Citrix WANScaler Accelerating Application Delivery to Branch Offices

1
Citrix WANScaler Accelerating Application
Delivery to Branch Offices

• Florian Becker
• Architect, Citrix Systems, Inc.
• David Wight
• Escalation Engineer, Citrix Systems, Inc.

2
Non Disclosure Agreement

• This presentation is confidential. By virtue of
  your relationship with Citrix, you are bound to
  retain in confidence all information in this
  presentation.

3
Agenda

• Example Sites and Deployments
• Citrix WANScaler In-Depth Technical Discussion
• Deployment Scenarios and Best Practices
• Getting Started and Troubleshooting

4
Agenda

• Example Sites and Deployments
• Citrix WANScaler In-Depth Technical Discussion
• Deployment Scenarios and Best Practices
• Getting Started and Troubleshooting

5
Example Sites and Deployments

• A Natural Resources Exploration Company
• 31 Mbps line
• Utilization increased from 2 to 81
• Workflow wait time from 2 hours to 5 minutes
• ROI in less than 4 months
• A Major Electronics Manufacturer
• Collaboration between western US and Asia
• Response time from more than 24 hrs to minutes
• Large file sizes (previously copied to tape and
  shipped)
• Other Customers Across Many Verticals
• Utilization improvements between 6x and 100x

6
Six Keys to Successful Application Delivery
Citrix NetScaler Deliver Web Applications
Citrix Presentation Server Deliver Windows
Applications
Citrix EdgeSight Monitor End User Experience
Citrix WANScaler Accelerate Apps to Branch Users
Citrix Access Gateway Enable Secure Application A
ccess
Citrix Desktop Server Deliver Desktops
7
Application Delivery Buying Dynamics
Apps
Users
CIO, CTOVP of Infrastructureresponsible for
the performance, security and cost of all apps
8
Agenda

• Example Sites and Deployments
• Citrix WANScaler In-Depth Technical Discussion
• Deployment Scenarios and Best Practices
• Getting Started and Troubleshooting

9
Product Overview

• WANScaler areas of operation
• TCP Flow Control
• Multi-Level Compression
• Protocol Optimization

10
Flow Control
11
Typical TCP Flow Control

• Flow Control
• TCP does not know what the bandwidth of the link
  is!

Ethernet LAN, 10Mb/s, low latency and loss
x
x
1
x
x
x
x
x
x
x
x
x
1 TCP Slow Start - packet sending rate is
increased after each round trip. 2 TCP
Congestion Control -Packet Loss penalty sending
rate cut by 50.
Slow Start
Performance (Mbs)
Congestion Control Algorithm
2
Time (MilliSeconds)
X packet loss
12
TCP On the WAN
T3, 45Mb/s, high latency and loss
1 High latency means a slower recovery period
during congestion control. 2 Feedback (packet
loss) is too infrequent and ambiguous to be
accurate.
x
2
x
x
1
Slow Start
Performance (Mbs)
Congestion Control
Time (MilliSeconds)
X packet loss
13
TCP On the WAN
1.
x
Short Distance
x
x
x
x
x
x
x
x
x
x
Slow Start
Performance (Mbps)
Long Distance
X packet loss
Time (Milliseconds)

• 1. TCP Distance Bias
• Short distance sessions may have packet loss but
  recover quickly
• Long distance sessions are impacted by packet
  loss but recover slowly
• 2. The Result is Low Throughput and Random
  Application Delays

14
Typical WAN Communication
120
ms
Switch
Switch
WAN Router
WAN Router
WAN Router
WAN Router
WAN
WAN
Server
Client
15
Typical WAN Communication
120
ms
Switch
Switch
WAN Router
WAN Router
WAN Router
WAN Router
WAN
WAN
Server
Client
SYN
16
Typical WAN Communication
120
ms
Switch
Switch
WAN Router
WAN Router
WAN Router
WAN Router
WAN
WAN
Server
Client
SYN
SYN

ACK
ACK
17
Typical WAN Communication
120
ms
Switch
Switch
WAN Router
WAN Router
WAN Router
WAN Router
WAN
WAN
Server
Client
SYN
SYN

ACK
ACK
HTTP GET
18
Typical WAN Communication
120
ms
Switch
Switch
WAN Router
WAN Router
WAN Router
WAN Router
WAN
WAN
Server
Client
SYN
SYN

ACK
ACK
HTTP GET
ACKData
19
Typical WAN Communication
120
ms
Switch
Switch
WAN Router
WAN Router
WAN Router
WAN Router
WAN
WAN
Server
Client
SYN
SYN

ACK
ACK
HTTP GET
ACKData
ACK
20
TCP Flow Control with WANScaler
21
TCP Flow Control with WANScaler
22
TCP Flow Control with WANScaler
Fast Side
Slow Side
Slow Side
Fast Side
SYN
SYNACK
ACK
HTTP GET
ACK
ACK
ACK
23
WANScaler Flow Control

• Each Segment has its own flow control
• Commonly deployed TCP Windows are 64kB max.
• On the WAN side, WANScaler increases the Window
  to 8MB (RFC 1323)
• WANScaler acknowledges packets on the LAN side,
  so server keeps sending
• Use rate-based sender on the WAN segment. Never
  send faster than the configured link speed

24
WANScaler Flow Control Advantages

• Transparent all three segments use the same IP
  and port numbers as original connection
• Auto-detecting acceleration is only applied to
  connections that flow through two appliances
• Dynamic WANScalers adapt to network conditions.
  Special algorithms make WAN segment efficient
• Fair Queuing on a per-connection basis

25
Fair Queuing
26
Auto Discovery
27
Standard TCP Options

• Standard TCP connections TCP SYN packet includes
  standard options for
• MSS
• Window Scale
• Selective ACK (SACK)

SYN
28
WANScaler TCP Options

• WANScaler changes the standard TCP options and
  parameters as part of the acceleration technology
• Slow Start Disabled on the Slow Side
• Slow Side Window Scale Increased to 8MB

29
WANScaler Auto Discovery

• WANScaler inserts 19 Bytes into the TCP Options
  field to advertise its existence
• Peer WANScaler recognizes TCP options and
  optimization is applied

30
WANScaler Sequence Number

• If one WANScaler fails or packets are routed
  around a WS, the connection should reset
• It is safer to reset the connection than
  potentially allow compression tokens through that
  could be misunderstood.
• Sequence number is changed by adding
  2,000,000,000

31
WANScaler TCP Header Modification

• WANScaler inserts 19 Bytes into the option field
  (options 24-31) sends to remote
• MSS set to 1380 (provides room for header with
  our options)
• TCP Slow start is disabled
• Sequence number is changed by adding 2,000,000,000

WAN
SYN
A
Options WANScaler Options
32
WANScaler TCP Header Modification

• WANScaler strips options and forwards to server
• Preserves new window scale
• Sequence number is changed by adding 2,000,000,000

WAN
SYN
A2,000,000,000
Original Options w/ new window scale
33
WANScaler TCP Header Modification

• Server sends SYN-ACK to WANScaler
• Preserves new window scale
• Sequence number is incremented

WAN
SYN-ACK
B
A2,000,000,001
Original Options w/ new window scale
34
WANScaler TCP Header Modification

• WANScaler sends SYN-ACK across the WAN

WAN
SYN-ACK
B
A2,000,000,001
Options WANScaler Options
35
WANScaler TCP Header Modification

• Client side WANScaler sends SYN-ACK w/ new window
  size and A1 sequence number
• WANScaler specific options are stripped

WAN
SYN-ACK
B2,000,000,000
A1
36
WANScaler TCP Header Modification

• During data transfer, client end station sends
  ACK Client WANScaler Suppresses ACK
• Server side WANScaler sends ACK to Server

WAN
ACK
ACK
37
Bandwidth Modes
38
Bandwidth Management
Unaccelerated Traffic
Accelerated Traffic
39
Bandwidth Modes

• WANScaler can operate in one of two, mutually
  exclusive bandwidth modes
• Softboost
• Hardboost
• Softboost
• Send accelerated connections at speeds up to the
  configured bandwidth limit
• AutoOptimizer maximizes link utilization
• Utilizes smart back-off at times of packet loss

40
Bandwidth Modes

• Hardboost
• Ignores packet loss and sends at configured speed
• More aggressive than softboost
• Performs well on lossy links where high
  throughput is required
• Achieves best pipe fill but not the
  friendliest to other traffic
• Only recommended for known point-to-point links
  do not overdrive the link

41
Counting Bandwidth

• WANScaler has a configurable bandwidth settings
• Bandwidth is limited by the WANScaler license
• There are two, mutually exclusive bandwidth modes
• Partial Bandwidth
• Full Bandwidth
• Manage the relationship of accelerated and
  non-accelerated traffic

42
Bandwidth Management

• Partial Bandwidth
• Non-accelerated traffic counts towards the
  configured bandwidth limit
• Accelerated traffic backs off in light of
  non-accelerated traffic
• Minimum send rate option limits the back-off
• Used when latency-critical, non-accelerated
  traffic flows through WANScaler (such as VoIP)

43
Bandwidth Management

• Full Bandwidth
• WANScaler will use all of the configured
  bandwidth for accelerated traffic
• Non-accelerated traffic may have to back off
• Accelerated and non-accelerated traffic behave as
  if the other were not there. Non-accelerated
  traffic sees variable bandwidth depending on how
  much is used by accelerated traffic.

44
Initial Bandwidth Set-up

• The following are recommendations for initial
  deployments
• Softboost
• Set bandwidth to no more than 96 of the nominal
  bandwidth of the link
• Use the Monitoring Usage Graph page
• Run continuous pings to monitor latency and
  packet loss

45
Multi-Level Compression
46
How Does WANScaler Compression Work?

• Compression
• Replace a large data chunk with a small token.
  Send token instead acts as pointer
• WANScaler Methods
• Disk Based Compression
• Memory Based Compression
• Unlike a web cache, WANScaler is not object or
  file aware. It is only bit stream aware for TCP
  connections.
• The memory overwrites automatically when the
  history is full (FIFO).

47
WANScaler Compression Advantages

• Compression is configurable per service class
  though not required
• WANScaler compression is application independent
• Requires zero configuration
• Automatically chooses the best compression method
  dynamically
• Disk-based compression (DBC)
• Memory-based compression

48
WANScaler Compression vs. Caching

• WANScaler compression
• Server sends data
• WANScaler compresses it at one end of the WAN
• WANScaler decompresses it at the other end of the
  WAN
• Receiver sees the exact same payload bytes that
  the server just sent
• Caching differences
• Caching main purpose is to avoid communication to
  the server.
• WANScaler always talks to server so there is
  never expired/stale/wrong data

49
Multi-Level Compression

• Nested compression engines
• Disk-based compression delivers up to 35001
  compression for disk matches.
• Memory-based compression delivers 3001
  compression for memory matches .
• Zlib
• LZS
• Automatic nothing to configure. WANScaler
  algorithms use the best available based on the
  situation

50
Protocol Optimization
51
What is CIFS?

• Common Internet File System
• Running on top of SMB Server Message Blocks
• CIFS is used for
• Directory Browsing
• File Transfer
• UNC paths
• Open/Read/Write/Close operations
• Common trait
• Many roundtrips per transaction
• Lots of meta data in relation to desired files

52
How Does WANScaler Accelerate CIFS?

• Anticipate requests based on learned behavior
• Read ahead in anticipation of the next data block
• Avoid compressing meta data
• CIFS engine communicates with compression module

53
Configure Settings CIFS
54
Monitoring CIFS Status

• The WANScaler Web GUI can be used to monitor CIFS
  acceleration performance
• Through-put graphs
• List of accelerated connections
• CIFS acceleration is performed entirely by the
  client-side WANScaler.
• The WANScaler closest to the fileserver will not
  show acceleration in graphs.

55
Service Classes
56
Service Classes

• Service Classes categorize different segments of
  the traffic with L3/L4 information
• By TCP Port numbers
• By IP Addresses
• Service Class Policies determine how the traffic
  falling into a Service Class is accelerated
• Flow Control
• Disk Based Compression
• Memory Based Compression
• None

57
Service Classes

• WANScaler comes pre-configured with several
  Service Classes
• Use the Service Class Page to create new Service
  Classes
• Name the Service Class and click Create

58
Service Classes

• Create one or more rules for the Service Class

59
Service Class Policies

• On the Service Class Policy page, move the
  service class up or down in priority
• Service Classes are applied top to bottom on the
  list
• Determine Compression Level and Flow Control

60
WANScaler Areas of Operation

• Flow Control
• Multi-Level Compression
• Protocol Optimization

61
Agenda

• Example Sites and Deployments
• Citrix WANScaler In-Depth Technical Discussion
• Deployment Scenarios and Best Practices
• Getting Started and Troubleshooting

62
Deployment Topologies
63
Inline Mode

• All link traffic passes through WANScaler
• Deployed at the LAN/WAN boundary.
• Traffic cannot bypass the appliance.

64
Inline Mode Accelerating All WAN Traffic
TCP traffic passing through the two WANScalers is
accelerated
65
Inline Mode Accelerating Selected Traffic
66
Inline Mode and VPN
67
Advantages

• Easy to deploy
• No configuration needed on Router or Switch
• All TCP traffic can be accelerated
• Less chance for asymmetry

68
Disadvantages

• Few minutes of downtime needed to cable up
• May not be feasible at customer sites

69
Virtual Inline Mode

• Provides Policy Based Routing or WCCP support
• Uses only one interface
• Connects to a router or switch
• Additional configuration typically needed

70
Policy Based Routing

• Classify Interesting traffic
• Forward to next-hop (WANScaler)

71
Advantages

• Least Intrusive from traffic perspective
• Allows for phased in deployment
• ICMP Health monitoring supported
• use CISCO set ip next-hop command

72
Disadvantages

• More information required
• Routing knowledge and access required
• Room for error

73
Web Cache Communication Protocol(WCCP)

• Often more convenient than PBR deployments
• Supported by most Cisco routers
• IOS 12.x and higher

74
WCCP - How It Works
75
Deployment StepsWAN Router Configuration

• Enable WCCP version 2 and define the WCCP group
  ID for the router

76
Considerations

• IP connectivity required
• Router needs to support WCCP v2
• Troubleshooting requires router access and
  knowledge

77
High-Availability (HA) Support

• Provide fail-over capability for accelerated
  traffic
• Two WANScalers required
• Three IP addresses needed
• 2 for management, 1 for VIP

78
HA Deployment
Stand-by
Active
79
Configure Settings High Availability
80
HA Considerations

• Dont use the management IPs as the virtual IP
• Active and Stand-by units are negotiated
  automatically
• Only non-unique configuration parameters are
  synchronized automatically
• Perform all configuration changes on the active
  WANScaler

81
Group Mode

• Designed for multi-link environments
• Does not change traffic patterns
• Easy to Configure

82
Group Mode How It Works
4
1
A
Legend
2
3
B
5
83
Configure Settings Group Mode
84
Group Mode Considerations

• Uses GRE to forward traffic
• IP connectivity required between WANScalers

85
Agenda

• Example Sites and Deployments
• Citrix WANScaler In-Depth Technical Discussion
• Deployment Scenarios and Best Practices
• Getting Started and Troubleshooting

86
Getting Started
87
Fail-to-Wire (FTW) Functionality

• Engages in the event of failure or power outage
• With relay closed acts like a crossover cable
• Automatic and requires no user configuration

88
Physical Cabling

• Connect cables while WANScaler is powered down

• Test Fail-to-wire card in the WANScaler GUI
• Diagnostic Tools Page

89
Speed and Duplex Settings

• Auto-negotiation supported
• Hard-coded settings are recommended
• Verify Settings
• Switch and/or Router
• WANScaler GUI
• Caution
• If one NIC is hard-coded, other NIC set to Auto,
  the latter will negotiate to 10Mbps Half Duplex

Misconfigured Speed and Duplex settings are the
leading cause of poor performance
90
Initial Setup Assign IP address

• Configure the WANScaler via
• Front LCD panel
• Serial Access

91
GUI Access

• Point web browser to WANScaler IP Address
• Username admin
• Password wanscaler

92
Licensing

• License files are uploaded through the GUI
• System Tools gt Update License

93
Licenses

• WANScalers ship with pre-configured licenses
• If needed, collect the following info
• Serial Number
• MAC Address
• Licensed Bandwidth
• Licensed Features

94
Configure Bandwidth Settings

• Configure Settings Bandwidth Management

95
User Accounts and Services

• Change Administrator password and/or add user
  accounts
• RADIUS and TACACS supported

96
Logs and Alerts

• View Logs through GUI

97
Configure Logging
98
Collecting Log Entries
99
Alerts
100
Alert Configuration
101
Troubleshooting
102
Auto Discovery Challenges

• Traffic and one WANScaler
• May cause latency for user
• In rare circumstances, causes loss of
  connectivity
• Solution
• Exclude traffic via Service Class Policy

103
Unaccelerated Connections

• Some connections are not accelerated

104
Common Unaccelerated Codes
105
Asymmetric Routing
106
Tools Traceroute and Ping

• Ensure traffic flows through both WANScalers in
  both directions

107
Bandwidth Testing

• WANScalers have iPerf built-in
• One WANScaler is the Server the other is the
  client
• Diagnostic gt Diagnostic Tool

108
Bandwidth Testing

• On the second WANScaler, enter the first
  WANScalers IP Address and test duration

109
Bandwidth Testing

• iPerf is available on the Internet
• iPerf can also be run between client and server
  across the WAN
• Check for I/O bottlenecks on client and server

110
Service Classes Strategies

• Focus on the goal target your applications
• Selectively disable non-candidate flows
• Disable compression for encrypted traffic
• Interactive applications use Memory Based
  Compression

111
WANScaler Traces

• Goal Capture the issue
• Tracing Modes
• Header Only (TCP headers only)
• Packet Contents (Full packets and non-TCP
  packets)
• How long?

112
Capturing Traces

• 1. Diagnostic Tool page Tracing Option
• 2. Click on Start Caption changes to Stop
• 3. Click on Stop Then click on Hyperlink to
  download the file

113
Before you leave

• Meet us at the Q Spot! if you have additional
  questions
• For qualifying CSAs Become authorized to sell
  Citrix WANScaler here at Summit!  Take the
  authorization test posted on www.citrixsummit.com
  
• Please provide feedback Session surveys are
  available online at www.citrixsummit.com Tuesday,
  January 30
• Download PowerPoint presentations starting
  Monday, February 5 at www.citrixsummit.com

114
(No Transcript)