- Computers & electronics
- Networking
- Routers
- HP
- StorageWorks Enterprise File Services WAN Accelerator
- User manual
HP StorageWorks Enterprise File Services WAN Accelerator Deployment Guide
Add to my manuals
124 Pages
advertisement
HP StorageWorks
Enterprise File Services WAN Accelerator 2.1.5
deployment guide
*407118-001*
*407118–002*
Part number: 407118–002
Second edition: June 2006
Legal and notice information
© Copyright 2006 Hewlett-Packard Development Company, L.P.
© Copyright 2003–2006 Riverbed Technology, Inc.
Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of Hewlett-Packard.
The information is provided “as is” without warranty of any kind and is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Linux is a trademark of Linus Torvalds in the United States and in other countries.
Microsoft, Windows, Windows NT, Windows 2000, Outlook, and Windows Internet Explorer are trademarks or registered trademarks of Microsoft Corporation in the United States and in other countries.
UNIX is a registered trademark in the United States and in other countries, exclusively licensed through X/Open
Company, Ltd.
Parts of this product are derived from the following software:
Apache © 2000-2003 The Apache Software Foundation. All rights reserved. bsdstr.c, © 1998 Todd C. Miller ([email protected]). All rights reserved.
Busybox, © Eric Andersen
Less © 1984-2002 Mark Nudelman
Libevent, © 2000-2002 Niels Provos. All rights reserved.
LibGD, Version 2.0 licensed by Boutell.Com, Inc.
Libtecla, © 2000, 2001 by Martin C. Shepherd. All rights reserved.
Linux Kernel, © Linus Torvalds md5, md5.cc, © 1995 University of Southern California. All rights reserved. © 1991-2, RSA Data Security, Inc. All rights reserved.
my_getopt.{c,h}, © 1997, 2000, 2001, 2002, Benjamin Sittler. All rights reserved.
NET-SNMP: © 1989, 1991, 1992 by Carnegie Mellon University. All rights reserved.
OpenSSH, © 2002 Nils Nordman. All rights reserved.
ptmalloc © 2001 Wolfram Gloger sSMTP, © Mark Ryan, Hugo Haas, Christoph Lameter, and Dave Collier-Brown
Vixie-Cron, © 1988,1990,1993,1994 by Paul Vixie. All rights reserved.
Zile, © 1997-2001 Sandro Sigalam © 2003 Reuben Thomas. All rights reserved.
For detailed copyright and license agreements, see the HP StorageWorks Enterprise File Services WAN Accelerator
Installation and Configuration Guide. For modified source code (where required), see the HP technical support site at .
Certain libraries were used in the development of this software, licensed under GNU Lesser General Public License,
Version 2.1, February 1999. For the copyright and license agreement, see the HP StorageWorks Enterprise File
Services WAN Accelerator Installation and Configuration Guide. For a list of libraries and source material (where required), see the HP technical support site at
http://www.hp.com.
Enterprise File Services WAN Accelerator 2.1.5 deployment guide
Contents
About This Guide.................................................................................. 1
Types of Users ................................................................................ 1
Organization of This Guide ............................................................ 2
Document Conventions .................................................................. 3
Hardware and Software Dependencies ................................................. 4
Ethernet Network Compatibility........................................................... 4
Antivirus Compatibility ........................................................................ 4
Additional Resources ............................................................................ 5
Related HP Documentation ............................................................ 6
Online Documentation.................................................................... 6
Related Reading.............................................................................. 6
Technical Support ........................................................................... 7
HP Storage Web Site............................................................................. 7
Chapter 1 Designing an HP EFS WAN Accelerator Deployment ............... 9
Introduction to the HP EFS WAN Accelerator ..................................... 9
Transaction Acceleration .............................................................. 10
Scalable Data Referencing ........................................................... 10
Virtual Window Expansion .......................................................... 10
Transaction Prediction .................................................................. 11
Design and Deployment Overview ..................................................... 11
Definition of Terms............................................................................. 13
Chapter 2 In-Path Deployments ................................................................. 17
Introduction to Physical In-Path Deployments ................................... 18
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE III
IV
In-Path, Failover Support Deployment ............................................... 18
Basic Steps (Client-Side).............................................................. 18
Basic Steps (Server-Side) ............................................................. 20
In-Path, Two Routing Points Deployment .......................................... 20
Basic Steps (Client-Side).............................................................. 21
Basic Steps (Server-Side) ............................................................. 21
In-Path, Server-Side Deployment ....................................................... 21
Basic Steps (Client-Side).............................................................. 22
Basic Steps (Server-Side) ............................................................. 22
In-Path, Server-Side, One to One Deployment................................... 22
Basic Steps (Client-Side).............................................................. 23
Basic Steps (Server-Side) ............................................................. 23
Chapter 3 Virtual In-Path Network Deployments ...................................... 25
Introduction to Virtual In-Path Deployments ..................................... 25
In-Path, Load Balanced, Layer-4 Switch ............................................ 26
Basic Steps (Client-Side).............................................................. 27
Basic Steps (Server-Side) ............................................................. 27
Chapter 4 Out-of-Path Network Deployments ........................................... 29
Introduction to Out-of-Path Deployments .......................................... 29
Out-of-Path, Failover Deployment ..................................................... 30
Basic Steps (Client-Side).............................................................. 31
Basic Steps (Server-Side) ............................................................. 33
Out-of-Path, Static Cluster Deployment ............................................. 33
Basic Steps (Client-Side).............................................................. 33
Basic Steps (Server-Side) ............................................................. 35
Hybrid: In-Path and Out-of-Path Deployment.................................... 35
Basic Steps (Client-Side).............................................................. 35
Basic Steps (Server-Side) ............................................................. 37
Chapter 5 Configuring Connection Forwarding ....................................... 39
Introduction to Connection Forwarding.............................................. 39
Neighbors in Connection Forwarding .......................................... 40
Load-Balancing ............................................................................ 40
One-to-One Failover Deployment ...................................................... 41
Configuring Connection Forwarding .................................................. 41
(Client-Side) ................................................................................. 42
(Server-Side)................................................................................. 42
Configuring Connection Forwarding Using the CLI.................... 44
C ONTENTS
Chapter 6 Policy-Based Routing Deployments ........................................ 45
Introduction to PBR ............................................................................ 46
Overview of CDP................................................................................ 46
How PBR works on a Cisco 6500 Platform,
Version 12.2(17d) SXB1..................................................................... 47
Connecting the HP EFS WAN Accelerator to Your Network
in PBR Deployments.......................................................................... 48
Asymmetric HP EFS WAN Accelerator
Deployments With PBR...................................................................... 49
Configuring PBR Using the CLI .................................................. 49
Configuring PBR Using the Management Console ..................... 51
Client-Side HP EFS WAN Accelerator
Attached to a Router through a Switch ............................................... 54
Basic Steps (Client-Side).............................................................. 54
Basic Steps (Server-Side) ............................................................. 54
Client-Side HP EFS WAN Accelerator
Attached to an Inside Router............................................................... 55
Basic Steps (Client-Side).............................................................. 55
Basic Steps (Server-Side) ............................................................. 55
PBR Between VLANs ........................................................................ 55
Symmetric HP EFS WAN Accelerator
Deployments With PBR and Autodiscovery ...................................... 57
Symmetric Deployments with PBR, Autodiscovery, and CDP .......... 60
Chapter 7 WCCP Deployments ................................................................... 63
Introduction to WCCP ........................................................................ 64
Basic Steps.................................................................................... 65
WCCP CLI Commands ................................................................ 66
Connecting the HP EFS WAN Accelerator to Your Network
in WCCP Deployments...................................................................... 67
A Basic WCCP Configuration ............................................................ 68
Connecting the HP EFS WAN Accelerator .................................. 68
Configuring the WCCP Router or Multi-Layer Switch ............... 68
Configuring the Client-Side HP EFS WAN Accelerator.............. 69
Configuring WCCP Using the Management Console ........................ 70
Basic Steps (Client-Side).............................................................. 70
Basic Steps (Server-Side) ............................................................. 75
Dual WCCP Deployment.................................................................... 76
Additional WCCP Features................................................................. 79
Security......................................................................................... 79
Multicast ....................................................................................... 80
TCP Port Redirection ................................................................... 80
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE V
VI
Specific Traffic Redirection ......................................................... 81
Load Balancing............................................................................. 81
Failover Support ........................................................................... 81
Chapter 8 Proxy File Service Deployments ............................................... 83
Introduction to PFS ............................................................................. 83
PFS Operating Modes .................................................................. 85
How Does PFS Work? ........................................................................ 86
When to Use PFS ......................................................................... 87
When to use Global Mode............................................................ 88
Configuration Checklist for PFS ................................................. 88
Configuring PFS Using the Management Console............................. 89
Chapter 9 RADIUS and TACACS+ Authentication .................................... 97
Introduction to Authentication ............................................................ 97
Configuring a RADIUS Server with FreeRADIUS............................ 98
Configuring RADIUS Authentication ........................................ 101
Basic Steps.................................................................................. 102
Configuring TACACS+ Authentication ..................................... 103
Basic Steps.................................................................................. 104
Chapter 10 Serial Cluster and Cascade Deployments ............................. 107
Serial Cluster Deployment................................................................ 107
A Basic Serial Cluster Deployment............................................ 109
Cascade Deployment ........................................................................ 111
Peering Rules.............................................................................. 111
Fixed-Target Rules ..................................................................... 112
C ONTENTS
Introduction
In This
Introduction
Welcome to the HP StorageWorks Enterprise File Services WAN Accelerator
Deployment Guide. Read this introduction for an overview of the information provided in this guide and for an understanding of the documentation conventions used throughout. This introduction contains the following sections:
‹
next
‹
“Hardware and Software Dependencies” on page 4
‹
“Ethernet Network Compatibility” on page 4
‹
“Antivirus Compatibility” on page 4
‹
“Additional Resources” on page 5
‹
About This Guide
The HP StorageWorks Enterprise File Services WAN Accelerator Deployment Guide describes how to configure the HP StorageWorks Enterprise File Services WAN
Accelerator (HP EFS WAN Accelerator) in complex in-path and out-of-path deployments such as failover, multiple routing points, static clusters, connection forwarding, Web Cache Communication Protocol (WCCP), Layer -4 and Policy-Based
Routing (PBR), and Proxy File Service (PFS).
Types of Users
This guide is written for storage and network administrators with familiarity administering and managing networks using Common Internet File System (CIFS),
Hypertext Transport Protocol (HTTP), File Transfer Protocol (FTP), and Microsoft
Exchange.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 1
Organization of
This Guide
The HP StorageWorks Enterprise File Services WAN Accelerator Deployment Guide includes the following chapters:
‹
Chapter 1, “Designing an HP EFS WAN Accelerator Deployment,” describes the
HP EFS WAN Accelerator and provides an overview of how it works. It also describes how to design and deploy the HP EFS WAN Accelerator in your network.
‹
Chapter 2, “In-Path Deployments,”
describes physical in-path deployments.
‹
Chapter 3, “Virtual In-Path Network Deployments,” describes virtual in-path
deployments.
‹
Chapter 4, “Out-of-Path Network Deployments,” describes out-of-path
deployments.
‹
Chapter 5, “Configuring Connection Forwarding,”
describes how to configure the
HP EFS WAN Accelerator to forward connections in asymmetric networks.
‹
Chapter 6, “Policy-Based Routing Deployments,”
describes how to configure the
HP EFS WAN Accelerator for deployments using PBR, Cisco Discovery Protocol
(CDP), and autodiscovery.
‹
Chapter 7, “WCCP Deployments,”
describes how to configure the HP EFS WAN
Accelerator and routers for WCCP.
‹
Chapter 8, “Proxy File Service Deployments,”
describes how to configure the HP
EFS WAN Accelerator to perform PFS.
‹
Chapter 9, “RADIUS and TACACS+ Authentication,”
how to configure Remote
Authentication Dial-In User Service (RADIUS) or Terminal Access Controller
Access Control System (TACACS+) authentication for the HP EFS WAN
Accelerator.
‹
Chapter 10, “Serial Cluster and Cascade Deployments,” describes how to
configure the HP EFS WAN Accelerator in serial and cascade clusters to increase optimization.
A glossary of terms follows the chapters, and a comprehensive index directs you to areas of particular interest.
2 I NTRODUCTION
Document
Conventions
This manual uses the following standard set of typographical conventions to introduce new terms, illustrate screen displays, describe command syntax, and so forth.
|
Convention italics boldface
Courier
KEYSTROKE
< >
[ ]
{ }
Meaning
Within text, new terms and emphasized words appear in italic typeface.
Within text, commands, keywords, identifiers (names of classes, objects, constants, events, functions, program variables), environment variables, filenames, Graphical User Interface (GUI) controls, and other similar terms appear in bold typeface.
Information displayed on your terminal screen and information that you are instructed to enter appear in Courier font.
Keys that you are to press appear in uppercase letters in Helvetica font.
Within syntax descriptions, values that you specify appear in angle brackets. For example: interface <ipaddress>
Within syntax descriptions, optional keywords or variables appear in brackets. For example: ntp peer <addr> [version <number>]
Within syntax descriptions, required keywords or variables appear in braces. For example:
{delete <filename> | upload <filename> }
Within syntax descriptions, the pipe symbol represents a choice to select one keyword or variable to the left or right of the symbol.
(The keyword or variable can be either optional or required.) For example:
{delete <filename> | upload <filename> }
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 3
4
Hardware and Software Dependencies
The following table summarizes the hardware and software requirements for the HP
EFS WAN Accelerator.
HP Component
HP EFS WAN Accelerator
HP EFS WAN Accelerator
Management Console, EFS WAN
Accelerator Manager
Hardware and Software Requirements
• 19 inch (483 mm) two or four-post rack.
• Any computer that supports a Web browser with a color image display.
• The Management Console has been tested with
Firefox, version 1.0.x and 1.5.x and Microsoft
Internet Explorer, version 6.0x.
NOTE: Javascript and cookies must be enabled in your Web browser.
Ethernet Network Compatibility
The HP EFS WAN Accelerator supports the following types of Ethernet networks:
‹ Ethernet Logical Link Control (LLC) (IEEE 802.2 - 2002)
‹ Fast Ethernet 100 Base-TX (IEEE 802.3 - 2002)
‹ Gigabit Ethernet over Copper 1000 Base-T and Fiber 1000 Base-SX (LC connector) (IEEE 802.3 - 2002)
The Primary port in the HP EFS WAN Accelerator is 10 Base-T/100, Base-TX/1000, and Base-T/SX Mbps (IEEE 802.3 -2002).
In-path HP EFS WAN Accelerator ports are 10/100/1000 Base-TX or Gigabit Ethernet
1000Base-T/SX (IEEE 802.3 – 2002) (depending on your order).
The HP EFS WAN Accelerator supports Virtual Local Area Network (VLAN) Tagging
(IEEE 802.1Q - 2003). It does not support the Cisco InterSwitch Link (ISL) protocol.
All copper interfaces are auto-sensing for speed and duplex (IEEE 802.3 - 2002).
The HP EFS WAN Accelerator auto-negotiates speed and duplex mode for all data rates and supports full duplex mode and flow control (IEEE 802.3 – 2002).
The HP EFS WAN Accelerator with a Gigabit Ethernet card supports Jumbo Frames on in-path and primary ports.
Antivirus Compatibility
The HP EFS WAN Accelerator has been tested with the following antivirus software with no impact on performance:
I NTRODUCTION
‹ Network Associates (McAfee) VirusScan 7.0.0 Enterprise on the server
‹ Network Associates (McAfee) VirusScan 7.1.0 Enterprise on the server
‹ Network Associates (McAfee) VirusScan 7.1.0 Enterprise on the client
‹ Symantec (Norton) AntiVirus Corporate Edition 8.1 on the server
The HP EFS WAN Accelerator has been tested with the following antivirus software with a noticeable to moderate impact on performance:
‹ F-Secure Anti-Virus 5.43 on the client
‹ F-Secure Anti-Virus 5.5 on the server
‹ Network Associates (McAfee) NetShield 4.5 on the server
‹ Network Associates VirusScan 4.5 for multi-platforms on the client
‹ Symantec (Norton) AntiVirus Corporate Edition 8.1 on the client
Additional Resources
‹ This section describes resources that supplement the information in this guide. It contains the following sections:
‹
“Related HP Documentation” on page 6
‹
“Online Documentation” on page 6
‹
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 5
Related HP
Documentation
You can access the complete document set for the HP EFS WAN Accelerator from the
HP StorageWorks EFS WAN Accelerator Documentation Set CD-ROM:
‹ HP StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide describes how to install and configure the HP EFS WAN
Accelerator.
‹ HP Enterprise File Services WAN Accelerator Management Console User Guide describes how to manage and administer an HP EFS WAN Accelerator using the
Management Console.
‹ HP StorageWorks Enterprise File Services WAN Accelerator Command-Line
Interface Reference Manual is a reference manual for the HP EFS WAN
Accelerator command-line interface. It lists commands, syntax, parameters, and example usage.
‹ HP StorageWorks Enterprise File Services WAN Accelerator Manager User’s
Guide describes how to install, configure, and administer a network made up of multiple HP EFS WAN Accelerators using the EFS WAN Accelerator Manager.
‹ HP Enterprise File Services Remote Copy Utility Reference Manual describes how to install and deploy the HP EFS Remote Copy Utility (HP EFS RCU). The
HP EFS RCU is an optional utility of the HP EFS WAN Accelerator that copies, mirrors, and transparently prepopulates data. You can download the HP EFS RCU from the HP support site located at http://www.hp.com
.
‹ HP StorageWorks Enterprise File Services WAN Accelerator Bypass NIC
Installation Guide describes how to install bypass cards in the HP EFS WAN
Accelerator.
Online
Documentation
The HP EFS WAN Accelerator documentation set is periodically updated with new information. To access the most current version of the HP EFS WAN Accelerator documentation and other technical information, go to http://www.hp.com/support/ manuals .
Related
Reading
To learn more about network administration, consult the following books:
‹ Microsoft Windows 2000 Server Administrator’s Companion by Charlie Russell and Sharon Crawford (Microsoft Press, 2000)
‹ Common Internet File System (CIFS) Technical Reference by the Storage
Networking Industry Association (Storage Networking Industry Association,
2002)
‹ TCP/IP Illustrated, Volume I, The Protocols by W. R. Stevens (Addison-Wesley,
1994)
‹ Internet Routing Architectures (2nd Edition) by Bassam Halabi (Cisco Press,
2000)
6 I NTRODUCTION
Technical
Support
Contacting HP
This section describes how to contact HP.
Telephone numbers for worldwide technical support are listed on the following HP web site: http://www.hp.com/support . From this web site, select the country of origin. For example, the North American technical support number is 800-633-3600.
NOTE: For continuous quality improvement, calls may be recorded or monitored.
Be sure to have the following information available before calling:
‹ Technical support registration number (if applicable)
‹ Product serial numbers
‹ Product model names and numbers
‹ Applicable error messages
‹ Operating system type and revision level
‹ Detailed, specific questions
HP Storage Web Site
The HP web site has the latest information on this product, as well as the latest drivers.
Access the storage site at: http://www.hp.com/country/us/eng/prodserv/storage.html
. From this web site, select the appropriate product or solution.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 7
8 I NTRODUCTION
CHAPTER 1
Designing an HP EFS WAN
Accelerator Deployment
In This Chapter This chapter describes how the HP EFS WAN Accelerator works and how to design an
HP EFS WAN Accelerator deployment. This chapter includes the following sections:
‹
“Introduction to the HP EFS WAN Accelerator”
next
‹
“Design and Deployment Overview” on page 11
‹
“Definition of Terms” on page 13
‹
‹
Introduction to the HP EFS WAN Accelerator
The causes for slow throughput in Wide Area Networks (WANs) are well known: high delay (round-trip time or latency), limited bandwidth, and chatty application protocols.
Virtually all large enterprises spend a significant portion of their information technology budgets on storage and networks, much of it spent to compensate for slow throughput by deploying redundant servers and storage, and the required backup equipment. HP EFS WAN Accelerators enable you to consolidate and centralize key
IT resources to save money, reduce capital expenditures, simplify key business processes, and improve productivity.
The HP EFS WAN Accelerator not only addresses the bandwidth problem and application protocol chattiness but the latency problem as well. The HP EFS WAN
Accelerator uses Transaction Acceleration (TA) to optimize throughput and save bandwidth on WANs.
HP EFS WAN Accelerators intercept client-server connections without interfering with normal client-server interactions, file semantics, or protocols. All client requests are passed through to the server normally, while relevant traffic is optimized to improve performance. HP EFS WAN Accelerators can be easily introduced into an enterprise environment without requiring any significant changes to the network or architecture.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 9
Transaction
Acceleration
Transaction Acceleration (TA) is composed of the following optimization mechanisms:
‹ A connection bandwidth-reducing mechanism called Scalable Data Referencing
(SDR).
‹ A Virtual TCP Window Expansion (VWE) mechanism that repacks TCP payloads with references that represent arbitrary amounts of data.
‹ A latency reduction and avoidance mechanism called Transaction Prediction
(TP).
SDR and TP can work independently or in conjunction with one another depending on the characteristics and workload of the data sent across the network. The results of the optimization vary, but typically result in throughput improvements in the range of 10 to 100 times over unaccelerated links.
Scalable Data
Referencing
How Does SDR
Work?
Bandwidth optimization is delivered through Scalable Data Referencing (SDR). SDR uses a proprietary algorithm to break up Transmission Control Protocol (TCP) data streams into data chunks that are stored in the hard disk (data store) of the HP EFS
WAN Accelerator. Each data chunk is assigned a unique integer label (reference) before it is sent to the peer HP EFS WAN Accelerator across the WAN. If the same byte sequence is seen again in the TCP data stream, then the reference is sent across the WAN instead of the raw data chunk. The peer HP EFS WAN Accelerator uses this reference to reconstruct the original data chunk and the TCP data stream. Data and references are maintained in persistent storage in the data store within each HP EFS
WAN Accelerator. There are no consistency issues even in the presence of replicated data.
When data is sent for the first time across a network (no commonality with any file ever sent before), all data and references are new and are sent to the HP EFS WAN
Accelerator on the far side of the network. This new data and the accompanying references are compressed using conventional algorithms, when and if, it improves performance.
When data is changed, new data and references are created. Thereafter, whenever new requests are sent across the network, the references created are compared with those that already exist in the local data store. Any data that a the HP EFS WAN Accelerator determines already exists on the far side of the network are not sent—only the references are sent across the network.
As files are copied, edited, renamed, and otherwise changed or moved, the HP EFS
WAN Accelerator continually builds out the data store to include more and more data and references. References can be shared by different files and by files in different applications if the underlying bits are common to both.
Virtual Window
Expansion
Virtual TCP Window Expansion (VWE) allows HP EFS WAN Accelerators to repack
TCP payloads with references that represent arbitrary amounts of data. This is possible because unlike other compression products, HP EFS WAN Accelerators operate at the application layer and terminate TCP, which gives them more flexibility in the way they optimize WAN traffic.
10 1 - D ESIGNING AN HP EFS WAN A CCELERATOR D EPLOYMENT
Transaction
Prediction
Essentially, the TCP payload is increased from its normal 64 kilobytes to an arbitrarily large amount. Because of this increased payload, a given application that relies on TCP performance (for example, Hypertext Transfer Protocol or File Transfer Protocol) takes fewer trips across the WAN to accomplish the same task. When HP EFS WAN
Accelerators are deployed in a network, many applications run 10 to 100 times faster.
Latency optimization is delivered through Transaction Prediction (TP). TP involves an intimate understanding of protocol semantics to reduce the chattiness that would normally occur over the WAN. By acting on foreknowledge of specific protocol request-response mechanisms, HP EFS WAN Accelerators streamline the delivery of data that would normally be delivered in small increments through large numbers of handshakes and interactions between the client and server over the WAN. As transactions are executed between the client and server, the HP EFS WAN
Accelerators intercept each transaction, compare it to the database of past transactions. and make decisions about the probability of future events.
Based on this model, if an HP EFS WAN Accelerator determines there is a high likelihood of a future transaction occurring, it performs that transaction rather than waiting for the response from the server to propagate back to the client and then back to the server. Dramatic performance improvements result from the time saved by not waiting for each serial transaction to arrive prior to making the next request. Instead, the transactions are pipe-lined one right after the other.
Of course, transactions are only executed by HP EFS WAN Accelerators ahead of the client when it is safe to do so. To ensure data integrity, HP EFS WAN Accelerators are designed with knowledge of the underlying protocols (for example, Common Internet
File System (CIFS) oplocks) to know precisely when, and if, it is safe to do so.
Fortunately, a wide range of common applications have very predictable behaviors and, consequently, TP can enhance WAN performance significantly. When combined with SDR, TP improves overall WAN performance up to 100 times.
Design and Deployment Overview
The following section summarizes the factors you need to consider before deploying the HP EFS WAN Accelerator in your network.
When you deploy the HP EFS WAN Accelerator, you must consider the following elements for both the client and server-side of your network.
1. Determine what kind of site you have:
‹ User Locations. A branch office that has users but no servers accessed by the other sites. Typically, a user location is a branch office at a remote site that accesses data from a headquarters or data center.
‹ Server Locations. A central server location that remote offices access data from. Typically, a server location is a data center serving branch offices or regional offices that access data that is centrally located.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 11
12
‹ Users and Servers. A site that has users and servers that are accessed remotely. Typically, users and servers are in a regional office with branch offices at remote sites that accesses data from remote sites and a data center.
2. Determine what kind of WAN routing infrastructure you have. For example, do you have one or two WAN routers?
3. How much bandwidth do you use? If you use large amounts of bandwidth, you need to consider deploying multiple HP EFS WAN Accelerators using a Layer-4 switch, Web Cache Communication Protocol (WCCP), or deploying HP EFS
WAN Accelerators in a static cluster.
4. Choose a network template:
‹ Physical In-Path. In a physical in-path deployment the HP EFS WAN
Accelerator is physically in the direct path between clients and servers. The clients and servers continue to see client and server Internet Protocol (IP) addresses. Physical in-path configurations are suitable for any location where the total bandwidth is within the limits of the installed HP EFS WAN
Accelerator. For detailed information, see
Chapter 2, “In-Path Deployments.”
‹ Virtual In-Path. In a virtual in-path deployment the HP EFS WAN
Accelerator is virtually in the path between clients and servers. In a virtual inpath deployment, clients and servers continue to see client and server IP addresses. This deployment differs from a physical in-path deployment in that a packet redirection mechanism is used to direct packets to HP EFS WAN
Accelerators that are not in the physical path of the client or server. Redirection mechanisms include Layer-4 switches, Web Cache Communication Protocol
(WCCP), and Policy-Based Routing (PBR). For detailed information, see
Chapter 3, “Virtual In-Path Network Deployments.”
‹ Out-of-Path. In an out-of-path deployment the HP EFS WAN Accelerator is not in the direct path between the client and the server. In an out-of-path deployment, the HP EFS WAN Accelerator acts as a proxy. An out-of-path configuration is suitable for data center locations where physical in-path or virtual in-path configurations are not possible. For detailed information, see
Chapter 4, “Out-of-Path Network Deployments.”
5. Determine how many HP EFS WAN Accelerators you need for your site:
‹ One HP EFS WAN Accelerator is typically deployed in network environments with small to moderate bandwidth requirements.
‹ Two HP EFS WAN Accelerators are deployed for redundancy in network environments where network outages cannot be tolerated.
‹ Two HP EFS WAN Accelerators are deployed in network environments with multiple WAN links.
‹ Multiple HP EFS WAN Accelerators are deployed in cluster configurations.
6. Do you have a firewall?
1 - D ESIGNING AN HP EFS WAN A CCELERATOR D EPLOYMENT
Definition of Terms
The following terms are used to describe features, attributes, and processes in the HP
EFS WAN Accelerator:
‹ Optimization. The process of increasing data throughput and network performance over the WAN using the HP EFS WAN Accelerator. An optimized connection exhibits bandwidth reduction as it traverses the WAN.
‹ Scalable Data Referencing (SDR). The proprietary algorithms that allow an arbitrarily large amount of data to be represented by a small number of references to the HP EFS WAN Accelerator data store. As data flows through the HP EFS
WAN Accelerator, all TCP traffic is mapped onto references to data that is stored on either side of the link. This technology increases WAN network performance and decreases consumed bandwidth.
‹ Auto-discovery. Auto-discovery is the process by which the HP EFS WAN
Accelerator automatically intercepts and optimizes traffic on all Internet Protocol
(IP) addresses and ports. By default, auto-discovery is applied to all IP addresses and the ports which are not secure or interactive.
‹ Fixed-Target. Fixed target rules directly specify out-of-path HP EFS WAN
Accelerators near the target server that you want to optimize. You determine which servers you would like the HP EFS WAN Accelerator to optimize (and, optionally, which ports), and add fixed-target rules to specify the network of servers, ports, and out-of-path HP EFS WAN Accelerators to use.
‹ Pass-Through. Pass-through describes WAN traffic that traverses the network unoptimized. You define pass-through rules to exclude subnets from optimization. Traffic is also passed through when the HP EFS WAN Accelerator is in bypass mode. Pass-through might be due to in-path rules or because the connection was established before the HP EFS WAN Accelerator was put in place or before the HP EFS WAN Accelerator service was enabled.
‹ Bypass. The HP EFS WAN Accelerator is equipped with a bypass interface to prevent a single point of failure. If there is a serious problem with the HP EFS
WAN Accelerator or it is not powered on, it goes into bypass mode and the traffic is passed-through unoptimized.
‹ Failover. You can deploy redundant HP EFS WAN Accelerators in your network to ensure optimization continues if there is a failure in one of the HP EFS WAN
Accelerators. You can enable failover support in the Management Console or you can use the HP EFS WAN Accelerator command-line interface (CLI).
Bypass Mode
The HP EFS WAN Accelerator is equipped with one of the following types of bypass interfaces (depending on your order):
‹ HP EFS N2c WAN Accelerator 2-port NIC Card
‹ HP EFS N4c WAN Accelerator 4-port NIC Card
‹ HP EFS N2f WAN Accelerator 2-port NIC Card
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 13
14
For detailed information about bypass card status lights, see the HP StorageWorks
Enterprise File Services WAN Accelerator Bypass NIC Installation Guide.
If there is a serious problem with the HP EFS WAN Accelerator or it is not powered on, it goes into bypass mode to prevent a single point of failure. If the HP EFS WAN
Accelerator is in bypass mode, you are notified in the following ways:
‹ The Intercept/Bypass status light is active. For detailed information about the status lights for each of the bypass cards, see the HP StorageWorks Enterprise
File Services WAN Accelerator Bypass NIC Installation Guide.
‹ Critical is displayed in the status bar of the Management Console.
‹ Simple Network Management Protocol (SNMP) traps are sent (if you have set this option).
‹ The event is logged to system logs (syslog) (if you have set this option).
‹ Email notifications are sent (if you have set this option).
In an HP EFS WAN Accelerator in-path configuration, in the case of a failure, the appliance automatically switches to bypass mode. Traffic that was passed-through is uninterrupted. Traffic that was optimized might be interrupted, depending on the behavior of the application-layer protocols. When connections are restored, they succeed, although without optimization.
When the fault is corrected, new connections that are made receive optimization: however, connections made during the fault are not. To force all connections to be optimized, enable the kickoff feature. Generally, connections are short lived and kickoff is not necessary. For detailed information about enabling the kickoff feature, see the HP Enterprise File Services WAN Accelerator Management Console User
Guide.
TIP: You can close old connections in the Reports: Current Connections page of the
Management Console. For detailed information, see the HP Enterprise File Services WAN
Accelerator Management Console User Guide.
In an out-of-path deployment, if the HP EFS WAN Accelerator fails, the first connection from the client fails. After detecting that the HP EFS WAN Accelerator is down, an HP EFS WAN Accelerator-ping channel is setup from the client-side HP
EFS WAN Accelerator to the server-side HP EFS WAN Accelerator. Subsequent connections are passed through unoptimized. When the HP EFS WAN Accelerator-
ping succeeds, processing is restored and subsequent connections are intercepted and optimized. For detailed information about the HP EFS WAN Accelerator-ping command, see the HP StorageWorks Enterprise File Services WAN Accelerator
Command-Line Interface Reference Manual.
Failover Mode
You can deploy redundant HP EFS WAN Accelerators in your network to ensure optimization continues if there is a failure in one of the HP EFS WAN Accelerators. If the HP EFS WAN Accelerator is in failover mode:
1 - D ESIGNING AN HP EFS WAN A CCELERATOR D EPLOYMENT
‹ optimization is lost on the current connections on the master HP EFS WAN
Accelerator.
‹ the backup HP EFS WAN Accelerator takes over and all new connections are optimized.
‹ when the master HP EFS WAN Accelerator comes back up, the backup HP EFS
WAN Accelerator stops optimizing connections.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 15
16 1 - D ESIGNING AN HP EFS WAN A CCELERATOR D EPLOYMENT
CHAPTER 2
In-Path Deployments
In This Chapter This chapter describes physical in-path network deployments and summarizes the basic steps for configuring them. This chapter includes the following sections:
‹
“Introduction to Physical In-Path Deployments,” next
‹
“In-Path, Failover Support Deployment” on page 18
‹
“In-Path, Two Routing Points Deployment” on page 20
‹
“In-Path, Server-Side Deployment” on page 21
‹
“In-Path, Server-Side, One to One Deployment” on page 22
This chapter assumes that you are familiar with the HP EFS WAN Accelerator
Management Console (Management Console). For detailed information about the
Management Console and how to use it, see the HP Enterprise File Services WAN
Accelerator Management Console User Guide.
This chapter also assumes that you are familiar with the installation and configuration process for the HP EFS WAN Accelerator. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
This chapter provides the basic steps for physical in-path network deployments. It does not provide detailed procedures. Use this chapter as a general guide for these deployments. If you need additional assistance, contact HP technical support at http:/
/www.hp.com.
For detailed information about the factors you must consider before you deploy the HP
EFS WAN Accelerator, see
“Design and Deployment Overview” on page 11 .
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 17
Introduction to Physical In-Path Deployments
The following section describes physical in-path network configurations where the HP
EFS WAN Accelerator is physically in the direct path between clients and servers. The clients and servers continue to see client and server Internet Protocol (IP) addresses.
Physical in-path configurations are suitable for locations where the total bandwidth is within the limits of the installed HP EFS WAN Accelerator.
Figure 2-1. Physically In-Path, Client and Server-Side Deployment
In-Path, Failover Support Deployment
An in-path, fail-over support deployment serves offices with one WAN routing point and where network disruptions are unacceptable. This deployment is cost effective, simple to manage, and continues to optimize data if there is an error in the system.
The following figure illustrates the client-side of the network where redundant HP EFS
WAN Accelerators are deployed to provide optimization of data.
Figure 2-2. In-Path, Failover Deployment
Basic Steps
(Client-Side)
18
Perform the following steps for each client-side HP EFS WAN Accelerator.
2 - I N -P ATH D EPLOYMENTS
1. Configure the HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator
Installation and Configuration Guide.
2. Connect to the Management Console. For detailed information, see the HP
Enterprise File Services WAN Accelerator Management Console User Guide.
3. Navigate to the Setup: Advanced Networking - Failover Settings page in the
Management Console.
4. Enable failover support. For example:
‹ On HP EFS WAN Accelerator A: specify HP EFS WAN Accelerator A as the
master and specify the in-path IP address of HP EFS WAN Accelerator B as the backup (other) IP address.
‹ On HP EFS WAN Accelerator B: specify HP EFS WAN Accelerator B as the
backup (other) and specify the in-path IP address of HP EFS WAN Accelerator
A as the master IP address.
Figure 2-3. Setup: Advanced Networking - Failover Settings Page
5. Enable Automated Online Datastore Synchronization. For example:
‹ Select Master or Backup from the Current Appliance is the drop-down list.
‹ Type a port number in the Synchronization Port text box. The default value is
7744.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 19
Basic Steps
(Server-Side)
‹ Type the number of seconds in the Reconnection interval text box. The default value is 30.
6. Type the backup HP EFS WAN Accelerator’s IP address in the Other Appliance’s
In-path IP Address text box.
7. Apply and save the new configuration in the Management Console.
8. Begin optimization. View performance reports and system logs in the
Management Console.
The server-side HP EFS WAN Accelerator is configured as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN
Accelerator Installation and Configuration Guide.
In-Path, Two Routing Points Deployment
An in-path, two routing point deployment serves offices with two WAN routing points and redundant HP EFS WAN Accelerators. This deployment is simple to manage, provides failover support, and load balances traffic.
For an in-path, two routing point deployment you must configure the Interior Gateway
Protocol (IGP) to prefer HP EFS WAN Accelerator links (links A, B in the figure below) over non-HP EFS WAN Accelerator links for load balancing to occur. For any given flow, under all conditions, both halves of the connection will use the same link
(A, B).
IMPORTANT: HP strongly recommends that you use an HP EFS N4c WAN Accelerator 4port NIC Card or connection forwarding for an in-path, two routing points deployment. For
detailed information about connection forwarding, see Chapter 5, “Configuring Connection
The following figure illustrates the client-side of the network where two in-path HP
EFS WAN Accelerators are configured as in-path interfaces.
20 2 - I N -P ATH D EPLOYMENTS
Figure 2-4. In-Path, Two Routing Points Deployment
Basic Steps
(Client-Side)
Basic Steps
(Server-Side)
Perform the following steps on each client-side HP EFS WAN Accelerator.
1. Configure the HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator
Installation and Configuration Guide.
2. Connect to the Management Console to verify your configuration. For detailed information, see the HP Enterprise File Services WAN Accelerator Management
Console User Guide.
3. Configure your Interior Gateway Protocol (IGP) to prefer links A and B over links
C and D.
4. Apply and save the new configuration in the Management Console.
5. Begin optimization. View performance reports and system logs in the
Management Console.
The server-side HP EFS WAN Accelerator is configured as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN
Accelerator Installation and Configuration Guide.
In-Path, Server-Side Deployment
An in-path, server-side deployment serves a single server or server subnet. This deployment is simple to manage and LAN traffic is passed-through unoptimized. It does not provide failover support if there is an error in the system.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 21
This deployment is useful in environments where most of the server-side traffic is outof-path but there are applications that originate on the server-side that require optimization (for example, backup software, software distribution suites, or other similar applications).
The following figure illustrates a server-side subnet where the HP EFS WAN
Accelerator is deployed to provide data center clients with optimized data.
Figure 2-5. In-Path, Server-Side Deployment
Basic Steps
(Client-Side)
Basic Steps
(Server-Side)
The client-side HP EFS WAN Accelerator is configured as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN
Accelerator Installation and Configuration Guide.
The server-side HP EFS WAN Accelerator is configured as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN
Accelerator Installation and Configuration Guide.
In-Path, Server-Side, One to One Deployment
An in-path, server-side, One to One deployment is appropriate for data center LANs where you want to optimize applications on a single server or server subnet. This deployment is simple to manage and LAN traffic is passed-through.
22 2 - I N -P ATH D EPLOYMENTS
The following figure illustrates the server-side of the network.
Figure 2-6. In-Path, Server-Side, One to One Deployment
Basic Steps
(Client-Side)
Basic Steps
(Server-Side)
The client-side HP EFS WAN Accelerator is configured as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN
Accelerator Installation and Configuration Guide.
Perform the following steps for each of the server-side HP EFS WAN Accelerators.
1. Configure the HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator
Installation and Configuration Guide.
2. Connect to the Management Console. For detailed information, see the HP
Enterprise File Services WAN Accelerator Management Console User Guide.
3. Navigate to the Setup: Advanced Networking - Failover Settings page in the
Management Console.
4. Enable failover support. For example:
‹ On HP EFS WAN Accelerator A, specify HP EFS WAN Accelerator A as the
master and specify the in-path IP address of HP EFS WAN Accelerator B as the backup (other) IP address.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 23
‹ On HP EFS WAN Accelerator B, specify HP EFS WAN Accelerator B as the
backup (other) and specify the in-path IP address of HP EFS WAN Accelerator
A as the master IP address.
Figure 2-7. Setup: Advanced Networking - Failover Settings Page
24
5. Under Automated Online Datastore Settings, click Enable Automated Online
Datastore Synchronization.
‹ Select Master or Backup from the Current Appliance is the drop-down list.
‹ Type a port number in the Synchronization Port text box. The default value is
7744.
‹ Type the number of seconds in the Reconnection interval text box. The default value is 30.
6. Type the backup HP EFS WAN Accelerator’s IP address in the Other Appliance’s
In-path IP Address text box.
7. Apply and save the new configuration in the Management Console.
8. Begin optimization. View performance reports and system logs in the
Management Console.
2 - I N -P ATH D EPLOYMENTS
CHAPTER 3
Virtual In-Path Network
Deployments
In This Chapter This chapter describes virtual in-path deployments and summarizes the basic steps for configuring them. This chapter includes the following sections:
‹
“Introduction to Virtual In-Path Deployments,” next
‹
“In-Path, Load Balanced, Layer-4 Switch” on page 26
This chapter assumes you are familiar with the HP EFS WAN Accelerator
Management Console (Management Console). For detailed information about the
Management Console and how to use it, see the HP Enterprise File Services WAN
Accelerator Management Console User Guide.
This chapter also assumes that you are familiar with the installation and configuration process for the HP EFS WAN Accelerator. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
This chapter provides the basic steps for virtual in-path deployments. It does not provide detailed procedures. Use this chapter as a general guide to these deployments.
If you need additional assistance, contact HP technical support located at http://
www.hp.com.
For detailed information about the factors you must consider before you design and deploy the HP EFS WAN Accelerator in a network environment, see
Deployment Overview” on page 11 .
Introduction to Virtual In-Path Deployments
In a virtual in-path deployment, the HP EFS WAN Accelerator is virtually in the path between clients and servers. In a virtual in-path deployment, clients and servers continue to see client and server IP addresses. This deployment differs from a physical in-path deployment in that a packet redirection mechanism is used to direct packets to
HP EFS WAN Accelerators that are not in the physical path of the client or server.
Redirection mechanisms include:
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 25
26
‹ Layer-4 Switch. You enable Layer 4 switch (or server load-balancers) support when you have multiple HP EFS WAN Accelerators in your network to manage large bandwidth requirements.
‹ Hybrid. A hybrid deployment is a deployment in which the HP EFS WAN
Accelerator is both in-path and out-of-path. A hybrid deployment is useful where the HP EFS WAN Accelerator must be referenced from remote sites as an out-ofpath device (for example, to avoid mistaken auto-discovery or to bypass
intermediary HP EFS WAN Accelerators). For detailed information, see Chapter
4, “Out-of-Path Network Deployments.”
‹ WCCP. WCCP was originally implemented on Cisco routers, multi-layer switches, and Web caches to redirect HTTP requests to local Web caches (Version
1). Version 2, which is implemented on HP EFS WAN Accelerators, can redirect any type of connection from multiple routers or Web caches. For example, if you have multiple routers or it there is not a virtual place for the HP EFS WAN
Accelerator, you can place the HP EFS WAN Accelerator to be virtually in-path through the router so that they work together. Typically, you configure WCCP on
the client-side HP EFS WAN Accelerator. For detailed information, see Chapter
‹ Policy-Based Routing (PBR). PBR enables you to redirect traffic to an HP EFS
WAN Accelerator that is configured as an out-of-path device. PBR allows you to define policies to route packets instead of relying on routing protocols. You define policies to redirect traffic to the HP EFS WAN Accelerator and policies to avoid loop-back. For detailed information, see
Chapter 6, “Policy-Based Routing
In-Path, Load Balanced, Layer-4 Switch
An in-path, load-balanced, Layer-4 switch deployment serves high traffic environments or environments with large numbers of active Transmission Control
Protocol (TCP) connections. It handles failures, scales easily, and supports all protocols.
When you configure the HP EFS WAN Accelerator using a Layer-4 switch, you define the HP EFS WAN Accelerators as a pool where the Layer-4 switch redirects client and server traffic.
Only one WAN interface on the HP EFS WAN Accelerator is connected to the
Layer-4 switch and the HP EFS WAN Accelerator is configured to send and receive data through that interface.
3 - V IRTUAL I N -P ATH N ETWORK D EPLOYMENTS
The following figure illustrates the server-side of the network where load balancing is required.
Figure 3-1. In-Path, Load-Balanced, Layer-4 Switch Deployment
Basic Steps
(Client-Side)
The client-side HP EFS WAN Accelerator is configured as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN
Accelerator Installation and Configuration Guide.
Basic Steps
(Server-Side)
Perform the following steps for each HP EFS WAN Accelerator in the cluster.
1. Mount and power on the HP EFS WAN Accelerator. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
2. Connect to the HP EFS WAN Accelerator. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide. Make sure you properly connect to the Layer-2 switch. For example:
‹ On HP EFS WAN Accelerator A, plug the straight-through cable into the
Primary port of the HP EFS WAN Accelerator and connect it to the LAN port of the Layer-2 switch.
‹ On HP EFS WAN Accelerator B, plug the straight-through cable into the
Primary port of the HP EFS WAN Accelerator and connect it to the LAN port of the Layer-2 switch.
3. Configure the HP EFS WAN Accelerator in an in-path configuration. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator
Installation and Configuration Guide.
4. Connect the Layer-4 switch to the HP EFS WAN Accelerator:
‹ On HP EFS WAN Accelerator A, plug the straight-through cable into the WAN port of the HP EFS WAN Accelerator and the Layer-4 switch.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 27
‹ On HP EFS WAN Accelerator B, plug the straight-through cable into the WAN port of the HP EFS WAN Accelerator and the Layer-4 switch.
5. Connect to the Management Console. For details see the HP Enterprise File
Services WAN Accelerator Management Console User Guide.
6. Navigate to the Setup: Optimization Service - General Settings page in the
Management Console.
7. Enable Layer-4 switch support. For example:
‹ Click Enable In-Path Support and Enable L4/PBR/WCCP Support on
Interface wan0_0.
Figure 3-2. Setup: Optimization Service - General Settings Page
28
8. Apply and save the new configuration in the Management Console.
9. Configure your L4 switch.
10. Restart the HP EFS WAN Accelerator in the Setup: Start/Stop Appliance page of the Management Console.
11. Begin optimization. View performance reports and system logs in the
Management Console.
3 - V IRTUAL I N -P ATH N ETWORK D EPLOYMENTS
CHAPTER 4
Out-of-Path Network
Deployments
In This Chapter This chapter describes out-of-path deployments and summarizes the basic steps for configuring them. This chapter includes the following sections:
‹
“Introduction to Out-of-Path Deployments,” next
‹
“Out-of-Path, Failover Deployment” on page 30
‹
“Out-of-Path, Static Cluster Deployment” on page 33
‹
“Hybrid: In-Path and Out-of-Path Deployment” on page 35
This chapter assumes you are familiar with the HP EFS WAN Accelerator
Management Console (Management Console). For detailed information about the
Management Console and how to use it, see the HP Enterprise File Services WAN
Accelerator Management Console User Guide.
This chapter also assumes that you are familiar with the installation and configuration process for the HP EFS WAN Accelerator. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
This chapter provides the basic steps for out-of-path network deployments. It does not provide detailed procedures. Use this chapter as a general guide to these deployments.
If you need additional assistance, contact HP technical support located at http://
www.hp.com.
For detailed information about the factors you must consider before you design and deploy the HP EFS WAN Accelerator in a network environment, see
Deployment Overview” on page 11 .
Introduction to Out-of-Path Deployments
An out-of-path deployment is a network configuration in which the HP EFS WAN
Accelerator is not in the direct physical path between the client and the server. In an out-of-path deployment, the HP EFS WAN Accelerator acts as a proxy. An out-of-path configuration is suitable for data center locations where physical in-path or virtual inpath configurations are not possible.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 29
Typically, in an out-of-path deployment, the client-side HP EFS WAN Accelerator is configured as an in-path device, and the server-side HP EFS WAN Accelerator is configured as an out-of-path device.
Figure 4-1. Physical Out-of-Path Deployment
Out-of-Path, Failover Deployment
An out-of-path, failover deployment serves networks where an in-path deployment is not an option. This deployment is cost effective, simple to manage, and provides redundancy.
In an out-of-path, failover deployment, two HP EFS WAN Accelerators are deployed.
When both HP EFS WAN Accelerators are functioning properly, the connections traverse the master appliance. If the master HP EFS WAN Accelerator fails, subsequent connections traverse the backup HP EFS WAN Accelerator.
When the master HP EFS WAN Accelerator is restored, the next connection traverses the master HP EFS WAN Accelerator. If both HP EFS WAN Accelerators fail, the connection is passed through unoptimized to the server.
30 4 - O UT OF -P ATH N ETWORK D EPLOYMENTS
The following figure illustrates the server-side of the network where two HP EFS
WAN Accelerators are deployed in an out-of-path configuration to ensure that data continues to be optimized if there is an error in the system.
Figure 4-2. Out-of-Path, Server-Side, Failover Support Deployment
Basic Steps
(Client-Side)
In an out-of-path, two HP EFS WAN Accelerator failover deployment, the client-side
HP EFS WAN Accelerator is configured as an in-path device with fixed-target rules that point to the server-side, out-of-path HP EFS WAN Accelerators.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 31
1. Configure the HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator
Installation and Configuration Guide.
2. Connect to the Management Console. For detailed information, see the HP
Enterprise File Services WAN Accelerator Management Console User Guide.
3. Navigate to the Setup: Optimization Service - In-Path Rules page in the
Management Console.
Figure 4-3. Setup: Optimization Service - In-Path Rules Page
32
4. To enable failover support for the out-of-path HP EFS WAN Accelerators, define a fixed-target rule that points to the main and backup targets. For example:
‹ Type the out-of-path, server-side HP EFS WAN Accelerator IP address and port in the Target Appliance IP and Port text boxes.
4 - O UT OF -P ATH N ETWORK D EPLOYMENTS
Basic Steps
(Server-Side)
‹ Type the backup HP EFS WAN Accelerator IP address and port in the Backup
Appliance IP and Port text boxes.
5. Save and apply the new configuration in the Management Console.
6. Begin optimization. View performance reports and system logs in the
Management Console.
The server-side HP EFS WAN Accelerators are configured as out-of-path devices. For detailed information, see the HP StorageWorks Enterprise File Services WAN
Accelerator Installation and Configuration Guide.
Out-of-Path, Static Cluster Deployment
An out-of-path, static cluster deployment is appropriate when an in-path deployment is not an option. This deployment handles failures and scales to very high traffic levels.
The following figure illustrates a deployment where two HP EFS WAN Accelerators are configured as out-of-path devices on the server-side of the network and there are static clusters with in-path HP EFS WAN Accelerators on the client-side of the network.
Figure 4-4. Static Cluster Deployment
Basic Steps
(Client-Side)
Perform the following steps for each HP EFS WAN Accelerator on the client-side of the network.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 33
1. Configure the HP EFS WAN Accelerators as in-path devices. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator
Installation and Configuration Guide.
2. Connect to the Management Console. For detailed information, see the HP
Enterprise File Services WAN Accelerator Management Console User Guide.
3. Navigate to the Setup: Optimization Service - In-Path Rules page in the
Management Console.
4. Define fixed-target rules for the set of HP EFS WAN Accelerators in each cluster of user sites. For example:
‹ In the Northern region, for all the HP EFS WAN Accelerators in the set, define
HP EFS WAN Accelerator 1 as the fixed target for servers in Subnet S.
‹ In the Southern region, for all HP EFS WAN Accelerators in the set, define HP
EFS WAN Accelerator 2 as the fixed target for servers in Subnet S.
Figure 4-5. Setup: Optimization Service - In-Path Rules, Fixed Target Page
34
5. Apply and save the new configuration in the Management Console.
6. Begin optimization. View performance reports and system logs in the
Management Console.
4 - O UT OF -P ATH N ETWORK D EPLOYMENTS
Basic Steps
(Server-Side)
For the server-side, HP EFS WAN Accelerators, follow the procedures for an out-ofpath, failover support deployment. For detailed information, see
Failover Deployment” on page 30
.
Hybrid: In-Path and Out-of-Path Deployment
A hybrid deployment serves offices with one WAN routing point and users, and where the HP EFS WAN Accelerator must be referenced from remote sites as an out-of-path device (for example, to avoid mistaken auto-discovery or to bypass intermediary HP
EFS WAN Accelerators).
The following figure illustrates the client-side of the network where the HP EFS WAN
Accelerator is configured as both an in-path and out-of-path device.
Figure 4-6. Hybrid: In-Path and Out-of-Path Deployment
Basic Steps
(Client-Side)
Perform the following steps for the HP EFS WAN Accelerator.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 35
1. Configure the HP EFS WAN Accelerator as an in-path and out-of-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN
Accelerator Installation and Configuration Guide.
2. Connect to the Management Console to verify your configuration. For detailed information, see the HP Enterprise File Services WAN Accelerator Management
Console User Guide.
3. Navigate to the Setup: Optimization Service - In-Path Rules page in the
Management Console.
Figure 4-7. Setup: Optimization Service - In-Path Rules Page
36
4. Define in-path, fixed-target rules for traffic you want to optimize. For example:
‹ Select start, end, or a rule number from the Insert Rule At drop-down list to insert a rule in the Rules list. When you specify a particular rule number, the rule is placed after the rule number you specified and before the default autodiscover rule.
‹ Type the IP address for the source subnet in the Source Subnet text box. Use the following format: 0.0.0.0/0.
4 - O UT OF -P ATH N ETWORK D EPLOYMENTS
Basic Steps
(Server-Side)
‹ Type the IP address and port for the destination subnet, in the Destination
Subnet and Port text boxes. To specify all ports, type all in the Port text box.
‹ Under Targets, type the IP address and port number for the HP EFS WAN
Accelerator that is the peer in the Target Appliance IP and Port text boxes.
The IP address must be the Primary Port IP address on the target HP EFS WAN
Accelerator. The default port is 7810.
‹ If you have a backup, out-of-path HP EFS WAN Accelerator in your system
(failover support), type the IP address and port for the backup appliance in the
Backup Appliance IP and Port text boxes. Use the following format: 0.0.0.0/
0. The default port is 7810.
5. Apply and save the new configuration in the Management Console.
6. Begin optimization. View performance reports and system logs in the
Management Console.
The server-side HP EFS WAN Accelerator is configured as an out-of-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN
Accelerator Installation and Configuration Guide.
1. Navigate to the Setup: Optimization Service - General Settings page in the
Management Console.
2. Enable out-of path support click Enable Out-of-Path Support.
Figure 4-8. Setup: Optimization Service - General Settings Page
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 37
38 4 - O UT OF -P ATH N ETWORK D EPLOYMENTS
CHAPTER 5
Configuring Connection
Forwarding
In This Chapter This chapter describes how to deploy the HP EFS WAN Accelerator in asymmetric server-side networks using connection forwarding. This chapter includes the following sections:
‹
“Introduction to Connection Forwarding,”
next
‹
“One-to-One Failover Deployment” on page 41
‹
“Configuring Connection Forwarding” on page 41
This chapter assumes you are familiar with the HP EFS WAN Accelerator
Management Console (Management Console). For detailed information about the
Management Console and how to use it, see the HP Enterprise File Services WAN
Accelerator Management Console User Guide.
This chapter also assumes that you are familiar with the installation and configuration process for the HP EFS WAN Accelerator. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
Introduction to Connection Forwarding
In asymmetric networks, a client request traverses a different network path than the server response. Although the packets traverse different paths, to optimize a connection, packets traveling in both directions must pass through the same client-side and server-side HP EFS WAN Accelerator.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 39
If you have one path (through HP EFS WAN Accelerator-2) from the client to the server and a different path (through HP EFS WAN Accelerator-3) from the server to the client, you need to enable in-path connection forwarding and configure the HP EFS
WAN Accelerators to communicate with each other. These HP EFS WAN Accelerators are called neighbors and exchange connection information to redirect packets to each other.
Figure 5-1. Connection Forwarding in an Asymmetric Network
Neighbors in
Connection
Forwarding
packets from the Client to the Server go through HP EFS
WAN Accelerator-2 while packets from the server to the Client go through HP EFS
WAN Accelerator-3. The connection is intercepted by HP EFS WAN Accelerator-1 and HP EFS WAN Accelerator-2 because the first Transmission Control Protocol
(TCP) packet went through HP EFS WAN Accelerator-2.
Because HP EFS WAN Accelerator-3 sees the packets but HP EFS WAN Accelerator-
2 has the relevant information to optimize them, HP EFS WAN Accelerator-3 redirects the packets from the Server to the Client back to HP EFS WAN Accelerator-2 so that the connection can be intercepted and optimized correctly by HP EFS WAN
Accelerator-2.
Neighbors can be placed in the same physical site or in different sites but the latency between them should be small because the packets travelling between them are not optimized.
TIP: If the neighbors are placed on the same physical site, consider installing and configuring an HP EFS WAN Accelerator with multiple pairs of ports (for example, HP EFS N4c WAN
Accelerator 4-port NIC Card) and connecting the multiple links to intercept all packets coming back from the server without performing connection forwarding.
Load-Balancing
Connection forwarding can also be used in networks where there is packet loadbalancing on the server-side, because it does not matter which path the packets take when they come back from the server. Connection forwarding cannot perform packet load-balancing on the client-side (that is, there is no redirection on the client-side).
40 5 - C ONFIGURING C ONNECTION F ORWARDING
If there are more than two possible paths, additional HP EFS WAN Accelerators must be installed on each path and configured as neighbors. Neighbors receive information in parallel (the delay introduced at connection set up is equal to the time it takes to get an acknowledgement from the furthest neighbor).
If one of the neighbor HP EFS WAN Accelerators reaches its optimization capacity limit, that HP EFS WAN Accelerator will not accept new connections, but it redirects packets to other neighbors for optimization.
One-to-One Failover Deployment
To ensure optimization in the event of a failure, a backup HP EFS WAN Accelerator can be added to each neighbor HP EFS WAN Accelerator in a one-to-one failover configuration.
there are two HP EFS WAN Accelerators on each path that are configured in a one-to-one failover mode. Each HP EFS WAN Accelerator must be a neighbor of the master and backup HP EFS WAN Accelerators on the other paths.
Figure 5-2. One-to-One Failover Deployment
HP EFS WAN Accelerator-2 and HP EFS WAN Accelerator-2B are configured as neighbors of HP EFS WAN Accelerator-1 which exchanges connection information with both of them so that if either HP EFS WAN Accelerator-2 or HP EFS WAN
Accelerator-2B fails, the other redirects packets to HP EFS WAN Accelerator-1.
, packets from the server are redirected by HP EFS WAN Accelerator-2B unless it fails in which case they are redirected by HP EFS WAN Accelerator-2.
As long as one of the two failover HP EFS WAN Accelerators on each path is up, connections are intercepted. If the two HP EFS WAN Accelerators on the same path fail, connections stop being intercepted and optimized.
Configuring Connection Forwarding
The following section describes the basic steps for configuring connection forwarding.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 41
Configuring
Connection
Forwarding
Using the
Management
Console
You can configure connection forwarding using the Management Console or the HP
EFS WAN Accelerator command-line interface (CLI).
The following section describes the basic steps for enabling and configuring connection forwarding using the Management Console.
The following figure illustrates a network deployment in which the packets from the client to the server go through HP EFS WAN Accelerator-2 while packets from the server to the client go through HP EFS WAN Accelerator-3. From HP EFS WAN
Accelerator-3 the packets are sent to HP EFS WAN Accelerator-2, through the virtual path.
Figure 5-3. Connection Forwarding in an Asymmetric Network
Basic Steps
(Client-Side)
Basic Steps
(Server-Side)
IMPORTANT: When you define a neighbor, you must specify the HP EFS WAN Accelerator in-path IP address, not the primary IP address.
Perform the following step on each of the client-side HP EFS WAN Accelerators.
• The client-side HP EFS WAN Accelerator is configured as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN
Accelerator Installation and Configuration Guide.
Perform the following steps on each of the server-side HP EFS WAN Accelerators.
42 5 - C ONFIGURING C ONNECTION F ORWARDING
1. Configure the server-side HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN
Accelerator Installation and Configuration Guide.
2. Connect to the Management Console. For detailed information, see the HP
Enterprise File Services WAN Accelerator Management Console User Guide.
3. Navigate to the Setup: Advanced Networking - Connection Forwarding page in the
Management Console.
4. Configure each of the neighbors by specifying the in-path IP address for the neighbor HP EFS WAN Accelerator.
Figure 5-4. Setup: Advanced Networking - Connection Forwarding Page
‹ Under Add New Entry, type the in-path IP address for the neighbor HP EFS
WAN Accelerator in the Neighbor IP text box.
‹ Type the neighbor port in the Neighbor port text box. The default port is 7850.
‹ Click Add Peer to add the neighbor appliance to your running configuration.
‹ Under Global Settings, click Enable Connection Forwarding.
‹ Optionally, you can configure global keep-alive intervals and count for the neighbor HP EFS WAN Accelerators.
‹ Click Update Settings.
5. Save the new configuration in the Setup: Configuration Manager page.
6. Restart the HP EFS WAN Accelerator service in the Setup: Start/Stop Services page.
7. Begin optimization. View performance reports and system logs in the
Management Console.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 43
Configuring
Connection
Forwarding
Using the CLI
The following section describes how to enable and configure connection forwarding using the CLI.
To configure connection forwarding you enable the feature and define the HP EFS
WAN Accelerator neighbors on each of the server-side HP EFS WAN Accelerators in the network.
IMPORTANT: When you define a neighbor, you must specify the HP EFS WAN Accelerator in-path IP address, not the primary IP address.
To enable connection forwarding
1. Connect to the CLI. For detailed information, see the HP StorageWorks Enterprise
File Services WAN Accelerator Command-Line Interface Reference Manual.
2. At the system prompt, enter the following set of commands:
HP EFS WAN Accelerator-2> enable
HP EFS WAN Accelerator-2 # configure terminal
HP EFS WAN Accelerator-2 (config) #
HP EFS WAN Accelerator-2 (config) # in-path neighbor enable
HP EFS WAN Accelerator-2 (config) # in-path neighbor ip address 10.0.0.6
;;the in-path ip address of HP EFS WAN Accelerator-3
HP EFS WAN Accelerator-2 (config) # write memory
HP EFS WAN Accelerator-2 (config) # restart
HP EFS WAN Accelerator-3> enable
HP EFS WAN Accelerator-3 # configure terminal
HP EFS WAN Accelerator-3 (config) # in-path neighbor enable
HP EFS WAN Accelerator-3 (config) # in-path neighbor ip address 10.0.0.5
;;the in-path ip address of HP EFS WAN Accelerator-2
44 5 - C ONFIGURING C ONNECTION F ORWARDING
CHAPTER 6
Policy-Based Routing
Deployments
In This Chapter This chapter describes how to configure the Policy-Based Routing (PBR) to redirect traffic to an HP EFS WAN Accelerator or group of HP EFS WAN Accelerators. It contains the following sections:
‹
‹
‹
“How PBR works on a Cisco 6500 Platform, Version 12.2(17d) SXB1” on page 47
‹
“Connecting the HP EFS WAN Accelerator to Your Network in PBR
‹
“Asymmetric HP EFS WAN Accelerator Deployments With PBR” on page 49
‹
“Client-Side HP EFS WAN Accelerator Attached to a Router through a Switch” on page 54
‹
“Client-Side HP EFS WAN Accelerator Attached to an Inside Router” on page 55
‹
“PBR Between VLANs” on page 55
‹
“Symmetric HP EFS WAN Accelerator Deployments With PBR and
‹
“Symmetric Deployments with PBR, Autodiscovery, and CDP” on page 60
This chapter assumes you are familiar with the HP EFS WAN Accelerator
Management Console (Management Console). For detailed information about the
Management Console and how to use it, see the HP Enterprise File Services WAN
Accelerator Management Console User Guide.
This chapter also assumes that you are familiar with the installation and configuration process for the HP EFS WAN Accelerator. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
This chapter provides the basic steps for PBR network deployments. It does not provide detailed procedures. Use this chapter as a general guide to these deployments.
If you need additional assistance, contact HP technical support located at http://
www.hp.com.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 45
46
For detailed information about the factors you must consider before you design and deploy the HP EFS WAN Accelerator in a network environment, see
Deployment Overview” on page 11 .
Introduction to PBR
PBR is a router configuration that allows you to define policies to route packets instead of relying on routing protocols. It is enabled on an interface basis and packets coming into a PBR-enabled interface are checked to see if they match the defined policies. If they do match, the packets are applied as the rule defined for the policy. If they do not match, packets are routed based on the usual routing table. The rules redirect the packets to a specific IP address.
Typically, you configure PBR on the client-side of the network to redirect traffic to an
HP EFS WAN Accelerator.
IMPORTANT: PBR must be enabled on the interfaces where the client traffic is arriving and disabled on the interfaces corresponding to the HP EFS WAN Accelerator, to avoid an infinite loop. (The HP EFS WAN Accelerator can bounce back the packets it receives either because it is not configured to optimize that traffic or its admission control is refusing new connections.)
On the server-side, the HP EFS WAN Accelerator is configured as, an out-of-path device, although it can also be configured with a PBR router with a specific PBR rule or as an in-path device.
In all cases, the HP EFS WAN Accelerator that intercepts traffic redirected with PBR is configured with in-path support and PBR support enabled. PBR policies can be based on the source IP address, destination IP address, protocol (TCP only), source port, or destination port.
Overview of CDP
CDP is a protocol used by Cisco routers and switches to obtain neighbor IP addresses, model, IOS version, and so forth. The protocol runs at the Open System
Interconnection (OSI) layer 2 using the 802.3 Ethernet frame.
HP EFS WAN Accelerators can be deployed in several ways: physically in path, virtually in path, or out of path. Virtual in-path deployments require that a network device redirect packets to the HP EFS WAN Accelerators. Network devices that are capable of redirection are layer-4 switches, WCCP enabled routers and switches, and
PBR enabled routers.
6 - P OLICY -B ASED R OUTING D EPLOYMENTS
Either PBR or WCCP can be used to redirect traffic from a router to an HP EFS WAN
Accelerator. On some platforms, such as the Cisco 6509 platform on which WCCP runs, WCCP can only redirect a limited number of TCP ports to the HP EFS WAN
Accelerator without reverting to software forwarding. This characteristic has a tendency to spike the Central Processing Unit (CPU) of the router. On Cisco 6500s running IOS 12.x can redirect all TCP ports and do the PBR forwarding in the hardware.
WCCP is designed to redirect traffic to a group of HP EFS WAN Accelerators so it is often better in clustering solutions. With PBR, any clustering must be done by manually by configuring a set of redirect rules. The following table summarizes the advantages and disadvantages of PBR and WCCP.
Capability Platform
Hardware Redirection of All TCP Connections
Clustering
Cisco 6500
All
Failover All
WCCP
Limited numbers of
TCP ports
Redirect to a group of
HP EFS WAN
Accelerators
Will only redirect to active HP EFS WAN
Accelerators in a group
PBR
All TCP traffic.
No groups for redirection. Can be a manual setup.
Requires CDP on the
HP EFS WAN
Accelerator to bypass an HP EFS WAN
Accelerator that is down.
For an example configuration, see “Symmetric Deployments with PBR,
Autodiscovery, and CDP” on page 60 .
How PBR works on a Cisco 6500 Platform,
Version 12.2(17d) SXB1
One of the major issues with PBR is that it can blackhole traffic (that is, drop all TCP connections to a destination) if the device it is redirecting to fails. To avoid blackholing traffic, PBR must have a way of tracking whether the PBR next hop is available. You can enable this tracking feature in a route map with the following Cisco router command: set ip next-hop verify-availability
With this command, PBR attempts to verify the availability of the next hop using information from CDP. If that next hop is unavailable, it skip the actions specified in the route map.
PBR checks availability in the following manner:
1. When PBR first attempts to send to a PBR next hop, it checks the CDP neighbor table to see if the IP address of the next hop appears to be available. If so, it sends
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 47
48 an Address Resolution Protocol (ARP) request for the address, resolves it, and begins redirecting traffic to the next hop (that is, the HP EFS WAN Accelerator).
2. After PBR has verified the next hop, it continues to send to the next hop as long as it obtains answers from the ARP request for the next hop IP address. If the ARP request fails to obtain an answer, it then rechecks the CDP table. If there is no entry in the CDP table, it no longer uses the route map to send traffic. This verification provides a failover mechanism.
NOTE: Using PBR with CDP will not work on a Cisco 6500 router and switch combination that is setup in hybrid mode. You must use a native setup for this to work. A hybrid setup fails because all the routing is done on the Multilayer Switch Feature Card (MSFC). This card is treated as an independent system in a hybrid setup. Therefore, when you run the show cdp
neighbors command on the MSFC, it displays the Supervisor card as its only neighbor. It does not see any of the devices that are connected to the switch ports. Therefore, it assumes none of those devices are reachable, and it does not redirect any traffic for route maps that use set ip
next-hop verify-availability.
In more recent versions of the Cisco IOS software, there is a feature called PBR with
Multiple Tracking Options. In addition to the old method of using CDP information, it allows methods such as HTTP and ping to be used to determine whether the PBR next hop is available. Using CDP allows you to run with older IOS 12.x versions.
NOTE: CDP is required for failover deployments on Cisco 6000, 6500, and 7600 platforms because Multiple Tracking Options is not available on these platforms.
For an example configuration, see “Symmetric Deployments with PBR,
Autodiscovery, and CDP” on page 60 .
Connecting the HP EFS WAN Accelerator to
Your Network in PBR Deployments
There are two Ethernet cables attached to the HP EFS WAN Accelerator in PBR deployments:
‹ A Straight through cable to the Primary interface. You use this connection to manage the HP EFS WAN Accelerator, reaching it through HTTPS or SSH.
‹ A Straight through cable to the WAN interface. You assign an IP address to the
In-Path interface; this is the IP address that you redirect traffic to (that is, the target of the router PBR rule).
6 - P OLICY -B ASED R OUTING D EPLOYMENTS
Asymmetric HP EFS WAN Accelerator
Deployments With PBR
The following section describes asymmetric HP EFS WAN Accelerator deployments with PBR. The examples in this section apply only if the clients are on one side of the
WAN and are connecting to servers on the other side of the WAN.
If the client-side HP EFS WAN Accelerator is on a different Layer-2 interface than the clients on the router where PBR is configured, PBR can be enabled on a Layer-2 interface basis, and redirects TCP traffic going to the server.
IMPORTANT: HP recommends you define a policy based on the source or destination IP and not on the TCP source or destination ports because certain protocols use dynamic ports instead of fixed ones such as Exchange and File Transfer Protocol (FTP).
Configuring
PBR Using the
CLI
The following section describes how to configure PBR using the HP EFS WAN
Accelerator command-line interface (CLI).
The following figure illustrates a network where PBR is enabled on the interface of the client-side router connected to the Layer-2 switch that redirects traffic to the HP EFS
WAN Accelerator.
Figure 6-1. Client-Side, HP EFS WAN Accelerator Attached to a Router
The client-side router has a fastEthernet 0/0 interface attached to the Layer-2 switch and fastEthernet0/1 attached to the HP EFS WAN Accelerator.
The server-side router has a fastEthernet0/0 interface attached to the Layer-2 switch.
This example uses the following IP addresses:
‹ Client-side. Clients=10.0.0.0/16, HP EFS WAN Accelerator=10.2.0.2/16,
Router(fastEthernet0/0)=10.0.0.1/16, Router(fastEthernet0/1)=10.2.0.1/16
‹ Server-side. Servers=10.1.0.0/16, HP EFS WAN Accelerator=10.1.0.3/16,
Router(fastEthernet0/0)=10.1.0.1/16
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 49
In this example, the HP EFS WAN Accelerator is configured as a client-side, HP EFS
WAN Accelerator in an in-path configuration with PBR support. It must reach the remote network through the router from the in-path interface and a fixed-target in-path rule is defined for the remote out-of-path HP EFS WAN Accelerator.
Basic Steps
(Client-Side)
To configure the clientside HP EFS WAN
Accelerator
Perform the following basic steps for the client-side HP EFS WAN Accelerator.
1. Connect to the client-side CLI. For detailed information, see the HP StorageWorks
Enterprise File Services WAN Accelerator Command-Line Interface Reference
Manual.
2. On the client-side HP EFS WAN Accelerator, at the system prompt, enter the following set of commands: client-SH > enable client-SH # configure terminal client-SH (config) # in-path enable client-SH (config) # in-path oop enable client-SH (config) # interface in-path ip address 10.2.0.2 /16 client-SH (config) # ip in-path-gateway inpath0_0 10.2.0.1
client-SH (config) # in-path rule fixed-target dstaddr 10.1.0.0/16 dstport 135 target-addr 10.1.0.3
client-SH (config) # in-path rule fixed-target dstaddr 10.1.0.0/16 dstport 139 target-addr 10.1.0.3
client-SH (config) # in-path rule fixed-target dstaddr 10.1.0.0/16 dstport 445 target-addr 10.1.0.3
client-SH (config) # in-path rule fixed-target dstaddr 10.1.0.0/16 dstport 21 target-addr 10.1.0.3
client-SH (config) # in-path rule fixed-target dstaddr 10.1.0.0/16 dstport 80 target-addr 10.1.0.3
client-SH (config) # write memory client-SH (config) # restart
NOTE: You must save your changes to memory and restart the HP EFS WAN Accelerator for your changes to take effect.
To configure the clientside router
This configuration optimizes Common Internet File System (CIFS), Exchange, FTP, and Hypertext Transfer Protocol (HTTP) traffic.
• On the client-side router, at the system prompt, enter the following set of commands:
Router#configure terminal
Router(config)#access-list 101 permit tcp any 10.1.0.0 0.0.255.255
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address 10.0.0.1 255.255.0.0
Router(config-if)#ip policy route-map TrafficToS
Router(config-if)#exit
Router(config)#route-map TrafficToS permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip next-hop 10.2.0.2
Router(config-route-map)#exit
Router(config)#interface fastEthernet 0/1
Router(config-if)#ip address 10.2.0.1 255.255.0.0
Router(config-if)#end
50 6 - P OLICY -B ASED R OUTING D EPLOYMENTS
Router#
TIP: Enter configuration commands, one per line. End with CRTL-Z .
Basic Steps
(Server-Side)
The Access Control List (ACL) defines the matching criteria. The route-map defines the action corresponding to the matching criteria. The ip policy route-map command attaches a route-map to an interface.
For detailed information about configuring Cisco routers for PBR, see http:// www.cisco.com/en/US/products/sw/iosswrel/ps1831/ products_configuration_guide_chapter09186a00800c60d2.html#23550 .
In this example, the server-side HP EFS WAN Accelerator is configured as an out-ofpath device. For detailed information, see the HP StorageWorks Enterprise File
Services WAN Accelerator Installation and Configuration Guide.
Configuring
PBR Using the
Management
Console
Basic Steps
(Client-Side)
The following section describes the basic steps for configuring PBR using the
Management Console.
Perform the following steps for each client-side HP EFS WAN Accelerator.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 51
1. Configure the HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator
Installation and Configuration Guide.
2. Connect to the Management Console. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
3. Navigate to the Setup: Optimization Service - General Settings page in the
Management Console.
4. To enable PBR support, click Enable In-Path Support, Enable L4/PBR/WCCP
Support on Interface wan0_0 and Enable Optimizations on inpath0_0, and
inpath0_1.
Figure 6-2. Setup: Optimization Service - General Settings Page
52 6 - P OLICY -B ASED R OUTING D EPLOYMENTS
5. Navigate to the Setup: Optimization Service - In-Path Rules page.
6. Define fixed-target, in-path rules to reach the remote network through the remote out-of-path HP EFS WAN Accelerator.
Figure 6-3. Setup: Optimization Service - In-Path Rules Page
Basic Steps
(Server-Side)
7. Apply and save the new configuration in the Setup: Configuration Manager page.
8. Restart the HP EFS WAN Accelerator service in the Setup: Start/Stop Services page.
9. Begin optimization. View performance reports and system logs in the
Management Console.
The server-side HP EFS WAN Accelerator is configured as an out-of-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN
Accelerator Installation and Configuration Guide.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 53
Client-Side HP EFS WAN Accelerator
Attached to a Router through a Switch
In this deployment, PBR is enabled on the interface of the client-side router connected to the Layer-2 switch that redirects traffic to the HP EFS WAN Accelerator.
Communication between the client-side HP EFS WAN Accelerator and the clients must be through the client-side router.
Figure 6-4. Client-Side HP EFS WAN Accelerator Attached to a Router through a
Switch
Basic Steps
(Client-Side)
Basic Steps
(Server-Side)
Perform the steps for
“Basic Steps (Client-Side)” on page 50
.
Perform the steps for
“Basic Steps (Server-Side)” on page 51
.
54 6 - P OLICY -B ASED R OUTING D EPLOYMENTS
Client-Side HP EFS WAN Accelerator
Attached to an Inside Router
In this deployment, PBR is enabled on the router interface connected to the Layer-2 switch that redirects traffic to the HP EFS WAN Accelerator. The same PBR rules should not be enabled on the WAN router (or any other router on the way to the WAN).
Figure 6-5. Client-Side HP EFS WAN Accelerator Attached to an Inside Router
Basic Steps
(Client-Side)
Basic Steps
(Server-Side)
Perform the steps for
“Basic Steps (Client-Side)” on page 50
. Make sure that you configure different PBR rules for the second router.
Perform the steps for
“Basic Steps (Server-Side)” on page 51
.
PBR Between VLANs
If there is not a clear physical separation between the client and the HP EFS WAN
Accelerator on the router where PBR is defined, you can use Virtual Local Area
Networks (VLANs) to create a virtual separation.
In the following figure, the HP EFS WAN Accelerator is configured in a different
VLAN than the client VLAN, and PBR is enabled on the client VLAN interface and disabled on the HP EFS WAN Accelerator VLAN interface.
Figure 6-6. PBR Between VLANs
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 55
To configure the HP
EFS WAN Accelerator
To configure the Cisco router
In this configuration, the HP EFS WAN Accelerator is attached to any Layer-2 switch that the router can reach (even the same switch as the clients). VLAN trunking is enabled between the Layer-2 switch and the PBR router (not on the link between the
HP EFS WAN Accelerator and the switch).
In this configuration you use the IP addresses in a single subnet and the router has 2
VLAN interfaces on fastEthernet0/0.
Use the procedures in “Basic Steps (Client-Side)” on page 50
. With a single subnet configuration, the route-map is attached to a VLAN interface instead of an ethernet interface.
This example assumes that VLAN trunking is already configured on the Layer-2 switch and the router for the clients VLAN (VLAN1) and that the Layer-2 switch configuration for VLAN2 is already completed.
• On the client-side router, at the system prompt, enter the following set of commands:
Router#configure terminal
Router(config)#interface fastEthernet 0/0.2
Router(config-subif)#encapsulation dot1Q 2
Router(config-subif)#ip address 10.2.0.1 255.255.0.0
Router(config-subif)#exit
Router(config)#access-list 101 permit tcp any 10.1.0.0 0.0.255.255
Router(config)#interface fastEthernet 0/0.1
Router(config-subif)#encapsulation dot1Q 1
Router(config-subif)#ip address 10.0.0.1 255.255.0.0
Router(config-subif)#ip policy route-map TrafficToS
Router(config-subif)#exit
Router(config)#route-map TrafficToS permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip next-hop 10.2.0.2
Router(config-route-map)#end
Router#
TIP: Enter configuration commands, one per line. End with CTRL-Z .
56 6 - P OLICY -B ASED R OUTING D EPLOYMENTS
Symmetric HP EFS WAN Accelerator
Deployments With PBR and Autodiscovery
In the case where clients and servers are on both sides of the WAN, PBR can be configured on both sides of the network where each router has the reversed rules of the other router.
Figure 6-7. Symmetric HP EFS WAN Accelerator Deployments with PBR
To configure the HP
EFS WAN Accelerators
For this example, assume that clients, servers, and HP EFS WAN Accelerators are all on a separate VLANs and the Layer-2 switch is attached to the router fastEthernet0/
0 interface. This example uses the following IP addresses:
‹ Left-side. Clients=10.0.1.0/24, Servers=10.0.2.0/24, HP EFS WAN
Accelerator=10.0.3.0/24
‹ Right-side. Clients=10.1.1.0/24, Servers=10.1.2.0/24, HP EFS WAN
Accelerator=10.1.3.0/24
Each router is connected to the WAN through their Fast Ethernet 0/1 interfaces. They use the following IP addresses:
‹ Left WAN = 10.0.4.0/24
‹ Right WAN = 10.1.4.0/24
1. On the left HP EFS WAN Accelerator, at the system prompt, enter the following set of commands:
Left-SH > enable
Left-SH # configure terminal
Left-SH (config) # in-path enable
Left-SH (config) # in-path oop enable
Left-SH (config) # interface in-path ip address 10.0.3.2 /24
Left-SH (config) # ip in-path-gateway inpath0_0 10.0.3.1
Left-SH (config) # write memory
Left-SH (config) # restart
2. On the right HP EFS WAN Accelerator, at the system prompt, enter the following set of commands:
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 57
Right-SH > enable
Right-SH # configure terminal
Right-SH (config) # in-path enable
Right-SH (config) # in-path oop enable
Right-SH (config) # interface in-path ip address 10.1.3.2 /24
Right-SH (config) # ip in-path-gateway inpath0_0 10.1.3.1
Right-SH (config) # write memory
Right-SH (config) # restart
IMPORTANT: You must save your changes to memory and restart the HP EFS WAN
Accelerator service for your changes to take effect.
To configure the Cisco router
1. On the left router, at the system prompt, enter the following commands:
TIP: Enter configuration commands, one per line; end with CTRL-Z .
58
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface fastEthernet 0/0.1
Router(config-subif)#encapsulation dot1Q 1
Router(config-subif)#ip address 10.0.1.1 255.255.0.0
Router(config-subif)#ip policy route-map TrafficToRightS
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.2
Router(config-subif)#encapsulation dot1Q 2
Router(config-subif)#ip address 10.0.2.1 255.255.0.0
Router(config-subif)#ip policy route-map TrafficFromLeftS
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.3
Router(config-subif)#encapsulation dot1Q 3
Router(config-subif)#ip address 10.0.3.1 255.255.0.0
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/1
Router(config-subif)#ip address 10.0.4.1 255.255.0.0
Router(config-subif)#ip policy route-map TrafficToLeftSAndFromRightS
Router(config-subif)#exit
Router(config)#access-list 101 permit tcp any 10.1.2.0 0.0.0.255
Router(config)#access-list 102 permit tcp 10.0.2.0 0.0.0.255 any
Router(config)#access-list 103 permit tcp any 10.0.2.0 0.0.0.255
Router(config)#access-list 104 permit tcp 10.1.2.0 0.0.0.255 any
Router(config)#route-map TrafficToRightS permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip next-hop 10.0.3.2
Router(config-route-map)#exit
Router(config)#route-map TrafficFromLeftS permit 10
Router(config-route-map)#match ip address 102
Router(config-route-map)#set ip next-hop 10.0.3.2
Router(config-route-map)#exit
Router(config)#route-map TrafficToLeftSAndFromRightS permit 10
Router(config-route-map)#match ip address 103 104
Router(config-route-map)#set ip next-hop 10.0.3.2
Router(config-route-map)#end
Router#
2. On the right router, at the system prompt, enter the following set of commands:
Router#configure terminal
Router(config)#interface fastEthernet 0/0.1
6 - P OLICY -B ASED R OUTING D EPLOYMENTS
Router(config-subif)#encapsulation dot1Q 1
Router(config-subif)#ip address 10.1.1.1 255.255.0.0
Router(config-subif)#ip policy route-map TrafficToLeftS
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.2
Router(config-subif)#encapsulation dot1Q 2
Router(config-subif)#ip address 10.1.2.1 255.255.0.0
Router(config-subif)#ip policy route-map TrafficFromRightS
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.3
Router(config-subif)#encapsulation dot1Q 3
Router(config-subif)#ip address 10.1.3.1 255.255.0.0
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/1
Router(config-subif)#ip address 10.1.4.1 255.255.0.0
Router(config-subif)#ip policy route-map TrafficToRightSAndFromLeftS
Router(config-subif)#exit
Router(config)#access-list 101 permit tcp any 10.0.2.0 0.0.0.255
Router(config)#access-list 102 permit tcp 10.1.2.0 0.0.0.255 any
Router(config)#access-list 103 permit tcp any 10.1.2.0 0.0.0.255
Router(config)#access-list 104 permit tcp 10.0.2.0 0.0.0.255 any
Router(config)#route-map TrafficToLeftS permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip next-hop 10.1.3.2
Router(config-route-map)#exit
Router(config)#route-map TrafficFromRightS permit 10
Router(config-route-map)#match ip address 102
Router(config-route-map)#set ip next-hop 10.1.3.2
Router(config-route-map)#exit
Router(config)#route-map TrafficToRightSAndFromLeftS permit 10
Router(config-route-map)#match ip address 103 104
Router(config-route-map)#set ip next-hop 10.1.3.2
Router(config-route-map)#end
Router#
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 59
Symmetric Deployments with PBR,
Autodiscovery, and CDP
In the case where clients and servers are on both sides of the WAN, PBR can be configured on both sides of the network where each router has the reversed rules of the other router.
Figure 6-8. Symmetric HP EFS WAN Accelerator Deployments with PBR
To configure the HP
EFS WAN Accelerators
60
For this example, assume that clients, servers, and HP EFS WAN Accelerators are all on a separate VLANs and the Layer-2 switch is attached to the router fastEthernet0/
0 interface. This example uses the following IP addresses:
‹ Left-side. Clients=10.0.1.0/24, Servers=10.0.2.0/24, HP EFS WAN
Accelerator=10.0.3.0/24
‹ Right-side. Clients=10.1.1.0/24, Servers=10.1.2.0/24, HP EFS WAN
Accelerator=10.1.3.0/24
Each router is connected to the WAN through their Fast Ethernet 0/1 interfaces. They use the following IP addresses:
‹ Left WAN = 10.0.4.0/24
‹ Right WAN = 10.1.4.0/24
1. On the left HP EFS WAN Accelerator, at the system prompt, enter the following set of commands:
Left-SH > enable
Left-SH # configure terminal
Left-SH (config) # in-path enable
Left-SH (config) # in-path oop enable
Left-SH (config) # in-path cdp enable
Left-SH (config) # interface in-path ip address 10.0.3.2 /24
Left-SH (config) # ip in-path-gateway inpath0_0 10.0.3.1
Left-SH (config) # write memory
Left-SH (config) # restart
2. On the right HP EFS WAN Accelerator, at the system prompt, enter the following set of commands:
6 - P OLICY -B ASED R OUTING D EPLOYMENTS
Right-SH > enable
Right-SH # configure terminal
Right-SH (config) # in-path enable
Right-SH (config) # in-path oop enable
Right-SH (config) # in-path cdp enable
Right-SH (config) # interface in-path ip address 10.1.3.2 /24
Right-SH (config) # ip in-path-gateway inpath0_0 10.1.3.1
Right-SH (config) # write memory
Right-SH (config) # restart
IMPORTANT: You must save your changes to memory and restart the HP EFS WAN
Accelerator service for your changes to take effect.
To configure the Cisco router
1. On the left router, at the system prompt, enter the following commands:
TIP: Enter configuration commands, one per line; end with CTRL-Z .
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface fastEthernet 0/0.1
Router(config-subif)#encapsulation dot1Q 1
Router(config-subif)#ip address 10.0.1.1 255.255.0.0
Router(config-subif)#ip policy route-map TrafficToRightS
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.2
Router(config-subif)#encapsulation dot1Q 2
Router(config-subif)#ip address 10.0.2.1 255.255.0.0
Router(config-subif)#ip policy route-map TrafficFromLeftS
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.3
Router(config-subif)#encapsulation dot1Q 3
Router(config-subif)#ip address 10.0.3.1 255.255.0.0
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/1
Router(config-subif)#ip address 10.0.4.1 255.255.0.0
Router(config-subif)#ip policy route-map TrafficToLeftSAndFromRightS
Router(config-subif)#exit
Router(config)#access-list 101 permit tcp any 10.1.2.0 0.0.0.255
Router(config)#access-list 102 permit tcp 10.0.2.0 0.0.0.255 any
Router(config)#access-list 103 permit tcp any 10.0.2.0 0.0.0.255
Router(config)#access-list 104 permit tcp 10.1.2.0 0.0.0.255 any
Router(config)#route-map TrafficToRightS permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip next-hop 10.0.3.2
Router(config-route-map)#set ip next-hop verify-availability
Router(config-route-map)#exit
Router(config)#route-map TrafficFromLeftS permit 10
Router(config-route-map)#match ip address 102
Router(config-route-map)#set ip next-hop 10.0.3.2
Router(config-route-map)#set ip next-hop verify-availability
Router(config-route-map)#exit
Router(config)#route-map TrafficToLeftS permit 10
Router(config-route-map)#match ip address 103 104
Router(config-route-map)#set ip next-hop 10.0.3.2
Router(config-route-map)#set ip next-hop verify-availability
Router(config-route-map)#end
Router#
2. On the right router, at the system prompt, enter the following set of commands:
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 61
62
Router#configure terminal
Router(config)#interface fastEthernet 0/0.1
Router(config-subif)#encapsulation dot1Q 1
Router(config-subif)#ip address 10.1.1.1 255.255.0.0
Router(config-subif)#ip policy route-map TrafficToLeftS
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.2
Router(config-subif)#encapsulation dot1Q 2
Router(config-subif)#ip address 10.1.2.1 255.255.0.0
Router(config-subif)#ip policy route-map TrafficFromRightS
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.3
Router(config-subif)#encapsulation dot1Q 3
Router(config-subif)#ip address 10.1.3.1 255.255.0.0
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/1
Router(config-subif)#ip address 10.1.4.1 255.255.0.0
Router(config-subif)#ip policy route-map TrafficToRightSAndFromLeftS
Router(config-subif)#exit
Router(config)#access-list 101 permit tcp any 10.0.2.0 0.0.0.255
Router(config)#access-list 102 permit tcp 10.1.2.0 0.0.0.255 any
Router(config)#access-list 103 permit tcp any 10.1.2.0 0.0.0.255
Router(config)#access-list 104 permit tcp 10.0.2.0 0.0.0.255 any
Router(config)#route-map TrafficToLeftS permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip next-hop 10.1.3.2
Router(config-route-map)#set ip next-hop verify-availability
Router(config-route-map)#exit
Router(config)#route-map TrafficFromRightS permit 10
Router(config-route-map)#match ip address 102
Router(config-route-map)#set ip next-hop 10.1.3.2
Router(config-route-map)#set ip next-hop verify-availability
Router(config-route-map)#exit
Router(config)#route-map TrafficToRightS permit 10
Router(config-route-map)#match ip address 103 104
Router(config-route-map)#set ip next-hop 10.1.3.2
Router(config-route-map)#set ip next-hop verify-availability
Router(config-route-map)#end
Router#
Troubleshooting
On Cisco routers with Internet Operating System (IOS) version 12.3T, the PBR support for Multiple Tracking Options feature allows the router to check if a machine is still functioning. This feature can detect if the HP EFS WAN Accelerator is up and, if not, to stop redirecting the traffic to it.
You can use the following methods to check an HP EFS WAN Accelerator:
‹ Internet Control Message Protocol (ICMP) ping reach-ability to a remote device.
‹ Application running on a remote device (for example, the device responds to an
HTTP GET request).
‹ A route exists in the Routing Information Base (RIB) (for example, policy route only if 10.2.2.0/24 is in the RIB).
‹ Interface state (for example, packets received on E0 should be the policy routed out of E1 only if E2 is down).
6 - P OLICY -B ASED R OUTING D EPLOYMENTS
CHAPTER 7
WCCP Deployments
In This Chapter This chapter describes how to configure the Web Cache Communication Protocol
(WCCP) to redirect traffic to an HP EFS WAN Accelerator or group of HP EFS WAN
Accelerators. It contains the following sections:
‹
next
‹
“Connecting the HP EFS WAN Accelerator to Your Network in WCCP
‹
“A Basic WCCP Configuration” on page 68
‹
“Configuring WCCP Using the Management Console” on page 70
‹
“Dual WCCP Deployment” on page 76
‹
“Additional WCCP Features” on page 79
‹
This chapter assumes you are familiar with the HP EFS WAN Accelerator
Management Console (Management Console). For detailed information about the
Management Console and how to use it, see the HP Enterprise File Services WAN
Accelerator Management Console User Guide.
This chapter also assumes that you are familiar with the installation and configuration process for the HP EFS WAN Accelerator. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
This chapter provides the basic steps for WCCP network deployments. It does not provide detailed procedures. Use this chapter as a general guide to these deployments.
If you need additional assistance, contact HP technical support located at http://
www.hp.com.
For detailed information about the factors you must consider before you design and deploy the HP EFS WAN Accelerator in a network environment, see
Deployment Overview” on page 11 .
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 63
Introduction to WCCP
WCCP was originally implemented on Cisco routers, multi-layer switches, and Web caches to redirect HTTP requests to local Web caches (Version 1). Version 2, which is implemented on HP EFS WAN Accelerators, can redirect any type of connection from multiple routers to multiple Web caches.
You configure WCCP to redirect traffic to an HP EFS WAN Accelerator or group of
HP EFS WAN Accelerators:
‹ so that the HP EFS WAN Accelerators do not have to be physically in-path but can be virtually in-path. That is, the HP EFS WAN Accelerators are configured to be physically out-of-path devices while optimizing traffic as if they were in-path devices.
‹ to redirect traffic to an HP EFS WAN Accelerator or group of HP EFS WAN
Accelerators to provide load balancing and failover support.
You can configure WCCP on the client-side HP EFS WAN Accelerator or the serverside HP EFS WAN Accelerator. They can be in-path devices or out-of-path devices, depending on your network environment.
The following figure illustrates WCCP configured on the client-side and an out-ofpath HP EFS WAN Accelerator on the server-side. This is an example of one type of
WCCP deployment. Contact HP technical support for further information at http://
www.hp.com.
Figure 7-1. Basic WCCP Configuration
64
The following steps describe how WCCP works with the HP EFS WAN Accelerator:
1. Routers and HP EFS WAN Accelerators are added to the same service group.
2. HP EFS WAN Accelerators announce themselves to the routers.
3. Routers send back the state of the service group.
4. One HP EFS WAN Accelerator takes a leadership role and tells the routers how to redirect traffic among the HP EFS WAN Accelerators in the service group.
7 - WCCP D EPLOYMENTS
Basic Steps
The HP EFS WAN Accelerators use the following methods to communicate with routers:
‹ Unicast (User Datagram Protocol Packets). The HP EFS WAN Accelerator is configured with the IP address of each router. If additional routers are added to the service group, they must be added on each HP EFS WAN Accelerator.
‹ Multicast. The HP EFS WAN Accelerator is configured with a multicast group.
If additional routers are added, you do not need to add or change configuration settings on the HP EFS WAN Accelerators.
All Transmission Control Traffic (TCP) traffic is redirected by default. You can configure specific source or destination ports to be redirected. For detailed
information, see “TCP Port Redirection” on page 80 .
For other types of redirection filtering such as the Internet Protocol (IP) address, you configure Access Control Lists (ACLs) on the routers and add it to the service group.
For detailed information, see “Specific Traffic Redirection” on page 81
.
Traffic is redirected using one of the following schemes:
‹ gre (Generic Routing Encapsulation). Each data packet is encapsulated in a
GRE packet with the HP EFS WAN Accelerator IP address configured as the destination. This scheme is applicable to any network.
‹ l2 (Layer-2). Each packet Media Access Control (MAC) address is rewritten with an HP EFS WAN Accelerator MAC address. This scheme is possible only if the
HP EFS WAN Accelerator is connected to a router at Layer-2.
‹ either. The either value uses l2 (Layer-2) first—if Layer-2 is not supported, gre is used.
You can load-balance using WCCP. Traffic is redirected based on a hashing scheme and the weight of the HP EFS WAN Accelerators. You can hash on a combination of the source IP address, destination IP address, source port, or destination port. The default weight is based on the HP EFS WAN Accelerator model number. (The weight is heavier for models that support more connections.) You can modify the default
weight. For detailed information, see “Load Balancing” on page 81
.
You can also provide failover support using WCCP. In a failover configuration, the HP
EFS WAN Accelerators periodically announce themselves to the routers. If an HP EFS
WAN Accelerator fails, traffic is redirected to the working HP EFS WAN Accelerators.
To configure failover support where the passive HP EFS WAN Accelerator takes over if there is a failure in the active HP EFS WAN Accelerator, you simply configure the weight for the backup HP EFS WAN Accelerator to be 0. For detailed information, see
.
The following steps summarize how to configure WCCP on a client-side HP EFS
WAN Accelerator with an out-of-path server-side HP EFS WAN Accelerator.
IMPORTANT: This is an example of one type of WCCP deployment. You can also have deployments with both HP EFS WAN Accelerators configured as in-path devices and WCCP configured on one of them. Contact HP technical support for further information at http://
www.hp.com.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 65
WCCP CLI
Commands
1. Create a service group on the router and set the router to redirect traffic to the HP
EFS WAN Accelerator using WCCP on the interfaces where traffic goes.
2. Attach the WAN interface of the HP EFS WAN Accelerator to the network. The
WAN interface must be able to communicate with the switch or router where
WCCP is configured and where WCCP redirection will take place.
3. Configure the HP EFS WAN Accelerator to be an in-path device with WCCP support on the client-side. For example, in-path oop enable.
4. Add fixed-target, in-path rules to reach the server-side HP EFS WAN Accelerator.
5. Add the service group on the HP EFS WAN Accelerator.
6. Enable WCCP on the HP EFS WAN Accelerator.
This section summarizes the WCCP commands. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Command-Line Interface
Reference Manual.
‹ To enable client-side WCCP:
SH (config) # wccp enable
‹ To disable client-side WCCP:
SH (config) # no wccp enable
‹ To specify the multicast Time To Live (ttl) value for WCCP:
SH (config) # wccp mcast-ttl 10
‹ To configure a service group:
SH (config) # wccp service-group <service ID> routers <IP address>
[flags ] [priority ] [ports ] [password ] [weight ] [encap_scheme ]
66 7 - WCCP D EPLOYMENTS
service group
<service ID> router
<ip_address> flags <hash-bitidentifier> ports
<portnumber>
Specifies the service group identification number (ID) (from 0 to
255). The service group ID is the number that is set on the router. A value of 0 specifies the standard http service group which redirects only HTTP traffic.
The router IP is a multicast group IP address or a unicast router IP address. A total of 32 routers can be specified.
Specifies the combination of src-ip-hash, dst-ip-hash, src-port-
hash, dst-port-hash, ports-dest, ports-source that define the fields the router hashes on and if certain ports should be redirected.
Specifies a comma separated list of up to seven ports that the router will redirect. Use only if ports-dest or ports-source service flag is set.
priority <prioritynumber> password <string> Specifies the WCCP password. This password must be the same as the password on the router. (WCCP requires that all routers in a service group have the same password.) Passwords are limited to 8 characters.
weight <value>
Specifies the WCCP priority for traffic redirection. If a connection matches multiple service groups on a router, the router chooses the service group with the highest priority. The range is 0-255. The default value is 200.
The weight determines how often the traffic is redirected to a particular HP EFS WAN Accelerator. A higher weight redirects more traffic to that HP EFS WAN Accelerator. The ratio of traffic redirected to an HP EFS WAN Accelerator is equal to its weight divided by the sum of the weights of all the HP EFS WAN
Accelerators in the same service group. For example, if there are two
HP EFS WAN Accelerators in a service group and one has a weight of
100 and the other has a weight of 200, the one with the weight 100 receives 1/3 of the traffic and the other receives 2/3 of the traffic. The range is 0-65535. The default value corresponds to the number of
TCP connections your appliance supports.
encap_scheme
<string>
Specifies the traffic forwarding and redirection scheme: GRE encapsulation (gre) or Layer-2 (l2) redirection. The either value uses
Layer-2 first—if Layer-2 is not supported, gre is used.
Connecting the HP EFS WAN Accelerator to
Your Network in WCCP Deployments
There are two Ethernet cables attached to the HP EFS WAN Accelerator in WCCP deployments:
‹ A Straight through cable to the Primary interface. You use this connection to manage the HP EFS WAN Accelerator, reaching it through HTTPS or SSH.
‹ A Straight through cable to the WAN interface. You assign an IP address to the
In-Path interface; this is the IP address that you redirect traffic to.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 67
A Basic WCCP Configuration
This section describes how to configure a router and the HP EFS WAN Accelerator to use WCCP to redirect traffic in a single subnet using the CLI.
You can also use the Management Console to configure the HP EFS WAN Accelerator to use WCCP. In this example the server-side is assumed to be out-of-path.
IMPORTANT: This is an example of one type of WCCP deployment. You can also have deployments with both HP EFS WAN Accelerators configured as in-path devices and WCCP configured on one of them.
Figure 7-2. Basic WCCP Configuration
Connecting the
HP EFS WAN
Accelerator
To set up an HP EFS WAN Accelerator for WCCP, the HP EFS WAN Accelerator
WAN interface is connected to a switch or router (not necessarily the one configured for WCCP) that can reach the switch or router where WCCP is configured and where redirection will occur.
IMPORTANT: When you connect to the WAN port on the HP EFS WAN Accelerator for
WCCP, the LAN port no longer passes traffic. You cannot run the HP EFS WAN Accelerator in both in-path and client, out-of-path mode.
Configuring the
WCCP Router or
Multi-Layer
Switch
Before you configure the HP EFS WAN Accelerator, you enable your router for
WCCP. You create a service group and attach it to the interface where you want packets to be redirected.
In this example, you configure unicast protocol messages between the router and the
HP EFS WAN Accelerator and all traffic is redirected to the HP EFS WAN
Accelerator. (The HP EFS WAN Accelerator tells the router to redirect TCP traffic and, if configured on it, certain TCP ports.)
68 7 - WCCP D EPLOYMENTS
To configure the
WCCP router
The service group ID is 90 and the interface with packets coming from the LAN is
fastEthernet0/0.
IMPORTANT: HP recommends that you redirect packets coming into the LAN interface of the router with the redirect in feature on the router instead of the redirect out feature on the WAN interface of the router so that packets do not go through the routing code twice on the router.
Only use the redirect out feature if it is impossible to use the redirect in feature.
• At the system prompt, enter the following set of commands:
Router> enable
Router# configure terminal
Router(config)# ip wccp version 2
Router(config)# ip wccp 90
Router(config)# interface fastEthernet 0/0
Router(config-if)# ip wccp 90 redirect in
Router(config-if)# end
Router#
TIP: Enter configuration commands, one per line. End with CRTL-Z .
The service group 90 must be defined and configured on the HP EFS WAN
Accelerator.
Configuring the
Client-Side HP
EFS WAN
Accelerator
To configure the HP
EFS WAN Accelerator
To add in-path rules to reach the out-of-path, server-side, HP EFS
WAN Accelerator
You configure the client-side HP EFS WAN Accelerator to be an in-path device with
WCCP support and you add the service group (that you defined on the router) to it.
In this example, the client-side, in-path HP EFS WAN Accelerator IP address is
10.1.0.2, its WAN router is 10.1.0.1, and the server-side HP EFS WAN Accelerator primary IP address is 10.2.0.2.
1. Connect to the HP EFS WAN Accelerator CLI. For detailed information, see the
HP StorageWorks Enterprise File Services WAN Accelerator Command-Line
Interface Reference Manual.
2. At the system prompt, enter the following set of commands: client-SH > enable client-SH # configure terminal client-SH (config) # in-path enable client-SH (config) # in-path oop enable client-SH (config) # interface in-path ip address 10.1.0.2 /16 client-SH (config) # ip in-path-gateway 10.1.0.1
client-SH (config) # write memory client-SH (config) # restart
In this example, you configure the client-side HP EFS WAN Accelerator to optimize ports 135, 139, 445, 21, and 80 and to pass through all other traffic.
• At the system prompt, enter the following set of commands: client-SH > enable client-SH # configure terminal
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 69
To add the WCCP service group to the
HP EFS WAN
Accelerator client-SH (config) # in-path rule fixed-target port 135 target-addr
10.2.0.2
client-SH (config) # in-path rule fixed-target port 139 target-addr
10.2.0.2
client-SH (config) # in-path rule fixed-target port 445 target-addr
10.2.0.2
client-SH (config) # in-path rule fixed-target port 21 target-addr
10.2.0.2
client-SH (config) # in-path rule fixed-target port 80 target-addr
10.2.0.2
client-SH (config) # in-path rule pass-through client-SH (config) # write memory client-SH (config) # exit
Now add the service group to the HP EFS WAN Accelerator so that the router starts redirecting packets.
• At the system prompt, enter the following set of commands: client-SH > enable client-SH # configure terminal client-SH (config) # wccp enable client-SH (config) # wccp service-group 90 routers 10.1.0.1
client-SH (config) # write memory client-SH (config) # restart
This set of commands instructs the router to redirect all TCP traffic to the HP EFS
WAN Accelerator.
Basic Steps
(Client-Side)
Configuring WCCP Using the Management
Console
The following section describes the basic steps for configuring the HP EFS WAN
Accelerator using the Management Console.
This section does not describe how you enable your router for WCCP and create a service group for the HP EFS WAN Accelerator. For detailed information about configuring your router, see
“Configuring the WCCP Router or Multi-Layer Switch” on page 68 .
In this example, the client-side HP EFS WAN Accelerator IP address 10.1.0.2, its
WAN router is 10.1.0.1, and the server-side HP EFS WAN Accelerator, IP address is
10.2.0.2.
Perform the following steps for the client-side HP EFS WAN Accelerator.
70 7 - WCCP D EPLOYMENTS
1. Configure the HP EFS WAN Accelerator in an in-path configuration. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator
Installation and Configuration Guide.
2. Connect to the Management Console. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
3. Navigate to the Setup: Optimization Service - General Settings page in the
Management Console.
4. To enable external traffic redirection click Enable In-Path Support, Enable L4/
PBR/WCCP Support on Interface wan0_0, and Enable Optimization on
Interface inpath0_0.
Figure 7-3. Setup: Optimization Service - General Settings Page
5. Enable WCCP on your router.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 71
6. Navigate to the Setup: Advanced Networking - WCCP Groups page.
Figure 7-4. Setup: Advanced Networking - WCCP Service Groups Page
72 7 - WCCP D EPLOYMENTS
7. Define the service group: specify the service group identification number, the router IP address, password, priority, weight, and encapsulation scheme, and optionally, global settings.
8. Click Add Group to display your new group in the Service Group list.
9. Under WCCP v2 Global Settings, click Enable WCCP v2 Support.
10. Click Update Settings to enable WCCP v2 support.
11. Double-click the new service group name to display the Setup: Service, WCCP
Groups, Service Group page.
12. Define flags and ports; add additional routers for the service group.
Figure 7-5. Setup: Service, WCCP Groups Page
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 73
To define in-path rules to reach the serverside appliance
13. Save and apply the new configuration in the Management Console.
14. Restart the HP EFS WAN Accelerator service in the Setup: Start/Stop Service page.
On the client-side, you add in-path rules to reach the out-of-path, server-side HP EFS
WAN Accelerator. In this example you optimize ports 135, 139, 445, 21, and 80 to pass through all other traffic.
15. Navigate to the Setup: Optimization Service - In-Path Rules page in the
Management Console.
16. Define a fixed-target rule to optimize traffic on the server-side HP EFS WAN
Accelerator with port 135.
Figure 7-6. Setup: Optimization Service - In-Path Rules Page
74 7 - WCCP D EPLOYMENTS
17. Repeat
for ports 139, 445, 21, and 80.
18. To pass through all other traffic, define a pass-through rule on the server-side HP
EFS WAN Accelerator.
Figure 7-7. Setup: Optimization Service - In-Path Rules Page
Basic Steps
(Server-Side)
19. Save and apply the new configuration in the Setup: Configuration Manager page.
20. Begin optimization. View performance reports and system logs in the
Management Console.
The server-side HP EFS WAN Accelerator is configured as an out-of-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN
Accelerator Installation and Configuration Guide.
IMPORTANT: This is an example of one type of WCCP deployment. You can also have deployments with both HP EFS WAN Accelerators configured as in-path devices and WCCP configured on one of them. In this case, you would configure the server-side as an in-path device and you would not define fixed-target rules on the client-side. For detailed information, contact
HP technical support at http://www.hp.com.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 75
Dual WCCP Deployment
The following section describes how to deploy two HP EFS WAN Accelerators that are physically out-of-path but virtually in-path so that traffic is directed to them using
WCCP.
Figure 7-8. Dual WCCP Deployment
To configure the
WCCP (3640) router
76
Traffic between client and server passes through the two routers. When each router is configured with a WCCP service group, all traffic is redirected to pass through the corresponding HP EFS WAN Accelerators as it transits the router, enabling the HP
EFS WAN Accelerators to optimize the connections. Auto-discovery functions correctly—each HP EFS WAN Accelerator sends and receives traffic as if they were using an in-path configuration.
IMPORTANT: The HP EFS WAN Accelerators are connected using the WAN interface only.
WCCP uses a router identification number (ID) to announce the router to the HP EFS
WAN Accelerators. The router ID is one of the interfaces IP addresses: the router ID is not guaranteed to be the address of the interface closest to the HP EFS WAN
Accelerator.
The HP EFS WAN Accelerator must be able to route traffic back to the address that the router uses as the router ID. It is not sufficient to have the HP EFS WAN Accelerator know how to route to the client, server, and the server-side HP EFS WAN Accelerator; the HP EFS WAN Accelerator must know how to route traffic to the interface that the router takes its WCCP router ID from. The router ID can be changed by configuring a loop-back interface (int loopback 0) with a more suitable IP address.
The 6509 router uses hardware switching, if it can. It must be turned off using the no
mls ip command on the interfaces which are enabled for WCCP.
• At the system prompt, enter the following set of commands on the CISCO 3640 router: version 12.3
service timestamps debug datetime localtime show-timezone
7 - WCCP D EPLOYMENTS
service timestamps log datetime localtime show-timezone service password-encryption
!
hostname tr3640
!
boot-start-marker boot-end-marker
!
logging buffered 4096 errors enable secret 5 $xxxxxxxx
!
clock timezone PST -8 clock summer-time PDT recurring no aaa new-model ip subnet-zero ip wccp 90
!
ip cef ip audit po max-events 100 no ftp-server write-enable
!
no crypto isakmp enable
!
interface FastEthernet0/0
ip address 10.0.26.101 255.255.0.0
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clockrate 2000000
no fair-queue
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
!
!Wan Interface interface FastEthernet0/1.47
encapsulation dot1Q 47
ip address 172.20.240.17 255.255.255.252
no ip redirects
ip wccp 90 redirect in
no cdp enable
!
!Client Interface interface FastEthernet0/1.108
encapsulation dot1Q 108
ip address 10.11.21.100 0.0.0.255
no ip redirects
ip wccp 90 redirect in
no cdp enable
!
!HP EFS WAN Accelerator Interface interface FastEthernet0/1.132
encapsulation dot1Q 132
ip address 10.11.22.17 0.0.0.255
no ip redirects
no cdp enable
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 77
To configure the
WCCP (6209) router
78
!
no ip http server no ip http secure-server no ip classless ip route 10.11.24.0 0.0.0.255 172.20.240.18
ip route 10.11.25.0 0.0.0.255 172.20.240.18
!
no logging trap
!
control-plane
!
line con 0 line aux 0 line vty 0 4
exec-timeout 0 0
password 7 xxxxxxxx
login
transport input telnet
!
ntp server 10.0.0.2
!
end
• At the system prompt, enter the following set of commands:
!
version 12.1
no service pad service timestamps debug uptime service timestamps log uptime service password-encryption
!
hostname cisco-6509
!
boot system flash sup-slot0:c6msfc2-jsv-mz.121-23.E.bin
boot system bootflash:c6msfc2-psv-mz.121-19.E1.bin
boot bootldr bootflash:c6msfc2-boot-mz.121-19.E1.bin
enable secret 5 $xxxxxxxxx
!
clock timezone PST -8 ip subnet-zero ip wccp 91
!
interface Vlan1
ip address 10.0.26.107 255.255.0.0
!
!Server Interface interface Vlan54
ip address 10.11.25.250 0.0.0.255
no ip redirects
ip wccp 91 redirect in
no mls ip
no mls ipx
no cdp enable
!
!HP EFS WAN Accelerator Interface interface Vlan55
ip address 10.11.24.250 0.0.0.255
no ip redirects
no mls ip
no mls ipx
no cdp enable
!
!WAN Interface
7 - WCCP D EPLOYMENTS
interface Vlan63
ip address 172.20.240.18 255.255.255.252
no ip redirects
ip wccp 91 redirect in
no mls ip
no mls ipx
no cdp enable
!
ip classless ip route 10.11.21.0 0.0.0.255 172.20.240.17
ip route 10.11.22.0 0.0.0.255 172.20.240.17
ip flow-export version 5 no ip http server
!
line con 0
exec-timeout 0 0 line vty 0 4
password 7 06541B2E5C175958
login
!
end
To configure the clientside HP EFS WAN
Accelerator
To configure the server-side HP EFS
WAN Accelerator
• At the system prompt, enter the following set of commands: client-SH > enable client-SH # configure terminal client-SH (config) # interface in-path ip address 10.11.22.46 /16 client-SH (config) # in-path oop enable client-SH (config) # in-path enable client-SH (config) # wccp enable client-SH (config) # wccp service-group 90 routers 10.11.22.17 flags,dst-ip-hash priority 200 weight 3 encap_scheme either client-SH (config) # write memory client-SH (config) # restart
At the system prompt, enter the following set of commands: server-SH > enable server-SH # configure terminal server-SH (config) # interface in-path ip address 10.11.24.200 /16 server-SH (config) # in-path oop enable server-SH (config) # in-path enable server-SH (config) # wccp enable server-SH (config) # wccp service-group 91 routers 10.11.24.250 flags,dst-ip-hash priority 200 weight 6 encap_scheme either server-SH (config) # write memory server-SH (config) # restart
Additional WCCP Features
This section describes the additional features for WCCP.
Security
WCCP protocol messages can be authenticated between the router and the HP EFS
WAN Accelerator using a password. The maximum password length is 8 characters.
1. On the router, at the system prompt, enter the following command: To set the password for WCCP
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 79
Router(config)# ip wccp 90 password <your_password>
2. On the HP EFS WAN Accelerator, at the system prompt, enter the following command: client-SH (config) # wccp service-group 90 routers 10.1.0.1 password
<your_password>
NOTE: The same password must be set on the HP EFS WAN Accelerator and the router.
Multicast
To configure multicast groups on your router
If you add multiple routers and HP EFS WAN Accelerators to a service group, you can configure them to exchange WCCP protocol messages through a multicast group.
Configuring a multicast group is advantageous because if a new router is added, it does not need to be explicitly added on each HP EFS WAN Accelerator.
• On your router, at the system prompt, enter the following set of commands:
Router> enable
Router# configure terminal
Router(config)# ip wccp version 2
Router(config)# ip wccp 90 group-address 224.0.0.3
Router(config)# interface fastEthernet 0/0
Router(config-if)# ip wccp 90 redirect in
Router(config-if)# ip wccp 90 group-listen
Router(config-if)# end
Router#
TIP: Enter configuration commands, one per line. End each command with CTRL-Z .
To configure multicast groups on the HP EFS
WAN Accelerator
• On the client-side HP EFS WAN Accelerator, at the system prompt, enter the following set of commands: client-SH > enable client-SH # configure terminal client-SH (config) # wccp enable client-SH (config) # wccp mcast-ttl 10 client-SH (config) # wccp service-group 90 routers 224.0.0.3
client-SH (config) # write memory client-SH (config) # exit
TCP Port
Redirection
By default, all TCP ports are redirected, but the HP EFS WAN Accelerator can be configured to tell the router to redirect only certain TCP source or destination ports. A maximum of 7 ports can be specified per service groups.
NOTE: You do not need to configure source and destination ports on the router.
To configure TCP port redirection
• On the client-side HP EFS WAN Accelerator, at the system prompt, enter the following command:
80 7 - WCCP D EPLOYMENTS
client-SH (config) # wccp service-group 90 routers 10.1.0.1 flags portsdestination ports 135,139,445,21,80
Specific Traffic
Redirection
To configure specific traffic redirection on the router
If redirection is based on traffic characteristics other than ports, Access Control Lists
(ACLs) on the router can define what traffic is redirected.
For example, if you only want the traffic destined for IP address 10.2.0.0/16 to be redirected to the HP EFS WAN Accelerator, you would configure the router in the following manner.
• On the router, enter the following set of commands:
Router> enable
Router# configure terminal
Router(config)# ip wccp version 2
Router(config)# access-list 101 permit tcp any 10.2.0.0 255.255.0.0
Router(config)# ip wccp 90 redirect-list 101
Router(config)# interface fastEthernet 0/0
Router(config-if)# ip wccp 90 redirect in
Router(config-if)# end
Router#
TIP: Enter configuration commands, one per line. End each command with CTRL-Z .
Load Balancing
You can load-balance using WCCP. Traffic is redirected based on a hashing scheme and the weight of the HP EFS WAN Accelerators. You can hash on a combination of the source IP address, destination IP address, source port, or destination port. The default weight is based on the HP EFS WAN Accelerator model (for example, for the
Model 5000 the weight would be 5000). You can modify the default weight.
To change the hashing scheme and assign a weight
For example, to configure load balancing, you change the hashing scheme to hash on a destination IP and port and specify a weight on the HP EFS WAN Accelerator. (You do not need to configure the router.)
1. On the client-side HP EFS WAN Accelerator, enter the following command: client-SH (config) # wccp service-group 90 routers 10.1.0.1 flags dstip-hash,dst-port-hash
2. To change the weight on the client-side HP EFS WAN Accelerator, enter the following command: client-SH (config) # wccp service-group 90 routers 10.1.0.1 weight 20
Failover
Support
You can also provide failover support using WCCP. In a failover configuration, the HP
EFS WAN Accelerators periodically announce themselves to the routers. If an HP EFS
WAN Accelerator fails, traffic is redirected to the working HP EFS WAN Accelerators.
For example, instead of load balancing traffic between two HP EFS WAN
Accelerators, you might want traffic to go to only one HP EFS WAN Accelerator and to failover to the other HP EFS WAN Accelerator if the first one fails.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 81
To configure failover support, you simply define the weight to be 0 on the backup HP
EFS WAN Accelerator. For detailed information, see
“WCCP CLI Commands” on page 66
.
To check the router configuration
To trace WCCP packets and events on the router
Troubleshooting
You can check your WCCP configuration on the router and the HP EFS WAN
Accelerator.
• On the router, at the system prompt, enter the following set of commands:
Router>en
Router#show ip wccp
Router#show ip wccp 90 detail
Router#show ip wccp 90 view
You can trace WCCP packets and events on the router.
• On the router, at the system prompt, enter the following set of commands:
Router>en
Router#debug ip wccp events
WCCP events debugging is on
Router#debug ip wccp packets
WCCP packet info debugging is on
Router#term mon
82 7 - WCCP D EPLOYMENTS
CHAPTER 8
Proxy File Service Deployments
In This Chapter This chapter describes Proxy File Service (PFS) and provides the basic steps for configuring PFS. This chapter includes the following sections:
‹
‹
‹
“How Does PFS Work?” on page 86
‹
“Configuring PFS Using the Management Console” on page 89
This chapter assumes that you are familiar with the installation and configuration process for the HP EFS WAN Accelerator. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
This chapter also assumes you are familiar with the HP EFS WAN Accelerator
Management Console (Management Console). For detailed information about the
Management Console and how to use it, see the HP Enterprise File Services WAN
Accelerator Management Console User Guide.
NOTE: The Setup: Proxy File Service (PFS) - Configuration page only appears if you are running an HP EFS WAN Accelerator, Model DL320-510, DL320-1010, DL320-2010, DL320-
520, DL320-1020, DL320-2020, DL380-3010, or DL380-5010. These models have the necessary disk capacity to perform PFS.
Introduction to PFS
PFS is an optional integrated virtual file server that allows you to store copies of files on the HP EFS WAN Accelerator with Windows file access, creating several options for transmitting data between remote offices and centralized locations with improved performance and functions. Data is configured into file shares by PFS; and the shares are periodically synchronized (updated) transparently in the background, over the optimized connection of the HP EFS WAN Accelerator. PFS leverages the integrated disk capacity of the HP EFS WAN Accelerator to store file-based data in a format that allows it to be retrieved by Network Attached Storage (NAS) clients.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 83
84
PFS runs in concert with the HP EFS Remote Copy Utility (HP EFS RCU). The HP
EFS RCU must be installed on the origin server or on a separate Windows host with write-access to the data utilized by PFS. For detailed information, see the HP
Enterprise File Services Remote Copy Utility Reference Manual.
PFS provides:
‹ LAN access to data residing across the WAN. File access performance is improved between central and remote locations. PFS creates an integrated fileserver, enabling clients to access data directly from the PFS on the LAN as opposed to the WAN. Transparently in the background, data on the PFS is synchronized with data from the origin file server over the WAN.
‹ Continuous access to files in the event of WAN disruption. PFS provides support for disconnected operations. In the event of a network disruption that prevents access over the WAN to the origin server, files can still be accessed on the local HP EFS WAN Accelerator.
‹ Simplify Branch Infrastructure and Backup Architectures. PFS consolidates file servers and local tape backup from the branch into the data center. PFS enables a reduction in number and size of backup windows running in complex backup architectures.
PFS Terms
The following terms are used to describe processes and devices in PFS.
Proxy File Service
Term
Proxy File Server
Origin Server
Domain Name
Description
A virtual file server resident on the HP EFS WAN Accelerator, providing Windows file access (with Access Control Lists
(ACLs)) capability at a branch office on the LAN network, populated over an optimized WAN connection with data from the origin server.
The server located in the data center which hosts the origin data volumes.
The domain to which you want to make the proxy file server a member. Typically, this is the same domain as your company’s domain.
8 - P ROXY F ILE S ERVICE D EPLOYMENTS
Proxy File Service
Term
Description
Domain Controller (DC) Specifies the domain controller name, the host that provides user login service in the domain. (Typically, with Windows 2000
Active Directory Service domains, given a domain name, the system automatically retrieves the domain controller name.)
Share The data volume exported from the origin server to the remote
HP EFS WAN Accelerator.
Local Name
Remote Path
The name that you assign to a share on the HP EFS WAN
Accelerator, this is the name by which users identify and map a share.
The path to the data on the origin server or the Universal
Naming Convention (UNC) path of a share to which you want to make available to PFS.
RCU Server
Share Synchronization
The name of the Windows server where the HP EFS Remote
Copy Utility (HP EFS RCU) is running. The RCU server may be the same as the origin server.
Synchronization runs periodically in the background, ensuring that the data on the proxy file server is synchronized with the origin server. You have the HP EFS WAN Accelerator refresh the data automatically by setting the frequency, in seconds; or manually at anytime.
PFS Operating
Modes
Each individual file share on the HP EFS WAN Accelerator is configured in one of the following operating modes:
‹ Broadcast Mode. Provides branch-office HP EFS WAN Accelerators with local read-only copies of data stored on the origin server. CIFS clients who map a
Broadcast mode file share on the HP EFS WAN Accelerator cannot make changes to the files in that file share. The data is updated periodically on the HP
EFS WAN Accelerator with the data from the origin server. You specify the frequency of updates (synchronization) when you configure a share.
‹ Local Mode. Provides read-write access to a given file share hosted on the branch-office HP EFS WAN Accelerator. CIFS clients mapping a Local mode file share have read-write access to that share. Changes made to the share are sent back to the origin server. For any remote path, there can exist only one local share on any HP EFS WAN Accelerator, this prevents conflicting data from being written to the same path.
NOTE: In Local Mode, the HP EFS WAN Accelerator copy of the data is the master copy, do not make changes to the shared files on the origin server directory while in Local mode. Changes are propagated from the HP EFS WAN Accelerator to the origin server.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 85
86
NOTE: When you configure a share, a text file (._rbt_share_lock. txt), is created on the origin server that keeps track of which HP EFS WAN Accelerator owns the share. Do not remove this file. If you remove the ._rbt_share_lock. txt file on the origin file server, PFS will not function properly.
‹ Stand-Alone Mode. Provides the client read-write access to data on a remote HP
EFS WAN Accelerator. For example, if you want to load temporary data from a remote client to the remote HP EFS WAN Accelerator that does not need to be backed up at a data center, you can create a share in Stand-Alone without a remote path. A Stand-Alone share with a remote path is initially populated with data from the origin server after which changes and/or new data created on the share are not sent back to the origin server.
‹ Global Mode. HP EFS WAN Accelerator optimization without PFS enabled.
How Does PFS Work?
To synchronize the data volumes, the HP EFS WAN Accelerator communicates to the
HP EFS RCU running on the origin server. If the origin server is a non-Windows file server and cannot run the HP EFS RCU, then the HP EFS RCU can be run on a
Windows server with write-access, to the origin server.
PFS provides Windows file service in the HP EFS WAN Accelerator at a remote site.
The HP EFS WAN Accelerator is configured as a Domain Member Server. Data volumes at the data center are configured explicitly on the proxy file server and are served locally by the HP EFS WAN Accelerator. As part of the configuration, the data volume including the Access Control Lists (ACLs) from the origin server are copied on to the HP EFS WAN Accelerator. PFS allocates a portion of the HP EFS WAN
Accelerator data store for users to access as a network file system.
PFS in the HP EFS WAN Accelerator allows a Domain Controller (DC) to authenticate users accessing its file shares. The DC can be located at the remote site or over the
WAN at the main data center. The HP EFS WAN Accelerator must be configured as a
Member Server in the Windows 2000, or later, Active Directory Services (ADS) domain. Domain users are allowed to access the PFS shares based on the access permission settings provided for each user.
8 - P ROXY F ILE S ERVICE D EPLOYMENTS
The proxy file server can export data volumes in local mode, broadcast mode, and stand-alone mode. After the HP EFS WAN Accelerator receives the initial copy of the data and ACLs, the shares can then be made available to local clients. The shares on the HP EFS WAN Accelerator will periodically be synchronized with the origin server at specified intervals, or manually by the system administrator. The HP EFS WAN
Accelerator uses Scalable Data Referencing (SDR) during the synchronization process which optimizes the traffic across the WAN.
Figure 8-1. PFS Deployment
When to Use
PFS
PFS can be configured with any number of file shares in different modes. Shares are configured into different operating modes based on the use of your data:
‹ For environments seeking to broadcast a set of read-only files to many users at different sites. Broadcast Mode quickly transmits a read-only copy of the files from the origin server to your remote offices.
‹ For environments that need to efficiently and transparently copy data created at a remote site to a central data center, perhaps where tape archival resources are available to backup the data. Local Mode enables read-write access at remote offices to update files on the origin file server.
‹ For network environments where it is more effective to maintain a separate copy of files that are accessed locally by the clients at the remote site. In Stand-Alone
Mode, create a proxy file server at a remote office using the remote office HP
EFS WAN Accelerator, creating extra storage space.
If any of the above advantages can benefit your environment, then enabling PFS in the
HP EFS WAN Accelerator is appropriate.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 87
When to use
Global Mode
Configuration
Checklist for
PFS
Deploying the HP EFS WAN Accelerator without PFS is considered global mode. In global mode, the HP EFS WAN Accelerator performs its standard optimization of accessing data over the WAN.
Evaluate whether PFS is suitable for your network needs:
‹ Pre-Identification of PFS files. PFS requires that files accessed over the WAN must be identified in advance. If the data set accessed by the remote users is larger than the specified capacity of your model or if it cannot be identified in advance, then you should have end-users access the origin server directly through the HP
EFS WAN Accelerator without PFS (global mode).
‹ Concurrent Read-Write Data Access from Multiple Sites. In a network environment where users from multiple branch offices update a common set of centralized files and records over the WAN, the HP EFS WAN Accelerator
without PFS is the most appropriate solution because file locking is directed between the client and the server. The HP EFS WAN Accelerator always consults the origin server in response to a client request, it never provides a proxy response or data from its data store without consulting the origin server.
PFS requires an HP EFS WAN Accelerator Model DL320-520, DL320-1020, DL320-2020,
DL380-3010, or DL380-5010 . These models have extra disk capacity that is utilized when PFS is enabled.
Before you enable PFS make sure you:
‹ configure the HP EFS WAN Accelerator to use Network Time Protocol (NTP) to synchronize the time. For detailed information about setting the date and time in the HP EFS WAN Accelerator, see the HP Enterprise File Services WAN
Accelerator Management Console User Guide.
‹ configure the DNS server correctly. The configured DNS server must be the same
DNS server to which all the Windows client machines point to.
‹ have a fully qualified domain name for which PFS will be configured. This domain name must be the domain name for which all the Windows desk-top machines are configured.
‹ configure the HP EFS WAN Accelerator as a member server in the Windows
2000 domain so that the HP EFS WAN Accelerator can access the domain controller to authenticate the users accessing its file shares. In order to perform this operation, a Windows domain account is required with the privileges to perform a join domain operation.
‹ you must make sure that the owner of the remote path is a domain account and not a local account.
‹ install and start the HP EFS Remote Copy Utility (HP EFS RCU) on the origin server. You can install the RCU on the origin server or on a separate Windows host with write access to the data utilized by PFS. The RCU is available for download from the HP support site located at
http://www.hp.com. For detailed information, see the HP Enterprise File
Services Remote Copy Utility Reference Manual.
88 8 - P ROXY F ILE S ERVICE D EPLOYMENTS
To join a domain for
PFS
Configuring PFS Using the Management
Console
The following sections provide the basic steps for joining the domain for PFS, and configuring PFS shares for Broadcast, Local, or Stand-Alone mode using the
Management Console.
1. Install and start the HP EFS RCU on the HP EFS RCU server, which by default listens on port 8777. The RCU service must be started with a domain account that has write access to the share on the origin server.
2. Configure the HP EFS WAN Accelerator as an in-path device. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator
Installation and Configuration Guide.
IMPORTANT: HP EFS RCU traffic from the HP EFS WAN Accelerator originates through the
Primary Interface. To ensure proper optimization of HP EFS RCU traffic, make sure traffic from your Primary interface goes through the same switch as your LAN interface. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Installation
and Configuration Guide.
3. Connect to the Management Console. For detailed information, see the HP
Enterprise File Services WAN Accelerator Management Console User Guide.
4. Navigate to the Setup: Proxy File Service (PFS) - Configuration page. You will need to join a domain the first time you configure PFS.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 89
Figure 8-2. Setup: Proxy File Service (PFS) - Configuration Page.
90
5. Under Proxy File Service Configuration, enter the domain name in the Fully-
Qualified Domain Name/Realm text box.
6. Optionally, enter the domain controller name in the Domain Controller Name text box.
8 - P ROXY F ILE S ERVICE D EPLOYMENTS
NOTE: The Primary DNS IP displays the primary DNS IP as an active link. To change the primary DNS IP, click on this link to be taken to the Setup: Host Settings - DNS Settings page.
For more information on DNS Settings, see the HP Enterprise File Services WAN Accelerator
Management Console User Guide.
7. Enter the domain administrator login, and password in the Domain Admin Login and Domain Admin Password text boxes.
8. Click Update PFS Configuration. You are notified if the HP EFS WAN
Accelerator successfully joined the domain.
9. Under Enable/Disable Proxy File Service, click Enable PFS to enable PFS.
10. Under Security Signature Settings, select Enabled, Disabled, or Required from the Security Signature drop-down list and click Update Security Signature
Settings.
Disabled
Enabled
Required
This is the default setting. In this setting, PFS does not support clients with security signatures set to required.
This setting supports any type of security signature setting requested by the client machine.
In this setting, PFS only supports clients with security signatures set to enabled.
11. Under Idle Connection Timeout, type a timeout value in minutes in the text box and click Update the Connection Timeout. If there is no client (read or write) activity
12. Under Local Administrator Settings, type the local administrator password in the
Local Admin Password text box. You must use the correct syntax for the administrator login name (for example: admin_user@parent_realm) even if you belong to a subdomain.
13. Retype the local administrator password in the Confirm text box and click Update
Administrator Settings. The local administrator account can be used to manage
PFS files when the WAN is down.
14. Click Save to write your settings to memory.
15. Navigate to the Setup: Start/Stop Service page.
16. Under Optimization, click Restart Service to restart the HP EFS WAN
Accelerator service.
17. Under PFS, click Start Service to start PFS.
TIP: Select Automatic, or Manual from the Startup drop-down list in the Setup: Start/Stop
Services page to specify whether you want the service to start automatically on system reboot or manually.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 91
To add a share for PFS
18. Navigate to the Setup: Configuration Manager page and save your changes to memory.
After you have setup the PFS domain, you can configure your shares.
1. Navigate to the Setup: Proxy File Service (PFS) - Shares page.
Figure 8-3. Setup: Proxy File Service - Shares Page
92
2. Under Add New Share, specify the local name for the share in the Local Name text box. This is the name to be used by clients for mapping.
3. Select Broadcast, Local, or StandAlone from the Mode drop-down list.
8 - P ROXY F ILE S ERVICE D EPLOYMENTS
Mode
Broadcast
Local
Description
In Broadcast mode, the share originates on the origin server and a readonly copy is available as a share on the branch office HP EFS WAN
Accelerator. The data is updated periodically on the HP EFS WAN
Accelerator with the data from the origin server. You specify the frequency of updates (synchronization) when you configure a share.
In Local mode, after the HP EFS WAN Accelerator receives the initial copy, new data generated by clients is periodically synchronized to the origin server. The folder on the origin server essentially becomes a back-up folder of the share on the HP EFS WAN Accelerator. Users must not directly write to this folder on the origin server.
For Local mode, make sure that the folder on the origin server is either not shared or is shared as a read-only folder.
IMPORTANT: The domain administrator must have write permissions because the RCU uses that to update this folder.
StandAlone
CAUTION: In Local Mode, the HP EFS WAN Accelerator copy of the data is the master copy, do not make changes to the shared files from the origin server while in Local mode. Changes are propagated from the remote office hosting the share to the origin server.
Provides read-write access to data on a branch office HP EFS WAN
Accelerator. There may or may not be an origin server at the data center with which the share has to synchronize data to. For example, if you want to load temporary data that does not need to be backed up at a data center, you can create a share in Stand-Alone mode with or without a remote path.
4. Type the remote path for the share in the Remote Path text box.
TIP: if the origin server is not the HP EFS RCU server, you specify the remote path using the
Uniform Naming Convention (UNC) for the mapped drive. For example, \\<origin-file-
server>\<local-name>. If the origin server is the same as the HP EFS RCU server then you must type its full path including the drive letter, for example C:\data.
5. Type the HP EFS RCU server name and port in the Server Name and Port text boxes.
6. Type frequency of updates (synchronization) in seconds, in the Sync Frequency text box.
7. Optionally, type a comment that describes the share in the Comment text box.
8. Click Add Share to add the share to the Shares list.
9. Click Save to write your settings to memory.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 93
To synchronize and initialize a share
1. Navigate to the Setup: Proxy File Service - Shares page.
2. In the Shares list check the Sync check box and click Update Shares. This action downloads the initial copy of the share from the origin server to the HP EFS WAN
Accelerator and configures the share for automatic synchronization.
Figure 8-4. Synchronizing, Initializing, and Accessing Shares
To map a share 3. Click the Sharing check box and click Update Shares to make the share available to clients for mapping. End users access the configured shares by mapping, for example, \\HP EFS WAN Accelerator\share1.
94 8 - P ROXY F ILE S ERVICE D EPLOYMENTS
To modify share information
4. Click Save to write your settings to memory.
5. Navigate to the Setup - Configuration Manager page to apply and save the new configuration to memory. If you do not save your configuration changes to memory, your defined proxy file shares will become orphaned. Orphaned shares must be reconfigured to be synchronized.
TIP: You may choose at any time to click the Manual Sync button to manually synchronize a share. Click the Verify button to verify your shares, this will generate a list of the differences between the shares on the HP EFS WAN Accelerator and the origin server. Click the Cancel button to cancel your actions.
TIP: To remove a proxy file share, click the check box next to the name and click Remove
Selected Shares. Click Save to write your settings to memory.
CAUTION: Removing a share means deleting the files of the share from the HP EFS WAN
Accelerator. You must first disable Syncing to delete a share.
1. Navigate to the Setup: Proxy File Service - Shares page.
2. In the Shares list, click the magnifying glass next to the Share name that you want to modify to display the Shares Detailed Settings page.
Figure 8-5. Shares Detailed Settings Page
3. Modify your values and click Update Share.
4. Click Save to write your settings to memory.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 95
To view share status details
1. Click Jump to Share Status to navigate to the Setup: Proxy File Service - Shares page.
Figure 8-6. Viewing the Share Status Page
96 8 - P ROXY F ILE S ERVICE D EPLOYMENTS
CHAPTER 9
RADIUS and TACACS+
Authentication
In This Chapter This chapter describes how to configure Remote Authentication Dial-In User Service
(RADIUS) or Terminal Access Controller Access Control System (TACACS+) authentication for the HP EFS WAN Accelerator. It contains the following sections:
‹
“Introduction to Authentication,” next
‹
“Configuring a RADIUS Server with FreeRADIUS” on page 98
‹
“Configuring a TACACS+ Server with Free TACACS+” on page 100
‹
“Configuring RADIUS Authentication in the HP EFS WAN Accelerator” on page 101
‹
“Configuring TACACS+ Authentication in the HP EFS WAN Accelerator” on page 103
Introduction to Authentication
The HP EFS WAN Accelerator can use a RADIUS or TACACS+ authentication system for logging in administrative and monitor users. The following methods for user authentication are provided with the HP EFS WAN Accelerator:
‹ local
‹ radius
‹ tacacs+
The order in which authentication is attempted is based on the order specified in the
Authentication, Authorization, Accounting (AAA) method list. The local value must always be specified in the method list.
The authentication methods list provides backup methods if a method fails to authenticate a user. Failure is defined as no response for the method. If a deny is received from the method being tried, no other methods are attempted.
The HP EFS WAN Accelerator does not have the ability to set a per interface authentication policy. The same authentication method list is used for all interfaces
(that is, default). You cannot configure authentication methods with subsets of the
RADIUS or TACACS+ servers specified (that is, there are no server groups).
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 97
98
The following CLI commands are available for RADIUS and TACACS+ authentication:
‹ Authentication
‹ aaa authentication login default
‹ aaa authorization map default-user
‹ aaa authorization map order
‹ show authentication method
‹ RADIUS Configuration
‹ radius-server host
‹ radius-server key
‹ radius-server retransmit
‹ radius-server timeout
‹ TACACS+ Configuration
‹ tacacs-server host
‹ tacacs-server key
‹ tacacs-server retransmit
‹ tacacs-server timeout
‹ show tacacs
‹ User Accounts
‹ username privilege
‹ username nopassword
‹ username password
‹ username password 0
‹ username password 7
‹ username password cleartext
‹ username password encrypted
‹ username disable
Configuring a RADIUS Server with
FreeRADIUS
You can, on a per user basis, specify a different local account mapping by using a vendor specific attribute. This section describes how to configure the FreeRADIUS server to return an attribute (which specifies the local user account as an ASCII string).
The file paths are the default values. If the RADIUS server installation has been customized, the paths might differ.
9 - RADIUS AND TACACS+ A UTHENTICATION
To install FreeRADIUS on a Linux computer
To add acceptance requests on the
RADIUS server
The directory /usr/local/share/freeradius is where the dictionary files are stored. This is where RADIUS attributes can be defined. Assuming the vendor does not have established dictionary file in the FreeRADIUS distribution, you begin the process by creating a file called: dictionary.<vendor>.
The contents of the dictionary.<vendor> file define a vendor identifier (which ought to be the Structure of Management Information (SMI) Network Management Private
Enterprise Code of the Vendor), and the definitions for any vendor specific attributes.
In the following example, the Vendor Enterprise Number for HP is 17613 and the
Enterprise Local User Name Attribute is 1. These numbers specify that a given user is an admin or monitor user in the RADIUS server (instead of using the HP EFS WAN
Accelerators default for users not named admin and monitor).
These instruction assume you are running FreeRADIUS, v.1.0, which is available from http://www.freeradius.org
.
1. Download FreeRadius from http://www.freeradius.org
.
2. At your system prompt, enter the following set of commands:
>tar xvzf freeradius-$VERSION.tar.gz
>cd freeradius-$VERSION
>./configure
>make
>make install #as root
1. In a text editor, open the /usr/local/etc/raddb/clients.conf file.
2. To create the key for the RADIUS server, add the following text to the clients.conf file: client 10.0.0.0/16 { secret = testradius shortname = main-network nastype = other
}
The secret you specify here must also be specified in the HP EFS WAN
Accelerator when you set up RADIUS server support. For detailed information, see the HP Enterprise File Services WAN Accelerator Management Console User
Guide.
3. In a text editor, create a /usr/local/share/freeradius/dictionary.rbt file for HP.
4. Add the following text to the dictionary.rbt file.
VENDOR RBT 17163
ATTRIBUTE Local-User 1 string RBT
5. Add the following line to the /usr/local/share/freeradius/dictionary:
$INCLUDE dictionary.rbt
6. Add users to the Radius server by editing the /usr/local/etc/raddb/users file. For example:
"admin" Auth-Type := Local, User-Password == "radadmin"
Reply-Message = "Hello, %u"
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 99
To download
TACACS+
100
"monitor" Auth-Type := Local, User-Password == "radmonitor"
Reply-Message = "Hello, %u"
"raduser" Auth-Type := Local, User-Password == "radpass"
Local-User = "monitor", Reply-Message = "Hello, %u"
7. Start the server using /usr/local/sbin/radiusd. Use the -X option if you want to debug the server.
NOTE: The raduser is the monitor user as specified by Local, User-Password.
Configuring a TACACS+ Server with Free TACACS+
The following section assumes you are running the TACACS+ authentication system.
The TACACS+ Local User Service is rbt-exec. The Local User Name Attribute is
local-user-name. This attribute controls whether a user who is not named admin or
monitor is an administrator or monitor user (instead of using the HP EFS WAN
Accelerator default value). For the HP EFS WAN Accelerator, the users listed in the
TACACS+ server must have Password Authentication Protocol (PAP) authentication enabled.
The following procedures install the free TACACS+ server on a Linux computer.
Cisco Secure can be used as a TACACS+ server.
1. Download TACACS+ from: http://www.gazi.edu.tr/tacacs/get.php?src=tac_plus_v9a.tar.gz
.
2. At your system prompt, enter the following set of commands:
>tar xvzf tac_plus_v9a.tar.gz
>cd tac_plus_v9a
>./configure
3. In a text editor, open the Makefile and uncomment the OS=-DLINUX line (or other lines appropriate for the operating system of the host).
4. On Linux, in a text editor open the tac_plus.h file and uncomment the #define
CONST_SYSERRLIST line.
5. At the system prompt, enter:
>make tac_plus
6. As the root user, enter the following command:
>make install
7. Add users to the TACACS server by editing the /usr/local/etc/tac_plus.conf file.
For example: key = testtacacs
9 - RADIUS AND TACACS+ A UTHENTICATION
user = admin {
pap = cleartext "tacadmin" user = monitor {
pap = cleartext "tacmonitor" user = tacuser {
pap = cleartext "tacpass"
service = rbt-exec {
local-user-name = "monitor"
}
The secret you specify here must also be specified in the HP EFS WAN Accelerator when you set up TACACS+ server support. For detailed information, see the HP
Enterprise File Services WAN Accelerator Management Console User Guide.
The tacuser is a monitor user as specified by local-user-name.
NOTE: The chap, opap, and arap variables can be specified in a similar manner, but only pap is needed.
8. Start the server by executing:
>/usr/local/sbin/tac_plus -C /usr/local/etc/tac_plus.conf
Configuring
RADIUS
Authentication
Configuring RADIUS Authentication in the HP EFS WAN Accelerator
The following section provides the basic steps for configuring RADIUS authentication in the HP EFS WAN Accelerator.
The following section describes the basic steps for configuring RADIUS authentication in the HP EFS WAN Accelerator.
You prioritize RADIUS authentication methods for the system and set the authorization policy and default user.
IMPORTANT: Make sure to put the authentication methods in the order in which you want authentication to occur. If authorization fails on the first method, the next method is attempted, and so forth, until all the methods have been attempted.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 101
Basic Steps
1. Configure the HP EFS WAN Accelerator. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
2. Connect to the Management Console. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
3. Navigate to the Setup: Authentication - General Settings page in the Management
Console.
4. Define the default login and the authentication methods. Make sure you put the authentication methods in the order in which you want them to occur. If authorization fails on the first method, the next method is attempted, and so forth, until all the methods have been attempted.
Figure 9-1. Setup: Authentication - General Settings Page
102 9 - RADIUS AND TACACS+ A UTHENTICATION
5. Navigate to the Setup: Authentication - Radius Servers page.
6. Specify the Server IP address, the authentication port, server key, time-out interval, retry interval, and, optionally, global settings.
Figure 9-2. Setup: Authentication - RADIUS Servers Page
7. Click Save.
Configuring
TACACS+
Authentication
Configuring TACACS+ Authentication in the HP EFS WAN Accelerator
The following section provides the basic steps for configuring TACACS+ authentication in the HP EFS WAN Accelerator.
The following section describes the basic steps for configuring TACACS+ configuration in the HP EFS WAN Accelerator.
You prioritize TACACS+ authentication methods for the system and set the authorization policy and default user.
IMPORTANT: Make sure to put the authentication methods in the order in which you want authentication to occur. If authorization fails on the first method, the next method is attempted, and so forth, until all the methods have been attempted.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 103
Basic Steps
The following section describes the basic steps for configuring TACACS+ authentication in the HP EFS WAN Accelerator.
1. Configure the HP EFS WAN Accelerator. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
2. Connect to the Management Console. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
3. Navigate to the Setup: Authentication - General Settings page in the Management
Console.
4. Define the authentication methods. Make sure you put the authentication methods in the order in which you want them to occur. If authorization fails on the first method, the next method is attempted, and so forth, until all the methods have been attempted.
Figure 9-3. Setup: Authentication - General Settings Page
104 9 - RADIUS AND TACACS+ A UTHENTICATION
5. Navigate to the Setup: Authentication - TACACS+ Servers page.
6. Specify the Server IP address, the authentication port, server key, time-out interval, retry interval, and, optionally, global settings.
Figure 9-4. Setup: Authentication - TACACS+ Servers Page
7. Click Save.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 105
106 9 - RADIUS AND TACACS+ A UTHENTICATION
CHAPTER 10
Serial Cluster and Cascade
Deployments
In This Chapter This chapter describes serial cluster and cascade deployments and summarizes the basic steps for configuring them. This chapter includes the following sections:
‹
next
‹
“Cascade Deployment” on page 111
This chapter assumes that you are familiar with the HP EFS WAN Accelerator
Management Console (Management Console). For detailed information about the
Management Console and how to use it, see the HP Enterprise File Services WAN
Accelerator Management Console User Guide.
This chapter also assumes that you are familiar with the installation and configuration process for the HP EFS WAN Accelerator. For detailed information, see the HP
StorageWorks Enterprise File Services WAN Accelerator Installation and
Configuration Guide.
This chapter provides the basic steps for serial cluster and cascade deployments. It does not provide detailed procedures. Use this chapter as a general guide for these deployments. If you need additional assistance, contact HP technical support at http:/
/www.hp.com.
For detailed information about the factors you must consider before you deploy the HP
EFS WAN Accelerator, see
“Design and Deployment Overview” on page 11 .
Serial Cluster Deployment
You can provide increased optimization by deploying several HP EFS WAN
Accelerators back-to-back in an in-path configuration to create a serial cluster.
IMPORTANT: HP strongly recommends that only Series 5000 HP EFS WAN Accelerators are deployed in a serial cluster due to traffic loads.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 107
108
Serial clustering operates in a spill-over mode where TCP connections beyond the capacity limit of one of the HP EFS WAN Accelerators in the cluster are automatically handled by the next HP EFS WAN Accelerator in a cluster. If one HP EFS WAN
Accelerator fails, the next HP EFS WAN Accelerator automatically take over.
Figure 10-1. Serial Cluster
In this example, HP EFS WAN Accelerator1, HP EFS WAN Accelerator2, and HP EFS
WAN Accelerator3 are configured so that they do not answer probes from each other and do not intercept inner connections from each other. Similarly, HP EFS WAN
Accelerator4, HP EFS WAN Accelerator5, and HP EFS WAN Accelerator6 are configured so that they do not answer probes from each other and do not intercept inner connections from each other. The HP EFS WAN Accelerators are configured to perform auto-discovery so that they can find a peer HP EFS WAN Accelerator that is available and that is on the other side of the Wide Area Network (WAN).
You specify peering rules that when the HP EFS WAN Accelerator receives an autodiscovery probe it is passed through, accepted, or processed normally based on the sender of the probe, the client IP address and subnet, the server IP address and subnet, or the server port.
In a serial cluster when an HP EFS WAN Accelerator reaches its capacity limit, it stops intercepting new connections and passes them through to the next HP EFS WAN
Accelerator that will intercept them. This process continues until there are no more HP
EFS WAN Accelerators available in the cluster.
In serial cluster deployments:
‹ The peering rules table is a ordered list of rules and the first rule that matches the rule is applied.
‹ To avoid interceptions on inner connections created by other HP EFS WAN
Accelerators in the same cluster, in-path rules are specified to pass-through connections originating from those HP EFS WAN Accelerators.
10 - S ERIAL C LUSTER AND C ASCADE D EPLOYMENTS
A Basic Serial
Cluster
Deployment
The following example illustrates how to configure a cluster of three in-path HP EFS
WAN Accelerators in a data center.
Figure 10-2. Serial Cluster in a Data Center
To configure HP EFS
WAN Accelerator1
This example has the following parameters:
‹ HP EFS WAN Accelerator1 IP address is 10.0.1.1 on a /16
‹ HP EFS WAN Accelerator2 IP address is 10.0.1.2 on a /16
‹ HP EFS WAN Accelerator3 IP address is 10.0.1.3 on a /16
Each HP EFS WAN Accelerator is configured with in-path peering rules that prevent peering with another HP EFS WAN Accelerator in the cluster and with in-path rules that do not optimize connections originating from these HP EFS WAN Accelerators.
1. On HP EFS WAN Accelerator1, connect to the CLI. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Command-Line
Interface Reference Manual.
2. At the system prompt, enter the following set of commands:
SH1 > enable
SH1 # configure terminal
SH1 (config) # in-path peering rule pass peer 10.0.1.2 rulenum 1
SH1 (config) # in-path peering rule pass peer 10.0.1.3 rulenum 1
SH1 (config) # in-path rule pass-through srcaddr 10.0.1.2/32 rulenum 1
SH1 (config) # in-path rule pass-through srcaddr 10.0.1.3/32 rulenum 1
SH1 (config) # wr mem
SH1 (config) # show in-path peering rules
Rule Type Source Network Dest Network Port Peer Addr
----- ------ ------------------ ------------------ ----- --------------
-
1 pass * * * 10.0.1.3
2 pass * * * 10.0.1.2
def auto * * * *
SH1 (config) # show in-path rules
Rule Type Source Addr Dest Addr Port Target Addr
Port
----- ---- ------------------ ------------------ ----- ---------------
-----
1 pass 10.0.1.3/32 * * -- --
2 pass 10.0.1.2/32 * * -- --
def auto * * * -- --
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 109
To configure HP EFS
WAN Accelerator2
1. On HP EFS WAN Accelerator2, connect to the CLI. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Command-Line
Interface Reference Manual.
2. At the system prompt, enter the following set of commands:
SH2 > enable
SH2 # configure terminal
SH2 (config) # in-path peering rule pass peer 10.0.1.1 rulenum 1
SH2 (config) # in-path peering rule pass peer 10.0.1.3 rulenum 1
SH2 (config) # in-path rule pass-through srcaddr 10.0.1.1/32 rulenum 1
SH2 (config) # in-path rule pass-through srcaddr 10.0.1.3/32 rulenum 1
SH2 (config) # wr mem
SH2 (config) # show in-path peering rules
Rule Type Source Network Dest Network Port Peer Addr
----- ------ ------------------ ------------------ ----- --------------
-
1 pass * * * 10.0.1.3
2 pass * * * 10.0.1.1
def auto * * * *
SH1 (config) # show in-path rules
Rule Type Source Addr Dest Addr Port Target Addr
Port
----- ---- ------------------ ------------------ ----- ---------------
-----
1 pass 10.0.1.3/32 * * -- --
2 pass 10.0.1.1/32 * * -- --
def auto * * * -- --
To configure HP EFS
WAN Accelerator3
1. On HP EFS WAN Accelerator3, connect to the CLI. For detailed information, see the HP StorageWorks Enterprise File Services WAN Accelerator Command-Line
Interface Reference Manual.
2. At the system prompt, enter the following set of commands:
SH3 > enable
SH3 # configure terminal
SH3 (config) # in-path peering rule pass peer 10.0.1.1 rulenum 1
SH3 (config) # in-path peering rule pass peer 10.0.1.2 rulenum 1
SH3 (config) # in-path rule pass-through srcaddr 10.0.1.1/32 rulenum 1
SH3 (config) # in-path rule pass-through srcaddr 10.0.1.2/32 rulenum 1
SH3 (config) # wr mem
SH3 (config) # show in-path peering rules
Rule Type Source Network Dest Network Port Peer Addr
----- ------ ------------------ ------------------ ----- --------------
-
1 pass * * * 10.0.1.2
2 pass * * * 10.0.1.1
def auto * * * *
SH1 (config) # show in-path rules
Rule Type Source Addr Dest Addr Port Target Addr
Port
----- ---- ------------------ ------------------ ----- ---------------
-----
1 pass 10.0.1.2/32 * * -- --
2 pass 10.0.1.1/32 * * -- --
def auto * * * -- --
110 10 - S ERIAL C LUSTER AND C ASCADE D EPLOYMENTS
Cascade Deployment
Cascade configurations enable multi-site deployments where the server end-points are located at intermediate sites and connections between the client and the server might pass through intermediate HP EFS WAN Accelerators to reach their final destination.
HP EFS WAN Accelerators direct client-side HP EFS WAN Accelerator autodiscovery packets to the correct HP EFS WAN Accelerator end-point.
Figure 10-3. Cascade Deployment
When the Client connects to a server in Site B, HP EFS WAN Accelerator1 and HP
EFS WAN Accelerator2 are optimizing the connection. When the Client connects to a server in Site C, HP EFS WAN Accelerator1 and HP EFS WAN Accelerator3 are optimizing the connection.
The following rules apply to cascade deployments:
‹ A cascade deployment can be created on either the client side or on the server side.
‹ In a cascade deployment, only pass-through peering rules are used.
Peering Rules
Peering rules define what to do when an HP EFS WAN Accelerator receives an autodiscovery probe from another HP EFS WAN Accelerator.
In Figure 10-3 , Server1 is on the same LAN as HP EFS WAN Accelerator2 so
connections from the client to Server1 should be optimized between HP EFS WAN
Accelerator1 and HP EFS WAN Accelerator2. Concurrently, Server2 is on the same
LAN as HP EFS WAN Accelerator3 and connections from the client to Server2 should be optimized between HP EFS WAN Accelerator1 and HP EFS WAN Accelerator3.
To configure this example, you do not need any rules on HP EFS WAN Accelerator1 or HP EFS WAN Accelerator3; you need to add peering rules on HP EFS WAN
Accelerator2 to process normally connections going to Server1 and to pass all other connections so that connections to Server2 are not optimized by HP EFS WAN
Accelerator2. You also need a default rule to pass through inner connections between
HP EFS WAN Accelerator1 and HP EFS WAN Accelerator3 (by default connection to destination port 7800).
This example has the following parameters:
‹ Server1 IP address is 10.0.2.2 on a /24
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 111
Fixed-Target
Rules
SH2 > enable
SH2 # configure terminal
SH2 (config) # in-path peering rule pass rulenum 1
SH2 (config) # in-path peering rule auto dest 10.0.2.0/24 rulenum 1
SH2 (config) # in-path rule pass-though dstport 7800 rulenum 1
SH2 (config) # wr mem
SH2 (config) # show in-path peering rules
Rule Type Source Network Dest Network Port Peer Addr
----- ---- - - ---- ------------------ ------------------ -------------
1 auto * 10.0.2.2/24 * *
2 pass * * * *
def auto * * * *
-----------------------------------------------------------------------
SH2 (config) # show in-path rules
Rule Type O N Source Addr Dest Addr Port Target Addr Port
----- ---- - - ---- ------------------ ------------------ -------------
1 pass - - * * 7800 -- --
def auto F A * * * -- --
-----------------------------------------------------------------------
With peering rules, you do not define anything on HP EFS WAN Accelerator1 and can define an accept rule on HP EFS WAN Accelerator2 for probes going to Server1 and a pass-through rule for anything else. Connections going to Server1 would then be intercepted by HP EFS WAN Accelerator2, and connections going to anywhere else would be intercepted by another HP StorageWorks Enterprise File Services WAN
Accelerator (for example, HP EFS WAN Accelerator3 for Server2).
If you choose not to define peering rules, you must define a fixed-target rule on HP
EFS WAN Accelerator1 to go to HP EFS WAN Accelerator3 for connections to
Server2. You must define a fixed-target rule on HP EFS WAN Accelerator3 to go to
HP EFS WAN Accelerator1 for connections to servers in the same site as HP EFS
WAN Accelerator1. If you have multiple branches that go through HP EFS WAN
Accelerator2, you must add a fixed-target rule for each of them on HP EFS WAN
Accelerator1 and HP EFS WAN Accelerator3.
112 10 - S ERIAL C LUSTER AND C ASCADE D EPLOYMENTS
Glossary
ARP. Address Resolution Protocol. An IP protocol used to obtain a node's physical address.
Bandwidth. The upper limit on the amount of data, typically in kilobits per second
(kbps), that can pass through a network connection. Greater bandwidth indicates faster data transfer capability.
Bit. A Binary digit. The smallest unit of information handled by a computer; either 1 or 0 in the binary number system.
Blade. One component in a system that is designed to accept some number of components (blades).
CIFS. Common Internet File System. CIFS is the remote file system access protocol used by Windows servers and clients to share files across the network.
Database Cursor. A record pointer in a database. When a database file is selected and the cursor is opened, the cursor points to the first record in the file. Using various commands, the cursor can be moved forward, backward, to top of file, bottom of file and so forth.
Default gateway. The default address of a network or Web site. It provides a single domain name and point of entry to the network or site.
DHCP. Dynamic Host Configuration Protocol. Software that automatically assigns IP addresses to client stations logging onto a TCP/IP network.
Domain. In the Internet, a portion of the Domain Name Service (DNS) that refers to groupings of networks based on the type of organization or geography.
DNS. Domain Name Service. System used in the Internet for translating names of network nodes into IP addresses. A Domain Name Server notifies hosts of other host
IP addresses, associating host names with IP addresses.
Ethernet. The most widely used Local Area Network (LAN) access method.
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 113
114
FDDI. Fiber Distributed Data Interface. A set of American National Standards
Institute (ANSI) protocols for sending digital data over fiber optic cable. FDDI networks are token-passing networks, and support data rates of up to 100 Mbps (100 million bits) per second. FDDI networks are typically used as backbones for Wide-
Area Networks (WANs).
Filer. An appliance that attaches to a computer network and is used for data storage.
Gateway. A computer that acts as an intermediate device for two or more networks that use the same protocols. The gateway functions as an entry and exit point to the network. Transport protocol conversion might not be required, but some form of processing is typically performed.
Gigabit Ethernet. An Ethernet technology that raises transmission speed to 1 Gbps
(1000 Mbps).
Hashing. Producing hash values for accessing data or for security. A hash value, is a number generated from a string of text. The hash is substantially smaller than the text itself and it is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.
Heartbeat. A repeating signal transmitted from one appliance to another that indicates that the appliance is operating.
Heuristic. A method of problem solving using exploration and trial and error methods.
Heuristic program design provides a framework for solving the problem in contrast with a fixed set of rules (algorithmic) that cannot vary.
Host. A computer or other computing device that resides on a network.
Host address. The IP address assigned to each computer attached to the network.
Host name. Name given to a computer, usually by DNS.
HSRP. Hot Standby Routing Protocol. HSRP is a routing protocol from Cisco that provides backup to a router in the event of failure. Using HSRP, several routers are connected to the same segment of an Ethernet, FDDI or token-ring network and work together to present the appearance of a single virtual router on the LAN. The routers share the same IP and MAC addresses, therefore in the event of failure of one router, the hosts on the LAN are able to continue forwarding packets to a consistent IP and
MAC address. The process of transferring the routing responsibilities from one device to another is transparent to the user.
HTTP. Hypertext Transport Protocol. The protocol used by Web browsers to communicate with Web servers.
HTTPS. Hypertext Transport Protocol Secure. The protocol for accessing a secure
Web server. Using HTTPS directs the message to a secure port number to be managed by a security protocol.
Interface. The point at which a connection is made between two elements, systems, or devices so that they can communicate with one another.
G LOSSARY
Internet. The collection of networks tied together to provide a global network that use the TCP/IP suite of protocols.
IP. Internet protocol. Network layer protocol in the TCP/IP stack that enables a connectionless internetwork service.
IP address. In IP version 4 (IPv4), a 32-bit address assigned to hosts using the IP protocol. Also called an Internet address.
IPsec. Internet Protocol Security Protocol. A set of protocols to support secure exchange of packets at the IP layer. IPsec has been deployed widely to implement
Virtual Private Networks (VPNs). IPsec supports two encryption modes: Transport and
Tunnel. For IPsec to work, the sending and receiving devices must share a public key.
Latency. Delay between a request being issued and its response being received.
Layer-4. A communications protocol (called the transport layer) responsible for establishing a connection and ensuring that all data has arrived safely. The application delivers its data to the communications system by passing a stream of data bytes to the transport layer along with the socket (the IP address of the station and a port number) of the destination machine.
MAPI. Messaging API. A programming interface from Microsoft that enables a client application to send and receive mail from Exchange Server or a Microsoft Mail (MS
Mail) messaging system. Microsoft applications such as Outlook, the Exchange client, and Microsoft Schedule use MAPI.
Microsoft Exchange. Messaging and groupware software for Windows from
Microsoft. The Exchange server is an Internet-compliant messaging system that runs under Windows systems and can be accessed by Web browsers, the Windows In-box,
Exchange client or Outlook. The Exchange server is also a storage system that can hold anything that needs to be shared.
Netmask. A 32-bit mask which shows how an Internet address is divided into network, subnet, and host parts. The netmask has ones in the bit positions in the 32-bit address which are used for the network and subnet parts, and zeros for the host part.
The mask must contain at least the standard network portion (as determined by the class of the address), and the subnet field should be contiguous with the network portion.
Neural Network. A modeling technique based on the observed behavior of biological neurons and used to mimic the performance of a system. It consists of a set of elements that start out connected in a random pattern, and, based upon operational feedback, are molded into the pattern required to generate the required results. It is used in applications such as robotics, diagnosing, forecasting, image processing and pattern recognition.
NFS. Network File System. The file sharing protocol in a UNIX network.
NIS. Network Information Services. A naming service that allows resources to be easily added, deleted or relocated.
OSPF. Open Shortest Path First. An interior gateway routing protocol developed for
IP networks based on the shortest path first or link-state algorithm. Routers use link-
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 115
116 state algorithms to send routing information to all nodes in an internetwork by calculating the shortest path to each node based on a topography of the Internet constructed by each node. Each router sends that portion of the routing table (keeps track of routes to particular network destinations) that describes the state of its own links. It also sends the complete routing structure (topography).
Packet. A unit of information transmitted, as a whole, from one device to another on a network.
Probe. A small utility program that is used to investigate, or test, the status of a system, network or Web site.
Policy. Routing and Quality of Service (QoS) scheme that forwards data packets to network interfaces based on user-configured parameters.
Port. A pathway into and out of the computer or a network device such as a hub, switch, or router. On network devices, the ports are for communications, typically connecting Ethernet cables or other network devices.
Router. A device that forwards data packets from one LAN or WAN to another. Based on routing tables and routing protocols, routers read the network address in each transmitted frame and make a decision on how to send it based on the most expedient route (traffic load, line costs, speed, bad lines, etc.). Routers work at Layer-3 in the protocol stack, whereas bridges and switches work at the Layer-2.
SMB. Server Message Block. A message format used by DOS and Windows to share files, directories and devices. There are also a number of products that use SMB to enable file sharing among different operating system platforms. A product called
Samba, for example, enables UNIX and Windows machines to share directories and files.
SNMP. Simple Network Management Protocol. A network protocol that provides a way to monitor network devices, performance, and security and to manage configurations and collect statistics.
Switch. A network device that filters and forwards frames based on the destination address of each frame. The switch operates at Layer-2 (data link layer) of the Open
System Interconnection (OSI) model.
TCP. Transmission Control Protocol. The error correcting Transport layer (Layer-4) in the TCP/IP protocol suite.
TCP/IP. Transmission Control Protocol/Internet Protocol. The protocol suite used in the Internet, intranets, and extranets. TCP provides transport functions, which ensures that the total amount of bytes sent is received correctly at the other end. TCP/IP is a routable protocol, and the IP part of TCP/IP provides this capability.
G LOSSARY
Index
A
Authentication, overview of 97
Auto-discovery rules, overview of 13
Autodiscovery, configuring with CDP 60
Autodiscovery, configuring with PBR 57
B
C
Cascade clusters, overview of 111
Connection forwarding
D
configuring using the Management Console 42
failover deployment, configuring 41
E
Ethernet network compatibility 4
F
Failover support, overview of 13
Fixed target rules, overview of 13
G
H
HP
Hybrid deployment, configuring 35
Hybrid deployment, overview of 26
L
Layer-4 switch, configuring 26
Load balancing, configuring 26
Logical in-path deployment
load balanced, Layer-4 switch deployment, configuring 26
M
N
O
Out-of-path deployment
failover support, configuring 30
static cluster, configuring 33
P
Pass-through rules, overview of 13
PBR
asymmetrical deployment, configuring 49
CDP and autodiscovery, configuring 60
client-side deployment, configuring 50, 54
client-side, inside router deployment, configuring 55
configuring using the Management Console 51
connecting HP EFS WAN Accelerator for 48
how it works with Cisco 6500 47
single subnet deployment, configuring 49
symmetrical deployment, configuring 57
VLAN deployment, configuring 55
PFS
configuring using the Management Console 89
HP S TORAGE W ORKS E NTERPRISE F ILE S ERVICES WAN A CCELERATOR 2.1.5 DEPLOYMENT GUIDE 117
Physical in-path deployment
server-side, one to one, configuring 22
two routing points, configuring 20
R
RADIUS
configuring a RADIUS server 98
S
Scalable Data Referencing, overview of 10, 13
Serial cluster, configuring 109
Share synchronization, definition of 85
Static cluster deployment, configuring 33
T
TACACS+
configuring a TACACS+ server 100
configuring in the appliance 103
Transaction Acceleration, overview of 10
Transaction Prediction, overview of 11
U
V
Virtual in-path deployment
Virtual Window Expansion, overview of 10
W
WCCP
basic steps for configuring 65
configuring using the Management Console 70
dual deployment, configuring 76
failover support, configuring 81 load balancing, configuring 81
specific redirection, configuring 81
TCP port redirection, configuring 80
118 I NDEX
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 3 Contents
- 7 Introduction
- 7 In This Introduction
- 7 About This Guide
- 7 Types of Users
- 8 Organization of This Guide
- 9 Document Conventions
- 10 Hardware and Software Dependencies
- 10 Ethernet Network Compatibility
- 10 Antivirus Compatibility
- 11 Additional Resources
- 12 Related HP Documentation
- 12 Online Documentation
- 12 Related Reading
- 13 Contacting HP
- 13 Technical Support
- 13 HP Storage Web Site
- 15 Chapter 1 Designing an HP EFS WAN Accelerator Deployment
- 15 In This Chapter
- 15 Introduction to the HP EFS WAN Accelerator
- 16 Transaction Acceleration
- 16 Scalable Data Referencing
- 16 How Does SDR Work?
- 16 Virtual Window Expansion
- 17 Transaction Prediction
- 17 Design and Deployment Overview
- 19 Definition of Terms
- 19 Bypass Mode
- 20 Failover Mode
- 23 Chapter 2 In-Path Deployments
- 23 In This Chapter
- 24 Introduction to Physical In-Path Deployments
- 24 In-Path, Failover Support Deployment
- 24 Basic Steps (Client-Side)
- 26 Basic Steps (Server-Side)
- 26 In-Path, Two Routing Points Deployment
- 27 Basic Steps (Client-Side)
- 27 Basic Steps (Server-Side)
- 27 In-Path, Server-Side Deployment
- 28 Basic Steps (Client-Side)
- 28 Basic Steps (Server-Side)
- 28 In-Path, Server-Side, One to One Deployment
- 29 Basic Steps (Client-Side)
- 29 Basic Steps (Server-Side)
- 31 Chapter 3 Virtual In-Path Network Deployments
- 31 In This Chapter
- 31 Introduction to Virtual In-Path Deployments
- 32 In-Path, Load Balanced, Layer-4 Switch
- 33 Basic Steps (Client-Side)
- 33 Basic Steps (Server-Side)
- 35 Chapter 4 Out-of-Path Network Deployments
- 35 In This Chapter
- 35 Introduction to Out-of-Path Deployments
- 36 Out-of-Path, Failover Deployment
- 37 Basic Steps (Client-Side)
- 39 Basic Steps (Server-Side)
- 39 Out-of-Path, Static Cluster Deployment
- 39 Basic Steps (Client-Side)
- 41 Basic Steps (Server-Side)
- 41 Hybrid: In-Path and Out-of-Path Deployment
- 41 Basic Steps (Client-Side)
- 43 Basic Steps (Server-Side)
- 45 Chapter 5 Configuring Connection Forwarding
- 45 In This Chapter
- 45 Introduction to Connection Forwarding
- 46 Neighbors in Connection Forwarding
- 46 Load-Balancing
- 47 One-to-One Failover Deployment
- 47 Configuring Connection Forwarding
- 48 Configuring Connection Forwarding Using the Management Console
- 48 Basic Steps (Client-Side)
- 48 Basic Steps (Server-Side)
- 50 Configuring Connection Forwarding Using the CLI
- 51 Chapter 6 Policy-Based Routing Deployments
- 51 In This Chapter
- 52 Introduction to PBR
- 52 Overview of CDP
- 53 How PBR works on a Cisco 6500 Platform, Version 12.2(17d) SXB1
- 54 Connecting the HP EFS WAN Accelerator to Your Network in PBR Deployments
- 55 Asymmetric HP EFS WAN Accelerator Deployments With PBR
- 55 Configuring PBR Using the CLI
- 56 Basic Steps (Client-Side)
- 57 Basic Steps (Server-Side)
- 57 Configuring PBR Using the Management Console
- 57 Basic Steps (Client-Side)
- 59 Basic Steps (Server-Side)
- 60 Client-Side HP EFS WAN Accelerator Attached to a Router through a Switch
- 60 Basic Steps (Client-Side)
- 60 Basic Steps (Server-Side)
- 61 Client-Side HP EFS WAN Accelerator Attached to an Inside Router
- 61 Basic Steps (Client-Side)
- 61 Basic Steps (Server-Side)
- 61 PBR Between VLANs
- 63 Symmetric HP EFS WAN Accelerator Deployments With PBR and Autodiscovery
- 66 Symmetric Deployments with PBR, Autodiscovery, and CDP
- 68 Troubleshooting
- 69 Chapter 7 WCCP Deployments
- 69 In This Chapter
- 70 Introduction to WCCP
- 71 Basic Steps
- 72 WCCP CLI Commands
- 73 Connecting the HP EFS WAN Accelerator to Your Network in WCCP Deployments
- 74 A Basic WCCP Configuration
- 74 Connecting the HP EFS WAN Accelerator
- 74 Configuring the WCCP Router or Multi-Layer Switch
- 75 Configuring the Client-Side HP EFS WAN Accelerator
- 76 Configuring WCCP Using the Management Console
- 76 Basic Steps (Client-Side)
- 81 Basic Steps (Server-Side)
- 82 Dual WCCP Deployment
- 85 Additional WCCP Features
- 85 Security
- 86 Multicast
- 86 TCP Port Redirection
- 87 Specific Traffic Redirection
- 87 Load Balancing
- 87 Failover Support
- 88 Troubleshooting
- 89 Chapter 8 Proxy File Service Deployments
- 89 In This Chapter
- 89 Introduction to PFS
- 90 PFS Terms
- 91 PFS Operating Modes
- 92 How Does PFS Work?
- 93 When to Use PFS
- 94 When to use Global Mode
- 94 Configuration Checklist for PFS
- 95 Configuring PFS Using the Management Console
- 103 Chapter 9 RADIUS and TACACS+ Authentication
- 103 In This Chapter
- 103 Introduction to Authentication
- 104 Configuring a RADIUS Server with FreeRADIUS
- 106 Configuring a TACACS+ Server with Free TACACS+
- 107 Configuring RADIUS Authentication in the HP EFS WAN Accelerator
- 107 Configuring RADIUS Authentication
- 108 Basic Steps
- 109 Configuring TACACS+ Authentication in the HP EFS WAN Accelerator
- 109 Configuring TACACS+ Authentication
- 110 Basic Steps
- 113 Chapter 10 Serial Cluster and Cascade Deployments
- 113 In This Chapter
- 113 Serial Cluster Deployment
- 115 A Basic Serial Cluster Deployment
- 117 Cascade Deployment
- 117 Peering Rules
- 118 Fixed-Target Rules
- 119 Glossary
- 119 ARP
- 119 Bandwidth
- 119 Bit
- 119 Blade
- 119 CIFS
- 119 Database Cursor
- 119 Default gateway
- 119 DHCP
- 119 Domain
- 119 DNS
- 119 Ethernet
- 120 FDDI
- 120 Filer
- 120 Gateway
- 120 Gigabit Ethernet
- 120 Hashing
- 120 Heartbeat
- 120 Heuristic
- 120 Host
- 120 Host address
- 120 Host name
- 120 HSRP
- 120 HTTP
- 120 HTTPS
- 120 Interface
- 121 Internet
- 121 IP
- 121 IP address
- 121 IPsec
- 121 Latency
- 121 Layer-4
- 121 MAPI
- 121 Microsoft Exchange
- 121 Netmask
- 121 Neural Network
- 121 NFS
- 121 NIS
- 121 OSPF.
- 122 Packet
- 122 Probe
- 122 Policy
- 122 Port
- 122 Router
- 122 SMB
- 122 SNMP
- 122 Switch
- 122 TCP
- 122 TCP/IP
- 123 Index
- 123 A
- 123 B
- 123 C
- 123 D
- 123 E
- 123 F
- 123 G
- 123 H
- 123 L
- 123 M
- 123 N
- 123 O
- 123 P
- 124 R
- 124 S
- 124 T
- 124 U
- 124 V
- 124 W