WANJet User Guide
Contents
1. 3 Click the Add button to display the Add VLAN page in a browser pop up nttps 172 16 30 230 10000 Add VLAN EJ WANJet Virtual IP 10 0 8 209 VLAN Netmask 255 255 255 255 VLAN Gateway 10 0 8 200 VLAN Tag 1245 OK _Cancel_ Done 172 16 30 230 10000 Q 4 Inthe WANJet Virtual IP field enter the virtual IP address assigned to the local F5 appliance on this VLAN that is the IP address which other machines on the VLAN use to communicate with the appliance 5 Inthe VLAN Netmask field enter the subnet mask for the VLAN 6 Inthe VLAN Gateway field enter the virtual IP address of the gateway machine for the VLAN 7 Inthe VLAN Tag field enter the VLAN ID WANJet uses this information to preserve tagged Ethernet frames that pass to and from the VLAN 8 Click OK to return to the VLAN Settings page and click Save at the bottom of that page After making WANJet aware of the VLAN add the VLAN as one of the subnets of the local WANJet so that the WANJet can optimize the traffic coming from this VLAN You should also make any remote WANJets that are linked to the local appliance aware of the VLAN and also add it as one of their subnets This is necessary if the remote WANJets are to handle optimized data from the VLAN F5 WANJet 3 1 User Guide 90 Advanced Configuration To edit or delete a VLAN click on its IP address in the table on the VLAN Settings page This wi2. Select Enabled if you wish the WANJet to optimize network traffic for this subnet Otherwise select Disabled 5 Click OK The Local WANJet page is displayed with the new subnet added to the list of subnets 6 Click Save at the bottom of the page Edit the subnet settings at any time by clicking on the corresponding link in the list of subnets Note If you change the subnet IP address you must change this value on the Remote WANJets page in the Web UI for each remote WANJet that is linked to the local one Remove a subnet at any time by clicking the corresponding link in the list of subnets and then clicking Remove on the Edit Subnet form Managing Virtual LANs A VLAN Virtual LAN is a computer network whose boundaries are defined logically rather than physically WANJet must be explicitly made aware via the Web UL of any VLANs that are linked to your network This is because VLANs are often implemented by adding tags to Ethernet frames and these tags must be preserved during optimization F5 WANJet 3 1 User Guide Advanced Configuration 89 To add a VLAN to WANJet via the Web UI 1 Click on System Settings gt Local WANJet in the menu bar 2 Onthe Local WANJet page click on VLAN Settings Any VLAN currently defined in the WANJet is shown here 10 0 8 209 255 255 0 0 10 0 8 200 1245 Note Press Save to apply the changes Changes will not be reflected until the operation is completed Add save Cancel
3. Chapter 7 Service Policy Configuration IT Service Policies 4 Application QoS Policies 4 Managing WAN Links 4 WANJet enables you to define IT service policies and application Quality of Service QoS policies for your various applications and apply them to optimally allocate bandwidth An IT service policy specifies a named group of ports machines and subnets When you define an application QoS policy you can specify an IT service group in addition to specifying the bandwidth you want to allocate to particular applications such as e mission critical applications e video and voice streaming interactive video or voice data transfers e web based applications These different classes of applications have very different network requirements The challenge is to align the network services to the application s requirements from a performance perspective F5 WANJet 3 1 User Guide 102 Service Policy Configuration IT Service Policies The IT Service Policies feature enables you to define services used to achieve specific QoS standards You can group ports machines and subnets under the heading of an IT service policy By assigning a minimum and a maximum amount of bandwidth to this service in an Application QoS policy you treat this group of ports machines and subnets as one entity This is simpler than creating many different services which each handle a single type of traffic Adding an IT Service Policy To de
4. 10 0 0 2 Local Network 192 168 200 0 24 Local Network 10 0 0 0 16 WAN GW 192 168 200 1 WAN GW 10 0 0 1 Remote Network 192 168 100 2 10 0 0 2 Remote Network 192 168 100 2 192 168 200 100 192 168 100 2 Router 192 168 100 1 Local Network 192 168 100 0 24 WAN GW 192 168 100 1 Remote Network 10 0 0 2 192 168 200 100 Computer Server Workstation Configuration Example Mesh F5 WANJet 3 1 User Guide 112 Configuration Examples SL1 SL2 SL3 IP Address 192 168 100 2 10 0 0 2 192 168 200 100 Local Network 192 168 100 0 24 10 0 0 0 16 192 168 200 0 24 Gateway 192 168 100 1 10 0 0 1 192 168 200 1 Remote Network 10 0 0 2 192 168 200 100 192 168 100 2 192 168 200 100 192 168 100 2 10 0 0 2 Configuration Notes e This diagram represents a Mesh configuration where three LANs are connected and three F5 appliances are installed LAN1 has SL1 installed LAN2 has SL2 installed and LAN3 has SL3 installed e LAN2 and LAN3 are the remote WANJets of LAN1 LAN1 and LANJ3 are the remote WANJets of LANZ and LAN1 and LANZ are the remote WANJets of LAN3 e SL1 sends processed data to SL2 and SL3 to handle SL2 sends processed data to SL1 and SL3 to handle and SL3 sends processed data to SL1 and SL2 to handle F5 WANJet 3 1 User Guide Configuration Examples 113 Hub and Spoke Configuration LAN3 TT IET LAN2 LAN3 192 168 200 0 24 LANZ 10 0 0 0 1 Router3 192 168 200 1 192 168 2
5. F5 WANJet 3 1 User Guide Monitoring Performance 49 Ping The ping utility provides a simple test of whether a target host is online and reachable via a TCP IP network It works by sending out ICMP request packets to the target and listening for response packets in return The percentage of packets lost and the time taken to send and receive them provide an indication of how well the connection is working Parameters By default WANJet provides the following parameters for ping R c 5 w 10 lt IP address of target host gt The default target is the gateway machine for the subnet on which the F5 appliance resides You can change these parameters using the text box provided but this is only recommended for experienced users Output The following output is displayed on the page The IP addresses of both the target host and the source host the server on which ping is running A line for each ICMP response packet received back from the target showing the packet s sequence number time to live and round trip time request time response time e A statistical summary showing the number of request packets transmitted the number of response packets received back the percentage of packets lost the minimum average and maximum round trip times Further information If a target host is not reachable via ping that is the statistical summary shows a 100 packet loss this does not necessarily mean that there is no w
6. Status Link ok RX errors 0 dropped 0 overruns 0 frame 0 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth2 Peer MAC 00 90 FB 81 65 84 Speed N A Status Link error TCP Passthrough LAN gt WAN 15421783 Packets 20 601 GB WAN gt LAN 4770226 Packets 310 410 MB UDP Passthrough LAN gt WAN 1583844 Packets 182 628 MB WAN gt LAN 293 Packets 15 876 KB Serial Number User Guide Monitoring Performance 53 Initially the main System Information page displays information about all network cards used by WANJet together with TCP UDP passthrough data and the WANJet serial number You can view other kinds of information using the links at the top of the page Note Click Reset at the bottom of the main System Information page to reset the counting of all data on this page If you do not click Reset the data on the page continues to accumulate whenever you refresh the browser Network interfaces Each F5 appliance normally has at least two active network interfaces one for the connection to the LAN and one for the connection to the WAN In addition there is an interface for the connection to a redundant peer WANJet if one is present on your LAN see Redundant Peers on page 93 For each network interface the following information is shown e The interface s MAC address a unique identifier attached to most forms of networking equipment e The interface s maximum speed in Mbit s and duplex setting Full Dup
7. click on the IP address of the subnet you want to modify or remove The Edit Subnet page opens in a browser pop up This is exactly the same as the Add Subnet page see page 77 except that it also has a Remove button Click Remove to permanently delete this subnet or edit the settings and click OK to modify it Save your changes by clicking Save on the Optimization Policy frame Configuring Port Settings For each port on a remote WANJet you can set the processing mode and the ToS Type of Service priority that are assigned to packets These can be assigned separately for TCP and UDP packets allowing you for example to optimize TCP traffic on a port while allowing UDP traffic to pass through untouched F5 WANQJet 3 1 User Guide Advanced Configuration 79 By default some commonly used ports corresponding to Active FTP SMTP HTTP POP3 IMAP and HTTPS have ACMS optimization enabled All these ports except 443 HTTPS also have TDR 1 compression enabled Settings for these ports can be edited by clicking on the corresponding link All other ports have optimization disabled by default Note Passive FTP sessions are difficult to optimize specifically since the server port used by Passive FTP varies from session to session If optimization of Passive FTP is needed you should enable optimization on all TCP ports see page 81 and disable optimization on those ports that do not require it typically ports used by real time app
8. ncTrap1005 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION 1 Error Initialization error ncSnmpTrapList 1005 ncTrap1006 OBJECT TYPE SYNTAX OCTET STRING ACCESS read onl STATUS current y DESCRIPTION Error Internal error ncSnmpTrapList 1006 ncTrap1007 OBJECT TYPE SYNTAX OCTET ST ACCESS read only STATUS current DESCRIPTION ncSnmpTrap Packet Processor Traps RING 1 Error Internal error List 1007 ncTrap1100 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Error Internal error ncSnmpTrapList 1100 ncTrap1101 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION p Error Internal error ncSnmpTrapList 1101 F5 WANQJet 3 1 User Guide 133 ncTrap1102 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Error Internal error ncSnmpTrapList 1102 ncTrap1103 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Error Internal error ncSnmpTrapList 1103 ncTrap1150 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Maximum number of ACM5 connections reached OR ACM5 Traps ncTrap ncTrap ncSnmpTraplist 1150 1200 SYNTAX ACCESS STATUS DESCRIPTION ncSnmp 1201 SYNTAX ACCESS STATUS DESCRIPTIO
9. one for TCP and one for UDP connections For each session the IP address and port for the source and destination host are shown The application or service that is using the session may also be shown in brackets At the top of the page there is a link to the Optimize Eligible Connections report see below F5 WANJet 3 1 User Guide Monitoring Performance 61 Optimize Eligible Connections report When you click on the Optimize Eligible Connections link at the top of the Passthrough Sessions report a report like the one below is displayed This report shows connections that were set up before the F5 appliance was last activated If the protocol and software allow it you can intercept and reset these connections so that from this point on they will be optimized using ACMS This is most useful for connections that need to be live for a long time so that they can transfer large amounts of data such as replication processes See also All Passthrough Sessions 10 0 8 61 3695 gt 10 55 55 3 100 all Reset As with the Optimized Sessions and Passthrough Sessions reports there is a row for each eligible connection showing the IP address and port for both source and destination There is also a Reset checkbox for each of the connections To reset an eligible connection 1 Select the checkbox for each connection that you wish to reset e Alternatively select all to reset all eligible connections 2 Click on t
10. press the X Cancel button to activate the main menu 2 Press the V Enter button to display the Setup menu Select Shutdown and press the Y button A confirmation message is displayed 4 Press Y again to shut down the appliance Alternatively press X to escape this menu sequence Note To turn off the FS appliance completely press the On Off button at the back of the appliance Before doing that however you should first shut down the appliance using one of the methods described above To restart via the Web UI 1 Expand the System section of the menu bar and click Restart 2 On the Restart page click on Restart WANJet A confirmation dialog appears Click OK if you wish to restart WANJet Otherwise click Cancel To restart via the LCD Panel Press the X button to activate the main menu Press the V button to display the Setup menu Select Restart and press Y A confirmation message is displayed gt 24 Press Y to restart WANJet Alternatively press X to escape this menu sequence F5 WANJet 3 1 User Guide 72 Managing the WANJet WANJet boot settings Up to two WANJet images may be present on the same flash memory card If something goes wrong with your first installation you can boot from the other image instead In that case you will need to reconfigure all WANJet settings that differ from the defaults To boot the F5 appliance from a different WANJet image 1 Expand the System section of the men
11. traffic crosses the WAN uncompressed so overall bandwidth savings are limited Operating at Layer 5 is more efficient than operating at any other layer in the OSI model because unlike data compression based on layer 3 the WANJet compresses data streams before data merge so it finds and removes more redundancies than layer 3 methods Unlike layer 7 techniques WANJet ACM5 technology examines all applications and compresses all traffic types F5 WANVet 3 1 User Guide Introduction 3 Transparent Data Reduction F5 s TDR Transparent Data Reduction technology is a new feature in WANJet 3 1 TDR provides a dramatic reduction in the amount of bandwidth consumed across a WAN link for repeated data transfers For example if the same 1MB file is transferred across a WAN link by 100 different users it would consume 100MB of bandwidth without TDR With TDR the amount of bandwidth consumed would be less than 10MB a greater than 90 reduction in WAN traffic volume With TDR no files are stored or cached so data does not go out of date or need to be refreshed Every request for a piece of data is sent to the server that actually has that data even across the WAN link In other words unlike traditional caching algorithms no request will ever be served from a local WANJet without the file actually being sent by the server that has the data As a result a user can change the name of a file and still experience the same dramatic reduction with
12. Configuring Syslog and SNMP Settings on page 96 Remote Monitoring Support Remote Monitoring RMON is an extension to SNMP that provides more comprehensive network monitoring capabilities Itis a network management protocol that monitors different types of data traffic passing through the network Unlike SNMP RMON gathers network data from a multiple types of MIB This provides much richer data about network usage For RMON to work network devices such as hubs and switches must be designed to support it RMON1 MIB standards effort started in 1990 to enable network Administrators to collect information from remote network segments for the purposes of troubleshooting and performance monitoring RMON1 focused on layer 1 and layer 2 F5 WANJet 3 1 User Guide Introduction 7 of the OSI model Due to the high market demand and increasing customer interest RMON 1 compliant software were rapidly developed and brought to market RMON2 is an enhanced version of the earlier RMON1 protocol It differs from RMON1 because it includes more open comprehensive network fault diagnosis planning and performance tuning features In addition RMON2 focuses on the higher layers of the OSI model layer 3 to layer 6 Figure 2 WANJet RMON2 Workstation Computer Server The WANJet supports RMON2 to help the user gather and analyze detailed information about the network traffic either before or after the WANJet processes it such as e data sent
13. Connection Interception enables WANJet to intercept and reset an existing network connection to ensure that it is optimized When to use Connection Interception You might use the CI option in any of the following cases e Installing WANJet on your network e Upgrading WANJet e Changing WANJet mode from Inactive to Active e Restarting WANJet How to use Connection Interception Before carrying out any of the above procedures make sure that both of the following are true e The ports of any connections to be reset have been assigned the ACM5 optimization mode e The ports have been assigned the Connection Intercept option F5 WANJet 3 1 User Guide Introduction Example To assign these options click on Operational Settings gt Optimization Policy and add a new optimization policy for the appropriate port numbers with ACM5 and Connection Intercept selected Refer to Configuring Specific Ports on page 79 for a more detailed explanation with screenshots You have a backup operation running on the FIP server and the connection on the FTP port is not optimized for one of the following reasons e WANJet is introduced to the network after the FTP connection is opened So even if the port of this connection has an optimization policy assigned to it the traffic of this port will be handled as passthrough e WANJet is inactive e You are currently upgrading WANJet Now you need the FIP data optimized WANJet allows yo
14. Protocol Processing Mode ACMS Passthrough Compression Encryption TOS Priority Application QoS Policy Bandwidth Done 172 16 30 80 10000 2 3 Enter the bandwidth size of the link between the local WANJet and this remote WANJet in the Link Bandwidth field and then select the units either Kb s or Mb s from the drop down list 4 Click the Add button next to the Application QoS Policy section The Application QoS Policy page opens in a browser pop up Maximum 5 Enter a name for this policy in the Alias field F5 WANJet 3 1 User Guide Service Policy Configuration 105 10 11 Enter the minimum amount of bandwidth that this policy should use in the Bandwidth field Enter the maximum amount of bandwidth that this policy can use in the Maximum field The maximum amount of bandwidth is used only when there is plenty of link bandwidth to go round Select the ports or IT service policies to use for this policy from the Services drop down lists and specify the type of each protocol as either TCP or UDP A port can have both protocols TCP and UDP First select the port for example FTP and select TCP Then on a new line select FTP again and UDP If you select VoIP it only uses the UDP protocol If you select an IT service policy form the drop down list the adjacent service type list disappears Clic
15. Sessions Number of network sessions undergoing optimization Passthrough Sessions Number of network sessions set to pass through the F5 appliance without optimization QoS QoS Quality of Service policies can help to improve network performance by dedicating bandwidth to specific network traffic Click on QoS at the top of any System Information page to view details of the remote networks that have QoS policies assigned to them QoS VLANs WANJet Links TCP Packet Retransmissions TDR stats Optimized Sessions Passthrough Sessions 172 16 1 2 voice OKbit 31345436 146474 0 172 16 1 2 Default 1Kbit 115857932 929948 0 Internet Default 3Kbit 274883807 244997 544912 F5 WANJet 3 1 User Guide Monitoring Performance 55 The following information appears in the QoS report Remote Remote network that has QoS policies assigned to it Policy Name of the QoS policy assigned to the remote network Rate Actual bandwidth assigned to each policy Bytes Sent Number of bytes sent for each policy Packets Sent Number of packets sent successfully for each policy Dropped Number of packets dropped for each policy For more about QoS refer to Application QoS Policies on page 103 VLANs A VLAN Virtual LAN is a computer network whose boundaries are defined logically rather than physically VLANs must be explicitly added to the WANJet Web UI since they are often implemented by adding tags to Ethernet frames and these tags must b
16. TA ai 41 Bridge AROS aE ng Aa oo Ande bak aye end ene eh a Be Eid 42 Ethernet diagnostics A iia 42 Remote WANJet diagnostics 0 eee ee eee nee nee bene nena 44 RADIUS Status A ti o E EE ada E EE 45 Bridge Forwarding Database p ici tt a al ab dn ER ge 46 Diagnostic Log ara tt ao er cat aii is 47 Administration tools ps eA secs A in ln a lnc di tae lead is 48 PUT Oss natalie ith pt A ARA A Dota aos a Seok aot 49 Traceroute ia te aati oral A A can Rare ue tae en ete aa 50 Packet capture with tcpdump 0 eee ee ccc een ene nent e nen ens 51 System Information reports 2 0 0 A E E E ete nen ene been eb ene eben nen eee 52 OOS ete rales set e ld ar et Ll ee AA E Mina id 54 MEANS ds NA de dae ori ted o o e el er o A A he 55 WAN Jet Links it A A ES A ASS ts tada 56 PEP Statistics Ad A A AA Ai 56 Connection States yori AAA en ee a eS ads 56 Packet retransmisSiONS 0 ec ene e nent denne netbeans 57 Receive queue packets pruned sur ere r e teen nent ene e nena 58 TPR Stats 2h dis veg ie LA ts late AE et Bee tN Ae E al na 58 Optimized Session ey eles os Se ee ee Le REA ge AE ees BES eds 59 Passthrough Sessions 0 0c cee ee nen eee beeen tenet eee aE 60 Optimize Eligible Connections report 0 0 0 ccc ete e eee eens 61 Remote Status report eses e ai a ee ene enn tenn e eee enna nena 61 Third party reporting systems o 62 Syslog reports ii AA GO A A A ges at add 62 SNMP reports A A A A A AA A ia 62 RMON Repor
17. TDR How it works 1 Client A requests a file e g antivirus dat Client B Server Client A y AS request antivirus a y a antivirus dat Client C 4 En ar B2 B2 WJ A RAM WJ B RAM 2 Server sends back antivirus dat WJ A amp WJ B copy data to RAM Client B Server Client A pe antivirus dat mu e eco dat Client C antivirus dat pe dat WJ A RAM WJ B RAM F5 WANJet 3 1 User Guide 4 Introduction 3 Now Client B requests antivirus dat from server Client B E WJ A WJ B pr Sn virus j i Client A A antivirus dat Client C Bi Bi B2 B2 WJ A RAM WJ B RAM 4 WJ B compares file with data in RAM The data has not changed Client B J Server WJ A WJ B ia A Swan antivirus dat EP 3 EY q e Client C Bi B2 WJ A RAM WJ B sends message to WJ A to use local data because it hasn t changed WJ A sends Client B the data corresponding to antivirus dat from its local RAM WAN bandwidth is saved Application QoS WANJet Application QoS provides better service for specific data flows by raising the priority of a specific traffic and limiting the priority of other traffics Accordingly WANJet Application QoS provides complex networks with a guaranteed level of performance for different applications and traffic types Your network s data transmission is optimized providing more control over network resources and ensuring the de
18. WANJet 3 1 User Guide 108 Service Policy Configuration Enter the netmask of the machine or subnet in the Netmask field Enter the name you choose for the machine or subnet in the Machine s Alias field Click OK to return to the Manage the Application QoS Settings of a WAN Link page where the subnet now appears to the Supported Subnet column Click OK to return to the Application QoS page Click Save The Application QoS page refreshes and your changes are saved to WANJet Editing and deleting subnets To edit or delete a subnet from a WAN link l 2 F5 WANQJet 3 1 Click on Operational Settings gt Application QoS in the menu bar On the Application QoS page see page 103 click on the link in the Alias column corresponding to the appropriate WAN link On the Manage the Application QoS Settings of a WAN Link page see page 106 click on the link in the Supported Subnet column corresponding to the subnet that you want to edit or delete The Edit Subnet page appears in a browser pop up This is identical to the Add Subnet page shown in the previous subsection except that a Remove button is also present Click Remove to delete the subnet or edit the settings and click OK to save your changes Click OK on the Manage the Application QoS Settings of a WAN Link page On the main Application QoS page remember to click Save to store the changes in WANSet User Guide Chapter 8 Configuration Examples Basic Con
19. and received between two nodes e IP addresses of these nodes e port used to send and receive data e data size before and after the WANJet processes the traffic e time stamp e number of connections The WANJet supports the following RMON2 groups Protocol Directory Contains the protocols for which the agent monitors and maintains statistics Network Layer Matrix Contains the traffic statistics for pairs of network layer addresses Application Layer Matrix Contains the traffic statistics by application layer protocol for pairs of network layer addresses Configuration Group Contains agent capabilities and configurations F5 WANJet 3 1 User Guide 8 Introduction For more information about RMON2 groups see Appendix A RMON2 Tree For more information about configuring RMON2 see Configuring Syslog and SNMP Settings on page 96 System Log Protocol Support The System Log Syslog protocol is a mechanism for sending event messages to a Syslog compliant server Events can be sent at the start or end of a process or to transmit the current status of a process The WANJet sends system event messages to the Syslog server you specify The data log sent by the WANJet includes the sent data and the received data In addition the WANJet sends warning logs to the Syslog server when necessary For more information on how to configure the Syslog settings see Configuring Syslog and SNMP Settings on page 96 Connection Interception CI
20. appliance as the local WANJet All other WANJet appliances are treated as remote WANJets To fully configure each of those WANJets you must log into the Web Ul for each one using the remote IP address in the URL Click on links in the menu bar at the left of the screen to bring up other pages in the Web UI For example if a step says to go to the Optimization Policy page click on Optimization Policy under Operational Settings The Remote Status page will then be replaced by the Optimization Policy page in the main browser frame Three links always appear at the top right of the Web UL F5 WANQJet 3 1 Logout logs you out of the Web UI useful for added security although your browser session will automatically time out after 30 minutes of inactivity User Manual displays the most up to date version in PDF form of the User Guide the document you are currently reading User Guide 20 Initial Configuration e About displays an informational page containing e the WANJet version and build number you should quote these in any support request e a link to your end user license agreement e contact details for your F5 support team WANJet Dashboard For convenience a variety of status indicators and shortcuts have been placed at the top left of the Web UI above the Reports section of the menu bar This area is known as the WANJet Dashboard It is designed so that certain kinds of important information are always available n
21. chapter also covers other ways of obtaining information about WANJet s performance including network diagnostic tools operational logs and integration with third party reporting tools F5 WANJet 3 1 User Guide 30 Monitoring Performance Real Time Traffic report The Real Time Traffic report shows a graph of total network traffic in real time over both the LAN and the WAN It therefore provides an at a glance overview of the network loads passing through your F5 appliance To view a graph of network traffic in real time Go to the Reports section of the menu bar and click on Real Time Traffic The Real Time Traffic page is displayed Real Time Traffic 3000 2500 Bits 2000 1500 1000 11 55 10 11 55 20 11 55 30 11 55 40 11 55 50 11 56 00 Time Man in E LAN Out WWAN in MB WAN Out In this graph F5 WANJet 3 1 The vertical axis indicates the amount of network traffic in bytes per second The horizontal axis indicates the time 24 hour clock showing hours minutes and seconds to the nearest ten seconds The blue line LAN In represents raw data destined for the WAN passing into the local WANJet from the LAN The yellow line LAN Out represents optimized data passing out of the local WANJet en route to the remote WANJet The red line WAN In represents optimized data passing into the local WANJet from its remote partner The green line WAN Out represents reconstituted da
22. for each of three packets packets are sent out in threes by default to travel from the source host to the intermediate host and back again Further information Traceroute sends out UDP datagram packets by default If UDP probes are being blocked by a firewall you can use ICMP echo requests instead as ping does by specifying the I option Packets are normally sent to port 33434 which should not be in use if the target host is listening on this port you can specify a different port using the p option For more information about traceroute see http en wikipedia org wiki Traceroute F5 WANJet 3 1 User Guide Monitoring Performance 51 Packet capture with tcpdump You can use tcpdump to intercept and display the actual contents of TCP IP packets on the network This is useful for debugging your network setup allowing you to isolate the source of a problem by determining whether all routing is working correctly Data is saved to a PCAP file which can then be viewed using a tool such as Ethereal Parameters By default WANJet provides the following parameters for tcpdump c 10 not port 10000 Packets sent to port 10000 are ignored since this is the port which the Web UI uses to communicate with the local F5 appliance Experienced users can change these parameters using the text box provided Output When tcpdump has finished the Tools page displays a link to the PCAP file that has been produced You can open this direc
23. gateway 94 dropped packets 55 duplex mode 94 E editing application QoS policy 105 IT service policy 102 subnet 108 subnet specification 77 WAN link 107 error messages and codes 124 ethernet cards setting speed 94 SNMP information 128 event messages 8 F F5 contact information v features 2 figures basic configuration 110 hub and spoke configuration 113 LAN router configuration 116 mesh configuration 111 point to multi point deployment 13 point to point deployment 12 redundant peer 93 redundant peer details 114 F5 WANQJet 3 1 Index RMONZ2 data collection 7 SNMP data collection 6 Web UI home page 19 firewall ports 14 font conventions used v G gateway specifying a static route 94 graphs see also reports 32 guaranteed performance 4 H hub and spoke 113 l in line deployment 12 IP address access to Web UI data 95 SNMP server 96 syslog server 96 IT Service adding policy 102 deleting policies 102 described 102 editing policies 102 L LAN speed used 94 LAN router example 116 remote WANJet settings 91 specify IP address 87 topology setting 83 legacy IP precedence 80 license upgrading 74 verify 25 local WANJet adding redundant peer 87 setting network information 86 User Guide Index logging in 18 logs diagnostic 40 downloading 47 matrix application data 121 network layer 121 mesh configuration 111 MIB file 129 MIB tree 120 modes processing 78 monitoring traffic 32 MTU specifying 91 N
24. is a part of the SNMP data tree You need to provide the SNMP compliant software with the IP address of WANJet in addition to the community string you specified earlier The RMON2 data on WAN Jet includes data sent and received between two nodes the IP addresses of these nodes the port used to send and receive data data size before and after the WANJet processes it times at which data was sent and the numbers of connections F5 WANJet 3 1 User Guide 64 F5 WANQJet 3 1 Monitoring Performance User Guide Chapter 5 Managing the WANJet WANJet authentication 4 WANJet time settings 4 Shutting down and restarting a WANJet appliance 4 WANJet boot settings 4 Backup and recovery 4 Upgrading the WANJet software 4 The F5 WANJet requires only basic administration The most frequent management tasks involve synchronizing the time settings and performing regular backups Other basic tasks include changing your password and PIN settings shutting down and restarting your F5 appliance and upgrading your WANJet software version F5 WANJet 3 1 User Guide 66 Managing the WANJet WANJet authentication To keep your WANJet settings secure the WANJet Web Ul is password protected whilst the LCD menu on the front of the appliance is PIN protected You can change the password and or PIN code at any time F5 recommends that you change them regularly once a month for example and that you immediately change them from the default
25. ncSnmpTrapList 1209 ncTrap1210 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Link up with Proxy IP ncSnmpTrapList 1210 ncTrap1211 OBJECT TYPE SYNTAX OCTET STRING DESCRIPTION Authentication failed with Proxy IP ncSnmpTrapList 1211 ncTrap1212 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Error Connection from unauthorized Proxy Proxy IP ncSnmpTraplist 1212 ncTrap1213 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Error Internal error ncTrap1214 SYNTAX ACCESS STATUS DESCRIPTION OBJECT TYPE OCTET STRING read only current Error ncSnmpTrapList 1213 This version f is incompatible with Proxy IP version ncSnmpTraplist 1214 F5 WANQJet 3 1 User Guide 135 ncTrap1250 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Version f up and running ncSnmpTrapList 1250 ncTrap1251 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Error Internal error ncSnmpTrapList 1251 ncTrap1252 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Warning License limit exeeded ncSnmpTrapList 1252 ncTrap1253 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Warning Invalid license key Bandwidth optimization off ncS
26. pass across a network connection Choose one of the following options Direct The default MTU for this option is 1500 bytes It is the most common MTU for the IP protocol VPN The default MTU for this option is 1400 bytes User Guide 92 Advanced Configuration Other You can specify the MTU of your network according to your needs 9 Click OK on the Manage Remote WANJet page to return to the main Remote WANJets page 10 Click Save at the bottom of this page 11 You now need to add the gateway of the remote WANJet as a disabled subnet For information on how to add a subnet see Adding remote subnets on page 78 Tip For information on specifying a processing mode for a particular port see Configuring Specific Ports on page 79 To edit the settings of a remote WANJet click on the appliance s IP address on the Remote WANvets page Make your changes on the Manage Remote WANJet page and click OK when finished After returning to the Remote WANJets page be sure to click Save to commit your changes Remember that if you edit the port number of the remote WANJet you must change this port for all connected FS appliances so they can communicate with each other To delete a remote WANJet click the IP address of the remote WANJet on the Remote WANJets page Click Remove on the Manage Remote WANJet pop up After returning to the Remote WANJets page click Save to commit your changes By removing a remote WANJet and its network you
27. password and PIN Changing the WANJet Web Ul password You can change the password for the admin user account which is the only local account that someone can use to access the WANJet Web UI Remote accounts may also be used and their passwords cannot be changed via the page shown below for more details refer to Configuring remote authentication on page 67 To modify the password you use to access the WANJet Web UI 1 Expand the System Settings section of the menu bar and click on Password The Password page is displayed Old Password New Password Confirm Password 2 Enter the old password in the Old Password field Leave this field blank if the default password was left unchanged during initial configuration 3 Enter the new password in the New Password field As a general rule passwords should consist of at least 6 characters and include a mixture of lower and upper case letters numbers and punctuation marks A blank password is not allowed 4 Enter the new password again for confirmation in the Confirm Password field This must exactly match the string entered in the New Password field 5 Click Save to save the new password or click Cancel to keep the old password Click Yes on the confirmation window Note Since there is only one local password for the Web UI be sure to warn any other users that you are changing the password unless they are using remote authentication F5 WA
28. policies allow you to specify the TCP UDP ports that WANJet s ACM5 and TDR optimization algorithms are applied to On the Optimization Policy page you also make WANJet aware of local and remote subnets Optimization Policy Local WANJet WANJet 172 16 30 80 Include WANJet Subnet Y Local Subnet Alias Ly 172 16 30 0 24 o E Remote WANJet test0_2 192 168 240 2 m reset Remote Subnet 192 168 240 0 24 Processing Mode TDR 1 TDR 2 Encryption Connection ACMS Y N N N TCP ACMS Y N N N TCP ACMS N N N TCP ACMS Y N N N TCP ACMS N N N TCP ACMS N N N N TCP Passthrough N N N N UDP _Passthrough N N A N A N A Ada Note Click Save to apply the changes Changes will not be reflected until the operation is completed Save _ Cancel On this page there is a check box labelled Include WANJet Subnet This box is checked by default If you uncheck this box the WANJet subnet is removed from the subnet list and the traffic of this subnet is no longer processed Do this if you wish only traffic from the subnets listed below this checkbox to be processed Adding local subnets You can add a new machine or subnet to the list of machines subnets whose data is processed by the WANJet and update or remove machines and subnets whose data is already being processed F5 WANJet 3 1 User Guide Advanced Configuration 77 To add a new subnet to the local WANJet l 8 Expand the Operation
29. specify the order in which data is displayed at the top of every report for a specific type of traffic In other words you can separately customize the reports for Total Sent and Received traffic The option you select from the first drop down list will be the first type of data displayed on the report page and so on By default Raw Data is displayed first then Compressed Data and finally the Compression Ratio After selecting the order in which to display these fields click Save You are returned to the report which should now show the fields in the new order from left to right For example if you set them as shown above the new report would look like this Raw Data Compressed Data Compression Ratio 11 271 MB 2 944 MB 282 836 F5 WANJet 3 1 User Guide Monitoring Performance 39 Passthrough Traffic report The Passthrough Traffic report allows you to view in real time a graph of passthrough data moving between the WAN and the LAN Passthrough traffic is network data that is not optimized by WANJet but allowed to pass through the appliance untouched To view a graph of passthrough traffic Inthe Reports section of the menu bar click on Throughput gt Passthrough traffic AAN MLan gt wan E LAN lt WAN In this graph the vertical axis indicates the amount of network traffic in bytes per second passing through the FS appliance without optimization the horizontal axis indicates the time 24 hou
30. the All Ports link this will read All other ports if optimization policies have been defined for specific ports User Guide 82 Advanced Configuration The Edit Port Service Name form opens in a browser pop up N Y https 172 16 30 230 10000 Edit Port TCP All ports Processing Mode Compression Encryption _ Connection Intercept O TOS Priority O Low Done 172 16 30 230 10000 9 4 Follow the steps listed in the previous section for configuring a specific port starting at Step 5 on page 80 5 Once you have clicked OK on the pop up be sure to click Save on the Optimization Policy page or your changes will be lost Operational Mode The Operational Mode page allows you to control whether WANJet is active or inactive whether TDR Transparent Data Reduction is operational and how WANJet is deployed in your network topology To configure WANJet s operational mode 1 Expand the Operational Settings section in the menu bar and click on Operational Mode The Operational Mode page is displayed O Inactive active Mode Transparent Data O Inactive Reduction Active In Line Topology One Arm F5 WANJet 3 1 User Guide Advanced Configuration 83 2 The Mode section allows you to enable and disable WANJet optimization When set to Inactive optimization does not occur and WANJet becomes completely transparent to network tr
31. 00 100 10 0 0 2 Local Network 192 168 200 0 24 Local Network 10 0 0 0 16 WAN GW 192 168 200 1 WAN GW 10 0 0 1 Remote Network 192 168 100 2 Remote Network 192 168 100 2 Router1 192 168 100 1 192 168 100 2 LAN Local Network 192 168 200 0 24 LAN1 192 168 100 0 24 WAN GW 192 168 100 1 Remote Network 10 0 0 2 192 168 200 100 Computer Server Workstation Configuration Example Hub and Spoke SL1 SL2 SL3 IP Address 192 168 100 2 10 0 0 2 192 168 200 100 Local Network 192 168 100 0 24 10 0 0 0 16 192 168 200 0 24 Gateway 192 168 100 1 10 0 0 1 192 168 200 1 Remote Network 10 0 0 2 192 168 200 100 192 168 100 2 192 168 100 2 F5 WANJet 3 1 User Guide 114 Configuration Examples Configuration Notes e This diagram represents a HUB and Spoke configuration where three LANs are connected and three F5 appliances are installed One LAN is connected to the other two LANs and the other two LANs are connected to this LAN only and not to each other e LANT has SLI installed LAN2 has SL2 installed and LAN3 has SL3 installed e SL1 sends processed data to both SL2 and SL3 to handle SL2 sends processed data to SL1 only to handle and SL3 sends processed data to SL1 only to handle Redundant Configuration Computer Server Workstation WAN Router Router Router 2 10 55 55 2 Router 1 10 55 55 1 Computer Server Workstation F5 WANJet 3 1 User Guide Configuration
32. 3 MB 80 935 MB 96 544 2 73 1 Performance Increase Actual Bandwidth Expansion Optimized Data Overall Data Link Utilization 15 68 15 58 Apr 17 2005 a o E c tay 7 o 2 x l o E 3 gt o T Hour Day Week Month Quarter Year Customize Report Throughput summary for the last 9 day s 1 hour s Raw Data Compressed Data 159 073 MB 80 935 MB csv w Download The vertical axis represents the bandwidth expansion in kilobytes megabytes and so on the unit used changes depending on the extent to which the bandwidth has expanded over the selected time period F5 WANJet 3 1 User Guide Monitoring Performance 35 Optimized Data The Optimized Data report allows you to compare the difference in the amounts of network traffic before and after the WANJet processes your data Raw Data Compressed Data Bandwidth Gain Peak Performance Ratio 159 073 MB 80 935 MB 96 544 ys E Performance Increase Actual Bandwidth Expansion Optimized Data Overall Data Link Utilization 15 00 15 58 Apr 17 2605 9 8 a7 ao 36 35 5 a4 3 2 1 0 raw Data H compressed Data Hour Day Week Month Quarter Year Customize Report Throughput summary for the last 9 day s 1 hour s Raw Data Compressed Data 159 073 MB 80 935 MB csv wm Download _ The vertical axis indicates the amount of network traffic before and after optimization in kiloby
33. 4 Inthe Queue Size field enter the maximum number of outgoing packets to keep in a queue before they start to be dropped in case of network problems The default queue size is 10240 packets 5 Click Save at the bottom of the page The Tuning page refreshes and your changes are committed to WANJet F5 WANJet 3 1 User Guide 86 Advanced Configuration Updating the Local WANJet Configuration Under System Settings on the menu click on Local WANJet This frame allows you to edit network information for the local WANJet define redundant peers add subnets and define VLANs to the local WANJet The initial values shown on this frame were specified during initial hardware configuration using the LCD panel or a serial console and WANJet software configuration as described under Basic WANJet Configuration on page 21 WANJet Alias WANJet A WANJet IP 175 16 2 1 WANJet Netmask 255 255 255 0 WAN Gateway 175 16 2 2 LAN Router 175 16 2 3 WANJet Port 3701 kkkt lexerx exxex exe License Key Redundant Peer IPL VLAN Settings Note Click Save to apply the changes Changes will not be reflected until the operation is completed In order for WANJet to work properly you need to replicate the Local WANJet changes in the Remote WANJets section of the other WANJet s Changes to WANJet IP address port or subnet address must be replicated wherever these settings appear on the Local WANJet page in the Web UI for this W
34. 82 ToS described 5 specifying 80 traffic do not process 78 setting priority 5 traffic optimized report 35 transparent proxy 13 trees MIB 120 protocol directory 120 tuning 85 Type of Service see also ToS 5 U upgrading software 74 uploading a backup 73 URL for login 18 user interface accessing 18 V verify initial configuration 26 version upgrading 74 VLAN defining to local 88 report data 55 VLAN ID 89 W WAN set bandwidth size 85 speed used 94 WAN link adding 106 deleting 107 editing 107 F5 WANQJet 3 1 141 purpose 106 WAN Optimizer errors 124 overview 2 WANJet adding remote to local 91 backing up 72 basic configuration diagram 110 hub and spoke diagram 113 LAN router 91 LAN router diagram 116 mesh configuration diagram 111 network information for local 86 PIN 67 process subnet traffic 76 redundant diagram 114 replicating local information to remote 86 restart 71 restoring settings 73 shutdown 71 user interface 18 WCCP v2 protocol 14 Web UI granting access 95 local or remote 19 logging in 18 page not found 27 setting password 66 using menu 19 worksheet configuration data 15 User Guide 142 Index F5 WANJet 3 1 User Guide
35. ANJet on each Remote WANJet page that describes this WANJet in the Web UI of any remote WANJets connected to this one For example assume you have four connected F5 appliances called B1 B2 B3 and B4 When you bring up the Web UI for B1 using its IP address in the URL the Web UI shows it as the local WANJet and shows B2 B3 and B4 as its remote WANJets If for example you change the IP address for B1 on its Local WANJet frame you must also log onto the Web UI for B2 go to the Remote WANJets page and click on the link for B1 and change the IP address for B1 to match You must repeat this step for B3 and B4 This way the IP address specified for WANJet B1 is correct for all F5 appliances that communicate with it F5 WANJet 3 1 User Guide Advanced Configuration 87 Provide information such as the alias that was not part of the initial configuration or modify current values Click Save when you have finished WANJet Alias WANJet IP WANJet Netmask WAN Gateway LAN Router WANJet Port License Key Redundant Peer IP Name used for this WANJet appliance This name is displayed at the upper left corner of the home page when you log onto the WANJet Web UI IP address assigned to the local F5 appliance on your network If you change this value you change this WANJet IP address for each remote WANJet that accesses it See the Note below Subnet mask assigned to the F5 appliance on your network IP address of your gatew
36. ANQJet 3 1 User Guide Installation Site Information Worksheet The site information sheet is intended to capture all relevant site data Complete the site information sheet and attach a detailed network diagram for each WANJet site Table 1 Site Information Worksheet Site Name Address City State Province Country Contact Person Name Title Email Work phone Cell Phone Link Type Speed in Kb s Latency Utilization Peak Average Router Make Model Information IP Routing Protocols Used Static Routing Table Rules Switch Make Model Information IP WANJet Alias IP Information Subnet Mask Default Gateway Local Network Alias IP Subnet Mask Alias IP Subnet Mask Alias IP Subnet Mask F5 WANVet 3 1 User Guide 16 Installation Table 1 Site Information Worksheet Remote Alias IP Subnet Mask Network Alias IP Subnet Mask Alias IP Subnet Mask Hardware Installation See the Quick Start guide for the F5 WANJet 200 or WANJet 400 appliance for information on installing F5 appliances and connecting them to your network F5 WANJet 3 1 User Guide Chapter 3 Initial Configuration Accessing the WANJet Web UI 4 Basic WANJet Configuration 4 Testing Connectivity 4 Troubleshooting 4 After you have completed all the hardware configuration using either the LCD panel or a c
37. CRIPTION Percent bandwidth saving on the traffic sent to other NetCelera boxes today ncStatistics 1 TotalRecvBandwidthSavingPercent OBJECT TYPE SYNTAX NTEGER ACCESS read only STATUS current DESCRIPTION Percent bandwidth saving on the traffic received from other NetCelera boxes today 226 4 ncStatistics 2 TotalSentBeforeNetCelera OBJECT TYPE SYNTAX NTEGER ACCESS read only STATUS current DESCRIPTION Effective traffic sent from this NetCelera Box to other NetCelera boxes today in MB before NetCelera sie ncStatistics 3 TotalSentAfterNetCelera OBJECT TYPE SYNTAX INTEGER ACCESS read only STATUS current F5 WANJet 3 1 User Guide 130 DESCRIPTION Optimized traffic sent from this NetCelera Box to other NetCelera boxes today in MB after NetCelera ncStatistics 4 TotalRecvBeforeNetCelera OBJECT TYPE SYNTAX INTEGER ACCESS read only STATUS current DESCRIPTION Effective traffic received from other NetCelera boxes today in MB before NetCelera ncStatistics 5 TotalRecvAfterNetCelera OBJECT TYPE SYNTAX INTEGER ACCESS read only STATUS current DESCRIPTION Optimized traffic received from other NetCelera boxes today in MB after NetCelera ncStatistics 6 LastSentBandwidthSavingPercent OBJECT TYPE SYNTAX NTEGER ACCESS read only STATUS current DESCRIPTION Percent bandwidth saving on the traffic sent to other NetCelera boxes during the last five minute
38. Examples 115 SL1 1 SL1 2 SL2 IP Address 10 55 55 3 10 55 55 4 192 168 200 100 Local Network 10 55 55 0 24 10 55 55 0 24 192 168 200 0 24 Gateway 10 55 55 1 10 55 55 2 192 168 200 1 Remote Network 192 168 200 100 192 168 200 100 10 55 55 3 Subnet 10 55 55 0 24 Remote Network 10 55 55 4 Subnet 10 55 55 100 32 10 55 55 110 32 Configuration Notes e This diagram represents a redundant configuration example where two LANs are connected and one of the LANs has a redundant WANJet installed e LANI has two WANJet appliances installed SL1 1 and SL1 2 and LAN2 has SL2 installed SL1 2 is the redundant peer of SL1 1 in case of failure of any of the routers the other router and its corresponding WANJet resumes to function e SL1 1 processes the data of half the subnets of LAN1 Subnet A while SL1 2 processes the data of the other half of the subnets of LAN1 Subnet B e L1 1 sends processed data to SL2 to handle and SL1 2 sends processed data to SL2 to handle e SL2 processes and sends the data that should be routed to Subnet A to SL1 1 to handle SL2 processes and sends the data that should be routed to Subnet B to SL1 2 to handle F5 WANJet 3 1 User Guide 116 Configuration Examples LAN Router Configuration Router 10 10 20 1 Router LAN Router 192 168 1 2 WAN Gateway 192 168 1 1 WANJet VLAN 100 SubNet 192 168 100 0 24 Computer Server Workstation Computer Server Workstation Confi
39. N ncSnm ncTrap1202 SYNTAX ACCESS STATUS DESCRIPTION ncSnm ncTrap1203 ncTrapl F5 WANQJet 3 1 SYNTAX ACCESS STATUS DESCRIPTION ncSnmp 204 SYNTAX ACCESS STATUS DESCRIPTION 3 nc Maximum number of speed array connections for RemoteIP reached OBJECT TYPE OCTET STRING read only current Error Configuration error List 1200 p rap OBJECT TYPE OCTET STRING read only current Error Configuration error List 1201 pTrap pr OBJECT TYPE OCTET STRING read only current 1 Error Initialization error pTrapList 1202 OBJECT TYPE OCTET STRING read only current 1 Error Initialization error List 1203 p rap OBJECT TYPE OCTET STRING read only current 1 Error Internal error List 1204 n SnmpTrap User Guide 134 Error Internal error Error Internal error ncTrap1205 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION ncSnmpTrapList 1205 ncTrap1206 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION ncSnmpTrapList 1206 ncTrap1207 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Error Internal error ncSnmpTrapList 1207 ACCESS read only STATUS current ncTrap1209 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Link down with Proxy IP
40. NJet 3 1 User Guide Managing the WANJet 67 Changing the WANJet LCD PIN code There is no default PIN code for the FS appliance s LCD Liquid Crystal Display To create or change the PIN code you use to access the LCD 1 Expand the System Settings section of the menu bar and click on LCD PIN The LCD PIN page is displayed Old PIN New PIN Confirm PIN Note PIN is a 4 digit number 2 Enter the old LCD PIN in the Old PIN field Leave this field blank if the PIN has not been set during initial configuration 3 Enter the new PIN in the New PIN field This must be a 4 digit number 4 Enter the new PIN again for confirmation in the Confirm PIN field This must exactly match the number entered in the New PIN field 5 Click Save Configuring remote authentication You can choose whether to authenticate WANJet users against a RADIUS remote authentication server or against WANJet s local database If you are authenticating users with the RADIUS protocol you must provide certain information including the server s IP address secret timeout period and number of retrials To set up WANJet remote authentication 1 Expand the System Settings section of the menu bar and click on Remote Authentication The Remote Authentication screen is displayed Initially this screen contains only a pair of radio buttons e At this point if you do not wish to use remote authentication select No Remote Authent
41. To configure WANJet to use RADIUS authentication click on System Settings gt Remote Authentication see Configuring remote authentication on page 67 Refer to http www ietf org rfc rfc2865 txt for technical details of the RADIUS protocol F5 WANQJet 3 1 User Guide 46 Monitoring Performance Bridge Forwarding Database The Bridge Forwarding Database MAC Addresses page lists all the network devices which have sent traffic through the local WANJet bridge To examine the Bridge Forwarding Database 1 Click on Reports gt Diagnostics in the menu bar 2 Inthe Diagnostics page click on Bridge Forwarding Database 00 08 0D 22 8A D9 172 16 30 141 ethO LAN No 00 09 0F 50 15 70 N A ethO LAN No 00 0B 6A 53 52 15 N A ethO LAN No 00 0B 6A 53 A1 66 N A ethi WAN No 00 0D 60 8E 83 C3 N A ethO LAN No 00 0D 60 FE 8D BC N A ethO LAN No 00 0E 35 D3 64 BD N A ethO LAN No 00 0F 66 A3 4F 88 172 16 30 11 ethO LAN No 00 11 43 5C 17 73 172 16 30 143 ethO LAN No 00 11 43 5C 19 BD N A ethO LAN No 00 11 43 69 E3 04 N A ethO LAN No 00 11 43 6A 91 7F N A ethO LAN No 00 11 85 FF 6A 80 N A ethO LAN No 00 11 85 FF 6A AE N A ethO LAN No 00 12 F0 0D 39 9E N A ethO LAN No 00 30 6E D4 A5 97 N A ethO LAN No 00 40 63 DA 9F 0D 172 16 30 254 ethO LAN No 00 90 FB 00 EB 1C N A ethO LAN Yes 00 90 FB 00 EB 1D N A ethi WAN Yes 00 C0 4F 61 24 CC N A ethO LAN No 00 D0 B7 2E A7 A0 N A ethO LAN No For each listed network device the following inf
42. User Guide Monitoring Performance 33 Performance Increase The Performance Increase report enables you to view the percentage increase in bandwidth due to using the WANJet Raw Data Compressed Data Bandwidth Gain Peak Performance Ratio 159 073 MB 80 935 MB 96 544 273 1 Performance Increase Actual Bandwidth Expansion Optimized Data Overall Data Link Utilization 15 09 15 58 Apr 17 2005 Hour Day Week Month Quarter Year Customize Report Throughput summary for the last 9 day s 1 hour s Raw Data Compressed Data 159 073 MB 80 935 MB csv In this graph the vertical axis indicates the percentage increase in bandwidth This is calculated by comparing the bandwidth freed up by the WANJet to the bandwidth used after optimization Freed Bandwidth Bandwidth after optimization 100 Percentage Performance Increase For example if your bandwidth before the WANJet was 100MB and the bandwidth used by data after the WANJet is 25MB then the amount of bandwidth freed up by the WANJet is 75MB Putting these values into the equation results in 75MB 25MB x 100 300 performance increase F5 WANJet 3 1 User Guide 34 Monitoring Performance Actual Bandwidth Expansion The Actual Bandwidth Expansion report enables you to view the actual bandwidth amount that the WANJet has freed up by optimizing network data Raw Data Compressed Data Bandwidth Gain Peak Performance Ratio 159 07
43. affic 3 Inthe Transparent Data Reduction section you can activate or deactivate WANJet s TDR technology see Transparent Data Reduction on page 3 4 Update the Topology section if you change the way in which your F5 appliance is connected to the network The usual network topology is In Line which means that the WANJet is located between the LAN or the LAN switch and the WAN gateway or the LAN router If you select this option you can skip to Step 8 If the WANJet is located on a separate independent link select One Arm instead see the next section Click Save to store your changes to WANJet s operational mode or Cancel to abandon them One arm topology This option allows WANJet to be deployed out of line with one physical connection to the LAN and no direct connection to the WAN see One Arm Deployment on page 13 If you select One Arm in the Topology section of the Operational Mode page a new section entitled Redirection Method appears Choose either Static Routing if each client on your LAN is configured to route network traffic through WANJet Transparent Proxy if LAN traffic designated for optimization is directed to WANJet by a router If you select Transparent Proxy in the Redirection Method section a new section entitled Discovery Method appears Choose either e Static if passthrough traffic is not routed to WANJet In this case only network traffic which is scheduled for ACMS optimization is ro
44. al Settings section of the menu bar and click on Optimization Policy Click on the Add button below the Local Subnets list The Add Subnet page opens in a browser pop up Y https 172 16 30 80 10000 Add Subnet Local Subnet 10 8 0 0 Netmask 255 255 255 255 Alias Subnet B O Enabled O Disabled Lapen cancel Done 172 16 30 80 10000 4 Enter the IP address of the new local machine subnet in the Local Subnet field for example 10 8 0 0 Enter the netmask of the local machine subnet in the Netmask field for example 255 255 0 0 Enter a name for the new machine subnet in the Alias field for example Subnet B Select Enabled if you want the WANJet to process the traffic of this machine subnet at this time Otherwise select Disabled Click OK You are returned to the Optimization Policy page and the new machine subnet is displayed on the local subnets list Click Save at the bottom of the page To update or remove a local machine or subnet I 2 3 Click the link of the machine subnet in the list of local subnets on the Optimization Policy page The Edit Subnet page opens in a browser pop up This is exactly the same as the Add Subnet page shown above except that it also has a Remove button Click Remove to delete this subnet from the list or edit the settings and click OK Save your changes by clicking Save on the Optimization Policy page Note You cannot update or r
45. also remove all associated subnets and ports Note When you remove the network for a remote WANJet the local WANJet will no longer see the remote appliance and any data sent to the network of the removed WANJet will pass through without being optimized F5 WANJet 3 1 User Guide Advanced Configuration 93 Redundant Peers Redundancy offers a continuous mode of operation and eliminates having a central point of failure for either LAN switching or routing WANJet supports redundancy by allowing the use of a second FS appliance on a LAN connected to a redundant router The second appliance is known as a redundant peer In the case of failure of one of the LAN s routers the corresponding WANJet appliance detects that the router is down and service continues through the remaining active router and F5 appliance Not only does the WANJet offer you a continuous mode of operation but it also provides load balancing under normal network conditions by distributing network traffic over two F5 appliances LAN 4 A LAN 2 You cannot access a redundant peer through the Web UI until you have added both the primary peer and the redundant peer to the Remote WANJets table of a FS appliance that is remote from the peers LAN For more information on how to add remote WANJets see Adding a Remote WANJet on page 91 Assume that there is a primary peer called WANJet A and its redundant peer WANJet A 1 A and A 1 are connected to the remote appli
46. ances WANJet B and WANJet C To be able to access A and A 1 you must 1 Add both A and A 1 to the Remote WANJets page in the Web UI for WANJet B 2 Add both A and A 1 to the Remote WANJets page in the Web UI for WANJet C F5 WANJet 3 1 User Guide 94 Advanced Configuration Updating the NIC Configuration You can specify the speed of the network interfaces the WANJet uses to communicate with the LAN and the WAN The WANJet supports different speeds in both half duplex and full duplex 1 Expand the System Settings section of the menu bar and click on NIC Configuration eth0 LAN Media Type Auto Negotiate v ethi WAN Media Type Auto Negotiate v Save __Cancel_ 2 Select the type of network interface that WANJet uses to connect to the LAN and WAN from the eth0 and eth1 drop down lists and click Save By default WANJet will negotiate both interface speeds automatically so you do not normally need to set these details manually Managing Static Routes Expand the System Settings section of the menu bar and click on Routing Table The routing table contains information on any gateway router you specify as routing the data of a specific network Data packets sent to this gateway use the relevant static route to identify their destination Static routes 10 9 9 0 255 255 255 0 10 55 55 20 1500 10 7 7 0 255 255 255 0 10 55 55 1 1500 10 0 0 0 255 255 0 0 10 55 55 2 1500 Note To delete an entry in the Rou
47. and configuration guidelines F5 WANJet 3 1 User Guide 12 Installation WANJet Deployment There are several ways to deployment WANJet on your network You can deploy WANJet in line in either a point to point or a point to multi point configuration Instead you might want to deploy WANJet in a one arm configuration The way you choose to deploy WANJet depends on your current network topology and requirements In Line Deployment In line deployment is the most basic way to deploy WANJet You can scale it from a simple point to point configuration to a point to multi point configuration Point to Point This is the simple one to one topology F5 appliances are placed at both ends of the WAN between their respective WAN Router and LAN Switch Each WANJet is configured to search for traffic matching specified source and destination subnets If the local WANJet detects a match then traffic is processed and sent down a WANJet tunnel to the remote WANJet that reverses the process and delivers the packets exactly as they were If there is no match the local WANJet acts as a bridge and passes the packets unaltered to the WAN Figure 3 Point to Point Deployment Private ip WAN Corporate LAN Corporate LAN Point to Multi Point This configuration involves 3 or more F5 appliances The following figure shows such a deployment involving 5 F5 appliances connecting to each other across intranets and the internet F5 WANJet 3 1 U
48. appliance on which the WANJet software resides The software transparently selects TCP window sizes that achieve the highest possible throughput based on link characteristics and that minimize retransmission in case of packet loss The result is 100 utilization of WAN links even over extreme distances for both compressed and uncompressed data The WANJet also stripes TCP sessions through multiple parallel persistent tunnels to reduce TCP overhead and increase effective throughput or uses a single persistent tunnel if that produces the best results Without requiring changes to end points or to the network infrastructure the WANJet allows enterprises to optimize WAN links both for cost and throughput Using link load balancing the technology can multiplex application traffic across many links based on traffic level or negotiated rate F5 WANJet 3 1 User Guide Introduction Overview ACM5 When you purchase an F5 appliance you specify what software you want pre installed on the machine The F5 appliance can come pre installed with either the WANJet or the WebAccelerator The WANJet is designed to improve the performance of your networks reducing the bandwidth consumed when transmitting data The WebAccelerator is designed specifically to accelerate your web applications by intelligent caching For more information on the Web Accelerator see the F5 WebAccelerator Getting Started guide In order for the WANJet to reduce the band
49. at each physical appliance or from a single computer by logging into the Web UI for each appliance Assume that there are two appliances WANJet A and WANJet B deployed point to point see Figure 3 on page 12 for an illustration a WANJet A is connected locally and has an IP address of 175 16 2 1 b WANJet B is connected at the remote end of the WAN Link and has an IP address of 10 2 0 1 Given this configuration you would perform the following steps Step 1 Log into the Web UI for the first WANJet Point your browser to the Web UI for WANJet A For the example IP address above you would enter the following URL https 175 16 2 1 10000 Log in using admin as the username and the default password of swanlabs as explained in Accessing the WANJet Web Ul on page 18 Step 2 Enter the license key and create an alias Expand the System Settings section of the menu bar and click on Local WANJet F5 WANJet 3 1 User Guide 22 Step Initial Configuration WANJet Alias Local 0 WANJet IP 175 16 2 1 WANJet Netmask 255 255 255 0 WAN Gateway 175 16 2 2 LAN Router 175 16 2 3 WANJet Port 3701 License Key Redundant Peer IPL VLAN Settings Note Click Save to apply the changes Changes will not be reflected until the operation is completed In order for WANJet to work properly you need to replicate the Local WANJet changes in the Remote WANJets section of the other WANJet s Enter the F5 WANJet license key i
50. ay IP address of the network router The main port number that the local WANJet uses to communicate with remote WANJet appliances The default port is 3701 You should only change this port if you also change it for all remote WANJet appliances See the Note below License key for the local installation of WANJet If this field is blank or contains an invalid key WANJet does not process your data IP address of the redundant WANJet peer Check the box and the text box for the IP address appears Note To update the IP address or port for this WANJet on all the remote WANJets go to Remote WANJets under System Settings in the menu From that frame you can use the Login link for each remote WANJet to log into its Web UI and make the necessary changes from its Remote WANJet frame F5 WANQJet 3 1 User Guide 88 Advanced Configuration Adding a Subnet There are several ways to add a subnet to the WANJet You can use the method described under Adding local subnets on page 76 Alternatively from the Local WANJet page click the Add button to bring up the Add Subnet form in a browser pop up F Add Subnet Microsoft Internet Explorer Local Subnet 10 0 8 205 Netmask 255 255 255 255 Alias Subnet A O Enabled O Disabled OK Cancel In the Local Subnet field enter the IP address of the new local subnet In the Netmask field enter the netmask of the new local subnet In the Alias field enter a name for the new subnet oe A
51. bps after NetCelera This value may be plotted to create a chart ncStatistics 12 aK KKK KKK KKK K KKK KKK KKK KKK KKK KKK KKK RARA KA RARA RA ncSnmpTraps ncSnmpTrapObjs OBJECT IDENTIFIER ncSnmpTraps 1 ncSnmpTrapID OBJECT TYPE SYNTAX INTEGER ACCESS read only STATUS current DESCRIPTION Holds the ID of the SNMP Trap ncSnmpTrapObjs 1 ncSnmpTrapDescription OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Holds the description of the SNMP Trap ncSnmpTrapObjs 2 ncSnmpTrapList OBJECT IDENTIFIER ncSnmpTraps 2 Optimization Engine Traps ncTrap1000 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Error Configuration error ncSnmpTrapList 1000 ncTrap1001 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Error Configuration error ncSnmpTrapList 1001 F5 WANVet 3 1 User Guide 132 ncTrap1002 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Error Configuration error ncSnmpTrapList 1002 ncTrap1003 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Error Initialization error ncSnmpTrapList 1003 ncTrap1004 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION 1 Error Initialization error ncSnmpTrapList 1004
52. c would not benefit from compression for instance if it consists largely of JPEG or ZIP files Check the TDR 2 box if you want to apply WANJet s TDR 2 intelligent caching algorithm Check the Encryption box if network traffic on the specified port is encrypted using SSL e Check the Connection Intercept box if you want to reset any connection over the specified port that was opened before these settings were applied Click OK to return to the Optimization Policy page A new row will now appear in the third table on the page containing the details you have just entered You can click on the port number in the Service Name column to edit these settings Click Save at the bottom of the Optimization Policy page to apply the new port settings to the selected F5 appliance Configuring All Other Ports In addition to defining optimization policies for specific ports you can change the default policies that have been set up for all TCP and all UDP ports Any policies defined for individual ports will override these default policies To set the default processing mode for all TCP UDP ports 1 F5 WANQJet 3 1 Expand the Operational Settings section of the menu bar and click on Optimization Policy Select the IP address of the WANJet to which you are connecting from the Remote WANJet drop down list Go to the third table on the Optimization Policy page In the Service Name column for either the TCP or the UDP protocol click on
53. color indicates a link in PDF or HTML that you can click on to navigate to a related section Note Notes mark important information Make sure you read this information before continuing with the task Technical Support Information Phone 1 206 272 6888 Fax 1 206 272 6802 Web http tech f5 com FTP ftp f5 com Email support f5 com F5 WANJet 3 1 User Guide Contents Chapter 1 Introduction ooooocooooooooorr rreren 1 OVER ac tte Sanlu tt 2 DCMS a dd e ee e de pe Dele al then dle a da 2 Transparent Data Reductions evita dt E E dai dE ca tddi 3 HOW 10 WOKS 0 a ii di dico 3 Application DOS A SA Tita anna ome a aA dante ee 4 LEY POIOL SOL VICCE Yio xg A A AA A nr ap ai ae ea eee tend 5 SNMP SUpport e a Patan ana Se a eae Pee vee Ges Poe Pare Ua an ce sl hee Dg alee e 5 Remote Monitoring Support 0 0 cee eee etn eee e beeen eens 6 System Log Protocol Support 2 0 ccc eet nett e tent e nett beens 8 Connectiomliterception a A OOS a eats 8 When to use Connection Interception 0 ce eee ce eect e ene t eens 8 How to use Connection Interception 0 0 eect tenet een een ees 8 EXAM Pers a ox SRA AA austen 8 rane GOVAN Sais eee EE a gine Shay Reet en 9 Chapter 2 Installation ss dianne eis Ra hh Re a a BE ead teas 11 WANJet Deployments 5 05 niai inan a ee eee a na Rn Palate a ee a a 12 In me Deployment errei vais A LI Wea ode a Wt ca 12 Point to Point 5 cys eet A SG Ae cde AA eA ee ada
54. computer on which you are running your web browser might not have access to the Web UI The default setting is to grant access to all machines but that setting can be changed to limit access based on IP address You can use the LED panel to add your computer s IP address to the list of machines with access After that use the Web UI to change the access settings See Granting Access to WANJet Web UI on page 95 F5 WANJet 3 1 User Guide 28 Initial Configuration can access the Login screen for the Web UI but my browser connection times out when try to log in The RADIUS authentication server may not be accessible to WANJet Try to log in as a local user using the admin username and a default password of swanlabs though this may have been changed by a local administrator Once you are logged in click on System Settings gt Remote Authentication and check that a RADIUS authentication is enabled b the Timeout and NRetry variables are set to sensible values i e if both are high authentication might take a long time to fail Refer to Configuring remote authentication on page 67 for more details The Link LED for the WAN or LAN port doesn t light up Verify that your cables are installed properly Next verify that the ports on the WAN Router and the LAN Switch connected to the E5 appliance are set to auto negotiate If either port is forced to a specific link speed and duplex value you must set the WANJet port to
55. covery aii ee nets el ve A A Rd CEG YE NS See 83 Configuring Tuning Settings is iiss ee SSR Eg A a eee 85 Updating the Local WANJet Configuration 00 0 cect e tne ene nes 86 Addin A SUDNE Bester wats Sete al eee Sore ER 88 Managing Virtua PANS ys 55 A eee 88 Managing Remote WANJets 0 kee eee eben ent been enn E nee 90 Adding a Remote WANJet 0 ccc eee cent deeb e nent nen ee E 91 Redundant Peers severest scence eee th oe Re OR OS BE od a OS PTE TES ds 93 Updating the NIC Configuration 3 54 E pena 94 Managing Static Routes tE WEG is Se SS eR 94 Granting Access to WANJet Web UI 0 eect tne tenn nee n ens 95 Configuring Syslog and SNMP Settings 0 cece eect teen tenn een ens 96 Email alerts ti a TAR ANA AA E q RBA phos gal 98 Chapter 7 Service Policy Configuration 0 0 0 cen 101 IT Service Policies atacante each ae re oh Ach ace aie AA E pa EEA rote 102 Adding an IT Service Policy ooooocoooococr nent eben nent nn eee nee 102 Application QoS Policies ce ne nent ene nen n ene e bene en ees 103 Adding an Application QoS Policy toa Remote WANJet 0 0 ee ee eee 103 Editing and deleting application QoS policies 0 0 kee eee 105 Managing WAN Tinks icc seni ln reek dee A ace aceon alate 106 Adding a WAN Link ia A ce denies 106 Editing and deleting WAN links 0 0 oo 107 Adding a Subnet toa WAN Link 0 nett t ene en enn nes 107 Editing and deletin
56. ction rules are followed and should also match the priority configured on the router Enter the IP address of the LAN router communicating with WANJet in the Router field IfWCCP is configured to require authentication between WANJet and the router check the Authenticate box and type in the password Link Refer to http www fags org rfcs rfc3040 html for a detailed specification of the WCCP protocol Click Save to store your changes to WANJet s operational mode or Cancel to abandon them F5 WANJet 3 1 User Guide Advanced Configuration 85 Configuring Tuning Settings Under Operational Settings on the menu click on Tuning The Tuning page enables you to make the maximum use of WAN link bandwidth guaranteeing maximum throughput To configure WANJet tuning settings you specify the link bandwidth and the RTT Round Trip Time Bandwidth 45 mb s w RTT 300 msec Congestion Control Queue Size 10240 Packet _save __Cancel_ 1 Inthe Bandwidth field enter your WAN link bandwidth The default bandwidth is 45 megabits per second You can change the unit used in this field to kilobits per second for lower bandwidth links 2 Inthe RTT field enter the average round trip time for your WAN link The default round trip time is 300 milliseconds 3 Select the Congestion Control checkbox if you want WANJet to handle the traffic congestion that occurs in the case of packet loss this is selected by default
57. dant Peers 4 Updating the NIC Configuration 4 Managing Static Routes 4 Granting Access to WANJet Web UI 4 Configuring Syslog and SNMP Settings 4 Email alerts 4 Aside from the initial hardware setup and basic WANJet configuration which occurred when you installed your F5 appliance in Chapters 2 and 3 and the basic administration tasks described in Chapter 5 WANJet includes a range of advanced settings for fine tuning your WAN link optimization F5 WANJet 3 1 Optimization policies allow you to specify the TCP UDP ports that WANJet s ACMS5 optimization is applied to WANJet s operational mode controls whether optimization is active whether TDR is operational and how the appliance is deployed in your network topology The Tuning page allows you to set the average bandwidth round trip time buffer size and queue size for your WAN link to fine tune WANJet performance Local and remote WANJet configuration involve setting IP addresses and other parameters for the networks in which your WANJets are operating Enabling a redundant peer avoids having a central point of failure for optimization You can update the NIC configuration for your WANJet s network interfaces and manage static routes through your subnets For added security control access to the WANJet Web UI by client IP address Configure syslog SNMP and RMON settings for remote error logging User Guide 76 Advanced Configuration Optimization Policies Optimization
58. do oat ella 12 Point to Multi Point 2 o 12 One Arm Deployment o 13 Firewall Guidelines inse ne e leas A gad sa Reelin 14 Site Information Worksheet 0 0 cs scev rie AR ea da eeu 15 Hardware Installation 0 uaaa uee 16 Chapter 3 Initial Configuration 0 0 0 0c 17 Accessing the WANJet Web UE nnnc riran cc cette enn e ene e teens 18 WANJet Dashboard oo eis jcc adeer eas ees Sa erent ath Baka Aia 20 Basic WANJet Configuration sisenes ress wal eatin wpe ae gee aide a Watton gee elle tab dei a 21 Testing Connectivity dista a oh ally oad gee tale cde path diy gee ta pe nda este hand 26 Lroubl shoonng sessen den yu none gato alas arq 27 Chapter 4 Monitoring Performance 0 cee 29 RealTime Traffierepont a ba Pas gui ed 30 Conriection Activity Teportes peen ea tects ogega tdi 31 F5 WANJet 3 1 User Guide vii Throughput TOS s sre o a A a ad a da 32 Performance Increase rra lada tddi da 33 Actual Bandwidth Expansion oooooooooooo tet n ett e aa aiala 34 Optimized Data rt ed cell de dd WG da ade ele oa ag a 35 Overall Data oros tt eh ae Pelican dade A AAA 36 Eink Utilization asaya rae ates taking eta de oe dad tesa tad kody ary a bat R cna WA ity ga aE aE 37 CUStOMIZING TEPOLHS 505 525 8s sed eg cate a aan E splint Bed dak od Boaters 38 Passthrough Trafic TEOT iihi dase as a p leach Bae ee a aod ans ate Ate Bde Ed Di Hoan 39 Diagnostics A A A aa e E E ad 40 Connectivity a a A 41
59. e Optimization Policy page The new subnet is displayed on the list of local subnets Repeat Step d through Step ito add more subnets as needed Click Save at the bottom of the Optimization Policy page Step 4 Define the second WANJet as a remote WANJet Define WANJet B as a remote WANJet to WANJet A F5 WANQJet 3 1 a Click on System Settings gt Remote WANJets in the menu bar b On the Remote WANJets page click Add The Manage Remote WANJet page is displayed in a new browser window Y https 172 16 30 80 10000 Manage Remote WANJet Mo O EJ WANJet Type Single v WANJet IP 10 2 0 1 WANJet Alias WANJet B WANJet Port 3701 Shared Key Documentation AE Cancel Done 172 16 30 80 10000 Enter the IP address of WANJet B in the WANJet IP field in this example 10 201 Enter WANJet B in this example in the WANJet Alias field Enter a Shared Key for the WANJet pair The shared key is a character string that is assigned by your network administrator The only requirement is that the key must match for any pair of WANJets that is you must use the same key when adding WANJet A as a remote WANJet to WANJet B User Guide Initial Configuration 25 f Leave all other fields as they are and click OK WANJet B is now listed on the Remote WANJets page Click Save to store the changes to WANJet A Step 5 Log out of the first WANJet Web UI Click Logoff on the upper right o
60. e System Settings section of the menu bar and click on Remote WANJets Click on the Add button The Manage Remote WANJet page opens in a browser pop up Y https 172 16 30 80 10000 Manage Remote WANJet Mo WANJet Type Single v WANJet IP 10 2 0 1 WANJet Alias WANJet B WANJet Port 3701 Shared Key Documentation OK Cancel Done 172 16 30 80 10000 2 Select the WANJet Type as either Single or Redundant Select Redundant if you have two connected WANJet peers on the same remote LAN See Redundant Peers on page 93 for an explanation of these node types In the WANJet IP field enter the IP address of the remote WANJet If you selected Redundant in Step 3 there is also a Node 2 field for you to enter the peer s IP address In the WANJet Alias field enter a meaningful name for the remote WANJet limited to 13 characters In the WANJet Port field enter the main port number on which the remote WANJet listens for data from the local WANJet The default port number is 3701 Change this port only if you change it for all connected F5 appliances In the Shared Key field enter a shared key which authenticates between local and remote WANJets You can set a unique shared key for every pair of F5 appliances If the local WANJet has a LAN router specified for it you can select an MTU Maximum Transmission Unit for the remote WANJet The MTU is defined as the size of the largest datagram able to
61. e preserved during optimization Click on VLANs at the top of any System Information page to see the list of virtual LANs supported by the WAN Optimizer The following information appears in the VLANs report Tag ID of the virtual LAN Packets Bytes Number of packets and total size in bytes of the network traffic exchanged with the VLAN Aware Indicates whether WANJet can identify this virtual LAN For more information about configuring VLANs to work with WANJet refer to Managing Virtual LANs on page 88 F5 WANJet 3 1 User Guide 56 Monitoring Performance WANJet Links Click on WANJet Links at the top ofany System Information page to view details of each link to a remote WANJet QoS VLANs WANJet Links TCP Packet Retransmissions TOR stats Optimized Sessions Passthrough Sessions 172 16 1 2 0 1 0 The WANJet Links report contains the following information Remote IP IP address of the remote F5 appliance Retransmissions Number of retransmitted packets to the remote WANJet ACMS5 Number of network connections to the remote WANJet that are being optimized using ACM5 ACMS without compression Number of passthrough network connections that are not being optimized For more about links to remote WANJets refer to Managing Remote WANJets on page 90 TCP Statistics You can click on TCP Statistics at the top of any System Information page to view three separate reports into TCP connection activity The Connectio
62. ect a service or application that uses the network from the Service Name drop down list The default port used by this service will then appear in the From Port field Alternatively you can enter the port number directly in the From Port field To specify a range of ports enter the first port of the range in the From Port field and the last port in the To field Refer to http www iana org assignments port numbers for a list of commonly assigned TCP UDP port numbers and the services and applications that use them but remember that these may differ on your system Choose a Processing Mode for the specified port s Select either e Passthrough to leave traffic over this port in its raw state e ACM5 to apply WANJet optimization to traffic over this port Select the priority you want to assign to this port or ports from the TOS Priority list e 7 for Network Control e 6 for Internet Control e 5 for Critical e 4 for Flash Override e 3 for Flash e 2 for Immediate e 1 for Priority e 0 for Routine Refer to http Awww ietf org rfc rfc0791 txt for more information about ToS priority levels User Guide Advanced Configuration 81 You can set four different WANJet optimization options using checkboxes these options are only available if you have selected ACMS as the processing mode e Check the TDR 1 box if you want to compress network traffic on the specified port This is not necessary if the traffi
63. ement Protocol governs the management and monitoring of network devices SNMP sends messages to SNMP compliant servers where users can retrieve these messages using SNMP compliant software SNMP data is stored in a data structure called a Management Information Base MIB The WANJet sends SNMP traps to the SNMP server you specify The traps you view on the SNMP server are errors for troubleshooting purposes See Appendix B WANJet Error Messages and Codes for error codes and descriptions The WANJet also stores more detailed SNMP reports that you can access using SNMP compliant software For the SNMP compliant software to access the WANJet it should authenticate itself using the community string you specify The machine on which the SNMP compliant software resides should have access to the SNMP data in the WANJet Web UI See Granting Access to WANJet Web UI on page 95 F5 WANJet 3 1 User Guide 6 Introduction Figure 1 WANJet SNMP Data corporate LAN The Management Information Base that stores the SNMP data contains rich details about the network cards like the network card type physical address the card speed the packets sent and received through each card the bytes sent and received through each card and the errors of each card In addition the SNMP reports include detailed information about the WANJet such as total bandwidth saved for sent data and for received data For more information about configuring SNMP settings see
64. emove the local FS appliance s own subnet F5 WANQJet 3 1 User Guide 78 Advanced Configuration Adding remote subnets You can add a new machine or subnet to a remote WANJet network and edit or delete existing machines and subnets Always add the gateway of any remote WANJet as one of its subnets and ensure that the status of this subnet is disabled To add a new subnet to a remote WANJet 1 9 Expand the Operational Settings section of the menu bar and click on Optimization Policy In the Remote WANJet drop down list select the remote WANJet that you want to add subnets to Click on the Add button below the Remote Subnets list The Add Subnet page opens in a browser pop up see page 77 for a screenshot In the Supported Subnet field enter the IP address of the machine subnet that you want to make visible to the remote F5 appliance In the Netmask field enter the netmask of the remote subnet In the Machine s Alias field enter a name for the machine subnet The default status for the new subnet is Enabled Select Disabled if you do not want the WANJet to process the traffic of this subnet at this time Click OK You are returned to the Optimization Policy page with the new subnet displayed in the list of remote subnets Click Save at the bottom of the page To update or remove a subnet from a remote WANJet l 2 Select the appliance in the Remote WANJet drop down list In the Remote Subnet list
65. ess to SNMP reports 95 log into Web UI 18 setting password PIN 66 ACM5 assigning to traffic 78 description 2 adding application QoS policy 103 IT service policy 102 remote WANJet 91 subnet 107 subnet to local 76 88 subnet to remote 78 VLAN to local 88 WAN link 106 address local WANJet and subnet 86 network cards 52 Web UI 18 all other TCP ports 81 application data matrix 121 application QoS applying without remote WANJet 106 description 4 specifying bandwidth 104 application QoS policy adding 103 defining 103 deleting 105 editing 105 reports 55 assigning F5 WANQJet 3 1 Index priorities to data traffic 5 traffic processing modes to port 79 autorecovery 73 B backing up uploading backup file 73 WANJet settings 72 bandwidth setting in QoS policy 104 setting WAN size 85 buffer size application 85 C charts see also reports 32 cluster 102 compression specify mode 80 compression technology 2 configuration testing 26 configuration group 122 configuration tool 18 congestion control 85 contact information v conventions used v Customer Confidence team v customize reports 38 D defining resources 102 deleting User Guide 138 application QoS policy 105 IT service policy 102 subnet 77 108 WAN link 107 deploying WANJet 12 deployment in line 12 one arm 13 point to multi point 12 point to point 12 specify type 82 diagnosing problems 27 error codes 124 reports 40 directing packets through a
66. et software WANJet s Web UI makes it easy for you to upgrade the version of the WANJet software installed on your FS appliance Note You must stop the current WANJet processing session before you can upgrade Therefore you should notify network users before beginning the process and do it a time that is minimally disruptive to the network To upgrade the WANJet software version 1 F5 WANQJet 3 1 Before beginning the upgrade process ensure that a disk image of the new version of the WANJet on CD ROM for example is accessible from the local computer on which you are viewing the Web UI In the Web Ul expand the System section of the menu bar and click Upgrade Stop Test 0 1 In order to upgrade the software please first click the button above to stop the WANJet You will then be prompted to browse for a remote upgrade file On the Upgrade page click Stop Server Name to stop the current processing session A confirmation pop up appears Click OK to continue On the next page click Browse to launch a browser dialog in which you can locate the upgrade file on your local computer and upload it to your F5 appliance Click Upgrade WANJet After the upgrade process is complete the F5 appliance will restart automatically User Guide Chapter 6 Advanced Configuration Optimization Policies 4 Operational Mode 4 Configuring Tuning Settings 4 Updating the Local WANJet Configuration 4 Managing Remote WANJets 4 Redun
67. etCeleraRat LastRecvAfterNetCeleraRat a Ethernet Cards Information The Ethernet cards related information path iso org dod internet mgmt mib 2 interfaces 1 3 6 1 2 1 2 The Ethernet cards related information description IfNumber ifTable ifEntry ifIndex ifTable ifEntry ifDescr ifTable ifEntry ifEnter ifTable ifEntry ifMtu ifTable ifEntry ifSpeed ifTable ifEntry ifPhysAddress ifTable ifEntry ifInOctets ifTable ifEntry ifInUcastPkts ifTable ifEntry ifInDiscards ifTable ifEntry ifInErrors ifTable ifEntry ifOutOctets ifTable ifEntry ifOutUcastPkts ifTable ifEntry ifOutDiscards ifTable ifEntry ifOutErrors F5 WANVet 3 1 User Guide 129 MIB File This is the MIB file that might be needed to compile the MIB file for browsing the MIB through a standard MIB browser SWANLABS GLOBAL REG DEFINITIONS BEGIN IMPORTS enterprises FROM SNMPv2 SMI SwanLabs OBJECT IDENTIFIER enterprises 13993 NetCelera OBJECT IDENTIFIER SwanLabs 1 ncVersion OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION The NetCelera software version 3 NetCelera 1 ncStatistics OBJECT IDENTIFIER NetCelera 2 ncSnmpTraps OBJECT IDENTIFIER NetCelera 3 KK KK KKK KKK KK KK KKK KKK KKK KKK KKK KKK RARA KA RARA KARA ncStatistics TotalSentBandwidthSavingPercent OBJECT TYPE SYNTAX INTEGER ACCESS read only STATUS current DES
68. f Week Monday v _Change timezone Host Address User Specified 101 101 101 101 Day Month Year Hour Min Sec Wednesday 4 m May v 2005 M 19 m 11 M 32 M Setting the timezone The Timezone section enables you to set the timezone within which your FS appliance is operating To set the WAN Jet timezone 1 2 F5 WANJet 3 1 Expand the System Settings section of the menu bar and click on Time In the Timezone section select the closest geographical location to your site from the Current location list The default location is America New York In the First Day of Week drop down list select the day on which your working week begins The day you specify here is considered the first day of the week for all the performance reports that the WANJet generates about your traffic Click on Change timezone to save your changes User Guide 70 Managing the WANJet Synchronizing WANJet time automatically You can use a specific time server to synchronize WANJet time automatically The IP addresses of several commonly used time servers are provided or you can specify the address of another time server yourself For more information about time servers refer to www eecis udel edu mills ntp clock2a html To use a time server to synchronize your F5 appliances l 2 Expand the System Settings section of the menu bar and click on Time In the Time Server section select the IP address of a commonly used time serve
69. f the Web UI Close the browser window Step 6 Log in to the Web UI for the second WANJet Open a new browser window and enter the URL with the example IP address for WANJet B https 10 2 0 1 10000 Log in using admin as the username and the default password of swanlabs Step 7 Verify the license key and create an alias Expand the System Settings section of the menu bar and click on Local WANJet a Check the F5 WANJet license key in the License Key field The key should match the License Key Certificate found on the Packing List in the box that the WANJet B appliance was shipped in b Optionally enter a name for the appliance such as WANJet B in the WANJet Alias field Step 8 If your network has multiple subnets specify the LAN router IP and add subnets If you defined a LAN router and added subnets for WANJet A you probably need to repeat this step for WANJet B unless itis on a simpler LAN Refer back to Step 3 for details of how to do this Step 9 Define the first WANJet as a remote WANJet Now define WANJet A as a remote WANJet to WANJet B a Click on Remote WANJets under System Settings on the menu Click Add in the Remote WANJets page to display the Manage Remote WANJet page in a browser pop up c Enter the IP address of WANJet A in the WANJet IP field in this example 175 16 2 1 d Enter the appliance name in the WANJet Alias field in this example WANJet A e Enter the Shared Key This should be
70. f5 WAN Jet User Guide version 3 1 MAN 0205 00 Service and Support Information Product Version This manual applies to product version 3 1 of the WANJet Legal Notices Copyright Copyright 2005 F5 Networks Inc All rights reserved F5 Networks Inc F5 believes the information it furnishes to be accurate and reliable However F5 assumes no responsibility for the use of this information nor any infringement of patents or other rights of third parties which may result from its use No license is granted by implication or otherwise under any patent copyright or other intellectual property right of F5 except as specifically described by applicable iControl user licenses F5 reserves the right to change specifications at any time without notice Trademarks F5 F5 Networks the F5 logo BIG IP 3 DNS iControl GLOBAL SITE SEE IT EDGE FX FireGuard Internet Control Architecture IP Application Switch iRules OneConnect Packet Velocity SYN Check Control Your World ZoneRunner uRoam FirePass TrafficShield WANJet and WebAccelerator are registered trademarks or trademarks of F5 Networks Inc in the U S and certain other countries All other trademarks mentioned in this document are the property of their respective owners F5 Networks trademarks may not be used in connection with any product or service except as permitted in writing by F5 Patents This product protected by U S Patent 6 327 242 Other paten
71. figuration 4 Mesh Configuration 4 Hub and Spoke Configuration 4 Redundant Configuration 4 LAN Router Configuration 4 The configuration examples aim at taking you step by step through some common WANJet configuration scenarios in order to give you a clear idea about the configuration details and provide you with a comprehensive picture for the relation between different configuration options F5 WANJet 3 1 User Guide 110 Configuration Examples Basic Configuration Computer Server Workstation Router2 192 168 100 2 Router y Router y Router1 192 168 150 2 Slt LANI LAN1 192 168 150 0 24 Computer Server Workstation Configuration Example Basic Configuration SL1 SL2 IP Address 192 168 150 100 192 168 100 100 Local Network 192 168 150 0 24 192 168 100 0 24 Gateway 192 168 150 2 192 168 100 2 Remote Network 192 168 100 2 192 168 150 2 F5 WANJet 3 1 User Guide Configuration Examples 111 Configuration Notes e This diagram represents a basic configuration where two LANs are connected and two F5 appliances are installed LAN1 has SL1 installed and LAN2 has SL2 installed e LAN is a remote network of LAN1 and LAN is the remote network of LAN2 e SL1 sends processed data to SL2 to handle while SL2 sends processed data to SL1 to handle Mesh Configuration LAN3 192 168 200 0 24 LAN2 10 0 0 016 Router3 192 168 200 1 192 168 200 100
72. fine a new IT service policy l 2 6 Ti 8 Under Operational Settings on the menu click on IT Service policies Click Add The IT Service Policy page opens in a browser pop up E https 172 16 30 230 10000 IT Service Policy Policy Name File Transfer From 172 16 2 100 1 255 255 255 0 To 172 16 3 100 255 255 255 0 Ports Ftp iv From Port 21 to 21 iv Protocol TCP E Done B internet Enter the name you choose for this service in the Policy Name field Enter the IP address and the netmask of the subnets for which you want to specify an IT service Policy To specify the subnet that sends the data enter the IP address in the From field with the full netmask in dotted quad format after the slash To specify the subnet that receives the data enter the IP address in the To field again with the full netmask after the slash Specify the port you want Select a port from the Ports drop down list or enter a range of ports using the From Port fields Select the protocol type of the ports specified earlier from the Protocol drop down list Click OK to return to the IT Service Policies page Click Save The IT Service Policies page refreshes and your changes are saved You can also edit or delete an IT service policy On the IT Service Policies page click the name of the policy to open the IT Service Policy pop up and edit the policy Make your changes and c
73. g subnets ia eet een nen ene nen ene 108 F5 WANVet 3 1 User Guide Chapter 8 Configuration ExampleS ooooooocoocccoccrr 109 Basic Configuration mess rt a A Wath dot dad dd a ai gated 110 Mesh Configuration tai a betel a daa ot 111 Hub and Spoke Configuration 0 00 0 cee cece Ae E E RAE Ea AAE p a a a aea eens 113 Redundant Config tation ono rr iaa 114 LAN Ronter Configurations da tada ao 116 Appendix A RMON2 Tree o o o oooccoococoooo rr 119 MIB Tre A A A ig AR 120 Protocol Directory Tree td E A A A A A gaa 120 Network Layer Matrix ut o ii nat A ns 121 Application Data Mati a Ai ta A bs 121 Configuration Group mec dd di dota 122 Appendix B WANJet ErrorS oooococooocccooorr c cent enn e eens 123 WANJet Error Messages and Codes p aioi tiina cece cette tee tne ent e tenn aaa 124 Appendix C WANJet Private MIB 0 00 t enn eee 127 System Inform tion A DA MRA Rocha ES ga 128 Ethernet Cards Information 0 cece cece eee eben r E E e eee enee 128 MIB Biles coccGcdtri ee eta achat iS ct cil meee hat ih a heath Melt eet baat r BA ec ot a ad 129 F5 WANJet 3 1 User Guide Chapter 1 Introduction Overview 4 ACM5 4 Application QoS 4 Type of Service 4 SNMP Support 4 System Log Protocol Support 4 F5 WANJet uses adaptive TCP acceleration to address the effects of distance and packet loss All application clients and servers are acknowledged locally by the F5
74. guration Example WAN Gateway and LAN Router SL1 SL2 IP Address 192 168 1 100 10 10 20 100 Local Network 192 168 1 0 24 10 10 20 0 24 Subnets VLAN 100 192 168 100 0 24 VLAN 200 192 168 200 0 24 WAN Gateway 192 168 1 1 10 10 20 1 LAN Router 192 168 1 2 N A F5 WANJet 3 1 User Guide Configuration Examples 117 Configuration Notes F5 WANQJet 3 1 This diagram represents a LAN Router configuration example where a VLAN switch connects two or more virtual networks to WANJet and WANJet is connected to the outside WAN through another router LANI has SL1 installed LAN2 has SL2 installed LAN1 is divided into two virtual networks VLAN100 and VLAN 200 A VLAN switch is acting as the router between the two LANs and between both of them and SL1 WANJet considers this VLAN switch as its gateway because it connects WANJet SL1 to its local network LAN1 WANJet sees the local network through the VLAN switch So in order for WANJet to see and process the data of the virtual LANs you have to add these LANs as subnets to LAN1 LAN1 and SL1 is connected to the outside WAN through another router that is the LAN Router User Guide 118 Configuration Examples F5 WANJet 3 1 User Guide Appendix A RMON2 Tree MIB Tree 4 Protocol Directory Tree 4 Network Layer Matrix 4 Application Data Matrix 4 Configuration Group 4 This appendix contains diagrams showing MIB tree with the standard RMON MIB and all the groups fo
75. has been applied Received Bytes other Amount of received data in bytes to which TDR has not been applied TDR efficiency Percentage of data sent across the link to which TDR has been applied The bold number at the bottom of the report gives the average figure across all remote WANJet links For more information about how TDR works please refer to Transparent Data Reduction on page 3 F5 WANJet 3 1 User Guide Monitoring Performance 59 Optimized Sessions Click on Optimized Sessions at the top of any System Information page to view all the network connections at the application layer currently being optimized by WANJet using the ACMS process Use the Operational Settings gt Optimization Policy link to specify the types of connections that are are not optimized see Optimization Policies on page 76 Note You can quickly access the Optimized Sessions report from any page in the WANJet Web UI using the Optimized Sessions link near the top of the menu bar above the Reports section The counter displayed beside this link shows the current number of optimized sessions 172 16 30 146 1061 gt 172 16 0 39 5222 172 16 1 2 172 16 30 191 1097 gt 172 16 0 39 5222 172 16 1 2 10 1 8 90 49590 10 10 10 3 49590 10 1 8 90 49591 10 10 10 3 49591 10 1 8 90 49592 10 10 10 3 49592 10 1 8 90 49593 10 10 10 3 49593 The Optimized Sessions report is divided into two sections for TCP and UDP traffic The TCP sect
76. he Reset button at the bottom right of the page The selected connections will be reset the next time that WANJet is restarted For more about the WANJet s connection interception feature refer to Connection Interception on page 8 Remote Status report The Remote Status report enables you to view the status and details of remote F5 appliances If the remote WANJet has a redundant peer the Remote Status report also displays details of the peer appliance see Redundant Peers on page 93 The Remote Status report is the first page displayed when you log in to the WANJet Web UI To view the Remote Status report e Click on Reports gt Status in the menu bar The Remote Status report opens and displays the status on of IP address alias and version of all connected F5 appliances F5 WANJet 3 1 User Guide 62 Monitoring Performance 0 192 168 190 2 Remote demo 0 3 1 w on Connection to a remote WANJet may take up to 2 minutes License Key OK The remote WANJet s license key status not entered not valid expired OK is also shown on this page Note To view the status of a remote WANJet directly after changing any of its settings wait until the local WANJet communicates with the remote WANJet This can take up to two minutes Then refresh the Remote Status report in your browser Third party reporting systems WANJet is integrated with several third party reporting systems including syslog SNMP and RMON 2 S
77. here by clicking on Customize Report beneath the report graph itself To display a throughput report 1 Click Reports gt Throughput in the menu bar 2 Select the direction of traffic by clicking Total Sent or Received Total generates reports about all the traffic that the WANJet processes Sent generates reports about only the outgoing sent data processed by the WANJet Received generates reports about only the incoming received data processed by the WANSJet 3 Next select one of the report links to display the type of data you want to see e Performance Increase e Actual Bandwidth Expansion Optimized Data Link Utilization e Overall Data By default the Performance Increase report is displayed 4 Underneath every chart are links that enable you to select the time period for which data is collected Click on the appropriate link for the time period over which you wish to view data A report for the current day is displayed by default Note The WANJet saves all the generated reports for the last hour every hour If you stopped or restarted the WANJet or any external termination occurred you will be able to access the last set of saved reports when you restart the WANJet 5 At the bottom of the page select CSV and click Download to save a copy of the report in CSV comma separated format on your local computer CSV reports can easily be imported to a database or analyzed using a spreadsheet package F5 WANJet 3 1
78. ication and click Save The WANJet will then authenticate users against its local database 2 Select RADIUS to use remote authentication with a RADIUS server A new section appears on the page allowing you to enter the server details as below If you select the RADIUS option but do not add any server details WANJet will continue to authenticate users against its local database F5 WANJet 3 1 User Guide 68 Managing the WANJet O No Remote Authentication O RADIuS 123 123 123 123 abracadabra 3 3 Add See also RADIUS Diagnostics Under Server type the RADIUS server s IP address 4 Under Secret type the server s shared secret This is a key which is used to authenticate RADIUS transactions between the client your local F5 appliance in this case and the server 5 Under Timeout type the number of seconds that WANJet should wait after sending a RADIUS request before giving up on a response from the RADIUS server We recommend using a value of 3 seconds 6 Under NRetry type the number of times that WANJet should send a RADIUS request to the server before deciding that it is not responding We recommend using a value of 3 Note If you enter a value in the Timeout field you must also enter a value in the NRetry field Ensure that both values are not too high as in that case it could take a long time to determine that the server is not responding to a login attempt This problem will be compounded if you are using
79. igure these addresses click on System Settings gt Local WANJet see Updating the Local WANJet Configuration on page 86 When you display the Diagnose IP page WANJet also pings the local gateway to determine whether it is reachable and shows the results on this page F5 WANJet 3 1 User Guide 42 Monitoring Performance Bridge diagnostics The Diagnose Bridge page displays details of the internal connectivity or bridge between the F5 appliance s two Ethernet interfaces To diagnose bridge connectivity 1 Click on Reports gt Diagnostics in the menu bar 2 Onthe Diagnostics page click on Connectivity gt Bridge to display the Diagnose Bridge page WANJet gateway 172 16 30 70 MAC Address 00 0B 6A 53 A1 66 Bridge Ethernet interfaces eth0 ethl The gateway is connected to ethl WAN This page shows the IP address and MAC address of the WAN gateway used by the local F5 appliance together with the Ethernet interfaces that are linked by the bridge WANJet QoS does not work unless the Ethernet interfaces are connected properly e Interface eth0 should be connected to the LAN switch or router Interface eth1 should be connected to the WAN gateway Ethernet diagnostics The Diagnose Ethernet page displays details about the local F5 appliances s Ethernet interfaces To diagnose Ethernet connectivity 1 Click on Reports gt Diagnostics in the menu bar 2 On the Diagnostics page click on Connecti
80. ink To add a new WAN link to WANJet 1 Expand the Operational Settings section of the menu bar and click on Application QoS 2 On the Application QoS page click on the Add WAN Link button The Manage the Application QoS Settings of a WAN Link page is displayed in a browser pop up e https 172 16 30 80 10000 Manage the Application QoS Settings of a WAN Link Mozilla Fir la WAN Link Alias WAN1 Link Bandwidth 2000 kb s m Default 100 100 oK _cancel Done 172 16 30 80 10000 9 Note You can add a link to a network that does not have WANJet installed In that case the application QoS policy is applied to the traffic sent to it from your local WANJet Enter the name you choose for the new WAN link in the WAN Link Alias field 4 Enter the bandwidth size of the link between the local WANJet and the WAN network in the Link Bandwidth field and then select the units from the adjacent drop down list 5 Click OK to return to the Application QoS page where the new WAN link is now displayed 6 Click Save The Application QoS page refreshes and your changes are saved F5 WANJet 3 1 User Guide Service Policy Configuration 107 Editing and deleting WAN links To edit or delete a WAN link 1 Click on Operational Settings gt Application QoS in the menu bar 2 Click on the link in the Alias column corresponding to the WAN link that you wish to edit or delete The Manage the Applicati
81. ion contains the following information Local IP IP address and port of the local machine Direction Direction of optimized data traffic flow A right arrow gt indicates that the direction is from the local machine to the remote machine A left arrow lt indicates that the direction is from the remote machine to the local machine Remote IP IP address and port of the remote machine WANJet IP IP address of the remote WANJet appliance handling the optimized session The UDP section contains just two columns giving the IP address and port number for each UDP session s source and destination F5 WANJet 3 1 User Guide 60 Monitoring Performance Passthrough Sessions Click on Passthrough Sessions at the top of the System Information page to view a list of all open passthrough sessions A passthrough session is a network connection at the application layer for which traffic is not optimized by WANJet but allowed to pass through the appliance untouched Use the Operational Settings gt Optimization Policy link to specify the types of connections that are are not optimized see Optimization Policies on page 76 Note You can quickly access the Passthrough Sessions report from any page in the WANSJet Web UL using the Passthrough Sessions link near the top of the menu bar above the Reports section The counter displayed beside this link shows the current number of passthrough sessions See also Optimize Eligible Connection
82. ities gt probeSoftwareRev p probeHardwareRev gt probeDateTime F5 WANQJet 3 1 User Guide Appendix B WANJet Errors WANJet Error Messages and Codes 4 This appendix includes the list of errors that a WANJet may send to its associated SNMP server and or Syslog server In addition you can view this list of errors through the Diagnostic Log option in the Web UL F5 WANJet 3 1 User Guide 124 WANJet Error Messages and Codes WANJet Error Code Error Message Component 1000 to 1002 Configuration errors Optimization Engine 1003 to 1005 Initialization error 1006 to 1007 Internal errors 1100 to 1103 Internal error Packet Processor 1150 Maximum number or ACM5 connections reached 1200 to 1201 Configuration errors ACM5 1202 to 1203 Initialization error 1204 to 1207 Internal errors 1209 Link down with Proxy IP 1210 Link up with Proxy IP 1211 Authentication failed with Proxy IP 1212 Error Connection from unauthorized proxy Proxy IP 1213 Internal error 1214 Error This version f is incompatible with Proxy IP version f 1215 Error License expired on 01 01 2004 1250 Version f up and running 1251 Internal error 1252 Warning License Limit Exceeded 1253 Warning Invalid license key Bandwidth optimization off 1254 Warning License key not entered Bandwidth optimization off 1255 Warning x day s remain s for the evaluation license key to expire 1256 Warning WANJet is activated fo
83. k OK to return to the Manage the Application QoS Settings of a Remote WANJet page Click OK again to return to the Application QoS page Click Save The Application QoS page refreshes and your changes are saved Editing and deleting application QoS policies To edit or delete an application QoS policy from a remote WANJet l EN F5 WANQJet 3 1 Go to the Application QoS page shown on page 103 Click on the IP address of the remote WANJet On the Manage the Application QoS Settings of a Remote WANJet page click on the link for the application QoS policy that you wish to edit or delete On the Application QoS Policy page you can edit the settings as described in Adding an Application QoS Policy to a Remote WANJet on page 103 or click Remove to delete the policy Click OK on both the Application QoS Policy page and the Manage the Application QoS Settings of a Remote WANJet page On the main Application QoS page remember to click Save or your changes will be lost User Guide 106 Service Policy Configuration Managing WAN Links The WAN Links feature enables you to add an application QoS policy to the traffic passing through the local WANJet and going to a remote network whether or not the remote network has WANJet installed In this way the WANJet enables you to manage and manipulate the bandwidth size for all the traffic transferred through your local WANJet regardless of the processing mode of this traffic Adding a WAN L
84. ken as the first part of the address before the symbol and use your company s domain name as the second part of the address e g WJ_NewYork acme com SMTP Server IP The IP address not the domain name of an SMTP mail server accessible from the WANJet appliance that can forward this email F5 WANJet 3 1 User Guide Advanced Configuration 99 SMTP Server Port The port on the mail server to which the SMTP request for the email alert will be sent Note The normal port used by SMTP is 25 However the default port used by the WANJet for email alerts is 443 normally used by SSL traffic This is because traffic to port 443 is more likely to be allowed through a firewall You should ensure that the mail server specified in the SMTP Server IP field is set up to forward traffic on port 443 to port 25 Enabled Select this checkbox to enable the automatic emailing of system snapshots Email alerts are disabled by default but it is recommended that you enable them after filling in the details in the fields listed above Before enabling email alerts you should use the Test Me button to test whether the WANJet can access the mail server and send the email You can send a simple test message create a new system snapshot to send or send all past system snapshots Sending a test message is advisable because the WANJet will not attempt to resend failed emails F5 WANJet 3 1 User Guide 100 Advanced Configuration F5 WANJet 3 1 User Guide
85. lex Half Duplex The interface s current status Link ok Link error Any errors raised by the interface both reception RX and transmission TX errors are shown e reception errors are further broken down into dropped packets overruns and frame errors e transmission errors are broken down into dropped packers overruns carrier errors and collisions Other information The following information is also shown on the main System Information page The numbers of TCP passthrough packets travelling through WANJet from the LAN to the WAN and from the WAN to the LAN since the appliance started or since counting was last reset The numbers of UDP passthrough packets travelling through WANJet from the LAN to the WAN and from the WAN to the LAN since the appliance started or since counting was last reset Your WANJet serial number which you may need in order to obtain a FS WANJet license key F5 WANJet 3 1 User Guide 54 Monitoring Performance Links to other reports At the top right of every System Information page there are links to the individual System Information reports as follows Report Describes Qos Remote networks that have WANJet QoS policies assigned to them VLANs Virtual LANs supported by the local WANJet WANJet Links Links to remote F5 appliances TCP Statistics Number of TCP segments retransmitted due to timeouts TDR Stats Statistics about TDR Transparent Data Reduction caching Optimized
86. lications such as VoIP telephony Configuring Specific Ports To set the processing mode for a particular port or range of ports 1 Expand the Operational Settings section of the menu bar and click on Optimization Policy 2 Select the IP address of the WANJet to which you are connecting from the Remote WANJet drop down list 3 Click on the third Add button circled in the screenshot below underneath the TOS Priority column Local WANJet WANJet 172 16 30 80 Include WANJet Subnet Y 172 16 30 0 24 Add Remote WANJet test0_2 192 168 240 2 x Reset _ j Y 192 168 240 0 24 __ Add TCP 20 Active FTP data ACMS Y N N TCP 25 Smtp ACMS Y N N N TCP 80 Http ACMS Y N N N TCP 110 Pop3 ACMS y N N N TCP 220 Imap3 ACM5 Y N N N TCP 443 Https ACM5 N N N N TCP All other ports Passthrough N N N N UDP All ports Passthrough N N A N A NA Cats D Note Click Save to apply the changes Changes will not be reflected until the operation is completed _ Save Cancel The Add Port Service Name form opens in a browser pop up F5 WANJet 3 1 User Guide 80 https 172 16 30 80 10000 Add Port S Advanced Configuration Protocol tcp upp O Service Name Select v From Port to Processing Mode acms Y TOS Priority Preserve v TDR 1 M TDR 2 Encryption C Connection Intercept OK Cancel Done 172 16 30 80 10000 2 F5 WANQJet 3 1 You can sel
87. lick OK to save them or to delete the policy click Remove F5 WANQJet 3 1 User Guide Service Policy Configuration 103 Application QoS Policies The Application QoS feature helps you obtain better network performance by dedicating bandwidth to specific network traffic At the same time you can ensure that providing sufficient bandwidth one or more data flows does not handicap the transmission of other data flows The Application QoS polices can handle different types of services Fundamental services the basic protocols supported by your network IT service policies tailored services that include different types of traffic see page 102 Under Operational Settings on the menu click on Application QoS The Application QoS page is displayed 192 168 240 2 testO_2 N A Add WAN Link Save Cancel Adding an Application QoS Policy to a Remote WANJet To add a policy to a remote WANJet 1 Go to the Application QoS page shown above 2 Click on the link of the remote WANJet to which you want to assign an application QoS policy The Manage the Application QoS Settings of a Remote WANJet page opens in a browser pop up F5 WANJet 3 1 User Guide 104 Node Type WANJet IP WANJet Alias Link Bandwidth Supported Subnet Service Policy Configuration 192 168 240 2 test0_2 256 kb s m Netmask 192 168 240 0 255 255 255 0 Connection Service Name Intercept
88. livery of mission critical data Utilizing WANJet Application QoS policies enables you to downsize the bandwidth consumed over low importance network activities and at the same time prioritize important and critical data transfer This way you are confident that your bandwidth is optimally used for the transfer of the data that is most important to you F5 WANJet 3 1 User Guide Introduction 5 In addition the WANJet provides high quality of service with applications that are sensitive to delays by supporting the Voice over Internet Protocol VoIP See Application QoS Policies on page 103 for more details Type of Service The Type of Service feature aims at providing the highest quality of data delivery through prioritizing the delivery of one data stream over another The WANJet deploys the Type of Service methodologies giving you control over your data streams You decide which data stream should get to the receiver first by using the Type of Service feature to assign a priority to data traffic using a specific port This means that the data using a specific port is transferred according to its priority For example you can decide to give the HTTP traffic the lowest priority while giving the FTP traffic the highest priority You can assign priorities from 0 to 7 where 0 is the lowest priority and 7 is the highest You can assign the same priority such as priority 7 to multiple protocols SNMP Support SNMP Simple Network Manag
89. ll be retransmitted by the source host High levels of these retransmitted segments can indicate network problems Therefore the Web UI includes a report which tracks their changing numbers The blue line in this graph indicates the number of TCP segments which often correspond to IP packets that had to be retransmitted per second F5 WANJet 3 1 User Guide 58 Monitoring Performance Receive queue packets pruned This graph represents the number of segments pruned from the TCP receive queue due to socket overrun This may happen if the TCP receive buffer is too large on the receiving host The optimal buffer size is twice the product of the bandwidth and the delay see http www didc bl gov TCP tuning background html TDR Stats TDR Transparent Data Reduction is a new feature in the F5 WANJet version 3 1 which further enhances network optimization by caching the contents of frequently accessed files in memory Click on TDR stats at the top of any System Information report page to display statistics for TDR optimization 192 168 240 2 0 0 0 0 0 00 0 00 The TDR Stats report contains the following information WANJet IP IP address of the remote WANJet Sent Bytes TDR Amount of sent data in bytes to which TDR has been applied since this WANJet link became active Sent Bytes other Amount of sent data in bytes to which TDR has not been applied Received Bytes TDR Amount of received data in bytes to which TDR
90. ll display the Edit VLAN page in a browser pop up in which you can change any of the VLAN information or use the Remove button to delete it When you remove a VLAN from a local WANJet you must also remove it from the list of subnets supported by that WANJet Managing Remote WANJets In order to optimize data sent over a network link a pair of F5 appliances each running the WANJet software are needed A remote WANJet reverses the optimization process for data sent from the local WANJet In order for this to happen however the local WANJet must be made aware of the remote WANJet using the Web UI If you do not specify a remote FS appliance to receive the processed data network traffic will pass through the local WANJet without being optimized On the Remote WANJets page you can change the settings of each remote WANJet that is linked to the local WANJet You can also use the Login link to bring up the Web UI for a remote WANJet and configure it as if it were a local appliance 192 168 190 2 Remote demo 0 3 1 3 3701 Login Note Click Save to apply the changes Changes will not be reflected until the operation is completed Add _ Save _ Cancel Note Always click Save after making any changes to remote WANJet configuration or your changes will be lost F5 WANJet 3 1 User Guide Advanced Configuration 91 Adding a Remote WANJet To link a remote WAN Jet to the local appliance I 2 F5 WANQJet 3 1 Expand th
91. match this value To reset the NIC configuration link speed and duplex value for a WANJet port see Updating the NIC Configuration on page 94 Note F5 strongly recommends that if you force the link for one of the WANJet ports you force the link for both ports This prevents any link problems in pass through mode if power to the WANJet device is lost F5 WANJet 3 1 User Guide Chapter 4 Monitoring Performance Real Time Traffic report 4 Connection Activity report 4 Throughput reports 4 Diagnostics 4 System Information reports 4 Remote Status report 4 Syslog reports 4 SNMP reports 4 RMON2 Reports 4 The WANJet Web UI includes many different reports that you can use to monitor your F5 appliance s status connectivity and performance Most reports fall into one of three categories Throughput Diagnostics or System Information You can access reports in these categories by clicking on the appropriate link in the Reports section of the menu bar and selecting a detailed report name in the page that is then displayed Three other reports Real Time Traffic Connection Activity and Remote Status are important enough to have their own links in the menu bar Note To ensure accurate reports synchronize WANJet time regularly to update your appliances time settings and ensure that the reports time settings are adjusted You can do this using the System Settings gt Time option see WANJet time settings on page 69 This
92. mit access to the Web UI Allow all addresses 192 168 100 50 a 192 168 100 75 O allow listed addresses 192 168 100 66 O Deny listed addresses The default setting is Allow all addresses so that any machine on your network can access the Web UI With this setting you can restrict access by creating a password for the Web UI and providing this password only to approved personnel See Changing the WANJet Web UI password on page 66 To provide an additional layer of security you can restrict the machines allowed to access the Web UI using their IP addresses as identification Choose one of the following two options and enter the IP addresses of the machines or subnets in the text box F5 WANJet 3 1 User Guide 96 Advanced Configuration Allow Listed Addresses Enables the machines or subnets that you specify in the text box to access the appliance and the SNMP reports residing on it At a minimum specify the IP addresses for your SNMP server to be able to see SNMP and RMON reports refer to Configuring Syslog and SNMP Settings on page 96 your Syslog server to be able to see Syslog data refer to page 96 the machine from which you are currently accessing the Web UI through a browser any other machines from which you want to manage WANJet or the WANJet using the Web UI Deny Listed Addresses Prevents the machines or subnets that you specify in the text box from accessing the appliance or SNMP reports All
93. more than one RADIUS server 7 Click Add to store the server s details to the page The details are not stored permanently until you click on Save You can specify multiple RADIUS servers in which case user authentication will be required from one of them rather than from all of them Once server details have been added the only way to edit them is to click on Delete and then add new details 8 Click Save The Remote Authentication page refreshes and the RADIUS server details are saved to WANJet When WANJet is set to use remote authentication you can click on RADIUS Diagnostics to view the RADIUS Status diagnostic report See RADIUS status on page 45 for details of this report Refer to http Awww ietf org rfc rfc2865 txt for technical information on the RADIUS protocol F5 WANJet 3 1 User Guide Managing the WANJet 69 WANJet time settings Time management in the WANJet involves setting the time zone and synchronizing all linked FS appliances When you click on System Settings gt Time the page that appears is divided into three sections Timezone allows you to set the time zone and the first day of the week see below Time Server allows you to select a server for automatically synchronizing your F5 appliances see page 70 Time allows you to set the current time manually see page 70 America Montserrat A America Nassau _America New_York America Nipigon America Nome Current location R First Day o
94. n 26 04 32 01 WANJet NtClOS Warning License key not entered Bandwidth optimization off Jun 26 04 36 01 WANJet NtClOS Warning License key not entered Bandwidth optimization off Jun 26 04 40 02 WANJet NtCIOS Link up with Test2 192 168 240 2 At any time you can clear the diagnostic log in order to delete all the error logs and report data To clear the diagnostic log 1 Click on the Clear Logs link at the top right of the Diagnostics page A warning message appears to let you know that all data saved to the error and report logs will be deleted 2 Click OK if you want to delete the logs Otherwise click Cancel To download a system snapshot 1 Click on the System Snapshot link at the top right of the Diagnostics page Your browser will open a download window for you to save the snapshot file to your local disk 2 The system snapshot file is called snapshot gz This is a compressed plain text file if you wish to view it you will first need to extract it using a tool such as gunzip www gzip org 3 Send the compressed snapshot gz file to the F5 Customer Confidence team preferably after renaming it in the format snapshot yourcompanyname yyyy mm dd e g snapshot acme 2005 04 22 F5 WANJet 3 1 User Guide 48 Monitoring Performance Administration tools WANSJet provides a browser based user interface for three popular network diagnostic tools ping traceroute and tcpdump for packet capture To access the diagnos
95. n 27 Troubleshooting Some common problems are listed below If you cannot find your problem here please contact support swanlabs com cannot ping the F5 appliance Make sure the computer you are pinging from has a valid network connection Try pinging other known devices Go to the LCD display and make sure you have the correct IP address for the appliance I can ping the F5 appliance but cannot ping the WAN gateway Re check the cabling as described in the Quick Start guide Make sure the gateway router is connected to the WANJet WAN port with the supplied crossover cable cannot see that the WANJet is optimizing traffic or the optimization is extremely low Review your configuration of local and remote subnets at both appliances You might have heavy traffic on a subnet that is not included in WANJet s configuration Make sure you include all subnets for which traffic should be optimized My browser connection times out when attempt to access the Web UI Check that you are accessing the correct URL for the Web UI Entering just http followed by the F5 appliance s IP address will not work you need to connect to port 10000 using the secure HTTPS protocol e g https 123 123 123 123 10000 See Accessing the WANJet Web UI on page 18 cannot start the Web UI get a Page Not Found error If the F5 appliance appears to be running and you are sure you are entering its URL correctly in your web browser the
96. n States report is displayed by default You can view the other reports by clicking on the corresponding link under the graph Connection States This graph displays the current state of each TCP connection visible to the WANJet for both optimized and passthrough connections F5 WANJet 3 1 User Guide Monitoring Performance QoS VLANs WANJet Links TCP Statistics TOR stats Optimized Sessions Passthrough Sessions Connection States Connections a 8 amp 8 amp amp amp 8B a 12 00 20 12 00 30 12 00 40 12 00 50 12 01 00 12 01 10 Time B ESTABLISHED Mi TIME WAIT Bother See also Packet Retransmissions Receive queue packets pruned There are three lines representing the number of connections in various states 57 ESTABLISHED connections are those that have been successfully opened and are working normally e Connections in the TIME WAIT state are waiting for enough time to pass to be sure that the remote TCP received the acknowledgment of a connection termination request which may take up to four minutes e Other possible connection states include LISTEN SYN SENT SYN R EC EIV ED FIN WAIT 1 FIN WAIT 2 CLOSE WAIT CLOSING and LAST ACK Please refer to IETF RFC 793 http www ietf org rfc rfc793 txt for more details Packet retransmissions TCP segments that time out without being acknowledged by a destination host wi
97. n the License Key field This key can be found on the Packing List in the box in which the appliance was shipped Note If you are performing a remote upgrade and do not have the new license key you should click on Reports gt System Information to obtain the software serial number and mail this to support swanlabs com Optionally enter a name for the appliance in the WANJet Alias field Click Save to store this information to WANJet 3 If your network has multiple subnets specify the LAN router IP and add subnets If your network has multiple subnets you must set the local router IP address and add local subnets for WANJet A Check with your network administrator to find out if you need a F5 WANQJet 3 1 to specify additional subnets On the Local WANJet page the LAN Router field refers to the address of the next hop router within your LAN Enter the router s IP address and click Save Expand the Operational Settings section of the menu bar and click on Optimization Policy User Guide Initial Configuration 23 Optimization Policy Local WANJet WANJet 172 16 30 80 Include WANJet Subnet Y 172 16 30 0 24 Remote WANJet test0_2 192 168 240 2 e fresa Remote Subnet Alias Y 192 168 240 0 24 Add Protocol Service Name Processing Mode Compression Encryption Connection Tos Priority TCP All ports ACM5 Y N N 0 Low UDP All ports Passthrough N N A N A N A Ea N
98. navigating in user interface 19 network card speed 94 network layer matrix 121 NIC configuration 94 O one arm deployment 13 P packet retransmissions 57 packets by policy 55 by VLAN 55 retransmitted 56 passthrough 78 password for router 84 setting 66 path MIB tree 120 SNMP ethernet cards 128 SNMP system information 128 performance guaranteed level 4 PIN code setting 67 F5 WANQJet 3 1 139 ping no response 27 point to multi point deployment 12 point to point deployment 12 ports configuring to remote 78 identifying specific or range 79 open in firewall 14 power off 71 priority for data traffic 5 priority levels 80 probeConfig 122 problems browser times out 27 cannot ping 27 cannot ping WAN gateway 27 diagnosing 27 diagnostic reports 40 error codes 124 link LED not lighting 28 login timeout 28 page not found 27 passthrough mode 73 traffic not optimized 27 processing modes 78 protocol directory tree 120 proxy transparent 13 Q queue size 85 R Real Time Traffic report 30 recovery 72 automated 73 redundant peer described 93 example 114 remote monitoring support 6 remote WANJet adding or changing subnet 78 application QoS 103 application QoS with none 106 managing from local 90 User Guide 140 specifying to local 91 removing subnet 77 reports bandwidth freed 34 bandwidth used 37 by traffic type 32 customizing 38 overall data 36 percentage bandwidth freed 33 percentage im
99. nmpTraplist 1253 ncTrap1254 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Warning License key not entered Bandwidth optimization off ncSnmpTraplist 1254 ncTrap1255 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Warning x days remain for the evaluation license key to expire ncSnmpTraplist 1255 ncTrap1256 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Warning NetCelera is activated for evaluation for x days ncSnmpTraplist 1256 ncTrap1257 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Warning Evaluation license key expired ncSnmpTrapList 1257 ncTrap1258 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Error License violation Bandwidth optimization stopped ncSnmpTrapList 1258 F5 WANVet 3 1 User Guide 136 Logging Traps ncTrap1300 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Error Logging Error ncSnmpTrapList 1300 Speed Array Traps ncTrap1400 OBJECT TYPE SYNTAX OCTET STRING ACCESS read only STATUS current DESCRIPTION Maximum number of remote NetCelera machines reached Disabling Speed Array service for Proxy IP ncSnmpTrapList 1400 END F5 WANJet 3 1 User Guide A access allowing access by IP address 95 granting acc
100. o matter what part of the Web UI you are working in The Dashboard contains the following sections WANJet IP 172 16 30 80 e IP address of the local F5 appliance WANJet Links Active 1 1 22 08 58 up 34 min e The number of links to remote WANJet appliances Optimized Sessions 0 together with the number that are in active mode A Passthrough Sessions 1 green light is shown if all links are active a red light if none are active and a yellow light if only some are active Click on the word Active to display the Remote Status report see page 61 which contains more information about each link e The current time on the F5 appliance and the length of time for which the local WANJet has been active in days hours and minutes e The number of WAN sessions to which ACM5 optimization is currently being applied This links to the Optimized Sessions see page 59 The number of WAN sessions for which traffic is being allowed to pass through the F5 appliance without optimization This links to the Passthrough Sessions see page 60 F5 WANJet 3 1 User Guide Initial Configuration 21 Basic WANJet Configuration Note If the basic configuration steps detailed in the Quick Start guide have already been completed you can skip the steps in this section WANJets must be configured in pairs Perform these steps for both appliances in your network that is both sides of the WAN link You can perform the configuration functions
101. on QoS Settings of a WAN Link page is displayed in a browser pop up This is identical to the page shown on page 106 except that a Remove button is also present On this screen you can also add a new application QoS policy which works just like adding a policy for a remote WANJet as described on page 103 Click Remove to delete the link or edit the settings and click OK to save your changes 4 You must click Save on the main Application QoS page for the new WAN link to be permanently added to the system Adding a Subnet to a WAN Link You can add subnets or machines to any ofthe WAN links you previously added This way you can make use of the application QoS policies with more nodes computers subnets networks To add a subnet to a WAN link 1 Click on Operational Settings gt Application QoS in the menu bar 2 Inthe Application QoS page see page 103 click on the link in the Alias column corresponding to the appropriate WAN link You can also add a subnet as part of the process of adding the WAN link 3 Inthe Manage the Application QoS Settings of a WAN Link page see page 106 click on the first Add button next to the Alias column The Add Subnet page opens in a browser pop up Z Add Subnet Microsoft Internet Explorer 5 xj Supported Subnet Netmask 255 255 255 255 Machine s Alias OK Cancel 4 Enter the IP address of the machine or subnet you want to add in the Supported Subnet field F5
102. onsole connected to the F5 appliance s serial port all other configuration is performed using a browser based utility You can access this utility called the Web UI from any machine that can run a web browser and has a network connection This chapter describes how to log on to the WANJet Web Ul and perform the basic configuration needed for the WANJet to begin processing your traffic This basic configuration is also covered in the Quick Start guide that shipped in the box with your E5 appliance If the basic configuration steps have already been completed you do not need to repeat them F5 WANJet 3 1 User Guide 18 Initial Configuration Accessing the WANJet Web UI Use the Web UI for all WANJet configuration To log on to the Web UI for a particular F5 appliance 1 Start a web browser and use HTTPS and port 10000 to access the Web UI For example if the IP address of the appliance is 192 168 168 102 go to https 192 168 168 102 10000 Tip If your web browser cannot access the Web UI it is possible that Web UI access has been restricted You can grant access through the console by specifying the IP address of the machine your browser runs on Once you have access you can use the Web UI to change the list See Granting Access to WANJet Web UI on page 95 Please enter User Name and Password User Name admin 2 When the Welcome to WANJet version 3 1 3 page appears type admin as the username and enter the default Passwo
103. oring Performance 41 Connectivity Connectivity information is broken up into the categories of IP Bridge Ethernet and Remote WANJets which you can view by clicking on the corresponding links beneath the Connectivity link on the Diagnostics page Tip When you click on Connectivity itself all four categories of information are displayed on a single web page handy for printing out IP diagnostics The Diagnose IP page displays technical details of the local F5 appliance s IP configuration To diagnose IP connectivity 1 Click on Reports gt Diagnostics in the menu bar 2 On the Diagnostics page click on Connectivity gt IP to display the Diagnose IP page WANJet IP address 172 16 30 80 WANJet netmask z 255 255 255 0 24 WANJet gateway 172 16 30 70 WANJet address is valid WANJet netmask is valid WANJet gateway is valid Pinging gateway 172 16 30 70 Gateway 172 16 30 70 is reachable It responds to pings The following information is displayed on this page The IP address of the local FS appliance The netmask of the local subnet which determines how much of the address identifies the subnetwork on which the WANJet host resides and how much identifies the host itself The IP address of the WAN gateway used by the local F5 appliance For each of the local IP address subnet mask and gateway address this page shows whether the address is valid according to the Internet Protocol standards To conf
104. orking network connection between source and target For example a firewall might be blocking ICMP requests from reaching the target host but allowing some other network traffic through For more information about the ping tool see http en wikipedia org wiki Ping F5 WANJet 3 1 User Guide 50 Monitoring Performance Traceroute The traceroute utility is used to plot the route that packets take to a target host It can thus be helpful in determining the location of any network disruption Traceroute works by incrementing the TTL time to live value of successive packets sent out TTL values are decremented as packets pass through intermediate hosts known as hops When the TTL reaches a value of 1 a time exceeded message is sent back to the source host the host on which traceroute is running By examining the origins of these messages the path that packets take to the target can be reconstructed Parameters By default WANJet provides the following parameters for traceroute v lt IP address of target host gt As with the ping tool the default target is the gateway for the local subnet Experienced users can change these parameters using the text box provided Output The page displays the following output The IP address of the target host the maximum number of hops that is the maximum TTL and the size of the packets sent out A list of hosts through which packets are passing together with the round trip time taken
105. ormation is shown MAC Media Access Control Address a unique identifier attached to most forms of networking equipment and used by many network protocols e IP Address this is only available if the device has communicated directly with the WANJet e Interface etho0 if the device is connected to the local WANJet via the LAN eth1 if it is connected via the WAN e Local this column reads Yes for the F5 appliance s own internal network devices that is its two Ethernet interfaces F5 WANJet 3 1 User Guide Monitoring Performance 47 Diagnostic Log You can view a log containing status information and errors that the WANJet records during a session This diagnostic log keeps you up to date and helps you resolve any problems you might face while working with the WANJet You can also download a system snapshot which provides information that the F5 Customer Confidence team can use to debug problems Using the Web UI you can display the diagnostic log and download the system snapshot as a zipped text file to your hard disk You can also clear all the data in the diagnostic log To view the diagnostic log 1 Click on Reports gt Diagnostics in the menu bar 2 On the Diagnostics page click on Diagnostic Log A few example messages from a log are shown below Jun 26 04 30 01 WANJet NtClOS Version 3 1 1 up and running Jun 26 04 30 01 WANJet NtClOS Warning License key not entered Bandwidth optimization off Ju
106. ote Click Save to apply the changes Changes will not be reflected until the operation is completed c Ensure that the Include WANJet Subnet checkbox is selected Leave this box checked unless there is a reason not to optimize traffic from the subnet that includes WANJet A d Click the Add button next to the Local Subnet section The Add Subnet page opens in a browser pop up Local Subnet 175 16 2 0 Netmask 255 255 255 0 Alias Subnet A O Enabled O Disabled _ _ _ _ _ __ __ Done 172 16 30 80 10000 e Enter the IP address of the subnet in the Local Subnet field The address can use a shorthand format to provide both the subnet address and the subnet mask XXX XXX XXX xxxX nn e g 175 16 2 0 24 F5 WANJet 3 1 User Guide 24 j Initial Configuration The 24 means that the first 24 bits of the address must match the local subnet address and the address of any host in the subnet is defined by the last 8 bits of the address For example 175 16 2 6 is a valid address for this subnet Enter the subnet mask in the Netmask field for example 255 255 255 0 If you entered the subnet address in the nn format the corresponding subnet mask is automatically filled in for you Enter a string to serve as a name for the subnet in the Alias field for example Subnet A Select the Enabled radio button Click OK to return to th
107. other machines on your network are granted access to the appliance and the SNMP reports residing on it If a machine that has not been granted access to the Web UI attempts to access it through a browser the browser returns a 404 Page Not Found error page Configuring Syslog and SNMP Settings Under System Settings on the menu click on Syslog and SNMP You can specify which servers you want to retrieve Syslog SNMP and RMON2 reports whether RMON2 data is gathered before or after the WANJet processes it and the community string for viewing SNMP reports Syslog Server IP 10 0 8 1 O Application Oall SNMP Server IP 10 0 8 11 F5 WANJet 3 1 Enable RMON2 Logs O Raw Data O WANJet Data Community String WANJet SNMP Community String is used by SNMP clients SNMP queries are available to the clients specified in the IP Access Control User Guide Advanced Configuration 97 F5 WANQJet 3 1 Check the Syslog Server IP box and enter the IP address of the server that receives WANJet Syslog data e Select Application to store only the application error log on this server e Select All to store all error logs on this server Check the SNMP Server IP box and enter the IP address of the SNMP server to which the WANJet sends error messages For more information on viewing SNMP reports see SNMP reports on page 62 Check the Enable RMON2 Logs box if you want to view RMON2 data Choose either Raw WANJet to view RMON2 logs from befo
108. our LAN see Redundant Peers on page 93 F5 WANJet 3 1 User Guide 44 Monitoring Performance To configure the Ethernet interfaces speed and duplex settings click on System Settings gt NIC Configuration in the menu bar see Updating the NIC Configuration on page 94 Note For WANJet to work correctly the speed and duplex setting of the LAN and WAN interfaces should be the same The Diagnose Ethernet page confirms if that is the case and displays a warning if it is not Remote WANJet diagnostics The Diagnose Remote WANJets page displays details about the remote F5 appliances that are connected to the local appliance To diagnose remote WANJets 1 Click on Reports gt Diagnostics in the menu bar 2 On the Diagnostics page click on Connectivity gt Remote WANJets to display the Diagnose Remote WANJets page Local WANJet version 3 1 1 Local WANJet is active Remote WANJets 1 IP Address 192 168 240 2 WANJet type Single Tunnel status up Version 3 1 1 Versions are equal Pinging 192 168 240 2 WANJet 192 168 240 2 responds to pings Trying to connect to port 3701 on 192 168 240 2 Connection to port 3701 on 192 168 240 2 was successful For each remote F5 appliance this page shows IP address WANSet type this will be Single if there is no redundant peer at the remote end tunnel status up if the remote WANJet is currently active e software version number this is compared
109. proved 33 QoS data 55 RMON2 63 select time period 32 SNMP 62 syslog 62 system information 52 traffic reduction 35 VLAN data 55 restart autorecovery 73 restarting 71 restoring settings 72 retransmitted packets 56 57 RMON2 access to reports 95 application data matrix 121 configuration group 122 description of support 6 MIB tree 120 network layer matrix 121 protocol directory tree 120 viewing reports 63 round trip time 85 S security PIN code 67 router password 84 Web Ul password 66 servers SNMP 96 syslog 8 service policies IT 102 F5 WANQJet 3 1 Index QoS 4 setting time 69 shutting down 71 size application buffer 85 queue 85 snapshots of system 40 SNMP access to reports 95 description of support 5 ethernet cards information 128 MIB file 129 RMON2 6 specifying server 96 system information 128 viewing reports 62 static routes specifying 94 subnet of WAN link deleting 108 editing 108 subnets adding to WAN link 107 changing 77 defining to local 88 defining to WANJet 76 specifying to remote 78 support contacting F5 v downloading diagnostic logs 47 synchronizing time 70 syslog description 8 IP address of server 96 reports 62 viewing reports 62 system information report 52 system snapshot 47 system snapshots 40 T TDR 82 time setting 69 setting manually 70 User Guide Index time period for reports 32 time server to synchronize 70 time zone 69 topology 12 LAN or WAN 83 set option
110. r both RMON1 and RMON2 F5 WANJet 3 1 User Guide 120 MIB Tree n i Senne D 558 09020000000L LULLLLLLLLLLLLELLLLL i BU pS 3865 Dii Ei E ity hostT opi y E gt prey Protocol Directory Tree B protocolDir protocolDirLastChange E Y protocolDirT able B E protocolDinEntry ptotocolDidD protocoDiParameters protocolDirMatrixConfg protocolDirO wner protocolDirStatus F5 WANJet 3 1 User Guide 121 Network Layer Matrix oa niM atrix 8 a SN E she i H E hiMatrisControlT able S WM staContolatsSource Eq hiMatrixControlEntry HM ar orah Diooped races a niMatrixSDT able bd aidons B niMatrisSDEntry te E niMatrisDST able Amato nerds B niMatrisDSEntry oo Pi Ge Ho elon Deistes a A M well econ edie init gt Ha ConolO ner gt hi atontsol totus SH MarS Erby SHE Mss DEn neds Tinea rMarn DTmedak Mans Sostelddes rid strocS DS ourcetddress BnD GDesttuddess Mamo DDest ddess ns DEP E nani DP ke IS Manises sl sie Tme rMan DCreateT me Application Data Matrix alMatrix alMatrixSDT able salMatrixSDEntry SD alMatrixSDTimeMark g alMatrixSDPkts g alMatrixSDOctets alMatrixSDCreateTime alMatrixD ST able E alMatrixDSEntry g alMatixDSTimeMark SD alMatrixDSPkts alMatixDSOctets alMatrixDSCreateTime F5 WANJet 3 1 User Guide 122 Configuration Group probeConfig p probeCapabil
111. r clock showing hours minutes and seconds to the nearest ten seconds the blue line represents passthrough traffic going from the LAN to the WAN The yellow line represents passthrough traffic going from the WAN to the LAN F5 WANJet 3 1 User Guide 40 Monitoring Performance Diagnostics The Diagnostics section allows you to access a range of useful information from IP addresses to error log files to the results of popular network analysis tools Click on Reports gt Diagnostics in the menu bar to display the initial Diagnostics page Connectivity Clear Logs IP System Snapshot Bridge Ethernet Remote NetCeleras RADIUS status Bridge Forwarding Database Diagnostic Log Administration tools You can then click on any of the following links Connectivity Displays information about the local WANJet s IP bridge and Ethernet configuration and about connectivity to remote WANJets RADIUS status Displays details of any RADIUS remote authentication servers known to the local WANJet Bridge Forwarding Lists the MAC addresses and corresponding IP addresses if available Database of any network devices known to the local WANJet Diagnostic Log Allows you to download a log file containing all the errors encountered during the current session Administration tools Displays an online interface to the ping traceroute and tcpdump tools which are commonly used for diagnosing network problems F5 WANJet 3 1 User Guide Monit
112. r evaluation for x days F5 WANJet 3 1 User Guide 125 WANJet Error Code Error Message Component 1257 Warning Evaluation license key expired ACM5 1258 License violation Bandwidth optimization stopped 1259 Cannot complete the remote upgrade Not enough free space 1300 Logging error Logs 1420 WCCP ServiceGroup TCP is up WCCP 1421 WCCP ServiceGroup UDP is up 1422 WCCP ServiceGroup TCP is down 1423 WCCP ServiceGroup UDP is down 1424 WCCP Configuration Error 1425 WCCP Runtime Error 1426 WCCP is not enabled on the router F5 WANQJet 3 1 User Guide 126 F5 WANJet 3 1 User Guide Appendix C WANJet Private MIB System Information 4 Ethernet Cards Information 4 MIB File 4 This appendix contains the WANJet Private MIB file in case you need it All you have to do is to copy this file to your SNMP compliant software and compile it Refer to the documentation of your SNMP compliant software for instructions F5 WANJet 3 1 User Guide 128 System Information The system related information path 1so org dod internet private enterprises 13993 1 3 6 1 4 1 13993 The system related information description TotalSentBandwidthSavingPercent TotalRecvBandwidthSavingPercent TotalSentBeforeNetCelera TotalSentAfterNetCelera TotalRecvBeforeNetCelera TotalRecvAfterNetCelera LastSentBandwidthSavingPercent LastRecvBandwidthSavingPercent LastSentBeforeNetCeleraRat LastSentAfterNetCeleraRat LastRecvBeforeN
113. r from the Host Address drop down list e Alternatively select User Specified and enter the IP address of your preferred time server Click on Syne time to save your changes Repeat this step in the Web UI for every F5 appliance that you are using Setting the time manually You can adjust the time on your F5 appliances manually through the Web UI instead of synchronizing with a time server To set the date and time manually 1 2 F5 WANQJet 3 1 Expand the System Settings section of the menu bar and click on Time In the Time section select the current Day Month Year Hour Minute and Second from the drop down lists provided Click on Set time to save your changes Repeat this step in the Web UI for every F5 appliance that you are using User Guide Managing the WANJet 71 Shutting down and restarting a WANJet appliance Shutting down WANJet stops all data processing You can shut down or restart using either the Web Ul or the LCD on the appliance Warning Be sure to notify your users before shutting down or restarting a F5 appliance as network performance will be affected To shut down via the Web UI 1 Expand the System section of the menu bar and click on Shutdown 2 On the Shutdown page click on Shutdown WANJet A confirmation dialog appears Click OK if you wish to shut down your F5 appliance Otherwise click Cancel To shut down via the LCD panel 1 On the F5 appliance s front LCD panel
114. rd of swanlabs unless this has been changed by a local administrator Note Please change the default password to something more secure at your earliest opportunity See Changing the WANJet Web UI password on page 66 for details of how to do this 3 Click Log On If you like you can select Save password so that you do not have to type in the username and password again Only do this if you are the only person who uses your current user account on the computer Tip You will not be able to access WANJet using the Web UI unless you use HTTPS over port 10000 for example if you attempt to access the correct IP address using the browser defaults of HTTP over port 80 F5 WANJet 3 1 User Guide Initial Configuration 19 The Web UI start page appears Your F5 WANJet appliance is now online E 9 8H O Aronet el WAN Jet 1P 172 15 30 00 WANJet Links Active 1 1 16 17 50 up 19 49 Optimized Sessions 0 Passthrough Sessions 4 Tuning System Settings oystem E WaNJet WANJet Mozilla Firefox Beta 1 Joey Ele Eat Yew Go Bookmarks Tocs tep Status x When you first log on the Remote Status page is displayed in the main browser frame This page displays a quick summary of the status IP address alias and software version of connected WANJet appliances Refer to Remote Status report on page 61 for more details Note When you log into the Web UI for a WANJet appliance the Web UI treats this
115. re the WANJet processes your traffic WANJet Data to view RMON2 logs after the WANJet processes your traffic For more information on viewing RMON2 reports refer to RMON2 Reports on page 63 In the Community String field enter the shared community string needed to access the SNMP reports on WANJet Click Save The Syslog and SNMP page refreshes and your changes are committed to WANSet User Guide 98 Advanced Configuration Email alerts The Email alert page allows you to receive system snapshots by email An email containing logged information is automatically sent to a specified email address in the event of system failure For information on how to download system snapshots directly refer to Diagnostic Log on page 47 To configure email alerts go to the System Settings section of the menu bar and click on Email alert To Email address support swanlabs com From Email address jadmin 172 16 30 80 SMTP Server IP 204 147 176 53 SMTP Server Port 443 Enabled O Simple Test v TestMe This page contains the following fields To Email Address The address to which the system snapshot is sent By default emails are sent to support swanlabs com From Email Address The address from which the email alert will appear to be sent This need not be an actual email account but should look like a valid address in order to pass through spam filters A good rule of thumb is to use the alias of the WANJet from which the snapshot was ta
116. s E This value may be plotted to create a chart ncStatistics 7 LastRecvBandwidthSavingPercent OBJECT TYPE SYNTAX NTEGER ACCESS read only STATUS current DESCRIPTION Percent bandwidth saving on the traffic received from other NetCelera boxes during the last five minutes This value may be plotted to create a chart si gt neStatistics 8 LastSentBeforeNetCeleraRate OBJECT TYPE SYNTAX NTEGER ACCESS read only STATUS current DESCRIPTION The rate of effective traffic sent before NetCelera This value may be plotted to create a chart ncStatistics 9 F LastSentAfterNetCeleraRate OBJECT TYPE SYNTAX NTEGER ACCESS read only STATUS current DESCRIPTION The rate of real Optimized traffic sent from this NetCelera Box to other NetCelera boxes in Kbps after NetCelera This value may be plotted to create a chart ncStatistics 10 F5 WANJet 3 1 from this NetCelera Box to other NetCelera boxes in Kbps User Guide 131 LastRecvBeforeNetCeleraRate OBJECT TYPE SYNTAX NTEGER ACCESS read only STATUS current DESCRIPTION The rate of effective traffic received from other NetCelera boxes in Kbps before NetCelera This value may be plotted to create a chart ncStatistics 11 a LastRecvAfterNetCeleraRate OBJECT TYPE SYNTAX NTEGER ACCESS read only STATUS current DESCRIPTION The rate of real Optimized traffic received from other NetCelera boxes in K
117. s 172 16 30 25 21 Ftp gt 192 168 241 3 32783 172 16 30 25 38758 gt 192 168 241 3 32784 172 16 30 25 40542 gt 192 168 241 3 22 Ssh 172 16 30 25 43438 gt 192 168 241 3 32785 172 16 30 80 3701 gt 192 168 240 2 48437 172 16 30 80 54531 gt 192 168 240 2 3701 172 16 30 80 54568 gt 192 168 240 2 3701 172 16 30 80 54569 gt 192 168 240 2 3701 172 16 30 80 54570 gt 192 168 240 2 3701 172 16 30 80 54571 gt 192 168 240 2 3701 172 16 30 140 4817 gt 192 168 240 2 22 Ssh 172 16 30 254 53 Domain 172 16 30 254 53 Domain 172 16 30 254 53 Domain 172 16 30 254 53 Domain 172 16 30 254 53 Domain 172 16 30 254 53 Domain 172 16 30 254 53 Domain 172 16 30 254 53 Domain 172 16 30 254 53 Domain 172 16 30 254 53 Domain 172 16 30 254 53 Domain 172 16 30 254 53 Domain 172 16 30 254 53 Domain 172 16 30 254 53 Domain 172 16 30 254 53 Domain 172 16 30 254 53 Domain 192 168 240 3 44311 192 168 240 3 44312 192 168 240 3 44313 192 168 240 3 44314 192 168 240 3 44315 192 168 240 3 44316 192 168 240 3 44317 192 168 240 3 44318 192 168 240 3 44319 192 168 240 3 44320 192 168 240 3 44321 192 168 240 3 44322 192 168 240 3 44323 192 168 240 3 44324 192 168 240 3 44325 192 168 240 3 44326 vyvyy yvv yvv vvv vv vvv vvv The Passthrough Sessions report is split into two lists
118. sed per second compared to what would have been used if network traffic had not been optimized Raw Data Compressed Data Bandwidth Gain Peak Performance Ratio 159 073 MB 80 935 MB 96 544 27352 Performance Increase Actual Bandwidth Expansion Optimized Data Overall Data Link Utilization 15 68 15 58 Apr 17 2805 J Effective Traffic Jf Actual Traffic Hour Day Week Month Quarter Year Customize Report Throughput summary for the last 9 day s 1 hour s Raw Data Compressed Data 159 073 MB 80 935 MB csv M dd The vertical axis indicates the amount of bandwidth in kilobits per second megabits per second and so on The blue bars represent the actual bandwidth used The bars as a whole represent the amount of bandwidth that would have been used if network traffic had not been optimized therefore the yellow bars represent the amount of bandwidth saved F5 WANJet 3 1 User Guide 38 Monitoring Performance Customizing reports You can change the appearance of the reports and the way that certain fields are displayed Reports for each type of traffic total sent and received can be customized individually Under Reports on the menu select Total Sent or Received On the report page click on the Customize Report link The Data Report Customization page is displayed Please select the information to be displayed in the total data view Raw Data v Compressed Data v Here you can
119. ser Guide Installation 13 As in the case of the point to point topology WANJet processes traffic that matches user specified source and destination subnets and then delivers it through a tunnel to the appropriate WANJet across the WAN Figure 4 Point to Multi Point Deployment remote offices One Arm Deployment A one arm configuration is more complicated To decide on the optimal configuration for your system it helps to understand these three types of one arm deployment F5 WANJet 3 1 using static routing WAN Jet is connected to the LAN switch and the LAN switch is in turn connected to all the clients on the Network and to the router Each and every client on the LAN is configured so that WANJet is its default gateway All clients traffic is routed to WANJet According to F5 WANJet configuration it optimizes specific traffic applies different services on specific traffic and leaves other traffic untouched WANJet sends all this traffic back to the router using transparent proxy statically WANJet is connected to the router directly so it is transparent to the rest of the LAN clients A routing rule is added to the router so that it directs to WANJet only the traffic that WANJet is configured to process optimize or apply specific services to The router is configured so that the passthrough traffic is not sent to WANJet If you User Guide 14 Installation do not configure the router in this way
120. ta passing out of the local WANJet and into the LAN User Guide Monitoring Performance 31 Connection Activity report The Connection Activity report enables you to view in real time a graph of the number of active ACMS connections managed by WANJet that is the number of network connections that are currently being optimized To view a graph of active connections Inthe Reports section of the menu bar click on Connection activity In this graph e the vertical axis indicates the number of active connections the horizontal axis indicates the time 24 hour clock showing hours minutes and seconds to the nearest ten seconds the blue line represents the change in the number of active ACM5 optimized connections over time F5 WANJet 3 1 User Guide 32 Monitoring Performance Throughput reports There are several types of reports you can generate on traffic processed by the WANJet The Web UI enables you to choose any combination of traffic direction data type and time period for generating a report All throughput reports refresh automatically every two minutes At the top of the page there is a summary of the amount of data in megabytes handled before and after compression and the compression ratio achieved expressed as a percentage These figures will vary according to the time period selected and whether you are viewing Total Sent or Received data You can also change the type of information that appears
121. ter ensuring these tasks are completed you will be able to view the SNMP reports 3 Use the community string you specified on the Syslog and SNMP frame to authenticate the machine you are using for viewing SNMP data on WANJet 4 Use SNMP compliant software to view the SNMP tables You need to provide the SNMP compliant software with the IP address of WANJet in addition to the community string you specified earlier The SNMP data on WANJet includes information about the network cards total bandwidth saved for sent and received data and amounts of sent and received data processed using ACMS To view WANJet SNMP errors see Appendix B WANJet Errors RMON2 Reports WANJet also enables you to view RMON data trees which are part of the SNMP data trees that it produces The RMON2 data is also stored in a MIB You can access RMON2 data in the same way as SNMP data You must have already specified a community string and the IP address of an SNMP server and set your RMON preferences on the Syslog and SNMP page For details of how to do this see Configuring Syslog and SNMP Settings on page 96 Note that the SNMP server must have access to WANJet as described under Granting Access to WANJet Web UI on page 95 To view RMON2 reports 1 Use the community string you specified on the Syslog and SNMP page to authenticate the machine you are using to view the SNMP data on WANJet 2 Use SNMP compliant software to view the RMON2 data tree which
122. tes megabytes etc The blue bar represents the amount of traffic before optimization and the yellow bar represents the amount of freed bandwidth F5 WANJet 3 1 User Guide 36 Monitoring Performance Overall Data The Overall Data report allows you to compare amounts of passthrough data raw data and optimized data Raw Data Compressed Data Bandwidth Gain Peak Performance Ratio 159 073 MB 80 935 MB 96 544 27331 Performance Increase Actual Bandwidth Expansion Optimized Data Overall Data Link Utilization 17 00 17 58 Apr 17 2605 BPassthrough Data MRaw Data I Compressed Data Hour Day Week Month Quarter Year Customize Report Throughput summary for the last 9 day s 1 hour s Raw Data Compressed Data 159 073 MB 80 935 MB csv w The vertical axis indicates the amount of data passing through the link in KB MB GB and so on The green bars represent the amount of passthrough data the blue bars represent the amount of compressed optimized data and the yellow bars represent the amount of freed bandwidth Therefore the bars as a whole represent the total amount of data passing through the FS appliance F5 WANJet 3 1 User Guide Monitoring Performance 37 Link Utilization The Link Utilization report is similar to the Optimized Data report see page 35 Instead of showing the total amount of data optimized over a given time period however this report shows the average amount of bandwidth u
123. the passthrough traffic sent to WANJet is dropped According to F5 WANJet configuration it optimizes specific traffic and then sends all the traffic back to the router using transparent proxy with the WCCP v2 protocol WANJet is connected to the router directly and is totally transparent to the LAN clients All the LAN traffic is routed to WANJet This part is identical to static transparent proxy The difference here is that WANJet communicates with the router using the WCCP v2 protocol According to its configuration WANJet decides which traffic to optimize and which traffic to apply services to The rest of the traffic is sent back to the router for proper handling The advantage to this method of deploying the WANJet is that it is more tolerant of a failure If WANJet is down the router compensates and handles the traffic properly without sending it to WANJet Firewall Guidelines If WANJet is placed behind a firewall you should open the following ports Port Number Used for 53 A UDP port used for DNS 161 A UDP port used for SNMP 162 An optional UDP port used for SNMP traps 22 A TCP port used for SSH 10000 A TCP port used by the Web UI for managing the WANJet 3701 The default port used by WANJet for managing connections 3702 The default port used by WANJet for TCP data tunnels 3703 The default port used by WANJet for UDP proxying over TCP N A Allow ICMP packets to enable the F5 appliance to be pinged F5 W
124. the same key that you entered for WANJet B when you were configuring WANJet A locally see Step 4 F5 WANJet 3 1 User Guide 26 Initial Configuration f Leave all other fields as they are and click OK WANJet A is now listed on the Remote WANJets page g Click Save to store the changes to WANJet B Note Once the WAN link between the WANJet pair is configured as above subnet specifications are automatically exchanged between the appliances For example the local subnets specified for WANJet A are copied in as remote subnets for WANJet A in WANJet B s Remote WANJet configuration information Testing Connectivity F5 WANQJet 3 1 To test the connectivity between the local WANJet and the remote WANJets perform these checks for each appliance Check status e Click Reports gt Status in the menu bar to view the status of the remote WANJet s A green light displays next to the IP address of any remote WANJets that are enabled and connected Check reports e If you have traffic passing through the network click any of the throughput reports Total Sent or Received in the Reports section of the menu bar Optimized Traffic reports should be available Check diagnostics e Click Reports gt Diagnostics in the menu bar and then click on Connectivity gt Remote WANJets On the Diagnose Remote WANJets page check the Tunnel status for each remote WANJet The status should be up User Guide Initial Configuratio
125. tic tools 1 Click on Reports gt Diagnostics in the menu bar 2 On the Diagnostics page click on Administration tools The Tools page is displayed Ping R c 5 w 10 172 16 30 254 Ping Traceroute v 172 16 30 254 Traceroute Packet Capture c 10 not port 10000 _ Capture 11657 traceroute traceroute to 172 16 30 254 172 16 30 254 30 hops max 38 byte packets 1 172 16 30 254 172 16 30 254 36 bytes to 172 16 30 80 47 791 ms 23 111 ms 26 511 ms Finished returned 0 For each tool there is a text box for specifying command line parameters and a button which allows you to run the program via the shell When you click on a button the following two sections appear lower down on the page e Processes This shows the full path to the process along with parameters as it would appear on the command line The process number as allocated by the operating system is also given Click on the process number to kill the process before it has finished running A confirmation screen like the one below is displayed Diagnostics Are you sure you want to kill process 1929 sh c usr sbin tcpdump c 10 not port 100001 w usr local NetOptimizer logs Yes Kill it Running The bottom section displays the process output This is similar to what you would see in the shell after running the program from the command line The return code is also displayed this will be 0 if the program returns successfully
126. ting Table delete the content of the Network field of that entry Save If you specified a LAN router for your local WANJet all subnets in your local WANJet use this LAN router to identify the destinations of packets To be able to specify a gateway for each subnet remove the IP address from the LAN Router field on the Local WANJet page see Updating the Local WANJet Configuration on page 86 F5 WANJet 3 1 User Guide Advanced Configuration 95 To add a static route 1 Inthe Network field enter the IP address of the subnet that should route its data to a specific gateway 2 Inthe Netmask field enter the netmask of the network In the Next Hop field enter the IP address of the gateway to which the data should be routed Data packets use this gateway to send them to their destination 4 Inthe MTU field enter the MTU the maximum packet size of datagrams transferred through this route 5 Click Save at the bottom of the page To edit an existing static route modify any values that need changing and click Save Note If you modify the Network field which is the IP address of a network you must also modify the Netmask field To remove a static route simply clear the Network field of the route that you wish to delete Click Save and the static route is removed Granting Access to WANJet Web UI Expand the System Settings section of the menu bar and click on IP Access Control On this screen you can li
127. tings file and upload it C Documents and Settir _ Browse Upload Restoring configuration may take a few seconds Changes will not be reflected until the operation is completed Click Browse to open a browser Upload window and locate the backup file you want to upload WANJet backup files end in the extension NTCL On the Restore screen click Upload The Web UI refreshes and you are returned to the home page The backup settings will now be in effect Autorecovery When there is a device failure on your F5 appliance the WANJet can attempt to restart or can switch to passthrough mode where traffic flows through your network as if the WANJet device did not exist Autorecovery where the WANJet attempts to restart is the default mode You can set an option to disable this restart behavior If you disable autorecovery the WANJet switches to passthrough mode in case of device failure To disable WANJet autorecovery l F5 WANJet 3 1 Expand the System section of the menu bar and click on Autorecovery WANJet is designed to restart in case of device failure If you need WANJet to switch to the Passthrough mode in case of device failure you have to disable the Autorecovery option DO Disable Autorecovery Select Disable Autorecovery if you want the WANJet to switch to Passthrough mode in case of device failure Click on Save at the bottom of the page User Guide 74 Managing the WANJet Upgrading the WANJ
128. tly if you have an application that can read PCAP files or save it to disk The PCAP file is also stored on the server where tcpdump is running at the following path usr local NetOptimizer logs dump pcap Further information You will need a specialized application such as Ethereal a network protocol analyzer which runs on both Linux and Windows to read PCAP files produced by tcpdump You can download Ethereal and its documentation for free from http www ethereal com F5 WANJet 3 1 User Guide 52 Monitoring Performance System Information reports The System Information reports enable you to view details of all WANJet network interfaces including MAC address error rates speed and status details of passthrough traffic including both TCP and UDP data the WANJet serial number detailed information relating to QoS VLANs remote WANJet links TDR statistics bandwidth optimized sessions and passthrough sessions To view the System Information reports F5 WANQJet 3 1 In the Reports section of the menu click on System Information The main System Information page is displayed QoS VLANs WANJet Links TCP Statistics TDR stats Optimized Sessions Passthrough Sessions etho LAN MAC 00 90 FB 01 F1 C4 Speed 1000 Full Duplex Status Link ok RX errors 0 dropped 0 overruns 0 frame 0 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ethi WAN MAC 00 90 FB 01 F1 C5 Speed 100 Full Duplex
129. ts 0 A A A A ASA a 63 Chapter 5 Managing the WANJet oooooooocoocccccccc 65 WANJeta thentication aoo A A A 66 Changing the WANJet Web UI password 0 cece ence e ne ence eens 66 Changing the WANJet LCD PIN code 0 eee eee enn ence enn eee 67 Configuring remote authentication 0 0 esusu seeen rerne 67 F5 WANVet 3 1 User Guide viii WANJet time Settings cacy ces it 69 Setting the TimeZone Aries a eins bake ee ee Ua adhd ole beats We Ta pe tiles Glee die tas 69 Synchronizing WANJet time automatically 2 0 ee ee eens 70 Setting the time manually uein cid eee epee pedal da 70 Shutting down and restarting a WANJet appliance 0 eae 71 WANJet boot Settings pros hen oranini na ee e a dt 72 Backup atid rec v ry ii epa bn riaa E a BG Rd ang A a lis 72 AULOTE COVERY rt A ici 73 Upgrading the WANJet software ooooocooocooo ented teen eben een ene 74 Chapter 6 Advanced Configuration 00 75 Optimization Policies aii it WG ak SRA Rd hte ange gO A a ached ea 76 Adding loca subnets isina ea A ds Bd Rae ga 76 Adding remote submets 5 aa asaya ti a ene 78 Configuring Port Settings 4 5 5 3 sfed asses A a E 78 Configuring Specific ROS is 83 at Re baad SMa ald Da ba ieee Sila eels BGA vb eee 79 Configuring All Other Ports ere ie cece eee ene teen eens 81 Operational Mode xi a Bp cadena weg aad Sa Seen GA AG eee tan 82 Onedin topol By sae ann eraa A AA Eat 83 W GCCP bdsed dis
130. ts pending Preface F5 WANJet is a network appliance solution that combines leading edge WAN optimization technology with high performance application acceleration techniques It delivers complete bandwidth utilization high data and transaction throughput This guide describes how to install and use the WANJet Its intended audience consists of the network administrators information system engineers and network managers responsible for the configuration and ongoing management of the F5 WANJet system This guide provides information on e installing and configuring the WANJet e using performance reports to monitor WANJet performance e administration and management of your WANJet system e advanced configuration involving subnets hubs static routes and VLANs e configuration of remote WANJets e managing IT service policies and application QoS policies e troubleshooting F5 WANJet 3 1 User Guide Conventions Used in this Book This section explains the conventions used in this book Monospaced font This font is used for examples text that appears on the screen command line utility names and filenames lt bracketed text gt or italic text represents elements in a path or example that are intended to be replaced with information specific to your installation or procedural requirements Text of this style is used for elements in the user interface such as the names of buttons dialog boxes and so on Text of this
131. u bar and click on Boot Menu 1 3 1 3 build 23311 o 2 3 1 3 build 23311 o Make Activd 2 The WANJet software version and build number are shown for each image Click on the Make Active button next to the image that you wish to activate 3 Click Yes on the confirmation window Warning WANJet will reboot as soon as you click Yes and will not work normally again until the new image has been fully configured Therefore you should prepare thoroughly and notify other network users before taking this step on a live system Backup and recovery F5 recommends that you make regular backups of your current WANJet settings You should also perform a backup before making any major changes to the settings It is then easy to restore the system in the event of a failure To create a backup file of the current WANJet settings 1 Expand the System section of the menu bar and click on Backup The Backup frame opens 2 Click where it says here Your browser will open a File Download window for you to save the backup file to your local computer The file is called Settings ServerName NTCL you should probably edit this filename to identify the F5 appliance that was backed up and the date at which the backup was made F5 WANJet 3 1 User Guide Managing the WANJet 73 To restore a saved backup of WAN Optimizer settings 1 Expand the System section of the menu bar and click on Restore To restore previous settings select set
132. u to reset FTP connections automatically without having to either restart the FTP server or reset FTP connections manually To do this 1 Assign the ACM5 optimization policy to the port s of any connections that you need to reset In this example those would be the FTP ports normally ports 20 and 21 or ports 989 and 990 for a secure connection 2 Assign the Cl option to the same port number s 3 Switch the WANJet operational mode to Active if it is not already 4 Restart WANJet This will force Connection Interception on all configured ports the FTP ports in this example The data using these ports will then be optimized once WANJet has started up again Please note that this example is applicable on any port The best use of Connection Interception is when you want to reset connections on a range of different ports without having to either reboot the relevant servers or restart a whole range of services F5 WANJet 3 1 User Guide 10 Introduction F5 WANJet 3 1 User Guide Chapter 2 Installation WANJet Deployment 4 Firewall Guidelines 4 Site Information Worksheet 4 Hardware Installation 4 This chapter helps you configure a F5 appliance with WANJet software installed on your network The WANJet appliance is totally transparent to your network which makes installation and initial configuration easy It is important to read this chapter because it provides key information about WANJet installation
133. uted through the FS appliance and this traffic will be lost if WANJet is not running WCCPv2 if WANJet communicates with your network router using WCCP the Web Cache Coordination Protocol In this case all network traffic is routed through the F5 appliance but the router will by pass the appliance if WANJet is not running WCCP based discovery WANJet can use the WCCP protocol to advertises itself to a LAN router as a web cache Local routers and web caches together form a service group Routers redirect traffic to the group member web caches i e the local WANJet s according to an algorithm defined for the service group F5 WANJet 3 1 User Guide 84 Advanced Configuration If you select WCCPv2 in the Discovery Method section four new controls appear The Operational Mode page now looks like the screenshot overleaf O Inactive O Active Mode Transparent Data O Inactive Reduction O active O In Line Topology O one Arm Redirection Method O Static Rouma Transparent Proxy O Stat Discovery Method aae wecpv2 Service ID Priority Router Authenticate Password Enter the service group identifier in the Service ID field This must be a number between 51 and 100 It should match the service ID configured on the LAN router Enter the priority assigned by the router to the service group in the Priority field This must be a number between 0 and 255 It determines the order in which redire
134. vity gt Ethernet to display the Diagnose Ethernet page F5 WANJet 3 1 User Guide Monitoring Performance 43 3 Ethernet interfaces found eth0 LAN Speed autonegotiated to 100 Mbits sec Full duplex Transmitted 2 883 316 341 bytes 6 246 642 packets Received 260 543 030 bytes 3 171 648 packets Receive errors 0 0 Collisions 0 0 There are no collisions There are no receive errors ethl WAN Speed autonegotiated to 100 Mbits sec Full duplex Transmitted 125 396 191 bytes 1 708 856 packets Received 550 326 265 bytes 3 524 168 packets Receive errors 0 0 Collisions 0 0 There are no collisions There are no receive errors eth2 PEER Speed autonegotiated to unrecognized speed setting unrecognized duplex setting Transmitted 0 bytes 0 packets Received 0 bytes 0 packets Receive errors 0 0 Collisions 0 0 LAN and WAN speed duplex settings are the same There is one section on this page for each Ethernet interface LAN WAN and PEER For each interface the page displays the maximum speed duplex setting amount of data transmitted received expressed in both bytes and packets and the number of receive errors and collisions detected WANJet QoS does not work unless the Ethernet interfaces are connected properly e eth0 should be connected to the LAN e eth1 should be connected to the WAN e eth2 should be connected to the redundant peer if one is present on y
135. width consumed in data transmission it processes data at one side and reverses this process at the other The WANJet works by identifying redundancy patterns in input data and replacing those redundant patterns with symbols encoding When data arrives at its destination symbols are replaced with the original patterns decoding This requires at least two F5 appliances installed one to process data at one side and another to reverse data processing at the other side WANJet stores a list of all identified redundancy patterns and their equivalent symbols enabling it to handle both sent and received data at the same time Adaptive Control and Management at Layer 5 ACM5 operates at the session layer of the OSI model This technology enables the WANJet to recognize the redundancies in data traffic In order to understand why deploying ACM5 technology is more efficient in data compression than other compression techniques you have to understand the differences between the WANJet utilizing ACM5 and other compression techniques Some applications operate at layer 3 of the OSI model They wait until individual application data streams merge before searching for redundancies Merged data streams yield fewer redundancies than unmerged streams so the layer 3 approach is less than optimal Some other bandwidth expansion products operate at layer 7 of the OSI model the application layer These products do a great job for specific applications but other
136. with the local version number e whether the remote appliance is responding to pings from the local appliance e whether the local appliance can connect to the remote appliance on the ports that FS appliances use to communicate with each other ports 3701 3702 and 3703 by default To configure remote WANJets click on System Settings gt Remote WANJets in the menu bar see Managing Remote WANJets on page 90 F5 WANJet 3 1 User Guide Monitoring Performance 45 RADIUS status The RADIUS Status page displays details of any RADIUS authentication servers known to the local F5 appliance Remote authentication via the RADIUS protocol is an alternative to local authentication via a username and password stored on the F5 appliance To diagnose RADIUS status 1 Click on Reports gt Diagnostics in the menu bar 2 On the Diagnostics page click on RADIUS status RADIUS status enabled Number of RADIUS servers defined 1 Server ip 123 123 123 123 secret radius timeout 3 nretry 3 For each RADIUS server the following information is shown Note IP address Secret a key which is used to authenticate RADIUS transactions between client and server Timeout period in seconds Number of times to retry a connection A warning message is displayed if the timeout and number of retries for a RADIUS server are both high as in that case it could take a long time to determine that the server is not responding to a login attempt
137. yslog reports The WANJet allows you to use an external syslog server to view the syslog reports that it generates These reports include data such as the amount of sent and received data processed by WANJet Ensure you have entered the IP address of the machine you are using to view syslog data in the Syslog Server IP field on the Syslog and SNMP page For more information see Configuring Syslog and SNMP Settings on page 96 SNMP reports The WANJet allows you to use an external computer as a management station for viewing SNMP Simple Network Management Protocol logs that are produced by WANJet on the local appliance The SNMP data trees are stored in an MIB Management Information Base If you need the WANJet private MIB file see Appendix C WANJet Private MIB F5 WANJet 3 1 User Guide Monitoring Performance 63 Before you can view an SNMP report configure WANJet to use an SNMP server 1 On the Syslog and SNMP page under System Settings on the menu bar specify the community string and IP address for an SNMP server For details of how to do this see Configuring Syslog and SNMP Settings on page 96 2 On the IP Access Control page under System Settings on the menu bar check that the IP address of the SNMP server has access to the Web UI The default setting is to grant all machines access but this might have been changed by an administrator For details of how to do this see Granting Access to WANJet Web UI on page 95 Af
Download Pdf Manuals
Related Search