HP StorageWorks Enterprise File Services WAN Accelerator 2.
Legal and notice information © Copyright 2005 Hewlett-Packard Development Company, L.P. © Copyright 2003–2005 Riverbed Technology, Inc. Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Introduction CONTENTS Contents ........................................................................................................... 5 About This Guide............................................................................... Types of Users.............................................................................. Organization of This Guide ....................................................... Document Conventions ..............................................................
Chapter 2 In-Path Deployments ................................................................. 21 Introduction to Physical In-Path Deployments ........................... 22 In-Path, Failover Support Deployment......................................... 22 Basic Steps (Client-Side) ........................................................... 23 Basic Steps (Server-Side)........................................................... 24 In-Path, Two Routing Points Deployment ...................................
Basic Steps (Server-Side) ............................................................................... 46 Configuring Connection Forwarding Using the CLI ........... 48 Chapter 6 Policy-Based Routing Deployments ........................................ 49 Asymmetric HP EFS WAN Accelerator Deployments With PBR .................................................................. 50 Configuring PBR Using the CLI ..............................................
Load Balancing........................................................................... 78 Failover Support ........................................................................ 79 Troubleshooting ............................................................................... 79 Chapter 8 Proxy File Service Deployments ............................................... 81 Introduction to PFS .......................................................................... 81 PFS Terms.........................
In This Introduction INTRODUCTION Introduction Welcome to the HP StorageWorks Enterprise File Services WAN Accelerator Deployment Guide. Read this introduction for an overview of the information provided in this guide and for an understanding of the documentation conventions used throughout.
Chapter 1, “Designing an HP EFS WAN Accelerator Deployment,” describes the HP EFS WAN Accelerator and provides an overview of how it works. It also describes how to design and deploy the HP EFS WAN Accelerator in your network. Chapter 2, “In-Path Deployments,” describes physical in-path deployments. Chapter 3, “Logical In-Path Network Deployments,” describes logical inpath deployments. Chapter 4, “Out-of-Path Network Deployments,” describes out-of-path deployments.
Document Conventions This manual uses the following standard set of typographical conventions to introduce new terms, illustrate screen displays, describe command syntax, and so forth. Meaning italics Within text, new terms and emphasized words appear in italic typeface.
Hardware and Software Dependencies The following table summarizes the hardware and software requirements for the HP EFS WAN Accelerator. HP Component Hardware and Software Requirements HP EFS WAN Accelerator • 19 inch (483 mm) two or four-post rack. HP EFS WAN Accelerator Management Console, HP EFS WAN Accelerator Manager • Any computer that supports a web browser with a color image display. • The Management Console has been tested with Mozilla, version 2.0 and Microsoft Internet Explorer version 6.0x.
The HP EFS WAN Accelerator has been tested with the following antivirus software with a noticeable to moderate impact on performance: F-Secure Anti-Virus 5.43 on the client F-Secure Anti-Virus 5.5 on the server Network Associates (McAfee) NetShield 4.5 on the server Network Associates VirusScan 4.5 for multi-platforms on the client Symantec (Norton) AntiVirus Corporate Edition 8.
Online Documentation The HP EFS WAN Accelerator documentation set is periodically updated with new information. To access the most current version of the HP EFS WAN Accelerator documentation and other technical information, consult the HP technical support site located at http://www.hp.com.
HP Storage Web Site HP NAS Services Web Site The HP NAS Services site allows you to choose from convenient HP Care Pack Services packages or implement a custom support solution delivered by HP ProLiant Storage Server specialists and/or our certified service partners. For more information see us at http://www.hp.com/hps/storage/ns_nas.html. HP EFS WAN ACCELERATOR DEPLOYMENT GUIDE 11 INTRODUCTION The HP web site has the latest information on this product, as well as the latest drivers.
12 INTRODUCTION
In This Chapter Designing an HP EFS WAN Accelerator Deployment This chapter describes how the HP EFS WAN Accelerator works and how to design an HP EFS WAN Accelerator deployment.
Transaction Acceleration Transaction Acceleration (TA) is composed of the following optimization mechanisms: A connection bandwidth-reducing mechanism called Scalable Data Referencing (SDR). A Virtual TCP Window Expansion (VWE) mechanism that repacks TCP payloads with references that represent arbitrary amounts of data. A latency reduction and avoidance mechanism called Transaction Prediction (TP).
Transaction Prediction Latency optimization is delivered through Transaction Prediction (TP). TP involves an intimate understanding of protocol semantics to reduce the chattiness that would normally occur over the WAN. By acting on foreknowledge of specific protocol request-response mechanisms, HP EFS WAN Accelerators streamline the delivery of data that would normally be delivered in small increments through large numbers of handshakes and interactions between the client and server over the WAN.
Server Locations. A central server location that remote offices access data from. Typically, a server location is a data center serving branch offices or regional offices that access data that is centrally located. Users and Servers. A site that has users and servers that are accessed remotely. Typically, users and servers are in a regional office with branch offices at remote sites that accesses data from remote sites and a data center. 2. Determine what kind of WAN routing infrastructure you have.
Multiple HP EFS WAN Accelerators are deployed in cluster configurations. 6. Do you have a firewall? The following terms are used to describe features, attributes, and processes in the HP EFS WAN Accelerator: Optimization. The process of increasing data throughput and network performance over the WAN using the HP EFS WAN Accelerator. An optimized connection exhibits bandwidth reduction as it traverses the WAN. Scalable Data Referencing (SDR).
Bypass Mode The HP EFS WAN Accelerator is equipped with one of the following types of bypass interfaces (depending on your order): Two-Port Gigabit Ethernet (Gig-E) Bypass Card Four-Port Copper Gigabit-Ethernet Bypass Card Two-Port Fiber Gigabit-Ethernet Bypass Card For detailed information about bypass card status lights, see the HP Enterprise File Services WAN Accelerator Installation and Configuration Guide.
Failover Mode You can deploy redundant HP EFS WAN Accelerators in your network to ensure optimization continues if there is a failure in one of the HP EFS WAN Accelerators. If the HP EFS WAN Accelerator is in failover mode: optimization is lost on the current connections on the master HP EFS WAN Accelerator. the backup HP EFS WAN Accelerator takes over and all new connections are optimized.
20 1 - DESIGNING AN HP EFS WAN ACCELERATOR DEPLOYMENT
In This Chapter 2 - IN-PATH DEPLOYMENTS CHAPTER 2 In-Path Deployments This chapter describes physical in-path network deployments and summarizes the basic steps for configuring them.
Introduction to Physical In-Path Deployments The following section describes physical in-path network configurations where the HP EFS WAN Accelerator is physically in the direct path between clients and servers. The clients and servers continue to see client and server Internet Protocol (IP) addresses. Physical in-path configurations are suitable for locations where the total bandwidth is within the limits of the installed HP EFS WAN Accelerator. Figure 2-1.
Basic Steps (Client-Side) Perform the following steps for each client-side HP EFS WAN Accelerator. 2. Connect to the Management Console. For detailed information, see the HP EFS WAN Accelerator Management Console User Guide. 3. Navigate to the Setup: Advanced Networking - Failover Settings page in the Management Console. 4. Enable failover support.
Type the number of seconds in the Reconnection interval text box. The default value is 30. 6. Type the backup HP EFS WAN Accelerator’s IP address in the Other Appliance’s In-path IP Address text box. 7. Apply and save the new configuration in the Management Console. 8. Begin optimization. View performance reports and system logs in the Management Console. Basic Steps (Server-Side) The server-side HP EFS WAN Accelerator is configured as an in-path device.
Figure 2-4. In-Path, Two Routing Points Deployment 2 - IN-PATH DEPLOYMENTS Basic Steps (Client-Side) Perform the following steps on each client-side HP EFS WAN Accelerator. 1. Configure the HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP EFS WAN Accelerator Installation and Configuration Guide. 2. Connect to the Management Console to verify your configuration. For detailed information, see the HP EFS WAN Accelerator Management Console User Guide. 3.
This deployment is useful in environments where most of the server-side traffic is out-of-path but there are applications that originate on the server-side that require optimization (for example, backup software, software distribution suites, or other similar applications). The following figure illustrates a server-side subnet where the HP EFS WAN Accelerator is deployed to provide data center clients with optimized data. Figure 2-5.
In-Path, Server-Side, One to One Deployment The following figure illustrates the server-side of the network. Figure 2-6. In-Path, Server-Side, One to One Deployment HP EFS WAN Accelerator HP EFS WAN Accelerator Basic Steps (Client-Side) The client-side HP EFS WAN Accelerator is configured as an in-path device. For detailed information, see the HP EFS WAN Accelerator Installation and Configuration Guide.
On HP EFS WAN Accelerator B, specify HP EFS WAN Accelerator B as the backup (other) and specify the in-path IP address of HP EFS WAN Accelerator A as the master IP address. Figure 2-7. Setup: Advanced Networking - Failover Settings Page 5. Under Automated Online Datastore Settings, click Enable Automated Online Datastore Synchronization. Select Master or Backup from the Current Appliance is the drop-down list. Type a port number in the Synchronization Port text box. The default value is 7744.
In This Chapter 3 - LOGICAL IN-PATH NETWORK DEPLOYMENTS CHAPTER 3 Logical In-Path Network Deployments This chapter describes logical in-path deployments and summarizes the basic steps for configuring them. This chapter includes the following sections: “Introduction to Logical In-Path Deployments,” next “In-Path, Load Balanced, Layer-4 Switch” on page 30 This chapter assumes you are familiar with the HP EFS WAN Accelerator Management Console (Management Console).
Layer-4 Switch. You enable Layer 4 switch (or server load-balancers) support when you have multiple HP EFS WAN Accelerators in your network to manage large bandwidth requirements. Hybrid. A hybrid deployment is a deployment in which the HP EFS WAN Accelerator is both in-path and out-of-path.
The following figure illustrates the server-side of the network where load balancing is required. Figure 3-1. In-Path, Load-Balanced, Layer-4 Switch Deployment 3 - LOGICAL IN-PATH NETWORK DEPLOYMENTS Basic Steps (Client-Side) The client-side HP EFS WAN Accelerator is configured as an in-path device. For detailed information, see the HP EFS WAN Accelerator Installation and Configuration Guide. Basic Steps (Server-Side) Perform the following steps for each HP EFS WAN Accelerator in the cluster. 1.
On HP EFS WAN Accelerator B, plug the straight-through cable into the WAN port of the HP EFS WAN Accelerator and the Layer-4 switch. 5. Connect to the Management Console. For details see the HP EFS WAN Accelerator Management Console User Guide. 6. Navigate to the Setup: Optimization Service - General Settings page in the Management Console. 7. Enable Layer-4 switch support. For example: Click Enable In-Path Support and Enable L4/PBR/WCCP Support on Interface wan0_0. Figure 3-2.
In This Chapter 4 - OUT-OF-PATH NETWORK DEPLOYMENTS CHAPTER 4 Out-of-Path Network Deployments This chapter describes out-of-path deployments and summarizes the basic steps for configuring them.
Typically, in an out-of-path deployment, the client-side HP EFS WAN Accelerator is configured as an in-path device, and the server-side HP EFS WAN Accelerator is configured as an out-of-path device. Figure 4-1. Physical Out-of-Path Deployment Out-of-Path, Failover Deployment An out-of-path, failover deployment serves networks where an in-path deployment is not an option. This deployment is cost effective, simple to manage, and provides redundancy.
The following figure illustrates the server-side of the network where two HP EFS WAN Accelerators are deployed in an out-of-path configuration to ensure that data continues to be optimized if there is an error in the system. Basic Steps (Client-Side) 4 - OUT-OF-PATH NETWORK DEPLOYMENTS Figure 4-2.
3. Navigate to the Setup: Optimization Service - In-Path Rules page in the Management Console. Figure 4-3. Setup: Optimization Service - In-Path Rules Page 4. To enable failover support for the out-of-path HP EFS WAN Accelerators, define a fixed-target rule that points to the main and backup targets. For example: Type the out-of-path, server-side HP EFS WAN Accelerator IP address and port in the Target Appliance IP and Port text boxes.
Out-of-Path, Static Cluster Deployment The following figure illustrates a deployment where two HP EFS WAN Accelerators are configured as out-of-path devices on the server-side of the network and there are static clusters with in-path HP EFS WAN Accelerators on the client-side of the network. Figure 4-4. Static Cluster Deployment HP EFS WAN Accelerator HP EFS WAN Accelerator Basic Steps (Client-Side) Perform the following steps for each HP EFS WAN Accelerator on the clientside of the network. 1.
In the Southern region, for all HP EFS WAN Accelerators in the set, define HP EFS WAN Accelerator 2 as the fixed target for servers in Subnet S. Figure 4-5. Setup: Optimization Service - In-Path Rules, Fixed Target Page 5. Apply and save the new configuration in the Management Console. 6. Begin optimization. View performance reports and system logs in the Management Console.
The following figure illustrates the client-side of the network where the HP EFS WAN Accelerator is configured as both an in-path and out-of-path device. Figure 4-6. Hybrid: In-Path and Out-of-Path Deployment 4 - OUT-OF-PATH NETWORK DEPLOYMENTS Basic Steps (Client-Side) Perform the following steps for the HP EFS WAN Accelerator. 1. Configure the HP EFS WAN Accelerator as an in-path and out-of-path device. For detailed information, see the HP EFS WAN Accelerator Installation and Configuration Guide. 2.
3. Navigate to the Setup: Optimization Service - In-Path Rules page in the Management Console. Figure 4-7. Setup: Optimization Service - In-Path Rules Page 4. Define in-path, fixed-target rules for traffic you want to optimize. For example: 40 Select start, end, or a rule number from the Insert Rule At drop-down list to insert a rule in the Rules list. When you specify a particular rule number, the rule is placed after the rule number you specified and before the default auto-discover rule.
If you have a backup, out-of-path HP EFS WAN Accelerator in your system (failover support), type the IP address and port for the backup appliance in the Backup Appliance IP and Port text boxes. Use the following format: 0.0.0.0/0. The default port is 7810. 6. Begin optimization. View performance reports and system logs in the Management Console. Basic Steps (Server-Side) The server-side HP EFS WAN Accelerator is configured as an out-of-path device.
42 4 - OUT-OF-PATH NETWORK DEPLOYMENTS
In This Chapter 5 - CONFIGURING CONNECTION FORWARDING CHAPTER 5 Configuring Connection Forwarding This chapter describes how to deploy the HP EFS WAN Accelerator in asymmetric server-side networks using connection forwarding.
If you have one path (through HP EFS WAN Accelerator-2) from the client to the server and a different path (through HP EFS WAN Accelerator-3) from the server to the client, you need to enable in-path connection forwarding and configure the HP EFS WAN Accelerators to communicate with each other. These HP EFS WAN Accelerators are called neighbors and exchange connection information to redirect packets to each other. Figure 5-1.
If one of the neighbor HP EFS WAN Accelerators reaches its optimization capacity limit, that HP EFS WAN Accelerator will not accept new connections, but it redirects packets to other neighbors for optimization. One-to-One Failover Deployment To ensure optimization in the event of a failure, a backup HP EFS WAN Accelerator can be added to each neighbor HP EFS WAN Accelerator in a oneto-one failover configuration.
Configuring Connection Forwarding The following section describes the basic steps for configuring connection forwarding. You can configure connection forwarding using the Management Console or the HP EFS WAN Accelerator command-line interface (CLI). Configuring Connection Forwarding Using the Management Console The following section describes the basic steps for enabling and configuring connection forwarding using the Management Console.
1. Configure the server-side HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP EFS WAN Accelerator Installation and Configuration Guide. 3. Navigate to the Setup: Advanced Networking - Connection Forwarding page in the Management Console. 4. Configure each of the neighbors by specifying the in-path IP address for the neighbor HP EFS WAN Accelerator. Figure 5-4.
6. Restart the HP EFS WAN Accelerator service in the Setup: Start/Stop Services page. 7. Begin optimization. View performance reports and system logs in the Management Console. Configuring Connection Forwarding Using the CLI The following section describes how to enable and configure connection forwarding using the CLI. To configure connection forwarding you enable the feature and define the HP EFS WAN Accelerator neighbors on each of the server-side HP EFS WAN Accelerators in the network.
In This Chapter 6 - POLICY-BASED ROUTING DEPLOYMENTS CHAPTER 6 Policy-Based Routing Deployments This chapter describes how to configure the Policy-Based Routing (PBR) to redirect traffic to an HP EFS WAN Accelerator or group of HP EFS WAN Accelerators.
Introduction to PBR PBR is a router configuration that allows you to define policies to route packets instead of relying on routing protocols. It is enabled on an interface basis and packets coming into a PBR-enabled interface are checked to see if they match the defined policies. If they do match, the packets are applied as the rule defined for the policy. If they do not match, packets are routed based on the usual routing table. The rules redirect the packets to a specific IP address.
Configuring PBR Using the CLI The following section describes how to configure PBR using the HP EFS WAN Accelerator command-line interface (CLI). Figure 6-1. Client-Side, HP EFS WAN Accelerator Attached to a Router The client-side router has a fastEthernet 0/0 interface attached to the Layer-2 switch and fastEthernet0/1 attached to the HP EFS WAN Accelerator. The server-side router has a fastEthernet0/0 interface attached to the Layer-2 switch.
client-SH (config) # ip in-path-gateway 10.2.0.1 client-SH (config) # in-path rule fixed-target dstaddr dstport 135 target-addr 10.1.0.3 client-SH (config) # in-path rule fixed-target dstaddr dstport 139 target-addr 10.1.0.3 client-SH (config) # in-path rule fixed-target dstaddr dstport 445 target-addr 10.1.0.3 client-SH (config) # in-path rule fixed-target dstaddr dstport 21 target-addr 10.1.0.3 client-SH (config) # in-path rule fixed-target dstaddr dstport 80 target-addr 10.1.0.
The following section describes the basic steps for configuring PBR using the Management Console. Basic Steps (Client-Side) Perform the following steps for each client-side HP EFS WAN Accelerator. 1. Configure the HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP EFS WAN Accelerator Installation and Configuration Guide. 2. Connect to the Management Console. For detailed information, see the HP EFS WAN Accelerator Installation and Configuration Guide. 3.
6. Define fixed-target, in-path rules to reach the remote network through the remote out-of-path HP EFS WAN Accelerator. Figure 6-3. Setup: Optimization Service - In-Path Rules Page 7. Apply and save the new configuration in the Setup: Configuration Manager page. 8. Restart the HP EFS WAN Accelerator service in the Setup: Start/Stop Services page. 9. Begin optimization. View performance reports and system logs in the Management Console.
Client-Side HP EFS WAN Accelerator Attached to a Router through a Switch Figure 6-4. Client-Side HP EFS WAN Accelerator Attached to a Router through a Switch Basic Steps (Client-Side) Perform the steps for “Basic Steps (Client-Side)” on page 51. Basic Steps (Server-Side) Perform the steps for “Basic Steps (Server-Side)” on page 52.
Client-Side HP EFS WAN Accelerator Attached to an Inside Router In this deployment, PBR is enabled on the router interface connected to the Layer-2 switch that redirects traffic to the HP EFS WAN Accelerator. The same PBR rules should not be enabled on the WAN router (or any other router on the way to the WAN). Figure 6-5. Client-Side HP EFS WAN Accelerator Attached to an Inside Router Basic Steps (Client-Side) Perform the steps for “Basic Steps (Client-Side)” on page 51.
In this configuration, the HP EFS WAN Accelerator is attached to any Layer-2 switch that the router can reach (even the same switch as the clients). VLAN trunking is enabled between the Layer-2 switch and the PBR router (not on the link between the HP EFS WAN Accelerator and the switch). To configure the HP EFS WAN Accelerator Use the procedures in “Basic Steps (Client-Side)” on page 51. With a single subnet configuration, the route-map is attached to a VLAN interface instead of an ethernet interface.
Symmetric HP EFS WAN Accelerator Deployments With PBR In the case where clients and servers are on both sides of the WAN, PBR can be configured on both sides of the network where each router has the reversed rules of the other router. Figure 6-7. Symmetric HP EFS WAN Accelerator Deployments with PBR For this example, assume that clients, servers, and HP EFS WAN Accelerators are all on a separate VLANs and the Layer-2 switch is attached to the router fastEthernet0/0 interface.
2. On the right HP EFS WAN Accelerator, at the system prompt, enter the following set of commands: IMPORTANT: You must save your changes to memory and restart the HP EFS WAN Accelerator service for your changes to take effect. To configure the Cisco router 1. On the left router, at the system prompt, enter the following commands: TIP: Enter configuration commands, one per line; end with CTRL-Z. Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z.
2. On the right router, at the system prompt, enter the following set of commands: Router#configure terminal Router(config)#interface fastEthernet 0/0.1 Router(config-subif)#encapsulation dot1Q 1 Router(config-subif)#ip address 10.1.1.1 255.255.255.0 Router(config-subif)#ip policy route-map TrafficToLeftS Router(config-subif)#exit Router(config)#interface fastEthernet 0/0.2 Router(config-subif)#encapsulation dot1Q 2 Router(config-subif)#ip address 10.1.2.1 255.255.255.
In This Chapter 7 - WCCP DEPLOYMENTS CHAPTER 7 WCCP Deployments This chapter describes how to configure the Web Cache Communication Protocol (WCCP) to redirect traffic to an HP EFS WAN Accelerator or group of HP EFS WAN Accelerators.
Introduction to WCCP WCCP was originally implemented on Cisco routers, multi-layer switches, and web caches to redirect HTTP requests to local web caches (Version 1). Version 2, which is implemented on HP EFS WAN Accelerators, can redirect any type of connection from multiple routers to multiple web caches.
Unicast (User Datagram Protocol Packets). The HP EFS WAN Accelerator is configured with the IP address of each router. If additional routers are added to the service group, they must be added on each HP EFS WAN Accelerator. Multicast. The HP EFS WAN Accelerator is configured with a multicast group. If additional routers are added, you do not need to add or change configuration settings on the HP EFS WAN Accelerators. All Transmission Control Traffic (TCP) traffic is redirected by default.
1. Create a service group on the router and set the router to redirect traffic to the HP EFS WAN Accelerator using WCCP on the interfaces where traffic goes. 2. Attach the WAN interface of the HP EFS WAN Accelerator to the network. The WAN interface must be able to communicate with the switch or router where WCCP is configured and where WCCP redirection will take place. 3. Configure the HP EFS WAN Accelerator to be an in-path device with WCCP support on the client-side. For example, in-path oop enable. 4.
Specifies the service group identification number (ID) (from 0 to 255). The service group ID is the number that is set on the router. A value of 0 specifies the standard http service group which redirects only HTTP traffic. router The router IP is a multicast group IP address or a unicast router IP address. A total of 32 routers can be specified.
A Basic WCCP Configuration This section describes how to configure a router and the HP EFS WAN Accelerator to use WCCP to redirect traffic in a single subnet using the CLI. You can also use the Management Console to configure the HP EFS WAN Accelerator to use WCCP. The server-side is assumed to be out-of-path. Figure 7-2.
To configure the WCCP router • At the system prompt, enter the following set of commands: Router> enable Router# configure terminal Router(config)# ip wccp version 2 Router(config)# ip wccp 90 Router(config)# interface fastEthernet 0/0 Router(config-if)# ip wccp 90 redirect in Router(config-if)# end Router# TIP: Enter configuration commands, one per line. End with CRTL-Z. The service group 90 must be defined and configured on the HP EFS WAN Accelerator.
client-SH 10.2.0.2 client-SH 10.2.0.2 client-SH 10.2.0.2 client-SH client-SH client-SH (config) # in-path rule fixed-target port 445 target-addr (config) # in-path rule fixed-target port 21 target-addr (config) # in-path rule fixed-target port 80 target-addr (config) # in-path rule pass-through (config) # write memory (config) # exit Now add the service group to the HP EFS WAN Accelerator so that the router starts redirecting packets.
4. To enable external traffic redirection click Enable In-Path Support, Enable L4/PBR/WCCP Support on Interface wan0_0, and Enable Optimization on Interface inpath0_0. Figure 7-3. Setup: Optimization Service - General Settings Page 7 - WCCP DEPLOYMENTS 5. Enable WCCP on your router. 6. Navigate to the Setup: Advanced Networking - WCCP Groups page. Figure 7-4.
7. Define the service group: specify the service group identification number, the router IP address, password, priority, weight, and encapsulation scheme, and optionally, global settings. 8. Click Add Group to display your new group in the Service Group list. 9. Under WCCP v2 Global Settings, click Enable WCCP v2 Support. 10. Click Update Settings to enable WCCP v2 support. 11. Double-click the new service group name to display the Setup: Service, WCCP Groups, Service Group page. 12.
13. Save and apply the new configuration in the Management Console. 14. Restart the HP EFS WAN Accelerator service in the Setup: Start/Stop Service page. To define in-path rules to reach the serverside appliance 15. Navigate to the Setup: Optimization Service - In-Path Rules page in the Management Console. 16. Define a fixed-target rule to optimize traffic on the server-side HP EFS WAN Accelerator with port 135. Figure 7-6.
17. Repeat Step 4 for ports 139, 445, 21, and 80. 18. To pass through all other traffic, define a pass-through rule on the serverside HP EFS WAN Accelerator. Figure 7-7. Setup: Optimization Service - In-Path Rules Page 19. Save and apply the new configuration in the Setup: Configuration Manager page. 20. Begin optimization. View performance reports and system logs in the Management Console. Basic Steps (Server-Side) 72 The server-side HP EFS WAN Accelerator is configured as an out-of-path device.
Dual WCCP Deployment Figure 7-8. Dual WCCP Deployment Traffic between client and server passes through the two routers. When each router is configured with a WCCP service group, all traffic is redirected to pass through the corresponding HP EFS WAN Accelerators as it transits the router, enabling the HP EFS WAN Accelerators to optimize the connections. Autodiscovery functions correctly—each HP EFS WAN Accelerator sends and receives traffic as if they were using an in-path configuration.
version 12.3 service timestamps debug datetime localtime show-timezone service timestamps log datetime localtime show-timezone service password-encryption ! hostname tr3640 ! boot-start-marker boot-end-marker ! logging buffered 4096 errors enable secret 5 $xxxxxxxx ! clock timezone PST -8 clock summer-time PDT recurring no aaa new-model ip subnet-zero ip wccp 90 ! ip cef ip audit po max-events 100 no ftp-server write-enable ! no crypto isakmp enable ! interface FastEthernet0/0 ip address 10.0.26.101 255.
no ip redirects no cdp enable To configure the WCCP (6209) router 7 - WCCP DEPLOYMENTS ! no ip http server no ip http secure-server no ip classless ip route 10.11.24.0 255.255.255.0 172.20.240.18 ip route 10.11.25.0 255.255.255.0 172.20.240.18 ! no logging trap ! control-plane ! line con 0 line aux 0 line vty 0 4 exec-timeout 0 0 password 7 xxxxxxxx login transport input telnet ! ntp server 10.0.0.2 ! end • At the system prompt, enter the following set of commands: ! version 12.
! !WAN Interface interface Vlan63 ip address 172.20.240.18 255.255.255.252 no ip redirects ip wccp 91 redirect in no mls ip no mls ipx no cdp enable ! ip classless ip route 10.11.21.0 255.255.255.0 172.20.240.17 ip route 10.11.22.0 255.255.255.0 172.20.240.
To set the password for WCCP 1. On the router, at the system prompt, enter the following command: Router(config)# ip wccp 90 password client-SH (config) # wccp service-group 90 routers 10.1.0.1 password NOTE: The same password must be set on the HP EFS WAN Accelerator and the router. Multicast If you add multiple routers and HP EFS WAN Accelerators to a service group, you can configure them to exchange WCCP protocol messages through a multicast group.
NOTE: You do not need to configure source and destination ports on the router. To configure TCP port redirection • On the client-side HP EFS WAN Accelerator, at the system prompt, enter the following command: client-SH (config) # wccp service-group 90 routers 10.1.0.1 flags portsdestination ports 135,139,445,21,80 Specific Traffic Redirection If redirection is based on traffic characteristics other than ports, Access Control Lists (ACLs) on the router can define what traffic is redirected.
Failover Support You can also provide failover support using WCCP. In a failover configuration, the HP EFS WAN Accelerators periodically announce themselves to the routers. If an HP EFS WAN Accelerator fails, traffic is redirected to the working HP EFS WAN Accelerators. To configure failover support, you simply define the weight to be 0 on the backup HP EFS WAN Accelerator. For detailed information, see “WCCP CLI Commands” on page 64.
80 7 - WCCP DEPLOYMENTS
In This Chapter Proxy File Service Deployments This chapter describes Proxy File Service (PFS) support and provides the basic steps for configuring PFS. This chapter includes the following sections: “Introduction to PFS,” next “PFS Terms” on page 82 “How Does PFS Work?” on page 83 “When to Use PFS” on page 85 “Configuring PFS Using the Management Console” on page 87 This chapter assumes you are familiar with the HP EFS WAN Accelerator Management Console (Management Console).
Continuous access to files in the event of WAN disruption. In the event of a network disruption that prevents access over the WAN to the origin server, files can still be accessed on the local HP EFS WAN Accelerator. PFS requires an HP EFS WAN Accelerator DL320-1010, DL320-2010, DL380-3010, or DL380-5010. These models have extra disk capacity that is utilized when PFS is enabled.
Description Security Signature Specifies the definition for Windows SMB signing on your client machine. Enabling PFS restricts SMB signing: • Disabled. This is the default value. If the client has security signatures set to required, PFS will not function. This setting assumes that clients are not using security signatures. • Enabled. If the client has security signatures set to enabled, PFS is supported. If not, PFS continues to function in any case. • Required.
The proxy-file server can export data volumes in local mode and broadcast mode. After receiving the initial copy of the data and ACL, the shares can then be made available to local clients. Local client’s shares will periodically be synchronized with the origin server and vice versa depending on the PFS mode appropriate to your configuration.The HP EFS WAN Accelerator uses Scalable Data Referencing (SDR) during the synchronization process which optimizes the traffic.
CAUTION: Do not make changes to the shared files on the origin server while in Local mode. In Local mode, the HP EFS WAN Accelerator overwrites data on your origin server. The HP EFS WAN Accelerator copy of the data is considered the master copy. Stand-Alone Mode. Provides read-write access to data on a branch office HP EFS WAN Accelerator. There may or may not be an origin server at the data center with which the share has to synchronize data to.
Because file and record locking is directed between the client and the server, the native-file system, operating system, and network file system protocols protect the data from concurrent access by multiple users.The HP EFS WAN Accelerator always consults the origin server in response to a client request, it never provides a proxy response or data from its data store without consulting the origin server. If these constraints present an issue to the your network environment, then you should not enable PFS.
Configuring PFS Using the Management Console Basic Steps for Broadcast Mode The following section describes the basic steps for configuring PFS in Broadcast mode. In Broadcast mode, the share originates on the origin server and a read-only copy is available as a share on the HP EFS WAN Accelerator. The data is updated periodically on the HP EFS WAN Accelerator with the data from the origin server. You specify the frequency of updates (synchronization) when you configure a share. 1.
Figure 8-2. Setup: Proxy File Service - Configuration Page. 7. Optionally, type a domain controller name if it has not appeared automatically in the Domain Controller Name text box. NOTE: Typically, with Windows 2000 Active Directory Service domains, the system automatically retrieves the domain controller name. You must specify the domain controller if it is located across the WAN. 8.
11. Under Security Signature Settings, select Enabled, Disabled, or Required from the Security Signature drop-down list and click Update Security Signature Settings. 13. Retype the local administrator password in the Confirm text box and click Update Administrator Settings. 14. Under Enable/Disable Proxy File Service, click Enable PFS to enable the PFS. To disable the PFS, click Disable PFS. 15. Click Save to write your settings to memory or click Reset to return the settings to their previous values. 16.
Figure 8-3. Setup: Proxy File Service - Shares Page 21. Specify the local name, local mode, remote path, server name, port, and synchronization frequency and click Add Share. 22. In the Shares list check the Sync check box and click Update Shares (that is, to download the initial copy of the share from the origin server to the HP EFS WAN Accelerator).
Figure 8-4. Initializing and Accessing Shares 8 - PROXY FILE SERVICE DEPLOYMENTS TIP: You access a share from using the Uniform Naming Convention (UNC) for the mapped drive. For example, \\\. 23. Click the Sharing check box and click Update Shares to make the share available to end users for mounting. End users will be able to read and write to the mounted share. 24. Click Save to write your settings to memory or click Reset to return the settings to their previous values.
TIP: If you modify share information in the Shares List, click the magnifying glass for the share you want to modify to display the Proxy File Services - Shares - Detailed Settings page. Modify the data and click Update Shares to refresh the Shares list with your changes. 25. Navigate to the Setup - Configuration Manager page to apply and save the new configuration to memory. If you do not save your configuration changes to memory, your defined proxy-file shares will become orphaned.
5. Under Proxy File Service Configuration, define the domain name, login, and password; click Update Settings. You are notified if the HP EFS WAN Accelerator successfully joined the domain. Figure 8-5. Setup: Proxy File Service - Configuration Page. 8 - PROXY FILE SERVICE DEPLOYMENTS 6. Under Security Signature Settings, select Enabled, Disabled, or Required from the Security Signature drop-down list and click Update Settings. 7.
12. Under Optimization, click Restart Service to restart the HP EFS WAN Accelerator service. 13. Under PFS, click Start Service to start the PFS service. TIP: Select Automatic, or Manual from the Startup drop-down list to specify whether you want the service to start automatically with start-up or manually each time you use PFS. 14. Navigate to the Setup: Configuration Manager page and save your changes to memory. 15.
CAUTION: In Local mode, the HP EFS WAN Accelerator overwrites data on your origin server. The HP EFS WAN Accelerator copy of the data is considered the master copy. NOTE: When performing the initial synchronization, or when changing large amounts of data, your bandwidth utilization and other graphs may show pockets of inactivity. This is by design. Figure 8-7. Accessing and Initializing Shares 19.
TIP: You access a share from using the UNC for the mapped drive. For example, \\\.Enable sharing on the HP EFS WAN Accelerator: click the Sharing check box and click Update Shares to make the share available to end users for mounting. End users will be able to read and write to the mounted share. 20. Click Save to write your settings to memory or click Reset to return the settings to their previous values. 21.
In This Chapter 9 - RADIUS AND TACACS+ AUTHENTICATION CHAPTER 9 RADIUS and TACACS+ Authentication This chapter describes how to configure Remote Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System (TACACS+) authentication for the HP EFS WAN Accelerator.
The HP EFS WAN Accelerator does not have the ability to set a per interface authentication policy. The same authentication method list is used for all interfaces (that is, default). You cannot configure authentication methods with subsets of the RADIUS or TACACS+ servers specified (that is, there are no server groups).
Configuring a RADIUS Server with FreeRADIUS The directory /usr/local/share/freeradius is where the dictionary files are stored. This is where RADIUS attributes can be defined. Assuming the vendor does not have established dictionary file in the FreeRADIUS distribution, you begin the process by creating a file called: dictionary.. The contents of the dictionary.
The secret you specify here must also be specified in the HP EFS WAN Accelerator when you set up RADIUS server support. For detailed information, see the HP EFS WAN Accelerator Management Console User Guide. 3. In a text editor, create a /usr/local/share/freeradius/dictionary.rbt file for HP. 4. Add the following text to the dictionary.rbt file. VENDOR ATTRIBUTE RBT Local-User 17163 1 string RBT 5. Add the following line to the /usr/local/share/freeradius/dictionary: $INCLUDE dictionary.rbt 6.
2. At your system prompt, enter the following set of commands: >tar xvzf tac_plus_v9a.tar.gz >cd tac_plus_v9a >./configure 4. On Linux, in a text editor open the tac_plus.h file and uncomment the #define CONST_SYSERRLIST line. 5. At the system prompt, enter: >make tac_plus 6. As the root user, enter the following command: >make install 7. Add users to the TACACS server by editing the /usr/local/etc/ tac_plus.conf file.
Configuring RADIUS Authentication The following section describes the basic steps for configuring RADIUS authentication in the HP EFS WAN Accelerator. You prioritize RADIUS authentication methods for the system and set the authorization policy and default user. IMPORTANT: Make sure to put the authentication methods in the order in which you want authentication to occur. If authorization fails on the first method, the next method is attempted, and so forth, until all the methods have been attempted.
5. Navigate to the Setup: Authentication - Radius Servers page. Figure 9-2. Setup: Authentication - RADIUS Servers Page 7. Click Save. Configuring TACACS+ Authentication in the HP EFS WAN Accelerator The following section provides the basic steps for configuring TACACS+ authentication in the HP EFS WAN Accelerator. Configuring TACACS+ Authentication The following section describes the basic steps for configuring TACACS+ configuration in the HP EFS WAN Accelerator.
Basic Steps The following section describes the basic steps for configuring TACACS+ authentication in the HP EFS WAN Accelerator. 1. Configure the HP EFS WAN Accelerator. For detailed information, see the HP EFS WAN Accelerator Installation and Configuration Guide. 2. Connect to the Management Console. For detailed information, see the HP EFS WAN Accelerator Installation and Configuration Guide. 3. Navigate to the Setup: Authentication - General Settings page in the Management Console. 4.
6. Specify the Server IP address, the authentication port, server key, time-out interval, retry interval, and, optionally, global settings. Figure 9-4. Setup: Authentication - TACACS+ Servers Page 9 - RADIUS AND TACACS+ AUTHENTICATION 7. Click Save.
106 9 - RADIUS AND TACACS+ AUTHENTICATION
In This Chapter Serial Cluster and Cascade Deployments This chapter describes serial cluster and cascade deployments and summarizes the basic steps for configuring them. This chapter includes the following sections: “Serial Cluster Deployment,” next “Cascade Deployment” on page 111 This chapter assumes that you are familiar with the HP EFS WAN Accelerator Management Console (Management Console).
Serial Cluster Deployment You can provide increased optimization by deploying several HP EFS WAN Accelerators back-to-back in an in-path configuration to create a serial cluster. Serial clustering operates in a spill-over mode where TCP connections beyond the capacity limit of one of the HP EFS WAN Accelerators in the cluster are automatically handled by the next HP EFS WAN Accelerator in a cluster. If one HP EFS WAN Accelerator fails, the next HP EFS WAN Accelerator automatically take over. Figure 10-1.
A Basic Serial Cluster Deployment The following example illustrates how to configure a cluster of three in-path HP EFS WAN Accelerators in a data center. Figure 10-2. Serial Cluster in a Data Center 10 - SERIAL CLUSTER AND CASCADE DEPLOYMENTS This example has the following parameters: HP EFS WAN Accelerator1 IP address is 10.0.1.1 on a /16 HP EFS WAN Accelerator2 IP address is 10.0.1.2 on a /16 HP EFS WAN Accelerator3 IP address is 10.0.1.
To configure HP EFS WAN Accelerator2 1. On HP EFS WAN Accelerator2, connect to the CLI. For detailed information, see the HP EFS WAN Accelerator Command-Line Interface Reference Manual. 2.
Cascade Deployment Figure 10-3. Cascade Deployment When the Client connects to a server in Site B, HP EFS WAN Accelerator1 and HP EFS WAN Accelerator2 are optimizing the connection. When the Client connects to a server in Site C, HP EFS WAN Accelerator1 and HP EFS WAN Accelerator3 are optimizing the connection. The following rules apply to cascade deployments: Peering Rules A cascade deployment can be created on either the client side or on the server side.
This example has the following parameters: SH2 SH2 SH2 SH2 SH2 SH2 Server1 IP address is 10.0.2.2 on a /24 > enable # configure terminal (config) # in-path peering rule pass rulenum 1 (config) # in-path peering rule auto dest 10.0.2.0/24 rulenum 1 (config) # in-path rule pass-though dstport 7800 rulenum 1 (config) # wr mem SH2 (config) # show in-path peering rules Rule Type Source Network Dest Network Port Peer Addr ----- ---- - - ---- ------------------ ------------------ ------------1 auto * 10.0.2.
GLOSSARY Glossary ARP. Address Resolution Protocol. An IP protocol used to obtain a node's physical address. Bandwidth. The upper limit on the amount of data, typically in kilobits per second (kbps), that can pass through a network connection. Greater bandwidth indicates faster data transfer capability. Bit. A Binary digit. The smallest unit of information handled by a computer; either 1 or 0 in the binary number system. Blade.
FDDI. Fiber Distributed Data Interface. A set of American National Standards Institute (ANSI) protocols for sending digital data over fiber optic cable. FDDI networks are token-passing networks, and support data rates of up to 100 Mbps (100 million bits) per second. FDDI networks are typically used as backbones for Wide-Area Networks (WANs). Filer. An appliance that attaches to a computer network and is used for data storage. Gateway.
Interface. The point at which a connection is made between two elements, systems, or devices so that they can communicate with one another. Internet. The collection of networks tied together to provide a global network that use the TCP/IP suite of protocols. IP address. In IP version 4 (IPv4), a 32-bit address assigned to hosts using the IP protocol. Also called an Internet address. IPsec. Internet Protocol Security Protocol. A set of protocols to support secure exchange of packets at the IP layer.
NIS. Network Information Services. A naming service that allows resources to be easily added, deleted or relocated. OSPF. Open Shortest Path First. An interior gateway routing protocol developed for IP networks based on the shortest path first or link-state algorithm. Routers use link-state algorithms to send routing information to all nodes in an internetwork by calculating the shortest path to each node based on a topography of the Internet constructed by each node.
A Architecture, overview of 13 Authentication, overview of 97 Auto-discovery rules, overview of 17 INDEX Index load balanced, Layer-4 switch deployment, configuring 30 overview of 29 WCCP, overview of 30 B Bypass mode, overview of 17, 18 M Multicast in WCCP 63 C Cascade clusters, overview of 111 Connection forwarding configuring using the CLI 48 configuring using the Management Console 46 failover deployment, configuring 45 neighbors in 44 overview of 43 Contacting HP 10 N Neighbors, overview of 44
overview of 16 server-side, configuring 25 server-side, one to one, configuring 27 two routing points, configuring 24 R RADIUS configuring a RADIUS server 99 configuring the appliance 101 overview of 97 Related reading 10 S Scalable Data Referencing, overview of 14, 17 Serial cluster, configuring 109 Static cluster deployment, configuring 37 T TACACS+ configuring a TACACS+ server 100 configuring in the appliance 103 overview of 97 Transaction Acceleration, overview of 14 Transaction Prediction, overview of