HP StorageWorks Enterprise File Services WAN Accelerator 2.1.
Legal and notice information © Copyright 2006 Hewlett-Packard Development Company, L.P. © Copyright 2003–2006 Riverbed Technology, Inc. Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Introduction CONTENTS Contents ........................................................................................................... 1 About This Guide.................................................................................. Types of Users ................................................................................ Organization of This Guide ............................................................ Document Conventions ................................................................
In-Path, Failover Support Deployment ............................................... 18 Basic Steps (Client-Side).............................................................. 18 Basic Steps (Server-Side) ............................................................. 20 In-Path, Two Routing Points Deployment .......................................... 20 Basic Steps (Client-Side).............................................................. 21 Basic Steps (Server-Side) ........................................
Chapter 6 Policy-Based Routing Deployments ........................................ 45 Introduction to PBR ............................................................................ 46 Overview of CDP................................................................................ 46 How PBR works on a Cisco 6500 Platform, Version 12.2(17d) SXB1..................................................................... 47 Asymmetric HP EFS WAN Accelerator Deployments With PBR.................................
Specific Traffic Redirection ......................................................... 81 Load Balancing............................................................................. 81 Failover Support ........................................................................... 81 Troubleshooting .................................................................................. 82 Chapter 8 Proxy File Service Deployments ............................................... 83 Introduction to PFS ..............
INTRODUCTION Introduction In This Introduction Welcome to the HP StorageWorks Enterprise File Services WAN Accelerator Deployment Guide. Read this introduction for an overview of the information provided in this guide and for an understanding of the documentation conventions used throughout.
Organization of This Guide The HP StorageWorks Enterprise File Services WAN Accelerator Deployment Guide includes the following chapters: Chapter 1, “Designing an HP EFS WAN Accelerator Deployment,” describes the HP EFS WAN Accelerator and provides an overview of how it works. It also describes how to design and deploy the HP EFS WAN Accelerator in your network. Chapter 2, “In-Path Deployments,” describes physical in-path deployments.
Document Conventions This manual uses the following standard set of typographical conventions to introduce new terms, illustrate screen displays, describe command syntax, and so forth. Meaning italics Within text, new terms and emphasized words appear in italic typeface.
Hardware and Software Dependencies The following table summarizes the hardware and software requirements for the HP EFS WAN Accelerator. HP Component Hardware and Software Requirements HP EFS WAN Accelerator • 19 inch (483 mm) two or four-post rack. HP EFS WAN Accelerator Management Console, EFS WAN Accelerator Manager • Any computer that supports a Web browser with a color image display. • The Management Console has been tested with Firefox, version 1.0.x and 1.5.
Network Associates (McAfee) VirusScan 7.0.0 Enterprise on the server Network Associates (McAfee) VirusScan 7.1.0 Enterprise on the server Network Associates (McAfee) VirusScan 7.1.0 Enterprise on the client Symantec (Norton) AntiVirus Corporate Edition 8.1 on the server F-Secure Anti-Virus 5.43 on the client F-Secure Anti-Virus 5.5 on the server Network Associates (McAfee) NetShield 4.5 on the server Network Associates VirusScan 4.
Related HP Documentation You can access the complete document set for the HP EFS WAN Accelerator from the HP StorageWorks EFS WAN Accelerator Documentation Set CD-ROM: HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide describes how to install and configure the HP EFS WAN Accelerator. HP Enterprise File Services WAN Accelerator Management Console User Guide describes how to manage and administer an HP EFS WAN Accelerator using the Management Console.
Contacting HP This section describes how to contact HP. Telephone numbers for worldwide technical support are listed on the following HP web site: http://www.hp.com/support. From this web site, select the country of origin. For example, the North American technical support number is 800-633-3600. NOTE: For continuous quality improvement, calls may be recorded or monitored.
8 INTRODUCTION
In This Chapter Designing an HP EFS WAN Accelerator Deployment This chapter describes how the HP EFS WAN Accelerator works and how to design an HP EFS WAN Accelerator deployment.
Transaction Acceleration Transaction Acceleration (TA) is composed of the following optimization mechanisms: A connection bandwidth-reducing mechanism called Scalable Data Referencing (SDR). A Virtual TCP Window Expansion (VWE) mechanism that repacks TCP payloads with references that represent arbitrary amounts of data. A latency reduction and avoidance mechanism called Transaction Prediction (TP).
Transaction Prediction Latency optimization is delivered through Transaction Prediction (TP). TP involves an intimate understanding of protocol semantics to reduce the chattiness that would normally occur over the WAN. By acting on foreknowledge of specific protocol request-response mechanisms, HP EFS WAN Accelerators streamline the delivery of data that would normally be delivered in small increments through large numbers of handshakes and interactions between the client and server over the WAN.
Users and Servers. A site that has users and servers that are accessed remotely. Typically, users and servers are in a regional office with branch offices at remote sites that accesses data from remote sites and a data center. 2. Determine what kind of WAN routing infrastructure you have. For example, do you have one or two WAN routers? 3.
Definition of Terms Optimization. The process of increasing data throughput and network performance over the WAN using the HP EFS WAN Accelerator. An optimized connection exhibits bandwidth reduction as it traverses the WAN. Scalable Data Referencing (SDR). The proprietary algorithms that allow an arbitrarily large amount of data to be represented by a small number of references to the HP EFS WAN Accelerator data store.
For detailed information about bypass card status lights, see the HP StorageWorks Enterprise File Services WAN Accelerator Bypass NIC Installation Guide. If there is a serious problem with the HP EFS WAN Accelerator or it is not powered on, it goes into bypass mode to prevent a single point of failure. If the HP EFS WAN Accelerator is in bypass mode, you are notified in the following ways: The Intercept/Bypass status light is active.
optimization is lost on the current connections on the master HP EFS WAN Accelerator. the backup HP EFS WAN Accelerator takes over and all new connections are optimized. when the master HP EFS WAN Accelerator comes back up, the backup HP EFS WAN Accelerator stops optimizing connections. HP STORAGEWORKS ENTERPRISE FILE SERVICES WAN ACCELERATOR 2.1.
16 1 - DESIGNING AN HP EFS WAN ACCELERATOR DEPLOYMENT
In This Chapter 2 - IN-PATH DEPLOYMENTS CHAPTER 2 In-Path Deployments This chapter describes physical in-path network deployments and summarizes the basic steps for configuring them.
Introduction to Physical In-Path Deployments The following section describes physical in-path network configurations where the HP EFS WAN Accelerator is physically in the direct path between clients and servers. The clients and servers continue to see client and server Internet Protocol (IP) addresses. Physical in-path configurations are suitable for locations where the total bandwidth is within the limits of the installed HP EFS WAN Accelerator. Figure 2-1.
1. Configure the HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide. 3. Navigate to the Setup: Advanced Networking - Failover Settings page in the Management Console. 4. Enable failover support. For example: On HP EFS WAN Accelerator A: specify HP EFS WAN Accelerator A as the master and specify the in-path IP address of HP EFS WAN Accelerator B as the backup (other) IP address.
Type the number of seconds in the Reconnection interval text box. The default value is 30. 6. Type the backup HP EFS WAN Accelerator’s IP address in the Other Appliance’s In-path IP Address text box. 7. Apply and save the new configuration in the Management Console. 8. Begin optimization. View performance reports and system logs in the Management Console. Basic Steps (Server-Side) The server-side HP EFS WAN Accelerator is configured as an in-path device.
Figure 2-4. In-Path, Two Routing Points Deployment 2 - IN-PATH DEPLOYMENTS Basic Steps (Client-Side) Perform the following steps on each client-side HP EFS WAN Accelerator. 1. Configure the HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide. 2. Connect to the Management Console to verify your configuration.
This deployment is useful in environments where most of the server-side traffic is outof-path but there are applications that originate on the server-side that require optimization (for example, backup software, software distribution suites, or other similar applications). The following figure illustrates a server-side subnet where the HP EFS WAN Accelerator is deployed to provide data center clients with optimized data. Figure 2-5.
The following figure illustrates the server-side of the network. Figure 2-6. In-Path, Server-Side, One to One Deployment 2 - IN-PATH DEPLOYMENTS Basic Steps (Client-Side) The client-side HP EFS WAN Accelerator is configured as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide. Basic Steps (Server-Side) Perform the following steps for each of the server-side HP EFS WAN Accelerators. 1.
On HP EFS WAN Accelerator B, specify HP EFS WAN Accelerator B as the backup (other) and specify the in-path IP address of HP EFS WAN Accelerator A as the master IP address. Figure 2-7. Setup: Advanced Networking - Failover Settings Page 5. Under Automated Online Datastore Settings, click Enable Automated Online Datastore Synchronization. Select Master or Backup from the Current Appliance is the drop-down list. Type a port number in the Synchronization Port text box. The default value is 7744.
In This Chapter 3 - VIRTUAL IN-PATH NETWORK DEPLOYMENTS CHAPTER 3 Virtual In-Path Network Deployments This chapter describes virtual in-path deployments and summarizes the basic steps for configuring them. This chapter includes the following sections: “Introduction to Virtual In-Path Deployments,” next “In-Path, Load Balanced, Layer-4 Switch” on page 26 This chapter assumes you are familiar with the HP EFS WAN Accelerator Management Console (Management Console).
Layer-4 Switch. You enable Layer 4 switch (or server load-balancers) support when you have multiple HP EFS WAN Accelerators in your network to manage large bandwidth requirements. Hybrid. A hybrid deployment is a deployment in which the HP EFS WAN Accelerator is both in-path and out-of-path.
The following figure illustrates the server-side of the network where load balancing is required. Figure 3-1. In-Path, Load-Balanced, Layer-4 Switch Deployment 3 - VIRTUAL IN-PATH NETWORK DEPLOYMENTS Basic Steps (Client-Side) The client-side HP EFS WAN Accelerator is configured as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide.
On HP EFS WAN Accelerator B, plug the straight-through cable into the WAN port of the HP EFS WAN Accelerator and the Layer-4 switch. 5. Connect to the Management Console. For details see the HP Enterprise File Services WAN Accelerator Management Console User Guide. 6. Navigate to the Setup: Optimization Service - General Settings page in the Management Console. 7. Enable Layer-4 switch support. For example: Click Enable In-Path Support and Enable L4/PBR/WCCP Support on Interface wan0_0. Figure 3-2.
In This Chapter 4 - OUT-OF-PATH NETWORK DEPLOYMENTS CHAPTER 4 Out-of-Path Network Deployments This chapter describes out-of-path deployments and summarizes the basic steps for configuring them.
Typically, in an out-of-path deployment, the client-side HP EFS WAN Accelerator is configured as an in-path device, and the server-side HP EFS WAN Accelerator is configured as an out-of-path device. Figure 4-1. Physical Out-of-Path Deployment Out-of-Path, Failover Deployment An out-of-path, failover deployment serves networks where an in-path deployment is not an option. This deployment is cost effective, simple to manage, and provides redundancy.
The following figure illustrates the server-side of the network where two HP EFS WAN Accelerators are deployed in an out-of-path configuration to ensure that data continues to be optimized if there is an error in the system. Basic Steps (Client-Side) 4 - OUT-OF-PATH NETWORK DEPLOYMENTS Figure 4-2.
1. Configure the HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide. 2. Connect to the Management Console. For detailed information, see the HP Enterprise File Services WAN Accelerator Management Console User Guide. 3. Navigate to the Setup: Optimization Service - In-Path Rules page in the Management Console. Figure 4-3. Setup: Optimization Service - In-Path Rules Page 4.
Type the backup HP EFS WAN Accelerator IP address and port in the Backup Appliance IP and Port text boxes. 5. Save and apply the new configuration in the Management Console. Basic Steps (Server-Side) The server-side HP EFS WAN Accelerators are configured as out-of-path devices. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide.
1. Configure the HP EFS WAN Accelerators as in-path devices. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide. 2. Connect to the Management Console. For detailed information, see the HP Enterprise File Services WAN Accelerator Management Console User Guide. 3. Navigate to the Setup: Optimization Service - In-Path Rules page in the Management Console. 4.
Basic Steps (Server-Side) For the server-side, HP EFS WAN Accelerators, follow the procedures for an out-ofpath, failover support deployment. For detailed information, see “Out-of-Path, Failover Deployment” on page 30. A hybrid deployment serves offices with one WAN routing point and users, and where the HP EFS WAN Accelerator must be referenced from remote sites as an out-of-path device (for example, to avoid mistaken auto-discovery or to bypass intermediary HP EFS WAN Accelerators).
1. Configure the HP EFS WAN Accelerator as an in-path and out-of-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide. 2. Connect to the Management Console to verify your configuration. For detailed information, see the HP Enterprise File Services WAN Accelerator Management Console User Guide. 3. Navigate to the Setup: Optimization Service - In-Path Rules page in the Management Console. Figure 4-7.
Type the IP address and port for the destination subnet, in the Destination Subnet and Port text boxes. To specify all ports, type all in the Port text box. Under Targets, type the IP address and port number for the HP EFS WAN Accelerator that is the peer in the Target Appliance IP and Port text boxes. The IP address must be the Primary Port IP address on the target HP EFS WAN Accelerator. The default port is 7810.
38 4 - OUT-OF-PATH NETWORK DEPLOYMENTS
In This Chapter 5 - CONFIGURING CONNECTION FORWARDING CHAPTER 5 Configuring Connection Forwarding This chapter describes how to deploy the HP EFS WAN Accelerator in asymmetric server-side networks using connection forwarding.
If you have one path (through HP EFS WAN Accelerator-2) from the client to the server and a different path (through HP EFS WAN Accelerator-3) from the server to the client, you need to enable in-path connection forwarding and configure the HP EFS WAN Accelerators to communicate with each other. These HP EFS WAN Accelerators are called neighbors and exchange connection information to redirect packets to each other. Figure 5-1.
If one of the neighbor HP EFS WAN Accelerators reaches its optimization capacity limit, that HP EFS WAN Accelerator will not accept new connections, but it redirects packets to other neighbors for optimization. One-to-One Failover Deployment To ensure optimization in the event of a failure, a backup HP EFS WAN Accelerator can be added to each neighbor HP EFS WAN Accelerator in a one-to-one failover configuration.
You can configure connection forwarding using the Management Console or the HP EFS WAN Accelerator command-line interface (CLI). Configuring Connection Forwarding Using the Management Console The following section describes the basic steps for enabling and configuring connection forwarding using the Management Console.
1. Configure the server-side HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide. 3. Navigate to the Setup: Advanced Networking - Connection Forwarding page in the Management Console. 4. Configure each of the neighbors by specifying the in-path IP address for the neighbor HP EFS WAN Accelerator. Figure 5-4.
Configuring Connection Forwarding Using the CLI The following section describes how to enable and configure connection forwarding using the CLI. To configure connection forwarding you enable the feature and define the HP EFS WAN Accelerator neighbors on each of the server-side HP EFS WAN Accelerators in the network. IMPORTANT: When you define a neighbor, you must specify the HP EFS WAN Accelerator in-path IP address, not the primary IP address. To enable connection forwarding 1. Connect to the CLI.
In This Chapter 6 - POLICY-BASED ROUTING DEPLOYMENTS CHAPTER 6 Policy-Based Routing Deployments This chapter describes how to configure the Policy-Based Routing (PBR) to redirect traffic to an HP EFS WAN Accelerator or group of HP EFS WAN Accelerators. It contains the following sections: “Introduction to PBR,” next “Overview of CDP” on page 46 “How PBR works on a Cisco 6500 Platform, Version 12.
For detailed information about the factors you must consider before you design and deploy the HP EFS WAN Accelerator in a network environment, see “Design and Deployment Overview” on page 11. Introduction to PBR PBR is a router configuration that allows you to define policies to route packets instead of relying on routing protocols. It is enabled on an interface basis and packets coming into a PBR-enabled interface are checked to see if they match the defined policies.
WCCP is designed to redirect traffic to a group of HP EFS WAN Accelerators so it is often better in clustering solutions. With PBR, any clustering must be done by manually by configuring a set of redirect rules. The following table summarizes the advantages and disadvantages of PBR and WCCP. Capability Platform WCCP PBR Hardware Redirection of All TCP Connections Cisco 6500 Limited numbers of TCP ports All TCP traffic.
an Address Resolution Protocol (ARP) request for the address, resolves it, and begins redirecting traffic to the next hop (that is, the HP EFS WAN Accelerator). 2. After PBR has verified the next hop, it continues to send to the next hop as long as it obtains answers from the ARP request for the next hop IP address. If the ARP request fails to obtain an answer, it then rechecks the CDP table. If there is no entry in the CDP table, it no longer uses the route map to send traffic.
Asymmetric HP EFS WAN Accelerator Deployments With PBR If the client-side HP EFS WAN Accelerator is on a different Layer-2 interface than the clients on the router where PBR is configured, PBR can be enabled on a Layer-2 interface basis, and redirects TCP traffic going to the server.
In this example, the HP EFS WAN Accelerator is configured as a client-side, HP EFS WAN Accelerator in an in-path configuration with PBR support. It must reach the remote network through the router from the in-path interface and a fixed-target in-path rule is defined for the remote out-of-path HP EFS WAN Accelerator. Basic Steps (Client-Side) To configure the clientside HP EFS WAN Accelerator Perform the following basic steps for the client-side HP EFS WAN Accelerator. 1. Connect to the client-side CLI.
Router# TIP: Enter configuration commands, one per line. End with CRTL-Z. For detailed information about configuring Cisco routers for PBR, see http:// www.cisco.com/en/US/products/sw/iosswrel/ps1831/ products_configuration_guide_chapter09186a00800c60d2.html#23550. Basic Steps (Server-Side) In this example, the server-side HP EFS WAN Accelerator is configured as an out-ofpath device.
1. Configure the HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide. 2. Connect to the Management Console. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide. 3. Navigate to the Setup: Optimization Service - General Settings page in the Management Console. 4.
5. Navigate to the Setup: Optimization Service - In-Path Rules page. 6. Define fixed-target, in-path rules to reach the remote network through the remote out-of-path HP EFS WAN Accelerator. 6 - POLICY-BASED ROUTING DEPLOYMENTS Figure 6-3. Setup: Optimization Service - In-Path Rules Page 7. Apply and save the new configuration in the Setup: Configuration Manager page. 8. Restart the HP EFS WAN Accelerator service in the Setup: Start/Stop Services page. 9. Begin optimization.
Client-Side HP EFS WAN Accelerator Attached to a Router through a Switch In this deployment, PBR is enabled on the interface of the client-side router connected to the Layer-2 switch that redirects traffic to the HP EFS WAN Accelerator. Communication between the client-side HP EFS WAN Accelerator and the clients must be through the client-side router. Figure 6-4.
Client-Side HP EFS WAN Accelerator Attached to an Inside Router Figure 6-5. Client-Side HP EFS WAN Accelerator Attached to an Inside Router Basic Steps (Client-Side) Perform the steps for “Basic Steps (Client-Side)” on page 50. Make sure that you configure different PBR rules for the second router. Basic Steps (Server-Side) Perform the steps for “Basic Steps (Server-Side)” on page 51.
In this configuration, the HP EFS WAN Accelerator is attached to any Layer-2 switch that the router can reach (even the same switch as the clients). VLAN trunking is enabled between the Layer-2 switch and the PBR router (not on the link between the HP EFS WAN Accelerator and the switch). In this configuration you use the IP addresses in a single subnet and the router has 2 VLAN interfaces on fastEthernet0/0.
Symmetric HP EFS WAN Accelerator Deployments With PBR and Autodiscovery Figure 6-7. Symmetric HP EFS WAN Accelerator Deployments with PBR For this example, assume that clients, servers, and HP EFS WAN Accelerators are all on a separate VLANs and the Layer-2 switch is attached to the router fastEthernet0/ 0 interface. This example uses the following IP addresses: Left-side. Clients=10.0.1.0/24, Servers=10.0.2.0/24, HP EFS WAN Accelerator=10.0.3.0/24 Right-side. Clients=10.1.1.0/24, Servers=10.1.2.
Right-SH Right-SH Right-SH Right-SH Right-SH Right-SH Right-SH Right-SH > enable # configure terminal (config) # in-path enable (config) # in-path oop enable (config) # interface in-path ip address 10.1.3.2 /24 (config) # ip in-path-gateway inpath0_0 10.1.3.1 (config) # write memory (config) # restart IMPORTANT: You must save your changes to memory and restart the HP EFS WAN Accelerator service for your changes to take effect. To configure the Cisco router 1.
HP STORAGEWORKS ENTERPRISE FILE SERVICES WAN ACCELERATOR 2.1.5 DEPLOYMENT GUIDE 59 6 - POLICY-BASED ROUTING DEPLOYMENTS Router(config-subif)#encapsulation dot1Q 1 Router(config-subif)#ip address 10.1.1.1 255.255.0.0 Router(config-subif)#ip policy route-map TrafficToLeftS Router(config-subif)#exit Router(config)#interface fastEthernet 0/0.2 Router(config-subif)#encapsulation dot1Q 2 Router(config-subif)#ip address 10.1.2.1 255.255.0.
Symmetric Deployments with PBR, Autodiscovery, and CDP In the case where clients and servers are on both sides of the WAN, PBR can be configured on both sides of the network where each router has the reversed rules of the other router. Figure 6-8. Symmetric HP EFS WAN Accelerator Deployments with PBR For this example, assume that clients, servers, and HP EFS WAN Accelerators are all on a separate VLANs and the Layer-2 switch is attached to the router fastEthernet0/ 0 interface.
> enable # configure terminal (config) # in-path enable (config) # in-path oop enable (config) # in-path cdp enable (config) # interface in-path ip address 10.1.3.2 /24 (config) # ip in-path-gateway inpath0_0 10.1.3.1 (config) # write memory (config) # restart IMPORTANT: You must save your changes to memory and restart the HP EFS WAN Accelerator service for your changes to take effect. To configure the Cisco router 1.
Router#configure terminal Router(config)#interface fastEthernet 0/0.1 Router(config-subif)#encapsulation dot1Q 1 Router(config-subif)#ip address 10.1.1.1 255.255.0.0 Router(config-subif)#ip policy route-map TrafficToLeftS Router(config-subif)#exit Router(config)#interface fastEthernet 0/0.2 Router(config-subif)#encapsulation dot1Q 2 Router(config-subif)#ip address 10.1.2.1 255.255.0.
In This Chapter 7 - WCCP DEPLOYMENTS CHAPTER 7 WCCP Deployments This chapter describes how to configure the Web Cache Communication Protocol (WCCP) to redirect traffic to an HP EFS WAN Accelerator or group of HP EFS WAN Accelerators.
Introduction to WCCP WCCP was originally implemented on Cisco routers, multi-layer switches, and Web caches to redirect HTTP requests to local Web caches (Version 1). Version 2, which is implemented on HP EFS WAN Accelerators, can redirect any type of connection from multiple routers to multiple Web caches.
The HP EFS WAN Accelerators use the following methods to communicate with routers: Unicast (User Datagram Protocol Packets). The HP EFS WAN Accelerator is configured with the IP address of each router. If additional routers are added to the service group, they must be added on each HP EFS WAN Accelerator. Multicast. The HP EFS WAN Accelerator is configured with a multicast group. If additional routers are added, you do not need to add or change configuration settings on the HP EFS WAN Accelerators.
1. Create a service group on the router and set the router to redirect traffic to the HP EFS WAN Accelerator using WCCP on the interfaces where traffic goes. 2. Attach the WAN interface of the HP EFS WAN Accelerator to the network. The WAN interface must be able to communicate with the switch or router where WCCP is configured and where WCCP redirection will take place. 3. Configure the HP EFS WAN Accelerator to be an in-path device with WCCP support on the client-side. For example, in-path oop enable. 4.
Specifies the service group identification number (ID) (from 0 to 255). The service group ID is the number that is set on the router. A value of 0 specifies the standard http service group which redirects only HTTP traffic. router The router IP is a multicast group IP address or a unicast router IP address. A total of 32 routers can be specified.
A Basic WCCP Configuration This section describes how to configure a router and the HP EFS WAN Accelerator to use WCCP to redirect traffic in a single subnet using the CLI. You can also use the Management Console to configure the HP EFS WAN Accelerator to use WCCP. In this example the server-side is assumed to be out-of-path. IMPORTANT: This is an example of one type of WCCP deployment.
The service group ID is 90 and the interface with packets coming from the LAN is fastEthernet0/0. To configure the WCCP router • At the system prompt, enter the following set of commands: Router> enable Router# configure terminal Router(config)# ip wccp version 2 Router(config)# ip wccp 90 Router(config)# interface fastEthernet 0/0 Router(config-if)# ip wccp 90 redirect in Router(config-if)# end Router# TIP: Enter configuration commands, one per line. End with CRTL-Z.
client-SH 10.2.0.2 client-SH 10.2.0.2 client-SH 10.2.0.2 client-SH 10.2.0.2 client-SH 10.2.0.
1. Configure the HP EFS WAN Accelerator in an in-path configuration. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide. 3. Navigate to the Setup: Optimization Service - General Settings page in the Management Console. 4. To enable external traffic redirection click Enable In-Path Support, Enable L4/ PBR/WCCP Support on Interface wan0_0, and Enable Optimization on Interface inpath0_0. Figure 7-3.
6. Navigate to the Setup: Advanced Networking - WCCP Groups page. Figure 7-4.
7. Define the service group: specify the service group identification number, the router IP address, password, priority, weight, and encapsulation scheme, and optionally, global settings. 9. Under WCCP v2 Global Settings, click Enable WCCP v2 Support. 10. Click Update Settings to enable WCCP v2 support. 11. Double-click the new service group name to display the Setup: Service, WCCP Groups, Service Group page. 12. Define flags and ports; add additional routers for the service group. Figure 7-5.
13. Save and apply the new configuration in the Management Console. 14. Restart the HP EFS WAN Accelerator service in the Setup: Start/Stop Service page. On the client-side, you add in-path rules to reach the out-of-path, server-side HP EFS WAN Accelerator. In this example you optimize ports 135, 139, 445, 21, and 80 to pass through all other traffic. To define in-path rules to reach the serverside appliance 15. Navigate to the Setup: Optimization Service - In-Path Rules page in the Management Console. 16.
17. Repeat Step 4 for ports 139, 445, 21, and 80. 18. To pass through all other traffic, define a pass-through rule on the server-side HP EFS WAN Accelerator. 7 - WCCP DEPLOYMENTS Figure 7-7. Setup: Optimization Service - In-Path Rules Page 19. Save and apply the new configuration in the Setup: Configuration Manager page. 20. Begin optimization. View performance reports and system logs in the Management Console.
Dual WCCP Deployment The following section describes how to deploy two HP EFS WAN Accelerators that are physically out-of-path but virtually in-path so that traffic is directed to them using WCCP. Figure 7-8. Dual WCCP Deployment Traffic between client and server passes through the two routers.
HP STORAGEWORKS ENTERPRISE FILE SERVICES WAN ACCELERATOR 2.1.
! no ip http server no ip http secure-server no ip classless ip route 10.11.24.0 0.0.0.255 172.20.240.18 ip route 10.11.25.0 0.0.0.255 172.20.240.18 ! no logging trap ! control-plane ! line con 0 line aux 0 line vty 0 4 exec-timeout 0 0 password 7 xxxxxxxx login transport input telnet ! ntp server 10.0.0.2 ! end To configure the WCCP (6209) router 78 • At the system prompt, enter the following set of commands: ! version 12.
To configure the clientside HP EFS WAN Accelerator To configure the server-side HP EFS WAN Accelerator 7 - WCCP DEPLOYMENTS interface Vlan63 ip address 172.20.240.18 255.255.255.252 no ip redirects ip wccp 91 redirect in no mls ip no mls ipx no cdp enable ! ip classless ip route 10.11.21.0 0.0.0.255 172.20.240.17 ip route 10.11.22.0 0.0.0.255 172.20.240.
Router(config)# ip wccp 90 password 2. On the HP EFS WAN Accelerator, at the system prompt, enter the following command: client-SH (config) # wccp service-group 90 routers 10.1.0.1 password NOTE: The same password must be set on the HP EFS WAN Accelerator and the router. Multicast If you add multiple routers and HP EFS WAN Accelerators to a service group, you can configure them to exchange WCCP protocol messages through a multicast group.
client-SH (config) # wccp service-group 90 routers 10.1.0.1 flags portsdestination ports 135,139,445,21,80 If redirection is based on traffic characteristics other than ports, Access Control Lists (ACLs) on the router can define what traffic is redirected. For example, if you only want the traffic destined for IP address 10.2.0.0/16 to be redirected to the HP EFS WAN Accelerator, you would configure the router in the following manner.
To configure failover support, you simply define the weight to be 0 on the backup HP EFS WAN Accelerator. For detailed information, see “WCCP CLI Commands” on page 66. Troubleshooting You can check your WCCP configuration on the router and the HP EFS WAN Accelerator.
In This Chapter Proxy File Service Deployments This chapter describes Proxy File Service (PFS) and provides the basic steps for configuring PFS. This chapter includes the following sections: “Introduction to PFS,” next “PFS Terms” on page 84 “How Does PFS Work?” on page 86 “Configuring PFS Using the Management Console” on page 89 This chapter assumes that you are familiar with the installation and configuration process for the HP EFS WAN Accelerator.
PFS runs in concert with the HP EFS Remote Copy Utility (HP EFS RCU). The HP EFS RCU must be installed on the origin server or on a separate Windows host with write-access to the data utilized by PFS. For detailed information, see the HP Enterprise File Services Remote Copy Utility Reference Manual. PFS provides: LAN access to data residing across the WAN. File access performance is improved between central and remote locations.
Description Domain Controller (DC) Specifies the domain controller name, the host that provides user login service in the domain. (Typically, with Windows 2000 Active Directory Service domains, given a domain name, the system automatically retrieves the domain controller name.) Share The data volume exported from the origin server to the remote HP EFS WAN Accelerator. Local Name The name that you assign to a share on the HP EFS WAN Accelerator, this is the name by which users identify and map a share.
NOTE: When you configure a share, a text file (._rbt_share_lock. txt), is created on the origin server that keeps track of which HP EFS WAN Accelerator owns the share. Do not remove this file. If you remove the ._rbt_share_lock. txt file on the origin file server, PFS will not function properly. Stand-Alone Mode. Provides the client read-write access to data on a remote HP EFS WAN Accelerator.
Figure 8-1. PFS Deployment When to Use PFS PFS can be configured with any number of file shares in different modes. Shares are configured into different operating modes based on the use of your data: For environments seeking to broadcast a set of read-only files to many users at different sites. Broadcast Mode quickly transmits a read-only copy of the files from the origin server to your remote offices.
When to use Global Mode Deploying the HP EFS WAN Accelerator without PFS is considered global mode. In global mode, the HP EFS WAN Accelerator performs its standard optimization of accessing data over the WAN. Evaluate whether PFS is suitable for your network needs: Pre-Identification of PFS files. PFS requires that files accessed over the WAN must be identified in advance.
Configuring PFS Using the Management Console To join a domain for PFS 1. Install and start the HP EFS RCU on the HP EFS RCU server, which by default listens on port 8777. The RCU service must be started with a domain account that has write access to the share on the origin server. 2. Configure the HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide.
Figure 8-2. Setup: Proxy File Service (PFS) - Configuration Page. 5. Under Proxy File Service Configuration, enter the domain name in the FullyQualified Domain Name/Realm text box. 6. Optionally, enter the domain controller name in the Domain Controller Name text box.
7. Enter the domain administrator login, and password in the Domain Admin Login and Domain Admin Password text boxes. 8. Click Update PFS Configuration. You are notified if the HP EFS WAN Accelerator successfully joined the domain. 9. Under Enable/Disable Proxy File Service, click Enable PFS to enable PFS. 10. Under Security Signature Settings, select Enabled, Disabled, or Required from the Security Signature drop-down list and click Update Security Signature Settings. Disabled This is the default setting.
18. Navigate to the Setup: Configuration Manager page and save your changes to memory. After you have setup the PFS domain, you can configure your shares. To add a share for PFS 1. Navigate to the Setup: Proxy File Service (PFS) - Shares page. Figure 8-3. Setup: Proxy File Service - Shares Page 2. Under Add New Share, specify the local name for the share in the Local Name text box. This is the name to be used by clients for mapping. 3. Select Broadcast, Local, or StandAlone from the Mode drop-down list.
Description Broadcast In Broadcast mode, the share originates on the origin server and a readonly copy is available as a share on the branch office HP EFS WAN Accelerator. The data is updated periodically on the HP EFS WAN Accelerator with the data from the origin server. You specify the frequency of updates (synchronization) when you configure a share.
To synchronize and initialize a share 1. Navigate to the Setup: Proxy File Service - Shares page. 2. In the Shares list check the Sync check box and click Update Shares. This action downloads the initial copy of the share from the origin server to the HP EFS WAN Accelerator and configures the share for automatic synchronization. Figure 8-4. Synchronizing, Initializing, and Accessing Shares To map a share 94 3.
4. Click Save to write your settings to memory. TIP: You may choose at any time to click the Manual Sync button to manually synchronize a share. Click the Verify button to verify your shares, this will generate a list of the differences between the shares on the HP EFS WAN Accelerator and the origin server. Click the Cancel button to cancel your actions. TIP: To remove a proxy file share, click the check box next to the name and click Remove Selected Shares. Click Save to write your settings to memory.
To view share status details 1. Click Jump to Share Status to navigate to the Setup: Proxy File Service - Shares page. Figure 8-6.
In This Chapter 9 - RADIUS AND TACACS+ AUTHENTICATION CHAPTER 9 RADIUS and TACACS+ Authentication This chapter describes how to configure Remote Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System (TACACS+) authentication for the HP EFS WAN Accelerator.
The following CLI commands are available for RADIUS and TACACS+ authentication: Authentication aaa authentication login default aaa authorization map default-user aaa authorization map order show authentication method RADIUS Configuration radius-server host radius-server key radius-server retransmit radius-server timeout TACACS+ Configuration tacacs-server host tacacs-server key tacacs-server retransmit tacacs-server timeout show tacacs User Ac
The directory /usr/local/share/freeradius is where the dictionary files are stored. This is where RADIUS attributes can be defined. Assuming the vendor does not have established dictionary file in the FreeRADIUS distribution, you begin the process by creating a file called: dictionary.. In the following example, the Vendor Enterprise Number for HP is 17613 and the Enterprise Local User Name Attribute is 1.
"monitor" "raduser" Auth-Type := Local, User-Password == "radmonitor" Reply-Message = "Hello, %u" Auth-Type := Local, User-Password == "radpass" Local-User = "monitor", Reply-Message = "Hello, %u" 7. Start the server using /usr/local/sbin/radiusd. Use the -X option if you want to debug the server. NOTE: The raduser is the monitor user as specified by Local, User-Password. Configuring a TACACS+ Server with Free TACACS+ The following section assumes you are running the TACACS+ authentication system.
The secret you specify here must also be specified in the HP EFS WAN Accelerator when you set up TACACS+ server support. For detailed information, see the HP Enterprise File Services WAN Accelerator Management Console User Guide. The tacuser is a monitor user as specified by local-user-name. NOTE: The chap, opap, and arap variables can be specified in a similar manner, but only pap is needed. 8. Start the server by executing: >/usr/local/sbin/tac_plus -C /usr/local/etc/tac_plus.
Basic Steps 1. Configure the HP EFS WAN Accelerator. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide. 2. Connect to the Management Console. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide. 3. Navigate to the Setup: Authentication - General Settings page in the Management Console. 4. Define the default login and the authentication methods.
5. Navigate to the Setup: Authentication - Radius Servers page. 6. Specify the Server IP address, the authentication port, server key, time-out interval, retry interval, and, optionally, global settings. 9 - RADIUS AND TACACS+ AUTHENTICATION Figure 9-2. Setup: Authentication - RADIUS Servers Page 7. Click Save. Configuring TACACS+ Authentication in the HP EFS WAN Accelerator The following section provides the basic steps for configuring TACACS+ authentication in the HP EFS WAN Accelerator.
Basic Steps The following section describes the basic steps for configuring TACACS+ authentication in the HP EFS WAN Accelerator. 1. Configure the HP EFS WAN Accelerator. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide. 2. Connect to the Management Console. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and Configuration Guide. 3.
5. Navigate to the Setup: Authentication - TACACS+ Servers page. 6. Specify the Server IP address, the authentication port, server key, time-out interval, retry interval, and, optionally, global settings. 9 - RADIUS AND TACACS+ AUTHENTICATION Figure 9-4. Setup: Authentication - TACACS+ Servers Page 7. Click Save. HP STORAGEWORKS ENTERPRISE FILE SERVICES WAN ACCELERATOR 2.1.
106 9 - RADIUS AND TACACS+ AUTHENTICATION
In This Chapter Serial Cluster and Cascade Deployments This chapter describes serial cluster and cascade deployments and summarizes the basic steps for configuring them. This chapter includes the following sections: “Serial Cluster Deployment,” next “Cascade Deployment” on page 111 This chapter assumes that you are familiar with the HP EFS WAN Accelerator Management Console (Management Console).
Serial clustering operates in a spill-over mode where TCP connections beyond the capacity limit of one of the HP EFS WAN Accelerators in the cluster are automatically handled by the next HP EFS WAN Accelerator in a cluster. If one HP EFS WAN Accelerator fails, the next HP EFS WAN Accelerator automatically take over. Figure 10-1.
A Basic Serial Cluster Deployment The following example illustrates how to configure a cluster of three in-path HP EFS WAN Accelerators in a data center. Figure 10-2. Serial Cluster in a Data Center 10 - SERIAL CLUSTER AND CASCADE DEPLOYMENTS This example has the following parameters: HP EFS WAN Accelerator1 IP address is 10.0.1.1 on a /16 HP EFS WAN Accelerator2 IP address is 10.0.1.2 on a /16 HP EFS WAN Accelerator3 IP address is 10.0.1.
To configure HP EFS WAN Accelerator2 1. On HP EFS WAN Accelerator2, connect to the CLI. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Command-Line Interface Reference Manual. 2.
Cascade Deployment Figure 10-3. Cascade Deployment When the Client connects to a server in Site B, HP EFS WAN Accelerator1 and HP EFS WAN Accelerator2 are optimizing the connection. When the Client connects to a server in Site C, HP EFS WAN Accelerator1 and HP EFS WAN Accelerator3 are optimizing the connection. The following rules apply to cascade deployments: Peering Rules A cascade deployment can be created on either the client side or on the server side.
SH2 SH2 SH2 SH2 SH2 SH2 > enable # configure terminal (config) # in-path peering rule pass rulenum 1 (config) # in-path peering rule auto dest 10.0.2.0/24 rulenum 1 (config) # in-path rule pass-though dstport 7800 rulenum 1 (config) # wr mem SH2 (config) # show in-path peering rules Rule Type Source Network Dest Network Port Peer Addr ----- ---- - - ---- ------------------ ------------------ ------------1 auto * 10.0.2.
GLOSSARY Glossary ARP. Address Resolution Protocol. An IP protocol used to obtain a node's physical address. Bandwidth. The upper limit on the amount of data, typically in kilobits per second (kbps), that can pass through a network connection. Greater bandwidth indicates faster data transfer capability. Bit. A Binary digit. The smallest unit of information handled by a computer; either 1 or 0 in the binary number system. Blade.
FDDI. Fiber Distributed Data Interface. A set of American National Standards Institute (ANSI) protocols for sending digital data over fiber optic cable. FDDI networks are token-passing networks, and support data rates of up to 100 Mbps (100 million bits) per second. FDDI networks are typically used as backbones for WideArea Networks (WANs). Filer. An appliance that attaches to a computer network and is used for data storage. Gateway.
Internet. The collection of networks tied together to provide a global network that use the TCP/IP suite of protocols. IP. Internet protocol. Network layer protocol in the TCP/IP stack that enables a connectionless internetwork service. IPsec. Internet Protocol Security Protocol. A set of protocols to support secure exchange of packets at the IP layer. IPsec has been deployed widely to implement Virtual Private Networks (VPNs). IPsec supports two encryption modes: Transport and Tunnel.
state algorithms to send routing information to all nodes in an internetwork by calculating the shortest path to each node based on a topography of the Internet constructed by each node. Each router sends that portion of the routing table (keeps track of routes to particular network destinations) that describes the state of its own links. It also sends the complete routing structure (topography). Packet. A unit of information transmitted, as a whole, from one device to another on a network. Probe.
INDEX Index load balanced, Layer-4 switch deployment, configuring 26 WCCP, overview of 26 A Architecture, overview of 9 Authentication, overview of 97 Auto-discovery rules, overview of 13 Autodiscovery, configuring with CDP 60 Autodiscovery, configuring with PBR 57 M Multicast in WCCP 65 B Bypass mode, overview of 13 N Neighbors, overview of 40 C Cascade clusters, overview of 111 CDP, overview of 46 Connection forwarding configuring using the CLI 44 configuring using the Management Console 42 failove
terms 84 Physical in-path deployment overview of 12 server-side, configuring 21 server-side, one to one, configuring 22 two routing points, configuring 20 R RADIUS configuring a RADIUS server 98 configuring the appliance 101 overview of 97 Related reading 6 S Scalable Data Referencing, overview of 10, 13 Serial cluster, configuring 109 Share synchronization, definition of 85 Share, definition of 85 Static cluster deployment, configuring 33 T TACACS+ configuring a TACACS+ server 100 configuring in the applia
