
which is the actual metric for all the link’s subnets, with the exception of
excluded Subnets. If you do not set a link metric for the link, the system
automatically sets a default for the link, which is the current maximum
metric +10, starting from 11.
Use the Link Subnets screen to set the link’s subnets. For configuration details, see
section Configuring Remote Subnets Manually,on page 56.
Using a Virtual IP Address
As mentioned earlier (see section On-LAN,on page 8), in the case of machine
failure, a link that uses a Virtual IP can be redirected to another machine. An
example of such a case is provided in the figure below.
R ev isi o n 2. 0
52
The source IP (virtual IP) in the sending machine is the destination IP in the
receiving machine.
If an AcceleratorOS link is established, and the Source IP of this link is defined to
be the HSRP Group’s Virtual IP, the link switches to the next Accelerator in the rare
case of primary Accelerator failure, and all of this link’s services are kept. When the
primary Accelerator is available again, the link switches back to it.
Adding and Editing Links via the CLI
The CLI procedure for adding and editing links is the same as for creating the first
link. For more information, see Defining Link Settings, on page 501.
Setting Subnet Routing
S e tt i ng S ub n et R o u ti ng
53
To function properly, the Accelerator must correctly detect the layout of the network
to which it is connected. In other words, it must understand where the Accelerator
resides as well as all other subnets on both sides of the link that the Accelerator
should serve. In this way, the Accelerator will be able to forward the packets it
receives to the correct destination, as seen in the figure below.
In the figure above, S1 is Accelerator 2’s direct subnet, while S2 and S3 are also
subnets of Accelerator 2. Accelerator 1 must forward traffic destined for devices that
are part of S2 and S3 to Accelerator 2 via Link1. In order for Accelerator 1 to do
this, it must detect S1, S2 and S3 as subnets of Accelerator 2.
Accelerator 2 automatically detects S1 and adds it as its local subnet. You can
manually add S2 and S3 to Accelerator 2’s Subnets list, or use routing protocols to
add them dynamically. If the network supports OSPF or RIP the Accelerator can
function as an OSPF or RIP device to receive routing information. If other dynamic
protocols are in use, the Accelerator can poll routers to learn their routing tables.
Then, Accelerator 2 must advertise its subnet list to Accelerator 1, enabling
Accelerator 1 to properly route packets destined to S1, S2 and S3 to Accelerator 2
via Link 1.
R ev isi o n 2. 0
54
i
NOTE: The Accelerator supports up to 2500 local subnets and up to 2500
remote subnets per link.
Configuring Subnets Manually
If the network in which Accelerator resides does not work with dynamic routing or if
a subnet was not detected via OSPF or RIP, you will have to add and edit subnets
manually.
To add a subnet to the Accelerator:
1. In the Accelerator WebUI, click on the Setup tab, and then the My Accelerator
tab, followed by the My Subnets menu.
2. Set the parameters as follows:
Parameter Item
Description
IP Address
Set the IP address of the Subnet that is connected to the
Accelerator.
Subnet Mask
Set the Subnet Mask of the subnet.
Metric
The metric setting defines the priority of the route or the
subnet. Set a lower number for more desirable routes. For
example, on a T3 link with 1 hop, set a low metric value,
whereas on a long-haul 128 Kbps link with 8 hops you
should set a high number.
Advertise
Advertised subnets are the Accelerator’s subnets that the
Accelerator broadcasts to other Accelerators when link
negotiations occur. Select whether to advertise this
subnet.
By default, subnets that are manually added are
advertised.
Parameter Item
(Continued)
55
Description
Add route rule
When adding a subnet, the Add route rule checkbox lets
you create a static route rule to define how to reach the
subnet. This will add an entry in the My Routes table,
which displays access to the subnet via the next hop.
NOTE: Once the static route is created, no connection
exists between the route-rule added and the subnet. Any
change made in the one will not affect the other.
Next hop
Add a next hop via which the subnet will be accessed.
The Edit button lets you modify already added subnets by
selecting them in the table and clicking this button. This
may be done for manually added subnets as well as
dynamically learned subnets.
To delete subnets, select them in the table and click this
button.
When subnets that are set to be advertised are deleted,
they are removed from all connected Accelerators.
!
CAUTION! The Accelerator’s local subnet is automatically detected and
! added. If more than one local subnet exists, you have to add all additional
local subnets. Ensure that the local subnets appear in the Local Subnets
Table. Otherwise, in a non-link environment, the Accelerator QoS and
Monitoring features will not function properly.
Editing a Subnet
Once a subnet has been added to the Accelerator, you can use the following steps
to edit it.
To edit a subnet:
1. In the My Subnets screen, highlight one subnet in the Local Subnet table, and
click the Edit button.
2. Edit the IP address, Subnet mask, Metric and Advertise status as necessary and
click the Submit button.
When subnets that are set to be advertised are edited, the change is broadcasted
to all connected Accelerators:
R ev isi o n 2. 0
56
Configuring Remote Subnets
Manually
If the Accelerator network does not work with dynamic routing, or if a remote
subnet was not detected via OSPF or RIP, you have to manually add, edit and
delete remote subnets to be advertised by the Accelerator. When adding a subnet,
you have to apply it to a specific link of your choice.
The Link Subnets screen lets you display all subnets applied to a specific link. You
can also use this screen to add, edit and delete subnets to be excluded from the
link.
To add a remote subnet to the Accelerator:
1.
In the Accelerator WebUI, click on the Setup tab, and then the My Links tab,
followed by the Link Subnets menu.
!
Parameter Item
Description
IP Address
Set the IP address of the Subnet you
want to connect to the Accelerator.
Subnet Mask
Set the Subnet Mask of the subnet.
Exclude
If a subnet has already been added, and
specific IP address(es) are to be
excluded, enter the IP address and
mask and select the Exclude checkbox.
57
CAUTION! The Accelerator’s remote subnet is automatically detected and
! added. If more than one remote subnet exists, you have to add all
additional remote subnets. Ensure that the local subnets appear in the
Remote Subnets Table. Otherwise, in a non-link environment, the
Accelerator QoS and Monitoring features will not function properly.
R ev isi o n 2. 0
58
Adding Static Routes
Use the following procedure to add static routes to the Accelerator.
i
NOTE: The Accelerator supports up to 1500 route entries in the routing table.
To add a static route:
1.
In the Accelerator WebUI, click on the Setup tab, and then the My Accelerator
2. In the static routing section (below Dynamic Routing), enter the subnet IP and
Mask, and the next hop to be used for accessing the subnet.
3. Ensure that you select the Add as local subnet checkbox, if the subnet being
added is local to the Accelerator. In such a case select also whether to advertise
the subnet by checking the Advertise Local Subnet checkbox.
4. Click the Add button.
The static route now appears in the Route Rules table.
Setting Dynamic Routing
i
S e tt in g D yn am i c R o u ti ng
59
NOTE: Static routes created via the My Subnets menu also appears in the
Route Rules table. For more information, see sectionConfiguring Subnets
Manually, on page 54.
Once the static route is created, no connection exists between the route-rule
added and the subnet. Any change made in one of them will not affect the other.
Due to the continuous changes in routing and the vast complexity of collecting
necessary routing parameters, many advanced networks use dynamic routing
protocols to enable routers to exchange routing data automatically. In addition to
allowing manual routing configuration, the Accelerator supports dynamic routing
protocols, including OSPF and RIP v1 and v2 and Router Polling. Supporting
dynamic routing protocols enables the Accelerator to use alternate routes in the
event of router failure. In addition, the Accelerator learns the cost and length of
each route (per bandwidth in the case of OSPF and per hop in the case of RIP),
and can forward accelerated packets to the best router. The Accelerator can also
load-balance best routes.
A subnet whose Advertised status is manually manipulated continues to function
dynamically within the routing protocol, but maintains the manually altered
Advertising status.
The following topics are discussed in this section:
Working with OSPF
Working with Router Polling
i
NOTE: Once Subnets are located by using OSPF or RIP, you can perform
manual modifications. For example, subnets located via RIP are set by default
as Not Advertised; however, you can modify them to be Advertised subnets.
For Manual Subnet configuration information, see sectionConfiguring Subnets
Manually, on page 54.
Working with OSPF
Once the Accelerator is set to work with OSPF, it updates its routing and subnets
tables according to dynamic information coming from OSPF updates.
All local subnets detected via OSPF are automatically set to be “advertised” by
default if their metric value is between the high and the low values. Advertised
R ev isi o n 2. 0
60
subnets are the Accelerator’s subnets, which are broadcasted to other Accelerators
when link negotiations occur.
Configuring OSPF
Configuring OSPF is accomplished via the Setup - My Accelerator - My Routes
Menu.
To configure OSPF:
1. Click on the OSPF button.
Parameter Item
Description
OSPF Model
Enable or Disabled OSPF Mode.
Enabling OSPF Mode lets you configure
OSPF parameters.
Disabling OSPF Mode saves any
previously configured OSPF settings,
but disables OSPF capabilities.
Area ID
OSPF divides its networks into areas.
Therefore, you must set the Accelerator
with its OSPF area identification number,
which lets the Accelerator identify itself
to local routers.
To set the Area of the Accelerator within
the OSPF group, use its number or its IP
Address format number. The default is
0.0.0.0.
S e tt in g D yn am i c R o u ti ng
Parameter Item (Continued)
Description
Low/High
Determines a range of subnets to be
advertised. If a subnet is between the
high value and the low value, it should
be advertised.
Locality Metric
Authentication
61
Authentication on the Accelerator must
match the OSPF authentication set
across the network.
Set the Authentication to None, Key, or
MD5:
None: When no authentication is
necessary to communicate with other
OSPF devices.
Key: When a non-encrypted
authentication password is needed to
communicate with other devices in the
OSPF network, insert the key used. This
key is a common string (non-encrypted)
that must be set according to what is set
across all devices on the network using
OSPF.
MD5: When an MD5 authentication
password is needed to communicate
with other OSPF devices, insert the
encrypted key used. This must be the
password that is set across all devices
on the network using OSPF. Set the ID
number according to this authentication
password’s ID number across the OSPF
network.
Neighbor IP
The Accelerator automatically detects
neighboring OSPF routers. If a router
was not auto-detected, you can
manually add up to 20 routers to the
Neighbors Table. This is particularly
important when connecting to
nonbroadcast networks, such as an
Accelerator on a subnet that does not
use OSPF. This enables the Accelerator
to receive OSPF routing information
from a neighboring router on a subnet
that uses OSPF
Working with Router Polling
The Accelerator’s Router Polling feature enables the Accelerator to retrieve route
rules from the router’s routing table. The Accelerator uses SNMP to collect the
router’s routing table and add it to the Accelerator’s list of routes. You can filter the
list by collecting only routes learned by specific protocols.
R ev isi o n 2. 0
62
To configure router polling:
1. Select Setup - Networking - Router Polling.
Parameter Item
Description
Router Polling
Enable or Disable Router Polling.
Enables the Accelerator to retrieve route rules from
the router’s routing table.
Polling Interval
Sets the frequency with which the router is polled
(in seconds). Default is 180 seconds.
Primary Router IP Address
Selects whether to use the local default gateway or
to set an IP address manually.
Secondary Router IP Address
Selects whether not to use a secondary router IP
address (default) or to set an IP address manually.
SNMP Version
Sets the SNMP version to be used for polling the
router.
SNMP Community Name
Sets the SNMP community to be used for polling
the router.
Polling Protocols Table
Lists the polling protocols used for retrieving the
route rules from the router’s routing table.
Check the checkbox of the route rule you want to
apply, or click the checkbox next to status, to select
all. The following protocols are supported:
BBNSPFIGP
BGP
CISCO-IGRP
EGP
ES IS
GGP
HELLO
ICMP
IS IS
Local
OSPF
Other
RIP
Static
3. After making any change, click Submit.
En ab li ng P ac ket I n te rce p ti on
Enabling Packet Interception
63
When the Accelerator is deployed in On-LAN mode, WAN traffic must be redirected
through the Accelerator in order for it to work. To do that, one of the following
methods can be used:
Working with RIP, on page 63
Working with WCCP, on page 65
Working with RIP
Once the Accelerator is set to work with RIP, it detects all subnets (including the
Accelerator’s local network) connected to all routers on all connected networks and
adds these to the Accelerator’s subnet and route tables.
By default, all subnets detected via RIP are set to “Not Advertised”. Advertised
subnets are the Accelerator’s subnets, which are broadcasted to other Accelerators
when link negotiations occur.
Configuring RIP
Configuring RIP is accomplished via the Setup - My Accelerator - My Routes menu.
To configure RIP:
1. In the Accelerator WebUI, Click on the Setup tab, and then the My Accelerators
2. Click on the RIP button.
Parameter Item
Description
RIP Mode
Set RIP Mode to Enable, Passive or Disabled.
Enabled Mode allows configuration of RIP parameters.
Disabled RIP Mode saves any previously configured RIP
settings, but disables RIP capabilities.
Passive mode enables RIP in a listening mode without
sending updates.
Version
Select the RIP version in use on the network: either RIP
version 1 or RIP version 2.
Note that in cases where RIP route injection is used, the RIP
version should be set to version 2.
R ev isi o n 2. 0
64
Parameter Item
Description
Authentication
Authentication on the Accelerator must match the RIP
authentication set across the network.
When working with RIP version 1, Authentication is
automatically disabled. When working with RIP version 2, set
the Authentication to None, Key, or MD5:
None: When no authentication is necessary to communicate
with other RIP devices.
Key: When a non-encrypted authentication password is
needed to communicate with other devices in the RIP
network, insert the key used. This key is a common string
(non-encrypted) that must be set according to what is set
across all devices on the network using RIP.
MD5: When an MD5 authentication password is needed to
communicate with other RIP devices, insert the encrypted key
used. This must be the password that is set across all devices
on the network that use RIP. Set the ID number according to
this authentication password’s ID number across the RIP
network.
Neighbor IP
The Accelerator automatically detects neighboring RIP
routers. If a router was not auto-detected, you can manually
add up to 20 routers to the Neighbors Table. This is
particularly important if the Accelerator is on a subnet that
does not use RIP. The Accelerator can receive its RIP routing
information from a neighboring router on a subnet that uses
RIP.
RIP Route Injection
RIP Route Injection adds a route rule to the router’s routing table, which forwards
all traffic from the Accelerator’s subnets to the Accelerator. The Accelerator then
returns the packets to the router after they have been processed by the
Accelerator. The routes to these subnets, set on the Accelerator, are learned by
the router during RIP negotiation.
i
NOTE: RIP must be in Active mode and set to version 2 for RIP Route Injection
to operate. For more information, see section Working with RIP, on page 63.
i
65
NOTE: For packet-interception with RIP injection, the number of injected routes
is as follows:
The number of injected subnets = 32 – Mask_Len
or if If Mask_Len <= 8, then the formula is:
the number of injected subnets = 32 – Mask_Len + 1
For example: for 10.0.0.0/30, 2 subnets
for 10.0.0.0/8, 25 subnets
Using RIP for Packet Interception
RIP (Route Injection Protocol) is the other method used by the AcceleratorOS to
enable Accelerators in On-LAN deployment to intercept packets from the LAN.
To use RIP for Packet Interception:
1. In the Accelerator WebUI, Click on the Setup tab, and then the Networking tab,
followed by the Packet Interception menu.
2. Select the RIP menu.
3. In the Packet Interception - RIP screen that appears now, enable RIP mode.
i
NOTE: If Router RIP mode is configured as Passive, you should disable
Passive mode in order to enable RIP mode. For details, see section Configuring
RIP, on page 63.
4. Select the maximal number of subnets that would use packet interception via RIP
(any number between 1 and 2500; the default is 1000).
5. Click Submit.
Working with WCCP
WCCP, the Web Cache Communication Protocol, is another way in which the router
can learn to forward all traffic from the Accelerator’s subnets to the On-LAN
Accelerator. WCCP, a protocol usually used for directing Web traffic to a local Web
Cache Server before forwarding requests across the WAN, enables the Accelerator
to receive traffic from the router. Starting from Version 6.1.2, the types of traffic
WCCP enables the Accelerator to receive are not only TCP and UDP (service
R ev isi o n 2. 0
66
groups 77 and 78), but also other types such as ICMP, CIFS and TCPPromiscuous. For details, see Setting WCCP on the Router, on page 69.
By creating an IP GRE tunnel between the Accelerator and the router, the
Accelerator is able to receive and process all relevant traffic and return it to the
router before the traffic traverses the WAN, as follows:
1. The Accelerator is set as a WCCP device.
2. The router directs traffic to the Accelerator.
3. The Accelerator returns accelerated traffic to the router in a GRE tunnel.
4. Data is removed from the GRE tunnel, and sent to its destination.
The WebUI lets you intercept packets by using either WCCP or RIP.
Using WCCP for Packet Interception
The AcceleratorOS lets Accelerators in On-LAN deployment intercept packets from
the LAN by using either WCCP or RIP.
To use WCCP for Packet Interception:
1. In the Accelerator WebUI, click on the Setup tab, and then the Networking tab,
followed by the Packet Interception menu.
The default screen that appears now is Packet Interception - WCCP.
2. Select whether to enable WCCP.
i
67
NOTE: Enabling WCCP is relevant only with On-LAN deployment. If your
currently selected deployment is On-Path, please change it by going to Setup >
My Accelerator > Basic > Advanced Settings.
Use the Routers Table to add or delete routers to the list of routers to be used for
packet interception. When adding a router, you have to indicate its router ID (the
IP address used for connecting him to out network, usually the highest value
number), as well as the router status (Connected/Disconnected - indicating a
connection to the network). If you enable the WCCP Service, and do not set a
router IP address, an error will result.
3. Use the Services Table to manage the list of services to be used for packet
interception.
The Services Table displays by default all of the pre-defined services, which are
as follows:
Web
ICMP
UDP
TCP-Promiscuous
CIFS - WAFS
Additional services can be added or deleted from the Services Table. The same
services must be configured on the router that is connected to the Accelerator.
i
NOTE: When you enable the WCCP feature, all pre-defined services are
enabled by default, except for Web and CIFS. In addition, if you have multiple
Accelerators deployed on your network, the same WCCP services should be
enabled on each appliance.
To add a WCCP Dynamic Service:
1. In the Services Table header, click the Add button.
The default screen that appears now is Add WCCP User Defined Service.
R ev isi o n 2. 0
68
The Parameters box lets you configure the following parameters:
Service ID - any number between 0 and 254 (configurable only on
dynamic services; this number is not editable on pre-defined
services).
Protocol ID - any number between 1 and 255 (again, configurable
only on dynamic services).
Priority - any number between 0 and 255 (default: 100).
Weight - used for load balancing. If you have one or more
Accelerators that share the router to which your Accelerator is
connected, you can use this field to instruct the router what
percentage of the traffic that uses this service is to be directed to
the current Accelerator (default: 100).
Port Direction - lets you set the port direction used for carrying
out load balancing through Hash. This load balancing is configured
in the router, according to either subnets (IPs) or ports. This box
lets you only enable the Hash-assisted load balancing, through the
Destination/Source IP, Port or both.
Password - lets you enter a password for using the service. The
next time your Accelerator synchronizes with the router, the router
reads this password and prevents unauthorized access to this
service’s traffic.
2. Use the Ports Table to add a port (optional).
3. Click Submit.
69
Once the new dynamic service was added, you can add it like any other WCCP
service.
To edit a WCCP service:
1. In the Services Table, click the number (ID) of the service you want to edit, in the
ID column of the row of this service (for example, ID 52 in the UDP row).
2. In the Edit WCCP Service screen that appears now, edit the service’s various
parameters. As mentioned earlier, the Service ID and Protocol ID parameters can
be edited only in dynamic services.
3. Click Submit.
Setting WCCP on the Router
Using WCCP requires you to configure WCCP to work on the network’s router
using the same service settings (the port numbers in the Accelerator must be
identical to the Router on a per service basis). You can use CLI commands to
configure WCCP on Cisco routers. For more information, see the Configuration
Guide supplied with your router. You can use CLI commands to configure WCCP
on the Accelerator. When configuring WCCP on multiple appliances, make sure
that the WCCP services on each Accelerator is identical. See Configuring WCCP,
on page 448.
R ev isi o n 2. 0
70
Setting the Accelerator’s Time
By default, time settings are configured automatically on the Accelerator based on
the local time of the attached management PC. You can alter the time setting
manually, or set it to receive time synchronization from a Simple Network Time
Protocol server (SNTP).
To set the Accelerator’s Clock:
1. Click on the Setup tab, and then the My Accelerators tab, followed by the Time
menu.
2. In the Time menu, select either Set device time or Use SNTP.
For manual time settings, insert the local time and date for the Accelerator.
For SNTP, enter the server IP address and the frequency with which the server is
to be polled for time updates.
3. Click the Submit button.
C o n fi gu r i ng DH CP S e r ve r s
Configuring DHCP Servers
71
Managing the DHCP servers on your system requires a configuration file.
By default, the DHCP server is disabled. To enable it, you have to download the
sample DHCP configuration file and save it on your system. When you have a
configuration file, you can either use the current file or customize the file and then
upload the customized file.
To display the lease data of a selected IP address:
1. In the Accelerator WebUI, Click on the Setup tab, and then the Networking tab,
followed by the DHCP menu.
2. In the DHCP Server field, set the status to Enable.
3. In the Lease section, enter an IP address of your choice and click the Show
Lease button.
The host name, IP address and expiry date are displayed on the screen.
Activating DHCP Relay Agent
The DHCP relay agent allows placing DHCP clients and DHCP servers on different
networks, thus solving the problem that arises because DHCP broadcast messages
do not, by default, cross the router interfaces, without using the costly solution of
placing a DHCP server on each network segment.
Choosing the DHCP relay agent solution lets you use fewer DHCP servers and
place these machines in central locations. To solve the problem of DHCP broadcast
messages, you can configure the routers to pass DHCP/BOOTP messages
selectively, a process known as BOOTP relay.
A router or Accelerator that carries out DHCP relay does not just forward BOOTP
broadcast messages, but actually examines the packet, makes appropriate changes
to it, and only then relays the packet to a DHCP server. The DHCP server to which
the packet is relayed is configured by adding a Helper Address on the router or an
IP address under the local interface of the Accelerator.
The relay agent communicates with a DHCP server and acts as a proxy for DHCP
broadcast messages that need to be routed to remote segments. Like the routerbased BOOTP Relay Agent, the DHCP Relay Agent is configured with addresses of
DHCP servers to which they should relay the DHCP message. The DHCP Agent
communicates with the DHCP server by using unicast communications instead of
R ev isi o n 2. 0
72
broadcast messages. Therefore, the Agent’s requests can be routed to a server on
a remote network, regardless of segment boundaries.
S et t in g E x pan d View Co n n ec ti vit y P a r am et e r s
Setting ExpandView Connectivity
Parameters
73
Registered users of ExpandView enjoy the benefit of having ExpandView
automatically discover a new registered Accelerator as soon as a link to that
Accelerator is established. However, if the default settings of ExpandView are
changed (for example, port), or if the auto-discovery fails, you have to update the
ExpandView agent’s parameters accordingly
To
define ExpandView Connectivity parameters:
1. Click on the Setup tab, and then the My Accelerator tab, followed by the
ExpandView menu.
2. In the ExpandView menu, select the Enable ExpandView Agent box.
3. Enter the ExpandView Server’s IP address and port number.
4. Click the Submit button to submit the registration request.
If all parameters were entered appropriately, the Status line now displays the
current status (enabled/disabled).
R ev isi o n 2. 0
74
Chapter 4: Monitoring the Network
This chapter explains how to use and understand the Accelerator’s advanced
graphic reporting and statistics feature that enables monitoring of Accelerator
performance and throughput.
Introduction to Monitoring, on page 76
Using Link Statistics and Graphs, on page 80
Discovering Traffic, on page 86
Viewing Applications’ Statistics and Graphs, on page 89
Viewing Summary Graphs, on page 95
Viewing Ethernet Statistics, on page 96
Configuring NetFlow Support, on page 98
76
C h ap t er 4: Monitoring the Network
Introduction to Monitoring
All statistics generated for these graphic reports are saved in the Accelerator
history log, so that if Windows closes or if an Accelerator reboots, you can easily
re-access the chart or graph via the Accelerator WebUI.
The graphs are automatically updated, according to a set frequency. The
Accelerator samples the data behind-the-scenes and stores it in a compact way,
which lets you view data up to the minute over a period of up to a year. This
sampled data represents the average over the selected period of time.
Expand recommends that you open a maximum of five charts per-Accelerator
simultaneously. The monitoring feature, available via the Monitor tab, lets you view
statistics and graphs for From WAN, To LAN, To WAN, and From LAN traffic, as
described in the following figure:
i
NOTE: In a non-link environment, if a local subnet is not defined as LOCAL,
the Accelerator QoS and Monitoring features do not function properly.
Ensure that all Local subnets are defined as local.
Working with Monitoring
Wo r k in g w i th M on i to r i ng
77
To work with monitoring, you first need to take several steps, defined in the
following sections:
Installing the JAVA Applet, on page 77
Using Verisign Security Certificate, on page 78
Studying The Monitoring Window, on page 78
i
NOTE: The Accelerator’s graphic reporting feature works with the JavaApplet (JRE 1.4 and up, recommended to use the Java-Applet provided on
the Expand Networks Extranet). The PC used for viewing the graphs must
support Java runtime environments and a Java plug-in must be installed in
order to view the Accelerator’s graphs
Installing the JAVA Applet
To determine whether you need to install the Java plug-in, from the Start button,
click Settings > Control Panel > Add or Remove Programs. Search the list for
JAVA 2 Runtime Environment.
If you do have this software installed and have verified that you are using the
correct version, you are ready to begin working with the Accelerator’s Graph
Monitoring feature.
If the JAVA plugin is not installed on the PC, follow this procedure to download and
install the plugin.
To download and install the Java plugin:
1. In your Internet Browser window, type the following URL into the Address field:
http://www.expand.com/Solutions/Index.aspx?URL=/Solutions/Java-Plug-In.aspx
2. Save the Java installation file onto your PC.
3. Double-click the Java installation file.
The Java Plug-in installation wizard opens. Use the default settings to install the
Java-Plug-in.
This plug-in lets you view the Accelerator’s Graphic-Reporting feature by opening
a new Internet Explorer window and entering the Accelerator’s IP address into the
Address field.
R ev isi o n 2. 0
78
Using Verisign Security Certificate
In order to work with the Monitoring feature, Windows requests you to verify that
the Accelerator is a trusted site, by displaying the popup window shown below.
To avoid seeing the popup each time you try to access the Monitoring menu, you
are advised to click the Always button.
Studying The Monitoring Window
Option
Description
Direction
The Accelerator’s monitoring feature lets you view
statistics for inbound our outbound traffic on the
Accelerator.
Link
The Accelerator’s monitoring feature lets you view
statistics per link, for a specific link, for the total for all
Accelerator’s links, for the total for compressible links, for
the non-link, or for the total for virtual links.
View Last
Scroll down in the View Last drop-down menu to select
the period for which the graph is displayed. The default
period is 30 minutes.
Link Speed
You can set the link speed in the fields above the graph to
add a line to the displayed graph, enabling you to see the
limit of throughput that can actually traverse the link.
By default, when Auto is selected in the link speed
column, the link speed is set to the bandwidth set for the
link selected. When total is selected in the Link column,
the default link speed (when Auto is selected in the Link
speed column) is set to either the total bandwidth set for all
links or the sum of all WAN bandwidths; total is the lower
value of the two.
Peak Data
Select the Show checkbox if you want to see the peak
lines representing the highest statistics achieved for the
reported period. All graphs displayed give an average of
the performance for any given interval. Therefore, viewing
Peaks is necessary for understanding the Accelerator’s
overall performance.
Save
Click the Save button to save the generated graphs as a
JPG or a PDF file. You are then directed to browse to a
location in which to save the file. The PDF file created
displays each graph in the selected Monitoring window and
a brief description of each.
Wo r k in g w i th M on i to r i ng
Option
Export to CSV
79
Description
Click the Export to CSV button to save the generated
graphs as a CSV file. You will be directed to browse to a
location in which to save the file. The file created
generates a table with the following fields:
Name, Description, Period, Interval, Sample Time, In, Peak
In, Effective In, Effective Peak In, Inbound Acceleration,
Inbound Peak Acceleration, Inbound Compression,
Inbound Peak Compression, Out, Peak Out, Effective Out,
Effective Peak Out, Outbound Acceleration, Outbound
Peak Acceleration, Outbound Compression, Outbound
Peak Compression
For a description of these fields, see section Gathering
Statistics for Detected Applications, on page
93.
R ev isi o n 2. 0
80
Using Link Statistics and Graphs
The link statistics and graphs let you monitor the performance of the Accelerator
and its links. Alternatively, you can monitor the Accelerator based on the
Applications traversing its links.
Viewing Throughput Statistics per
Link
The Throughput Statistics per Link graph lets you monitor how much traffic
passed through the Accelerator. This graph lets you compare between accelerated
throughput, (what actually goes over your WAN link) and the pre-accelerated
throughput, which is the throughput that would have been used without the
Accelerator’s compression mechanisms. The blue area represents the actual
bandwidth used with the Accelerator, while the yellow represents the amount of
bandwidth that would have been used without the Accelerator.
i
NOTE: If the Accelerator is not deployed the available bandwidth is reduced,
therefore you should expect to see slower rates used by their servers and hosts.
Viewing Utilization Statistics per
Link
U sin g L in k Stat i st ics a nd G r ap h s
81
The Utilization Statistics per Link graph lets you monitor how much of the links is
being utilized. The traffic displayed is accelerated traffic, and therefore cannot
exceed 100% of the link speed. Selecting the link speed is necessary in order for
the Utilization graph to display accurate data.
Viewing Acceleration Statistics per
Link
The Acceleration Statistics per Link graph lets you view acceleration percentages
for inbound and outbound traffic on the Accelerator per interface/link or for the total
for the Accelerator.
Understanding Acceleration
The Acceleration percentage describes how effectively the Accelerator is processing
and compressing the traffic. This statistic does not take into account traffic that
bypasses the acceleration mechanism. Acceleration percentages are calculated as
follows:
To calculate acceleration:
Refer to the Monitor > Links > Statistics menu for data to be used in the
following procedure.
1. Multiply the number of In Packets by 14.
2.
3.
4.
5.
This accounts for the Ethernet Layer-2 header.
Subtract this number from the number of In Bytes.
Divide this number by the sum of the Out Packets multiplied by 14 and subtracted
from Out bytes.
Subtract 1 from the sum.
Multiply the ratio by 100 to arrive at the acceleration percentage.
R ev isi o n 2. 0
82
InBytes – 14 X InPackets
------------------------------------------------ – 1 X 100
OutBytes – 14 X OutPackets
InBytes—Incoming bytes (from LAN) - Do not tunnel bytesRouting bytes- Passthrough bytes
InPackets—Incoming packets (from LAN) - Do not tunnel packets Routing packets - Passthrough packets
OutBytes—Outgoing bytes (to the WAN) - Do not tunnel bytes Routing bytes - Passthrough bytes - System messages bytes
OutPackets—Outgoing packets (to the WAN) - Do not tunnel
packets - Routing packets - Passthrough packets - System
messages packets.
Parameter Item
Description
Do Not Tunnel
Traffic set with the “Do Not Tunnel”
decision, Non-link traffic, Virtual link
traffic
Routing
Traffic between the Accelerator and the
local router to retrieve routing
information for the local LAN
Passthrough
Traffic set with the “Do Not Accelerate”
decision, overload traffic
System Messages
Keepalives and so on.
For example: in a simple scenario in which the packet size is 1000 bytes:
If InBytes = 300,000 and OutBytes = 100,000 then:
300000 – 14 X 300
--------------------------- – 1 X 100 = 208
100000 – 14 X 300
Viewing Compression Statistics per
Link
The Compression Statistics per Link graph displays the amount by which traffic
was reduced by the Accelerator. This graph represents in percents, how much less
data is passing over the physical link because of acceleration.
83
Viewing Statistics per Link
The Accelerator’s Statistics table displays data presented in the Link graphs in table
format per link or for the entire traffic.
To view a statistics table:
1. In the Accelerator’s WebUI, click on Monitor, followed by the Links tab and then
the Statistics tab.
2. Select a link from the drop-down menu, or Total to view statistics for all links.
3. From the drop-down menu, select the statistics to be displayed: All, Throughput,
Errors, Acceleration.
Parameter Item
Description
In Bytes
Number of input bytes.
Raw In Bytes
Total incoming bytes being accelerated
using these links
In Packets
Number of input packets
Dropped In Packets
Incoming packets that were dropped by
QoS enforcements, such as queues and
obsolete
Discarded In Packets
Incoming packets that were discarded
by a rule with discard policy (discard all
P2P)
Agg Default
Incoming packets that were aggregated
as part of the default post-acceleration
aggregation policy.
In packets
Agg Custom-1
In Packets
Agg Custom-2
In Packets
Incoming Packets that were aggregated
as part of the custom-1 postacceleration aggregation policy.
Agg Citrix In Packets
as part of the Citrix post-acceleration
aggregation policy.
CRC Errors
Number of CRC-errored packets
received
Other Errors
Unexpected errors received
In Acceleration
Inbound Acceleration percentage
In Actual
Acceleration
Acceleration that considers all incoming
throughput over the selected period
In Compression
Inbound compression percentage
R ev isi o n 2. 0
84
Description
Out Bytes
Number of outgoing bytes
Raw Out Bytes
Total outgoing bytes being accelerated
using this link
Out Packets
Number of outgoing packets
Dropped Out
Outgoing Packets that were dropped by
QoS enforcements (queues, obsolete
and so on.)
Packets
Discarded Out
Packets
Pass-thru
Out Packets
Outgoing Packets that were discarded
P2P).
Outgoing Packets that were discarded
P2P)
Poly Out Packets
Number of small packets aggregated, or
combined, before transmission
Agg Default
Outgoing Packets that were aggregated
as part of the default post-acceleration
aggregation policy
Out Packets
Agg Custom-1
Out Packets
Agg Custom-2
Out Packets
Agg Citrix
Out Packets
Do Not Acc
Packets
Do Not Tunnel
as part of the custom-2 postacceleration aggregation policy
as part of the Citrix post-acceleration
aggregation policy
Number of packets sent out marked as
Do not Accelerate.
Packets
Number of packets sent out marked not
to be routed into the link.
Out Acceleration
Outbound Acceleration percentage
Out Actual
Acceleration
Acceleration that considers all outgoing
throughput
Out Compression
Outbound compression percentage
All statistic items are displayed according to:
Data—Lists type of statistic gathered.
System up—Data transferred over the link selected that was
collected since the Accelerator was powered on. Data is listed in
KB, in percentages, or in number of packets.
85
Since Clear—Data transferred over the link selected that was
collected since the Accelerator’s counters were last cleared. Data is
listed in KB, in percentages, or in number of packets.
Last 5 Seconds—Data transferred over the link selected that was
collected over the last 5 seconds. Data is listed in Kbps or in
percentages.
R ev isi o n 2. 0
86
Discovering Traffic
The Traffic menu lets you view applications running on the network. Traffic is
divided into the following categories: Detected traffic (all other applications
detected on the network - non-classified traffic that is not part of a predefined or
user-configured application type), Monitored traffic (all applications set to enable
“collect statistics”), and Layer-7 discovery (the application properties discovered
on the network).
Viewing Detected Applications
The Detected Applications menu lets you view all detected applications that
traverse the network. You can view the applications coming in both directions (from
LAN to WAN and conversely), the throughput before and after the acceleration,
and the acceleration rate.
Viewing Detailed Traffic Discovery
To view detailed traffic discovery for detected
applications:
1. In the Accelerator’s WebUI, click on Monitor, followed by the Traffic Discovery
tab and then the Detected Applications tab.
2. Click on the Details column.
The Traffic Discovery window appears.
This window contains the following items:
The Clear Counters button - lets you clear all counters for the
discovered application. This is useful in case you want to start
collecting new statistics without restarting the system.
The Inbound section - details data regarding the inbound traffic. All
data items detailed here can be seen since the system was last
D isc o ver in g Tra f fi c
87
started (System up), since the last time the counters were cleared
(Since Clear) or in the last five seconds.
The Outbound section - details data regarding the outbound traffic. All
data items detailed here can be seen since the system was last
started (System up), since the last time the counters were cleared
(Since Clear) or in the last five seconds.
The Inbound section details the following data items:
In Bytes - the amount of compressed bytes that entered the link in
this specific system.
Raw In Bytes - the amount of pre-compressed bytes that entered the
link in this specific system.
Queued in bytes - the amount of bytes waiting to enter the system.
In Packets - the amount of compressed packets that entered the link
in this specific system.
Dropped In Packets - the amount of packets that were not
accelerated.
Discarded In Packets - the amount of packets that were discarded
before passing through the link.
The Outbound section details the same data items, in the outbound direction.
Viewing Monitored Applications
The Monitored Applications menu lets you view all monitored applications traversing
the network. You can view the applications coming in both directions (from LAN to
WAN and conversely), the throughput before and after the acceleration, and the
acceleration rate.
The Monitored Applications window is as follows:
R ev isi o n 2. 0
88
Discovering Layer-7 Applications
The L-7 table lists the application properties discovered on the network. These may
be L7-applications that have been defined already or L7-applications that are not
defined but have been detected. To configure the QoS parameters of these
applications, double-click the applications in the table.
To discover which HTTP/Citrix applications are
present on the network:
1. In the Accelerator WebUI, click Monitor, followed by Traffic Discovery and then
L7 Discovery.
2. In the Parent L7 Application field, select either HTTP or Citrix.
3. Select the Enable Discovery checkbox.
By default this checkbox is disabled.
The L7 table lists the application properties discovered on the network. These
may be L7-applications that have been defined already or L7-applications that
are not defined but have been detected.
4. To configure the QoS parameters of these applications, double-click the
applications in the table.
This eases the process of defining QoS for the applications, because the L7
application parameters are detected and filled-in automatically (MIME type, URL,
Citrix Application name and client and so on).
Vi ewi ng Ap p lic at io n s’ Stat i st ics a nd Grap h s
Viewing Applications’ Statistics and
Graphs
89
The WebUI lets you display statistics and save them in external formats such as
PDF and Excel. In addition, you can monitor the Accelerators in your system.
You can to carry out the following operations:
Viewing Utilization Statistics per Application, on page 90
Viewing Acceleration Statistics per Application, on page 91
Viewing Compression Statistics per Application, on page 91
Viewing Bandwidth Distribution Statistics per Application, on page 92
Monitoring Applications, on page 92
Gathering Statistics for Detected Applications, on page 93
Graphs viewed per application let you view statistic data items, export them into a
CSL file, or save them in Acrobat (PDF) format.
For each graph, the following options are available, as seen in the screen below:
Parameter
Description
Application
Select an application to view, or select Top 10 or From List.
Top 10 displays results for the ten applications that are most prevalent
on your network.
From List displays the ten applications selected in the Monitored
Applications window.
Direction
The Accelerator’s monitoring feature lets you view data for From WAN,
To LAN, To WAN and From LAN traffic on the Accelerator.
Link
The Accelerator’s monitoring feature lets you view data per link or for
the total for all of the Accelerator’s links.
View Last
Scroll down in the View-last drop-down menu to select the period for
which the graph is displayed. The default period is 30 minutes.
Link Speed
You can set the link speed in the fields above the graph to add a line to
the displayed graph, which lets you see the limit of throughput that can
actually traverse the link.
Peak Data
Select the Peak Data checkbox if you want to see the peak lines
representing the best statistics achieved for the reported period.
Because all graphs displayed give an estimate of the performance for
any given interval, viewing the peaks is necessary for getting a full
picture of the Accelerator’s overall performance.
R ev isi o n 2. 0
90
Setting up Graphs
Only applications defined as “monitored” applications are displayed in the
application graphs. The Traffic Discovery menu lets you view all applications
traversing the network.
Viewing Utilization Statistics per
Application
The Utilization Statistics per Application graph lets you monitor how much in
percentage the link is being utlized by a single application. This graph lets you
compare between inbout and outboutnd utilzation (what actually goes over your
WAN vs LAN link). The blue area represents your bandwidth gains with the
Accelerator, allowing you to see just how much the Accelerator is really adding to
the line.
You can view the graph per each application, for the top 10 applications or for ten
selected applications.
To enable monitoring of a discovered application:
1. Click on Monitor followed by Applications, followed by Utilization.
2. In the Applications table, highlight the applications to be monitored and use the
arrow keys to add or remove these applications from the monitored applications
table.
3. In the Direction field, select to or from LAN or WAN.
Viewing Throughput Statistics per
Application
The Throughput Statistics per Application graph lets you monitor how much
traffic per application passed through the Accelerator. This graph lets you compare
between accelerated throughput (what actually goes over your WAN link) and the
pre-accelerated throughput, which is the throughput that would have been passed
without our advanced compression mechanisms. The blue area represents your
bandwidth gains with the Accelerator, allowing you to see just how much the
Accelerator is really adding to the line.
91
You can view the graph per each application, for the top 10 applications or for ten
selected applications.
To enable monitoring of a discovered application:
1. Click on Monitor followed by Applications, followed by Monitor Applications.
2. In the Applications table, highlight the applications to be monitored and use the
arrow keys to add or remove these applications from the monitored applications
table.
3. In the Apply to Link field, scroll down to select the link whose traffic you want to
display
Viewing Acceleration Statistics per
Application
The Acceleration Statistics per Application graph lets you view acceleration
percentages for inbound and outbound applications on the Accelerator per interface/
tunnel or for the total for the Accelerator.
Viewing Compression Statistics per
Application
The Compression Winow is as follows:
R ev isi o n 2. 0
92
The Compression Statistics per Application graph display, in percents, the amount
by which data traffic over the physical link was reduced, presented in distribution
per single applications.
Viewing Bandwidth Distribution
Statistics per Application
To gain a better picture of what kind of traffic is traveling across your line, the
Bandwidth Distribution Graph details the percentage of bandwidth consumed by
each selected class.
The distribution is for accelerated data, meaning that traffic types that benefit from
a high acceleration percentage consume a relatively small percentage of the line,
though they constitute a higher percentage of the pre-accelerated data.
Monitoring Applications
This section explains how to use and understand the Accelerator’s advanced
graphic reporting and statistics feature that enables monitoring of accelerated
applications.
Applications are either predefined or user-defined. By default, 50 of the predefined
applications are considered Monitored applications (see Pre-Defined Applications,
on page 335), and all user-defined applications are Monitored by default. Monitored
applications are applications for which statistics are saved in the Accelerator to be
displayed in graphs and charts. You can monitor simultaneously up to 50
applications on each Accelerator, and up to 10 applications on each link.
93
The Monitor Application window is as follows:
To gather statistics for a predefined application:
1. In the Accelerator’s WebUI, click on Setup, followed by My Applications.
2. Under View select Defined Applications.
3. Click the application whose statistics are to be saved.
The Edit Application screen appears.
4. Select the Collect statistics checkbox.
5. Click Submit.
After you selected the applications for which you want to gather statistics, you
can use the Monitor Applications menu to select up to 10 applications for which
statistics can be provided as a unit. Use the arrow button to move the requested
applications from the Applications table to the Monitored Applications table.
Gathering Statistics for Detected
Applications
To enable application statistics gathering:
1. In the Accelerator’s WebUI, click on the Monitor tab, followed by Traffic Discovery.
2. In the Detected Applications window, click on the name of the requested detected
application.
The Create Application from Discovered Traffic window appears.
3. In this window, select the Collect statistics checkbox.
R ev isi o n 2. 0
94
5.
6.
7.
8.
i
The application now appears in the list of Monitored Applications.
Under Applications, click Monitor Applications.
In the Apply to Link scroll down menu, select the link over which this application
should be monitored: this can be all links, a specific link or the Non-link.
Highlight the names of applications you want to monitor and use the arrow button
to add them to the list of Monitored Applications.
Click the Submit button.
You can view the newly created list of monitored applications from any of the
application graph screens by selecting From List from the Applications scroll
down text box.
To modify the list, click the Edit List link found next to the From List selection.
NOTE: As soon as even one undefined packet is detected (TCP/UDP), it is
displayed as an unrecognized port in the traffic discovery list.
Viewing Summary Graphs
Vi ewi ng Su mm a ry Grap h s
95
The Accelerator lets you view a selection of important performance graphs to
provide you with an overview of your network performance. The Summary menu
lets you view several graphs via a single screen. The data used in the graphs is
based on the total traffic on all Accelerator links.
To view summary graphs:
1. In the Accelerator’s WebUI, click on the Monitor tab, followed by Summary.
2. Select the link, view last, link speed and peak data options.
The Summary Window appears.
R ev isi o n 2. 0
96
Viewing Ethernet Statistics
The Accelerator lets you view a statistic detailing of the data displayed on the
monitoring graphs. Refer to one of the following sections for details regarding the
configuration of Ethernet statistics:
Configuring Ethernet Display via the WebUI, on page 96.
Configuring Ethernet Display, on page 471 for configuration with the
CLI.
Configuring Ethernet Display via the
WebUI
Follow these steps to view, via the WebUI, a statistic detailing of the data displayed
on the monitoring graphs:
1. Click on Monitor followed by Interfaces.
The Ethernet Statistics window opens.
2. In the Ethernet Statistics screen, select the relevant Ethernet card in the
Interface field.
The buttons near the Interface field let you clear either the counters of the
currently selected interface or all counters of all interfaces.
All statistic items, in both inbound and outbound directions, are displayed
according to:
Data—Lists type of statistic gathered
View i n g Et he rn et Sta ti st ic s
97
System Up—Data transferred over the selected link, which was
collected since the Accelerator was powered on. Data is listed in
KB, in percentages, or in number of packets.
Since Clear—Data transferred over the selected link, which was
collected since the Accelerator’s counters were last cleared. Data is
listed in KB, in percentages, or in number of packets.
Last 5 Seconds—Data transferred over the selected link, which was
collected over the last 5 seconds. Data is listed in Kbps or in
percentages.
R ev isi o n 2. 0
98
Configuring NetFlow Support
The Accelerator supports Cisco’s NetFlow protocol (version 5), which enables
collecting traffic flow statistics on routing devices. NetFlow is based on identifying
packet traffic and reporting the traffic statistics to the collector. The traffic reported
is traffic before acceleration, which lets you receive data regarding “real” traffic (not
encrypted, tunneled or accelerated).
NetFlow does not involve setting any connection-setup protocol either between
routers or to any other networking device or end station, and does not require any
change externally—either to the traffic or packets themselves or to any other
networking device.
NetFlow provides various statistical data items (WAN-to-LAN or LAN-to-WAN), in
addition to the items generated by the Accelerator.
NetFlow uses the following SNMP names:
eth 1 (for ETH 0/0)
eth 2 (for ETH 0/1)
By using these names, the Collector receives on-path indication even when onLAN deployment is used.
In the Collector, eth 2 is used as the Out port and eth 1 as the In port in LAN-toWAN deployment, while the opposite happens in WAN-to-LAN deployment (eth 1 is
used as the Out port and eth 2 as the In port). When using the CLI to configure
NetFlow, you have to indicate which port is used for connecting to the LAN.
The following traffic types are not reported:
i
WAN-to-WAN
LAN-to-LAN (including bridgeless traffic).
NOTE: The NetFlow collector listening port is needed for establishing a
connection between the Accelerator and the collector. Ensure that this port
is not blocked by a firewall installed between the Accelerator and the
collector.
Identifying the Traffic
NetFlow detects the local subnets’ source and destination addresses, and
determines the traffic direction according to these addresses: the local address are
detected as LAN, while the other address are detected as WAN. However, local
subnets that were configured in the Accelerator to be excluded (namely: to be
connected through a non-link) are detected as WAN.
Co n f ig u r in g N et Fl o w S u p p or t
99
NetFlow is completely transparent to the existing network, including end stations,
application software and network devices like LAN switches. In addition, NetFlow is
performed independently on each internetworking device, and need not be
operational on each router in the network. NetFlow exports data to a remote
workstation for collection and further processing. NetFlow does consume CPU
resources; therefore, you should be aware of the resources required on your
Accelerator before enabling NetFlow.
The Accelerator communicates data to Collector as it is set to act as any other
probe on the network, forwarding its packet statistics to the NetFlow Collectors,
such as Scrutinizer™ and PRTG™, which let you monitor and analyze Accelerator
packets.
i
NOTE: For your convenience, an evaluation version of the NetFlow
collector has been provided for you on the Documentation CD.
Enabling NetFlow via the WebUI
To enable NetFlow via the WebUI:
1. Click on the Setup tab, followed by Advanced, followed by Netflow.
2. Use the relevant fields to enter the Collector IP address, port number and
interface. Alternatively, click the Set Default Values button to reset the Netflow
configuration values to factory values.
R ev isi o n 2. 0
100
Chapter 5: Applying QoS
This chapter describes the procedures necessary for configuring the Accelerator’s
QoS plug-in. The QoS plug-in lets you prioritize traffic traversing the Accelerator
network.
The chapter is divided into the following basic sections:
i
Carrying Out Basic QoS Configuration, on page 104.
Basic QoS configuration should be sufficient for relatively simple
networks and basic traffic prioritization. Basic QoS configuration lets
you view traffic traversing the network, to create applications for
unrecognized traffic, and to prioritize these applications as well as
predefined applications.
Setting Advanced QoS Parameters, on page 115.
Advanced QoS enables a higher level of control, enabling the creation
of rules for different applications. These rules allow fine-tuning of the
type of traffic filtered, as well as the type of shaping set for the
application.
NOTE: QoS settings take effect when there is congestion. Any minimum
bandwidth guaranteed to a traffic type is set aside for this type of traffic
only if enough of this type of traffic traverses the line.
102
C h ap t er 5: Applying QoS
Accelerator QoS
QoS, or Quality of Service, is designed to help manage traffic across the network
in order to combat the congestion, latency and greedy and rogue applications that
all contribute to poor application and network performance. Organizations need to
be able to allocate bandwidth to mission-critical applications, slow down non-critical
applications, and stop bandwidth abuse in order to efficiently deliver networked
applications to the branch office.
Studying the QoS Solution
The powerful QoS solution was designed with simplicity of management in mind.
Traffic is automatically categorized into application classes - the Accelerator arrives
with hundreds of applications predefined in the system. This makes it easier to
generate a picture of exactly what is traversing the network, in order to then decide
what should be traversing the network. Once a clear picture of the current network
and the ideal network is attained, easy to understand shaping policies like “realtime” or “block” govern the flow of traffic. The Accelerator’s QoS mechanism is
single-sided, in that it can also work across a Virtual Link, in which the Local
Accelerator does not work opposite a Remote Accelerator. For a complete
explanation as to how the QoS mechanism functions and is implemented, see
Setting Advanced QoS Parameters, on page 115.
QoS enables the Accelerator to provide the following:
Automatic Traffic Discovery—Accelerators automatically discover
and classify hundreds of enterprise applications based on Layer-3
(IP), Layer-4 (TCP, UDP, and so on) and even Layer-7 parameters
including web URLs, MIME types (for example: streaming audio) or
Citrix (published applications over ICA).
End-to-end application performance monitoring—Accelerators
provide complete network visibility and enable speedy response to
application performance changes on an enterprise-wide scale with
end-to-end monitoring and dozens of reports.
Transparency to existing QoS infrastructure—Accelerators are
transparent to router-based QoS implementations by honoring and
preserving priorities set on traffic flowing through them. Advanced
networking features such as router-based QoS rely on IP packet
header information to be effective. The Accelerators preserve packet
header information and compress only the payload that integrates
Ac ce le rator QoS
103
seamlessly with advanced networking features such as router-based
QoS, load-balancing, WAN monitoring and MPLS tagging.
Priority treatment for critical applications—Accelerators enable
important and urgent application traffic to get priority treatment with
advanced traffic shaping for both inbound and outbound traffic. Packet
fragmentation assures that VoIP/video latency budgets are not violated
by large data packets, while packet aggregation ensures higher WAN
capacity and stabilizes jitter.
Guaranteed bandwidth for specific applications—Accelerators can
reserve bandwidth for specific applications. This guarantees that you
can allocate delay-sensitive traffic such as VoIP a minimum amount of
bandwidth to ensure optimal voice quality even when WAN links are
congested or oversubscribed.
Restricting rogue and greedy applications—Accelerators restrict
greedy applications like file sharing and Internet audio streaming to a
maximum bandwidth budget in order to guarantee that other important
applications are not bandwidth-starved. Traffic bursts allow
applications to take advantage of free capacity if available.
Seamless integration with compression—When compression is
enabled, the QoS mechanism automatically adjusts to account for the
extra available bandwidth created when traffic is compressed.
In the Accelerator, rule limit and desired shaping are applied to traffic before it is
compressed. However, link shaping (bandwidth for the link and the WAN) is
applied to traffic after the traffic has been compressed, because the important
result is end-user experience, not the physical link usage.
While basic traffic management is simple via the My Applications menu, you can
program complex QoS with nested rules, decision trees and other advanced
features.
R ev isi o n 2. 0
104
C arrying O u t B a s i c Qo S Con f igu ra tio n
Basic QoS configuration is accomplished via the My Applications menu, which is
populated by all traffic types detected on your network. This menu lets you create
new, user-defined applications for traffic not categorized automatically as a
predefined application, and to set basic traffic shaping parameters for predefined
and user-defined applications - how should the network prioritize and handle each
application.
i
!
!
NOTE: In a non-link environment, if a local subnet is not defined as LOCAL,
the Accelerator QoS and Monitoring features do not function properly.
CAUTION! By default, the following encrypted applications are not
accelerated: pop3s, https, ircs, nntps, ftps, ftps-data, telnets, ssh, sshell,
ldaps, smtps, imaps.
Viewing My Applications
The My Applications Menu in the Accelerator WebUI lets you view traffic per
application, filtered by a certain criteria.
To view traffic per application:
1. Click on Setup followed by My Applications.
2. In the My Applications screen, select Discovered traffic, Defined Applications,
Monitored Applications, Defined L7 Applications, or All from the pull-down menu.
C ar ryi ng O u t B as ic Q o S C o nf ig u ra ti on
105
The table displayed on the My Applications Menu details the Outbound Traffic (by
default, only classified traffic is displayed). Basic data about the settings for each
traffic type is provided, including Application Name, Minimum bandwidth set (if
assigned), Maximum bandwidth set (if assigned), Priority assigned, and acceleration
status. The From-LAN statistics pull-down menu lets you customize the statistics
type to be viewed for the applications, LAN to WAN (outbound traffic) or WAN to
LAN (inbound traffic):
Creating New Applications
New applications should be created for all traffic types that do not already exist in
the list of predefined (classified) traffic applications, or as subsets of these
applications to further filter the traffic type selected.
R ev isi o n 2. 0
106
To create an application:
1. In the My Applications menu, click the Create Application button. The Create
Application menu opens.
2. Update the following parameters to define the Application and how it is handled:
Parameter Item
Description
Application name
The default name for a new application is new_application. You have
to modify the name of the application to a name indicating the type of
traffic considered in this application. Maximum of 31 characters, no
spaces. Special characters are allowed.
Aggregation class
The aggregation Class setting controls the Citrix Plug-in. The Citrix
Acceleration Plug-in feature utilizes network resources more efficiently
in LAN-based Accelerator deployments and delivers improved
acceleration results for Citrix-hosted applications.
Citrix MetaFrame users repeatedly access the same content from the
network. The Accelerators’ Citrix Acceleration Plug-in feature
enhances support for Citrix MetaFrame applications because, through
the use of statistical multiplexing, the Citrix Acceleration plug-in allows
more Metaframe data to traverse the WAN. The Accelerator achieves
this increase in throughput by:
Consolidating Citrix header data in pure IP implementations - IP
header represents significant overhead in small packets generated by
Citrix. It constitutes almost 30% of the Citrix packet. The Citrix
Acceleration plug-in removes repeat header information and sends this
data only once across the network.
Consolidating Citrix payload in all environments - the Citrix
Acceleration plug-in extracts data from small packets originating from
different Citrix MetaFrame users, and sends packets optimized for
specific WAN conditions. The Citrix Acceleration plug-in eliminates all
redundant data transmissions across the WAN.
Controlling latency and jitter - the Citrix Acceleration plug-in reduces
latency and jitter, especially over slow WAN links that are commonly
used for Citrix Metaframe deployments.
The end-result is better, more consistent Citrix performance; and
support of up to four times more Citrix users on the existing
infrastructure. Aggregation is performed at the link-level and improves
acceleration for traffic with small to medium packets (like Citrix/ICA
traffic or Telnet traffic), and aggregates compressed packets. The
Aggregation class sets the class to which this application is related.
Aggregation reduces the size of the traffic by aggregating compressed
packets, before sending them over the WAN.
The compressed packets are aggregated in the link per class. The
classes are defined via the CLI and set the aggregation packet limit,
and allows a pre-defined delay (window) before sending the packets.
For aggregation class configuration details, see Managing Aggregation
Classes, on page 482.
Collect statistics
Enabling statistics history saves statistics for this application for up to
one year.
Parameter Item
Description
Don’t accelerate
Traffic set to Don’t Accelerate is not compressed, but it is, however,
tunnelled. This setting is useful for traffic that does not compress, but
does not need to be transparent (header preservation) to other network
devices while crossing the WAN. QoS is still performed on all traffic set
to Don’t accelerate.
Don’t tunnel
Traffic set to Don’t Tunnel is neither tunneled nor compressed. This
setting is useful for traffic such as HTTPS or encrypted Citrix.
QoS will still be performed on all traffic set to Don’t tunnel.
Application criteria
The Application Criteria box lets you set the type of traffic to be
considered in an application. These fields define a rule for identifying
traffic as part of this application
TCP Port
To set the application to be defined on the basis of a TCP port or a
span of TCP ports:
Select TCP port from the drop-down menu.
In the From field enter the first port to be considered, in the To field
enter the last port to be considered. For example, to change HTTP
application 80 to HTTP application 8080, enter 8080 into the From
field.
To define a single port, enter the port number into the From field and
leave the To field empty.
Click the Add button.
The Criteria created appears in the Criteria Table.
UDP Port
To set the application to be defined on the basis of a UDP port or a
span of UDP ports:
Select UDP Port from the drop-down menu.
In the From field enter the first port to be considered, in the To field
enter the last port to be considered. For example, to change the TFTP
application from port 69 to port 4444, enter 69 into the From field and
4444 into the To field.
To define a single port, enter the port number into the From field and
Over-IP
To define an application based on a specific protocol:
Select Over IP from the drop-down menu.
In the From field enter the first protocol number to be considered, in
the To field enter the last protocol number to be considered.
To define a single protocol, enter the number into the From field and
Criteria Table
The criteria table lists all the criteria that must be met in order for traffic
to be considered part of this application.
To delete entries in the Criteria Table, highlight them and click the
Delete button
Prioritize
The Prioritize box lets you set the shaping or prioritization to be applied
to the traffic type.
107
R ev isi o n 2. 0
108
Parameter Item
Description
Order
The order parameter sets the importance of this rule. Traffic that enters
the Accelerator is dealt with by the QoS mechanism based on
Prioritization order number. Traffic that matches the Application criteria
set in order number 100 is handled according to the setting for this
application type, even if it may match the criteria of other Applications
with other, less important priority order numbers.
If the two applications are set with the same order priority, applications
are matched according to the highest level of specificity first.
For example, if two applications have a priority of 210, but one
application is created for all traffic in ports ranging from 2020 to 2060
and the other application is created for traffic on port number 2062, the
2062 traffic is handled first.
Another example of higher specificity is when one application defines
Layer-7 values and another application with the same priority order
defines values only up to Layer-4 values; the Layer-7 application
shaping will be applied to the traffic.
Most QoS settings do not necessitate setting the Order field.
You can set the order from 100 to 65534.
Minimum bandwidth
(desired)
The Minimum bandwidth desired setting should be used carefully.
This parameter allocates a certain amount of bandwidth to be saved
for a specific application type during periods of congestion. You should
set desired bandwidth only for mission-critical, time-sensitive
applications, such as VoIP, which need 8 to 16 Kbps allocated
throughput to function.
Maximum bandwidth
(limited)
The Maximum bandwidth limit setting puts a ceiling on the amount of
bandwidth that an application can consume. This is useful for
bandwidth-greedy applications such as FTP or P2P, to limit the amount
of bandwidth they consume.
ToS
You can either preserve the original ToS setting of the packets or set a
new ToS value for this application.
To preserve the original ToS value, click the Preserve radio button. By
default, ToS preservation is enabled.
To set a new ToS value for this traffic, click the Set radio button and
select one of the following options:
ToS value - lets you select a ToS value (0-254) for the Accelerator.
Code point - uses the first 6 bits of the ToS field, thereby giving 26 (=
64, namely: 63) different values.
CoS ToS - combines the values of the IP precedence field (otherwise
known as CoS, which stands for Class of Service) and the ToS (type of
service field).
!
i
!
Parameter Item
Description
Priority
You can either preserve the original ToS setting of the packets or set a
new ToS value for this application.
Set the Priority of the application to:
Blocked: Traffic set to Blocked is dropped.
Low, Average and High: Traffic set to Low, Average and High are
assigned bandwidth on a proportional scale:
Low receives the lowest proportion of the bandwidth.
Average receives a medium proportion of the bandwidth.
High receives the greatest proportion of the bandwidth.
Real Time: Real-time traffic always receives bandwidth allocation
according to strict priority. This means that as long as real-time traffic is
traversing the network, all lower priority traffic types waits until there is
free bandwidth, thus starving all lower priority applications with the
exception of applications that received a Minimum bandwidth (desired)
setting.
Diagnostic Mode: You should set traffic to Diagnostic Mode only if the
Application is not responding at all to QoS settings. This is because
Diagnostic Mode traffic overrides all other QoS settings and starves all
other applications (including real-time and Desired bandwidth
allocated).
If a class is not transmitting at all and seems not to be working, set the
class to Pass-thru/Diagnostic mode, thereby disabling the QoS from
the traffic type.
109
CAUTION! Ensure that you click the Submit button to save configuration
changes before exiting the Create Application menu.
NOTE: If you are running a version of AcceleratorOS previous to 5.0(6), note
that two new preconfigured applications were added in this version that may
affect user-defined applications on the same ports. If applications have been
configured for port of 1928 (saved for the expand-internal application) or 2598
(citrix-ica-sr), rename these applications exactly as in the preconfigured
application before performing an upgrade.
If an application exists for a list of ports or range of ports that include the
specified port numbers (1928 and 2598), remove these ports from the list or
range, and create applications expand-internal with port 1928, and citrix-ica-sr
with port 2598. Then change the policy rules to match this application as well.
Modifying Applications
Selecting an application lets you modify the application definition (the type of traffic,
also known as the traffic rule, or filter) and set up the way the traffic is treated (or
prioritized, also known as shaping).
R ev isi o n 2. 0
110
To modify an application:
1. In the My Applications menu, click the application name (alternatively, highlight
the application line and click the Edit button). The Edit Application menu opens.
2. The Edit Application menu lets you modify all application parameters as listed in
section Creating New Applications.
3. In the Aggregation Class drop-down menu you can choose, Default, Custom, or
Citrix.
4. Select one or more of the following checkboxes:
Collect Statistics
Don’t accelerate
Don’t tunnel
Discover
!
!
changes before exiting the Edit Application menu.
Layer-7 Applications
The Accelerator lets you filter HTTP web applications and/or Citrix applications at
the application layer (Layer-7). This higher level of specification enables specific
applications to receive tailored traffic prioritization within the Accelerator. Creating
a Layer-7 or L7 application is the same procedure as described in Creating Web
Applications, on page 110.
Creating Web Applications
You can create and prioritize HTTP web applications per Layer-7 application. New
web applications are created much in the same way as new Layer-4 applications,
with the addition of Layer-7 (application specific) information.
111
To create a web application:
1. In the My Applications menu, click the Create Web Application button. The Create
Web Application menu opens.
2. The Web application parameters are identical to the parameters set for all
applications, with the following additions.
Parameter Item
Description
Application Criteria
You cannot modify the Application
Criteria box from within the Create Web
Application box. The Layer-4 information
for this web-based application is taken
from the web definition. To modify the
Layer-4 criteria, return to the My
Applications menu and click on HTTP to
edit the web application. This is also
disabled for L7 Applications.
R ev isi o n 2. 0
112
Parameter Item
Description
Layer-7 Information
Host Name: the host name of the web
application. The Host Name is the
internet address up until the first “/”, for
example, for the address http://
172.10.10.10/loginindex.asp, the Host
Name is 172.10.10.10.
For the Internet site http://
www.expand.com/extranet/support the
Host Name is www.expand.com
URL Name: the URL name is the
internet address after the first “/”. In the
example above, “extranet” can be used
as the URL name.
MIME Type: enter the content type.
User Agent: enter the name of the
HTTP client (Netscape, Mozilla, and so
on)
All Layer-7 information criteria use
pattern matching, meaning that, for
example, if the Host Name is
www.expand.com, using expand as the
host name is sufficient (up to 128
character string for all HTTP Layer-7
parameters).
Prioritize
Prioritizing the traffic based on rules is
accomplished by setting the same
parameters available when creating an
application. For more information on
available settings, see Creating
New Applications, on page 105.
!
!
changes before exiting the Create Web Application menu.
Creating Citrix Applications
You can set and prioritize Citrix applications per Layer-7 application. New Citrix
applications are created much in the same way as new Layer-4 applications, with
the addition of Citrix Layer-7 specific information.
113
To create a Citrix application:
1. In the My Applications menu, click the Create Citrix Application button. The
Create Citrix Application menu opens.
2. The Citrix application parameters are identical to the parameters set for all
applications, with the following additions.
Parameter Item
Description
Application Criteria
You cannot modify the Application
Criteria box from within the Create
Citrix Application box. The Layer-4
information for this Citrix-based
application is taken from the Citrix
definition. To modify the Layer-4 criteria,
return to the My Applications menu and
click on Citrix to edit the Citrix
application.
R ev isi o n 2. 0
114
Parameter Item
Description
Layer-7 Information
The Layer-7 information box lets you set
the application-specific details
necessary for filtering this web
application. Enter any or all data to be
treated as criteria for matching this web
application type. This means that all
traffic considered as part of this Citrix
application has to meet all the criteria
listed in this box, as follows
Published application: List the Citrix
application type, such as Word, Calc
and Notepad.
Client: List the user name of the device
you want to set as part of this traffic
type. For example, to set the priority of
the CEO’s Citrix Client to Real-time for
Excel, enter the name of the CEO’s PC
into the Client field
Layer-7 information for Citrix is not
pattern matching, meaning that the
published application listed must be the
full name of the application traffic that is
intended (these parameters can use
strings up to 20 characters).
Prioritize
Prioritizing the traffic based on rules is
accomplished by setting the same
parameters available when creating an
application. For more information on
available settings, see section
Creating New Applications, on
page 105.
For more information on working with Citrix, see section Acceleration and Citrix
Traffic, on page 346.
S et ti ng Ad va n ced QoS Pa ram et e rs
Setting Advanced QoS Parameters
115
Advanced configuration of the Accelerator’s QoS mechanism is intended for expert
users, and networks that are particularly complex. Understanding how QoS works is
necessary in order to properly apply advanced QoS settings.
The following sections provide an in-depth knowledge regarding the way QoS
operates:
How QoS Works, on page 115
How Traffic Filtering is Applied, on page 117
How Traffic Shaping is Applied, on page 118
Setting Inbound QoS, on page 121
Creating QOS Rules, on page 122
Editing QoS Rules, on page 126
Making Decisions for Specific Applications, on page 127
How QoS Works
The Accelerator’s QoS mechanism receives packets from the LAN, and passes
them to the Accelerator’s compression mechanism.
The QoS mechanism automatically adjusts the throughput it transmits to account for
the extra available bandwidth created when traffic is compressed.
i
i
NOTE: While the Accelerator enables the same QoS capabilities on inbound
and outbound traffic, most QoS is accomplished on outgoing bandwidth only.
Incoming traffic shaping is useful for non-links and virtual links, and instances
in which limiting or blocking incoming traffic is desired, for example blocking
P2P traffic or limiting incoming Internet traffic.
NOTE: Using inbound traffic shaping when the remote Accelerator uses
outbound traffic shaping is not recommended; in such a case, the inbound
shaping may have only a partial effect on the traffic.
R ev isi o n 2. 0
116
Follow these steps before working with QoS:
1. Set an accurate Bandwidth for the WAN. This setting ensures that all traffic
shaping applied is relative to the actual physical bandwidth on the WAN pipe.
The default bandwidth set for the default WAN is 100 Mbps (fast Ethernet).
2. This bandwidth setting assumes the largest possible bandwidth so that the
Accelerator does not limit its throughput over the WAN due to a WAN bandwidth
setting lower than the actual bandwidth. However, to get an accurate QoS
shaping you are advised to modify the bandwidth setting to its actual rate. For
more information on setting WAN bandwidth see section Performing Setup via
the Wizard, on page 21.
3. You must set the bandwidth of each link on the WAN. For more information on
setting the Link Bandwidth, see Performing Setup via the Wizard, on page 21.
Understanding QoS Rules
The Accelerator’s QoS works on the basis of rules. Rules define how QoS controls
applications (streams or sessions). Rules are built out of a filter, a shaper, and can
contain a marker.
While these rules are transparent to the typical user and are not mentioned in the
My Applications screen, for each application defined in the My Applications screen,
you can create a rule that you can view and modify via the Services - QoS Menu
in the Rules Table. The number of rules you can create is unlimited.
117
To fine-tune traffic management, it is useful to understand the hierarchy that
determines the order in which the QoS mechanism implements traffic shaping rules.
Rule
Description
Filter
The Filter defines what kind of traffic qualifies as part of an application. Filters are
generally Layer-4 definitions such as port number, protocol number, and traffic type.
For example, the application FTP is defined by the traffic type TCP and the port
number 20.
You can modify and add traffic type and port number for applications that already exist
by default in the Accelerator, as well as defining new applications.
Shaper
The traffic shaper defines how to handle the traffic filtered into this application: what
priority the application receives, and how the application is treated by the Accelerator.
Shaping the traffic enables setting a desired (or guaranteed) amount of bandwidth to
be preserved for a specific application, setting a limit on how much bandwidth an
application can consume (to avoid starvation of other applications), and setting the
CoS (Class of Service priority) and ToS (Type of Service) values for the application.
Shaping is crucial for ensuring application integrity - that critical traffic applications get
the bandwidth they need, and that other important applications are not starved
completely.
Marking
An application in the Accelerator can include a marker per application. You can save
the ToS marking on the rules, either the original ToS value or a newly defined ToS
value.
This also means that you can set each application type to be Not-Accelerated or NotTunnelled. This is particularly useful for applications like HTTPS or Encrypted Citrix,
whose packets do not compress, and ensures that the Accelerator does not waste
resources attempting to process these packets.
How Traffic Filtering is Applied
The QoS mechanism contains dozens of preconfigured traffic applications (that can
be modified and shaped as needed). All preconfigured traffic applications, as well
as new traffic applications created (see section Creating New Applications, on page
105), are filtered according to application type. Incoming traffic is matched against
the applications one at a time, starting with the application with the highest “Priority
Order” number, until a match is found. Once a match is found, the application is
handled, despite the fact that it may match other applications as well (this is called
overlapping traffic).
Applications cannot overlap at the Layer-4 level. This means that because
Application FTP is set on TCP port 20, another application cannot be created on
port 20 (or including port 20). However, applications can overlap at the Layer-3
level. for example: a TCP application could exist and be set to include traffic over-IP
R ev isi o n 2. 0
118
protocol 6. In this case, the Priority Order number given to an application (or rule)
determines which application rule governs overlapping traffic. In the above
example, if the FTP traffic is set to 200 (the default) and TCP is given an order
number of 100, all FTP traffic is treated according to the definition of TCP.
If the two applications are set with the same order priority, applications are
matched according to the highest level of specificity first.
For example, if two applications have a priority of 210, but one application is
created for all traffic in ports ranging from 2020 to 2060 and the other application is
created for traffic on port number 2062, the 2062 traffic will be handled first.
Another example of higher specificity is when one application defines Layer-7
values and another application with the same priority order defines values only up
to Layer-4 values; the Layer-7 application shaping will be applied to the traffic.
How Traffic Shaping is Applied
The QoS mechanism works in a hierarchical fashion. In a complex QoS setup, it is
often important to understand which shaping carries the greatest weight and is
related to first by the QoS mechanism.
Studying QoS Bandwidth Allocation
The QoS mechanism allocates bandwidth as follows:
WAN Bandwidth—First, the bandwidth set for the WAN is honored. All
further application QoS decisions are based on the WAN bandwidth.
Link Bandwidth—You can set the bandwidth of the Link with a
maximum value, limiting the amount of the total throughput of the
WAN available to a particular link. All Application decisions based on
a particular link are bound by this bandwidth.
i
NOTE: Peer oversubscribing is allowed. For example, if the WAN bandwidth is
T1 (1.5 Mbps), you can set 10 links at 256 Kbps each, and the bandwidth will
be distributed relatively to all links according to the QoS mechanism.
Like the WAN bandwidth setting, the bandwidth set for a link can never be
exceeded. The bandwidth set for the links is divided by the WAN according to
the priority of the traffic coming across the links. This means that if the WAN
bandwidth is 128 Kbps, and Link 1 is set to 128 Kbps and Link 2 is set to 128
Kbps, if one link has high priority traffic, the lower priority traffic on the other link
119
could be starved. However, if the Link bandwidth is set to a portion of the WAN
bandwidth, then the link does not exceed this portion, and bandwidth is left over
for other links.
Diagnostic Mode Traffic—Traffic set with a priority setting of Diagnostic
Mode overrides the QoS mechanism. Diagnostic Mode traffic has all
the bandwidth of the WAN at its disposal and supersedes all other
traffic and all other QoS settings.
The Diagnostic Mode Traffic setting should be used only in emergency cases,
where an application is not responding to the QoS mechanism; Diagnostic Mode
traffic is forced to override the QoS mechanism.
Bandwidth Limits—Maximum bandwidth limits set for applications are
honored and the traffic throughput is limited according to this setting.
Bursts—In addition to the hierarchy, if, after all bandwidth is allocated,
there is spare bandwidth, and an application is set to allow bursts, this
application uses all spare bandwidth even if it is set to ordinarily have
a maximum bandwidth limit.
For example, if on a 64 Kbps link FTP is limited to 16 Kbps, with burst allowed
FTP will be able to use the entire 64 Kbps if no other traffic traverses the link, and
when there is traffic, the limit of 16 Kbps is enforced on FTP.
To allow bursts on applications, you have to ensure that the default setting on the
WAN, which allows bursts, is kept. The WAN Burst parameter also lets you set a
maximum burst bandwidth, meaning that if the WAN bandwidth is 1 MB, you can
set the WAN burst to limit burst traffic to 900 Kbps in order to avoid maximum
utilization situations because of burst traffic. By default the WAN bursts are
allowed to use the entire WAN bandwidth. In certain environments, lowering the
WAN burst by up to 10% may be useful in order to protect the line from
congestion caused by bursts.
i
i
NOTE: QoS settings take effect when the WAN link is full. Any limitations and
guarantees placed on traffic apply only if not enough bandwidth exists for all
traffic to flow freely.
NOTE: In the Accelerator, rule limit and desired shaping are applied to traffic
before it is compressed, while link shaping (bandwidth for the link and the
WAN) is applied to traffic after the traffic has been compressed.
R ev isi o n 2. 0
120
Desired Bandwidth—Minimum bandwidth Desired set for applications
is allocated to all applications on which a desired minimum bandwidth
was set. This is true even for low priority applications.
For example, in a 64 Kbps link, the applications will divide up the 64 Kbps plus
the Acceleration percentage, like a cake, with the desired bandwidth applications
reserving the first piece. As long as no congestion exists, all applications set to
Desired receive their guaranteed bandwidth. When there is congestion, if high
priority applications are guaranteed bandwidth, they will receive it before low
priority applications that were guaranteed bandwidth. If there is not enough
bandwidth for numerous high priority applications that were guaranteed a desired
bandwidth, the desired bandwidth will be divided proportionately between those
applications.
Desired bandwidth is useful especially to prevent starvation of lower priority
applications. Setting a desired bandwidth for a low priority application ensures
that the application receives some small amount of bandwidth even when the
high priority applications are consuming the bulk of the bandwidth.
While the Minimum bandwidth desired is allocated hierarchically according to the
application priority (first to real-time, then to high, then to average, and so on),
the desired bandwidth setting is handled before relative spare bandwidth
distribution among prioritized applications. For this reason it is important to use
the Minimum bandwidth desired setting carefully.
For example: If VoIP is prioritized as high priority traffic on a 1 Mbps connection,
and HTTP traffic receives low priority, but a minimum desired bandwidth setting
of 800 Kbps, these 800 Kbps will be allocated to HTTP traffic and the remaining
200 Kbps is divided proportionally between the VoIP application and the HTTP
traffic.
Priority—The relative QoS priority set to the application is considered
and bandwidth is divided proportionally among the applications as
follows:
Block—Blocked traffic is discarded.
Real-time—Traffic set to real time receives “strict priority”. This means
that as long as real-time traffic is traversing the network it will receive
the entire bandwidth. All lower priority traffic types wait until there is
free bandwidth, thus starving all lower priority applications (unless a
Minimum bandwidth (desired) was set for them). For this reason it is
important to use the Real-time setting with great care. If a chatty/
121
bandwidth-greedy application constantly transmits traffic, it is possible
that no other application will receive bandwidth (except those set with
a Minimum bandwidth (desired)).
High/Average/Low: High, average and low traffic priorities divide the bandwidth
that is still available (after desired and real-time traffic) in a proportional method
based on time. High priority traffic waits the shortest amount of time before
waiting to be sent, average priority traffic waits longer than the high priority and
low priority traffic waits longer than the average traffic to be sent. This does not
mean that high priority traffic transmits completely before average traffic starts
transmitting, rather high traffic transmits at a faster rate.
Setting the priority to high/average/low is appropriate for most traffic types, setting
the relative importance between the applications without causing starvation.
In advanced configuration, you can set the WAN to handle QoS according to
“strict-priority.” This would set the priorities to act deterministically rather than
proportionally: high priority traffic receives all the available bandwidth (after
desired and real-time traffic), average priority traffic receives bandwidth only if no
high priority traffic exists, and so on. If there is constant high-priority traffic,
average and low priority traffic are starved completely.
i
NOTE: Traffic that waits too long to be transmitted is discarded as obsolete so
as not to cause application problems by transferring stale packets.
What is the difference between real-time and desired?
Realtime gets the highest priority; it can cause starvation up to the bandwidth
allocated using the “desired” setting. Guaranteed bandwidth is not touched by
applications because of their real-time priority setting. Because “desired” is useful to
protect lower priority applications from being starved, the default desired setting
allocates a minimal amount of bandwidth (1 Kbps) by default.
Setting Inbound QoS
For Inbound QoS, you can set a bandwidth limitation for the WAN or per link. If a
link was created with a bandwidth limitation set for inbound traffic, a rule is
automatically created on the sending side, limiting outbound traffic to the link.
You can set inbound policy rules globally or per link.
R ev isi o n 2. 0
122
Creating QOS Rules
Advanced QoS configuration is accomplished by creating and editing rules as they
appear in the QoS menu.
To create a rule:
1. In the Accelerator’s WebUI, click on the QoS tab, and then select QoS Rules.
.
2. In the View rules for application drop-down menu, select the application on which
to apply the rule.
If the application does not exist, you can use the Setup - My Applications menu
to create a new application; for more information see section Creating New
Applications, on page 105.
While the QoS menu enables fine-tuning of the definition of the traffic type to be
filtered into an application, making Layer-4 modifications to the application itself
requires using the Setup - My Applications menu.
3. Click the Create new rule button. The Create Rule menu opens.
123
4. In the Rule Name field, give a name to the rule. Naming the rule is necessary for
identifying it, if you need to modify the rule at a later date.
5. Use the Define and Prioritize sections to enter the necessary information per your
networking requirements
Define Section
Options
Application
Description
Select the Application onto which to apply this rule from the
drop-down menu. You can define applications only via the My
Applications menu. For information, see section Creating
New Applications, on page 105.
R ev isi o n 2. 0
124
Define Section
Options
Description
Source IP
If you want to filter the application by its source IP address:
Choose from Other, Any, Single IP, Subnet, Range, or List.
Other—Displayed if advanced configuration was made via the
CLI, which is more complex than the WebUI display
Any—Set the Source IP to Any if the application should consider
traffic coming from any device (this is the default).
Single IP—Select this option if only traffic coming from a single
device should receive the treatment defined in this rule. Enter
the IP address
Subnet Mask—Select Subnet if only traffic from a particular
subnet should receive the treatment defined in this rule. Enter
the subnet address and the subnet mask.
Range—Select Range if a particular range of source IP
addresses should receive the treatment defined in this rule.
Enter the first and last IP address to be considered.
List—Select List and enter up to four IP addresses to receive
the treatment defined in this rule.
Destination IP
If you want to filter the application by its destination IP address:
Choose from Other, Any, Single IP, Subnet, Range, or List.
Any—Set the Source IP to Any if the application should consider
traffic coming from any device (this is the default).
Single IP—Select single IP if only traffic headed to a single
device should receive the treatment defined in this rule. Enter
the IP address.
Subnet—Select Subnet if only traffic toward a particular subnet
should receive the treatment defined in this rule. Enter the
subnet address and the subnet mask.
Range—Select range if a particular range of destination IP
addresses should receive the treatment defined in this rule.
Enter the first and last IP address to be considered.
List—Select List and enter up to four destination IP addresses
to receive the treatment defined in this rule.
ToS Bits
To filter traffic based on its ToS setting, in the drop-down menu
select from Other, Any, and Value.
Any—To set the rule to apply to the application’s traffic, if it has
any ToS value set (this is the default).
Value—To set a ToS value, thereby limiting traffic on which this
rule is applied to the application’s traffic that has a particular ToS
value (0 - 255).
Links
Traffic rules and shaping are applied per link. Select Global to
apply to all links, a specific link to determine how traffic is
categorized and prioritized over a specific link, or select Nonlink.
125
Prioritizing the traffic based on rules is accomplished by setting the same
parameters available when creating an application. For more information on
available settings, see section Creating New Applications, on page 105.
The main difference is that this screen lets you also set a ToS Mask (0-254).
When entering a number in the ToS Mask field, this value is ANDed to the value
entered in the TOS field in the packet’s header and compared against the TOS
entered for this rule. You can use the TOS Mask for comparing specific bits
(Precedence/Type of Service) from the TOS field in the packet’s IP header
against the TOS value entered for this rule.
Prioritize Section
Options
Description
Order
The order parameter sets the importance of this rule. Traffic
that enters the Accelerator is dealt with by the QoS
mechanism based on Prioritization order number. Traffic that
matches the Application criteria set in order number 100 is
handled according to the setting for this application type,
even if it may match the criteria of other Applications with
other, less important priority order numbers.
If the two applications are set with the same order priority,
applications are matched according to the highest level of
specificity first.
For example, if two applications have a priority of 210, but
one application is created for all traffic in ports ranging from
2020 to 2060 and the other application is created for traffic on
port number 2062, the 2062 traffic is handled first.
Another example of higher specificity is when one application
defines Layer-7 values and another application with the same
priority order defines values only up to Layer-4 values; the
Layer-7 application shaping will be applied to the traffic.
Most QoS settings do not necessitate setting the Order field.
You can set the order from 100 to 65534.
Minimum bandwidth
(desired)
The Minimum bandwidth desired setting should be used
carefully. This parameter allocates a certain amount of
bandwidth to be saved for a specific application type during
periods of congestion. You should set desired bandwidth only
for mission-critical, time-sensitive applications, such as VoIP,
which need 8 to 16 Kbps allocated throughput to function.
Maximum bandwidth
(limited)
The Maximum bandwidth limit setting puts a ceiling on the
amount of bandwidth that an application can consume. This
is useful for bandwidth-greedy applications such as FTP or
P2P, to limit the amount of bandwidth they consume.
R ev isi o n 2. 0
126
Prioritize Section
Options
Description
ToS
You can either preserve the original ToS setting of the
packets or set a new ToS value for this application.
To preserve the original ToS value, click the Preserve radio
button. By default, ToS preservation is enabled.
To set a new ToS value for this traffic, click the Set radio
button and select one of the following options:
ToS value - lets you select a ToS value (0-254) for the
Accelerator.
Code point - uses the first 6 bits of the ToS field, thereby
giving 26 (= 64, namely: 63) different values.
CoS ToS - combines the values of the IP precedence field
(otherwise known as CoS, which stands for Class of Service)
and the ToS (type of service field).
Priority
Set the Priority of the application to:
Blocked: Traffic set to Blocked is dropped.
Low, Average and High: Traffic set to Low, Average and
High are assigned bandwidth on a proportional scale:
Low receives the lowest proportion of the bandwidth.
Average receives a medium proportion of the bandwidth.
High receives the greatest proportion of the bandwidth.
Real Time: Real-time traffic always receives bandwidth
allocation according to strict priority. This means that as long
as real-time traffic is traversing the network, all lower priority
traffic types waits until there is free bandwidth, thus starving
all lower priority applications with the exception of
applications that received a Minimum bandwidth (desired)
setting.
Diagnostic Mode: You should set traffic to Diagnostic Mode
only if the Application is not responding at all to QoS settings.
This is because Diagnostic Mode traffic overrides all other
QoS settings and starves all other applications (including
real-time and Desired bandwidth allocated).
If a class is not transmitting at all and seems not to be
working, set the class to Pass-thru/Diagnostic mode, thereby
disabling the QoS from the traffic type.
Editing QoS Rules
Any changes made to Applications via the My Applications menu appear as rules in
the QoS menu. You can use the QoS menu to edit these changes, and any other
rules created.
127
To edit a rule:
1. Highlight the Rule to be edited in the Rules Table and click
.
2. Make the necessary changes. For any necessary explanation, see section
Creating QOS Rules, on page 122.
Making Decisions for Specific
Applications
The Decision screen lets you set various aggregation and acceleration parameters
for a specific application, such as how many small packets to accumulate for one
big packet (aggregation class), and whether the application is accelerated and
tunneled.
To make a decision for a specific application:
1. Select an application from the Application Name drop-down list.
2. Select the aggregation class. Your choices are as follows:
Citrix - enables Citrix acceleration on Citrix, telnet and ms-terminalserver applications.
Default - enables acceleration on small-packet, encrypted
applications such as pop3s, https and ftps.
Custom 1 - enables acceleration on a specific, user-defined link.
Custom 2 - enables acceleration on a specific, user-defined link.
3. Select the Tunnel box to send the application as tunneled.
4. Select the Accelerate box to accelerate the application. Selecting this box is
possible only if you previously selected the Tunnel box.
5. Click Add to add the newly defined settings.
R ev isi o n 2. 0
128
If a decision already exists for this application, a message appears, requesting
your confirmation to modify the existing settings. Click OK to confirm.
6. To delete a specific application from the list, highlight the application name in the
table and click the Delete button.
QoS Troubleshooting
Q o S Tro ub le sh o o ti ng
129
If the QoS mechanism does not seem to be functioning properly, it could be a result
of the Maximum Queue Length. If there is much latency on the line, the packet
drops may be the result of the queue buffer size, which is normally set per link rate,
or because the packets are waiting too long and are therefore being considered
obsolete packets. By default the packets are considered obsolete after 500 ms.
If limits do not seem to be enforced on traffic, check to see if it is because of the
Burst status. When Burst is enabled during periods of no congestion, limits will
appear not to be enforced properly.
If a class is not transmitting properly and problems are encountered after QoS has
been applied, try setting the class to Diagnostic mode, thereby disabling QoS for
this traffic type.
R ev isi o n 2. 0
130
Chapter 6: Optimizing Acceleration Services
Expand’s Accelerator lets you reduce the impact of the TCP protocol shortcomings
by applying TCP Acceleration, a standards-based plugin that modifies TCP settings
to optimize throughput in certain environments. In addition, the Accelerator
provides Domain Name Server caching capabilities to shorten the round-trip-time
and save bandwidth over the WAN.
This chapter contains information about the following topics:
Studying TCP Acceleration, on page 132.
Understanding Web Acceleration, on page 143.
Configuring DNS Acceleration, on page 152.
Enabling Citrix Acceleration, on page 156
For information regarding WAFS service, see Configuring and Managing WAFS, on
page 159.
132
C h ap t er 6: Optimizing Acceleration Services
Studying TCP Acceleration
TCP, which was designed to ensure reliable IP transmission, performs well on
LANs but does not deal well with the high latency and high-packet-loss found on
many WANs. These limitations are expressed in the long times required for file
transfers over the WAN, degraded web performance and unresponsive
applications.
SCPS, the Space Communication Protocol Standards developed by NASA and the
US Air Force, is a collection of standards-based TCP enhancements designed to
reduce the impact of TCP limitations in Long-Haul WANs.
SCPS is implemented by using the TCP Acceleration feature, designed to optimize
and better utilize WANs that suffer from distance-induced TCP limitations.
Understanding the Shortcomings of
TCP
To understand how TCP Acceleration works, it is important to understand the
shortcomings of TCP:
Frequent packet retransmissions:
In TCP transmissions, the sender receives an ACK (Acknowledgement packet)
for each successful packet transmission. If the ACK is not received, the sender
resends the packet. Often, on long distance lines, the packet is retransmitted
before the ACK has time to arrive.
Transmission Window:
To ensure that the receiver gets all data items sent from the sender,
TCP sends only part of the data to the receiver in small amounts
called a window. The size of the window is specified by the receiver
during the setup of a TCP session, and is measured in bytes. The
sender transmits a window, and then waits to hear an
acknowledgement back from the receiver if the window was received
properly. After an acknowledgment is sent from the receiver, the
sender transmits more data until all necessary data is sent. The
following figure explains the handshake process involved in
establishing a TCP connection:
St u d yin g T C P A cc el er a ti on
133
Once the connection is established, TCP data packets are sent in accordance with
the TCP window set - each time the window threshold is met, the receiver responds
with an acknowledge packet, as described in the following figure:
The time wasted waiting for ACK packets to be sent in a TCP connection
dramatically increases latency.
R ev isi o n 2. 0
134
Slow Start—Because TCP transmissions have no way to know the
size of the bandwidth over which they are being transmitted, each
transmission begins slowly, gradually increasing speed until a packet
is dropped - at which point TCP assumes that it has reached the
maximum bandwidth. On high-bandwidth long-distance lines, this slow
start wastes much expensive bandwidth.
The more latency present, the slower the session will start.
Congestion Avoidance—TCP assumes that any packet lost is due to
congestion. Any time a packet is dropped, TCP reduces transmission
rate by half, slowly increasing it until the maximum rate at which no
drops are experienced. On long-distance lines over which packet
drops are often the result of factors other than congestion,
transmission is being slowed down unnecessarily.
While these TCP functions are useful in controlling and managing congestion
over the LAN, they cause expensive long-distance links to appear slow.
Studying SCPS, Expand’s TCP
Acceleration Solution
TCP Acceleration uses the SCPS protocol package to reduce the impact of these
well-known TCP limitations according to the standard developed by NASA (http://
www.scps.org):
Scaling the Transmission Windows
Increases the maximum transmission window to enable ACKs to arrive across long
distance links, thereby reducing the amount of unnecessary packet
135
retransmissions. Once TCP Acceleration is enabled, the TCP packet transfer
process causes less latency, as seen in the following figure:
A larger window enables sending more packets before an acknowledge packet is
sent, minimizing the number of acknowledge packets sent and lowering latency.
Error Detection and Proactive Resolution
The SCPS protocol uses SNACK (Selective Negative Acknowledgement), which
reduces the amount of data that needs to be retransmitted and increases the speed
of retransmissions. This is accomplished by sending only a request for missing
R ev isi o n 2. 0
136
packets, as opposed to TCP, which retransmits the missing packet as well as all
packets already transmitted after the missing packet.
Congestion Avoidance
SCPS enhances flexibility of Congestion avoidance mechanisms. TCP
automatically uses congestion avoidance, which is not necessary in networks
where drops are not the result of congestion. You can configure SCPS in such a
way that congestion avoidance is not used when it is unnecessary. If there is
congestion on the line, you can select the method of congestion avoidance and
control (standard TCP or Vegas).
Local Network Isolation
The SCPS protocol uses TCP Spoofing to reduce the time required for establishing
a TCP session, thereby enabling the transmission of data without waiting for the
TCP slow-start. SCPS also enables congestion avoidance by preventing slow traffic
build-up before achieving maximum capacity.
Link Outage Support
TCP Acceleration incorporates several features that support TCP transfers during
link outages: avoiding the costly and unnecessary packet retransmissions by
halting transfers until communication is re-established, restarting transmissions at
the last ACK received, and anticipating potential link outages before they occur.
Asymmetric Networks Optimization
In asymmetric environments, if in one direction the bandwidth is significantly lower
than the other, this direction can become congested with ACK packets being sent
in the other direction. TCP Acceleration enables scaling of ACK packets (for
example sending an ACK for only every other packet) to better match uplink/
downlink rates.
SCPS-based TCP Acceleration enables the Accelerator to maximize capacity over
Long-Haul links, thereby guaranteeing optimized throughput across WAN links.
137
TCP throughput - Kbps
540msec round-trip-time
4608
With TCP
Acceleration and
compression
4096
3584
3072
Kbps
With TCP
Acceleration
No TCP
Acceleration
Newly created
bandwidth
2560
2048
Unutilized bandwidth
1536
1024
512
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Time
Throughput
Link Speed
Computing Latency
The Accelerator automatically configures TCP Acceleration settings according to the
computation that follows.
The network in the diagram above will be used for example purposes. The math
used for calculating the theoretical maximum throughput is based on this drawing.
Substitute the values from your specific network in order to learn the TCP
theoretical limitation for a single session in your network.
R ev isi o n 2. 0
138
The network poses 150 milliseconds (msec) of latency between the Client (C) and
the Server (S). You can use a ping for determining the end-to-end latency between
a Client and Server by sending a ping 100 times from the client to the server
during business hours with a 750 byte payload. This payload size ensures some
stress on the network, and should provide a better measurement for latency than
simply sending a 64 or 32 byte ping as some operating systems do. An example of
this ping command used on Windows is:
ping x.x.x.x –l 750 –n 100
(x.x.x.x = the server’s IP address, –l is the payload size, and -n is the amount of
pings)
You can use the following formula to calculate the theoretical limitation:
Bandwidth equals the window size divided by the round trip time
WindowSize
---------------------------- = Bandwidth
RoundTripTime
Bandwidth (BW)—is the maximum theoretical throughput. The
bandwidth of a link is normally represented in bits per second.
Window Size (WS)—is the amount of data TCP can send before
waiting for an acknowledgement. This value is in bytes; ensure that
any values in bytes are converted to bits.
Round Trip Time (RTT)—even though this value is in seconds, most
network tools, such as ping, report it in milliseconds. In the network
example shown above, the latency was 150 msec, and because 1000
msec equals a full second, then the latency of this network can be
represented in a fraction as 150/1000 msec. Always convert this
fraction into decimal format when calculating the values. In this case
the latency will be represented as .15.
The default window size for Microsoft XP is 8 KBytes. For additional window size
values please consult your operating system vendor. This example assumes that
the client is running Windows XP.
Using the example network provided above, some of the values needed for this
formula are known and can therefore be plugged into the formula in order to
determine the maximum theoretical bandwidth for a single TCP session.
BW = 64000 / .15
After calculating the values, the BW equals 426,666 Bytes. Remember that
because this value is in bytes, it should be multiplied by 8 in order to get the bits
139
per second (bps). The product shows that the theoretical maximum bandwidth is
3,413,328 bps.
As seen in the example network shown above, the link is a 6 Mb link. 150 msec
of latency has limited a session to about half of the link speed.
The following Throughput table lists some common Round Trip Times and the
effects on TCP:
Window Size
Round Trip Time
8 KB
16 KB
32 KB
64 KB
50
160 Kbps
320 Kbps
640 Kbps
1280 Kbps
100
80 Kbps
160 Kbps
320 Kbps
640 Kbps
150
53 Kbps
106 Kbps
212 Kbps
424 Kbps
200
40 Kbps
80 Kbps
160 Kbps
320 Kbps
500
16 Kbps
32 Kbps
64 Kbps
128 Kbps
1000
8 Kbps
16 Kbps
32 Kbps
64 Kbps
As these calculations demonstrate, the maximum throughput was greatly reduced
as the latency increased. The actual maximum throughput that a single TCP
session can have in your network may be even lower.
Configuring TCP Acceleration
You can use the WebUI to configure basic TCP Acceleration, such as typical RTT
and typical acceleration rate. In addition, you can set here the Send and Receive
windows’ sizes and the degree of transparency.
R ev isi o n 2. 0
140
Another significant setting possible through the TCP Acceleration screen is the
congestion control, which you can set to one of the following options:
None—no congestion avoidance is used
Standard—the congestion avoidance conforms to the standard TCP/
IP protocol (Reno)
Vegas—TCP Vegas reduces latency and increases overall throughout, by carefully matching the sending rate to the rate at which
packets are successfully being transmitted by the network.
The Vegas algorithm maintains shorter queues, and is therefore suitable either
for low-bandwidth-delay paths, such as DSL, where the sender is constantly
over-running buffers, or for high-bandwidth-delay WAN paths, where recovering
from losses is an extremely time-consuming process for the sender. The shorter
queues should also enhance the performance of other flows that traverse the
same bottlenecks.
The parameters you can configure via this screen are the send and receive
windows’ sizes. The possible values are between 4kb and 50 MB.
i
i
NOTE: Even though the upper limit for the sizes of the receive and send
windows is 50MB, setting the size to a value greater than 10MB may
adversely affect the system performance, and therefore a warning message
notifying you about such a possibility appears when you select a value that
exceeds 10MB.
NOTE: When TCP acceleration is enabled, all traffic is transferred through the
Accelerator in routing-only mode and is not bridged. For additional information
see Setting Routing Strategy, on page 27.
You can also use the Transparency field to set or update the packets’
transparency per link. The options are as follows:
Auto—keeps or reverts to the default option, which is Full in On-Path
deployment and semi-wan in On-LAN deployment.
Full—keeps the packets fully transparent.
Semi—prevents transparency on both sides.
Semi-LAN—keeps the packets transparent only to the LAN side.
Semi-WAN—keeps the packets transparent only to the WAN side.
141
Enabling TCP Acceleration
TCP Acceleration should be enabled only over long, high latency links. If you
enable TCP Acceleration via the WebUI, the system’s default values will be used
for activating TCP Acceleration. Expand recommends configuring TCP Acceleration
via the CLI.
To enable TCP acceleration:
1. In the Accelerator’s WebUI, click on Services and then TCP Acceleration.
2. Select the box Enable TCP Acceleration on All Links.
3. In the bottom right corner, click the Submit button.
If after enabling TCP Acceleration the Accelerator does not perform as expected,
you should check the size of the window set by Windows:
To check the size of the window set by Windows:
1. Click the Start button on the main menu bar, followed by Run. In the Open field,
type regedit.
2. In the Registry Editor, navigate to the following location:
HKEY_local_machine\system\CurrentControlSet\Services\
Tcpip\parameters.
3. Search the listed parameters. If TcpWindowSize is not listed, the window size is
set to the Windows’ default of 8 KB.
If TcpWindowSize is listed, double-click on the registry entry to view the value
!
set.
WARNING! Editing the registry or using a Registry Editor incorrectly can cause
serious, system-wide problems that may require you to reinstall Windows to
correct them. Microsoft does not guarantee that problems resulting from the
incorrect use of Registry Editor can be solved. Back up your registry first and
use Registry Editor at your own risk.
To calculate the necessary send window size and
receive window size:
Use the following formula to calculate the required window size as set by the
Accelerator:
R ev isi o n 2. 0
142
OutboundBW ( Kbps )
RTT ( mSec )
----------------------------------------------------------- × CompressionRatio × --------------------------------- × 2 × 1000
8
1000
Outbound Bandwidth in Bytes/Sec—convert the outgoing bandwidth
to Bytes per second, for example T1 = 1,544 Kbps (193,000 Bytes
per second)
Compression Ratio—expected acceleration in a compression ratio
format (200% acceleration = 3, 350% acceleration = 4.5)
Round trip time—in seconds (for example 500 ms round trip is 0.5
seconds, 650ms round-trip is 0.65 seconds)
For example, a T1 line with 600 ms round trip time with outbound acceleration of
230%:
Bandwidth in bytes/sec - 193000
Compression ratio – 3.3
193000*3.3*0.6*3 = 1146420
Un d er s tan d in g Web A cc el er a ti on
Understanding Web Acceleration
143
The Web Acceleration plug-in improves response times for HTTP/FTP-based
applications.
i
NOTE: Web Acceleration is supported in hard-drive versions of the
Accelerator. On all other Accelerator platforms, HTTP traffic will continue to be
accelerated by using Expand Networks’ patented caching and compression
algorithms.
The Web Acceleration plug-in serves requested objects from its cache. If the object
is not in the cache, the plug-in retrieves the object on behalf of the client from the
original server, caches it (when relevant) and serves the client's request.
Web Acceleration guarantees network transparency. When the Accelerator is
deployed on the network, there is no need for any configuration modification of
connected LAN clients.
In On-Path deployments—HTTP transparency also applies to the
Server side, meaning that if a sniffer is used between an Accelerator
and the default gateway, HTTP packets will be seen to contain the
client and server IP addresses. FTP traffic will be transparent only on
the client side.
In On-LAN deployments—transparency applies only to the Client
side. A sniffer placed between an Accelerator and the default gateway
will see packets containing the Accelerator and server IP addresses.
This later is necessary to guarantee that replies will travel via the
Accelerator’s Web Cache engine and not be delivered directly to the
client.
Web Acceleration supports both FTP and HTTP caching.
FTP caching—the Web Acceleration cache guarantees that objects
sent to the client from the cache are always fresh (only supported if
the FTP server supports MDTM ex, vsftpd as well as SIZE headers).
Both Passive and Active FTP caching modes are supported.
HTTP caching—the object will have an aging time in the cache until it
is retrieved again from the server.
i
NOTE: Because the Web Acceleration plugin consumes RAM, it affects the
number of tunnels configurable on the Accelerator. Web Acceleration can
cache objects up to 1 GB in size.
R ev isi o n 2. 0
144
Configuring Web Acceleration via the
WebUI
The WebUI lets you configure HTTP acceleration and FTP acceleration. To
configure a specific HTTP Acceleration or FTP acceleration parameter see the
table below:
To
Reference
Configure HTTP Acceleration
Configuring HTTP Acceleration, on
page 144.
Enable/Disable HTTP
Caching
Enabling and Disabling HTTP Caching,
Clearing HTTP Cache
Clearing HTTP Cache, on page 145.
Setting Cache Content
Setting Cache Content, on page 145.
Returning to Default Settings
Returning to Default Settings, on
on page 145.
page 146.
Setting Advanced HTTP
Parameters
Setting Advanced HTTP Parameters, on
Setting HTTP Acceleration
Rules
Setting HTTP Acceleration Rules, on
Configuring FTP Acceleration
Configuring FTP Acceleration, on
page 146.
page 148.
page 149.
Configuring HTTP Acceleration
You can use the WebUI to enable HTTP Acceleration and carry out most of the
advanced configuration.
145
Enabling and Disabling HTTP Caching
By default, HTTP Caching is disabled.
To Enable or Disable HTTP Caching:
1. Click the follwing: Services-->Web Acceleration--> HTTP Acceleration->Configuration.
2. In the HTTP Acceleration field, select Enable from the drop-down menu to enble
HTTP Caching. To disable, select Disable.
Settting the Cache Size
To set the Cache Size:
1. Click the following: Services>Web Acceleration> HTTP
Acceleration>Configuration.
2. In the Cache Size field, enter a number to represent the size allotment for the
cache (between 1 and 60 MB).
To set the type of content to be cached:
1. Click the following: Services> Web Acceleration> HTTP
2. In the Cache content field, scroll down to select one of the following types of
content to be cached.
Enterprise caches all traffic from links and virtual links.
Internet caches all traffic on the non-link.
All caches all traffic, be it link, virtual link or non-link.
Clearing HTTP Cache
To clear the HTTP acceleration cache:
1. Click the following: Services > Web Acceleration> HTTP
2. Click the Clear Cache button.
R ev isi o n 2. 0
146
To return HTTP Acceleration settings to factory
default:
2. Click the Set Default Values button and click Yes when prompted.
Setting Advanced HTTP Parameters
To open the Advanced HTTP Parameters menu:
2. In the Advanced HTTP Parameters menu, click the + in the menu bar.
3. The Advanced HTTP Acceleration Configuration opens, letting you set the
following parameters as shown in the following table:
Parameter Item
Description
Connect Timeout
The time period (in seconds) that should pass before
disconnection (default: 60). To set the Connect timeout, fill in a
number (between 1 and 600 seconds) in the field
Maximum Cache
Object Size
Sets the Maximum size an object can be in order to be held in
the cache. Object larger than this number are not held. This
parameter is set in KB.
To set the Maximum Cache Object Size, enter a number
between 1 and 1,000,000 KB. By default, the size is 102,400
KB.
Note that the Maximum Cache object size must be larger than
the Minimum Cache object size.
Minumum Cache
Object Size
Sets the Minimum size an object can be in order to be held in
the cache. Object smaller than this number are not held. This
parameter is set in KB.
To set the Minimum Cache Object Size, enter a number
between 1 and 1,000,000 KB. By default, the size is 102,400
KB.
Note that the Minimum Cache object size must be smaller than
the Maximum Cache object size.
Parameter Item
Description
Maximum Client
Connect Time
Sets the ammount of time the client (browser) can be connected
to the cache process before a timeout is initiated. This is merely
a safeguard against clients that disappear without properly
shutting down. It is designed to prevent a large
number of sockets from being tied up in a CLOSE_WAIT state.
The default for this
option is 1440 minutes, or 1 day. Acceptable values are
between 1 and 5,000 minutes. To set the Maximum Client
Connect time, enter a number in the field between 1 and 5,000
minutes
Persistant Timeout
Sets the amount of time to wait for an HTTP request from the
client after the connection was established, or after the last
request was finished. It is set in seconds with acceptable values
between 1 and 10,000 seconds. To set the Persistent Timeout
value, eter a number between 1 and 10,000.
Transparency
This command configures the status of the interception proxy.
The interception proxy can be configured as transparent
(namely, the proxy server’s IP address will not be detected by
sniffing). Three statuses are possible:
Semi—applying transparency only on the Client side.
Full—applying transparency on both the Client and the server
sides.
Auto—setting the transparency status automatically according
to deployment, namely: Semi in On-LAN deployment and Full in
On-Path deployment.
To set the transparency mode, select one of the options from the
drop-down menu
Port Transparency
When enabled, preserves the origional client’s source port
informaiton. By default, this is disabled. When Transparency
(above) is set to either Semi or Auto in an On-Lan deployment
scenario, it is not recomended to set this feature to enable.
TCP Acceleration
When TCP Acceleration is configured in the TCP Acceleration
menu, you must also enable this parameter in order for the
acceleration to work correctly. By default, TCP Acceleration is
disabled, but to enable TCP Acceleration, select Enable from
the drop-down menu.
Cache
Authenticated
Requests
Lets you define whether to cache data that arrives from
authenticated servers, such as authentication requests.
If you set this option to Enable, the data from such servers is
cached even if no Public indication was set in the authenticated
server. If any other condition exists, which prevents the data
from being cached (for example: a Private flag), the data is not
be cached, but it is still accelerated.
Collect Statistics
Lets you start or stop the statistics collection. (Supposed to be
removed)
147
R ev isi o n 2. 0
148
Parameter Item
Description
Server Ports Table
The list in this table represents the port numbers that will be
intercepted by HTTP Acceleration. By default Port 80 is used for
HTTP traffic. Using this table, you can add additional nonstandard HTTP ports. Make sure the port number you add is not
used for other types of traffic.
Enable Proxy
Server
Select this box to enable the proxy server.
If this box is selected, you can set manually the proxy IP address
and the proxy port number.
Setting HTTP Acceleration Rules
The HTTP Acceleration Rules screen lets you configure Direct and No Cache rules
supported by HTTP acceleration.
To set HTTP Acceleration rules:
1. Click the following: Services > Web Acceleration> HTTP Acceleration>Rules.
2. In the Type field, scroll down to select either Direct Rule or No Cache Rule.
You should enter regular expressions in the edit fields of both rules.
The expression entered in Direct Rule should be valid on a URL, and determines
that all requests that match this expression are always forwarded directly to the
origin server, without using the proxy server. For example: if you apply rule
direct avaya, all requests that match the avaya regular expression are
forwarded directly to the origin server.
The expression entered in No Cache rule determines that traffic directed to a
specific URL, which matches this specific expression (for example: no cache
avaya) is neither cached nor retrieved from the cache, and after the traffic is
retrieved from the server it will not be cached.
In both cases (Direct and No Cache rules) you can define multiple rules.
See the diagram below:
149
Excluding from Caching via the WebUI
You can use the WebUI to exclude certain components of the traffic from either
HTTP or FTP caching.
To exclude from HTTP caching:
Acceleration>Exclusion.
2. In the Exclude by drop-down list choose whether to exclude by IP address,
Subnet or Hostname.
3. If you select to exclude by IP address, check the appropriate button to indicate
whether this IP Address comes from the Client or from the Server.
4. Enter the IP address you want to exclude.
5. If you previously selected the Server option, select now whether to let
AcceleratorOS assign a port number for you, by selecting the All option, or enter
a specific port number (preferably 80).
7. To exclude by Subnet, repeat steps 3. to 6. The only difference is that you have
to enter the subnet mask as well.
8. To exclude by Hostname, repeat steps 3. to 6. This option also requires you to
enter a Hostname. To enable excluding by Hostname, you first have to configure
a DNS that resolves the hostname. For details, see Configuring DNS, on
page 257.
R ev isi o n 2. 0
150
Enabling and Disabling FTP Caching
By default, FTP Caching is disabled.
To Enable or Disable FTP Caching:
1. Click the follwing: Services>Web Acceleration>FTP
2. In the FTP Acceleration field, select Enable from the drop-down menu to enble
FTP Caching. To disable, select Disable.
Settting the Cache Size
To set the Cache Size:
1. Click the follwing: Services>Web Acceleration> FTP
2. In the Cache Size field, enter a number to represent the size allotment for the
cache (between 1 and 60 MB).
To set the type of content to be cached:
1. Click the following: Services > Web Acceleration> FTP
2. In the Cache content field, scroll down to select one of the following types of
content to be cached:
All caches all traffic, be it link, virtual link or non-link.
Clearing FTP Cache
To clear the FTP acceleration cache:
2. Click the Clear Cache button.
151
To return FTP Acceleration settings to factory default:
1. Click the following: Services > Web Acceleration>FTP
2. Click the Set Default Values button and click OK when prompted.
Setting Advanced FTP Parameters
To open the Advanced HTTP Parameters menu:
2. In the Advanced FTP Parameters menu, click the + in the menu bar.
The Advanced FTP Acceleration Configuration opens, letting you set the following
parameters as shown in the following table:
Parameter Item
Description
Connect Timeout
The time period (in seconds) that should pass before
disconnection (default: 600).
Localization
Lets you enable or disable the option to view files in
languages that require Unicode characters, such as
Chinese.
Minimum Cache Object
size
Lets you set a default for the minimum size of the
cache object (0-5000KB, default: 1024).
Cache per User
Ascribes a cache object to a single user. Namely,
when a specific user accesses a file from the server,
the file is cached per this user, and the next time a
user with the same user accesses the file, it is served
from the cache. However, for anyone who logs in with
a different user name, the file is fetched directly from
the origin server and not from the cache.
Transparency
Sets the interception proxy as transparent (namely,
the proxy server’s IP address will not be detected by
sniffing), on both the Client and the Server sides.
R ev isi o n 2. 0
152
To Exclude from FTP Caching:
Acceleration>Exclusion.
2. In the Exclude by drop-down list choose whether to exclude by IP address,
Subnet or Hostname.
3. If you select to exclude by IP address, check the appropriate button to indicate
whether this IP Address comes from the Client or from the Server.
4. Enter the IP address you want to exclude.
5. If you previously selected the Server option, select now whether to let
AcceleratorOS assign a port number for you, by selecting the All option, or enter
a specific port number (preferably 80).
7. To exclude by Subnet, repeat steps 3. to 6. The only difference is that you have
to enter the subnet mask as well.
To exclude by Hostname, repeat steps 3. to 6. This option also requires you to
enter a Hostname. To enable excluding by Hostname, you first have to configure
a DNS that resolves the hostname. For details, see section Configuring DNS, on
page 257.
Configuring DNS Acceleration
The Accelerator’s Domain Name Server (DNS) Acceleration plugin enables the
Accelerator to act as a DNS caching device. By intercepting DNS requests and
saving them on the local Accelerator, the DNS caching feature shortens the
amount of time an end user waits for Web pages to appear and lessens
unnecessary requests from your network to the Domain Name Server asking for
Domain Name translations into IP addresses. DNS Caching is extremely useful
when the DNS server that the clients are accessing is across the WAN over a
high-latency link.
You can use the WebUI to set all parameters relevant for DNS acceleration and
DNS masquerading.
153
To set the DNS parameters:
1. Under Services click DNS Acceleration.
2. In the Parameters section, select first whether to enable DNS masquerading.
DNS masquerading enables the Accelerator to intercept traffic sent from the
Client to the DNS server and back, and masquerade the DNS response’s
address.
The translation of host names into the Accelerator’s user-defined addresses is
defined in the next section of this screen - the Static Hosts table.
3. Select whether to enable DNS acceleration, namely: let the Accelerator cache the
DNS addresses, thereby eliminating repetitive queries over the WAN.
4. Select whether to use Accelerator DNS, thereby defining the Accelerator as a
DNS client. By so doing, the Accelerator will always intercept traffic and use its
setting to process it, even if that traffic was sent to another DNS server. If you
enable this option, you have to configure a domain name server under Setup >
Networking > DNS. For details, see Configuring DNS, on page 257.
5. Use the Transparency field to select the appropriate transparency method:
Semi—the traffic is transparent to the Client, but the server sees it
as coming from the Accelerator.
Full—the traffic is transparent to both the Client and the Server.
R ev isi o n 2. 0
154
Auto—the transparency is determined automatically according to
the deployment level: either Semi (in On-LAN deployment) or Full
(in On-Path deployment).
6. Use the Min TTL field to determine whether to keep the Time-to-leave settings
defined by the DNS server (Preserve TTL) or set your own settings (1-1440
minutes).
If the TTL settings you defined here are longer than those set by the DNS Server
(for example: 60 minutes compared with 10 minutes, respectively), for any period
between these two values (as, in this example, 20 minutes) the Accelerator does
not use the DNS Server’s address and takes the address from its own cache.
To view the statistics for the queries since the last time the DNS Acceleration
feature was enabled, use the Statistics (lowermost) section of the DNS
Acceleration screen.
7. Use the Cache Size field to define the maximum number of records that are to
be kept in the cache. You can either select Auto to keep the system-defined
default, or select your own value.
To edit the Static Hosts table:
1.
Click DNS Acceleration, and click the + to open the Static Hosts Table.
The Add New Static Host dialog box opens.
3. In the Host Name field, enter the requested host name (for example:
www.expand.com).
4. In the IP Address field, enter a user-defined masquerading IP address the
Accelerator will use for the host name you had just entered.
5. Click Submit.
To edit the static host details, click on the host’s IP address.
155
To delete a static host from the table, click anywhere on the host’s row to select it
and then click Delete.
R ev isi o n 2. 0
156
Enabling Citrix Acceleration
Citrix Acceleration optimizes applications by using small packets such as Citrix,
rdp, and telnet. To configure Citrix Acceleration for such optimizations, match
application to class and enable the class on all links. To define advanced
configuration settings, such as class configuration and link-specific settings, use the
CLI.
The application names are predefined in the system. To add a new application, use
the Setup > My Applications menu.
The aggregation classes are as follows:
Citrix—enables Citrix acceleration on Citrix, telnet and ms-terminalserver applications.
Default—enables Citrix acceleration on small-packet, encrypted
applications such as pop3s, https and ftps.
Custom 1—enables Citrix acceleration on a specific, user-defined
link.
Custom 2—enables Citrix acceleration on a specific, user-defined
link.
To add a new match between an application name and
an application class:
1. Select an application name from the Select Application drop-down list.
i
2. Select an aggregation class from the Select Class drop-down list.
3. Click Add.
The new match now appears in the Matching Application to Class table.
NOTE: The Citrix Acceleration screen lets you apply Citrix aggregation only on
all links. To apply Citrix aggregation on a specific link, use the Post
Acceleration Aggregation section of the My Links table under Setup tab. For
details, see section Editing Existing Links, on page 263.
To apply a specific Citrix aggregation class on all
links:
1.
Select the Enable option for the relevant class.
2. Click the Apply to All Links button.
3. When prompted whether you want to configure Citrix acceleration on all links,
click OK.
E na b lin g C itrix A cc el era ti on
157
R ev isi o n 2. 0
158
Chapter 7: Configuring and Managing WAFS
This chapter introduces you to the Wide Area File Service feature and shows you
how to use it and manage it to streamline your buisness while maintaining control
over important company documents.
Topics covered in this chapter include:
Introduction to WAFS
Getting Started with WAFS
Enabling WAFS Configuration
Configuring the Data Center and Branch Office
Installing the License File
WAFS Management and Operation Modes
Managing the Data Center
Setting Advanced FileBank Features
Replication Service
Printing Services for the FileBank
Using WAFS Printing Services
WAN-OUT Operation
DNS Masquerading
Monitoring WAFS Functionality
Troubleshooting
160
C h ap t er 7: Configuring and Managing WAFS
Introduction to WAFS
WAFS stands for Wide Area File Service, namely: remote users who access files
over a WAN, such as branch office or mobile users accessing centralized storage.
Such users often experience poor performance when trying to access files that are
stored in a central location.
Expand Networks’ WAFS solution allows users fast and efficient access to
centralized storage by using intelligent, dynamic caching.
i
NOTE: This feature is only supported on Accelerators with a hard drive. If
your Accelerator does not have a hard drive and you want to have WAFS
functionality, contact your supplier.
Expand Networks’ WAFS Solution
Designed specially for distributed organizations, Expand's intelligent, dynamic
caching solution allows users fast and efficient access to centralized storage.
Expand enables global and fully secure direct file access to users at multiple sites,
as if they were at the same site as the files, eliminating the need for local file
servers and unreliable backup procedures.
By consolidating corporate resources, IT managers regain total control of
enterprise-wide storage, eliminating the cost and complexity associated with remote
system administration, replication, backup and maintenance.
I nt r o d u ct io n t o WAF S
161
The corporate Data Center is equipped with an Expand FileBank Director, and each
remote site (requiring access to the center) is equipped with an Expand FileBank.
Once these hardware devices are installed, branch office users can immediately
work with files located in the Data Center, with the same speed level and efficiency
as if they were working on their local file server.
Expand uses a patent-pending file system technology that allows direct access to
files located in distributed file storage architectures throughout the enterprise.
Network architecture can be deployed as a private network of leased lines, or a
virtual private network (VPN) that utilizes the public Internet in a secure way.
Expand provides the following features and benefits:
Centralization of storage and backup resources
Synchronous, reliable file operations
LAN-like performance
WAN Consumption optimization
Ease of installation and management
Seamless integration
Native security support
Many-to-many architecture
Integrated Branch IT Services
High resilience
R ev isi o n 2. 0
162
Expand's pass-through authentication technology seamlessly ensures enforcement
of enterprise policies such as user authentication, access rights verification and
quota management support.
Expand devices use regular LAN and power connections. Configuration is simple,
and no infrastructure changes are required. No client software is installed on the
Data Center file servers or on any of the remote office workstations.
Supported Servers
File Servers
Microsoft Windows® NT Server 4.0 SP3 and above
Microsoft Windows® 2000 Server
Microsoft Windows® 2003 Server
Network Device Filer series (ONTAP 6.x & 7)
Authentication Servers
Windows NT Server 4.0 Primary Domain Controller (PDC)
Windows NT Server 4.0 Backup Domain Controller (BDC)
Windows 2000 Server Active Directory Domain Controller
Windows 2003 Server Active Directory Domain Controller
Supported Clients
Microsoft Windows® NT Workstation 4.0
Microsoft Windows® 2000
Microsoft Windows® XP Professional
Expand Hardware Device Specifications
The Expand solution is available as an installed device (FileBank Director and
FileBank).
I nt r o d u ct io n t o WAF S
163
When planning the hardware specification for the FileBank and FileBank Director,
disk capacity is an important consideration, especially in consolidation
environments. Most of the device disk capacity is allocated for maintaining the
cache optimization state.
In general, the chances that a file is available on a FileBank cache improve with
cache partition size. However, because the cache is merely an optimization layer
(meaning, the files are always available on the file server), its size does not have to
be equal to the size of the total data set. Various approaches exist for estimating
optimum FileBank disk capacity, the most common of which are as follows:
Complete data set size (migrated from the legacy file server)
Working set size (for example: 30% of complete data set)
Per number of branch users (for example: 0.5GB x number of branch
users)
The FileBank Director is connected On-LAN to the file servers, and
therefore its cache state is less critical than that of the remote branch
FileBank, which is connected over the narrow-bandwidth, high-latency
WAN. FileBank Director disk capacity planning should take into
account the percentage of data that is shared between branches (that
is, the level of inter-branch collaboration), and a size estimation of the
working set. As a rule of thumb 10-20% of the accumulated branch
FileBank cache is sufficient. Both FileBank and FileBank Director
employ LRU (Least Recently Used) cache management, so a
dynamic, working-set cache is always maintained.
Domains
The FileBank acts as a server in the Windows Domain hierarchy. Windows Clients
at the remote office will see the FileBank as part of this domain when connecting to
the network, and after appropriate mapping.
When configuring the FileBank for the first time, you are asked which domain to
join, so obtain the domain name in advance. In order to perform the join operation,
a user with sufficient access rights is required, namely: a user that is part of the
domain adminstrators’ group.
R ev isi o n 2. 0
164
Authentication
Identify the name of the authentication server. The authentication server must be a
Windows NT/2000/2003 server that can authenticate users accessing the domain
(Windows NT v4.0 Primary/Backup Domain Controller or Windows 2000/2003
Active Directory Server).
i
NOTE: You are advised to utilize the domain controller of the local remote
branch office, when applicable.
G et ti n g Start ed w i t h WAF S
Getting Started with WAFS
165
Overview
The main steps for configuring the Data Center are as follows:
1. Enabling WAFS Configuration, on page 166 - to prepare the Accelerator for
WAFS Services.
2. Configuring the Data Center and Branch Office, on page 174 - to specify the file
bank and file bank director
3. Installing the License File, on page 184 - to install the license file
4. FileBank Categories, on page 188 - to start the WAFS service
Note that the order that these steps are taken does matter and performing these
steps out of sequence may result in the WAFS services not running. Make sure
that you finish a step before proceeding to the next one.
R ev isi o n 2. 0
166
Enabling WAFS Configuration
There are three steps that need to be done in order to enable WAFS configuration:
Configuring the File Server/Domain Controller
Defining Network Settings
Enabling WAFS Operation Mode
Configuring the File Server/Domain
Controller
Configuration of the File Server/Domain Controller consists of the following steps:
Defining the shared directories on the File Server, from which remote
and local users can access files
Changing the Login scripts (if any are used within your organization)
Defining Shared Directories
To let users access a specific shared directory:
1. Right-click the folder you want to share (using Windows Explorer, My Computer,
or any other Windows convention) and select Properties and the New Share
Properties dialog box opens.
E n ab li ng WA F S C o nf ig u r a ti on
167
2. Click the Sharing tab and define share properties.
3. Repeat this procedure for all directories you want to share.
Defining User Permissions
To define which users can access the shared directory:
1. Click the Permissions button on the Share Properties dialog and the
Permissions for New Share dialog box opens.
R ev isi o n 2. 0
168
2. Add the users who are allowed to access the shared directory and define
permissions for each user.
3. Click OK and proceed to the next step, Defining Network Settings.
Defining Network Settings
To define the network settings, use either the Accelerator 6940 front-panel LCD or
the CLI command line.
i
NOTE: AcceleratorOS v6.xx should be displayed, where xx is the
maintenance release number (for example 6.00) in addition to a status
display (Ready, Bypass, or various error messages.).
To prepare the Accelerator to work in WAFS mode:
Follow these steps to establish the WAFS services:
1. Log in to the AcceleratorOS WebUI.
2. Enter the setup wizard.
The AcceleratorOS setup wizard appears:
169
3. If you do not intend to define a link on this device (namely, to use the device as
an Accelerator), press Cancel and continue with the FBD configuration.
4. In the dialog box that appears, click OK to confirm the closure operation.
5. In the Basic tab of the My Accelerator screen, fill-in the device name as shown
below and click Submit.
R ev isi o n 2. 0
170
6. Move to the Time tab to enter your local time settings. You are advised to set the
Accelerator’s time and date manually (default).
7. Select Setup > Networking, and then go to the DNS tab. This tab lets you
configure the domain name server.
171
8. Fill-in the domain name in the Domain Name field.
9. In the Domain Name Table pane, click Add to add the domain name.
In the dialog box that opens now, enter the domain name(s) for the servers in the
order of preferential usage and click Submit.
10. Selct the IP Domain Lookup type as Enable.
11. Type the domain name server IP address in the field and click Apply.
Enabling WAFS Operation Mode
To enable the WAFS Operation Mode:
1. Select Services > WAFS.
2. Select File-Bank Director as WAFS operation mode, as shown below:
3. Click Submit.
4. Use the dialog box that appears now to confirm the creation of the WAFS service.
5. The next dialog box prompts you to execute write configuration and perform
reboot to enable creation of WAFS service.
6. Click OK and then click the Write command at the top of the screen (encircled
below):
R ev isi o n 2. 0
172
7. Click Close.
8. Select Tools > General Tools and click the Reboot button to apply your new
settings.
9. In the dialog box that appears now, click OK to confirm the reboot operation.
173
Excluding Servers or Subnets from
WAFS
It is possible to exclude specific servers or subnets from receiving the benefit of
WAFS services.
To exclude servers or subnets:
1. From the Services Menu, click WAFS, then click Exclusion
2. In the Exclude by field select: IP address, Subnet, or Host name.
3. Select either client or server side.
4. Enter a valid IP address and click Add.
To delete an entry in the exclude table:
1. Select the row of the entry.
2. Click Delete.
R ev isi o n 2. 0
174
Configuring the Data Center and
Branch Office
There are two components to the Data Center: the File Bank Director, and the File
Bank. When put on the network, they work together to create a virtual file server
system, in order to accelerate company file sharing as shown in the diagram below.
The WAFS screen lets you view the current WAFS operation mode: either FB
(FileBank) or FBD (FileBank Director).
In addition, this screen lets you select whether to enable WAFS transparency. If
you enable this feature, the FB will poll the FBD for all file servers it recognizes, as
well as each server that is added or removed. All IP addresses of these file servers
are resolved, and all traffic destined to the servers is redirected to the Accelerator.
In order for the data center to function, the following steps need to be done:
Setting Up the File Bank Director
Setting Up the File Bank
Setting Up the File Bank Director
You should run the Setup Wizard prior to activating the FileBank Director, as part
of the initial FileBank Director installation. You can later use the FileBank Director
Administration GUI for modifying any of the installation parameters.
The Setup Wizard lets you set up FileBank Director in several simple steps. (In the
last step, you have the option of modifying parameters before accepting them.)
To run the setup wizard for the File Bank Director:
1. Make sure you are logged into the machine you want to set as file bank director.
2. From the AcceleratorOS Home Page, select Services > WAFS.
3. In the WAFS Operation Mode field, choose File-Bank Director from the dropdown menu.
4. You will notice that the WAFS Configuration button is now enabled. Click this
button to enter the WAFS Management screen.
i
NOTE: WAFS Management is a pop-up window, and therefore you need to
allow blocked content (pop-up) to be able to display it.
C on f ig u r in g t h e D ata C en t er an d B r an ch O f f ic e
175
5. Click Setup Wizard in the Left Window Pane to envoke the Setup Wizard. The
wizard has four main screens:
File Server Settings - the one that is open now
Summary
Confirmation and Application
6. Proceed to the next section, File Server Settings.
File Server Settings
In this section you will set the Domain Settings.
File Server Name Here
Alias Here
R ev isi o n 2. 0
176
To set the File Server settings:
1. In the fields indicated in the window above, Type in the names of the servers and
their aliases. The alias field is optional. When an alias is not defined for a file
server, the default alias will be the FileBank Director’s host name.
2. Click Next >> to proceed to the next section, Summary, on page 176.
Summary
In this section you see the settings that you made from the previous section, File
Server Settings, as shown here in the diagram.
At this stage the wizard displays a summary of all parameters entered during
setup, prior to applying them to the FileBank Director.
To confirm the settings:
1. Review the list for any possible errors. If you see an error, click Setup Wizard
and make necessary changes.
2. To accept all parameters and configure the FileBank Director device, click Apply.
3. Proceed to the next section, Confirmation and Application.
The following screen appears to allow you to restart the Accelerator and apply the
settings.
177
To apply the settings:
1. To apply the settings, click Restart. To confirm all changes have been made
sucessfully, a confirmation screen appears.
R ev isi o n 2. 0
178
2. Install the license as directed in Installing the License File, on page 184.
3. Once the license is intalled go to the machine that will be the File Bank and
follow the directions as described in Setting Up the File Bank, on page 178.
Setting Up the File Bank
You should run the Setup Wizard prior to activating the FileBank, as part of the
initial FileBank confiuguration. You can later use the FileBank Administration GUI
for modifying any of the installation parameters.
The Setup Wizard lets you set up a FileBank in several simple steps. (In the last
step, you have the option of modifying parameters before accepting them.) Once
Setup is complete, you need to install the license.
Overview
To configure the branch office:
1. Connecting the FileBank device to the branch office LAN.
2. Setting up the FileBank device. For details, see section Setting Up the File Bank,
on page 178.
3. Configure the client computers.
To run the setup wizard for the File Bank:
1. Make sure you are logged into the machine you want to set as file bank.
2. From the AcceleratorOS Home Page, select Services > WAFS.
3. In the WAFS Operation Mode field, choose File-Bank from the drop-down
menu.
4. You will notice that the WAFS Configuration button is now enabled. Click this
button to enter the WAFS Management screen.
i
NOTE: WAFS Management is a pop-up window, and therefore you need to
allow blocked content (pop-up) to be able to display it.
179
1. Click Setup Wizard in the Left Window Pane to envoke the Setup Wizard. The
wizard has four main screens:
File Server Settings
File Bank Director Settings
Summary
2. Proceed to the next section, File Server Settings.
Domain Settings
In this section you will set the Domain Settings.
R ev isi o n 2. 0
180
To set the domain settings:
1. After the screen appears, fill in the fields with the correct information as shown
below:
Windows Domain—this is the domain that you will use to connect
to the File Bank. You will need to have administrator’s username
and password in the screen that follows (see Summary, on
page 182) in order to set this parameter.
Authentication Server—supply the name of the domain controller.
Make sure the name you use is known to the DNS.
Virtual Server Prefix—If you are not using WAFS transparency,
you should add a prefix to the server’s name so that all requests to
the file bank (FB) are directed to the VFS and not to the actual
server. You may also add a suffix. Note that this prefix is added
to all servers.
Virtual Server Suffix—If you are not using WAFS transparency,
you should add a suffix to the server’s name so that all requests to
the file bank (FB) are directed to the VFS and not to the actual
server. You may also add a prefix. Note that this suffix is added
to all servers.
2. Once you have filled in these fields, click Next >> and proceed to the next section,
File Bank Director Settings, on page 181.
181
File Bank Director Settings
In this step, you define the file servers to be exported by the FileBank Director.
To indicate the File Bank Director:
1. This step is critical because it will indicate to the File Bank which server or
servers are to be the File Bank Director. Type in the names of the file bank
director you indicated in File Server Settings, on page 175 and in the order
indicated. If you mismatch these settings it may have an effect on user
performance.
2. Click Next >> to proceed to the next section, Summary, on page 182.
R ev isi o n 2. 0
182
Summary
At this stage the wizard displays a summary of all parameters entered during
setup, prior to applying them to the FileBank Director.
To confirm your settings:
1. Review the list for any possible errors.
2. To accept all parameters and configure the FileBank Director device, click Apply.
3. Proceed to the next section, Confirmation and Application.
The following screen appears to allow you to restart the Accelerator and apply the
settings.
183
To apply your settings:
1. In order to assure that the File Bank is joined properly to the Windows domain
that you set in Domain Settings, on page 179, the user that has administrative
rights to the Windows domain should enter his/her username and password and
click Join.
2. To apply the settings, click Restart. To confirm all changes have been made
sucessfully, a confirmation screen appears.
3. Go to the next section, Installing the License File, on page 184.
R ev isi o n 2. 0
184
Installing the License File
The <Default ¬¹ Font>Expand<Default ¬¹ Font> WAFS feature requires installing a
valid license on both the File Bank Director and File Bank machines. The License
Settings screen displays the current FileBank License status, which is Invalid at
the initial setup stage (or if an earlier license has expired). Use this screen to
attach a valid license file, which should be already available on your computer or
on the network.
To install a license:
1. After the system reboots, log in to the WebUI , click Services>WAFS> and click
the WAFS Configuration Button
2. In the left window pane, under Utilities, click on License Settings.
3. Use the License Settings screen to attach a valid license file to the <Default ¬¹
Font>Expand<Default ¬¹ Font> device. The current License Status: "Valid" or
"Invalid" is indicated on this screen.
i
NOTE: Without a valid license installed, the FileBank Director and the File
Bank cannot function.
4. Use the Browse button to locate the license file on your system.
5. When the correct path to the file appears in the field, click Install. The license
file is installed, and the License Status is updated on the screen.
6. If you have installed the license for the File Bank Director only, see Setting Up
the File Bank, on page 178. If you have installed the license for both the File
Bank Director and the File Bank you can now start the WAFS service and
In sta ll in g t he L ic en se F il e
185
proceed to FileBank Categories, on page 188For other WAFS topics, see the
table below for additional information.
To
See
Start, stop, restart, or
reboot
FileBank Categories, on page 188
Define or change File Bank
Director settings
Defining FileBank Director Settings, on
Add or delete system users
Managing System Users, on page 194
Add file servers
Adding File Servers, on page 195
Change the compression
filter setting
Managing the Compression Filters List,
Consolidate file services
Replication Service, on page 209
page 193
on page 197
R ev isi o n 2. 0
186
WAFS Management and Operation
Modes
This section discribes the management and configuration of the WAFS service
under FileBank and FileBank Director operation modes.
The following topics are discussed:
The WAFS Management Screen
FileBank Categories
FileBank Director Categories
The WAFS Management Screen
In general the WAFS Management screen will look the same from both WAFS
operation modes (FileBank or FileBank director). Unless indicated, the features
described within will be for both modes. The WAFS Management screen is divided
into the following sections:
Status Bar—along the top
Navigation Pane—on the left
Workspace—the main area, on the right
Clicking a selection from the navigation pane opens the relevant page in the
workspace. The navigation pane is divided into the following main categories:
System—for detailed description, see Setting Up the File Bank
Director , on page 174 and Setting Up the File Bank, on page 178.
File Services—for detailed description, see section Managing File
Services, on page 192
Additional Services—(FileBank Operation mode only) for a
detailed description, see Configuring Additional Services, on
page 215.
Utilities—for detailed description, see section FileBank Utilities, on
page 190.
WA FS M a n ag em en t a n d O pe r at i on M o de s
187
FileBank Director Categories
The following sections describe the WAFS management screen work categories, as
viewed when the WAFS operation mode is FBD (FileBank Director):
FileBank Director System, on page 187
File Services, on page 188
FileBank Director Utilities, on page 188
FileBank Director System
The System category includes the following subsections:
Setup Wizard—lets you set up FileBank Director in several simple
steps. Once Setup is complete, the FileBank Director can function.
You should run the Setup Wizard prior to activating FileBank Director.
All parameters set via the Setup Wizard can be modified within the
GUI. For more information, see Setting Up the File Bank Director, on
page 174.
Boot services—lets you control FileBank Director service and device
status. Controlling the service status lets you start, stop or restart
FileBank Director service. Controlling the device status lets you reboot
or shut down the FileBank Director device. For more informaiton see
Managing the Data Center, on page 191.
R ev isi o n 2. 0
188
File Services
This section describes the following functions offered by FileBank Director:
FileBank Director Settings—lets you define the Listen Port
Assignments settings and set the FileBank Director ID. The TCP (data
transfer) and UDP ("keep alive") ports are set to 4049 by default, but
can be changed if necessary.
System Users—used for managing internal users that are used by
specific Expand services (for example: Replication Service).
File Servers—to add file severs to be exported through the Expand
WAFS solution and the FileBank Director, enter the file server name—
and optionally an alias—in this screen.
Filters—allow Expand to avoid unnecessary compression attempts on
files that are already compressed, thereby improving overall system
performance.
Replication Services—the method by which the system can be set to
optimize the handling of very large files over the bandwidth-limited
WAN link.
FileBank Director Utilities
This section describes the FileBank Director utilities, which are as follows:
System Diagnostics—lets you run a diagnostic test on the FileBank
Director device to ensure that the device is working properly. The
results of the test will be displayed in the Results area of this screen.
Logs—lets you generate FileBank Director activity logs for monitoring,
optimization, and troubleshooting purposes.
License Settings—displays current FileBank Director license status
(Valid/Invalid) and is used for attaching a valid license file if this was
not done during Setup, or if an earlier license has expired.
FileBank Categories
The following sections describe the WAFS management screen work categories,
as viewed when the WAFS operation mode is FB (FileBank):
FileBank System, on page 189
File Services, on page 188
WA FS M a n ag em en t a n d O pe r at i on M o de s
189
Additional Services, on page 190
FileBank Utilities, on page 190
FileBank System
The System category includes the following subsections:
Setup Wizard—lets you set up FileBank in several simple steps. Once
Setup is complete, the FileBank can function. You should run the
Setup Wizard prior to activating FileBank. All parameters set via the
Setup Wizard can be modified within the GUI.
Boot services—lets you control FileBank service and device status.
Controlling the service status lets you start, stop or restart FileBank
service. Controlling the device status lets you reboot or shut down
the FileBank device.
FileBank Services
This section describes FileBank File Services functions, which are as follows:
FileBank Directors—displays the current FileBank Director(s) for the
FileBank, and lets you add or delete FileBank Directors as necessary.
Virtual Servers—lets you configure FileBank to automatically add a
prefix and/or suffix to the original file server name defined at the
FileBank Director site, to represent the local virtual server. This helps
distinguishing the local virtual server name from the Central File
Server name.
Windows Domain—lets you join the FileBank to the domain, use
domain administrator credentials (Username and Password), set the
domain name, and add or delete authentication servers.
Cache Settings—gives you cache statistics, and lets you control basic
cache functionality: cache validation frequency, and manual cache
invalidation.
Fetch Settings—lets you define which data will be fetched from the
Data Center for pre-population of the Cache. Once fetched, this data
resides in the Cache and can be accessed immediately. Thus prepopulation optimizes first-time access to this data.
System Users—lets you add and delete FileBank system users.
Filters—provides smart filters to enhance performance and bandwidth
optimization over the WAN.
R ev isi o n 2. 0
190
Replication Services—the method by which the system can be set to
optimize the handling of very large files over the bandwidth-limited
WAN link.
Additional Services
This section describes the FileBank Additional Services, which are:
Print Services—you can configure FileBank to serve as the local
branch print server. This screen lets you add network printers, view a
list of already existing printers, and delete printers, as required.
FileBank Utilities
This section describes the FileBank utilities, which are as follows:
System Diagnostics—lets you run a diagnostic test on the FileBank
device to ensure that the device is working properly. The results of the
test will be displayed in the Results area of this screen.
Logs—lets you generate FileBank activity logs for monitoring,
optimization, and troubleshooting purposes.
License Settings—displays current FileBank License status (Valid/
Invalid) and is used for attaching a valid license file if this was not
done during Setup, or if an earlier license has expired.
System Statistics—displays a list of connected users, with their
Session ID, Username, Group and Machine. To update the list, use
the Refresh button.
M a n ag in g t h e D ata C en t er
Managing the Data Center
191
This section covers
The following topics are discussed:
Starting the Data Center, on page 191
Managing File Services, on page 192
Configuring FileBank Services, on page 199
Starting the Data Center
If you have configured the File Bank and File Bank Director and have installed the
license file on each machine you will need to start the WAFS service on each. In
addition to starting the WAFS service, the following options can be performed:
Start the File Bank Director Service
Stop the File Bank Director Service
Restart the File Bank Director Service
Reboot the File Bank Director Device
Shutdown the File Bank Director Device
Note that, in order to start the WAFS services, you must follow this step.
Caution should be made when stopping, starting, or restarting the WAFS service as
this may interfere with other users who have work in progress.
To start, stop, restart, reboot, or shutdown:
1. Access the Boot Services screen by clicking Boot Services under the System
Menu lets you to control FileBank Director service and device status.
R ev isi o n 2. 0
192
2. Perform one of the following actions:
!
!
!
!
Start the File Bank Director Service—Click Start
Stop the File Bank Director Service—Click Stop (See warning!)
Restart the File Bank Director Service—Click Restart (See
warning!)
Reboot the File Bank Director Device—Click Reboot (See
warning!)
Shutdown the File Bank Director Device—Click Shutdown (See
warning!)
CAUTION! Stopping or Restarting the device while users are connected will
interfere with their work in progress.
CAUTION! If you click Reboot or Shutdown, there is no confirmation dialog so
the operation is carried out immediately. Make sure you want to do this before
clicking! Note too that if you reboot or shutdown while users are connected their
work progress will be affected.
Managing File Services
This section describes File Services options, which are as follows:
Defining FileBank Director Settings—for FileBank Director mode only,
on page 193.
Managing System Users, on page 194.
Adding File Servers—for FileBank Director mode only, on page 195.
193
Managing the Compression Filters List, on page 197.
Replication Service, on page 209.
Defining FileBank Director Settings
The FileBank Director Settings screen lets you set the Listen Port Assignments and
the FileBank Director ID. The TCP (data transfer) and UDP ("keep alive") ports are
set to 4049 by default, but can be changed if necessary.
FileBank Director Settings is also used for changing the FileBank Director ID in a
multi FileBank Director environment—where each FileBank Director is automatically
assigned its own, unique, integer ID. FileBank Director ID should not be changed
once the system is running, because such a change will result in resetting the
cache optimization state (namely, the cache associated with the initial ID will
become obsolete). Also, if the ID is changed and matches the ID of another
machine, errors will result.
R ev isi o n 2. 0
194
To change Listen Port Assignments:
1.
Make sure you are using the FileBank Director WAFS operation mode.
2. From the WAFS left menu pane, under File Services select FileBank Director >
Settings
3. Type in the new TCP value.
4. Type in the UDP value.
5. Click Apply.
To change FileBank Director ID:
1.
Make sure you entered the WAFS menu using FileBank Director Operation
Mode.
2. From the WAFS left menu pane, under File Services select FileBank Director >
Settings
3. Type in the new unique ID. It is best to write this ID down for future reference.
4. Click Apply.
Managing System Users
The System Users screen (File Services > System Users) is used for managing
internal users that are used by specific <Default ¬¹ Font>Expand<Default ¬¹ Font>
services (for example: Replication Service).
195
To add a user:
1. From the WAFS left menu pane, under File Services select System Users.
2. Fill in the new user's Domain Name, Username and Password. Verify the
password by typing in the same password you entered in the Password field.
3. Click Add and the User’s information is added to the list at the bottom.
To delete users from the current list:
1.
From the WAFS left menu pane, under File Services select System Users.
2. Select the checkbox for the user, or users, to be deleted
3. Click Delete.
Adding File Servers
To add more file severs to be exported through the <Default ¬¹
Font>Expand<Default ¬¹ Font> WAFS solution and the FileBank Director, type in
the file server name—and optionally an alias—in the File Servers screen (File
Services > File Servers).
i
NOTE: When the FileBank Director is configured to export a DFS root, it is
necessary to export all the participating DFS file servers on the FileBank
Director side.
R ev isi o n 2. 0
196
To add a user:
1. Make sure that you entered the WAFS menu using FileBank Director Operation
Mode.
2. Fill in File Server Name, and optionally an Alias
3. Click Add.
To delete servers:
1. Make sure that you entered the WAFS menu using FileBank Director operation
mode.
2. Fom the Exported File Servers section, select one or more checkboxes.
3. Click Delete.
197
To Set a CIFS User:
mode.
2. In the Set a CIFS User section, fill in the following information:
Domain Name
User Name
Password
Verify Password—make sure the password you enter here matches
the password you enter in the Password field.
3. Click Set.
To delete a CIFS User:
mode.
2. This will clear all of the listed CIFS users. There is no confirmation and action will
take place immediately.
3. Click Clear.
Managing the Compression Filters List
The <Default ¬¹ Font>Expand<Default ¬¹ Font> WAFS solution compresses data
that travels across the WAN, to optimize performance. However, several file types
are already compressed and cannot be compressed further. The compression filters
allow <Default ¬¹ Font>Expand<Default ¬¹ Font> to avoid unnecessary compression
attempts on files that are already compressed, thus improve overall system
performance.
The Compression Filters list (File Services > Filters) shows you all file extensions
that the system will not attempt to compress.
If you are using compressed files of a type that is not currently included on the
Compression Filters list, you can add it. You can also delete extensions from the
list, if you are sure that they are not compressed and were added by mistake.
R ev isi o n 2. 0
198
To add a filter:
1. From the WAFS left menu pane, under File Services select Filters.
2. Type in the file extension in the form *.xxx (where xxx is a three or four-letter fileextension).
3. Click Add.
To delete filters:
1. From the WAFS left menu pane, under File Services select Filters.
2. Select one or more filter checkboxes.
3. Scroll down to the bottom of the Compression Filters list.
!
!
4. Click Delete.
CAUTION! Do not delete filters that were included in the list by <Default ¬¹
Font>Expand<Default ¬¹ Font>! Files of these types are known to be compressed
and do not require further compression. You should only delete a filter if was
added by mistake.
199
Configuring FileBank Services
This section describes FileBank File Services functions that are only accesible
through the FileBank Operation mode, which are as follows:
FileBank Directors
Virtual Servers
Windows Domain
Cache Settings
Fetch Settings
FileBank Directors
To access the FileBank Directors screen, click File Services > FileBank Directors in the
Navigation Pane (see figure below). This screen displays the current FileBank
Director(s) for the FileBank, and lets you add or delete FileBank Directors as
necessary.
R ev isi o n 2. 0
200
To add a FileBank Director:
1. Make sure that you entered the WAFS menu using FileBank operation mode.
2. Enter the hostname.
3. Enter the TCP port number
4. Enter the UDP port number
i
5. Click Add.
NOTE: You may leave the TCP and UDP fields blank, in which case the
default value - port 4049 - is applied to both.
To delete a FileBank Director:
2. Select one or more checkboxes of hostnames in the current FileBank Directors
list
3. Click Delete.
Virtual Servers
You can configure FileBank to automatically add a prefix and/or suffix to the
original file server name defined at the FileBank Director site, used for representing
the local virtual server (File Services > Virtual Servers). This helps distinguishing
the local virtual server name from the Central File Server name.
i
CAUTION! Virtual Server Name = File Server Alias + any prefix/suffix added
here. If neither a prefix nor a suffix is defined, DNS Masquerading or WAFS
Transparency must be activated, to avoid name resolution conflicts. For details
regarding DNS Masquerading, see DNS Masquerading, on page 229. For
details regarding WAFS Transparency, see section Managing WAFS
Transparency, on page 535.
The lower half of the screen lists Exported Virtual Servers and their connection
status ("Connected"/"Disconnected").
201
d
To create the virtual server name:
2. Type in a prefix and/or a suffix.
3. Click Apply.
Windows Domain
The Windows Domain screen (File Services > Windows Domain) is used for
carrying out the following tasks:
Joining the FileBank to the domain.
Using domain administrator credentials (Username and Password)
Setting the domain name
Adding or deleting authentication servers.
R ev isi o n 2. 0
202
Cache Settings
The Cache Management screen (File Services > Cache Settings) provides you
with cache statistics, and lets you control basic cache functionality: cache validation
frequency, and manual cache invalidation.
Time to Live (TTL) settings
These settings determine how often the FileBank verifies directories or file data
with the FileBank Director. Time to Live applies only to directory listing and readonly files. Cache coherency is maintained regardless of these settings.
Higher values mean better cache performance, whereas lower values mean that
read-only data is more accurate.
203
Invalidate Cache
The Invalidate button resets the TTL for the cached information, thereby forcing the
FB to validate the updated information with the EFS.
i
NOTE: Access to Data Center versions of cached files is verified prior to the
invalidation. Cache files are not invalidated if Data Center versions are not
available.
System Users
The System Users screen (File Services > System Users) lets you add and delete
FileBank system users.
R ev isi o n 2. 0
204
To delete users from the current list:
1. Select the checkbox for the users to be deleted.
2. Click Delete.
The Expand WAFS solution uses smart filters to provide additional performance
and bandwidth optimization over the WAN. Two types of filters are listed on the
Filters screen (File Services > Filters):
Short Term File (STF) filters
Compression filters
STF Filters
Short Term Files (STFs) are files that are saved locally on the FileBank and not
sent to the central server. Use the STF Filter for files that exist for a short term and
for any other files you do not want to be backed up on the central file server (for
example: photos and media files).
The STF Filter list displays all file extensions that the system is currently configured
not to back up. You can add to or delete from this list as necessary.
i
NOTE: All Files that match the STF filter extensions selected are notbacked
up.
S e t ti ng Ad va n ced Fi leB an k F ea tu r e s
205
S e t t i n g A d va n c e d F i l e B a n k Features
This section covers advanced features that you can configure to the FileBank for
added functionality. Topics covered include:
Configuring the Fetch Mechanism, on page 205
Replication Service, on page 209
Replication Service Activation, on page 211
Configuring Replication Services, on page 212
Configuring Additional Services, on page 215
Configuring the Fetch Mechanism
This section covers topics related to the Cache. Topics discussed in this section
include:
Fetch Mechanism Overview, on page 205
Fetch User, on page 206
Fetch Jobs, on page 206
Fetch Settings, on page 207
Creating Fetch Jobs, on page 208
Fetch Mechanism Overview
The Fetch mechanism lets you pre-populate the FileBank cache with specific data
sets from the data-center file server. Cache pre-population optimizes “first-time”
data access to files and directories by utilizing the <Default ¬¹ Font>Expand<Default
¬¹ Font> advantage: once a particular data set is saved in the local FileBank cache,
future requests for files from that set will require the transfer of minimal amounts of
data over the WAN, speeding up service.
Depending on the mode in which files are opened by Clients, FileBank
synchronously validates that the cached data is updated, and acquires file locks on
the Server.
Although cache pre-population is not essential, for performance reasons it is
strongly recommended that in file server consolidation scenarios you pre-populate
the branch files working set as a minimum (for example: user home drives).
i
NOTE: File types that have been configured as Short Term Files (STF) or
Replication files, are not pre-populated by the Fetch mechanism.
R ev isi o n 2. 0
206
Fetch User
The fetch user is the internal user that performs the data pre-population on the
cache. The fetch user must have sufficient security permissions to traverse the file
system and read permissions for the files being transferred. You can configure the
fetch user on the FileBank using the user CLI command, or the System Users option
in the management web interface.
Fetch Jobs
The term Fetch jobs describes the entities that will be pre-populated onto the
FileBank cache. A fetch job is defined by the path and the fetch user that will be
used for fetching that path. The path is expressed in UNC format (starting with
virtual server name), and the user command argument is entered in
{domain\user} format.
A fetch job can aggregate multiple paths under one entity (see the fetch jobs paths
option). Activating a multiple path job effectively creates a fetch instance for each
specific path.
207
Fetch Settings
The Fetch Settings screen (File Services > Fetch Settings) controls the prepopulation of the Cache with specific data from the Data Center. Once fetched, this
data resides in the Cache and can be accessed immediately. Thus pre-population
optimizes first-time access to this data. The Fetch Settings screen lets you define
which data will be fetched for pre-population. This screen lists Fetch Jobs and their
current status.
Fetch Jobs describe the entity that should be fetched (namely, a
specific directory on a file server). For details, see section Creating
Fetch Jobs, on page 208.
Fetch Instances represent Job runs. For details, see section Creating
Fetch Jobs, on page 208.
R ev isi o n 2. 0
208
Fetch Activation
Once configuration is complete, you can activate the Fetch mechanism by running
fetch jobs, and subsequently manage it by running fetch instances.
Fetch Jobs are created with a single path. You can add paths as necessary, as
described below.
Creating Fetch Jobs
Choose and start the fetch job you want to run. Each time a job is started a new
Fetch instance is created.
To create a Fetch job:
2. In the Add Job area of the Fetch Settings screen (File Services > Fetch
Settings), fill-in the following parameters:
Vserver - as described in section Virtual Servers, on page 200.
Path - a specific folder on a file server.
Domain - as described in section Virtual Servers, on page 200.
Username - as described in section System Users, on page 203.
3. Click Add.
The new job is added to the list of Fetch Jobs.
4. Add one or more paths to this Fetch Job, as required, by typing the requested
UNC path and priority, and then clicking Add.
The paths are added to the Fetching Paths list, and are now part of this Job.
5. When you have added all necessary paths, click the Back to Fetch Settings link
at the bottom of the screen.
This link takes you back to the general Fetch Settings screen, for all Fetch Jobs.
209
To delete a Fetch job:
2. Select the checkbox for the job.
3. Click Delete.
To start a Fetch instance:
2. In the Fetch Jobs list of the Fetch Settings screen, select the checkbox for the
Job.
3. Click Start.
An instance of the Fetch Job is started, and is added to the Fetch Instances list.
To stop a Fetch instance:
2. Select the instance in the Fetch Instance list.
3. Click Stop.
To add Fetch instances:
2. Fill-in the following parameters for the new user:
Domain name
Username
Password
3. Click Delete.
To delete Fetch instances:
2. Select the checkbox for the instance.
3. Click Delete.
Replication Service
One of the main challenges resulting from the consolidation of file services in a data
center, is how to grant users efficient access to very large files over the WAN,
despite limited bandwidth and high latency. The Expand replication service
R ev isi o n 2. 0
210
addresses this challenge, by reducing bandwidth consumption at peak hours. With
this feature, administrator-defined file types (such as. *.PST, *.GHO) are served
locally at the branch by the FileBank virtual server, while a recurring replication
process handles daily synchronization with the data center file server (at times of
low WAN bandwidth consumption).
When you create a new file (of a type that is replicated), this file is synchronously
created on the central file server with its security metadata (namely ACLs), but
without the actual file data. The file data is then updated asynchronously by the
recurring replication process. The same principle applies to changes made to
existing files.
!
!
CAUTION! Replication is an asynchronous process, and as such, should be
activated only for files used exclusively by the branch. Sharing replication files
between branches can result in data loss.
Replication service configuration includes the following parameters:
Replication
Replication
Replication
Replication
User, on page 210
File Types, on page 210
Schedule , on page 211
Paths(optional), on page 211
Replication User
The Replication User is an internal user that performs file replication for the
system. The replication user must have sufficient security permissions for
traversing the file system and writing permissions to replicate to the file server.
The replication user is set both on the FileBank and on the FileBank Director.
Replication File Types
The Replication service handles replication on the basis of file extension (for
example: *.mdb for Microsoft Access files), not file size. All files whose extension is
on the list of Replication File Types are handled by the replication mechanism,
regardless of their size.
When changes are made to the list of Replication File Types, you must reboot the
FileBank for the changes to take effect.
211
Replication Schedule
Replication is programmed to run once a day to synchronize changes between the
FileBank and the Data Center file server. You are advised to run replication at offpeak hours, when WAN bandwidth is least utilized. You define the time of day (UTC
value) that replication starts, and you can also force a stop time (namely: stop the
process even if replication is not complete). You can also run a non-scheduled
replication at any time by using the Replication Start and Stop options, either over
the web or through the CLI.
i
NOTE: AcceleratorOS supports only DNS masquerading and not WINS
masquerading. Therefore, all clients who have NT 4.0 or earlier systems, which
use WINS servers, need to have DNS servers as well to let us support them.
i
NOTE: Replication Start and End times are defined as UTC values.
Replication Paths
By default, the Replication Service searches the entire file system for files that
correlate to the Replication File Types list. Alternatively, you may define specific
paths to be searched (instead of the entire file system). The replication path can
point either to a share or to a directory within a share. Defining replication paths
results in a faster replication process. When using this option, files outside the
specified paths are not replicated.
i
NOTE: When no replication paths are defined, the replication feature searches
the entire file system for files to be replicated. However, once one or more
replication paths are defined, the feature searches only on the defined paths.
Replication Service Activation
General system configuration must be complete before you activate replication.
Once the service is activated, FileBank may be populated with the initial set of files.
Service Activation on FileBank Director
On the FileBank Director side, you need only to define the replication user and start
the replication server that runs on the FileBank Director. Initial service configuration
and activation are easily performed, by using either the FileBank Director web
management or the replication setup command (CLI).
R ev isi o n 2. 0
212
Service Activation on FileBank
On the FileBank side, service configuration includes defining: replication user,
replication file types, and the daily Start time (the definition of replication paths, and
of a Stop time, are optional, as described above). Initial service configuration and
activation are easily performed, by using either the FileBank Director web
management or the replication setup command (CLI).
Once configuration is complete, the replication service must be enabled on the
FileBank.
Initial Pre-population of Large Files on FileBank
Working with replication services on large files requires pre-populating the files
located in the paths we want to replicate, before starting to work with the FileBank
in the field. Pre-populating involves copying an initial, up-to-date "snapshot" of all
qualifying replication files, from the file server that holds them. This "snapshot"
consists of file data and metadata (for example: timestamps and security
attributes).
You can perform the initial pre-population by either running the replication
start initial CLI command or using data migration tools (such as Robocopy,
or Secure copy) to copy the files from the legacy branch file server to the FileBank
virtual server.
Once pre-population is complete, users can start working on the files.
i
i
NOTE: File pre-population onto the FileBank is a prerequisite for working on the
replication files.
NOTE: Replication files that are on the file server but have not been prepopulated onto the FileBank cache are visible in directory listings, but are
empty if opened.
Configuring Replication Services
The Replication Services screen (File Services > Replication Services) displays
the current status of the Replication Service, and allows you to Start and Stop it. It
also gives you access to the Replication User screen (see section Replication
User, on page 210).
For details of what the Replication Service does, see section Managing the
Compression Filters List, on page 197.
i
213
NOTE: Before you can start the Replication Service for the first time, you must
define a valid Replication User. For more details, see section Replication User,
on page 213.
Replication User
The Replication User is an internal user that performs file replication for the system.
The Replication User Screen (Replication Services > Replication User) displays
the currently defined user, and lets you clear (in other words, delete) the current
user, and/or set a different user.
i
NOTE: The Replication Service cannot function unless a valid Replication User
is set. This user must have sufficient security permissions for traversing the file
system and writing permissions to replicate to the file server.
R ev isi o n 2. 0
214
To set the replication user:
1. In the Replication Services screen (File Services > Replication Services), click
the Replication User link.
!
!
CAUTION! You should configure the same replication user on the FileBank
and the matching FileBank Director.
NOTE: The Replication Service cannot function unless a valid Replication User
is set. This user must have sufficient security permissions for traversing the file
system and writing permissions to replicate to the file server.
i
2. Select the checkbox for the required user, and then click Set.
To clear the current Replication User (without setting
another):
1. In the Replication Services screen (File Services > Replication Services), click
the Replication User link.
The Replication User screen opens, showing the current user.
2. Click Clear.
!
i
!
CAUTION! You should configure the same replication user on the FileBank
and the matching FileBank Director.
The user is no longer the Replication User.
NOTE: Using the replication services requires creating a new user..
Pri nt i ng S erv ice s fo r th e F il eB an k
Printing Services for the FileBank
215
Configuring Additional Services
This section describes the FileBank Additional Services, which currently include the
Print Services.
Print Services
You can configure FileBank to serve as the local branch print server. The Print
Services screen (Additional Services > Print Services) lets you add network
printers, view a list of already existing printers, and delete printers, as required.
For additional information about print functions, see section Setting Advanced
FileBank Features, on page 205.
R ev isi o n 2. 0
216
To add a printer:
1. Type in the printer name (preferably a descriptive name such as “Konica 7022”,
“frontdesk” or “floor5”).
2. Type the printer URI(an identifying string such as socket://192.168.1.21:9100/.)
3. Enter a brief description to help other users identify the printer.
4. Click Add.
The printer is added to the list of printers available to branch users (this list
displays Name, Description, and URI).
To delete a printer:
1. Select the checkbox near the name of the printer you want to delete.
2. Click Delete.
Configuring Print Services (FileBank)
Once FileBank is installed at the branch office, you can configure it to replace the
existing local print server (or servers).
FileBank includes the following features:
Lets administrators manage network printers and upload end-user
drivers through the Windows “Add Printer Wizard”
Lets clients download and install drivers and printers via
“Point'n'Print”, or install printer drivers locally
Supports standard network printing protocols
Can be connected directly to the printer
Adding a Network Printer to FileBank
The first stage when installing a new printer to the FileBank, is to set the printer
entry and URI.
217
Assigning Printing Administrators
Only assigned printing administrators can upload printer drivers. Printing
administrators must be users with full access and write credentials on the central
fileserver PRINT$ share.
The default printing administrator values are: Administrator (individual) and
@Administrators (group name). In many cases the default setting is not sufficient
and you need to assing additional user(s) and groups.
i
NOTE: Group names must be prefixed with @.
i
NOTE: Printing administrators must posses full access and write credentials on
the central fileserver Prints share.
Point’N’Print Configuration
Once you have defined printers, printing mode and printing administrators on
FileBank, you can upload printer drivers to the print server. This Enables clients to
use the “Point'n'Print” feature, which automatically installs the associated printer
driver the first time they access a particular printer.
Uploaded drivers are stored on the central file server and cached on the local
FileBank (a valid network connection between the FileBank and the FileBank
Director is required).
R ev isi o n 2. 0
218
The initial listing of printers in the FileBank Printers and Faxes folder, accessed
from a Client, has no real printer driver assigned to it. The standard Windows Add
Printer Wizard (APW), run from NT/2000/XP clients, is used for printer driver
upload.
NOTE: The existence of PRINT$ share on the central file server is a
prerequisite for uploading/downloading printers drivers ("Point’n’Print").
i
Uploading Printer Drivers
1. Log in to a workstation as a user who is also defined as a printing administrator.
2. Browse to the FileBank’s virtual server name, by doing one of the following:
Open Network Neighborhood and browse to the virtual server
name,
OR
Click Start > Run, and type in the UNC path of the virtual server:
\\{virtual server name}
3. Open the Printers and Faxes folder, locate the printer you have added to
FileBank, right-click on the printer icon, and select Properties (from the menu).
You are trying to view the printer’s properties before a driver has been assigned
to it, and therefore the dialog box shown below appears.
!
!
CAUTION! Do not click Yes.
4. Click No.
5. Do one of the following:
Install a new printer driver (thereby activating the Add Printer
Wizard, see next step).
OR
219
If one or more drivers have already been installed, you can select
one of these drivers from the drop-down list. (If no drivers have
been installed this list will be empty.)
6. If installing a new driver, follow the Windows Add Printer Driver Wizard.
7. After driver upload is complete, perform the first client driver installation, as
described in the next section.
First Client Driver Installation
After uploading a printer driver or drivers, you must perform the First Client Driver
Installation. Once this initiation step is concluded, further clients are easily set up
and should not require further attention.
1. Log in to any workstation as a user who is also defined as a printing administrator
and has administrator rights on the workstation.
2. Browse to the FileBank’s virtual server name.
3. Right-click on the relevant printer, and select Connect from the menu.
4. The printer is added to the local Printer folder (you can verify this by clicking Start
> Settings > Control Panel > Printers and Faxes).
5. use the following procedure to trigger the printer driver startup.
Right-click on the printer and select Properties.
i
NOTE: If Connect still appears on the right-click menu, the driver is not yet
installed. Return to step 3 above.
R ev isi o n 2. 0
220
On the Advanced tab, click Printing Defaults.
Change the current page orientation (Portrait/Landscape) and click
Apply.
Restore original page orientation and click Apply.
At this stage you may also want to set other printing defaults that
will apply to all future clients wanting to carry out "Point’n’Print"
driver installation.
From now on, any client wanting to install this printer can just "Point’n’Print".
Verifying Point’n’Print Installation
After completing the above two stages, you are advised to verify that "Point'n'Print"
is functioning correctly.
1. Log in to any other workstation (with permission to install drivers locally).
2. Locate the printer (Start > Printers and Faxes) and double-click it.
3. Verify that drivers are installed.
i
NOTE: If you are running Windows 2000, a dialog box may appear at this
stage.
4.
5.
6.
7.
Open the print queue for the printer.
Print a test page.
Verify that the print job is added to the print queue and prints out correctly.
Verify that printer properties are visible (see the driver-specific fields)
Manual Client Driver Installation
Once you have defined your printers on the FileBank, you can optionally install
printer drivers locally on workstations (without relying on "Point’n’Print").
1. Log in to a workstation as a user who has administrator rights on the workstation.
2. Browse to the FileBank’s virtual server name, by doing one of the following:
Open Network Neighborhood and browse to the virtual server
name,
OR
Click Start > Run, and type in the UNC path of the virtual server:
221
\\{virtual server name}
3. Open the Printers and Faxes folder (Start > Printers and Faxes), locate the printer
you have added to FileBank, right-click on the printer icon, and select Properties
(from the right-click menu).
You are trying to view the printer’s properties before a driver has been assigned
to it. Therefore, the following message appears:
4. Click Yes.
The Add Printer Wizard (APW) opens.
5. Select the driver to associate with the printer, install it and connect.
Verifying Driver Installation
To enable a client to use the FileBank as the print
spooler, communicating by using IPP (Internet Printing
Protocol):
1. Open the print queue for the printer.
2. Print a test page.
3. Verify that the print job is added to the print queue and prints out correctly.
To verify driver installation for each Client:
1. Add a printer to the FileBank.
2. Log in to the workstation to which you to install a printer as the workstation’s
administrator.
3. Browse to the Client’s Control Panel.
4. Open the Printers and Faxes folder (Start > Printers and Faxes).
5. On the File menu, click Add Printer.
The Add Printer wizard opens.
R ev isi o n 2. 0
222
6. Select the button Connect to a printer on the Internet or on a home or office
network.
7. In the URL field, enter the URL for the printer in the following format:
http://<FileBank's hostname>:631/printers/<printer’s name>
8. Click Next.
9. Select the appropriate driver to install, and use the wizard for completing the
installation.
10. When done, print out a test page.r
i
NOTE: Installing the IPP printer drivers to a workstation does not require
additional settings on the FileBank other than adding the IPP printer URL to the
FileBank.
i
NOTE:Client side IP configuration does not support “Point’n Print.”
To connect a printer to the FileBank server:
1. Connect the printer to the FileBank server via USB (or parallel port if no USB is
available).
2. Use the WebUI to add a printer.
Printing Setup Troubleshooting
Issue: I cannot select a new driver to upload, the option
is disabled.
223
1. Ensure that a PRINT$ share is defined on the central file server.
2. Verify that you are logged in as a printing administrator, with full read and write
access to the PRINT$ share.
3. Ensure that this user is defined as a printing administrator (see section Assigning
Printing Administrators, on page 217.)
I get an Access Denied message when trying to upload
drivers
1. Verify that PRINT$ share exists on the target's central fileserver.
2. Verify that you are logged in as a printing administrator with full read/write access
on the PRINT$ share.
3. Verify that you have set the printing driver to server at the FileBank:
> printing drivers set server
and then repeat the driver upload procedure (see section Uploading Printer
Drivers, on page 218).
When I try to print out a test page I get one of the following errors:
“Operation could not be completed”
“Could not add a print job”
R ev isi o n 2. 0
224
4.
5.
6.
7.
8.
“Print test page failed”
Ensure that you have initialized the printer by performing the first Client driver
installation, before trying to print (see section First Client Driver Installation, on
page 219).
If the printer driver is not yet installed on the workstation, Ensure that you are
logged in as an administrator for this workstation.
Verify that the printer is connected and operational (look for errors such as
network connection problems, paper jam and out of paper).
Print jobs are not cleared from the queue (even after refreshing the
queue) and are not printed
Verify that the printer is connected and operational ((look for errors such as
network connection problems, paper jam and out of paper).
Verify that the printer’s URI is defined correctly on the FileBank, and that the
printer supports the protocol given and is configured to acknowledge on the
specific protocol (IP, port, protocol).
Us in g WAF S P r in t in g S e r vi ce s
Using WAFS Printing Services
225
Adding a WAFS Printer via Windows
WAFS now lets you use the Windows Add Printer Wizard to add a Server printer on
a remote computer.
To add a Server printer:
1. Go to the Printers and Faxes section on the server from which you want to add
the printer.
2. In the Printer Taks pane, click the Add a Printer button.
The Add Printer Wizard dialog box appears:
3. The next screen lets you either select the port you want your printer to use or
create a new port:
R ev isi o n 2. 0
226
4. Select the option of creating a standard TCP/IP port.
5. Use the following dialog box to add a printer name or IP address and a port
name.
6. Use the standard Windows wizard to continue with the installation.
WAN-OUT Operation
WA N - O U T O p e r a ti on
227
<Default ¬¹ Font>Expand<Default ¬¹ Font>’s WAFS solution includes support for
WAN-OUT Operation mode, providing necessary business continuity for cases of
temporary WAN outage. When a disconnection event is identified, the system
automatically switches to WAN-OUT Mode.
Cached Content
During WAN-OUT mode all cached content is treated as valid, namely: all cached
files are made available to users. However, because the FileBank Director is not in
sync with the FileBank, all files that were already cached at the time of the
disconnection event remain unchanged in cache until the system resumes normal
operation. Therefore, when consulting the cache, TTL values are ignored.
Accessing Files and Directories
When an application tries to open a file, READ ONLY (RO) access is granted
(provided applicable security). Any other access flags - such as WRITE, DELETE,
TRUNCATE, CREATE are denied. Users opening files receive a notification as if
they have a read-only permission to the file. Copying a file to the Client’s hard-drive
is possible, along with all security and permission data, provided that the user has
the applicable security to do so. In WAN-OUT mode all operations that attempt to
change a file, a file system structure, or data are immediately responded with
"Access Denied" by the FileBank. The system is programmed to release locks on
the FileBank Director side after a configured period of time, for files that have been
locked on the file server by the FileBank Director prior to the disconnection event.
Security
In WAN-OUT Mode, the system maintains all applicable security measures with
respect to access authorization to data and files, hence users are able to open any
of the files they are authorized for and that are in the cache for RO at all times in
disconnection mode. Users that have been in a session prior to the disconnection
event will not have to re-login during the entire process. New user sessions are
subject to existence of branch domain control services.
R ev isi o n 2. 0
228
Partially Completed Transactions
A disconnection event may occur in the middle of a transaction. In this case, the
FileBank responds to the user as if the request was received in WAN-OUT mode,
namely: unless the FileBank has received an affirmative success response from the
FileBank Director regarding the completion of the operation, it assumes the
operation has not been successful and will switch to the WAN-OUT mode.
Partial Disconnection
In some cases, a single FileBank is connected to multiple FileBank Directors at
different physical locations. A failure in one or several of these FileBank Directors
is possible, resulting in a situation where only a part of the files accessed by the
RBO are now under ‘disconnection’. As the FileBank has the notion of the origin of
each file (namely: the specific FileBank Director that manages the file), the system
selectively enters the WAN-OUT mode for files from FileBank Directors that are
disconnected and operates normally with files from FileBank Directors that have
valid connection.
Reconnection
When the reconnection event is identified, the system automatically switches to
normal operation mode, and re-establishes the FileBank-FileBank Director
connection. Users that have made changes to files and saved them locally (if this
was the case) must manually copy the altered files from the local storage to the file
server via FileBank.
DNS Masquerading
D NS Ma sq ue rad i ng
229
One primary objective of the <Default ¬¹ Font>Expand<Default ¬¹ Font> solution is
to provide a truly dynamic global file system. To ensure that data is always
accessible across the distributed organization, <Default ¬¹ Font>Expand<Default ¬¹
Font> must anticipate and overcome challenges introduced by common network
issues and user usage patterns. Some key requirements of a global file system
include:
Common name space – the solution must be fully coherent with the
existing naming convention used across different branch offices. For
example, a file server named “efs” should be accessible, using this
name, to branch offices with or without <Default ¬¹
Font>Expand<Default ¬¹ Font> FileBank.
Direct access on failure – users in branch offices should be able to
access the file server at the data center should the FileBank at their
location become unavailable.
Roaming user support – support of mobile users travelling between
different branch offices. The system should automatically redirect
users to the nearest FileBank according to the user's current location.
To meet these requirements, Expand supports DNS Masquerading. Using DNS
Masquerading, Expand becomes part of the DNS scheme in the organization, and
uses DNS to overcome challenges associated with the above requirements.
DNS Masquerading Benefits
Common Name Space—To ensure that users across the organization
can seamlessly access directories at the Data Center, regardless if
their individual office uses FileBank, Expand supports common name
space conventions with and without the device.
Direct Access on Failure—One of the most important features of any
network device is that of fail over and high availability. To ensure that
remote office users continue to access the file server at the
datacenter, even in cases of planned or unplanned downtime of the
FileBank, Expand uses DNS masquerading to redirect users directly to
the file server over the WAN.
Roaming Users Support—Further complicating the already
challenging management of distributed organizations are roaming
users who travel between locations. Expand uses DNS masquerading
R ev isi o n 2. 0
230
to ensure that roaming users have access to centralized data even
when they move from one office to another. Each time the user
reboots or wakes the computer from hibernation, the DHCP server
pushes a new DNS server list. If the office uses FileBank, the
FileBank will be listed as the primary DNS as described above.
DNS Masquerading Configuration
To configure DNS Masquerading:
1. In the Setup screen, go to the Networking tab.
2. Select the DNS option.
3. Set the IP domain lookup table status to Enable.
4. Fill-in the relevant details in the Servers table, Domain name table and Static
host table
i
NOTE:Configuring the NetBios domain name should be carried out via WAFS
CLI.
5. In the Services screen go to the DNS Acceleration tab.
6. Set the DNS Masquerade status to Enabled.
Fill-in the relevant IP Address (the FileBank IP Address) and Host Name (Fully
qualified domain name)
231
7. In the Services screen go to WAFS. Click on WAFS Configuration.
8. In the WAFS Management screen select System Setup wizard.
Ensure that the virtual server name includes no prefix, suffix or alias, and is
identical to the file server name. At the end of the process, the WAFS details
should be similar to the following:
9. Use the WAFS CLI to verify that spnego option is on. (_auth spnego on). This
setting is essential in order for DNS Masquerading to function correctly.
R ev isi o n 2. 0
232
Do not use the DNS Masquerading option from the Additional Services menu.
Do not change any settings on the client. There is no need to change the primary
DNS server.
When the FileBank reboots, the client is immediately connected to the Fileserver.
When the FileBank is up, the client continues to be connected to the original
Fileserver. You are advised to reboot the client after the configuration
To use a local client for testing DNS masquerading:
1. Update the list of DNS servers configured on the client so that the FileBank is
configured as the primary DNS server. Do not define any additional DNS servers.
2. Open the command prompt window.
3. At the command prompt, perform an nslookup.
The nslookup should report the FileBank as the primary DNS server.
4. Issue an nslookup request for an existing virtual server (for example:
dsefs.demo.com). The IP address of the FileBank should be returned.
5. Issue a request to any other name recognized by the central DNS server. (for
example: www.cnn.com). The proper IP address should be returned.
General—If you use the domain controller as the file server,
consider defining a DNS alias to be used for accessing the file
server at the datacenter and the virtual file server at the branch
office. For example, you have a domain controller called dc1 that is
also used as the file server. Add an alias to the DNS server called
efs1, which points to the same IP address as dc1. On the FileBank
Director add the file server efs1 (use the command cifs export
efs1). Ensure that no prefix or suffix is defined on the FileBank
(see above).
Testing —DNS masquerading can only be tested when there is an
active virtual server. DNS masquerading is automatically turned off
when there are no active virtual servers to initiate switching to a
secondary DNS server.
Switching to and from FileBank
Changing the TTL of the file server DNS record—The time is
takes for the client to switch between the primary DNS and the
secondary DNS servers depends on the TTL of the file server DNS
record. You should set the TTL of the file server record to the
minimum in order to shorten the fail-over time.
The DNS client service does not revert to using the primary
DNS server—The Windows 2000 Domain Name System (DNS)
233
Client service (DNSCache) follows an algorithm when it decides the
order of the DNS servers configured in the TCP/IP properties. Refer
to Microsoft Knowledge Base for more information http://
support.microsoft.com/default.aspx?scid=kb;EN-US;286834
CIFS session timeout—In some cases, the client will fall back
from the EFS to the FileBank only after its CIFS session with the
EFS terminates. The time this takes is influenced by the session
timeout on the EFS, and can be configured by using the following
command on the Windows file server:
net config server /autodisconnect:<minutes>
R ev isi o n 2. 0
234
Monitoring WAFS Functionality
This section describes the Utilities options, which are as follows:
Running System Diagnostics
Viewing Logs
Running System Diagnostics
The System Diagnostics screen lets you run a diagnostic test on the FileBank
Director device to ensure that the device is working properly. The results of the test
are displayed in the Results area of this screen, and describe any problems with
the FileBank Director device. To start the test, click Run Diagnostics.
Viewing Logs
The Logs screen lets you generate activity logs of the FileBank Director for
monitoring, optimization, and troubleshooting purposes.
Generating a log archive may take several minutes. When finished, the log file is
saved in a default system location, and a link to the log archive appears in the Log
Archives section of the screen (newest on top).
M o ni t or in g WAF S Fu n ct io n al it y
235
R ev isi o n 2. 0
236
Troubleshooting
In this troubleshooting section it is assumed that:
1. A complete end-to-end Expand WAFS installation has been set up and
configured
2. Devices are connected to the network (L1, L2) correctly and the right network
(L3) settings have been applied
Troubleshooting Tools
Internal Diagnostics: An automated internal utility that provides an
immediate indication of the Expand device performance and issues.
This is the first tool that should be used when troubleshooting is
necessary. You should run this tool at both branch and data center
ends. For details, see Running System Diagnostics, on page 234
(FileBank), and Running System Diagnostics, on page 234 (FileBank
Director).
Logs: The internal system logs that can be viewed, archived and
uploaded. For details, see Viewing Logs, on page 234 (FileBank) and
on page 234 (FileBank Director).
Statistics: An internal tool that provides FileBank service statistics
(see DNS Masquerading, on page 234).
Status: The status CLI command reports on the current system
running status.
General Network Utilities: Ping, traceroute, ttcp, ifconfig, route, and
netstat.
Networking
No route/connection to the Expand devices
Check that the device is operational and is connected correctly to
the network (both Ethernet cable ends should be firmly in place).
Verify that the green light at the cable socket of each side is on.
Verify that network settings are correct, by examining the output of
the ifconfig CLI command. Pay particular attention to IP
address and netmask.
Tro ub le sh o o ti ng
237
Use the route CLI command to verify that routing tables are
correct.
Try to ping a machine in the same subnet (typically the gateway,
depending on your network topology).
No route/connection to the Domain Controller (authentication server)
Use the domain controller's IP address to check connectivity. If this
fails, refer to the previous section and correct networking/routing
problems.
Verify the name set for the authentication server. Use the CLI
authsrv command, or the relevant Web Interface page.
Try to ping the domain controller by its name. Failure to do so
indicates a name resolution issue. To resolve this issue, either add
the domain controller to the static hosts list (using the hosts add CLI
command), or verify correct DNS settings.
Ensure that you have applied valid DNS servers. Use the CLI
prompt command dns, or the relevant web interface page, to
assign/delete/list DNS servers.
Ensure that you have added the DNS suffix required to complete
the FQDN of the authentication server. Use either the CLI prompt
command dns search, or the relevant web page, to apply the
required suffix.
If the FileBank has not been configured with DNS servers, add the
authentication server name under the static hosts. Use the hosts
CLI prompt command, or the relevant web interface page, and
repeat a connectivity check to the authentication server.
No route/connection to Fileserver(s)
Ensure that you have correctly defined the server(s) that needs to
be exported by FileBank Director.
Verify that the file servers’ NetBIOS names are the names you
have defined to be exported by FileBank Director.
Try to ping the file server's NetBIOS names. Failure to do so
indicates a name resolution issue.
Verify correct DNS settings, including DNS search path.
Alternatively, use 'hosts' static entry to add them to the list, as
described in the previous section.
FileBank Director cannot access the file server on port 139
FileBank Director requires active ports 139 or 445 on the fileserver. If port 139
(SMB over NetBIOS) is disabled, enable the NetBIOS port as follows: browse the
R ev isi o n 2. 0
238
fileservers TCP/IP network properties, select the Enable NetBIOS over TCP/IP
checkbox and apply changes.
If NetBIOS is to remain disabled on the fileserver, please consult the Expand
support team support@expand.com for additional configuration settings.
No route/connection from FileBank to the FileBank Director
Expand utilizes TCP connection to transfer the data between FileBank and
FileBank Director. The UDP port is set to keep alive acknowledgements between
the two. Connection ports between FileBank and FileBank Director are set by
default to 80.
Ensure that the connection ports between the FileBank Director
and the FileBank match each other.
Use the FileBank Director CLI listenport command, or the
relevant web interface page, to verify/alter listen ports.
Use FileBank CLI fport command, or the relevant web interface
page, to verify/alter connection ports.
Ensure that the designated ports (UDP and TCP) are opened on
the firewall (if applicable), and that corresponding settings are
applied.
Check MTU (Maximum Transfer Units) consistency along the
network path. This check is especially needed with DSL
connections. Inconsistency may result in lack of communication.
Test different values for MTU using ifconfig CLI command. Try to
reduce the MTU gradually, and find the largest MTU value that
works for you (ping to verify).
If the problem persists, contact Expand support at
support@expand.com for additional information.
Windows Domain Join
Failed to join FileBank to the domain
FileBank must be joined to the domain just like any other domain
resource. When joined correctly, it appears as a resource object in the
active directory.
Verify that the correct domain name is set, and a route to the
authentication server (DC) is assigned. Use CLI commands
authsrv and domain, or the relevant web interface page, to
apply settings correctly.
239
The user that is entered upon joining the domain must have
adequate permissions on the domain to join computer objects.
Ensure that the hostname of the FileBank is a valid NetBIOS name,
and does not exceed 15 characters. If necessary, redefine the
hostname and rejoin the FileBank to the domain.
If the problem persists, contact Expand support at:
support@expand.com.
Service
System status: "Not Running"
Verify the system was started, and try to start it again using
restart CLI command.
Run the status CLI command, and check reported errors in
command output.
Run the diagnostics CLI command, and check reported errors in
command output.
Ensure that the Expand license is installed and valid.
If the problem persists, contact Expand support at:
support@expand.com
System is running, no virtual servers appear on FileBank
Run the diagnostics CLI command on the FileBank Director to
verify connectivity to the file server/s, and that FileBank Director is
able to read file server shares.
If FileBank Director cannot read shares, verify the existence of
shares by accessing the file server directly frrm a workstation
(namely, not via Expand), and define a share listing user (when
necessary) using the FileBank Director cifs user CLI command.
Run the diagnostics CLI command on FileBank to verify
connectivity to FileBank Director.
Run the gns refresh CLI command on FileBank.
Verify that the defined connection ports associated with the various
FileBank Directors match the FileBank Directors’ listen ports (the
listen port can be explored at the FileBank Director end, by issuing
the listenport CLI command or the relevant Web Interface
page).
Verify that no firewall is blocking the FileBank Director/FileBank
connection ports.
Workstations cannot connect to FileBank virtual server(s)
R ev isi o n 2. 0
240
1)Name Resolution Issues
Possible Error Messages
Network name no longer exists
The network path was not found
Start troubleshooting by verifying virtual server name resolution.
Clients connecting to FileBank virtual server/s require NetBIOS
name resolution. Ensure that the client can resolve the virtual
server NetBIOS name by using at least one of the following
options:
Broadcast on the same LAN segment
WINS entry
Local workstations settings (LMHOST/HOST files)
DNS entry (a reverse entry is also needed)
i
NOTE: A DNS entry can be used when the FileBank exports only one virtual
server, If the FileBank exports more than one virtual server, the Expand DNS
masquerading feature can be utilized to support a DNS resolution (see also
section must be in Active mode and set to version 2 for RIP Route Injection to
operate. For more information, see section DNS Masquerading, on page 229.
Permissions and domain trust issues
Access denied
Continue troubleshooting by verifying user permission to access the central server
resource, and the existence of necessary domain trust when applicable.
Try to connect directly to the central file server (meaning, not via
Expand) by using the same domain user.
Run the diagnostic command via CLI or the web interface, to
validate that FileBank is joined to the domain.
Verify that FileBank is joined to the correct domain.
241
If the FileBank is joined to a different domain than the centralized
file server, ensure that a trust exists from the central domain to the
FileBank domain.
Cache pre-population failure
Examine the errors in the fetch log.
Validate the correctness of the path given to the fetch job. From a
workstation browse directly to the FileBank giving the same fetch
job path.
i
NOTE: Fetch paths are case-sensitive.
Ensure that a valid domain user is assigned to all fetch jobs. From
a workstation, log in as the same user defined in the fetch job, and
browse directly to FileBank. Verify that this user has read
credentials by trying to read a file whose fetch has failed, according
to the logs.
If DFS is in use, ensure that the fetch job path is not a DFS path
(namely, //<virtual server name>/<DFS root>/<path>),
but instead points to the linked virtual server (namely, //<virtual
server name>/<share name>/<path>). To view the FileBank
virtual server names, use the CLI status command or the relevant
web interface page.
Replication failure
The replication service requires the definition of a replication user. The
replication user must have read and write permissions on the paths
where files are to be replicated. The same replication user should be
used for both FileBank Director and FileBank.
Ensure that you set a valid domain user as the replication user.
From a workstation, log in as the replication user, and browse
directly to the FileBank. Verify that this user has read and write
credentials by copying files to a replication folder.
Validate the defined replication paths. From a workstation, browse
directly to the FileBank, using the defined replication UNC path(s).
If DFS is in use, ensure that the replication paths are not DFS
paths
(i.e. //<virtual server name>/<DFS root>/<path>), but
instead point to the linked virtual server (namely, //<virtual
server name>/<share name>/<path>). To view the FileBank
virtual server names, use the CLI status command or the relevant
web interface page.
R ev isi o n 2. 0
242
Some of the DFS shares/folders are inaccessible
Find the physical server name that contains the inaccessible
shares/folders. Ensure that it appears in the exported file server list
(using FileBank Director cifs show CLI command or via FileBank
Director web interface).
Performance
If the Expand network environment has not been deployed/configured correctly,
users may experience the following problems:
Long delays while opening and saving cached files (WAN like)
Mapped network drive disconnections
Network Interfaces
View the NIC settings (use the CLI command ifconfig). Verify that
no errors have accumulated on the interface. Errors may indicate a
duplex/speed mismatch.
Check the Switch/Hub port settings to which the Expand device is
connected. The port settings must match the NIC settings of the
Expand device. In the case of a mismatch, use the CLI command
ifconfig to force settings on the NIC, such as the autonegotiation
mode, speed and duplex settings.
For optimum performance, ensure that the Link supports 100Mbps
FD settings.
Quality of Service (QoS)
Branch offices that utilize QoS should prioritize the DSFS protocol
between FileBank and FileBank Director. This will generally result
in an immediate and marked improvement in user experience. The
protocol uses by default port 4049, but for QoS you are advised to
use a different, distinguishable port. You can change protocol port
by using listenport/fport commands on the FileBank Director/
FileBank respectively. Ensure that you change all communicating
devices at the same time.
Route
Investigate the route legs along the communication path from a
workstation to the FileBank to the FileBank Director, terminating at
the file server.
Network location
Ensure that there is no significant latency (latency greater than
1ms) between the FileBank Director and its associated file servers.
243
Improved performance may be achieved if the file servers and the
FileBank Directors reside on the same LAN segment.
Ensure that there is no significant latency latency (latency greater
than 1ms), or any link mismatch, between the FileBank and the
workstations. Improved performance may be achieved if the
workstations and the FileBank reside on the same LAN segment
Bandwidth issues
Use the ttcp command (for more details, refer to the Expand CLI
Reference Guide) to check the available bandwidth between the
FileBank and the FileBank Director. Ensure that you compare both
directions (the FileBank should be the Client at the first check, the
Server at the second). This check can reveal bottlenecks and bad
settings along the network path.
Name resolution: Failover (WAN) issues
Several name resolution techniques, such as DNS masquerading and DFS, can
add seamless failover capabilities to the Expand solution. For more details see
section DNS Masquerading, on page 229.
With DNS masquerading in place, in the case of a failure, workstations are
automatically switched to resolve the virtual server name as the centralized file
server name. Failover lets the user continue to work without interruption, though
there may be a deterioration in user experience.
Ensure that workstations resolve the correct virtual server name.
You are advised to execute the nslookup command from the
workstations command prompt, giving the virtual server name as a
parameter. Verify that the IP returned is the same as the IP of the
FileBank.
Ensure that FileBank is defined as the workstation's primary DNS
(use ipconfig /all at the workstation command prompt).
To regain the correct name resolution of the virtual
server, execute the following steps from all
workstation involved in the failover:
1. From each workstation's command prompt execute the following commands (you
may want to aggregate the scenario in a batch process during workstations boot):
ipconfig /flushdns
nbtstat –R
R ev isi o n 2. 0
244
nbtstat –RR
2. Validate that the IP of the FileBank is returned upon querying the virtual server
name (use the nslookup command).
3. If the problem persists, contact Expand support at: support@expand.com.
Advanced Expand Services
DHCP Services
When FileBank acts as a branch level DHCP, FileBank’s network settings must all
be static (DNS, NTP, IP, routes, DNS search path and so on).
DNS lookup failed after defining a DHCP service
Define a valid FQDN extension for the DHCP server.
DNS Services
Workstations cannot browse the Internet or network mapping when
using the FileBank as a DNS proxy
Verify that DNS masquerading is running (for more details see
section DNS Masquerading, on page 229).
Ensure that the FileBank is defined as the workstation's primary
DNS (use ipconfig /all at the workstation command prompt).
Use the CLI dns command (or the relevant web interface page) to
verify that the primary corporate DNS server is properly set on the
FileBank.
DNS lookup failed for branch workstations
Ensure that the FileBank is defined as the primary DNS for that
client, and that a secondary DNS points to an corporate DNS.
Use the CLI prompt dns command (or the relevant Web Interface
page) to verify that DNS servers are set onto the FileBank.
Ensure that a search path (DNS suffix) is configured for the
workstations.
Duplicate IP error appeared when connecting in file server
Error message:
System error 52 has occurred: A duplicate name exists on the network.
Global Name-Space support (exported virtual servers equals file server alias
name): DNS masquerading might generate this error. To resolve, see Microsoft
245
Knowledge Base 281308 http://support.microsoft.com/default.aspx?scid=kb;enus;281308.
R ev isi o n 2. 0
246
Chapter 8: Setting Advanced Parameters
Advanced setup includes complex configuration that should be attempted only by
trained and certified Accelerator operators.
You can set the following advanced parameters for the Accelerator:
Handling WANs: Adding additional WANs, editing the default WAN,
adding a WAN via the CLIHandling Interfaces: modifying speed and
duplex settings via the My Interfaces menu
Creating Static ARP Entries: Modifying the ARP table
Defining Authentication Settings: Setting passwords for the
Accelerator
Dial-on-Demand: Deploying the Accelerator in environments that have
routers with dial-up (dial-on-demand) interfaces.
248
C h ap t er 8: Setting Advanced Parameters
Handling WANs
The Accelerator arrives preconfigured with one default WAN. To define the
bandwidth setting for this default WAN, select Setup - My Accelerator - Basic menu,
and then click the Advanced Settings button to open the Advanced Settings screen.
On large networks (for example in cases where there are two routers or one router
with multiple WAN interfaces) in which the Accelerator will optimize the traffic of
more than one WAN, you can add additional WANs to the Accelerator.
To add a WAN to the Accelerator:
1. Click the Setup tab, followed by Networking, and then My WANs.
2. In the WANs menu, enter the name and Bandwidth Out of the new WAN.
Select the Enable Bandwidth In checkbox to set a bandwidth limit on incoming
traffic, then select the Bandwidth In value and click Add.
The new WAN will appear below the default-WAN in the WAN table.
Highlight a WAN and use the Delete button if at any point you want to delete a
WAN.
3. To edit an existing WAN, highlight the WAN in the WAN Table and click the Edit
WAN button. The Edit WAN popup appears, letting you modify the WAN name,
and the Bandwidth In and Bandwidth Out values.
Ha nd l in g WAN s
i
249
NOTE: The total WAN bandwidth will always be enforced. It is the sum of
all WANs configured for the Accelerator
R ev isi o n 2. 0
250
Handling Interfaces
The Accelerator automatically detects the MAC address and Speed and Duplex
settings for each of its interfaces. You can perform all required speed and duplex
setting modifications via the My Interfaces menu. The interface name corresponds
to the name printed on the back panel of the Accelerator and cannot be modified.
The MAC address is permanent and cannot be modified.
The Speed and Duplex settings let you define the link as either 10 or 100 Mbits (or
1000 Mbits for the Accelerator 6800 series) and as either Half or Full duplex.
The Auto setting automatically configures the Accelerator to the detected link
speed and duplex setting (this is the default setting).
i
i
NOTE: Setting wrong interface speed and duplex values for the Accelerator
may result in many errors on the line towards the router, and even loss of
connectivity. If you are uncertain as to the speed and duplex setting required,
you can use the Auto setting; however, you are advised to manually set the
speed and duplex.
NOTE: When the Accelerator is installed in an On-Path deployment, ensure
that both interface 0/0 and 0/1 have the same link speed and duplex settings.
If the Accelerator operates in bypass mode for any reason, this will enable the
two devices adjacent to the Accelerator to interact.
In additon, if you are using an Accelerator that has multi-port support, each port will
be listed as shown here in the table:
H an d lin g I nt e r fa ce s
251
To modify interface speed and duplex setting:
1. Click the Setup tab, followed by Advanced, and then My Interfaces.
2. In the Interfaces Table, click on the name of the Interface to be modified, use the
Speed & Duplex drop-down menu to select the proper speed and duplex setting
and click Submit.
Working with VLAN
The Accelerator supports protocol 802.1q VLAN. VLAN is a virtual layer on top of
the Ethernet that enables the Ethernet to be divided into smaller virtual groups. You
can add up to 255 VLAN groups to the Accelerator.
You can set Each VLAN group, identifiable by a number, on any basis (precise
location, department, primary application, type of user, and so on). The Accelerator
can incorporate itself into a VLAN network as follows: you can assign the
Accelerator a VLAN ID, enabling it to be considered as part of a VLAN group.
If VLANs are defined on the Accelerator, all VLAN traffic passes as bridged traffic.
Defining a VLAN as Native means that the Accelerator uses the IP address from its
local interface as the IP address for a particular VLAN. The Accelerator will handle
packets arriving tagged from the Native VLAN, but will forward them without the tag
(this is especially useful in setups in which the router does not support VLAN).
Setting the Accelerator to work in with Native tagged will enable the Accelerator to
set one VLAN as Native with the IP address from its local interface, but will forward
packets received from the native VLAN with the tag.
If traffic is already handled (for example if VoIP is set on a separate network and
receives priority), the traffic that is not to be handled by the Accelerator should not
be set as a VLAN and it should not be advertised anywhere in the Accelerator
network - the traffic should be bridged through the Accelerator.
R ev isi o n 2. 0
252
The following figure depicts working with VLAN in an On-LAN configuration.
In the setup depicted, VLAN 1, 2 and 3 are defined in the Accelerator. VLAN 1 is
defined as native, meaning that it takes its IP address from the Accelerator’s Local
interface. A second 802.1q trunk is created from the Layer-2 switch to the
Accelerator enabling VLAN support in an On-LAN environment.
H an d lin g I nt e r fa ce s
253
The following figure depicts working with VLAN in an On-Path configuration:
The Accelerator is connected directly to a Layer-2 switch via a VLAN (802.1q)
trunk. VLAN 1, 2 and 3 are defined in the Accelerator and VLAN 1 is defined as
Native.
To include the Accelerator in a VLAN group:
1. Click the Setup tab, followed by Advanced, and then VLAN Interfaces.
2.
3.
In the VLAN Interfaces menu, enter the necessary VLAN ID number (1 to 4094).
The Accelerator must have an extra IP address and Subnet Mask for each VLAN
group it joins.
To enter an IP address and subnet mask to be used within the VLAN group,
select the IP address radio button and enter the IP address and subnet mask
into the supplied fields.
R ev isi o n 2. 0
254
i
To use the Accelerator’s original IP address and subnet mask as its address
within the VLAN group, select the Native IP setting radio button. When Native is
selected, it is possible to select the Tagged checkbox to include the VLAN tag in
the packets sent from the Native VLAN.
All VLAN interfaces added will appear in the VLAN Interfaces table, at the bottom
of the screen.
NOTE: It is unusual for the Native VLAN to be tagged. Please check if indeed
it is. Otherwise the IP address in the Local Interface will act in the Native
VLAN
Cre at i n g Stat i c A RP E n t r i e s
Creating Static ARP Entries
255
If you want to make a replacement within the ARP table, you can add a static ARP
entry, by mapping a specific IP address to a specific MAC address.
To map a static ARP entry:
1. Click the Setup tab, followed by Networking, and then ARP.
2. In the ARP menu, add the IP address and MAC address to be mapped.
3. If this change is to be permanent, select the Permanent checkbox. Otherwise,
this entry will remain until the next Accelerator reboot, or until it is deleted from
the ARP table.
4. Click the Add Static Entry button.
The entry appears in the ARP table.
If you want to delete the entry, click the Delete button. To delete the entire ARP
table, including all its entries, click the Clear All button.
R ev isi o n 2. 0
256
Defining Authentication Settings
The Accelerator lets you modify the password necessary for logging in.
To modify the password:
1. Click on Setup, followed by Security, and then Users.
2. In the Users table, double-click the name of the user whose password you want
to modify. Alternatively, highlight the line of this user and click the Edit button.
The Edit User Details dialog box appears:
3. Enter the local password and re-enter it for confirmation.
Configuring DNS
Co n fi g ur in g DN S
257
The Domain Name Server (DNS) Configuration screen lets you manage Domain
Name Servers and define domain name, domain name search path and static
hosts.
To set a domain name:
1. Click the Setup tab, followed by Networking, and then DNS.
2. Enter the domain name in the Domain Name field.
3. Make sure that there is at least one entry in either the servers table or static host
table (see below if you need to add entries).
4. Select whether to enable or disable IP Domain Lookup.
5. Click Apply. The domain now appears in the Domain Name Table.
To add a new server:
1. In the Servers table, click Add.
2. In the Add New Server dialog box that opens now, enter the new server’s IP
address.
3. By default, the order is sequential and the newest entry is last. If you want to
4. change this order, select the new position in the Order drop down box. The order
may also be changed by using the arrows on the side of the table.
5. Click Submit. The newly added server now appears in the Servers Table.
To delete an existing server:
1. In the Servers table, highlight the line that contains the server address, in order to
select it.
2. Click Delete. You are now prompted to confirm the deletion.
3. Click OK. The server is now removed from the Servers Table.
To add a domain name:
1. In the Domain Name table, click Add.
2. In the Add Domain dialog box that opens now, enter the new Domain Name.
3. By default, the order is sequential and the newest entry is last. If you want to
4. change this order, select the new position in the Order drop down box. The order
may also be changed by using the arrows on the side of the table.
5. Click Submit. The newly added server now appears in the Domain Name Table.
R ev isi o n 2. 0
258
To delete an existing domain name:
1. In the Domain Name table, highlight the line that contains the domain name, in
order to select it.
3. Click OK. The server is now removed from the Domain Name Table.
To add a static host:
1. In the Static Host table, click Add.
2.
3.
4.
5.
6.
In the Add Static Host dialog box that opens now, enter the new Host Name.
Enter a valid IP address.
Click Submit. The newly added server now appears in the Servers Table.
To delete an existing static host:
In the Static Host table, highlight the line that contains the Static Host name, in
order to select it.
8. Click OK. The server is now removed from the Static Host Table.
Managing Links
M an ag in g L i nk s
259
A Link is a logical connection between the Accelerator and each connected remote
site and its subnets. The Accelerator optimizes network performance over Managed
Links as well as Virtual Links. The Accelerator’s benefits are greatest when working
opposite another Accelerator, in a “Managed Link” environment. The Accelerator
can provide QoS services even to virtual links, when there are no Accelerators
present on the remote sites. In addition to Managed and Virtual links, the
Accelerator enables configuration of a single “Non-link”. The Non-link is the default
link for all traffic not assigned to any known subnet or remote Accelerator (for
example: Internet traffic), which can be managed like any other link, allowing you to
determine traffic QoS and bandwidth restrictions for all traffic not destined for your
remote networks and Accelerators.
Clicking the Advanced button from the My Links menu, or highlighting a link in the
table and clicking the Edit button, enables complex link configuration.
To set advanced link properties:
1. Click the Setup tab, and then My Links.
2. Enter basic link properties (for more information see section Performing Setup via
the Wizard, on page 21).
3. Click the Advanced button.
4. In the Link Details Menu, update any additional parameters as necessary.
R ev isi o n 2. 0
260
Parameter Item
Description
Link Name
Set a name for the link, which will let you identify it in the
future (this is especially important for large deployments).
Destination IP
Set the IP address of the remote device.
Bandwidth
Set the Outbound and Inbound bandwidth to be dedicated to
the link by selecting a value from the first drop-down menu
or by selecting Other and then entering a value into the
second field, and selecting the relevant units (bps, Kbps,
Mbps, Gbps).
The link does not exceed this bandwidth.
Setting the Inbound bandwidth will automatically enable QoS
capabilities on Inbound traffic for this link.
MTU
Sets the MTU of the link - which should match the router.
Only in specific setups should it be lower, for example if a
GRE tunnel is configured.
WAN
Select the WAN over which this link will run. By default, the
Default WAN is selected. If other WANs have been added to
the Accelerator, use the drop-down menu to select them as
necessary.
Large Cache
Select the Large-Cache checkbox if you would like to work
with a cache that can be larger than 16 MB (up to 256 MB).
This setting takes into account any information regarding
deployment size set in the Topology setting.
This setting needs to be symmetrical only on initial setup.
Once a link is created, using this command updates only the
unit being configured.
Fragmenation
Enables packets to be fragmented on this link. If packets
arrive larger than the set size (68 to 6000), the QoS
mechanism breaks them up. This setting, useful for handling
latency on low bandwidth links, applies only to traffic set with
a CoS value of low, medium and high priority.
You do not have to configure fragmentation symmetrically on
both ends. Fragmentation is accomplished on outgoing
packets before the packets are compressed Note that
Packet Fragmentation does not work in RTM mode.
Aggregation
Enables aggregating small packets on this link. If packets
arrive smaller than the set size (68 to 6000), the QoS
mechanism aggregates them and sends them together
across the link. This applies only to traffic set with a CoS
value of low, medium and high priority.
You do not have to configure aggregation symmetrically on
both ends. Aggregation is accomplished on outgoing packets
before the packets are compressed.
Aggregation is applied only on congested links, to avoid
adding unnecessary latency on non-problematic links.
Parameter Item
Description
Accelerate
By default, all links are set to be accelerated. If the traffic on
the link does not benefit from acceleration (for example if
there is no Accelerator at the remote and only QoS is
required) or should not be accelerated, deselect the
Acceleration checkbox.
Header Compression
The packet header is compressed by default. Deselect this
checkbox to decompress the header.
Encapsulation
EncapsulationSelect either IPComp or Transparent
Encapsulation, as follows:
IPComp encapsulation enables the best compression rate.
IPComp encapsulation (tunnelled encapsulation) sets the
packets intercepted by the Accelerator to be completely
compressed. This means that the IP header, the TCP/UDP
(or any other IP protocol) header and the payload are
compressed and the packet traversing the network will have
an Accelerator Proprietary IPComp header.
Transparent (Router Transparency) encapsulation is
appropriate in an environment where header preservation is
necessary, including original QoS packet settings, NetFlow,
Billing, encryption and certain firewall environments.
In Router Transparency encapsulation, only the packets’
payload is compressed, leaving the original IP header and
the original TCP/UDP header in their original forms so that
their information is available across the network.
Router Transparency encapsulation is available in On-Path
deployments only.
Encapsulation need not be symmetrical - the Accelerator can
support different encapsulation in each direction. This allows
flexibility when an Accelerator is deployed On-LAN.
ToS
To preserve the original ToS value, select the Preserve
button.
To set a new ToS value for this traffic, select the Set button
and select ToS value, Code Point or CoS ToS from the dropdown menu
261
Note that Setting this value is not required if Transparent
Mode is selected
TTL Preservation
Preserves the original TTL. This option is disabled by
default.
SRC Preservation
Preserves the source IP address of the original IP header.
This is useful for Policy Routing, and also enables
distinguishing between sessions. This option is disabled by
default.
Force Tunneling
Enables forcing all traffic into the Accelerator encapsulated
tunnel. Note that In AcceleratorOS Version 5.0 and above,
tunnel-force has no real effect and is supported for
backward-compatibility reasons only.
R ev isi o n 2. 0
262
Parameter Item
Description
Include Checksum
This is an additional checksum for the Acceleration algorithm
- over and above regular frame checksums.
TCP Acceleration
Check the Use Global TCP Acceleration box to use the
globally set TCP acceleration values.
If you want to set values specific for this link, deselect this
box and set the required values in the Typical RTT and
Typical Acceleration Rate fields.
Save to template link
You can create a template that will be used to set default
settings for all links to be created. These settings will be
displayed in the Advanced links menu for all future created
links.
To update all fields to be considered in the template to the
necessary values, click the Save to Template Link button.
The templates set on one Accelerator are not sent to far-end
Accelerators.
The Status/Compression column in the Links Table reveals the status of each link.
The mouse-over callout provides further detail as to the status as follows:
Status
Description
Load Error
Internal error occurred during definition
of the link in the system
Not Managed
A Virtual link (no far-end Accelerator)
Inactive
Remote Accelerator is not available
Trying to Connect
Link id establishing a connection
Negotiating
Link parameters (cache size, and so on)
are being negotiated
Accelerating
Link is active and acceleration is on
Active
Link is active and the link is tunnelling
but not accelerating traffic
Dropped
Communication has been lost
Setting Remote Subnets for the
Links
You can add remote subnets to each link created. For details, see section
Configuring Remote Subnets Manually, on page 56.
263
Editing Existing Links
You can use the Edit Links screen to fine-tune and modify already existing links.
This screen lets you set basic link parameters, acceleration, tunneling and TCP
Acceleration parameters for the link.
To edit an existing link:
1. In the My Links menu, click the link’s name in the Links Table section.
2. In the Edit Link screen that opens now, use the Parameters section to edit
parameters such as Link Name, Destination IP, Bandwidth Out and MTU
(Maximum Transfer Unit).
3. Use the Acceleration section to define whether to accelerate the link and to use
header compression.
4. Use the Tunneling section to define parameters such as the encapsulation type
(IPComp or Transparent), Source preservation and checksum enabling.
5. In the TCP Acceleration settings section, select whether to use the global TCP
acceleration settings or to customize these settings by defining the typical roundtrip time (RTT) and the typical acceleration rate.
6. In the Post Acceleration Aggregation section, select whether to enable Citrix
(post acceleration) aggregation on your links. Citrix Aggregation operates per link.
Each link can have Citrix Aggregation enabled or disabled independently of other
links.
R ev isi o n 2. 0
264
Dial-on-Demand
You can deploy the Accelerator in environments that have routers with dial-up (dialon-demand) interfaces.
These interfaces initiate a call (dial to) the remote end (typically over ISDN or
Satellite links) when “interesting” traffic is being sent. After a specific quiet period,
the link goes down again until new “interesting” traffic is sent.
Link establishment of the dial-up interfaces and connectivity time can be fairly
expensive. Therefore you may sometimes want to keep the link down until new
“interesting” traffic is forwarded via the link. The Accelerator poses a problem in
these environments as it uses a keep-alive mechanism to check the health of the
link between the remote sites. By default, the keep alive messages are considered
“interesting” and will keep the dial-up link alive (and costly).
The dial-on-demand solution enables the Accelerator to support dial-on-demand
environments by not sending keepalive messages.
i
i
i
NOTE: Both peers must configure the link in dialup mode with the same
timeout.
NOTE: The ExpandView agent must be disabled
NOTE: Connecting to a link by using its HSRP address will not work.
Chapter 9: Configuring Management Options
You can configure the Accelerator via CLI via Telnet, SSH, or direct Console
connection. Alternatively, you can configure the Accelerator via WebUI, accessed
by using HTTP or HTTPS. Logging can be sent to SNMP or SyslogD servers and
can be sent via email.
i
NOTE: By default, all options mentioned above are enabled (Telnet, SSH,
direct console, HTTP and HTTPS). To disable a specific service, see section
Configuring AAA via the WebUI, on page 290.
This chapter contains information on the following:
Studying the ExpandView System, on page 266.
Using SNMP, on page 270.
Logging into the Accelerator, on page 424.
Using SNMP, on page 270.
Receiving Log Error Messages, on page 271.
266
C h ap t er 9: Configuring Management Options
Studying the ExpandView System
Expand Networks' ExpandView is a centralized monitoring and management
system for Expand Accelerators. ExpandView gives you total visibility, via a
Dynamic Network Map, into global WAN operations, thereby letting you implement
global changes in minutes. Detailed graphs and reports, easy-to-use QoS
templates and tight integration with Expand's award-winning Accelerators make
ExpandView the ideal Centralized monitoring and management system for ensuring
optimal application performance over the WAN.
Using Dynamic Network Map
ExpandView is the industry's first to offer a dynamic map that provides a real-time
view of the wide area network (WAN), with the ability to monitor and manage
Expand's WAN optimization devices via simple click and drag operations. Ideal for
NOC (Network Operations Center) operations, the ExpandView map provides an
immediate visual representation of the enterprise's global WAN status, performance
and alerts. The ExpandView map lets IT managers add Accelerators on-demand,
create or remove links between devices, and boost the performance of any
application or remote location - Directly from the map!
St u dy in g t h e E xpa nd Vie w Sy st em
267
Simplifying WAN Optimization
ExpandView takes the complexity out of deploying WAN optimization.
Once new Accelerators are powered up, ExpandView automatically updates them
with all preconfigured parameters and starts collecting statistics.
Generating Advanced Alerts for
World-Class NOCs
ExpandView generates alerts on application performance thresholds for remote
Accelerators, thus enabling proactive performance management. Acceleration
percentage, CPU utilization and a multitude of other parameters can be used to
predict WAN performance incidents, before they happen, giving IT managers the
tool to correct them.
Generating Proactive Reports for
Network Provisioning
ExpandView lets you generate trend reports, which detail anticipated future
utilization of WAN links based on previous usage and performance of the links.
Such reports are useful in helping IT provision networks to accommodate business
growth and expansion.
R ev isi o n 2. 0
268
Defining Scalable QoS
Centralized insight into network traffic and application performance enables
informed and controlled use of available bandwidth. ExpandView enables group
configuration of QoS and policy prioritizing. You can publish new policies to
multiple devices in a single step, and enforce QoS policy consistency by creating
QoS templates.
Updating ExpandView Server’s IP Address
To work with ExpandView, each Accelerator must be updated with the IP address
of the ExpandView server. The following AcceleratorOS CLI commands enable
interaction with ExpandView by setting the ExpandView server IP address and port
number:
Us in g O u t -o f -B an d M an ag em e nt
Using Out-of-Band Management
269
You can manage the Accelerator remotely from a management station on a LAN
external to the accelerated network. When Out-of-band management is used,
Ethernet 0 cannot participate in VLAN or HSRP/VRRP, should not be part of OSPF
or RIP router polling support, and should not use WCCP or RIP route injection.
To use Out-of-band management:
1. Connect the Accelerator’s Ethernet 0 to the remote network.
2. Set Ethernet 0 to be removed from the Accelerator’s bridging capabilities
3. Add a separate IP address for this interface.
R ev isi o n 2. 0
270
Using SNMP
The Accelerator supports SNMP versions 1, 2c and 3, functioning as an SNMP
agent for monitoring performance statistics from a Network Management System
(NMS). In addition, the Accelerator can send SNMP traps to the NMS and other
network devices. To work with the Accelerator’s SNMP management, you have to
update the network’s SNMP settings in the Accelerator. Define the following SNMP
Communities and enable traps (if requested).
To access configuration options:
1. Click on Setup, followed by Advanced, and then SNMP.
2. Select the Enable SNMP checkbox.
3. The default Read Community is public.
4. If you want the Accelerator to receive SNMP traps, select the Enable Traps
checkbox, and enter the Community Name and Manager IP.
5. Enter the SNMP Version 3 password and then enter a new password.
6. Click the Submit button in the bottom right hand corner.
i
SNMP Version 3 user name is expand_user.
R ece iv in g L og E r r o r M es sa ge s
Receiving Log Error Messages
271
The Accelerator can send status updates about the Accelerator to a SYSLOG
server, to an email address, or to both.
The following sections detail how status updates are sent:
Sending Updates to a Syslog Server, on page 271
Sending Updates via Email, on page 272
Sending Updates to a Syslog Server
Syslog is a method of collecting messages from devices to a server running a
syslog daemon. Logging to a central syslog server helps in aggregation of logs and
alerts. Accelerator devices can send their log messages to a SYSLOG service. A
SYSLOG service simply accepts messages, and stores them in files or prints them
according to a simple configuration file. This form of logging can provide protected
long-term storage for logs. This is useful both in routine troubleshooting and in
incident handling.
Set the Syslog parameters to define the syslog server’s IP address and the severity
level of events by which error notifications are to be sent.
To set syslog parameters:
1. Click on Setup, followed by Advanced, and then Logging.
2. Enter the following parameters as necessary.
R ev isi o n 2. 0
272
Paremeter Item
Description
Facility
The Facility setting sets the Syslog level
(0-23), as follows:
KERNEL 0—kernel messages
USER 1—random user-level messages
MAIL 2—Mail system
DAEMON 3—system daemons
AUTH 4—security/authorization
messages
SYSLOG 5—messages generated
internally by syslogd
LPR 6—line printer subsystem
NEWS 7 —network news subsystem
UUCP 8—UUCP subsystem
CRON 9 —clock daemonother codes
through 15 reserved for system use
LOCAL0 16—reserved for local use
LOCAL1 17 —reserved for local use
LOCAL7 20 —reserved for local use
Server IP Address
Enter the IP address of the Syslog
server.
Severity Maximum
Select the maximum severity that you
want to be notified about by email, the
default is fatal
Severity Minimum
Select the minimum severity that you
want to be notified about by email, the
default is information
Sending Updates via Email
The Accelerator allows log error messages to be sent via email to notify you of
Accelerator status changes.
To set the email logging feature:
1. Click on Setup, followed by Advanced, and then Logging.
2. To enable email notification to be sent, ensure that the enabled checkbox in the
Mail section is selected.
3. Enter the following parameters as necessary:
R ece iv in g L og E r r o r M es sa ge s
Parameter Item
Description
From
Enter the string you want to appear in
the From field of the email
Recipient
In the email field, enter the email
address to which the email should be
sent and click the Add button.
To delete a previously added email,
highlight the address to be deleted in the
Email table and click the Delete button.
Subject
Enter the subject that you want to
appear in the subject field of the email
Server IP Address
Enter the IP address of the email server
Server port
Enter the port number that the email
server uses. The default is 25
Severity Maximum
Select the maximum severity about
which you want to be notified by email;
the default is fatal.
Severity Minimum
Select the minimum severity about
which you want to be notified by email;
the default is information
273
R ev isi o n 2. 0
274
Chapter 10: Resilancy and Redundancy
This chapter explains how to get added resilancy and redundancy with the use of
one or more Accelerators. The features documented in this chapter are hardware
specific and the Accelerator you purchased may or may not feature all of these
benefits. Where noted the feature is model specific. If you want to change your
Accelerator model to be able to use these features, contact your account
representitve.
The topics in this chapter include:
RAID, on page 276
Router Redundancy Protocols, on page 278
276
C h ap t er 10: Resilancy and Redundancy
RAID
RAID (redundant array of independent disks) is a way of storing the same data in
different places (thus, redundantly) on multiple hard disks. By placing data on
multiple disks, I/O (input/output) operations can overlap in a balanced way,
improving performance. Since multiple disks increases the mean time between
failures (MTBF), storing data redundantly also increases fault tolerance.
A RAID appears to the operating system to be a single logical hard disk. RAID
employs the technique of disk striping, which involves partitioning each drive's
storage space into units ranging from a sector (512 bytes) up to several
megabytes. The stripes of all the disks are interleaved and addressed in order.
In a single-user system where large records, such as medical or other scientific
images, are stored, the stripes are typically set up to be small (perhaps 512 bytes)
so that a single record spans all disks and can be accessed quickly by reading all
disks at the same time.
In a multi-user system, better performance requires establishing a stripe wide
enough to hold the typical or maximum size record. This allows overlapped disk I/O
across drives.
RAID Support in Accelerators' Hard
Drives
There are at least nine types of RAID plus a non-redundant array (RAID-0).
Accelerator models 79xx feature RAID-5 support with hot-swappable disk drives.
RAID-5 Striped set with distributed parity - Distributed parity requires all drives
but one to be present to operate; drive failure requires replacement, but the array
is not destroyed by a single drive failure. Upon drive failure, any subsequent reads
can be calculated from the distributed parity such that the drive failure is masked
from the end user. The array will have data loss in the event of a second drive
failure and is vulnerable until the data that was on the failed drive is rebuilt onto a
replacement drive.
R AI D
277
Using the CLI, you can view the list of disk drives, the disk status, and remove
faulty disks.
R ev isi o n 2. 0
278
Router Redundancy Protocols
Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol
(VRRP) are router redundancy protocols that provide network resilience for IP
networks, ensuring that user traffic immediately and transparently recovers from
first-hop failures in network edge devices or access circuits.
In HSRP and VRRP, multiple network devices can act in concert to present the
illusion of a single virtual router to the hosts on the LAN, by sharing an IP address
(known as a Virtual IP Address or VIP) and a MAC address. HSRP is a Router
Protocol developed by Cisco (RFC 2281), while VRRP is the IETF standard for
redundancy protocols (RFC 2338). The main differences between the two are that
HSRP requires you to dedicate an extra IP address as a virtual IP address for the
group, while VRRP takes up less network overhead by letting you use the IP
address of one of the devices already in the group, or set a dedicated VIP.
In HSRP the devices are all configured with a priority status within the group. In
general, the device with the highest priority is naturally the Active device; the
device with the next-highest priority is the Standby device that takes over in the
event of Active device failure or unavailability. Dominant devices in the virtual
HSRP group continually exchange status messages, enabling one device to
assume the routing responsibility of another, should it stop operating for either
planned or unplanned reasons. If the Active device fails, the Standby device
assumes the packet-forwarding duties of the Active device. If the Standby device
fails or becomes the Active device, another device is selected as the Standby
device.
VRRP works in much the same way. In general, the Master device is configured to
have the highest priority and is active in the group. It acquires the Virtual IP
address of the group, but does not have management functionality of the Virtual IP,
only the transfer capabilities. The Backup devices perform the standby function.
The VRRP can include many backup devices, and this protocol does not support
knowing, at any given time, which backup device takes over in the event of failure.
R o ut e r R ed u nd a nc y Pro to c ol s
279
Hosts continue to forward IP packets to a consistent IP and MAC address, and the
changeover of devices is transparent. The recovery time of the VRRP is about three
times faster than HSRP (the HSRP default is 10 seconds instead of 3 seconds in
VRRP).
Accelerators can take part in HSRP and VRRP and work in tandem with the routers
that provide backup for the network. The following figures display an Accelerator
application working with routers in a virtual HSRP and VRRP group. The
Accelerator and routers are configured with the MAC address and the IP network
address of the virtual HSRP/VRRP group.
The Accelerator is configured to have the highest priority and work as the Active/
Master device. It is configured with the IP address and MAC address of the virtual
router and forwards any packets addressed to the virtual router.
In HSRP, one of the routers acts as the Standby router, so that if, due to severe
power failure or any other unlikely event, the Accelerator stops transferring packets,
the router protocol gets into effect and the router assumes the duties of the
Accelerator and becomes the Active device.
In VRRP, both routers are configured as backup routers. Therefore, if due to severe
power failure or any other unlikely event the Accelerator stops transferring packets,
one of the backup routers assumes the duties of the Accelerator.
HSRP
The AcceleratorOS lets you set up HSRP groups, either manually or by automatic
detection.
The following sections describe the options for configuring HSRP groups.
Enabling HSRP Automatic Detection, on page 280
Setting Manual HSRP Configuration, on page 280
R ev isi o n 2. 0
280
Autodetecting HSRP Groups, on page 498
Setting HSRP Group Number, on page 498
Enabling HSRP Automatic Detection
The Accelerator can auto-detect HSRP groups on its networks and add them to its
Group Table. When the groups are added, by default the Accelerator does not join
the groups.
i
NOTE: If you have a network with multiple Accelerators, you must enable the
same HSRP services on every appliance.
To automatically detect all HSRP groups:
1. Click the Setup tab, followed by Networking, and then HSRP.
2. In the HSRP screen, select the Auto Detect checkbox. The HSRP table
automatically fills up with the details of the HSRP groups detected on the
network.
3. While the Accelerator adds these groups, by default its status in the groups is
Not Joined.
4. To Join the HSRP group or to modify other HSRP parameters, highlight the
HSRP group in the table and click the Edit button.
Setting Manual HSRP Configuration
If the Automatic detection does not find an HSRP group, or if you want to manually
add or edit an HSRP group, you can modify the parameters as follows.
281
To manually modify the HSRP configuration:
1. Click the Setup tab, followed by Networking, and then HSRP.
2. In the HSRP menu, enter the Group ID number (0 - 255), the Virtual IP address,
the Priority (0 - 255), the Virtual MAC address and the status of the Accelerator in
the group (whether the Joined option is Disabled or Enabled).
3. Click Add. The HSRP group immediately appears in the HSRP table.
4. To modify the information, highlight the row in the HSRP table and click the Edit
button to modify the following parameters:
i
NOTE: If you have a network with multiple Accelerators, you must enable the
same HSRP services on every appliance.
Parameter Item
Description
Group ID
You must enter a group number, even if
the target group is group 0
Virtual IP Address
All devices in the HSRP group must
have the same Virtual IP address.
Adding a virtual IP address of 0.0.0.0
puts the group into Learn mode, in which
the selected group tries to learn the IP
address from the network.
Priority
Setting the Accelerator’s priority lets you
select its status in the HSRP group.
If two devices in the HSRP group have
the same priority, the Active router is set
according to IP address. Expand does
not recommend this setup.
Virtual MAC Address
All devices in the HSRP group must
have the same Virtual MAC address.
Joined
Enable or Disable the Accelerator’s
status in the group. Joining the group
enables the Accelerator to function as
any other router in the HSRP group.
Authentication
If Authentication is enabled in the HSRP
group, the Authentication command lets
you set the authentication password to
communicate with the routers in the
group.
The default setting for the authentication
command is cisco.
If you change the default authentication
setting, verify that all other devices in the
HSRP group have the same
authentication setting.
R ev isi o n 2. 0
282
Description
Force Priority
Gives the Accelerator the highest priority
in the HSRP group at all times. When
this setting is enabled, Preempt is also
enabled automatically.
Force Priority is done per group and
enables the Accelerator to hold the
highest priority of the selected group.
Once the Accelerator is set to have the
highest priority, it becomes the active
router in the HSRP group.
Preempt
Used for determining how to react when
a higher priority router joins the group.
When enabled, the higher priority router
prevails; when disabled, the higher
priority router assumes the Standby
mode until the current Active router
experiences a failure.
Setting the Accelerator to enable
preempt is useful when you want the
Accelerator to remain active as much as
possible. On the other hand, the
change-over between one device and
another can take two to three seconds,
during which the network has no default
gateway, so you have to use preempt
carefully.
Description
Hello and hold timers
Set the packet rate between the devices
in the HSRP group. Hello time is the
interval between Hello messages (an
exchange of HSRP priority and state
information) and the Hold Time is the
interval between a receipt of a Hello
message and the presumption that the
sending router/Accelerator has failed.
You are advised not to change the
default timer setting: 3 seconds Hello
Time and 10 seconds Hold Time. These
definitions comply with the
recommended settings of having the
Hold Time length more than three times
the length of the Hello Time.
Decreasing timer-default rates shortens
the time that the network has without a
default gateway during Active router
changeover, but increases the protocol
bandwidth overhead and conversely.
If the Accelerator is not currently the
Active device in the HSRP group, Timer
settings are derived from the Active
device and any timer configurations that
you set in the Accelerator are not saved.
All members of the HSRP group must
have the same Hello Time and Hold
Time. If you change the default
parameters, ensure that you update all
members of the HSRP group with the
new parameters.
HSRP over VLAN
If the Accelerator is part of a VLAN
group, operating with HSRP requires
updating the VLAN group number (0 to
4095).
283
VRRP
Unlike HSRP, you cannot configure VRRP automatically and must add it manually.
R ev isi o n 2. 0
284
To manually modify the VRRP configuration:
1. Click the Setup tab, followed by Networking, and then VRRP.
2. In the VRRP menu, enter the Group ID number (0-255), the Virtual IP address,
the Priority (1-254), the preempt status and the timer setting.
3. Click Add.
The VRRP group immediately appears in the VRRP table.
4. To modify the information, highlight the row in the VRRP table and click the Edit
button to change the following parameters:
Parameter Item
Description
Group ID
You must enter a group number, even if
the target group is group 0. Accelerator
VRRP does not have a default group
number.
Virtual IP
All devices in the VRRP group must
have the same Virtual IP address.
Priority
Setting the Accelerator’s priority lets you
select its status in the VRRP group.
If two devices in the VRRP group have
the same priority, the Active router is set
according to IP address. Expand does
not recommend this setup.
Once the Accelerator is set to have the
highest priority, it becomes the active
router in the VRRP group.
Description
Preempt
Preempt is used for determining how to
react when a higher priority router joins
the group. When enabled, the higher
priority router will prevail, when disabled,
the higher priority router will assume the
Standby mode until the current Active
router experiences a failure.
Setting the Accelerator to enable
preempt is useful when you want the
Accelerator to remain active as much as
possible. On the other hand, the
change-over between one device and
another can take two to three seconds,
during which the network has no default
gateway, so you have to use preempt
carefully.
Timer
Sets the interval between the Hello
messages sent between VRRP group
members.
All devices in the VRRP group must
have the same Timer setting. If for some
reason you have to modify this setting,
you should modify it for all devices in the
group. The default setting is 1.
285
R ev isi o n 2. 0
286
Chapter 11: Security
This chapter describes the various methods for ensuring security within the
Accelerator.
Studying the AcceleratorOS AAA, on page 288
Configuring AAA via the WebUI, on page 290
Auditing Administration Activities, on page 294
Locking/unlocking the Keypad, on page 295
288
C h ap t er 11: Security
Studying the AcceleratorOS AAA
The Accelerator lets you manage access by means of Authentication,
Authorization, and Accounting (sometimes called Auditing), also known as AAA.
The Accelerator, normally installed in enterprises, government and military
organizations, requires strict security for the networks with which it interacts.
Therefore, the Accelerator’s AAA enables the system to be secured.
Authentication—Validates users' identity in advance of granting
login. The Accelerator’s authentication lets you define the users and
set the location in which passwords are stored. Each user must be
defined locally in the Accelerator as well as in remote AAA servers.
Authorization—Lets users access networks and commands. The
Accelerator’s authorization lets you define the users and their roles.
Accounting—Tracks usage patterns of individual users, service, host,
time of day, day of week, and so on. The Accelerator’s accounting lets
you receive logs detailing who signed in, when, and whether their
attempt to access the Accelerator succeeded or failed.
To view the log of these events, use the logging > show events
command. These events can be sent via email or sent to a Syslog
server.
The Accelerator’s AAA functionality includes the Accelerator’s ability to use
remotely accessed user-repositories for authenticating users. This functionality
enables controlling different levels of users in the system with different authorities
and lists the auditing functions performed for various operations.
You can configure the Accelerator to make use of a security server via either the
TACACS+ or RADIUS security protocols, or both.
Authentication is the part of the system that lets users define how they authenticate
to the system, allowing the authentication to be based on external authentication
servers. On the authentication side, the new functionality will include per-user
settings to control access to the Accelerator as well as passwords quality
verification functionality and password aging (to be implemented at a later stage).
The Accelerator’s AAA supports multiple users per Accelerator, allowing end-users
to define additional accounts besides the default expand user.
AAA includes control over provided management services, and allows limiting
access to certain management options available on the Accelerator, as well as
control access to the services from a defined set of sources (subnets for ACL).
Stu d yi n g th e A cce le rat o rOS A A A
289
Setting different user roles, allowing different access levels to the system is
supported with pre-defined roles available in the system. Definition of new roles is
user-configurable.
AAA includes auditing of all major operations performed on the Accelerator into log
entries saved in the system log files and routable to email message, syslog server
and SNMP trap.
R ev isi o n 2. 0
290
Configuring AAA via the WebUI
Configuration of AAA parameters is accomplished via the WebUI, in several steps:
Configuring Users, on page 290
Setting Authentication Preferences, on page 291
Defining the Security Settings, on page 293
Configuring Users
To add a new Accelerator user:
1. Click on Setup followed by Security.
2. In the Users menu, enter a name for the user in the User Name field.
3. Scroll down in the User Role field to select one of the following:
Administrator—complete access to the Accelerator and its
commands. Only Administrator users can modify AAA settings.
Monitor—access the Accelerator’s CLI but cannot modify
configuration.
NetAdmin—complete access to the Accelerator and its commands
with the exception of the Security commands and WAFS
management screen.
WAFS-Administrator—complete access to WAFS management
screen and console, in addition to web acceleration and DNS
configuration.
4. If a local password is to be set for this user, select the Enable Local Password
checkbox, then enter and confirm a new password for this user. If the checkbox
is not checked, only remote authentication servers will be able to authenticate
passwords. Passwords must be at least 6 characters in length and cannot be
C o nf ig u r in g A AA v ia t he Web U I
291
keyboard sequences (qwertyu, 123456), palindromes, or simple recognized
dictionary words.
i
5. Click the Add button to apply settings.
Note: when working with a TACACS server, you must add each user name
into the Accelerator.
To modify an Accelerator user:
2. In the Users menu, click on the name of the user in the Users Table.
3. Modify details as needed.
Click the Submit button to apply settings.
Deleting Users
To delete an Accelerator user:
2. In the Users menu, highlight the line in the Users Table that includes the name of
the user to be deleted. Click the delete button.
3. Click the Submit button to apply settings.
Setting Authentication Preferences
The Authentication screen lets you set Authentication Servers (Radius, TACACS+
and Local) and manage these servers and their preference order in the Accelerator.
S
e
t
t
i
n
R ev isi o n 2. 0
292
g Authentication Servers
To enter authentication servers:
2. In the Authentication menu, click the add button above the Authentication
Servers Table.
3. In the Add New Authentication Server dialog box, enter the following information.
Name
Descripion
Server Name
The name of the server you want to add.
Server Type
The server type (Radius or Tacacs).
IP Address
The new server’s IP address.
Server Port
The server’s port.
Server Order
Defines whether the server is the first,
second or third to be addressed.
Encryption Key
The server’s encryption key
Server Timeout
Time period after which the connection
times out.
Setting the Authentication Method
The authentication method lets you define which servers are to be checked. If
more than one authentication type is used, select the server types in the order in
which they are to be authenticated.
To set the authentication method:
2. In the Authentication menu, scroll down in the 1 field to set the first level of
Authentication. In the 2 field set the second level of Authentication and so on.
C o nf ig u r in g A AA v ia t he Web U I
293
Defining the Security Settings
The Settings screen lets you define security settings, such as which access
methods to use when connecting to the Accelerator and the maximum failed login
attempts before an account would be disabled.
By default, all transport types are set to Enabled, except FTP and TFTP that are set
to Disabled.
To define security settings:
2. In the Settings menu, select the checkboxes of the types of access methods
allowed for connecting to the Accelerator.
R ev isi o n 2. 0
294
Auditing Administration Activities
The Audit screen lets you select which administration activities to audit (for
example: changing the configuration, creating links and adding users.)
To select which activities to audit:
1. Click the Setup tab, followed by Security, and then Audit.
2. In the Accelerator’s audit table, select or deselect the boxes that refer to the
activities you want to audit or to stop auditing.
3. Click Submit.
L oc ki ng /u n lo c kin g t h e Ke ypad
Locking/unlocking the Keypad
295
The LCD keypad on the front panel of the Accelerator 4820/4830/4920/4930, the
Accelerator 1820 and Accelerator 6830/6930/6840/6940 can be locked. To set the
lock key combination sequence, see section Installing the Accelerator, on page 13.
To lock/unlock the keypad via the WebUI:
1. Click the Setup tab, followed by Security, and then Keypad.
2. In the Keypad menu, from the drop-down menu, select either Locked, AutoLocked or Unlocked.
Setting the Keypad Lock Definitions
Selecting the Auto-Locked value for the keypad lets you set the number of times
after which the keypad will automatically lock, as well as the key sequence to be
entered for unlocking the keypad once it is locked.
To set the auto-lock timer:
1. In the Keypad screen, enter a number (in seconds) into the auto-lock timer field.
To set an unlock sequence:
The unlock sequence sets a the sequence of keypad buttons that must be pressed
in order to unlock the LCD.
The default is as follows:
Up arrow, Down arrow, Right arrow, Left arrow, Enter button.
R ev isi o n 2. 0
296
The unlock sequence set should be a combination of the buttons, in any order, up
to five depressions.
1. In the Keypad screen, in the Unlock Sequence fields, scroll down in the fields to
select the button to be pressed in the order intended.
Defining Other LCD Settings
Turning ByPass
On
Locking the Keypad
You can lock the Accelerator’s keypad via the LCD, the WebUI or the CLI. To
unlock the keypad, enter the unlock sequence. The default unlock sequence is
Right button, Left button, Up button, Down button, Enter. You can modify the lock
sequence via the WebUI as described in section Locking/unlocking the Keypad, on
page 295, or via the CLI, as described in section Unlocking or Locking the Keypad,
on page 581.
Product ID
L oc ki ng /u n lo c kin g t h e Ke ypad
297
Management IP
Management Mask
R ev isi o n 2. 0
298
Chapter 12: Troubleshooting
This chapter describes troubleshooting procedures for the Accelerator and explains
Accelerator alerts and events, as follows:
Carrying out the Troubleshooting Procedure, on page 300
Recovering the Password, on page 301
Checking the Event Log, on page 302
Displaying Information for Troubleshooting, on page 305
Checking the Link Status, on page 307
Checking Ethernet Settings, on page 308
Checking Lack of Acceleration, on page 311
Checking Link Malfunction, on page 312
300
C h ap t er 12: Troubleshooting
Carrying out the Troubleshooting
Procedure
If there is a problem with your Accelerator, try using the following steps to help
diagnose the source of the problem:
Check the Event log
Check the topology and host settings - is the default gateway set
correctly?
What is being affected? All the links? Particular links?
Use Tools to find the source of the problem
Put the local Accelerator and then the remote Accelerator into bypass
mode
R e cover i n g t h e Pa ss wo rd
R ec ov eri n g th e Pa ssw o rd
301
If you forget your password, you can use the reset command from the login prompt
instead of the password. This command deletes all passwords and configurations
and resets all of the Accelerator’s settings, including the device’s passwords, to
their default values.
After resetting, you can use the default login (expand) and password (Expand) to
log in and reconfigure the Accelerator.
Trying 172.16.31.12 (PORT:23)...
Connected to 172.16.31.12...
AcceleratorOS, Accelerator 6800 Series
Version v6.1(2) (Build3.53)
login: reset
i
NOTE: To accomplish this result, use a Console connection.
R ev isi o n 2. 0
302
Checking the Event Log
The first thing to do when you encounter problems with Accelerator performance is
to check the Event log for any unusual errors.
The following logging levels are supported:
Checking
Checking
Checking
Checking
Info Events, on page 302: Informational messages
Warning Events, on page 302: Warning conditions exist
Error Events, on page 302: Error conditions exist
Fatal Events, on page 303: Unit failure
These levels are related to the severity levels used by email and broadcast
functions. When used with these, the user can define the minimum and maximum
event logging (range) that will be emailed or broadcasted.
Checking Info Events
Info events notify regarding status changes that occur in the normal operation of
the system, for example:
06-Jun-07 10:38:41 <INFO> #1 Add QoS global rule, rule id=1,
direction outbound
Checking Warning Events
Warning events identify issues or configuration errors within the Accelerator. The
system continues to run, but action may be required to return the Accelerator to
normal operating standards, for example:
06-Jun-07 10:29:07 <WARNING> #1 HSRP Message authentication has
failed due t11
Checking Error Events
Error events occur sporadically, but the Accelerator easily recovers from them, for
example:
06-Jun-07 10:38:41 <ERROR> #1 Configuration-load: 'Line# 16,
Error:Warning
Ch e cki n g th e Ev en t L og
303
Checking Fatal Events
Fatal events are events for which you have to take corrective action in order to
return the Accelerator to operation, for example:
06-Jun-07 07:37:59 <fatal> #1 TWDSupervisor.cpp(26)
TWDSupervisor:TWDSupervisor Watch Dog: Reboot system due to a failure
of client, named: TelnetDaemon.
The Accelerator event log records changes in the state of Accelerator links and
changes to configuration, saving them in a list format. In the CLI, use the following
commands to view events.
ACC1# show events
06-Jun-07 10:29:07 <WARNING> #1 HSRP Message authentication has failed
due t11,
06-Jun-07 10:29:07 <WARNING> #1 _peer.cppLink 222.0.0.1 status
changed from acc
29-Jun-07 10:19:19 <INFO> #2 Link ID 1 was Updated
29-Jun-07 10:20:51 <INFO> #1 Subnets for Remote link CP Id 1 changed
29-Jun-07 10:38:41 <INFO> #1 Link 1 was Added
29-Jun-07 10:38:41 <INFO> #1 Add QoS global rule, rule id=1, direction
outbound
29-Jun-07 10:38:41 <ERROR> #1 Configuration-load: 'Line# 16,
Error:Warning
Studying Log Message Formats
Log messages are displayed in the following format:
TIMESTAMP: <LEVEL of SEVERITY> #OCCURRENCE: Message-text;
Timestamp: Log date and time, in the following format: dd/mmm/
yy hh:mm:ss
Level of Severity: Debug, information, warning, error, or fatal.
Occurrence: The number of times this log has been recorded.
Message-text: Text string containing detailed information about the
event being reported.
Check the Accelerator’s system time when viewing any event the Accelerator
generates. All events are given a timestamp relative to the Accelerator’s local
time.
R ev isi o n 2. 0
304
To view the Accelerator system time:
ACC1#show clock
System time is: THU SEP 04 17:37:57 2003
Time zone offset: 0 minutes
D is p lay in g I nf o r m at io n f o r Tro ub le sh o o ti ng
Displaying Information for
Troubleshooting
305
The Accelerator’s show tech-support command lets you aggregate all
necessary troubleshooting information in the Accelerator via one simple command providing a window into the Accelerator’s inner workings and configuration.
Displaying Information via the WebUI
To use the WebUI to display Information for
Troubleshooting:
1. Click on Tools, followed by General Tools.
2. Click the Show Technical Support button.
The Technical Support dialog box appears:
3. Click the Save button to save this data in the requested location, as either a text
or an HTML file.
4. Send an E-mail to technical support at TAC@expand.com and attach the file.
Alternatively, you can contact customer support in the methods described in
Contacting TAC, on page 389.
R ev isi o n 2. 0
306
Displaying Statistics in a
Compressed, Archived File
The statistics displayed by using one of the two methods described above is one of
the logs that you can concentrate to create one compressed archive file. For
details, see section Archiving Log Files, on page 327.
Checking the Link Status
C he ck in g t he L in k Stat u s
307
The status of the link may point to the source of a problem. An initial probe is used
during the Accelerator’s initial link connection stage. If this probe fails, it attempts to
retry until the Accelerator responds. If a link is inactive, a keepalive will be
automatically sent to the remote Accelerator. If 10 keepalive packets do not receive
a response, the Accelerator assumes that the remote Accelerator is down and the
local Accelerator automatically passes the link traffic transparently through to the
WAN.
ACC1# show interface link summary
-------------------------------------------------------LINK|DEST IP ADDRESS|DESCRIPTION|BANDWIDTH|LINK STATUS
----+---------------+-----------+---------+----------1
| 10.2.0.6
non | N/A
| L-10.2.0.6|15000/N/A |dropped
| non-link
| 100000/ N/A | virtual
---------------------------------------------------------
Link Status states are as follows:
Link
Status
Initialize
The remote Accelerator is initializing.
Inactive
The remote Accelerator is not active.
Trying to Connect
Link is establishing connection.
Negotiating
Link parameters are being negotiated (cache
size, and so on).
Remote Found
Link is active.
Accelerating
Link is active and acceleration is on.
Active
Link is active and the link is tunnelling but not
accelerating traffic. Active can be either No local
license, meaning that the link is inactive because
the local Accelerator is not properly licensed; or
No remote license, meaning that the remote
Accelerator is not properly licensed.
Drop
Communication has been lost.
Load Error
Internal error occurred during definition of the link
in the system.
Virtual
A Virtual link (no far-end Accelerator).
Unknown
Remote Accelerator is not available.
R ev isi o n 2. 0
308
Checking Ethernet Settings
Although Ethernet level compatibility is not an issue unique to the Accelerator, it
should be considered in all hardware installations. If an Accelerator goes into
hardware bypass, the two devices that are cabled to the Accelerator are directly
connected, and any incompatibilities between them may cause problems.
Ensure that Ethernet settings are correct.
As a symptom of incorrect Ethernet settings, discarded packets and loss of
connectivity may be experienced on the Accelerator. You can check this by using
the appropriate show interface ethernet commands, as follows.
ACC1# show interface ethernet 0/0 ?
<cr>
continuous continuous output
ACC1# show interface ethernet 0/0
Description.............................ethernet 0/0
MAC.....................................00:02:B3:C8:4E:9C
Hardware type...........................mii
Link mode...............................auto (100Mbit-Full) link is up
Link detected...........................yes
Supports auto-negotiation...............yes
Supports link modes.....................10baseT/Half 10baseT/
Full
100baseT/Half 100baseT/Full
C h eck in g E t h er n e t S et t in g s
LAN throughput data
System Up
Since Clear
Last 30 Secs
In Bytes
3826461
N/A
N/A
In Packets
23240
N/A
N/A
Dropped In Packets
0
N/A
N/A
Out Bytes
159363519
N/A
N/A
Out Packets
1723079
N/A
N/A
Dropped Out Packets
0
N/A
N/A
LAN throughput data
System Up
Since Clear
In Frame Error
0
N/A
N/A
In Overruns
0
N/A
N/A
Dropped In Packets
0
N/A
N/A
In Total Errors
0
N/A
N/A
Out Collisions
0
N/A
N/A
Out Lost Carrier
92
N/A
N/A
Out Underruns
0
N/A
N/A
Out Total Errors
92
N/A
N/A
Last 30 Secs
ACC1#show interface ethernet [0 | 0/0 | 0/1]
[continuous]
Command
Purpose
309
Lists all ethernet interface configuration and statistics information per interface, 0, 0/0
and 0/1. Continuous enables the entire output instead of one screen at a time.
Ensure that Speed and Duplex settings are set correctly. Expand recommends
using the following command to manually set Speed and Duplex values:
Command Syntax
Description
Command Modes
link-mode
100Mbit-full 100 Mega bit full duplex
100Mbit-half 100 Mega bit half
duplex
10Mbit-full 10 Mega bit full duplex
10Mbit-half 10 Mega bit half duplex
auto
Auto
Enters the mode to set Ethernet interface 0 parameters.
configure > interface ethernet
(ethernet number)
R ev isi o n 2. 0
310
Default
N/A
Example
ACC1# configure
ACC1(config)# interface ethernet 0
ACC1(interface)# link-mode 10Mbithalf
C he ck in g L ac k o f A cc el era ti on
Checking Lack of Acceleration
311
If applications are not being accelerated, often the source of the problem is missing
information in the subnets, links and routing tables. Check the following tables to
ensure that they contain everything they should:
Subnets table—contains all subnets that are part of the Accelerator’s
network that need to be advertised.
Links table—contains all remote networks that the Accelerator is
aware of for Acceleration and QoS, and remote networks that have no
Accelerator for QoS only.
Local and Remote subnets—use the CLI show subnets command to
view all local and remote subnets known to the Accelerator.
Routing table—must list all next hops necessary to reach all remote
networks.
If acceleration percentages are not as expected, it is often due to one or more of
the following reasons:
Traffic is not associated with the correct link
Another link is being used
QoS classification (application definition) is wrong
QoS rule order is incorrect for the setup
Check link utilization - if the link is underutilized, check for greedy
applications
Accessing Remote Devices
If all necessary connections have been made, but the Accelerator is still not
functioning as expected, use the tools Pinging via the WebUI and Sending a
Traceroute Packet to check routes to remote Accelerators and networks.
Can you access a remote device?
Can you access the remote Accelerator?
Can you access the remote router?
From the remote Accelerator, can you ping its router?
R ev isi o n 2. 0
312
Checking Link Malfunction
If the link is not operating as expected, ensure that the Accelerator configuration
reflects the hardware and software infrastructure. Some external devices may
require that the Accelerator be transparent - consider using RTM encapsulation.
Perhaps performance is being affected by misapplied MPLS or load balancing in
the network.
Consider the following:
Is bypass disabled on the other side of the link?
Are the bandwidth settings correct?
Is Acceleration enabled on both sides of the link?
Is the MTU size set correctly and not larger than the maximum MTU
of the link path?
Are the correct subnets advertised to the remote site?
Is there bandwidth oversubscription on the WAN or on a link?
Are packets being dropped on the link?
In case there is a firewall in the path, are IPComp and TCP port 1928
open?
Is the correct link destination address configured?
Chec ki ng for C o rrupte d Termi na l
Checking for Corrupted Terminal
313
If the terminal settings become corrupted, exit to the login prompt and log into the
Accelerator as the user named 'r' with no password. This will reset the terminal
settings and let you log in as "expand", as usual.
Ensure that the terminal settings on your terminal emulation are correct: 9600 baud;
8 data bits; no parity; 1 stop bit; no flow control.
R ev isi o n 2. 0
314
Checking HSRP Malfunction
Ensure that you “join” the HSRP group. In AcceleratorOS 5.0 and
above, after HSRP group parameters are updated, the Accelerator
must join the group. In the CLI this is accomplished using the join
command.
Ensure that the correct HSRP group is configured - check the
configuration on the other units in the group.
Ensure that the correct Priority is configured so the Accelerator does
not conflict with the same priority on another unit in the group.
Ensure that the correct virtual IP address is configured.
If authentication is used, ensure that you use the same password
(default cisco)
C h ec kin g Qo S Ma lf un c ti on
Checking QoS Malfunction
315
QoS on a non-link: if QoS is not functioning as expected for non-link
traffic, it could be due to the definition of the local subnet. If a local
subnet is not defined as LOCAL, the Accelerator QoS and monitoring
features do not function properly. Ensure that all local subnets are
defined as local.
Ensure that the bandwidth statements on the links are correct.
Check that the policy rules are applied on the correct links.
Check that the application definitions are correct.
R ev isi o n 2. 0
316
Chapter 13: Using the Accelerator Tools
The Accelerator Tools let you manage AcceleratorOS upgrade versions, save and
replace the Accelerator’s configuration file and perform tasks such as traceroute
and ping.
This chapter contains the following sections:
Upgrading the AcceleratorOS Software, on page 318.
Using the Configuration Tools, on page 320.
Using the General Tools, on page 322.
Managing User Files, on page 325.
Viewing System Information, on page 326.
Archiving Log Files, on page 327.
Enabling Accdump, on page 328.
318
C h ap t er 13: Using the Accelerator Tools
Upgrading the AcceleratorOS
Software
You can upgrade the AcceleratorOS software by uploading software from a remote
server or from the local drive.
To upgrade software:
1. Click on the Tools tab, followed by Upgrade.
2. Scroll down in the Copy method field, to select the way the file will be copied
(FTP, TFTP or HTTP).
3. In the fields provided, enter the user name, password and IP address of the
device from which the files are to be copied.
4. Enter the path to the file, followed by the file name (the file will be a .tgz file).
5. Click the Submit button to copy the file to the user area.
6. Reboot the Accelerator with the new file name.
After rebooting, the Accelerator extracts the file and runs it.
7. Select Locally stored on Accelerator to upgrade to an AcceleratorOS version
that is stored locally on the Accelerator, in case of a hard drive-based
Accelerator. Alternatively, if your Accelerator uses a Compact Flash card, at least
10 MB of free space is provided on the card for file extraction.
U pgra di n g the Ac ce le ratorOS S oft wa re
i
319
NOTE: If you are running a version of AcceleratorOS previous to 5.0(6),
note that two new preconfigured applications were added in this version
that may affect user-defined applications on the same ports. If applications
have been configured for port of 1928 (saved for the expand-internal
application) or 2598 (citrix-ica-sr), rename these applications exactly as in
the preconfigured application before performing an upgrade.
If an application exists for a list of ports or range of ports that include the
specified port numbers (1928 and 2598), remove these ports from the list
or range, and create applications expand-internal with port 1928, and
citrix-ica-sr with port 2598. Then change the policy-rules to match also this
application.
R ev isi o n 2. 0
320
Using the Configuration Tools
Changes made to the Accelerator’s configuration are automatically saved to the
Accelerator’s Running Configuration and are applied until changed or until the
Accelerator is shut down.
Any changes that you want to remain configured on the Accelerator, even after
shutdown, must be saved to the Accelerator’s Startup
Configuration.
To save a startup configuration:
1. In the WebUI, make any changes to be saved.
2. Scroll down in the Copy method field, to select the way the file is copied (FTP,
TFTP or HTTP).
i
NOTE: The running configuration is saved as the startup configuration,
and therefore all changes made to the Accelerator since its last shutdown
are now saved as the startup configuration
3. Click on Tools, followed by Configuration Tools.
4. Click the Write Startup Configuration button.
To erase the startup configuration saved on the
Compact Flash Card:
2. Click the Erase Startup Configuration button
To export the startup configuration:
U sin g t h e Co n fi g ur at io n To ol s
321
Exporting the startup configuration opens a web page dialog that displays the
Accelerator’s startup configuration in CLI command format. You can either save this
file for future reference or upload it to other Accelerators.
2. Click the Export Startup Configuration button.
To export the running configuration:
Exporting the running configuration opens a web page dialog that displays the
Accelerator’s running configuration in CLI command format. You can either save
this file for future reference or upload it to other Accelerators.
2. Click the Export Running Configuration button.
To import the startup configuration:
Importing the startup configuration opens a web page dialog that lets you browse to
select a configuration file to be uploaded to the Accelerator.
2. Click the Import Configuration button.
R ev isi o n 2. 0
322
Using the General Tools
General tools are provided to let you use basic networking tools and commands via
the Accelerator WebUI.
The general tools are as follows:
Pinging via the WebUI, on page 322
Sending a Traceroute Packet, on page 323
Rebooting the Accelerator via the WebUI, on page 323
Show Technical Support - see section Displaying Information via the
WebUI, on page 305
Pinging via the WebUI
The Accelerator lets you use the WebUI to Ping network devices and remote
Accelerators.
U si n g th e G en e ral To ol s
323
To ping a network device:
1. Click Tools followed by General Tools.
2. Under Ping, in the Destination IP Address field, enter the IP address of the
device to which the ping is to be sent.
3. In the Packet Size field, enter the size of the ping packets to be sent (default is
64 bytes).
4. In the Number of Times field, enter the number of times to try sending packets to
the remote device.
5. Click the Ping button.
Sending a Traceroute Packet
The Accelerator lets you send a traceroute packet to network devices and remote
Accelerators from the Accelerator via the WebUI.
To send a traceroute:
2. Under Traceroute, in the Destination IP Address field, enter the IP address of
the device to which the ping is to be sent.
3. In the Maximum Number of Hops field, enter the maximum length the packet
can travel before arriving at the designated destination (default is 30).
4. Click the Trace Route button.
Rebooting the Accelerator via the
WebUI
The AcceleratorOS lets you reboot the Accelerator via the WebUI. Rebooting the
Accelerator in this way does not save changes from the current running
configuration to the Startup configuration. The Accelerator reboots using the
previously saved Startup configuration, unless other changes were saved.
To reboot the Accelerator:
2. Under Reboot, click the Reboot button.
R ev isi o n 2. 0
324
Gathering Statistics for Technical
Support
In the unlikely event of Accelerator malfunction or error, it may be necessary to
gather many statistics for Expand Networks’ Technical Support. You can use one
command to gather all necessary information.
To view Accelerator troubleshooting statistics:
2. Under Tech Support, click the Show Technical Support button.
Managing User Files
M a na g in g Us er F ile s
325
The User Files screen lets you manage the files that are located in the User Area
of your Flash card (or hard drive, for hard drive-based Accelerators).
If more space is needed on the Flash card/hard drive, you can use the User Files
screen for deleting unneeded files.
The date listed for the file is the date when the file was copied.
To remove files from the Flash card or hard drive:
1. Click Tools followed by User Files.
2. Highlight the files to be deleted.
3. Click the Delete button.
R ev isi o n 2. 0
326
Viewing System Information
The System Information screen lets you view information regarding several aspects
of the system, such as the CPU operating frequency, CPU utilization and memory
utilization.
To display system information in the Accelerator’s WebUI, click Tools followed by
System Information.
Almost all parameters shown in this screen are for display only and cannot be
changed. The only parameter that you can set is Requested Maximum Links.
To set up the requested maximum links:
1. Click Setup followed by My Accelerator.
2. Select the Basic tab.
3. Under Basic, click the Advanced Setting Configuration button.
4. In the Maximum Links section, enter a value in the Requested Max Links field.
Archiving Log Files
A rch iv in g L o g F ile s
327
The log archiving feature lets you concentrate all existing log archives in the
Accelerator, to create one compressed archive file.
You can create archive files for the following types of logs:
AOS
Webcache
WAFS
Statistics
To create an archive log file:
1. Click Tools followed by Archiving.
The following screen appears:
2. Use the Log Archive Prefix field to set the prefix for the log file you want to create
(default: acclog). The suffix is predetermined by the system (time stamp).
3. Click the Create Log Archive button to create a new log archive.
The newly created log file now appears in the log archive files table.
To download one file or more, select these files in the table and click the
Download button.
To delete one file or more, select these files in the table and click the Delete
button.
R ev isi o n 2. 0
328
Enabling Accdump
i
NOTE: This feature is only available to Accelerators that are configured
with a hard drive.
The Accdump feature lets you download and display tcpdump information from the
system, namely: to intercept and display TCP/IP and other packets being
transmitted or received over a network to which the computer is connected. You
can capture the tcpdump information from various sources, and select whether to
receive this information from all these sources or only from a single source.
To enable Accdump:
1. Click Tools followed by Accdump.
2. Click on the scroll box near the Accdump field, and select the Enabled option to
start the Accdump operation.
3. Under Interface, select whether to enable all interfaces (Any), none available (N/
A) or a particular interface.
4. Under Number of Files, you can select the Auto option, in which case the default
number of files (100) and file size (10MB) is used. Alternatively, select Other and
insert your customized values.
E n ab li n g Ac cd u mp
i
329
NOTE: The number of files cannot exceed 999, and the maximum size of
all files combined must not exceed 1GB. Note too, the files are saved in a
cyclic manner.
5. If you want to use one or more optional flags, enter these flags in the Optional
Flags field. For a detailed description of the optional flags, see appendix tcpdump
Optional Flags, on page 391.
6. If you do not want to dump all of the packets (default), you can use the Filter
Expression field to intercept only packets that come from a specific source or IP
address, are destined to a specific port or IP address, or belong to a specific type.
Use the File Format scroll box to select in which file format the files are to be
saved and downloaded to the local host. The available types are Pcap (saves the
default format) and Enc (reformats the file).
Having set all the requested definitions, you are now ready to enable
Accdump and download the tcpdump files. Alternatively, if you want to
revert to default values, click the Set Default Values button and confirm
this operation.
8. Click OK to confirm the operation. To stop the Accdump operation, click on the
scroll box near the Accdump field and select the Disabled option. When you
enable the Accdump feature again, all existing Accdump files are deleted.
To download Accdump files:
1. In the Accdump Files Table, select the checkbox near the files you want to
download.
2. Click the Download button.
You are prompted that downloading the Accdump files will delete the existing
files.
3. Click OK.
The dialog box that appears now requests you to select a location for saving the
file.
4. Select the requested location and click Save.
R ev isi o n 2. 0
330
Appendix A: NetFlow Monitored Statistics
The following table lists all of the Version 9 Field type definitions for statistics that
can be collected from the Accelerator and sent to the NetFlow server.
Field Type
Value
Length
(bytes)
Description
IN_BYTES
1
N (default is 4)
Incoming counter with length N x 8 bits for number of
bytes associated with an IP Flow.
IN_PKTS
2
N (default is 4)
Incoming counter with length N x 8 bits for the number of
packets associated with an IP Flow
FLOWS
3
N
Number of flows that were aggregated;
default for N is 4
PROTOCOL
4
1
IP protocol byte
SRC_TOS
5
1
Type of Service byte setting when entering
incoming interface
TCP_FLAGS
6
1
Cumulative of all the TCP flags seen for
this flow
L4_SRC_PORT
7
2
TCP/UDP source port number for
example: FTP, Telnet, or equivalent
IPV4_SRC_ADDR
8
4
IPv4 source address
SRC_MASK
9
1
The number of contiguous bits in the
source address subnet mask, namely: the
subnet mask in slash notation
INPUT_SNMP
10
N
Input interface index; default for N is 2, but
you can use higher values
L4_DST_PORT
11
2
TCP/UDP destination port number for
example: FTP, Telnet, or equivalent
IPV4_DST_ADDR
12
4
IPv4 destination address
DST_MASK
13
1
The number of contiguous bits in the
destination address subnet mask, namely:
the subnet mask in slash notation
OUTPUT_SNMP
14
N
Output interface index; default for N is 2,
but you can use higher values
IPV4_NEXT_HOP
15
4
IPv4 address of next-hop router
SRC_AS
16
N
(defau
lt is 2)
Source BGP autonomous system number
where N could be 2 or 4
332
C h ap t er A:
Field Type
(Continued)
Value
DST_AS
17
N
(defau
lt is 2)
Destination BGP autonomous system
number where N could be 2 or 4
BGP_IPV4_NEXT_
HOP
18
4
Next-hop router's IP in the BGP domain
LAST_SWITCHED
21
4
System uptime at which the last packet of
this flow was switched
FIRST_SWITCHED
22
4
System uptime at which the first packet of
this flow was switched
IPV6_SRC_ADDR
27
16
IPv6 Source Address
IPV6_DST_ADDR
28
16
IPv6 Destination Address
IPV6_SRC_MASK
29
1
Length of the IPv6 source mask in
contiguous bits
IPV6_DST_MASK
30
1
Length of the IPv6 destination mask in
contiguous bits
IPV6_FLOW_LABE
L
31
3
IPv6 flow label as per RFC 2460definition
SAMPLING_INTER
VAL
34
4
When using sampled NetFlow, the rate at
which packets are sampled for example: a
value of 100 indicates that one of every
100 packets is sampled
SAMPLING_ALGO
RITHM
35
1
The type of algorithm used for sampled
NetFlow: 0x01 Deterministic
Sampling,0x02 Random Sampling
FLOW_ACTIVE_TI
MEOUT
36
2
Timeout value (in seconds) for active flow
entries in the NetFlow cache
FLOW_INACTIVE_
TIMEOUT
37
2
Timeout value (in seconds) for inactive
flow entries in the NetFlow cache
ENGINE_TYPE
38
1
Type of flow switching engine: RP = 0,
VIP/Linecard = 1
ENGINE_ID
39
1
ID number of the flow switching engine
TOTAL_BYTES_EX
P
40
N
(defau
lt is 4)
Counter with length N x 8 bits for bytes for
the number of bytes exported by the
Observation Domain
TOTAL_PKTS_EXP
41
N
(defau
lt is 4)
the number of packets exported by the
Observation Domain
TOTAL_FLOWS_E
XP
42
N
(defau
lt is 4)
the number of flows exported by the
Observation Domain
IP_PROTOCOL_VE
RSION
60
1
Internet Protocol Version Set to 4 for IPv4,
set to 6 for IPv6. If not present in the
template, then version 4 is assumed.
Length
(bytes)
Description
333
Field Type
(Continued)
Value
Length
(bytes)
DIRECTION
61
1
Flow direction: 0 - ingress flow, 1 - egress
flow
IPV6_NEXT_HOP
62
16
IPv6 address of the next-hop router
BPG_IPV6_NEXT_
HOP
63
16
Next-hop router in the BGP domain
IPV6_OPTION_HEA
DERS
64
4
Bit-encoded field identifying IPv6 option
headers found in the flow
MPLS_LABEL_1
70
3
MPLS label at position 1 in the stack
MPLS_LABEL_2
71
3
MPLS_LABEL_3
72
3
MPLS_LABEL_4
73
3
MPLS_LABEL_5
74
3
MPLS_LABEL_6
75
3
MPLS_LABEL_7
76
3
MPLS_LABEL_8
77
3
MPLS_LABEL_9
78
3
MPLS_LABEL_10
79
3
IN_ PERMANENT
_BYTES
85
N
(defau
lt is 4)
Running byte counter for a permanent flow
IN_ PERMANENT
_PKTS
86
N
(defau
lt is 4)
Running packet counter for a permanent
flow
Description
When extensibility is required, the new field types are added to the list. The new
field types have to be updated on the Exporter and Collector but the NetFlow export
format would remain unchanged.
In some cases the size of a field type is fixed by definition, for example
PROTOCOL, or IPV4_SRC_ADDR. However, in other cases they are defined as a
variant type. This improves the memory efficiency in the collector and reduces the
network bandwidth requirement between the Exporter and the Collector. As an
example, in the case IN_BYTES, on an access router it might be sufficient to use a
32 bit counter (N = 4), whilst on a core router a 64 bit counter (N = 8) would be
required.
All counters and counter-like objects are unsigned integers of size N * 8 bits.
R ev isi o n 2. 0
334
C h ap t er A:
Template Fields
The following is a list of NetFlow version 9 template fields exported for each
predefined Expand template: full, long and short.
Full Template
%B YT E S %P K TS %P RO T % TO S % T CP _F L AG S % L4 _ SR C_ P OR T
% IP _S R C_ AD D R % SR C_ M AS K % IN P UT _S N MP % L 4_ D ST _P O RT
% IP _D S T_ AD D R % DS T_ M AS K % OU T PU T_ S NM P % IP _ NE XT _ HO P % SR C _A S
% DS T_ A S %L A ST _ SW IT C HE D % FI R ST _S W IT CH E D % IP V6 _ SR C_ A DD R
% IP V6 _ DS T_ A DD R % IP V 6_ SR C _M A SK % I PV 6_ D ST _ MA SK %E NG I NE _ TY PE
% EN GI N E_ ID %T O TA L_ B YT ES _ EX P % TO T AL _P K TS _ EX P
% TO TA L _F LO W S_ E XP % I P_ PR O TO C OL _V E RS IO N % D IR EC T IO N
% FR AG M EN TE D % F IN GE R PR IN T % V LA N_ T AG % N W_ L AT EN C Y_ SE C
% NW _L A TE NC Y _N S EC % A PP L_ L AT E NC Y_ S EC % A PP L _L AT E NC Y_ N SE C
% PA YL O AD
Long Template
% IP _S R C_ AD D R % SR C_ M AS K % IN P UT _S N MP % L 4_ D ST _P O RT
% IP _D S T_ AD D R % DS T_ M AS K % OU T PU T_ S NM P % IP _ NE XT _ HO P % SR C _A S
% DS T_ A S %L A ST _ SW IT C HE D % FI R ST _S W IT CH E D % IP V6 _ SR C_ A DD R
% IP V6 _ DS T_ A DD R % IP V 6_ SR C _M A SK % I PV 6_ D ST _ MA SK %E NG I NE _ TY PE
% EN GI N E_ ID %T O TA L_ B YT ES _ EX P % TO T AL _P K TS _ EX P
% TO TA L _F LO W S_ E XP % I P_ PR O TO C OL _V E RS IO N % D IR EC T IO N
% FR AG M EN TE D % F IN GE R PR IN T % V LA N_ T AG
Short Template
% IP _S R C_ AD D R % SR C _M AS K %L 4_ D ST _ PO RT % IP _D S T_ AD D R % DS T _M AS K
% IP _N E XT _H O P %S R C_ A S %D S T_ AS %L AS T _S W IT CH E D %F I RS T_ S WI T CH ED
% IP _P R OT OC O L_ V ER SI O N %D I RE C TI ON %F RA G ME N TE D % FI NG E RP R IN T
% VL AN _ TA G
Appendix B: Pre-Defined Applications
The following table lists all applications that are predefined in the Accelerator, their
port/protocol number and whether they are monitored by the Accelerator by default.
Application
Port/Protocol
Number
Automatically
Monitored?
tcpmux
1
No
compressnet-mgmt
2
No
compressnet
3
No
echo
7
No
discard
9
No
systat
11
No
daytime
13
No
qotd
17
No
msp
18
No
chargen
19
No
ftp-data
20
Yes
ftp
21
Yes
ssh
22
Yes
telnet
23
Yes
priv-mail
24
No
smtp
25
Yes
nsw-fe
27
No
msg-icp
29
No
msg-auth
31
No
dsp
33
No
priv-print
35
No
time
37
No
rap
38
No
graphics
41
No
nicname
43
No
ni-ftp
47
No
336
C h ap t er B:
Application
(Continued)
Port/Protocol
Number
Automatically
Monitored?
auditd
48
No
tacacs
49
No
xns-time
52
No
domain
53
Yes
xns-ch
54
No
isi-gl
55
No
xns-auth
56
No
priv-term
57
No
xns-mail
58
No
priv-file
59
No
ni-mail
61
No
acas
62
No
whois++
63
No
covia
64
No
tacacs-ds
65
No
sql*net
66
No
gopher
70
No
priv-dialout
75
No
deos
76
No
priv-rje
77
No
vettcp
78
No
finger
79
No
http-www
80
Yes
hosts2-ns
81
No
xfer
82
No
mit-ml-dev
83
No
ctf
84
No
mfcobol
86
No
priv-termlink
87
No
su-mit-tg
89
No
dnsix
90
No
mit-dov
91
No
npp
92
No
dcp
93
No
objcall
94
No
dixie
96
No
swift-rvf
97
No
337
Application
(Continued)
Port/Protocol
Number
Automatically
Monitored?
tacnews
98
No
metagram
99
No
newacct
100
No
hostname
101
No
iso-tsap
102
No
gppitnp
103
No
acr-nema
104
No
csnet-ns
105
No
3com-tsmux
106
No
snagas
108
No
pop2
109
No
pop3
110
Yes
mcidas
112
No
auth
113
No
audionews
114
No
ansanotify
116
No
uucp-path
117
No
sqlserv
118
No
nntp
119
No
erpc
121
No
smakynet
122
No
ansatrader
124
No
locus-map
125
No
unitary
126
No
locus-con
127
No
gss-xlicen
128
No
pwdgen
129
No
cisco-fna
130
No
cisco-tna
131
No
cisco-sys
132
No
ingres-net
134
No
endpoint-mapper
135
No
profile
136
No
netbios-ns
137
Yes
netbios-dgm
138
Yes
netbios-ssn
139
Yes
emfis-data
140
No
R ev isi o n 2. 0
338
C h ap t er B:
Application
(Continued)
Port/Protocol
Number
Automatically
Monitored?
emfis-cntl
141
No
bl-idm
142
No
imap2
143
Yes
uma
144
No
uaac
145
No
iso-tp0
146
No
iso-ip
147
No
jargon
148
No
aed-512
149
No
sql-net
150
No
bftp
152
No
netsc-prod
154
No
netsc-dev
155
No
sqlsrv
156
No
knet-cmp
157
No
pcmail-srv
158
No
nss-routing
159
No
snmp
161
Yes
snmptrap
162
Yes
xns-courier
165
No
s-net
166
No
namp
167
No
rsvd
168
No
send
169
No
print-srv
170
No
multiplex
171
No
cl-1
172
No
xyplex-mux
173
No
mailq
174
No
vmnet
175
No
genrad-mux
176
No
nextstep
178
No
bgp
179
No
ris
180
No
unify
181
No
audit
182
No
ocbinder
18
No
339
Application
(Continued)
Port/Protocol
Number
Automatically
Monitored?
ocserver
184
No
remote-kis
185
No
kis
186
No
aci
187
No
mumps
188
No
qft
189
No
gacp
190
No
prospero
191
No
osu-nms
192
No
srmp
193
No
irc
194
No
dn6-nlm-aud
195
No
dn6-smm-red
196
No
dls
197
No
dls-mon
198
No
smux
199
No
src
200
No
at-rtmp
201
No
at-nbp
202
No
at-3-5-7-8
203
No
at-echo
204
No
at-zis
206
No
quickmail
209
No
z39-50
210
No
914c-g
211
No
anet
212
No
vmpwscs
214
No
softpc
215
No
cai-lic
216
No
dbase
217
No
mpp
218
No
uarps
219
No
imap3
220
No
fln-spx
221
No
rsh-spx
222
Yes
cdc
223
No
peer-direct
242
No
R ev isi o n 2. 0
340
C h ap t er B:
Application
(Continued)
Port/Protocol
Number
Automatically
Monitored?
sur-meas
243
No
daynachip
244
No
link
245
No
dsp3270
246
No
bh-fhs
248
No
ldap
389
Yes
https
443
Yes
smtps
465
No
exec
512
No
login
513
No
shell
514
No
printer
515
No
talk
517
No
ntalk
518
No
ibm-db2
523
No
uucp
540
No
rtsp
554
No
nntps
563
No
banyan-vip
573
No
alternate-http
591, 8008, 8080
No
sshell
614
No
ldaps
636
No
doom
666
No
ftps-data
989
No
ftps
990
No
telnets
992
No
ircs
994
No
pop3s
995
No
notes
1352
Yes
timbuktu-srv
1419
No
ms-sql-server
1433
No
ms-sql-monitor
1434
No
ms-sna-server
1477
No
ms-sna-base
1478
No
citrix-ica
1494
Yes
sybase_sqlany
1498
Yes
t-120
1503
No
341
Application
(Continued)
Port/Protocol
Number
Automatically
Monitored?
oracl-tns
1521, 1526, 1527
No
ingres-lock
1524
No
oracl-srv
1525
Yes
oracl-coauthor
1529
No
oracl-remdb
1571
No
oracl-names
1575
No
america-online
No
h323
1720
No
oracl-em1
1748
No
oracl-em2
1754
No
ms-streaming
1755
No
ms-sms
No
ms-mqs
1801, 2101, 2103,
2105
No
oracl-vp2
1808
No
oracl-vp1
1809
No
openwindows
2000
No
gupta-sqlbase
2155
No
cvs-pserver
2401
No
citrix-ica-sr
2598
No
sybase-sqlanywhere
2638
No
ccmail
3264
No
ms-terminal-server
3389
Yes
sap-r3
3200
No
ibm-db2-conn-svc
3700
No
ibm-db2-int-svc
3701
No
ichat
4020
No
pc-anywhere-data
5631
No
xwin
Yes
ircu
No
vdolive
7000
No
realaudio
7070
No
cu-seeme
alternate-rtsp
No
8554
the-palace
No
No
quake
26000
No
filenet-RPC
32769
No
R ev isi o n 2. 0
342
C h ap t er B:
Application
(Continued)
Port/Protocol
Number
Automatically
Monitored?
filenet-NCH
32770
No
kazaa
1214
No
gnutella-svc
6346
No
gnutella-rtr
6347
No
edonkey
4662
No
radius
1812
No
radius-acct
1813
No
groupwise
1677
No
smaclmgr
4660
No
nameserver
42
No
wins
1512
No
pcanywhere
65301
No
bittorent
winmx
No
6699, 6257
No
microsoft-ds
445
Yes
rlp
39
No
re-mail-ck
50
No
la-maint
51
No
bootps
67
No
bootpc
68
No
tftp
69
Yes
kerberos
88
Yes
cfdptkt
120
No
ntp
123
Yes
xdmcp
177
No
ipx-tunnel
213
No
subnet-bcast-tftp
247
No
backweb
370
No
timbuktu
407
No
biff
512
No
who
513
No
syslog
514
No
ip-xns-rip
520
No
streamworks-xingmpeg
1558
No
citrix-icabrowser
1604
No
h323-gatekeeper-disc
1718
No
343
Application
(Continued)
Port/Protocol
Number
Automatically
Monitored?
h323-gatekeeper-stat
1719
No
ms-mqs-discovery
1801
No
ms-mqs-ping
3527
No
rtp
5004
No
rtcp
5005
No
pc-anywhere-stat
5632
No
ivisit
9943, 9945, 56768
No
l2tp
1701
No
sgcp
2427
No
hsrp
1985
No
timed
525
No
nfs
2049
Yes
dhcp
546, 547, 647, 847
Yes
mimix-dr1
Yes
mimix-ha1
mimix-rj
Yes
3777
Yes
novel-netware-over-ip
396
Yes
icmp
1
Yes
igmp
2
Yes
ipencap
4
Yes
egp
8
Yes
igp
9
Yes
trunk-1
23
Yes
trunk-2
24
Yes
leaf-1
25
Yes
leaf-2
26
Yes
ipv6
41
Yes
rsvp
46
Yes
gre
47
Yes
ipv6-crypt
50
Yes
ipv6-auth
51
Yes
ipv6-icmp
58
Yes
eigrp
88
Yes
ospf
89
Yes
ipip
94
Yes
pim
103
Yes
scps
105
Yes
R ev isi o n 2. 0
344
C h ap t er B:
Application
(Continued)
Port/Protocol
Number
Automatically
Monitored?
ipcomp
108
Yes
ipx-in-ip
111
Yes
vrrp
112
Yes
l2tp-over-ip
115
Yes
stp
118
Yes
isis
124
Yes
Appendix C: Accelerator Integration
Integrating the Accelerator into environments in which third party applications run
on the network sometimes requires a certain amount of fine tuning. This appendix
describes various environments and applications and how to best set them for
Accelerator performance.
This appendix covers the following topics:
Acceleration and Citrix Traffic, on page 346
Configuring NetFlow, on page 355
Disabling Compression on SAP, on page 358
Calculating Acceleration Figures with an Application other than
ExpandView, on page 360
346
C h ap t er C:
Acceleration and Citrix Traffic
The Accelerator utilizes network resources efficiently and delivers improved
acceleration results for Citrix-hosted applications. Citrix users repeatedly access
the same content from the network. The Accelerator enhances support for Citrix
applications, because acceleration allows more Citrix data to traverse the WAN.
The Accelerator achieves this increase in throughput by:
Consolidating Citrix header data in pure IP implementations—IP
header represents significant overhead in small packets generated by
Citrix. It constitutes almost 30% of the Citrix packet. The Accelerator
removes repeat-header information and sends this data only once
across the network.
Consolidating Citrix payload in all environments—the Accelerator
extracts data from small packets originating from different Citrix users,
and sends packets optimized for specific WAN conditions. The
Accelerator eliminates all redundant data transmissions across the
WAN.
Controlling latency and jitter—the Accelerator reduces latency and
jitter, especially over slow WAN links that are commonly used for
Citrix deployments.
The end result is better, more consistent Citrix performance; and support of up to
four times more Citrix users on the existing infrastructure.
Citrix has its own internal compression mechanism. The results achieved by this
mechanism are not at all comparable to the throughput increase achieved by the
Accelerator. When accelerating Citrix traffic, Citrix’s internal compression
mechanism must be disabled so that the Accelerator can access the original data.
Disabling Citrix NFuse Compression
You can disable Citrix compression on each Citrix client PC, but disabling
compression via the WebUI will cause all links that are not accelerated to become
congested and unusable.
A cc el era ti on an d Ci t rix Tra f fi c
347
To disable Citrix compression:
1. Back up the current copy of the following files: template.ica, launch.vbs,
Clogin.vbs, Chtmllogin.vbs.
2. Copy the two ica files provided here into the following directory:
C:\Program Files\Citrix\NFuse
3. Copy the three vbs files into the following directory:
C:\inetpub\wwwroot\Citrix\MetaFrameXP\site\include\serverscripts
4. This will modify the Web Interface server by creating a drop-down menu on the
login page, which will allow users to specify which type of connection is required.
Any link connected to an Accelerator should be set to No Compression. Links not
connected to Accelerators should be set to With Compression.
5. Restart the World Wide Web service by opening a command prompt and typing:
iisreset
6. Select No Compression for all Accelerated clients in the Web Interface Login
page.
Disabling Citrix Encryption and
Compression
Citrix is a popular application installed on top of Microsoft’s Remote Desktop
Protocol (RDP) that was created in joint development by Microsoft and Citrix. Citrix,
also referred to as ICA, adds quite a few features that RDP does not have and
therefore is popular for terminal and thin client deployments.
Both RDP and Citrix can compress traffic sent to and from the servers. However,
these capabilities are limited, and do not perform as well as Expand’s Accelerator.
R ev isi o n 2. 0
348
C h ap t er C:
Both RDP and Citrix can encrypt traffic sent to and from the servers. However,
because encryption is random by definition, its very nature limits the ability of the
Accelerators to remove repetitive data.
Defining Settings on the Server
An administrator can set encryption and compression settings on the server for the
RDP and Citrix connections by modifying the protocol’s properties. For Encryption,
all Citrix and RDP communications to the server must meet the minimal encryption
settings of the ICA and RDP protocol listener. Settings made to the ICA or RDP
listener apply to all traffic and applications.
Setting/checking ICA or RDP listener traffic
To disable compression and encryption in RDP:
1. Open the Terminal Server Configuration console:
All Programs>Administrative Tools>Terminal Server Configuration.
2. In the Connections tab, double-click the RDP-Tcp connection.
3. The RDP-Tcp properties window opens
4. Under the General Tab, set the encryption level to Low.
5. Click OK, and close the configuration console.
349
To use group policies for disabling compression and
encryption in RDP:
1. Open the Default Domain Group Policies on the Domain Controller (AD)
2. Browse to Computer Configurations>Administrative Templates >Windows
Components>Terminal Services>Encryption and Security.
3. Double-click the “Set client connection encryption level” setting.
A properties window opens:
4. Select the option “Enabled” from the radio button.
5. Set the “Encryption Level” to “Low Level”
6. Click OK, and close the configuration console.
Once set, the setting will replicate to the environment. To speed up the process,
you can manually update the group policy by running the following command from
the command line:
gpupdate /force
R ev isi o n 2. 0
350
C h ap t er C:
To disable compression and encryption in Citrix:
1. Open the Citrix Connection Configuration tool and double click on the ICA-TCP
connection type.
2. Within the Advanced Connection Settings, set encryption to none.
3. For Published Applications, you can configure each application type individually
for encryption.
4. Open the Published Applications Manager tool and view the properties of the
application being used. Click on the Client tab and view the encryption required
from the Client. If the application is already published, the encryption required is
Read only. Publishing the application and recreating the application with the
lowest encryption level of Basic can remove encryption.
Setting the encryption level for Published Applications can require an identical
encryption level from the client. Any company that uses published applications
normally requires a certain encryption level via the Published Applications
Manager. These encryption levels are the same choices available on the client
(see below).
To disable compression and encryption in NFUSE and
NFUSE Elite Server:
Compression and encryption configurations are set during the publishing of the
application and are stored within a file called template.ica. The location of this file
can vary, however it is typically stored on the web server within the web directory
(if necessary, consult with a Citrix administrator for the specific location).
Compression is enabled by default even though there is not a specific entry within
the template.ica file that mentions this.
1. Edit the template.ica file by adding a line entered under the application name that
reads Compress=Off. If multiple applications exist, you have to enter multiple
times the command Compress=Off.
For additional information on turning off compression, see Citrix documentation:
CTX554864 and CTX101865.
2. To disable encryption, publish the application again with the lowest encryption
level of Basic.
3. In addition, if SSL certificates are used for creating secure web connections (web
connections that begin with HTTPS: instead of HTTP), SSL also provides
351
encryption for the session. Therefore, disabling encryption requires you to
remove SSL.
Speed Screen Latency Reduction Manager
SpeedScreen Latency Reduction Manager allows an administrator to enable
compression for an application depending on the latency of the connection. When
enabled, Citrix will monitor the round trip time for responses to and from the server
and client and enable compression when needed. Remove any configured
application by clicking Delete.
Defining Settings on the Client
For Citrix
NFUSE is controlled via the server, so no settings need to be altered on the client.
Custom Connections and Published Applications allow for changes to be made on
the clients. Each client has a Citrix Program Neighborhood that contains settings for
the connections that can override the settings on the server. For both of these,
deselect compression and set encryption to Basic.
Published applications use a ‘farm’ concept in which these applications can be
grouped together with settings that apply for all the applications. Within the farm
settings, a client can set the encryption and compression.
To disable compression and encryption for ‘farms’:
1. Right-click the farm and choose Application Set settings. Once the Properties
menu is displayed, click on the tab labelled Options to view and/or change the
settings.
2. Each specific published application can also have settings for encryption and
compression.
3. Right click the specific application and choose Application Set settings. Once
the Properties menu is displayed, click on the Options tab to view and or change
the settings.
4. Custom connections are created from the client, and you can use the Properties
page to set all settings during creation or afterwards.
Right-click the custom connection and choose Properties. Once you see the
Properties menu, click on the Options tab to view and/or change the settings.
R ev isi o n 2. 0
352
C h ap t er C:
For RDP
Only compression can be set on the client and not encryption as previously
discussed regarding the Citrix client. The place to set these values depends on
how the RDP session is being launched. For most environments this will be done
through the Client Connection Manager.
To disable compression on the RDP client:
1. Within the Client Connection Manager, right-click the connection and choose
Properties. Navigate to the Connection Options tab and deselect the box
labelled Enable data compression if it is selected.
2. When the session for RDP is launched from the ‘raw’ Terminal Services Client
icon, the option for compression is presented when choosing the server to log
into.
Turning Compression off in the
PNAgent Client
This section instructs you how to resolve the Citrix PNA problem by turning of
compression in the PNAgent client.
Understanding the PNA Problem
Citrix Program Neighborhood Agent (PNA) is a combination of published
applications and NFUSE. Data compression in the PNAgent is ON by default if the
value disabling it is not present.
Resolving the PNA Problem
Edit the PNAgent template.ica file on the Web Interface server. This template.ica file
is different than the one used by NFUSE, although the same is required for NFUSE
as well.
To edit the PNA template.ica file:
1. Access the template.ica file:
Default location: C:\Inetpub\wwwroot\Citrix\PNAgent\template.ica
353
If you are unsure of the location on your server, search for the PNAgent directory
and look there for a template.ica file.
2. Add the value Compress=Off under the Application tag, as follows:
[[NFuse_AppName]]
Address=[NFuse_AppServerAddress]
InitialProgram=#[NFuse_AppName]
LongCommandLine="[NFuse_AppCommandLine]"
DesiredColor=[NFuse_WindowColors]
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0
AutoLogonAllowed=On
Compress=Off.
Identifying Citrix Layer-7 Applications
Monitoring Citrix/ICA Layer-7 traffic requires each Layer-7 application running
through Citrix to open a separate TCP session; the Accelerator does not support
Citrix session sharing.
Citrix Applications work as follows: Applications are published, meaning that the
Administrator defines certain applications on the server for users to use on their
desktop. The Administrator also assigns names for these applications. The users
can either download the applications and their names from the server, or define
them manually.
When applications are downloaded, for each Citrix application session run between
the client and the server, Citrix creates a TCP session for running the application
and a UDP session that serves as a control for the application.
The Accelerator’s Layer-7 monitoring is aware of both of these sessions, and
identifies the open sessions by the new published application name. If Citrix is
configured to work in single-session (virtual channel) TCP, in which each application
does not open a new TCP session, the Accelerator is unable to access the Layer-7
information it needs.
i
NOTE: The Accelerator supports both Automatic and Direct Citrix application
discovery mode.
When applications are added manually, the Accelerator still has to monitor the
control session (UDP), which is never encrypted or compressed.
R ev isi o n 2. 0
354
C h ap t er C:
To disable session sharing in the Citrix server:
1. At the command prompt of the Citrix server, open the registry editor by entering
the regedit command.
2. Create the following entry in the server’s registry (which overrides session
sharing):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\C
itrix\WFSHELL\TWI
3. Add the following value:
Name: SeamlessFlags
Data type: REG_DWORD
Data value: 1
4. Setting this registry value to 1 overrides session sharing.
Note that this flag is SERVER GLOBAL.
WARNING! Editing the registry or using a Registry Editor incorrectly can
cause serious, system-wide problems that may require you to reinstall
!
Windows to correct them. Microsoft does not guarantee that problems
resulting from the incorrect use of Registry Editor can be solved. Back up
your registry first and use Registry Editor at your own risk.
NOTE: When creating Layer-7 Citrix applications in the Accelerator, the
application
names defined must match the application names exactly as
i
entered into the Citrix server
Due to this requirement, take into account the following considerations:
You are advised to create Citrix Layer-7 applications via the
Monitoring > Layer-7 Discovery menu, where traffic types are
collected and listed, instead of entering them manually.
All Citrix application names entered into the Accelerator must be in
ALL CAPS. This is because in some environments, when the client
communicates with the server, the client converts the published
application name to capitals.
Configuring NetFlow
C o nf i gu ri ng Ne tF lo w
355
The following configuration modifications are needed in order to use NetFlow with
the Expand Accelerator. While previous versions of AcceleratorOS included RMON,
the AcceleratorOS 6.0 and up integrates NetFlow support for detailed reporting.
This combination enables extracting statistics like in RMON’s Top Talker.
The main focus of NetFlow is Traffic Measurement, Traffic Monitoring, Network
Optimization and Planning and Detection of Network Security Violations, as follows.
Studying Traffic Measurement
Traffic Measurement measures usage of relevant traffic activities. NetFlow tracks
network usage, generating a series of statistics for hosts sending data through the
interface. The necessary information is collected by the host running NetFlow by
observing the traffic on the network. This arrangement offloads the processing
requirements from operational nodes to the NetFlow host. All packets in the subnet
are captured and associated with a sender/receiver pair, thereby letting you track all
traffic activities of a particular host. The following are some of the statistics and
reports that you can collect by using NetFlow Traffic Measurement:
DATA SENT /RECEIVED—(TOP 10) the total traffic (volume and
packets) generated or received by the host. The traffic is classified
according to network protocol (IP, IPX, AppleTalk, and so on) and IP
protocol (FTP, HTTP, NFS, and so on).
USED BANDWIDTH—Actual, average and peak bandwidth usage.
IP MULTICAST—Total amount of multicast traffic generated or
received by the host.
TCP SESSIONS HISTORY—Currently active TCP sessions
established/accepted by the host and associated traffic statistics.
UDP TRAFFIC—Total amount of UDP traffic sorted by port.
TCP/UDP - USED SERVICES—List of IP-based services (for example:
open and active ports) provided by the host with the list of the last five
hosts that used them.
TRAFFIC DISTRIBUTION—Local traffic, local to remote traffic, remote
to local traffic (local hosts are attached to the broadcast network).
IP TRAFFIC DISTRIBUTION—UDP vs. TCP traffic, relative distribution
of the IP protocols according to the host name.
R ev isi o n 2. 0
356
C h ap t er C:
Studying Traffic Monitoring
Traffic Monitoring lets you identify those situations where network traffic does not
comply with specified policies or when it exceeds a defined threshold. In general,
network administrators specify policies that apply to the behavior of elements in the
managed network.
If a monitoring tool has already been implemented on the network, it may be
possible to integrate NetFlow into the existing tool (for example, Concord, and HP
OpenView support NetFlow). Several open source NetFlow software platforms are
available for free download. Expand recommends NTop-XTRA, which can be
downloaded from http://www.openxtra.co.uk/products/ntop-xtra.htm
Some NetFlow collectors, such as Crannog’s NetFlow Monitor, require enabling
SNMP, because the graphs can be interface-based (IF.Index). The Accelerator’s
SNMP feature, even when enabled, does not include the IF.Index for flows because
the Accelerator functions as a bridge. Therefore, the NetFlow Monitor software
does not present any statistics when working with an Accelerator. Use software
that does not require the IF.Index. For example, Crannog software has another
Netflow collector called NetFlow Tracker, which does not require the IF.Index for
the Netflow statistics and works very well with the Accelerator.
When configuring NetFlow on the Accelerator, it is important to specify the version
number.
i
NOTE: Only NetFlow Version 5 is supported.
Configuring Accelerator NetFlow
accelerator#config
accelerator (config) #netflow
accelerator (NetFlow) #?
exit exit current node
ip ip NetFlow command
no remove collector
show show NetFlow parameters
Here is an example of the config needed if 172.16.80.21 is the PC running the
NetFlow application:
accelerator(NetFlow) ip flow-export 172.16.80.21 port 2055 version 5
interface ethernet 0/0
C o nf i gu ri ng Ne tF lo w
357
accelerator (NetFlow) # show
--------------------------------------------------------# | COLLECTOR IP | PORT | VERSION | INTERFACE
--------------------------------------------------------1| 172.16.80.21|2055
i
| 5
| Ethernet 0/0
NOTE: In On-Path installations, use Ethernet 0; in On-LAN installations use
Ethernet 0/1 when configuring NetFlow.
KNOWN LIMITATION—You can enable NetFlow only on ethernet or bridge and not
per link or virtual link.
You can configure only one NetFlow probe.
R ev isi o n 2. 0
358
C h ap t er C:
Disabling Compression on SAP
If SAP compression must be disabled in order to achieve higher Accelerator
efficiency, the following procedure describes how to disable SAP compression.
1. From My computer, click on Properties, or from the Control Panel click on
System.
2. Click on Advanced, followed by Environment Variables.
3. In the Environment Variables window, click the New button.
4. Type TDW_NOCOMPRESS in the Variable Name field, and 1 in the Variable Value
field.
D is ab li n g Co m p r es sio n o n S A P
359
To undo this procedure and restore SAP compression, delete this variable, or set
the Variable Value to 0.
R ev isi o n 2. 0
360
C h ap t er C:
Calculating Acceleration Figures with
an Application other than ExpandView
The following section explains how to calculate the acceleration percentage
achieved on the Accelerator via Excel, by using data captured from a Management
Application other than ExpandView. If you are using ExpandView to monitor
Accelerators, and capture the relevant data, ExpandView will automatically record
the acceleration values, and use the Throughput Recorder for generating the
graphs.
For these reasons it is preferable to use ExpandView for this purpose. Alternatively,
you can use the Private MIB to view acceleration figures via external applications,
such as What’s Up Gold, HP OpenView, or SNMPc, as follows:
accInterfacePerformanceInAccelerationPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.31
Full path:
iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).exp
andnetworks(
3405).acceleratorOs(3).accInterfaces(4).accInterfaceTable(2).a
ccInterfaceEnt
ry(1).accInterfacePerformanceInAccelerationPeriod(30)
Module: EXPAND-ACCLERETOROS-MIB
Description: Inbound traffic acceleration percentage during last sampling period.
accInterfacePerformanceOutAccelerationPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.34
Full path:
iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).exp
andnetworks(
3405).acceleratorOs(3).accInterfaces(4).accInterfaceTable(2).a
ccInterfaceEnt
ry(1).accInterfacePerformanceOutAccelerationPeriod(33)
Module: EXPAND-ACCLERETOROS-MIB
Description: Outbound traffic acceleration percentage during
last sampling period.
Ca lcu la t in g Ac ce le r at io n F ig u r es w i th a n A pp li ca ti on ot h er t ha n E x pan dVi ew
361
In AcceleratorOS versions lower than 4.0, in which the Private MIB was not
supported, using external applications to view acceleration statistics can be complex
and it may be necessary to follow the method outlined below to avoid errors being
generated by Excel.
Use the standard method for calculating the acceleration percentage:
((Raw Data/Accelerated Data)-1) x 100
In low traffic, when keepalives are sent and no data is transferred, this causes the
raw data to be low or the accelerated data to be high, causing Excel to return error
messages, or even negative acceleration figures, as seen in the screen capture
below:
Working with a small amount of data, this does not cause too much of a problem,
as it is quite easy to alter the resulting acceleration figure to a zero. However, when
working with a large amount of data, it will be almost impossible to remove all these
errors, thus resulting in a graph with gaps, and negative acceleration.
To avoid this, you can use the following formula:
=IF({Accelerated Data}=0,"0",IF({Raw Data}<{Accelerated Data},"0",((({Raw Data}/
{Acc. Data})-1)*100)))
Although this looks difficult, the “real” formula is: =IF(D2=0,"0",IF(C2<D2,"0",(((C2/
D2)-1)*100)))
In effect, what this formula tells Excel, is:
If the Accelerated Data value is 0, then the output, or acceleration percentage will
be 0, if the Raw Data value is less than the Accelerated data, then the output will
be 0. Only if neither of these statements is true will Excel calculate the acceleration
percentage.
Although this may be true in terms of the Accelerated Data value being zero, it is a
workaround enabling Excel to calculate the acceleration figures needed to produce
a graph.
R ev isi o n 2. 0
362
C h ap t er C:
Appendix D: MIME Types
Thousands of possible MIME types can be used as part of Web application
definition. For a definition of and information about MIME types, please see http://
www.faqs.org/rfcs/rfc2045.html,
http://www.iana.org/assignments/media-types and
http://www.faqs.org/rfcs/rfc2046.html.
This appendix provides a a list of some very common MIME types.
364
C h ap t er D:
Application
andrew-inset
applefile
atomicmail
batch-SMTP
beep+xml
cals-1840
cnrp+xml
commonground
cpl+xml
csta+xml
CSTAdata+xml
cybercash
dca-rft
dec-dx
dialog-info+xml
dicom
dns
dvcs
EDI-Consent
EDIFACT
EDI-X12
epp+xml
eshop
fits
font-tdpfr
http
hyperstudio
Ap p li ca ti on
365
iges
im-iscomposing+xml
index
index.cmd
index.obj
index.response
index.vnd
iotp
ipp
isup
kpml-request+xml
kpml-response+xml
mac-binhex40
macwriteii
marc
mathematica
mbox
mikey
mpeg4-generic
msword
news-message-id
news-transmission
ocsp-request
ocsp-response
octet-stream
oda
ogg
parityfec
pdf
R ev isi o n 2. 0
366
C h ap t er D:
pgp-encrypted
pgp-keys
pgp-signature
pidf+xml
pkcs10
pkcs7-mime
pkcs7-signature
pkix-cert
pkixcmp
pkix-crl
pkix-pkipath
postscript
prs.alvestrand.titrax-sheet
prs.cww
prs.nprend
prs.plucker
rdf+xml
qsig
reginfo+xml
remote-printing
resource-lists+xml
riscos
rls-services+xml
rtf
samlassertion+xml
samlmetadata+xml
sbml+xml
sdp
set-payment
Ap p li ca ti on
367
set-payment-initiation
set-registration
set-registration-initiation
sgml
sgml-open-catalog
shf+xml
sieve
simple-filter+xml
simple-message-summary
slate
soap+xml
spirits-event+xml
timestamp-query
timestamp-reply
tve-trigger
vemmi
vnd.3gpp.pic-bw-large
vnd.3gpp.pic-bw-small
vnd.3gpp.pic-bw-var
vnd.3gpp.sms
vnd.3M.Post-it-Notes
vnd.accpac.simply.aso
vnd.accpac.simply.imp
vnd.acucobol
vnd.acucorp
vnd.adobe.xfdf
vnd.aether.imp
vnd.amiga.ami
vnd.anser-web-certificate-issue-initiation
R ev isi o n 2. 0
368
C h ap t er D:
vnd.anser-web-funds-transfer-initiation
vnd.audiograph
vnd.blueice.multipass
vnd.bmi
vnd.businessobjects
vnd.canon-cpdl
vnd.canon-lips
vnd.cinderella
vnd.claymore
vnd.commerce-battelle
vnd.commonspace
vnd.cosmocaller
vnd.contact.cmsg
vnd.criticaltools.wbs+xml
vnd.ctc-posml
vnd.cups-postscript
vnd.cups-raster
vnd.cups-raw
vnd.curl
vnd.cybank
vnd.data-vision.rdz
vnd.dna
vnd.dpgraph
vnd.dreamfactory
vnd.dxr
vnd.ecdis-update
vnd.ecowin.chart
vnd.ecowin.filerequest
vnd.ecowin.fileupdate
Ap p li ca ti on
369
vnd.ecowin.series
vnd.ecowin.seriesrequest
vnd.ecowin.seriesupdate
vnd.enliven
vnd.epson.esf
vnd.epson.msf
vnd.epson.quickanime
vnd.epson.salt
vnd.epson.ssf
vnd.ericsson.quickcall
vnd.eudora.data
vnd.fdf
vnd.ffsns
vnd.fints
vnd.FloGraphIt
vnd.framemaker
vnd.fsc.weblaunch
vnd.fujitsu.oasys
vnd.fujitsu.oasys2
vnd.fujitsu.oasys3
vnd.fujitsu.oasysgp
vnd.fujitsu.oasysprs
vnd.fujixerox.ddd
vnd.fujixerox.docuworks
vnd.fujixerox.docuworks.binder
vnd.fut-misnet
vnd.genomatix.tuxedo
vnd.grafeq
vnd.groove-account
R ev isi o n 2. 0
370
C h ap t er D:
vnd.groove-help
vnd.groove-identity-message
vnd.groove-injector
vnd.groove-tool-message
vnd.groove-tool-template
vnd.groove-vcard
vnd.hbci
vnd.hcl-bireports
vnd.hhe.lesson-player
vnd.hp-HPGL
vnd.hp-hpid
vnd.hp-hps
vnd.hp-PCL
vnd.hp-PCLXL
vnd.httphone
vnd.hzn-3d-crossword
vnd.ibm.afplinedata
vnd.ibm.electronic-media
vnd.ibm.MiniPay
vnd.ibm.modcap
vnd.ibm.rights-management
vnd.ibm.secure-container
vnd.informix-visionary
vnd.intercon.formnet
vnd.intertrust.digibox
vnd.intertrust.nncp
vnd.intu.qbo
vnd.intu.qfx
vnd.ipunplugged.rcprofile
Ap p li ca ti on
371
vnd.irepository.package+xml
vnd.is-xpr
vnd.japannet-directory-service
vnd.japannet-jpnstore-wakeup
vnd.japannet-payment-wakeup
vnd.japannet-registration
vnd.japannet-registration-wakeup
vnd.japannet-setstore-wakeup
vnd.japannet-verification
vnd.japannet-verification-wakeup
vnd.jisp
vnd.kde.karbon
vnd.kde.kchart
vnd.kde.kformula
vnd.kde.kivio
vnd.kde.kontour
vnd.kde.kpresenter
vnd.kde.kspread
vnd.kde.kword
vnd.kenameaapp
vnd.kidspiration
vnd.Kinar
vnd.koan
vnd.liberty-request+xml
vnd.llamagraphics.life-balance.desktop
vnd.llamagraphics.life-balance.exchange+xml
vnd.lotus-1-2-3
vnd.lotus-approach
vnd.lotus-freelance
R ev isi o n 2. 0
372
C h ap t er D:
vnd.lotus-notes
vnd.lotus-organizer
vnd.lotus-screencam
vnd.lotus-wordpro
vnd.mcd
vnd.mediastation.cdkey
vnd.meridian-slingshot
vnd.mfmp
vnd.micrografx.flo
vnd.micrografx.igx
vnd.mif
vnd.minisoft-hp3000-save
vnd.mitsubishi.misty-guard.trustweb
vnd.Mobius.DAF
vnd.Mobius.DIS
vnd.Mobius.MBK
vnd.Mobius.MQY
vnd.Mobius.MSL
vnd.Mobius.PLC
vnd.Mobius.TXF
vnd.mophun.application
vnd.mophun.certificate
vnd.motorola.flexsuite
vnd.motorola.flexsuite.adsi
vnd.motorola.flexsuite.fis
vnd.motorola.flexsuite.gotap
vnd.motorola.flexsuite.kmr
vnd.motorola.flexsuite.ttc
vnd.motorola.flexsuite.wem
Ap p li ca ti on
373
vnd.mozilla.xul+xml
vnd.ms-artgalry
vnd.ms-asf
vnd.mseq
vnd.ms-excel
vnd.msign
vnd.ms-lrm
vnd.ms-powerpoint
vnd.ms-project
vnd.ms-tnef
vnd.ms-works
vnd.ms-wpl
vnd.musician
vnd.music-niff
vnd.nervana
vnd.netfpx
vnd.noblenet-directory
vnd.noblenet-sealer
vnd.noblenet-web
vnd.nokia.landmark+xml
vnd.nokia.landmark+wbxml
vnd.nokia.landmarkcollection+xml
vnd.nokia.radio-preset
vnd.nokia.radio-presets
vnd.novadigm.EDM
vnd.novadigm.EDX
vnd.novadigm.EXT
vnd.obn
vnd.omads-email+xml
R ev isi o n 2. 0
374
C h ap t er D:
vnd.omads-file+xml
vnd.omads-folder+xml
vnd.osa.netdeploy
vnd.palm
vnd.paos.xml
vnd.pg.format
vnd.picsel
vnd.pg.osasli
vnd.powerbuilder6
vnd.powerbuilder6-s
vnd.powerbuilder7
vnd.powerbuilder75
vnd.powerbuilder75-s
vnd.powerbuilder7-s
vnd.previewsystems.box
vnd.publishare-delta-tree
vnd.pvi.ptid1
vnd.pwg-multiplexed
vnd.pwg-xhtml-print+xml
vnd.Quark.QuarkXPress
vnd.rapid
vnd.RenLearn.rlprint
vnd.s3sms
vnd.sealed.doc
vnd.sealed.eml
vnd.sealed.mht
vnd.sealed.net
vnd.sealed.ppt
vnd.sealed.xls
Ap p li ca ti on
375
vnd.sealedmedia.softseal.html
vnd.sealedmedia.softseal.pdf
vnd.seemail
vnd.shana.informed.formdata
vnd.shana.informed.formtemplate
vnd.shana.informed.interchange
vnd.shana.informed.package
vnd.smaf
vnd.sss-cod
vnd.sss-dtf
vnd.sss-ntf
vnd.street-stream
vnd.sus-calendar
vnd.svd
vnd.swiftview-ics
vnd.syncml.ds.notification
vnd.syncml.+xml
vnd.triscape.mxs
vnd.trueapp
vnd.truedoc
vnd.ufdl
vnd.uiq.theme
vnd.uplanet.alert
vnd.uplanet.alert-wbxml
vnd.uplanet.bearer-choice
vnd.uplanet.bearer-choice-wbxml
vnd.uplanet.cacheop
vnd.uplanet.cacheop-wbxml
vnd.uplanet.channel
R ev isi o n 2. 0
376
C h ap t er D:
vnd.uplanet.channel-wbxml
vnd.uplanet.list
vnd.uplanet.listcmd
vnd.uplanet.listcmd-wbxml
vnd.uplanet.list-wbxml
vnd.uplanet.signal
vnd.vcx
vnd.vectorworks
vnd.vidsoft.vidconference
vnd.visio
vnd.visionary
vnd.vividence.scriptfile
vnd.vsf
vnd.wap.sic
vnd.wap.slc
vnd.wap.wbxml
vnd.wap.wmlc
vnd.wap.wmlscriptc
vnd.webturbo
vnd.wordperfect
vnd.wqd
vnd.wrq-hp3000-labelled
vnd.wt.stf
vnd.wv.csp+xml
vnd.wv.csp+wbxml
vnd.wv.ssp+xml
vnd.xara
vnd.xfdl
vnd.yamaha.hv-dic
Ap p li ca ti on
377
vnd.yamaha.hv-script
vnd.yamaha.hv-voice
vnd.yamaha.smaf-audio
vnd.yamaha.smaf-phrase
vnd.yellowriver-custom-menu
watcherinfo+xml
whoispp-query
whoispp-response
wita
wordperfect5.1
x400-bp
xhtml+xml
xml
xml-dtd
xml-external-parsed-entity
xmpp+xml
xop+xml
zip
R ev isi o n 2. 0
378
C h ap t er D:
Audio
3gpp
AMR
AMR-WB
basic
BV16
BV32
clearmode
CN
DAT12
dsr-es201108
dsr-es202050
dsr-es202211
dsr-es202212
DVI4
EVRC
EVRC0
EVRC-QCP
G722
G.722.1
G723
G726-16
G726-24
G726-32
G726-40
G728
G729
G729D
Au d io
379
G729E
GSM
GSM-EFR
iLBC
L8
L16
L20
L24
LPC
MPA
MP4A-LATM
mpa-robusta
mpeg
mpeg4-generic
parityfec
PCMA
PCMU
prs.sid
QCELP
RED
SMV
SMV0
SMV-QCP
telephone-event
tone
VDVI
vnd.3gpp.iufp
vnd.audiokoz
vnd.cisco.nse
R ev isi o n 2. 0
380
C h ap t er D:
vnd.cns.anp1
vnd.cns.inf1
vnd.digital-winds
vnd.everad.plj
vnd.lucent.voice
vnd.nokia.mobile-xmf
vnd.nortel.vbk
vnd.nuera.ecelp4800
vnd.nuera.ecelp7470
vnd.nuera.ecelp9600
vnd.octel.sbc
vnd.rhetorex.32kadpcm
vnd.sealedmedia.softseal.mpeg
vnd.vmx.cvsd
Image
I m ag e
381
cgm
fits
g3fax
gif
ief
jp2
jpeg
jpm
jpx
naplps
png
prs.btif
prs.pti
t38
tiff
tiff-fx
vnd.cns.inf2
vnd.djvu
vnd.dwg
vnd.dxf
vnd.fastbidsheet
vnd.fpx
vnd.fst
vnd.fujixerox.edmics-mmr
vnd.fujixerox.edmics-rlc
vnd.globalgraphics.pgb
vnd.microsoft.icon
R ev isi o n 2. 0
382
C h ap t er D:
vnd.mix
vnd.ms-modi
vnd.net-fpx
vnd.sealed.png
vnd.sealedmedia.softseal.gif
vnd.sealedmedia.softseal.jpg
vnd.svf
vnd.wap.wbmp
vnd.xiff
M e ssage
Me ss ag e
383
CPIM
delivery-status
disposition-notification
external-body
http
news
partial
rfc822
s-http
sip
sipfrag
tracking-status
R ev isi o n 2. 0
384
C h ap t er D:
Model
iges
mesh
vnd.dwf
vnd.flatland.3dml
vnd.gdl
vnd.gs-gdl
vnd.gtw
vnd.mts
vnd.parasolid.transmit.binary
vnd.parasolid.transmit.text
vnd.vtu
vrml
Multipart
M ul ti part
385
alternative
appledouble
byteranges
digest
encrypted
form-data
header-set
mixed
parallel
related
report
signed
voice-message
R ev isi o n 2. 0
386
C h ap t er D:
Text
calendar
css
csv
directory
dns
ecmascript (obsolete)
enriched
example
html
javascript (obsolete)
parityfec
plain
RED
rfc822-headers
richtext
rtx
sgml
t140
troff
uri-list
vnd.IPTC.NewsML [IPTC]
vnd.IPTC.NITF [IPTC] xml
xml-external-parsed-entity
Video
Vid eo
387
3gpp
3gpp2
3gpp-tt
BMPEG
BT656
CelB
DV
example
H261
H263
H263-1998
H263-2000
H264
JPEG
MJ2
MP1S
MP2P
MP2T
mp4
MP4V-ES
MPV
mpeg
mpeg4-generic
nv
parityfec
pointer
raw
R ev isi o n 2. 0
388
C h ap t er D:
rtx
SMPTE292M
vc1 [
Appendix E: Contacting TAC
Expand Networks is dedicated to delivering both excellent products and customer
support. From our Technical Assistance Center (TAC) to our online Knowledge
Base, we are committed to solving your networking problems. TAC is available to
all partners and registered customers and allows posting support inquiries directly
to Expand’s help desk.
The Expand Technical Assistance Center provides around-the-clock support to
customers worldwide. Customer call center agents answer calls and dispatch
problems to Support Engineers (SEs) for resolution. The SE becomes the call
owner and is responsible for ensuring that the problem is addressed and fixed
quickly. You can open Priority 1 and 2 cases by calling TAC; to open Priority 3
cases, use Expand’s Extranet or Channel Portal.
The TAC works closely with customers to isolate and replicate problems. In a
critical network-down problem, TAC SEs work with customers until their problems
are resolved. In other instances, SEs may replicate a customer's environment in
the TAC laboratory. When deemed necessary, SEs may involve R&D engineers in
order to ensure that problem cases are resolved to the customer's satisfaction. The
TAC includes highly trained engineers, including Cisco Certified Internetwork
Experts (CCIEs) and Microsoft Certified Professionals (MCPs).
390
C h ap t er E :
Expand Networks wishes to offer you the best tech support it can. To do this, call
our toll free TAC number at:
International: +1‐920‐490‐7337 North America: +1‐877‐4‐EXPAND (877‐439‐7263) UK: +08 0 0 404 9 236 Ireland: +18 0 0559 803 Netherlands: +08 0 0 023 3 047 France: +08 0 0906 560
When contacting the TAC, it is essential that information about the nature of the
problem be at your disposal. To gather Accelerator troubleshooting information, use
the show tech-support command as described above.
Appendix F: tcpdump Optional Flags
You may encounter several TCP flags when using tcpdump. The AcceleratorOS
supports the following flags: -A, -e, -f, -l, -O, -p, -q, -R, -S, -t, -u, -v, -x, -X.
This chapter describes the uses of each of these flags.
i
NOTE:The -a flag is not supported when ethereal is used.
-A
Print each packet (minus its link level header) in ASCII. Handy for capturing web
pages.
-e
Print the link-level header on each dump line.
-f
Print `foreign' IPv4 addresses numerically rather than symbolically (this option is
intended to get around serious brain damage in Sun's NIS server --- usually it
hangs forever translating non-local internet numbers).
The test for `foreign' IPv4 addresses is done using the IPv4 address and netmask
of the interface on which capture is being done. If that address or netmask are not
available, either because the interface on which capture is being done has no
address or netmask or because the capture is being done on the Linux "any"
interface, which can capture on more than one interface, this option will not work
correctly.
-l
Make stdout line buffered. Useful if you want to see the data while capturing it.
i
NOTE: The use of the -l flag by the ‘|’ pipe is not supported in the WebUI, and
any attempt for such a use results in an error message.
-O
392
C h ap t er F:
Do not run the packet-matching code optimizer. This is useful only if you suspect a
bug in the optimizer.
-p
Don't put the interface into promiscuous mode. Note that the interface might be in
promiscuous mode for some other reason; hence, `-p' cannot be used as an
abbreviation for èther host {local-hw-addr} or ether broadcast'.
-q
Quick (quiet?) output. Print less protocol information so output lines are shorter.
-R
Assume ESP/AH packets to be based on old specification (RFC1825 to RFC1829).
If specified, tcpdump will not print replay prevention field. Since there is no protocol
version field in ESP/AH specification, tcpdump cannot deduce the version of ESP/
AH protocol.
-S
Print absolute, rather than relative, TCP sequence numbers.
-t
Don't print a timestamp on each dump line.
-u
Print undecoded NFS handles.
-v
When parsing and printing, produce (slightly more) verbose output. For example,
the time to live, identification, total length and options in an IP packet are printed.
Also enables additional packet integrity checks such as verifying the IP and ICMP
header checksum.
When writing to a file with the -w option, report, every 10 seconds, the number of
packets captured.
-x
Print each packet (minus its link level header) in hex. The smaller of the entire
packet or snaplen bytes will be printed. Note that this is the entire link-layer packet,
so for link layers that pad (For example Ethernet), the padding bytes will also be
printed when the higher layer packet is shorter than the required padding.
-X
393
Print each packet (minus its link level header) in hex and ASCII. This is very handy
for analyzing new protocols.
type
qualifiers say what kind of thing the id name or number refers to. Possible types are
host, net and port. For example, `host foo', `net 128.3', `port 20'. If there is no type
qualifier, host is assumed.
dir
qualifiers specify a particular transfer direction to and/or from id. Possible directions
are src, dst, src or dst and src and dst. For example, `src foo', `dst net 128.3', `src
or dst port ftp-data'. If there is no dir qualifier, src or dst is assumed. For some link
layers, such as SLIP and the ``cooked'' Linux capture mode used for the `àny''
device and for some other device types, the inbound and outbound qualifiers can
be used to specify a desired direction.
proto
qualifiers restrict the match to a particular protocol. Possible protos are: ether, fddi,
tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp. For example, èther src foo', àrp net
128.3', `tcp port 21'. If there is no proto qualifier, all protocols consistent with the
type are assumed. For example, `src foo' means `(ip or arp or rarp) src foo' (except
the latter is not legal syntax), `net bar' means `(ip or arp or rarp) net bar' and `port
53' means `(tcp or udp) port 53'.
[`fddi' is actually an alias for èther'; the parser treats them identically as meaning
``the data link level used on the specified network interface.'' FDDI headers contain
Ethernet-like source and destination addresses, and often contain Ethernet-like
packet types, so you can filter on these FDDI fields just as with the analogous
Ethernet fields. FDDI headers also contain other fields, but you cannot name them
explicitly in a filter expression.
Similarly, `tr' and `wlan' are aliases for èther'; the previous paragraph's statements
about FDDI headers also apply to Token Ring and 802.11 wireless LAN headers.
For 802.11 headers, the destination address is the DA field and the source address
is the SA field; the BSSID, RA, and TA fields aren't tested.]
In addition to the above, there are some special `primitive' keywords that don't
follow the pattern: gateway, broadcast, less, greater and arithmetic expressions. All
of these are described below.
R ev isi o n 2. 0
394
More complex filter expressions are built up by using the words and, or and not to
combine primitives. For example, `host foo and not port ftp and not port ftp-data'. To
save typing, identical qualifier lists can be omitted. For example, `tcp dst port ftp or
ftp-data or domain' is exactly the same as `tcp dst port ftp or tcp dst port ftp-data or
tcp dst port domain'.
Allowable primitives are:
dst host host
True if the IPv4/v6 destination field of the packet is host, which may be either an
address or a name.
src host host
True if the IPv4/v6 source field of the packet is host.
host host
True if either the IPv4/v6 source or destination of the packet is host. Any of the
above host expressions can be prepended with the keywords, ip, arp, rarp, or ip6
as in:
ip host host
which is equivalent to:
ether proto \ip and host host
If host is a name with multiple IP addresses, each address will be checked for a
match.
ether dst ehost
True if the ethernet destination address is ehost. Ehost may be either a name from
/etc/ethers or a number (see ethers(3N) for numeric format).
ether src ehost
True if the ethernet source address is ehost.
ether host ehost
True if either the ethernet source or destination address is ehost.
gateway host
R ev isi o n 2. 0
395
C h ap t er F:
True if the packet used host as a gateway. I.e., the ethernet source or destination
address was host but neither the IP source nor the IP destination was host. Host
must be a name and must be found both by the machine's host-name-to-IPaddress resolution mechanisms (host name file, DNS, NIS, etc.) and by the
machine's host-name-to-Ethernet-address resolution mechanism (/etc/ethers, etc.).
(An equivalent expression is
ether host ehost and not host host
which can be used with either names or numbers for host / ehost.) This syntax
does not work in IPv6-enabled configuration at this moment.
dst net net
True if the IPv4/v6 destination address of the packet has a network number of net.
Net may be either a name from /etc/networks or a network number (see
networks(4) for details).
src net net
True if the IPv4/v6 source address of the packet has a network number of net.
net net
True if either the IPv4/v6 source or destination address of the packet has a
network number of net.
net net mask netmask
True if the IP address matches net with the specific netmask. May be qualified with
src or dst. Note that this syntax is not valid for IPv6 net.
net net/len
True if the IPv4/v6 address matches net with a netmask len bits wide. May be
qualified with src or dst.
dst port port
True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a destination port
value of port. The port can be a number or a name used in /etc/services (see
tcp(4P) and udp(4P)). If a name is used, both the port number and protocol are
checked. If a number or ambiguous name is used, only the port number is checked
(For example, dst port 513 will print both tcp/login traffic and udp/who traffic, and
port domain will print both tcp/domain and udp/domain traffic).
src port port
True if the packet has a source port value of port.
port port
396
True if either the source or destination port of the packet is port. Any of the above
port expressions can be prepended with the keywords, tcp or udp, as in:
tcp src port port
which matches only tcp packets whose source port is port.
less length
True if the packet has a length less than or equal to length. This is equivalent to:
len <= length.
greater length
True if the packet has a length greater than or equal to length. This is equivalent to:
len >= length.
ip proto protocol
True if the packet is an IP packet (see ip(4P)) of protocol type protocol. Protocol
can be a number or one of the names icmp, icmp6, igmp, igrp, pim, ah, esp, vrrp,
udp, or tcp. Note that the identifiers tcp, udp, and icmp are also keywords and must
be escaped via backslash (\), which is \\ in the C-shell. Note that this primitive does
not chase the protocol header chain.
ip6 proto protocol
True if the packet is an IPv6 packet of protocol type protocol. Note that this
primitive does not chase the protocol header chain.
ip6 protochain protocol
True if the packet is IPv6 packet, and contains protocol header with type protocol in
its protocol header chain. For example,
ip6 protochain 6
matches any IPv6 packet with TCP protocol header in the protocol header chain.
The packet may contain, for example, authentication header, routing header, or hopby-hop option header, between IPv6 header and TCP header. The BPF code
emitted by this primitive is complex and cannot be optimized by BPF optimizer code
in tcpdump, so this can be somewhat slow.
ip protochain protocol
Equivalent to ip6 protochain protocol, but this is for IPv4.
ether broadcast
True if the packet is an ethernet broadcast packet. The ether keyword is optional.
R ev isi o n 2. 0
397
C h ap t er F:
ip broadcast
True if the packet is an IPv4 broadcast packet. It checks for both the all-zeroes and
all-ones broadcast conventions, and looks up the subnet mask on the interface on
which the capture is being done.
If the subnet mask of the interface on which the capture is being done is not
available, either because the interface on which capture is being done has no
netmask or because the capture is being done on the Linux "any" interface, which
can capture on more than one interface, this check will not work correctly.
ether multicast
True if the packet is an ethernet multicast packet. The ether keyword is optional.
This is shorthand for èther[0] & 1 != 0'.
ip multicast
True if the packet is an IP multicast packet.
ip6 multicast
True if the packet is an IPv6 multicast packet.
ether proto protocol
True if the packet is of ether type protocol. Protocol can be a number or one of the
names ip, ip6, arp, rarp, atalk, aarp, decnet, sca, lat, mopdl, moprc, iso, stp, ipx, or
netbeui. Note these identifiers are also keywords and must be escaped via
backslash (\).
[In the case of FDDI (For example, `fddi protocol arp'), Token Ring (For example,
`tr protocol arp'), and IEEE 802.11 wireless LANS (For example, `wlan protocol
arp'), for most of those protocols, the protocol identification comes from the 802.2
Logical Link Control (LLC) header, which is usually layered on top of the FDDI,
Token Ring, or 802.11 header.
When filtering for most protocol identifiers on FDDI, Token Ring, or 802.11,
tcpdump checks only the protocol ID field of an LLC header in so-called SNAP
format with an Organizational Unit Identifier (OUI) of 0x000000, for encapsulated
Ethernet; it doesn't check whether the packet is in SNAP format with an OUI of
0x000000. The exceptions are:
iso
tcpdump checks the DSAP (Destination Service Access Point) and SSAP (Source
Service Access Point) fields of the LLC header;
stp and netbeui
tcpdump checks the DSAP of the LLC header;
398
atalk
tcpdump checks for a SNAP-format packet with an OUI of 0x080007 and the
AppleTalk etype.
In the case of Ethernet, tcpdump checks the Ethernet type field for most of those
protocols. The exceptions are:
iso, sap, and netbeui
tcpdump checks for an 802.3 frame and then checks the LLC header as it does for
FDDI, Token Ring, and 802.11;
atalk
tcpdump checks both for the AppleTalk etype in an Ethernet frame and for a SNAPformat packet as it does for FDDI, Token Ring, and 802.11;
aarp
tcpdump checks for the AppleTalk ARP etype in either an Ethernet frame or an
802.2 SNAP frame with an OUI of 0x000000;
ipx
tcpdump checks for the IPX etype in an Ethernet frame, the IPX DSAP in the LLC
header, the 802.3-with-no-LLC-header encapsulation of IPX, and the IPX etype in a
SNAP frame.
decnet src host
True if the DECNET source address is host, which may be an address of the form
``10.123'', or a DECNET host name. [DECNET host name support is only available
on ULTRIX systems that are configured to run DECNET.]
decnet dst host
True if the DECNET destination address is host.
decnet host host
True if either the DECNET source or destination address is host.
ifname interface
True if the packet was logged as coming from the specified interface (applies only
to packets logged by OpenBSD's pf(4)).
on interface
Synonymous with the ifname modifier.
rnr num
R ev isi o n 2. 0
399
C h ap t er F:
True if the packet was logged as matching the specified PF rule number (applies
only to packets logged by OpenBSD's pf(4)).
rulenum num
Synonomous with the rnr modifier.
reason code
True if the packet was logged with the specified PF reason code. The known codes
are: match, bad-offset, fragment, short, normalize, and memory (applies only to
packets logged by OpenBSD's pf(4)).
rset name
True if the packet was logged as matching the specified PF ruleset name of an
anchored ruleset (applies only to packets logged by pf(4)).
ruleset name
Synonomous with the rset modifier.
srnr num
True if the packet was logged as matching the specified PF rule number of an
anchored ruleset (applies only to packets logged by pf(4)).
subrulenum num
Synonomous with the srnr modifier.
action act
True if PF took the specified action when the packet was logged. Known actions
are: pass and block (applies only to packets logged by OpenBSD's pf(4)).
ip, ip6, arp, rarp, atalk, aarp, decnet, iso, stp, ipx, netbeui
Abbreviations for:
ether proto p
where p is one of the above protocols.
lat, moprc, mopdl
Abbreviations for:
ether proto p
where p is one of the above protocols. Note that tcpdump does not currently know
how to parse these protocols.
vlan [vlan_id]
400
True if the packet is an IEEE 802.1Q VLAN packet. If [vlan_id] is specified, only
true is the packet has the specified vlan_id. Note that the first vlan keyword
encountered in expression changes the decoding offsets for the remainder of
expression on the assumption that the packet is a VLAN packet.
tcp, udp, icmp
Abbreviations for:
ip proto p or ip6 proto p
iso proto protocol
True if the packet is an OSI packet of protocol type protocol. Protocol can be a
number or one of the names clnp, esis, or isis.
clnp, esis, isis
Abbreviations for:
iso proto p
l1, l2, iih, lsp, snp, csnp, psnp
Abbreviations for IS-IS PDU types.
vpi n
True if the packet is an ATM packet, for SunATM on Solaris, with a virtual path
identifier of n.
vci n
True if the packet is an ATM packet, for SunATM on Solaris, with a virtual channel
identifier of n.
lane
True if the packet is an ATM packet, for SunATM on Solaris, and is an ATM LANE
packet. Note that the first lane keyword encountered in expression changes the
tests done in the remainder of expression on the assumption that the packet is
either a LANE emulated Ethernet packet or a LANE LE Control packet. If lane isn't
specified, the tests are done under the assumption that the packet is an LLCencapsulated packet.
llc
True if the packet is an ATM packet, for SunATM on Solaris, and is an LLCencapsulated packet.
R ev isi o n 2. 0
401
C h ap t er F:
oamf4s
True if the packet is an ATM packet, for SunATM on Solaris, and is a segment
OAM F4 flow cell (VPI=0 & VCI=3).
oamf4e
True if the packet is an ATM packet, for SunATM on Solaris, and is an end-to-end
OAM F4 flow cell (VPI=0 & VCI=4).
oamf4
True if the packet is an ATM packet, for SunATM on Solaris, and is a segment or
end-to-end OAM F4 flow cell (VPI=0 & (VCI=3 | VCI=4)).
oam
True if the packet is an ATM packet, for SunATM on Solaris, and is a segment or
end-to-end OAM F4 flow cell (VPI=0 & (VCI=3 | VCI=4)).
metac
True if the packet is an ATM packet, for SunATM on Solaris, and is on a meta
signaling circuit (VPI=0 & VCI=1).
bcc
True if the packet is an ATM packet, for SunATM on Solaris, and is on a broadcast
signaling circuit (VPI=0 & VCI=2).
sc
True if the packet is an ATM packet, for SunATM on Solaris, and is on a signaling
circuit (VPI=0 & VCI=5).
ilmic
True if the packet is an ATM packet, for SunATM on Solaris, and is on an ILMI
circuit (VPI=0 & VCI=16).
connectmsg
True if the packet is an ATM packet, for SunATM on Solaris, and is on a signaling
circuit and is a Q.2931 Setup, Call Proceeding, Connect, Connect Ack, Release, or
Release Done message.
metaconnect
True if the packet is an ATM packet, for SunATM on Solaris, and is on a meta
signaling circuit and is a Q.2931 Setup, Call Proceeding, Connect, Release, or
Release Done message.
expr relop expr
402
True if the relation holds, where relop is one of >, <, >=, <=, =, !=, and expr is an
arithmetic expression composed of integer constants (expressed in standard C
syntax), the normal binary operators [+, -, *, /, &, |, <<, >>], a length operator, and
special packet data accessors. To access data inside the packet, use the following
syntax:
proto [ expr : size ]
Proto is one of ether, fddi, tr, wlan, ppp, slip, link, ip, arp, rarp, tcp, udp, icmp or ip6,
and indicates the protocol layer for the index operation. (ether, fddi, wlan, tr, ppp,
slip and link all refer to the link layer.) Note that tcp, udp and other upper-layer
protocol types only apply to IPv4, not IPv6 (this will be fixed in the future). The byte
offset, relative to the indicated protocol layer, is given by expr. Size is optional and
indicates the number of bytes in the field of interest; it can be either one, two, or
four, and defaults to one. The length operator, indicated by the keyword len, gives
the length of the packet.
For example, èther[0] & 1 != 0' catches all multicast traffic. The expression ìp[0] &
0xf != 5' catches all IP packets with options. The expression ìp[6:2] & 0x1fff = 0'
catches only unfragmented datagrams and frag zero of fragmented datagrams. This
check is implicitly applied to the tcp and udp index operations. For instance, tcp[0]
always means the first byte of the TCP header, and never means the first byte of
an intervening fragment.
Some offsets and field values may be expressed as names rather than as numeric
values. The following protocol header field offsets are available: icmptype (ICMP
type field), icmpcode (ICMP code field), and tcpflags (TCP flags field).
The following ICMP type field values are available: icmp-echoreply, icmp-unreach,
icmp-sourcequench, icmp-redirect, icmp-echo, icmp-routeradvert, icmp-routersolicit,
icmp-timxceed, icmp-paramprob, icmp-tstamp, icmp-tstampreply, icmp-ireq, icmpireqreply, icmp-maskreq, icmp-maskreply.
The following TCP flags field values are available: tcp-fin, tcp-syn, tcp-rst, tcp-push,
tcp-ack, tcp-urg.
R ev isi o n 2. 0
403
C h ap t er F:
404
R ev isi o n 2. 0
Appendix G: Specifications and Warranty
Updated Specifications are found on the Expand Networks website. Click the
series number below to be directed to the proper document.
The following model numbers and topics are available:
Accelerator 6800 / 6900 Series
Accelerator 7900 Series
Standards
Terms and Conditions of Sale
406
C h ap t er G :
6830
6840
6930
6940
Ac ce le rat o r 1 600 / 18 00 Se rie s
407
1820
1610
R ev isi o n 2. 0
408
C h ap t er G :
4830
4820
4930
4920
Accelerator 7900 Series
Ac ce ler at or 79 00 Se rie s
409
7940
7930
R ev isi o n 2. 0
410
C h ap t er G :
Standards
RFC / Standard List
Modules
RFC /Standard #
Router Protocols
RIP
1058
RIPv2
1723, 2082
OSPFv2
2328, 2370
WCCP
3040
Router Polling
2096
Spanning Tree
Protocol
IEEE 802.1D
Networking
VLAN 802.1Q
IEEE 802.1Q
HSRP
2281
VRRP
3768
SCPS
ISO 15893:2000
CCSDS-714.0-B-1
MIL-STD-2045-44000
NetFlow
3954
DNS Acceleration
1034, 1035, 2181
MIB-2
1213
Management
Telnet COM port
2217
Telnet service
818
TFTP
1350
FTP
959
HTTP, HTTPS
2045, 2616, 2818
NTP
1361
SSH, SCTF, SFTP
IETF drafts
HMAC
2104 (HMAC),
2403(96), 2404 (96),
1321 (MD5)
HMAC
2404
MD5 Signing
1321
Radius
2138, 2865
TACACS+
1492
Security
Sta n da rd s
411
HW
Safety approvals
UL 1950,
CAN/CSA C22.2,
EN60950/A4,
No. 950-95
EMC approvals
FCC Part 15 Class B
EN55022:1998 Class B
EN55024:1998
IEC EN61000-4-2:1995
IEC EN61000-4-3:1995
IEC EN61000-4-4:1995
IEC EN61000-4-5:1995
IEC EN61000-4-6:1996
IEC EN61000-411:1994
IEC EN61000-3-2:2000
IEC EN61000-3-3:1995
CISPR16-1:1999
CISPR16-2:1999
ITU
IEC 60950-1:2001, EN
60950-1:2001.
QMS
ISO 9001:2000, EN
46001, ISO 13485
Manufacturing
ISO 9000
Environmental and
Vibration tests
ETSI EN 3000192(1999-09), ESTI EN
300019-2(1994),
Bellcore standard: GR63-ORE.
MTBF
Telcordia (Bellcore)
R ev isi o n 2. 0
412
C h ap t er G :
Terms and Conditions of Sale
Please read these terms and conditions carefully before using the product. By using the product you agree to be
bound by the terms and conditions of this agreement. If you do not agree with the provisions of these terms and
conditions, promptly return the unused products, manual, and related equipment (with proof of payment) to the
place of purchase for a full refund.
Acceptance
These terms and conditions of sale (“Terms and Conditions”) are the terms and conditions upon which Expand
Networks, Ltd. and its affiliates and subsidiaries (together “Expand“) make all sales. Expand will not accept any
other terms and conditions of sale, unless Purchaser and Expand have executed an agreement that expressly
supersedes and replaces these Terms and Conditions. Acceptance of all purchase orders is expressly made
conditional upon Purchaser's assent, expressed or implied, to the Terms and Conditions set forth herein without
modification or addition. Purchaser's acceptance of these Terms and Conditions shall be indicated by Purchaser's
acceptance of any shipment of any part of the items specified for delivery (the “Products”) or any other act or
expression of acceptance by Purchaser. Expand's acceptance is expressly limited to the Terms and Conditions
hereof in their entirety without addition, modification or exception, and any term, condition or proposals hereafter
submitted by Purchaser (whether oral or in writing) which is inconsistent with or in addition to the Terms and
Conditions set forth hereon is objected to and is hereby rejected by Expand.
Price and Payment
The Purchaser agrees to pay the purchase price for the Products as set forth in Expand's invoice on the date of
installation. Purchaser shall bear all applicable federal, state, municipal and other government taxes (such as
sales, use and similar taxes), as well as import or customs duties, license fees and similar charges, however
designated or levied on the sale of the Products (or the delivery thereof) or measured by the purchase price paid
for the Products. (Expand's prices set forth on the front side of the invoice does not include such taxes, fees and
charges.) Unless otherwise specified, payment terms are COD in United States Dollars. Expand, at its discretion,
may require reasonable advance assurances of payment through irrevocable bank letters of credit or otherwise. All
unpaid invoices shall bear interest at an amount equal to 1-1/2% of the outstanding balance per month (or the
maximum rate of interest allowed to be contracted for by law, whichever is less), commencing upon the date
payment is due. Expand shall have no continuing obligation to deliver Products on credit, and any credit approval
may be withdrawn by Expand at any time and without prior notice.
Title and Security Interest
Title to the Products shall vest in the Purchaser upon date of shipment of the Products to Purchaser. Expand shall
retain a security interest in the Products until the Products price and all other monies payable hereunder are paid
in full. The Purchaser shall execute, upon request by Expand, financing statements deemed necessary or
desirable by Expand to perfect its security interest in the Products. Purchaser authorizes Expand to file a copy of
the invoice, these Terms and Conditions or a financing statement with the appropriate state authorities at any time
thereafter as a financing statement in order to perfect Expand's security interest. A financing statement may be
filed without Purchaser's signature on the basis of Expand's invoice or these Terms and Conditions where
permitted by law. Purchaser shall keep the Products in good order and condition until the purchase price has been
paid in full and shall promptly pay all taxes and assessments upon the Products or use of the Products.
Ter m s an d C o nd it i on s o f S al e
413
Risk of Loss
Risk of loss or damage to the Products shall pass to the Purchaser upon delivery of the Products to the common
carrier, regardless of whether the purchase price has been paid in full. Unless advised otherwise, Expand may
insure the Products shipped to full value and all such insurance costs shall be for the Purchaser's account. The
Purchaser shall inspect the Products immediately upon receipt and shall promptly file any applicable claims with the
carrier when there is evidence of damage during shipping.
Warranty
Expand warrants to the purchaser for a period of ninety (90) days from shipment that the products shall be free
from defects in material and workmanship and shall perform in substantial conformance with specifications
published by Expand. Expand's obligations under these terms and conditions shall be limited solely to Expand
making, at Expand's cost and expense, such repairs and replacements as are necessary to place the products in
good working order and to conform the products to Expand's published specifications. This warranty is in lieu of all
other warranties, express or implied, including without limitation, implied warranties of merchantability and fitness
for a particular purpose.
Product Returns
Return of Products purchased hereunder shall be governed by Expand's RMA policies in effect on the date of the
invoice. Expand reserves the right to modify or eliminate such policies at any time. The right to return defective
Products, as previously described, shall constitute Expand's sole liability and Purchaser's exclusive remedy in
connection with any claim of any kind relating to the quality, condition or performance of any Product, whether such
claim is based upon principles of contract, warranty, negligence or other tort, breach of any statutory duty,
principles of indemnity or contribution, the failure of any limited or exclusive remedy to achieve its essential
purpose, or otherwise. In the event Expand issues a return authorization to Purchaser allowing Purchaser to return
Product to Expand, Purchaser will deliver the Product to Expand's address in the United States, if so required by
Expand, and Purchaser shall bear all applicable federal, state, municipal and other government taxes (such as
sales, use and similar taxes) as well as import or customs duties, license fees and similar charges, however
designated or levied, on any replacement Product to be shipped by Expand to Purchaser.
License Grant
The Products, though primarily composed of hardware components, contain software that is proprietary to Expand
or its licensors. Expand hereby grants to Purchaser, and Purchaser accepts, a personal nonexclusive,
nontransferable license to use the Program, in object code form only, and the accompanying documentation
(collectively referred to as the “Software”) only as authorized in these Terms and Conditions. The Software is
licensed for Purchaser's internal use and the Software or any derivative or by-product of the Software may not be
used by, sub-licensed, re-sold, rented or distributed to any other party. Purchaser agrees that Purchaser will not
assign, sublicense, transfer, pledge, lease, rent, or share Purchaser's rights under these Terms and Conditions.
Purchaser shall not copy, modify, reverse assemble, reverse engineer, reverse compile, or otherwise translate all or
any portions of the Software. The Software and the Documentation are proprietary to Expand and are protected
under U.S. and international copyright, trademark, trade secret and patent laws. All right, title, and interest in and to
the Software, including associated intellectual property rights, are and shall remain with Expand.
R ev isi o n 2. 0
414
C h ap t er G :
Limitation of Liability
In no event shall Expand be liable for loss of profits, indirect, special, incidental, or consequential damages
(including, without limitation, loss of use, income or profits, losses sustained as a result of personal injury or death,
or loss of or damage to property including, but not limited to, property handled or processed by the use or
application of the products) arising out of any breach of these Terms and Conditions or obligations under these
Terms and Conditions. Expand shall not be liable for any damages caused by delay in delivery, installation, or
furnishing of the Products hereunder. No action arising out of any claimed breach of these Terms and Conditions
or transactions under these Terms and Conditions may be brought by either party more than two years after the
cause of action has accrued. Expand's liability under these Terms and Conditions shall in no event exceed the
purchase price of the Products.
Default
The failure of the Purchaser to perform its obligations under these Terms and Conditions including but not limited
to payment in full of the purchase price for the Products, or the filing of any voluntary or involuntary petition under
the Bankruptcy Code, insolvency, assignment for the benefit of creditors, or liquidation of the Purchaser's business
shall constitute a default under these Terms and Conditions and shall afford Expand all the remedies of a secured
party under the Uniform Commercial Code. In the event of default, Expand may, with or without demand or notice
to Purchaser, declare the entire unpaid amount immediately due and payable, enter the premises where the
Products is located and remove it, and sell any or all the Products as permitted under applicable law. Expand may,
in addition to any other remedies which Expand may have, refuse to provide service on the Products under any
applicable maintenance agreement relating to the Products then in effect between the parties at the time of the
default.
Indemnity
Expand shall defend or settle any suit or proceeding brought against Purchaser based on a claim that Products
sold hereunder constitutes an infringement of any existing United States patent, copyright or trade secret providing
that Expand is notified promptly in writing and is given complete authority and information required for the defense.
Expand shall pay all damages and costs awarded against Purchaser, but shall not be responsible for any cost,
expense or compromise incurred or made by Purchaser without Expand's prior written consent. If any Products is
in the opinion of Expand likely to or does become the subject of a claim for patent infringement, Expand may, at
its sole option, procure for the Purchaser the right to continue using the Products or modify it to become noninfringing. If Expand is not reasonably able to modify or otherwise secure the Purchaser the right to continue using
the Products, Expand shall remove the Products and refund the Purchaser the amounts paid in excess of a
reasonable rental for past use. Expand shall not be liable for any infringement or claim based upon use of the
Products in combination with other Products or with software not supplied by Expand or with modifications made
by the Purchaser.
General
Expand shall not be liable for Expand's failure to perform or for delay in performance of Expand's obligations
under these Terms and Conditions if such performance is prevented, hindered or delayed by reason of any cause
beyond the reasonable control of Expand. These Terms and Conditions and the rights and duties hereunder shall
not be assignable by either party hereto except upon written consent of the other. Purchaser agrees to pay to
Expand any reasonable attorney's fees and other costs and expenses incurred by Expand in connection with the
enforcement of these Terms and Conditions. These Terms and Conditions and performance hereunder shall be
Ter m s an d C o nd it i on s o f S al e
415
governed by and construed in accordance with the laws of the State of New York. Each party acknowledges that it
has read, fully understands and agrees to be bound by these Terms and Conditions, and further agrees that it is
the complete and exclusive statement of the agreement between the parties, which supersedes and merges all
prior proposals, understandings and all other agreements, oral and written, between the parties relating to the
subject matter of these Terms and Conditions. These Terms and Conditions may not be modified or altered except
by a written instrument duly executed by both parties. If any provision of these Terms and Conditions shall be held
to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall in no
way be affected or impaired thereby. The failure of either party to exercise in any respect any right provided for
herein shall not be deemed a waiver of any right hereunder.
Open Source Provisions
The Software is accompanied by the following third party products: JfreeChart (Copyright 2000-2004, by Object
Refinery Limited. All rights reserved), Cewolf, and JBoss, which are subject to the GNU Lesser General Public
License (the “LGPL”), as published by the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA (or found at http://jasperreports.sourceforge.net/license.html#lgpl), and the following terms:
Expand agrees, upon request to provide, at the cost of distribution only, a complete machine-readable copy of the
source code for JfreeChart, Cewolf, or JBoss software. This offer is valid for three (3) years from installation of the
Software.
The Software is accompanied by the following third party product: Apache Copyright © 1999-2004, The Apache
Software Foundation, which is subject to the Apache License Version 2.0 (found at www.apache.org/licenses/
LICENSE-2.0).
The Software is accompanied by the following third party product: TouchGraph Software: (Copyright ©2001-2002
Alexander Shapiro. All rights reserved) developed by TouchGraph LLC (http://www.touchgraph.com/), which is
subject to the TouchGraph LLC. Apache-Style Software License.
The Software is accompanied by the following third party product: JavaMail, which is subject to the following terms:
Copyright 1994-2004 Sun Microsystems, Inc. All Rights Reserved
Neither the name of Sun Microsystems, Inc. or the names of contributors may be used to endorse or promote
products derived from this software without specific prior written permission.
This software is provided “AS IS,” without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN
MICROSYSTEMS, INC. (“SUN”) AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES
SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR
ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE
DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE
USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES.
You acknowledge that this software is not designed, licensed or intended for use in the design, construction,
operation or maintenance of any nuclear facility.
The Software is accompanied by the following third party product: AdventNet SNMP API 4 (Release 4.0.0), which is
subject to the following terms: Copyright (c) 1996-2002 AdventNet, Inc. All Rights Reserved. This software may not
be distributed in any modified form without the prior consent from AdventNet, Inc.
R ev isi o n 2. 0
416
C h ap t er G :
Chapter H: Command Line Interface
This chapter lists and describes the commands that you can use with the
Command Line Interface (CLI). Unless noted, the commands herein may also be
configured using the WebUI and are referenced accordingly. This chapter is built
hierarchically, based on the tree created in the CLI. For a alphabetical listing of
commands, see the CLI index.
Topics in this chapter include:
Understanding the CLI Configuration
Getting Started
Performing Basic Setup
Customizing the CLI
Configuration Commands
Configuring WAFS
Configuring Security
Technical Support Information
418
C h ap t er H: Command Line Interface
Understanding the CLI Configuration
The Accelerator CLI enables complete configuration of the Accelerator, including
basic and advanced configuration via a Command Line Interface (CLI). Use of the
CLI is for experts and technicians familiar with CLI configuration that you will see
and use with a typical router or switch.
Command conventions are displayed in tables as shown:
Command
Description
Parameters
Example with Syntax
Th e co m m an d as s ee n on th e
sc r e en w il l be h er e
A description of the command here
Any parameters or accepted values here
An example wi t h parameters h er e
In the table you will note that the commands as shown on the screen
are in a regular Courier font. Items that you need to enter are
shown in a Courier boldface font.
Variables for which you supply values are in italic font.
The following conventions are used in examples:
Examples that contain system prompts denote interactive sessions,
indicating that you enter commands at the prompt. The ()# prompt
indicates the current command mode. For example, the following
prompt indicates global configuration mode:
Acc1(config)#
Nonprinting characters, are in angle brackets < >.
Understanding Command Modes
This section describes the Accelerator’s CLI command mode structure. Each
command mode supports specific commands. For example, the bypass enable
command is used only in configuration mode.
Use the following command modes when configuring the scenarios described in
this document:
Un d er s tan d in g t he C L I C o nf ig u r a ti on
419
Basic CLI Procedures
You have to enter only enough characters for the Accelerator to recognize the
command as unique, as described in detail below. For example, the following string
is enough for the Accelerator to recognize the show startup configuration command:
Acc1# show startup config
To get help in a terminal session:
1. You can use the question mark (?) and arrow keys to help you enter commands.
2. For a list of available commands under each command, enter a question mark.
For example:
Acc1(config)#?
To complete a command:
To complete a command, enter a few known characters followed by a tab. The
CLI will fill in the missing letters For example if you type and press the Tab key:
Acc1(config)#sh
By pressing the Tab key, the CLI will fill in the following:
Acc1(config)#show
To get a list of acceptable commands or values:
For a list of command variables, enter the command followed by a space and a
question mark for example:
Acc1(config)# show ?
To redisplay a command previously entered:
To redisplay a command you previously entered, press the up-arrow key. You
can continue to press the up arrow key earlier entered commands.
R ev isi o n 2. 0
420
Getting Started
Secure Shell (SSH) is an application program that provides authentication and
encryption capabilities for secure Internet communications. This lets you log in to
the Accelerator via SSH, if SSH is installed.
The Accelerator supports accessing the CLI via SSH, as follows.
To log into the Accelerator via SSH:
In the Accelerator’s CLI, type the command ssh followed by the Accelerator’s IP address.
Li ce ns in g t he A cc ele ra to r
Licensing the Accelerator
421
Licensing the Accelerator is accomplished by logging into the Accelerator via the
enable mode by using the show licensing command, as shown in "Displaying
the Licensing State of a Specific Accelerator", on page 422. When the Accelerator
license has expired, or if the Accelerator was installed but its license was not yet
activated, the Accelerator’s status is Active, meaning: it would pass the data but not
accelerate it (Work in pass-through mode), as shown below:
Acc30_6(config)# show interface link summary
Link
Destination
IP Address
1
non
28.0.214.6
N/A
Link
Status
Description
Bandwidth
L-28.0.214.6
2000
N/A |
active
non-link
100000
N/A |
active
To move the Accelerator to accelerating status:
1. Activate the refresh acceleration command, as follows:
Acc30_6(config)# interface link 1 refresh-acceleration
2. Afterwards, the Accelerator will start accelerating the traffic passing through it, as
shown below:
Acc30_6(config)# show interface link summary
Link
Destination
IP Address
1
non
28.0.214.6
N/A
Description
Bandwidth
Link Status
L-28.0.214.6
2000
N/A |
accelerating
non-link
100000
N/A |
virtual
To activate the license key:
1. Enter the comand string that is shown in the table below:
Command
Description
ACC1(config)#ac t iv a te -l i ce ns e ke y
[valid license key number]
Enters the valid license key into the Accelerator. [Mandatory]
R ev isi o n 2. 0
422
Parameters
Example
with Syntax
Enter a valid license key that was supplied to you from <Default ¬¹
Font>Expand Networks<Default ¬¹ Font>. If you do not have a
valid license key contact <Default ¬¹ Font>Expand
Networks<Default ¬¹ Font> technical support.
ACC1(config)#a ct i va te - li ce n se ke y
valid license key number
Displaying the Licensing State of a
Specific Accelerator
To display the licensing state:
Enter the comand string that is shown in the table below:
Command
AC C 1( c on fi g )# sh o w l ic en s in g
Description
Lets you view the entire details of Accelerator’s licensing state,
such as the licensed features and the maximum possible links.
Parameters
No additional parameters are required.
Example
with Syntax
AC C 1( c on fi g )# sh o w l ic en s in g
Performing Basic Setup
Pe rfor mi ng Ba sic Se tup
423
The configuration options contained in this section include:
Viewing the Basic Configuration, on page 423
Logging into the Accelerator, on page 424
Setting Addresses, on page 425
Setting the Deployment Type, on page 427
Setting a Device Name, on page 427
Working with Remote Devices, on page 428
Configuring Subnets, on page 430
Saving/Uploading the Basic Configuration, on page 433
The Basic Accelerator CLI Configuration needed to get the Accelerator up and
running consists of setting the following parameters:
License key—Licensing the Accelerator, on page 421.
IP address/subnet mask—Setting Addresses, on page 425.
IP default gateway—Setting a Default Gateway, on page 426.
Hostname—Setting a Device Name, on page 427.
Deployment—Setting the Deployment Type, on page 427.
Link destination—Setting the Remote Device, on page 428 and Setting
the IP Address of the Remote Device, on page 429.
Link bandwidth—Setting the Bandwidth to a Remote Device, on
page 429.
Viewing the Basic Configuration
To view the basic configuration settings:
Command
ACC1(config)#sh o w r un ni n g- co n fi g
Description
Displays the configuration that was set to the Accelerator. This is
optional
Parameters
No additional parameters
Example
with Syntax
ACC1(config)#sh o w r un ni n g- co n fi g
Version: v6.1 (0) (Build 5.29)
R ev isi o n 2. 0
424
login: expand
Password: Expand
Version: v6.1.2
accelerator> enable
accelerator# configure terminal
accelerator(config)# activate-license key ENX1-FUXF-HBJ2K3Y6
License successfully activated.
The new License state is:
Feature License Time Left
------- ------- --------Bandwidth Allowance 45 Mbps Unlimited
Last loaded license key: ENX1-FUXF-HBJ2-K3Y6
accelerator(config)# interface local
accelerator(local interface)# hostname ACC1
ACC1(local interface)# ip address 10.1.0.6 255.255.0.0
ACC1(local interface)#ip default-gateway 10.1.0.1
ACC1(local interface)#deployment onpath
ACC1(local interface)#exit
ACC1(config)#wan default
ACC1(wan)#bandwidth 256 kbps
ACC1(wan)#exit
ACC1(config)#interface link
ACC1(LINK)#link destination 10.2.0.6
ACC1(LINK)#bandwidth 128
ACC1(LINK)#encapsulation transparent
ACC1(LINK)#exit
ACC1(config)#write
ACC1(config)show running-config
Logging into the Accelerator
Logging into the Accelerator is accomplished in a series of steps.
425
When accessing the Accelerator from the CLI, at the login prompt, enter your user
name and password. The default user name is expand (case sensitive), and the
default password is Expand (case sensitive).
Command
l o g in :
P a s sw o r d
Description
Logs you into the CLI
Parameters
Example with Syntax
Both login and password are case sensititve
l o g in : e xp a n d
P a s sw o r d: E x pa n d
Logging out of the Accelerator
At any point you can use the Exit command to log out of the Accelerator. The Exit
command exits each level of the CLI hierarchy one at a time, so you may need to
use the Exit command a number of times to leave the Accelerator session.
Command
exit
Description
Logs you into the CLI
Parameters
Example with Syntax
Both login and password are case sensititve
exit
Setting Addresses
There are a few addresses you must set in order to set-up the Accelerator. They
include:
Setting the IP Address and Subnet Mask, on page 425
Setting a Default Gateway, on page 426
Setting a Secondary IP Address, on page 426
Setting the IP Address and Subnet Mask
i
NOTE: When executing the ‘no’ command for primary IP address, the IP
address reverts to the AcceleratorOS ‘ default IP address - 10.0.99.99/24.
To set the IP address and Subnet Mask:
Enter the following command as shown in the table:
R ev isi o n 2. 0
426
ACC1(local interface)#IP
address x.x.x.x x.x.x.x
or
Command
address x.x.x.x/x
Description
Sets an IP address and subnet mask for the
Accelerator.
You can add the parameter secondary after the
command, to set this IP address as the
Accelerator’s secondary IP address.
Parameters
Valid IP address must be supplied
Example with Syntax
address 10.0.99.99/24
Setting a Default Gateway
To set the default gateway:
Enter the following command as shown in the table:
AC C1 (l oc al
i nt er fa ce )# ip d e fa ul t -
Command
g at e wa y
Description
Sets a default gateway for the Accelerator.
Parameters
Example with Syntax
AC C1 (l oc al
i nt er fa ce )# ip d e fa ul t g at e wa y 10.0.99.99/24
Setting a Secondary IP Address
To set a secondary IP address:
ACC1(local interface)#i p a d dr es s
x.x.x.x/xx secondary
Command
Description
Sets a secondary IP for the Accelerator.
Parameters
Example
with Syntax
427
ACC1(local interface)#IP address
10.0.99.99/22 secondary
Setting the Deployment Type
To set the deployment type:
Command
ACC1(local interface)#de p lo ym e nt
Description
Set the deployment type to On-Path or On-LAN..
Parameters
Choose the way you want to deploy the Accelerartor. This is
dictated by the way you set-up the Accelerator. For infomation
about On Path deployment see, See "On-Path", on page 14. For
information about On-LAN deployment, see See "On-LAN", on
page 14.
Example
with Syntax
ACC1(local
interface)#deployment[onpath]
Setting Routing Strategy
To set the deployment type:
Command
ACC1(local interface)#ro u ti ng s t ra t eg y
Description
Set the routing strategy to On-Path or On-LAN.
If you select bridge-route, the Accelerator transfers the packets in
Layer-2, regardless of the routing tables. This routing strategy is
carried out only in On-Path deployment, on non-link and local
traffic.
Parameters
auto for automatic, bridge-route for layer 2 (on-path only) and
routing-only for
Example
with Syntax
ACC1(local interface)#ro u ti ng s t ra t eg y [ auto]
Setting a Device Name
To set the device name:
R ev isi o n 2. 0
428
ACC1(local interface)#h os tn a me
Command
Description
Sets a name for the Accelerator. Changing the hostname will affect the
prompt (in the Example, the hostname set is ACC1). The hostname
can be up to 60 characters, and cannot contain spaces or special
characters.
You can also set the hostname from the conf mode.
Parameters
Enter up to a 60 character string with no spaces or special characters.
Example
with Syntax
ACC1(local interface)#h os t na me [ ACC1]
Setting the Default WAN Bandwidth
To set the default WAN Bandwidth:
Command
ACC1(config)#w an de fa u lt
ACC1(wan)#b an d wi dt h
Description
Set the precise bandwidth (in Kbps) of the WAN. 0 is not a valid
bandwidth.
Parameters
A number in Kbps larger than 0 and smaller than 1000000
Example
with Syntax
ACC1(config)#w an de fa u lt
ACC1(wan)#b an d wi dt h 10000
Working with Remote Devices
Commands within this section include:
Setting
Setting
Setting
Setting
Setting
the
the
the
the
the
Remote Device, on page 428
IP Address of the Remote Device, on page 429
Bandwidth to a Remote Device, on page 429
Link to Work with IPcomp, on page 429
Link to Work with Router Transparency, on page 430
Setting the Remote Device
To set the remote device:
Command
ACC1(config)#in t er f ac e l in k
Description
Creates a link to the remote Accelerator.
Parameters
No additional parameters necessary.
Example
with Syntax
429
A CC 1(c on fi g) # interface link
Setting the IP Address of the Remote Device
To set the IP Address of the remote device:
Command
ACC1(link)#l in k d es ti n at i on
Description
Lets you enter the IP address of the remote device.
Parameters
Valid IP address.
Example
with Syntax
ACC1(link)#l in k d es ti n at i on
100.125.125.2
Setting the Bandwidth to a Remote Device
To set the bandwidth to the remote device:
Command
ACC1(link)#b an dw i dt h number
Description
Set the precise bandwidth (in Kbps) of the WAN. 0 is not valid.
Parameters
1-1,000,000 Kbps
Example
with Syntax
ACC1(link)#b an dw i dt h number 50000
Setting the Link to Work with IPcomp
To set the link to work with IPcomp Encapsulation:
Command
Description
ACC1(link)#e nc ap s ul at i on ip -c o mp
Sets the link to work with ipcomp encapsulation.
R ev isi o n 2. 0
430
Parameters
Example
with Syntax
ACC1(link)#e nc a ps ul a ti on ip - co mp
Setting the Link to Work with Router
Transparency
i
i
NOTE: Once the link parameters have been modified, saving the parameters
requries you to exit the link mode. If after changing the requested parameters
you press Cancel instead of Exit, the parameters are not saved
NOTE: Encapsulation settings can be asymmetric. This means that you can set
one Accelerator to Router Transparency while setting the other Accelerator to
IPComp in the opposite direction. This is useful when RTM mode is desired and
one of the Accelerators is On-LAN and the other is On-Path. However,
IPCOMP encapsulation will not function if the IPCOMP protocol is blocked by a
firewall. Therefore, ensure that the IPCOMP protocol is not blocked before
selecting either IPCOMP or RTM encapsulation.
To set the link to work with Router Transparency:
Command
ACC1(link)#e nc a ps ul a ti on
tr a ns pa r en t [ Op t io na l ]
Description
Sets the link to work in router transparent mode. This setting is
optional
Parameters
Example
with Syntax
ACC1(link)#e nc a ps ul a ti on
tr a ns pa r en t
Configuring Subnets
This section describes subnet configuration and management.
The secion includes the following commands:
Adding a Subnet, on page 431
Advertising a Subnet and Adding a Metric, on page 431
Deleting a Subnet, on page 431
Excluding a Subnet from an Interface, on page 432
Viewing subnets, on page 432
431
Configuring Subnets, on page 432
Adding a Subnet
To add a subnet:
ACC1(SUBNETS)#ne t wo r k
Command
Description
Adds a subnet
Parameters
Enter a valid IP address for the subnet, followed by the subnet
mask.
ACC1(SUBNETS)#ne t wo r k 125.125.2.5
101.120.15.2
Example
with Syntax
Advertising a Subnet and Adding a Metric
To advertise a subnet and add a metric:
ACC1(SUBNETS)#ad v er t is e o r no t a d ve r ti se x. x. x .x x. x. x .x |
m e tr i c [number]
Command
Description
Sets the subnet to be advertised or not advertised (can optionally
add the subnet mask). Adds a metric value to the subnet.
Parameters
Choose advertise to advertise the subnet and not-advertise to not
advertise it.
ACC1(SUBNETS)#advertise 10.0.99.99/
24 | metric [ 10]
Example
with Syntax
Deleting a Subnet
To delete a subnet:
Command
ACC1(SUBNETS)#n o n et w or k x .x . x. x
Description
Deletes the subnet (can optionally add the subnet mask).
Parameters
Enter the IP address od the subnet
R ev isi o n 2. 0
432
ACC1(SUBNETS)#no n e tw or k 10.0.99.99
Example
with Syntax
Excluding a Subnet from an Interface
To exclude a subnet:
AC C 1( SU B NE T S) # exit
AC C 1( co n fi g )# interface link
Command
ACC1(LINK)#su bn e t e xc lu d e x. x .x . x
x .x . x. x
Description
Excludes the subnet from the interface.
Parameters
Enter the IP address od the subnet
ACC1(SUBNETS)#no n e tw or k 10.0.99.99
Example
with Syntax
Viewing subnets
To view a subnet:
ACC1(SUBNETS)#sh ow
Command
Description
Displays the configured subnet.
Parameters
Example
with Syntax
ACC1(SUBNETS)#sh ow
Configuring Subnets
To configure a subnet:
Command
ACC1(link)#li nk so u rc e [ pr im a ry ]
[ x. x .x .x ]
Description
This command lets you define a link source. The valid link source
IPs are as follows: Primary IP, Secondary IP, VLAN IP, HSRP IP and
VRRP IP.
Parameters
Use only a valid IP addresss
Example
with Syntax
433
ACC1(link)#l i nk s o ur c e [p r im ar y ]
[ 10.0.99.99]
Saving/Uploading the Basic
Configuration
To save the configuration:
Command
ACC1(config)#w r it e
Description
Saves the basic configuration as the startup configuration.
[Mandatory]
Parameters
Example
with Syntax
ACC1(config)#w r it e
R ev isi o n 2. 0
434
Customizing the CLI
You can customize the CLI banner for your viewing pleasure.
The standard banner appears as follows:
Connected to 10.0.32.99...
Version v6.1.2 (Build3.53)
Creating a Custom Banner
You can customize the following fields, which can be displayed as part of the
banner:
Name, Title, URL, Label, Label LTD., Product Name, Extranet, Product ID, Series,
Serial Number, Software Version, Time and Date.
To customize the fields:
1. Create a text file called banner.txt and save it in /user_area by using the CLI
command:
copy <ftp/scp/tftp/http/sftp> <[path]/banner.txt>
2. In the body of the text file, use the following variables to set the desired values:
i
NOTE: Each variable must be preceded by a $ sign.
The default banner is:
"$ OE M _P R OD _N A ME , A cc e le ra t or $ S ER IE S S e ri es ”
“ $S OF T WA R E_ VE R SI ON ”
“ ” (e m pt y -l in e )
$OEM_NAME (for example: “expand”)
$OEM_NAME_TITLE (for example: “<Default ¬¹
Font>Expand<Default ¬¹ Font>”)
$OEM_URL (“www.expand.com”)
$OEM_LABEL (“<Default ¬¹ Font>Expand Networks<Default ¬¹
Font>”)
$OEM_LABEL_LTD (“Expand Networks LTD.”)
$OEM_PROD_NAME (“AcceleratorOS”)
Cu st o m iz in g t h e C L I
435
$OEM_EXTRANET (“extranet.expand.com”)
$PRODUCT_ID (“4820”)
$SERIES (“4800”)
$SERIAL_NUMBER (“0030.0257.0005”)
$SOFTWARE_VERSION (“Version v5.0(7) (Build1.03)”)
$TIME = hh:mm:ss (24-hour format)
$DATE = DD-MMM-YYYY (the day-of-month “DD” is two-digit
number, with leading '0' if needed).
3. Proceed to the next section to apply the banner.
Applying the Banner
To apply the banner:
Command
ACC1(config)#b a nn er ap p ly
Description
Causes the CLI to use the uploaded banner.
Parameters
Example
with Syntax
ACC1(config)#b a nn er ap p ly
R ev isi o n 2. 0
436
Configuration Commands
The following sections are configurable in this section:
Entering Configuration Mode
Accessing Configuration Options
Configuring OSPF
Configuring Router Polling
Configuring RIP
Configuring WCCP
Configuring Core Allocation
Using the SNTP Server
Configuring WEB Acceleration
Configuring Ethernet Display
Enabling NetFlow
Configuring QoS
Managing Aggregation Classes
Configuring ARP
Additional Configurations
Defining Link Settings
Configuring Expand View Settings
Configuring SNMP
Configuring the Log
Creating Log Archives
Using Configuration Tools
Enabling Accdump Files
Entering Configuration Mode
To make any configuration changes to your Accelerator, you must be in
configuration mode. This section describes how to enter configuration mode while
using a terminal or PC that is connected to your router CONSOLE port.
To enter the configutation mode:
Co n fi g ura t io n Co m m an d s
437
ac ce l er at o r> e na bl e [ Ma n da t or y]
Command
Description
Enters enable mode. This is necessary for beginning work with the
Accelerator. Once you have entered Enable mode, the prompt at the
end of the command line changes from > to #
Parameters
Example
with Syntax
ac ce l er at o r> enable
Enable mode is indicated by the # in the prompt. You can now carry out various
operations in the system, such as deleting data, printing and sending messages.
2. Enter the configure command to enter configuration mode, indicated by the
(config)# in the prompt:
Acc1# configure
Acc1(config)#
You can now make changes to the Accelerator configuration.
Accessing Configuration Options
To access configuration options:
1. Run your terminal-based application, configuring it as follows:
Baud rate: 9600 bps
Parity: none
Data bits: 8
Stop bits: 1
2. Connect to AcceleratorOS Command Line Interface (CLI). Press <Enter> several
times until the Accelerator prompt is displayed:
accelerator>.
3. Type enable, and press <Enter> to enter the privilege mode (privilege mode 15
enables complete configuration).
4. A # symbol at the end of the prompt indicates that configuration options are
enabled, as shown below.
accelerator>enable
R ev isi o n 2. 0
438
i
accelerator#.
NOTE: A > symbol at the end of the accelerator prompt indicates that
configuration options are disabled. When configuring the Accelerator via a
networked Telnet session, you will be prompted to enter a user name and
password. The default user name is expand, the password is Expand (both
case sensitive). It is recommended that you change the password. For further
information, see section See "Logging into the Accelerator", on page 447.
5. In Enable mode, type configure terminal, and press <Enter>. The
accelerator prompt is now followed by (config), indicating that AcceleratorOS is
now in Primary Configuration mode, as shown below:
accelerator #configure terminal
accelerator (config)#.
Alias Management
Displays and manages virtual server aliasing. The following options are available:
Showing Alias Information, on page 438.
Changing/Deleting Alias Prefix, on page 439.
Showing Virtual Server’s Alias Information, on page 439.
Adding an Alias to a Virtual Server, on page 439.
Deleting a Virtual Server’s Alias, on page 440.
Showing Alias Information
Displays alias information and manages prefix/suffix for exported names.
To show Alias information:
{hostname}:filecontroller0#alias
[show]
Command
Description
Shows alias information
Parameters
Example
with Syntax
[show]
439
Changing/Deleting Alias Prefix
To delete the alias prefix:
Command
set/delete prefix {prefix}
Description
Changes/removes prefix for all exported aliases.
Parameters
Example
with Syntax
set/delete prefix {prefix}
Showing Virtual Server’s Alias Information
To show the virtual server ’s alias:
Command
map [list]
Description
Shows virtual servers alias information
Parameters
Example
with Syntax
map [list]
Adding an Alias to a Virtual Server
To add an alias to a virtual server:
Command
map add {VSERVER} {ALIAS}
Description
Adds an alias to a virtual server.
Parameters
Example
with Syntax
map add {VSERVER} {ALIAS}
R ev isi o n 2. 0
440
Deleting a Virtual Server’s Alias
To delete an alias from a virtual server:
map delete {ALIAS}
Command
Description
Deletes a virtual server alias.
Parameters
map delete {ALIAS}
Example
with Syntax
Configuring OSPF
The following options are available:
Enabling OSPF, on page 440
Setting area ID, on page 441
Enabling Authentication, on page 441
Setting the Locality Metric, on page 441
Setting Networks, on page 442
Setting an Authentication Key, on page 442
Setting Neighbors, on page 442
Viewing OSPF Configuration, on page 443
Enabling OSPF
To enable OSPF:
ACC1(config)#ro ut e r os p f
AC C1 (c on fi g- os pf )# ospf-mode
Command
Description
Enables OSPF on the Accelerator
Parameters
enable to enable, disable to disable.
Example
with Syntax
ACC1(config)#ro ut e r os p f
AC C1 (c on fi g- os pf )# ospf-mode
enable
441
Setting area ID
To set the area ID:
Command
ACC1(config-ospf)#a r ea n u mb er or
(x.x.x.x)
Description
Sets the Area ID for the OSPF group, either as a decimal value or in
IP address format
Parameters
Enter a valid IP address
Example
with Syntax
ACC1(config-ospf)#a r ea n u mb er or
120.129.23.3
Enabling Authentication
To enable authentication:
Command
ACC1(config-ospf)# a ut h en t ic at i on m od e e na bl e /d i sa bl e /M D5
Description
Sets the Accelerator to require a password to work with other OSPF
devices.
Authentication mode enables MD5 encrypted authentication.
Parameters
Enable to enable, disable to disable
Example
with Syntax
ACC1(config-ospf)# a ut h en t ic at i on m od e e na bl e
Setting the Locality Metric
To set the locality metric:
ACC1(config-ospf)# h ig h l o ca li t yCommand
m et ri c [number] lo w l oc a li t y- me t ri c
[number]
Description
These two different commands determine a range of subnets to be
advertised. If a subnet is between the high value and the low value,
it should be advertised
Parameters
Enter a high locality metric and a low locality metric. Make sure that
the high locality metric is a larger number then the low.
R ev isi o n 2. 0
442
ACC1(config-ospf)# h i gh lo ca l it ym et r ic [ 10] l ow l o ca li t y- m et ri c
[ 5]
Example
with Syntax
Setting Networks
To set the network:
ACC1(config-ospf)# network (ip address)
x.x.x.x (subnet mask) x.x.x.x
Command
Description
Sets the networks that the Accelerator broadcasts to its OSPF
neighbors.
Parameters
AC C1 (c on fi g- os pf )# network ( i p
add ress) 1 00.100. 50.5
Example
with Syntax
Setting an Authentication Key
To set the authentication key:
ACC1(config-ospf)# a u t h e n t i c a t i o n - k e y string
Command
Description
Sets a non-encrypted authentication password for the Accelerator.
Parameters
AC C1 (c on fi g- os pf )#
Example
with Syntax
a ut h en ti c at i on -k e y st ri ng
Setting Neighbors
To set the neighbor:
ACC1(config-ospf)# n e i g h b o r x . x . x . x
Command
Description
Defines an OSPF neighbor for the Accelerator via the IP address.
Parameters
Example
with Syntax
443
AA CC1 (c on fi g- os pf )# n ei g hb o r
1 00 .1 0 0. 10 . 3
Viewing OSPF Configuration
To view the OSPF Configuration:
Command
ACC1(config-ospf)# s h o w
Description
Displays OSPF settings.
Parameters
Example
with Syntax
AC C1( co nf ig -o sp f) # sh o w
Configuring Router Polling
Entering the Router Polling Menu Tree, on page 443
Setting Polling, on page 444
Setting Polling Protocols, on page 444
Setting Polling Interval, on page 444
Setting Polling Router, on page 445
Setting Router Polling SNMP Version, on page 445
Setting Router Polling SNMP Community, on page 445
Entering the Router Polling Menu Tree
To enter router polling menu tree:
Command
ACC1(config)# r o u t e r - p o l l i n g
Description
Enables the Accelerator to retrieve route rules from the router’s routing
table.
Parameters
Example
with Syntax
A CC 1(c on fi g) # ro u te r -p ol l in g
R ev isi o n 2. 0
444
Setting Polling
To enable router polling:
ACC1(config)# r ou t er -p o ll in g [e na b le
Command
| di s ab l e]
Description
Enables / disables router-polling.
Parameters
Enable to enable, disable to disables
A CC 1( co nf ig )# r ou te r -p o ll in g
Example
with Syntax
en ab l e
Setting Polling Protocols
To set polling protocols:
ACC1(router-polling)#p ol l [ protocol
Command
name(s)]
Description
Lists the protocols that can be polled.
Parameters
Enter a specific protocol name
A CC 1( ro ut er -p ol lin g) # p o ll [ p ro t o c o l
Example
with Syntax
n a m e ( s )]
Setting Polling Interval
To set polling intervals:
ACC1(router-polling)#p ol li n g-
Command
in te r va l
Description
Sets the frequency with which the router is polled (in seconds). Default
is 180 seconds
Parameters
Enter a frequency in seconds
Example
with Syntax
A CC 1( ro ut er -p ol lin g) # p o ll in g in te r va l 1 80
445
Setting Polling Router
To set the polling router:
Command
ACC1(router-polling)# ro u te r i p
( x.x.x.x)
Description
Sets the IP address of the router to be polled.
Parameters
Example
with Syntax
A CC 1(r ou te r- po ll in g) # ro u te r i p
( 1 0 0 . 1 0 0 . 5 0 . 5)
Setting Router Polling SNMP Version
To set a router polling SNMP version:
Command
ACC1(router-polling)#sn m p v er s io n [ 1
| 2c ]
Description
Sets the SNMP version to be used for polling the router.
Parameters
Enter the SNMP version
Example
with Syntax
A CC 1(r ou te r- po ll in g) # s nm p ve r si o n
[1]
Setting Router Polling SNMP Community
To set a router polling SNMP community:
Command
ACC1(router-polling)#sn m p co m mu ni t y
[ name]
Description
Sets the SNMP community to be used for polling the router.
Parameters
Enter the name of the SNMP community
Example
with Syntax
A CC 1(r ou te r- po ll in g) # p ol l in g i n te r va l 1 80
R ev isi o n 2. 0
446
Configuring RIP
Enabling RIP, on page 446
Enabling Authentication, on page 446
Setting an Authentication Key, on page 447
Setting Networks, on page 447
Setting Neighbors, on page 447
Setting RIP to Passive Mode, on page 448
Viewing RIP Configuration, on page 448
Enabling RIP
To enable RIP:
ACC1(config)#r ou t er r i p
ACC1(config-rip)#rip-mode e na bl e /
Command
di sa b le
Description
Enables RIP on the Accelerator
Parameters
ACC1(config)#r ou t er r i p
A CC 1( co nf ig -r ip )# rip-mode e na bl e
Example
with Syntax
Enabling Authentication
To enable authentication:
ACC1(config-rip)# a ut he n ti c at io n -
Command
mo de en a bl e/ d is ab l e/ M D5
Description
Sets the Accelerator to need a password to work with other RIP
devices.
authentication mode enables MD5 encrypted authentication.
Parameters
Example
with Syntax
A CC 1( co nf ig -r ip )# a ut he n ti ca t io n mo de en a bl e
447
Setting an Authentication Key
To set an authentication key:
Command
ACC1(config-rip)# a ut he n ti ca t io n -k ey
string
Description
Sets a non-encrypted authentication password for the Accelerator.
Parameters
Enter the name of the authentication key
Example
with Syntax
A CC 1(c on fi g- ri p) # au t he nt i ca t io nk e y st ri ng
Setting Networks
To set the network that the Accelerator broadcasts:
Command
A CC 1(c on fi g- ri p) # network (ip
address) x.x.x.x (subnet mask) x.x.x.x
Description
Sets the networks that the Accelerator broadcasts to its RIP neighbors.
Parameters
Enter a valid IP address and subnet mask
Example
with Syntax
A CC 1(c on fi g- ri p) # network (ip
address) x.x.x.x (subnet mask) x.x.x.x
Setting Neighbors
To set the RIP neighbor:
Command
ACC1(config-rip)# ne i gh bo r x . x. x. x
Description
Defines a RIP neighbor for the Accelerator via the IP address.
Parameters
Example
with Syntax
ACC1(config-rip)# ne i gh bo r x . x. x. x
R ev isi o n 2. 0
448
Setting RIP to Passive Mode
To set RIP to passive mode:
ACC1(config-rip)# p as si v e- m od e
Command
[e na b le | di s ab le ]
Description
Sets RIP to work in Passive mode.
Parameters
Enable to enable, Disable to disable
ACC1(config-rip)# p as si v e- m od e
Example
with Syntax
en ab l e
Viewing RIP Configuration
To view RIP Configuration:
ACC1(config-rip)# s ho w
Command
Description
Displays RIP settings
Parameters
No additional parameters required
Example
with Syntax
ACC1(config-rip)# s ho w
Configuring WCCP
Enabling WCCP, on page 449.
Activating WCCP, on page 449.
Displaying WCCP Mode, Services, and Routers Lists, on page 449.
Setting WCCP Authentication, on page 450.
Setting WCCP Priority, on page 450.
Setting WCCP Router IP, on page 451.
Setting WCCP TCP Service ID, on page 451.
Setting WCCP UDP Service ID, on page 451.
449
Enabling WCCP
Note that if you have multiple Accelerators deployed on your network the same
WCCP services should be enabled on each appliance.
To enable WCCP:
ACC1(config)#pa c ke t -i nt e rc ep t io n
Command
w c cp
Description
Enters WCCP configuration mode.
Parameters
ACC1(config)#pa c ke t -i nt e rc ep t io n
Example
with Syntax
w c cp
Activating WCCP
To Activate WCCP:
Command
ACC1(packet interception WCCP)#wc cp m o de [e na b le | di s ab le ]
Description
Activates/deactivates WCCP mode.
Parameters
Example
with Syntax
ACC1(packet interception WCCP)#wc cp m o de en ab l e
Displaying WCCP Mode, Services, and Routers
Lists
To view the WCCP mode and status:
Command
ACC1(packet interception WCCP)#sh ow
Description
Displays the status of the WCCP service (activated/deactivated) and
the services and routers’ lists.
Parameters
R ev isi o n 2. 0
450
ACC1(packet interception WCCP)#sh o w
Example
with Syntax
The status is shown as in the figure below.
Setting WCCP Authentication
To set the WCCP Authentication:
ACC1(packet interception
WCCP)#au th e nt ic a ti o n [n o ne |
Command
pa ss w or d word]
Description
Sets a password for WCCP authentication.
Parameters
None for no password, or enter a password string.
Example
with Syntax
WCCP)#au th e nt ic a ti o n pa s sw or d
Ex pa n d
Setting WCCP Priority
To set the WCCP priority:
Command
WCCP)#p r io ri t y [0-254]
Description
Sets the WCCP priority.
Parameters
Enter a number from 0-254
Example
with Syntax
451
WCCP)#p r io ri t y 1
Setting WCCP Router IP
To set the WCCP Router IP:
Command
ACC1(packet interception WCCP)#r ou t er i p [x.x.x.x]
Description
Sets the WCCP router IP address.
Parameters
Example
with Syntax
ACC1(packet interception WCCP)#r ou t er i p [x.x.x.x]
Setting WCCP TCP Service ID
To set the WCCP TCP service ID:
Command
ACC1(packet interception WCCP)#tc ps e rv i ce i d [ 51-99]
Description
Sets the WCCP TCP service ID.
Parameters
Enter a valid ID from 51-99
Example
with Syntax
ACC1(packet interception WCCP)#tc ps e rv i ce i d 6 0
Setting WCCP UDP Service ID
To set the WCCP UDP Service ID:
R ev isi o n 2. 0
452
ACC1(packet interception WCCP)#ud p -
Command
se rv i ce id [ 51-99]
Description
Sets the WCCP UDP service ID.
Parameters
Enter a valid ID from51-99
Example
with Syntax
ACC1(packet interception WCCP)#ud p se rv i ce id 6 5
Configuring Core Allocation
In some scenarios, the Topology-Size is not sufficient and optimizing the
Accelerator for the environment requires a more granular tuning. In such cases,
adjust the Core Allocation. The Accelerator’s memory is divided into cores, or
logical memory components used for acceleration. The larger the core allocated to
a link, the higher the acceleration.
The system allocates cores according to bandwidth settings. For more information
on CLI configuration,see "Performing Basic Setup"on page 445.
Core configuration is divided into resource-policy topology configuration and
greedy-threshold configuration. Resource-policy topology configures the number of
Accelerators on the network. Greedy Threshold sets the minimum number of
Accelerators that can connect and optimally share the available memory. Once this
number has been surpassed, the memory is equally divided according to the
number of Accelerators set in the deployment size, and each connected
Accelerator gets a percentage of the total memory for the complete deployment
(even if fewer Accelerators are actually installed). In deployments in which
bandwidth is asymmetric, you can tune core allocation to allocate larger cores for
higher bandwidth installations.
While you can set topology-size via the WebUI (see section Defining Advanced
Settings, on page 30), setting greedy-threshold size is possible only via the CLI, as
follows:
To assign cores:
1. In the Accelerator’s CLI, in configuration mode, type core-allocation.
2. In core alloc mode, type greedy-threshold followed by the minimum
number of Accelerators to equally share memory, as follows:
ACC1(CORE ALLOC)# greedy-threshold [minimum number of Accelerators]
The default greedy-threshold size is 1.
453
To set the number of Accelerators in the network:
1. In the Accelerator’s CLI, in configuration mode, type core-allocation.
2. In core alloc mode, type resource-policy topology size followed by
the number of Accelerators in the network, as follows:
ACC1(CORE ALLOC)# resource-policy topology size [number of
Accelerators on the network]
The default resource-policy topology size value is 5
.
i
NOTE: After the core allocation is modified, it is recommended to reboot the
Accelerator.
Using the SNTP Server
Enabling the SNTP Server, on page 453.
Setting the Interval for Polling the SNTP Server for Time Updates, on
page 453.
Setting the SNTP Server’s IP Address, on page 454.
Enabling the SNTP Server
To enable the SNTP Server:
Command
ACC1(config)#SNTP e na b le /d i sa b le
Description
Enables the SNTP server.
Parameters
Example
with Syntax
ACC1(config)#SNTP e na b le
Setting the Interval for Polling the SNTP Server
for Time Updates
To set the interval for polling the SNTP server for time
updates:
R ev isi o n 2. 0
454
ACC1(config)#SNTP i n te rv a l h ou rs [ 1-
Command
24] | m in ut e s [ 1-1440]
Description
Polls the SNTP server for time updates by intervals set by this
command.
Parameters
Enter the time in hours from 1-1440
ACC1(config)#SNTP i n te rv a l h ou rs 24
Example
with Syntax
Setting the SNTP Server’s IP Address
To set the SNTP server ’s IP address:
ACC1(config)#SNTP s e rv er [x.x.x.x]
Command
Description
Enter IP address X.X.X.X as the address of the SNTP server.
Parameters
Example
with Syntax
ACC1(config)#SNTP s e rv er 100.100.10.5
Enabling DHCP Servers, on page 454.
Uploading the DHCP Configuration File, on page 455.
Reloading the DHCP Configuration File, on page 455.
Testing the DHCP Configuration File, on page 455.
Displaying the DHCP Status Information, on page 456.
Displaying the End Date of the DHCP Lease Period, on page 456.
Configuring an Accelerator to Carry out DHCP Relay, on page 457.
Enabling DHCP Servers
To enable the DHCP server:
Command
ACC1(config)#dh c p
ACC1(DHCP)#en a bl e /d is a bl e
Description
Enables or disables the DHCP Server. Enabling the Server requires
having a DHCP configuration file. If this file does not exist, you are
prompted to upload it. The DHCP configuration file should be in the
user_area, otherwise you have to use the copy command to copy it.
Alternatively, upload the DHCP configuration file via the WebUI, thereby
copying it directly to the user_area.
Parameters
Example
with Syntax
455
ACC1(config)#dh c p
A CC 1(D HC P) # enable
Uploading the DHCP Configuration File
To upload the DHCP configuration file:
Command
ACC1(DHCP)#up l oa d [path] [filename]
Description
Uploads the DHCP configuration file from the user_area.
Parameters
Enter a path and a file name.
Example
with Syntax
ACC1(DHCP)#up l oa d [path] [filename]
Reloading the DHCP Configuration File
To reload the DHCP configuration file:
Command
ACC1(DHCP)#re l oa d [path] [filename]
Description
Reloads the DHCP configuration file from the user_area, if you want to
update this file with changes you have made in it.
Parameters
Enter a valid path and filename
Example
with Syntax
ACC1(DHCP)#re l oa d [path] [filename]
Testing the DHCP Configuration File
To test the DHCP configuration file:
R ev isi o n 2. 0
456
ACC1(DHCP)#t es t [path] [filename]
Command
Description
Tests the syntax of the DHCP configuration file.
Parameters
Enter a valid path and file name
ACC1(DHCP)#t es t [path] [filename]
Example
with Syntax
Displaying the DHCP Status Information
To display the DHCP status:
ACC1(DHCP)#s ho w D HC P
Command
Description
Displays the DHCP status (enabled/disabled).
Parameters
ACC1(packet interception WCCP)#r ou t er -
Example
with Syntax
ip [x.x.x.x]
Displaying the End Date of the DHCP Lease
Period
To display the end date of the DHCP lease period:
ACC1(DHCP)#s ho w l ea s e [hostname] [IP
address]
Command
Description
Displays the end date of the DHCP lease server period.
Parameters
Example
with Syntax
ACC1(DHCP)#s ho w l ea s e [hostname] [IP
address]
457
Configuring an Accelerator to Carry out DHCP
Relay
Follow these steps to configure an Accelerator for functioning as a DHCP relay
agent:
1. Under Local Interface, enter IP helper address X.X.X.X as the address of the
DHCP server.
2. Enable DHCP agent under the local interface.
Once configured, the following output is displayed:
A DHCP relay agent may receive a client DHCP packet forwarded from a
BOOTP/DHCP relay agent closer to the client and may or may not already have a
DHCP relay agent option on it.
Following is a brief description of each dhcprelay option:
R ev isi o n 2. 0
458
Append - if the append flag is set, the relay agent appends an
agent option field to each request before forwarding it to the server.
Discard - discards all options sent by another DHCP relay.
Forward - forwards all options from another DHCP relay.
Replace - replaces the options sent by another DHCP relay with
options set on the Accelerator.
Drop-no-match - drops the options without counting the packets.
Max-length - this is the maximum length allowed.
Configuring WEB Acceleration
Some parameters common to both HTTP and FTP Acceleration are configurable
as follows:
Setting Web Acceleration, on page 458.
Displaying the End Date of the DHCP Lease Period, on page 458.
Clearing the Cache, on page 459.
Viewing Web Acceleration Parameters, on page 459.
Setting Web Acceleration
To enter the web acceleration configuration mode:
A CC 1 (c o nf ig ) # web-acceleration
Command
Description
Enters Web-Acceleration configuration mode
Parameters
No additional parameters needed
Example
with Syntax
A CC 1 (c o nf ig ) # web-acceleration
Displaying the End Date of the DHCP Lease
Period
To display the end date of the DHCP lease period:
459
ACC1(DHCP)#sh o w l ea se [hostname] [IP
address]
Command
Description
Displays the end date of the DHCP lease server period.
Parameters
ACC1(DHCP)#sh o w l ea se [hostname] [IP
address]
Example
with Syntax
Clearing the Cache
To clear the cache:
Command
A CC 1 (w eb - ac ce l er a ti on ) # cache clear
Description
Clears the HTTP and FTP caches.
Parameters
Example
with Syntax
A CC 1 (w eb - ac ce l er a ti on ) # cache clear
Viewing Web Acceleration Parameters
To view the web acceleration parameters:
Command
A CC 1 (w eb - ac ce l er a ti on ) # show
Description
Displays Web-Acceleration parameters.
Parameters
Example
with Syntax
A CC 1 (w eb - ac ce l er a ti on ) # show
The following configutations are available:
Enabling/Disabling HTTP Acceleration, on page 460
Configuring the Proxy Server IP and Port, on page 460
Specifying Directly Forwarded Requests, on page 461
R ev isi o n 2. 0
460
Preventing the Caching of Specific Pages, on page 462
Preserving the Client’s Original Source Port, on page 463
Configuring Transparency Support, on page 463
Setting the HTTP Port, on page 464
Setting Content to be Cached, on page 464
Setting the Cache Size, on page 464
Setting the Maximum Object Size, on page 465
Clearing the Cache, on page 465
Setting the Connection Timeout, on page 465
"Setting logs", on page 466.
Enabling/Disabling HTTP Acceleration
To enable or disable HTTP acceleration:
A CC 1 (h t tp -a c ce le r at i on )# http-
Command
acceleration [enable | disable]
Description
Enables/disables HTTP Acceleration. By default HTTP Acceleration is
disabled.
Parameters
Enable to enable, disable to disable.
Example
with Syntax
A CC 1 (h t tp -a c ce le r at i on )# httpacceleration [enable | disable]
Configuring the Proxy Server IP and Port
i
NOTE: After proxy was enabled, disabling DNS requires you to
disable proxy first.
To configure the proxy server IP and port:
A CC 1 (h t tp -a c ce le r at i on )# proxy
Command
outgoing host <proxy IP> <proxy
listening port>
A CC 1 (h t tp -a c ce le r at i on )# no proxy
listening port>
Description
Configures the proxy server IP and listening port. You should configure
this command only if DNS is configured.
Parameters
Enter a valid IP address and port
461
A CC 1 (h tt p -a cc e le r at io n )# proxy
Example
with Syntax
listening port>
A CC 1 (h tt p -a cc e le r at io n )# no proxy
listening port>
Specifying Directly Forwarded Requests
i
NOTE: You should configure this command only if proxy is configured.
i
NOTE: You can define multiple rules.
i
Follow these steps to configure proxy:
In Internet Explorer - Select Tools > Internet Options>Connections tab. In the bottom
section of this tab, click the LAN Settings button and use the Proxy server section of the
LAN Settings tab to configure a proxy server.
In Mozilla FireFox - Select Tools > Options>Connection>Connection Settings button. In
the Connection Settings dialog box, select the Manual proxy configuration button and use
the Proxy server section of the LAN Settings tab to configure a proxy server.
NOTE: Before configuring a rule direct regular expression, you must configure in the
client’s browser the same settings configured in the Accelerator.
For example: If you want to set a rule direct to all sites beginning with http://www.g4tv,
then in Internet Explorer select Tools > Internet Options> Connections>LAN Settings.
Select the checkbox Use a Proxy server for your LAN. Then, click the Advanced button
and in the Exceptions section of the Proxy Settings tab, indicate http://www.g4tv as the
beginning of an address for which proxy server will not be used.
In Mozilla Firefox, Select Tools > Options>Connection>Use Connection Settings button.
In the Connection Settings dialog box, type http://www.g4tv in the No proxy for field.
To specify a direct foward request:
R ev isi o n 2. 0
462
ACC1(http-acceleration)#rule direct
<url regex>
ACC1(http-acceleration)#no rule direct
Command
<url regex>
ACC1(http-acceleration)#show rule
direct <url regex>
Description
Defining a regular expression that is valid on a URL. For example: rule
direct avaya. When this rule is applied, all requests for the avaya URL
will be forwarded directly to the avaya server, without passing through
the proxy server.
Parameters
Enter a valid URL
A CC 1 (h t tp -a c ce le r at i on )# rule direct
Example
with Syntax
avaya
Preventing the Caching of Specific Pages
i
i
NOTE: The CLI does not allow regular expression using the following
characters: # ‘ “ ,. A message error will be displayed as a result of any attempt
to insert such a character.
NOTE: You should configure this command only if proxy is configured.
You can define multiple rules.
To prevent the caching of a specific page:
A CC 1 (h t tp -a c ce le r at i on )# r ul e n oca ch e < u rl r e ge x>
A CC 1 (h t tp -a c ce le r at i on )# n o ru l e no ca ch e < u rl r e ge x>
Command
A CC 1 (h t tp -a c ce le r at i on )# s ho w r ul e
no -c a ch e < ur l r eg e x>
Description
Setting a regular expression, valid on a URL, which defines that specific
pages will never be cached. When this rule is applied, upon any request
for these pages data will not be retrieved from the cache, and after
these pages were retrieved from the server they will not be cached.
Parameters
Enter a valid URL
Example
with Syntax
A CC 1 (h t tp -a c ce le r at i on )# r ul e n oca ch e http://www.anyurl.com
463
Preserving the Client’s Original Source Port
i
NOTE: Preserving the port may have bad implications on outgoing traffic from
the Web cache. On the other hand, you cannot activate the QoS mechanism
according to the source port, if the source port is not preserved.
To enable or diable the preservation of the client’s
source port:
A CC 1 (h tt p -a cc e le r at io n )# po r tt r an s pa re n cy [ e na b le | di sa b le ]
Command
Description
This command configures whether the Client's original source port will
be preserved. By default, port transparency is disabled.
Parameters
A CC 1 (h tt p -a cc e le r at io n )# po r tt r an s pa re n cy enable
Example
with Syntax
Configuring Transparency Support
To configure transparency support:
A CC 1( h tt p -a cc e le ra t io n )# transparency
Command
[auto | semi | full]
A CC 1( f tp - ac ce l er at i on ) # transparency
[auto | semi | full]
Description
This command configures the status of the interception proxy.
You can configure the interception proxy as transparent, thereby preventing the
detection of the proxy server’s IP address by sniffing). The following statuses
are possible:
Semi - applying transparency only on the Client side.
Full - applying transparency on both the Client and the server sides.
Auto - setting the transparency status automatically according to deployment,
namely: Semi in On-LAN deployment and Full in On-Path deployment.
Parameters
Semi, Full, or Auto as explained above.
Example
with Syntax
A CC 1( h tt p -a cc e le ra t io n )# transparency
full
A CC 1( f tp - ac ce l er at i on ) # transparency full
R ev isi o n 2. 0
464
Setting the HTTP Port
To configure the HTTP port:
AC C1 ( ht tp - ac c el er a ti on ) # port
[p o r t n u m b e r ]
Command
Description
Sets the default port on which HTTP traffic generally arrives. The
default is 80.
Parameters
Enter a valid port number
AC C1 ( ht tp - ac c el er a ti on ) # port 80
Example
with Syntax
Setting Content to be Cached
To set the content to be cached:
A C C1 (h t tp - ac ce l er at i on )# c ac h eco n te nt [e nt e rp ri s e | i nt er n et |
al l ]
Command
Description
Sets the type of content to be cached:
All caches all link, virtual link and non-link traffic.
Parameters
Enterprise, Internet or All, as described above.
A C C1 (h t tp - ac ce l er at i on )# c ac h eco n te nt all
Example
with Syntax
Setting the Cache Size
To set the cache size:
Command
A CC 1 (h tt p -a cc e le r at io n )# ca c he si ze [n u m b e r i n M B ]
Description
Sets the size of the cache (between 1 and 60 GB). Default is 16
GB.
Parameters
Enter a valid size (between 1-60 GB). Note that, Approximately
10 MB of RAM is needed for each 1 GB of data cached.
465
A CC 1( h tt p- a cc e le ra t io n) # ca c he s i ze 16
Example
with Syntax
Setting the Maximum Object Size
To set the maximum object size:
AC C1 ( ht t p- ac c el er a ti o n) #m a x
c ac h ed -o b je ct - si z e [n u mb er in
M B]
Command
Description
Sets the maximum size for objects stored in the cache. Default is
4096 KB.
Parameters
Enter a valid size (between 1-60 GB). Note that, Approximately
10 MB of RAM is needed for each 1 GB of data cached.
M B]
Example
with Syntax
Clearing the Cache
To clear the cache:
Command
AC C1 ( ht t p- ac c el er a ti o n) #c a ch e
c le a r
Description
Clears the HTTP Acceleration cache.
Parameters
No additional parameters needed.
Example
with Syntax
M B]
Setting the Connection Timeout
To set the connection timeout:
R ev isi o n 2. 0
466
Command
AC C 1( h tt pa cc e le r at io n )# co n ne c t- ti m eo ut
[ nu m be r ]
Description
Sets the amounts of time (in seconds, between 1 and 600) for a
client to remain connected with no traffic being cached. Default is
600 seconds.
Parameters
Enter the time ammount in seconds, as described above.
Example
with Syntax
AC C 1( h tt p- a cc el e ra t io n) # connect-
timeout 600
Setting logs
To set the log:
Command
AC C 1( h tt p- a cc el e ra t io n) #lo gl ev e l [ al er t | e r ro r | i n fo |
w ar n in g ]
Description
You can set the Accelerator’s log file to accumulate events that
occur in HTTP Acceleration. To set the type of alerts to be
accumulated, set the lowest level of alert to be logged. By default,
logging is disabled. When enabled, the default level is Error.
Parameters
Enter the time ammount in seconds, as described above.
Example
with Syntax
AC C 1( h tt p- a cc el e ra t io n) #lo gl ev e l error
This section includes the following options:
Enabling/Disabling FTP Acceleration, on page 467.
Setting Content to be Cached, on page 467.
Setting the Connection Timeout, on page 468.
Allocating Cache per a Specific User, on page 468.
Setting Minimal Value for the Cache Object Size, on page 468.
Enabling/disabling Unicode Display, on page 469.
Excluding Servers from Caching, on page 469.
Clearing the List of Excluded Servers, on page 470.
467
Enabling/Disabling FTP Acceleration
To enable or disable FTP acceleration:
AC C1 ( ft p -a cc e le ra t io n )# ft p a cc e le ra t io n [ en a bl e | d is a bl e]
Command
Description
Enables/disables FTP Acceleration. By default FTP Acceleration
is disabled.
Parameters
Enable to enable, Disable to disable.
AC C1 ( ft p -a cc e le ra t io n )# ft p a cc e le ra t io n d is a bl e
Example
with Syntax
Setting the Cache Size
Command
AC C1 ( ft p -a cc e le ra t io n )# ca c he s iz e [ nu m be r i n M B]
Description
Sets the size of the cache (between 1 and 60 GB). Default is 50
GB.
Approximately 360 KB + 8 MB of RAM is needed for each 1 GB
of data cached
Parameters
Enter a valid size as described above.
Example
with Syntax
AC C1 ( ft p -a cc e le ra t io n )# cache-
size 50
Setting Content to be Cached
To set the content to be cached:
Command
Description
AC C1 ( ft p -a cc e le ra t io n )# ca c he c on t en t [ e nt er p ri s e | in t er ne t |
a ll ]
Sets the type of content to be cached:
All caches all link, virtual link and non-link traffic.
R ev isi o n 2. 0
468
Parameters
Example
with Syntax
Enter a valid content type as described above.
AC C 1( f tp -a c ce le r at i on )# c ac he c on t en t a ll
Setting the Connection Timeout
To set the connection timeout:
Command
AC C 1( f tp -a c ce le r at i on )# c on ne c tt im e ou t [ nu m be r]
Description
Sets the amount of time (in seconds, between 1 and 600) for a
client to remain connected with no traffic being cached. Default is
60 seconds.
Parameters
Enter a valid time as described above.
Example
with Syntax
AC C 1( f tp -a c ce le r at i on )# c on ne c tt im e ou t 60
Allocating Cache per a Specific User
To allocate cache per specific user:
Command
AC C 1( f tp -a c ce le r at i on )# cacheper-user [enable | disable]
Description
Enables/disables the allocation of cache memory per a specific
user.
Parameters
Example
with Syntax
AC C 1( f tp -a c ce le r at i on )# cache-
per-user enable
Setting Minimal Value for the Cache Object Size
To set the minimal value for the cache object size:
Command
AC C1 ( ft p -a cc e le ra t io n )# mi n
K B]
Description
Lets you configure a minimal value for the objects stored in the
cache.
Parameters
Enter a number in KB that is smaller than the Max value.
Example
with Syntax
469
AC C1 ( ft p -a cc e le ra t io n )# mi n
c ac h ed -o b je ct - si z e 60
Enabling/disabling Unicode Display
To enable or disable unicode display:
Command
AC C1 ( ft p a cc e le ra t io n) #localization
[enable | disable]
Description
Lets you enable or disable the option to view files in languages
that require Unicode characters, such as Chinese.
Parameters
Example
with Syntax
AC C1 ( ft p a cc e le ra t io n) #localization enable
Excluding Servers from Caching
To exclude servers from caching:
Command
AC C1 ( ft p a cc e le ra t io n) # tr a ns pa r en cy
e xc l ud e [s o ur ce | d e st in a ti on |
W OR D | i p ]
Description
Excludes servers from caching, as defined by the following
parameters:
Source - source traffic direction
Destination - destination traffic direction
WORD - server name
IP - server IP or subnet
Parameters
Enter a valid parameter as described above.
R ev isi o n 2. 0
470
Example
with Syntax
AC C 1( f tp a cc e le r at io n )# tr a ns p ar en c y
e xc l ud e source
Clearing the List of Excluded Servers
To clear the list of excluded servers:
Command
e xc l ud e d- se r ve rs [c l ea r]
Description
Removes all servers from the list of excluded servers. This
command does not affect traffic that traversed these servers
when they were excluded, but only traffic that passes after the
command entered into effect..
Parameters
No additional parameters are necessary
Example
with Syntax
e xc l ud e d- se r ve rs clear
Studying a Subnet Configuration
Network
The sample Subnet Configuration is as follows:
AC C1 # c on f ig u re t e rm in a l
471
A C C1 (c o nf ig ) # r ou te r o sp f
A C C1 (c o nf ig - os p f) #a r ea 2 0 .0 . 0. 6
A C C1 (c o nf ig - os p f) # a ut he n ti c at io n -m od e e n ab le
A C C1 (c o nf ig - os p f) # a ut he n ti c at io n -k ey ac c el er a to r
A C C1 (c o nf ig - os p f) # n ei gh b or 30 .0 . 0. 0/ 8
A C C1 # c on fi g ur e t er m in al
A C C1 (c o nf ig ) # r ou te r r ip
A C C1 (c o nf ig - ri p )# a u th en t ic a ti on - mo de md 5
A C C1 (c o nf ig - ri p )# a u th en t ic a ti on - ke y a cc e le ra t or
A C C1 (c o nf ig - ri p )# n e ig hb o r 3 0. 0. 0 .0 /8
A C C1 # c on fi g ur e t er m in al
A C C1 (c o nf ig ) # s ub ne t s
A C C1 (S U BN ET S )# n et wo r k 30 . 0. 0 .0 2 5 5. 25 5 .0 . 0
A C C1 (S U BN ET S )# n ot -a d ve rt i se 30 .0 . 0. 0 2 55 . 25 5. 0 .0
A C C1 (S U BN ET S )# e xi t
Configuring Ethernet Display
The following commands let you configure viewing the Ethernet statistics:
Viewing Interface Statistics, on page 471.
Viewing Interface Statistics per Specific Link, on page 472.
Viewing Interface Statistics
To view interface statistics:
Command
AC C1 # s h ow i n te rf a ce li nk
Description
Displays Throughput and Performance statistics for all links since
up time, since last cleared and for the last 5 seconds.
Parameters
No additional parameters are necessary
Example
with Syntax
ACC1# sh ow in te r fa c e li n k
R ev isi o n 2. 0
472
Viewing Interface Statistics per Specific Link
To view interface statistics for a specific link:
ACC1# sh o w in t er f ac e l in k [ name]
Command
Description
Displays Throughput and Performance statistics for a link since
up time, since last cleared and for the last 5 seconds.
Parameters
Enter the name of the link.
ACC1# sh o w in t er f ac e l in k [ name]
Example
with Syntax
Enabling L-7 Traffic Discovery
To enable L-7 Traffic Discovery:
AC C 1( c on fi g )# statistic
ACC1(statistic)# di s co v er [h t tp |
Command
c it r ix ] [ en a bl e | d i sa bl e ]
Description
Enables traffic discovery of HTTP or Citrix traffic traversing the
network.
Parameters
Enter the name of the link.
AC C 1( c on fi g )# statistic
Example
with Syntax
AC C1 (s ta ti st ic )# discover http
enable
Viewing L-7 Traffic
To view layer seven traffic:
Command
ACC1(config)# sh ow di s co ve r ed
h tt p | ci tr i x
Description
Displays list of discovered HTTP or Citrix traffic traversing the
network.
Parameters
http for HTTP, citrix for Citrix
Example
with Syntax
473
ACC1(config)# s h ow di sc o ve re d
http
Viewing Application Statistics
To view application statistics:
Command
ACC1(config)# s h ow ap pl i ca ti o n
Description
Displays statistics for all applications.
Parameters
No additional parameters required.
Example
with Syntax
ACC1(config)# s h ow ap pl i ca ti o n
Setting Applications as Monitored
To set applications as monitored:
Command
ACC1(config)# m o ni t or ed a pp l ic at i on [ application name] n o rm a l
[ link number | Total]
Description
Sets a specified application to be monitored over a certain link or
over all links.
Parameters
Enter the application name and link number
Example
with Syntax
ACC1(config)# m o ni t or ed a pp l ic at i on [ application name] n o rm a l
[ link number | Total]
Viewing Application Traffic
To view application traffic:
Command
ACC1(config)# s h ow tr af f ic d is c ov er y [ al l | application name]
Description
Displays all applications traversing the network.
Parameters
Enter all for all applications or a specific application name.
R ev isi o n 2. 0
474
ACC1(config)# sh ow tr a ff ic d is c ov e ry all
Example
with Syntax
Enabling / Disabling Statistics History
To enable or disable statistics history:
ACC1# co n fi g
ACC(config)#[a p pl ic a ti on na m e]
ACC1(name)#st a ti st i cs -h i st o ry
Command
[ en a bl e /d is a bl e]
Description
Enables gathering statistics for a particular application.
Parameters
ACC1# co n fi g
ACC(config)#[a p pl ic a ti on na m e]
ACC1(name)#st a ti st i cs -h i st o ry
enable
Example
with Syntax
Clearing Counters or Statistics
To clear the counters:
ACC1# cl e ar c o un t er s l in k a ll
Command
[ name]
Description
Clears all counters. Adding a name at the end of the command
clears statistics for a specific link only.
Parameters
Example
with Syntax
ACC1# cl e ar c o un t er s l in k all
Enabling NetFlow
To enable Net Flow:
475
ACC1# ne tf l ow
ACC1(netflow)# i p f lo w -e x po rt
[ x. x .x .x ] p or t [ 1 t o 6 55 35 ]
v er s io n [ 5] in t er f ac e e th er n et
[ 0, 0/ 0, 0/ 1] te m pl at e [ fu l l,
l on g , sh o rt ]
Command
Description
Sets the Accelerator to forward all statistic information to the
NetFlow server for monitoring and analysis.
Enter the IP address and port number of the NetFlow collector, as
well as the NetFlow version number. In addition, enter the
interface ethernet to be monitored (the LAN interface Ethernet).
For more information on NetFlow statistics collected, see
NetFlow Monitored Statistics, on page 357
Parameters
Example
with Syntax
ACC1# ne tf l ow
ACC1(netflow)# i p f lo w -e x po rt
100.100.10.5 p or t 80 ve rs i on
[ 5] i nt er f ac e e t he r ne t 0 t e mp la t e
full
Setting the Max Queue Length
To set the Max Queue length:
1. In the Accelerator’s CLI, in interface link configuration mode, type priority
max-qlen discard [number] low [number] medium [number] high [number] realtime [number] pass-through [number]
2. Follow each parameter by the size of the queue desired.
3. The default greedy-threshold size is 1.
ACC1(LINK)#priority max-qlen discard 1000 low 1000 medium
1000 high 1000 real-time 1000 pass-through 1000.
Configuring QoS
The following lists the commands necessary to perform QoS configuration as
described above via the CLI.
The following configurations are available:
R ev isi o n 2. 0
476
Viewing Detected Applications, on page 476.
Creating a New Application, on page 476.
Creating a Web Application, on page 477.
Enabling / Disabling Application Acceleration, on page 477.
Enabling / Disabling Application Tunneling, on page 478.
Globally Filtering an Application, on page 478.
Filtering an Application per Link, on page 479.
Setting the Application Criteria, on page 479.
Setting the Order for the Rule, on page 479.
Setting Minimum Bandwidth (Desired), on page 480.
Setting Maximum Bandwidth (Limit), on page 480.
Prioritizing the Application, on page 480.
Critical Application Pass-through, on page 481.
Setting Bursts for a Rule, on page 481.
Setting the WAN to Work in Strict-priority Mode, on page 482.
Enabling Bursts, on page 482.
Viewing Detected Applications
To view detected applications:
Command
ACC1(config)#sh o w ap p li ca t io n
Description
Displays all detected applications.
Parameters
Example
with Syntax
ACC1(config)#sh o w ap p li ca t io n
Creating a New Application
To create a new application:
ACC1(config)#ap p li ca t io n name
Command
tc p [ p or t n um be r ]
ud p [ p or t n um be r /r a ng e]
ov e r- i p [p o rt /r a ng e ]
Description
Defines a new application and application criteria.
Parameters
Enter a valid TCP port number , a valid UDP port number and
range and a valid over-IP port number and range.
Example
with Syntax
477
ACC1(config)#a p pl i ca ti o n name
tc p 80
ud p 60
ov er - ip 55
Creating a Web Application
To create a web application:
ACC1(config)#a p pl i ca ti o n l- 7 name
h tt p
Command
ho st - na m e [x.x.x.x or name]
ur l- n am e [name]
mi me - ty p e [name]
us er - na m e [name]
Description
Define a new web application and criteria on the basis of the
specified parameters.
Parameters
ACC1(config)#a p pl i ca ti o n l- 7 name
h tt p
Example
with Syntax
ho st - na m e [x.x.x.x or name]
ur l- n am e [name]
mi me - ty p e [name]
us er - na m e [name]
Enabling / Disabling Application Acceleration
To enable or disable application acceleration:
R ev isi o n 2. 0
478
Command
ACC1(config)#de c is io n
ACC1(decision)#ma tc h a p pl ic a ti on
[name]
ACC1(decision)#se t a cc e le ra t e
d is a bl e /en ab l e
Description
Sets a specific application to accelerate or do not accelerate.
Parameters
Example
with Syntax
[name]
ACC1(decision)#se t a cc e le ra t e
enable
Enabling / Disabling Application Tunneling
To enable or disable application tunneling:
Command
[name]
ACC1(decision)#se t t un n el
d is a bl e /en ab l e
Description
Sets a specific application to tunnel or do not tunnel.
Parameters
Example
with Syntax
[name]
ACC1(decision)#se t t un n el enable
Globally Filtering an Application
To create a global filter application policy:
Command
ACC1(config)#po l ic y- r ul e g lo ba l
o ut b ou n d/ in b ou nd
Description
Defines a new rule for globally handling an application.
Parameters
Inbound for inbound, outbound for outbound
Example
with Syntax
479
ACC1(config)#p o li c y- ru l e gl o ba l
inbound
Filtering an Application per Link
To filter an application per link:
Command
ACC1(config)#p o li c y- ru l e li n k
number ou tb o un d/ i nb o un d
Description
Defines a new rule for a specific link.
Parameters
Inbound for inbound, outbound for outbound
Example
with Syntax
ACC1(config)#p o li c y- ru l e li n k
number outbound
Setting the Application Criteria
To set application criteria:
Command
ACC1(rule)#m a tc h
a pp l ic at i on [ name or l - 7 name]
i p [ an y, so ur c e, de st i na ti o n]
x .x . x. x t os b i ts
Description
Defines the filter for what type of traffic is handled by this rule per
IP, tos bits and/or application name.
Parameters
Enter the application name and a valid IP address
Example
with Syntax
ACC1(rule)#m a tc h
a pp l ic at i on [ name or l - 7 name]
i p [ an y, so ur c e, de st i na ti o n]
x .x . x. x t os b i ts
Setting the Order for the Rule
To set an order for the rule:
R ev isi o n 2. 0
480
Command
ACC1(rule)#se t p ol i cy o r de r
[ 10 0 t o 6 55 3 4]
Description
Defines the importance of the rule.
Parameters
Enter a valid policy order
Example
with Syntax
ACC1(rule)#se t p o li cy or d er 1000
Setting Minimum Bandwidth (Desired)
To set a minimum desired bandwidth:
Command
ACC1(rule)#se t p ol i cy r a te
d es i re d number (1 to 1 0 00 00 0 )
Description
Sets a minimum bandwidth for the application.
Parameters
Enter a valid policy rate
Example
with Syntax
ACC1(rule)#se t p ol i cy r a te
d es i re d number 10000
Setting Maximum Bandwidth (Limit)
To set a maximum desired bandwidth limit:
Command
ACC1(rule)#se t po l ic y ra te l i mi t
number (1 to 1 0 00 0 00 )
Description
Sets a maximum bandwidth for the application.
Parameters
Enter a valid policy rate larger than the minimum
Example
with Syntax
ACC1(rule)#se t po l ic y ra te l i mi t
number 100000
Prioritizing the Application
To priortize the application:
481
ACC1(rule)#s e t p ol ic y p ri o ri t y
Command
h ig h
l ow
m ed i um
r ea l -t im e
Description
Defines the Priority for the application.
Parameters
Enter a valid poliy priotrity.
ACC1(rule)#s e t p ol ic y p ri o ri t y
Example
with Syntax
h ig h
l ow
m ed i um
r ea l -t im e
Critical Application Pass-through
To set the traffic to pass-through:
Command
AC C1 ( ru l e) #s e t po l ic y p as s t hr o ug h
Description
Sets the traffic type to override the entire QoS mechanism and
pass through critical/Diagnostic traffic
Parameters
Enter a valid poliy priotrity.
Example
with Syntax
ACC1(rule)#s e t p ol ic y p as s t hr o ug h
Setting Bursts for a Rule
Command
AC C1 ( ru l e) # s et p ol ic y ra te
b ur st en ab le
Description
Sets the traffic defined for this rule to be allowed to send bursts
Parameters
Example
with Syntax
AC C1 ( ru l e) # s et p ol ic y ra te
b ur st en ab le
R ev isi o n 2. 0
482
Setting the WAN to Work in Strict-priority Mode
ACC1(config)#wa n [name] /[default]
Command
AC C 1( W AN )# s tr ic t -p r io ri t y
e na b le / di sa b le
i nb o un d
ou t bo u nd
bo t h
Description
Sets strict-priority for inbound and/or outbound traffic.
Parameters
Example
with Syntax
AC C 1( W AN )# s tr ic t -p r io ri t y enable
both
Enabling Bursts
To enable bursts:
Command
ACC1(WAN)#bu r st [ n um be r ]
Description
Enables bursts on the WAN up to the set bandwidth (1 to
1000000).
Parameters
Enter the bandwidth
Example
with Syntax
ACC1(WAN)#bu r st [ n um be r ]
Managing Aggregation Classes
Transferring a small packet imposes a high penalty in terms of the bandwidth use.
If the average payload size is 15 bytes (typical in a Citrix environment), the
overhead is 25 bytes of IP/tunnel headers, which means that about 60% of
bandwidth used is wasted.
Citrix (Post Acceleration) Aggregation is intended to better handle and optimize
such traffic. Citrix Aggregation aggregates several small packets into one big
483
packet. If n packets are aggregated, the savings is (n - 1) * 25 bytes of IP/tunnel
headers. The smaller the average packet size is, and the greater the number of
packets aggregated together, the greater the percentage of acceleration achieved
compared with performance results without Citrix Aggregation. Citrix Aggregation
operates per link. Each link can have Citrix Aggregation enabled or disabled
independently of other links.
The following topics are covered:
Configuring Aggregation Classes, on page 483.
Defining the Post Aggregation Class, on page 484.
Enabling / Disabling Aggregation Classes per Link, on page 485.
Setting Aggregation Limit, on page 485.
Setting Aggregation Threshold, on page 486.
Setting Aggregation Window, on page 486.
Applying an Aggregation Class to an Application, on page 487.
Configuring Aggregation Classes
To configure aggregation classes:
ACC1(config)#a g gr e ga ti o n po s t
Command
c la s s [d e fa ul t | cu st o m- 1 |
c us t om 2 | ci t ri x ] gl o ba l
[ en a bl e | d is a bl e ]
R ev isi o n 2. 0
484
Description
Sets the Citrix aggregation classes globally.
Citrix Aggregation on a link has 4 predefined classes that let you
configure and apply different Citrix Aggregation settings to
different types of traffic:
default
custom-1
custom-2
citrix
Different applications may require different Citrix Aggregation
class configuration (for example: different window size and
aggregated packet size). Several well-known applications are
defined as belonging to 'default' or 'citrix' aggregation class (for
example: Citrix and Telnet applications predefined to belong to
the 'citrix' class, which is pre-configured to properly handle these
applications).
You can disable, enable or configure each class.
You can set each application that exists in the Accelerator to
belong to one of the Citrix Aggregation classes. For information
on setting and defining Layer-7 applications, see section
"Enabling L-7 Traffic Discovery", on page 500.
By default, Citrix is enabled but default, custom-1 and custom-2
are disabled.
The Citrix Aggregation class parameter configuration is available
only per-link. The Global command is for ease of use. This
command is not saved in the configuration file, but goes over
each link and changes its configuration to enable/disable.
To view Citrix Aggregation statistics, use the show interface link
command from the config prompt.
Parameters
Enter the aggregation post class as described above.
Example
with Syntax
ACC1(config)#ag g re ga t io n p os t
c la s s [ de fa u lt | cu s to m- 1 |
c us t om 2 | c it ri x ] g lo ba l
[ en a bl e | d i sa bl e ]
Defining the Post Aggregation Class
To define the class of the post aggregation setting:
ACC1(conf)#in t er fa c e li n k [ number]
ACC1(LINK)#ag g re ga t io n p os t
Command
c la s s [ de fa u lt | cu s to m- 1 |
c us t om 2 | c it ri x ] [ di sa b le |
e na b le | li m it | t hr e sh ol d |
w in d ow ]
Description
Defines a class of post aggregation settings. You can define
settings per link per class or for the entire link. For limit, threshold
and window details see below.
The Citrix Aggregation class parameter configuration is available
only per-link (see section "Enabling / Disabling Aggregation
Classes per Link", on page 485).
This command is for ease of use. It is not saved in the
configuration file, but goes over each link and changes its
configuration to enable/disable
Parameters
Enter the bandwidth
485
ACC1(conf)#i n te r fa ce li nk [ number]
ACC1(LINK)#a g gr e ga ti o n po s t
Example
with Syntax
c la s s [d e fa ul t | cu st o m- 1 |
c us t om 2 | ci t ri x ] [d i sa bl e |
e na b le | li mi t | t hr es h ol d|
w in d ow ]
Enabling / Disabling Aggregation Classes per
Link
To enable aggregation classes per link:
Command
[ en a bl e | d is a bl e ]
Description
Sets the Citrix aggregation classes per link.
Parameters
Enter the bandwidth
Example
with Syntax
enable
Setting Aggregation Limit
To set an aggregation limit:
Command
l im i t [4 0 - 3 0 00 ]
R ev isi o n 2. 0
486
Description
Sets the upper limit for packets to be aggregated. Number in
bytes.
The limit, set in bytes, is the upper ceiling of packet size for
packets to be eligible for Citrix aggregation: packets that are
larger than LIMIT are not aggregated (they are supposed to be
big enough to be sent one at a time). You can configure LIMIT in
range 40-3000 bytes. The default value is 256
Parameters
Enter the bandwidth
Example
with Syntax
l im i t 256
Setting Aggregation Threshold
To set an aggregation threshold:
Command
t hr e sh o ld [ 4 0 - 3 00 0 | a u to ]
Description
Sets the post aggregation threshold, number in bytes 40 to 3000
or automatic.
The threshold, set in bytes, is the maximum size of aggregated
packets. That is, when an aggregate packet reaches this size, it
can be sent. You can configure THRESHOLD in range 40-MTU.
The default value is auto, which means that the threshold will be
calculated dynamically according to available bandwidth as
follows:
512 bytes - for bandwidth that is less than or equal to 512 Kbps
1024 bytes - for bandwidth that is greater than 512 Kbps and
less then 1Mbps
MTU (usually 1500 bytes but no more than 3000) - for bandwidth
that is more than 1Mbps
If fragmentation is configured in the link, the threshold auto value
will not be larger than the fragmentation size.
Parameters
Enter the correct threashold
Example
with Syntax
t hr e sh o ld 512
Setting Aggregation Window
To set an aggregation window:
Command
487
w in d ow [ 1 - 1 0 0 | a ut o ]
Description
Sets the post-acceleration window, number in bytes 1 to 100 or
automatic. The window command is set in units of 10 ms. This is
the maximum amount of time a packet can be delayed in Citrix
Aggregation queues. This means that when WINDOW * 10 ms
elapses, an aggregate packet is sent (even if its total size has not
yet reached LIMIT value). This is done to avoid long packet
delays. WINDOW can be configured in a range of 1-100 units.
The default value is auto, which means that the WINDOW value
is calculated dynamically given the bandwidth and the threshold
value. An estimated value of the auto value is bandwidth/
Threshold. This enables the aggreagator to wait enough time to
get an aggregated packet with the largest size close to the
THRESHOLD value.
Parameters
Enter the correct threashold
Example
with Syntax
t hr e sh ol d 90
Applying an Aggregation Class to an Application
To apply an aggregation class to an application:
ACC1(conf)#d e ci s io n
ACC1(DECISION)#m a tc h a pp l ic at i on
Command
Description
[ name]
ACC1(DECISION)#s e t ag g re g at io n c la s s [c i tr ix | d ef au l t |
c us t om -1 | cu s to m -2 ]
Sets the post-acceleration class of an application.
An application is coupled with a Citrix Aggregation class through
a decision.
To see which application belongs to which class, type the show
decision command.
Parameters
Enter the application name and the correct aggregation class.
R ev isi o n 2. 0
488
ACC1(conf)#de c is io n
ACC1(DECISION)#ma tc h a p pl ic a ti on
myapplication
ACC1(DECISION)#se t a gg r eg at i on c la s s citrix
Example
with Syntax
This section has the following configuration options:
Enabling / Disabling DNS Acceleration, on page 488
Defining Static Hosts, on page 488
Removing Definitions of Static Hosts, on page 489
Clearing the Cache, on page 489
Setting The Cache Size, on page 489
Displaying the Cache Contents, on page 490
Enabling / Disabling DNS Masquerading, on page 490
Defining the TTL Period, on page 490
Defining the Query Timeout Period, on page 491
Defining the Transparency Mode, on page 491
Displaying the DNS Acceleration Statistics, on page 492
Enabling / Disabling the Use of the Accelerator DNS, on page 492
Enabling / Disabling DNS Acceleration
To enable or disable DNS acceleration:
AC C 1( D NS -A C C) #D n s- a cc el e ra ti o n
Command
Description
Enables/disables DNS Acceleration. By default DNS Acceleration
is disabled.
Parameters
Example
with Syntax
AC C 1( D NS -A C C) #D n s- a cc el e ra ti o n
enable
Defining Static Hosts
To define a static host:
489
AC C1 ( DN S -A CC ) #i p h os t
[ WO R D] [I P ]
Command
Description
Lets you define a static host-name to address, by using the
WORD parameter followed by an IP address.
Parameters
Enter the site name and the correct IP address.
AC C1 ( DN S -A CC ) #i p h os t mysite
Example
with Syntax
100.100.20.5
Removing Definitions of Static Hosts
AC C1 ( DN S -A CC ) #i p h os t [ pu r ge ]
Command
Description
Lets you remove all definitions of static hosts, by using the purge
parameter.
Parameters
AC C1 ( DN S -A CC ) #i p h os t purge
Example
with Syntax
Clearing the Cache
To clear the cache:
AC C1 ( DN S -A CC ) #c ac h e c le ar
Command
Description
Lets you clear the cache contents.
Parameters
Example
with Syntax
AC C1 ( DN S -A CC ) # cache clear
Setting The Cache Size
R ev isi o n 2. 0
490
Command
AC C 1( D NS -A C C) #c a ch e s iz e [ 10 0 3 00 0 0 | a ut o ]
Description
Lets you select whether to accept the system-defined value of the
cache size or to set your own value (between 100 and 30000).
Parameters
Enter the application name and the correct aggregation class.
Example
with Syntax
AC C 1( D NS -A C C) #c a ch e s iz e 2400
Displaying the Cache Contents
To display the cache content:
Command
AC C 1( D NS -A C C) #s h ow ca ch e
Description
Displays the details of all hosts currently stored in the cache: host
name, host address, flags and expiry time (time-to-leave).
Parameters
Example
with Syntax
AC C 1( D NS -A C C) #s h ow ca ch e
Enabling / Disabling DNS Masquerading
To enable or disable DNS Masquerading:
Command
AC C 1( D NS -A C C) #D n s- m as qu e ra di n g
Description
Enables/disables DNS masquerading. By default DNS
masquerading is disabled.
Parameters
Example
with Syntax
AC C 1( D NS -A C C) #D n s- m as qu e ra di n g
enable
Defining the TTL Period
To define the time to leave period:
Command
AC C1 ( DN S -A CC ) #m in T T L (m in u te s)
[ pr e se rv e -t tl | 1 -1 44 0 ]
Description
Lets you select whether to keep the system-defined value of the
time-to-leave period (preserve-ttl) or to set your own value
(between 1 and 1440 minutes).
Parameters
Enter the a valid time period as described above.
Example
with Syntax
491
AC C1 ( DN S -A CC ) #m in T T L (m in u te s)
p re s er ve - tt l 440
Defining the Query Timeout Period
To define the query timeout period:
Command
AC C1 ( DN S -A CC ) #q ue r y t im eo u t (0 3 0)
Description
Lets you set your own value for the query timeout period
(between 0 and 30)
Parameters
Enter a valid timeout period as described above.
Example
with Syntax
AC C1 ( DN S -A CC ) #q ue r y t im eo u t 25
Defining the Transparency Mode
To define the transparency mode:
Command
AC C1 ( DN S -A CC ) #t ra n sp a re nc y
[ au t o | f ul l | s e mi ]
Description
Lets you set your requested transparency mode:
Semi - the traffic is transparent to the Client, but the server sees
it as coming from the Accelerator.
Full - the traffic is transparent to both the Client and the Server.
Auto - the transparency is determined automatically according to
the deployment level: either Semi (in On-LAN deployment) or Full
(in On-Path deployment).
The default value is Auto.
Parameters
Enter a valid transparency mode as descrbed above.
Example
with Syntax
AC C1 ( DN S -A CC ) #t ra n sp a re nc y auto
R ev isi o n 2. 0
492
Displaying the DNS Acceleration Statistics
Command
AC C 1( D NS -A C C) #s h ow st at i st ic s
Description
Displays the statistics for the queries since the last time the DNS
Acceleration feature was enabled: total number of queries,
number of hits and number of misses.
Parameters
Example
with Syntax
AC C 1( D NS -A C C) # show statistics
Enabling / Disabling the Use of the Accelerator
DNS
To enable or disable the Accelerator ’s DNS:
Command
AC C 1( D NS -A C C) #u s e- a cc el e ra to r d ns [e n ab le | di s ab l e]
Description
Enables/disables the use of Accelerator DNS, thereby defining
the Accelerator as a DNS client. By so doing, the Accelerator will
always intercept traffic and use its setting to process the traffic,
even if that traffic was sent to another DNS server.
If you enable the use of Accelerator DNS, you have to configure
an IP name server under the DNS node.
Parameters
Example
with Syntax
AC C 1( D NS -A C C) #u s e- a cc el e ra to r d ns enable
493
Enabling Traffic Encryption
i
NOTE: In the Accelerator, subnets that are not defined as local subnets are
considered by default as remote subnets (subnets over the WAN). Thus, when
IPsec is enabled, users sending traffic from such subnets will not be able to
communicate with the Accelerator, as their packets will be dropped. Therefore,
enabling these subnets to communicate with the Accelerator requires you to
define them as local in the Accelerator, by using the following CLI command:
subnet network x.x.x.x/y
This section features the following options:
Displaying the Traffic Encryption (crypto) on a Specific Link, on
page 493
Displaying the Current Crypto Configuration of a Specific Accelerator,
on page 493
Displaying the Crypto Details of a Specific Accelerator, on page 494
Displaying the Process of the IPsec Policy Creation on a Specific
Accelerator, on page 494
Displaying the Traffic Encryption (crypto) on a
Specific Link
To display traffic encryption details on a specific link:
Command
AC C1 ( co n fi g) # sh ow in t er fa c e
l in k
Description
Lets you view whether IPsec is enabled, which IPsec policy is
used and other details.
Parameters
Enter the link number.
Example
with Syntax
AC C1 ( co n fi g) # sh ow in t er fa c e
l in k 1
Displaying the Current Crypto Configuration of a
Specific Accelerator
To display the current configuration:
R ev isi o n 2. 0
494
Command
AC C 1( c on fi g )# sh o w r un ni n gc on f ig
Description
Lets you view the entire details of the current crypto
configuration, such as crypto mode, policy rules and decision
number.
Parameters
Example
with Syntax
AC C 1( c on fi g )# sh o w r un ni n gc on f ig
Displaying the Crypto Details of a Specific
Accelerator
To display the crypto details:
Command
AC C 1( c on fi g )# sh o w c ry pt o
Description
Lets you view the entire details of Accelerator’s crypto, such as
the crypto mode, the IKE and the IPsec policies.
Parameters
Example
with Syntax
AC C 1( c on fi g )# sh o w c ry pt o
Displaying the Process of the IPsec Policy
Creation on a Specific Accelerator
Command
AC C 1( c ry pt o )# sh o w t ec he nc r yp t io n
Description
Lets you view the IPsec tunnel status and the Pluto log.
Parameters
Example
with Syntax
AC C 1( c ry pt o )# sh o w t ec he nc r yp t io n
495
Configuring ARP
This section contains the following configurations:
Adding Entries to the ARP Cache, on page 495
Clearing the ARP Cache, on page 495
Setting the Limit on the ARP Cache, on page 495
Setting Additional Limits on the ARP Cache, on page 496
Adding Entries to the ARP Cache
To add an entry to the ARP Cache:
Command
ACC1(config)#a r p [ IP a d dr es s
x .x . x. x] [M AC ad d re ss x
x :x x :x x: x x: xx : xx ]
Description
Sets manual ARP cache entries
Parameters
Enter a valid IP address and MAC address.
Example
with Syntax
ACC1(config)#a r p I P ad d re ss
100.100.50.2 M AC Ad dr e ss
00:06:5B:15:04:B4
Clearing the ARP Cache
To clear the ARP Cache:
Command
ACC1(config)#a r p c le ar - ta bl e
[ vo l at il e ]
Description
Clears the ARP cache table. Using the volatile variable lets you
clear entries from the active ARP without clearing the database.
Parameters
Example
with Syntax
ACC1(config)#a r p c le ar - ta bl e
[ vo l at il e ]
Setting the Limit on the ARP Cache
To set a limit to the ARP cache:
R ev isi o n 2. 0
496
Command
ACC1(config)#ar p c ac h e ma x -s iz e
[ number between 128000 and 8000000]
Description
Sets a limit on the size of the ARP cache
Parameters
Enter the maximum size within the range listed above.
Example
with Syntax
AC C1 (c on fi g) # a rp ca c he ma x -s iz e
800000
Setting Additional Limits on the ARP Cache
To set an additional limit on the ARP cache:
Command
ACC1(config)#ar p c ac h e li m it s
[ three numbers between 128000 and
8000000]
Description
Sets three limits on the size of the ARP cache
Parameters
Enter up to three numbers within the valid range
Example
with Syntax
ACC1(config)#ar p c ac h e li m it s
200000 300000 400000
Additional Configurations
This section contains the following configuration options:
Adding a WAN, on page 496.
Modifying Interface Speed and Duplex, on page 497.
Setting VLAN, on page 497.
Autodetecting HSRP Groups, on page 498.
Setting HSRP Group Number, on page 498.
Setting VRRP Group Number, on page 499.
Disabling Bridging, on page 500.
Setting an IP address for Eth 0, on page 500.
Adding a WAN
To add a new WAN:
497
Command
ACC1(config)#w a n [name]
Description
Creates a new WAN.
Parameters
Enter the name of the WAN.
Example
with Syntax
ACC1(config)#w a n mywan
Modifying Interface Speed and Duplex
To modify interface speed and duplex:
ACC1(config)#i n te r fa ce et he r ne t
[0, 0/1, 0/0]
ACC1(interface)l i nk -m o de
10 00 M bi t -f ul l
Command
10 0M b it - fu ll
10 0M b it - ha lf
10 Mb i t- f ul l
10 Mb i t- h al f
au to
Description
Sets the speed and duplex setting of the interface.
Parameters
Example
with Syntax
ACC1(config)#i n te r fa ce et he r ne t 0
ACC1(interface)l i nk -m o de auto
Setting VLAN
To set a VLAN:
R ev isi o n 2. 0
498
Command
ACC1(config)#in t er fa c e vl a n
[number]
x. x .x . x x .x . x. x (enter ip address
and subnet mask)
or
n at i ve
or
n at i ve ta gg e d
Description
Enables VLAN, sets group number and IP address or native or
native tagged Accelerator IP address as VLAN group IP address.
Parameters
Enter a valid group number, a valid IP address and subnet mask.
Example
with Syntax
ACC1(config)#in t er fa c e vl a n 1
100.100.50.5
Autodetecting HSRP Groups
To enable or disable the autodetection of HSRP
groups:
Command
ACC1(config)#HS R P au t od et e ct
e na b le / di sa b le
Description
The Accelerator can auto-detect HSRP groups on its networks
and add them to its Group Table
Parameters
Example
with Syntax
ACC1(config)#HS R P au t od et e ct
enable
Setting HSRP Group Number
i
NOTE: In AcceleratorOS versions up to 6.0, adding an HSRP group
automatically included the Accelerator in the group. Starting from
AcceleratorOS 6.0, after HSRP group parameters are updated, the Accelerator
must join the group. In the CLI this is accomplished using the join/leave
commands.
To set the HSRP group number:
499
ACC1(config)#H S RP [number]
au th e nt i ca ti o n [s t ri n g]
fo rc e -p r io ri t y
ip ( up da t e I P ad d re ss - c r ea te
g ro u p if it d o es no t e xi st )
Command
jo in
leave (l ea v e H SR P g ro up )
preempt
pr io r it y [ nu m be r 0 - 25 4]
ti me r s
vi rt u al - ma c (virtual MAC address)
vlan (assign HSRP group to VLAN)
Description
Sets manual configuration of HSRP
Parameters
Enter a valid IP address, a mac address and a HRSP group
number
ACC1(config)#H S RP 20
au th e nt i ca ti o n myauthentication
fo rc e -p r io ri t y
ip 100.100.50.2
Example
with Syntax
jo in
pr ee m pt
pr io r it y 1
ti me r s
vi rt u al - ma c F:F:F:F:F:F:F:F
vl an
2
Setting VRRP Group Number
To set the VRRP group number:
R ev isi o n 2. 0
500
AC C 1( c on fi g )# VR R P [ nu mb e r]
ip (u p da te IP a d dr e ss - c re at e
g ro u p i f it do es no t e xi s t)
Command
pr e em p t
pr i or i ty [ n um be r 0 - 25 4 ]
ti m er
Description
Sets manual configuration of VRRP
Parameters
Enter a valid IP and priority number
AC C 1( c on fi g )# VR R P [ nu mb e r]
ip 10 0 .1 00 . 23 .4
Example
with Syntax
pr e em p t
pr i or i ty 100
ti m er
Disabling Bridging
To disable bridging:
Command
ACC1(config)#in t er fa c e e t he rn e t 0
ACC1(interface)# b ri d ge d -s ta t e
d is a bl e
Description
Disables bridge support for the Ethernet 0 interface.
Parameters
Example
with Syntax
ACC1(interface)# b ri d ge d -s ta t e
disable
Setting an IP address for Eth 0
To set the IP address for ETH O:
Command
ACC1(interface)# i p a dd r es s
[ x. x .x . x y. y .y .y ]
Description
Sets an IP address and subnet mask for the Ethernet 0 interface.
Parameters
Example
with Syntax
501
Enter a valid IP and subnet mask
ACC1(config)#i n te r fa ce e th e rn et 0
ACC1(interface)# i p ad d re s s
100.100.23.2
255.255.255.255
Defining Link Settings
The following settings can be configured in this section:
Assigning a Link to a WAN, on page 501
Setting a Link to Work in Large Cache Mode, on page 501
Enabling Packet Fragmentation, on page 502
Enabling Packet Aggregation, on page 502
Setting a Link to be Accelerated, on page 503
Setting IPcomp Preservation, on page 503
Forcing Tunneling, on page 504
Including Checksum, on page 504
Assigning a Link to a WAN
To assign a link to a WAN:
Command
ACC1(config)#i n te r fa ce li nk
ACC1(LINK)#w a n- i d [ number/
d ef a ul t]
Description
Sets the WAN to which this Link is assigned.
Parameters
Enter a valid IP, VRRP group number, and priority number
Example
with Syntax
ACC1(config)#i n te r fa ce li nk
ACC1(LINK)#w a n- i d [ number/
d ef a ul t]
Setting a Link to Work in Large Cache Mode
To set a link to work in large cache mode:
R ev isi o n 2. 0
502
Command
ACC1(LINK)# ca c he -s i ze l a rg e
e na b le
Description
Sets the link to work in Large cache size mode.
Parameters
Example
with Syntax
ACC1(LINK)# ca c he -s i ze l a rg e
enable
Enabling Packet Fragmentation
To enable packet fragmentation:
Command
AC C 1( L IN K) # fr ag m en t at io n a ut o
[ nu m be r ]
Description
Enables packets to be fragmented on this link. If packets arrive
larger than the set size (68 to 6000), the QoS mechanism breaks
them up. This setting is useful for handling latency on low
bandwidth links, and applies only to traffic set with a CoS value of
low, medium and high priority.
Fragmentation does not have to be configured symmetrically on
both ends. Fragmentation is accomplished on outgoing packets
before the packets are compressed.
Parameters
Enter a valid number as described above
Example
with Syntax
AC C 1( L IN K) # fr ag m en t at io n a ut o
900
Enabling Packet Aggregation
To enable packet aggregation:
Command
AC C 1( L IN K) # ag gr e ga t io n a ut o
[ nu m be r ]
Description
Enables small packets to be aggregated on this link. If packets
arrive smaller than the set size (68 to 6000), the QoS mechanism
aggregates them and sends them together across the link. This
only applies to traffic set with a CoS value of low, medium and
high priority.
Aggregation is accomplished on outgoing packets before the
packets are compressed, and therefore you do not have to
configure the aggregation symmetrically on both ends.
Aggregation is applied only on congested links, to avoid adding
unnecessary latency on non-problematic links.
Parameters
Enter a valid number as described above
Example
with Syntax
503
AC C1 ( LI N K) #a g gr eg a ti o n au t o 900
Setting a Link to be Accelerated
To assign a link be accelerated:
Command
ACC1(LINK)# a c ce l er at i on e n ab l e/
d is a bl e
Description
Sets the link to accelerate all traffic
Parameters
Example
with Syntax
ACC1(LINK)# a c ce l er at i on enable
Setting IPcomp Preservation
To assign a link to a WAN:
ACC1(LINK)# h e ad e r pr e se rv a ti o n
Command
[s rc ]
[t os ]
[t tl ]
R ev isi o n 2. 0
504
Description
Sets source IP address, ToS bit or ttl header preservation.
SRC: Preserves the source IP address of the original IP header.
This setting, which is useful for Policy Routing, also enables
distinguishing between sessions. The SRC setting is disabled by
default.
TOS: Preserves the original ToS point settings - this is enabled
by default.
TTL: Preserves the original TTL. This is disabled by default.
Parameters
ACC1(LINK)# he a de r p re se r va t io n
src
Example
with Syntax
tos
ttl
Forcing Tunneling
To set the link to force all traffic into the tunnel:
Command
ACC1(LINK)# fo r ce e n ab le / di s ab le
Description
Sets the link to force all traffic into the tunnel.
Parameters
Example
with Syntax
ACC1(LINK)# fo r ce enable
Including Checksum
To include a checksum:
Command
ACC1(LINK)# ch e ck su m e na b le /
d is a bl e
Description
Includes a checksum in all packet transmissions. This setting is
useful for high error rate links and troubleshooting purposes.
Parameters
Example
with Syntax
ACC1(LINK)# ch e ck su m enable
505
Configuring Expand View Settings
This section demonstrates how to configure the Accelerator to work with
ExpandView NMS. For more information on ExpandView, contact your Expand
Networks supplier.
Enabling / Disabling the ExpandView Agent, on page 505
Setting the ExpandView Server IP Address, on page 505
Setting the ExpandView Server Port, on page 506
Displaying ExpandView Status, on page 506
Enabling / Disabling the ExpandView Agent
To enable or disable the ExpandView Agent:
ACC1(config)# e x pa n d- vi e w
Command
AC C1 ( EV I EW )# ag en t [ e na bl e /
d is a bl e]
Description
Enables/Disables interaction with ExpandView.
Parameters
Example
with Syntax
ACC1(config)# e x pa n d- vi e w
AC C1 ( EV I EW )# ag en t enable
Setting the ExpandView Server IP Address
To set the ExpandView Server IP address:
Command
AC C1 ( EV I EW )# IP a d dr e ss
[ x. x .x .x ]
Description
Sets the address of the ExpandView server in an Accelerator.
Parameters
Enter a valid IP address of the ExpandView server
Example
with Syntax
AC C1 ( EV I EW )# IP a d dr e ss
100.100.25.5
R ev isi o n 2. 0
506
Setting the ExpandView Server Port
To set the Expand View Server Port:
Command
AC C 1( E VI EW ) # po r t [ xx xx ]
Description
Sets the port to use for interaction with the ExpandView server.
Parameters
Enter a legal port number that should be used to interact with the
ExpandView server.
Example
with Syntax
AC C 1( E VI EW ) # po r t 81
Displaying ExpandView Status
To display the ExpandView status:
Command
Description
Verifies whether the unit is connected to ExpandView.
Parameters
Example
with Syntax
i
AC C 1( E VI EW ) # show
AC C 1( E VI EW ) # show
NOTE: For more information on ExpandView, please refer to the ExpandView
user guide.
Configuring SNMP
Enabling / Disabling SNMP, on page 507.
Enabling / Disabling SNMP Traps, on page 507.
Setting SNMP Trap Community, on page 507.
Setting SNMP Community, on page 508.
Setting SNMP Version 3 Authentication, on page 508.
507
Enabling / Disabling SNMP
To enable SNMP:
Command
ACC1(config)#s n mp en ab l e/ di s ab l e
Description
Enables/Disables SNMP support in the Accelerator.
Parameters
Example
with Syntax
ACC1(config)#s n mp enable
Enabling / Disabling SNMP Traps
To enable SNMP:
Command
ACC1(config)#s n mp tr ap s e na b le /
d is a bl e
Description
Enables/Disables SNMP trap support.
Parameters
Example
with Syntax
ACC1(config)#s n mp tr ap s enable
Setting SNMP Trap Community
i
NOTE: If, after defining snmp trap manager-ip, snmp read community or snmp
trap community, you want to clear these values, use the no command to
reverse this definition. For example: no snmp read community [name]
To set SNMP trap community:
Command
ACC1(config)#s n mp tr a p c om mu n it y
[ na m e]
Description
Sets the name of the SNMP trap community. The default is
Public.
Parameters
Enter a valid name as described above.
Example
with Syntax
ACC1(config)#s n mp tr a p c om mu n it y
public
R ev isi o n 2. 0
508
Setting SNMP Community
To set SNMPcommunity:
Command
ACC1(config)#sn m p co m mu ni t y
[ na m e] ac ce s s [r e ad - on ly / re ad w ri t e]
Description
Sets the name of the SNMP community (a group of users that are
granted access to certain Accelerator devices). Each SNMP
community can have either read-only or read-write authorization.
The default community is Public, and its authorization is readwrite.
Parameters
Enter a valid name and access type as described above.
Example
with Syntax
ACC1(config)#sn m p co m mu ni t y
Public access read-write
Setting SNMP Version 3 Authentication
To set SNMP version 3 authentication:
Command
ACC1(config)#sn m p ch a ng e- v 3p as s wo r d
Description
Sets the password SNMP v.3 password. The default password is
expand_initial_password and should be changed.
Parameters
Enter a valid password as described above.
Example
with Syntax
ACC1(config)#sn m p ch a ng e- v 3p as s wo r d expand_initial_password
i
509
NOTE: When monitoring for specific MIBs, add the index number of the
processor even if only one processor exists. Failing to add the index number
results in an error message.
For example: using the snmpget command with the syntax
snmpget -v 1 -c expand 10.65.0.209
1.3.6.1.4.1.3405.1.3.1.1.2.1.3
returns the following error:
There is no such variable name in this MIB.
Failed object: SNMPv2-SMI:enterprises.3405.1.3.1.1.2.1.3
The correct string would be:
snmpget -v 1 -c expand 10.65.0.209
1.3.6.1.4.1.3405.1.3.1.1.2.1.3.1 <processor id>
Configuring the Log
Enabling / Disabling the Log, on page 509.
Setting the Syslog Facility Number, on page 509.
Setting the Syslog Server’s IP Address, on page 510.
Defining Sent Events, on page 510.
Enabling / Disabling the Log
To enable or disable the log:
Command
ACC1(config)#l o gg i ng
ACC1(logging)#s y sl o g ac t iv e
[ di s ab le | en a bl e ]
Description
Enables Syslog events to be sent.
Parameters
Example
with Syntax
ACC1(logging)#s y sl o g ac t iv e
enable
Setting the Syslog Facility Number
To set the syslog facility number:
R ev isi o n 2. 0
510
ACC1(config)#lo g gi ng
ACC1(logging)#sy sl o g f ac il i ty
[ number]
Command
Description
Sets the Syslog facility number.
Parameters
Enter a valid number
ACC1(logging)#sy sl o g f ac il i ty 23
Example
with Syntax
Setting the Syslog Server’s IP Address
To set the IP address of the syslog server:
ACC1(logging)#sy sl o g s er ve r i p
[ IP address (x.x.x.x)]
Command
Description
Sets the IP address of the Syslog server.
Parameters
Enter a valid IP address as described above.
ACC1(logging)#sy sl o g s er ve r i p
100.100.20.3
Example
with Syntax
Defining Sent Events
To define a sent event:
ACC1(logging)#sy sl o g s ev er i ty
Command
m in i mu m [ in f o | w ar ni n g | e rr or
| f a ta l] ma x im um [f at a l | e rr or
| w a rn i ng | in fo ]
Description
Defines which events to send, from the minimum to the
maximum.
Parameters
Enter a valid event as described above.
Example
with Syntax
511
ACC1(logging)#s y sl o g se v er it y
minimum warning maximum error
Enabling / Disabling Event Notification
To enable or disable event notification:
Command
ACC1(logging)#m a il ac ti v e
[ di s ab le | en a bl e ]
Description
Sets the Accelerator to send email notification when events and
alerts are received
Parameters
Example
with Syntax
ACC1(logging)#m a il ac ti v e enable
Creating an Accelerator Messenger Account
To set the email address:
Command
ACC1(logging)#m a il fr om [name]
Description
Sets the name to appear in the From field of emails sent from the
Accelerator.
Parameters
Enter a valid password as described above.
Example
with Syntax
ACC1(logging)#m a il fr om [name]
Setting the Notification Recipient
To set who will receive the notifications:
R ev isi o n 2. 0
512
Command
ACC1(logging)#ma il re c ip ie n t
[ name]
Description
Sets the name to appear in the To field of emails sent from the
Accelerator.
Parameters
Enter a valid email address as described above.
Example
with Syntax
ACC1(logging)#ma il re c ip ie n t
username@emailaddress.com
Setting the Mail Server’s IP Address
To set the mail server ’s IP address:
Command
ACC1(logging)#ma il se r ve r i p[ ip
address (x.x.x.x)]
Description
Sets the IP address of the mail server.
Parameters
Enter a valid IP address as described above.
Example
with Syntax
ACC1(logging)#ma il se r ve r i p
100.100.50.8
Setting the Mail Server’s Port Number
To set the port of the mail server:
Command
ACC1(logging)#ma il se r ve r
p or t [port number]
Description
Sets the port of the mail server.
Parameters
Enter a valid port number as described above.
Example
with Syntax
ACC1(logging)#ma il se r ve r p or t 86
513
Setting SNMP Version3 Authentication
To set SNMP version 3 authentication:
ACC1(logging)#m a il se ve r it y
Command
m in i mu m [ in fo | wa r ni ng | er r or
| f at a l] m a xi m um [ e rr or | fa t al
| i n fo | wa rn i ng ]
Description
Defines which events are sent, from the minimum to the
maximum. Log events are as follows:
info - informational events
warning - warnings
error - errors in acceleration
fatal - fatal errors
Parameters
Enter the event as described above.
Example
with Syntax
ACC1(logging)#m a il se ve r it y
minimum info maximum fatal
Creating Log Archives
The log archive creation does not have its own mode, and can be carried out either
from the Enable or Config modes.
Creating a Log Archive, on page 513.
Deleting a Log Archive, on page 514.
Uploading Log Archive Files, on page 514.
Displaying Log Archive Files, on page 515.
Creating a Log Archive
To create a log archive:
Command
ACC1#lo g a rc hi v e [ pr ef i x]
R ev isi o n 2. 0
514
Description
Enables creating a log archive.
To insert your selected prefix, type this prefix in the WORD field.
Parameters
Enter a valid prefix if desired
Example
with Syntax
ACC1#lo g a rc h iv e myprefix
Deleting a Log Archive
To delete an log archive:
Command
ACC1#lo g a rc h iv e [ de l et e]
[ fi l en a me ] | [ al l ]
Description
Enables deleting a log archive.
You can select between the following options:
WORD - to delete a specific file.
all - to delete all files.
Parameters
Enter a specific file name or All to delete all files as described
above.
Example
with Syntax
ACC1#lo g a rc h iv e delete all
Uploading Log Archive Files
To upload a log archive file:
Command
ACC1#lo g u pl o ad [m et h od ]
[ fi l en a me ] | [ la t es t ]
[ de s ti n at io n ]
Description
Lets you select the parameters for uploading log archive files:
which method to use, which files to upload, and the requested
destination.
The optional values are as follows:
Method - FTP, SFTP, TFTP and SCP
Filename - to select a specific file.
Latest - to upload the latest generated log archive.
Destination - the destination of the file.
Parameters
Enter parameters as described above
Example
with Syntax
ACC1#lo g u pl o ad FTP myfilename
latest T:\\mynetworkdrive
515
Displaying Log Archive Files
To display a log archive file:
Command
ACC1#sh ow lo g a rc h iv e
Description
Lets you view all archived log files, including name, size and time
stamp.
Parameters
Example
with Syntax
ACC1#sh ow lo g a rc h iv e
Using Configuration Tools
The following topics are available:
Displaying the Configuration Settings, on page 515.
Saving the Running Configuration, on page 516.
Reverting Back to the Last Saved Startup, on page 516.
Restoring the Configuration to Factory Default Settings, on page 516.
Sending a Ping, on page 517.
Sending a Traceroute, on page 517.
Viewing Technical Support Statistics, on page 518.
Displaying the Configuration Settings
To display the configuration:
Command
AC C1 ( co n fi g) # wr it e t e rm in a l
Description
Displays the running configuration on the terminal screen (similar
to the show startup-config command).
Parameters
Example
with Syntax
AC C1 ( co n fi g) # write terminal
R ev isi o n 2. 0
516
Saving the Running Configuration
To save the running configuration:
Command
AC C 1( c on fi g )# wr i te st ar t up c on f ig
Description
Saves the running configuration as the startup configuration.
Parameters
Example
with Syntax
AC C 1( c on fi g )# write startup-
config
Reverting Back to the Last Saved Startup
To revert back to the last saved startup:
Command
ACC1(config)#co p y st ar t up -c o nf i g
r un n in g -c on f ig
Description
Reverts the running configuration to the last saved startup
configuration.
Parameters
Example
with Syntax
ACC1(config)#co p y st ar t up -c o nf i g
r un n in g -c on f ig
Restoring the Configuration to Factory Default
Settings
To restore the default settings:
Command
ACC1(config)#er a se s t ar tu p
c on f ig u ra ti o n
Description
Restores the Accelerator’s configuration to the Factory Default
Settings.
Parameters
Example
with Syntax
ACC1(config)#er a se s t ar tu p
c on f ig u ra ti o n
517
Sending a Ping
To send a ping:
ACC1(config)#p i ng [i p (x.x.x.x) |
Command
hostname]
Description
Pings network devices
Parameters
Enter a valid IP and host
ACC1(config)#p i ng 100.100.10.4
myhostname
Example
with Syntax
Sending a Traceroute
To send a traceroute:
Command
ACC1(config)#t r ac e ro ut e [i p (x.x.x.x)
| hostname]
Description
Sends a traceroute to network devices
Parameters
Example
with Syntax
ACC1(config)#t r ac e ro ut e
100.100.10.4 myhostname
Displaying the Packets’ TraceRoute
To display the packet’s traceroute:
Command
Description
Parameters
Example
with Syntax
{hostname}:filecontroller0# traceroute
[host]
Displays the route to a remote machine, where [host] represents
the machine host’s name.
{hostname}:filecontroller0# traceroute
[host]
R ev isi o n 2. 0
518
Viewing Technical Support Statistics
To view technical support statistics:
Command
ACC1(config)#sh o w te c h- su p po rt
[ co n ti n uo us ]
Description
Gathers troubleshooting statistics from the Accelerator. Press
More to view additional output each time; alternatively, add the
parameter cotinuous, to enable continuous output.
Parameters
Only add the continuous parameter if you want continuous output
Example
with Syntax
ACC1(config)#sh o w te c h- su p po rt
continuous
Enabling Accdump Files
The following configuration options are available:
Accessing the AccDump Configuration Menu, on page 518.
Enabling / Disabling ACCDump, on page 519.
Configuring Tcpdump File Size, on page 519.
Configuring Tcpdump File Format, on page 519.
Configuring Tcpdump File Number, on page 520.
Configuring Tcpdump Optional Flags, on page 520.
Uploading Tcpdump Files, on page 520.
Selecting the TCPDump Interface, on page 521.
Selecting the TCPDump Filter Expressions, on page 521.
Accessing the AccDump Configuration Menu
To access the accdump menu options:
Command
AC C 1( c on fi g )# accdump
Description
Enables accdump (default)
Parameters
Example
with Syntax
AC C 1( c on fi g )# accdump
519
Enabling / Disabling ACCDump
To enable or disable ACCDump:
Command
ACC1(ACCDUMP)#i p t c pd um p e na b le /
d is a bl e
Description
Enables or disables accdump.
Note: If you choose enable, all values you configured do not
affect the database. The database is being updated only after you
carry out the exit command.
Parameters
Example
with Syntax
ACC1(ACCDUMP)#i p t c pd um p enable
Configuring Tcpdump File Size
To configure the TCPDump File Size:
Command
ACC1(accdump)#i p t c pd um p f il e s iz e [ number]
Description
Configures the tcpdump file size. Possible values are 1 to 1000
MB.
Parameters
Enter a valid number as described above.
Example
with Syntax
ACC1(accdump)#i p t c pd um p f il e s iz e 500
Configuring Tcpdump File Format
To configure the TCPDump file format:
Command
ACC1(accdump)#i p t c pd um p f il e sf or m at e n c/ pc a p
Description
Configures the tcpdump file format. The available types are Pcap
(saves the default format) and enc (reformats the file)
Parameters
R ev isi o n 2. 0
520
Example
with Syntax
ACC1(accdump)#ip t c pd u mp f i le sf or m at enc
Configuring Tcpdump File Number
To configure the TCPDump File Number:
Command
ACC1(accdump)#ip t c pd u mp f i le sn um b er au to / [ number]
Description
Configures the tcpdump file number. Possible values are 1 to
1000. If you type auto, the system sets the file number and file
size to default (100 and 10MB, respectively).
Parameters
Enter a valid number or auto as described above
Example
with Syntax
ACC1(accdump)#ip t c pd u mp f i le sn um b er auto
Configuring Tcpdump Optional Flags
To configure the optional flags:
Command
Description
ACC1(accdump)#ip t c pd u mp f l ag s
( f l a g n a m e)
Lets you select tcpdump optional flags. For a detailed description
of the optional flags, see in the appendix, tcpdump
Parameters
Enter a flag name as described in in the appendix, tcpdump
Example
with Syntax
ACC1(config)#tr a ce ro u te
100.100.10.4 myhostname
Uploading Tcpdump Files
To upload the TCPDump file:
Command
ACC1(accdump)#i p t c pd um p u pl o ad
[ me t ho d] [f il e ] [ de st i na ti o n]
Description
Lets you select the parameters for uploading tcpdump files: which
method to use, which files to upload, and the requested
destination.
The optional values are as follows:
Method - FTP, SFTP, TFTP and SCP
File - one of the accdump files
Destination - like in the Copy operation: user.password@ip/
file_destination_path
Parameters
Example
with Syntax
521
ACC1(accdump)#i p t c pd um p u pl o ad
FTP myfile T:\mynetworkdrive
Selecting the TCPDump Interface
To select the TCPDump Interface:
Command
ACC1(accdump)#i p t c pd um p
i nt e rf ac e
Description
Lets you select one of the following options for an interface:
any - capture packets from all interfaces.
eth-local - capture packets from local interfaces.
eth0 - captures packets from ethernet 0
eth0/0 - captures packets from ethernet 0/0
eth0/0 - captures packets from ethernet 0/1
internal - captures packets from internal interfaces
Parameters
Enter a valid interface as described above
Example
with Syntax
ACC1(accdump)#i p t c pd um p
i nt e rf ac e any
Selecting the TCPDump Filter Expressions
To select a TCPDump Filter Expression:
Command
Description
ACC1(accdump)#i p t c pd um p f il t er
Lets you filter the download of the tcpdump files by using filter
expressions in the formats acceptable by the system, such as
net_10.2.3.0/24_and_port_20.
R ev isi o n 2. 0
522
Parameters
Example
with Syntax
Enter a valid expression
ACC1(accdump)#ip t c pd u mp f i lt er
net_10.2.3.0
Configuring WAFS
Co n fi g ur in g WAF S
523
Most of the WAFS configuration is done through the CLI, letting you display and
manage printing devices and printing authorizations.
Basic Operations, on page 523.
Basic Operations, on page 523.
Print Administration Activities, on page 527.
Setting Drivers, on page 529.
Managing CUPS, on page 531.
Working with Printer Ports, on page 532.
Managing Printers, on page 534.
Managing WAFS Transparency, on page 535.
Creating Excluded Servers, on page 536.
Managing CIFS, on page 537.
Compression Filters, on page 538.
Managing Time and Dates, on page 539.
Additional Options, on page 539.
Fetch, on page 542.
FileBank Director Configuration Settings, on page 543.
Getting WAFS Help, on page 546.
Licensing WAFS, on page 547.
WAFS Log Files, on page 548.
Managing Replication Services, on page 551.
Managing the Replication User, on page 555.
Scheduling Events, on page 560.
Service Management, on page 562.
Software, on page 565.
Statistics, on page 565.
Stf_filters, on page 566.
Transaction Monitoring, on page 568.
TTCP, on page 569.
User, on page 570.
Wins, on page 572.
Basic Operations
These operations require a confirmation.
R ev isi o n 2. 0
524
The options available include:
Starting the WAFS Module, on page 524.
Stopping the WAFS Module, on page 524.
Restarting the WAFS Module, on page 524.
Rebooting the WAFS Module, on page 525.
Shutting down the System, on page 525.
Pinging a Remote Machine, on page 525.
Quiting the CLI, on page 526.
Starting the WAFS Module
Starts the WAFS module.
To start the WAFS module:
Command
{hostname}:filecontroller0# start
Description
Starts the WAFS module on the logged device.
Parameters
Example
with Syntax
{hostname}:filecontroller0# start
Stopping the WAFS Module
Stops the WAFS module.
To stop the WAFS Module:
Command
{hostname}:filecontroller0# stop
Description
Stops the WAFS module on the logged device.
Parameters
Example
with Syntax
{hostname}:filecontroller0# stop
Restarting the WAFS Module
Stops and then starts the application again.
525
To restart the WAFS Module:
Command
{hostname}:filecontroller0# restart
Description
Stops and then restarts the application.
Parameters
Example
with Syntax
{hostname}:filecontroller0# restart
Rebooting the WAFS Module
To reboot the WAFS Module :
Command
{hostname}:filecontroller0#
r eb o ot
Description
DIsplays the current syslog status.
Parameters
No additional parameters are needed
Example
with Syntax
r eb o ot
Shutting down the System
To shut down the system:
Command
{hostname}:filecontroller0# shutdown
Description
Shuts down the system.
Parameters
Example
with Syntax
{hostname}:filecontroller0# shutdown
Pinging a Remote Machine
To ping a remote machine:
R ev isi o n 2. 0
526
Command
{hostname}:filecontroller0#p i ng
[ ho s t]
Description
Pings a remote machine.
Parameters
Example
with Syntax
{hostname}:filecontroller0#ping
122.222.22
Quiting the CLI
See Exiting or Quitting the Shell, on page 542.
Cache
Manages and displays cache-related information. The following configuations are
available:
Displaying Cache-related Information, on page 526.
Displaying Cache Time To Live for Directories or Files, on page 526.
Resetting Cached Information, on page 527.
Displaying Cache-related Information
To display the cache related information:
Command
{hostname}:filecontroller0#cache
[show]
Description
Displays cache-related information.
Parameters
Example
with Syntax
[show]
Displaying Cache Time To Live for Directories
or Files
To display the cache time to live for directories or
files:
527
Command
ttl set directories/files
[seconds]
Description
Displays or sets cache Time To Live for directories or files. The
Time To Live is expressed in seconds, where the default is 1800
(30 minutes) and the Maximum is 14,400.
Parameters
Example
with Syntax
ttl set directories/files 2500
Resetting Cached Information
To reset the cache:
Command
invalidate
Description
Resets the TTL for the cached information, thereby forcing the FB
to validate the updated information with the EFS.
Parameters
Example
with Syntax
invalidate
Print Administration Activities
Displaying Print Administrators, on page 527.
Adding and Deleting Print Administrator Users, on page 528.
Adding and Deleting Print Administrator Groups, on page 528.
Displaying a List of Local Printers, on page 529.
Displaying a Printing Driver’s Status, on page 529.
Displaying Print Administrators
To display print administrators:
R ev isi o n 2. 0
528
Command
{h o st n am e} : fi le c on t ro ll e r0 #p r in
t in g a d mi ns li st
Description
Displays a list of printer administrators’ users and groups
Parameters
Example
with Syntax
t in g a d mi ns li st
Adding and Deleting Print Administrator Users
To add or delete print administrators:
{hostname}:filecontroller0#p r in ti
Command
n g a dm i ns a d d| de l et e u se r
{ [d o ma i n\ ]u s er }
Description
Lets you add or delete printer administrators users.
Parameters
Example
with Syntax
{hostname}:filecontroller0#p r in ti
n g a dm i ns a d d| de l et e u se r
Adding and Deleting Print Administrator Groups
To add or delete a print administrator group:
Command
t in g a d mi ns ad d| d el e te g r ou p
Description
Lets you add or delete printer administrators’ groups.
Parameters
Enter the username/group for the printer administrator
Example
with Syntax
t in g a d mi ns ad d username
529
Displaying a List of Local Printers
To display a list of local printers:
{h os t na m e} :f i le co n tr o ll er 0 #p ri n
t in g d ev i ce s l is t
Command
Description
Shows information regarding locally connected printers.
Parameters
t in g d ev i ce s list
Example
with Syntax
Displaying a Printing Driver’s Status
To display a printing driver ’s status:
t in g d ri v er s [ sh o w]
Command
Description
Displays the status of the printing drivers.
Parameters
Example
with Syntax
t in g d ri v er s show
Setting Drivers
Setting Automatic Client Driver Installation, on page 529.
Setting Manual Client Driver Installation, on page 530.
Storing Printer Drivers on the File Bank, on page 530.
Storing Printer Drivers on the File Server, on page 530.
Using Domain Users for Migrating Drivers, on page 531.
Setting Automatic Client Driver Installation
To set automatic client driver installation:
R ev isi o n 2. 0
530
Command
t in g d r iv er s s et se r ve r
Description
Setting point and print mode for client driver installation.
Parameters
Example
with Syntax
t in g d r iv er s s et se r ve r
Setting Manual Client Driver Installation
To set manual client driver installation:
Command
t in g d r iv er s s et cl i en t
Description
Setting manual mode for client driver installation.
Parameters
Example
with Syntax
t in g d r iv er s s et cl i en t
Storing Printer Drivers on the File Bank
To store printer drivers on the file bank:
Command
t in g d r iv er s s et lo c al
Description
Store uploaded printer drivers on local print $ share (on the File
Bank).
Parameters
Example
with Syntax
t in g d r iv er s s et lo c al
Storing Printer Drivers on the File Server
To store printer drivers on the file server:
531
t in g d ri v er s s et re mo t e
Command
Description
Store uploaded printer drivers on remote print $ share (on the File
Server).
Parameters
Enter a valid UserID and domain name
t in g a dm i ns a d d usermyuser
Example
with Syntax
Using Domain Users for Migrating Drivers
To use the domain user for migrating drivers:
t in g d ri v er s m ig r at e
{ do m ai n| u se r}
Command
Description
Use domain user to migrate drivers from File Server to the File
Bank
Parameters
Enter a valid UserID and domain name
t in g a dm i ns a d d usermyuser
Example
with Syntax
Managing CUPS
Restarting the CUPS Service, on page 531.
Checking the CUPS Service, on page 532.
Restarting the CUPS Service
To restart the CUPS service:
Command
Description
t in g r es t ar t
Restarts the CUPS service, which is responsible for the print
spooling and processing in the system.
R ev isi o n 2. 0
532
Parameters
Example
with Syntax
t in g restart
Checking the CUPS Service
To check the CUPS service:
Command
t in g s t at us
Description
Cheks the status of the CUPS service. This command checks
only whether this service is supposed to run, and not the
service’s actual state
Parameters
Example
with Syntax
t in g s t at us
Working with Printer Ports
Displaying the Printer Ports’ List, on page 532.
Adding and Deleting Printer Ports, on page 533.
Forcing the Printer and the Share Name to be Equal, on page 533.
Adding a Printer, on page 533.
Deleting a Printer, on page 534.
Displaying the Printer Ports’ List
To display the printer ports list:
Command
Description
t in g p o rt s
Displays the list of the existing printer ports, with their names and
URI. Accelerator Local Port is the default printer port, which
appears always, and only its name is displayed. All other printers
added afterwards appear with both their names and URIs
Parameters
Example
with Syntax
533
t in g p or t s
Adding and Deleting Printer Ports
To add or delete printer ports:
Command
t in g p or t [ de l et e | a d d] [ n am e]
Description
Lets you add or delete a printing port. The default port Accelerator Local Port - cannot be modified or deleted.
Parameters
Enter a valid printing port name
Example
with Syntax
t in g p or t a dd Accelerator Local
Port2
Forcing the Printer and the Share Name to be
Equal
To force the printer and the share names to be equal:
Command
t in g s et t in gs fo r ce
[ sh ow ]
[ en a bl e| d is ab l e]
Description
Prevents the Windows Client from renaming the printer when
uploading a new driver. Changing this setting requires restarting
SAMBA. You should pay attention to the warning that appears in
the CLI: "Changing this setting may cause clients that are
connected to exported printer queues to be unable to print until
they delete and reconnect to the print queue”
Parameters
Example
with Syntax
t in g s et t in gs fo r ce show
Adding a Printer
To add a printer:
R ev isi o n 2. 0
534
t in g p r in te r s ad d [ n am e]
[ UR I |I D ] [d e sc ri p ti o n]
Command
Description
Adds a specific printer, inclduing the printer’s alphanumeric
name, URI or ID and (optionally) a textual description.
Parameters
Enter a valid printer name, URI, ID and a descrption.
t in g p r in te r s ad d myprinter
Example
with Syntax
laserjet
Deleting a Printer
To delete a printer:
Command
t in g p r in te r s de l et e [ na m e]
Description
Deletes a specific printer by indicating the printer’s alphanumeric
name.
Parameters
Enter the printer name
Example
with Syntax
t in g p r in te r s de l et e myprinter
Managing Printers
Changing an Existing Printer URI, on page 534.
Displaying a List of all Existing Printers, on page 535.
Printing a Test Page, on page 535.
Changing an Existing Printer URI
To change a printer ’s URI:
535
t in g p ri n te rs se t [ na m e] [ n ew
U RI ] [ ne w c om m en t ]
Command
Description
Changes the URI of an existing printer.
Parameters
Enter a valid domain and user
t in g a dm i ns add user
Example
with Syntax
{mydomain\myuser}
Displaying a List of all Existing Printers
To display a list of all existing printers:
t in g p ri n te rs [l i st ]
Command
Description
Displays a list of all printers.
Parameters
t in g p ri n te rs list
Example
with Syntax
Printing a Test Page
To print a test page:
Command
t in g p ri n te rs te s tp ag e { na m e}
Description
Prints a test page.
Parameters
Enter name of printer
Example
with Syntax
t in g p ri n te rs te s tp ag e myprinter
Managing WAFS Transparency
Enabling / Disabling WAFS Transparency, on page 536.
R ev isi o n 2. 0
536
Excluding Certain Servers from WAFS Transparency, on page 536.
Enabling / Disabling WAFS Transparency
To add or delete print administrators:
AC C 1( c on fi g )# wa f s
Command
AC C 1( W AF S) # tr an s pa r en cy e na b le |
d is a bl e
Description
Enables or disables WAFS transparency. When WAFS
transparency is enabled, the FileBank polls all servers by default.
Parameters
Example
with Syntax
AC C 1( c on fi g )# wa f s
AC C 1( W AF S) # tr an s pa r en cy enable
Excluding Certain Servers from WAFS
Transparency
To exclude certain servers from WAFS Transparency:
Command
AC C 1( W AF S) # tr an s pa r en cy e xc l ud e
e xc l ud e d- se r ve rs
Description
Defines which servers to exclude from WAFS transparency.
Parameters
Example
with Syntax
AC C 1( W AF S) # tr an s pa r en cy e xc l ud e
e xc l ud e d- se r ve rs
Creating Excluded Servers
Displaying the Excluded Servers’ List, on page 537.
Clearing the Excluded Servers’ List, on page 537.
537
Displaying the Excluded Servers’ List
To display the excluded server ’s list:
ACC1(W AF S )# s ho w t ra ns p ar e nc y
e xc l ud ed - se rv e rs
Command
Description
Displays the list of servers that are excluded from WAFS
transparency.
Parameters
ACC1(W AF S )# s ho w t ra ns p ar e nc y
e xc l ud ed - se rv e rs
Example
with Syntax
Clearing the Excluded Servers’ List
To clear the excluded server ’s list:
AC C1 ( WA F S) #t r an sp a re n cy
e xc l ud ed se rv e rs cl ea r
Command
Description
Clears the excluded servers’ list.
Parameters
Example
with Syntax
AC C1 ( WA F S) #t r an sp a re n cy
e xc l ud ed se rv e rs cl ea r
Managing CIFS
Displaying the CIFS Status, on page 537.
Displaying the CIFS Status
To display the CIFS status:
Command
{hostname}:filecontroller0#cifs
status
R ev isi o n 2. 0
538
Description
Displays status of CIFS connections, shares and locks.
Parameters
Example
with Syntax
{hostname}:filecontroller0#cifs
status
Compression Filters
Displays and manages the list of compression filters.
The followig configurations are available:
Displaying Current Compression Filter’s List, on page 538.
Adding/deleting a Filter to/from a List, on page 538.
Displaying Current Compression Filter’s List
To display the current compression filter ’s list:
Command
{hostname}:filecontroller0#comp_f
ilters list/clear
Description
Displays/clears a list of current compression filters.
Parameters
Example
with Syntax
ilters list/clear
Adding/deleting a Filter to/from a List
To add or delete a filter to/from the list:
Command
ilters add/delete {filter}
Description
Adds/deletes a given filter to/from a list.
Parameters
Add to add Delete to delete
Example
with Syntax
539
ilters delete {filter}
Managing Time and Dates
Changes and displays current date and/or time. The following options are
available:
Changing the System’s Date and Time, on page 539.
Displaying the System’s Date and Time, on page 539.
Changing the System’s Date and Time
To change the date or time:
Command
{hostname}:filecontroller0#date
[DATE] [TIME]
Description
Changes the current system’s date and time.
Parameters
Make sure the date is mmddyyyy and time is hh:mm:ss
Example
with Syntax
[DATE] [TIME]
Displaying the System’s Date and Time
To change the date or time:
Command
Description
Displays the current system’s date and time.
Parameters
No additional parameters necessary
Example
with Syntax
Additional Options
R ev isi o n 2. 0
540
Diagnostics, on page 540.
Setting a Domain Name, on page 540.
Displaying the Current Domain Name, on page 541.
Joining a FileBank to a Domain, on page 541.
Switching to a UNIX Command Prompt, on page 541.
Exiting or Quitting the Shell, on page 542.
Diagnostics
Runs Diagnostic Tests
To run a diagnostic test:
Command
{h o s tn a m e} : f il e c on t r ol l e r0 # d ia g n os t ic s
al l
se t t in g s
ha r d wa r e
co m m un i c at i o n
Description
Runs diagnostics tests. You can use this command to diagnose
either the full system, the configuration settings of the
Accelerator, hardware problems or communication problems.
Parameters
All for complete diagnostics, settings to check the settings,
hardware to check hardware functioning, or communication to
test communication settings.
Example
with Syntax
{h o s tn a m e} : f il e c on t r ol l e r0 # d ia g n os t ic s
all
Setting a Domain Name
Sets or displays the Windows NT domain on a local network. This command also
defines a domain name.
To set the domain name:
Command
{hostname}:filecontroller0#domain
set
Description
Sets a domain name.
Parameters
Example
with Syntax
541
set
Displaying the Current Domain Name
To display the domain name:
Command
show
Description
Displays the current domain name.
Parameters
Example
with Syntax
show
Joining a FileBank to a Domain
To join the file bank to a domain name:
Command
join
Description
Joins a FileBank to the current domain.
Parameters
Example
with Syntax
join
Switching to a UNIX Command Prompt
To switch toa UNIX command prompt:
Command
{hostname}:filecontroller0#enable
Description
Switches to privileged mode command prompt (root shell).
Requires knowledge of the root password.
Parameters
No additional parameters needed. Enter password when
prompted.
R ev isi o n 2. 0
542
Example
with Syntax
{hostname}:filecontroller0#enable
Exiting or Quitting the Shell
To exit or quit the UNIX shell:
Command
{hostname}:filecontroller0#exit/
quit
Description
Logs out from shell.
Parameters
Example
with Syntax
{hostname}:filecontroller0#quit
Fetch
Manages fetch jobs and instances. The fetch commands are used for prepopulating the FileBank’s cache.
Fetch jobs describe the entity that should be fetched, namely: a specific directory
on a file server. Fetch instances perform the actual work.
Managing Fetch Jobs and Instances, on page 542.
Displaying the Log of Fetch Instances, on page 543.
Managing Fetch Jobs and Instances
To manage Fetch jobs and instances:
Command
{hostname}:filecontroller0#fetch
jobs/instances
Description
Manages fetch jobs/instances.
Parameters
Example
with Syntax
jobs
543
Displaying the Log of Fetch Instances
To manage Fetch jobs and instances:
Command
log
Description
Shows the log of current and completed fetch instances.
Parameters
Example
with Syntax
log
FileBank Director Configuration
Settings
Displays or manages the connected <Default ¬¹ Font>FileBank Director<Default ¬¹
Font> configuration. The following configurations are available:
Displaying a List of FileBank Directors, on page 543.
Adding or Deleting a FileBank Director:, on page 544.
Defining the IP Port, on page 544.
Enabling Disconnected Operation Handling, on page 544.
Forcing Disconnected Mode, on page 545.
Refreshing the List of Servers and Shares, on page 545.
Getting Disk Utilization Reports, on page 545.
Displaying a List of FileBank Directors
To display a list of FileBank directors:
Command
{hostname}:filecontroller0#fport
list
Description
Shows a list of <Default ¬¹ Font>FileBank Director<Default ¬¹
Font>s.
Parameters
Example
with Syntax
list
R ev isi o n 2. 0
544
Adding or Deleting a FileBank Director:
To add or delete a FileBank Director:
{add | delete} {FP}
Command
Description
Adds or deletes a named <Default ¬¹ Font>FileBank
Director<Default ¬¹ Font> to or from the FileBank Directors’ list.
Default ports: UDP 4049, TCP 4049 are then assigned to this
{FP}.
Parameters
Use a legal port number.
4049 add FP
Example
with Syntax
Defining the IP Port
To define the IP port:
Command
{TCP | UDP} {FP}{PORT}
Description
Defines the IP port {PORT} for networking with the specified
<Default ¬¹ Font>FileBank Director<Default ¬¹ Font> {FP}.
Parameters
Use a legal port number.
Example
with Syntax
{TCP | UDP} {FP}{PORT}
Enabling Disconnected Operation Handling
To enable disconnected operation handling:
Command
disconnected handle {FP}[on|off]
Description
Enable/disable disconnected operation handling for {FP}.
Changes take effect only after FileBank reset.
Parameters
Use on to enable and Off to disable
Example
with Syntax
545
disconnected handle on
Forcing Disconnected Mode
To force disconnected operation mode:
Command
disconnected force {FP}[on|off]
Description
Force / unforce {FP} to be in disconnected mode.
Changes take effect only after FileBank reset.
Parameters
Use on to enable and Off to disable
Example
with Syntax
disconnected force on
Refreshing the List of Servers and Shares
To refresh the list of File Servers and shares:
Command
{hostname}:filecontroller0#gns
refresh
Description
Refreshes the list of file servers.
Parameters
Example
with Syntax
{hostname}:filecontroller0#gns
refresh
Getting Disk Utilization Reports
To display the disk utilization report:
Command
{hostname}:filecontroller0#iostat
Description
Shows the disk utilization report.
Parameters
R ev isi o n 2. 0
546
Example
with Syntax
{hostname}:filecontroller0#iostat
Getting WAFS Help
Displays general or command-specific usage information.
Displaying Help for All Available Commands, on page 546.
Displaying Command-specific Help Information, on page 546.
Displaying Help for All Available Commands
To display help for all availabe commands:
Command
{hostname}:filecontroller0#help
Description
Lists the commands and parameters.
Parameters
Example
with Syntax
Displaying Command-specific Help Information
To display help for all specific commands:
Command
<command>/help <command>
<subcommand>
Description
Provides command-specific help information. If a command is
typed without a required parameter (or a wrong parameter),
usage information is provided.
Parameters
Example
with Syntax
license install
547
Licensing WAFS
Manages and displays license files. The following options are available:
Installing a License, on page 547.
Displaying the License File, on page 547.
Checking the Validity of a License File, on page 547.
Installing a License
Command
{hostname}:filecontroller0#license
install {path}
Description
Installs a license file from the specified path.
Parameters
enter a valid path to the file.
Example
with Syntax
{hostname}:filecontroller0#l ic e ns
e i n st al l m yP a th t om yS e rv er
Displaying the License File
Command
{hostname}:filecontroller0#l ic e ns
e s h ow
Description
Shows the current license file.
Parameters
Example
with Syntax
install myPathtomyServer
Checking the Validity of a License File
To check the validity of a license:
R ev isi o n 2. 0
548
{hostname}:filecontroller0#l i ce ns
Command
e c h ec k [ {p a th }]
Description
Checks the validity of a license file (specified or current).
Parameters
Example
with Syntax
check [{path}]
WAFS Log Files
Creates a log file and uploads it to a destination URL. This command also lists the
event log, shows the current level of the log file and sets the minimal level. The
following configurations are available:
Uploading Logs to a URL, on page 548.
Displaying Event Log, on page 548.
Defining Minimal Level for Events to Log, on page 549.
Displaying Log Level, on page 549.
Displaying the Syslog Status, on page 550.
Displaying All Log Archive Files, on page 550.
Generating a New Log Archive File, on page 550.
Uploading a Log Archive File, on page 551.
Uploading Logs to a URL
To upload logs to a URL :
Command
{hostname}:filecontroller0#log upload
{URL}
Description
Uploads the current logs to the indicated URL.
Parameters
Example
with Syntax
{hostname}:filecontroller0#log upload
www.myurl.com
Displaying Event Log
To upload logs to a URL :
549
Command
{hostname}:filecontroller0#log show
[all|communication|security|system]
Description
Lists the event log.
Parameters
Example
with Syntax
{hostname}:filecontroller0#log show all
Defining Minimal Level for Events to Log
To define minimal level for events to be logged :
Command
{hostname}:filecontroller0#log level
set {info|warning|error|critical}
Description
Sets minimal level for events to log. The lowest level being info
and the highest being critical. Any log events below the level you
set are not logged.
Parameters
Enter the log level (info, warning, error, critical)
Example
with Syntax
set info
Displaying Log Level
To display the log level :
Command
show
Description
Displays the current log level.
Parameters
Example
with Syntax
show
R ev isi o n 2. 0
550
Displaying the Syslog Status
To display the Syslog status :
Command
{hostname}:filecontroller0#log syslog
status
Description
DIsplays the current syslog status.
Parameters
Example
with Syntax
{hostname}:filecontroller0#log syslog
status
Displaying All Log Archive Files
To display the log archive status :
Command
{hostname}:filecontroller0#l og
ar ch i ve [l is t ]
Description
Lists all log archive files.
Parameters
Example
with Syntax
{hostname}:filecontroller0#log archive
[list]
Generating a New Log Archive File
To generate a new log file :
Command
ar ch i ve ge ne r at e
Description
Generates a new log archive file.
Parameters
Example
with Syntax
ar ch i ve ge ne r at e
551
Uploading a Log Archive File
To upload a log archive file :
Command
a rc h iv e u pl oa d
Description
Uploads a log archive file to an FTP server.
Parameters
Example
with Syntax
{hostname}:filecontroller0#log
archive upload
Managing Replication Services
Starting an Unscheduled Replication, on page 551.
Preparing for Replication, on page 552.
Stopping Replication, on page 552.
Displaying the Replication Status, on page 552.
Enabling / Disabling Replication, on page 553.
Displaying Replication Logs, on page 553.
Displaying a Specific Log, on page 553.
Setting Up Replication Service, on page 554.
Managing the Replication User, on page 554.
Managing the Replication Filters, on page 554.
Managing the Replication Instances, on page 555.
Managing the Replication Paths, on page 555.
Starting an Unscheduled Replication
To start an unscheduled replication :
Command
r ep l ic at i on s t ar t
Description
Starts an unscheduled replication process now.
Parameters
R ev isi o n 2. 0
552
Example
with Syntax
r ep l ic a ti on st ar t
Preparing for Replication
To prepare for a replication :
Command
r ep l ic a ti on st ar t i n it ia l
Description
Starts initial pre-population of replication files from the file server
to the FileBank Director.
Parameters
Example
with Syntax
r ep l ic a ti on st ar t i n it ia l
Stopping Replication
To stop the replication process:
Command
r ep l ic a ti on st op
Description
Stops the replication process.
Parameters
Example
with Syntax
replication stop
Displaying the Replication Status
To display the replication status :
Command
r ep l ic a ti on st at u s
Description
Displays the replication process status.
Parameters
553
Example
with Syntax
r ep l ic at i on s t at u s
Enabling / Disabling Replication
To enable replication :
Command
r ep l ic at i on e n ab l e/ di s ab le
Description
Enables or disables the replication service.
Parameters
Example
with Syntax
r ep l ic at i on enable
Displaying Replication Logs
To display a replication log:
Command
r ep l ic at i on l o g l is t
Description
Lists all replication log files.
Parameters
Example
with Syntax
r ep l ic at i on l o g l is t
Displaying a Specific Log
To display a specific replication log:
Command
r ep l ic at i on l o g [ sh ow ]
Description
Displays a specific replication log.
Parameters
R ev isi o n 2. 0
554
Example
with Syntax
replication log [show]
Setting Up Replication Service
To start an unscheduled replication :
Command
r ep l ic a ti on se tu p
Description
Sets up replication service.
Parameters
Example
with Syntax
replication setup
Managing the Replication User
To manage the replication user:
Command
Description
r ep l ic a ti on us er
Manages the replication user. For details see Managing
the
Replication User, on page 555.
Parameters
Example
with Syntax
replication user
Managing the Replication Filters
To manage the replication filter:
Command
Description
r ep l ic a ti on fi lt e rs
Manages the replication filters. For details see Replication
Service, on page 209.
Parameters
555
Example
with Syntax
replication filters
Managing the Replication Instances
To manage a replication instance:
Command
Description
replication instances
Manages the replication instances. For details see
Parameters
Example
with Syntax
replication instances
Managing the Replication Paths
To manage a replication path:
Command
Description
r ep l ic at i on p a th s
Manages the replication paths. For details see section
Parameters
Example
with Syntax
Managing the Replication User
You must first define the internal replication user on the system with the user
command (see User, on page 570.), and then assign this user as replication user
with the Replication User command.
The following are available:
Displaying the Current Replication User, on page 556.
R ev isi o n 2. 0
556
Defining the Replication User, on page 556.
Deleting the Replication User, on page 557.
Displaying the Current Replication Filters, on page 557.
Clearing All Replication Filters, on page 557.
Adding or Deleting a Replication Filter, on page 558.
Listing the Replication Instances, on page 558.
Adding a New Replication Path, on page 559.
Deleting a Replication Paths, on page 559.
Deleting All Replication Paths, on page 559.
Displaying the Current Replication User
To display a replication user:
Command
r ep l ic a ti on us er [s h ow ]
Description
Displays the current replication user.
Parameters
Example
with Syntax
r ep l ic a ti on us er [s h ow ]
Defining the Replication User
To define a replication user:
Command
r ep l ic a ti on us er se t
{ do m ai n \u se r na me }
Description
Sets the replication user.
Parameters
Example
with Syntax
r ep l ic a ti on us er se t
{ do m ai n \u se r na me }
557
Deleting the Replication User
To delete a replication user:
Command
r ep l ic at i on u s er de le t e
Description
Deletes the current replication user.
Parameters
Example
with Syntax
Displaying the Current Replication Filters
To display the current replication filter:
Command
r ep l ic at i on f i lt e rs [ l is t]
Description
Lists the current replication filters (file types).
Parameters
Example
with Syntax
r ep l ic at i on f i lt e rs [ l is t]
Clearing All Replication Filters
To clear all replication filters:
Command
r ep l ic at i on f i lt e rs c l ea r
Description
Clears the current replication filters (file types).
Parameters
Example
with Syntax
replication filters clear
R ev isi o n 2. 0
558
Adding or Deleting a Replication Filter
To delete a replication user:
Command
r ep l ic a ti on fi lt e rs ad d/ d el et e
{ fi l te r }
Description
Adds or deletes the current replication filter.
Parameters
Example
with Syntax
replication filters add myfilter
Listing the Replication Instances
To list a replication instance:
Command
r ep l ic a ti on in st a nc e s [l i st ]
Description
Displays all replication instances.
The possible values are as follows:
Running
The instance is running
FinishedThe instance has finished successfully
FailedThe instance has failed due to an error (see log)
AbortedThe instance has been aborted by the user
Parameters
Enter one of the parameters above
Example
with Syntax
replication instances running
Displaying all Replication Paths
To display all replication paths:
Command
Description
r ep l ic a ti on pa th s [ l is t]
List all current replication paths.
Parameters
Example
with Syntax
559
r ep l ic at i on p a th s [ li s t]
Adding a New Replication Path
To add a new replication path:
Command
{hostname}:filecontroller0# replication
paths add {UNCPATH} [PRIORITY]
Description
Adds a new replication path.
Parameters
Path and priority
Example
with Syntax
paths add {UNCPATH} [PRIORITY]
Deleting a Replication Paths
To delete a replication path:
Command
paths delete {PATH-ID
Description
Deletes a replication path.
Parameters
Enter the name of the path
Example
with Syntax
paths delete {PATH-ID
Deleting All Replication Paths
To delete all replication paths:
Command
paths clear
Description
Deletes all replication paths.
Parameters
R ev isi o n 2. 0
560
Example
with Syntax
paths clear
Scheduling Events
Displays and manages scheduled events. The following actions can be performed:
Displaying Scheduled Events, on page 560.
Adding Scheduled Events, on page 561.
Deleting Scheduled Events, on page 561.
Clearing All Scheduled Events, on page 561.
Displaying Actions for Scheduling
To display actions for scheduling:
Command
{hostname}:filecontroller0# schedule
actions
Description
Lists all actions that can be scheduled.
Replication schedule actions: replication.start and replication.stop
Parameters
Example
with Syntax
actions
Displaying Scheduled Events
To display scheduled events:
Command
events [list]
Description
Lists all events.
Parameters
Example
with Syntax
events [list]
561
Adding Scheduled Events
To add a scheduled event:
Command
events add {ACTION NAME] {TIME}
Description
Adds a new daily recurring event.
Parameters
Enter the following:
A name for the action that appears on the list of actions
A time for it to occur. HH:MM
Example
with Syntax
events add clear 23:00
Deleting Scheduled Events
To delete a scheduled event:
Command
events delete {EVENT ID}
Description
Deletes a scheduled event.
Parameters
Example
with Syntax
events delete {EVENT ID}
Clearing All Scheduled Events
To clear all scheduled events:
Command
events clear
Description
Clears all scheduled events.
Parameters
Example
with Syntax
events clear
R ev isi o n 2. 0
562
Service Management
Lets you enable or disable the current service, and also check whether the service
is enabled.
The following actions can be performed:
Enabling or Disabling the Current Service, on page 562.
Checking whether the Current Service is Enabled, on page 562.
Displaying the List of Services, on page 563.
Activating a Service, on page 563.
Creating a <Default ¬¹ Font>FileBank Director<Default ¬¹ Font>
Service, on page 563.
Creating a <Default ¬¹ Font>FileBank Director<Default ¬¹ Font> HA,
on page 564.
Creating a <Default ¬¹ Font>FileBank<Default ¬¹ Font> Service, on
page 564.
Enabling or Disabling the Current Service
To enable or disable the current service:
Command
{hostname}:filecontroller0# service
[enable] [disable]
Description
Enables or disables the current service.
Parameters
Example
with Syntax
enable
Checking whether the Current Service is
Enabled
To check if the current service is enabled:
Command
Description
[status]
Checks whether the current service is enabled.
Parameters
Example
with Syntax
563
[status]
Displaying the List of Services
To display a list of services:
Command
{hostname}:filecontroller0# services
[list]
Description
Displays the list of services
Parameters
Example
with Syntax
[list]
Activating a Service
To activate a service:
Command
set {service-name}
Description
Sets the SERVICE as active. All operations will act on SERVICE
from now on.
Service-name should be a valid service name (for example:
FileBank Director0/FileBank Director1), monitored by cluster.
Parameters
enter the service’s name
Example
with Syntax
set {service-name}
Creating a <Default ¬¹ Font>FileBank
Director<Default ¬¹ Font> Service
To create a FileBank director service:
R ev isi o n 2. 0
564
Command
create FileBank Director
Description
Creates a <Default ¬¹ Font>FileBank Director<Default ¬¹ Font>
service.
Parameters
Example
with Syntax
create FileBank Director
Creating a <Default ¬¹ Font>FileBank
Director<Default ¬¹ Font> HA
To create a FileBank director HA:
Command
create FileBank Director ha
Description
Creates a <Default ¬¹ Font>FileBank Director<Default ¬¹ Font>
HA.
Parameters
Example
with Syntax
create FileBank Director ha
Creating a <Default ¬¹ Font>FileBank<Default ¬¹
Font> Service
To create a file bank service:
Command
create filecontroller
Description
Creates a <Default ¬¹ Font>FileBank<Default ¬¹ Font> service.
Parameters
Example
with Syntax
create filecontroller
565
Software
Displays version numbers for all currently installed software packages.
Displaying Version Numbers, on page 565.
Displaying Version Numbers
To display the version number:
Command
{hostname}:filecontroller0# software
version
Description
Displays the version numbers of all currently installed software
packages.
Parameters
Example
with Syntax
{hostname}:filecontroller0# software
version
Statistics
Shows product statistics. The following configuration options are available:
Displaying File Statistics, on page 565.
Uploading Yearly Statistics, on page 566.
Displaying the Current Status, on page 566.
Displaying File Statistics
To display file statistics:
Command
{hostname}:filecontroller0# stastics
Description
Displays a table of indicated file statistics for today/past week/
past month.
Parameters
R ev isi o n 2. 0
566
Example
with Syntax
{hostname}:filecontroller0# stastics
Uploading Yearly Statistics
Command
{hostname}:filecontroller0# statistics
upload {FTP_URL}
Description
Uploads the yearly statistics file to the destination URL.
Note: The URL protocol must be FTP and the URL must end in a
filename.
Parameters
Example
with Syntax
{hostname}:filecontroller0# statistics
upload {FTP_URL}
Displaying the Current Status
Displays the current status of the system.
Command
{hostname}:filecontroller0# status
Description
Shows the current status of the system.
Parameters
Example
with Syntax
{hostname}:filecontroller0# status
Stf_filters
Displays, adds and deletes STF (Short Term Files) filters. STF filters define the
files which are not sent by the <Default ¬¹ Font>FileBank<Default ¬¹ Font> to the
<Default ¬¹ Font>FileBank Director<Default ¬¹ Font>. For example, the default STF
filter in the <Default ¬¹ Font>FileBank<Default ¬¹ Font> includes *.TMP files which
are not sent by the <Default ¬¹ Font>FileBank<Default ¬¹ Font> to the <Default ¬¹
Font>FileBank Director<Default ¬¹ Font>.
567
Displaying Current STF Filters, on page 567.
Clearing the List of Current STF Filters, on page 567.
Adding or Deleting a Filter, on page 567.
Displaying Current STF Filters
To display current STF filters:
Command
Description
Parameters
Example
with Syntax
{hostname}:filecontroller0# stf filters
list
Lists current STF filters.
list
Clearing the List of Current STF Filters
To clear the list of current filters:
Command
clear
Description
Clears the list of filters.
Parameters
Example
with Syntax
clear
Adding or Deleting a Filter
To add or delete filters:
Command
Description
add/delete {FILTER}
Add or deletes a given filter to/from the list.
R ev isi o n 2. 0
568
Parameters
Example
with Syntax
delete filtername
Transaction Monitoring
Enables the monitoring of Read and Write transactions. The following
configuration options are available:
Displaying the Requested Transactions, on page 568.
Stopping the Transaction of a Specific ID, on page 568.
Displaying the Requested Transactions
To display the requested transaction:
Command
{hostname}:filecontroller0# transaction
list
Description
Lists transactions that match the filter.
Parameters
Example
with Syntax
list
Stopping the Transaction of a Specific ID
To stop a transaction of a specific ID:
Command
stop [id]
Description
Stops the transaction of the given ID.
Parameters
Example
with Syntax
stop [id]
569
TTCP
Times the transmission and reception of the data between two systems using TCP
protocol. Client should receive a server's hostname parameter, which indicates the
remote TCP server destination.
Measuring the Receiving Host
To measure the receiving host:
Command
{hostname}:filecontroller0# ttcp server
Description
Run this on the host to which you want measure traffic.
Parameters
Example
with Syntax
{hostname}:filecontroller0# ttcp server
Measuring the Sending Host
To measure the sending host:
Command
{hostname}:filecontroller0# ttcp client
{server}
Description
Run this on the host from which you want measure traffic. Specify
the host on which you run the 'ttcp server' as SERVER.
Parameters
Example
with Syntax
{hostname}:filecontroller0# ttcp client
{server}
Displaying the System’s Current Uptime
To display the system’s current uptime:
Command
{hostname}:filecontroller0# uptime
R ev isi o n 2. 0
570
Description
Displays the period of time for which the system has been
running since it was last booted.
Parameters
Example
with Syntax
User
Manages the users’ database.
Displaying a List of All Users, on page 570.
Adding or Deleting a User, on page 570.
Changing a User’s Password, on page 571.
Displaying a List of All Users
To display a list of all users:
Command
{hostname}:filecontroller0# user list
Description
Lists all users.
Parameters
Example
with Syntax
{hostname}:filecontroller0# user list
Adding or Deleting a User
To add or delete a user:
Command
{hostname}:filecontroller0# user add/
delete {domain\user}
Description
Adds or deletes a given user to/from the list.
Parameters
Add to add, Delete to delete. You also need the domain and
UserName.
Example
with Syntax
571
{hostname}:filecontroller0# user delete
mydomain\myuser
Changing a User’s Password
To change a user ’s password:
Command
Description
Parameters
Example
with Syntax
{hostname}:filecontroller0# user
password {domain\user}
Changes the given user's password (prompts for new password).
old password, new password
{hostname}:filecontroller0# user
password mydomain\myuser
Configuring Virtual Memory Statistics
Reports virtual memory statistics. The report is repeated 10 times at 5 seconds’
intervals. The following configuration options are available:
Displaying Virtual Memory Statistics, on page 571.
Displaying Virtual Memory Statistics
To virtual memory statistics:
Command
{hostname}:filecontroller0# vmstat
Description
Reports virtual memory statistics. The report is repeated 10 times
at 5 second intervals.
Note:Press Ctrl-C to interrupt
Parameters
Example
with Syntax
R ev isi o n 2. 0
572
Wins
Manages WINS server settings for automatic registration. The following
configuration options are available:
Setting a WINS Server Address, on page 572.
Deleting Current WINS Server, on page 572.
Displaying Current WINS Server, on page 572.
Setting a WINS Server Address
To set a WINS server address:
Command
Description
Parameters
Example
with Syntax
{hostname}:fp0# wins server set
{ADDRESS}
Sets the WINS server address.
{hostname}:fp0# wins server set
{ADDRESS}
Deleting Current WINS Server
To delete the current WINS server:
Command
{hostname}:fp0# wins server delete
Description
Deletes the current WINS server settings.
Parameters
Example
with Syntax
{hostname}:fp0# wins server delete
Displaying Current WINS Server
To display the current WINS server:
Command
{hostname}:fp0# wins server [show]
Description
Shows the current WINS server settings.
Parameters
Example
with Syntax
573
{hostname}:fp0# wins server [show]
R ev isi o n 2. 0
574
Configuring Security
You can set the following basic AAA parameters:
Accessing the Transport Type
!
WARNING! Disabling Console access immediately disconnects you from
the Accelerator’s CLI
Enabling or Disabling Access to the Transport
Type
To enable or disable access to the transport type:
ACC1(conf)#aa a
Command
Description
AC C 1( a aa )# t ra ns p or t i np u t
( te l ne t |s sh | co ns o le | we b| s ec ur e w eb | ft p |s nm p |t ft p )
( en a bl e |d is a bl e)
Enables or disables access to the transport type. For example,
typing:
transport input web disable
disables
access to the Accelerator via the WebUI.
By default, all transport types are set to enabled, except FTP and
TFTP which are set to disabled
Parameters
Enter parameter string as described above
ACC1(conf)#aa a
Example
with Syntax
AC C 1( a aa )# t ra ns p or t i np u t
( te l ne t |s sh | co ns o le | we b| s ec ur e w eb | ft p |s nm p |t ft p )
( en a bl e |d is a bl e)
Configuring Servers
Configuring the IP Address and Port, on page 575.
Setting the Radius Server Timeout, on page 575.
C o n fi gu r i ng S ec ur it y
575
Configuring the TACACS Server, on page 575.
Setting the TACACS Server Timeout, on page 576.
Configuring Authentication, on page 576.
Displaying the Authentication Server, on page 577.
Defining/Deleting the Authentication Server, on page 577.
Configuring the IP Address and Port
To configure the raduis server:
Command
AC C1 ( aa a )# ra d iu s n a me [ server name]
i p [ x. x. x .x ]| ke y [ encryption key] |
p or t [ tcp port for the server])
Description
Sets the RADIUS server and server information including IP
address, encryption key and TCP port. The default port is 49.
Parameters
Enter server name, IP address and port number
Example
with Syntax
i p [ x. x. x .x ]| ke y [ encryption key] |
p or t [ tcp port for the server])
Setting the Radius Server Timeout
To set the radius server timeout:
Command
t im e ou t
Description
Sets the timeout in seconds between 0 and 5000 to wait for a
server to reply. The default timeout is 180 seconds.
Parameters
Example
with Syntax
AC C1 ( aa a )# ra d iu s n am e myserver
t im e ou t 180
Configuring the TACACS Server
To configure the TACACS Server:
R ev isi o n 2. 0
576
Command
AC C 1( a aa )# t ac ac s + n am e [ server
name] i p [ x. x .x .x ] | k ey [ encryption
key] | or de r [ server authentication order] |
p or t [ tcp port for the server]
Description
Sets the TACACS server and server information including IP
address, encryption key and TCP port. The default port is 1645.
Parameters
Example
with Syntax
ACC1(aaa)#tacacs+ name myserver ip
122.22.222| key mykey | order 2| port
8080
Setting the TACACS Server Timeout
To set the TACACS server timeout:
Command
AC C 1( a aa )# t ac ac s na me [ server name]
t im e ou t
Description
Sets the timeout in seconds between 0 and 5000 to wait for a
server to reply. The default timeout is 180 seconds.
Parameters
Example
with Syntax
ACC1(aaa)#tacacs name myserver
timeout 2000
Configuring Authentication
To set the server to be authenticated:
Command
AC C 1( a aa )# a ut he n ti c at io n l og i n
[ lo c al | ra d iu s | t a ca cs ]
Description
Sets server to be checked. If more than one authentication type is
used, lists the server types in the order in which they are to be
authenticated.
Parameters
Example
with Syntax
ACC1(aaa)#authentication login local
577
Displaying the Authentication Server
To display the authentication server:
Command
{hostname}:filecontroller0#authsr
v [list]
Description
Displays current authentication server.
Parameters
Example
with Syntax
v [list]
Defining/Deleting the Authentication Server
To set the server to be authenticated:
Command
v add/delete {host}
Description
Defines or deletes current authentication server.
Parameters
Add to add, Delete to delete
Example
with Syntax
v add/delete {host}
Configuring Users’ Accounts
This section contains the following configuration options
Enabling / Disabling a User’s Account
Creating and Setting a User’s Access
Setting the Local Password
Enabling / Disabling a User’s Account
To enable or disable a specified user ’s account:
R ev isi o n 2. 0
578
A CC 1 (a aa ) #u se r [ user name]
[ l oc k |u nl o ck ]
Command
Description
Disables or enables the specified user’s account.
Parameters
Enter the user name and Lock to lock, Unlock to unlock.
A CC 1 (a aa ) #u se r myusername lock
Example
with Syntax
Creating and Setting a User’s Access
To create and set a specified user ’s access level:
AC C 1( aa a )# u se r [ user name] r ol e
[ ad m in is t ra t or | n et ad m in | mo ni t or ]
p as s wo rd lo c al [ password | n o ne ]
Command
Description
Creates users and sets the user’s access level: Administrators have
complete access to the Accelerator and its commands. netadmins have
complete access to the Accelerator and its commands with the exception of
the Security commands. monitors can access the Accelerator’s CLI but
cannot modify configuration.
Only administrator users can write a configuration.
To set a local password, type in the user name and local password and
press Enter. You will be prompted to enter a password.
If local is set to none, passwords are necessary only for the remote
authentication servers.
Parameters
Example
with Syntax
AC C 1( aa a )# u se r myuser ro l e
administrator p as sw o rd lo ca l
mypassword
Setting the Local Password
To set the local password:
Command
AC C 1( a aa )# e xi t
Ac c 1# pa ss w or d l oc a l
Description
To set a local password, type in the user name and local
password and press Enter. You will be prompted to enter a
password.
Parameters
AC C1 ( aa a )# ex i t
Example
with Syntax
i
579
Ac c1 # p a ss wo r d lo c al myusername
mypssword
NOTE: Use the command no user [name] to remove a user. You cannot
remove a root user, but you can modify the password. (Changing an <Default ¬¹
Font>Expand<Default ¬¹ Font> user’s password will automatically change the
root user as well.)
Viewing AAA Configuration
You can use the following show commands to view AAA configuration:
show aaa
You can enter the show aaa command from the configuration mode. This command
lists all the AAA options and their settings.
Acc1(config)# show aaa
telnet transport-input status.....enable
ssh transport-input status........enable
console transport-input status....enable
web transport-input status........enable
secure-web transport-input status.enable
ftp transport-input status........disable
tftp transport-input status.......disable
snmp transport-input status.......enable
User Name
Status
Role
root
permitted
administrator
<Default ¬¹
Font>expand<Default ¬¹ Font>
permitted
administrator
user1
permitted
administrator
user2
permitted
netadmin
user3
permitted
monitor
First Authentication Method.......Local
Second Authentication Method......Radius
Third Authentication Method.......TACACS+
Maximum Failed Login Attempts.....5
R ev isi o n 2. 0
580
Server
Name
Server
Order
IP
Port
Time-out
radius
first
rad2
10.0.130.139
1645
180
radius
second
rad3
10.0.130.132
1645
180
radius
third
rad4
24.0.214.160
1645
180
tacacs
first
tac2
21.0.214.160
49
180
Co nf i gu ra t io n C ha n ge A u di t E ve n t. .d i sa b le
Cr ea t e Li n k A ud it Ev en t .. . .. .. . .. .d i sa b le
show authentication order
The show authentication order command lists which of the authentication servers is
set as the first, second and third level authentication server.
Ac c1 ( aa a) # s h ow a u th en t ic a ti on lo gi n o r de r
Fi rs t A ut h en t ic at i on M e th o d. .. . .. .L o ca l
Se co n d Au t he n ti ca t io n M et h od .. . .. .R a di u s
Th ir d A ut h en t ic at i on M e th o d. .. . .. .T A CA C S+
show servers
The show servers command lists the authentication servers defined in the
Accelerator.
Ac c1 ( aa a) # s h ow s e rv er s
Server
Order
Server
Name
IP
Port
Time-out
radius
first
rad2
10.0.130.139
1645
180
radius
second
rad3
10.0.130.132
1645
180
radius
third
rad4
24.0.214.160
1645
180
tacacs
first
tac2
21.0.214.160
49
180
-+
show transport input
The show transport input command lists all possible management protocols and
services available and their status.
Ac c1 ( aa a) # s h ow t r an sp o rt in pu t
te ln e t tr a ns p or t- i np ut st a tu s. . .. .e n ab l e
ss h t ra ns p or t -i np u t st a tu s .. .. . .. .e n ab l e
581
c o ns ol e t ra n sp o rt -i n pu t s ta t us .. . .e na b le
w e b tr a ns po r t- i np ut st at u s. . .. .. . .e na b le
s e cu re - we b t ra n sp or t -i np u t s ta tu s .e na b le
f t p tr a ns po r t- i np ut st at u s. . .. .. . .d is a bl e
t f tp t r an sp o rt - in pu t s ta t us . .. .. . .d is a bl e
s n mp t r an sp o rt - in pu t s ta t us . .. .. . .e na b le
show user
The show user command lists the users and their authorization levels.
A c c1 (a a a) # s ho w u se r
User Name
Status
Role
root
permitted
administrator
expand
permitted
administrator
user1
permitted
administrator
user2
permitted
netadmin
user3
permitted
monitor
Unlocking or Locking the Keypad
i
NOTE: If you lock the keypad via the WebUI or via the CLI, you cannot use the
keypad’s unlock sequence to unlock the keypad. In such a case, the unlock
operation can be carried out only via the CLI or the WebUI
To lock or unlock the keypad:
Command
ACC1(config)#l c d l oc k | u nl o ck
Description
Locks/unlocks the keypad.
Parameters
Lock to lock, Unlock to unlock
Example
with Syntax
ACC1(config)#l c d lock
R ev isi o n 2. 0
582
Upgrading the Software OS
Copying the New Bundle File
To copy the new bundle file:
Command
AC C1 # copy [scp | sftp | tftp |
ftp | http] [bu n d l e n a m e ] [b u n d l e
location]
Description
This command, used for copying any file, lets you upgrade the
AcceleratorOS in any of the methods mentioned above, by
copying the upgrade bundle file from its location. You should use
the following format for specifying the location:
user:password@ip/file-path.
Parameters
Enter the parameters as described above
Example
with Syntax
AC C1 # copy ftp mybundlename
mybundlelocation
Rebooting the Accelerator after Copying the
New Bundle File
To reboot after copying the file:
Command
AC C1 # reboot [b u n d l e n a m e ]
Description
This command should be used when upgrading, for the
Accelerator to use the new bundle file after rebooting.
Parameters
Enter the same bundle name you entered in the previous section
Example
with Syntax
AC C1 # reboot mybundlename
Tech n ic al S u p p or t In fo r m a ti on
Technical Support Information
583
Initiating ByPass Mode
Showing Technical Support
Information
To show technical support information:
ACC1#sh ow te ch - su p po rt
[ co n ti nu o us ]
Command
Description
Lists all information necessary to troubleshoot Accelerator
problems. Information gathered here includes: version
information, license state, CPU and memory utilization, events,
link statistics, interface statistics, QoS configuration, route-rules,
discovered traffic, running configuration and startup configuration.
Press More to view additional output each time; alternatively, add
the parameter Continuous to enable continuous output.
Parameters
Example
with Syntax
ACC1#sh ow te ch - su p po rt
continuous
Listing Log Events
To reboot after copying the file:
Command
AC C1 # sh o w AC C 1# sh o w e ve nt s
[ lo n g | s ho rt ] f i lt er se ve r it y
f ro m [ fa ta l | w ar n in g | er r or |
i nf o ] to [f at a l | w ar n in g |
e rr o r |i n fo ] t ai l [ nu m be r o f
l as t x e v en ts to be d i sp la y ed ]
R ev isi o n 2. 0
584
Description
Lists Accelerator events. Long gives all available information on
the event, while short gives a brief summary of each event.
Parameters
Example
with Syntax
AC C 1# s ho w A CC 1 #s ho w ev en t s long
filter severity from fatal to info
tail 100
Appendix I: Glossary
This chapter provides brief descriptions of some key terms mentioned in
this user guide, together with the relevant context of these terms to the
AcceleratorOS.
A
AAA Protocols
AAA stands for Authentication, authorization, and accounting, a system
used in IP-based networking for controlling access to computer
resources, enforcing policies, and tracking the activity of users over a
network
Authentication provides a means for identifying a user, usually by
having the user enter a valid user name and valid password before
access is granted.
Authorization grants or denies a user access to network resources,
after the user has logged in to a system (namely: has been
authenticated via the username and password).
Accounting tracks the user activity while accessing the network and
measures the resources a user consumes during access, such as the
amount of data a user has sent and/or received during a session. This
data is used for purposes such as auditing, billing and trend analysis.
The AcceleratorOS supports the AAA functionality as a fundamental
method for ensuring security within the Accelerator. For details, see
section Security, on page 287.
586
C h ap t er I: Glossary
ACL
An access control list (ACL) is a table that tells a computer operating
system which access rights each user has to a particular system object,
such as a file directory or individual file. Each object has a security
attribute that identifies its access control list. The list has an entry for
each system user with access privileges. The most common privileges
include the ability to read a file (or all the files in a directory), to write to
the file or files, and to execute the file (if it is an executable file, or
program). Microsoft Windows NT/2000, Novell's NetWare, Digital's
OpenVMS, and Unix-based systems are among the operating systems
that use access control lists. The list is implemented differently by each
operating system.
ARP
ARP (Automatic Resolution Protocol) is a low-level protocol within the
TCP-IP suite, which maps IP addresses to a physical address, for
example: a corresponding Ethernet or MAC address.
The AcceleratorOS lets you add a static ARP entry, by mapping a
specific IP address to a specific MAC address. For details, see section
Creating Static ARP Entries, on page 255.
Authentication server
A Windows domain controller (either a PDC, BDC or Active Directory)
to be used for authenticating users.
587
B
Bit Error Rate (BER)
Bit Error Ratio (BER) is the ratio of bits that have errors compared with
the total number of bits received in a transmission, used for measuring
the quality of a signal path.The BER is usually shown as a negative
exponent (for example: 10-6, which means one of 1,000,000 bits is in
error).
AcceleratorOS offers WAN compression over various network
topologies, including High BER networks. For details, see section
Features and Benefits, on page 2.
C
Citrix/ICA
Citrix ICA stands for Citrix® Independent Computing Architecture. This
protocol enables Citrix to separate screen updates and user input
processing from the rest of the application’s logic. When using a Citrix
ICA Client, all application logic executes on the server and only screen
updates, mouse movements and keystrokes are transmitted via the
Citrix ICA session.
Almost any application can run on a Citrix server, and therefore use
Citrix ICA.
The AcceleratorOS uses Citrix (Post Acceleration) Aggregation, which
handles and optimizes the transfer of small packets by aggregating
several small packets into one big packet.
CIFS
Common Internet File System (CIFS) is a standard proposed by
Microsoft for remote file-system access protocol for use over the
Internet. CIFS lets groups of users work together and share documents
across the Internet or within corporate Intranets, by enabling programs
to make requests for files and services on remote computers on the
Internet.
R ev isi o n 2. 0
588
The WAFS solution integrated within the AcceleratorOS accelerates
CIFS traffic. For details, see section Application-specific Acceleration,
on page 3.
CLI
Command Line Interface
D
DC
Domain Controller
DFS
Distributed File System
DHCP
DHCP stands for Dynamic Host Configuration Protocol, a protocol for
assigning dynamic IP addresses to devices on a network. You can
choose to enable DHCP so that the IP address and default gateway are
determined dynamically at startup time. A DHCP server must be
running on your network to use this feature. Reserve static IP
addresses for the EXPAND devices. The MAC address for each device
is printed on the device. Dynamic addressing enables a device to have
a different IP address every time it connects to the network.
The AcceleratorOS offers DHCP server functionality in the remote
branch. For details, see section Configuring DHCP Servers, on page
71.
DNS servers
Domain Name Service. Up to 3 DNS servers can be used to
dynamically lookup host names.
DSFS
DiskSites File Services
E
EFS
Enterprise Filing System
Ethernet
The most widely-installed LAN standard, which is used for connecting
network peripherals, such as scanners, printers and computers, within
the same building or campus.
The original form of Ethernet is officially known as the IEEE 802.3
Ethernet standard. However, with the advance of technology and
networks speed, several faster adaptations have emerged, with data
rates of 10 Mbits/sec, 100 Mbits/sec (Fast Ethernet), and 1,000 Mbits/
sec (Gigabit Ethernet).
All Accelerator models have a dedicated Ethernet port, which supports
both 10 Mbits/sec and 100 Mbits/sec rates. For details, see section
Connecting the Network Cables, on page 16. You can also use the
WebUI for viewing a statistic detailing of the data displayed on the
monitoring graphs. For details, see section Viewing Ethernet Statistics,
on page 96.
590
H
Hop
An intermediate connection between two network devices, for example:
transferring a data packet from one router to the next in a routed
network such as the Internet.
The larger the number of hops in a routing process, the longer it takes
for a data packet to travel from source to destination.
In On-LAN configuration, the Expand Accelerator becomes the next hop
for traffic on the LAN destined to the WAN. For details, see section OnLAN, on page 8.
HSRP
HSRP (Hot Standby Routing Protocol) is Cisco routing protocol that
enables automatic switching to a backup router in the event of failure.
Using HSRP, several routers act as a single virtual router, so that if a
certain router fails, the routing responsibilities are transferred to another
router in a process that is transparent to the user.
Using HSRP, Expand Accelerators can take part in HSRP/VRRP groups
with available routers or Layer-3 switches (or even other available
Accelerators) to provide backup in the rare case of Accelerator failure.
For details, see section On-LAN, on page 8.
HTTP
HTTP (Hypertext Transfer Protocol) is an application protocol that runs
on top of the TCP/IP suite of protocols and is used for transferring files
of any type on the World Wide Web between Web clients and Web
servers.
The AcceleratorOS offers HTTP acceleration. For details, see section
Configuring HTTP Acceleration, on page 144.
591
I
IPCOMP
The IP Payload Compression protocol (IPComp) reduces the size of IP
dekagrams by compressing the datagrams to increase the
communication performance between two partners. The intent is to
increase overall communication performance when the communication
is over slow or congested links. IPComp does not provide any security
and must be used along with either an AH or an ESP transform when
the communication occurs over a VPN connection.
When setting up a link, the AcceleratorOS lets you select IPCOMP as
one of the methods to encapsulate the packets streaming through your
network. For details, see section Adding Links, on page 47.
J
Jitter
In Voice over IP (VoIP), jitter refers to a packet delay that affects the
quality of the voice conversation. Expand Networks’ Citrix Acceleration
plug-in reduces latency and jitter, especially over slow WAN links.
L
LAN
Local Area Network
Latency
Latency refers to the time it takes a packet to cross a network
connection, from sender to receiver. In networking, latency and
bandwidth determine the speed of your connection; high latency and
low bandwidth lead to slow, inefficient connection speed. Latency
typically increases when moving from LAN to WAN.
R ev isi o n 2. 0
592
Real-time applications, such as robotics and aircraft, and interactive
applications, such as desktop conferencing, are extremely sensitive to
high latency.
The AcceleratorOS offers several measures for combatting high latency,
such as: WAN compression, TCP acceleration and using QoS for
prioritizing the traffic. For details see section Application-specific
Acceleration, on page 3, and chapter Applying QoS, on page 101.
M
MIME Type
A file identification method, based on the MIME encoding system. The
MIME type has become the de facto standard for identifying content on
the Internet. For example, an e-mail message that contains an
attachment has a MIME type embedded in its header, in order to
identify the attachment type.
MIME Type is one of the main parameters used for detecting
applications to provide the QoS service. Expand supports many MIME
types. For details and examples of the most common MIME types
supported by the AcceleratorOS, see appendix MIME Types.
MPLS
MPLS (Multi Protocol Label Switching) is a packet switching protocol,
which adds a 32-bit label to each packet to improve network efficiency
and to enable routers to direct packets along predefined routes in
accordance with the required quality of service (QoS). The label is
added when the packet enters the MPLS network, and is based on an
analysis of the packet header. The label contains information on the
route along which the packet may travel, and the forwarding
equivalence class (FEC) of the packet. Packets with the same FEC are
routed through the network in the same way. The use of FECs allows
guaranteeing QoS levels to be guaranteed, and MPLS allows creating
IP tunnels through a network, so that VPNs can be implemented
without encryption.
MPLS is one of the various network topologies to which the
AcceleratorOS fits seamlessly, providing the highest WAN compression
593
performance available. For details, see section Features and Benefits,
on page 2.
N
Nagle
The Nagle algorithm is used for reducing LAN and other network
congestion from TCP applications, by automatically concatenating
several small buffer messages. This process (called nagling) increases
the efficiency of a network application system by decreasing the
number of packets that must be sent. When properly applied, the
nagling process enables TCP applications to use network resources
more efficiently.
O
OSPF
OSPF (Open Shortest Path First) is a routing protocol that determines
the best path for routing IP traffic over a TCP/IP network based on
distance between nodes and several quality parameters.
Using OSPF, a host that obtains a change to a routing table or detects
a change in the network immediately multicasts the information to all
other hosts in the network so that all hosts will have the same routing
table information.
The AcceleratorOS can be configured to work with dynamic routing
protocols, such as OSPF and RIP. For details, see section Working with
OSPF, on page 59.
R ev isi o n 2. 0
594
P
Packet Header
Packet header is the portion of data packet that is placed at the
beginning of a block of data being stored or transmitted. In internet
transmissions, the header contains data necessary for successful
transmission, such as the sender’s and recipient’s IP addresses and
timing information.
Expand Networks’ Router Transparency encapsulation (RTM) enables
compressing only the packets’ payload, while leaving the original IP
header and the original TCP/UDP header in their original forms so that
their information is available across the network.
Policy-Based Routing
Policy-based routing (PBR) enables routing packets based on policies
set by network administrators, instead of by using routing tables. This
technique may be useful when needing to specify a path or a higher
priority for certain traffic, or when the packet should be forwarded
based on a different criteria than set by the routing table.
PBR is one of the methods used for redirecting WAN traffic through the
Accelerator, to enable the Accelerator’s deployment in On-LAN mode.
For details, see section Enabling Packet Interception, on page 63.
Q
QoS
QoS, which stands for Quality of Service, is a mechanism for controlling
and ensuring resource reservation. Setting a QoS policy helps system
administrators prioritze the traffic that flows across the network, in order
to prevent greedy and rogue applications from dumping the network,
and to combat the congestion and latency that all contribute to poor
application and network performance. Using QoS enables organizations
to allocate bandwidth to mission-critical applications, slow down noncritical applications, and stop bandwidth abuse in order to efficiently
deliver networked applications to the branch office.
595
The AcceleratorOS offers a powerful yet simple QoS solution, which
lets system administrators quickly obtain a comprehensive picture of the
traffic that traverses the network, and easily apply the QoS policy. For
details see chapter Applying QoS, on page 101.
R
RADIUS
RADIUS (Remote Authentication Dial-In User Service) is an open and
scalable client/server security system. RADIUS is one of the AAA
Protocols used for applications such as network access or IP mobility,
and it is intended to work in both local and roaming situations.
The RADIUS server is one of the authentication servers that the
AcceleratorOS lets you set and manage in the Accelerator. For details,
see Setting Authentication Preferences, on page 291.
RIP
RIP (Routing Information Protocol) is a routing protocol used for
exchanging the entire routing table among routers in an autonomous
network, such as a corporate LAN or an interconnected group of such
LANs. The routing table transmission takes place every 30 seconds,
thereby making RIP more suitable for small homogenous networks. In
larger, more complicated networks the major alternative to RIP, OSPF,
is generally used.
The AcceleratorOS can be configured to work with dynamic routing
protocols, such as OSPF and RIP. For details, see section Working with
RIP, on page 63.
S
SCPS
SCPS (Space Communication Protocol Standard) is a protocol suite,
designed to enable communication over challenging environments such
as satellite and wireless links. This suite was jointly developed by
R ev isi o n 2. 0
596
NASA and the Department of Defense USSPACECOM, as TCP/IP was
frequently found inefficient in such environments, due to latency created
by long transmission path lengths and the noise associated with
wireless links. However, SCPS’ transport protocol (SCPS-TP)
functioning over the existing terrestrial Internet system was found to be
as good as that of TCP/IP, and SCPS was adopted as a standard by
ISO. For additional details regarding SCPS, see SCPS website ((http://
www.scps.org).
Expand Networks’ TCP Acceleration uses the SCPS protocol package
to reduce the impact of TCP limitations. For more details, see section
Studying SCPS, Expand’s TCP Acceleration Solution, on page 134.
SNACK
SNACK (Selective Negative Acknowledgement) is a method used by
the SPCS-TP protocol for reducing the amount of data that needs to be
transmitted and increasing the retransmissions’s speed. SNACK does
that by sending only a request for missing packets, unlike TCP, which
retransmits the missing packet as well as all packets already
transmitted after the missing packet.
For additional details, see section Error Detection and Proactive
Resolution, on page 135.
STF
Short Term Files
T
TACACS+
TACACS+ (Terminal Access Controller Access Control System+) is a
TCP-based authentication protocol, which enables administration of
user passwords in a central database that resides on a separate server,
instead of in individual routers, thereby providing an easily scalable
network security solution. TACACS+ is an open protocol that can be
ported to any username or password database. The AcceleratorOS lets
you set Authentication Servers (Radius, TACACS+ and Local) and
597
manage these servers and their preference order in the Accelerator.
For details, see section Setting Authentication Preferences, on page
291.
TCP
TCP (Transmission Control Protocol) is used, together with the Internet
protocol (IP) for sending data in the form of message units between
computer over the Internet. TCP manages the assembling of a
message or file into smaller packets that are transmitted over the
Internet and received by a TCP layer that reassembles the packets into
the original message. In the Open System Interconnection (OSI) model,
TCP is in Layer-4, the Transport Layer. TCP performs well on LANs but
does not deal well with the high latency and high-packet-loss found on
many WANs. For details, see section Studying SCPS, Expand’s TCP
Acceleration Solution, on page 134.
Tunneling
A technology that enables one network (usually a private, corporate
network) to send its data via another network’s connections (usually a
public network). Tunneling works by encapsulating the private network
data and protocol information within the public network transmission
units so that the private network protocol information appears to the
public network as data. Tunneling allows the use of the Internet, which
is a public network, to convey data on behalf of a private network.
AcceleratorOS lets you set a link so that all its traffic is forced into the
tunnel.
U
UDP
UDP (User Datagram Protocol), just like TCP, is a communication
protocol used together with the Internet protocol (IP) for sending data in
the form of message units between computer over the Internet.
However, unlike TCP, UDP transfers packets as a whole and does not
provide the services of dividing, reassembling and sequencing the
packets. Therefore, this protocol is suitable for network applications that
R ev isi o n 2. 0
598
want to save processing time because they have very small data units
to exchange and very little reassembling to do.
In the Open System Interconnection (OSI) model, UDP is in Layer-4,
the Transport Layer.
Expand Networks’ encapsulation accelerates the transmission of either
UDP or TCP packets, by compressing either the entire packet or only
the packet’s payload.
V
VRRP
VRRP (Virtual Router Redundancy Protocol) is an Internet protocol that
enables having one or more backup routers when using a statically
configured router on a LAN. Two or more routers are set up with VRRP,
and one is elected the "master." The master router continuously sends
advertisement packets to the backups, and if the advertisements stop,
one of the backup routers becomes the master. All routers share a
"virtual IP" address, so they are all seen as one address. VRRP can
also be used for load sharing.
Using HSRP, Expand Accelerators can take part in HSRP/VRRP groups
with available routers or Layer-3 switches (or even other available
Accelerators) to provide backup in the rare case of Accelerator failure.
For details, see section On-LAN, on page 8.
W
WAN
Wide Area Network
WCCP
The Web Cache Communication Protocol (WCCP) is a Ciscodeveloped content-routing technology that specifies interactions
between one or more routers (or Layer 3 switches) and one or more
599
web-caches. The purpose of the interaction is to establish and maintain
the transparent redirection of selected types of traffic flowing through a
group of routers.
“Transparent” in this context means that end users need not configure
their browsers to use a web proxy, but rather use the target URL to
request content, and have their requests automatically redirected to a
cache engine. The traffic redirection optimizes resource usage and
lowers response times.
WCCP is one of the methods used for redirecting WAN traffic through
the Accelerator in order for the ON-LAN deployment to work. For
additional details, see section Enabling Packet Interception, on page
63.
R ev isi o n 2. 0
600
Appendix J: Index
A
AAA
configuring via the CLI 574
configuring the Radius server 574
configuring users 577
viewing AAA configuration 579
configuring via the WebUI 290
configuring users 290
defining the security settings 293
setting authentication
preferences 291
description 288
ACC1 421
AccDump 328
download files 329
enable 328
access authentication 288
activating WCCP 449
Active Directory 586
adding entries to the ARP cache 495
advanced QoS
configuring 122
setting parameters 115
using 39
aggregation
aided by Syslog server 271
applying aggregation classes to an
application 487
configuring classes 482
defining aggregation class 106
enabling classes per link 485
prioritizing applications 103
selecting a class 156
setting by using the Decision
screen 127
setting in the My Links screen 260
setting limit 485, 486
setting window 486
ARP
adding entries to the ARP cache via
the CLI 495
clearing the ARP cache 495
creating static ARP entries 255
Assigning 501
assigning a link to a wan 501
Authentication 164
Authentication server 586
Authentication servers,
compatibility with 162
B
bandwidth
setting a minimum bandwidth
desired 40
bandwidth management
Layer-7 and bandwidth
management 4
setting the bandwidth 44
bypass mode
carrying out the troubleshooting
procedure 300
checking the link status 307
602
C h ap t er J: Index
description 14
in an On-Path deployment 250
C
Cache Management 202
checking Ethernet settings 308
checking for corrupted
terminals 313
checking HSRP malfunction 314
checking lack of acceleration 311
checking link malfunction 312
checking QoS malfunction 315
CIFS
defining active cache method 22
clearing the ARP cache 495
Compact Flash
replacing the Accelerator in the
field 28
upgrading the AcceleratorOS
software 318
compression
by using IPComp 23, 48
by using IPComp encapsulation 261
Citrix’s internal compression
mechanism 346
configuring header compression 261
disabling compression
disabling Citrix encryption and
compression 347
disabling Citrix NFuse
compression 346
in the PNAgent client 352
on SAP 358
next-generation WAN compression 3
QoS’ integration with 103
viewing compression statistics
per application 91
per link 82
Compression filter 197
Configuring 159
configuring Accelerator NetFlow 356
configuring Accelerator
networking 41
configuring DHCP servers 71
configuring OSPF
via the WebUI 60
configuring remote subnets
manually 56
configuring RIP
via the CLI 446
via the WebUI 63
configuring router polling
via the CLI 443
via the WebUI 61
configuring secondary IP
addresses 45
configuring subnets
manually 54
via the CLI 425, 433
Configuring the File Server/Domain
Controller 166
configuring the WAN 44
configuring the wizard 21
configuring WCCP via CLI 448
copying
last saved startup configuration to
running configuration 516
new bundle file 582
rebooting the Accelerator after 582
running configuration
as startup configuration 320
core allocation
tuning in deployments with
asymmetric bandwidth 452
D
Defining Shared Directories 166
deployment
Citrix deployment
benefits in terminal and thin client
deployments 347
603
Citrix metaframe deployments 106
controlling latency and jitter 346
defining deployment size 22
defining deployment type 22
setting deployment type via the
CLI 427
transparency
configuring transparency
support 147, 463
in On-LAN deployments 143
in On-Path deployments 143, 261
DFS 195, 588
DHCP servers
configuring
via the CLI 454
via the WebUI 71
Disconnected Operation 227
reconnection 228
DISKSITES Services Issues
DHCP services 244
displaying information for
troubleshooting 305
DNS 229
DNS acceleration 152
benefits 4, 38
DNS Acceleration
Configuring
via the WebUI 152
DNS servers 588
Domains 163
DSFS 589
dynamic routing
a feature in WAN compression 3
configuring RIP dynamic routing 32
configuring router polling 33
integrating into networks that use 32
setting routing strategy 27
E
Editing 50
Enabling Packet Interception 63
enabling WCCP 449
encryption 104
Ethernet
checking Ethernet settings 308
Ethernet port
configuring NetFlow 356
connecting
out-of-band management 269
Ethernet statistics
viewing
via the CLI 471
via the WebUI 96
event log
checking for unusual errors
checking error events 302
checking fatal events 303
checking info events 302
checking warning events 302
Expand solution 160
ExpandView
working with Accelerators via 247
external monitoring devices 33
external QoS devices
integrating into 33
F
Fetch Settings 207
Fetch Users 203
File Server/Domain
configuring 166
File servers 195
File servers, compatibility with 162
File Services Functions 199
FileBank
adding FileBank Directors 199
cache management 202
deleting FileBank Directors 199
fetch settings 207
filters 204
license settings 184
R ev isi o n 2. 0
604
print services 215
short term files filter 204
Time to Live settings 202
users 203
Windows domain 201
FileBank Director
compression filter 197
file servers 195
file services 193
settings 193
Setup Wizard 174, 178
system functions 174, 178
FileBank Director Settings 193
Filters 204
FTP acceleration
configuring
via the WebUI 149
definition 4
H
high latency environment
installing in 37
HSRP
configuring
autodetecting HSRP groups 498
enabling HSRP automatic
detection 280
setting HSRP group number 498
setting manual HSRP
configuration 280
understanding router redundancy
protocols 256
HTTP acceleration
configuring 144
via the CLI 459
via the WebUI 144
definition 4
setting rules 148
HTTP transparency
in On-Path deployment 143
I
installing the Accelerator
On-Path
using bypass mode 14
OnPath 8
IP address
configuration 21
configuring router polling 62
configuring secondary 45
configuring subnets manually 54
configuring the Accelerator 425
creating QoS rules 124
defining OSPF and RIP neighbors
defining a RIP neighbor 447
defining an OSPF neighbor 442
editing a subnet 55
enabling NetFlow 475
settings 22, 25
setting a network for broadcasting
the Accelerator’s rules 442
setting ExpandView agent
parameters 73
setting links via the wizard 23
setting the Accelerator’s clock 70
setting the remote device 429
setting the WCCP router IP 451
L
latency
causing slower session start 134
computing 137
increased by waiting for ACK
packets 133
installing in a high latency
environment 37
SpeedScreen Latency Reduction
Manager 351
TCP poor handling of high
latency 132
605
using Citrix acceleration plug-in to
reduce 106
using packet fragmentation to prevent
violation of VoIP/video latency
budgets 103
ways to reduce
DNS acceleration 152
DNS caching 152
packet aggregation 503
packet fragmentation 260, 502
scaling the transmission
window 135
TCP Vegas 140
using QoS 102, 594
using SCPS 135
Layer-7 applications
classifying 110
discovering 88
identifying Citrix Layer-7
applications 353
Layer-7 QoS 4
monitoring and reporting 5
License Settings 184
links
adding via the my links screen 47
assigning a link to a WAN 501
creating and editing 46
via the CLI 52
defining advanced settings 22
defining maximum number of 22
editing via the my links screen 50
enabling citrix acceleration 156
generating trend reports via
ExpandView 267
managing 259
noisy links 34
setting applications as monitored 473
setting definitions for a new link 260
setting the Accelerator to enable
external QoS 33
setting the bandwidth of 118
checking QoS malfunction 315
setting to work in large cache
mode 501
traffic discovery 94
using graphs to view link statistics 80
acceleration 81
compression 82
summary graphs 95
utilization 80
using the statistics table to view link
statistics 83
checking lack of acceleration 311
viewing interface statistics
for a specific link 472
for all links 471
M
monitoring window
description 78
my links screen
uses
adding links 47
editing links 50
using for setting links 23
N
NetFlow
configuring NetFlow support 98
enabling
via the CLI 474
via the WebUI 99
identifying the traffic 98
NetFlow compliance as an Expand
benefit 5
NetFlow monitored statistics 331
requiring router transparency
encapsulation 49
template fields 334
network topology
optimizing 42
R ev isi o n 2. 0
606
networks
asymmetric networks
optimization 136
computing latency 138
congestion avoidance 136
defining printers for 190
IP-based network
On-LAN 8
On-Path 8
managing links 259
overviewing your network
performance 95
preparing network integration 13, 54
Non-Link 46
O
On-LAN deployment
asymmetrical encapsulation
settings 261
configuring transparency support 147
defining encapsulation settings 430
enabling packet interception 63
RTM support for 49
setting the deployment type in the
CLI 427
using WCCP to forward traffic to an
On-LAN accelerator 65
working with VLAN in 252
On-LAN installation
at a data center 35
configuring Accelerator NetFlow
in 357
use in IP-based network 8
On-Path deployment
applying HTTP transparency to the
server side 143
configuring transparency support 147
enabling router transparency
encapsulation 261
operating in bypass mode 250
setting the deployment type in the
CLI 427
using bridge route 27
working with bypass mode 14
working with VLAN 253
On-Path installation
configuring NetFlow 357
operating requirements 21
OSPF
adding remote subnets manually 56
configuring 32, 60
configuring subnets manually 54
setting dynamic routing 53, 59
using out-of-band management 269
working with 59
P
packet interception
configuring 35
enabling 63
Print Services 215
prioritizing applications
methods of 39
when creating a new Citrix
application 112
when creating a new Web
application 110
when creating a QoS rule 123
when filtering traffic 117
prioritizing traffic
by using traffic shaping 119, 120
Q
QoS
And router transparency 594
applications
607
creating 105, 109
creating Citrix applications 111
creating Web applications 110
modifying 109
benefits of the Expand QoS solution
end-to-end application
performance monitoring 102
guaranteed bandwidth for specific
applications 103
restricting rouge and greedy
applications 103
seamless integration with
compression 103
transparent to existing QoS
infrastructure 102
checking
lack of acceleration 311
malfunction 315
defining scalable 268
dropped out packets 84
external QoS devices 33
Layer-7 QoS
bandwidth management 4
managing links 259
part of On-Path configuration 8
providing QoS services to virtual
links 46
router transparency 23
rules
creating 122
editing 126
understanding 116
setting inbound 121
understanding how QoS works
QoS rules 116
studying QoS bandwidth
allocation 118
traffic filtering 117
traffic shaping 118
using advanced 39
R
RAID 277
RDP
description 347
disabling compression and
encryption 348
recovering the password 301
redundancy 277
RIP
configuring 63, 65, 66
via the CLI 446
via the WebUI 32, 63
packet interception 35
setting routing 53
dynamic routing 59
subnet routing 53
setup checklist 15
working with 63
RIP dynamic routing
configuring 32
router polling
configuring
via the CLI 443
setting dynamic routing 59
working with 61
router redundancy
HSRP 278
On-LAN deployment 9
protocols 278
VRRP 278
router transparency
creating new links 261
monitoring device in a cloud 43
preserving network integrity 6
setting links via the wizard 23
setting the link to work with 430
WAN compression 3
with a QoS device 43
R ev isi o n 2. 0
608
RS232 console 11
rules
route rules
working with router polling 61
S
SCPS standard
compliance of TCP acceleration
with 4
congestion avoidance 136
description 132
error detection via SNACK 135
link outage support 136
preserving network integrity 6
standard number 410
studying SCPS 134
TCP spoofing 136
secondary IP address
configuring
in the WebUI 45
Security 287
security
Accelerator’s AAA 288
authentication
setting authentication method 292,
293
setting authentication servers 292
entering user-defined password 25,
256
locking and unlocking the keypad 295
managing users
defining authorization for a new
user 290
deleting users 291
modifying authorization for an
existing user 291
using Verisign security certificate 78
setup
via the WebUI 19
setup wizard
accessing 21
configuring 21
defining advanced settings 22
reviewing configuration 25
setting links via 22
setting time 24
Shared Directories
defining 166
Short Term Files filter 204
SNACK
use in SCPS protocol 135
SNTP
setting the Accelerator’s time 70
SSH
enabling secure management 6, 18
logging into the Accelerator via 420
subnet routing
setting 53
summary graphs
viewing 95
T
TCP acceleration
computing latency 137
configuring 139
via the WebUI 139
editing links 50
enabling 141
link outage support 136
optimizing WANs in a high latency
environment 37
understanding the shortcomings of
TCP 132
TCP service ID
setting 36
technical support
displaying information for
troubleshooting 305
time
setting the Accelerator time 70
Time to Live settings 202
traffic discovery
609
discovering Layer-7 applications 88
enabling L-7 traffic discovery via the
CLI 472
gathering statistics for detected
applications 93, 95, 99
viewing detailed 86
traffic shaping
how it is applied 118
prioritizing applications 39, 103
role in the QoS mechanism 115
transparency support
configuring 147, 463
Troubleshooting 299
DISKSITES services issues 244
general 236
networking issues 236, 239
security issues 238, 242
troubleshooting
displaying information for 305
U
UDP service ID
setting 36
upgrading the AcceleratorOS
software
via the CLI 582
via the WebUI 318
V
Verisign security certificate
using 78
virtual links 46
VLAN
including the Accelerator in a VLAN
group 253
setting in the CLI 497
working with
in an On-LAN configuration 252
in an On-Path configuration 253
VRRP
Setting VRRP Group Number 499
protocols 256
W
WAFS
FileBank categories 192
additional services 190
file services 189
system 189
utilities 190
FileBank Director categories 187
file services 187
system 187
utilities 188
WAFS transparency
enabling 536
excluding servers from 536
WAN
adding
via the CLI 497
via the WebUI 248
addressing ‘WAN-Outs’ 4
assigning a link to 501
configuring
defining link speed 78
enabling bursts 482
enabling packet interception 63
identifying ongoing traffic 98
setting the bandwidth of
QoS bandwidth allocation 118
setting inbound QoS 121
via the CLI 428
via the WebUI 22
setting to work in strict-priority
mode 482
viewing detected applications 86
WAN bandwidth
R ev isi o n 2. 0
610
configuring the Accelerator 428
setting 22
studying QoS bandwidth
allocation 118
WAN bursts 119
WCCP
activating 449
enabling 449
setting authentication 450
setting priority 450
setting router IP 451
setting TCP service ID 451
setting UDP service ID 451
installing On-LAN at a data center 35
Web-intensive environment
installing in 38
Windows Domain 201
Windows domain controller 586
Working with Accelerators Via
ExpandView 205

Accelerator OS

Transcription

Similar documents

Torco Accelerator - Torco Race Fuels

Property Details: Past Sales Description: former Gallahan`s Furniture

YOU GAVE ME A JOB

Driving aids

menox hand controls - Eco Medical Accessibility Department

Menox brosch_EN.indd

30/36 NCL Whole Tree Chipper Spec Sheet PDF

How to Get More Site Traffic to Convert to Free

Presentation