Accelerator OS
Transcription
Accelerator OS
Accelerator OS Software Configuration Guide Software version 6.1.2 Revision 3.0 Pub no. AOSUG_612_GA_141108 This guide is delivered subject to the following conditions and restrictions: This guide contains proprietary information belonging to Expand Networks Inc. Such information is supplied solely for the purpose of assisting explicitly and properly authorized users of the Expand product series. No part of its contents may be used for any other purpose, disclosed to any person or firm or reproduced by any means, electronic, photographic or mechanical, without the express prior written permission of Expand Networks, Inc. The text and graphics are for the purpose of illustration and reference only. The specifications on which they are based are subject to change without notice. The software described in this guide is furnished under a license. The software may be used or copied only in accordance with the terms of that agreement. Information in this guide is subject to change without notice. Corporate and individual names and data used in examples herein are fictitious unless otherwise noted. Copyright© 2008 Expand Networks Inc. All rights reserved. AcceleratorOS™, Accelerator 00™, Accelerator 6800/6810/6920/6840/4800/4810/4820/4920/1800/1810/1820/ 1920™ and ECT™ are trademarks of Expand Networks Inc. Flex 2.5™ includes software developed by the University of California, Berkeley and its contributors. Copyright© 1990, The Regents of the University of California. All rights reserved. Other company and brand product and service names are trademarks or registered trademarks of their respective holders. Table of Contents Chapter 1: Introducing the Accelerator................................... 1 Features and Benefits ........................................................................................ 2 Resiliancy and Redundancy....................................................................... 2 Redefining Application Traffic Management............................................... 2 Next-generation WAN Compression .......................................................... 3 Application-specific Acceleration ........................................................ 3 Layer-7 QoS and Bandwidth Management ................................................ 4 Layer-7 Monitoring and Reporting ...................................................... 5 Branch Office Features ....................................................................... 5 Rapid Deployment/Dependable Results............................................. 6 Maximum Uptime and Reliability ........................................................ 6 The Accelerator Product Line ............................................................................ 7 How the Accelerator Works................................................................................ 8 IP-Based Network ...................................................................................... 8 On-Path .............................................................................................. 8 On-LAN............................................................................................... 8 Configuration and Management......................................................................... 11 Chapter 2:Preparing Network Integration ............................... 13 Working with Bypass Mode................................................................................ 14 Reviewing the Setup Checklist .......................................................................... 15 Performing Setup via the LCD ........................................................................... 17 Performing Setup via the WebUI........................................................................ 19 Studying The WebUI Menu ........................................................................ 19 Performing Setup via the Wizard ....................................................................... 21 Configuring the Wizard............................................................................... 21 Defining Advanced Settings ....................................................................... 22 Setting Links via the Wizard ....................................................................... 22 IV C o nt e nts Setting the Time ......................................................................................... 24 Modifying the Password ............................................................................. 25 Reviewing Wizard Configuration ................................................................ 25 Modifying Basic Setup Configuration ......................................................... 26 Setting Routing Strategy..................................................................... 27 Licensing the Accelerator................................................................................... 28 Activating the I-Key .................................................................................... 29 Activating the License Key ......................................................................... 29 Logging into and out of the Accelerator ............................................................. 30 Integrating the Accelerator into Your Network.................................................... 31 Integrating into a Standard Network........................................................... 31 Integrating into Networks that use Dynamic Routing ................................. 32 Networks Using External QoS or Monitoring Devices................................ 33 Working in Noisy Link Environments.......................................................... 34 Installing On-LAN at a Data Center............................................................ 35 Installing in a High Latency Environment ................................................... 37 Installing in a Web-Intensive Environment ................................................. 38 Using Advanced QoS................................................................................. 39 What is QoS? ..................................................................................... 39 How to Know what’s on Your Network................................................ 39 How to Prioritize Applications ............................................................. 39 Chapter 3:Configuring Networking.......................................... 41 Optimizing the Network Topology ...................................................................... 42 Taking into Account Network-Specific Considerations ............................... 42 Defining WAN Setup .......................................................................................... 44 Setting the Bandwidth ................................................................................ 44 Configuring the WAN.................................................................................. 44 Configuring Secondary IP Addresses ................................................................ 45 Creating and Editing Links ................................................................................. 46 Studying the Links Screen.......................................................................... 47 Adding Links............................................................................................... 47 Editing Links............................................................................................... 50 Using a Virtual IP Address.................................................................. 51 Adding and Editing Links via the CLI.................................................. 52 Setting Subnet Routing ...................................................................................... 53 Configuring Subnets Manually ................................................................... 54 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e V Editing a Subnet.................................................................................. 55 Configuring Remote Subnets Manually ...................................................... 56 Adding Static Routes .......................................................................................... 58 Setting Dynamic Routing.................................................................................... 59 Working with OSPF .................................................................................... 59 Configuring OSPF............................................................................... 60 Working with Router Polling ....................................................................... 61 Enabling Packet Interception ............................................................................. 63 Working with RIP ........................................................................................ 63 Configuring RIP................................................................................... 63 RIP Route Injection ............................................................................. 64 Using RIP for Packet Interception....................................................... 65 Working with WCCP ................................................................................... 65 Using WCCP for Packet Interception.................................................. 66 Setting WCCP on the Router .............................................................. 69 Setting the Accelerator’s Time ........................................................................... 70 Configuring DHCP Servers ................................................................................ 71 Activating DHCP Relay Agent .................................................................... 71 Setting ExpandView Connectivity Parameters ................................................... 73 Chapter 4:Monitoring the Network........................................... 75 Introduction to Monitoring................................................................................... 76 Working with Monitoring ..................................................................................... 77 Installing the JAVA Applet........................................................................... 77 Using Verisign Security Certificate ............................................................. 78 Studying The Monitoring Window ............................................................... 78 Using Link Statistics and Graphs........................................................................ 80 Viewing Throughput Statistics per Link....................................................... 80 Viewing Utilization Statistics per Link ......................................................... 80 Viewing Acceleration Statistics per Link ..................................................... 81 Understanding Acceleration................................................................ 81 Viewing Compression Statistics per Link.................................................... 82 Viewing Statistics per Link .......................................................................... 83 Discovering Traffic.............................................................................................. 86 Viewing Detected Applications ................................................................... 86 Viewing Detailed Traffic Discovery ............................................................. 86 Viewing Monitored Applications.................................................................. 87 R ev isi o n 3. 0 VI C o nt e nts Discovering Layer-7 Applications............................................................... 88 Viewing Applications’ Statistics and Graphs ...................................................... 89 Setting up Graphs............................................................................... 90 Viewing Utilization Statistics per Application .............................................. 90 Viewing Throughput Statistics per Application ........................................... 90 Viewing Acceleration Statistics per Application .......................................... 91 Viewing Compression Statistics per Application ........................................ 91 Viewing Bandwidth Distribution Statistics per Application .......................... 92 Monitoring Applications .............................................................................. 92 Gathering Statistics for Detected Applications ........................................... 93 Viewing Summary Graphs ................................................................................. 95 Viewing Ethernet Statistics................................................................................. 96 Configuring Ethernet Display via the WebUI.............................................. 96 Configuring NetFlow Support............................................................................. 98 Identifying the Traffic .................................................................................. 98 Enabling NetFlow via the WebUI ........................................................ 99 Chapter 5:Applying QoS........................................................... 101 Accelerator QoS................................................................................................. 102 Studying the QoS Solution ......................................................................... 102 Carrying Out Basic QoS Configuration .............................................................. 104 Viewing My Applications ............................................................................ 104 Creating New Applications ......................................................................... 105 Modifying Applications ............................................................................... 109 Layer-7 Applications................................................................................... 110 Creating Web Applications......................................................................... 110 Creating Citrix Applications ........................................................................ 112 Setting Advanced QoS Parameters ................................................................... 115 How QoS Works......................................................................................... 115 Understanding QoS Rules .................................................................. 116 How Traffic Filtering is Applied................................................................... 117 How Traffic Shaping is Applied .................................................................. 118 Studying QoS Bandwidth Allocation ................................................... 118 Setting Inbound QoS.................................................................................. 121 Creating QOS Rules .................................................................................. 122 Editing QoS Rules...................................................................................... 126 Making Decisions for Specific Applications ................................................ 127 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e VII QoS Troubleshooting ......................................................................................... 129 Chapter 6:Optimizing Acceleration Services.......................... 131 Studying TCP Acceleration ................................................................................ 132 Understanding the Shortcomings of TCP ................................................... 132 Studying SCPS, Expand’s TCP Acceleration Solution ............................... 134 Scaling the Transmission Windows .................................................... 134 Error Detection and Proactive Resolution........................................... 135 Congestion Avoidance ........................................................................ 136 Local Network Isolation....................................................................... 136 Link Outage Support ........................................................................... 136 Asymmetric Networks Optimization .................................................... 136 Computing Latency ............................................................................. 137 Configuring TCP Acceleration .................................................................... 139 Enabling TCP Acceleration ................................................................. 141 Understanding Web Acceleration....................................................................... 143 Configuring Web Acceleration via the WebUI ............................................ 144 Configuring HTTP Acceleration .......................................................... 144 Enabling and Disabling HTTP Caching............................................... 145 Settting the Cache Size ...................................................................... 145 Setting Cache Content........................................................................ 145 Clearing HTTP Cache......................................................................... 145 Returning to Default Settings .............................................................. 146 Setting Advanced HTTP Parameters.................................................. 146 Setting HTTP Acceleration Rules ............................................................... 148 Excluding from Caching via the WebUI .............................................. 149 Configuring FTP Acceleration..................................................................... 149 Enabling and Disabling FTP Caching ................................................. 150 Settting the Cache Size ...................................................................... 150 Setting Cache Content........................................................................ 150 Clearing FTP Cache ........................................................................... 150 Returning to Default Settings .............................................................. 151 Setting Advanced FTP Parameters .................................................... 151 Configuring DNS Acceleration.................................................................... 152 Configuring DNS Acceleration ............................................................ 152 Enabling Citrix Acceleration ............................................................................... 156 R ev isi o n 3. 0 VIII C o nt e nts Chapter 7:Configuring and Managing WAFS.......................... 159 Introduction to WAFS ......................................................................................... 160 Expand Networks’ WAFS Solution ............................................................. 160 Supported Servers ..................................................................................... 162 File Servers ........................................................................................ 162 Authentication Servers ....................................................................... 162 Supported Clients....................................................................................... 162 Expand Hardware Device Specifications ............................................ 162 Domains ..................................................................................................... 163 Authentication ............................................................................................ 164 Getting Started with WAFS ................................................................................ 165 Overview .................................................................................................... 165 Enabling WAFS Configuration ........................................................................... 166 Configuring the File Server/Domain Controller .......................................... 166 Defining Shared Directories................................................................ 166 Defining User Permissions ................................................................. 167 Defining Network Settings.......................................................................... 168 Enabling WAFS Operation Mode ............................................................... 171 Excluding Servers or Subnets from WAFS ................................................ 173 Configuring the Data Center and Branch Office ................................................ 174 Setting Up the File Bank Director............................................................... 174 File Server Settings ............................................................................ 175 Summary ............................................................................................ 176 Confirmation and Application.............................................................. 176 Setting Up the File Bank ............................................................................ 178 Overview............................................................................................. 178 Domain Settings ................................................................................. 179 File Bank Director Settings ................................................................. 181 Summary ............................................................................................ 182 Confirmation and Application.............................................................. 182 Installing the License File................................................................................... 184 WAFS Management and Operation Modes ....................................................... 186 The WAFS Management Screen ............................................................... 186 FileBank Director Categories ..................................................................... 187 FileBank Director System........................................................................... 187 File Services............................................................................................... 188 FileBank Director Utilities ........................................................................... 188 FileBank Categories................................................................................... 188 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e IX FileBank System ................................................................................. 189 FileBank Services ............................................................................... 189 Additional Services ............................................................................. 190 FileBank Utilities ................................................................................. 190 Managing the Data Center ................................................................................. 191 Starting the Data Center ............................................................................. 191 Managing File Services .............................................................................. 192 Defining FileBank Director Settings .................................................... 193 Managing System Users..................................................................... 194 Adding File Servers............................................................................. 195 Managing the Compression Filters List............................................... 197 Configuring FileBank Services ................................................................... 199 FileBank Directors............................................................................... 199 Virtual Servers .................................................................................... 200 Windows Domain ................................................................................ 201 Cache Settings.................................................................................... 202 Time to Live (TTL) settings ................................................................. 202 Invalidate Cache ................................................................................. 203 System Users...................................................................................... 203 STF Filters .......................................................................................... 204 Setting Advanced FileBank Features ................................................................. 205 Configuring the Fetch Mechanism.............................................................. 205 Fetch Mechanism Overview................................................................ 205 Fetch User .......................................................................................... 206 Fetch Jobs .......................................................................................... 206 Fetch Settings ..................................................................................... 207 Fetch Activation .......................................................................................... 208 Creating Fetch Jobs............................................................................ 208 Replication Service..................................................................................... 209 Replication User.................................................................................. 210 Replication File Types......................................................................... 210 Replication Schedule .......................................................................... 211 Replication Paths ................................................................................ 211 Replication Service Activation .................................................................... 211 Service Activation on FileBank Director.............................................. 211 Service Activation on FileBank ........................................................... 212 Initial Pre-population of Large Files on FileBank ................................ 212 Configuring Replication Services................................................................ 212 Replication User.................................................................................. 213 R ev isi o n 3. 0 X C o nt e nts Printing Services for the FileBank...................................................................... 215 Configuring Additional Services ................................................................. 215 Print Services ..................................................................................... 215 Configuring Print Services (FileBank) ........................................................ 216 Adding a Network Printer to FileBank................................................. 216 Assigning Printing Administrators....................................................... 217 Point’N’Print Configuration ................................................................. 217 Uploading Printer Drivers ................................................................... 218 First Client Driver Installation.............................................................. 219 Verifying Point’n’Print Installation ....................................................... 220 Manual Client Driver Installation ......................................................... 220 Verifying Driver Installation ................................................................. 221 Printing Setup Troubleshooting .......................................................... 222 Using WAFS Printing Services........................................................................... 225 Adding a WAFS Printer via Windows ......................................................... 225 WAN-OUT Operation ......................................................................................... 227 Cached Content ......................................................................................... 227 Accessing Files and Directories ................................................................. 227 Security ...................................................................................................... 227 Partially Completed Transactions............................................................... 228 Partial Disconnection ................................................................................. 228 Reconnection ............................................................................................. 228 DNS Masquerading............................................................................................ 229 DNS Masquerading Benefits...................................................................... 229 DNS Masquerading Configuration ............................................................. 230 Monitoring WAFS Functionality.......................................................................... 234 Running System Diagnostics ..................................................................... 234 Viewing Logs.............................................................................................. 234 Troubleshooting ................................................................................................. 236 Troubleshooting Tools ................................................................................ 236 Networking ................................................................................................. 236 Windows Domain Join................................................................................ 238 Service ....................................................................................................... 239 Possible Error Messages ........................................................................... 240 Network name no longer exists .......................................................... 240 The network path was not found ........................................................ 240 Access denied .................................................................................... 240 Performance............................................................................................... 242 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e XI Advanced Expand Services........................................................................ 244 DHCP Services ................................................................................... 244 DNS Services...................................................................................... 244 Chapter 8:Setting Advanced Parameters................................ 247 Handling WANs .................................................................................................. 248 Handling Interfaces ............................................................................................ 250 Working with VLAN..................................................................................... 251 Creating Static ARP Entries ............................................................................... 255 Defining Authentication Settings ........................................................................ 256 Configuring DNS ................................................................................................ 257 Managing Links .................................................................................................. 259 Setting Remote Subnets for the Links ........................................................ 262 Editing Existing Links.................................................................................. 263 Dial-on-Demand ................................................................................................. 264 Chapter 9:Configuring Management Options......................... 265 Studying the ExpandView System...................................................................... 266 Using Dynamic Network Map ..................................................................... 266 Simplifying WAN Optimization .................................................................... 267 Generating Advanced Alerts for World-Class NOCs .................................. 267 Generating Proactive Reports for Network Provisioning ............................ 267 Defining Scalable QoS ............................................................................... 268 Updating ExpandView Server’s IP Address........................................ 268 Using Out-of-Band Management........................................................................ 269 Using SNMP....................................................................................................... 270 Receiving Log Error Messages .......................................................................... 271 Sending Updates to a Syslog Server.......................................................... 271 Sending Updates via Email ........................................................................ 272 Chapter 10:Resilancy and Redundancy .................................. 275 RAID................................................................................................................... 276 RAID Support in Accelerators' Hard Drives ................................................ 276 Router Redundancy Protocols ........................................................................... 278 R ev isi o n 3. 0 XII C o nt e nts HSRP ......................................................................................................... 279 Enabling HSRP Automatic Detection ................................................. 280 Setting Manual HSRP Configuration .................................................. 280 VRRP ......................................................................................................... 283 Chapter 11:Security................................................................... 287 Studying the AcceleratorOS AAA....................................................................... 288 Configuring AAA via the WebUI......................................................................... 290 Configuring Users ...................................................................................... 290 Deleting Users .................................................................................... 291 Setting Authentication Preferences............................................................ 291 Setting Authentication Servers ........................................................... 291 Setting the Authentication Method...................................................... 292 Defining the Security Settings .................................................................... 293 Auditing Administration Activities ....................................................................... 294 Locking/unlocking the Keypad ........................................................................... 295 Setting the Keypad Lock Definitions .......................................................... 295 Defining Other LCD Settings...................................................................... 296 Chapter 12:Troubleshooting .................................................... 299 Carrying out the Troubleshooting Procedure ..................................................... 300 Recovering the Password .................................................................................. 301 Checking the Event Log..................................................................................... 302 Checking Info Events ................................................................................. 302 Checking Warning Events .......................................................................... 302 Checking Error Events ............................................................................... 302 Checking Fatal Events ............................................................................... 303 Studying Log Message Formats................................................................. 303 Displaying Information for Troubleshooting........................................................ 305 Displaying Information via the WebUI ........................................................ 305 Displaying Statistics in a Compressed, Archived File ................................ 306 Checking the Link Status ................................................................................... 307 Checking Ethernet Settings ............................................................................... 308 Checking Lack of Acceleration........................................................................... 311 Accessing Remote Devices ....................................................................... 311 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e XIII Checking Link Malfunction ................................................................................. 312 Checking for Corrupted Terminal........................................................................ 313 Checking HSRP Malfunction .............................................................................. 314 Checking QoS Malfunction................................................................................. 315 Chapter 13:Using the Accelerator Tools ................................. 317 Upgrading the AcceleratorOS Software ............................................................. 318 Using the Configuration Tools ............................................................................ 320 Using the General Tools ..................................................................................... 322 Pinging via the WebUI ................................................................................ 322 Sending a Traceroute Packet ..................................................................... 323 Rebooting the Accelerator via the WebUI .................................................. 323 Gathering Statistics for Technical Support.................................................. 324 Managing User Files .......................................................................................... 325 Viewing System Information............................................................................... 326 Archiving Log Files ............................................................................................. 327 Enabling Accdump ............................................................................................. 328 Appendix A:NetFlow Monitored Statistics .............................. 331 Template Fields .................................................................................................. 334 Full Template .............................................................................................. 334 Long Template ............................................................................................ 334 Short Template ........................................................................................... 334 Appendix B:Pre-Defined Applications..................................... 335 Appendix C:Accelerator Integration ........................................ 345 Acceleration and Citrix Traffic............................................................................. 346 Disabling Citrix NFuse Compression.......................................................... 346 Disabling Citrix Encryption and Compression ............................................ 347 Defining Settings on the Server .......................................................... 348 Setting/checking ICA or RDP listener traffic ....................................... 348 Speed Screen Latency Reduction Manager ....................................... 351 Defining Settings on the Client ................................................................... 351 Turning Compression off in the PNAgent Client ......................................... 352 Understanding the PNA Problem........................................................ 352 Resolving the PNA Problem ............................................................... 352 Identifying Citrix Layer-7 Applications ........................................................ 353 R ev isi o n 3. 0 XIV C o nt e nts Configuring NetFlow .......................................................................................... 355 Studying Traffic Measurement.................................................................... 355 Studying Traffic Monitoring......................................................................... 356 Configuring Accelerator NetFlow ............................................................... 356 Disabling Compression on SAP......................................................................... 358 Calculating Acceleration Figures with an Application other than ExpandView .. 360 Appendix D:MIME Types .......................................................... 363 Application ......................................................................................................... 364 Audio.................................................................................................................. 378 Image ................................................................................................................. 381 Message ............................................................................................................ 383 Model ................................................................................................................. 384 Multipart ............................................................................................................. 385 Text .................................................................................................................... 386 Video.................................................................................................................. 387 Appendix E:Contacting TAC .................................................... 389 Appendix F:tcpdump Optional Flags ...................................... 391 Appendix G:Specifications and Warranty............................... 405 Accelerator 6800 / 6900 Series.......................................................................... 406 Accelerator 1600 / 1800 Series.......................................................................... 407 Accelerator 4800 / 4900 Series.......................................................................... 408 Accelerator 7900 Series..................................................................................... 409 Standards........................................................................................................... 410 RFC / Standard List ................................................................................... 410 Terms and Conditions of Sale ............................................................................ 412 Acceptance ................................................................................................ 412 Price and Payment..................................................................................... 412 Title and Security Interest........................................................................... 412 Risk of Loss................................................................................................ 413 Warranty..................................................................................................... 413 Product Returns ......................................................................................... 413 License Grant............................................................................................. 413 Limitation of Liability................................................................................... 414 Default........................................................................................................ 414 Indemnity.................................................................................................... 414 General ...................................................................................................... 414 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e XV Open Source Provisions............................................................................. 415 Chapter H:Command Line Interface ........................................ 417 Understanding the CLI Configuration ................................................................. 418 Understanding Command Modes............................................................... 418 Basic CLI Procedures................................................................................. 419 Getting Started ................................................................................................... 420 Licensing the Accelerator ................................................................................... 421 Displaying the Licensing State of a Specific Accelerator ............................ 422 Performing Basic Setup ..................................................................................... 423 Viewing the Basic Configuration................................................................. 423 Logging into the Accelerator....................................................................... 424 Logging out of the Accelerator .......................................................... 425 Setting Addresses ...................................................................................... 425 Setting the IP Address and Subnet Mask ........................................... 425 Setting a Default Gateway .................................................................. 426 Setting a Secondary IP Address ......................................................... 426 Setting the Deployment Type ..................................................................... 427 Setting Routing Strategy ..................................................................... 427 Setting a Device Name............................................................................... 427 Setting the Default WAN Bandwidth ................................................... 428 Working with Remote Devices.................................................................... 428 Setting the Remote Device ................................................................. 428 Setting the IP Address of the Remote Device..................................... 429 Setting the Bandwidth to a Remote Device ........................................ 429 Setting the Link to Work with IPcomp ................................................. 429 Setting the Link to Work with Router Transparency............................ 430 Configuring Subnets ................................................................................... 430 Adding a Subnet ................................................................................. 431 Advertising a Subnet and Adding a Metric.......................................... 431 Deleting a Subnet ............................................................................... 431 Excluding a Subnet from an Interface................................................. 432 Viewing subnets .................................................................................. 432 Configuring Subnets ........................................................................... 432 Saving/Uploading the Basic Configuration ................................................. 433 Customizing the CLI ........................................................................................... 434 Creating a Custom Banner ......................................................................... 434 R ev isi o n 3. 0 XVI C o nt e nts Applying the Banner................................................................................... 435 Configuration Commands .................................................................................. 436 Entering Configuration Mode ..................................................................... 436 Accessing Configuration Options ............................................................... 437 Alias Management ..................................................................................... 438 Showing Alias Information .................................................................. 438 Changing/Deleting Alias Prefix ........................................................... 439 Showing Virtual Server’s Alias Information......................................... 439 Adding an Alias to a Virtual Server ..................................................... 439 Deleting a Virtual Server’s Alias ......................................................... 440 Configuring OSPF ...................................................................................... 440 Enabling OSPF................................................................................... 440 Setting area ID.................................................................................... 441 Enabling Authentication...................................................................... 441 Setting the Locality Metric .................................................................. 441 Setting Networks ................................................................................ 442 Setting an Authentication Key ............................................................ 442 Setting Neighbors ............................................................................... 442 Viewing OSPF Configuration .............................................................. 443 Configuring Router Polling ......................................................................... 443 Entering the Router Polling Menu Tree .............................................. 443 Setting Polling..................................................................................... 444 Setting Polling Protocols..................................................................... 444 Setting Polling Interval........................................................................ 444 Setting Polling Router......................................................................... 445 Setting Router Polling SNMP Version ................................................ 445 Setting Router Polling SNMP Community .......................................... 445 Configuring RIP ......................................................................................... 446 Enabling RIP....................................................................................... 446 Enabling Authentication...................................................................... 446 Setting an Authentication Key ............................................................ 447 Setting Networks ................................................................................ 447 Setting Neighbors ............................................................................... 447 Setting RIP to Passive Mode.............................................................. 448 Viewing RIP Configuration.................................................................. 448 Configuring WCCP..................................................................................... 448 Enabling WCCP.................................................................................. 449 Activating WCCP ................................................................................ 449 Displaying WCCP Mode, Services, and Routers Lists ....................... 449 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e XVII Setting WCCP Authentication ............................................................. 450 Setting WCCP Priority......................................................................... 450 Setting WCCP Router IP..................................................................... 451 Setting WCCP TCP Service ID ........................................................... 451 Setting WCCP UDP Service ID........................................................... 451 Configuring Core Allocation...................................................................... 452 Using the SNTP Server .............................................................................. 453 Enabling the SNTP Server.................................................................. 453 Setting the Interval for Polling the SNTP Server for Time Updates .... 453 Setting the SNTP Server’s IP Address ............................................... 454 Configuring DHCP Servers......................................................................... 454 Uploading the DHCP Configuration File ............................................. 455 Reloading the DHCP Configuration File ............................................. 455 Testing the DHCP Configuration File .................................................. 455 Displaying the DHCP Status Information ............................................ 456 Displaying the End Date of the DHCP Lease Period .......................... 456 Configuring an Accelerator to Carry out DHCP Relay ........................ 457 Configuring WEB Acceleration ................................................................... 458 Setting Web Acceleration.................................................................... 458 Displaying the End Date of the DHCP Lease Period .......................... 458 Clearing the Cache ............................................................................. 459 Viewing Web Acceleration Parameters............................................... 459 Configuring HTTP Acceleration .................................................................. 459 Enabling/Disabling HTTP Acceleration ............................................... 460 Configuring the Proxy Server IP and Port........................................... 460 Specifying Directly Forwarded Requests ............................................ 461 Preventing the Caching of Specific Pages .......................................... 462 Preserving the Client’s Original Source Port....................................... 463 Configuring Transparency Support ..................................................... 463 Setting the HTTP Port......................................................................... 464 Setting Content to be Cached............................................................. 464 Setting the Cache Size ....................................................................... 464 Setting the Maximum Object Size....................................................... 465 Clearing the Cache ............................................................................. 465 Setting the Connection Timeout.......................................................... 465 Setting logs ......................................................................................... 466 Configuring FTP Acceleration..................................................................... 466 Enabling/Disabling FTP Acceleration.................................................. 467 Setting the Cache Size ....................................................................... 467 R ev isi o n 3. 0 XVIII C o nt e nts Setting Content to be Cached ............................................................ 467 Setting the Connection Timeout ......................................................... 468 Allocating Cache per a Specific User ................................................. 468 Setting Minimal Value for the Cache Object Size ............................... 468 Enabling/disabling Unicode Display ................................................... 469 Excluding Servers from Caching ........................................................ 469 Clearing the List of Excluded Servers ................................................ 470 Studying a Subnet Configuration Network ................................................. 470 Configuring Ethernet Display .................................................................... 471 Viewing Interface Statistics ................................................................. 471 Viewing Interface Statistics per Specific Link...................................... 472 Enabling L-7 Traffic Discovery............................................................ 472 Viewing L-7 Traffic .............................................................................. 472 Viewing Application Statistics ............................................................. 473 Setting Applications as Monitored ...................................................... 473 Viewing Application Traffic.................................................................. 473 Enabling / Disabling Statistics History ................................................ 474 Clearing Counters or Statistics ........................................................... 474 Enabling NetFlow ....................................................................................... 474 Setting the Max Queue Length........................................................... 475 Configuring QoS......................................................................................... 475 Viewing Detected Applications ........................................................... 476 Creating a New Application ................................................................ 476 Creating a Web Application ................................................................ 477 Enabling / Disabling Application Acceleration .................................... 477 Enabling / Disabling Application Tunneling......................................... 478 Globally Filtering an Application ......................................................... 478 Filtering an Application per Link ......................................................... 479 Setting the Application Criteria ........................................................... 479 Setting the Order for the Rule............................................................. 479 Setting Minimum Bandwidth (Desired) ............................................... 480 Setting Maximum Bandwidth (Limit) ................................................... 480 Prioritizing the Application .................................................................. 480 Critical Application Pass-through........................................................ 481 Setting Bursts for a Rule..................................................................... 481 Setting the WAN to Work in Strict-priority Mode ................................. 482 Enabling Bursts .................................................................................. 482 Managing Aggregation Classes ................................................................. 482 Configuring Aggregation Classes ....................................................... 483 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e XIX Defining the Post Aggregation Class .................................................. 484 Enabling / Disabling Aggregation Classes per Link ............................ 485 Setting Aggregation Limit ................................................................... 485 Setting Aggregation Threshold ........................................................... 486 Setting Aggregation Window............................................................... 486 Applying an Aggregation Class to an Application ............................... 487 Configuring DNS Acceleration.................................................................... 488 Enabling / Disabling DNS Acceleration............................................... 488 Defining Static Hosts........................................................................... 488 Removing Definitions of Static Hosts .................................................. 489 Clearing the Cache ............................................................................. 489 Setting The Cache Size ...................................................................... 489 Displaying the Cache Contents........................................................... 490 Enabling / Disabling DNS Masquerading............................................ 490 Defining the TTL Period ...................................................................... 490 Defining the Query Timeout Period..................................................... 491 Defining the Transparency Mode ........................................................ 491 Displaying the DNS Acceleration Statistics......................................... 492 Enabling / Disabling the Use of the Accelerator DNS ......................... 492 Enabling Traffic Encryption......................................................................... 493 Displaying the Traffic Encryption (crypto) on a Specific Link .............. 493 Displaying the Current Crypto Configuration of a Specific Accelerator493 Displaying the Crypto Details of a Specific Accelerator ...................... 494 Displaying the Process of the IPsec Policy Creation on a Specific Accelerator 494 Configuring ARP......................................................................................... 495 Adding Entries to the ARP Cache....................................................... 495 Clearing the ARP Cache..................................................................... 495 Setting the Limit on the ARP Cache ................................................... 495 Setting Additional Limits on the ARP Cache....................................... 496 Additional Configurations............................................................................ 496 Adding a WAN..................................................................................... 496 Modifying Interface Speed and Duplex ............................................... 497 Setting VLAN ...................................................................................... 497 Autodetecting HSRP Groups .............................................................. 498 Setting HSRP Group Number ............................................................. 498 Setting VRRP Group Number ............................................................. 499 Disabling Bridging ............................................................................... 500 Setting an IP address for Eth 0 ........................................................... 500 R ev isi o n 3. 0 XX C o nt e nts Defining Link Settings ................................................................................ 501 Assigning a Link to a WAN ................................................................. 501 Setting a Link to Work in Large Cache Mode ..................................... 501 Enabling Packet Fragmentation ......................................................... 502 Enabling Packet Aggregation ............................................................. 502 Setting a Link to be Accelerated......................................................... 503 Setting IPcomp Preservation .............................................................. 503 Forcing Tunneling ............................................................................... 504 Including Checksum ........................................................................... 504 Configuring Expand View Settings ............................................................. 505 Enabling / Disabling the ExpandView Agent....................................... 505 Setting the ExpandView Server IP Address ....................................... 505 Setting the ExpandView Server Port .................................................. 506 Displaying ExpandView Status ........................................................... 506 Configuring SNMP ..................................................................................... 506 Enabling / Disabling SNMP ................................................................ 507 Enabling / Disabling SNMP Traps ...................................................... 507 Setting SNMP Trap Community.......................................................... 507 Setting SNMP Community.................................................................. 508 Setting SNMP Version 3 Authentication ............................................. 508 Configuring the Log.................................................................................... 509 Enabling / Disabling the Log............................................................... 509 Setting the Syslog Facility Number..................................................... 509 Setting the Syslog Server’s IP Address.............................................. 510 Defining Sent Events .......................................................................... 510 Enabling / Disabling Event Notification............................................... 511 Creating an Accelerator Messenger Account ..................................... 511 Setting the Notification Recipient........................................................ 511 Setting the Mail Server’s IP Address .................................................. 512 Setting the Mail Server’s Port Number ............................................... 512 Setting SNMP Version3 Authentication .............................................. 513 Creating Log Archives................................................................................ 513 Creating a Log Archive ....................................................................... 513 Deleting a Log Archive ....................................................................... 514 Uploading Log Archive Files............................................................... 514 Displaying Log Archive Files .............................................................. 515 Using Configuration Tools .......................................................................... 515 Displaying the Configuration Settings................................................. 515 Saving the Running Configuration...................................................... 516 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e XXI Reverting Back to the Last Saved Startup .......................................... 516 Restoring the Configuration to Factory Default Settings..................... 516 Sending a Ping.................................................................................... 517 Sending a Traceroute.......................................................................... 517 Displaying the Packets’ TraceRoute ................................................... 517 Viewing Technical Support Statistics................................................... 518 Enabling Accdump Files ............................................................................. 518 Accessing the AccDump Configuration Menu..................................... 518 Enabling / Disabling ACCDump .......................................................... 519 Configuring Tcpdump File Size ........................................................... 519 Configuring Tcpdump File Format....................................................... 519 Configuring Tcpdump File Number ..................................................... 520 Configuring Tcpdump Optional Flags.................................................. 520 Uploading Tcpdump Files.................................................................... 520 Selecting the TCPDump Interface ...................................................... 521 Selecting the TCPDump Filter Expressions........................................ 521 Configuring WAFS.............................................................................................. 523 Basic Operations ........................................................................................ 523 Starting the WAFS Module.................................................................. 524 Stopping the WAFS Module ................................................................ 524 Restarting the WAFS Module.............................................................. 524 Rebooting the WAFS Module.............................................................. 525 Shutting down the System .................................................................. 525 Pinging a Remote Machine................................................................. 525 Quiting the CLI .................................................................................... 526 Cache ......................................................................................................... 526 Displaying Cache-related Information................................................. 526 Displaying Cache Time To Live for Directories or Files....................... 526 Resetting Cached Information ............................................................ 527 Print Administration Activities ..................................................................... 527 Displaying Print Administrators ........................................................... 527 Adding and Deleting Print Administrator Users................................... 528 Adding and Deleting Print Administrator Groups ................................ 528 Displaying a List of Local Printers....................................................... 529 Displaying a Printing Driver’s Status ................................................... 529 Setting Drivers ............................................................................................ 529 Setting Automatic Client Driver Installation......................................... 529 Setting Manual Client Driver Installation ............................................. 530 Storing Printer Drivers on the File Bank.............................................. 530 R ev isi o n 3. 0 XXII C o nt e nts Storing Printer Drivers on the File Server ........................................... 530 Using Domain Users for Migrating Drivers ......................................... 531 Managing CUPS ........................................................................................ 531 Restarting the CUPS Service ............................................................. 531 Checking the CUPS Service............................................................... 532 Working with Printer Ports.......................................................................... 532 Displaying the Printer Ports’ List......................................................... 532 Adding and Deleting Printer Ports ...................................................... 533 Forcing the Printer and the Share Name to be Equal......................... 533 Adding a Printer.................................................................................. 533 Deleting a Printer................................................................................ 534 Managing Printers ...................................................................................... 534 Changing an Existing Printer URI....................................................... 534 Displaying a List of all Existing Printers.............................................. 535 Printing a Test Page ........................................................................... 535 Managing WAFS Transparency ................................................................. 535 Enabling / Disabling WAFS Transparency......................................... 536 Excluding Certain Servers from WAFS Transparency........................ 536 Creating Excluded Servers ........................................................................ 536 Displaying the Excluded Servers’ List ................................................ 537 Clearing the Excluded Servers’ List.................................................... 537 Managing CIFS .......................................................................................... 537 Displaying the CIFS Status ................................................................. 537 Compression Filters ................................................................................... 538 Displaying Current Compression Filter’s List...................................... 538 Adding/deleting a Filter to/from a List ................................................. 538 Managing Time and Dates ......................................................................... 539 Changing the System’s Date and Time .............................................. 539 Displaying the System’s Date and Time ............................................. 539 Additional Options ...................................................................................... 539 Diagnostics ......................................................................................... 540 Setting a Domain Name ..................................................................... 540 Displaying the Current Domain Name ................................................ 541 Joining a FileBank to a Domain.......................................................... 541 Switching to a UNIX Command Prompt ............................................. 541 Exiting or Quitting the Shell ................................................................ 542 Fetch .......................................................................................................... 542 Managing Fetch Jobs and Instances .................................................. 542 FileBank Director Configuration Settings ................................................... 543 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e XXIII Displaying a List of FileBank Directors ............................................... 543 Adding or Deleting a FileBank Director:.............................................. 544 Defining the IP Port............................................................................. 544 Enabling Disconnected Operation Handling ....................................... 544 Forcing Disconnected Mode ............................................................... 545 Refreshing the List of Servers and Shares ......................................... 545 Getting Disk Utilization Reports .......................................................... 545 Getting WAFS Help .................................................................................... 546 Displaying Help for All Available Commands ...................................... 546 Displaying Command-specific Help Information ................................. 546 Licensing WAFS ......................................................................................... 547 Installing a License ............................................................................. 547 Displaying the License File ................................................................. 547 Checking the Validity of a License File ............................................... 547 WAFS Log Files.......................................................................................... 548 Uploading Logs to a URL.................................................................... 548 Displaying Event Log .......................................................................... 548 Defining Minimal Level for Events to Log............................................ 549 Displaying Log Level........................................................................... 549 Displaying the Syslog Status............................................................... 550 Displaying All Log Archive Files.......................................................... 550 Generating a New Log Archive File .................................................... 550 Uploading a Log Archive File .............................................................. 551 Managing Replication Services .................................................................. 551 Starting an Unscheduled Replication .................................................. 551 Preparing for Replication .................................................................... 552 Stopping Replication ........................................................................... 552 Displaying the Replication Status........................................................ 552 Enabling / Disabling Replication ......................................................... 553 Displaying Replication Logs................................................................ 553 Displaying a Specific Log .................................................................... 553 Setting Up Replication Service ........................................................... 554 Managing the Replication User........................................................... 554 Managing the Replication Filters......................................................... 554 Managing the Replication Instances ................................................... 555 Managing the Replication Paths ......................................................... 555 Managing the Replication User .................................................................. 555 Displaying the Current Replication User ............................................. 556 Defining the Replication User ............................................................. 556 R ev isi o n 3. 0 XXIV C o nt e nts Deleting the Replication User ............................................................. 557 Displaying the Current Replication Filters .......................................... 557 Clearing All Replication Filters............................................................ 557 Adding or Deleting a Replication Filter ............................................... 558 Listing the Replication Instances ........................................................ 558 Displaying all Replication Paths ......................................................... 558 Adding a New Replication Path .......................................................... 559 Deleting a Replication Paths .............................................................. 559 Deleting All Replication Paths ............................................................ 559 Scheduling Events ..................................................................................... 560 Displaying Actions for Scheduling ...................................................... 560 Displaying Scheduled Events ............................................................. 560 Adding Scheduled Events .................................................................. 561 Deleting Scheduled Events ................................................................ 561 Clearing All Scheduled Events ........................................................... 561 Service Management ................................................................................. 562 Enabling or Disabling the Current Service.......................................... 562 Checking whether the Current Service is Enabled ............................. 562 Displaying the List of Services............................................................ 563 Activating a Service ............................................................................ 563 Creating a <Default ¬¹ Font>FileBank Director<Default ¬¹ Font> Service563 Creating a <Default ¬¹ Font>FileBank Director<Default ¬¹ Font> HA 564 Creating a <Default ¬¹ Font>FileBank<Default ¬¹ Font> Service....... 564 Software ..................................................................................................... 565 Displaying Version Numbers .............................................................. 565 Statistics ..................................................................................................... 565 Displaying File Statistics ..................................................................... 565 Uploading Yearly Statistics ................................................................. 566 Displaying the Current Status ............................................................. 566 Stf_filters .................................................................................................... 566 Displaying Current STF Filters ........................................................... 567 Clearing the List of Current STF Filters .............................................. 567 Adding or Deleting a Filter .................................................................. 567 Transaction Monitoring............................................................................... 568 Displaying the Requested Transactions ............................................. 568 Stopping the Transaction of a Specific ID ........................................... 568 TTCP.......................................................................................................... 569 Measuring the Receiving Host............................................................ 569 Measuring the Sending Host .............................................................. 569 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e XXV Displaying the System’s Current Uptime ............................................ 569 User ............................................................................................................ 570 Displaying a List of All Users .............................................................. 570 Adding or Deleting a User................................................................... 570 Changing a User’s Password.............................................................. 571 Configuring Virtual Memory Statistics......................................................... 571 Displaying Virtual Memory Statistics ................................................... 571 Wins............................................................................................................ 572 Setting a WINS Server Address.......................................................... 572 Deleting Current WINS Server............................................................ 572 Displaying Current WINS Server ........................................................ 572 Configuring Security ........................................................................................... 574 Accessing the Transport Type .................................................................... 574 Enabling or Disabling Access to the Transport Type .......................... 574 Configuring Servers.................................................................................... 574 Configuring the IP Address and Port .................................................. 575 Setting the Radius Server Timeout ..................................................... 575 Configuring the TACACS Server......................................................... 575 Setting the TACACS Server Timeout .................................................. 576 Configuring Authentication.................................................................. 576 Displaying the Authentication Server .................................................. 577 Defining/Deleting the Authentication Server ....................................... 577 Configuring Users’ Accounts ...................................................................... 577 Enabling / Disabling a User’s Account ................................................ 577 Creating and Setting a User’s Access ................................................ 578 Setting the Local Password ................................................................ 578 Viewing AAA Configuration ........................................................................ 579 Unlocking or Locking the Keypad ....................................................... 581 Upgrading the Software OS........................................................................ 582 Copying the New Bundle File.............................................................. 582 Rebooting the Accelerator after Copying the New Bundle File........... 582 Technical Support Information............................................................................ 583 Initiating ByPass Mode ............................................................................... 583 Showing Technical Support Information ..................................................... 583 Listing Log Events............................................................................... 583 Appendix I:Glossary.................................................................. 585 Appendix J:Index....................................................................... 601 R ev isi o n 3. 0 XXVI C o nt e nts Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chapter 1: Introducing the Accelerator Expand Networks’ Accelerator is the ideal Application Traffic Management System for ensuring optimal application performance over the WAN. The Accelerator is a Layer-3 WAN device that dramatically improves application response times through a combination of bandwidth compression, Layer-7 QoS and acceleration plug-ins for specific applications. This chapter includes the following sections: Features and Benefits, on page 2. Next-generation WAN Compression, on page 3. Layer-7 QoS and Bandwidth Management, on page 4. The Accelerator Product Line, on page 7. How the Accelerator Works, on page 8. Configuration and Management, on page 11. 2 C h ap t er 1: Introducing the Accelerator Features and Benefits The Accelerator’s new and improved algorithms provide the highest WAN compression performance available, in an easy to install package that fits seamlessly into various network topologies such as MPLS, QoS clouds, Noisy networks, High BER networks, Load balanced networks, and networks experiencing many out-of-order errors. Features include:: Resiliancy and Redundancy Redefining Application Traffic Management Next-generation WAN Compression Layer-7 QoS and Bandwidth Management Resiliancy and Redundancy Redundant striped swappable drives in Accelerator Hardware elevate fault tolerance and create a virtually seamless work enviornment. For more information, see RAID, on page 276. Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) provide network resilience for IP networks, ensuring that user traffic immediately and transparently recovers from first-hop failures in network edge devices or access circuits.HRSP. For more informaiton, see Router Redundancy Protocols, on page 278. Redundant Links iLO - integrated Lights Out technology allows you virtual control regardlgess of appliance status or location. Redefining Application Traffic Management The Accelerator takes application traffic management to the next level by reducing WAN costs and improving application performance. In addition to bandwidth compression capabilities, the Accelerator provides a rich set of features that improve application response times and provide Layer-7 visibility and control tools, which enable network managers to align network resources with business priorities. Acceleration of application response times is achieved through next-generation Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Fe at u r es a nd B en e fi ts 3 WAN compression, application-specific acceleration, Layer-7 QoS capabilities and sophisticated monitoring and reporting. Next-generation WAN Compression The Accelerators’ bandwidth expansion algorithms provide an effective alternative to WAN upgrades with a 3 to 9 month ROI. Typical capacity gains of 100% to 400%+ additional capacity, peaks of 1000%+. Combination of byte-level caching, packet header reduction and adaptive packet compression. High performance, low latency algorithms Packets incur a maximum of 1 millisecond latency passing through the device. 100% lossless, works on all applications. Supports up to 350 remote sites and 45 Mbps in a single device. Unique On-LAN deployments enable rack-and-stack above 350 sites and 45 Mbps. Verified in over 27,000 production installations. Network transparent RTM (Router Transparency Mode) enables 100% IP header preservation, ensuring guaranteed compatibility with any kind of WAN device. RTM also preserves Layer 4 for TCP & UDP traffic. Dynamic routing enables effortless installation even in complex networks that use OSPF, RIP and other routing protocols. Application-specific Acceleration Application-specific acceleration is a breakthrough approach that works in combination with next-generation compression for improving application response times. Improves application response times by 100% to 400%, peaks of 1000%+ Extensible architecture based on application acceleration plug-ins for additional application support TCP acceleration enables TCP transfer speeds in excess of WAN link speed, even under challenging latency and packet loss conditions. The TCP acceleration plug-in is standards-based, R ev isi o n 2. 0 4 C h ap t er 1: Introducing the Accelerator meeting the SCPS standard (www.scps.org) that was developed by NASA and the DoD for performance optimization in high latency links. HTTP acceleration provides faster web application response times for chatty HTTP transactions by eliminating repetitive download of frequently accessed objects, applets, and so on. FTP acceleration provides faster response times due to elimination of long FTP transactions by keeping local copies of frequently accessed files. DNS acceleration eliminates DNS wait times for applications (for example: web portals) by keeping copies of frequently accessed DNS translations cached at the edge Accelerator. HTTPS acceleration enables compression of encrypted traffic by accelerating and encrypting traffic to the client browser, and ensures faster response times from secure application servers by optimizing TCP connections to browsers and web servers. The Accelerator's full-scale WAFS and CIFS acceleration optimizes file access over the WAN, solving remote server data access from the data center over the WAN. Server consolidation is made possible without paying the price in WAN application performance. Expand Networks’ enhanced WAFS offering addresses the key performance, availability and management issues raised by server consolidation: LAN-like application performance: With Expand Networks’ acceleration architecture a replicated copy of the file is kept in the remote cache, thereby maintaining LAN-like performance for file transfers. Virtual-Server: Expand Networks’ enhanced WAFS offer retains critical remote branch system services such as: DNS, DHCP, and print. Addressing ‘WAN-Outs’: In the event of a network outage, remote users can continue working because files are served from a local cache. Layer-7 QoS and Bandwidth Management The Accelerators’ Instant QoS functionality stops bandwidth abuse, guarantees network resources for critical applications like VoIP and lets network managers prioritize network applications according to business objectives. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Fe at u r es a nd B en e fi ts 5 Low operational cost QoS solution, Layer-7 application discovery Easy to set up—Instant QoS Maximum flexibility for advanced users QoS can be applied for both inbound andoutbound traffic. Bandwidth limits: desired, maximum Burst-ability control Strict priority for real-time traffic Shaping with High, Medium, Low Discard rogue applications Packet fragmentation assures VoIP/video latency budget Integrates with existing environments Mark, honor and preserve QoS based on application or QoS markings Extensible architecture Additional application classification QoS troubleshooting/diagnostics mode Layer-7 Monitoring and Reporting The Accelerators and the ExpandView stand-alone Application Traffic Management System provide powerful monitoring and graphical reporting for full application-level visibility and cost-effective end-to-end network management. Automatic application detection with hundreds of predefined classes. Dozens of historical and real-time reports for WAN and links Throughput, performance, acceleration Applications and hosts Throughput, performance, acceleration System-wide, per link, Peer, IP subnet, application inbound and outbound user customizable Complex rules available for the advanced user, such as nested rules and order matching Export and print functions End-to-end view with ExpandView Branch Office Features The Accelerators offer much more than just a bandwidth increase. These intelligent devices deliver a branch office platform that consolidates multiple devices. Full NetFlow compliance replaces the need for costly probes R ev isi o n 2. 0 6 C h ap t er 1: Introducing the Accelerator Open architecture for future enhancements Rapid Deployment/Dependable Results With minimal configuration and no network architecture changes. 2 minute configuration via front panel keypad Up and running in minutes with environment auto-detection Easy-to-use WebUI and central deployment stations Familiar Cisco-like CLI minimizes staff retraining Secure management with HTTPS, SSH, SNMP (v2c/v3) Integrates with existing user authentication and administration systems RADIUS, TACACS+, and Windows Directory Validated in over 1,000 enterprise and service provider networks Maximum Uptime and Reliability The Accelerators’ resilience features and standards-based implementation guarantee unsurpassed uptime and availability. Network integrity preserved with standards-based implementation, HSRP/VRRP failover External flash card for effortless device swap-out (for non-hard drivebased models: Switch-to-wire and software watchdogs) assure zero network downtime Remote access never compromised Out-of-band management Network integrity preserved with standards-based implementation IPComp tunnels Router Transparency Mode SCPS for TCP Acceleration SNMP for device management NetFlow probe Ac ce ler at o rOS 6 .1 .2 Us er Gui d e T h e A cc el er a to r P r o d uc t L in e The Accelerator Product Line 7 The Accelerator product line consists Accelerators that will cater to a range of facilities from the small office to the Enterprise Network. Check the corporate web site (www.expand.com) for new hardware releases. R ev isi o n 2. 0 8 C h ap t er 1: Introducing the Accelerator How the Accelerator Works Accelerators can be deployed in any network environment, whether the WAN is a private line, frame relay, VPN, IP, ATM, xDSL, ISDN, wireless local loop, or satellite. You can connect Accelerators on the LAN side of the router. Some of the Accelerator’s benefits can be realized with no far-end Accelerator. IP-Based Network In an IP network, you can position the Accelerator on the LAN-side of the router or directly on the LAN. The Accelerator can be located either On-Path or On-LAN. On-Path On-Path configuration places the Accelerator between the LAN and the router on both sides of the IP network. The data from the LAN segment passes through the Accelerator that performs traffic optimization, including compression and QoS, before the data reaches the router. See the sample On-Path application in the following figure. In this configuration, internal-bypass circuitry ensures the Accelerator fails-to-wire, enabling invisible protection of the network in the unlikely event of failure. If the Accelerator fails-to-wire, traffic will continue passing, but will not be accelerated (bypass mode). On-LAN On-LAN configuration places the Accelerator directly on the LAN as a host. The Accelerator becomes the next hop for traffic on the LAN destined to the WAN. The Ac ce ler at o rOS 6 .1 .2 Us er Gui d e H o w t h e A cc el er a t o r Wo r k s 9 accelerated data is redirected to the far-end Accelerator (On-LAN or On-Path) where the data is reconstructed before reaching its destination IP address. Usually, one Accelerator is installed on the LAN segment. However, if resilience is to be enhanced, you can install two or more Accelerators for redundancy purposes. The most common configuration up to Version 6.1.2 involves creating two links (two Accelerators), one of which is assigned a higher priority (metric - ranging from 11 to 10,000), so it will be used as the default link for the connection. If this link fails, traffic switches to the other link. If all transparent Proxy services (such as HTTP acceleration or TCP acceleration) are disabled, you can assign ingoing traffic through one link and outgoing traffic through the other link. Another optional configuration is shown below: In this configuration, Hot Standby Routing Protocol (HSRP) or Virtual Router Redundancy Protocol (VRRP) enables the Accelerator to take part in HSRP/VRRP groups. Starting from Version 6.1.2, a link can be destined to an HSRP/VRRP virtual IP, providing redundancy in cases where an active Accelerator fails. If an AcceleratorOS link is established, and the Source IP of this link is defined to be the HSRP Group’s Virtual IP, the link switches to the next Accelerator in the rare R ev isi o n 2. 0 10 C h ap t er 1: Introducing the Accelerator case of primary Accelerator failure, and all of this link’s services are kept. When the primary Accelerator is available again, the link switches back to it. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur at io n an d M an ag em e nt Configuration and Management 11 You can configure and monitor the AcceleratorOS via a user-friendly Web User Interface (WebUI). The WebUI is accessible from Microsoft Internet Explorer via the HTTP protocol or the secured HTTPS protocol. Console-based administration can be accomplished using a directly connected terminal or terminal software using a serial connection, a Telnet session, or a secured SSH-based connection. You can carry out initial configuration by using the front-panel LCD. The Accelerator operating system, AcceleratorOS, provides a wide range of management features. Like most networking equipment, the Accelerator requires some basic initial configuration in order to function. This configuration is performed locally by using the front-panel LCD, or an RS-232 console, Telnet console or browser-based management console, and includes specifying the Accelerator’s IP address. The initial configuration also involves defining passwords, and the time and date at the Accelerator site. The Accelerator’s user-friendly Installation Wizard guides you through the steps necessary to get your Accelerator up and running. For Quick Installation Instructions, see the Accelerator Quick Installation Guide. R ev isi o n 2. 0 12 C h ap t er 1: Introducing the Accelerator Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chapter 2: Preparing Network Integration This chapter assumes that you have successfully installed and turned on the Accelerator without any errors. If you have not been able to install or turn on the Accelerator successfully, see Troubleshooting, on page 299 and Contacting TAC, on page 389.The AcceleratorOS lets you set up the Accelerator either via the LCD, in conjunction with the Accelerator’s Wizard, or via the Wizard alone, by using the Accelerator’s default IP address (10.0.99.99). In addition, you can use the CLI to perform complete setup. This chapter contains the following topics: Working with Bypass Mode, on page 14. Reviewing the Setup Checklist, on page 15. Performing Setup via the LCD, on page 17. Performing Setup via the WebUI, on page 19 Performing Setup via the Wizard, on page 21 Licensing the Accelerator, on page 28 Logging into and out of the Accelerator, on page 30 Integrating the Accelerator into Your Network, on page 31 14 C h ap t er 2: Preparing Network Integration Working with Bypass Mode When working in On-Path mode, the Accelerator can work in bypass mode to enable transparent data transmission in the unlikely event of Accelerator failure. The move to bypass mode is carried out automatically by the bypass switch on the Accelerator. In addition, all models support invoking the bypass mode through the CLI. ! CAUTION! When bypass is enabled you will lose connectivity to the CLI/WebUI, ! unless Out-of-Band management is used. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Re vie w in g t h e S et u p Ch ec kl ist Reviewing the Setup Checklist 15 Follow this checklist to ensure that you have all of the information necessary to complete Accelerator setup: Network Checklist Information Needed For more information see: What are the port settings of the devices that will be attached to the Accelerator (switch/router)? Speed: 10/100/ 1000 Duplex: Half / Full What is the IP address of the Default Gateway? IP Address: What will the IP address of the Accelerator be? Will there be secondary IP addresses or VLAN IP Addresses? IP Address: Subnet Secondary (up to 10): VLAN: Performing Setup via the Wizard, on page 21 Does this Accelerator have more than one subnet in its network? Subnet: Acc IP Address: Subnet: Acc IP Address: Subnet: Acc IP Address: Setting Subnet Routing, on page 53 Do you have HSRP or VRRP configured? Yes: HSRP / VRRP (circle one) No HSRP, on page 279 Do you have OSPF configured? Yes / No If yes, OSPF Area ID: or IP address: Configuring OSPF, on page 440. Do you have RIP configured? Yes / No Version: 1/2 If yes, RIP Authentication: Configuring RIP, on page 446 IP address of the remote Accelerator? IP Address: Performing Setup via the Wizard, on page 21 WAN bandwidth? Performing Setup via the Wizard, on page 21 Does your network include VLAN 802.1q trunking? Yes / No Working with VLAN, on page 251 Does your network use external traffic monitoring software on the router? Yes / No Encapsulation, on page 23 R ev isi o n 2. 0 16 C h ap t er 2: Preparing Network Integration Network Checklist (Continued) Do you have any ToS implementation? MPLS? Diffserv? Any kind of applications that modify the ToS field? Information Needed Yes / No Yes / No Yes / No For more information see: MPLS, on page 43. ToS on page 261. Yes / No Do you currently use SNMP? Yes / No If Yes, what is the community name? Using SNMP, on page 270. Do you currently collect SNMP traps? Yes / No If Yes, what is the IP address of the trap receiver? Enabling / Disabling SNMP Traps , on page 507. Do you currently use a Syslog server? Yes / No If Yes, what is the IP address of the Syslog Daemon? Sending Updates to a Do you currently use NetFlow? Yes / No Configuring NetFlow Support, on page 98. Does your network have high latency lines above 40 ms? Yes / No If yes, enable TCP Acceleration Studying TCP Acceleration, on page 132. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Syslog Server, on page 271. P er f o r m in g S e tu p v ia t he L C D Performing Setup via the LCD 17 Accelerator configuration is made simple with the front-panel LCD. AcceleratorOS v6.xx should be displayed, where xx is the maintenance release number (for example 6.1.2) in addition to a status display (Ready, Bypass, or various error messages). Press Enter to start configuration. To navigate between the fields: Follow these steps: Press the right/left arrows until the cursor is below the word/value you want to select or change. Press the up/down arrows to change the value of the numbers. Press Enter to navigate to the next screen. Enter setup by making sure the cursor is under Setup and pressing Enter. Setup Local IP Subnet Mask R ev isi o n 2. 0 18 C h ap t er 2: Preparing Network Integration Default Gateway When asked if you want to save the setup, select Yes or No and press Enter. At this point, management can be performed via the Accelerator’s Web UI, via the CLI, Telnet, SSH, or via ExpandView- Centralized Management. To work with ExpandView, you will need to define the ExpandView server IP address via the CLI. For other LCD settings, see section Locking/unlocking the Keypad, on page 295. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e P er f o r m in g S e tu p v ia t he Web U I Performing Setup via the WebUI 19 The Accelerator’s Web User Interface (WebUI) provides you with a user-friendly interface for configuring the Accelerator. To access the WebUI: 1. The Accelerator comes pre-configured with the IP address: 10.0.99.99 255.255.255.0 If no other IP address was assigned via the LCD, use this default address to access the Accelerator. If the Accelerator is connected directly to a management PC, ensure that you set the PC to the same subnet as the Accelerator’s IP address. 2. In the Address field of your web browser, enter the Accelerator’s IP Address. Alternatively, the Accelerator WebUI supports access via Secure HTTP, by typing https:// before the Accelerator IP address. 3. The Accelerator’s WebUI opens and prompts you to log in to use the WebUI. When prompted, log in to the Accelerator by entering a user name and password. The default user name and password (both case sensitive) that must be used on initial login are as follows: user name: expand password: Expand The first time you access the WebUI, the Setup Wizard automatically opens and guides you through the steps of basic Accelerator configuration. Studying The WebUI Menu The following buttons, which are common to all WebUI menu screens, let you carry out basic operations as follows: WebUI Menu Item Description Setup Wizard Click the Setup Wizard link at any time to open the Setup Wizard. Write Click the Write link at any time to write the current configuration. Change Password Click the Change Password link at any time to modify your login password. The password is case sensitive, but the number of characters is not limited. R ev isi o n 2. 0 20 C h ap t er 2: Preparing Network Integration Logout Click the Logout link at any time to log out of the Accelerator. Clicking on this button at any time on any page in the interface will set that page as the default startup page “home page” each time you log into the WEB/UI. There is no confirmation to this action. Click the Refresh button at any time to refresh the data in the WebUI. Click the Help button at any time to open the Accelerator’s online help. This help is pop-up based so make sure your browser’s settings allow pop-ups. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e P er fo r m in g S et up via t h e Wi z ar d Performing Setup via the Wizard 21 The Accelerator’s Setup Wizard guides you on the step-by-step configuration of the basic parameters (all parameters that are set via the front-panel LCD), which are necessary to get your Accelerator up and running. To access the Setup Wizard: 1. The first time you access the Accelerator’s WebUI, the Setup Wizard opens automatically. On subsequent uses, to return to the Setup Wizard, click the Setup Wizard button. If the Accelerator is connected directly to a management PC, ensure that you set the PC to the same subnet as the Accelerator’s IP address. 2. Read carefully the explanations that appear in the Welcome screen and click Next to move to the My Accelerator screen, which lets you define the local Accelerator settings. i NOTE: To carry out any modifications and additions after initial configuration, always use the Basic screen or the My Links screen and not the Wizard. The Wizard resets other parameters to their default values when accessed. Configuring the Wizard Set the following parameters on the Wizard’s My Accelerator screen: Device Name Set a name for the Accelerator of up to 60 characters, without spaces and special characters. IP Address Enter the IP address of the Accelerator. Subnet Mask Enter the Subnet Mask to identify this Accelerator’s local subnet. Default Gateway Enter the network’s Default Gateway to which the Accelerator will forward the traffic it intercepts. Licensing Enter the Accelerator’s serial number (product ID). Select either Evaluation, License Key or License File, and enter the license key or file number. For more information on Licensing, see Licensing the Accelerator, on page 28. R ev isi o n 2. 0 22 C h ap t er 2: Preparing Network Integration Defining Advanced Settings Clicking the Advanced Settings Configuration button opens the Advanced Settings screen, which lets you set advanced information about the Accelerator’s setup, as follows: ! ! i Deployment Type On-Path: See ‚ÄúOn-Path‚Äù on page 8. On-LAN: See ‚ÄúOn-LAN‚Äù on page 8. For additional information on both types of deployment, see the Quick Installation Guide supplied with your Accelerator Deployment Size. From the drop-down list, select the approximate number of Accelerators to which the local Accelerator will be connected: 1 5, 6 - 10, 11 - 20, 21 - 50, 51 - 100, 101 - 200 or 201 - 500. Setting an accurate network size enables the Accelerator to better optimize traffic. In network topologies such as Mesh and Hub, knowing the network size is important for the Accelerator in order to know how to divide its system resources correctly among connected Accelerators. Bandwidth Set the precise bandwidth (in Kbps) of the WAN. 0 is not a valid bandwidth Caching Defines the active cache method: WAFS only (for CIFS traffic), Web Cache only (for HTTP servers), or both or None. Maximum Links Used for defining the maximum number of requested links. You can set here any number between 1 and 450. CAUTION! The WAN bandwidth setting is used by the Accelerator’s QoS mechanism. Ensure that the WAN bandwidth is not set too low, otherwise the Accelerator’s QoS mechanism may drop packets and cause applications to disconnect. NOTE: For the Accelerator’s application optimization to work properly, you are advised to set an accurate WAN bandwidth defining the physical link that the Accelerator sits on. Either select the WAN Bandwidth from the pulldown menu or select Other and enter a specific figure into the provided field along with its correct unit (bps, Kbps, Mbps, Gbps). If you are unsure of your WAN bandwidth setting, use the default setting of 100 Mbps. Setting Links via the Wizard The My Links screen, accessed via the Wizard, lets you set up the basic parameters necessary to define your network and begin working with the Accelerator. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e P er fo r m in g S et up via t h e Wi z ar d 23 Follow these steps to set Link information and click Next to advance to the next screen: i i i Destination IP Enter the IP Address of the remote device. Name Set a name for the link that will let you identify it in the future. Up to 31 characters, no spaces, no special characters. Bandwidth Set the speed of the link that connects the local Accelerator to the remote Accelerator. This should be either the local WAN bandwidth or the remote WAN bandwidth -whichever is lower. To accomplish asymmetrical bandwidth settings, use either the advanced link parameters or the CLI. Encapsulation IPComp: IPComp encapsulation (tunneled encapsulation) compresses the entire packet. This means that the IP header, the transport header and the payload are compressed and the packet traversing the network will have an IPComp header. IPComp is the default setting, which enables the best compression rate. Router Transparency (RTM): In Router Transparency encapsulation, only the packets’ payload is compressed, leaving the original IP header and the original TCP/UDP header in their original forms so that their information is available across the network. Router Transparency encapsulation is appropriate in an environment where header preservation is necessary, including QoS deployments, monitoring (NetFlow), Load Balancing, Billing, encryption, MPLS networks and certain firewall environments. NOTE: When using router transparency mode, the payload of packets destined to the router (SNMP requests, Telnet, and so on) will be compressed, making them unreadable by the router. In this event, it is necessary to set up a decision policy that does not tunnel specific applications, (like SNMP see Creating New Applications, on page 105), or to exclude specific subnets or IP addresses from being accelerated on the link (see Setting Remote Subnets for the Links, on page 262). NOTE: Encapsulation settings can be asymmetric. This means that you can set one Accelerator to Router Transparency while setting the other Accelerator to IPComp in the opposite direction. This is useful for setting RTM mode when one of the Accelerators is On-LAN and the other is On-Path. However, IPComp encapsulation will not function if the IPComp protocol is blocked by a firewall. Therefore, ensure that the IPComp protocol is not blocked before selecting either IPComp or RTM encapsulation NOTE: TCP port 1928 is needed for establishing a connection between Accelerators. Ensure that this port is not blocked by a firewall that is installed between the Accelerators. R ev isi o n 2. 0 24 C h ap t er 2: Preparing Network Integration Use the Delete button to remove added links from the Links Table. i NOTE: Deleting the non-link is impossible, because this link name is a logical entity that represents all un-specified traffic in the QoS and Monitoring engines Click Next to advance to the next screen of the Wizard. Setting the Time Verifying that the Accelerator’s time is accurately set is extremely important in order to have an accurate reading of when events occur and when statistic items are gathered and updated. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e P er fo r m in g S et up via t h e Wi z ar d 25 Modifying the Password Security reasons necessitate changing the default password before exiting the setup Wizard. In the Password screen, enter and confirm a new password, and then click the Next button. NOTE: The following values are not accepted as passwords: An empty field (i.e. a blank password) Expand (the default original password) i Reviewing Wizard Configuration The Summary screen of the Setup Wizard lets you review the parameters set via the Wizard before saving them to the Accelerator. If the configuration is correct, press the Submit button to save the settings to the Accelerator. ! ! CAUTION! Clicking Finish saves the configuration as the Accelerator’s Startup Config. R ev isi o n 2. 0 26 C h ap t er 2: Preparing Network Integration Modifying Basic Setup Configuration To modify the basic Accelerator setup, you can make changes via the Basic screen in the Setup menu of the WebUI. i NOTE: To carry out any modifications and additions after initial configuration, always use the Basic screen or the My Links screen and not the Wizard. The Wizard resets other parameters to their default values when accessed. The parameters on this screen are identical to the parameters configurable via the Setup Wizard’s Basic screen, with the exception of Routing Strategy settings (see Setting Routing Strategy, on page 27). For more information see Performing Setup via the Wizard, on page 21. In addition, the Basic screen lets you add a description to identify the Accelerator. The Basic screen includes specific details concerning the Accelerator device, as follows: Platform Accelerator type Product ID The product ID is the unique number identifying the Accelerator, and is used when licensing the product AcceleratorOS Version Software (AcceleratorOS) version running on the Accelerator Ac ce ler at o rOS 6 .1 .2 Us er Gui d e P er fo r m in g S et up via t h e Wi z ar d System Up-Time The last time the device was rebooted, and how much time has elapsed since. Current Time Time set in the Accelerator 27 Setting Routing Strategy The Basic screen lets you set the Routing Strategy. Routing strategy defines how to route traffic. In environments such as router polling and dynamic routing networks, the Accelerator must route all traffic, and therefore you should set Routing strategy to Routing only. In other environments, non-link traffic and inbound traffic should not be directed to the router (normally, when nonlink traffic is transmitted by the Accelerator, it is directed to the router; but this can cause problems if the destination is a Layer-2 address or for incoming traffic). In such environments you have to set the Routing strategy to Bridge route, which does not route non-link and inbound traffic - only traffic destined to an accelerated link or a virtual link. Routing-Only –typically used in On-LAN deployments, or in environments that require the Accelerator to route all traffic (for example: networks that use Dynamic Routing policies). Bridge Route – typically used in On-Path deployments, where traffic is not necessarily routed through the router. i NOTE: Enabling TCP Acceleration requires you to use “Routing-Only” routing strategy. R ev isi o n 2. 0 28 C h ap t er 2: Preparing Network Integration Licensing the Accelerator Accelerators are shipped with a 30-day grace period, during which you must register the product and a install a license. Once the 30-day grace period has passed, the Accelerator will continue to pass data in passthrough mode and will not optimize traffic in any way. In addition to standard Accelerator license, there is also an additional license for WAFS features. For the WAFS license installation information, see Installing the License File, on page 184. Viewing the license status is possible as follows: Via the Licensing tab of the My Accelerator screen. By entering the CLI—Licensing the Accelerator, on page 421. i i NOTE: The 30-day period counts only days during which the Accelerator is powered on. NOTE: In the unlikely event of Accelerator failure, if you use a non hard drive-based Accelerator, you can immediately replace the Accelerator in the field by inserting the Compact Flash from an Accelerator with a permanent license into another Accelerator. This will enable the second Accelerator to function with a 30-day evaluation license, allowing you time to register the new Accelerator. Licensing an Accelerator involves two steps: Activating the I-Key, on page 29. Activating the License Key, on page 29. Both steps are described in the Licensing Guide that was sent to you by E-mail when you purchased your product. A simplified version is included here for convienence. To renew or upgrade your license, contact Expand’s Help Desk. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Li ce ns in g t he A cc ele ra to r 29 Activating the I-Key To Activate the I-Key: 1. Identify the Accelerator’s Serial number (product ID) in the upper right hand corner of the Basic screen of the WebUI. 2. Open your E-mail and copy the I-Key that was sent to you with your order confirmation. 3. Go to www.expand.com. Click the My Expand Link. When directed to the Customer Portal, enter your login information and click Log In. If you have not yet registered click First Time Here to do so and then log in. 4. Click on the Licensing tab. Then click Manage End-User Keys. 5. Click the Add Product link. 6. In the popup window, enter the software version number, the Site Name, and the Reseller. Copy the Serial Number from the Accelerator WebUI. Re-enter the serial number. Click the Submit button and a new popup window opens. 7. In the I-Key field, enter the I-Key and click the Activate button. The popup window now displays the details of the license key. 8. Copy the information listed in the first line: LICENSE KEY IS: This is the number that you need to enter into the Accelerator to activate the license. Keep this information in a safe place. Go to the next section to continue. Activating the License Key To Activate the License Key: 1. In the Accelerator’s WebUI, click Setup followed by My Accelerator, and then Licensing. 2. Click the Activate New License button and enter the Accelerator’s serial number, paste the License Key as copied from the Portal and click Activate. 3. Select or deselect the checkbox that enables refreshing the Acceleration on all links with the new license feature. To update the new license features, select the Refresh acceleration on all links box. R ev isi o n 2. 0 30 C h ap t er 2: Preparing Network Integration Logging into and out of the Accelerator In the setup of the Accelerator, you set a password. You will need this password to log into the software. To log into the Accelerator: 1. Open a web browser. 2. Enter the IP address of the Accelerator. The login screen appears. 3. If your browser has popups disabled, change the properties so that popups are enabled. 4. Verify that the platform and software version shown on the screen are correct. 5. In the User Name field, enter the user name you used in the Setup Wizard. This is case senstitive. 6. In the Password field, enter the password you used in the Setup Wizard. This is case sensititve. 7. Click Submit. To logout of the Accelerator: 1. From any screen in the WebUI, click Logout. There is no confirmation. You are immediately logged out. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e In te g r at in g t h e A cc el er a to r in t o Yo u r N et w o r k I ntegrati ng the Accelerator i nto Your Network 31 The steps involved in integrating the Accelerator in your network depend entirely on the structure of the network and the various technologies and devices already in place on your network. The following section describes the steps needed to get the Accelerator up and running for various network topologies and technologies. Your network may need one or any combination of the following settings. This section contains the following topics: Integrating into a Standard Network, on page 31. Integrating into Networks that use Dynamic Routing, on page 32. Networks Using External QoS or Monitoring Devices, on page 33. Working in Noisy Link Environments, on page 34. Installing On-LAN at a Data Center, on page 35. Installing in a High Latency Environment, on page 37. Installing in a Web-Intensive Environment, on page 38. Using Advanced QoS, on page 39. Integrating into a Standard Network The Accelerator Installation Wizard is designed to get the Accelerator up and running on a standard network, namely: a network that installs the Accelerators in a point-to-point, or point-to-multipoint configuration, with one router and one or more remote sites. After concluding the first stage of using the wizard, as detailed in the Quick Installation Guide, proceed with the configuration by referring to one of the following sections, depending on the network environment: Integrating into Networks that use Dynamic Routing, on page 32 Networks Using External QoS or Monitoring Devices, on page 33 Working in Noisy Link Environments, on page 34. Installing On-LAN at a Data Center, on page 35. Installing in a High Latency Environment, on page 37. Installing in a Web-Intensive Environment, on page 38. Using Advanced QoS, on page 39. R ev isi o n 2. 0 32 C h ap t er 2: Preparing Network Integration Integrating into Networks that use Dynamic Routing Follow these steps to install the Accelerator on a network that already uses dynamic routing. Use the Installation Wizard to set up basic Accelerator properties. Use the following steps for networks that use OSPF dynamic routing. To configure OSPF: 1. In the Accelerator’s WebUI, click on the Setup tab, and then the My Accelerator tab, followed by the My Routes menu. 2. 3. Under Dynamic Routing, click the OSPF button. Set the parameters as necessary. For more information on OSPF, see Configuring OSPF, on page 62 for networks that use RIP dynamic routing. To configure RIP: 1. In the Accelerator’s WebUI, click on the Setup tab, and then the My Accelerator tab, followed by the My Routes menu. 2. 3. Click the RIP button. Set the parameters as necessary. For more information on RIP, see Configuring RIP, on page 63. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e In te g r at in g t h e A cc el er a to r in t o Yo u r N et w o r k 33 For networks that use dynamic routing other than OSPF or RIP (such as EIGRP, ISIS or IGRP), see Working with Router Polling, on page 61. Networks Using External QoS or Monitoring Devices When QoS is deployed on the network (not via the Accelerator, but by using thirdparty software), setting up the Accelerator is necessary for enabling the QoS device to continue having access to the traffic traversing the Accelerator. To set the Accelerator to enable external QoS: 1. In the WebUI, in the Setup menu, click My Links. 2. Select the link to be affected by a QoS device and set it to work in Router Transparency mode. For more information on Router Transparency mode and Link configuration, see Adding Links, on page 47. R ev isi o n 2. 0 34 C h ap t er 2: Preparing Network Integration 3. If all links from the Accelerator are to be affected by the QoS device, you may find it useful to modify the default Link parameters, in order to make all newly created links use Router Transparency Mode as the default setting. To use Router Transparency Mode as the default setting: a. Select the My links command from the Setup menu. b. Click the Advanced button. c. Set the default link parameters as needed. d. Click the Save to template link button. Working in Noisy Link Environments If you add the Accelerator to a particularly noisy environment, with a high number of BERs, drops or collisions (for example, satellite links or a connection with radio transmissions), the following configuration modifications may help optimize Accelerator performance. To set the Accelerator to work in noisy links environments: 1. In the Setup menu, under My Links, click the Advanced button. In the Create New Link screen, ensure that the Include checksum checkbox is selected (this is the default setting). Checksum causes the Accelerator to automatically resend packets on which errors are detected. 2. Consider enabling TCP Acceleration if links are high-latency, as described in section Installing in a High Latency Environment, on page 37. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e In te g r at in g t h e A cc el er a to r in t o Yo u r N et w o r k 35 Installing On-LAN at a Data Center Installing an Accelerator On-LAN at the data center requires taking extra measures in order to enable redirecting all relevant traffic to the Accelerator. When working in On-LAN mode, the Accelerator needs to intercept packets from the LAN before they are handled by the router. This is accomplished either via RIP Route Injection, or via the Web Cache Communication Protocol (WCCP). For more information, see section Enabling Packet Interception, on page 63. To Configure Packet Interception: 1. Click on Setup followed by Networking and then Packet Interception. 2. In the Packet-Interception menu, select either RIP or WCCP packet-interception. 3. If RIP is selected, enter a number in the Maximum Subnets field (default: 1000) and click the Submit button. 4. If WCCP is selected: R ev isi o n 2. 0 36 C h ap t er 2: Preparing Network Integration a. Select the Authentication checkbox and enter a password (case sensitive) into the Authentication field. b. Enter the WCCP router IP address. c. Enter the TCP service ID and UDP service ID (51 to 99). d. Click the Submit button. For information on configuring the router to support WCCP mode, see section Setting WCCP on the Router, on page 69. If resilience is necessary, and HSRP or VRRP is implemented among the routers at the central site, you can configure the Accelerator to operate within an HSRP or a VRRP group. For more information see section Router Redundancy Protocols, on page 278. To enable the Accelerator to operate within an HSRP group: 1. Click on Setup followed by Networking and then HSRP. 2. You can configure the Accelerator either by using the Auto Detect mode or by manually adding HSRP configuration. The auto detect mode enables filling up the HSRP table automatically with the details of the HSRP groups detected on the network. Alternatively, you can manually add HSRP groups to the Accelerator. Ensure that the Accelerator “joins” all relevant HSRP groups. For more information, see section HSRP, on page 279. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e In te g r at in g t h e A cc el er a to r in t o Yo u r N et w o r k 37 To enable the Accelerator to operate within a VRRP group: 1. Click on Setup followed by Networking and then VRRP. 2. In the VRRP menu, enter the Group ID number, the Virtual IP address, the Priority (0 - 254), the preempt status and the timer setting. 3. Click Add. The VRRP group immediately appears in the Groups table. For more information, see section VRRP, on page 283. Installing in a High Latency Environment TCP, which was designed to ensure reliable IP transmission, does not perform well in high latency and high-packet-loss environments. The TCP limitations are expressed in the long times required for file transfers over the WAN, degraded web performance and unresponsive applications. TCP Acceleration enables optimization and better utilization of WANs that suffer from distance-induced TCP limitations. For more information on TCP Acceleration, see section Studying TCP Acceleration, on page 132. Use the following table to determine whether your network suffers from high-latency and would benefit from enabling TCP Acceleration: Window Size 8 KB 16 KB 32 KB 64 KB R ev isi o n 2. 0 C h ap t er 2: Preparing Network Integration Round Trip Time 38 5 0 160 Kbps 320 Kbps 640 Kbps 1280 Kbps 1 0 0 80 Kbps 160 Kbps 320 Kbps 640 Kbps 1 5 0 53 Kbps 106 Kbps 212 Kbps 424 Kbps 2 0 0 40 Kbps 80 Kbps 160 Kbps 320 Kbps 5 0 0 16 Kbps 32 Kbps 64 Kbps 128 Kbps 1 0 0 0 8 Kbps 16 Kbps 32 Kbps 64 Kbps To enable TCP Acceleration: 1. In the Accelerator’s WebUI, click on Services and then TCP Acceleration. 2. In the TCP Acceleration field, select the Enable TCP Acceleration on All Links box. Enter the typical RTT and Typical Acceleration rate as described in section Studying TCP Acceleration, on page 132. 3. In the bottom right corner, click the Submit button. For more information on TCP Acceleration configuration settings, see section Configuring TCP Acceleration, on page 139. Installing in a Web-Intensive Environment If your network runs many Web-based applications, or a lot of Web browsing takes place between branch offices to the central office’s Internet link, DNS Acceleration may decrease some of the network congestion. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e In te g r at in g t h e A cc el er a to r in t o Yo u r N et w o r k 39 Using Advanced QoS This section covers the topic of QoS, its uses and the way it is implemented in the AcceleratorOS. The section includes the following topics: What is QoS? How to Know what’s on Your Network How to Prioritize Applications What is QoS? QoS (Quality of Service) is a general term for the control mechanisms that can assign different priorities to different users, applications, or data flows. These control mechanisms or priority levels guarantee a certain level (or quality) of performance of the data flow (service) and simultaneously addresses the requests from the application. Quality of Service guarantees are important if the network capacity is limited, especially for real-time multimedia streaming applications, such as VoIP and IPTV. Such applications often require a fixed bit rate, are delaysensitive, and cannot tolerate packets dropping or being delivered in the wrong order. You can use the QoS feature to prevent such factors and to accelerate packets passing through the Accelerator based on your policy and reservation criteria. QoS allows you to maximize the bandwidth you pay for more effectively. The key to managing the traffic and achieving bandwidth effectiveness, is closely tied to your knowledge of the type of traffic that is on your network and to the demands of your users. How to Know what’s on Your Network The Accelerator’s traffic detection, or sniffing, feature lets you obtain a complete picture of your bandwidth use. Traffic is classified according to hundreds of predefined applications, and statistics are gathered as to how much of each traffic type is traversing (or clogging) your network. Often you may find that the applications that should be receiving the most bandwidth are in fact being slowed down by bandwidth-greedy applications that are secondary, or even unwanted and potentially harmful. How to Prioritize Applications Once you know which applications are on your network and how they affect your traffic flow, understanding the building blocks of QoS is essential in order to prioritize applications correctly. R ev isi o n 2. 0 40 C h ap t er 2: Preparing Network Integration Traffic shaping is accomplished primarily by guaranteeing or limiting the amount of bandwidth an application can receive, and by prioritizing applications. Setting a Minimum Bandwidth desired allocates a certain amount of bandwidth for a specific application during periods of congestion. You should set desired bandwidth for mission-critical, time-sensitive applications such as VoIP, which needs 8 to 16 Kb allocated throughput to function. Setting Maximum Bandwidth limit puts a ceiling on the amount of bandwidth that an application can consume. This is useful for bandwidth-greedy applications such as FTP or P2P, to limit the amount of bandwidth they consume. Additionally, you can allocate bandwidth proportionately among applications by setting the priority to Low, Medium or High. You can give critical traffic a higher priority than all these by setting it to RealTime. To prevent the flow of undesired traffic on the network, set it to Blocked. Applications that you may want to prioritize include VoIP, Citrix and video conferencing. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chapter 3: Configuring Networking This chapter describes how to perform networking configuration on the Accelerator, including: Optimizing the Network Topology, on page 42 Defining WAN Setup, on page 44 Configuring Secondary IP Addresses, on page 45 Creating and Editing Links, on page 46 Setting Subnet Routing, on page 53 Adding Static Routes, on page 58 Setting Dynamic Routing, on page 59 Enabling Packet Interception, on page 63 Setting the Accelerator’s Time, on page 70 Configuring DHCP Servers, on page 71 Setting ExpandView Connectivity Parameters, on page 73 42 C h ap t er 3: Configuring Networking Optimizing the Network Topology The Accelerator enables support of many complex network topologies. Some of these environments have special considerations when setting up the Accelerator. Point-to-Point The Accelerator’s default settings are designed with a basic point-to-point network in mind. For point-to-point networks as well as for branch offices connected to headquarters, the basic Wizard configuration should suffice. This is the default setting. Mesh and Hub In a mesh or hub-and-spoke topology it is recommended for the Accelerator to have a correct estimate of the size of the network and the number of Accelerators connected. To adjust the size of the deployment, see Defining Advanced Settings, on page 22. If the Topology-Size is set to a number that is too large, the Accelerator will not use all its resources, resulting in lower acceleration percentages than would be possible if the Topology-Size were set accurately. If the Topology-Size is set to a number that is too small, too many negotiation messages will be sent between the Accelerator and the network. In addition, the amount of time it takes for the Accelerator to reboot and to recover from a disconnected link will be longer than necessary. Taking into Account NetworkSpecific Considerations The Accelerator’s advanced algorithms support multiple complex networks with no added or special configuration. The algorithms automatically optimize Accelerator benefits per network setup. The following are special configuration recommendations for particular networks: Environment Type Customized Configuration Noisy environments Noisy environments are handled automatically via the Accelerator. The Accelerator’s basic configuration settings can automatically optimize problematic networks of this type. Out-of-order Out-of-order environments are handled automatically via the Accelerator. The Accelerator’s basic configuration settings can automatically optimize problematic networks of this type. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e O pt i mi z in g t he N et w o r k Top o lo g y Environment Type Customized Configuration Load balancing In load-balanced environments, you should set the Accelerator to Source IP preservation (CLI configuration only) to maintain the semblance of a session, or RTM encapsulation if necessary. You can perform load balancing per packet or per session. In a load-balanced environment you should either enable IPcomp via the CLI, (see section Setting IPcomp Preservation, on page 503) or use transparent mode to preserve session information. MPLS In MPLS networks, enable ToS bit preservation and source IP preservation. Often it is important to enable router transparency instead, to work with the network’s QoS deployment (see section Setting IPcomp Preservation, on page 503). QoS cloud or working in conjunction with a QoS device Enable router transparency, or ToS bit preservation &/or 43 Source IP Preservation (see section Setting IPcomp Preservation, on page 503). Depending on the fields in use, enabling one or more of the IPComp preservation modes may be necessary in order to use RTM. Monitoring device in a cloud Enable router transparency, or ToS bit preservation &/or Source IP Preservation (see section Setting IPcomp Preservation, on page 503). Depending on the fields in use, enabling one or more of the IPComp preservation modes may be necessary in order to use RTM. R ev isi o n 2. 0 44 C h ap t er 3: Configuring Networking Defining WAN Setup Each Accelerator has a default WAN. The settings on this WAN define the physical connection of the Accelerator to the WAN. The WAN bandwidth setting is the total physical bandwidth of the link between the Accelerator and the network. The default WAN is automatically generated and will suffice for most networks. For details regarding the configuration of complex networks, on which more than one WAN is necessary, see Handling WANs, on page 248. Setting the Bandwidth Correct functioning of the Accelerator’s bandwidth management and flow control mechanisms requires you to configure an accurate bandwidth for the WAN. The Bandwidth setting is enforced once it is set. Ensure that you set the Outbound Bandwidth for the local Accelerator. The Accelerator applies no policy for Inbound Bandwidth unless otherwise specified. Setting inbound QoS on a link requires setting the Bandwidth of the inbound link. For more information see Setting Inbound QoS, on page 121. Configuring the WAN In addition to Bandwidth, you can assign Links per WAN, and configure QoS settings to be applied on the WAN level. For more information about QoS, see Applying QoS, on page 101. To carry out basic WAN configuration, use either the Setup - Basic menu in the WebUI, or the Setup Wizard. For more information on WAN Bandwidth and Links, see Setting Advanced Parameters, on page 247. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n f ig u r in g S e co n da r y IP Ad d r es se s Configuring Secondary IP Addresses 45 You can set on the Accelerator up to 20 Secondary IPs, for connection to multiple subnets on the same network. Out-of-band management is set here. If Out-of-band management is used, it is counted as one of the twenty Secondary IP addresses available. Starting from Version 6.1.2, you can set several IPs on the same subnet, whereas prior to this version, a secondary IP address belonged to a different subnet. To set the number of Accelerators in the network: 1. In the Accelerator’s WebUI, click on Setup > My Accelerator, followed by Secondary IP. 2. Enter the IP address and Subnet Mask to be used, select whether to advertise the IP address and click the Add button. 3. The IP address appears in the Secondary IP List table. 4. To edit or delete an address that is in the table, highlight the row in the Secondary IP List table, select the address, and click Edit to edit, or Delete to delete. R ev isi o n 2. 0 46 C h ap t er 3: Configuring Networking Creating and Editing Links A Link is a logical connection between the Accelerator and a connected remote site and its subnets. The Accelerator optimizes network performance to remote sites with Accelerators deployed via “Accelerated Links”, and to remote sites without Accelerators deployed via “Virtual Links”. The Accelerator’s benefits are greatest when working with another Accelerator on the other side. The Accelerator can provide QoS services to Virtual Links, when no other Accelerators are present on the remote sites. In addition, the Accelerator enables configuration of a single “Non-link”. The Nonlink is the default link for all traffic not assigned to any known subnet or remote Accelerator. Internet traffic is one example of traffic assigned to the Non-link. You can manage this Non-link like any other link, and that lets you determine traffic QoS and bandwidth restrictions for all traffic not destined for your remote networks and Accelerators. When a link is first created or re-established, auto-negotiation occurs between the local and remote ends of the link and uses the inbound and outbound bandwidth settings to determine the resources to be allocated for each link. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C r ea ti n g an d E d it in g L i nk s 47 Studying the Links Screen The Links screen lets you add, edit and manage Accelerator links. Creating a link requires assigning a destination IP address and an outbound bandwidth to the link. The following sections detail the operations you can carry out via the Links screen: Adding Links, on page 47. Editing Links, on page 50. i NOTE: Packet Fragmentation does not work in RTM mode. Adding Links Add links to the Accelerator via the Setup - My Links menu. Note that TCP port 1928 is needed for establishing a connection between Accelerators. Ensure that this port is not blocked by a firewall that is installed between the Accelerators. To add a link: 1. In the Accelerator WebUI, click on the Setup tab, and then the My Links menu. The Links screen opens by default. R ev isi o n 2. 0 48 C h ap t er 3: Configuring Networking 2. Set the basic link properties, as follows: Property Description Source IP IP address of the sending device. By default, the Accelerator’s primary IP is displayed. You can either leave this choice or select another source IP address. The Source IP field, lets you define a source IP for each new link you create, and also changes the source link while the link is active. In addition, you may use a virtual IP address for redundancy purposes. In this case the virtual IP will be a link which, in case of machine failure, can be redirected to another machine, unlike a link whose source is a primary IP address. For more details see Using a Virtual IP Address, on page 51. The valid link source IPs are as follows: Primary IP Secondary IP VLAN IP HSRP IP VRRP IP Name Set a name for the link to let you identify the link in the future. Up to 32 characters, no spaces. Destination IP IP address of the remote device. Bandwidth Set the link’s bandwidth, namely: the maximum throughput allowed to traverse the link. IPComp IPComp encapsulation enables the best compression rate. IPComp encapsulation (tunnelled encapsulation) defines complete compression of the packets intercepted by the Accelerator. This means that the IP header, the TCP/UDP header and the payload are compressed and the packet traversing the network will have an Accelerator-proprietary IPComp header. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C r ea ti n g an d E d it in g L i nk s i Property Description Router Transparency (RTM) In Router Transparency encapsulation, only the packet’s payload is compressed, leaving the original IP header and the original TCP/UDP header in their original forms so that their information is available across the network. Router Transparency encapsulation is appropriate in an environment where header preservation is necessary, including QoS deployments, monitoring (NetFlow), load balancing, billing, encryption, MPLS networks and certain firewall environments. RTM support for On-LAN deployments is available in AcceleratorOS 5.0(6) and higher. 49 NOTE: If you leave the Source IP field empty, the default value is the machine’s primary IP address. 3. If you are finished, click the Add button. For particularly complex networks, the Accelerator enables advanced link configuration. To set additional advanced configuration settings: 1. Click the Advanced button. 2. Open the different sections by clicking on the + sign next to the section title. Use the Parameters section to edit parameters such as Link Name, Destination IP, Source IP, Link Metric, Bandwidth Out and MTU (Maximum Transfer Unit). Use the Acceleration section to define whether to accelerate the link and to use header compression. Use the Tunneling section to define parameters such as the encapsulation type (IPComp, or Transparent), preservation and Include checksum. In the TCP Acceleration settings section, select whether to use the global TCP acceleration settings or to customize these settings by defining the typical round-trip time (RTT) and the typical acceleration rate. In the TCP Acceleration Advanced section, select the type of acceleration you want to implement (Global, link specific, or none). If you choose link specific, you will need to fill in additonal fields. In the Post Acceleration Aggregation section, select whether to enable Citrix (post acceleration) aggregation on your links. Citrix Aggregation operates per link. R ev isi o n 2. 0 50 C h ap t er 3: Configuring Networking In the Bandwidth Adjustment section, select the Enable Bandwidth Adjustment check box and fill in the percentage and interval rates. In the IPsec section, select the Enable IP Sec checkbox and select a policy name and enter a local and remote IP address. 3. To save the settings, click Submit, click Back to Links to return to the My Link screen. For Advanced Configuration options, see Additional Configurations, on page 496. Editing Links You can use the Edit Links screen to fine-tune and modify existing links. This screen lets you set basic link parameters, acceleration, tunneling and TCP Acceleration parameters for the link. To edit an existing link: 1. In the Links table, either click the name of the link to be edited, or click the row of the link to be edited, and click the Edit button. The Edit Link screen appears: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C r ea ti n g an d E d it in g L i nk s 51 2. In the Edit Link screen that opens, use the Parameters section to edit parameters such as Link Name, Destination IP, Link Metric, Bandwidth Out and MTU (Maximum Tranmission Unit). 3. Use the Acceleration section to define whether to accelerate the link and to use header compression. 4. Use the Tunneling section to define parameters such as the encapsulation type (IPComp or Transparent). 5. In the TCP Acceleration settings section, select whether to use the global TCP acceleration settings or to customize these settings by defining the typical roundtrip time (RTT) and the typical acceleration rate. 6. In the Post Acceleration Aggregation section, select whether to enable Citrix (post acceleration) aggregation on your links. Citrix Aggregation operates per link. Each link can have Citrix Aggregation enabled or disabled independently of other links. For details, see Creating Citrix Applications, on page 112. 7. i NOTE: When configuring a link, you are advised to set a link metric for it, which is the actual metric for all the link’s subnets, with the exception of excluded Subnets. If you do not set a link metric for the link, the system automatically sets a default for the link, which is the current maximum metric +10, starting from 11. Use the Link Subnets screen to set the link’s subnets. For configuration details, see section Configuring Remote Subnets Manually,on page 56. Using a Virtual IP Address As mentioned earlier (see section On-LAN,on page 8), in the case of machine failure, a link that uses a Virtual IP can be redirected to another machine. An example of such a case is provided in the figure below. R ev isi o n 2. 0 52 C h ap t er 3: Configuring Networking The source IP (virtual IP) in the sending machine is the destination IP in the receiving machine. If an AcceleratorOS link is established, and the Source IP of this link is defined to be the HSRP Group’s Virtual IP, the link switches to the next Accelerator in the rare case of primary Accelerator failure, and all of this link’s services are kept. When the primary Accelerator is available again, the link switches back to it. Adding and Editing Links via the CLI The CLI procedure for adding and editing links is the same as for creating the first link. For more information, see Defining Link Settings, on page 501. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Setting Subnet Routing S e tt i ng S ub n et R o u ti ng 53 To function properly, the Accelerator must correctly detect the layout of the network to which it is connected. In other words, it must understand where the Accelerator resides as well as all other subnets on both sides of the link that the Accelerator should serve. In this way, the Accelerator will be able to forward the packets it receives to the correct destination, as seen in the figure below. In the figure above, S1 is Accelerator 2’s direct subnet, while S2 and S3 are also subnets of Accelerator 2. Accelerator 1 must forward traffic destined for devices that are part of S2 and S3 to Accelerator 2 via Link1. In order for Accelerator 1 to do this, it must detect S1, S2 and S3 as subnets of Accelerator 2. Accelerator 2 automatically detects S1 and adds it as its local subnet. You can manually add S2 and S3 to Accelerator 2’s Subnets list, or use routing protocols to add them dynamically. If the network supports OSPF or RIP the Accelerator can function as an OSPF or RIP device to receive routing information. If other dynamic protocols are in use, the Accelerator can poll routers to learn their routing tables. Then, Accelerator 2 must advertise its subnet list to Accelerator 1, enabling Accelerator 1 to properly route packets destined to S1, S2 and S3 to Accelerator 2 via Link 1. R ev isi o n 2. 0 54 i C h ap t er 3: Configuring Networking NOTE: The Accelerator supports up to 2500 local subnets and up to 2500 remote subnets per link. Configuring Subnets Manually If the network in which Accelerator resides does not work with dynamic routing or if a subnet was not detected via OSPF or RIP, you will have to add and edit subnets manually. To add a subnet to the Accelerator: 1. In the Accelerator WebUI, click on the Setup tab, and then the My Accelerator tab, followed by the My Subnets menu. 2. Set the parameters as follows: Parameter Item Description IP Address Set the IP address of the Subnet that is connected to the Accelerator. Subnet Mask Set the Subnet Mask of the subnet. Metric The metric setting defines the priority of the route or the subnet. Set a lower number for more desirable routes. For example, on a T3 link with 1 hop, set a low metric value, whereas on a long-haul 128 Kbps link with 8 hops you should set a high number. Advertise Advertised subnets are the Accelerator’s subnets that the Accelerator broadcasts to other Accelerators when link negotiations occur. Select whether to advertise this subnet. By default, subnets that are manually added are advertised. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S e tt i ng S ub n et R o u ti ng Parameter Item (Continued) 55 Description Add route rule When adding a subnet, the Add route rule checkbox lets you create a static route rule to define how to reach the subnet. This will add an entry in the My Routes table, which displays access to the subnet via the next hop. NOTE: Once the static route is created, no connection exists between the route-rule added and the subnet. Any change made in the one will not affect the other. Next hop Add a next hop via which the subnet will be accessed. The Edit button lets you modify already added subnets by selecting them in the table and clicking this button. This may be done for manually added subnets as well as dynamically learned subnets. To delete subnets, select them in the table and click this button. When subnets that are set to be advertised are deleted, they are removed from all connected Accelerators. ! CAUTION! The Accelerator’s local subnet is automatically detected and ! added. If more than one local subnet exists, you have to add all additional local subnets. Ensure that the local subnets appear in the Local Subnets Table. Otherwise, in a non-link environment, the Accelerator QoS and Monitoring features will not function properly. Editing a Subnet Once a subnet has been added to the Accelerator, you can use the following steps to edit it. To edit a subnet: 1. In the My Subnets screen, highlight one subnet in the Local Subnet table, and click the Edit button. 2. Edit the IP address, Subnet mask, Metric and Advertise status as necessary and click the Submit button. When subnets that are set to be advertised are edited, the change is broadcasted to all connected Accelerators: R ev isi o n 2. 0 56 C h ap t er 3: Configuring Networking Configuring Remote Subnets Manually If the Accelerator network does not work with dynamic routing, or if a remote subnet was not detected via OSPF or RIP, you have to manually add, edit and delete remote subnets to be advertised by the Accelerator. When adding a subnet, you have to apply it to a specific link of your choice. The Link Subnets screen lets you display all subnets applied to a specific link. You can also use this screen to add, edit and delete subnets to be excluded from the link. To add a remote subnet to the Accelerator: 1. In the Accelerator WebUI, click on the Setup tab, and then the My Links tab, followed by the Link Subnets menu. 2. Set the parameters as follows: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S e tt i ng S ub n et R o u ti ng ! Parameter Item Description IP Address Set the IP address of the Subnet you want to connect to the Accelerator. Subnet Mask Set the Subnet Mask of the subnet. Exclude If a subnet has already been added, and specific IP address(es) are to be excluded, enter the IP address and mask and select the Exclude checkbox. 57 CAUTION! The Accelerator’s remote subnet is automatically detected and ! added. If more than one remote subnet exists, you have to add all additional remote subnets. Ensure that the local subnets appear in the Remote Subnets Table. Otherwise, in a non-link environment, the Accelerator QoS and Monitoring features will not function properly. R ev isi o n 2. 0 58 C h ap t er 3: Configuring Networking Adding Static Routes Use the following procedure to add static routes to the Accelerator. i NOTE: The Accelerator supports up to 1500 route entries in the routing table. To add a static route: 1. In the Accelerator WebUI, click on the Setup tab, and then the My Accelerator tab, followed by the My Routes menu. 2. In the static routing section (below Dynamic Routing), enter the subnet IP and Mask, and the next hop to be used for accessing the subnet. 3. Ensure that you select the Add as local subnet checkbox, if the subnet being added is local to the Accelerator. In such a case select also whether to advertise the subnet by checking the Advertise Local Subnet checkbox. 4. Click the Add button. The static route now appears in the Route Rules table. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Setting Dynamic Routing i S e tt in g D yn am i c R o u ti ng 59 NOTE: Static routes created via the My Subnets menu also appears in the Route Rules table. For more information, see sectionConfiguring Subnets Manually, on page 54. Once the static route is created, no connection exists between the route-rule added and the subnet. Any change made in one of them will not affect the other. Due to the continuous changes in routing and the vast complexity of collecting necessary routing parameters, many advanced networks use dynamic routing protocols to enable routers to exchange routing data automatically. In addition to allowing manual routing configuration, the Accelerator supports dynamic routing protocols, including OSPF and RIP v1 and v2 and Router Polling. Supporting dynamic routing protocols enables the Accelerator to use alternate routes in the event of router failure. In addition, the Accelerator learns the cost and length of each route (per bandwidth in the case of OSPF and per hop in the case of RIP), and can forward accelerated packets to the best router. The Accelerator can also load-balance best routes. A subnet whose Advertised status is manually manipulated continues to function dynamically within the routing protocol, but maintains the manually altered Advertising status. The following topics are discussed in this section: Working with OSPF Working with Router Polling i NOTE: Once Subnets are located by using OSPF or RIP, you can perform manual modifications. For example, subnets located via RIP are set by default as Not Advertised; however, you can modify them to be Advertised subnets. For Manual Subnet configuration information, see sectionConfiguring Subnets Manually, on page 54. Working with OSPF Once the Accelerator is set to work with OSPF, it updates its routing and subnets tables according to dynamic information coming from OSPF updates. All local subnets detected via OSPF are automatically set to be “advertised” by default if their metric value is between the high and the low values. Advertised R ev isi o n 2. 0 60 C h ap t er 3: Configuring Networking subnets are the Accelerator’s subnets, which are broadcasted to other Accelerators when link negotiations occur. Configuring OSPF Configuring OSPF is accomplished via the Setup - My Accelerator - My Routes Menu. To configure OSPF: 1. Click on the OSPF button. 2. Set the parameters as follows: Parameter Item Description OSPF Model Enable or Disabled OSPF Mode. Enabling OSPF Mode lets you configure OSPF parameters. Disabling OSPF Mode saves any previously configured OSPF settings, but disables OSPF capabilities. Area ID OSPF divides its networks into areas. Therefore, you must set the Accelerator with its OSPF area identification number, which lets the Accelerator identify itself to local routers. To set the Area of the Accelerator within the OSPF group, use its number or its IP Address format number. The default is 0.0.0.0. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S e tt in g D yn am i c R o u ti ng Parameter Item (Continued) Description Low/High Determines a range of subnets to be advertised. If a subnet is between the high value and the low value, it should be advertised. Locality Metric Authentication 61 Authentication on the Accelerator must match the OSPF authentication set across the network. Set the Authentication to None, Key, or MD5: None: When no authentication is necessary to communicate with other OSPF devices. Key: When a non-encrypted authentication password is needed to communicate with other devices in the OSPF network, insert the key used. This key is a common string (non-encrypted) that must be set according to what is set across all devices on the network using OSPF. MD5: When an MD5 authentication password is needed to communicate with other OSPF devices, insert the encrypted key used. This must be the password that is set across all devices on the network using OSPF. Set the ID number according to this authentication password’s ID number across the OSPF network. Neighbor IP The Accelerator automatically detects neighboring OSPF routers. If a router was not auto-detected, you can manually add up to 20 routers to the Neighbors Table. This is particularly important when connecting to nonbroadcast networks, such as an Accelerator on a subnet that does not use OSPF. This enables the Accelerator to receive OSPF routing information from a neighboring router on a subnet that uses OSPF Working with Router Polling The Accelerator’s Router Polling feature enables the Accelerator to retrieve route rules from the router’s routing table. The Accelerator uses SNMP to collect the router’s routing table and add it to the Accelerator’s list of routes. You can filter the list by collecting only routes learned by specific protocols. R ev isi o n 2. 0 62 C h ap t er 3: Configuring Networking To configure router polling: 1. Select Setup - Networking - Router Polling. 2. Set the parameters as follows: Parameter Item Description Router Polling Enable or Disable Router Polling. Enables the Accelerator to retrieve route rules from the router’s routing table. Polling Interval Sets the frequency with which the router is polled (in seconds). Default is 180 seconds. Primary Router IP Address Selects whether to use the local default gateway or to set an IP address manually. Secondary Router IP Address Selects whether not to use a secondary router IP address (default) or to set an IP address manually. SNMP Version Sets the SNMP version to be used for polling the router. SNMP Community Name Sets the SNMP community to be used for polling the router. Polling Protocols Table Lists the polling protocols used for retrieving the route rules from the router’s routing table. Check the checkbox of the route rule you want to apply, or click the checkbox next to status, to select all. The following protocols are supported: BBNSPFIGP BGP CISCO-IGRP EGP ES IS GGP HELLO ICMP IS IS Local OSPF Other RIP Static 3. After making any change, click Submit. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e En ab li ng P ac ket I n te rce p ti on Enabling Packet Interception 63 When the Accelerator is deployed in On-LAN mode, WAN traffic must be redirected through the Accelerator in order for it to work. To do that, one of the following methods can be used: Working with RIP, on page 63 Working with WCCP, on page 65 Working with RIP Once the Accelerator is set to work with RIP, it detects all subnets (including the Accelerator’s local network) connected to all routers on all connected networks and adds these to the Accelerator’s subnet and route tables. By default, all subnets detected via RIP are set to “Not Advertised”. Advertised subnets are the Accelerator’s subnets, which are broadcasted to other Accelerators when link negotiations occur. Configuring RIP Configuring RIP is accomplished via the Setup - My Accelerator - My Routes menu. To configure RIP: 1. In the Accelerator WebUI, Click on the Setup tab, and then the My Accelerators tab, followed by the My Routes menu. 2. Click on the RIP button. 3. Set the parameters as follows: Parameter Item Description RIP Mode Set RIP Mode to Enable, Passive or Disabled. Enabled Mode allows configuration of RIP parameters. Disabled RIP Mode saves any previously configured RIP settings, but disables RIP capabilities. Passive mode enables RIP in a listening mode without sending updates. Version Select the RIP version in use on the network: either RIP version 1 or RIP version 2. Note that in cases where RIP route injection is used, the RIP version should be set to version 2. R ev isi o n 2. 0 64 C h ap t er 3: Configuring Networking Parameter Item Description Authentication Authentication on the Accelerator must match the RIP authentication set across the network. When working with RIP version 1, Authentication is automatically disabled. When working with RIP version 2, set the Authentication to None, Key, or MD5: None: When no authentication is necessary to communicate with other RIP devices. Key: When a non-encrypted authentication password is needed to communicate with other devices in the RIP network, insert the key used. This key is a common string (non-encrypted) that must be set according to what is set across all devices on the network using RIP. MD5: When an MD5 authentication password is needed to communicate with other RIP devices, insert the encrypted key used. This must be the password that is set across all devices on the network that use RIP. Set the ID number according to this authentication password’s ID number across the RIP network. Neighbor IP The Accelerator automatically detects neighboring RIP routers. If a router was not auto-detected, you can manually add up to 20 routers to the Neighbors Table. This is particularly important if the Accelerator is on a subnet that does not use RIP. The Accelerator can receive its RIP routing information from a neighboring router on a subnet that uses RIP. RIP Route Injection RIP Route Injection adds a route rule to the router’s routing table, which forwards all traffic from the Accelerator’s subnets to the Accelerator. The Accelerator then returns the packets to the router after they have been processed by the Accelerator. The routes to these subnets, set on the Accelerator, are learned by the router during RIP negotiation. i NOTE: RIP must be in Active mode and set to version 2 for RIP Route Injection to operate. For more information, see section Working with RIP, on page 63. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e En ab li ng P ac ket I n te rce p ti on i 65 NOTE: For packet-interception with RIP injection, the number of injected routes is as follows: The number of injected subnets = 32 – Mask_Len or if If Mask_Len <= 8, then the formula is: the number of injected subnets = 32 – Mask_Len + 1 For example: for 10.0.0.0/30, 2 subnets for 10.0.0.0/8, 25 subnets Using RIP for Packet Interception RIP (Route Injection Protocol) is the other method used by the AcceleratorOS to enable Accelerators in On-LAN deployment to intercept packets from the LAN. To use RIP for Packet Interception: 1. In the Accelerator WebUI, Click on the Setup tab, and then the Networking tab, followed by the Packet Interception menu. 2. Select the RIP menu. 3. In the Packet Interception - RIP screen that appears now, enable RIP mode. i NOTE: If Router RIP mode is configured as Passive, you should disable Passive mode in order to enable RIP mode. For details, see section Configuring RIP, on page 63. 4. Select the maximal number of subnets that would use packet interception via RIP (any number between 1 and 2500; the default is 1000). 5. Click Submit. Working with WCCP WCCP, the Web Cache Communication Protocol, is another way in which the router can learn to forward all traffic from the Accelerator’s subnets to the On-LAN Accelerator. WCCP, a protocol usually used for directing Web traffic to a local Web Cache Server before forwarding requests across the WAN, enables the Accelerator to receive traffic from the router. Starting from Version 6.1.2, the types of traffic WCCP enables the Accelerator to receive are not only TCP and UDP (service R ev isi o n 2. 0 66 C h ap t er 3: Configuring Networking groups 77 and 78), but also other types such as ICMP, CIFS and TCPPromiscuous. For details, see Setting WCCP on the Router, on page 69. By creating an IP GRE tunnel between the Accelerator and the router, the Accelerator is able to receive and process all relevant traffic and return it to the router before the traffic traverses the WAN, as follows: 1. The Accelerator is set as a WCCP device. 2. The router directs traffic to the Accelerator. 3. The Accelerator returns accelerated traffic to the router in a GRE tunnel. 4. Data is removed from the GRE tunnel, and sent to its destination. The WebUI lets you intercept packets by using either WCCP or RIP. Using WCCP for Packet Interception The AcceleratorOS lets Accelerators in On-LAN deployment intercept packets from the LAN by using either WCCP or RIP. To use WCCP for Packet Interception: 1. In the Accelerator WebUI, click on the Setup tab, and then the Networking tab, followed by the Packet Interception menu. The default screen that appears now is Packet Interception - WCCP. 2. Select whether to enable WCCP. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e En ab li ng P ac ket I n te rce p ti on i 67 NOTE: Enabling WCCP is relevant only with On-LAN deployment. If your currently selected deployment is On-Path, please change it by going to Setup > My Accelerator > Basic > Advanced Settings. Use the Routers Table to add or delete routers to the list of routers to be used for packet interception. When adding a router, you have to indicate its router ID (the IP address used for connecting him to out network, usually the highest value number), as well as the router status (Connected/Disconnected - indicating a connection to the network). If you enable the WCCP Service, and do not set a router IP address, an error will result. 3. Use the Services Table to manage the list of services to be used for packet interception. The Services Table displays by default all of the pre-defined services, which are as follows: Web ICMP UDP TCP-Promiscuous CIFS - WAFS Additional services can be added or deleted from the Services Table. The same services must be configured on the router that is connected to the Accelerator. i NOTE: When you enable the WCCP feature, all pre-defined services are enabled by default, except for Web and CIFS. In addition, if you have multiple Accelerators deployed on your network, the same WCCP services should be enabled on each appliance. To add a WCCP Dynamic Service: 1. In the Services Table header, click the Add button. The default screen that appears now is Add WCCP User Defined Service. R ev isi o n 2. 0 68 C h ap t er 3: Configuring Networking The Parameters box lets you configure the following parameters: Service ID - any number between 0 and 254 (configurable only on dynamic services; this number is not editable on pre-defined services). Protocol ID - any number between 1 and 255 (again, configurable only on dynamic services). Priority - any number between 0 and 255 (default: 100). Weight - used for load balancing. If you have one or more Accelerators that share the router to which your Accelerator is connected, you can use this field to instruct the router what percentage of the traffic that uses this service is to be directed to the current Accelerator (default: 100). Port Direction - lets you set the port direction used for carrying out load balancing through Hash. This load balancing is configured in the router, according to either subnets (IPs) or ports. This box lets you only enable the Hash-assisted load balancing, through the Destination/Source IP, Port or both. Password - lets you enter a password for using the service. The next time your Accelerator synchronizes with the router, the router reads this password and prevents unauthorized access to this service’s traffic. 2. Use the Ports Table to add a port (optional). 3. Click Submit. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e En ab li ng P ac ket I n te rce p ti on 69 Once the new dynamic service was added, you can add it like any other WCCP service. To edit a WCCP service: 1. In the Services Table, click the number (ID) of the service you want to edit, in the ID column of the row of this service (for example, ID 52 in the UDP row). 2. In the Edit WCCP Service screen that appears now, edit the service’s various parameters. As mentioned earlier, the Service ID and Protocol ID parameters can be edited only in dynamic services. 3. Click Submit. Setting WCCP on the Router Using WCCP requires you to configure WCCP to work on the network’s router using the same service settings (the port numbers in the Accelerator must be identical to the Router on a per service basis). You can use CLI commands to configure WCCP on Cisco routers. For more information, see the Configuration Guide supplied with your router. You can use CLI commands to configure WCCP on the Accelerator. When configuring WCCP on multiple appliances, make sure that the WCCP services on each Accelerator is identical. See Configuring WCCP, on page 448. R ev isi o n 2. 0 70 C h ap t er 3: Configuring Networking Setting the Accelerator’s Time By default, time settings are configured automatically on the Accelerator based on the local time of the attached management PC. You can alter the time setting manually, or set it to receive time synchronization from a Simple Network Time Protocol server (SNTP). To set the Accelerator’s Clock: 1. Click on the Setup tab, and then the My Accelerators tab, followed by the Time menu. 2. In the Time menu, select either Set device time or Use SNTP. For manual time settings, insert the local time and date for the Accelerator. For SNTP, enter the server IP address and the frequency with which the server is to be polled for time updates. 3. Click the Submit button. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C o n fi gu r i ng DH CP S e r ve r s Configuring DHCP Servers 71 Managing the DHCP servers on your system requires a configuration file. By default, the DHCP server is disabled. To enable it, you have to download the sample DHCP configuration file and save it on your system. When you have a configuration file, you can either use the current file or customize the file and then upload the customized file. To display the lease data of a selected IP address: 1. In the Accelerator WebUI, Click on the Setup tab, and then the Networking tab, followed by the DHCP menu. 2. In the DHCP Server field, set the status to Enable. 3. In the Lease section, enter an IP address of your choice and click the Show Lease button. The host name, IP address and expiry date are displayed on the screen. Activating DHCP Relay Agent The DHCP relay agent allows placing DHCP clients and DHCP servers on different networks, thus solving the problem that arises because DHCP broadcast messages do not, by default, cross the router interfaces, without using the costly solution of placing a DHCP server on each network segment. Choosing the DHCP relay agent solution lets you use fewer DHCP servers and place these machines in central locations. To solve the problem of DHCP broadcast messages, you can configure the routers to pass DHCP/BOOTP messages selectively, a process known as BOOTP relay. A router or Accelerator that carries out DHCP relay does not just forward BOOTP broadcast messages, but actually examines the packet, makes appropriate changes to it, and only then relays the packet to a DHCP server. The DHCP server to which the packet is relayed is configured by adding a Helper Address on the router or an IP address under the local interface of the Accelerator. The relay agent communicates with a DHCP server and acts as a proxy for DHCP broadcast messages that need to be routed to remote segments. Like the routerbased BOOTP Relay Agent, the DHCP Relay Agent is configured with addresses of DHCP servers to which they should relay the DHCP message. The DHCP Agent communicates with the DHCP server by using unicast communications instead of R ev isi o n 2. 0 72 C h ap t er 3: Configuring Networking broadcast messages. Therefore, the Agent’s requests can be routed to a server on a remote network, regardless of segment boundaries. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S et t in g E x pan d View Co n n ec ti vit y P a r am et e r s Setting ExpandView Connectivity Parameters 73 Registered users of ExpandView enjoy the benefit of having ExpandView automatically discover a new registered Accelerator as soon as a link to that Accelerator is established. However, if the default settings of ExpandView are changed (for example, port), or if the auto-discovery fails, you have to update the ExpandView agent’s parameters accordingly To define ExpandView Connectivity parameters: 1. Click on the Setup tab, and then the My Accelerator tab, followed by the ExpandView menu. 2. In the ExpandView menu, select the Enable ExpandView Agent box. 3. Enter the ExpandView Server’s IP address and port number. 4. Click the Submit button to submit the registration request. If all parameters were entered appropriately, the Status line now displays the current status (enabled/disabled). R ev isi o n 2. 0 74 C h ap t er 3: Configuring Networking Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chapter 4: Monitoring the Network This chapter explains how to use and understand the Accelerator’s advanced graphic reporting and statistics feature that enables monitoring of Accelerator performance and throughput. This chapter includes the following sections: Introduction to Monitoring, on page 76 Using Link Statistics and Graphs, on page 80 Discovering Traffic, on page 86 Viewing Applications’ Statistics and Graphs, on page 89 Viewing Summary Graphs, on page 95 Viewing Ethernet Statistics, on page 96 Configuring NetFlow Support, on page 98 76 C h ap t er 4: Monitoring the Network Introduction to Monitoring All statistics generated for these graphic reports are saved in the Accelerator history log, so that if Windows closes or if an Accelerator reboots, you can easily re-access the chart or graph via the Accelerator WebUI. The graphs are automatically updated, according to a set frequency. The Accelerator samples the data behind-the-scenes and stores it in a compact way, which lets you view data up to the minute over a period of up to a year. This sampled data represents the average over the selected period of time. Expand recommends that you open a maximum of five charts per-Accelerator simultaneously. The monitoring feature, available via the Monitor tab, lets you view statistics and graphs for From WAN, To LAN, To WAN, and From LAN traffic, as described in the following figure: i NOTE: In a non-link environment, if a local subnet is not defined as LOCAL, the Accelerator QoS and Monitoring features do not function properly. Ensure that all Local subnets are defined as local. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Working with Monitoring Wo r k in g w i th M on i to r i ng 77 To work with monitoring, you first need to take several steps, defined in the following sections: Installing the JAVA Applet, on page 77 Using Verisign Security Certificate, on page 78 Studying The Monitoring Window, on page 78 i NOTE: The Accelerator’s graphic reporting feature works with the JavaApplet (JRE 1.4 and up, recommended to use the Java-Applet provided on the Expand Networks Extranet). The PC used for viewing the graphs must support Java runtime environments and a Java plug-in must be installed in order to view the Accelerator’s graphs Installing the JAVA Applet To determine whether you need to install the Java plug-in, from the Start button, click Settings > Control Panel > Add or Remove Programs. Search the list for JAVA 2 Runtime Environment. If you do have this software installed and have verified that you are using the correct version, you are ready to begin working with the Accelerator’s Graph Monitoring feature. If the JAVA plugin is not installed on the PC, follow this procedure to download and install the plugin. To download and install the Java plugin: 1. In your Internet Browser window, type the following URL into the Address field: http://www.expand.com/Solutions/Index.aspx?URL=/Solutions/Java-Plug-In.aspx 2. Save the Java installation file onto your PC. 3. Double-click the Java installation file. The Java Plug-in installation wizard opens. Use the default settings to install the Java-Plug-in. This plug-in lets you view the Accelerator’s Graphic-Reporting feature by opening a new Internet Explorer window and entering the Accelerator’s IP address into the Address field. R ev isi o n 2. 0 78 C h ap t er 4: Monitoring the Network Using Verisign Security Certificate In order to work with the Monitoring feature, Windows requests you to verify that the Accelerator is a trusted site, by displaying the popup window shown below. To avoid seeing the popup each time you try to access the Monitoring menu, you are advised to click the Always button. Studying The Monitoring Window Option Description Direction The Accelerator’s monitoring feature lets you view statistics for inbound our outbound traffic on the Accelerator. Link The Accelerator’s monitoring feature lets you view statistics per link, for a specific link, for the total for all Accelerator’s links, for the total for compressible links, for the non-link, or for the total for virtual links. View Last Scroll down in the View Last drop-down menu to select the period for which the graph is displayed. The default period is 30 minutes. Link Speed You can set the link speed in the fields above the graph to add a line to the displayed graph, enabling you to see the limit of throughput that can actually traverse the link. By default, when Auto is selected in the link speed column, the link speed is set to the bandwidth set for the link selected. When total is selected in the Link column, the default link speed (when Auto is selected in the Link speed column) is set to either the total bandwidth set for all links or the sum of all WAN bandwidths; total is the lower value of the two. Peak Data Select the Show checkbox if you want to see the peak lines representing the highest statistics achieved for the reported period. All graphs displayed give an average of the performance for any given interval. Therefore, viewing Peaks is necessary for understanding the Accelerator’s overall performance. Save Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Click the Save button to save the generated graphs as a JPG or a PDF file. You are then directed to browse to a location in which to save the file. The PDF file created displays each graph in the selected Monitoring window and a brief description of each. Wo r k in g w i th M on i to r i ng Option Export to CSV 79 Description Click the Export to CSV button to save the generated graphs as a CSV file. You will be directed to browse to a location in which to save the file. The file created generates a table with the following fields: Name, Description, Period, Interval, Sample Time, In, Peak In, Effective In, Effective Peak In, Inbound Acceleration, Inbound Peak Acceleration, Inbound Compression, Inbound Peak Compression, Out, Peak Out, Effective Out, Effective Peak Out, Outbound Acceleration, Outbound Peak Acceleration, Outbound Compression, Outbound Peak Compression For a description of these fields, see section Gathering Statistics for Detected Applications, on page 93. R ev isi o n 2. 0 80 C h ap t er 4: Monitoring the Network Using Link Statistics and Graphs The link statistics and graphs let you monitor the performance of the Accelerator and its links. Alternatively, you can monitor the Accelerator based on the Applications traversing its links. Viewing Throughput Statistics per Link The Throughput Statistics per Link graph lets you monitor how much traffic passed through the Accelerator. This graph lets you compare between accelerated throughput, (what actually goes over your WAN link) and the pre-accelerated throughput, which is the throughput that would have been used without the Accelerator’s compression mechanisms. The blue area represents the actual bandwidth used with the Accelerator, while the yellow represents the amount of bandwidth that would have been used without the Accelerator. i NOTE: If the Accelerator is not deployed the available bandwidth is reduced, therefore you should expect to see slower rates used by their servers and hosts. Viewing Utilization Statistics per Link Ac ce ler at o rOS 6 .1 .2 Us er Gui d e U sin g L in k Stat i st ics a nd G r ap h s 81 The Utilization Statistics per Link graph lets you monitor how much of the links is being utilized. The traffic displayed is accelerated traffic, and therefore cannot exceed 100% of the link speed. Selecting the link speed is necessary in order for the Utilization graph to display accurate data. Viewing Acceleration Statistics per Link The Acceleration Statistics per Link graph lets you view acceleration percentages for inbound and outbound traffic on the Accelerator per interface/link or for the total for the Accelerator. Understanding Acceleration The Acceleration percentage describes how effectively the Accelerator is processing and compressing the traffic. This statistic does not take into account traffic that bypasses the acceleration mechanism. Acceleration percentages are calculated as follows: To calculate acceleration: Refer to the Monitor > Links > Statistics menu for data to be used in the following procedure. 1. Multiply the number of In Packets by 14. 2. 3. 4. 5. This accounts for the Ethernet Layer-2 header. Subtract this number from the number of In Bytes. Divide this number by the sum of the Out Packets multiplied by 14 and subtracted from Out bytes. Subtract 1 from the sum. Multiply the ratio by 100 to arrive at the acceleration percentage. R ev isi o n 2. 0 82 C h ap t er 4: Monitoring the Network InBytes – 14 X InPackets ------------------------------------------------ – 1 X 100 OutBytes – 14 X OutPackets InBytes—Incoming bytes (from LAN) - Do not tunnel bytesRouting bytes- Passthrough bytes InPackets—Incoming packets (from LAN) - Do not tunnel packets Routing packets - Passthrough packets OutBytes—Outgoing bytes (to the WAN) - Do not tunnel bytes Routing bytes - Passthrough bytes - System messages bytes OutPackets—Outgoing packets (to the WAN) - Do not tunnel packets - Routing packets - Passthrough packets - System messages packets. Parameter Item Description Do Not Tunnel Traffic set with the “Do Not Tunnel” decision, Non-link traffic, Virtual link traffic Routing Traffic between the Accelerator and the local router to retrieve routing information for the local LAN Passthrough Traffic set with the “Do Not Accelerate” decision, overload traffic System Messages Keepalives and so on. For example: in a simple scenario in which the packet size is 1000 bytes: If InBytes = 300,000 and OutBytes = 100,000 then: 300000 – 14 X 300 --------------------------- – 1 X 100 = 208 100000 – 14 X 300 Viewing Compression Statistics per Link The Compression Statistics per Link graph displays the amount by which traffic was reduced by the Accelerator. This graph represents in percents, how much less data is passing over the physical link because of acceleration. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e U sin g L in k Stat i st ics a nd G r ap h s 83 Viewing Statistics per Link The Accelerator’s Statistics table displays data presented in the Link graphs in table format per link or for the entire traffic. To view a statistics table: 1. In the Accelerator’s WebUI, click on Monitor, followed by the Links tab and then the Statistics tab. 2. Select a link from the drop-down menu, or Total to view statistics for all links. 3. From the drop-down menu, select the statistics to be displayed: All, Throughput, Errors, Acceleration. Parameter Item Description In Bytes Number of input bytes. Raw In Bytes Total incoming bytes being accelerated using these links In Packets Number of input packets Dropped In Packets Incoming packets that were dropped by QoS enforcements, such as queues and obsolete Discarded In Packets Incoming packets that were discarded by a rule with discard policy (discard all P2P) Agg Default Incoming packets that were aggregated as part of the default post-acceleration aggregation policy. In packets Agg Custom-1 In Packets Agg Custom-2 In Packets Incoming Packets that were aggregated as part of the custom-1 postacceleration aggregation policy. Incoming Packets that were aggregated as part of the custom-2 postacceleration aggregation policy. Agg Citrix In Packets Incoming Packets that were aggregated as part of the Citrix post-acceleration aggregation policy. CRC Errors Number of CRC-errored packets received Other Errors Unexpected errors received In Acceleration Inbound Acceleration percentage In Actual Acceleration Acceleration that considers all incoming throughput over the selected period In Compression Inbound compression percentage R ev isi o n 2. 0 84 C h ap t er 4: Monitoring the Network Parameter Item (Continued) Description Out Bytes Number of outgoing bytes Raw Out Bytes Total outgoing bytes being accelerated using this link Out Packets Number of outgoing packets Dropped Out Outgoing Packets that were dropped by QoS enforcements (queues, obsolete and so on.) Packets Discarded Out Packets Pass-thru Out Packets Outgoing Packets that were discarded by a rule with discard policy (discard all P2P). Outgoing Packets that were discarded by a rule with discard policy (discard all P2P) Poly Out Packets Number of small packets aggregated, or combined, before transmission Agg Default Outgoing Packets that were aggregated as part of the default post-acceleration aggregation policy Out Packets Agg Custom-1 Out Packets Agg Custom-2 Out Packets Agg Citrix Out Packets Do Not Acc Packets Do Not Tunnel Outgoing Packets that were aggregated as part of the custom-1 postacceleration aggregation policy. Outgoing Packets that were aggregated as part of the custom-2 postacceleration aggregation policy Outgoing Packets that were aggregated as part of the Citrix post-acceleration aggregation policy Number of packets sent out marked as Do not Accelerate. Packets Number of packets sent out marked not to be routed into the link. Out Acceleration Outbound Acceleration percentage Out Actual Acceleration Acceleration that considers all outgoing throughput Out Compression Outbound compression percentage All statistic items are displayed according to: Data—Lists type of statistic gathered. System up—Data transferred over the link selected that was collected since the Accelerator was powered on. Data is listed in KB, in percentages, or in number of packets. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e U sin g L in k Stat i st ics a nd G r ap h s 85 Since Clear—Data transferred over the link selected that was collected since the Accelerator’s counters were last cleared. Data is listed in KB, in percentages, or in number of packets. Last 5 Seconds—Data transferred over the link selected that was collected over the last 5 seconds. Data is listed in Kbps or in percentages. R ev isi o n 2. 0 86 C h ap t er 4: Monitoring the Network Discovering Traffic The Traffic menu lets you view applications running on the network. Traffic is divided into the following categories: Detected traffic (all other applications detected on the network - non-classified traffic that is not part of a predefined or user-configured application type), Monitored traffic (all applications set to enable “collect statistics”), and Layer-7 discovery (the application properties discovered on the network). Viewing Detected Applications The Detected Applications menu lets you view all detected applications that traverse the network. You can view the applications coming in both directions (from LAN to WAN and conversely), the throughput before and after the acceleration, and the acceleration rate. Viewing Detailed Traffic Discovery To view detailed traffic discovery for detected applications: 1. In the Accelerator’s WebUI, click on Monitor, followed by the Traffic Discovery tab and then the Detected Applications tab. 2. Click on the Details column. The Traffic Discovery window appears. This window contains the following items: The Clear Counters button - lets you clear all counters for the discovered application. This is useful in case you want to start collecting new statistics without restarting the system. The Inbound section - details data regarding the inbound traffic. All data items detailed here can be seen since the system was last Ac ce ler at o rOS 6 .1 .2 Us er Gui d e D isc o ver in g Tra f fi c 87 started (System up), since the last time the counters were cleared (Since Clear) or in the last five seconds. The Outbound section - details data regarding the outbound traffic. All data items detailed here can be seen since the system was last started (System up), since the last time the counters were cleared (Since Clear) or in the last five seconds. The Inbound section details the following data items: In Bytes - the amount of compressed bytes that entered the link in this specific system. Raw In Bytes - the amount of pre-compressed bytes that entered the link in this specific system. Queued in bytes - the amount of bytes waiting to enter the system. In Packets - the amount of compressed packets that entered the link in this specific system. Dropped In Packets - the amount of packets that were not accelerated. Discarded In Packets - the amount of packets that were discarded before passing through the link. The Outbound section details the same data items, in the outbound direction. Viewing Monitored Applications The Monitored Applications menu lets you view all monitored applications traversing the network. You can view the applications coming in both directions (from LAN to WAN and conversely), the throughput before and after the acceleration, and the acceleration rate. The Monitored Applications window is as follows: R ev isi o n 2. 0 88 C h ap t er 4: Monitoring the Network Discovering Layer-7 Applications The L-7 table lists the application properties discovered on the network. These may be L7-applications that have been defined already or L7-applications that are not defined but have been detected. To configure the QoS parameters of these applications, double-click the applications in the table. To discover which HTTP/Citrix applications are present on the network: 1. In the Accelerator WebUI, click Monitor, followed by Traffic Discovery and then L7 Discovery. 2. In the Parent L7 Application field, select either HTTP or Citrix. 3. Select the Enable Discovery checkbox. By default this checkbox is disabled. The L7 table lists the application properties discovered on the network. These may be L7-applications that have been defined already or L7-applications that are not defined but have been detected. 4. To configure the QoS parameters of these applications, double-click the applications in the table. This eases the process of defining QoS for the applications, because the L7 application parameters are detected and filled-in automatically (MIME type, URL, Citrix Application name and client and so on). Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Vi ewi ng Ap p lic at io n s’ Stat i st ics a nd Grap h s Viewing Applications’ Statistics and Graphs 89 The WebUI lets you display statistics and save them in external formats such as PDF and Excel. In addition, you can monitor the Accelerators in your system. You can to carry out the following operations: Viewing Utilization Statistics per Application, on page 90 Viewing Acceleration Statistics per Application, on page 91 Viewing Compression Statistics per Application, on page 91 Viewing Bandwidth Distribution Statistics per Application, on page 92 Monitoring Applications, on page 92 Gathering Statistics for Detected Applications, on page 93 Graphs viewed per application let you view statistic data items, export them into a CSL file, or save them in Acrobat (PDF) format. For each graph, the following options are available, as seen in the screen below: Parameter Description Application Select an application to view, or select Top 10 or From List. Top 10 displays results for the ten applications that are most prevalent on your network. From List displays the ten applications selected in the Monitored Applications window. Direction The Accelerator’s monitoring feature lets you view data for From WAN, To LAN, To WAN and From LAN traffic on the Accelerator. Link The Accelerator’s monitoring feature lets you view data per link or for the total for all of the Accelerator’s links. View Last Scroll down in the View-last drop-down menu to select the period for which the graph is displayed. The default period is 30 minutes. Link Speed You can set the link speed in the fields above the graph to add a line to the displayed graph, which lets you see the limit of throughput that can actually traverse the link. Peak Data Select the Peak Data checkbox if you want to see the peak lines representing the best statistics achieved for the reported period. Because all graphs displayed give an estimate of the performance for any given interval, viewing the peaks is necessary for getting a full picture of the Accelerator’s overall performance. R ev isi o n 2. 0 90 C h ap t er 4: Monitoring the Network Setting up Graphs Only applications defined as “monitored” applications are displayed in the application graphs. The Traffic Discovery menu lets you view all applications traversing the network. Viewing Utilization Statistics per Application The Utilization Statistics per Application graph lets you monitor how much in percentage the link is being utlized by a single application. This graph lets you compare between inbout and outboutnd utilzation (what actually goes over your WAN vs LAN link). The blue area represents your bandwidth gains with the Accelerator, allowing you to see just how much the Accelerator is really adding to the line. You can view the graph per each application, for the top 10 applications or for ten selected applications. To enable monitoring of a discovered application: 1. Click on Monitor followed by Applications, followed by Utilization. 2. In the Applications table, highlight the applications to be monitored and use the arrow keys to add or remove these applications from the monitored applications table. 3. In the Direction field, select to or from LAN or WAN. Viewing Throughput Statistics per Application The Throughput Statistics per Application graph lets you monitor how much traffic per application passed through the Accelerator. This graph lets you compare between accelerated throughput (what actually goes over your WAN link) and the pre-accelerated throughput, which is the throughput that would have been passed without our advanced compression mechanisms. The blue area represents your bandwidth gains with the Accelerator, allowing you to see just how much the Accelerator is really adding to the line. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Vi ewi ng Ap p lic at io n s’ Stat i st ics a nd Grap h s 91 You can view the graph per each application, for the top 10 applications or for ten selected applications. To enable monitoring of a discovered application: 1. Click on Monitor followed by Applications, followed by Monitor Applications. 2. In the Applications table, highlight the applications to be monitored and use the arrow keys to add or remove these applications from the monitored applications table. 3. In the Apply to Link field, scroll down to select the link whose traffic you want to display Viewing Acceleration Statistics per Application The Acceleration Statistics per Application graph lets you view acceleration percentages for inbound and outbound applications on the Accelerator per interface/ tunnel or for the total for the Accelerator. Viewing Compression Statistics per Application The Compression Winow is as follows: R ev isi o n 2. 0 92 C h ap t er 4: Monitoring the Network The Compression Statistics per Application graph display, in percents, the amount by which data traffic over the physical link was reduced, presented in distribution per single applications. Viewing Bandwidth Distribution Statistics per Application To gain a better picture of what kind of traffic is traveling across your line, the Bandwidth Distribution Graph details the percentage of bandwidth consumed by each selected class. The distribution is for accelerated data, meaning that traffic types that benefit from a high acceleration percentage consume a relatively small percentage of the line, though they constitute a higher percentage of the pre-accelerated data. Monitoring Applications This section explains how to use and understand the Accelerator’s advanced graphic reporting and statistics feature that enables monitoring of accelerated applications. Applications are either predefined or user-defined. By default, 50 of the predefined applications are considered Monitored applications (see Pre-Defined Applications, on page 335), and all user-defined applications are Monitored by default. Monitored applications are applications for which statistics are saved in the Accelerator to be displayed in graphs and charts. You can monitor simultaneously up to 50 applications on each Accelerator, and up to 10 applications on each link. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Vi ewi ng Ap p lic at io n s’ Stat i st ics a nd Grap h s 93 The Monitor Application window is as follows: To gather statistics for a predefined application: 1. In the Accelerator’s WebUI, click on Setup, followed by My Applications. 2. Under View select Defined Applications. 3. Click the application whose statistics are to be saved. The Edit Application screen appears. 4. Select the Collect statistics checkbox. 5. Click Submit. After you selected the applications for which you want to gather statistics, you can use the Monitor Applications menu to select up to 10 applications for which statistics can be provided as a unit. Use the arrow button to move the requested applications from the Applications table to the Monitored Applications table. Gathering Statistics for Detected Applications To enable application statistics gathering: 1. In the Accelerator’s WebUI, click on the Monitor tab, followed by Traffic Discovery. 2. In the Detected Applications window, click on the name of the requested detected application. The Create Application from Discovered Traffic window appears. 3. In this window, select the Collect statistics checkbox. 4. Click the Submit button. R ev isi o n 2. 0 94 C h ap t er 4: Monitoring the Network 5. 6. 7. 8. i The application now appears in the list of Monitored Applications. Under Applications, click Monitor Applications. In the Apply to Link scroll down menu, select the link over which this application should be monitored: this can be all links, a specific link or the Non-link. Highlight the names of applications you want to monitor and use the arrow button to add them to the list of Monitored Applications. Click the Submit button. You can view the newly created list of monitored applications from any of the application graph screens by selecting From List from the Applications scroll down text box. To modify the list, click the Edit List link found next to the From List selection. NOTE: As soon as even one undefined packet is detected (TCP/UDP), it is displayed as an unrecognized port in the traffic discovery list. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Viewing Summary Graphs Vi ewi ng Su mm a ry Grap h s 95 The Accelerator lets you view a selection of important performance graphs to provide you with an overview of your network performance. The Summary menu lets you view several graphs via a single screen. The data used in the graphs is based on the total traffic on all Accelerator links. To view summary graphs: 1. In the Accelerator’s WebUI, click on the Monitor tab, followed by Summary. 2. Select the link, view last, link speed and peak data options. The Summary Window appears. R ev isi o n 2. 0 96 C h ap t er 4: Monitoring the Network Viewing Ethernet Statistics The Accelerator lets you view a statistic detailing of the data displayed on the monitoring graphs. Refer to one of the following sections for details regarding the configuration of Ethernet statistics: Configuring Ethernet Display via the WebUI, on page 96. Configuring Ethernet Display, on page 471 for configuration with the CLI. Configuring Ethernet Display via the WebUI Follow these steps to view, via the WebUI, a statistic detailing of the data displayed on the monitoring graphs: 1. Click on Monitor followed by Interfaces. The Ethernet Statistics window opens. 2. In the Ethernet Statistics screen, select the relevant Ethernet card in the Interface field. The buttons near the Interface field let you clear either the counters of the currently selected interface or all counters of all interfaces. All statistic items, in both inbound and outbound directions, are displayed according to: Data—Lists type of statistic gathered Ac ce ler at o rOS 6 .1 .2 Us er Gui d e View i n g Et he rn et Sta ti st ic s 97 System Up—Data transferred over the selected link, which was collected since the Accelerator was powered on. Data is listed in KB, in percentages, or in number of packets. Since Clear—Data transferred over the selected link, which was collected since the Accelerator’s counters were last cleared. Data is listed in KB, in percentages, or in number of packets. Last 5 Seconds—Data transferred over the selected link, which was collected over the last 5 seconds. Data is listed in Kbps or in percentages. R ev isi o n 2. 0 98 C h ap t er 4: Monitoring the Network Configuring NetFlow Support The Accelerator supports Cisco’s NetFlow protocol (version 5), which enables collecting traffic flow statistics on routing devices. NetFlow is based on identifying packet traffic and reporting the traffic statistics to the collector. The traffic reported is traffic before acceleration, which lets you receive data regarding “real” traffic (not encrypted, tunneled or accelerated). NetFlow does not involve setting any connection-setup protocol either between routers or to any other networking device or end station, and does not require any change externally—either to the traffic or packets themselves or to any other networking device. NetFlow provides various statistical data items (WAN-to-LAN or LAN-to-WAN), in addition to the items generated by the Accelerator. NetFlow uses the following SNMP names: eth 1 (for ETH 0/0) eth 2 (for ETH 0/1) By using these names, the Collector receives on-path indication even when onLAN deployment is used. In the Collector, eth 2 is used as the Out port and eth 1 as the In port in LAN-toWAN deployment, while the opposite happens in WAN-to-LAN deployment (eth 1 is used as the Out port and eth 2 as the In port). When using the CLI to configure NetFlow, you have to indicate which port is used for connecting to the LAN. The following traffic types are not reported: i WAN-to-WAN LAN-to-LAN (including bridgeless traffic). NOTE: The NetFlow collector listening port is needed for establishing a connection between the Accelerator and the collector. Ensure that this port is not blocked by a firewall installed between the Accelerator and the collector. Identifying the Traffic NetFlow detects the local subnets’ source and destination addresses, and determines the traffic direction according to these addresses: the local address are detected as LAN, while the other address are detected as WAN. However, local subnets that were configured in the Accelerator to be excluded (namely: to be connected through a non-link) are detected as WAN. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n f ig u r in g N et Fl o w S u p p or t 99 NetFlow is completely transparent to the existing network, including end stations, application software and network devices like LAN switches. In addition, NetFlow is performed independently on each internetworking device, and need not be operational on each router in the network. NetFlow exports data to a remote workstation for collection and further processing. NetFlow does consume CPU resources; therefore, you should be aware of the resources required on your Accelerator before enabling NetFlow. The Accelerator communicates data to Collector as it is set to act as any other probe on the network, forwarding its packet statistics to the NetFlow Collectors, such as Scrutinizer™ and PRTG™, which let you monitor and analyze Accelerator packets. i NOTE: For your convenience, an evaluation version of the NetFlow collector has been provided for you on the Documentation CD. Enabling NetFlow via the WebUI To enable NetFlow via the WebUI: 1. Click on the Setup tab, followed by Advanced, followed by Netflow. 2. Use the relevant fields to enter the Collector IP address, port number and interface. Alternatively, click the Set Default Values button to reset the Netflow configuration values to factory values. 3. Click the Submit button. R ev isi o n 2. 0 100 C h ap t er 4: Monitoring the Network Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chapter 5: Applying QoS This chapter describes the procedures necessary for configuring the Accelerator’s QoS plug-in. The QoS plug-in lets you prioritize traffic traversing the Accelerator network. The chapter is divided into the following basic sections: i Carrying Out Basic QoS Configuration, on page 104. Basic QoS configuration should be sufficient for relatively simple networks and basic traffic prioritization. Basic QoS configuration lets you view traffic traversing the network, to create applications for unrecognized traffic, and to prioritize these applications as well as predefined applications. Setting Advanced QoS Parameters, on page 115. Advanced QoS enables a higher level of control, enabling the creation of rules for different applications. These rules allow fine-tuning of the type of traffic filtered, as well as the type of shaping set for the application. NOTE: QoS settings take effect when there is congestion. Any minimum bandwidth guaranteed to a traffic type is set aside for this type of traffic only if enough of this type of traffic traverses the line. 102 C h ap t er 5: Applying QoS Accelerator QoS QoS, or Quality of Service, is designed to help manage traffic across the network in order to combat the congestion, latency and greedy and rogue applications that all contribute to poor application and network performance. Organizations need to be able to allocate bandwidth to mission-critical applications, slow down non-critical applications, and stop bandwidth abuse in order to efficiently deliver networked applications to the branch office. Studying the QoS Solution The powerful QoS solution was designed with simplicity of management in mind. Traffic is automatically categorized into application classes - the Accelerator arrives with hundreds of applications predefined in the system. This makes it easier to generate a picture of exactly what is traversing the network, in order to then decide what should be traversing the network. Once a clear picture of the current network and the ideal network is attained, easy to understand shaping policies like “realtime” or “block” govern the flow of traffic. The Accelerator’s QoS mechanism is single-sided, in that it can also work across a Virtual Link, in which the Local Accelerator does not work opposite a Remote Accelerator. For a complete explanation as to how the QoS mechanism functions and is implemented, see Setting Advanced QoS Parameters, on page 115. QoS enables the Accelerator to provide the following: Automatic Traffic Discovery—Accelerators automatically discover and classify hundreds of enterprise applications based on Layer-3 (IP), Layer-4 (TCP, UDP, and so on) and even Layer-7 parameters including web URLs, MIME types (for example: streaming audio) or Citrix (published applications over ICA). End-to-end application performance monitoring—Accelerators provide complete network visibility and enable speedy response to application performance changes on an enterprise-wide scale with end-to-end monitoring and dozens of reports. Transparency to existing QoS infrastructure—Accelerators are transparent to router-based QoS implementations by honoring and preserving priorities set on traffic flowing through them. Advanced networking features such as router-based QoS rely on IP packet header information to be effective. The Accelerators preserve packet header information and compress only the payload that integrates Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Ac ce le rator QoS 103 seamlessly with advanced networking features such as router-based QoS, load-balancing, WAN monitoring and MPLS tagging. Priority treatment for critical applications—Accelerators enable important and urgent application traffic to get priority treatment with advanced traffic shaping for both inbound and outbound traffic. Packet fragmentation assures that VoIP/video latency budgets are not violated by large data packets, while packet aggregation ensures higher WAN capacity and stabilizes jitter. Guaranteed bandwidth for specific applications—Accelerators can reserve bandwidth for specific applications. This guarantees that you can allocate delay-sensitive traffic such as VoIP a minimum amount of bandwidth to ensure optimal voice quality even when WAN links are congested or oversubscribed. Restricting rogue and greedy applications—Accelerators restrict greedy applications like file sharing and Internet audio streaming to a maximum bandwidth budget in order to guarantee that other important applications are not bandwidth-starved. Traffic bursts allow applications to take advantage of free capacity if available. Seamless integration with compression—When compression is enabled, the QoS mechanism automatically adjusts to account for the extra available bandwidth created when traffic is compressed. In the Accelerator, rule limit and desired shaping are applied to traffic before it is compressed. However, link shaping (bandwidth for the link and the WAN) is applied to traffic after the traffic has been compressed, because the important result is end-user experience, not the physical link usage. While basic traffic management is simple via the My Applications menu, you can program complex QoS with nested rules, decision trees and other advanced features. R ev isi o n 2. 0 104 C h ap t er 5: Applying QoS C arrying O u t B a s i c Qo S Con f igu ra tio n Basic QoS configuration is accomplished via the My Applications menu, which is populated by all traffic types detected on your network. This menu lets you create new, user-defined applications for traffic not categorized automatically as a predefined application, and to set basic traffic shaping parameters for predefined and user-defined applications - how should the network prioritize and handle each application. i ! ! NOTE: In a non-link environment, if a local subnet is not defined as LOCAL, the Accelerator QoS and Monitoring features do not function properly. CAUTION! By default, the following encrypted applications are not accelerated: pop3s, https, ircs, nntps, ftps, ftps-data, telnets, ssh, sshell, ldaps, smtps, imaps. Viewing My Applications The My Applications Menu in the Accelerator WebUI lets you view traffic per application, filtered by a certain criteria. To view traffic per application: 1. Click on Setup followed by My Applications. 2. In the My Applications screen, select Discovered traffic, Defined Applications, Monitored Applications, Defined L7 Applications, or All from the pull-down menu. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C ar ryi ng O u t B as ic Q o S C o nf ig u ra ti on 105 The table displayed on the My Applications Menu details the Outbound Traffic (by default, only classified traffic is displayed). Basic data about the settings for each traffic type is provided, including Application Name, Minimum bandwidth set (if assigned), Maximum bandwidth set (if assigned), Priority assigned, and acceleration status. The From-LAN statistics pull-down menu lets you customize the statistics type to be viewed for the applications, LAN to WAN (outbound traffic) or WAN to LAN (inbound traffic): Creating New Applications New applications should be created for all traffic types that do not already exist in the list of predefined (classified) traffic applications, or as subsets of these applications to further filter the traffic type selected. R ev isi o n 2. 0 106 C h ap t er 5: Applying QoS To create an application: 1. In the My Applications menu, click the Create Application button. The Create Application menu opens. 2. Update the following parameters to define the Application and how it is handled: Parameter Item Description Application name The default name for a new application is new_application. You have to modify the name of the application to a name indicating the type of traffic considered in this application. Maximum of 31 characters, no spaces. Special characters are allowed. Aggregation class The aggregation Class setting controls the Citrix Plug-in. The Citrix Acceleration Plug-in feature utilizes network resources more efficiently in LAN-based Accelerator deployments and delivers improved acceleration results for Citrix-hosted applications. Citrix MetaFrame users repeatedly access the same content from the network. The Accelerators’ Citrix Acceleration Plug-in feature enhances support for Citrix MetaFrame applications because, through the use of statistical multiplexing, the Citrix Acceleration plug-in allows more Metaframe data to traverse the WAN. The Accelerator achieves this increase in throughput by: Consolidating Citrix header data in pure IP implementations - IP header represents significant overhead in small packets generated by Citrix. It constitutes almost 30% of the Citrix packet. The Citrix Acceleration plug-in removes repeat header information and sends this data only once across the network. Consolidating Citrix payload in all environments - the Citrix Acceleration plug-in extracts data from small packets originating from different Citrix MetaFrame users, and sends packets optimized for specific WAN conditions. The Citrix Acceleration plug-in eliminates all redundant data transmissions across the WAN. Controlling latency and jitter - the Citrix Acceleration plug-in reduces latency and jitter, especially over slow WAN links that are commonly used for Citrix Metaframe deployments. The end-result is better, more consistent Citrix performance; and support of up to four times more Citrix users on the existing infrastructure. Aggregation is performed at the link-level and improves acceleration for traffic with small to medium packets (like Citrix/ICA traffic or Telnet traffic), and aggregates compressed packets. The Aggregation class sets the class to which this application is related. Aggregation reduces the size of the traffic by aggregating compressed packets, before sending them over the WAN. The compressed packets are aggregated in the link per class. The classes are defined via the CLI and set the aggregation packet limit, and allows a pre-defined delay (window) before sending the packets. For aggregation class configuration details, see Managing Aggregation Classes, on page 482. Collect statistics Enabling statistics history saves statistics for this application for up to one year. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C ar ryi ng O u t B as ic Q o S C o nf ig u ra ti on Parameter Item Description Don’t accelerate Traffic set to Don’t Accelerate is not compressed, but it is, however, tunnelled. This setting is useful for traffic that does not compress, but does not need to be transparent (header preservation) to other network devices while crossing the WAN. QoS is still performed on all traffic set to Don’t accelerate. Don’t tunnel Traffic set to Don’t Tunnel is neither tunneled nor compressed. This setting is useful for traffic such as HTTPS or encrypted Citrix. QoS will still be performed on all traffic set to Don’t tunnel. Application criteria The Application Criteria box lets you set the type of traffic to be considered in an application. These fields define a rule for identifying traffic as part of this application TCP Port To set the application to be defined on the basis of a TCP port or a span of TCP ports: Select TCP port from the drop-down menu. In the From field enter the first port to be considered, in the To field enter the last port to be considered. For example, to change HTTP application 80 to HTTP application 8080, enter 8080 into the From field. To define a single port, enter the port number into the From field and leave the To field empty. Click the Add button. The Criteria created appears in the Criteria Table. UDP Port To set the application to be defined on the basis of a UDP port or a span of UDP ports: Select UDP Port from the drop-down menu. In the From field enter the first port to be considered, in the To field enter the last port to be considered. For example, to change the TFTP application from port 69 to port 4444, enter 69 into the From field and 4444 into the To field. To define a single port, enter the port number into the From field and leave the To field empty. Click the Add button. The Criteria created appears in the Criteria Table. Over-IP To define an application based on a specific protocol: Select Over IP from the drop-down menu. In the From field enter the first protocol number to be considered, in the To field enter the last protocol number to be considered. To define a single protocol, enter the number into the From field and leave the To field empty. Click the Add button. The Criteria created appears in the Criteria Table. Criteria Table The criteria table lists all the criteria that must be met in order for traffic to be considered part of this application. To delete entries in the Criteria Table, highlight them and click the Delete button Prioritize The Prioritize box lets you set the shaping or prioritization to be applied to the traffic type. 107 R ev isi o n 2. 0 108 C h ap t er 5: Applying QoS Parameter Item Description Order The order parameter sets the importance of this rule. Traffic that enters the Accelerator is dealt with by the QoS mechanism based on Prioritization order number. Traffic that matches the Application criteria set in order number 100 is handled according to the setting for this application type, even if it may match the criteria of other Applications with other, less important priority order numbers. If the two applications are set with the same order priority, applications are matched according to the highest level of specificity first. For example, if two applications have a priority of 210, but one application is created for all traffic in ports ranging from 2020 to 2060 and the other application is created for traffic on port number 2062, the 2062 traffic is handled first. Another example of higher specificity is when one application defines Layer-7 values and another application with the same priority order defines values only up to Layer-4 values; the Layer-7 application shaping will be applied to the traffic. Most QoS settings do not necessitate setting the Order field. You can set the order from 100 to 65534. Minimum bandwidth (desired) The Minimum bandwidth desired setting should be used carefully. This parameter allocates a certain amount of bandwidth to be saved for a specific application type during periods of congestion. You should set desired bandwidth only for mission-critical, time-sensitive applications, such as VoIP, which need 8 to 16 Kbps allocated throughput to function. Maximum bandwidth (limited) The Maximum bandwidth limit setting puts a ceiling on the amount of bandwidth that an application can consume. This is useful for bandwidth-greedy applications such as FTP or P2P, to limit the amount of bandwidth they consume. ToS You can either preserve the original ToS setting of the packets or set a new ToS value for this application. To preserve the original ToS value, click the Preserve radio button. By default, ToS preservation is enabled. To set a new ToS value for this traffic, click the Set radio button and select one of the following options: ToS value - lets you select a ToS value (0-254) for the Accelerator. Code point - uses the first 6 bits of the ToS field, thereby giving 26 (= 64, namely: 63) different values. CoS ToS - combines the values of the IP precedence field (otherwise known as CoS, which stands for Class of Service) and the ToS (type of service field). Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C ar ryi ng O u t B as ic Q o S C o nf ig u ra ti on ! i ! Parameter Item Description Priority You can either preserve the original ToS setting of the packets or set a new ToS value for this application. Set the Priority of the application to: Blocked: Traffic set to Blocked is dropped. Low, Average and High: Traffic set to Low, Average and High are assigned bandwidth on a proportional scale: Low receives the lowest proportion of the bandwidth. Average receives a medium proportion of the bandwidth. High receives the greatest proportion of the bandwidth. Real Time: Real-time traffic always receives bandwidth allocation according to strict priority. This means that as long as real-time traffic is traversing the network, all lower priority traffic types waits until there is free bandwidth, thus starving all lower priority applications with the exception of applications that received a Minimum bandwidth (desired) setting. Diagnostic Mode: You should set traffic to Diagnostic Mode only if the Application is not responding at all to QoS settings. This is because Diagnostic Mode traffic overrides all other QoS settings and starves all other applications (including real-time and Desired bandwidth allocated). If a class is not transmitting at all and seems not to be working, set the class to Pass-thru/Diagnostic mode, thereby disabling the QoS from the traffic type. 109 CAUTION! Ensure that you click the Submit button to save configuration changes before exiting the Create Application menu. NOTE: If you are running a version of AcceleratorOS previous to 5.0(6), note that two new preconfigured applications were added in this version that may affect user-defined applications on the same ports. If applications have been configured for port of 1928 (saved for the expand-internal application) or 2598 (citrix-ica-sr), rename these applications exactly as in the preconfigured application before performing an upgrade. If an application exists for a list of ports or range of ports that include the specified port numbers (1928 and 2598), remove these ports from the list or range, and create applications expand-internal with port 1928, and citrix-ica-sr with port 2598. Then change the policy rules to match this application as well. Modifying Applications Selecting an application lets you modify the application definition (the type of traffic, also known as the traffic rule, or filter) and set up the way the traffic is treated (or prioritized, also known as shaping). R ev isi o n 2. 0 110 C h ap t er 5: Applying QoS To modify an application: 1. In the My Applications menu, click the application name (alternatively, highlight the application line and click the Edit button). The Edit Application menu opens. 2. The Edit Application menu lets you modify all application parameters as listed in section Creating New Applications. 3. In the Aggregation Class drop-down menu you can choose, Default, Custom, or Citrix. 4. Select one or more of the following checkboxes: Collect Statistics Don’t accelerate Don’t tunnel Discover ! ! CAUTION! Ensure that you click the Submit button to save configuration changes before exiting the Edit Application menu. Layer-7 Applications The Accelerator lets you filter HTTP web applications and/or Citrix applications at the application layer (Layer-7). This higher level of specification enables specific applications to receive tailored traffic prioritization within the Accelerator. Creating a Layer-7 or L7 application is the same procedure as described in Creating Web Applications, on page 110. Creating Web Applications You can create and prioritize HTTP web applications per Layer-7 application. New web applications are created much in the same way as new Layer-4 applications, with the addition of Layer-7 (application specific) information. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C ar ryi ng O u t B as ic Q o S C o nf ig u ra ti on 111 To create a web application: 1. In the My Applications menu, click the Create Web Application button. The Create Web Application menu opens. 2. The Web application parameters are identical to the parameters set for all applications, with the following additions. Parameter Item Description Application Criteria You cannot modify the Application Criteria box from within the Create Web Application box. The Layer-4 information for this web-based application is taken from the web definition. To modify the Layer-4 criteria, return to the My Applications menu and click on HTTP to edit the web application. This is also disabled for L7 Applications. R ev isi o n 2. 0 112 C h ap t er 5: Applying QoS Parameter Item Description Layer-7 Information Host Name: the host name of the web application. The Host Name is the internet address up until the first “/”, for example, for the address http:// 172.10.10.10/loginindex.asp, the Host Name is 172.10.10.10. For the Internet site http:// www.expand.com/extranet/support the Host Name is www.expand.com URL Name: the URL name is the internet address after the first “/”. In the example above, “extranet” can be used as the URL name. MIME Type: enter the content type. User Agent: enter the name of the HTTP client (Netscape, Mozilla, and so on) All Layer-7 information criteria use pattern matching, meaning that, for example, if the Host Name is www.expand.com, using expand as the host name is sufficient (up to 128 character string for all HTTP Layer-7 parameters). Prioritize Prioritizing the traffic based on rules is accomplished by setting the same parameters available when creating an application. For more information on available settings, see Creating New Applications, on page 105. ! ! CAUTION! Ensure that you click the Submit button to save configuration changes before exiting the Create Web Application menu. Creating Citrix Applications You can set and prioritize Citrix applications per Layer-7 application. New Citrix applications are created much in the same way as new Layer-4 applications, with the addition of Citrix Layer-7 specific information. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C ar ryi ng O u t B as ic Q o S C o nf ig u ra ti on 113 To create a Citrix application: 1. In the My Applications menu, click the Create Citrix Application button. The Create Citrix Application menu opens. 2. The Citrix application parameters are identical to the parameters set for all applications, with the following additions. Parameter Item Description Application Criteria You cannot modify the Application Criteria box from within the Create Citrix Application box. The Layer-4 information for this Citrix-based application is taken from the Citrix definition. To modify the Layer-4 criteria, return to the My Applications menu and click on Citrix to edit the Citrix application. R ev isi o n 2. 0 114 C h ap t er 5: Applying QoS Parameter Item Description Layer-7 Information The Layer-7 information box lets you set the application-specific details necessary for filtering this web application. Enter any or all data to be treated as criteria for matching this web application type. This means that all traffic considered as part of this Citrix application has to meet all the criteria listed in this box, as follows Published application: List the Citrix application type, such as Word, Calc and Notepad. Client: List the user name of the device you want to set as part of this traffic type. For example, to set the priority of the CEO’s Citrix Client to Real-time for Excel, enter the name of the CEO’s PC into the Client field Layer-7 information for Citrix is not pattern matching, meaning that the published application listed must be the full name of the application traffic that is intended (these parameters can use strings up to 20 characters). Prioritize Prioritizing the traffic based on rules is accomplished by setting the same parameters available when creating an application. For more information on available settings, see section Creating New Applications, on page 105. For more information on working with Citrix, see section Acceleration and Citrix Traffic, on page 346. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S et ti ng Ad va n ced QoS Pa ram et e rs Setting Advanced QoS Parameters 115 Advanced configuration of the Accelerator’s QoS mechanism is intended for expert users, and networks that are particularly complex. Understanding how QoS works is necessary in order to properly apply advanced QoS settings. The following sections provide an in-depth knowledge regarding the way QoS operates: How QoS Works, on page 115 How Traffic Filtering is Applied, on page 117 How Traffic Shaping is Applied, on page 118 Setting Inbound QoS, on page 121 Creating QOS Rules, on page 122 Editing QoS Rules, on page 126 Making Decisions for Specific Applications, on page 127 How QoS Works The Accelerator’s QoS mechanism receives packets from the LAN, and passes them to the Accelerator’s compression mechanism. The QoS mechanism automatically adjusts the throughput it transmits to account for the extra available bandwidth created when traffic is compressed. i i NOTE: While the Accelerator enables the same QoS capabilities on inbound and outbound traffic, most QoS is accomplished on outgoing bandwidth only. Incoming traffic shaping is useful for non-links and virtual links, and instances in which limiting or blocking incoming traffic is desired, for example blocking P2P traffic or limiting incoming Internet traffic. NOTE: Using inbound traffic shaping when the remote Accelerator uses outbound traffic shaping is not recommended; in such a case, the inbound shaping may have only a partial effect on the traffic. R ev isi o n 2. 0 116 C h ap t er 5: Applying QoS Follow these steps before working with QoS: 1. Set an accurate Bandwidth for the WAN. This setting ensures that all traffic shaping applied is relative to the actual physical bandwidth on the WAN pipe. The default bandwidth set for the default WAN is 100 Mbps (fast Ethernet). 2. This bandwidth setting assumes the largest possible bandwidth so that the Accelerator does not limit its throughput over the WAN due to a WAN bandwidth setting lower than the actual bandwidth. However, to get an accurate QoS shaping you are advised to modify the bandwidth setting to its actual rate. For more information on setting WAN bandwidth see section Performing Setup via the Wizard, on page 21. 3. You must set the bandwidth of each link on the WAN. For more information on setting the Link Bandwidth, see Performing Setup via the Wizard, on page 21. Understanding QoS Rules The Accelerator’s QoS works on the basis of rules. Rules define how QoS controls applications (streams or sessions). Rules are built out of a filter, a shaper, and can contain a marker. While these rules are transparent to the typical user and are not mentioned in the My Applications screen, for each application defined in the My Applications screen, you can create a rule that you can view and modify via the Services - QoS Menu in the Rules Table. The number of rules you can create is unlimited. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S et ti ng Ad va n ced QoS Pa ram et e rs 117 To fine-tune traffic management, it is useful to understand the hierarchy that determines the order in which the QoS mechanism implements traffic shaping rules. Rule Description Filter The Filter defines what kind of traffic qualifies as part of an application. Filters are generally Layer-4 definitions such as port number, protocol number, and traffic type. For example, the application FTP is defined by the traffic type TCP and the port number 20. You can modify and add traffic type and port number for applications that already exist by default in the Accelerator, as well as defining new applications. Shaper The traffic shaper defines how to handle the traffic filtered into this application: what priority the application receives, and how the application is treated by the Accelerator. Shaping the traffic enables setting a desired (or guaranteed) amount of bandwidth to be preserved for a specific application, setting a limit on how much bandwidth an application can consume (to avoid starvation of other applications), and setting the CoS (Class of Service priority) and ToS (Type of Service) values for the application. Shaping is crucial for ensuring application integrity - that critical traffic applications get the bandwidth they need, and that other important applications are not starved completely. Marking An application in the Accelerator can include a marker per application. You can save the ToS marking on the rules, either the original ToS value or a newly defined ToS value. This also means that you can set each application type to be Not-Accelerated or NotTunnelled. This is particularly useful for applications like HTTPS or Encrypted Citrix, whose packets do not compress, and ensures that the Accelerator does not waste resources attempting to process these packets. How Traffic Filtering is Applied The QoS mechanism contains dozens of preconfigured traffic applications (that can be modified and shaped as needed). All preconfigured traffic applications, as well as new traffic applications created (see section Creating New Applications, on page 105), are filtered according to application type. Incoming traffic is matched against the applications one at a time, starting with the application with the highest “Priority Order” number, until a match is found. Once a match is found, the application is handled, despite the fact that it may match other applications as well (this is called overlapping traffic). Applications cannot overlap at the Layer-4 level. This means that because Application FTP is set on TCP port 20, another application cannot be created on port 20 (or including port 20). However, applications can overlap at the Layer-3 level. for example: a TCP application could exist and be set to include traffic over-IP R ev isi o n 2. 0 118 C h ap t er 5: Applying QoS protocol 6. In this case, the Priority Order number given to an application (or rule) determines which application rule governs overlapping traffic. In the above example, if the FTP traffic is set to 200 (the default) and TCP is given an order number of 100, all FTP traffic is treated according to the definition of TCP. If the two applications are set with the same order priority, applications are matched according to the highest level of specificity first. For example, if two applications have a priority of 210, but one application is created for all traffic in ports ranging from 2020 to 2060 and the other application is created for traffic on port number 2062, the 2062 traffic will be handled first. Another example of higher specificity is when one application defines Layer-7 values and another application with the same priority order defines values only up to Layer-4 values; the Layer-7 application shaping will be applied to the traffic. How Traffic Shaping is Applied The QoS mechanism works in a hierarchical fashion. In a complex QoS setup, it is often important to understand which shaping carries the greatest weight and is related to first by the QoS mechanism. Studying QoS Bandwidth Allocation The QoS mechanism allocates bandwidth as follows: WAN Bandwidth—First, the bandwidth set for the WAN is honored. All further application QoS decisions are based on the WAN bandwidth. Link Bandwidth—You can set the bandwidth of the Link with a maximum value, limiting the amount of the total throughput of the WAN available to a particular link. All Application decisions based on a particular link are bound by this bandwidth. i NOTE: Peer oversubscribing is allowed. For example, if the WAN bandwidth is T1 (1.5 Mbps), you can set 10 links at 256 Kbps each, and the bandwidth will be distributed relatively to all links according to the QoS mechanism. Like the WAN bandwidth setting, the bandwidth set for a link can never be exceeded. The bandwidth set for the links is divided by the WAN according to the priority of the traffic coming across the links. This means that if the WAN bandwidth is 128 Kbps, and Link 1 is set to 128 Kbps and Link 2 is set to 128 Kbps, if one link has high priority traffic, the lower priority traffic on the other link Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S et ti ng Ad va n ced QoS Pa ram et e rs 119 could be starved. However, if the Link bandwidth is set to a portion of the WAN bandwidth, then the link does not exceed this portion, and bandwidth is left over for other links. Diagnostic Mode Traffic—Traffic set with a priority setting of Diagnostic Mode overrides the QoS mechanism. Diagnostic Mode traffic has all the bandwidth of the WAN at its disposal and supersedes all other traffic and all other QoS settings. The Diagnostic Mode Traffic setting should be used only in emergency cases, where an application is not responding to the QoS mechanism; Diagnostic Mode traffic is forced to override the QoS mechanism. Bandwidth Limits—Maximum bandwidth limits set for applications are honored and the traffic throughput is limited according to this setting. Bursts—In addition to the hierarchy, if, after all bandwidth is allocated, there is spare bandwidth, and an application is set to allow bursts, this application uses all spare bandwidth even if it is set to ordinarily have a maximum bandwidth limit. For example, if on a 64 Kbps link FTP is limited to 16 Kbps, with burst allowed FTP will be able to use the entire 64 Kbps if no other traffic traverses the link, and when there is traffic, the limit of 16 Kbps is enforced on FTP. To allow bursts on applications, you have to ensure that the default setting on the WAN, which allows bursts, is kept. The WAN Burst parameter also lets you set a maximum burst bandwidth, meaning that if the WAN bandwidth is 1 MB, you can set the WAN burst to limit burst traffic to 900 Kbps in order to avoid maximum utilization situations because of burst traffic. By default the WAN bursts are allowed to use the entire WAN bandwidth. In certain environments, lowering the WAN burst by up to 10% may be useful in order to protect the line from congestion caused by bursts. i i NOTE: QoS settings take effect when the WAN link is full. Any limitations and guarantees placed on traffic apply only if not enough bandwidth exists for all traffic to flow freely. NOTE: In the Accelerator, rule limit and desired shaping are applied to traffic before it is compressed, while link shaping (bandwidth for the link and the WAN) is applied to traffic after the traffic has been compressed. R ev isi o n 2. 0 120 C h ap t er 5: Applying QoS Desired Bandwidth—Minimum bandwidth Desired set for applications is allocated to all applications on which a desired minimum bandwidth was set. This is true even for low priority applications. For example, in a 64 Kbps link, the applications will divide up the 64 Kbps plus the Acceleration percentage, like a cake, with the desired bandwidth applications reserving the first piece. As long as no congestion exists, all applications set to Desired receive their guaranteed bandwidth. When there is congestion, if high priority applications are guaranteed bandwidth, they will receive it before low priority applications that were guaranteed bandwidth. If there is not enough bandwidth for numerous high priority applications that were guaranteed a desired bandwidth, the desired bandwidth will be divided proportionately between those applications. Desired bandwidth is useful especially to prevent starvation of lower priority applications. Setting a desired bandwidth for a low priority application ensures that the application receives some small amount of bandwidth even when the high priority applications are consuming the bulk of the bandwidth. While the Minimum bandwidth desired is allocated hierarchically according to the application priority (first to real-time, then to high, then to average, and so on), the desired bandwidth setting is handled before relative spare bandwidth distribution among prioritized applications. For this reason it is important to use the Minimum bandwidth desired setting carefully. For example: If VoIP is prioritized as high priority traffic on a 1 Mbps connection, and HTTP traffic receives low priority, but a minimum desired bandwidth setting of 800 Kbps, these 800 Kbps will be allocated to HTTP traffic and the remaining 200 Kbps is divided proportionally between the VoIP application and the HTTP traffic. Priority—The relative QoS priority set to the application is considered and bandwidth is divided proportionally among the applications as follows: Block—Blocked traffic is discarded. Real-time—Traffic set to real time receives “strict priority”. This means that as long as real-time traffic is traversing the network it will receive the entire bandwidth. All lower priority traffic types wait until there is free bandwidth, thus starving all lower priority applications (unless a Minimum bandwidth (desired) was set for them). For this reason it is important to use the Real-time setting with great care. If a chatty/ Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S et ti ng Ad va n ced QoS Pa ram et e rs 121 bandwidth-greedy application constantly transmits traffic, it is possible that no other application will receive bandwidth (except those set with a Minimum bandwidth (desired)). High/Average/Low: High, average and low traffic priorities divide the bandwidth that is still available (after desired and real-time traffic) in a proportional method based on time. High priority traffic waits the shortest amount of time before waiting to be sent, average priority traffic waits longer than the high priority and low priority traffic waits longer than the average traffic to be sent. This does not mean that high priority traffic transmits completely before average traffic starts transmitting, rather high traffic transmits at a faster rate. Setting the priority to high/average/low is appropriate for most traffic types, setting the relative importance between the applications without causing starvation. In advanced configuration, you can set the WAN to handle QoS according to “strict-priority.” This would set the priorities to act deterministically rather than proportionally: high priority traffic receives all the available bandwidth (after desired and real-time traffic), average priority traffic receives bandwidth only if no high priority traffic exists, and so on. If there is constant high-priority traffic, average and low priority traffic are starved completely. i NOTE: Traffic that waits too long to be transmitted is discarded as obsolete so as not to cause application problems by transferring stale packets. What is the difference between real-time and desired? Realtime gets the highest priority; it can cause starvation up to the bandwidth allocated using the “desired” setting. Guaranteed bandwidth is not touched by applications because of their real-time priority setting. Because “desired” is useful to protect lower priority applications from being starved, the default desired setting allocates a minimal amount of bandwidth (1 Kbps) by default. Setting Inbound QoS For Inbound QoS, you can set a bandwidth limitation for the WAN or per link. If a link was created with a bandwidth limitation set for inbound traffic, a rule is automatically created on the sending side, limiting outbound traffic to the link. You can set inbound policy rules globally or per link. R ev isi o n 2. 0 122 C h ap t er 5: Applying QoS Creating QOS Rules Advanced QoS configuration is accomplished by creating and editing rules as they appear in the QoS menu. To create a rule: 1. In the Accelerator’s WebUI, click on the QoS tab, and then select QoS Rules. . 2. In the View rules for application drop-down menu, select the application on which to apply the rule. If the application does not exist, you can use the Setup - My Applications menu to create a new application; for more information see section Creating New Applications, on page 105. While the QoS menu enables fine-tuning of the definition of the traffic type to be filtered into an application, making Layer-4 modifications to the application itself requires using the Setup - My Applications menu. 3. Click the Create new rule button. The Create Rule menu opens. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S et ti ng Ad va n ced QoS Pa ram et e rs 123 4. In the Rule Name field, give a name to the rule. Naming the rule is necessary for identifying it, if you need to modify the rule at a later date. 5. Use the Define and Prioritize sections to enter the necessary information per your networking requirements Define Section Options Application Description Select the Application onto which to apply this rule from the drop-down menu. You can define applications only via the My Applications menu. For information, see section Creating New Applications, on page 105. R ev isi o n 2. 0 124 C h ap t er 5: Applying QoS Define Section Options Description Source IP If you want to filter the application by its source IP address: Choose from Other, Any, Single IP, Subnet, Range, or List. Other—Displayed if advanced configuration was made via the CLI, which is more complex than the WebUI display Any—Set the Source IP to Any if the application should consider traffic coming from any device (this is the default). Single IP—Select this option if only traffic coming from a single device should receive the treatment defined in this rule. Enter the IP address Subnet Mask—Select Subnet if only traffic from a particular subnet should receive the treatment defined in this rule. Enter the subnet address and the subnet mask. Range—Select Range if a particular range of source IP addresses should receive the treatment defined in this rule. Enter the first and last IP address to be considered. List—Select List and enter up to four IP addresses to receive the treatment defined in this rule. Destination IP If you want to filter the application by its destination IP address: Choose from Other, Any, Single IP, Subnet, Range, or List. Other—Displayed if advanced configuration was made via the CLI, which is more complex than the WebUI display Any—Set the Source IP to Any if the application should consider traffic coming from any device (this is the default). Single IP—Select single IP if only traffic headed to a single device should receive the treatment defined in this rule. Enter the IP address. Subnet—Select Subnet if only traffic toward a particular subnet should receive the treatment defined in this rule. Enter the subnet address and the subnet mask. Range—Select range if a particular range of destination IP addresses should receive the treatment defined in this rule. Enter the first and last IP address to be considered. List—Select List and enter up to four destination IP addresses to receive the treatment defined in this rule. ToS Bits To filter traffic based on its ToS setting, in the drop-down menu select from Other, Any, and Value. Other—Displayed if advanced configuration was made via the CLI, which is more complex than the WebUI display Any—To set the rule to apply to the application’s traffic, if it has any ToS value set (this is the default). Value—To set a ToS value, thereby limiting traffic on which this rule is applied to the application’s traffic that has a particular ToS value (0 - 255). Links Traffic rules and shaping are applied per link. Select Global to apply to all links, a specific link to determine how traffic is categorized and prioritized over a specific link, or select Nonlink. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S et ti ng Ad va n ced QoS Pa ram et e rs 125 Prioritizing the traffic based on rules is accomplished by setting the same parameters available when creating an application. For more information on available settings, see section Creating New Applications, on page 105. The main difference is that this screen lets you also set a ToS Mask (0-254). When entering a number in the ToS Mask field, this value is ANDed to the value entered in the TOS field in the packet’s header and compared against the TOS entered for this rule. You can use the TOS Mask for comparing specific bits (Precedence/Type of Service) from the TOS field in the packet’s IP header against the TOS value entered for this rule. Prioritize Section Options Description Order The order parameter sets the importance of this rule. Traffic that enters the Accelerator is dealt with by the QoS mechanism based on Prioritization order number. Traffic that matches the Application criteria set in order number 100 is handled according to the setting for this application type, even if it may match the criteria of other Applications with other, less important priority order numbers. If the two applications are set with the same order priority, applications are matched according to the highest level of specificity first. For example, if two applications have a priority of 210, but one application is created for all traffic in ports ranging from 2020 to 2060 and the other application is created for traffic on port number 2062, the 2062 traffic is handled first. Another example of higher specificity is when one application defines Layer-7 values and another application with the same priority order defines values only up to Layer-4 values; the Layer-7 application shaping will be applied to the traffic. Most QoS settings do not necessitate setting the Order field. You can set the order from 100 to 65534. Minimum bandwidth (desired) The Minimum bandwidth desired setting should be used carefully. This parameter allocates a certain amount of bandwidth to be saved for a specific application type during periods of congestion. You should set desired bandwidth only for mission-critical, time-sensitive applications, such as VoIP, which need 8 to 16 Kbps allocated throughput to function. Maximum bandwidth (limited) The Maximum bandwidth limit setting puts a ceiling on the amount of bandwidth that an application can consume. This is useful for bandwidth-greedy applications such as FTP or P2P, to limit the amount of bandwidth they consume. R ev isi o n 2. 0 126 C h ap t er 5: Applying QoS Prioritize Section Options Description ToS You can either preserve the original ToS setting of the packets or set a new ToS value for this application. To preserve the original ToS value, click the Preserve radio button. By default, ToS preservation is enabled. To set a new ToS value for this traffic, click the Set radio button and select one of the following options: ToS value - lets you select a ToS value (0-254) for the Accelerator. Code point - uses the first 6 bits of the ToS field, thereby giving 26 (= 64, namely: 63) different values. CoS ToS - combines the values of the IP precedence field (otherwise known as CoS, which stands for Class of Service) and the ToS (type of service field). Priority You can either preserve the original ToS setting of the packets or set a new ToS value for this application. Set the Priority of the application to: Blocked: Traffic set to Blocked is dropped. Low, Average and High: Traffic set to Low, Average and High are assigned bandwidth on a proportional scale: Low receives the lowest proportion of the bandwidth. Average receives a medium proportion of the bandwidth. High receives the greatest proportion of the bandwidth. Real Time: Real-time traffic always receives bandwidth allocation according to strict priority. This means that as long as real-time traffic is traversing the network, all lower priority traffic types waits until there is free bandwidth, thus starving all lower priority applications with the exception of applications that received a Minimum bandwidth (desired) setting. Diagnostic Mode: You should set traffic to Diagnostic Mode only if the Application is not responding at all to QoS settings. This is because Diagnostic Mode traffic overrides all other QoS settings and starves all other applications (including real-time and Desired bandwidth allocated). If a class is not transmitting at all and seems not to be working, set the class to Pass-thru/Diagnostic mode, thereby disabling the QoS from the traffic type. Editing QoS Rules Any changes made to Applications via the My Applications menu appear as rules in the QoS menu. You can use the QoS menu to edit these changes, and any other rules created. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S et ti ng Ad va n ced QoS Pa ram et e rs 127 To edit a rule: 1. Highlight the Rule to be edited in the Rules Table and click . 2. Make the necessary changes. For any necessary explanation, see section Creating QOS Rules, on page 122. Making Decisions for Specific Applications The Decision screen lets you set various aggregation and acceleration parameters for a specific application, such as how many small packets to accumulate for one big packet (aggregation class), and whether the application is accelerated and tunneled. To make a decision for a specific application: 1. Select an application from the Application Name drop-down list. 2. Select the aggregation class. Your choices are as follows: Citrix - enables Citrix acceleration on Citrix, telnet and ms-terminalserver applications. Default - enables acceleration on small-packet, encrypted applications such as pop3s, https and ftps. Custom 1 - enables acceleration on a specific, user-defined link. Custom 2 - enables acceleration on a specific, user-defined link. 3. Select the Tunnel box to send the application as tunneled. 4. Select the Accelerate box to accelerate the application. Selecting this box is possible only if you previously selected the Tunnel box. 5. Click Add to add the newly defined settings. R ev isi o n 2. 0 128 C h ap t er 5: Applying QoS If a decision already exists for this application, a message appears, requesting your confirmation to modify the existing settings. Click OK to confirm. 6. To delete a specific application from the list, highlight the application name in the table and click the Delete button. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e QoS Troubleshooting Q o S Tro ub le sh o o ti ng 129 If the QoS mechanism does not seem to be functioning properly, it could be a result of the Maximum Queue Length. If there is much latency on the line, the packet drops may be the result of the queue buffer size, which is normally set per link rate, or because the packets are waiting too long and are therefore being considered obsolete packets. By default the packets are considered obsolete after 500 ms. If limits do not seem to be enforced on traffic, check to see if it is because of the Burst status. When Burst is enabled during periods of no congestion, limits will appear not to be enforced properly. If a class is not transmitting properly and problems are encountered after QoS has been applied, try setting the class to Diagnostic mode, thereby disabling QoS for this traffic type. R ev isi o n 2. 0 130 C h ap t er 5: Applying QoS Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chapter 6: Optimizing Acceleration Services Expand’s Accelerator lets you reduce the impact of the TCP protocol shortcomings by applying TCP Acceleration, a standards-based plugin that modifies TCP settings to optimize throughput in certain environments. In addition, the Accelerator provides Domain Name Server caching capabilities to shorten the round-trip-time and save bandwidth over the WAN. This chapter contains information about the following topics: Studying TCP Acceleration, on page 132. Understanding Web Acceleration, on page 143. Configuring DNS Acceleration, on page 152. Enabling Citrix Acceleration, on page 156 For information regarding WAFS service, see Configuring and Managing WAFS, on page 159. 132 C h ap t er 6: Optimizing Acceleration Services Studying TCP Acceleration TCP, which was designed to ensure reliable IP transmission, performs well on LANs but does not deal well with the high latency and high-packet-loss found on many WANs. These limitations are expressed in the long times required for file transfers over the WAN, degraded web performance and unresponsive applications. SCPS, the Space Communication Protocol Standards developed by NASA and the US Air Force, is a collection of standards-based TCP enhancements designed to reduce the impact of TCP limitations in Long-Haul WANs. SCPS is implemented by using the TCP Acceleration feature, designed to optimize and better utilize WANs that suffer from distance-induced TCP limitations. Understanding the Shortcomings of TCP To understand how TCP Acceleration works, it is important to understand the shortcomings of TCP: Frequent packet retransmissions: In TCP transmissions, the sender receives an ACK (Acknowledgement packet) for each successful packet transmission. If the ACK is not received, the sender resends the packet. Often, on long distance lines, the packet is retransmitted before the ACK has time to arrive. Transmission Window: To ensure that the receiver gets all data items sent from the sender, TCP sends only part of the data to the receiver in small amounts called a window. The size of the window is specified by the receiver during the setup of a TCP session, and is measured in bytes. The sender transmits a window, and then waits to hear an acknowledgement back from the receiver if the window was received properly. After an acknowledgment is sent from the receiver, the sender transmits more data until all necessary data is sent. The following figure explains the handshake process involved in establishing a TCP connection: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e St u d yin g T C P A cc el er a ti on 133 Once the connection is established, TCP data packets are sent in accordance with the TCP window set - each time the window threshold is met, the receiver responds with an acknowledge packet, as described in the following figure: The time wasted waiting for ACK packets to be sent in a TCP connection dramatically increases latency. R ev isi o n 2. 0 134 C h ap t er 6: Optimizing Acceleration Services Slow Start—Because TCP transmissions have no way to know the size of the bandwidth over which they are being transmitted, each transmission begins slowly, gradually increasing speed until a packet is dropped - at which point TCP assumes that it has reached the maximum bandwidth. On high-bandwidth long-distance lines, this slow start wastes much expensive bandwidth. The more latency present, the slower the session will start. Congestion Avoidance—TCP assumes that any packet lost is due to congestion. Any time a packet is dropped, TCP reduces transmission rate by half, slowly increasing it until the maximum rate at which no drops are experienced. On long-distance lines over which packet drops are often the result of factors other than congestion, transmission is being slowed down unnecessarily. While these TCP functions are useful in controlling and managing congestion over the LAN, they cause expensive long-distance links to appear slow. Studying SCPS, Expand’s TCP Acceleration Solution TCP Acceleration uses the SCPS protocol package to reduce the impact of these well-known TCP limitations according to the standard developed by NASA (http:// www.scps.org): Scaling the Transmission Windows Increases the maximum transmission window to enable ACKs to arrive across long distance links, thereby reducing the amount of unnecessary packet Ac ce ler at o rOS 6 .1 .2 Us er Gui d e St u d yin g T C P A cc el er a ti on 135 retransmissions. Once TCP Acceleration is enabled, the TCP packet transfer process causes less latency, as seen in the following figure: A larger window enables sending more packets before an acknowledge packet is sent, minimizing the number of acknowledge packets sent and lowering latency. Error Detection and Proactive Resolution The SCPS protocol uses SNACK (Selective Negative Acknowledgement), which reduces the amount of data that needs to be retransmitted and increases the speed of retransmissions. This is accomplished by sending only a request for missing R ev isi o n 2. 0 136 C h ap t er 6: Optimizing Acceleration Services packets, as opposed to TCP, which retransmits the missing packet as well as all packets already transmitted after the missing packet. Congestion Avoidance SCPS enhances flexibility of Congestion avoidance mechanisms. TCP automatically uses congestion avoidance, which is not necessary in networks where drops are not the result of congestion. You can configure SCPS in such a way that congestion avoidance is not used when it is unnecessary. If there is congestion on the line, you can select the method of congestion avoidance and control (standard TCP or Vegas). Local Network Isolation The SCPS protocol uses TCP Spoofing to reduce the time required for establishing a TCP session, thereby enabling the transmission of data without waiting for the TCP slow-start. SCPS also enables congestion avoidance by preventing slow traffic build-up before achieving maximum capacity. Link Outage Support TCP Acceleration incorporates several features that support TCP transfers during link outages: avoiding the costly and unnecessary packet retransmissions by halting transfers until communication is re-established, restarting transmissions at the last ACK received, and anticipating potential link outages before they occur. Asymmetric Networks Optimization In asymmetric environments, if in one direction the bandwidth is significantly lower than the other, this direction can become congested with ACK packets being sent in the other direction. TCP Acceleration enables scaling of ACK packets (for example sending an ACK for only every other packet) to better match uplink/ downlink rates. SCPS-based TCP Acceleration enables the Accelerator to maximize capacity over Long-Haul links, thereby guaranteeing optimized throughput across WAN links. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e St u d yin g T C P A cc el er a ti on 137 TCP throughput - Kbps 540msec round-trip-time 4608 With TCP Acceleration and compression 4096 3584 3072 Kbps With TCP Acceleration No TCP Acceleration Newly created bandwidth 2560 2048 Unutilized bandwidth 1536 1024 512 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Time Throughput Link Speed Computing Latency The Accelerator automatically configures TCP Acceleration settings according to the computation that follows. The network in the diagram above will be used for example purposes. The math used for calculating the theoretical maximum throughput is based on this drawing. Substitute the values from your specific network in order to learn the TCP theoretical limitation for a single session in your network. R ev isi o n 2. 0 138 C h ap t er 6: Optimizing Acceleration Services The network poses 150 milliseconds (msec) of latency between the Client (C) and the Server (S). You can use a ping for determining the end-to-end latency between a Client and Server by sending a ping 100 times from the client to the server during business hours with a 750 byte payload. This payload size ensures some stress on the network, and should provide a better measurement for latency than simply sending a 64 or 32 byte ping as some operating systems do. An example of this ping command used on Windows is: ping x.x.x.x –l 750 –n 100 (x.x.x.x = the server’s IP address, –l is the payload size, and -n is the amount of pings) You can use the following formula to calculate the theoretical limitation: Bandwidth equals the window size divided by the round trip time WindowSize ---------------------------- = Bandwidth RoundTripTime Bandwidth (BW)—is the maximum theoretical throughput. The bandwidth of a link is normally represented in bits per second. Window Size (WS)—is the amount of data TCP can send before waiting for an acknowledgement. This value is in bytes; ensure that any values in bytes are converted to bits. Round Trip Time (RTT)—even though this value is in seconds, most network tools, such as ping, report it in milliseconds. In the network example shown above, the latency was 150 msec, and because 1000 msec equals a full second, then the latency of this network can be represented in a fraction as 150/1000 msec. Always convert this fraction into decimal format when calculating the values. In this case the latency will be represented as .15. The default window size for Microsoft XP is 8 KBytes. For additional window size values please consult your operating system vendor. This example assumes that the client is running Windows XP. Using the example network provided above, some of the values needed for this formula are known and can therefore be plugged into the formula in order to determine the maximum theoretical bandwidth for a single TCP session. BW = 64000 / .15 After calculating the values, the BW equals 426,666 Bytes. Remember that because this value is in bytes, it should be multiplied by 8 in order to get the bits Ac ce ler at o rOS 6 .1 .2 Us er Gui d e St u d yin g T C P A cc el er a ti on 139 per second (bps). The product shows that the theoretical maximum bandwidth is 3,413,328 bps. As seen in the example network shown above, the link is a 6 Mb link. 150 msec of latency has limited a session to about half of the link speed. The following Throughput table lists some common Round Trip Times and the effects on TCP: Window Size Round Trip Time 8 KB 16 KB 32 KB 64 KB 50 160 Kbps 320 Kbps 640 Kbps 1280 Kbps 100 80 Kbps 160 Kbps 320 Kbps 640 Kbps 150 53 Kbps 106 Kbps 212 Kbps 424 Kbps 200 40 Kbps 80 Kbps 160 Kbps 320 Kbps 500 16 Kbps 32 Kbps 64 Kbps 128 Kbps 1000 8 Kbps 16 Kbps 32 Kbps 64 Kbps As these calculations demonstrate, the maximum throughput was greatly reduced as the latency increased. The actual maximum throughput that a single TCP session can have in your network may be even lower. Configuring TCP Acceleration You can use the WebUI to configure basic TCP Acceleration, such as typical RTT and typical acceleration rate. In addition, you can set here the Send and Receive windows’ sizes and the degree of transparency. R ev isi o n 2. 0 140 C h ap t er 6: Optimizing Acceleration Services Another significant setting possible through the TCP Acceleration screen is the congestion control, which you can set to one of the following options: None—no congestion avoidance is used Standard—the congestion avoidance conforms to the standard TCP/ IP protocol (Reno) Vegas—TCP Vegas reduces latency and increases overall throughout, by carefully matching the sending rate to the rate at which packets are successfully being transmitted by the network. The Vegas algorithm maintains shorter queues, and is therefore suitable either for low-bandwidth-delay paths, such as DSL, where the sender is constantly over-running buffers, or for high-bandwidth-delay WAN paths, where recovering from losses is an extremely time-consuming process for the sender. The shorter queues should also enhance the performance of other flows that traverse the same bottlenecks. The parameters you can configure via this screen are the send and receive windows’ sizes. The possible values are between 4kb and 50 MB. i i NOTE: Even though the upper limit for the sizes of the receive and send windows is 50MB, setting the size to a value greater than 10MB may adversely affect the system performance, and therefore a warning message notifying you about such a possibility appears when you select a value that exceeds 10MB. NOTE: When TCP acceleration is enabled, all traffic is transferred through the Accelerator in routing-only mode and is not bridged. For additional information see Setting Routing Strategy, on page 27. You can also use the Transparency field to set or update the packets’ transparency per link. The options are as follows: Auto—keeps or reverts to the default option, which is Full in On-Path deployment and semi-wan in On-LAN deployment. Full—keeps the packets fully transparent. Semi—prevents transparency on both sides. Semi-LAN—keeps the packets transparent only to the LAN side. Semi-WAN—keeps the packets transparent only to the WAN side. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e St u d yin g T C P A cc el er a ti on 141 Enabling TCP Acceleration TCP Acceleration should be enabled only over long, high latency links. If you enable TCP Acceleration via the WebUI, the system’s default values will be used for activating TCP Acceleration. Expand recommends configuring TCP Acceleration via the CLI. To enable TCP acceleration: 1. In the Accelerator’s WebUI, click on Services and then TCP Acceleration. 2. Select the box Enable TCP Acceleration on All Links. 3. In the bottom right corner, click the Submit button. If after enabling TCP Acceleration the Accelerator does not perform as expected, you should check the size of the window set by Windows: To check the size of the window set by Windows: 1. Click the Start button on the main menu bar, followed by Run. In the Open field, type regedit. 2. In the Registry Editor, navigate to the following location: HKEY_local_machine\system\CurrentControlSet\Services\ Tcpip\parameters. 3. Search the listed parameters. If TcpWindowSize is not listed, the window size is set to the Windows’ default of 8 KB. If TcpWindowSize is listed, double-click on the registry entry to view the value ! set. WARNING! Editing the registry or using a Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows to correct them. Microsoft does not guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Back up your registry first and use Registry Editor at your own risk. To calculate the necessary send window size and receive window size: Use the following formula to calculate the required window size as set by the Accelerator: R ev isi o n 2. 0 142 C h ap t er 6: Optimizing Acceleration Services OutboundBW ( Kbps ) RTT ( mSec ) ----------------------------------------------------------- × CompressionRatio × --------------------------------- × 2 × 1000 8 1000 Outbound Bandwidth in Bytes/Sec—convert the outgoing bandwidth to Bytes per second, for example T1 = 1,544 Kbps (193,000 Bytes per second) Compression Ratio—expected acceleration in a compression ratio format (200% acceleration = 3, 350% acceleration = 4.5) Round trip time—in seconds (for example 500 ms round trip is 0.5 seconds, 650ms round-trip is 0.65 seconds) For example, a T1 line with 600 ms round trip time with outbound acceleration of 230%: Bandwidth in bytes/sec - 193000 Compression ratio – 3.3 193000*3.3*0.6*3 = 1146420 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Un d er s tan d in g Web A cc el er a ti on Understanding Web Acceleration 143 The Web Acceleration plug-in improves response times for HTTP/FTP-based applications. i NOTE: Web Acceleration is supported in hard-drive versions of the Accelerator. On all other Accelerator platforms, HTTP traffic will continue to be accelerated by using Expand Networks’ patented caching and compression algorithms. The Web Acceleration plug-in serves requested objects from its cache. If the object is not in the cache, the plug-in retrieves the object on behalf of the client from the original server, caches it (when relevant) and serves the client's request. Web Acceleration guarantees network transparency. When the Accelerator is deployed on the network, there is no need for any configuration modification of connected LAN clients. In On-Path deployments—HTTP transparency also applies to the Server side, meaning that if a sniffer is used between an Accelerator and the default gateway, HTTP packets will be seen to contain the client and server IP addresses. FTP traffic will be transparent only on the client side. In On-LAN deployments—transparency applies only to the Client side. A sniffer placed between an Accelerator and the default gateway will see packets containing the Accelerator and server IP addresses. This later is necessary to guarantee that replies will travel via the Accelerator’s Web Cache engine and not be delivered directly to the client. Web Acceleration supports both FTP and HTTP caching. FTP caching—the Web Acceleration cache guarantees that objects sent to the client from the cache are always fresh (only supported if the FTP server supports MDTM ex, vsftpd as well as SIZE headers). Both Passive and Active FTP caching modes are supported. HTTP caching—the object will have an aging time in the cache until it is retrieved again from the server. i NOTE: Because the Web Acceleration plugin consumes RAM, it affects the number of tunnels configurable on the Accelerator. Web Acceleration can cache objects up to 1 GB in size. R ev isi o n 2. 0 144 C h ap t er 6: Optimizing Acceleration Services Configuring Web Acceleration via the WebUI The WebUI lets you configure HTTP acceleration and FTP acceleration. To configure a specific HTTP Acceleration or FTP acceleration parameter see the table below: To Reference Configure HTTP Acceleration Configuring HTTP Acceleration, on page 144. Enable/Disable HTTP Caching Enabling and Disabling HTTP Caching, Clearing HTTP Cache Clearing HTTP Cache, on page 145. Setting Cache Content Setting Cache Content, on page 145. Returning to Default Settings Returning to Default Settings, on on page 145. page 146. Setting Advanced HTTP Parameters Setting Advanced HTTP Parameters, on Setting HTTP Acceleration Rules Setting HTTP Acceleration Rules, on Configuring FTP Acceleration Configuring FTP Acceleration, on page 146. page 148. page 149. Configuring HTTP Acceleration You can use the WebUI to enable HTTP Acceleration and carry out most of the advanced configuration. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Un d er s tan d in g Web A cc el er a ti on 145 Enabling and Disabling HTTP Caching By default, HTTP Caching is disabled. To Enable or Disable HTTP Caching: 1. Click the follwing: Services-->Web Acceleration--> HTTP Acceleration->Configuration. 2. In the HTTP Acceleration field, select Enable from the drop-down menu to enble HTTP Caching. To disable, select Disable. Settting the Cache Size To set the Cache Size: 1. Click the following: Services>Web Acceleration> HTTP Acceleration>Configuration. 2. In the Cache Size field, enter a number to represent the size allotment for the cache (between 1 and 60 MB). Setting Cache Content To set the type of content to be cached: 1. Click the following: Services> Web Acceleration> HTTP Acceleration>Configuration. 2. In the Cache content field, scroll down to select one of the following types of content to be cached. Enterprise caches all traffic from links and virtual links. Internet caches all traffic on the non-link. All caches all traffic, be it link, virtual link or non-link. Clearing HTTP Cache To clear the HTTP acceleration cache: 1. Click the following: Services > Web Acceleration> HTTP Acceleration>Configuration. 2. Click the Clear Cache button. R ev isi o n 2. 0 146 C h ap t er 6: Optimizing Acceleration Services Returning to Default Settings To return HTTP Acceleration settings to factory default: 1. Click the following: Services > Web Acceleration> HTTP Acceleration>Configuration. 2. Click the Set Default Values button and click Yes when prompted. Setting Advanced HTTP Parameters To open the Advanced HTTP Parameters menu: 1. Click the following: Services > Web Acceleration> HTTP Acceleration>Configuration. 2. In the Advanced HTTP Parameters menu, click the + in the menu bar. 3. The Advanced HTTP Acceleration Configuration opens, letting you set the following parameters as shown in the following table: Parameter Item Description Connect Timeout The time period (in seconds) that should pass before disconnection (default: 60). To set the Connect timeout, fill in a number (between 1 and 600 seconds) in the field Maximum Cache Object Size Sets the Maximum size an object can be in order to be held in the cache. Object larger than this number are not held. This parameter is set in KB. To set the Maximum Cache Object Size, enter a number between 1 and 1,000,000 KB. By default, the size is 102,400 KB. Note that the Maximum Cache object size must be larger than the Minimum Cache object size. Minumum Cache Object Size Sets the Minimum size an object can be in order to be held in the cache. Object smaller than this number are not held. This parameter is set in KB. To set the Minimum Cache Object Size, enter a number between 1 and 1,000,000 KB. By default, the size is 102,400 KB. Note that the Minimum Cache object size must be smaller than the Maximum Cache object size. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Un d er s tan d in g Web A cc el er a ti on Parameter Item Description Maximum Client Connect Time Sets the ammount of time the client (browser) can be connected to the cache process before a timeout is initiated. This is merely a safeguard against clients that disappear without properly shutting down. It is designed to prevent a large number of sockets from being tied up in a CLOSE_WAIT state. The default for this option is 1440 minutes, or 1 day. Acceptable values are between 1 and 5,000 minutes. To set the Maximum Client Connect time, enter a number in the field between 1 and 5,000 minutes Persistant Timeout Sets the amount of time to wait for an HTTP request from the client after the connection was established, or after the last request was finished. It is set in seconds with acceptable values between 1 and 10,000 seconds. To set the Persistent Timeout value, eter a number between 1 and 10,000. Transparency This command configures the status of the interception proxy. The interception proxy can be configured as transparent (namely, the proxy server’s IP address will not be detected by sniffing). Three statuses are possible: Semi—applying transparency only on the Client side. Full—applying transparency on both the Client and the server sides. Auto—setting the transparency status automatically according to deployment, namely: Semi in On-LAN deployment and Full in On-Path deployment. To set the transparency mode, select one of the options from the drop-down menu Port Transparency When enabled, preserves the origional client’s source port informaiton. By default, this is disabled. When Transparency (above) is set to either Semi or Auto in an On-Lan deployment scenario, it is not recomended to set this feature to enable. TCP Acceleration When TCP Acceleration is configured in the TCP Acceleration menu, you must also enable this parameter in order for the acceleration to work correctly. By default, TCP Acceleration is disabled, but to enable TCP Acceleration, select Enable from the drop-down menu. Cache Authenticated Requests Lets you define whether to cache data that arrives from authenticated servers, such as authentication requests. If you set this option to Enable, the data from such servers is cached even if no Public indication was set in the authenticated server. If any other condition exists, which prevents the data from being cached (for example: a Private flag), the data is not be cached, but it is still accelerated. Collect Statistics Lets you start or stop the statistics collection. (Supposed to be removed) 147 R ev isi o n 2. 0 148 C h ap t er 6: Optimizing Acceleration Services Parameter Item Description Server Ports Table The list in this table represents the port numbers that will be intercepted by HTTP Acceleration. By default Port 80 is used for HTTP traffic. Using this table, you can add additional nonstandard HTTP ports. Make sure the port number you add is not used for other types of traffic. Enable Proxy Server Select this box to enable the proxy server. If this box is selected, you can set manually the proxy IP address and the proxy port number. Setting HTTP Acceleration Rules The HTTP Acceleration Rules screen lets you configure Direct and No Cache rules supported by HTTP acceleration. To set HTTP Acceleration rules: 1. Click the following: Services > Web Acceleration> HTTP Acceleration>Rules. 2. In the Type field, scroll down to select either Direct Rule or No Cache Rule. You should enter regular expressions in the edit fields of both rules. The expression entered in Direct Rule should be valid on a URL, and determines that all requests that match this expression are always forwarded directly to the origin server, without using the proxy server. For example: if you apply rule direct avaya, all requests that match the avaya regular expression are forwarded directly to the origin server. The expression entered in No Cache rule determines that traffic directed to a specific URL, which matches this specific expression (for example: no cache avaya) is neither cached nor retrieved from the cache, and after the traffic is retrieved from the server it will not be cached. In both cases (Direct and No Cache rules) you can define multiple rules. See the diagram below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Un d er s tan d in g Web A cc el er a ti on 149 Excluding from Caching via the WebUI You can use the WebUI to exclude certain components of the traffic from either HTTP or FTP caching. To exclude from HTTP caching: 1. Click the following: Services > Web Acceleration> HTTP Acceleration>Exclusion. 2. In the Exclude by drop-down list choose whether to exclude by IP address, Subnet or Hostname. 3. If you select to exclude by IP address, check the appropriate button to indicate whether this IP Address comes from the Client or from the Server. 4. Enter the IP address you want to exclude. 5. If you previously selected the Server option, select now whether to let AcceleratorOS assign a port number for you, by selecting the All option, or enter a specific port number (preferably 80). 6. Click the Add button. 7. To exclude by Subnet, repeat steps 3. to 6. The only difference is that you have to enter the subnet mask as well. 8. To exclude by Hostname, repeat steps 3. to 6. This option also requires you to enter a Hostname. To enable excluding by Hostname, you first have to configure a DNS that resolves the hostname. For details, see Configuring DNS, on page 257. Configuring FTP Acceleration R ev isi o n 2. 0 150 C h ap t er 6: Optimizing Acceleration Services Enabling and Disabling FTP Caching By default, FTP Caching is disabled. To Enable or Disable FTP Caching: 1. Click the follwing: Services>Web Acceleration>FTP Acceleration>Configuration. 2. In the FTP Acceleration field, select Enable from the drop-down menu to enble FTP Caching. To disable, select Disable. Settting the Cache Size To set the Cache Size: 1. Click the follwing: Services>Web Acceleration> FTP Acceleration>Configuration. 2. In the Cache Size field, enter a number to represent the size allotment for the cache (between 1 and 60 MB). Setting Cache Content To set the type of content to be cached: 1. Click the following: Services > Web Acceleration> FTP Acceleration>Configuration. 2. In the Cache content field, scroll down to select one of the following types of content to be cached: Enterprise caches all traffic from links and virtual links. Internet caches all traffic on the non-link. All caches all traffic, be it link, virtual link or non-link. Clearing FTP Cache To clear the FTP acceleration cache: 1. Click the following: Services > Web Acceleration> FTP Acceleration>Configuration. 2. Click the Clear Cache button. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Un d er s tan d in g Web A cc el er a ti on 151 Returning to Default Settings To return FTP Acceleration settings to factory default: 1. Click the following: Services > Web Acceleration>FTP Acceleration>Configuration. 2. Click the Set Default Values button and click OK when prompted. Setting Advanced FTP Parameters To open the Advanced HTTP Parameters menu: 1. Click the following: Services > Web Acceleration> FTP Acceleration>Configuration. 2. In the Advanced FTP Parameters menu, click the + in the menu bar. The Advanced FTP Acceleration Configuration opens, letting you set the following parameters as shown in the following table: Parameter Item Description Connect Timeout The time period (in seconds) that should pass before disconnection (default: 600). Localization Lets you enable or disable the option to view files in languages that require Unicode characters, such as Chinese. Minimum Cache Object size Lets you set a default for the minimum size of the cache object (0-5000KB, default: 1024). Cache per User Ascribes a cache object to a single user. Namely, when a specific user accesses a file from the server, the file is cached per this user, and the next time a user with the same user accesses the file, it is served from the cache. However, for anyone who logs in with a different user name, the file is fetched directly from the origin server and not from the cache. Transparency Sets the interception proxy as transparent (namely, the proxy server’s IP address will not be detected by sniffing), on both the Client and the Server sides. R ev isi o n 2. 0 152 C h ap t er 6: Optimizing Acceleration Services To Exclude from FTP Caching: 1. Click the following: Services > Web Acceleration> FTP Acceleration>Exclusion. 2. In the Exclude by drop-down list choose whether to exclude by IP address, Subnet or Hostname. 3. If you select to exclude by IP address, check the appropriate button to indicate whether this IP Address comes from the Client or from the Server. 4. Enter the IP address you want to exclude. 5. If you previously selected the Server option, select now whether to let AcceleratorOS assign a port number for you, by selecting the All option, or enter a specific port number (preferably 80). 6. Click the Add button. 7. To exclude by Subnet, repeat steps 3. to 6. The only difference is that you have to enter the subnet mask as well. To exclude by Hostname, repeat steps 3. to 6. This option also requires you to enter a Hostname. To enable excluding by Hostname, you first have to configure a DNS that resolves the hostname. For details, see section Configuring DNS, on page 257. Configuring DNS Acceleration The Accelerator’s Domain Name Server (DNS) Acceleration plugin enables the Accelerator to act as a DNS caching device. By intercepting DNS requests and saving them on the local Accelerator, the DNS caching feature shortens the amount of time an end user waits for Web pages to appear and lessens unnecessary requests from your network to the Domain Name Server asking for Domain Name translations into IP addresses. DNS Caching is extremely useful when the DNS server that the clients are accessing is across the WAN over a high-latency link. Configuring DNS Acceleration You can use the WebUI to set all parameters relevant for DNS acceleration and DNS masquerading. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Un d er s tan d in g Web A cc el er a ti on 153 To set the DNS parameters: 1. Under Services click DNS Acceleration. 2. In the Parameters section, select first whether to enable DNS masquerading. DNS masquerading enables the Accelerator to intercept traffic sent from the Client to the DNS server and back, and masquerade the DNS response’s address. The translation of host names into the Accelerator’s user-defined addresses is defined in the next section of this screen - the Static Hosts table. 3. Select whether to enable DNS acceleration, namely: let the Accelerator cache the DNS addresses, thereby eliminating repetitive queries over the WAN. 4. Select whether to use Accelerator DNS, thereby defining the Accelerator as a DNS client. By so doing, the Accelerator will always intercept traffic and use its setting to process it, even if that traffic was sent to another DNS server. If you enable this option, you have to configure a domain name server under Setup > Networking > DNS. For details, see Configuring DNS, on page 257. 5. Use the Transparency field to select the appropriate transparency method: Semi—the traffic is transparent to the Client, but the server sees it as coming from the Accelerator. Full—the traffic is transparent to both the Client and the Server. R ev isi o n 2. 0 154 C h ap t er 6: Optimizing Acceleration Services Auto—the transparency is determined automatically according to the deployment level: either Semi (in On-LAN deployment) or Full (in On-Path deployment). 6. Use the Min TTL field to determine whether to keep the Time-to-leave settings defined by the DNS server (Preserve TTL) or set your own settings (1-1440 minutes). If the TTL settings you defined here are longer than those set by the DNS Server (for example: 60 minutes compared with 10 minutes, respectively), for any period between these two values (as, in this example, 20 minutes) the Accelerator does not use the DNS Server’s address and takes the address from its own cache. To view the statistics for the queries since the last time the DNS Acceleration feature was enabled, use the Statistics (lowermost) section of the DNS Acceleration screen. 7. Use the Cache Size field to define the maximum number of records that are to be kept in the cache. You can either select Auto to keep the system-defined default, or select your own value. To edit the Static Hosts table: 1. Click DNS Acceleration, and click the + to open the Static Hosts Table. 2. Click the Add button. The Add New Static Host dialog box opens. 3. In the Host Name field, enter the requested host name (for example: www.expand.com). 4. In the IP Address field, enter a user-defined masquerading IP address the Accelerator will use for the host name you had just entered. 5. Click Submit. To edit the static host details, click on the host’s IP address. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Un d er s tan d in g Web A cc el er a ti on 155 To delete a static host from the table, click anywhere on the host’s row to select it and then click Delete. R ev isi o n 2. 0 156 C h ap t er 6: Optimizing Acceleration Services Enabling Citrix Acceleration Citrix Acceleration optimizes applications by using small packets such as Citrix, rdp, and telnet. To configure Citrix Acceleration for such optimizations, match application to class and enable the class on all links. To define advanced configuration settings, such as class configuration and link-specific settings, use the CLI. The application names are predefined in the system. To add a new application, use the Setup > My Applications menu. The aggregation classes are as follows: Citrix—enables Citrix acceleration on Citrix, telnet and ms-terminalserver applications. Default—enables Citrix acceleration on small-packet, encrypted applications such as pop3s, https and ftps. Custom 1—enables Citrix acceleration on a specific, user-defined link. Custom 2—enables Citrix acceleration on a specific, user-defined link. To add a new match between an application name and an application class: 1. Select an application name from the Select Application drop-down list. i 2. Select an aggregation class from the Select Class drop-down list. 3. Click Add. The new match now appears in the Matching Application to Class table. NOTE: The Citrix Acceleration screen lets you apply Citrix aggregation only on all links. To apply Citrix aggregation on a specific link, use the Post Acceleration Aggregation section of the My Links table under Setup tab. For details, see section Editing Existing Links, on page 263. To apply a specific Citrix aggregation class on all links: 1. Select the Enable option for the relevant class. 2. Click the Apply to All Links button. 3. When prompted whether you want to configure Citrix acceleration on all links, click OK. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e E na b lin g C itrix A cc el era ti on 157 R ev isi o n 2. 0 158 C h ap t er 6: Optimizing Acceleration Services Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chapter 7: Configuring and Managing WAFS This chapter introduces you to the Wide Area File Service feature and shows you how to use it and manage it to streamline your buisness while maintaining control over important company documents. Topics covered in this chapter include: Introduction to WAFS Getting Started with WAFS Enabling WAFS Configuration Configuring the Data Center and Branch Office Installing the License File WAFS Management and Operation Modes Managing the Data Center Setting Advanced FileBank Features Replication Service Printing Services for the FileBank Using WAFS Printing Services WAN-OUT Operation DNS Masquerading Monitoring WAFS Functionality Troubleshooting 160 C h ap t er 7: Configuring and Managing WAFS Introduction to WAFS WAFS stands for Wide Area File Service, namely: remote users who access files over a WAN, such as branch office or mobile users accessing centralized storage. Such users often experience poor performance when trying to access files that are stored in a central location. Expand Networks’ WAFS solution allows users fast and efficient access to centralized storage by using intelligent, dynamic caching. i NOTE: This feature is only supported on Accelerators with a hard drive. If your Accelerator does not have a hard drive and you want to have WAFS functionality, contact your supplier. Expand Networks’ WAFS Solution Designed specially for distributed organizations, Expand's intelligent, dynamic caching solution allows users fast and efficient access to centralized storage. Expand enables global and fully secure direct file access to users at multiple sites, as if they were at the same site as the files, eliminating the need for local file servers and unreliable backup procedures. By consolidating corporate resources, IT managers regain total control of enterprise-wide storage, eliminating the cost and complexity associated with remote system administration, replication, backup and maintenance. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e I nt r o d u ct io n t o WAF S 161 The corporate Data Center is equipped with an Expand FileBank Director, and each remote site (requiring access to the center) is equipped with an Expand FileBank. Once these hardware devices are installed, branch office users can immediately work with files located in the Data Center, with the same speed level and efficiency as if they were working on their local file server. Expand uses a patent-pending file system technology that allows direct access to files located in distributed file storage architectures throughout the enterprise. Network architecture can be deployed as a private network of leased lines, or a virtual private network (VPN) that utilizes the public Internet in a secure way. Expand provides the following features and benefits: Centralization of storage and backup resources Synchronous, reliable file operations LAN-like performance WAN Consumption optimization Ease of installation and management Seamless integration Native security support Many-to-many architecture Integrated Branch IT Services High resilience R ev isi o n 2. 0 162 C h ap t er 7: Configuring and Managing WAFS Expand's pass-through authentication technology seamlessly ensures enforcement of enterprise policies such as user authentication, access rights verification and quota management support. Expand devices use regular LAN and power connections. Configuration is simple, and no infrastructure changes are required. No client software is installed on the Data Center file servers or on any of the remote office workstations. Supported Servers File Servers Microsoft Windows® NT Server 4.0 SP3 and above Microsoft Windows® 2000 Server Microsoft Windows® 2003 Server Network Device Filer series (ONTAP 6.x & 7) Authentication Servers Windows NT Server 4.0 Primary Domain Controller (PDC) Windows NT Server 4.0 Backup Domain Controller (BDC) Windows 2000 Server Active Directory Domain Controller Windows 2003 Server Active Directory Domain Controller Supported Clients Microsoft Windows® NT Workstation 4.0 Microsoft Windows® 2000 Microsoft Windows® XP Professional Expand Hardware Device Specifications The Expand solution is available as an installed device (FileBank Director and FileBank). Ac ce ler at o rOS 6 .1 .2 Us er Gui d e I nt r o d u ct io n t o WAF S 163 When planning the hardware specification for the FileBank and FileBank Director, disk capacity is an important consideration, especially in consolidation environments. Most of the device disk capacity is allocated for maintaining the cache optimization state. In general, the chances that a file is available on a FileBank cache improve with cache partition size. However, because the cache is merely an optimization layer (meaning, the files are always available on the file server), its size does not have to be equal to the size of the total data set. Various approaches exist for estimating optimum FileBank disk capacity, the most common of which are as follows: Complete data set size (migrated from the legacy file server) Working set size (for example: 30% of complete data set) Per number of branch users (for example: 0.5GB x number of branch users) The FileBank Director is connected On-LAN to the file servers, and therefore its cache state is less critical than that of the remote branch FileBank, which is connected over the narrow-bandwidth, high-latency WAN. FileBank Director disk capacity planning should take into account the percentage of data that is shared between branches (that is, the level of inter-branch collaboration), and a size estimation of the working set. As a rule of thumb 10-20% of the accumulated branch FileBank cache is sufficient. Both FileBank and FileBank Director employ LRU (Least Recently Used) cache management, so a dynamic, working-set cache is always maintained. Domains The FileBank acts as a server in the Windows Domain hierarchy. Windows Clients at the remote office will see the FileBank as part of this domain when connecting to the network, and after appropriate mapping. When configuring the FileBank for the first time, you are asked which domain to join, so obtain the domain name in advance. In order to perform the join operation, a user with sufficient access rights is required, namely: a user that is part of the domain adminstrators’ group. R ev isi o n 2. 0 164 C h ap t er 7: Configuring and Managing WAFS Authentication Identify the name of the authentication server. The authentication server must be a Windows NT/2000/2003 server that can authenticate users accessing the domain (Windows NT v4.0 Primary/Backup Domain Controller or Windows 2000/2003 Active Directory Server). i NOTE: You are advised to utilize the domain controller of the local remote branch office, when applicable. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e G et ti n g Start ed w i t h WAF S Getting Started with WAFS 165 Overview The main steps for configuring the Data Center are as follows: 1. Enabling WAFS Configuration, on page 166 - to prepare the Accelerator for WAFS Services. 2. Configuring the Data Center and Branch Office, on page 174 - to specify the file bank and file bank director 3. Installing the License File, on page 184 - to install the license file 4. FileBank Categories, on page 188 - to start the WAFS service Note that the order that these steps are taken does matter and performing these steps out of sequence may result in the WAFS services not running. Make sure that you finish a step before proceeding to the next one. R ev isi o n 2. 0 166 C h ap t er 7: Configuring and Managing WAFS Enabling WAFS Configuration There are three steps that need to be done in order to enable WAFS configuration: Configuring the File Server/Domain Controller Defining Network Settings Enabling WAFS Operation Mode Configuring the File Server/Domain Controller Configuration of the File Server/Domain Controller consists of the following steps: Defining the shared directories on the File Server, from which remote and local users can access files Changing the Login scripts (if any are used within your organization) Defining Shared Directories To let users access a specific shared directory: 1. Right-click the folder you want to share (using Windows Explorer, My Computer, or any other Windows convention) and select Properties and the New Share Properties dialog box opens. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e E n ab li ng WA F S C o nf ig u r a ti on 167 2. Click the Sharing tab and define share properties. 3. Repeat this procedure for all directories you want to share. Defining User Permissions To define which users can access the shared directory: 1. Click the Permissions button on the Share Properties dialog and the Permissions for New Share dialog box opens. R ev isi o n 2. 0 168 C h ap t er 7: Configuring and Managing WAFS 2. Add the users who are allowed to access the shared directory and define permissions for each user. 3. Click OK and proceed to the next step, Defining Network Settings. Defining Network Settings To define the network settings, use either the Accelerator 6940 front-panel LCD or the CLI command line. i NOTE: AcceleratorOS v6.xx should be displayed, where xx is the maintenance release number (for example 6.00) in addition to a status display (Ready, Bypass, or various error messages.). To prepare the Accelerator to work in WAFS mode: Follow these steps to establish the WAFS services: 1. Log in to the AcceleratorOS WebUI. 2. Enter the setup wizard. The AcceleratorOS setup wizard appears: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e E n ab li ng WA F S C o nf ig u r a ti on 169 3. If you do not intend to define a link on this device (namely, to use the device as an Accelerator), press Cancel and continue with the FBD configuration. 4. In the dialog box that appears, click OK to confirm the closure operation. 5. In the Basic tab of the My Accelerator screen, fill-in the device name as shown below and click Submit. R ev isi o n 2. 0 170 C h ap t er 7: Configuring and Managing WAFS 6. Move to the Time tab to enter your local time settings. You are advised to set the Accelerator’s time and date manually (default). 7. Select Setup > Networking, and then go to the DNS tab. This tab lets you configure the domain name server. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e E n ab li ng WA F S C o nf ig u r a ti on 171 8. Fill-in the domain name in the Domain Name field. 9. In the Domain Name Table pane, click Add to add the domain name. In the dialog box that opens now, enter the domain name(s) for the servers in the order of preferential usage and click Submit. 10. Selct the IP Domain Lookup type as Enable. 11. Type the domain name server IP address in the field and click Apply. Enabling WAFS Operation Mode To enable the WAFS Operation Mode: 1. Select Services > WAFS. 2. Select File-Bank Director as WAFS operation mode, as shown below: 3. Click Submit. 4. Use the dialog box that appears now to confirm the creation of the WAFS service. 5. The next dialog box prompts you to execute write configuration and perform reboot to enable creation of WAFS service. 6. Click OK and then click the Write command at the top of the screen (encircled below): R ev isi o n 2. 0 172 C h ap t er 7: Configuring and Managing WAFS 7. Click Close. 8. Select Tools > General Tools and click the Reboot button to apply your new settings. 9. In the dialog box that appears now, click OK to confirm the reboot operation. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e E n ab li ng WA F S C o nf ig u r a ti on 173 Excluding Servers or Subnets from WAFS It is possible to exclude specific servers or subnets from receiving the benefit of WAFS services. To exclude servers or subnets: 1. From the Services Menu, click WAFS, then click Exclusion 2. In the Exclude by field select: IP address, Subnet, or Host name. 3. Select either client or server side. 4. Enter a valid IP address and click Add. To delete an entry in the exclude table: 1. Select the row of the entry. 2. Click Delete. R ev isi o n 2. 0 174 C h ap t er 7: Configuring and Managing WAFS Configuring the Data Center and Branch Office There are two components to the Data Center: the File Bank Director, and the File Bank. When put on the network, they work together to create a virtual file server system, in order to accelerate company file sharing as shown in the diagram below. The WAFS screen lets you view the current WAFS operation mode: either FB (FileBank) or FBD (FileBank Director). In addition, this screen lets you select whether to enable WAFS transparency. If you enable this feature, the FB will poll the FBD for all file servers it recognizes, as well as each server that is added or removed. All IP addresses of these file servers are resolved, and all traffic destined to the servers is redirected to the Accelerator. In order for the data center to function, the following steps need to be done: Setting Up the File Bank Director Setting Up the File Bank Setting Up the File Bank Director You should run the Setup Wizard prior to activating the FileBank Director, as part of the initial FileBank Director installation. You can later use the FileBank Director Administration GUI for modifying any of the installation parameters. The Setup Wizard lets you set up FileBank Director in several simple steps. (In the last step, you have the option of modifying parameters before accepting them.) To run the setup wizard for the File Bank Director: 1. Make sure you are logged into the machine you want to set as file bank director. 2. From the AcceleratorOS Home Page, select Services > WAFS. 3. In the WAFS Operation Mode field, choose File-Bank Director from the dropdown menu. 4. You will notice that the WAFS Configuration button is now enabled. Click this button to enter the WAFS Management screen. i NOTE: WAFS Management is a pop-up window, and therefore you need to allow blocked content (pop-up) to be able to display it. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C on f ig u r in g t h e D ata C en t er an d B r an ch O f f ic e 175 5. Click Setup Wizard in the Left Window Pane to envoke the Setup Wizard. The wizard has four main screens: File Server Settings - the one that is open now Summary Confirmation and Application 6. Proceed to the next section, File Server Settings. File Server Settings In this section you will set the Domain Settings. File Server Name Here Alias Here R ev isi o n 2. 0 176 C h ap t er 7: Configuring and Managing WAFS To set the File Server settings: 1. In the fields indicated in the window above, Type in the names of the servers and their aliases. The alias field is optional. When an alias is not defined for a file server, the default alias will be the FileBank Director’s host name. 2. Click Next >> to proceed to the next section, Summary, on page 176. Summary In this section you see the settings that you made from the previous section, File Server Settings, as shown here in the diagram. At this stage the wizard displays a summary of all parameters entered during setup, prior to applying them to the FileBank Director. To confirm the settings: 1. Review the list for any possible errors. If you see an error, click Setup Wizard and make necessary changes. 2. To accept all parameters and configure the FileBank Director device, click Apply. 3. Proceed to the next section, Confirmation and Application. Confirmation and Application The following screen appears to allow you to restart the Accelerator and apply the settings. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C on f ig u r in g t h e D ata C en t er an d B r an ch O f f ic e 177 To apply the settings: 1. To apply the settings, click Restart. To confirm all changes have been made sucessfully, a confirmation screen appears. R ev isi o n 2. 0 178 C h ap t er 7: Configuring and Managing WAFS 2. Install the license as directed in Installing the License File, on page 184. 3. Once the license is intalled go to the machine that will be the File Bank and follow the directions as described in Setting Up the File Bank, on page 178. Setting Up the File Bank You should run the Setup Wizard prior to activating the FileBank, as part of the initial FileBank confiuguration. You can later use the FileBank Administration GUI for modifying any of the installation parameters. The Setup Wizard lets you set up a FileBank in several simple steps. (In the last step, you have the option of modifying parameters before accepting them.) Once Setup is complete, you need to install the license. Overview To configure the branch office: 1. Connecting the FileBank device to the branch office LAN. 2. Setting up the FileBank device. For details, see section Setting Up the File Bank, on page 178. 3. Configure the client computers. To run the setup wizard for the File Bank: 1. Make sure you are logged into the machine you want to set as file bank. 2. From the AcceleratorOS Home Page, select Services > WAFS. 3. In the WAFS Operation Mode field, choose File-Bank from the drop-down menu. 4. You will notice that the WAFS Configuration button is now enabled. Click this button to enter the WAFS Management screen. i NOTE: WAFS Management is a pop-up window, and therefore you need to allow blocked content (pop-up) to be able to display it. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C on f ig u r in g t h e D ata C en t er an d B r an ch O f f ic e 179 1. Click Setup Wizard in the Left Window Pane to envoke the Setup Wizard. The wizard has four main screens: File Server Settings File Bank Director Settings Summary Confirmation and Application 2. Proceed to the next section, File Server Settings. Domain Settings In this section you will set the Domain Settings. R ev isi o n 2. 0 180 C h ap t er 7: Configuring and Managing WAFS To set the domain settings: 1. After the screen appears, fill in the fields with the correct information as shown below: Windows Domain—this is the domain that you will use to connect to the File Bank. You will need to have administrator’s username and password in the screen that follows (see Summary, on page 182) in order to set this parameter. Authentication Server—supply the name of the domain controller. Make sure the name you use is known to the DNS. Virtual Server Prefix—If you are not using WAFS transparency, you should add a prefix to the server’s name so that all requests to the file bank (FB) are directed to the VFS and not to the actual server. You may also add a suffix. Note that this prefix is added to all servers. Virtual Server Suffix—If you are not using WAFS transparency, you should add a suffix to the server’s name so that all requests to the file bank (FB) are directed to the VFS and not to the actual server. You may also add a prefix. Note that this suffix is added to all servers. 2. Once you have filled in these fields, click Next >> and proceed to the next section, File Bank Director Settings, on page 181. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C on f ig u r in g t h e D ata C en t er an d B r an ch O f f ic e 181 File Bank Director Settings In this step, you define the file servers to be exported by the FileBank Director. To indicate the File Bank Director: 1. This step is critical because it will indicate to the File Bank which server or servers are to be the File Bank Director. Type in the names of the file bank director you indicated in File Server Settings, on page 175 and in the order indicated. If you mismatch these settings it may have an effect on user performance. 2. Click Next >> to proceed to the next section, Summary, on page 182. R ev isi o n 2. 0 182 C h ap t er 7: Configuring and Managing WAFS Summary At this stage the wizard displays a summary of all parameters entered during setup, prior to applying them to the FileBank Director. To confirm your settings: 1. Review the list for any possible errors. 2. To accept all parameters and configure the FileBank Director device, click Apply. 3. Proceed to the next section, Confirmation and Application. Confirmation and Application The following screen appears to allow you to restart the Accelerator and apply the settings. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C on f ig u r in g t h e D ata C en t er an d B r an ch O f f ic e 183 To apply your settings: 1. In order to assure that the File Bank is joined properly to the Windows domain that you set in Domain Settings, on page 179, the user that has administrative rights to the Windows domain should enter his/her username and password and click Join. 2. To apply the settings, click Restart. To confirm all changes have been made sucessfully, a confirmation screen appears. 3. Go to the next section, Installing the License File, on page 184. R ev isi o n 2. 0 184 C h ap t er 7: Configuring and Managing WAFS Installing the License File The <Default ¬¹ Font>Expand<Default ¬¹ Font> WAFS feature requires installing a valid license on both the File Bank Director and File Bank machines. The License Settings screen displays the current FileBank License status, which is Invalid at the initial setup stage (or if an earlier license has expired). Use this screen to attach a valid license file, which should be already available on your computer or on the network. To install a license: 1. After the system reboots, log in to the WebUI , click Services>WAFS> and click the WAFS Configuration Button 2. In the left window pane, under Utilities, click on License Settings. 3. Use the License Settings screen to attach a valid license file to the <Default ¬¹ Font>Expand<Default ¬¹ Font> device. The current License Status: "Valid" or "Invalid" is indicated on this screen. i NOTE: Without a valid license installed, the FileBank Director and the File Bank cannot function. 4. Use the Browse button to locate the license file on your system. 5. When the correct path to the file appears in the field, click Install. The license file is installed, and the License Status is updated on the screen. 6. If you have installed the license for the File Bank Director only, see Setting Up the File Bank, on page 178. If you have installed the license for both the File Bank Director and the File Bank you can now start the WAFS service and Ac ce ler at o rOS 6 .1 .2 Us er Gui d e In sta ll in g t he L ic en se F il e 185 proceed to FileBank Categories, on page 188For other WAFS topics, see the table below for additional information. To See Start, stop, restart, or reboot FileBank Categories, on page 188 Define or change File Bank Director settings Defining FileBank Director Settings, on Add or delete system users Managing System Users, on page 194 Add file servers Adding File Servers, on page 195 Change the compression filter setting Managing the Compression Filters List, Consolidate file services Replication Service, on page 209 page 193 on page 197 R ev isi o n 2. 0 186 C h ap t er 7: Configuring and Managing WAFS WAFS Management and Operation Modes This section discribes the management and configuration of the WAFS service under FileBank and FileBank Director operation modes. The following topics are discussed: The WAFS Management Screen FileBank Categories FileBank Director Categories The WAFS Management Screen In general the WAFS Management screen will look the same from both WAFS operation modes (FileBank or FileBank director). Unless indicated, the features described within will be for both modes. The WAFS Management screen is divided into the following sections: Status Bar—along the top Navigation Pane—on the left Workspace—the main area, on the right Clicking a selection from the navigation pane opens the relevant page in the workspace. The navigation pane is divided into the following main categories: System—for detailed description, see Setting Up the File Bank Director , on page 174 and Setting Up the File Bank, on page 178. File Services—for detailed description, see section Managing File Services, on page 192 Additional Services—(FileBank Operation mode only) for a detailed description, see Configuring Additional Services, on page 215. Utilities—for detailed description, see section FileBank Utilities, on page 190. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e WA FS M a n ag em en t a n d O pe r at i on M o de s 187 FileBank Director Categories The following sections describe the WAFS management screen work categories, as viewed when the WAFS operation mode is FBD (FileBank Director): FileBank Director System, on page 187 File Services, on page 188 FileBank Director Utilities, on page 188 FileBank Director System The System category includes the following subsections: Setup Wizard—lets you set up FileBank Director in several simple steps. Once Setup is complete, the FileBank Director can function. You should run the Setup Wizard prior to activating FileBank Director. All parameters set via the Setup Wizard can be modified within the GUI. For more information, see Setting Up the File Bank Director, on page 174. Boot services—lets you control FileBank Director service and device status. Controlling the service status lets you start, stop or restart FileBank Director service. Controlling the device status lets you reboot or shut down the FileBank Director device. For more informaiton see Managing the Data Center, on page 191. R ev isi o n 2. 0 188 C h ap t er 7: Configuring and Managing WAFS File Services This section describes the following functions offered by FileBank Director: FileBank Director Settings—lets you define the Listen Port Assignments settings and set the FileBank Director ID. The TCP (data transfer) and UDP ("keep alive") ports are set to 4049 by default, but can be changed if necessary. System Users—used for managing internal users that are used by specific Expand services (for example: Replication Service). File Servers—to add file severs to be exported through the Expand WAFS solution and the FileBank Director, enter the file server name— and optionally an alias—in this screen. Filters—allow Expand to avoid unnecessary compression attempts on files that are already compressed, thereby improving overall system performance. Replication Services—the method by which the system can be set to optimize the handling of very large files over the bandwidth-limited WAN link. FileBank Director Utilities This section describes the FileBank Director utilities, which are as follows: System Diagnostics—lets you run a diagnostic test on the FileBank Director device to ensure that the device is working properly. The results of the test will be displayed in the Results area of this screen. Logs—lets you generate FileBank Director activity logs for monitoring, optimization, and troubleshooting purposes. License Settings—displays current FileBank Director license status (Valid/Invalid) and is used for attaching a valid license file if this was not done during Setup, or if an earlier license has expired. FileBank Categories The following sections describe the WAFS management screen work categories, as viewed when the WAFS operation mode is FB (FileBank): FileBank System, on page 189 File Services, on page 188 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e WA FS M a n ag em en t a n d O pe r at i on M o de s 189 Additional Services, on page 190 FileBank Utilities, on page 190 FileBank System The System category includes the following subsections: Setup Wizard—lets you set up FileBank in several simple steps. Once Setup is complete, the FileBank can function. You should run the Setup Wizard prior to activating FileBank. All parameters set via the Setup Wizard can be modified within the GUI. Boot services—lets you control FileBank service and device status. Controlling the service status lets you start, stop or restart FileBank service. Controlling the device status lets you reboot or shut down the FileBank device. FileBank Services This section describes FileBank File Services functions, which are as follows: FileBank Directors—displays the current FileBank Director(s) for the FileBank, and lets you add or delete FileBank Directors as necessary. Virtual Servers—lets you configure FileBank to automatically add a prefix and/or suffix to the original file server name defined at the FileBank Director site, to represent the local virtual server. This helps distinguishing the local virtual server name from the Central File Server name. Windows Domain—lets you join the FileBank to the domain, use domain administrator credentials (Username and Password), set the domain name, and add or delete authentication servers. Cache Settings—gives you cache statistics, and lets you control basic cache functionality: cache validation frequency, and manual cache invalidation. Fetch Settings—lets you define which data will be fetched from the Data Center for pre-population of the Cache. Once fetched, this data resides in the Cache and can be accessed immediately. Thus prepopulation optimizes first-time access to this data. System Users—lets you add and delete FileBank system users. Filters—provides smart filters to enhance performance and bandwidth optimization over the WAN. R ev isi o n 2. 0 190 C h ap t er 7: Configuring and Managing WAFS Replication Services—the method by which the system can be set to optimize the handling of very large files over the bandwidth-limited WAN link. Additional Services This section describes the FileBank Additional Services, which are: Print Services—you can configure FileBank to serve as the local branch print server. This screen lets you add network printers, view a list of already existing printers, and delete printers, as required. FileBank Utilities This section describes the FileBank utilities, which are as follows: System Diagnostics—lets you run a diagnostic test on the FileBank device to ensure that the device is working properly. The results of the test will be displayed in the Results area of this screen. Logs—lets you generate FileBank activity logs for monitoring, optimization, and troubleshooting purposes. License Settings—displays current FileBank License status (Valid/ Invalid) and is used for attaching a valid license file if this was not done during Setup, or if an earlier license has expired. System Statistics—displays a list of connected users, with their Session ID, Username, Group and Machine. To update the list, use the Refresh button. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e M a n ag in g t h e D ata C en t er Managing the Data Center 191 This section covers The following topics are discussed: Starting the Data Center, on page 191 Managing File Services, on page 192 Configuring FileBank Services, on page 199 Starting the Data Center If you have configured the File Bank and File Bank Director and have installed the license file on each machine you will need to start the WAFS service on each. In addition to starting the WAFS service, the following options can be performed: Start the File Bank Director Service Stop the File Bank Director Service Restart the File Bank Director Service Reboot the File Bank Director Device Shutdown the File Bank Director Device Note that, in order to start the WAFS services, you must follow this step. Caution should be made when stopping, starting, or restarting the WAFS service as this may interfere with other users who have work in progress. To start, stop, restart, reboot, or shutdown: 1. Access the Boot Services screen by clicking Boot Services under the System Menu lets you to control FileBank Director service and device status. R ev isi o n 2. 0 192 C h ap t er 7: Configuring and Managing WAFS 2. Perform one of the following actions: ! ! ! ! Start the File Bank Director Service—Click Start Stop the File Bank Director Service—Click Stop (See warning!) Restart the File Bank Director Service—Click Restart (See warning!) Reboot the File Bank Director Device—Click Reboot (See warning!) Shutdown the File Bank Director Device—Click Shutdown (See warning!) CAUTION! Stopping or Restarting the device while users are connected will interfere with their work in progress. CAUTION! If you click Reboot or Shutdown, there is no confirmation dialog so the operation is carried out immediately. Make sure you want to do this before clicking! Note too that if you reboot or shutdown while users are connected their work progress will be affected. Managing File Services This section describes File Services options, which are as follows: Defining FileBank Director Settings—for FileBank Director mode only, on page 193. Managing System Users, on page 194. Adding File Servers—for FileBank Director mode only, on page 195. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e M a n ag in g t h e D ata C en t er 193 Managing the Compression Filters List, on page 197. Replication Service, on page 209. Defining FileBank Director Settings The FileBank Director Settings screen lets you set the Listen Port Assignments and the FileBank Director ID. The TCP (data transfer) and UDP ("keep alive") ports are set to 4049 by default, but can be changed if necessary. FileBank Director Settings is also used for changing the FileBank Director ID in a multi FileBank Director environment—where each FileBank Director is automatically assigned its own, unique, integer ID. FileBank Director ID should not be changed once the system is running, because such a change will result in resetting the cache optimization state (namely, the cache associated with the initial ID will become obsolete). Also, if the ID is changed and matches the ID of another machine, errors will result. R ev isi o n 2. 0 194 C h ap t er 7: Configuring and Managing WAFS To change Listen Port Assignments: 1. Make sure you are using the FileBank Director WAFS operation mode. 2. From the WAFS left menu pane, under File Services select FileBank Director > Settings 3. Type in the new TCP value. 4. Type in the UDP value. 5. Click Apply. To change FileBank Director ID: 1. Make sure you entered the WAFS menu using FileBank Director Operation Mode. 2. From the WAFS left menu pane, under File Services select FileBank Director > Settings 3. Type in the new unique ID. It is best to write this ID down for future reference. 4. Click Apply. Managing System Users The System Users screen (File Services > System Users) is used for managing internal users that are used by specific <Default ¬¹ Font>Expand<Default ¬¹ Font> services (for example: Replication Service). Ac ce ler at o rOS 6 .1 .2 Us er Gui d e M a n ag in g t h e D ata C en t er 195 To add a user: 1. From the WAFS left menu pane, under File Services select System Users. 2. Fill in the new user's Domain Name, Username and Password. Verify the password by typing in the same password you entered in the Password field. 3. Click Add and the User’s information is added to the list at the bottom. To delete users from the current list: 1. From the WAFS left menu pane, under File Services select System Users. 2. Select the checkbox for the user, or users, to be deleted 3. Click Delete. Adding File Servers To add more file severs to be exported through the <Default ¬¹ Font>Expand<Default ¬¹ Font> WAFS solution and the FileBank Director, type in the file server name—and optionally an alias—in the File Servers screen (File Services > File Servers). i NOTE: When the FileBank Director is configured to export a DFS root, it is necessary to export all the participating DFS file servers on the FileBank Director side. R ev isi o n 2. 0 196 C h ap t er 7: Configuring and Managing WAFS To add a user: 1. Make sure that you entered the WAFS menu using FileBank Director Operation Mode. 2. Fill in File Server Name, and optionally an Alias 3. Click Add. To delete servers: 1. Make sure that you entered the WAFS menu using FileBank Director operation mode. 2. Fom the Exported File Servers section, select one or more checkboxes. 3. Click Delete. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e M a n ag in g t h e D ata C en t er 197 To Set a CIFS User: 1. Make sure that you entered the WAFS menu using FileBank Director operation mode. 2. In the Set a CIFS User section, fill in the following information: Domain Name User Name Password Verify Password—make sure the password you enter here matches the password you enter in the Password field. 3. Click Set. To delete a CIFS User: 1. Make sure that you entered the WAFS menu using FileBank Director operation mode. 2. This will clear all of the listed CIFS users. There is no confirmation and action will take place immediately. 3. Click Clear. Managing the Compression Filters List The <Default ¬¹ Font>Expand<Default ¬¹ Font> WAFS solution compresses data that travels across the WAN, to optimize performance. However, several file types are already compressed and cannot be compressed further. The compression filters allow <Default ¬¹ Font>Expand<Default ¬¹ Font> to avoid unnecessary compression attempts on files that are already compressed, thus improve overall system performance. The Compression Filters list (File Services > Filters) shows you all file extensions that the system will not attempt to compress. If you are using compressed files of a type that is not currently included on the Compression Filters list, you can add it. You can also delete extensions from the list, if you are sure that they are not compressed and were added by mistake. R ev isi o n 2. 0 198 C h ap t er 7: Configuring and Managing WAFS To add a filter: 1. From the WAFS left menu pane, under File Services select Filters. 2. Type in the file extension in the form *.xxx (where xxx is a three or four-letter fileextension). 3. Click Add. To delete filters: 1. From the WAFS left menu pane, under File Services select Filters. 2. Select one or more filter checkboxes. 3. Scroll down to the bottom of the Compression Filters list. ! ! 4. Click Delete. CAUTION! Do not delete filters that were included in the list by <Default ¬¹ Font>Expand<Default ¬¹ Font>! Files of these types are known to be compressed and do not require further compression. You should only delete a filter if was added by mistake. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e M a n ag in g t h e D ata C en t er 199 Configuring FileBank Services This section describes FileBank File Services functions that are only accesible through the FileBank Operation mode, which are as follows: FileBank Directors Virtual Servers Windows Domain Cache Settings Fetch Settings FileBank Directors To access the FileBank Directors screen, click File Services > FileBank Directors in the Navigation Pane (see figure below). This screen displays the current FileBank Director(s) for the FileBank, and lets you add or delete FileBank Directors as necessary. R ev isi o n 2. 0 200 C h ap t er 7: Configuring and Managing WAFS To add a FileBank Director: 1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. Enter the hostname. 3. Enter the TCP port number 4. Enter the UDP port number i 5. Click Add. NOTE: You may leave the TCP and UDP fields blank, in which case the default value - port 4049 - is applied to both. To delete a FileBank Director: 1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. Select one or more checkboxes of hostnames in the current FileBank Directors list 3. Click Delete. Virtual Servers You can configure FileBank to automatically add a prefix and/or suffix to the original file server name defined at the FileBank Director site, used for representing the local virtual server (File Services > Virtual Servers). This helps distinguishing the local virtual server name from the Central File Server name. i CAUTION! Virtual Server Name = File Server Alias + any prefix/suffix added here. If neither a prefix nor a suffix is defined, DNS Masquerading or WAFS Transparency must be activated, to avoid name resolution conflicts. For details regarding DNS Masquerading, see DNS Masquerading, on page 229. For details regarding WAFS Transparency, see section Managing WAFS Transparency, on page 535. The lower half of the screen lists Exported Virtual Servers and their connection status ("Connected"/"Disconnected"). Ac ce ler at o rOS 6 .1 .2 Us er Gui d e M a n ag in g t h e D ata C en t er 201 d To create the virtual server name: 1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. Type in a prefix and/or a suffix. 3. Click Apply. Windows Domain The Windows Domain screen (File Services > Windows Domain) is used for carrying out the following tasks: Joining the FileBank to the domain. Using domain administrator credentials (Username and Password) Setting the domain name Adding or deleting authentication servers. R ev isi o n 2. 0 202 C h ap t er 7: Configuring and Managing WAFS Cache Settings The Cache Management screen (File Services > Cache Settings) provides you with cache statistics, and lets you control basic cache functionality: cache validation frequency, and manual cache invalidation. Time to Live (TTL) settings These settings determine how often the FileBank verifies directories or file data with the FileBank Director. Time to Live applies only to directory listing and readonly files. Cache coherency is maintained regardless of these settings. Higher values mean better cache performance, whereas lower values mean that read-only data is more accurate. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e M a n ag in g t h e D ata C en t er 203 Invalidate Cache The Invalidate button resets the TTL for the cached information, thereby forcing the FB to validate the updated information with the EFS. i NOTE: Access to Data Center versions of cached files is verified prior to the invalidation. Cache files are not invalidated if Data Center versions are not available. System Users The System Users screen (File Services > System Users) lets you add and delete FileBank system users. R ev isi o n 2. 0 204 C h ap t er 7: Configuring and Managing WAFS To delete users from the current list: 1. Select the checkbox for the users to be deleted. 2. Click Delete. The Expand WAFS solution uses smart filters to provide additional performance and bandwidth optimization over the WAN. Two types of filters are listed on the Filters screen (File Services > Filters): Short Term File (STF) filters Compression filters STF Filters Short Term Files (STFs) are files that are saved locally on the FileBank and not sent to the central server. Use the STF Filter for files that exist for a short term and for any other files you do not want to be backed up on the central file server (for example: photos and media files). The STF Filter list displays all file extensions that the system is currently configured not to back up. You can add to or delete from this list as necessary. i NOTE: All Files that match the STF filter extensions selected are notbacked up. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S e t ti ng Ad va n ced Fi leB an k F ea tu r e s 205 S e t t i n g A d va n c e d F i l e B a n k Features This section covers advanced features that you can configure to the FileBank for added functionality. Topics covered include: Configuring the Fetch Mechanism, on page 205 Replication Service, on page 209 Replication Service Activation, on page 211 Configuring Replication Services, on page 212 Configuring Additional Services, on page 215 Configuring the Fetch Mechanism This section covers topics related to the Cache. Topics discussed in this section include: Fetch Mechanism Overview, on page 205 Fetch User, on page 206 Fetch Jobs, on page 206 Fetch Settings, on page 207 Creating Fetch Jobs, on page 208 Fetch Mechanism Overview The Fetch mechanism lets you pre-populate the FileBank cache with specific data sets from the data-center file server. Cache pre-population optimizes “first-time” data access to files and directories by utilizing the <Default ¬¹ Font>Expand<Default ¬¹ Font> advantage: once a particular data set is saved in the local FileBank cache, future requests for files from that set will require the transfer of minimal amounts of data over the WAN, speeding up service. Depending on the mode in which files are opened by Clients, FileBank synchronously validates that the cached data is updated, and acquires file locks on the Server. Although cache pre-population is not essential, for performance reasons it is strongly recommended that in file server consolidation scenarios you pre-populate the branch files working set as a minimum (for example: user home drives). i NOTE: File types that have been configured as Short Term Files (STF) or Replication files, are not pre-populated by the Fetch mechanism. R ev isi o n 2. 0 206 C h ap t er 7: Configuring and Managing WAFS Fetch User The fetch user is the internal user that performs the data pre-population on the cache. The fetch user must have sufficient security permissions to traverse the file system and read permissions for the files being transferred. You can configure the fetch user on the FileBank using the user CLI command, or the System Users option in the management web interface. Fetch Jobs The term Fetch jobs describes the entities that will be pre-populated onto the FileBank cache. A fetch job is defined by the path and the fetch user that will be used for fetching that path. The path is expressed in UNC format (starting with virtual server name), and the user command argument is entered in {domain\user} format. A fetch job can aggregate multiple paths under one entity (see the fetch jobs paths option). Activating a multiple path job effectively creates a fetch instance for each specific path. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S e t ti ng Ad va n ced Fi leB an k F ea tu r e s 207 Fetch Settings The Fetch Settings screen (File Services > Fetch Settings) controls the prepopulation of the Cache with specific data from the Data Center. Once fetched, this data resides in the Cache and can be accessed immediately. Thus pre-population optimizes first-time access to this data. The Fetch Settings screen lets you define which data will be fetched for pre-population. This screen lists Fetch Jobs and their current status. Fetch Jobs describe the entity that should be fetched (namely, a specific directory on a file server). For details, see section Creating Fetch Jobs, on page 208. Fetch Instances represent Job runs. For details, see section Creating Fetch Jobs, on page 208. R ev isi o n 2. 0 208 C h ap t er 7: Configuring and Managing WAFS Fetch Activation Once configuration is complete, you can activate the Fetch mechanism by running fetch jobs, and subsequently manage it by running fetch instances. Fetch Jobs are created with a single path. You can add paths as necessary, as described below. Creating Fetch Jobs Choose and start the fetch job you want to run. Each time a job is started a new Fetch instance is created. To create a Fetch job: 1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. In the Add Job area of the Fetch Settings screen (File Services > Fetch Settings), fill-in the following parameters: Vserver - as described in section Virtual Servers, on page 200. Path - a specific folder on a file server. Domain - as described in section Virtual Servers, on page 200. Username - as described in section System Users, on page 203. 3. Click Add. The new job is added to the list of Fetch Jobs. 4. Add one or more paths to this Fetch Job, as required, by typing the requested UNC path and priority, and then clicking Add. The paths are added to the Fetching Paths list, and are now part of this Job. 5. When you have added all necessary paths, click the Back to Fetch Settings link at the bottom of the screen. This link takes you back to the general Fetch Settings screen, for all Fetch Jobs. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S e t ti ng Ad va n ced Fi leB an k F ea tu r e s 209 To delete a Fetch job: 1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. Select the checkbox for the job. 3. Click Delete. To start a Fetch instance: 1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. In the Fetch Jobs list of the Fetch Settings screen, select the checkbox for the Job. 3. Click Start. An instance of the Fetch Job is started, and is added to the Fetch Instances list. To stop a Fetch instance: 1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. Select the instance in the Fetch Instance list. 3. Click Stop. To add Fetch instances: 1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. Fill-in the following parameters for the new user: Domain name Username Password 3. Click Delete. To delete Fetch instances: 1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. Select the checkbox for the instance. 3. Click Delete. Replication Service One of the main challenges resulting from the consolidation of file services in a data center, is how to grant users efficient access to very large files over the WAN, despite limited bandwidth and high latency. The Expand replication service R ev isi o n 2. 0 210 C h ap t er 7: Configuring and Managing WAFS addresses this challenge, by reducing bandwidth consumption at peak hours. With this feature, administrator-defined file types (such as. *.PST, *.GHO) are served locally at the branch by the FileBank virtual server, while a recurring replication process handles daily synchronization with the data center file server (at times of low WAN bandwidth consumption). When you create a new file (of a type that is replicated), this file is synchronously created on the central file server with its security metadata (namely ACLs), but without the actual file data. The file data is then updated asynchronously by the recurring replication process. The same principle applies to changes made to existing files. ! ! CAUTION! Replication is an asynchronous process, and as such, should be activated only for files used exclusively by the branch. Sharing replication files between branches can result in data loss. Replication service configuration includes the following parameters: Replication Replication Replication Replication User, on page 210 File Types, on page 210 Schedule , on page 211 Paths(optional), on page 211 Replication User The Replication User is an internal user that performs file replication for the system. The replication user must have sufficient security permissions for traversing the file system and writing permissions to replicate to the file server. The replication user is set both on the FileBank and on the FileBank Director. Replication File Types The Replication service handles replication on the basis of file extension (for example: *.mdb for Microsoft Access files), not file size. All files whose extension is on the list of Replication File Types are handled by the replication mechanism, regardless of their size. When changes are made to the list of Replication File Types, you must reboot the FileBank for the changes to take effect. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S e t ti ng Ad va n ced Fi leB an k F ea tu r e s 211 Replication Schedule Replication is programmed to run once a day to synchronize changes between the FileBank and the Data Center file server. You are advised to run replication at offpeak hours, when WAN bandwidth is least utilized. You define the time of day (UTC value) that replication starts, and you can also force a stop time (namely: stop the process even if replication is not complete). You can also run a non-scheduled replication at any time by using the Replication Start and Stop options, either over the web or through the CLI. i NOTE: AcceleratorOS supports only DNS masquerading and not WINS masquerading. Therefore, all clients who have NT 4.0 or earlier systems, which use WINS servers, need to have DNS servers as well to let us support them. i NOTE: Replication Start and End times are defined as UTC values. Replication Paths By default, the Replication Service searches the entire file system for files that correlate to the Replication File Types list. Alternatively, you may define specific paths to be searched (instead of the entire file system). The replication path can point either to a share or to a directory within a share. Defining replication paths results in a faster replication process. When using this option, files outside the specified paths are not replicated. i NOTE: When no replication paths are defined, the replication feature searches the entire file system for files to be replicated. However, once one or more replication paths are defined, the feature searches only on the defined paths. Replication Service Activation General system configuration must be complete before you activate replication. Once the service is activated, FileBank may be populated with the initial set of files. Service Activation on FileBank Director On the FileBank Director side, you need only to define the replication user and start the replication server that runs on the FileBank Director. Initial service configuration and activation are easily performed, by using either the FileBank Director web management or the replication setup command (CLI). R ev isi o n 2. 0 212 C h ap t er 7: Configuring and Managing WAFS Service Activation on FileBank On the FileBank side, service configuration includes defining: replication user, replication file types, and the daily Start time (the definition of replication paths, and of a Stop time, are optional, as described above). Initial service configuration and activation are easily performed, by using either the FileBank Director web management or the replication setup command (CLI). Once configuration is complete, the replication service must be enabled on the FileBank. Initial Pre-population of Large Files on FileBank Working with replication services on large files requires pre-populating the files located in the paths we want to replicate, before starting to work with the FileBank in the field. Pre-populating involves copying an initial, up-to-date "snapshot" of all qualifying replication files, from the file server that holds them. This "snapshot" consists of file data and metadata (for example: timestamps and security attributes). You can perform the initial pre-population by either running the replication start initial CLI command or using data migration tools (such as Robocopy, or Secure copy) to copy the files from the legacy branch file server to the FileBank virtual server. Once pre-population is complete, users can start working on the files. i i NOTE: File pre-population onto the FileBank is a prerequisite for working on the replication files. NOTE: Replication files that are on the file server but have not been prepopulated onto the FileBank cache are visible in directory listings, but are empty if opened. Configuring Replication Services The Replication Services screen (File Services > Replication Services) displays the current status of the Replication Service, and allows you to Start and Stop it. It also gives you access to the Replication User screen (see section Replication User, on page 210). For details of what the Replication Service does, see section Managing the Compression Filters List, on page 197. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e S e t ti ng Ad va n ced Fi leB an k F ea tu r e s i 213 NOTE: Before you can start the Replication Service for the first time, you must define a valid Replication User. For more details, see section Replication User, on page 213. Replication User The Replication User is an internal user that performs file replication for the system. The Replication User Screen (Replication Services > Replication User) displays the currently defined user, and lets you clear (in other words, delete) the current user, and/or set a different user. i NOTE: The Replication Service cannot function unless a valid Replication User is set. This user must have sufficient security permissions for traversing the file system and writing permissions to replicate to the file server. R ev isi o n 2. 0 214 C h ap t er 7: Configuring and Managing WAFS To set the replication user: 1. In the Replication Services screen (File Services > Replication Services), click the Replication User link. ! ! CAUTION! You should configure the same replication user on the FileBank and the matching FileBank Director. NOTE: The Replication Service cannot function unless a valid Replication User is set. This user must have sufficient security permissions for traversing the file system and writing permissions to replicate to the file server. i 2. Select the checkbox for the required user, and then click Set. To clear the current Replication User (without setting another): 1. In the Replication Services screen (File Services > Replication Services), click the Replication User link. The Replication User screen opens, showing the current user. 2. Click Clear. ! i ! CAUTION! You should configure the same replication user on the FileBank and the matching FileBank Director. The user is no longer the Replication User. NOTE: Using the replication services requires creating a new user.. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Pri nt i ng S erv ice s fo r th e F il eB an k Printing Services for the FileBank 215 Configuring Additional Services This section describes the FileBank Additional Services, which currently include the Print Services. Print Services You can configure FileBank to serve as the local branch print server. The Print Services screen (Additional Services > Print Services) lets you add network printers, view a list of already existing printers, and delete printers, as required. For additional information about print functions, see section Setting Advanced FileBank Features, on page 205. R ev isi o n 2. 0 216 C h ap t er 7: Configuring and Managing WAFS To add a printer: 1. Type in the printer name (preferably a descriptive name such as “Konica 7022”, “frontdesk” or “floor5”). 2. Type the printer URI(an identifying string such as socket://192.168.1.21:9100/.) 3. Enter a brief description to help other users identify the printer. 4. Click Add. The printer is added to the list of printers available to branch users (this list displays Name, Description, and URI). To delete a printer: 1. Select the checkbox near the name of the printer you want to delete. 2. Click Delete. Configuring Print Services (FileBank) Once FileBank is installed at the branch office, you can configure it to replace the existing local print server (or servers). FileBank includes the following features: Lets administrators manage network printers and upload end-user drivers through the Windows “Add Printer Wizard” Lets clients download and install drivers and printers via “Point'n'Print”, or install printer drivers locally Supports standard network printing protocols Can be connected directly to the printer Adding a Network Printer to FileBank The first stage when installing a new printer to the FileBank, is to set the printer entry and URI. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Pri nt i ng S erv ice s fo r th e F il eB an k 217 Assigning Printing Administrators Only assigned printing administrators can upload printer drivers. Printing administrators must be users with full access and write credentials on the central fileserver PRINT$ share. The default printing administrator values are: Administrator (individual) and @Administrators (group name). In many cases the default setting is not sufficient and you need to assing additional user(s) and groups. i NOTE: Group names must be prefixed with @. i NOTE: Printing administrators must posses full access and write credentials on the central fileserver Prints share. Point’N’Print Configuration Once you have defined printers, printing mode and printing administrators on FileBank, you can upload printer drivers to the print server. This Enables clients to use the “Point'n'Print” feature, which automatically installs the associated printer driver the first time they access a particular printer. Uploaded drivers are stored on the central file server and cached on the local FileBank (a valid network connection between the FileBank and the FileBank Director is required). R ev isi o n 2. 0 218 C h ap t er 7: Configuring and Managing WAFS The initial listing of printers in the FileBank Printers and Faxes folder, accessed from a Client, has no real printer driver assigned to it. The standard Windows Add Printer Wizard (APW), run from NT/2000/XP clients, is used for printer driver upload. NOTE: The existence of PRINT$ share on the central file server is a prerequisite for uploading/downloading printers drivers ("Point’n’Print"). i Uploading Printer Drivers 1. Log in to a workstation as a user who is also defined as a printing administrator. 2. Browse to the FileBank’s virtual server name, by doing one of the following: Open Network Neighborhood and browse to the virtual server name, OR Click Start > Run, and type in the UNC path of the virtual server: \\{virtual server name} 3. Open the Printers and Faxes folder, locate the printer you have added to FileBank, right-click on the printer icon, and select Properties (from the menu). You are trying to view the printer’s properties before a driver has been assigned to it, and therefore the dialog box shown below appears. ! ! CAUTION! Do not click Yes. 4. Click No. 5. Do one of the following: Install a new printer driver (thereby activating the Add Printer Wizard, see next step). OR Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Pri nt i ng S erv ice s fo r th e F il eB an k 219 If one or more drivers have already been installed, you can select one of these drivers from the drop-down list. (If no drivers have been installed this list will be empty.) 6. If installing a new driver, follow the Windows Add Printer Driver Wizard. 7. After driver upload is complete, perform the first client driver installation, as described in the next section. First Client Driver Installation After uploading a printer driver or drivers, you must perform the First Client Driver Installation. Once this initiation step is concluded, further clients are easily set up and should not require further attention. 1. Log in to any workstation as a user who is also defined as a printing administrator and has administrator rights on the workstation. 2. Browse to the FileBank’s virtual server name. 3. Right-click on the relevant printer, and select Connect from the menu. 4. The printer is added to the local Printer folder (you can verify this by clicking Start > Settings > Control Panel > Printers and Faxes). 5. use the following procedure to trigger the printer driver startup. Right-click on the printer and select Properties. i NOTE: If Connect still appears on the right-click menu, the driver is not yet installed. Return to step 3 above. R ev isi o n 2. 0 220 C h ap t er 7: Configuring and Managing WAFS On the Advanced tab, click Printing Defaults. Change the current page orientation (Portrait/Landscape) and click Apply. Restore original page orientation and click Apply. At this stage you may also want to set other printing defaults that will apply to all future clients wanting to carry out "Point’n’Print" driver installation. From now on, any client wanting to install this printer can just "Point’n’Print". Verifying Point’n’Print Installation After completing the above two stages, you are advised to verify that "Point'n'Print" is functioning correctly. 1. Log in to any other workstation (with permission to install drivers locally). 2. Locate the printer (Start > Printers and Faxes) and double-click it. 3. Verify that drivers are installed. i NOTE: If you are running Windows 2000, a dialog box may appear at this stage. 4. 5. 6. 7. Open the print queue for the printer. Print a test page. Verify that the print job is added to the print queue and prints out correctly. Verify that printer properties are visible (see the driver-specific fields) Manual Client Driver Installation Once you have defined your printers on the FileBank, you can optionally install printer drivers locally on workstations (without relying on "Point’n’Print"). 1. Log in to a workstation as a user who has administrator rights on the workstation. 2. Browse to the FileBank’s virtual server name, by doing one of the following: Open Network Neighborhood and browse to the virtual server name, OR Click Start > Run, and type in the UNC path of the virtual server: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Pri nt i ng S erv ice s fo r th e F il eB an k 221 \\{virtual server name} 3. Open the Printers and Faxes folder (Start > Printers and Faxes), locate the printer you have added to FileBank, right-click on the printer icon, and select Properties (from the right-click menu). You are trying to view the printer’s properties before a driver has been assigned to it. Therefore, the following message appears: 4. Click Yes. The Add Printer Wizard (APW) opens. 5. Select the driver to associate with the printer, install it and connect. Verifying Driver Installation To enable a client to use the FileBank as the print spooler, communicating by using IPP (Internet Printing Protocol): 1. Open the print queue for the printer. 2. Print a test page. 3. Verify that the print job is added to the print queue and prints out correctly. To verify driver installation for each Client: 1. Add a printer to the FileBank. 2. Log in to the workstation to which you to install a printer as the workstation’s administrator. 3. Browse to the Client’s Control Panel. 4. Open the Printers and Faxes folder (Start > Printers and Faxes). 5. On the File menu, click Add Printer. The Add Printer wizard opens. R ev isi o n 2. 0 222 C h ap t er 7: Configuring and Managing WAFS 6. Select the button Connect to a printer on the Internet or on a home or office network. 7. In the URL field, enter the URL for the printer in the following format: http://<FileBank's hostname>:631/printers/<printer’s name> 8. Click Next. 9. Select the appropriate driver to install, and use the wizard for completing the installation. 10. When done, print out a test page.r i NOTE: Installing the IPP printer drivers to a workstation does not require additional settings on the FileBank other than adding the IPP printer URL to the FileBank. i NOTE:Client side IP configuration does not support “Point’n Print.” To connect a printer to the FileBank server: 1. Connect the printer to the FileBank server via USB (or parallel port if no USB is available). 2. Use the WebUI to add a printer. Printing Setup Troubleshooting Issue: I cannot select a new driver to upload, the option is disabled. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Pri nt i ng S erv ice s fo r th e F il eB an k 223 1. Ensure that a PRINT$ share is defined on the central file server. 2. Verify that you are logged in as a printing administrator, with full read and write access to the PRINT$ share. 3. Ensure that this user is defined as a printing administrator (see section Assigning Printing Administrators, on page 217.) I get an Access Denied message when trying to upload drivers 1. Verify that PRINT$ share exists on the target's central fileserver. 2. Verify that you are logged in as a printing administrator with full read/write access on the PRINT$ share. 3. Verify that you have set the printing driver to server at the FileBank: > printing drivers set server and then repeat the driver upload procedure (see section Uploading Printer Drivers, on page 218). When I try to print out a test page I get one of the following errors: “Operation could not be completed” “Could not add a print job” R ev isi o n 2. 0 224 C h ap t er 7: Configuring and Managing WAFS 4. 5. 6. 7. 8. “Print test page failed” Ensure that you have initialized the printer by performing the first Client driver installation, before trying to print (see section First Client Driver Installation, on page 219). If the printer driver is not yet installed on the workstation, Ensure that you are logged in as an administrator for this workstation. Verify that the printer is connected and operational (look for errors such as network connection problems, paper jam and out of paper). Print jobs are not cleared from the queue (even after refreshing the queue) and are not printed Verify that the printer is connected and operational ((look for errors such as network connection problems, paper jam and out of paper). Verify that the printer’s URI is defined correctly on the FileBank, and that the printer supports the protocol given and is configured to acknowledge on the specific protocol (IP, port, protocol). Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Us in g WAF S P r in t in g S e r vi ce s Using WAFS Printing Services 225 Adding a WAFS Printer via Windows WAFS now lets you use the Windows Add Printer Wizard to add a Server printer on a remote computer. To add a Server printer: 1. Go to the Printers and Faxes section on the server from which you want to add the printer. 2. In the Printer Taks pane, click the Add a Printer button. The Add Printer Wizard dialog box appears: 3. The next screen lets you either select the port you want your printer to use or create a new port: R ev isi o n 2. 0 226 C h ap t er 7: Configuring and Managing WAFS 4. Select the option of creating a standard TCP/IP port. 5. Use the following dialog box to add a printer name or IP address and a port name. 6. Use the standard Windows wizard to continue with the installation. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e WAN-OUT Operation WA N - O U T O p e r a ti on 227 <Default ¬¹ Font>Expand<Default ¬¹ Font>’s WAFS solution includes support for WAN-OUT Operation mode, providing necessary business continuity for cases of temporary WAN outage. When a disconnection event is identified, the system automatically switches to WAN-OUT Mode. Cached Content During WAN-OUT mode all cached content is treated as valid, namely: all cached files are made available to users. However, because the FileBank Director is not in sync with the FileBank, all files that were already cached at the time of the disconnection event remain unchanged in cache until the system resumes normal operation. Therefore, when consulting the cache, TTL values are ignored. Accessing Files and Directories When an application tries to open a file, READ ONLY (RO) access is granted (provided applicable security). Any other access flags - such as WRITE, DELETE, TRUNCATE, CREATE are denied. Users opening files receive a notification as if they have a read-only permission to the file. Copying a file to the Client’s hard-drive is possible, along with all security and permission data, provided that the user has the applicable security to do so. In WAN-OUT mode all operations that attempt to change a file, a file system structure, or data are immediately responded with "Access Denied" by the FileBank. The system is programmed to release locks on the FileBank Director side after a configured period of time, for files that have been locked on the file server by the FileBank Director prior to the disconnection event. Security In WAN-OUT Mode, the system maintains all applicable security measures with respect to access authorization to data and files, hence users are able to open any of the files they are authorized for and that are in the cache for RO at all times in disconnection mode. Users that have been in a session prior to the disconnection event will not have to re-login during the entire process. New user sessions are subject to existence of branch domain control services. R ev isi o n 2. 0 228 C h ap t er 7: Configuring and Managing WAFS Partially Completed Transactions A disconnection event may occur in the middle of a transaction. In this case, the FileBank responds to the user as if the request was received in WAN-OUT mode, namely: unless the FileBank has received an affirmative success response from the FileBank Director regarding the completion of the operation, it assumes the operation has not been successful and will switch to the WAN-OUT mode. Partial Disconnection In some cases, a single FileBank is connected to multiple FileBank Directors at different physical locations. A failure in one or several of these FileBank Directors is possible, resulting in a situation where only a part of the files accessed by the RBO are now under ‘disconnection’. As the FileBank has the notion of the origin of each file (namely: the specific FileBank Director that manages the file), the system selectively enters the WAN-OUT mode for files from FileBank Directors that are disconnected and operates normally with files from FileBank Directors that have valid connection. Reconnection When the reconnection event is identified, the system automatically switches to normal operation mode, and re-establishes the FileBank-FileBank Director connection. Users that have made changes to files and saved them locally (if this was the case) must manually copy the altered files from the local storage to the file server via FileBank. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e DNS Masquerading D NS Ma sq ue rad i ng 229 One primary objective of the <Default ¬¹ Font>Expand<Default ¬¹ Font> solution is to provide a truly dynamic global file system. To ensure that data is always accessible across the distributed organization, <Default ¬¹ Font>Expand<Default ¬¹ Font> must anticipate and overcome challenges introduced by common network issues and user usage patterns. Some key requirements of a global file system include: Common name space – the solution must be fully coherent with the existing naming convention used across different branch offices. For example, a file server named “efs” should be accessible, using this name, to branch offices with or without <Default ¬¹ Font>Expand<Default ¬¹ Font> FileBank. Direct access on failure – users in branch offices should be able to access the file server at the data center should the FileBank at their location become unavailable. Roaming user support – support of mobile users travelling between different branch offices. The system should automatically redirect users to the nearest FileBank according to the user's current location. To meet these requirements, Expand supports DNS Masquerading. Using DNS Masquerading, Expand becomes part of the DNS scheme in the organization, and uses DNS to overcome challenges associated with the above requirements. DNS Masquerading Benefits Common Name Space—To ensure that users across the organization can seamlessly access directories at the Data Center, regardless if their individual office uses FileBank, Expand supports common name space conventions with and without the device. Direct Access on Failure—One of the most important features of any network device is that of fail over and high availability. To ensure that remote office users continue to access the file server at the datacenter, even in cases of planned or unplanned downtime of the FileBank, Expand uses DNS masquerading to redirect users directly to the file server over the WAN. Roaming Users Support—Further complicating the already challenging management of distributed organizations are roaming users who travel between locations. Expand uses DNS masquerading R ev isi o n 2. 0 230 C h ap t er 7: Configuring and Managing WAFS to ensure that roaming users have access to centralized data even when they move from one office to another. Each time the user reboots or wakes the computer from hibernation, the DHCP server pushes a new DNS server list. If the office uses FileBank, the FileBank will be listed as the primary DNS as described above. DNS Masquerading Configuration To configure DNS Masquerading: 1. In the Setup screen, go to the Networking tab. 2. Select the DNS option. 3. Set the IP domain lookup table status to Enable. 4. Fill-in the relevant details in the Servers table, Domain name table and Static host table i NOTE:Configuring the NetBios domain name should be carried out via WAFS CLI. 5. In the Services screen go to the DNS Acceleration tab. 6. Set the DNS Masquerade status to Enabled. Fill-in the relevant IP Address (the FileBank IP Address) and Host Name (Fully qualified domain name) Ac ce ler at o rOS 6 .1 .2 Us er Gui d e D NS Ma sq ue rad i ng 231 7. In the Services screen go to WAFS. Click on WAFS Configuration. 8. In the WAFS Management screen select System Setup wizard. Ensure that the virtual server name includes no prefix, suffix or alias, and is identical to the file server name. At the end of the process, the WAFS details should be similar to the following: 9. Use the WAFS CLI to verify that spnego option is on. (_auth spnego on). This setting is essential in order for DNS Masquerading to function correctly. R ev isi o n 2. 0 232 C h ap t er 7: Configuring and Managing WAFS Do not use the DNS Masquerading option from the Additional Services menu. Do not change any settings on the client. There is no need to change the primary DNS server. When the FileBank reboots, the client is immediately connected to the Fileserver. When the FileBank is up, the client continues to be connected to the original Fileserver. You are advised to reboot the client after the configuration To use a local client for testing DNS masquerading: 1. Update the list of DNS servers configured on the client so that the FileBank is configured as the primary DNS server. Do not define any additional DNS servers. 2. Open the command prompt window. 3. At the command prompt, perform an nslookup. The nslookup should report the FileBank as the primary DNS server. 4. Issue an nslookup request for an existing virtual server (for example: dsefs.demo.com). The IP address of the FileBank should be returned. 5. Issue a request to any other name recognized by the central DNS server. (for example: www.cnn.com). The proper IP address should be returned. General—If you use the domain controller as the file server, consider defining a DNS alias to be used for accessing the file server at the datacenter and the virtual file server at the branch office. For example, you have a domain controller called dc1 that is also used as the file server. Add an alias to the DNS server called efs1, which points to the same IP address as dc1. On the FileBank Director add the file server efs1 (use the command cifs export efs1). Ensure that no prefix or suffix is defined on the FileBank (see above). Testing —DNS masquerading can only be tested when there is an active virtual server. DNS masquerading is automatically turned off when there are no active virtual servers to initiate switching to a secondary DNS server. Switching to and from FileBank Changing the TTL of the file server DNS record—The time is takes for the client to switch between the primary DNS and the secondary DNS servers depends on the TTL of the file server DNS record. You should set the TTL of the file server record to the minimum in order to shorten the fail-over time. The DNS client service does not revert to using the primary DNS server—The Windows 2000 Domain Name System (DNS) Ac ce ler at o rOS 6 .1 .2 Us er Gui d e D NS Ma sq ue rad i ng 233 Client service (DNSCache) follows an algorithm when it decides the order of the DNS servers configured in the TCP/IP properties. Refer to Microsoft Knowledge Base for more information http:// support.microsoft.com/default.aspx?scid=kb;EN-US;286834 CIFS session timeout—In some cases, the client will fall back from the EFS to the FileBank only after its CIFS session with the EFS terminates. The time this takes is influenced by the session timeout on the EFS, and can be configured by using the following command on the Windows file server: net config server /autodisconnect:<minutes> R ev isi o n 2. 0 234 C h ap t er 7: Configuring and Managing WAFS Monitoring WAFS Functionality This section describes the Utilities options, which are as follows: Running System Diagnostics Viewing Logs Running System Diagnostics The System Diagnostics screen lets you run a diagnostic test on the FileBank Director device to ensure that the device is working properly. The results of the test are displayed in the Results area of this screen, and describe any problems with the FileBank Director device. To start the test, click Run Diagnostics. Viewing Logs The Logs screen lets you generate activity logs of the FileBank Director for monitoring, optimization, and troubleshooting purposes. Generating a log archive may take several minutes. When finished, the log file is saved in a default system location, and a link to the log archive appears in the Log Archives section of the screen (newest on top). Ac ce ler at o rOS 6 .1 .2 Us er Gui d e M o ni t or in g WAF S Fu n ct io n al it y 235 R ev isi o n 2. 0 236 C h ap t er 7: Configuring and Managing WAFS Troubleshooting In this troubleshooting section it is assumed that: 1. A complete end-to-end Expand WAFS installation has been set up and configured 2. Devices are connected to the network (L1, L2) correctly and the right network (L3) settings have been applied Troubleshooting Tools Internal Diagnostics: An automated internal utility that provides an immediate indication of the Expand device performance and issues. This is the first tool that should be used when troubleshooting is necessary. You should run this tool at both branch and data center ends. For details, see Running System Diagnostics, on page 234 (FileBank), and Running System Diagnostics, on page 234 (FileBank Director). Logs: The internal system logs that can be viewed, archived and uploaded. For details, see Viewing Logs, on page 234 (FileBank) and on page 234 (FileBank Director). Statistics: An internal tool that provides FileBank service statistics (see DNS Masquerading, on page 234). Status: The status CLI command reports on the current system running status. General Network Utilities: Ping, traceroute, ttcp, ifconfig, route, and netstat. Networking No route/connection to the Expand devices Check that the device is operational and is connected correctly to the network (both Ethernet cable ends should be firmly in place). Verify that the green light at the cable socket of each side is on. Verify that network settings are correct, by examining the output of the ifconfig CLI command. Pay particular attention to IP address and netmask. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Tro ub le sh o o ti ng 237 Use the route CLI command to verify that routing tables are correct. Try to ping a machine in the same subnet (typically the gateway, depending on your network topology). No route/connection to the Domain Controller (authentication server) Use the domain controller's IP address to check connectivity. If this fails, refer to the previous section and correct networking/routing problems. Verify the name set for the authentication server. Use the CLI authsrv command, or the relevant Web Interface page. Try to ping the domain controller by its name. Failure to do so indicates a name resolution issue. To resolve this issue, either add the domain controller to the static hosts list (using the hosts add CLI command), or verify correct DNS settings. Ensure that you have applied valid DNS servers. Use the CLI prompt command dns, or the relevant web interface page, to assign/delete/list DNS servers. Ensure that you have added the DNS suffix required to complete the FQDN of the authentication server. Use either the CLI prompt command dns search, or the relevant web page, to apply the required suffix. If the FileBank has not been configured with DNS servers, add the authentication server name under the static hosts. Use the hosts CLI prompt command, or the relevant web interface page, and repeat a connectivity check to the authentication server. No route/connection to Fileserver(s) Ensure that you have correctly defined the server(s) that needs to be exported by FileBank Director. Verify that the file servers’ NetBIOS names are the names you have defined to be exported by FileBank Director. Try to ping the file server's NetBIOS names. Failure to do so indicates a name resolution issue. Verify correct DNS settings, including DNS search path. Alternatively, use 'hosts' static entry to add them to the list, as described in the previous section. FileBank Director cannot access the file server on port 139 FileBank Director requires active ports 139 or 445 on the fileserver. If port 139 (SMB over NetBIOS) is disabled, enable the NetBIOS port as follows: browse the R ev isi o n 2. 0 238 C h ap t er 7: Configuring and Managing WAFS fileservers TCP/IP network properties, select the Enable NetBIOS over TCP/IP checkbox and apply changes. If NetBIOS is to remain disabled on the fileserver, please consult the Expand support team [email protected] for additional configuration settings. No route/connection from FileBank to the FileBank Director Expand utilizes TCP connection to transfer the data between FileBank and FileBank Director. The UDP port is set to keep alive acknowledgements between the two. Connection ports between FileBank and FileBank Director are set by default to 80. Ensure that the connection ports between the FileBank Director and the FileBank match each other. Use the FileBank Director CLI listenport command, or the relevant web interface page, to verify/alter listen ports. Use FileBank CLI fport command, or the relevant web interface page, to verify/alter connection ports. Ensure that the designated ports (UDP and TCP) are opened on the firewall (if applicable), and that corresponding settings are applied. Check MTU (Maximum Transfer Units) consistency along the network path. This check is especially needed with DSL connections. Inconsistency may result in lack of communication. Test different values for MTU using ifconfig CLI command. Try to reduce the MTU gradually, and find the largest MTU value that works for you (ping to verify). If the problem persists, contact Expand support at [email protected] for additional information. Windows Domain Join Failed to join FileBank to the domain FileBank must be joined to the domain just like any other domain resource. When joined correctly, it appears as a resource object in the active directory. Verify that the correct domain name is set, and a route to the authentication server (DC) is assigned. Use CLI commands authsrv and domain, or the relevant web interface page, to apply settings correctly. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Tro ub le sh o o ti ng 239 The user that is entered upon joining the domain must have adequate permissions on the domain to join computer objects. Ensure that the hostname of the FileBank is a valid NetBIOS name, and does not exceed 15 characters. If necessary, redefine the hostname and rejoin the FileBank to the domain. If the problem persists, contact Expand support at: [email protected]. Service System status: "Not Running" Verify the system was started, and try to start it again using restart CLI command. Run the status CLI command, and check reported errors in command output. Run the diagnostics CLI command, and check reported errors in command output. Ensure that the Expand license is installed and valid. If the problem persists, contact Expand support at: [email protected] System is running, no virtual servers appear on FileBank Run the diagnostics CLI command on the FileBank Director to verify connectivity to the file server/s, and that FileBank Director is able to read file server shares. If FileBank Director cannot read shares, verify the existence of shares by accessing the file server directly frrm a workstation (namely, not via Expand), and define a share listing user (when necessary) using the FileBank Director cifs user CLI command. Run the diagnostics CLI command on FileBank to verify connectivity to FileBank Director. Run the gns refresh CLI command on FileBank. Verify that the defined connection ports associated with the various FileBank Directors match the FileBank Directors’ listen ports (the listen port can be explored at the FileBank Director end, by issuing the listenport CLI command or the relevant Web Interface page). Verify that no firewall is blocking the FileBank Director/FileBank connection ports. Workstations cannot connect to FileBank virtual server(s) R ev isi o n 2. 0 240 C h ap t er 7: Configuring and Managing WAFS 1)Name Resolution Issues Possible Error Messages Network name no longer exists The network path was not found Start troubleshooting by verifying virtual server name resolution. Clients connecting to FileBank virtual server/s require NetBIOS name resolution. Ensure that the client can resolve the virtual server NetBIOS name by using at least one of the following options: Broadcast on the same LAN segment WINS entry Local workstations settings (LMHOST/HOST files) DNS entry (a reverse entry is also needed) i NOTE: A DNS entry can be used when the FileBank exports only one virtual server, If the FileBank exports more than one virtual server, the Expand DNS masquerading feature can be utilized to support a DNS resolution (see also section must be in Active mode and set to version 2 for RIP Route Injection to operate. For more information, see section DNS Masquerading, on page 229. Permissions and domain trust issues Access denied Continue troubleshooting by verifying user permission to access the central server resource, and the existence of necessary domain trust when applicable. Try to connect directly to the central file server (meaning, not via Expand) by using the same domain user. Run the diagnostic command via CLI or the web interface, to validate that FileBank is joined to the domain. Verify that FileBank is joined to the correct domain. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Tro ub le sh o o ti ng 241 If the FileBank is joined to a different domain than the centralized file server, ensure that a trust exists from the central domain to the FileBank domain. Cache pre-population failure Examine the errors in the fetch log. Validate the correctness of the path given to the fetch job. From a workstation browse directly to the FileBank giving the same fetch job path. i NOTE: Fetch paths are case-sensitive. Ensure that a valid domain user is assigned to all fetch jobs. From a workstation, log in as the same user defined in the fetch job, and browse directly to FileBank. Verify that this user has read credentials by trying to read a file whose fetch has failed, according to the logs. If DFS is in use, ensure that the fetch job path is not a DFS path (namely, //<virtual server name>/<DFS root>/<path>), but instead points to the linked virtual server (namely, //<virtual server name>/<share name>/<path>). To view the FileBank virtual server names, use the CLI status command or the relevant web interface page. Replication failure The replication service requires the definition of a replication user. The replication user must have read and write permissions on the paths where files are to be replicated. The same replication user should be used for both FileBank Director and FileBank. Ensure that you set a valid domain user as the replication user. From a workstation, log in as the replication user, and browse directly to the FileBank. Verify that this user has read and write credentials by copying files to a replication folder. Validate the defined replication paths. From a workstation, browse directly to the FileBank, using the defined replication UNC path(s). If DFS is in use, ensure that the replication paths are not DFS paths (i.e. //<virtual server name>/<DFS root>/<path>), but instead point to the linked virtual server (namely, //<virtual server name>/<share name>/<path>). To view the FileBank virtual server names, use the CLI status command or the relevant web interface page. R ev isi o n 2. 0 242 C h ap t er 7: Configuring and Managing WAFS Some of the DFS shares/folders are inaccessible Find the physical server name that contains the inaccessible shares/folders. Ensure that it appears in the exported file server list (using FileBank Director cifs show CLI command or via FileBank Director web interface). Performance If the Expand network environment has not been deployed/configured correctly, users may experience the following problems: Long delays while opening and saving cached files (WAN like) Mapped network drive disconnections Network Interfaces View the NIC settings (use the CLI command ifconfig). Verify that no errors have accumulated on the interface. Errors may indicate a duplex/speed mismatch. Check the Switch/Hub port settings to which the Expand device is connected. The port settings must match the NIC settings of the Expand device. In the case of a mismatch, use the CLI command ifconfig to force settings on the NIC, such as the autonegotiation mode, speed and duplex settings. For optimum performance, ensure that the Link supports 100Mbps FD settings. Quality of Service (QoS) Branch offices that utilize QoS should prioritize the DSFS protocol between FileBank and FileBank Director. This will generally result in an immediate and marked improvement in user experience. The protocol uses by default port 4049, but for QoS you are advised to use a different, distinguishable port. You can change protocol port by using listenport/fport commands on the FileBank Director/ FileBank respectively. Ensure that you change all communicating devices at the same time. Route Investigate the route legs along the communication path from a workstation to the FileBank to the FileBank Director, terminating at the file server. Network location Ensure that there is no significant latency (latency greater than 1ms) between the FileBank Director and its associated file servers. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Tro ub le sh o o ti ng 243 Improved performance may be achieved if the file servers and the FileBank Directors reside on the same LAN segment. Ensure that there is no significant latency latency (latency greater than 1ms), or any link mismatch, between the FileBank and the workstations. Improved performance may be achieved if the workstations and the FileBank reside on the same LAN segment Bandwidth issues Use the ttcp command (for more details, refer to the Expand CLI Reference Guide) to check the available bandwidth between the FileBank and the FileBank Director. Ensure that you compare both directions (the FileBank should be the Client at the first check, the Server at the second). This check can reveal bottlenecks and bad settings along the network path. Name resolution: Failover (WAN) issues Several name resolution techniques, such as DNS masquerading and DFS, can add seamless failover capabilities to the Expand solution. For more details see section DNS Masquerading, on page 229. With DNS masquerading in place, in the case of a failure, workstations are automatically switched to resolve the virtual server name as the centralized file server name. Failover lets the user continue to work without interruption, though there may be a deterioration in user experience. Ensure that workstations resolve the correct virtual server name. You are advised to execute the nslookup command from the workstations command prompt, giving the virtual server name as a parameter. Verify that the IP returned is the same as the IP of the FileBank. Ensure that FileBank is defined as the workstation's primary DNS (use ipconfig /all at the workstation command prompt). To regain the correct name resolution of the virtual server, execute the following steps from all workstation involved in the failover: 1. From each workstation's command prompt execute the following commands (you may want to aggregate the scenario in a batch process during workstations boot): ipconfig /flushdns nbtstat –R R ev isi o n 2. 0 244 C h ap t er 7: Configuring and Managing WAFS nbtstat –RR 2. Validate that the IP of the FileBank is returned upon querying the virtual server name (use the nslookup command). 3. If the problem persists, contact Expand support at: [email protected]. Advanced Expand Services DHCP Services When FileBank acts as a branch level DHCP, FileBank’s network settings must all be static (DNS, NTP, IP, routes, DNS search path and so on). DNS lookup failed after defining a DHCP service Define a valid FQDN extension for the DHCP server. DNS Services Workstations cannot browse the Internet or network mapping when using the FileBank as a DNS proxy Verify that DNS masquerading is running (for more details see section DNS Masquerading, on page 229). Ensure that the FileBank is defined as the workstation's primary DNS (use ipconfig /all at the workstation command prompt). Use the CLI dns command (or the relevant web interface page) to verify that the primary corporate DNS server is properly set on the FileBank. DNS lookup failed for branch workstations Ensure that the FileBank is defined as the primary DNS for that client, and that a secondary DNS points to an corporate DNS. Use the CLI prompt dns command (or the relevant Web Interface page) to verify that DNS servers are set onto the FileBank. Ensure that a search path (DNS suffix) is configured for the workstations. Duplicate IP error appeared when connecting in file server Error message: System error 52 has occurred: A duplicate name exists on the network. Global Name-Space support (exported virtual servers equals file server alias name): DNS masquerading might generate this error. To resolve, see Microsoft Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Tro ub le sh o o ti ng 245 Knowledge Base 281308 http://support.microsoft.com/default.aspx?scid=kb;enus;281308. R ev isi o n 2. 0 246 C h ap t er 7: Configuring and Managing WAFS Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chapter 8: Setting Advanced Parameters Advanced setup includes complex configuration that should be attempted only by trained and certified Accelerator operators. You can set the following advanced parameters for the Accelerator: Handling WANs: Adding additional WANs, editing the default WAN, adding a WAN via the CLIHandling Interfaces: modifying speed and duplex settings via the My Interfaces menu Creating Static ARP Entries: Modifying the ARP table Defining Authentication Settings: Setting passwords for the Accelerator Dial-on-Demand: Deploying the Accelerator in environments that have routers with dial-up (dial-on-demand) interfaces. 248 C h ap t er 8: Setting Advanced Parameters Handling WANs The Accelerator arrives preconfigured with one default WAN. To define the bandwidth setting for this default WAN, select Setup - My Accelerator - Basic menu, and then click the Advanced Settings button to open the Advanced Settings screen. On large networks (for example in cases where there are two routers or one router with multiple WAN interfaces) in which the Accelerator will optimize the traffic of more than one WAN, you can add additional WANs to the Accelerator. To add a WAN to the Accelerator: 1. Click the Setup tab, followed by Networking, and then My WANs. 2. In the WANs menu, enter the name and Bandwidth Out of the new WAN. Select the Enable Bandwidth In checkbox to set a bandwidth limit on incoming traffic, then select the Bandwidth In value and click Add. The new WAN will appear below the default-WAN in the WAN table. Highlight a WAN and use the Delete button if at any point you want to delete a WAN. 3. To edit an existing WAN, highlight the WAN in the WAN Table and click the Edit WAN button. The Edit WAN popup appears, letting you modify the WAN name, and the Bandwidth In and Bandwidth Out values. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Ha nd l in g WAN s i 249 NOTE: The total WAN bandwidth will always be enforced. It is the sum of all WANs configured for the Accelerator R ev isi o n 2. 0 250 C h ap t er 8: Setting Advanced Parameters Handling Interfaces The Accelerator automatically detects the MAC address and Speed and Duplex settings for each of its interfaces. You can perform all required speed and duplex setting modifications via the My Interfaces menu. The interface name corresponds to the name printed on the back panel of the Accelerator and cannot be modified. The MAC address is permanent and cannot be modified. The Speed and Duplex settings let you define the link as either 10 or 100 Mbits (or 1000 Mbits for the Accelerator 6800 series) and as either Half or Full duplex. The Auto setting automatically configures the Accelerator to the detected link speed and duplex setting (this is the default setting). i i NOTE: Setting wrong interface speed and duplex values for the Accelerator may result in many errors on the line towards the router, and even loss of connectivity. If you are uncertain as to the speed and duplex setting required, you can use the Auto setting; however, you are advised to manually set the speed and duplex. NOTE: When the Accelerator is installed in an On-Path deployment, ensure that both interface 0/0 and 0/1 have the same link speed and duplex settings. If the Accelerator operates in bypass mode for any reason, this will enable the two devices adjacent to the Accelerator to interact. In additon, if you are using an Accelerator that has multi-port support, each port will be listed as shown here in the table: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e H an d lin g I nt e r fa ce s 251 To modify interface speed and duplex setting: 1. Click the Setup tab, followed by Advanced, and then My Interfaces. 2. In the Interfaces Table, click on the name of the Interface to be modified, use the Speed & Duplex drop-down menu to select the proper speed and duplex setting and click Submit. Working with VLAN The Accelerator supports protocol 802.1q VLAN. VLAN is a virtual layer on top of the Ethernet that enables the Ethernet to be divided into smaller virtual groups. You can add up to 255 VLAN groups to the Accelerator. You can set Each VLAN group, identifiable by a number, on any basis (precise location, department, primary application, type of user, and so on). The Accelerator can incorporate itself into a VLAN network as follows: you can assign the Accelerator a VLAN ID, enabling it to be considered as part of a VLAN group. If VLANs are defined on the Accelerator, all VLAN traffic passes as bridged traffic. Defining a VLAN as Native means that the Accelerator uses the IP address from its local interface as the IP address for a particular VLAN. The Accelerator will handle packets arriving tagged from the Native VLAN, but will forward them without the tag (this is especially useful in setups in which the router does not support VLAN). Setting the Accelerator to work in with Native tagged will enable the Accelerator to set one VLAN as Native with the IP address from its local interface, but will forward packets received from the native VLAN with the tag. If traffic is already handled (for example if VoIP is set on a separate network and receives priority), the traffic that is not to be handled by the Accelerator should not be set as a VLAN and it should not be advertised anywhere in the Accelerator network - the traffic should be bridged through the Accelerator. R ev isi o n 2. 0 252 C h ap t er 8: Setting Advanced Parameters The following figure depicts working with VLAN in an On-LAN configuration. In the setup depicted, VLAN 1, 2 and 3 are defined in the Accelerator. VLAN 1 is defined as native, meaning that it takes its IP address from the Accelerator’s Local interface. A second 802.1q trunk is created from the Layer-2 switch to the Accelerator enabling VLAN support in an On-LAN environment. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e H an d lin g I nt e r fa ce s 253 The following figure depicts working with VLAN in an On-Path configuration: The Accelerator is connected directly to a Layer-2 switch via a VLAN (802.1q) trunk. VLAN 1, 2 and 3 are defined in the Accelerator and VLAN 1 is defined as Native. To include the Accelerator in a VLAN group: 1. Click the Setup tab, followed by Advanced, and then VLAN Interfaces. 2. 3. In the VLAN Interfaces menu, enter the necessary VLAN ID number (1 to 4094). The Accelerator must have an extra IP address and Subnet Mask for each VLAN group it joins. To enter an IP address and subnet mask to be used within the VLAN group, select the IP address radio button and enter the IP address and subnet mask into the supplied fields. R ev isi o n 2. 0 254 i C h ap t er 8: Setting Advanced Parameters To use the Accelerator’s original IP address and subnet mask as its address within the VLAN group, select the Native IP setting radio button. When Native is selected, it is possible to select the Tagged checkbox to include the VLAN tag in the packets sent from the Native VLAN. 4. Click the Add button. All VLAN interfaces added will appear in the VLAN Interfaces table, at the bottom of the screen. NOTE: It is unusual for the Native VLAN to be tagged. Please check if indeed it is. Otherwise the IP address in the Local Interface will act in the Native VLAN Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Cre at i n g Stat i c A RP E n t r i e s Creating Static ARP Entries 255 If you want to make a replacement within the ARP table, you can add a static ARP entry, by mapping a specific IP address to a specific MAC address. To map a static ARP entry: 1. Click the Setup tab, followed by Networking, and then ARP. 2. In the ARP menu, add the IP address and MAC address to be mapped. 3. If this change is to be permanent, select the Permanent checkbox. Otherwise, this entry will remain until the next Accelerator reboot, or until it is deleted from the ARP table. 4. Click the Add Static Entry button. The entry appears in the ARP table. If you want to delete the entry, click the Delete button. To delete the entire ARP table, including all its entries, click the Clear All button. R ev isi o n 2. 0 256 C h ap t er 8: Setting Advanced Parameters Defining Authentication Settings The Accelerator lets you modify the password necessary for logging in. To modify the password: 1. Click on Setup, followed by Security, and then Users. 2. In the Users table, double-click the name of the user whose password you want to modify. Alternatively, highlight the line of this user and click the Edit button. The Edit User Details dialog box appears: 3. Enter the local password and re-enter it for confirmation. 4. Click the Submit button. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Configuring DNS Co n fi g ur in g DN S 257 The Domain Name Server (DNS) Configuration screen lets you manage Domain Name Servers and define domain name, domain name search path and static hosts. To set a domain name: 1. Click the Setup tab, followed by Networking, and then DNS. 2. Enter the domain name in the Domain Name field. 3. Make sure that there is at least one entry in either the servers table or static host table (see below if you need to add entries). 4. Select whether to enable or disable IP Domain Lookup. 5. Click Apply. The domain now appears in the Domain Name Table. To add a new server: 1. In the Servers table, click Add. 2. In the Add New Server dialog box that opens now, enter the new server’s IP address. 3. By default, the order is sequential and the newest entry is last. If you want to 4. change this order, select the new position in the Order drop down box. The order may also be changed by using the arrows on the side of the table. 5. Click Submit. The newly added server now appears in the Servers Table. To delete an existing server: 1. In the Servers table, highlight the line that contains the server address, in order to select it. 2. Click Delete. You are now prompted to confirm the deletion. 3. Click OK. The server is now removed from the Servers Table. To add a domain name: 1. In the Domain Name table, click Add. 2. In the Add Domain dialog box that opens now, enter the new Domain Name. 3. By default, the order is sequential and the newest entry is last. If you want to 4. change this order, select the new position in the Order drop down box. The order may also be changed by using the arrows on the side of the table. 5. Click Submit. The newly added server now appears in the Domain Name Table. R ev isi o n 2. 0 258 C h ap t er 8: Setting Advanced Parameters To delete an existing domain name: 1. In the Domain Name table, highlight the line that contains the domain name, in order to select it. 2. Click Delete. You are now prompted to confirm the deletion. 3. Click OK. The server is now removed from the Domain Name Table. To add a static host: 1. In the Static Host table, click Add. 2. 3. 4. 5. 6. In the Add Static Host dialog box that opens now, enter the new Host Name. Enter a valid IP address. Click Submit. The newly added server now appears in the Servers Table. To delete an existing static host: In the Static Host table, highlight the line that contains the Static Host name, in order to select it. 7. Click Delete. You are now prompted to confirm the deletion. 8. Click OK. The server is now removed from the Static Host Table. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Managing Links M an ag in g L i nk s 259 A Link is a logical connection between the Accelerator and each connected remote site and its subnets. The Accelerator optimizes network performance over Managed Links as well as Virtual Links. The Accelerator’s benefits are greatest when working opposite another Accelerator, in a “Managed Link” environment. The Accelerator can provide QoS services even to virtual links, when there are no Accelerators present on the remote sites. In addition to Managed and Virtual links, the Accelerator enables configuration of a single “Non-link”. The Non-link is the default link for all traffic not assigned to any known subnet or remote Accelerator (for example: Internet traffic), which can be managed like any other link, allowing you to determine traffic QoS and bandwidth restrictions for all traffic not destined for your remote networks and Accelerators. Clicking the Advanced button from the My Links menu, or highlighting a link in the table and clicking the Edit button, enables complex link configuration. To set advanced link properties: 1. Click the Setup tab, and then My Links. 2. Enter basic link properties (for more information see section Performing Setup via the Wizard, on page 21). 3. Click the Advanced button. 4. In the Link Details Menu, update any additional parameters as necessary. R ev isi o n 2. 0 260 C h ap t er 8: Setting Advanced Parameters Parameter Item Description Link Name Set a name for the link, which will let you identify it in the future (this is especially important for large deployments). Destination IP Set the IP address of the remote device. Bandwidth Set the Outbound and Inbound bandwidth to be dedicated to the link by selecting a value from the first drop-down menu or by selecting Other and then entering a value into the second field, and selecting the relevant units (bps, Kbps, Mbps, Gbps). The link does not exceed this bandwidth. Setting the Inbound bandwidth will automatically enable QoS capabilities on Inbound traffic for this link. MTU Sets the MTU of the link - which should match the router. Only in specific setups should it be lower, for example if a GRE tunnel is configured. WAN Select the WAN over which this link will run. By default, the Default WAN is selected. If other WANs have been added to the Accelerator, use the drop-down menu to select them as necessary. Large Cache Select the Large-Cache checkbox if you would like to work with a cache that can be larger than 16 MB (up to 256 MB). This setting takes into account any information regarding deployment size set in the Topology setting. This setting needs to be symmetrical only on initial setup. Once a link is created, using this command updates only the unit being configured. Fragmenation Enables packets to be fragmented on this link. If packets arrive larger than the set size (68 to 6000), the QoS mechanism breaks them up. This setting, useful for handling latency on low bandwidth links, applies only to traffic set with a CoS value of low, medium and high priority. You do not have to configure fragmentation symmetrically on both ends. Fragmentation is accomplished on outgoing packets before the packets are compressed Note that Packet Fragmentation does not work in RTM mode. Aggregation Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Enables aggregating small packets on this link. If packets arrive smaller than the set size (68 to 6000), the QoS mechanism aggregates them and sends them together across the link. This applies only to traffic set with a CoS value of low, medium and high priority. You do not have to configure aggregation symmetrically on both ends. Aggregation is accomplished on outgoing packets before the packets are compressed. Aggregation is applied only on congested links, to avoid adding unnecessary latency on non-problematic links. M an ag in g L i nk s Parameter Item Description Accelerate By default, all links are set to be accelerated. If the traffic on the link does not benefit from acceleration (for example if there is no Accelerator at the remote and only QoS is required) or should not be accelerated, deselect the Acceleration checkbox. Header Compression The packet header is compressed by default. Deselect this checkbox to decompress the header. Encapsulation EncapsulationSelect either IPComp or Transparent Encapsulation, as follows: IPComp encapsulation enables the best compression rate. IPComp encapsulation (tunnelled encapsulation) sets the packets intercepted by the Accelerator to be completely compressed. This means that the IP header, the TCP/UDP (or any other IP protocol) header and the payload are compressed and the packet traversing the network will have an Accelerator Proprietary IPComp header. Transparent (Router Transparency) encapsulation is appropriate in an environment where header preservation is necessary, including original QoS packet settings, NetFlow, Billing, encryption and certain firewall environments. In Router Transparency encapsulation, only the packets’ payload is compressed, leaving the original IP header and the original TCP/UDP header in their original forms so that their information is available across the network. Router Transparency encapsulation is available in On-Path deployments only. Encapsulation need not be symmetrical - the Accelerator can support different encapsulation in each direction. This allows flexibility when an Accelerator is deployed On-LAN. ToS You can either preserve the original ToS setting of the packets or set a new ToS value for this application. To preserve the original ToS value, select the Preserve button. To set a new ToS value for this traffic, select the Set button and select ToS value, Code Point or CoS ToS from the dropdown menu 261 Note that Setting this value is not required if Transparent Mode is selected TTL Preservation Preserves the original TTL. This option is disabled by default. SRC Preservation Preserves the source IP address of the original IP header. This is useful for Policy Routing, and also enables distinguishing between sessions. This option is disabled by default. Force Tunneling Enables forcing all traffic into the Accelerator encapsulated tunnel. Note that In AcceleratorOS Version 5.0 and above, tunnel-force has no real effect and is supported for backward-compatibility reasons only. R ev isi o n 2. 0 262 C h ap t er 8: Setting Advanced Parameters Parameter Item Description Include Checksum This is an additional checksum for the Acceleration algorithm - over and above regular frame checksums. TCP Acceleration Check the Use Global TCP Acceleration box to use the globally set TCP acceleration values. If you want to set values specific for this link, deselect this box and set the required values in the Typical RTT and Typical Acceleration Rate fields. Save to template link You can create a template that will be used to set default settings for all links to be created. These settings will be displayed in the Advanced links menu for all future created links. To update all fields to be considered in the template to the necessary values, click the Save to Template Link button. The templates set on one Accelerator are not sent to far-end Accelerators. The Status/Compression column in the Links Table reveals the status of each link. The mouse-over callout provides further detail as to the status as follows: Status Description Load Error Internal error occurred during definition of the link in the system Not Managed A Virtual link (no far-end Accelerator) Inactive Remote Accelerator is not available Trying to Connect Link id establishing a connection Negotiating Link parameters (cache size, and so on) are being negotiated Accelerating Link is active and acceleration is on Active Link is active and the link is tunnelling but not accelerating traffic Dropped Communication has been lost Setting Remote Subnets for the Links You can add remote subnets to each link created. For details, see section Configuring Remote Subnets Manually, on page 56. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e M an ag in g L i nk s 263 Editing Existing Links You can use the Edit Links screen to fine-tune and modify already existing links. This screen lets you set basic link parameters, acceleration, tunneling and TCP Acceleration parameters for the link. To edit an existing link: 1. In the My Links menu, click the link’s name in the Links Table section. 2. In the Edit Link screen that opens now, use the Parameters section to edit parameters such as Link Name, Destination IP, Bandwidth Out and MTU (Maximum Transfer Unit). 3. Use the Acceleration section to define whether to accelerate the link and to use header compression. 4. Use the Tunneling section to define parameters such as the encapsulation type (IPComp or Transparent), Source preservation and checksum enabling. 5. In the TCP Acceleration settings section, select whether to use the global TCP acceleration settings or to customize these settings by defining the typical roundtrip time (RTT) and the typical acceleration rate. 6. In the Post Acceleration Aggregation section, select whether to enable Citrix (post acceleration) aggregation on your links. Citrix Aggregation operates per link. Each link can have Citrix Aggregation enabled or disabled independently of other links. R ev isi o n 2. 0 264 C h ap t er 8: Setting Advanced Parameters Dial-on-Demand You can deploy the Accelerator in environments that have routers with dial-up (dialon-demand) interfaces. These interfaces initiate a call (dial to) the remote end (typically over ISDN or Satellite links) when “interesting” traffic is being sent. After a specific quiet period, the link goes down again until new “interesting” traffic is sent. Link establishment of the dial-up interfaces and connectivity time can be fairly expensive. Therefore you may sometimes want to keep the link down until new “interesting” traffic is forwarded via the link. The Accelerator poses a problem in these environments as it uses a keep-alive mechanism to check the health of the link between the remote sites. By default, the keep alive messages are considered “interesting” and will keep the dial-up link alive (and costly). The dial-on-demand solution enables the Accelerator to support dial-on-demand environments by not sending keepalive messages. i i i NOTE: Both peers must configure the link in dialup mode with the same timeout. NOTE: The ExpandView agent must be disabled NOTE: Connecting to a link by using its HSRP address will not work. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chapter 9: Configuring Management Options You can configure the Accelerator via CLI via Telnet, SSH, or direct Console connection. Alternatively, you can configure the Accelerator via WebUI, accessed by using HTTP or HTTPS. Logging can be sent to SNMP or SyslogD servers and can be sent via email. i NOTE: By default, all options mentioned above are enabled (Telnet, SSH, direct console, HTTP and HTTPS). To disable a specific service, see section Configuring AAA via the WebUI, on page 290. This chapter contains information on the following: Studying the ExpandView System, on page 266. Using SNMP, on page 270. Logging into the Accelerator, on page 424. Using SNMP, on page 270. Receiving Log Error Messages, on page 271. 266 C h ap t er 9: Configuring Management Options Studying the ExpandView System Expand Networks' ExpandView is a centralized monitoring and management system for Expand Accelerators. ExpandView gives you total visibility, via a Dynamic Network Map, into global WAN operations, thereby letting you implement global changes in minutes. Detailed graphs and reports, easy-to-use QoS templates and tight integration with Expand's award-winning Accelerators make ExpandView the ideal Centralized monitoring and management system for ensuring optimal application performance over the WAN. Using Dynamic Network Map ExpandView is the industry's first to offer a dynamic map that provides a real-time view of the wide area network (WAN), with the ability to monitor and manage Expand's WAN optimization devices via simple click and drag operations. Ideal for NOC (Network Operations Center) operations, the ExpandView map provides an immediate visual representation of the enterprise's global WAN status, performance and alerts. The ExpandView map lets IT managers add Accelerators on-demand, create or remove links between devices, and boost the performance of any application or remote location - Directly from the map! Ac ce ler at o rOS 6 .1 .2 Us er Gui d e St u dy in g t h e E xpa nd Vie w Sy st em 267 Simplifying WAN Optimization ExpandView takes the complexity out of deploying WAN optimization. Once new Accelerators are powered up, ExpandView automatically updates them with all preconfigured parameters and starts collecting statistics. Generating Advanced Alerts for World-Class NOCs ExpandView generates alerts on application performance thresholds for remote Accelerators, thus enabling proactive performance management. Acceleration percentage, CPU utilization and a multitude of other parameters can be used to predict WAN performance incidents, before they happen, giving IT managers the tool to correct them. Generating Proactive Reports for Network Provisioning ExpandView lets you generate trend reports, which detail anticipated future utilization of WAN links based on previous usage and performance of the links. Such reports are useful in helping IT provision networks to accommodate business growth and expansion. R ev isi o n 2. 0 268 C h ap t er 9: Configuring Management Options Defining Scalable QoS Centralized insight into network traffic and application performance enables informed and controlled use of available bandwidth. ExpandView enables group configuration of QoS and policy prioritizing. You can publish new policies to multiple devices in a single step, and enforce QoS policy consistency by creating QoS templates. Updating ExpandView Server’s IP Address To work with ExpandView, each Accelerator must be updated with the IP address of the ExpandView server. The following AcceleratorOS CLI commands enable interaction with ExpandView by setting the ExpandView server IP address and port number: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Us in g O u t -o f -B an d M an ag em e nt Using Out-of-Band Management 269 You can manage the Accelerator remotely from a management station on a LAN external to the accelerated network. When Out-of-band management is used, Ethernet 0 cannot participate in VLAN or HSRP/VRRP, should not be part of OSPF or RIP router polling support, and should not use WCCP or RIP route injection. To use Out-of-band management: 1. Connect the Accelerator’s Ethernet 0 to the remote network. 2. Set Ethernet 0 to be removed from the Accelerator’s bridging capabilities 3. Add a separate IP address for this interface. R ev isi o n 2. 0 270 C h ap t er 9: Configuring Management Options Using SNMP The Accelerator supports SNMP versions 1, 2c and 3, functioning as an SNMP agent for monitoring performance statistics from a Network Management System (NMS). In addition, the Accelerator can send SNMP traps to the NMS and other network devices. To work with the Accelerator’s SNMP management, you have to update the network’s SNMP settings in the Accelerator. Define the following SNMP Communities and enable traps (if requested). To access configuration options: 1. Click on Setup, followed by Advanced, and then SNMP. 2. Select the Enable SNMP checkbox. 3. The default Read Community is public. 4. If you want the Accelerator to receive SNMP traps, select the Enable Traps checkbox, and enter the Community Name and Manager IP. 5. Enter the SNMP Version 3 password and then enter a new password. 6. Click the Submit button in the bottom right hand corner. i SNMP Version 3 user name is expand_user. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e R ece iv in g L og E r r o r M es sa ge s Receiving Log Error Messages 271 The Accelerator can send status updates about the Accelerator to a SYSLOG server, to an email address, or to both. The following sections detail how status updates are sent: Sending Updates to a Syslog Server, on page 271 Sending Updates via Email, on page 272 Sending Updates to a Syslog Server Syslog is a method of collecting messages from devices to a server running a syslog daemon. Logging to a central syslog server helps in aggregation of logs and alerts. Accelerator devices can send their log messages to a SYSLOG service. A SYSLOG service simply accepts messages, and stores them in files or prints them according to a simple configuration file. This form of logging can provide protected long-term storage for logs. This is useful both in routine troubleshooting and in incident handling. Set the Syslog parameters to define the syslog server’s IP address and the severity level of events by which error notifications are to be sent. To set syslog parameters: 1. Click on Setup, followed by Advanced, and then Logging. 2. Enter the following parameters as necessary. R ev isi o n 2. 0 272 C h ap t er 9: Configuring Management Options Paremeter Item Description Facility The Facility setting sets the Syslog level (0-23), as follows: KERNEL 0—kernel messages USER 1—random user-level messages MAIL 2—Mail system DAEMON 3—system daemons AUTH 4—security/authorization messages SYSLOG 5—messages generated internally by syslogd LPR 6—line printer subsystem NEWS 7 —network news subsystem UUCP 8—UUCP subsystem CRON 9 —clock daemonother codes through 15 reserved for system use LOCAL0 16—reserved for local use LOCAL1 17 —reserved for local use LOCAL2 18—reserved for local use LOCAL6 19—reserved for local use LOCAL7 20 —reserved for local use LOCAL8 21—reserved for local use LOCAL9 22—reserved for local use LOCAL10 23—reserved for local use Server IP Address Enter the IP address of the Syslog server. Severity Maximum Select the maximum severity that you want to be notified about by email, the default is fatal Severity Minimum Select the minimum severity that you want to be notified about by email, the default is information Sending Updates via Email The Accelerator allows log error messages to be sent via email to notify you of Accelerator status changes. To set the email logging feature: 1. Click on Setup, followed by Advanced, and then Logging. 2. To enable email notification to be sent, ensure that the enabled checkbox in the Mail section is selected. 3. Enter the following parameters as necessary: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e R ece iv in g L og E r r o r M es sa ge s Parameter Item Description From Enter the string you want to appear in the From field of the email Recipient In the email field, enter the email address to which the email should be sent and click the Add button. To delete a previously added email, highlight the address to be deleted in the Email table and click the Delete button. Subject Enter the subject that you want to appear in the subject field of the email Server IP Address Enter the IP address of the email server Server port Enter the port number that the email server uses. The default is 25 Severity Maximum Select the maximum severity about which you want to be notified by email; the default is fatal. Severity Minimum Select the minimum severity about which you want to be notified by email; the default is information 273 R ev isi o n 2. 0 274 C h ap t er 9: Configuring Management Options Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chapter 10: Resilancy and Redundancy This chapter explains how to get added resilancy and redundancy with the use of one or more Accelerators. The features documented in this chapter are hardware specific and the Accelerator you purchased may or may not feature all of these benefits. Where noted the feature is model specific. If you want to change your Accelerator model to be able to use these features, contact your account representitve. The topics in this chapter include: RAID, on page 276 Router Redundancy Protocols, on page 278 276 C h ap t er 10: Resilancy and Redundancy RAID RAID (redundant array of independent disks) is a way of storing the same data in different places (thus, redundantly) on multiple hard disks. By placing data on multiple disks, I/O (input/output) operations can overlap in a balanced way, improving performance. Since multiple disks increases the mean time between failures (MTBF), storing data redundantly also increases fault tolerance. A RAID appears to the operating system to be a single logical hard disk. RAID employs the technique of disk striping, which involves partitioning each drive's storage space into units ranging from a sector (512 bytes) up to several megabytes. The stripes of all the disks are interleaved and addressed in order. In a single-user system where large records, such as medical or other scientific images, are stored, the stripes are typically set up to be small (perhaps 512 bytes) so that a single record spans all disks and can be accessed quickly by reading all disks at the same time. In a multi-user system, better performance requires establishing a stripe wide enough to hold the typical or maximum size record. This allows overlapped disk I/O across drives. RAID Support in Accelerators' Hard Drives There are at least nine types of RAID plus a non-redundant array (RAID-0). Accelerator models 79xx feature RAID-5 support with hot-swappable disk drives. RAID-5 Striped set with distributed parity - Distributed parity requires all drives but one to be present to operate; drive failure requires replacement, but the array is not destroyed by a single drive failure. Upon drive failure, any subsequent reads can be calculated from the distributed parity such that the drive failure is masked from the end user. The array will have data loss in the event of a second drive failure and is vulnerable until the data that was on the failed drive is rebuilt onto a replacement drive. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e R AI D 277 Using the CLI, you can view the list of disk drives, the disk status, and remove faulty disks. R ev isi o n 2. 0 278 C h ap t er 10: Resilancy and Redundancy Router Redundancy Protocols Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) are router redundancy protocols that provide network resilience for IP networks, ensuring that user traffic immediately and transparently recovers from first-hop failures in network edge devices or access circuits. In HSRP and VRRP, multiple network devices can act in concert to present the illusion of a single virtual router to the hosts on the LAN, by sharing an IP address (known as a Virtual IP Address or VIP) and a MAC address. HSRP is a Router Protocol developed by Cisco (RFC 2281), while VRRP is the IETF standard for redundancy protocols (RFC 2338). The main differences between the two are that HSRP requires you to dedicate an extra IP address as a virtual IP address for the group, while VRRP takes up less network overhead by letting you use the IP address of one of the devices already in the group, or set a dedicated VIP. In HSRP the devices are all configured with a priority status within the group. In general, the device with the highest priority is naturally the Active device; the device with the next-highest priority is the Standby device that takes over in the event of Active device failure or unavailability. Dominant devices in the virtual HSRP group continually exchange status messages, enabling one device to assume the routing responsibility of another, should it stop operating for either planned or unplanned reasons. If the Active device fails, the Standby device assumes the packet-forwarding duties of the Active device. If the Standby device fails or becomes the Active device, another device is selected as the Standby device. VRRP works in much the same way. In general, the Master device is configured to have the highest priority and is active in the group. It acquires the Virtual IP address of the group, but does not have management functionality of the Virtual IP, only the transfer capabilities. The Backup devices perform the standby function. The VRRP can include many backup devices, and this protocol does not support knowing, at any given time, which backup device takes over in the event of failure. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e R o ut e r R ed u nd a nc y Pro to c ol s 279 Hosts continue to forward IP packets to a consistent IP and MAC address, and the changeover of devices is transparent. The recovery time of the VRRP is about three times faster than HSRP (the HSRP default is 10 seconds instead of 3 seconds in VRRP). Accelerators can take part in HSRP and VRRP and work in tandem with the routers that provide backup for the network. The following figures display an Accelerator application working with routers in a virtual HSRP and VRRP group. The Accelerator and routers are configured with the MAC address and the IP network address of the virtual HSRP/VRRP group. The Accelerator is configured to have the highest priority and work as the Active/ Master device. It is configured with the IP address and MAC address of the virtual router and forwards any packets addressed to the virtual router. In HSRP, one of the routers acts as the Standby router, so that if, due to severe power failure or any other unlikely event, the Accelerator stops transferring packets, the router protocol gets into effect and the router assumes the duties of the Accelerator and becomes the Active device. In VRRP, both routers are configured as backup routers. Therefore, if due to severe power failure or any other unlikely event the Accelerator stops transferring packets, one of the backup routers assumes the duties of the Accelerator. HSRP The AcceleratorOS lets you set up HSRP groups, either manually or by automatic detection. The following sections describe the options for configuring HSRP groups. Enabling HSRP Automatic Detection, on page 280 Setting Manual HSRP Configuration, on page 280 R ev isi o n 2. 0 280 C h ap t er 10: Resilancy and Redundancy Autodetecting HSRP Groups, on page 498 Setting HSRP Group Number, on page 498 Enabling HSRP Automatic Detection The Accelerator can auto-detect HSRP groups on its networks and add them to its Group Table. When the groups are added, by default the Accelerator does not join the groups. i NOTE: If you have a network with multiple Accelerators, you must enable the same HSRP services on every appliance. To automatically detect all HSRP groups: 1. Click the Setup tab, followed by Networking, and then HSRP. 2. In the HSRP screen, select the Auto Detect checkbox. The HSRP table automatically fills up with the details of the HSRP groups detected on the network. 3. While the Accelerator adds these groups, by default its status in the groups is Not Joined. 4. To Join the HSRP group or to modify other HSRP parameters, highlight the HSRP group in the table and click the Edit button. Setting Manual HSRP Configuration If the Automatic detection does not find an HSRP group, or if you want to manually add or edit an HSRP group, you can modify the parameters as follows. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e R o ut e r R ed u nd a nc y Pro to c ol s 281 To manually modify the HSRP configuration: 1. Click the Setup tab, followed by Networking, and then HSRP. 2. In the HSRP menu, enter the Group ID number (0 - 255), the Virtual IP address, the Priority (0 - 255), the Virtual MAC address and the status of the Accelerator in the group (whether the Joined option is Disabled or Enabled). 3. Click Add. The HSRP group immediately appears in the HSRP table. 4. To modify the information, highlight the row in the HSRP table and click the Edit button to modify the following parameters: i NOTE: If you have a network with multiple Accelerators, you must enable the same HSRP services on every appliance. Parameter Item Description Group ID You must enter a group number, even if the target group is group 0 Virtual IP Address All devices in the HSRP group must have the same Virtual IP address. Adding a virtual IP address of 0.0.0.0 puts the group into Learn mode, in which the selected group tries to learn the IP address from the network. Priority Setting the Accelerator’s priority lets you select its status in the HSRP group. If two devices in the HSRP group have the same priority, the Active router is set according to IP address. Expand does not recommend this setup. Virtual MAC Address All devices in the HSRP group must have the same Virtual MAC address. Joined Enable or Disable the Accelerator’s status in the group. Joining the group enables the Accelerator to function as any other router in the HSRP group. Authentication If Authentication is enabled in the HSRP group, the Authentication command lets you set the authentication password to communicate with the routers in the group. The default setting for the authentication command is cisco. If you change the default authentication setting, verify that all other devices in the HSRP group have the same authentication setting. R ev isi o n 2. 0 282 C h ap t er 10: Resilancy and Redundancy Parameter Item (Continued) Description Force Priority Gives the Accelerator the highest priority in the HSRP group at all times. When this setting is enabled, Preempt is also enabled automatically. Force Priority is done per group and enables the Accelerator to hold the highest priority of the selected group. Once the Accelerator is set to have the highest priority, it becomes the active router in the HSRP group. Preempt Used for determining how to react when a higher priority router joins the group. When enabled, the higher priority router prevails; when disabled, the higher priority router assumes the Standby mode until the current Active router experiences a failure. Setting the Accelerator to enable preempt is useful when you want the Accelerator to remain active as much as possible. On the other hand, the change-over between one device and another can take two to three seconds, during which the network has no default gateway, so you have to use preempt carefully. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e R o ut e r R ed u nd a nc y Pro to c ol s Parameter Item (Continued) Description Hello and hold timers Set the packet rate between the devices in the HSRP group. Hello time is the interval between Hello messages (an exchange of HSRP priority and state information) and the Hold Time is the interval between a receipt of a Hello message and the presumption that the sending router/Accelerator has failed. You are advised not to change the default timer setting: 3 seconds Hello Time and 10 seconds Hold Time. These definitions comply with the recommended settings of having the Hold Time length more than three times the length of the Hello Time. Decreasing timer-default rates shortens the time that the network has without a default gateway during Active router changeover, but increases the protocol bandwidth overhead and conversely. If the Accelerator is not currently the Active device in the HSRP group, Timer settings are derived from the Active device and any timer configurations that you set in the Accelerator are not saved. All members of the HSRP group must have the same Hello Time and Hold Time. If you change the default parameters, ensure that you update all members of the HSRP group with the new parameters. HSRP over VLAN If the Accelerator is part of a VLAN group, operating with HSRP requires updating the VLAN group number (0 to 4095). 283 VRRP Unlike HSRP, you cannot configure VRRP automatically and must add it manually. R ev isi o n 2. 0 284 C h ap t er 10: Resilancy and Redundancy To manually modify the VRRP configuration: 1. Click the Setup tab, followed by Networking, and then VRRP. 2. In the VRRP menu, enter the Group ID number (0-255), the Virtual IP address, the Priority (1-254), the preempt status and the timer setting. 3. Click Add. The VRRP group immediately appears in the VRRP table. 4. To modify the information, highlight the row in the VRRP table and click the Edit button to change the following parameters: Parameter Item Description Group ID You must enter a group number, even if the target group is group 0. Accelerator VRRP does not have a default group number. Virtual IP All devices in the VRRP group must have the same Virtual IP address. Priority Setting the Accelerator’s priority lets you select its status in the VRRP group. If two devices in the VRRP group have the same priority, the Active router is set according to IP address. Expand does not recommend this setup. Once the Accelerator is set to have the highest priority, it becomes the active router in the VRRP group. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e R o ut e r R ed u nd a nc y Pro to c ol s Parameter Item (Continued) Description Preempt Preempt is used for determining how to react when a higher priority router joins the group. When enabled, the higher priority router will prevail, when disabled, the higher priority router will assume the Standby mode until the current Active router experiences a failure. Setting the Accelerator to enable preempt is useful when you want the Accelerator to remain active as much as possible. On the other hand, the change-over between one device and another can take two to three seconds, during which the network has no default gateway, so you have to use preempt carefully. Timer Sets the interval between the Hello messages sent between VRRP group members. All devices in the VRRP group must have the same Timer setting. If for some reason you have to modify this setting, you should modify it for all devices in the group. The default setting is 1. 285 R ev isi o n 2. 0 286 C h ap t er 10: Resilancy and Redundancy Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chapter 11: Security This chapter describes the various methods for ensuring security within the Accelerator. This chapter includes the following sections: Studying the AcceleratorOS AAA, on page 288 Configuring AAA via the WebUI, on page 290 Auditing Administration Activities, on page 294 Locking/unlocking the Keypad, on page 295 288 C h ap t er 11: Security Studying the AcceleratorOS AAA The Accelerator lets you manage access by means of Authentication, Authorization, and Accounting (sometimes called Auditing), also known as AAA. The Accelerator, normally installed in enterprises, government and military organizations, requires strict security for the networks with which it interacts. Therefore, the Accelerator’s AAA enables the system to be secured. Authentication—Validates users' identity in advance of granting login. The Accelerator’s authentication lets you define the users and set the location in which passwords are stored. Each user must be defined locally in the Accelerator as well as in remote AAA servers. Authorization—Lets users access networks and commands. The Accelerator’s authorization lets you define the users and their roles. Accounting—Tracks usage patterns of individual users, service, host, time of day, day of week, and so on. The Accelerator’s accounting lets you receive logs detailing who signed in, when, and whether their attempt to access the Accelerator succeeded or failed. To view the log of these events, use the logging > show events command. These events can be sent via email or sent to a Syslog server. The Accelerator’s AAA functionality includes the Accelerator’s ability to use remotely accessed user-repositories for authenticating users. This functionality enables controlling different levels of users in the system with different authorities and lists the auditing functions performed for various operations. You can configure the Accelerator to make use of a security server via either the TACACS+ or RADIUS security protocols, or both. Authentication is the part of the system that lets users define how they authenticate to the system, allowing the authentication to be based on external authentication servers. On the authentication side, the new functionality will include per-user settings to control access to the Accelerator as well as passwords quality verification functionality and password aging (to be implemented at a later stage). The Accelerator’s AAA supports multiple users per Accelerator, allowing end-users to define additional accounts besides the default expand user. AAA includes control over provided management services, and allows limiting access to certain management options available on the Accelerator, as well as control access to the services from a defined set of sources (subnets for ACL). Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Stu d yi n g th e A cce le rat o rOS A A A 289 Setting different user roles, allowing different access levels to the system is supported with pre-defined roles available in the system. Definition of new roles is user-configurable. AAA includes auditing of all major operations performed on the Accelerator into log entries saved in the system log files and routable to email message, syslog server and SNMP trap. R ev isi o n 2. 0 290 C h ap t er 11: Security Configuring AAA via the WebUI Configuration of AAA parameters is accomplished via the WebUI, in several steps: Configuring Users, on page 290 Setting Authentication Preferences, on page 291 Defining the Security Settings, on page 293 Configuring Users To add a new Accelerator user: 1. Click on Setup followed by Security. 2. In the Users menu, enter a name for the user in the User Name field. 3. Scroll down in the User Role field to select one of the following: Administrator—complete access to the Accelerator and its commands. Only Administrator users can modify AAA settings. Monitor—access the Accelerator’s CLI but cannot modify configuration. NetAdmin—complete access to the Accelerator and its commands with the exception of the Security commands and WAFS management screen. WAFS-Administrator—complete access to WAFS management screen and console, in addition to web acceleration and DNS configuration. 4. If a local password is to be set for this user, select the Enable Local Password checkbox, then enter and confirm a new password for this user. If the checkbox is not checked, only remote authentication servers will be able to authenticate passwords. Passwords must be at least 6 characters in length and cannot be Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C o nf ig u r in g A AA v ia t he Web U I 291 keyboard sequences (qwertyu, 123456), palindromes, or simple recognized dictionary words. i 5. Click the Add button to apply settings. Note: when working with a TACACS server, you must add each user name into the Accelerator. To modify an Accelerator user: 1. Click on Setup followed by Security. 2. In the Users menu, click on the name of the user in the Users Table. 3. Modify details as needed. Click the Submit button to apply settings. Deleting Users To delete an Accelerator user: 1. Click on Setup followed by Security. 2. In the Users menu, highlight the line in the Users Table that includes the name of the user to be deleted. Click the delete button. 3. Click the Submit button to apply settings. Setting Authentication Preferences The Authentication screen lets you set Authentication Servers (Radius, TACACS+ and Local) and manage these servers and their preference order in the Accelerator. S e t t i n R ev isi o n 2. 0 292 C h ap t er 11: Security g Authentication Servers To enter authentication servers: 1. Click on Setup followed by Security. 2. In the Authentication menu, click the add button above the Authentication Servers Table. 3. In the Add New Authentication Server dialog box, enter the following information. Name Descripion Server Name The name of the server you want to add. Server Type The server type (Radius or Tacacs). IP Address The new server’s IP address. Server Port The server’s port. Server Order Defines whether the server is the first, second or third to be addressed. Encryption Key The server’s encryption key Server Timeout Time period after which the connection times out. Setting the Authentication Method The authentication method lets you define which servers are to be checked. If more than one authentication type is used, select the server types in the order in which they are to be authenticated. To set the authentication method: 1. Click on Setup followed by Security. 2. In the Authentication menu, scroll down in the 1 field to set the first level of Authentication. In the 2 field set the second level of Authentication and so on. 3. Click the Submit button to apply settings. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C o nf ig u r in g A AA v ia t he Web U I 293 Defining the Security Settings The Settings screen lets you define security settings, such as which access methods to use when connecting to the Accelerator and the maximum failed login attempts before an account would be disabled. By default, all transport types are set to Enabled, except FTP and TFTP that are set to Disabled. To define security settings: 1. Click on Setup followed by Security. 2. In the Settings menu, select the checkboxes of the types of access methods allowed for connecting to the Accelerator. 3. Click the Submit button to apply settings. R ev isi o n 2. 0 294 C h ap t er 11: Security Auditing Administration Activities The Audit screen lets you select which administration activities to audit (for example: changing the configuration, creating links and adding users.) To select which activities to audit: 1. Click the Setup tab, followed by Security, and then Audit. 2. In the Accelerator’s audit table, select or deselect the boxes that refer to the activities you want to audit or to stop auditing. 3. Click Submit. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e L oc ki ng /u n lo c kin g t h e Ke ypad Locking/unlocking the Keypad 295 The LCD keypad on the front panel of the Accelerator 4820/4830/4920/4930, the Accelerator 1820 and Accelerator 6830/6930/6840/6940 can be locked. To set the lock key combination sequence, see section Installing the Accelerator, on page 13. To lock/unlock the keypad via the WebUI: 1. Click the Setup tab, followed by Security, and then Keypad. 2. In the Keypad menu, from the drop-down menu, select either Locked, AutoLocked or Unlocked. 3. Click the Submit button. Setting the Keypad Lock Definitions Selecting the Auto-Locked value for the keypad lets you set the number of times after which the keypad will automatically lock, as well as the key sequence to be entered for unlocking the keypad once it is locked. To set the auto-lock timer: 1. In the Keypad screen, enter a number (in seconds) into the auto-lock timer field. 2. Click the Submit button. To set an unlock sequence: The unlock sequence sets a the sequence of keypad buttons that must be pressed in order to unlock the LCD. The default is as follows: Up arrow, Down arrow, Right arrow, Left arrow, Enter button. R ev isi o n 2. 0 296 C h ap t er 11: Security The unlock sequence set should be a combination of the buttons, in any order, up to five depressions. 1. In the Keypad screen, in the Unlock Sequence fields, scroll down in the fields to select the button to be pressed in the order intended. 2. Click the Submit button. Defining Other LCD Settings Turning ByPass On Locking the Keypad You can lock the Accelerator’s keypad via the LCD, the WebUI or the CLI. To unlock the keypad, enter the unlock sequence. The default unlock sequence is Right button, Left button, Up button, Down button, Enter. You can modify the lock sequence via the WebUI as described in section Locking/unlocking the Keypad, on page 295, or via the CLI, as described in section Unlocking or Locking the Keypad, on page 581. Product ID Ac ce ler at o rOS 6 .1 .2 Us er Gui d e L oc ki ng /u n lo c kin g t h e Ke ypad 297 Management IP Management Mask R ev isi o n 2. 0 298 C h ap t er 11: Security Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chapter 12: Troubleshooting This chapter describes troubleshooting procedures for the Accelerator and explains Accelerator alerts and events, as follows: Carrying out the Troubleshooting Procedure, on page 300 Recovering the Password, on page 301 Checking the Event Log, on page 302 Displaying Information for Troubleshooting, on page 305 Checking the Link Status, on page 307 Checking Ethernet Settings, on page 308 Checking Lack of Acceleration, on page 311 Checking Link Malfunction, on page 312 300 C h ap t er 12: Troubleshooting Carrying out the Troubleshooting Procedure If there is a problem with your Accelerator, try using the following steps to help diagnose the source of the problem: Check the Event log Check the topology and host settings - is the default gateway set correctly? What is being affected? All the links? Particular links? Use Tools to find the source of the problem Put the local Accelerator and then the remote Accelerator into bypass mode Ac ce ler at o rOS 6 .1 .2 Us er Gui d e R e cover i n g t h e Pa ss wo rd R ec ov eri n g th e Pa ssw o rd 301 If you forget your password, you can use the reset command from the login prompt instead of the password. This command deletes all passwords and configurations and resets all of the Accelerator’s settings, including the device’s passwords, to their default values. After resetting, you can use the default login (expand) and password (Expand) to log in and reconfigure the Accelerator. Trying 172.16.31.12 (PORT:23)... Connected to 172.16.31.12... AcceleratorOS, Accelerator 6800 Series Version v6.1(2) (Build3.53) login: reset i NOTE: To accomplish this result, use a Console connection. R ev isi o n 2. 0 302 C h ap t er 12: Troubleshooting Checking the Event Log The first thing to do when you encounter problems with Accelerator performance is to check the Event log for any unusual errors. The following logging levels are supported: Checking Checking Checking Checking Info Events, on page 302: Informational messages Warning Events, on page 302: Warning conditions exist Error Events, on page 302: Error conditions exist Fatal Events, on page 303: Unit failure These levels are related to the severity levels used by email and broadcast functions. When used with these, the user can define the minimum and maximum event logging (range) that will be emailed or broadcasted. Checking Info Events Info events notify regarding status changes that occur in the normal operation of the system, for example: 06-Jun-07 10:38:41 <INFO> #1 Add QoS global rule, rule id=1, direction outbound Checking Warning Events Warning events identify issues or configuration errors within the Accelerator. The system continues to run, but action may be required to return the Accelerator to normal operating standards, for example: 06-Jun-07 10:29:07 <WARNING> #1 HSRP Message authentication has failed due t11 Checking Error Events Error events occur sporadically, but the Accelerator easily recovers from them, for example: 06-Jun-07 10:38:41 <ERROR> #1 Configuration-load: 'Line# 16, Error:Warning Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Ch e cki n g th e Ev en t L og 303 Checking Fatal Events Fatal events are events for which you have to take corrective action in order to return the Accelerator to operation, for example: 06-Jun-07 07:37:59 <fatal> #1 TWDSupervisor.cpp(26) TWDSupervisor:TWDSupervisor Watch Dog: Reboot system due to a failure of client, named: TelnetDaemon. The Accelerator event log records changes in the state of Accelerator links and changes to configuration, saving them in a list format. In the CLI, use the following commands to view events. ACC1# show events 06-Jun-07 10:29:07 <WARNING> #1 HSRP Message authentication has failed due t11, 06-Jun-07 10:29:07 <WARNING> #1 _peer.cppLink 222.0.0.1 status changed from acc 29-Jun-07 10:19:19 <INFO> #2 Link ID 1 was Updated 29-Jun-07 10:20:51 <INFO> #1 Subnets for Remote link CP Id 1 changed 29-Jun-07 10:38:41 <INFO> #1 Link 1 was Added 29-Jun-07 10:38:41 <INFO> #1 Add QoS global rule, rule id=1, direction outbound 29-Jun-07 10:38:41 <ERROR> #1 Configuration-load: 'Line# 16, Error:Warning Studying Log Message Formats Log messages are displayed in the following format: TIMESTAMP: <LEVEL of SEVERITY> #OCCURRENCE: Message-text; Timestamp: Log date and time, in the following format: dd/mmm/ yy hh:mm:ss Level of Severity: Debug, information, warning, error, or fatal. Occurrence: The number of times this log has been recorded. Message-text: Text string containing detailed information about the event being reported. Check the Accelerator’s system time when viewing any event the Accelerator generates. All events are given a timestamp relative to the Accelerator’s local time. R ev isi o n 2. 0 304 C h ap t er 12: Troubleshooting To view the Accelerator system time: ACC1#show clock System time is: THU SEP 04 17:37:57 2003 Time zone offset: 0 minutes Ac ce ler at o rOS 6 .1 .2 Us er Gui d e D is p lay in g I nf o r m at io n f o r Tro ub le sh o o ti ng Displaying Information for Troubleshooting 305 The Accelerator’s show tech-support command lets you aggregate all necessary troubleshooting information in the Accelerator via one simple command providing a window into the Accelerator’s inner workings and configuration. Displaying Information via the WebUI To use the WebUI to display Information for Troubleshooting: 1. Click on Tools, followed by General Tools. 2. Click the Show Technical Support button. The Technical Support dialog box appears: 3. Click the Save button to save this data in the requested location, as either a text or an HTML file. 4. Send an E-mail to technical support at [email protected] and attach the file. Alternatively, you can contact customer support in the methods described in Contacting TAC, on page 389. R ev isi o n 2. 0 306 C h ap t er 12: Troubleshooting Displaying Statistics in a Compressed, Archived File The statistics displayed by using one of the two methods described above is one of the logs that you can concentrate to create one compressed archive file. For details, see section Archiving Log Files, on page 327. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Checking the Link Status C he ck in g t he L in k Stat u s 307 The status of the link may point to the source of a problem. An initial probe is used during the Accelerator’s initial link connection stage. If this probe fails, it attempts to retry until the Accelerator responds. If a link is inactive, a keepalive will be automatically sent to the remote Accelerator. If 10 keepalive packets do not receive a response, the Accelerator assumes that the remote Accelerator is down and the local Accelerator automatically passes the link traffic transparently through to the WAN. ACC1# show interface link summary -------------------------------------------------------LINK|DEST IP ADDRESS|DESCRIPTION|BANDWIDTH|LINK STATUS ----+---------------+-----------+---------+----------1 | 10.2.0.6 non | N/A | L-10.2.0.6|15000/N/A |dropped | non-link | 100000/ N/A | virtual --------------------------------------------------------- Link Status states are as follows: Link Status Initialize The remote Accelerator is initializing. Inactive The remote Accelerator is not active. Trying to Connect Link is establishing connection. Negotiating Link parameters are being negotiated (cache size, and so on). Remote Found Link is active. Accelerating Link is active and acceleration is on. Active Link is active and the link is tunnelling but not accelerating traffic. Active can be either No local license, meaning that the link is inactive because the local Accelerator is not properly licensed; or No remote license, meaning that the remote Accelerator is not properly licensed. Drop Communication has been lost. Load Error Internal error occurred during definition of the link in the system. Virtual A Virtual link (no far-end Accelerator). Unknown Remote Accelerator is not available. R ev isi o n 2. 0 308 C h ap t er 12: Troubleshooting Checking Ethernet Settings Although Ethernet level compatibility is not an issue unique to the Accelerator, it should be considered in all hardware installations. If an Accelerator goes into hardware bypass, the two devices that are cabled to the Accelerator are directly connected, and any incompatibilities between them may cause problems. Ensure that Ethernet settings are correct. As a symptom of incorrect Ethernet settings, discarded packets and loss of connectivity may be experienced on the Accelerator. You can check this by using the appropriate show interface ethernet commands, as follows. ACC1# show interface ethernet 0/0 ? <cr> continuous continuous output ACC1# show interface ethernet 0/0 Description.............................ethernet 0/0 MAC.....................................00:02:B3:C8:4E:9C Hardware type...........................mii Link mode...............................auto (100Mbit-Full) link is up Link detected...........................yes Supports auto-negotiation...............yes Supports link modes.....................10baseT/Half 10baseT/ Full 100baseT/Half 100baseT/Full Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C h eck in g E t h er n e t S et t in g s LAN throughput data System Up Since Clear Last 30 Secs In Bytes 3826461 N/A N/A In Packets 23240 N/A N/A Dropped In Packets 0 N/A N/A Out Bytes 159363519 N/A N/A Out Packets 1723079 N/A N/A Dropped Out Packets 0 N/A N/A LAN throughput data System Up Since Clear In Frame Error 0 N/A N/A In Overruns 0 N/A N/A Dropped In Packets 0 N/A N/A In Total Errors 0 N/A N/A Out Collisions 0 N/A N/A Out Lost Carrier 92 N/A N/A Out Underruns 0 N/A N/A Out Total Errors 92 N/A N/A Last 30 Secs ACC1#show interface ethernet [0 | 0/0 | 0/1] [continuous] Command Purpose 309 Lists all ethernet interface configuration and statistics information per interface, 0, 0/0 and 0/1. Continuous enables the entire output instead of one screen at a time. Ensure that Speed and Duplex settings are set correctly. Expand recommends using the following command to manually set Speed and Duplex values: Command Syntax Description Command Modes link-mode 100Mbit-full 100 Mega bit full duplex 100Mbit-half 100 Mega bit half duplex 10Mbit-full 10 Mega bit full duplex 10Mbit-half 10 Mega bit half duplex auto Auto Enters the mode to set Ethernet interface 0 parameters. configure > interface ethernet (ethernet number) R ev isi o n 2. 0 310 C h ap t er 12: Troubleshooting Default N/A Example Ac ce ler at o rOS 6 .1 .2 Us er Gui d e ACC1# configure ACC1(config)# interface ethernet 0 ACC1(interface)# link-mode 10Mbithalf C he ck in g L ac k o f A cc el era ti on Checking Lack of Acceleration 311 If applications are not being accelerated, often the source of the problem is missing information in the subnets, links and routing tables. Check the following tables to ensure that they contain everything they should: Subnets table—contains all subnets that are part of the Accelerator’s network that need to be advertised. Links table—contains all remote networks that the Accelerator is aware of for Acceleration and QoS, and remote networks that have no Accelerator for QoS only. Local and Remote subnets—use the CLI show subnets command to view all local and remote subnets known to the Accelerator. Routing table—must list all next hops necessary to reach all remote networks. If acceleration percentages are not as expected, it is often due to one or more of the following reasons: Traffic is not associated with the correct link Another link is being used QoS classification (application definition) is wrong QoS rule order is incorrect for the setup Check link utilization - if the link is underutilized, check for greedy applications Accessing Remote Devices If all necessary connections have been made, but the Accelerator is still not functioning as expected, use the tools Pinging via the WebUI and Sending a Traceroute Packet to check routes to remote Accelerators and networks. Can you access a remote device? Can you access the remote Accelerator? Can you access the remote router? From the remote Accelerator, can you ping its router? R ev isi o n 2. 0 312 C h ap t er 12: Troubleshooting Checking Link Malfunction If the link is not operating as expected, ensure that the Accelerator configuration reflects the hardware and software infrastructure. Some external devices may require that the Accelerator be transparent - consider using RTM encapsulation. Perhaps performance is being affected by misapplied MPLS or load balancing in the network. Consider the following: Is bypass disabled on the other side of the link? Are the bandwidth settings correct? Is Acceleration enabled on both sides of the link? Is the MTU size set correctly and not larger than the maximum MTU of the link path? Are the correct subnets advertised to the remote site? Is there bandwidth oversubscription on the WAN or on a link? Are packets being dropped on the link? In case there is a firewall in the path, are IPComp and TCP port 1928 open? Is the correct link destination address configured? Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chec ki ng for C o rrupte d Termi na l Checking for Corrupted Terminal 313 If the terminal settings become corrupted, exit to the login prompt and log into the Accelerator as the user named 'r' with no password. This will reset the terminal settings and let you log in as "expand", as usual. Ensure that the terminal settings on your terminal emulation are correct: 9600 baud; 8 data bits; no parity; 1 stop bit; no flow control. R ev isi o n 2. 0 314 C h ap t er 12: Troubleshooting Checking HSRP Malfunction Ensure that you “join” the HSRP group. In AcceleratorOS 5.0 and above, after HSRP group parameters are updated, the Accelerator must join the group. In the CLI this is accomplished using the join command. Ensure that the correct HSRP group is configured - check the configuration on the other units in the group. Ensure that the correct Priority is configured so the Accelerator does not conflict with the same priority on another unit in the group. Ensure that the correct virtual IP address is configured. If authentication is used, ensure that you use the same password (default cisco) Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C h ec kin g Qo S Ma lf un c ti on Checking QoS Malfunction 315 QoS on a non-link: if QoS is not functioning as expected for non-link traffic, it could be due to the definition of the local subnet. If a local subnet is not defined as LOCAL, the Accelerator QoS and monitoring features do not function properly. Ensure that all local subnets are defined as local. Ensure that the bandwidth statements on the links are correct. Check that the policy rules are applied on the correct links. Check that the application definitions are correct. R ev isi o n 2. 0 316 C h ap t er 12: Troubleshooting Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chapter 13: Using the Accelerator Tools The Accelerator Tools let you manage AcceleratorOS upgrade versions, save and replace the Accelerator’s configuration file and perform tasks such as traceroute and ping. This chapter contains the following sections: Upgrading the AcceleratorOS Software, on page 318. Using the Configuration Tools, on page 320. Using the General Tools, on page 322. Managing User Files, on page 325. Viewing System Information, on page 326. Archiving Log Files, on page 327. Enabling Accdump, on page 328. 318 C h ap t er 13: Using the Accelerator Tools Upgrading the AcceleratorOS Software You can upgrade the AcceleratorOS software by uploading software from a remote server or from the local drive. To upgrade software: 1. Click on the Tools tab, followed by Upgrade. 2. Scroll down in the Copy method field, to select the way the file will be copied (FTP, TFTP or HTTP). 3. In the fields provided, enter the user name, password and IP address of the device from which the files are to be copied. 4. Enter the path to the file, followed by the file name (the file will be a .tgz file). 5. Click the Submit button to copy the file to the user area. 6. Reboot the Accelerator with the new file name. After rebooting, the Accelerator extracts the file and runs it. 7. Select Locally stored on Accelerator to upgrade to an AcceleratorOS version that is stored locally on the Accelerator, in case of a hard drive-based Accelerator. Alternatively, if your Accelerator uses a Compact Flash card, at least 10 MB of free space is provided on the card for file extraction. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e U pgra di n g the Ac ce le ratorOS S oft wa re i 319 NOTE: If you are running a version of AcceleratorOS previous to 5.0(6), note that two new preconfigured applications were added in this version that may affect user-defined applications on the same ports. If applications have been configured for port of 1928 (saved for the expand-internal application) or 2598 (citrix-ica-sr), rename these applications exactly as in the preconfigured application before performing an upgrade. If an application exists for a list of ports or range of ports that include the specified port numbers (1928 and 2598), remove these ports from the list or range, and create applications expand-internal with port 1928, and citrix-ica-sr with port 2598. Then change the policy-rules to match also this application. R ev isi o n 2. 0 320 C h ap t er 13: Using the Accelerator Tools Using the Configuration Tools Changes made to the Accelerator’s configuration are automatically saved to the Accelerator’s Running Configuration and are applied until changed or until the Accelerator is shut down. Any changes that you want to remain configured on the Accelerator, even after shutdown, must be saved to the Accelerator’s Startup Configuration. To save a startup configuration: 1. In the WebUI, make any changes to be saved. 2. Scroll down in the Copy method field, to select the way the file is copied (FTP, TFTP or HTTP). i NOTE: The running configuration is saved as the startup configuration, and therefore all changes made to the Accelerator since its last shutdown are now saved as the startup configuration 3. Click on Tools, followed by Configuration Tools. 4. Click the Write Startup Configuration button. To erase the startup configuration saved on the Compact Flash Card: 1. Click on Tools, followed by Configuration Tools. 2. Click the Erase Startup Configuration button To export the startup configuration: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e U sin g t h e Co n fi g ur at io n To ol s 321 Exporting the startup configuration opens a web page dialog that displays the Accelerator’s startup configuration in CLI command format. You can either save this file for future reference or upload it to other Accelerators. 1. Click on Tools, followed by Configuration Tools. 2. Click the Export Startup Configuration button. To export the running configuration: Exporting the running configuration opens a web page dialog that displays the Accelerator’s running configuration in CLI command format. You can either save this file for future reference or upload it to other Accelerators. 1. Click on Tools, followed by Configuration Tools. 2. Click the Export Running Configuration button. To import the startup configuration: Importing the startup configuration opens a web page dialog that lets you browse to select a configuration file to be uploaded to the Accelerator. 1. Click on Tools, followed by Configuration Tools. 2. Click the Import Configuration button. R ev isi o n 2. 0 322 C h ap t er 13: Using the Accelerator Tools Using the General Tools General tools are provided to let you use basic networking tools and commands via the Accelerator WebUI. The general tools are as follows: Pinging via the WebUI, on page 322 Sending a Traceroute Packet, on page 323 Rebooting the Accelerator via the WebUI, on page 323 Show Technical Support - see section Displaying Information via the WebUI, on page 305 Pinging via the WebUI The Accelerator lets you use the WebUI to Ping network devices and remote Accelerators. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e U si n g th e G en e ral To ol s 323 To ping a network device: 1. Click Tools followed by General Tools. 2. Under Ping, in the Destination IP Address field, enter the IP address of the device to which the ping is to be sent. 3. In the Packet Size field, enter the size of the ping packets to be sent (default is 64 bytes). 4. In the Number of Times field, enter the number of times to try sending packets to the remote device. 5. Click the Ping button. Sending a Traceroute Packet The Accelerator lets you send a traceroute packet to network devices and remote Accelerators from the Accelerator via the WebUI. To send a traceroute: 1. Click Tools followed by General Tools. 2. Under Traceroute, in the Destination IP Address field, enter the IP address of the device to which the ping is to be sent. 3. In the Maximum Number of Hops field, enter the maximum length the packet can travel before arriving at the designated destination (default is 30). 4. Click the Trace Route button. Rebooting the Accelerator via the WebUI The AcceleratorOS lets you reboot the Accelerator via the WebUI. Rebooting the Accelerator in this way does not save changes from the current running configuration to the Startup configuration. The Accelerator reboots using the previously saved Startup configuration, unless other changes were saved. To reboot the Accelerator: 1. Click Tools followed by General Tools. 2. Under Reboot, click the Reboot button. R ev isi o n 2. 0 324 C h ap t er 13: Using the Accelerator Tools Gathering Statistics for Technical Support In the unlikely event of Accelerator malfunction or error, it may be necessary to gather many statistics for Expand Networks’ Technical Support. You can use one command to gather all necessary information. To view Accelerator troubleshooting statistics: 1. Click Tools followed by General Tools. 2. Under Tech Support, click the Show Technical Support button. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Managing User Files M a na g in g Us er F ile s 325 The User Files screen lets you manage the files that are located in the User Area of your Flash card (or hard drive, for hard drive-based Accelerators). If more space is needed on the Flash card/hard drive, you can use the User Files screen for deleting unneeded files. The date listed for the file is the date when the file was copied. To remove files from the Flash card or hard drive: 1. Click Tools followed by User Files. 2. Highlight the files to be deleted. 3. Click the Delete button. R ev isi o n 2. 0 326 C h ap t er 13: Using the Accelerator Tools Viewing System Information The System Information screen lets you view information regarding several aspects of the system, such as the CPU operating frequency, CPU utilization and memory utilization. To display system information in the Accelerator’s WebUI, click Tools followed by System Information. Almost all parameters shown in this screen are for display only and cannot be changed. The only parameter that you can set is Requested Maximum Links. To set up the requested maximum links: 1. Click Setup followed by My Accelerator. 2. Select the Basic tab. 3. Under Basic, click the Advanced Setting Configuration button. 4. In the Maximum Links section, enter a value in the Requested Max Links field. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Archiving Log Files A rch iv in g L o g F ile s 327 The log archiving feature lets you concentrate all existing log archives in the Accelerator, to create one compressed archive file. You can create archive files for the following types of logs: AOS Webcache WAFS Statistics To create an archive log file: 1. Click Tools followed by Archiving. The following screen appears: 2. Use the Log Archive Prefix field to set the prefix for the log file you want to create (default: acclog). The suffix is predetermined by the system (time stamp). 3. Click the Create Log Archive button to create a new log archive. The newly created log file now appears in the log archive files table. To download one file or more, select these files in the table and click the Download button. To delete one file or more, select these files in the table and click the Delete button. R ev isi o n 2. 0 328 C h ap t er 13: Using the Accelerator Tools Enabling Accdump i NOTE: This feature is only available to Accelerators that are configured with a hard drive. The Accdump feature lets you download and display tcpdump information from the system, namely: to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is connected. You can capture the tcpdump information from various sources, and select whether to receive this information from all these sources or only from a single source. To enable Accdump: 1. Click Tools followed by Accdump. 2. Click on the scroll box near the Accdump field, and select the Enabled option to start the Accdump operation. 3. Under Interface, select whether to enable all interfaces (Any), none available (N/ A) or a particular interface. 4. Under Number of Files, you can select the Auto option, in which case the default number of files (100) and file size (10MB) is used. Alternatively, select Other and insert your customized values. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e E n ab li n g Ac cd u mp i 329 NOTE: The number of files cannot exceed 999, and the maximum size of all files combined must not exceed 1GB. Note too, the files are saved in a cyclic manner. 5. If you want to use one or more optional flags, enter these flags in the Optional Flags field. For a detailed description of the optional flags, see appendix tcpdump Optional Flags, on page 391. 6. If you do not want to dump all of the packets (default), you can use the Filter Expression field to intercept only packets that come from a specific source or IP address, are destined to a specific port or IP address, or belong to a specific type. Use the File Format scroll box to select in which file format the files are to be saved and downloaded to the local host. The available types are Pcap (saves the default format) and Enc (reformats the file). Having set all the requested definitions, you are now ready to enable Accdump and download the tcpdump files. Alternatively, if you want to revert to default values, click the Set Default Values button and confirm this operation. 7. Click the Submit button. 8. Click OK to confirm the operation. To stop the Accdump operation, click on the scroll box near the Accdump field and select the Disabled option. When you enable the Accdump feature again, all existing Accdump files are deleted. To download Accdump files: 1. In the Accdump Files Table, select the checkbox near the files you want to download. 2. Click the Download button. You are prompted that downloading the Accdump files will delete the existing files. 3. Click OK. The dialog box that appears now requests you to select a location for saving the file. 4. Select the requested location and click Save. R ev isi o n 2. 0 330 C h ap t er 13: Using the Accelerator Tools Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Appendix A: NetFlow Monitored Statistics The following table lists all of the Version 9 Field type definitions for statistics that can be collected from the Accelerator and sent to the NetFlow server. Field Type Value Length (bytes) Description IN_BYTES 1 N (default is 4) Incoming counter with length N x 8 bits for number of bytes associated with an IP Flow. IN_PKTS 2 N (default is 4) Incoming counter with length N x 8 bits for the number of packets associated with an IP Flow FLOWS 3 N Number of flows that were aggregated; default for N is 4 PROTOCOL 4 1 IP protocol byte SRC_TOS 5 1 Type of Service byte setting when entering incoming interface TCP_FLAGS 6 1 Cumulative of all the TCP flags seen for this flow L4_SRC_PORT 7 2 TCP/UDP source port number for example: FTP, Telnet, or equivalent IPV4_SRC_ADDR 8 4 IPv4 source address SRC_MASK 9 1 The number of contiguous bits in the source address subnet mask, namely: the subnet mask in slash notation INPUT_SNMP 10 N Input interface index; default for N is 2, but you can use higher values L4_DST_PORT 11 2 TCP/UDP destination port number for example: FTP, Telnet, or equivalent IPV4_DST_ADDR 12 4 IPv4 destination address DST_MASK 13 1 The number of contiguous bits in the destination address subnet mask, namely: the subnet mask in slash notation OUTPUT_SNMP 14 N Output interface index; default for N is 2, but you can use higher values IPV4_NEXT_HOP 15 4 IPv4 address of next-hop router SRC_AS 16 N (defau lt is 2) Source BGP autonomous system number where N could be 2 or 4 332 C h ap t er A: Field Type (Continued) Value DST_AS 17 N (defau lt is 2) Destination BGP autonomous system number where N could be 2 or 4 BGP_IPV4_NEXT_ HOP 18 4 Next-hop router's IP in the BGP domain LAST_SWITCHED 21 4 System uptime at which the last packet of this flow was switched FIRST_SWITCHED 22 4 System uptime at which the first packet of this flow was switched IPV6_SRC_ADDR 27 16 IPv6 Source Address IPV6_DST_ADDR 28 16 IPv6 Destination Address IPV6_SRC_MASK 29 1 Length of the IPv6 source mask in contiguous bits IPV6_DST_MASK 30 1 Length of the IPv6 destination mask in contiguous bits IPV6_FLOW_LABE L 31 3 IPv6 flow label as per RFC 2460definition SAMPLING_INTER VAL 34 4 When using sampled NetFlow, the rate at which packets are sampled for example: a value of 100 indicates that one of every 100 packets is sampled SAMPLING_ALGO RITHM 35 1 The type of algorithm used for sampled NetFlow: 0x01 Deterministic Sampling,0x02 Random Sampling FLOW_ACTIVE_TI MEOUT 36 2 Timeout value (in seconds) for active flow entries in the NetFlow cache FLOW_INACTIVE_ TIMEOUT 37 2 Timeout value (in seconds) for inactive flow entries in the NetFlow cache ENGINE_TYPE 38 1 Type of flow switching engine: RP = 0, VIP/Linecard = 1 ENGINE_ID 39 1 ID number of the flow switching engine TOTAL_BYTES_EX P 40 N (defau lt is 4) Counter with length N x 8 bits for bytes for the number of bytes exported by the Observation Domain TOTAL_PKTS_EXP 41 N (defau lt is 4) Counter with length N x 8 bits for bytes for the number of packets exported by the Observation Domain TOTAL_FLOWS_E XP 42 N (defau lt is 4) Counter with length N x 8 bits for bytes for the number of flows exported by the Observation Domain IP_PROTOCOL_VE RSION 60 1 Internet Protocol Version Set to 4 for IPv4, set to 6 for IPv6. If not present in the template, then version 4 is assumed. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Length (bytes) Description 333 Field Type (Continued) Value Length (bytes) DIRECTION 61 1 Flow direction: 0 - ingress flow, 1 - egress flow IPV6_NEXT_HOP 62 16 IPv6 address of the next-hop router BPG_IPV6_NEXT_ HOP 63 16 Next-hop router in the BGP domain IPV6_OPTION_HEA DERS 64 4 Bit-encoded field identifying IPv6 option headers found in the flow MPLS_LABEL_1 70 3 MPLS label at position 1 in the stack MPLS_LABEL_2 71 3 MPLS_LABEL_3 72 3 MPLS label at position 3 in the stack MPLS_LABEL_4 73 3 MPLS label at position 4 in the stack MPLS_LABEL_5 74 3 MPLS label at position 5 in the stack MPLS_LABEL_6 75 3 MPLS label at position 6 in the stack MPLS_LABEL_7 76 3 MPLS label at position 7 in the stack MPLS_LABEL_8 77 3 MPLS label at position 8 in the stack MPLS_LABEL_9 78 3 MPLS label at position 9 in the stack MPLS_LABEL_10 79 3 MPLS label at position 10 in the stack IN_ PERMANENT _BYTES 85 N (defau lt is 4) Running byte counter for a permanent flow IN_ PERMANENT _PKTS 86 N (defau lt is 4) Running packet counter for a permanent flow Description MPLS label at position 2 in the stack When extensibility is required, the new field types are added to the list. The new field types have to be updated on the Exporter and Collector but the NetFlow export format would remain unchanged. In some cases the size of a field type is fixed by definition, for example PROTOCOL, or IPV4_SRC_ADDR. However, in other cases they are defined as a variant type. This improves the memory efficiency in the collector and reduces the network bandwidth requirement between the Exporter and the Collector. As an example, in the case IN_BYTES, on an access router it might be sufficient to use a 32 bit counter (N = 4), whilst on a core router a 64 bit counter (N = 8) would be required. All counters and counter-like objects are unsigned integers of size N * 8 bits. R ev isi o n 2. 0 334 C h ap t er A: Template Fields The following is a list of NetFlow version 9 template fields exported for each predefined Expand template: full, long and short. Full Template %B YT E S %P K TS %P RO T % TO S % T CP _F L AG S % L4 _ SR C_ P OR T % IP _S R C_ AD D R % SR C_ M AS K % IN P UT _S N MP % L 4_ D ST _P O RT % IP _D S T_ AD D R % DS T_ M AS K % OU T PU T_ S NM P % IP _ NE XT _ HO P % SR C _A S % DS T_ A S %L A ST _ SW IT C HE D % FI R ST _S W IT CH E D % IP V6 _ SR C_ A DD R % IP V6 _ DS T_ A DD R % IP V 6_ SR C _M A SK % I PV 6_ D ST _ MA SK %E NG I NE _ TY PE % EN GI N E_ ID %T O TA L_ B YT ES _ EX P % TO T AL _P K TS _ EX P % TO TA L _F LO W S_ E XP % I P_ PR O TO C OL _V E RS IO N % D IR EC T IO N % FR AG M EN TE D % F IN GE R PR IN T % V LA N_ T AG % N W_ L AT EN C Y_ SE C % NW _L A TE NC Y _N S EC % A PP L_ L AT E NC Y_ S EC % A PP L _L AT E NC Y_ N SE C % PA YL O AD Long Template %B YT E S %P K TS %P RO T % TO S % T CP _F L AG S % L4 _ SR C_ P OR T % IP _S R C_ AD D R % SR C_ M AS K % IN P UT _S N MP % L 4_ D ST _P O RT % IP _D S T_ AD D R % DS T_ M AS K % OU T PU T_ S NM P % IP _ NE XT _ HO P % SR C _A S % DS T_ A S %L A ST _ SW IT C HE D % FI R ST _S W IT CH E D % IP V6 _ SR C_ A DD R % IP V6 _ DS T_ A DD R % IP V 6_ SR C _M A SK % I PV 6_ D ST _ MA SK %E NG I NE _ TY PE % EN GI N E_ ID %T O TA L_ B YT ES _ EX P % TO T AL _P K TS _ EX P % TO TA L _F LO W S_ E XP % I P_ PR O TO C OL _V E RS IO N % D IR EC T IO N % FR AG M EN TE D % F IN GE R PR IN T % V LA N_ T AG Short Template %B YT E S %P K TS %P RO T % TO S % T CP _F L AG S % L4 _ SR C_ P OR T % IP _S R C_ AD D R % SR C _M AS K %L 4_ D ST _ PO RT % IP _D S T_ AD D R % DS T _M AS K % IP _N E XT _H O P %S R C_ A S %D S T_ AS %L AS T _S W IT CH E D %F I RS T_ S WI T CH ED % IP _P R OT OC O L_ V ER SI O N %D I RE C TI ON %F RA G ME N TE D % FI NG E RP R IN T % VL AN _ TA G Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Appendix B: Pre-Defined Applications The following table lists all applications that are predefined in the Accelerator, their port/protocol number and whether they are monitored by the Accelerator by default. Application Port/Protocol Number Automatically Monitored? tcpmux 1 No compressnet-mgmt 2 No compressnet 3 No echo 7 No discard 9 No systat 11 No daytime 13 No qotd 17 No msp 18 No chargen 19 No ftp-data 20 Yes ftp 21 Yes ssh 22 Yes telnet 23 Yes priv-mail 24 No smtp 25 Yes nsw-fe 27 No msg-icp 29 No msg-auth 31 No dsp 33 No priv-print 35 No time 37 No rap 38 No graphics 41 No nicname 43 No ni-ftp 47 No 336 C h ap t er B: Application (Continued) Port/Protocol Number Automatically Monitored? auditd 48 No tacacs 49 No xns-time 52 No domain 53 Yes xns-ch 54 No isi-gl 55 No xns-auth 56 No priv-term 57 No xns-mail 58 No priv-file 59 No ni-mail 61 No acas 62 No whois++ 63 No covia 64 No tacacs-ds 65 No sql*net 66 No gopher 70 No priv-dialout 75 No deos 76 No priv-rje 77 No vettcp 78 No finger 79 No http-www 80 Yes hosts2-ns 81 No xfer 82 No mit-ml-dev 83 No ctf 84 No mfcobol 86 No priv-termlink 87 No su-mit-tg 89 No dnsix 90 No mit-dov 91 No npp 92 No dcp 93 No objcall 94 No dixie 96 No swift-rvf 97 No Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 337 Application (Continued) Port/Protocol Number Automatically Monitored? tacnews 98 No metagram 99 No newacct 100 No hostname 101 No iso-tsap 102 No gppitnp 103 No acr-nema 104 No csnet-ns 105 No 3com-tsmux 106 No snagas 108 No pop2 109 No pop3 110 Yes mcidas 112 No auth 113 No audionews 114 No ansanotify 116 No uucp-path 117 No sqlserv 118 No nntp 119 No erpc 121 No smakynet 122 No ansatrader 124 No locus-map 125 No unitary 126 No locus-con 127 No gss-xlicen 128 No pwdgen 129 No cisco-fna 130 No cisco-tna 131 No cisco-sys 132 No ingres-net 134 No endpoint-mapper 135 No profile 136 No netbios-ns 137 Yes netbios-dgm 138 Yes netbios-ssn 139 Yes emfis-data 140 No R ev isi o n 2. 0 338 C h ap t er B: Application (Continued) Port/Protocol Number Automatically Monitored? emfis-cntl 141 No bl-idm 142 No imap2 143 Yes uma 144 No uaac 145 No iso-tp0 146 No iso-ip 147 No jargon 148 No aed-512 149 No sql-net 150 No bftp 152 No netsc-prod 154 No netsc-dev 155 No sqlsrv 156 No knet-cmp 157 No pcmail-srv 158 No nss-routing 159 No snmp 161 Yes snmptrap 162 Yes xns-courier 165 No s-net 166 No namp 167 No rsvd 168 No send 169 No print-srv 170 No multiplex 171 No cl-1 172 No xyplex-mux 173 No mailq 174 No vmnet 175 No genrad-mux 176 No nextstep 178 No bgp 179 No ris 180 No unify 181 No audit 182 No ocbinder 18 No Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 339 Application (Continued) Port/Protocol Number Automatically Monitored? ocserver 184 No remote-kis 185 No kis 186 No aci 187 No mumps 188 No qft 189 No gacp 190 No prospero 191 No osu-nms 192 No srmp 193 No irc 194 No dn6-nlm-aud 195 No dn6-smm-red 196 No dls 197 No dls-mon 198 No smux 199 No src 200 No at-rtmp 201 No at-nbp 202 No at-3-5-7-8 203 No at-echo 204 No at-zis 206 No quickmail 209 No z39-50 210 No 914c-g 211 No anet 212 No vmpwscs 214 No softpc 215 No cai-lic 216 No dbase 217 No mpp 218 No uarps 219 No imap3 220 No fln-spx 221 No rsh-spx 222 Yes cdc 223 No peer-direct 242 No R ev isi o n 2. 0 340 C h ap t er B: Application (Continued) Port/Protocol Number Automatically Monitored? sur-meas 243 No daynachip 244 No link 245 No dsp3270 246 No bh-fhs 248 No ldap 389 Yes https 443 Yes smtps 465 No exec 512 No login 513 No shell 514 No printer 515 No talk 517 No ntalk 518 No ibm-db2 523 No uucp 540 No rtsp 554 No nntps 563 No banyan-vip 573 No alternate-http 591, 8008, 8080 No sshell 614 No ldaps 636 No doom 666 No ftps-data 989 No ftps 990 No telnets 992 No ircs 994 No pop3s 995 No notes 1352 Yes timbuktu-srv 1419 No ms-sql-server 1433 No ms-sql-monitor 1434 No ms-sna-server 1477 No ms-sna-base 1478 No citrix-ica 1494 Yes sybase_sqlany 1498 Yes t-120 1503 No Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 341 Application (Continued) Port/Protocol Number Automatically Monitored? oracl-tns 1521, 1526, 1527 No ingres-lock 1524 No oracl-srv 1525 Yes oracl-coauthor 1529 No oracl-remdb 1571 No oracl-names 1575 No america-online No h323 1720 No oracl-em1 1748 No oracl-em2 1754 No ms-streaming 1755 No ms-sms No ms-mqs 1801, 2101, 2103, 2105 No oracl-vp2 1808 No oracl-vp1 1809 No openwindows 2000 No gupta-sqlbase 2155 No cvs-pserver 2401 No citrix-ica-sr 2598 No sybase-sqlanywhere 2638 No ccmail 3264 No ms-terminal-server 3389 Yes sap-r3 3200 No ibm-db2-conn-svc 3700 No ibm-db2-int-svc 3701 No ichat 4020 No pc-anywhere-data 5631 No xwin Yes ircu No vdolive 7000 No realaudio 7070 No cu-seeme alternate-rtsp No 8554 the-palace No No quake 26000 No filenet-RPC 32769 No R ev isi o n 2. 0 342 C h ap t er B: Application (Continued) Port/Protocol Number Automatically Monitored? filenet-NCH 32770 No kazaa 1214 No gnutella-svc 6346 No gnutella-rtr 6347 No edonkey 4662 No radius 1812 No radius-acct 1813 No groupwise 1677 No smaclmgr 4660 No nameserver 42 No wins 1512 No pcanywhere 65301 No bittorent winmx No 6699, 6257 No microsoft-ds 445 Yes rlp 39 No re-mail-ck 50 No la-maint 51 No bootps 67 No bootpc 68 No tftp 69 Yes kerberos 88 Yes cfdptkt 120 No ntp 123 Yes xdmcp 177 No ipx-tunnel 213 No subnet-bcast-tftp 247 No backweb 370 No timbuktu 407 No biff 512 No who 513 No syslog 514 No ip-xns-rip 520 No streamworks-xingmpeg 1558 No citrix-icabrowser 1604 No h323-gatekeeper-disc 1718 No Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 343 Application (Continued) Port/Protocol Number Automatically Monitored? h323-gatekeeper-stat 1719 No ms-mqs-discovery 1801 No ms-mqs-ping 3527 No rtp 5004 No rtcp 5005 No pc-anywhere-stat 5632 No ivisit 9943, 9945, 56768 No l2tp 1701 No sgcp 2427 No hsrp 1985 No timed 525 No nfs 2049 Yes dhcp 546, 547, 647, 847 Yes mimix-dr1 Yes mimix-ha1 mimix-rj Yes 3777 Yes novel-netware-over-ip 396 Yes icmp 1 Yes igmp 2 Yes ipencap 4 Yes egp 8 Yes igp 9 Yes trunk-1 23 Yes trunk-2 24 Yes leaf-1 25 Yes leaf-2 26 Yes ipv6 41 Yes rsvp 46 Yes gre 47 Yes ipv6-crypt 50 Yes ipv6-auth 51 Yes ipv6-icmp 58 Yes eigrp 88 Yes ospf 89 Yes ipip 94 Yes pim 103 Yes scps 105 Yes R ev isi o n 2. 0 344 C h ap t er B: Application (Continued) Port/Protocol Number Automatically Monitored? ipcomp 108 Yes ipx-in-ip 111 Yes vrrp 112 Yes l2tp-over-ip 115 Yes stp 118 Yes isis 124 Yes Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Appendix C: Accelerator Integration Integrating the Accelerator into environments in which third party applications run on the network sometimes requires a certain amount of fine tuning. This appendix describes various environments and applications and how to best set them for Accelerator performance. This appendix covers the following topics: Acceleration and Citrix Traffic, on page 346 Configuring NetFlow, on page 355 Disabling Compression on SAP, on page 358 Calculating Acceleration Figures with an Application other than ExpandView, on page 360 346 C h ap t er C: Acceleration and Citrix Traffic The Accelerator utilizes network resources efficiently and delivers improved acceleration results for Citrix-hosted applications. Citrix users repeatedly access the same content from the network. The Accelerator enhances support for Citrix applications, because acceleration allows more Citrix data to traverse the WAN. The Accelerator achieves this increase in throughput by: Consolidating Citrix header data in pure IP implementations—IP header represents significant overhead in small packets generated by Citrix. It constitutes almost 30% of the Citrix packet. The Accelerator removes repeat-header information and sends this data only once across the network. Consolidating Citrix payload in all environments—the Accelerator extracts data from small packets originating from different Citrix users, and sends packets optimized for specific WAN conditions. The Accelerator eliminates all redundant data transmissions across the WAN. Controlling latency and jitter—the Accelerator reduces latency and jitter, especially over slow WAN links that are commonly used for Citrix deployments. The end result is better, more consistent Citrix performance; and support of up to four times more Citrix users on the existing infrastructure. Citrix has its own internal compression mechanism. The results achieved by this mechanism are not at all comparable to the throughput increase achieved by the Accelerator. When accelerating Citrix traffic, Citrix’s internal compression mechanism must be disabled so that the Accelerator can access the original data. Disabling Citrix NFuse Compression You can disable Citrix compression on each Citrix client PC, but disabling compression via the WebUI will cause all links that are not accelerated to become congested and unusable. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e A cc el era ti on an d Ci t rix Tra f fi c 347 To disable Citrix compression: 1. Back up the current copy of the following files: template.ica, launch.vbs, Clogin.vbs, Chtmllogin.vbs. 2. Copy the two ica files provided here into the following directory: C:\Program Files\Citrix\NFuse 3. Copy the three vbs files into the following directory: C:\inetpub\wwwroot\Citrix\MetaFrameXP\site\include\serverscripts 4. This will modify the Web Interface server by creating a drop-down menu on the login page, which will allow users to specify which type of connection is required. Any link connected to an Accelerator should be set to No Compression. Links not connected to Accelerators should be set to With Compression. 5. Restart the World Wide Web service by opening a command prompt and typing: iisreset 6. Select No Compression for all Accelerated clients in the Web Interface Login page. Disabling Citrix Encryption and Compression Citrix is a popular application installed on top of Microsoft’s Remote Desktop Protocol (RDP) that was created in joint development by Microsoft and Citrix. Citrix, also referred to as ICA, adds quite a few features that RDP does not have and therefore is popular for terminal and thin client deployments. Both RDP and Citrix can compress traffic sent to and from the servers. However, these capabilities are limited, and do not perform as well as Expand’s Accelerator. R ev isi o n 2. 0 348 C h ap t er C: Both RDP and Citrix can encrypt traffic sent to and from the servers. However, because encryption is random by definition, its very nature limits the ability of the Accelerators to remove repetitive data. Defining Settings on the Server An administrator can set encryption and compression settings on the server for the RDP and Citrix connections by modifying the protocol’s properties. For Encryption, all Citrix and RDP communications to the server must meet the minimal encryption settings of the ICA and RDP protocol listener. Settings made to the ICA or RDP listener apply to all traffic and applications. Setting/checking ICA or RDP listener traffic To disable compression and encryption in RDP: 1. Open the Terminal Server Configuration console: All Programs>Administrative Tools>Terminal Server Configuration. 2. In the Connections tab, double-click the RDP-Tcp connection. 3. The RDP-Tcp properties window opens 4. Under the General Tab, set the encryption level to Low. 5. Click OK, and close the configuration console. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e A cc el era ti on an d Ci t rix Tra f fi c 349 To use group policies for disabling compression and encryption in RDP: 1. Open the Default Domain Group Policies on the Domain Controller (AD) 2. Browse to Computer Configurations>Administrative Templates >Windows Components>Terminal Services>Encryption and Security. 3. Double-click the “Set client connection encryption level” setting. A properties window opens: 4. Select the option “Enabled” from the radio button. 5. Set the “Encryption Level” to “Low Level” 6. Click OK, and close the configuration console. Once set, the setting will replicate to the environment. To speed up the process, you can manually update the group policy by running the following command from the command line: gpupdate /force R ev isi o n 2. 0 350 C h ap t er C: To disable compression and encryption in Citrix: 1. Open the Citrix Connection Configuration tool and double click on the ICA-TCP connection type. 2. Within the Advanced Connection Settings, set encryption to none. 3. For Published Applications, you can configure each application type individually for encryption. 4. Open the Published Applications Manager tool and view the properties of the application being used. Click on the Client tab and view the encryption required from the Client. If the application is already published, the encryption required is Read only. Publishing the application and recreating the application with the lowest encryption level of Basic can remove encryption. Setting the encryption level for Published Applications can require an identical encryption level from the client. Any company that uses published applications normally requires a certain encryption level via the Published Applications Manager. These encryption levels are the same choices available on the client (see below). To disable compression and encryption in NFUSE and NFUSE Elite Server: Compression and encryption configurations are set during the publishing of the application and are stored within a file called template.ica. The location of this file can vary, however it is typically stored on the web server within the web directory (if necessary, consult with a Citrix administrator for the specific location). Compression is enabled by default even though there is not a specific entry within the template.ica file that mentions this. 1. Edit the template.ica file by adding a line entered under the application name that reads Compress=Off. If multiple applications exist, you have to enter multiple times the command Compress=Off. For additional information on turning off compression, see Citrix documentation: CTX554864 and CTX101865. 2. To disable encryption, publish the application again with the lowest encryption level of Basic. 3. In addition, if SSL certificates are used for creating secure web connections (web connections that begin with HTTPS: instead of HTTP), SSL also provides Ac ce ler at o rOS 6 .1 .2 Us er Gui d e A cc el era ti on an d Ci t rix Tra f fi c 351 encryption for the session. Therefore, disabling encryption requires you to remove SSL. Speed Screen Latency Reduction Manager SpeedScreen Latency Reduction Manager allows an administrator to enable compression for an application depending on the latency of the connection. When enabled, Citrix will monitor the round trip time for responses to and from the server and client and enable compression when needed. Remove any configured application by clicking Delete. Defining Settings on the Client For Citrix NFUSE is controlled via the server, so no settings need to be altered on the client. Custom Connections and Published Applications allow for changes to be made on the clients. Each client has a Citrix Program Neighborhood that contains settings for the connections that can override the settings on the server. For both of these, deselect compression and set encryption to Basic. Published applications use a ‘farm’ concept in which these applications can be grouped together with settings that apply for all the applications. Within the farm settings, a client can set the encryption and compression. To disable compression and encryption for ‘farms’: 1. Right-click the farm and choose Application Set settings. Once the Properties menu is displayed, click on the tab labelled Options to view and/or change the settings. 2. Each specific published application can also have settings for encryption and compression. 3. Right click the specific application and choose Application Set settings. Once the Properties menu is displayed, click on the Options tab to view and or change the settings. 4. Custom connections are created from the client, and you can use the Properties page to set all settings during creation or afterwards. Right-click the custom connection and choose Properties. Once you see the Properties menu, click on the Options tab to view and/or change the settings. R ev isi o n 2. 0 352 C h ap t er C: For RDP Only compression can be set on the client and not encryption as previously discussed regarding the Citrix client. The place to set these values depends on how the RDP session is being launched. For most environments this will be done through the Client Connection Manager. To disable compression on the RDP client: 1. Within the Client Connection Manager, right-click the connection and choose Properties. Navigate to the Connection Options tab and deselect the box labelled Enable data compression if it is selected. 2. When the session for RDP is launched from the ‘raw’ Terminal Services Client icon, the option for compression is presented when choosing the server to log into. Turning Compression off in the PNAgent Client This section instructs you how to resolve the Citrix PNA problem by turning of compression in the PNAgent client. Understanding the PNA Problem Citrix Program Neighborhood Agent (PNA) is a combination of published applications and NFUSE. Data compression in the PNAgent is ON by default if the value disabling it is not present. Resolving the PNA Problem Edit the PNAgent template.ica file on the Web Interface server. This template.ica file is different than the one used by NFUSE, although the same is required for NFUSE as well. To edit the PNA template.ica file: 1. Access the template.ica file: Default location: C:\Inetpub\wwwroot\Citrix\PNAgent\template.ica Ac ce ler at o rOS 6 .1 .2 Us er Gui d e A cc el era ti on an d Ci t rix Tra f fi c 353 If you are unsure of the location on your server, search for the PNAgent directory and look there for a template.ica file. 2. Add the value Compress=Off under the Application tag, as follows: [[NFuse_AppName]] Address=[NFuse_AppServerAddress] InitialProgram=#[NFuse_AppName] LongCommandLine="[NFuse_AppCommandLine]" DesiredColor=[NFuse_WindowColors] TransportDriver=TCP/IP WinStationDriver=ICA 3.0 AutoLogonAllowed=On Compress=Off. Identifying Citrix Layer-7 Applications Monitoring Citrix/ICA Layer-7 traffic requires each Layer-7 application running through Citrix to open a separate TCP session; the Accelerator does not support Citrix session sharing. Citrix Applications work as follows: Applications are published, meaning that the Administrator defines certain applications on the server for users to use on their desktop. The Administrator also assigns names for these applications. The users can either download the applications and their names from the server, or define them manually. When applications are downloaded, for each Citrix application session run between the client and the server, Citrix creates a TCP session for running the application and a UDP session that serves as a control for the application. The Accelerator’s Layer-7 monitoring is aware of both of these sessions, and identifies the open sessions by the new published application name. If Citrix is configured to work in single-session (virtual channel) TCP, in which each application does not open a new TCP session, the Accelerator is unable to access the Layer-7 information it needs. i NOTE: The Accelerator supports both Automatic and Direct Citrix application discovery mode. When applications are added manually, the Accelerator still has to monitor the control session (UDP), which is never encrypted or compressed. R ev isi o n 2. 0 354 C h ap t er C: To disable session sharing in the Citrix server: 1. At the command prompt of the Citrix server, open the registry editor by entering the regedit command. 2. Create the following entry in the server’s registry (which overrides session sharing): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\C itrix\WFSHELL\TWI 3. Add the following value: Name: SeamlessFlags Data type: REG_DWORD Data value: 1 4. Setting this registry value to 1 overrides session sharing. Note that this flag is SERVER GLOBAL. WARNING! Editing the registry or using a Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall ! Windows to correct them. Microsoft does not guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Back up your registry first and use Registry Editor at your own risk. NOTE: When creating Layer-7 Citrix applications in the Accelerator, the application names defined must match the application names exactly as i entered into the Citrix server Due to this requirement, take into account the following considerations: You are advised to create Citrix Layer-7 applications via the Monitoring > Layer-7 Discovery menu, where traffic types are collected and listed, instead of entering them manually. All Citrix application names entered into the Accelerator must be in ALL CAPS. This is because in some environments, when the client communicates with the server, the client converts the published application name to capitals. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Configuring NetFlow C o nf i gu ri ng Ne tF lo w 355 The following configuration modifications are needed in order to use NetFlow with the Expand Accelerator. While previous versions of AcceleratorOS included RMON, the AcceleratorOS 6.0 and up integrates NetFlow support for detailed reporting. This combination enables extracting statistics like in RMON’s Top Talker. The main focus of NetFlow is Traffic Measurement, Traffic Monitoring, Network Optimization and Planning and Detection of Network Security Violations, as follows. Studying Traffic Measurement Traffic Measurement measures usage of relevant traffic activities. NetFlow tracks network usage, generating a series of statistics for hosts sending data through the interface. The necessary information is collected by the host running NetFlow by observing the traffic on the network. This arrangement offloads the processing requirements from operational nodes to the NetFlow host. All packets in the subnet are captured and associated with a sender/receiver pair, thereby letting you track all traffic activities of a particular host. The following are some of the statistics and reports that you can collect by using NetFlow Traffic Measurement: DATA SENT /RECEIVED—(TOP 10) the total traffic (volume and packets) generated or received by the host. The traffic is classified according to network protocol (IP, IPX, AppleTalk, and so on) and IP protocol (FTP, HTTP, NFS, and so on). USED BANDWIDTH—Actual, average and peak bandwidth usage. IP MULTICAST—Total amount of multicast traffic generated or received by the host. TCP SESSIONS HISTORY—Currently active TCP sessions established/accepted by the host and associated traffic statistics. UDP TRAFFIC—Total amount of UDP traffic sorted by port. TCP/UDP - USED SERVICES—List of IP-based services (for example: open and active ports) provided by the host with the list of the last five hosts that used them. TRAFFIC DISTRIBUTION—Local traffic, local to remote traffic, remote to local traffic (local hosts are attached to the broadcast network). IP TRAFFIC DISTRIBUTION—UDP vs. TCP traffic, relative distribution of the IP protocols according to the host name. R ev isi o n 2. 0 356 C h ap t er C: Studying Traffic Monitoring Traffic Monitoring lets you identify those situations where network traffic does not comply with specified policies or when it exceeds a defined threshold. In general, network administrators specify policies that apply to the behavior of elements in the managed network. If a monitoring tool has already been implemented on the network, it may be possible to integrate NetFlow into the existing tool (for example, Concord, and HP OpenView support NetFlow). Several open source NetFlow software platforms are available for free download. Expand recommends NTop-XTRA, which can be downloaded from http://www.openxtra.co.uk/products/ntop-xtra.htm Some NetFlow collectors, such as Crannog’s NetFlow Monitor, require enabling SNMP, because the graphs can be interface-based (IF.Index). The Accelerator’s SNMP feature, even when enabled, does not include the IF.Index for flows because the Accelerator functions as a bridge. Therefore, the NetFlow Monitor software does not present any statistics when working with an Accelerator. Use software that does not require the IF.Index. For example, Crannog software has another Netflow collector called NetFlow Tracker, which does not require the IF.Index for the Netflow statistics and works very well with the Accelerator. When configuring NetFlow on the Accelerator, it is important to specify the version number. i NOTE: Only NetFlow Version 5 is supported. Configuring Accelerator NetFlow accelerator#config accelerator (config) #netflow accelerator (NetFlow) #? exit exit current node ip ip NetFlow command no remove collector show show NetFlow parameters Here is an example of the config needed if 172.16.80.21 is the PC running the NetFlow application: accelerator(NetFlow) ip flow-export 172.16.80.21 port 2055 version 5 interface ethernet 0/0 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C o nf i gu ri ng Ne tF lo w 357 accelerator (NetFlow) # show --------------------------------------------------------# | COLLECTOR IP | PORT | VERSION | INTERFACE --------------------------------------------------------1| 172.16.80.21|2055 i | 5 | Ethernet 0/0 NOTE: In On-Path installations, use Ethernet 0; in On-LAN installations use Ethernet 0/1 when configuring NetFlow. KNOWN LIMITATION—You can enable NetFlow only on ethernet or bridge and not per link or virtual link. You can configure only one NetFlow probe. R ev isi o n 2. 0 358 C h ap t er C: Disabling Compression on SAP If SAP compression must be disabled in order to achieve higher Accelerator efficiency, the following procedure describes how to disable SAP compression. 1. From My computer, click on Properties, or from the Control Panel click on System. 2. Click on Advanced, followed by Environment Variables. 3. In the Environment Variables window, click the New button. 4. Type TDW_NOCOMPRESS in the Variable Name field, and 1 in the Variable Value field. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e D is ab li n g Co m p r es sio n o n S A P 359 To undo this procedure and restore SAP compression, delete this variable, or set the Variable Value to 0. R ev isi o n 2. 0 360 C h ap t er C: Calculating Acceleration Figures with an Application other than ExpandView The following section explains how to calculate the acceleration percentage achieved on the Accelerator via Excel, by using data captured from a Management Application other than ExpandView. If you are using ExpandView to monitor Accelerators, and capture the relevant data, ExpandView will automatically record the acceleration values, and use the Throughput Recorder for generating the graphs. For these reasons it is preferable to use ExpandView for this purpose. Alternatively, you can use the Private MIB to view acceleration figures via external applications, such as What’s Up Gold, HP OpenView, or SNMPc, as follows: accInterfacePerformanceInAccelerationPeriod OID: 1.3.6.1.4.1.3405.3.4.2.1.31 Full path: iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).exp andnetworks( 3405).acceleratorOs(3).accInterfaces(4).accInterfaceTable(2).a ccInterfaceEnt ry(1).accInterfacePerformanceInAccelerationPeriod(30) Module: EXPAND-ACCLERETOROS-MIB Description: Inbound traffic acceleration percentage during last sampling period. accInterfacePerformanceOutAccelerationPeriod OID: 1.3.6.1.4.1.3405.3.4.2.1.34 Full path: iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).exp andnetworks( 3405).acceleratorOs(3).accInterfaces(4).accInterfaceTable(2).a ccInterfaceEnt ry(1).accInterfacePerformanceOutAccelerationPeriod(33) Module: EXPAND-ACCLERETOROS-MIB Description: Outbound traffic acceleration percentage during last sampling period. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Ca lcu la t in g Ac ce le r at io n F ig u r es w i th a n A pp li ca ti on ot h er t ha n E x pan dVi ew 361 In AcceleratorOS versions lower than 4.0, in which the Private MIB was not supported, using external applications to view acceleration statistics can be complex and it may be necessary to follow the method outlined below to avoid errors being generated by Excel. Use the standard method for calculating the acceleration percentage: ((Raw Data/Accelerated Data)-1) x 100 In low traffic, when keepalives are sent and no data is transferred, this causes the raw data to be low or the accelerated data to be high, causing Excel to return error messages, or even negative acceleration figures, as seen in the screen capture below: Working with a small amount of data, this does not cause too much of a problem, as it is quite easy to alter the resulting acceleration figure to a zero. However, when working with a large amount of data, it will be almost impossible to remove all these errors, thus resulting in a graph with gaps, and negative acceleration. To avoid this, you can use the following formula: =IF({Accelerated Data}=0,"0",IF({Raw Data}<{Accelerated Data},"0",((({Raw Data}/ {Acc. Data})-1)*100))) Although this looks difficult, the “real” formula is: =IF(D2=0,"0",IF(C2<D2,"0",(((C2/ D2)-1)*100))) In effect, what this formula tells Excel, is: If the Accelerated Data value is 0, then the output, or acceleration percentage will be 0, if the Raw Data value is less than the Accelerated data, then the output will be 0. Only if neither of these statements is true will Excel calculate the acceleration percentage. Although this may be true in terms of the Accelerated Data value being zero, it is a workaround enabling Excel to calculate the acceleration figures needed to produce a graph. R ev isi o n 2. 0 362 C h ap t er C: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Appendix D: MIME Types Thousands of possible MIME types can be used as part of Web application definition. For a definition of and information about MIME types, please see http:// www.faqs.org/rfcs/rfc2045.html, http://www.iana.org/assignments/media-types and http://www.faqs.org/rfcs/rfc2046.html. This appendix provides a a list of some very common MIME types. 364 C h ap t er D: Application andrew-inset applefile atomicmail batch-SMTP beep+xml cals-1840 cnrp+xml commonground cpl+xml csta+xml CSTAdata+xml cybercash dca-rft dec-dx dialog-info+xml dicom dns dvcs EDI-Consent EDIFACT EDI-X12 epp+xml eshop fits font-tdpfr http hyperstudio Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Ap p li ca ti on 365 iges im-iscomposing+xml index index.cmd index.obj index.response index.vnd iotp ipp isup kpml-request+xml kpml-response+xml mac-binhex40 macwriteii marc mathematica mbox mikey mpeg4-generic msword news-message-id news-transmission ocsp-request ocsp-response octet-stream oda ogg parityfec pdf R ev isi o n 2. 0 366 C h ap t er D: pgp-encrypted pgp-keys pgp-signature pidf+xml pkcs10 pkcs7-mime pkcs7-signature pkix-cert pkixcmp pkix-crl pkix-pkipath postscript prs.alvestrand.titrax-sheet prs.cww prs.nprend prs.plucker rdf+xml qsig reginfo+xml remote-printing resource-lists+xml riscos rls-services+xml rtf samlassertion+xml samlmetadata+xml sbml+xml sdp set-payment Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Ap p li ca ti on 367 set-payment-initiation set-registration set-registration-initiation sgml sgml-open-catalog shf+xml sieve simple-filter+xml simple-message-summary slate soap+xml spirits-event+xml timestamp-query timestamp-reply tve-trigger vemmi vnd.3gpp.pic-bw-large vnd.3gpp.pic-bw-small vnd.3gpp.pic-bw-var vnd.3gpp.sms vnd.3M.Post-it-Notes vnd.accpac.simply.aso vnd.accpac.simply.imp vnd.acucobol vnd.acucorp vnd.adobe.xfdf vnd.aether.imp vnd.amiga.ami vnd.anser-web-certificate-issue-initiation R ev isi o n 2. 0 368 C h ap t er D: vnd.anser-web-funds-transfer-initiation vnd.audiograph vnd.blueice.multipass vnd.bmi vnd.businessobjects vnd.canon-cpdl vnd.canon-lips vnd.cinderella vnd.claymore vnd.commerce-battelle vnd.commonspace vnd.cosmocaller vnd.contact.cmsg vnd.criticaltools.wbs+xml vnd.ctc-posml vnd.cups-postscript vnd.cups-raster vnd.cups-raw vnd.curl vnd.cybank vnd.data-vision.rdz vnd.dna vnd.dpgraph vnd.dreamfactory vnd.dxr vnd.ecdis-update vnd.ecowin.chart vnd.ecowin.filerequest vnd.ecowin.fileupdate Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Ap p li ca ti on 369 vnd.ecowin.series vnd.ecowin.seriesrequest vnd.ecowin.seriesupdate vnd.enliven vnd.epson.esf vnd.epson.msf vnd.epson.quickanime vnd.epson.salt vnd.epson.ssf vnd.ericsson.quickcall vnd.eudora.data vnd.fdf vnd.ffsns vnd.fints vnd.FloGraphIt vnd.framemaker vnd.fsc.weblaunch vnd.fujitsu.oasys vnd.fujitsu.oasys2 vnd.fujitsu.oasys3 vnd.fujitsu.oasysgp vnd.fujitsu.oasysprs vnd.fujixerox.ddd vnd.fujixerox.docuworks vnd.fujixerox.docuworks.binder vnd.fut-misnet vnd.genomatix.tuxedo vnd.grafeq vnd.groove-account R ev isi o n 2. 0 370 C h ap t er D: vnd.groove-help vnd.groove-identity-message vnd.groove-injector vnd.groove-tool-message vnd.groove-tool-template vnd.groove-vcard vnd.hbci vnd.hcl-bireports vnd.hhe.lesson-player vnd.hp-HPGL vnd.hp-hpid vnd.hp-hps vnd.hp-PCL vnd.hp-PCLXL vnd.httphone vnd.hzn-3d-crossword vnd.ibm.afplinedata vnd.ibm.electronic-media vnd.ibm.MiniPay vnd.ibm.modcap vnd.ibm.rights-management vnd.ibm.secure-container vnd.informix-visionary vnd.intercon.formnet vnd.intertrust.digibox vnd.intertrust.nncp vnd.intu.qbo vnd.intu.qfx vnd.ipunplugged.rcprofile Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Ap p li ca ti on 371 vnd.irepository.package+xml vnd.is-xpr vnd.japannet-directory-service vnd.japannet-jpnstore-wakeup vnd.japannet-payment-wakeup vnd.japannet-registration vnd.japannet-registration-wakeup vnd.japannet-setstore-wakeup vnd.japannet-verification vnd.japannet-verification-wakeup vnd.jisp vnd.kde.karbon vnd.kde.kchart vnd.kde.kformula vnd.kde.kivio vnd.kde.kontour vnd.kde.kpresenter vnd.kde.kspread vnd.kde.kword vnd.kenameaapp vnd.kidspiration vnd.Kinar vnd.koan vnd.liberty-request+xml vnd.llamagraphics.life-balance.desktop vnd.llamagraphics.life-balance.exchange+xml vnd.lotus-1-2-3 vnd.lotus-approach vnd.lotus-freelance R ev isi o n 2. 0 372 C h ap t er D: vnd.lotus-notes vnd.lotus-organizer vnd.lotus-screencam vnd.lotus-wordpro vnd.mcd vnd.mediastation.cdkey vnd.meridian-slingshot vnd.mfmp vnd.micrografx.flo vnd.micrografx.igx vnd.mif vnd.minisoft-hp3000-save vnd.mitsubishi.misty-guard.trustweb vnd.Mobius.DAF vnd.Mobius.DIS vnd.Mobius.MBK vnd.Mobius.MQY vnd.Mobius.MSL vnd.Mobius.PLC vnd.Mobius.TXF vnd.mophun.application vnd.mophun.certificate vnd.motorola.flexsuite vnd.motorola.flexsuite.adsi vnd.motorola.flexsuite.fis vnd.motorola.flexsuite.gotap vnd.motorola.flexsuite.kmr vnd.motorola.flexsuite.ttc vnd.motorola.flexsuite.wem Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Ap p li ca ti on 373 vnd.mozilla.xul+xml vnd.ms-artgalry vnd.ms-asf vnd.mseq vnd.ms-excel vnd.msign vnd.ms-lrm vnd.ms-powerpoint vnd.ms-project vnd.ms-tnef vnd.ms-works vnd.ms-wpl vnd.musician vnd.music-niff vnd.nervana vnd.netfpx vnd.noblenet-directory vnd.noblenet-sealer vnd.noblenet-web vnd.nokia.landmark+xml vnd.nokia.landmark+wbxml vnd.nokia.landmarkcollection+xml vnd.nokia.radio-preset vnd.nokia.radio-presets vnd.novadigm.EDM vnd.novadigm.EDX vnd.novadigm.EXT vnd.obn vnd.omads-email+xml R ev isi o n 2. 0 374 C h ap t er D: vnd.omads-file+xml vnd.omads-folder+xml vnd.osa.netdeploy vnd.palm vnd.paos.xml vnd.pg.format vnd.picsel vnd.pg.osasli vnd.powerbuilder6 vnd.powerbuilder6-s vnd.powerbuilder7 vnd.powerbuilder75 vnd.powerbuilder75-s vnd.powerbuilder7-s vnd.previewsystems.box vnd.publishare-delta-tree vnd.pvi.ptid1 vnd.pwg-multiplexed vnd.pwg-xhtml-print+xml vnd.Quark.QuarkXPress vnd.rapid vnd.RenLearn.rlprint vnd.s3sms vnd.sealed.doc vnd.sealed.eml vnd.sealed.mht vnd.sealed.net vnd.sealed.ppt vnd.sealed.xls Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Ap p li ca ti on 375 vnd.sealedmedia.softseal.html vnd.sealedmedia.softseal.pdf vnd.seemail vnd.shana.informed.formdata vnd.shana.informed.formtemplate vnd.shana.informed.interchange vnd.shana.informed.package vnd.smaf vnd.sss-cod vnd.sss-dtf vnd.sss-ntf vnd.street-stream vnd.sus-calendar vnd.svd vnd.swiftview-ics vnd.syncml.ds.notification vnd.syncml.+xml vnd.triscape.mxs vnd.trueapp vnd.truedoc vnd.ufdl vnd.uiq.theme vnd.uplanet.alert vnd.uplanet.alert-wbxml vnd.uplanet.bearer-choice vnd.uplanet.bearer-choice-wbxml vnd.uplanet.cacheop vnd.uplanet.cacheop-wbxml vnd.uplanet.channel R ev isi o n 2. 0 376 C h ap t er D: vnd.uplanet.channel-wbxml vnd.uplanet.list vnd.uplanet.listcmd vnd.uplanet.listcmd-wbxml vnd.uplanet.list-wbxml vnd.uplanet.signal vnd.vcx vnd.vectorworks vnd.vidsoft.vidconference vnd.visio vnd.visionary vnd.vividence.scriptfile vnd.vsf vnd.wap.sic vnd.wap.slc vnd.wap.wbxml vnd.wap.wmlc vnd.wap.wmlscriptc vnd.webturbo vnd.wordperfect vnd.wqd vnd.wrq-hp3000-labelled vnd.wt.stf vnd.wv.csp+xml vnd.wv.csp+wbxml vnd.wv.ssp+xml vnd.xara vnd.xfdl vnd.yamaha.hv-dic Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Ap p li ca ti on 377 vnd.yamaha.hv-script vnd.yamaha.hv-voice vnd.yamaha.smaf-audio vnd.yamaha.smaf-phrase vnd.yellowriver-custom-menu watcherinfo+xml whoispp-query whoispp-response wita wordperfect5.1 x400-bp xhtml+xml xml xml-dtd xml-external-parsed-entity xmpp+xml xop+xml zip R ev isi o n 2. 0 378 C h ap t er D: Audio 3gpp AMR AMR-WB basic BV16 BV32 clearmode CN DAT12 dsr-es201108 dsr-es202050 dsr-es202211 dsr-es202212 DVI4 EVRC EVRC0 EVRC-QCP G722 G.722.1 G723 G726-16 G726-24 G726-32 G726-40 G728 G729 G729D Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Au d io 379 G729E GSM GSM-EFR iLBC L8 L16 L20 L24 LPC MPA MP4A-LATM mpa-robusta mpeg mpeg4-generic parityfec PCMA PCMU prs.sid QCELP RED SMV SMV0 SMV-QCP telephone-event tone VDVI vnd.3gpp.iufp vnd.audiokoz vnd.cisco.nse R ev isi o n 2. 0 380 C h ap t er D: vnd.cns.anp1 vnd.cns.inf1 vnd.digital-winds vnd.everad.plj vnd.lucent.voice vnd.nokia.mobile-xmf vnd.nortel.vbk vnd.nuera.ecelp4800 vnd.nuera.ecelp7470 vnd.nuera.ecelp9600 vnd.octel.sbc vnd.rhetorex.32kadpcm vnd.sealedmedia.softseal.mpeg vnd.vmx.cvsd Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Image I m ag e 381 cgm fits g3fax gif ief jp2 jpeg jpm jpx naplps png prs.btif prs.pti t38 tiff tiff-fx vnd.cns.inf2 vnd.djvu vnd.dwg vnd.dxf vnd.fastbidsheet vnd.fpx vnd.fst vnd.fujixerox.edmics-mmr vnd.fujixerox.edmics-rlc vnd.globalgraphics.pgb vnd.microsoft.icon R ev isi o n 2. 0 382 C h ap t er D: vnd.mix vnd.ms-modi vnd.net-fpx vnd.sealed.png vnd.sealedmedia.softseal.gif vnd.sealedmedia.softseal.jpg vnd.svf vnd.wap.wbmp vnd.xiff Ac ce ler at o rOS 6 .1 .2 Us er Gui d e M e ssage Me ss ag e 383 CPIM delivery-status disposition-notification external-body http news partial rfc822 s-http sip sipfrag tracking-status R ev isi o n 2. 0 384 C h ap t er D: Model iges mesh vnd.dwf vnd.flatland.3dml vnd.gdl vnd.gs-gdl vnd.gtw vnd.mts vnd.parasolid.transmit.binary vnd.parasolid.transmit.text vnd.vtu vrml Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Multipart M ul ti part 385 alternative appledouble byteranges digest encrypted form-data header-set mixed parallel related report signed voice-message R ev isi o n 2. 0 386 C h ap t er D: Text calendar css csv directory dns ecmascript (obsolete) enriched example html javascript (obsolete) parityfec plain RED rfc822-headers richtext rtx sgml t140 troff uri-list vnd.IPTC.NewsML [IPTC] vnd.IPTC.NITF [IPTC] xml xml-external-parsed-entity Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Video Vid eo 387 3gpp 3gpp2 3gpp-tt BMPEG BT656 CelB DV example H261 H263 H263-1998 H263-2000 H264 JPEG MJ2 MP1S MP2P MP2T mp4 MP4V-ES MPV mpeg mpeg4-generic nv parityfec pointer raw R ev isi o n 2. 0 388 C h ap t er D: rtx SMPTE292M vc1 [ Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Appendix E: Contacting TAC Expand Networks is dedicated to delivering both excellent products and customer support. From our Technical Assistance Center (TAC) to our online Knowledge Base, we are committed to solving your networking problems. TAC is available to all partners and registered customers and allows posting support inquiries directly to Expand’s help desk. The Expand Technical Assistance Center provides around-the-clock support to customers worldwide. Customer call center agents answer calls and dispatch problems to Support Engineers (SEs) for resolution. The SE becomes the call owner and is responsible for ensuring that the problem is addressed and fixed quickly. You can open Priority 1 and 2 cases by calling TAC; to open Priority 3 cases, use Expand’s Extranet or Channel Portal. The TAC works closely with customers to isolate and replicate problems. In a critical network-down problem, TAC SEs work with customers until their problems are resolved. In other instances, SEs may replicate a customer's environment in the TAC laboratory. When deemed necessary, SEs may involve R&D engineers in order to ensure that problem cases are resolved to the customer's satisfaction. The TAC includes highly trained engineers, including Cisco Certified Internetwork Experts (CCIEs) and Microsoft Certified Professionals (MCPs). 390 C h ap t er E : Expand Networks wishes to offer you the best tech support it can. To do this, call our toll free TAC number at: International: +1‐920‐490‐7337 North America: +1‐877‐4‐EXPAND (877‐439‐7263) UK: +08 0 0 404 9 236 Ireland: +18 0 0559 803 Netherlands: +08 0 0 023 3 047 France: +08 0 0906 560 When contacting the TAC, it is essential that information about the nature of the problem be at your disposal. To gather Accelerator troubleshooting information, use the show tech-support command as described above. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Appendix F: tcpdump Optional Flags You may encounter several TCP flags when using tcpdump. The AcceleratorOS supports the following flags: -A, -e, -f, -l, -O, -p, -q, -R, -S, -t, -u, -v, -x, -X. This chapter describes the uses of each of these flags. i NOTE:The -a flag is not supported when ethereal is used. -A Print each packet (minus its link level header) in ASCII. Handy for capturing web pages. -e Print the link-level header on each dump line. -f Print `foreign' IPv4 addresses numerically rather than symbolically (this option is intended to get around serious brain damage in Sun's NIS server --- usually it hangs forever translating non-local internet numbers). The test for `foreign' IPv4 addresses is done using the IPv4 address and netmask of the interface on which capture is being done. If that address or netmask are not available, either because the interface on which capture is being done has no address or netmask or because the capture is being done on the Linux "any" interface, which can capture on more than one interface, this option will not work correctly. -l Make stdout line buffered. Useful if you want to see the data while capturing it. i NOTE: The use of the -l flag by the ‘|’ pipe is not supported in the WebUI, and any attempt for such a use results in an error message. -O 392 C h ap t er F: Do not run the packet-matching code optimizer. This is useful only if you suspect a bug in the optimizer. -p Don't put the interface into promiscuous mode. Note that the interface might be in promiscuous mode for some other reason; hence, `-p' cannot be used as an abbreviation for `ether host {local-hw-addr} or ether broadcast'. -q Quick (quiet?) output. Print less protocol information so output lines are shorter. -R Assume ESP/AH packets to be based on old specification (RFC1825 to RFC1829). If specified, tcpdump will not print replay prevention field. Since there is no protocol version field in ESP/AH specification, tcpdump cannot deduce the version of ESP/ AH protocol. -S Print absolute, rather than relative, TCP sequence numbers. -t Don't print a timestamp on each dump line. -u Print undecoded NFS handles. -v When parsing and printing, produce (slightly more) verbose output. For example, the time to live, identification, total length and options in an IP packet are printed. Also enables additional packet integrity checks such as verifying the IP and ICMP header checksum. When writing to a file with the -w option, report, every 10 seconds, the number of packets captured. -x Print each packet (minus its link level header) in hex. The smaller of the entire packet or snaplen bytes will be printed. Note that this is the entire link-layer packet, so for link layers that pad (For example Ethernet), the padding bytes will also be printed when the higher layer packet is shorter than the required padding. -X Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 393 Print each packet (minus its link level header) in hex and ASCII. This is very handy for analyzing new protocols. type qualifiers say what kind of thing the id name or number refers to. Possible types are host, net and port. For example, `host foo', `net 128.3', `port 20'. If there is no type qualifier, host is assumed. dir qualifiers specify a particular transfer direction to and/or from id. Possible directions are src, dst, src or dst and src and dst. For example, `src foo', `dst net 128.3', `src or dst port ftp-data'. If there is no dir qualifier, src or dst is assumed. For some link layers, such as SLIP and the ``cooked'' Linux capture mode used for the ``any'' device and for some other device types, the inbound and outbound qualifiers can be used to specify a desired direction. proto qualifiers restrict the match to a particular protocol. Possible protos are: ether, fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp. For example, `ether src foo', `arp net 128.3', `tcp port 21'. If there is no proto qualifier, all protocols consistent with the type are assumed. For example, `src foo' means `(ip or arp or rarp) src foo' (except the latter is not legal syntax), `net bar' means `(ip or arp or rarp) net bar' and `port 53' means `(tcp or udp) port 53'. [`fddi' is actually an alias for `ether'; the parser treats them identically as meaning ``the data link level used on the specified network interface.'' FDDI headers contain Ethernet-like source and destination addresses, and often contain Ethernet-like packet types, so you can filter on these FDDI fields just as with the analogous Ethernet fields. FDDI headers also contain other fields, but you cannot name them explicitly in a filter expression. Similarly, `tr' and `wlan' are aliases for `ether'; the previous paragraph's statements about FDDI headers also apply to Token Ring and 802.11 wireless LAN headers. For 802.11 headers, the destination address is the DA field and the source address is the SA field; the BSSID, RA, and TA fields aren't tested.] In addition to the above, there are some special `primitive' keywords that don't follow the pattern: gateway, broadcast, less, greater and arithmetic expressions. All of these are described below. R ev isi o n 2. 0 394 More complex filter expressions are built up by using the words and, or and not to combine primitives. For example, `host foo and not port ftp and not port ftp-data'. To save typing, identical qualifier lists can be omitted. For example, `tcp dst port ftp or ftp-data or domain' is exactly the same as `tcp dst port ftp or tcp dst port ftp-data or tcp dst port domain'. Allowable primitives are: dst host host True if the IPv4/v6 destination field of the packet is host, which may be either an address or a name. src host host True if the IPv4/v6 source field of the packet is host. host host True if either the IPv4/v6 source or destination of the packet is host. Any of the above host expressions can be prepended with the keywords, ip, arp, rarp, or ip6 as in: ip host host which is equivalent to: ether proto \ip and host host If host is a name with multiple IP addresses, each address will be checked for a match. ether dst ehost True if the ethernet destination address is ehost. Ehost may be either a name from /etc/ethers or a number (see ethers(3N) for numeric format). ether src ehost True if the ethernet source address is ehost. ether host ehost True if either the ethernet source or destination address is ehost. gateway host R ev isi o n 2. 0 395 C h ap t er F: True if the packet used host as a gateway. I.e., the ethernet source or destination address was host but neither the IP source nor the IP destination was host. Host must be a name and must be found both by the machine's host-name-to-IPaddress resolution mechanisms (host name file, DNS, NIS, etc.) and by the machine's host-name-to-Ethernet-address resolution mechanism (/etc/ethers, etc.). (An equivalent expression is ether host ehost and not host host which can be used with either names or numbers for host / ehost.) This syntax does not work in IPv6-enabled configuration at this moment. dst net net True if the IPv4/v6 destination address of the packet has a network number of net. Net may be either a name from /etc/networks or a network number (see networks(4) for details). src net net True if the IPv4/v6 source address of the packet has a network number of net. net net True if either the IPv4/v6 source or destination address of the packet has a network number of net. net net mask netmask True if the IP address matches net with the specific netmask. May be qualified with src or dst. Note that this syntax is not valid for IPv6 net. net net/len True if the IPv4/v6 address matches net with a netmask len bits wide. May be qualified with src or dst. dst port port True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a destination port value of port. The port can be a number or a name used in /etc/services (see tcp(4P) and udp(4P)). If a name is used, both the port number and protocol are checked. If a number or ambiguous name is used, only the port number is checked (For example, dst port 513 will print both tcp/login traffic and udp/who traffic, and port domain will print both tcp/domain and udp/domain traffic). src port port True if the packet has a source port value of port. port port Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 396 True if either the source or destination port of the packet is port. Any of the above port expressions can be prepended with the keywords, tcp or udp, as in: tcp src port port which matches only tcp packets whose source port is port. less length True if the packet has a length less than or equal to length. This is equivalent to: len <= length. greater length True if the packet has a length greater than or equal to length. This is equivalent to: len >= length. ip proto protocol True if the packet is an IP packet (see ip(4P)) of protocol type protocol. Protocol can be a number or one of the names icmp, icmp6, igmp, igrp, pim, ah, esp, vrrp, udp, or tcp. Note that the identifiers tcp, udp, and icmp are also keywords and must be escaped via backslash (\), which is \\ in the C-shell. Note that this primitive does not chase the protocol header chain. ip6 proto protocol True if the packet is an IPv6 packet of protocol type protocol. Note that this primitive does not chase the protocol header chain. ip6 protochain protocol True if the packet is IPv6 packet, and contains protocol header with type protocol in its protocol header chain. For example, ip6 protochain 6 matches any IPv6 packet with TCP protocol header in the protocol header chain. The packet may contain, for example, authentication header, routing header, or hopby-hop option header, between IPv6 header and TCP header. The BPF code emitted by this primitive is complex and cannot be optimized by BPF optimizer code in tcpdump, so this can be somewhat slow. ip protochain protocol Equivalent to ip6 protochain protocol, but this is for IPv4. ether broadcast True if the packet is an ethernet broadcast packet. The ether keyword is optional. R ev isi o n 2. 0 397 C h ap t er F: ip broadcast True if the packet is an IPv4 broadcast packet. It checks for both the all-zeroes and all-ones broadcast conventions, and looks up the subnet mask on the interface on which the capture is being done. If the subnet mask of the interface on which the capture is being done is not available, either because the interface on which capture is being done has no netmask or because the capture is being done on the Linux "any" interface, which can capture on more than one interface, this check will not work correctly. ether multicast True if the packet is an ethernet multicast packet. The ether keyword is optional. This is shorthand for `ether[0] & 1 != 0'. ip multicast True if the packet is an IP multicast packet. ip6 multicast True if the packet is an IPv6 multicast packet. ether proto protocol True if the packet is of ether type protocol. Protocol can be a number or one of the names ip, ip6, arp, rarp, atalk, aarp, decnet, sca, lat, mopdl, moprc, iso, stp, ipx, or netbeui. Note these identifiers are also keywords and must be escaped via backslash (\). [In the case of FDDI (For example, `fddi protocol arp'), Token Ring (For example, `tr protocol arp'), and IEEE 802.11 wireless LANS (For example, `wlan protocol arp'), for most of those protocols, the protocol identification comes from the 802.2 Logical Link Control (LLC) header, which is usually layered on top of the FDDI, Token Ring, or 802.11 header. When filtering for most protocol identifiers on FDDI, Token Ring, or 802.11, tcpdump checks only the protocol ID field of an LLC header in so-called SNAP format with an Organizational Unit Identifier (OUI) of 0x000000, for encapsulated Ethernet; it doesn't check whether the packet is in SNAP format with an OUI of 0x000000. The exceptions are: iso tcpdump checks the DSAP (Destination Service Access Point) and SSAP (Source Service Access Point) fields of the LLC header; stp and netbeui tcpdump checks the DSAP of the LLC header; Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 398 atalk tcpdump checks for a SNAP-format packet with an OUI of 0x080007 and the AppleTalk etype. In the case of Ethernet, tcpdump checks the Ethernet type field for most of those protocols. The exceptions are: iso, sap, and netbeui tcpdump checks for an 802.3 frame and then checks the LLC header as it does for FDDI, Token Ring, and 802.11; atalk tcpdump checks both for the AppleTalk etype in an Ethernet frame and for a SNAPformat packet as it does for FDDI, Token Ring, and 802.11; aarp tcpdump checks for the AppleTalk ARP etype in either an Ethernet frame or an 802.2 SNAP frame with an OUI of 0x000000; ipx tcpdump checks for the IPX etype in an Ethernet frame, the IPX DSAP in the LLC header, the 802.3-with-no-LLC-header encapsulation of IPX, and the IPX etype in a SNAP frame. decnet src host True if the DECNET source address is host, which may be an address of the form ``10.123'', or a DECNET host name. [DECNET host name support is only available on ULTRIX systems that are configured to run DECNET.] decnet dst host True if the DECNET destination address is host. decnet host host True if either the DECNET source or destination address is host. ifname interface True if the packet was logged as coming from the specified interface (applies only to packets logged by OpenBSD's pf(4)). on interface Synonymous with the ifname modifier. rnr num R ev isi o n 2. 0 399 C h ap t er F: True if the packet was logged as matching the specified PF rule number (applies only to packets logged by OpenBSD's pf(4)). rulenum num Synonomous with the rnr modifier. reason code True if the packet was logged with the specified PF reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory (applies only to packets logged by OpenBSD's pf(4)). rset name True if the packet was logged as matching the specified PF ruleset name of an anchored ruleset (applies only to packets logged by pf(4)). ruleset name Synonomous with the rset modifier. srnr num True if the packet was logged as matching the specified PF rule number of an anchored ruleset (applies only to packets logged by pf(4)). subrulenum num Synonomous with the srnr modifier. action act True if PF took the specified action when the packet was logged. Known actions are: pass and block (applies only to packets logged by OpenBSD's pf(4)). ip, ip6, arp, rarp, atalk, aarp, decnet, iso, stp, ipx, netbeui Abbreviations for: ether proto p where p is one of the above protocols. lat, moprc, mopdl Abbreviations for: ether proto p where p is one of the above protocols. Note that tcpdump does not currently know how to parse these protocols. vlan [vlan_id] Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 400 True if the packet is an IEEE 802.1Q VLAN packet. If [vlan_id] is specified, only true is the packet has the specified vlan_id. Note that the first vlan keyword encountered in expression changes the decoding offsets for the remainder of expression on the assumption that the packet is a VLAN packet. tcp, udp, icmp Abbreviations for: ip proto p or ip6 proto p where p is one of the above protocols. iso proto protocol True if the packet is an OSI packet of protocol type protocol. Protocol can be a number or one of the names clnp, esis, or isis. clnp, esis, isis Abbreviations for: iso proto p where p is one of the above protocols. l1, l2, iih, lsp, snp, csnp, psnp Abbreviations for IS-IS PDU types. vpi n True if the packet is an ATM packet, for SunATM on Solaris, with a virtual path identifier of n. vci n True if the packet is an ATM packet, for SunATM on Solaris, with a virtual channel identifier of n. lane True if the packet is an ATM packet, for SunATM on Solaris, and is an ATM LANE packet. Note that the first lane keyword encountered in expression changes the tests done in the remainder of expression on the assumption that the packet is either a LANE emulated Ethernet packet or a LANE LE Control packet. If lane isn't specified, the tests are done under the assumption that the packet is an LLCencapsulated packet. llc True if the packet is an ATM packet, for SunATM on Solaris, and is an LLCencapsulated packet. R ev isi o n 2. 0 401 C h ap t er F: oamf4s True if the packet is an ATM packet, for SunATM on Solaris, and is a segment OAM F4 flow cell (VPI=0 & VCI=3). oamf4e True if the packet is an ATM packet, for SunATM on Solaris, and is an end-to-end OAM F4 flow cell (VPI=0 & VCI=4). oamf4 True if the packet is an ATM packet, for SunATM on Solaris, and is a segment or end-to-end OAM F4 flow cell (VPI=0 & (VCI=3 | VCI=4)). oam True if the packet is an ATM packet, for SunATM on Solaris, and is a segment or end-to-end OAM F4 flow cell (VPI=0 & (VCI=3 | VCI=4)). metac True if the packet is an ATM packet, for SunATM on Solaris, and is on a meta signaling circuit (VPI=0 & VCI=1). bcc True if the packet is an ATM packet, for SunATM on Solaris, and is on a broadcast signaling circuit (VPI=0 & VCI=2). sc True if the packet is an ATM packet, for SunATM on Solaris, and is on a signaling circuit (VPI=0 & VCI=5). ilmic True if the packet is an ATM packet, for SunATM on Solaris, and is on an ILMI circuit (VPI=0 & VCI=16). connectmsg True if the packet is an ATM packet, for SunATM on Solaris, and is on a signaling circuit and is a Q.2931 Setup, Call Proceeding, Connect, Connect Ack, Release, or Release Done message. metaconnect True if the packet is an ATM packet, for SunATM on Solaris, and is on a meta signaling circuit and is a Q.2931 Setup, Call Proceeding, Connect, Release, or Release Done message. expr relop expr Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 402 True if the relation holds, where relop is one of >, <, >=, <=, =, !=, and expr is an arithmetic expression composed of integer constants (expressed in standard C syntax), the normal binary operators [+, -, *, /, &, |, <<, >>], a length operator, and special packet data accessors. To access data inside the packet, use the following syntax: proto [ expr : size ] Proto is one of ether, fddi, tr, wlan, ppp, slip, link, ip, arp, rarp, tcp, udp, icmp or ip6, and indicates the protocol layer for the index operation. (ether, fddi, wlan, tr, ppp, slip and link all refer to the link layer.) Note that tcp, udp and other upper-layer protocol types only apply to IPv4, not IPv6 (this will be fixed in the future). The byte offset, relative to the indicated protocol layer, is given by expr. Size is optional and indicates the number of bytes in the field of interest; it can be either one, two, or four, and defaults to one. The length operator, indicated by the keyword len, gives the length of the packet. For example, `ether[0] & 1 != 0' catches all multicast traffic. The expression `ip[0] & 0xf != 5' catches all IP packets with options. The expression `ip[6:2] & 0x1fff = 0' catches only unfragmented datagrams and frag zero of fragmented datagrams. This check is implicitly applied to the tcp and udp index operations. For instance, tcp[0] always means the first byte of the TCP header, and never means the first byte of an intervening fragment. Some offsets and field values may be expressed as names rather than as numeric values. The following protocol header field offsets are available: icmptype (ICMP type field), icmpcode (ICMP code field), and tcpflags (TCP flags field). The following ICMP type field values are available: icmp-echoreply, icmp-unreach, icmp-sourcequench, icmp-redirect, icmp-echo, icmp-routeradvert, icmp-routersolicit, icmp-timxceed, icmp-paramprob, icmp-tstamp, icmp-tstampreply, icmp-ireq, icmpireqreply, icmp-maskreq, icmp-maskreply. The following TCP flags field values are available: tcp-fin, tcp-syn, tcp-rst, tcp-push, tcp-ack, tcp-urg. R ev isi o n 2. 0 403 C h ap t er F: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 404 R ev isi o n 2. 0 Appendix G: Specifications and Warranty Updated Specifications are found on the Expand Networks website. Click the series number below to be directed to the proper document. The following model numbers and topics are available: Accelerator 6800 / 6900 Series Accelerator 1600 / 1800 Series Accelerator 4800 / 4900 Series Accelerator 7900 Series Standards Terms and Conditions of Sale 406 C h ap t er G : Accelerator 6800 / 6900 Series 6830 6840 6930 6940 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Ac ce le rat o r 1 600 / 18 00 Se rie s Accelerator 1600 / 1800 Series 407 1820 1610 R ev isi o n 2. 0 408 C h ap t er G : Accelerator 4800 / 4900 Series 4830 4820 4930 4920 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Accelerator 7900 Series Ac ce ler at or 79 00 Se rie s 409 7940 7930 R ev isi o n 2. 0 410 C h ap t er G : Standards RFC / Standard List Modules RFC /Standard # Router Protocols RIP 1058 RIPv2 1723, 2082 OSPFv2 2328, 2370 WCCP 3040 Router Polling 2096 Spanning Tree Protocol IEEE 802.1D Networking VLAN 802.1Q IEEE 802.1Q HSRP 2281 VRRP 3768 SCPS ISO 15893:2000 CCSDS-714.0-B-1 MIL-STD-2045-44000 NetFlow 3954 DNS Acceleration 1034, 1035, 2181 MIB-2 1213 Management Telnet COM port 2217 Telnet service 818 TFTP 1350 FTP 959 HTTP, HTTPS 2045, 2616, 2818 NTP 1361 SSH, SCTF, SFTP IETF drafts HMAC 2104 (HMAC), 2403(96), 2404 (96), 1321 (MD5) HMAC 2404 MD5 Signing 1321 Radius 2138, 2865 TACACS+ 1492 Security Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Sta n da rd s 411 HW Safety approvals UL 1950, CAN/CSA C22.2, EN60950/A4, No. 950-95 EMC approvals FCC Part 15 Class B EN55022:1998 Class B EN55024:1998 IEC EN61000-4-2:1995 IEC EN61000-4-3:1995 IEC EN61000-4-4:1995 IEC EN61000-4-5:1995 IEC EN61000-4-6:1996 IEC EN61000-411:1994 IEC EN61000-3-2:2000 IEC EN61000-3-3:1995 CISPR16-1:1999 CISPR16-2:1999 ITU IEC 60950-1:2001, EN 60950-1:2001. QMS ISO 9001:2000, EN 46001, ISO 13485 Manufacturing ISO 9000 Environmental and Vibration tests ETSI EN 3000192(1999-09), ESTI EN 300019-2(1994), Bellcore standard: GR63-ORE. MTBF Telcordia (Bellcore) R ev isi o n 2. 0 412 C h ap t er G : Terms and Conditions of Sale Please read these terms and conditions carefully before using the product. By using the product you agree to be bound by the terms and conditions of this agreement. If you do not agree with the provisions of these terms and conditions, promptly return the unused products, manual, and related equipment (with proof of payment) to the place of purchase for a full refund. Acceptance These terms and conditions of sale (“Terms and Conditions”) are the terms and conditions upon which Expand Networks, Ltd. and its affiliates and subsidiaries (together “Expand“) make all sales. Expand will not accept any other terms and conditions of sale, unless Purchaser and Expand have executed an agreement that expressly supersedes and replaces these Terms and Conditions. Acceptance of all purchase orders is expressly made conditional upon Purchaser's assent, expressed or implied, to the Terms and Conditions set forth herein without modification or addition. Purchaser's acceptance of these Terms and Conditions shall be indicated by Purchaser's acceptance of any shipment of any part of the items specified for delivery (the “Products”) or any other act or expression of acceptance by Purchaser. Expand's acceptance is expressly limited to the Terms and Conditions hereof in their entirety without addition, modification or exception, and any term, condition or proposals hereafter submitted by Purchaser (whether oral or in writing) which is inconsistent with or in addition to the Terms and Conditions set forth hereon is objected to and is hereby rejected by Expand. Price and Payment The Purchaser agrees to pay the purchase price for the Products as set forth in Expand's invoice on the date of installation. Purchaser shall bear all applicable federal, state, municipal and other government taxes (such as sales, use and similar taxes), as well as import or customs duties, license fees and similar charges, however designated or levied on the sale of the Products (or the delivery thereof) or measured by the purchase price paid for the Products. (Expand's prices set forth on the front side of the invoice does not include such taxes, fees and charges.) Unless otherwise specified, payment terms are COD in United States Dollars. Expand, at its discretion, may require reasonable advance assurances of payment through irrevocable bank letters of credit or otherwise. All unpaid invoices shall bear interest at an amount equal to 1-1/2% of the outstanding balance per month (or the maximum rate of interest allowed to be contracted for by law, whichever is less), commencing upon the date payment is due. Expand shall have no continuing obligation to deliver Products on credit, and any credit approval may be withdrawn by Expand at any time and without prior notice. Title and Security Interest Title to the Products shall vest in the Purchaser upon date of shipment of the Products to Purchaser. Expand shall retain a security interest in the Products until the Products price and all other monies payable hereunder are paid in full. The Purchaser shall execute, upon request by Expand, financing statements deemed necessary or desirable by Expand to perfect its security interest in the Products. Purchaser authorizes Expand to file a copy of the invoice, these Terms and Conditions or a financing statement with the appropriate state authorities at any time thereafter as a financing statement in order to perfect Expand's security interest. A financing statement may be filed without Purchaser's signature on the basis of Expand's invoice or these Terms and Conditions where permitted by law. Purchaser shall keep the Products in good order and condition until the purchase price has been paid in full and shall promptly pay all taxes and assessments upon the Products or use of the Products. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Ter m s an d C o nd it i on s o f S al e 413 Risk of Loss Risk of loss or damage to the Products shall pass to the Purchaser upon delivery of the Products to the common carrier, regardless of whether the purchase price has been paid in full. Unless advised otherwise, Expand may insure the Products shipped to full value and all such insurance costs shall be for the Purchaser's account. The Purchaser shall inspect the Products immediately upon receipt and shall promptly file any applicable claims with the carrier when there is evidence of damage during shipping. Warranty Expand warrants to the purchaser for a period of ninety (90) days from shipment that the products shall be free from defects in material and workmanship and shall perform in substantial conformance with specifications published by Expand. Expand's obligations under these terms and conditions shall be limited solely to Expand making, at Expand's cost and expense, such repairs and replacements as are necessary to place the products in good working order and to conform the products to Expand's published specifications. This warranty is in lieu of all other warranties, express or implied, including without limitation, implied warranties of merchantability and fitness for a particular purpose. Product Returns Return of Products purchased hereunder shall be governed by Expand's RMA policies in effect on the date of the invoice. Expand reserves the right to modify or eliminate such policies at any time. The right to return defective Products, as previously described, shall constitute Expand's sole liability and Purchaser's exclusive remedy in connection with any claim of any kind relating to the quality, condition or performance of any Product, whether such claim is based upon principles of contract, warranty, negligence or other tort, breach of any statutory duty, principles of indemnity or contribution, the failure of any limited or exclusive remedy to achieve its essential purpose, or otherwise. In the event Expand issues a return authorization to Purchaser allowing Purchaser to return Product to Expand, Purchaser will deliver the Product to Expand's address in the United States, if so required by Expand, and Purchaser shall bear all applicable federal, state, municipal and other government taxes (such as sales, use and similar taxes) as well as import or customs duties, license fees and similar charges, however designated or levied, on any replacement Product to be shipped by Expand to Purchaser. License Grant The Products, though primarily composed of hardware components, contain software that is proprietary to Expand or its licensors. Expand hereby grants to Purchaser, and Purchaser accepts, a personal nonexclusive, nontransferable license to use the Program, in object code form only, and the accompanying documentation (collectively referred to as the “Software”) only as authorized in these Terms and Conditions. The Software is licensed for Purchaser's internal use and the Software or any derivative or by-product of the Software may not be used by, sub-licensed, re-sold, rented or distributed to any other party. Purchaser agrees that Purchaser will not assign, sublicense, transfer, pledge, lease, rent, or share Purchaser's rights under these Terms and Conditions. Purchaser shall not copy, modify, reverse assemble, reverse engineer, reverse compile, or otherwise translate all or any portions of the Software. The Software and the Documentation are proprietary to Expand and are protected under U.S. and international copyright, trademark, trade secret and patent laws. All right, title, and interest in and to the Software, including associated intellectual property rights, are and shall remain with Expand. R ev isi o n 2. 0 414 C h ap t er G : Limitation of Liability In no event shall Expand be liable for loss of profits, indirect, special, incidental, or consequential damages (including, without limitation, loss of use, income or profits, losses sustained as a result of personal injury or death, or loss of or damage to property including, but not limited to, property handled or processed by the use or application of the products) arising out of any breach of these Terms and Conditions or obligations under these Terms and Conditions. Expand shall not be liable for any damages caused by delay in delivery, installation, or furnishing of the Products hereunder. No action arising out of any claimed breach of these Terms and Conditions or transactions under these Terms and Conditions may be brought by either party more than two years after the cause of action has accrued. Expand's liability under these Terms and Conditions shall in no event exceed the purchase price of the Products. Default The failure of the Purchaser to perform its obligations under these Terms and Conditions including but not limited to payment in full of the purchase price for the Products, or the filing of any voluntary or involuntary petition under the Bankruptcy Code, insolvency, assignment for the benefit of creditors, or liquidation of the Purchaser's business shall constitute a default under these Terms and Conditions and shall afford Expand all the remedies of a secured party under the Uniform Commercial Code. In the event of default, Expand may, with or without demand or notice to Purchaser, declare the entire unpaid amount immediately due and payable, enter the premises where the Products is located and remove it, and sell any or all the Products as permitted under applicable law. Expand may, in addition to any other remedies which Expand may have, refuse to provide service on the Products under any applicable maintenance agreement relating to the Products then in effect between the parties at the time of the default. Indemnity Expand shall defend or settle any suit or proceeding brought against Purchaser based on a claim that Products sold hereunder constitutes an infringement of any existing United States patent, copyright or trade secret providing that Expand is notified promptly in writing and is given complete authority and information required for the defense. Expand shall pay all damages and costs awarded against Purchaser, but shall not be responsible for any cost, expense or compromise incurred or made by Purchaser without Expand's prior written consent. If any Products is in the opinion of Expand likely to or does become the subject of a claim for patent infringement, Expand may, at its sole option, procure for the Purchaser the right to continue using the Products or modify it to become noninfringing. If Expand is not reasonably able to modify or otherwise secure the Purchaser the right to continue using the Products, Expand shall remove the Products and refund the Purchaser the amounts paid in excess of a reasonable rental for past use. Expand shall not be liable for any infringement or claim based upon use of the Products in combination with other Products or with software not supplied by Expand or with modifications made by the Purchaser. General Expand shall not be liable for Expand's failure to perform or for delay in performance of Expand's obligations under these Terms and Conditions if such performance is prevented, hindered or delayed by reason of any cause beyond the reasonable control of Expand. These Terms and Conditions and the rights and duties hereunder shall not be assignable by either party hereto except upon written consent of the other. Purchaser agrees to pay to Expand any reasonable attorney's fees and other costs and expenses incurred by Expand in connection with the enforcement of these Terms and Conditions. These Terms and Conditions and performance hereunder shall be Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Ter m s an d C o nd it i on s o f S al e 415 governed by and construed in accordance with the laws of the State of New York. Each party acknowledges that it has read, fully understands and agrees to be bound by these Terms and Conditions, and further agrees that it is the complete and exclusive statement of the agreement between the parties, which supersedes and merges all prior proposals, understandings and all other agreements, oral and written, between the parties relating to the subject matter of these Terms and Conditions. These Terms and Conditions may not be modified or altered except by a written instrument duly executed by both parties. If any provision of these Terms and Conditions shall be held to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall in no way be affected or impaired thereby. The failure of either party to exercise in any respect any right provided for herein shall not be deemed a waiver of any right hereunder. Open Source Provisions The Software is accompanied by the following third party products: JfreeChart (Copyright 2000-2004, by Object Refinery Limited. All rights reserved), Cewolf, and JBoss, which are subject to the GNU Lesser General Public License (the “LGPL”), as published by the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA (or found at http://jasperreports.sourceforge.net/license.html#lgpl), and the following terms: Expand agrees, upon request to provide, at the cost of distribution only, a complete machine-readable copy of the source code for JfreeChart, Cewolf, or JBoss software. This offer is valid for three (3) years from installation of the Software. The Software is accompanied by the following third party product: Apache Copyright © 1999-2004, The Apache Software Foundation, which is subject to the Apache License Version 2.0 (found at www.apache.org/licenses/ LICENSE-2.0). The Software is accompanied by the following third party product: TouchGraph Software: (Copyright ©2001-2002 Alexander Shapiro. All rights reserved) developed by TouchGraph LLC (http://www.touchgraph.com/), which is subject to the TouchGraph LLC. Apache-Style Software License. The Software is accompanied by the following third party product: JavaMail, which is subject to the following terms: Copyright 1994-2004 Sun Microsystems, Inc. All Rights Reserved Neither the name of Sun Microsystems, Inc. or the names of contributors may be used to endorse or promote products derived from this software without specific prior written permission. This software is provided “AS IS,” without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. (“SUN”) AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You acknowledge that this software is not designed, licensed or intended for use in the design, construction, operation or maintenance of any nuclear facility. The Software is accompanied by the following third party product: AdventNet SNMP API 4 (Release 4.0.0), which is subject to the following terms: Copyright (c) 1996-2002 AdventNet, Inc. All Rights Reserved. This software may not be distributed in any modified form without the prior consent from AdventNet, Inc. R ev isi o n 2. 0 416 C h ap t er G : Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Chapter H: Command Line Interface This chapter lists and describes the commands that you can use with the Command Line Interface (CLI). Unless noted, the commands herein may also be configured using the WebUI and are referenced accordingly. This chapter is built hierarchically, based on the tree created in the CLI. For a alphabetical listing of commands, see the CLI index. Topics in this chapter include: Understanding the CLI Configuration Getting Started Performing Basic Setup Customizing the CLI Configuration Commands Configuring WAFS Configuring Security Technical Support Information 418 C h ap t er H: Command Line Interface Understanding the CLI Configuration The Accelerator CLI enables complete configuration of the Accelerator, including basic and advanced configuration via a Command Line Interface (CLI). Use of the CLI is for experts and technicians familiar with CLI configuration that you will see and use with a typical router or switch. Command conventions are displayed in tables as shown: Command Description Parameters Example with Syntax Th e co m m an d as s ee n on th e sc r e en w il l be h er e A description of the command here Any parameters or accepted values here An example wi t h parameters h er e In the table you will note that the commands as shown on the screen are in a regular Courier font. Items that you need to enter are shown in a Courier boldface font. Variables for which you supply values are in italic font. The following conventions are used in examples: Examples that contain system prompts denote interactive sessions, indicating that you enter commands at the prompt. The ()# prompt indicates the current command mode. For example, the following prompt indicates global configuration mode: Acc1(config)# Nonprinting characters, are in angle brackets < >. Understanding Command Modes This section describes the Accelerator’s CLI command mode structure. Each command mode supports specific commands. For example, the bypass enable command is used only in configuration mode. Use the following command modes when configuring the scenarios described in this document: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Un d er s tan d in g t he C L I C o nf ig u r a ti on 419 Basic CLI Procedures You have to enter only enough characters for the Accelerator to recognize the command as unique, as described in detail below. For example, the following string is enough for the Accelerator to recognize the show startup configuration command: Acc1# show startup config To get help in a terminal session: 1. You can use the question mark (?) and arrow keys to help you enter commands. 2. For a list of available commands under each command, enter a question mark. For example: Acc1(config)#? To complete a command: To complete a command, enter a few known characters followed by a tab. The CLI will fill in the missing letters For example if you type and press the Tab key: Acc1(config)#sh By pressing the Tab key, the CLI will fill in the following: Acc1(config)#show To get a list of acceptable commands or values: For a list of command variables, enter the command followed by a space and a question mark for example: Acc1(config)# show ? To redisplay a command previously entered: To redisplay a command you previously entered, press the up-arrow key. You can continue to press the up arrow key earlier entered commands. R ev isi o n 2. 0 420 C h ap t er H: Command Line Interface Getting Started Secure Shell (SSH) is an application program that provides authentication and encryption capabilities for secure Internet communications. This lets you log in to the Accelerator via SSH, if SSH is installed. The Accelerator supports accessing the CLI via SSH, as follows. To log into the Accelerator via SSH: In the Accelerator’s CLI, type the command ssh followed by the Accelerator’s IP address. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Li ce ns in g t he A cc ele ra to r Licensing the Accelerator 421 Licensing the Accelerator is accomplished by logging into the Accelerator via the enable mode by using the show licensing command, as shown in "Displaying the Licensing State of a Specific Accelerator", on page 422. When the Accelerator license has expired, or if the Accelerator was installed but its license was not yet activated, the Accelerator’s status is Active, meaning: it would pass the data but not accelerate it (Work in pass-through mode), as shown below: Acc30_6(config)# show interface link summary Link Destination IP Address 1 non 28.0.214.6 N/A Link Status Description Bandwidth L-28.0.214.6 2000 N/A | active non-link 100000 N/A | active To move the Accelerator to accelerating status: 1. Activate the refresh acceleration command, as follows: Acc30_6(config)# interface link 1 refresh-acceleration 2. Afterwards, the Accelerator will start accelerating the traffic passing through it, as shown below: Acc30_6(config)# show interface link summary Link Destination IP Address 1 non 28.0.214.6 N/A Description Bandwidth Link Status L-28.0.214.6 2000 N/A | accelerating non-link 100000 N/A | virtual To activate the license key: 1. Enter the comand string that is shown in the table below: Command Description ACC1(config)#ac t iv a te -l i ce ns e ke y [valid license key number] Enters the valid license key into the Accelerator. [Mandatory] R ev isi o n 2. 0 422 C h ap t er H: Command Line Interface Parameters Example with Syntax Enter a valid license key that was supplied to you from <Default ¬¹ Font>Expand Networks<Default ¬¹ Font>. If you do not have a valid license key contact <Default ¬¹ Font>Expand Networks<Default ¬¹ Font> technical support. ACC1(config)#a ct i va te - li ce n se ke y valid license key number Displaying the Licensing State of a Specific Accelerator To display the licensing state: Enter the comand string that is shown in the table below: Command AC C 1( c on fi g )# sh o w l ic en s in g Description Lets you view the entire details of Accelerator’s licensing state, such as the licensed features and the maximum possible links. Parameters No additional parameters are required. Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e AC C 1( c on fi g )# sh o w l ic en s in g Performing Basic Setup Pe rfor mi ng Ba sic Se tup 423 The configuration options contained in this section include: Viewing the Basic Configuration, on page 423 Logging into the Accelerator, on page 424 Setting Addresses, on page 425 Setting the Deployment Type, on page 427 Setting a Device Name, on page 427 Working with Remote Devices, on page 428 Configuring Subnets, on page 430 Saving/Uploading the Basic Configuration, on page 433 The Basic Accelerator CLI Configuration needed to get the Accelerator up and running consists of setting the following parameters: License key—Licensing the Accelerator, on page 421. IP address/subnet mask—Setting Addresses, on page 425. IP default gateway—Setting a Default Gateway, on page 426. Hostname—Setting a Device Name, on page 427. Deployment—Setting the Deployment Type, on page 427. Link destination—Setting the Remote Device, on page 428 and Setting the IP Address of the Remote Device, on page 429. Link bandwidth—Setting the Bandwidth to a Remote Device, on page 429. Viewing the Basic Configuration To view the basic configuration settings: 1. Enter the comand string that is shown in the table below: Command ACC1(config)#sh o w r un ni n g- co n fi g Description Displays the configuration that was set to the Accelerator. This is optional Parameters No additional parameters Example with Syntax ACC1(config)#sh o w r un ni n g- co n fi g AcceleratorOS, Accelerator 4900 Series Version: v6.1 (0) (Build 5.29) R ev isi o n 2. 0 424 C h ap t er H: Command Line Interface login: expand Password: Expand Version: v6.1.2 accelerator> enable accelerator# configure terminal accelerator(config)# activate-license key ENX1-FUXF-HBJ2K3Y6 License successfully activated. The new License state is: Feature License Time Left ------- ------- --------Bandwidth Allowance 45 Mbps Unlimited Last loaded license key: ENX1-FUXF-HBJ2-K3Y6 accelerator(config)# interface local accelerator(local interface)# hostname ACC1 ACC1(local interface)# ip address 10.1.0.6 255.255.0.0 ACC1(local interface)#ip default-gateway 10.1.0.1 ACC1(local interface)#deployment onpath ACC1(local interface)#exit ACC1(config)#wan default ACC1(wan)#bandwidth 256 kbps ACC1(wan)#exit ACC1(config)#interface link ACC1(LINK)#link destination 10.2.0.6 ACC1(LINK)#bandwidth 128 ACC1(LINK)#encapsulation transparent ACC1(LINK)#exit ACC1(config)#write ACC1(config)show running-config Logging into the Accelerator Logging into the Accelerator is accomplished in a series of steps. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Pe rfor mi ng Ba sic Se tup 425 When accessing the Accelerator from the CLI, at the login prompt, enter your user name and password. The default user name is expand (case sensitive), and the default password is Expand (case sensitive). Command l o g in : P a s sw o r d Description Logs you into the CLI Parameters Example with Syntax Both login and password are case sensititve l o g in : e xp a n d P a s sw o r d: E x pa n d Logging out of the Accelerator At any point you can use the Exit command to log out of the Accelerator. The Exit command exits each level of the CLI hierarchy one at a time, so you may need to use the Exit command a number of times to leave the Accelerator session. Command exit Description Logs you into the CLI Parameters Example with Syntax Both login and password are case sensititve exit Setting Addresses There are a few addresses you must set in order to set-up the Accelerator. They include: Setting the IP Address and Subnet Mask, on page 425 Setting a Default Gateway, on page 426 Setting a Secondary IP Address, on page 426 Setting the IP Address and Subnet Mask i NOTE: When executing the ‘no’ command for primary IP address, the IP address reverts to the AcceleratorOS ‘ default IP address - 10.0.99.99/24. To set the IP address and Subnet Mask: Enter the following command as shown in the table: R ev isi o n 2. 0 426 C h ap t er H: Command Line Interface ACC1(local interface)#IP address x.x.x.x x.x.x.x or Command ACC1(local interface)#IP address x.x.x.x/x Description Sets an IP address and subnet mask for the Accelerator. You can add the parameter secondary after the command, to set this IP address as the Accelerator’s secondary IP address. Parameters Valid IP address must be supplied Example with Syntax ACC1(local interface)#IP address 10.0.99.99/24 Setting a Default Gateway To set the default gateway: Enter the following command as shown in the table: AC C1 (l oc al i nt er fa ce )# ip d e fa ul t - Command g at e wa y Description Sets a default gateway for the Accelerator. Parameters Valid IP address must be supplied Example with Syntax AC C1 (l oc al i nt er fa ce )# ip d e fa ul t g at e wa y 10.0.99.99/24 Setting a Secondary IP Address To set a secondary IP address: Enter the comand string that is shown in the table below: ACC1(local interface)#i p a d dr es s x.x.x.x/xx secondary Command Description Sets a secondary IP for the Accelerator. Parameters Valid IP address must be supplied Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Pe rfor mi ng Ba sic Se tup Example with Syntax 427 ACC1(local interface)#IP address 10.0.99.99/22 secondary Setting the Deployment Type To set the deployment type: Enter the comand string that is shown in the table below: Command ACC1(local interface)#de p lo ym e nt Description Set the deployment type to On-Path or On-LAN.. Parameters Choose the way you want to deploy the Accelerartor. This is dictated by the way you set-up the Accelerator. For infomation about On Path deployment see, See "On-Path", on page 14. For information about On-LAN deployment, see See "On-LAN", on page 14. Example with Syntax ACC1(local interface)#deployment[onpath] Setting Routing Strategy To set the deployment type: Enter the comand string that is shown in the table below: Command ACC1(local interface)#ro u ti ng s t ra t eg y Description Set the routing strategy to On-Path or On-LAN. If you select bridge-route, the Accelerator transfers the packets in Layer-2, regardless of the routing tables. This routing strategy is carried out only in On-Path deployment, on non-link and local traffic. Parameters auto for automatic, bridge-route for layer 2 (on-path only) and routing-only for Example with Syntax ACC1(local interface)#ro u ti ng s t ra t eg y [ auto] Setting a Device Name To set the device name: R ev isi o n 2. 0 428 C h ap t er H: Command Line Interface Enter the comand string that is shown in the table below: ACC1(local interface)#h os tn a me Command Description Sets a name for the Accelerator. Changing the hostname will affect the prompt (in the Example, the hostname set is ACC1). The hostname can be up to 60 characters, and cannot contain spaces or special characters. You can also set the hostname from the conf mode. Parameters Enter up to a 60 character string with no spaces or special characters. Example with Syntax ACC1(local interface)#h os t na me [ ACC1] Setting the Default WAN Bandwidth To set the default WAN Bandwidth: Enter the comand string that is shown in the table below: Command ACC1(config)#w an de fa u lt ACC1(wan)#b an d wi dt h Description Set the precise bandwidth (in Kbps) of the WAN. 0 is not a valid bandwidth. Parameters A number in Kbps larger than 0 and smaller than 1000000 Example with Syntax ACC1(config)#w an de fa u lt ACC1(wan)#b an d wi dt h 10000 Working with Remote Devices Commands within this section include: Setting Setting Setting Setting Setting the the the the the Remote Device, on page 428 IP Address of the Remote Device, on page 429 Bandwidth to a Remote Device, on page 429 Link to Work with IPcomp, on page 429 Link to Work with Router Transparency, on page 430 Setting the Remote Device To set the remote device: Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Pe rfor mi ng Ba sic Se tup Command ACC1(config)#in t er f ac e l in k Description Creates a link to the remote Accelerator. Parameters No additional parameters necessary. Example with Syntax 429 A CC 1(c on fi g) # interface link Setting the IP Address of the Remote Device To set the IP Address of the remote device: Enter the comand string that is shown in the table below: Command ACC1(link)#l in k d es ti n at i on Description Lets you enter the IP address of the remote device. Parameters Valid IP address. Example with Syntax ACC1(link)#l in k d es ti n at i on 100.125.125.2 Setting the Bandwidth to a Remote Device To set the bandwidth to the remote device: Enter the comand string that is shown in the table below: Command ACC1(link)#b an dw i dt h number Description Set the precise bandwidth (in Kbps) of the WAN. 0 is not valid. Parameters 1-1,000,000 Kbps Example with Syntax ACC1(link)#b an dw i dt h number 50000 Setting the Link to Work with IPcomp To set the link to work with IPcomp Encapsulation: Enter the comand string that is shown in the table below: Command Description ACC1(link)#e nc ap s ul at i on ip -c o mp Sets the link to work with ipcomp encapsulation. R ev isi o n 2. 0 430 C h ap t er H: Command Line Interface Parameters Example with Syntax No additional parameters ACC1(link)#e nc a ps ul a ti on ip - co mp Setting the Link to Work with Router Transparency i i NOTE: Once the link parameters have been modified, saving the parameters requries you to exit the link mode. If after changing the requested parameters you press Cancel instead of Exit, the parameters are not saved NOTE: Encapsulation settings can be asymmetric. This means that you can set one Accelerator to Router Transparency while setting the other Accelerator to IPComp in the opposite direction. This is useful when RTM mode is desired and one of the Accelerators is On-LAN and the other is On-Path. However, IPCOMP encapsulation will not function if the IPCOMP protocol is blocked by a firewall. Therefore, ensure that the IPCOMP protocol is not blocked before selecting either IPCOMP or RTM encapsulation. To set the link to work with Router Transparency: Enter the comand string that is shown in the table below: Command ACC1(link)#e nc a ps ul a ti on tr a ns pa r en t [ Op t io na l ] Description Sets the link to work in router transparent mode. This setting is optional Parameters No additional parameters Example with Syntax ACC1(link)#e nc a ps ul a ti on tr a ns pa r en t Configuring Subnets This section describes subnet configuration and management. The secion includes the following commands: Adding a Subnet, on page 431 Advertising a Subnet and Adding a Metric, on page 431 Deleting a Subnet, on page 431 Excluding a Subnet from an Interface, on page 432 Viewing subnets, on page 432 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Pe rfor mi ng Ba sic Se tup 431 Configuring Subnets, on page 432 Adding a Subnet To add a subnet: Enter the comand string that is shown in the table below: ACC1(SUBNETS)#ne t wo r k Command Description Adds a subnet Parameters Enter a valid IP address for the subnet, followed by the subnet mask. ACC1(SUBNETS)#ne t wo r k 125.125.2.5 101.120.15.2 Example with Syntax Advertising a Subnet and Adding a Metric To advertise a subnet and add a metric: Enter the comand string that is shown in the table below: ACC1(SUBNETS)#ad v er t is e o r no t a d ve r ti se x. x. x .x x. x. x .x | m e tr i c [number] Command Description Sets the subnet to be advertised or not advertised (can optionally add the subnet mask). Adds a metric value to the subnet. Parameters Choose advertise to advertise the subnet and not-advertise to not advertise it. ACC1(SUBNETS)#advertise 10.0.99.99/ 24 | metric [ 10] Example with Syntax Deleting a Subnet To delete a subnet: Enter the comand string that is shown in the table below: Command ACC1(SUBNETS)#n o n et w or k x .x . x. x Description Deletes the subnet (can optionally add the subnet mask). Parameters Enter the IP address od the subnet R ev isi o n 2. 0 432 C h ap t er H: Command Line Interface ACC1(SUBNETS)#no n e tw or k 10.0.99.99 Example with Syntax Excluding a Subnet from an Interface To exclude a subnet: Enter the comand string that is shown in the table below: AC C 1( SU B NE T S) # exit AC C 1( co n fi g )# interface link Command ACC1(LINK)#su bn e t e xc lu d e x. x .x . x x .x . x. x Description Excludes the subnet from the interface. Parameters Enter the IP address od the subnet ACC1(SUBNETS)#no n e tw or k 10.0.99.99 Example with Syntax Viewing subnets To view a subnet: Enter the comand string that is shown in the table below: ACC1(SUBNETS)#sh ow Command Description Displays the configured subnet. Parameters No additional parameters Example with Syntax ACC1(SUBNETS)#sh ow Configuring Subnets To configure a subnet: Enter the comand string that is shown in the table below: Command Ac ce ler at o rOS 6 .1 .2 Us er Gui d e ACC1(link)#li nk so u rc e [ pr im a ry ] [ x. x .x .x ] Pe rfor mi ng Ba sic Se tup Description This command lets you define a link source. The valid link source IPs are as follows: Primary IP, Secondary IP, VLAN IP, HSRP IP and VRRP IP. Parameters Use only a valid IP addresss Example with Syntax 433 ACC1(link)#l i nk s o ur c e [p r im ar y ] [ 10.0.99.99] Saving/Uploading the Basic Configuration To save the configuration: Enter the comand string that is shown in the table below: Command ACC1(config)#w r it e Description Saves the basic configuration as the startup configuration. [Mandatory] Parameters No additional parameters Example with Syntax ACC1(config)#w r it e R ev isi o n 2. 0 434 C h ap t er H: Command Line Interface Customizing the CLI You can customize the CLI banner for your viewing pleasure. The standard banner appears as follows: Connected to 10.0.32.99... AcceleratorOS, Accelerator 6800 Series Version v6.1.2 (Build3.53) Creating a Custom Banner You can customize the following fields, which can be displayed as part of the banner: Name, Title, URL, Label, Label LTD., Product Name, Extranet, Product ID, Series, Serial Number, Software Version, Time and Date. To customize the fields: 1. Create a text file called banner.txt and save it in /user_area by using the CLI command: copy <ftp/scp/tftp/http/sftp> <[path]/banner.txt> 2. In the body of the text file, use the following variables to set the desired values: i NOTE: Each variable must be preceded by a $ sign. The default banner is: "$ OE M _P R OD _N A ME , A cc e le ra t or $ S ER IE S S e ri es ” “ $S OF T WA R E_ VE R SI ON ” “ ” (e m pt y -l in e ) $OEM_NAME (for example: “expand”) $OEM_NAME_TITLE (for example: “<Default ¬¹ Font>Expand<Default ¬¹ Font>”) $OEM_URL (“www.expand.com”) $OEM_LABEL (“<Default ¬¹ Font>Expand Networks<Default ¬¹ Font>”) $OEM_LABEL_LTD (“Expand Networks LTD.”) $OEM_PROD_NAME (“AcceleratorOS”) Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Cu st o m iz in g t h e C L I 435 $OEM_EXTRANET (“extranet.expand.com”) $PRODUCT_ID (“4820”) $SERIES (“4800”) $SERIAL_NUMBER (“0030.0257.0005”) $SOFTWARE_VERSION (“Version v5.0(7) (Build1.03)”) $TIME = hh:mm:ss (24-hour format) $DATE = DD-MMM-YYYY (the day-of-month “DD” is two-digit number, with leading '0' if needed). 3. Proceed to the next section to apply the banner. Applying the Banner To apply the banner: Enter the comand string that is shown in the table below: Command ACC1(config)#b a nn er ap p ly Description Causes the CLI to use the uploaded banner. Parameters No additional parameters Example with Syntax ACC1(config)#b a nn er ap p ly R ev isi o n 2. 0 436 C h ap t er H: Command Line Interface Configuration Commands The following sections are configurable in this section: Entering Configuration Mode Accessing Configuration Options Configuring OSPF Configuring Router Polling Configuring RIP Configuring WCCP Configuring Core Allocation Using the SNTP Server Configuring DHCP Servers Configuring WEB Acceleration Configuring HTTP Acceleration Configuring FTP Acceleration Configuring Ethernet Display Enabling NetFlow Configuring QoS Managing Aggregation Classes Configuring DNS Acceleration Configuring ARP Additional Configurations Defining Link Settings Configuring Expand View Settings Configuring SNMP Configuring the Log Creating Log Archives Using Configuration Tools Enabling Accdump Files Entering Configuration Mode To make any configuration changes to your Accelerator, you must be in configuration mode. This section describes how to enter configuration mode while using a terminal or PC that is connected to your router CONSOLE port. To enter the configutation mode: 1. Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s 437 ac ce l er at o r> e na bl e [ Ma n da t or y] Command Description Enters enable mode. This is necessary for beginning work with the Accelerator. Once you have entered Enable mode, the prompt at the end of the command line changes from > to # Parameters No additional parameters Example with Syntax ac ce l er at o r> enable Enable mode is indicated by the # in the prompt. You can now carry out various operations in the system, such as deleting data, printing and sending messages. 2. Enter the configure command to enter configuration mode, indicated by the (config)# in the prompt: Acc1# configure Acc1(config)# You can now make changes to the Accelerator configuration. Accessing Configuration Options To access configuration options: 1. Run your terminal-based application, configuring it as follows: Baud rate: 9600 bps Parity: none Data bits: 8 Stop bits: 1 2. Connect to AcceleratorOS Command Line Interface (CLI). Press <Enter> several times until the Accelerator prompt is displayed: accelerator>. 3. Type enable, and press <Enter> to enter the privilege mode (privilege mode 15 enables complete configuration). 4. A # symbol at the end of the prompt indicates that configuration options are enabled, as shown below. accelerator>enable R ev isi o n 2. 0 438 i C h ap t er H: Command Line Interface accelerator#. NOTE: A > symbol at the end of the accelerator prompt indicates that configuration options are disabled. When configuring the Accelerator via a networked Telnet session, you will be prompted to enter a user name and password. The default user name is expand, the password is Expand (both case sensitive). It is recommended that you change the password. For further information, see section See "Logging into the Accelerator", on page 447. 5. In Enable mode, type configure terminal, and press <Enter>. The accelerator prompt is now followed by (config), indicating that AcceleratorOS is now in Primary Configuration mode, as shown below: accelerator #configure terminal accelerator (config)#. Alias Management Displays and manages virtual server aliasing. The following options are available: Showing Alias Information, on page 438. Changing/Deleting Alias Prefix, on page 439. Showing Virtual Server’s Alias Information, on page 439. Adding an Alias to a Virtual Server, on page 439. Deleting a Virtual Server’s Alias, on page 440. Showing Alias Information Displays alias information and manages prefix/suffix for exported names. To show Alias information: 1. Enter the comand string that is shown in the table below: {hostname}:filecontroller0#alias [show] Command Description Shows alias information Parameters No additional parameters Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e {hostname}:filecontroller0#alias [show] Co n fi g ura t io n Co m m an d s 439 Changing/Deleting Alias Prefix To delete the alias prefix: 1. Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#alias set/delete prefix {prefix} Description Changes/removes prefix for all exported aliases. Parameters No additional parameters Example with Syntax {hostname}:filecontroller0#alias set/delete prefix {prefix} Showing Virtual Server’s Alias Information To show the virtual server ’s alias: 1. Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#alias map [list] Description Shows virtual servers alias information Parameters No additional parameters Example with Syntax {hostname}:filecontroller0#alias map [list] Adding an Alias to a Virtual Server To add an alias to a virtual server: 1. Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#alias map add {VSERVER} {ALIAS} Description Adds an alias to a virtual server. Parameters No additional parameters Example with Syntax {hostname}:filecontroller0#alias map add {VSERVER} {ALIAS} R ev isi o n 2. 0 440 C h ap t er H: Command Line Interface Deleting a Virtual Server’s Alias To delete an alias from a virtual server: 1. Enter the comand string that is shown in the table below: {hostname}:filecontroller0#alias map delete {ALIAS} Command Description Deletes a virtual server alias. Parameters No additional parameters {hostname}:filecontroller0#alias map delete {ALIAS} Example with Syntax Configuring OSPF The following options are available: Enabling OSPF, on page 440 Setting area ID, on page 441 Enabling Authentication, on page 441 Setting the Locality Metric, on page 441 Setting Networks, on page 442 Setting an Authentication Key, on page 442 Setting Neighbors, on page 442 Viewing OSPF Configuration, on page 443 Enabling OSPF To enable OSPF: Enter the comand string that is shown in the table below: ACC1(config)#ro ut e r os p f AC C1 (c on fi g- os pf )# ospf-mode Command Description Enables OSPF on the Accelerator Parameters enable to enable, disable to disable. Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e ACC1(config)#ro ut e r os p f AC C1 (c on fi g- os pf )# ospf-mode enable Co n fi g ura t io n Co m m an d s 441 Setting area ID To set the area ID: Enter the comand string that is shown in the table below: Command ACC1(config-ospf)#a r ea n u mb er or (x.x.x.x) Description Sets the Area ID for the OSPF group, either as a decimal value or in IP address format Parameters Enter a valid IP address Example with Syntax ACC1(config-ospf)#a r ea n u mb er or 120.129.23.3 Enabling Authentication To enable authentication: Enter the comand string that is shown in the table below: Command ACC1(config-ospf)# a ut h en t ic at i on m od e e na bl e /d i sa bl e /M D5 Description Sets the Accelerator to require a password to work with other OSPF devices. Authentication mode enables MD5 encrypted authentication. Parameters Enable to enable, disable to disable Example with Syntax ACC1(config-ospf)# a ut h en t ic at i on m od e e na bl e Setting the Locality Metric To set the locality metric: Enter the comand string that is shown in the table below: ACC1(config-ospf)# h ig h l o ca li t yCommand m et ri c [number] lo w l oc a li t y- me t ri c [number] Description These two different commands determine a range of subnets to be advertised. If a subnet is between the high value and the low value, it should be advertised Parameters Enter a high locality metric and a low locality metric. Make sure that the high locality metric is a larger number then the low. R ev isi o n 2. 0 442 C h ap t er H: Command Line Interface ACC1(config-ospf)# h i gh lo ca l it ym et r ic [ 10] l ow l o ca li t y- m et ri c [ 5] Example with Syntax Setting Networks To set the network: Enter the comand string that is shown in the table below: ACC1(config-ospf)# network (ip address) x.x.x.x (subnet mask) x.x.x.x Command Description Sets the networks that the Accelerator broadcasts to its OSPF neighbors. Parameters Enter a valid IP address AC C1 (c on fi g- os pf )# network ( i p add ress) 1 00.100. 50.5 Example with Syntax Setting an Authentication Key To set the authentication key: Enter the comand string that is shown in the table below: ACC1(config-ospf)# a u t h e n t i c a t i o n - k e y string Command Description Sets a non-encrypted authentication password for the Accelerator. Parameters No additional parameters AC C1 (c on fi g- os pf )# Example with Syntax a ut h en ti c at i on -k e y st ri ng Setting Neighbors To set the neighbor: Enter the comand string that is shown in the table below: ACC1(config-ospf)# n e i g h b o r x . x . x . x Command Description Defines an OSPF neighbor for the Accelerator via the IP address. Parameters Enter a valid IP address Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s Example with Syntax 443 AA CC1 (c on fi g- os pf )# n ei g hb o r 1 00 .1 0 0. 10 . 3 Viewing OSPF Configuration To view the OSPF Configuration: Enter the comand string that is shown in the table below: Command ACC1(config-ospf)# s h o w Description Displays OSPF settings. Parameters No additional parameters Example with Syntax AC C1( co nf ig -o sp f) # sh o w Configuring Router Polling The following options are available: Entering the Router Polling Menu Tree, on page 443 Setting Polling, on page 444 Setting Polling Protocols, on page 444 Setting Polling Interval, on page 444 Setting Polling Router, on page 445 Setting Router Polling SNMP Version, on page 445 Setting Router Polling SNMP Community, on page 445 Entering the Router Polling Menu Tree To enter router polling menu tree: Enter the comand string that is shown in the table below: Command ACC1(config)# r o u t e r - p o l l i n g Description Enables the Accelerator to retrieve route rules from the router’s routing table. Parameters No additional parameters Example with Syntax A CC 1(c on fi g) # ro u te r -p ol l in g R ev isi o n 2. 0 444 C h ap t er H: Command Line Interface Setting Polling To enable router polling: Enter the comand string that is shown in the table below: ACC1(config)# r ou t er -p o ll in g [e na b le Command | di s ab l e] Description Enables / disables router-polling. Parameters Enable to enable, disable to disables A CC 1( co nf ig )# r ou te r -p o ll in g Example with Syntax en ab l e Setting Polling Protocols To set polling protocols: Enter the comand string that is shown in the table below: ACC1(router-polling)#p ol l [ protocol Command name(s)] Description Lists the protocols that can be polled. Parameters Enter a specific protocol name A CC 1( ro ut er -p ol lin g) # p o ll [ p ro t o c o l Example with Syntax n a m e ( s )] Setting Polling Interval To set polling intervals: Enter the comand string that is shown in the table below: ACC1(router-polling)#p ol li n g- Command in te r va l Description Sets the frequency with which the router is polled (in seconds). Default is 180 seconds Parameters Enter a frequency in seconds Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e A CC 1( ro ut er -p ol lin g) # p o ll in g in te r va l 1 80 Co n fi g ura t io n Co m m an d s 445 Setting Polling Router To set the polling router: Enter the comand string that is shown in the table below: Command ACC1(router-polling)# ro u te r i p ( x.x.x.x) Description Sets the IP address of the router to be polled. Parameters Enter a valid IP address Example with Syntax A CC 1(r ou te r- po ll in g) # ro u te r i p ( 1 0 0 . 1 0 0 . 5 0 . 5) Setting Router Polling SNMP Version To set a router polling SNMP version: Enter the comand string that is shown in the table below: Command ACC1(router-polling)#sn m p v er s io n [ 1 | 2c ] Description Sets the SNMP version to be used for polling the router. Parameters Enter the SNMP version Example with Syntax A CC 1(r ou te r- po ll in g) # s nm p ve r si o n [1] Setting Router Polling SNMP Community To set a router polling SNMP community: Enter the comand string that is shown in the table below: Command ACC1(router-polling)#sn m p co m mu ni t y [ name] Description Sets the SNMP community to be used for polling the router. Parameters Enter the name of the SNMP community Example with Syntax A CC 1(r ou te r- po ll in g) # p ol l in g i n te r va l 1 80 R ev isi o n 2. 0 446 C h ap t er H: Command Line Interface Configuring RIP The following options are available: Enabling RIP, on page 446 Enabling Authentication, on page 446 Setting an Authentication Key, on page 447 Setting Networks, on page 447 Setting Neighbors, on page 447 Setting RIP to Passive Mode, on page 448 Viewing RIP Configuration, on page 448 Enabling RIP To enable RIP: Enter the comand string that is shown in the table below: ACC1(config)#r ou t er r i p ACC1(config-rip)#rip-mode e na bl e / Command di sa b le Description Enables RIP on the Accelerator Parameters Enable to enable, disable to disable ACC1(config)#r ou t er r i p A CC 1( co nf ig -r ip )# rip-mode e na bl e Example with Syntax Enabling Authentication To enable authentication: Enter the comand string that is shown in the table below: ACC1(config-rip)# a ut he n ti c at io n - Command mo de en a bl e/ d is ab l e/ M D5 Description Sets the Accelerator to need a password to work with other RIP devices. authentication mode enables MD5 encrypted authentication. Parameters Enable to enable, disable to disable Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e A CC 1( co nf ig -r ip )# a ut he n ti ca t io n mo de en a bl e Co n fi g ura t io n Co m m an d s 447 Setting an Authentication Key To set an authentication key: Enter the comand string that is shown in the table below: Command ACC1(config-rip)# a ut he n ti ca t io n -k ey string Description Sets a non-encrypted authentication password for the Accelerator. Parameters Enter the name of the authentication key Example with Syntax A CC 1(c on fi g- ri p) # au t he nt i ca t io nk e y st ri ng Setting Networks To set the network that the Accelerator broadcasts: Enter the comand string that is shown in the table below: Command A CC 1(c on fi g- ri p) # network (ip address) x.x.x.x (subnet mask) x.x.x.x Description Sets the networks that the Accelerator broadcasts to its RIP neighbors. Parameters Enter a valid IP address and subnet mask Example with Syntax A CC 1(c on fi g- ri p) # network (ip address) x.x.x.x (subnet mask) x.x.x.x Setting Neighbors To set the RIP neighbor: Enter the comand string that is shown in the table below: Command ACC1(config-rip)# ne i gh bo r x . x. x. x Description Defines a RIP neighbor for the Accelerator via the IP address. Parameters Enter a valid IP address Example with Syntax ACC1(config-rip)# ne i gh bo r x . x. x. x R ev isi o n 2. 0 448 C h ap t er H: Command Line Interface Setting RIP to Passive Mode To set RIP to passive mode: Enter the comand string that is shown in the table below: ACC1(config-rip)# p as si v e- m od e Command [e na b le | di s ab le ] Description Sets RIP to work in Passive mode. Parameters Enable to enable, Disable to disable ACC1(config-rip)# p as si v e- m od e Example with Syntax en ab l e Viewing RIP Configuration To view RIP Configuration: Enter the comand string that is shown in the table below: ACC1(config-rip)# s ho w Command Description Displays RIP settings Parameters No additional parameters required Example with Syntax ACC1(config-rip)# s ho w Configuring WCCP The following options are available: Enabling WCCP, on page 449. Activating WCCP, on page 449. Displaying WCCP Mode, Services, and Routers Lists, on page 449. Setting WCCP Authentication, on page 450. Setting WCCP Priority, on page 450. Setting WCCP Router IP, on page 451. Setting WCCP TCP Service ID, on page 451. Setting WCCP UDP Service ID, on page 451. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s 449 Enabling WCCP Note that if you have multiple Accelerators deployed on your network the same WCCP services should be enabled on each appliance. To enable WCCP: Enter the comand string that is shown in the table below: ACC1(config)#pa c ke t -i nt e rc ep t io n Command w c cp Description Enters WCCP configuration mode. Parameters No additional parameters required ACC1(config)#pa c ke t -i nt e rc ep t io n Example with Syntax w c cp Activating WCCP To Activate WCCP: Enter the comand string that is shown in the table below: Command ACC1(packet interception WCCP)#wc cp m o de [e na b le | di s ab le ] Description Activates/deactivates WCCP mode. Parameters Enable to enable, Disable to disable Example with Syntax ACC1(packet interception WCCP)#wc cp m o de en ab l e Displaying WCCP Mode, Services, and Routers Lists To view the WCCP mode and status: Enter the comand string that is shown in the table below: Command ACC1(packet interception WCCP)#sh ow Description Displays the status of the WCCP service (activated/deactivated) and the services and routers’ lists. Parameters No additional parameters required R ev isi o n 2. 0 450 C h ap t er H: Command Line Interface ACC1(packet interception WCCP)#sh o w Example with Syntax The status is shown as in the figure below. Setting WCCP Authentication To set the WCCP Authentication: Enter the comand string that is shown in the table below: ACC1(packet interception WCCP)#au th e nt ic a ti o n [n o ne | Command pa ss w or d word] Description Sets a password for WCCP authentication. Parameters None for no password, or enter a password string. Example with Syntax ACC1(packet interception WCCP)#au th e nt ic a ti o n pa s sw or d Ex pa n d Setting WCCP Priority To set the WCCP priority: Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s Command ACC1(packet interception WCCP)#p r io ri t y [0-254] Description Sets the WCCP priority. Parameters Enter a number from 0-254 Example with Syntax 451 ACC1(packet interception WCCP)#p r io ri t y 1 Setting WCCP Router IP To set the WCCP Router IP: Enter the comand string that is shown in the table below: Command ACC1(packet interception WCCP)#r ou t er i p [x.x.x.x] Description Sets the WCCP router IP address. Parameters Enter a valid IP address Example with Syntax ACC1(packet interception WCCP)#r ou t er i p [x.x.x.x] Setting WCCP TCP Service ID To set the WCCP TCP service ID: Enter the comand string that is shown in the table below: Command ACC1(packet interception WCCP)#tc ps e rv i ce i d [ 51-99] Description Sets the WCCP TCP service ID. Parameters Enter a valid ID from 51-99 Example with Syntax ACC1(packet interception WCCP)#tc ps e rv i ce i d 6 0 Setting WCCP UDP Service ID To set the WCCP UDP Service ID: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 452 C h ap t er H: Command Line Interface ACC1(packet interception WCCP)#ud p - Command se rv i ce id [ 51-99] Description Sets the WCCP UDP service ID. Parameters Enter a valid ID from51-99 Example with Syntax ACC1(packet interception WCCP)#ud p se rv i ce id 6 5 Configuring Core Allocation In some scenarios, the Topology-Size is not sufficient and optimizing the Accelerator for the environment requires a more granular tuning. In such cases, adjust the Core Allocation. The Accelerator’s memory is divided into cores, or logical memory components used for acceleration. The larger the core allocated to a link, the higher the acceleration. The system allocates cores according to bandwidth settings. For more information on CLI configuration,see "Performing Basic Setup"on page 445. Core configuration is divided into resource-policy topology configuration and greedy-threshold configuration. Resource-policy topology configures the number of Accelerators on the network. Greedy Threshold sets the minimum number of Accelerators that can connect and optimally share the available memory. Once this number has been surpassed, the memory is equally divided according to the number of Accelerators set in the deployment size, and each connected Accelerator gets a percentage of the total memory for the complete deployment (even if fewer Accelerators are actually installed). In deployments in which bandwidth is asymmetric, you can tune core allocation to allocate larger cores for higher bandwidth installations. While you can set topology-size via the WebUI (see section Defining Advanced Settings, on page 30), setting greedy-threshold size is possible only via the CLI, as follows: To assign cores: 1. In the Accelerator’s CLI, in configuration mode, type core-allocation. 2. In core alloc mode, type greedy-threshold followed by the minimum number of Accelerators to equally share memory, as follows: ACC1(CORE ALLOC)# greedy-threshold [minimum number of Accelerators] The default greedy-threshold size is 1. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s 453 To set the number of Accelerators in the network: 1. In the Accelerator’s CLI, in configuration mode, type core-allocation. 2. In core alloc mode, type resource-policy topology size followed by the number of Accelerators in the network, as follows: ACC1(CORE ALLOC)# resource-policy topology size [number of Accelerators on the network] The default resource-policy topology size value is 5 . i NOTE: After the core allocation is modified, it is recommended to reboot the Accelerator. Using the SNTP Server The following options are available: Enabling the SNTP Server, on page 453. Setting the Interval for Polling the SNTP Server for Time Updates, on page 453. Setting the SNTP Server’s IP Address, on page 454. Enabling the SNTP Server To enable the SNTP Server: Enter the comand string that is shown in the table below: Command ACC1(config)#SNTP e na b le /d i sa b le Description Enables the SNTP server. Parameters Enable to enable, disable to disable Example with Syntax ACC1(config)#SNTP e na b le Setting the Interval for Polling the SNTP Server for Time Updates To set the interval for polling the SNTP server for time updates: R ev isi o n 2. 0 454 C h ap t er H: Command Line Interface Enter the comand string that is shown in the table below: ACC1(config)#SNTP i n te rv a l h ou rs [ 1- Command 24] | m in ut e s [ 1-1440] Description Polls the SNTP server for time updates by intervals set by this command. Parameters Enter the time in hours from 1-1440 ACC1(config)#SNTP i n te rv a l h ou rs 24 Example with Syntax Setting the SNTP Server’s IP Address To set the SNTP server ’s IP address: Enter the comand string that is shown in the table below: ACC1(config)#SNTP s e rv er [x.x.x.x] Command Description Enter IP address X.X.X.X as the address of the SNTP server. Parameters Enter a valid IP address Example with Syntax ACC1(config)#SNTP s e rv er 100.100.10.5 Configuring DHCP Servers The following options are available: Enabling DHCP Servers, on page 454. Uploading the DHCP Configuration File, on page 455. Reloading the DHCP Configuration File, on page 455. Testing the DHCP Configuration File, on page 455. Displaying the DHCP Status Information, on page 456. Displaying the End Date of the DHCP Lease Period, on page 456. Configuring an Accelerator to Carry out DHCP Relay, on page 457. Enabling DHCP Servers To enable the DHCP server: Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s Command ACC1(config)#dh c p ACC1(DHCP)#en a bl e /d is a bl e Description Enables or disables the DHCP Server. Enabling the Server requires having a DHCP configuration file. If this file does not exist, you are prompted to upload it. The DHCP configuration file should be in the user_area, otherwise you have to use the copy command to copy it. Alternatively, upload the DHCP configuration file via the WebUI, thereby copying it directly to the user_area. Parameters Enable to enable, disable to disable Example with Syntax 455 ACC1(config)#dh c p A CC 1(D HC P) # enable Uploading the DHCP Configuration File To upload the DHCP configuration file: Enter the comand string that is shown in the table below: Command ACC1(DHCP)#up l oa d [path] [filename] Description Uploads the DHCP configuration file from the user_area. Parameters Enter a path and a file name. Example with Syntax ACC1(DHCP)#up l oa d [path] [filename] Reloading the DHCP Configuration File To reload the DHCP configuration file: Enter the comand string that is shown in the table below: Command ACC1(DHCP)#re l oa d [path] [filename] Description Reloads the DHCP configuration file from the user_area, if you want to update this file with changes you have made in it. Parameters Enter a valid path and filename Example with Syntax ACC1(DHCP)#re l oa d [path] [filename] Testing the DHCP Configuration File To test the DHCP configuration file: R ev isi o n 2. 0 456 C h ap t er H: Command Line Interface Enter the comand string that is shown in the table below: ACC1(DHCP)#t es t [path] [filename] Command Description Tests the syntax of the DHCP configuration file. Parameters Enter a valid path and file name ACC1(DHCP)#t es t [path] [filename] Example with Syntax Displaying the DHCP Status Information To display the DHCP status: Enter the comand string that is shown in the table below: ACC1(DHCP)#s ho w D HC P Command Description Displays the DHCP status (enabled/disabled). Parameters Enter a valid IP address ACC1(packet interception WCCP)#r ou t er - Example with Syntax ip [x.x.x.x] Displaying the End Date of the DHCP Lease Period To display the end date of the DHCP lease period: Enter the comand string that is shown in the table below: ACC1(DHCP)#s ho w l ea s e [hostname] [IP address] Command Description Displays the end date of the DHCP lease server period. Parameters Enter a valid IP address Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e ACC1(DHCP)#s ho w l ea s e [hostname] [IP address] Co n fi g ura t io n Co m m an d s 457 Configuring an Accelerator to Carry out DHCP Relay Follow these steps to configure an Accelerator for functioning as a DHCP relay agent: 1. Under Local Interface, enter IP helper address X.X.X.X as the address of the DHCP server. 2. Enable DHCP agent under the local interface. Once configured, the following output is displayed: A DHCP relay agent may receive a client DHCP packet forwarded from a BOOTP/DHCP relay agent closer to the client and may or may not already have a DHCP relay agent option on it. Following is a brief description of each dhcprelay option: R ev isi o n 2. 0 458 C h ap t er H: Command Line Interface Append - if the append flag is set, the relay agent appends an agent option field to each request before forwarding it to the server. Discard - discards all options sent by another DHCP relay. Forward - forwards all options from another DHCP relay. Replace - replaces the options sent by another DHCP relay with options set on the Accelerator. Drop-no-match - drops the options without counting the packets. Max-length - this is the maximum length allowed. Configuring WEB Acceleration Some parameters common to both HTTP and FTP Acceleration are configurable as follows: Setting Web Acceleration, on page 458. Displaying the End Date of the DHCP Lease Period, on page 458. Clearing the Cache, on page 459. Viewing Web Acceleration Parameters, on page 459. Setting Web Acceleration To enter the web acceleration configuration mode: Enter the comand string that is shown in the table below: A CC 1 (c o nf ig ) # web-acceleration Command Description Enters Web-Acceleration configuration mode Parameters No additional parameters needed Example with Syntax A CC 1 (c o nf ig ) # web-acceleration Displaying the End Date of the DHCP Lease Period To display the end date of the DHCP lease period: Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s 459 ACC1(DHCP)#sh o w l ea se [hostname] [IP address] Command Description Displays the end date of the DHCP lease server period. Parameters Enter a valid IP address ACC1(DHCP)#sh o w l ea se [hostname] [IP address] Example with Syntax Clearing the Cache To clear the cache: Enter the comand string that is shown in the table below: Command A CC 1 (w eb - ac ce l er a ti on ) # cache clear Description Clears the HTTP and FTP caches. Parameters No additional parameters required Example with Syntax A CC 1 (w eb - ac ce l er a ti on ) # cache clear Viewing Web Acceleration Parameters To view the web acceleration parameters: Enter the comand string that is shown in the table below: Command A CC 1 (w eb - ac ce l er a ti on ) # show Description Displays Web-Acceleration parameters. Parameters No additional parameters required Example with Syntax A CC 1 (w eb - ac ce l er a ti on ) # show Configuring HTTP Acceleration The following configutations are available: Enabling/Disabling HTTP Acceleration, on page 460 Configuring the Proxy Server IP and Port, on page 460 Specifying Directly Forwarded Requests, on page 461 R ev isi o n 2. 0 460 C h ap t er H: Command Line Interface Preventing the Caching of Specific Pages, on page 462 Preserving the Client’s Original Source Port, on page 463 Configuring Transparency Support, on page 463 Setting the HTTP Port, on page 464 Setting Content to be Cached, on page 464 Setting the Cache Size, on page 464 Setting the Maximum Object Size, on page 465 Clearing the Cache, on page 465 Setting the Connection Timeout, on page 465 "Setting logs", on page 466. Enabling/Disabling HTTP Acceleration To enable or disable HTTP acceleration: Enter the comand string that is shown in the table below: A CC 1 (h t tp -a c ce le r at i on )# http- Command acceleration [enable | disable] Description Enables/disables HTTP Acceleration. By default HTTP Acceleration is disabled. Parameters Enable to enable, disable to disable. Example with Syntax A CC 1 (h t tp -a c ce le r at i on )# httpacceleration [enable | disable] Configuring the Proxy Server IP and Port i NOTE: After proxy was enabled, disabling DNS requires you to disable proxy first. To configure the proxy server IP and port: Enter the comand string that is shown in the table below: A CC 1 (h t tp -a c ce le r at i on )# proxy Command Ac ce ler at o rOS 6 .1 .2 Us er Gui d e outgoing host <proxy IP> <proxy listening port> A CC 1 (h t tp -a c ce le r at i on )# no proxy outgoing host <proxy IP> <proxy listening port> Co n fi g ura t io n Co m m an d s Description Configures the proxy server IP and listening port. You should configure this command only if DNS is configured. Parameters Enter a valid IP address and port 461 A CC 1 (h tt p -a cc e le r at io n )# proxy Example with Syntax outgoing host <proxy IP> <proxy listening port> A CC 1 (h tt p -a cc e le r at io n )# no proxy outgoing host <proxy IP> <proxy listening port> Specifying Directly Forwarded Requests i NOTE: You should configure this command only if proxy is configured. i NOTE: You can define multiple rules. i Follow these steps to configure proxy: In Internet Explorer - Select Tools > Internet Options>Connections tab. In the bottom section of this tab, click the LAN Settings button and use the Proxy server section of the LAN Settings tab to configure a proxy server. In Mozilla FireFox - Select Tools > Options>Connection>Connection Settings button. In the Connection Settings dialog box, select the Manual proxy configuration button and use the Proxy server section of the LAN Settings tab to configure a proxy server. NOTE: Before configuring a rule direct regular expression, you must configure in the client’s browser the same settings configured in the Accelerator. For example: If you want to set a rule direct to all sites beginning with http://www.g4tv, then in Internet Explorer select Tools > Internet Options> Connections>LAN Settings. Select the checkbox Use a Proxy server for your LAN. Then, click the Advanced button and in the Exceptions section of the Proxy Settings tab, indicate http://www.g4tv as the beginning of an address for which proxy server will not be used. In Mozilla Firefox, Select Tools > Options>Connection>Use Connection Settings button. In the Connection Settings dialog box, type http://www.g4tv in the No proxy for field. To specify a direct foward request: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 462 C h ap t er H: Command Line Interface ACC1(http-acceleration)#rule direct <url regex> ACC1(http-acceleration)#no rule direct Command <url regex> ACC1(http-acceleration)#show rule direct <url regex> Description Defining a regular expression that is valid on a URL. For example: rule direct avaya. When this rule is applied, all requests for the avaya URL will be forwarded directly to the avaya server, without passing through the proxy server. Parameters Enter a valid URL A CC 1 (h t tp -a c ce le r at i on )# rule direct Example with Syntax avaya Preventing the Caching of Specific Pages i i NOTE: The CLI does not allow regular expression using the following characters: # ‘ “ ,. A message error will be displayed as a result of any attempt to insert such a character. NOTE: You should configure this command only if proxy is configured. You can define multiple rules. To prevent the caching of a specific page: Enter the comand string that is shown in the table below: A CC 1 (h t tp -a c ce le r at i on )# r ul e n oca ch e < u rl r e ge x> A CC 1 (h t tp -a c ce le r at i on )# n o ru l e no ca ch e < u rl r e ge x> Command A CC 1 (h t tp -a c ce le r at i on )# s ho w r ul e no -c a ch e < ur l r eg e x> Description Setting a regular expression, valid on a URL, which defines that specific pages will never be cached. When this rule is applied, upon any request for these pages data will not be retrieved from the cache, and after these pages were retrieved from the server they will not be cached. Parameters Enter a valid URL Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e A CC 1 (h t tp -a c ce le r at i on )# r ul e n oca ch e http://www.anyurl.com Co n fi g ura t io n Co m m an d s 463 Preserving the Client’s Original Source Port i NOTE: Preserving the port may have bad implications on outgoing traffic from the Web cache. On the other hand, you cannot activate the QoS mechanism according to the source port, if the source port is not preserved. To enable or diable the preservation of the client’s source port: Enter the comand string that is shown in the table below: A CC 1 (h tt p -a cc e le r at io n )# po r tt r an s pa re n cy [ e na b le | di sa b le ] Command Description This command configures whether the Client's original source port will be preserved. By default, port transparency is disabled. Parameters Enable to enable, disable to disable A CC 1 (h tt p -a cc e le r at io n )# po r tt r an s pa re n cy enable Example with Syntax Configuring Transparency Support To configure transparency support: Enter the comand string that is shown in the table below: A CC 1( h tt p -a cc e le ra t io n )# transparency Command [auto | semi | full] A CC 1( f tp - ac ce l er at i on ) # transparency [auto | semi | full] Description This command configures the status of the interception proxy. You can configure the interception proxy as transparent, thereby preventing the detection of the proxy server’s IP address by sniffing). The following statuses are possible: Semi - applying transparency only on the Client side. Full - applying transparency on both the Client and the server sides. Auto - setting the transparency status automatically according to deployment, namely: Semi in On-LAN deployment and Full in On-Path deployment. Parameters Semi, Full, or Auto as explained above. Example with Syntax A CC 1( h tt p -a cc e le ra t io n )# transparency full A CC 1( f tp - ac ce l er at i on ) # transparency full R ev isi o n 2. 0 464 C h ap t er H: Command Line Interface Setting the HTTP Port To configure the HTTP port: Enter the comand string that is shown in the table below: AC C1 ( ht tp - ac c el er a ti on ) # port [p o r t n u m b e r ] Command Description Sets the default port on which HTTP traffic generally arrives. The default is 80. Parameters Enter a valid port number AC C1 ( ht tp - ac c el er a ti on ) # port 80 Example with Syntax Setting Content to be Cached To set the content to be cached: Enter the comand string that is shown in the table below: A C C1 (h t tp - ac ce l er at i on )# c ac h eco n te nt [e nt e rp ri s e | i nt er n et | al l ] Command Description Sets the type of content to be cached: Enterprise caches all traffic from links and virtual links. Internet caches all traffic on the non-link. All caches all link, virtual link and non-link traffic. Parameters Enterprise, Internet or All, as described above. A C C1 (h t tp - ac ce l er at i on )# c ac h eco n te nt all Example with Syntax Setting the Cache Size To set the cache size: Enter the comand string that is shown in the table below: Command A CC 1 (h tt p -a cc e le r at io n )# ca c he si ze [n u m b e r i n M B ] Description Sets the size of the cache (between 1 and 60 GB). Default is 16 GB. Parameters Enter a valid size (between 1-60 GB). Note that, Approximately 10 MB of RAM is needed for each 1 GB of data cached. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s 465 A CC 1( h tt p- a cc e le ra t io n) # ca c he s i ze 16 Example with Syntax Setting the Maximum Object Size To set the maximum object size: Enter the comand string that is shown in the table below: AC C1 ( ht t p- ac c el er a ti o n) #m a x c ac h ed -o b je ct - si z e [n u mb er in M B] Command Description Sets the maximum size for objects stored in the cache. Default is 4096 KB. Parameters Enter a valid size (between 1-60 GB). Note that, Approximately 10 MB of RAM is needed for each 1 GB of data cached. AC C1 ( ht t p- ac c el er a ti o n) #m a x c ac h ed -o b je ct - si z e [n u mb er in M B] Example with Syntax Clearing the Cache To clear the cache: Enter the comand string that is shown in the table below: Command AC C1 ( ht t p- ac c el er a ti o n) #c a ch e c le a r Description Clears the HTTP Acceleration cache. Parameters No additional parameters needed. Example with Syntax AC C1 ( ht t p- ac c el er a ti o n) #m a x c ac h ed -o b je ct - si z e [n u mb er in M B] Setting the Connection Timeout To set the connection timeout: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 466 C h ap t er H: Command Line Interface Command AC C 1( h tt pa cc e le r at io n )# co n ne c t- ti m eo ut [ nu m be r ] Description Sets the amounts of time (in seconds, between 1 and 600) for a client to remain connected with no traffic being cached. Default is 600 seconds. Parameters Enter the time ammount in seconds, as described above. Example with Syntax AC C 1( h tt p- a cc el e ra t io n) # connect- timeout 600 Setting logs To set the log: Enter the comand string that is shown in the table below: Command AC C 1( h tt p- a cc el e ra t io n) #lo gl ev e l [ al er t | e r ro r | i n fo | w ar n in g ] Description You can set the Accelerator’s log file to accumulate events that occur in HTTP Acceleration. To set the type of alerts to be accumulated, set the lowest level of alert to be logged. By default, logging is disabled. When enabled, the default level is Error. Parameters Enter the time ammount in seconds, as described above. Example with Syntax AC C 1( h tt p- a cc el e ra t io n) #lo gl ev e l error Configuring FTP Acceleration This section includes the following options: Enabling/Disabling FTP Acceleration, on page 467. Setting Content to be Cached, on page 467. Setting the Connection Timeout, on page 468. Allocating Cache per a Specific User, on page 468. Setting Minimal Value for the Cache Object Size, on page 468. Enabling/disabling Unicode Display, on page 469. Excluding Servers from Caching, on page 469. Clearing the List of Excluded Servers, on page 470. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s 467 Enabling/Disabling FTP Acceleration To enable or disable FTP acceleration: Enter the comand string that is shown in the table below: AC C1 ( ft p -a cc e le ra t io n )# ft p a cc e le ra t io n [ en a bl e | d is a bl e] Command Description Enables/disables FTP Acceleration. By default FTP Acceleration is disabled. Parameters Enable to enable, Disable to disable. AC C1 ( ft p -a cc e le ra t io n )# ft p a cc e le ra t io n d is a bl e Example with Syntax Setting the Cache Size To set the cache size: Enter the comand string that is shown in the table below: Command AC C1 ( ft p -a cc e le ra t io n )# ca c he s iz e [ nu m be r i n M B] Description Sets the size of the cache (between 1 and 60 GB). Default is 50 GB. Approximately 360 KB + 8 MB of RAM is needed for each 1 GB of data cached Parameters Enter a valid size as described above. Example with Syntax AC C1 ( ft p -a cc e le ra t io n )# cache- size 50 Setting Content to be Cached To set the content to be cached: Enter the comand string that is shown in the table below: Command Description AC C1 ( ft p -a cc e le ra t io n )# ca c he c on t en t [ e nt er p ri s e | in t er ne t | a ll ] Sets the type of content to be cached: Enterprise caches all traffic from links and virtual links. Internet caches all traffic on the non-link. All caches all link, virtual link and non-link traffic. R ev isi o n 2. 0 468 C h ap t er H: Command Line Interface Parameters Example with Syntax Enter a valid content type as described above. AC C 1( f tp -a c ce le r at i on )# c ac he c on t en t a ll Setting the Connection Timeout To set the connection timeout: Enter the comand string that is shown in the table below: Command AC C 1( f tp -a c ce le r at i on )# c on ne c tt im e ou t [ nu m be r] Description Sets the amount of time (in seconds, between 1 and 600) for a client to remain connected with no traffic being cached. Default is 60 seconds. Parameters Enter a valid time as described above. Example with Syntax AC C 1( f tp -a c ce le r at i on )# c on ne c tt im e ou t 60 Allocating Cache per a Specific User To allocate cache per specific user: Enter the comand string that is shown in the table below: Command AC C 1( f tp -a c ce le r at i on )# cacheper-user [enable | disable] Description Enables/disables the allocation of cache memory per a specific user. Parameters Enable to enable, Disable to disable Example with Syntax AC C 1( f tp -a c ce le r at i on )# cache- per-user enable Setting Minimal Value for the Cache Object Size To set the minimal value for the cache object size: Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s Command AC C1 ( ft p -a cc e le ra t io n )# mi n c ac h ed -o b je ct - si z e [n u mb er in K B] Description Lets you configure a minimal value for the objects stored in the cache. Parameters Enter a number in KB that is smaller than the Max value. Example with Syntax 469 AC C1 ( ft p -a cc e le ra t io n )# mi n c ac h ed -o b je ct - si z e 60 Enabling/disabling Unicode Display To enable or disable unicode display: Enter the comand string that is shown in the table below: Command AC C1 ( ft p a cc e le ra t io n) #localization [enable | disable] Description Lets you enable or disable the option to view files in languages that require Unicode characters, such as Chinese. Parameters Enable to enable, Disable to disable. Example with Syntax AC C1 ( ft p a cc e le ra t io n) #localization enable Excluding Servers from Caching To exclude servers from caching: Enter the comand string that is shown in the table below: Command AC C1 ( ft p a cc e le ra t io n) # tr a ns pa r en cy e xc l ud e [s o ur ce | d e st in a ti on | W OR D | i p ] Description Excludes servers from caching, as defined by the following parameters: Source - source traffic direction Destination - destination traffic direction WORD - server name IP - server IP or subnet Parameters Enter a valid parameter as described above. R ev isi o n 2. 0 470 C h ap t er H: Command Line Interface Example with Syntax AC C 1( f tp a cc e le r at io n )# tr a ns p ar en c y e xc l ud e source Clearing the List of Excluded Servers To clear the list of excluded servers: Enter the comand string that is shown in the table below: Command AC C 1( f tp a cc e le r at io n )# tr a ns p ar en c y e xc l ud e d- se r ve rs [c l ea r] Description Removes all servers from the list of excluded servers. This command does not affect traffic that traversed these servers when they were excluded, but only traffic that passes after the command entered into effect.. Parameters No additional parameters are necessary Example with Syntax AC C 1( f tp a cc e le r at io n )# tr a ns p ar en c y e xc l ud e d- se r ve rs clear Studying a Subnet Configuration Network The sample Subnet Configuration is as follows: AC C1 # c on f ig u re t e rm in a l Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s 471 A C C1 (c o nf ig ) # r ou te r o sp f A C C1 (c o nf ig - os p f) #a r ea 2 0 .0 . 0. 6 A C C1 (c o nf ig - os p f) # a ut he n ti c at io n -m od e e n ab le A C C1 (c o nf ig - os p f) # a ut he n ti c at io n -k ey ac c el er a to r A C C1 (c o nf ig - os p f) # n ei gh b or 30 .0 . 0. 0/ 8 A C C1 # c on fi g ur e t er m in al A C C1 (c o nf ig ) # r ou te r r ip A C C1 (c o nf ig - ri p )# a u th en t ic a ti on - mo de md 5 A C C1 (c o nf ig - ri p )# a u th en t ic a ti on - ke y a cc e le ra t or A C C1 (c o nf ig - ri p )# n e ig hb o r 3 0. 0. 0 .0 /8 A C C1 # c on fi g ur e t er m in al A C C1 (c o nf ig ) # s ub ne t s A C C1 (S U BN ET S )# n et wo r k 30 . 0. 0 .0 2 5 5. 25 5 .0 . 0 A C C1 (S U BN ET S )# n ot -a d ve rt i se 30 .0 . 0. 0 2 55 . 25 5. 0 .0 A C C1 (S U BN ET S )# e xi t Configuring Ethernet Display The following commands let you configure viewing the Ethernet statistics: Viewing Interface Statistics, on page 471. Viewing Interface Statistics per Specific Link, on page 472. Viewing Interface Statistics To view interface statistics: Enter the comand string that is shown in the table below: Command AC C1 # s h ow i n te rf a ce li nk Description Displays Throughput and Performance statistics for all links since up time, since last cleared and for the last 5 seconds. Parameters No additional parameters are necessary Example with Syntax ACC1# sh ow in te r fa c e li n k R ev isi o n 2. 0 472 C h ap t er H: Command Line Interface Viewing Interface Statistics per Specific Link To view interface statistics for a specific link: Enter the comand string that is shown in the table below: ACC1# sh o w in t er f ac e l in k [ name] Command Description Displays Throughput and Performance statistics for a link since up time, since last cleared and for the last 5 seconds. Parameters Enter the name of the link. ACC1# sh o w in t er f ac e l in k [ name] Example with Syntax Enabling L-7 Traffic Discovery To enable L-7 Traffic Discovery: Enter the comand string that is shown in the table below: AC C 1( c on fi g )# statistic ACC1(statistic)# di s co v er [h t tp | Command c it r ix ] [ en a bl e | d i sa bl e ] Description Enables traffic discovery of HTTP or Citrix traffic traversing the network. Parameters Enter the name of the link. AC C 1( c on fi g )# statistic Example with Syntax AC C1 (s ta ti st ic )# discover http enable Viewing L-7 Traffic To view layer seven traffic: Enter the comand string that is shown in the table below: Command ACC1(config)# sh ow di s co ve r ed h tt p | ci tr i x Description Displays list of discovered HTTP or Citrix traffic traversing the network. Parameters http for HTTP, citrix for Citrix Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s Example with Syntax 473 ACC1(config)# s h ow di sc o ve re d http Viewing Application Statistics To view application statistics: Enter the comand string that is shown in the table below: Command ACC1(config)# s h ow ap pl i ca ti o n Description Displays statistics for all applications. Parameters No additional parameters required. Example with Syntax ACC1(config)# s h ow ap pl i ca ti o n Setting Applications as Monitored To set applications as monitored: Enter the comand string that is shown in the table below: Command ACC1(config)# m o ni t or ed a pp l ic at i on [ application name] n o rm a l [ link number | Total] Description Sets a specified application to be monitored over a certain link or over all links. Parameters Enter the application name and link number Example with Syntax ACC1(config)# m o ni t or ed a pp l ic at i on [ application name] n o rm a l [ link number | Total] Viewing Application Traffic To view application traffic: Enter the comand string that is shown in the table below: Command ACC1(config)# s h ow tr af f ic d is c ov er y [ al l | application name] Description Displays all applications traversing the network. Parameters Enter all for all applications or a specific application name. R ev isi o n 2. 0 474 C h ap t er H: Command Line Interface ACC1(config)# sh ow tr a ff ic d is c ov e ry all Example with Syntax Enabling / Disabling Statistics History To enable or disable statistics history: Enter the comand string that is shown in the table below: ACC1# co n fi g ACC(config)#[a p pl ic a ti on na m e] ACC1(name)#st a ti st i cs -h i st o ry Command [ en a bl e /d is a bl e] Description Enables gathering statistics for a particular application. Parameters Enable to enable, Disable to disable ACC1# co n fi g ACC(config)#[a p pl ic a ti on na m e] ACC1(name)#st a ti st i cs -h i st o ry enable Example with Syntax Clearing Counters or Statistics To clear the counters: Enter the comand string that is shown in the table below: ACC1# cl e ar c o un t er s l in k a ll Command [ name] Description Clears all counters. Adding a name at the end of the command clears statistics for a specific link only. Parameters Enable to enable, Disable to disable Example with Syntax ACC1# cl e ar c o un t er s l in k all Enabling NetFlow To enable Net Flow: Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s 475 ACC1# ne tf l ow ACC1(netflow)# i p f lo w -e x po rt [ x. x .x .x ] p or t [ 1 t o 6 55 35 ] v er s io n [ 5] in t er f ac e e th er n et [ 0, 0/ 0, 0/ 1] te m pl at e [ fu l l, l on g , sh o rt ] Command Description Sets the Accelerator to forward all statistic information to the NetFlow server for monitoring and analysis. Enter the IP address and port number of the NetFlow collector, as well as the NetFlow version number. In addition, enter the interface ethernet to be monitored (the LAN interface Ethernet). For more information on NetFlow statistics collected, see NetFlow Monitored Statistics, on page 357 Parameters Enable to enable, Disable to disable Example with Syntax ACC1# ne tf l ow ACC1(netflow)# i p f lo w -e x po rt 100.100.10.5 p or t 80 ve rs i on [ 5] i nt er f ac e e t he r ne t 0 t e mp la t e full Setting the Max Queue Length To set the Max Queue length: 1. In the Accelerator’s CLI, in interface link configuration mode, type priority max-qlen discard [number] low [number] medium [number] high [number] realtime [number] pass-through [number] 2. Follow each parameter by the size of the queue desired. 3. The default greedy-threshold size is 1. ACC1(LINK)#priority max-qlen discard 1000 low 1000 medium 1000 high 1000 real-time 1000 pass-through 1000. Configuring QoS The following lists the commands necessary to perform QoS configuration as described above via the CLI. The following configurations are available: R ev isi o n 2. 0 476 C h ap t er H: Command Line Interface Viewing Detected Applications, on page 476. Creating a New Application, on page 476. Creating a Web Application, on page 477. Enabling / Disabling Application Acceleration, on page 477. Enabling / Disabling Application Tunneling, on page 478. Globally Filtering an Application, on page 478. Filtering an Application per Link, on page 479. Setting the Application Criteria, on page 479. Setting the Order for the Rule, on page 479. Setting Minimum Bandwidth (Desired), on page 480. Setting Maximum Bandwidth (Limit), on page 480. Prioritizing the Application, on page 480. Critical Application Pass-through, on page 481. Setting Bursts for a Rule, on page 481. Setting the WAN to Work in Strict-priority Mode, on page 482. Enabling Bursts, on page 482. Viewing Detected Applications To view detected applications: Enter the comand string that is shown in the table below: Command ACC1(config)#sh o w ap p li ca t io n Description Displays all detected applications. Parameters No additional parameters needed. Example with Syntax ACC1(config)#sh o w ap p li ca t io n Creating a New Application To create a new application: Enter the comand string that is shown in the table below: ACC1(config)#ap p li ca t io n name Command tc p [ p or t n um be r ] ud p [ p or t n um be r /r a ng e] ov e r- i p [p o rt /r a ng e ] Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s Description Defines a new application and application criteria. Parameters Enter a valid TCP port number , a valid UDP port number and range and a valid over-IP port number and range. Example with Syntax 477 ACC1(config)#a p pl i ca ti o n name tc p 80 ud p 60 ov er - ip 55 Creating a Web Application To create a web application: Enter the comand string that is shown in the table below: ACC1(config)#a p pl i ca ti o n l- 7 name h tt p Command ho st - na m e [x.x.x.x or name] ur l- n am e [name] mi me - ty p e [name] us er - na m e [name] Description Define a new web application and criteria on the basis of the specified parameters. Parameters Enable to enable, Disable to disable ACC1(config)#a p pl i ca ti o n l- 7 name h tt p Example with Syntax ho st - na m e [x.x.x.x or name] ur l- n am e [name] mi me - ty p e [name] us er - na m e [name] Enabling / Disabling Application Acceleration To enable or disable application acceleration: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 478 C h ap t er H: Command Line Interface Command ACC1(config)#de c is io n ACC1(decision)#ma tc h a p pl ic a ti on [name] ACC1(decision)#se t a cc e le ra t e d is a bl e /en ab l e Description Sets a specific application to accelerate or do not accelerate. Parameters Enable to enable, Disable to disable Example with Syntax ACC1(config)#de c is io n ACC1(decision)#ma tc h a p pl ic a ti on [name] ACC1(decision)#se t a cc e le ra t e enable Enabling / Disabling Application Tunneling To enable or disable application tunneling: Enter the comand string that is shown in the table below: Command ACC1(config)#de c is io n ACC1(decision)#ma tc h a p pl ic a ti on [name] ACC1(decision)#se t t un n el d is a bl e /en ab l e Description Sets a specific application to tunnel or do not tunnel. Parameters Enable to enable, Disable to disable Example with Syntax ACC1(config)#de c is io n ACC1(decision)#ma tc h a p pl ic a ti on [name] ACC1(decision)#se t t un n el enable Globally Filtering an Application To create a global filter application policy: Enter the comand string that is shown in the table below: Command Ac ce ler at o rOS 6 .1 .2 Us er Gui d e ACC1(config)#po l ic y- r ul e g lo ba l o ut b ou n d/ in b ou nd Co n fi g ura t io n Co m m an d s Description Defines a new rule for globally handling an application. Parameters Inbound for inbound, outbound for outbound Example with Syntax 479 ACC1(config)#p o li c y- ru l e gl o ba l inbound Filtering an Application per Link To filter an application per link: Enter the comand string that is shown in the table below: Command ACC1(config)#p o li c y- ru l e li n k number ou tb o un d/ i nb o un d Description Defines a new rule for a specific link. Parameters Inbound for inbound, outbound for outbound Example with Syntax ACC1(config)#p o li c y- ru l e li n k number outbound Setting the Application Criteria To set application criteria: Enter the comand string that is shown in the table below: Command ACC1(rule)#m a tc h a pp l ic at i on [ name or l - 7 name] i p [ an y, so ur c e, de st i na ti o n] x .x . x. x t os b i ts Description Defines the filter for what type of traffic is handled by this rule per IP, tos bits and/or application name. Parameters Enter the application name and a valid IP address Example with Syntax ACC1(rule)#m a tc h a pp l ic at i on [ name or l - 7 name] i p [ an y, so ur c e, de st i na ti o n] x .x . x. x t os b i ts Setting the Order for the Rule To set an order for the rule: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 480 C h ap t er H: Command Line Interface Command ACC1(rule)#se t p ol i cy o r de r [ 10 0 t o 6 55 3 4] Description Defines the importance of the rule. Parameters Enter a valid policy order Example with Syntax ACC1(rule)#se t p o li cy or d er 1000 Setting Minimum Bandwidth (Desired) To set a minimum desired bandwidth: Enter the comand string that is shown in the table below: Command ACC1(rule)#se t p ol i cy r a te d es i re d number (1 to 1 0 00 00 0 ) Description Sets a minimum bandwidth for the application. Parameters Enter a valid policy rate Example with Syntax ACC1(rule)#se t p ol i cy r a te d es i re d number 10000 Setting Maximum Bandwidth (Limit) To set a maximum desired bandwidth limit: Enter the comand string that is shown in the table below: Command ACC1(rule)#se t po l ic y ra te l i mi t number (1 to 1 0 00 0 00 ) Description Sets a maximum bandwidth for the application. Parameters Enter a valid policy rate larger than the minimum Example with Syntax ACC1(rule)#se t po l ic y ra te l i mi t number 100000 Prioritizing the Application To priortize the application: Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s 481 ACC1(rule)#s e t p ol ic y p ri o ri t y Command h ig h l ow m ed i um r ea l -t im e Description Defines the Priority for the application. Parameters Enter a valid poliy priotrity. ACC1(rule)#s e t p ol ic y p ri o ri t y Example with Syntax h ig h l ow m ed i um r ea l -t im e Critical Application Pass-through To set the traffic to pass-through: Enter the comand string that is shown in the table below: Command AC C1 ( ru l e) #s e t po l ic y p as s t hr o ug h Description Sets the traffic type to override the entire QoS mechanism and pass through critical/Diagnostic traffic Parameters Enter a valid poliy priotrity. Example with Syntax ACC1(rule)#s e t p ol ic y p as s t hr o ug h Setting Bursts for a Rule To set the traffic to pass-through: Enter the comand string that is shown in the table below: Command AC C1 ( ru l e) # s et p ol ic y ra te b ur st en ab le Description Sets the traffic defined for this rule to be allowed to send bursts Parameters No additional parameters required Example with Syntax AC C1 ( ru l e) # s et p ol ic y ra te b ur st en ab le R ev isi o n 2. 0 482 C h ap t er H: Command Line Interface Setting the WAN to Work in Strict-priority Mode To set the traffic to pass-through: Enter the comand string that is shown in the table below: ACC1(config)#wa n [name] /[default] Command AC C 1( W AN )# s tr ic t -p r io ri t y e na b le / di sa b le i nb o un d ou t bo u nd bo t h Description Sets strict-priority for inbound and/or outbound traffic. Parameters No additional parameters required Example with Syntax ACC1(config)#wa n [name] /[default] AC C 1( W AN )# s tr ic t -p r io ri t y enable both Enabling Bursts To enable bursts: Enter the comand string that is shown in the table below: Command ACC1(config)#wa n [name] /[default] ACC1(WAN)#bu r st [ n um be r ] Description Enables bursts on the WAN up to the set bandwidth (1 to 1000000). Parameters Enter the bandwidth Example with Syntax ACC1(config)#wa n [name] /[default] ACC1(WAN)#bu r st [ n um be r ] Managing Aggregation Classes Transferring a small packet imposes a high penalty in terms of the bandwidth use. If the average payload size is 15 bytes (typical in a Citrix environment), the overhead is 25 bytes of IP/tunnel headers, which means that about 60% of bandwidth used is wasted. Citrix (Post Acceleration) Aggregation is intended to better handle and optimize such traffic. Citrix Aggregation aggregates several small packets into one big Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s 483 packet. If n packets are aggregated, the savings is (n - 1) * 25 bytes of IP/tunnel headers. The smaller the average packet size is, and the greater the number of packets aggregated together, the greater the percentage of acceleration achieved compared with performance results without Citrix Aggregation. Citrix Aggregation operates per link. Each link can have Citrix Aggregation enabled or disabled independently of other links. The following topics are covered: Configuring Aggregation Classes, on page 483. Defining the Post Aggregation Class, on page 484. Enabling / Disabling Aggregation Classes per Link, on page 485. Setting Aggregation Limit, on page 485. Setting Aggregation Threshold, on page 486. Setting Aggregation Window, on page 486. Applying an Aggregation Class to an Application, on page 487. Configuring Aggregation Classes To configure aggregation classes: Enter the comand string that is shown in the table below: ACC1(config)#a g gr e ga ti o n po s t Command c la s s [d e fa ul t | cu st o m- 1 | c us t om 2 | ci t ri x ] gl o ba l [ en a bl e | d is a bl e ] R ev isi o n 2. 0 484 C h ap t er H: Command Line Interface Description Sets the Citrix aggregation classes globally. Citrix Aggregation on a link has 4 predefined classes that let you configure and apply different Citrix Aggregation settings to different types of traffic: default custom-1 custom-2 citrix Different applications may require different Citrix Aggregation class configuration (for example: different window size and aggregated packet size). Several well-known applications are defined as belonging to 'default' or 'citrix' aggregation class (for example: Citrix and Telnet applications predefined to belong to the 'citrix' class, which is pre-configured to properly handle these applications). You can disable, enable or configure each class. You can set each application that exists in the Accelerator to belong to one of the Citrix Aggregation classes. For information on setting and defining Layer-7 applications, see section "Enabling L-7 Traffic Discovery", on page 500. By default, Citrix is enabled but default, custom-1 and custom-2 are disabled. The Citrix Aggregation class parameter configuration is available only per-link. The Global command is for ease of use. This command is not saved in the configuration file, but goes over each link and changes its configuration to enable/disable. To view Citrix Aggregation statistics, use the show interface link command from the config prompt. Parameters Enter the aggregation post class as described above. Example with Syntax ACC1(config)#ag g re ga t io n p os t c la s s [ de fa u lt | cu s to m- 1 | c us t om 2 | c it ri x ] g lo ba l [ en a bl e | d i sa bl e ] Defining the Post Aggregation Class To define the class of the post aggregation setting: Enter the comand string that is shown in the table below: ACC1(conf)#in t er fa c e li n k [ number] ACC1(LINK)#ag g re ga t io n p os t Command Ac ce ler at o rOS 6 .1 .2 Us er Gui d e c la s s [ de fa u lt | cu s to m- 1 | c us t om 2 | c it ri x ] [ di sa b le | e na b le | li m it | t hr e sh ol d | w in d ow ] Co n fi g ura t io n Co m m an d s Description Defines a class of post aggregation settings. You can define settings per link per class or for the entire link. For limit, threshold and window details see below. The Citrix Aggregation class parameter configuration is available only per-link (see section "Enabling / Disabling Aggregation Classes per Link", on page 485). This command is for ease of use. It is not saved in the configuration file, but goes over each link and changes its configuration to enable/disable Parameters Enter the bandwidth 485 ACC1(conf)#i n te r fa ce li nk [ number] ACC1(LINK)#a g gr e ga ti o n po s t Example with Syntax c la s s [d e fa ul t | cu st o m- 1 | c us t om 2 | ci t ri x ] [d i sa bl e | e na b le | li mi t | t hr es h ol d| w in d ow ] Enabling / Disabling Aggregation Classes per Link To enable aggregation classes per link: Enter the comand string that is shown in the table below: Command ACC1(conf)#i n te r fa ce li nk [ number] ACC1(LINK)#a g gr e ga ti o n po s t [ en a bl e | d is a bl e ] Description Sets the Citrix aggregation classes per link. Parameters Enter the bandwidth Example with Syntax ACC1(conf)#i n te r fa ce li nk [ number] ACC1(LINK)#a g gr e ga ti o n po s t enable Setting Aggregation Limit To set an aggregation limit: Enter the comand string that is shown in the table below: Command ACC1(conf)#i n te r fa ce li nk [ number] ACC1(LINK)#a g gr e ga ti o n po s t l im i t [4 0 - 3 0 00 ] R ev isi o n 2. 0 486 C h ap t er H: Command Line Interface Description Sets the upper limit for packets to be aggregated. Number in bytes. The limit, set in bytes, is the upper ceiling of packet size for packets to be eligible for Citrix aggregation: packets that are larger than LIMIT are not aggregated (they are supposed to be big enough to be sent one at a time). You can configure LIMIT in range 40-3000 bytes. The default value is 256 Parameters Enter the bandwidth Example with Syntax ACC1(conf)#in t er fa c e li n k [ number] ACC1(LINK)#ag g re ga t io n p os t l im i t 256 Setting Aggregation Threshold To set an aggregation threshold: Enter the comand string that is shown in the table below: Command ACC1(conf)#in t er fa c e li n k [ number] ACC1(LINK)#ag g re ga t io n p os t t hr e sh o ld [ 4 0 - 3 00 0 | a u to ] Description Sets the post aggregation threshold, number in bytes 40 to 3000 or automatic. The threshold, set in bytes, is the maximum size of aggregated packets. That is, when an aggregate packet reaches this size, it can be sent. You can configure THRESHOLD in range 40-MTU. The default value is auto, which means that the threshold will be calculated dynamically according to available bandwidth as follows: 512 bytes - for bandwidth that is less than or equal to 512 Kbps 1024 bytes - for bandwidth that is greater than 512 Kbps and less then 1Mbps MTU (usually 1500 bytes but no more than 3000) - for bandwidth that is more than 1Mbps If fragmentation is configured in the link, the threshold auto value will not be larger than the fragmentation size. Parameters Enter the correct threashold Example with Syntax ACC1(conf)#in t er fa c e li n k [ number] ACC1(LINK)#ag g re ga t io n p os t t hr e sh o ld 512 Setting Aggregation Window To set an aggregation window: Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s Command 487 ACC1(conf)#i n te r fa ce li nk [ number] ACC1(LINK)#a g gr e ga ti o n po s t w in d ow [ 1 - 1 0 0 | a ut o ] Description Sets the post-acceleration window, number in bytes 1 to 100 or automatic. The window command is set in units of 10 ms. This is the maximum amount of time a packet can be delayed in Citrix Aggregation queues. This means that when WINDOW * 10 ms elapses, an aggregate packet is sent (even if its total size has not yet reached LIMIT value). This is done to avoid long packet delays. WINDOW can be configured in a range of 1-100 units. The default value is auto, which means that the WINDOW value is calculated dynamically given the bandwidth and the threshold value. An estimated value of the auto value is bandwidth/ Threshold. This enables the aggreagator to wait enough time to get an aggregated packet with the largest size close to the THRESHOLD value. Parameters Enter the correct threashold Example with Syntax ACC1(conf)#i n te r fa ce li nk [ number] ACC1(LINK)#a g gr e ga ti o n po s t t hr e sh ol d 90 Applying an Aggregation Class to an Application To apply an aggregation class to an application: Enter the comand string that is shown in the table below: ACC1(conf)#d e ci s io n ACC1(DECISION)#m a tc h a pp l ic at i on Command Description [ name] ACC1(DECISION)#s e t ag g re g at io n c la s s [c i tr ix | d ef au l t | c us t om -1 | cu s to m -2 ] Sets the post-acceleration class of an application. An application is coupled with a Citrix Aggregation class through a decision. To see which application belongs to which class, type the show decision command. Parameters Enter the application name and the correct aggregation class. R ev isi o n 2. 0 488 C h ap t er H: Command Line Interface ACC1(conf)#de c is io n ACC1(DECISION)#ma tc h a p pl ic a ti on myapplication ACC1(DECISION)#se t a gg r eg at i on c la s s citrix Example with Syntax Configuring DNS Acceleration This section has the following configuration options: Enabling / Disabling DNS Acceleration, on page 488 Defining Static Hosts, on page 488 Removing Definitions of Static Hosts, on page 489 Clearing the Cache, on page 489 Setting The Cache Size, on page 489 Displaying the Cache Contents, on page 490 Enabling / Disabling DNS Masquerading, on page 490 Defining the TTL Period, on page 490 Defining the Query Timeout Period, on page 491 Defining the Transparency Mode, on page 491 Displaying the DNS Acceleration Statistics, on page 492 Enabling / Disabling the Use of the Accelerator DNS, on page 492 Enabling / Disabling DNS Acceleration To enable or disable DNS acceleration: Enter the comand string that is shown in the table below: AC C 1( D NS -A C C) #D n s- a cc el e ra ti o n [ en a bl e | d i sa bl e ] Command Description Enables/disables DNS Acceleration. By default DNS Acceleration is disabled. Parameters Enable to enable, Disable to disable Example with Syntax AC C 1( D NS -A C C) #D n s- a cc el e ra ti o n enable Defining Static Hosts To define a static host: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s 489 Enter the comand string that is shown in the table below: AC C1 ( DN S -A CC ) #i p h os t [ WO R D] [I P ] Command Description Lets you define a static host-name to address, by using the WORD parameter followed by an IP address. Parameters Enter the site name and the correct IP address. AC C1 ( DN S -A CC ) #i p h os t mysite Example with Syntax 100.100.20.5 Removing Definitions of Static Hosts To apply an aggregation class to an application: Enter the comand string that is shown in the table below: AC C1 ( DN S -A CC ) #i p h os t [ pu r ge ] Command Description Lets you remove all definitions of static hosts, by using the purge parameter. Parameters No additional parameters required. AC C1 ( DN S -A CC ) #i p h os t purge Example with Syntax Clearing the Cache To clear the cache: Enter the comand string that is shown in the table below: AC C1 ( DN S -A CC ) #c ac h e c le ar Command Description Lets you clear the cache contents. Parameters No additional parameters required. Example with Syntax AC C1 ( DN S -A CC ) # cache clear Setting The Cache Size To set the cache size: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 490 C h ap t er H: Command Line Interface Command AC C 1( D NS -A C C) #c a ch e s iz e [ 10 0 3 00 0 0 | a ut o ] Description Lets you select whether to accept the system-defined value of the cache size or to set your own value (between 100 and 30000). Parameters Enter the application name and the correct aggregation class. Example with Syntax AC C 1( D NS -A C C) #c a ch e s iz e 2400 Displaying the Cache Contents To display the cache content: Enter the comand string that is shown in the table below: Command AC C 1( D NS -A C C) #s h ow ca ch e Description Displays the details of all hosts currently stored in the cache: host name, host address, flags and expiry time (time-to-leave). Parameters No additional parameters required. Example with Syntax AC C 1( D NS -A C C) #s h ow ca ch e Enabling / Disabling DNS Masquerading To enable or disable DNS Masquerading: Enter the comand string that is shown in the table below: Command AC C 1( D NS -A C C) #D n s- m as qu e ra di n g [ en a bl e | d i sa bl e ] Description Enables/disables DNS masquerading. By default DNS masquerading is disabled. Parameters Enable to enable, Disable to disable Example with Syntax AC C 1( D NS -A C C) #D n s- m as qu e ra di n g enable Defining the TTL Period To define the time to leave period: Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s Command AC C1 ( DN S -A CC ) #m in T T L (m in u te s) [ pr e se rv e -t tl | 1 -1 44 0 ] Description Lets you select whether to keep the system-defined value of the time-to-leave period (preserve-ttl) or to set your own value (between 1 and 1440 minutes). Parameters Enter the a valid time period as described above. Example with Syntax 491 AC C1 ( DN S -A CC ) #m in T T L (m in u te s) p re s er ve - tt l 440 Defining the Query Timeout Period To define the query timeout period: Enter the comand string that is shown in the table below: Command AC C1 ( DN S -A CC ) #q ue r y t im eo u t (0 3 0) Description Lets you set your own value for the query timeout period (between 0 and 30) Parameters Enter a valid timeout period as described above. Example with Syntax AC C1 ( DN S -A CC ) #q ue r y t im eo u t 25 Defining the Transparency Mode To define the transparency mode: Enter the comand string that is shown in the table below: Command AC C1 ( DN S -A CC ) #t ra n sp a re nc y [ au t o | f ul l | s e mi ] Description Lets you set your requested transparency mode: Semi - the traffic is transparent to the Client, but the server sees it as coming from the Accelerator. Full - the traffic is transparent to both the Client and the Server. Auto - the transparency is determined automatically according to the deployment level: either Semi (in On-LAN deployment) or Full (in On-Path deployment). The default value is Auto. Parameters Enter a valid transparency mode as descrbed above. Example with Syntax AC C1 ( DN S -A CC ) #t ra n sp a re nc y auto R ev isi o n 2. 0 492 C h ap t er H: Command Line Interface Displaying the DNS Acceleration Statistics To apply an aggregation class to an application: Enter the comand string that is shown in the table below: Command AC C 1( D NS -A C C) #s h ow st at i st ic s Description Displays the statistics for the queries since the last time the DNS Acceleration feature was enabled: total number of queries, number of hits and number of misses. Parameters No additional parameters required. Example with Syntax AC C 1( D NS -A C C) # show statistics Enabling / Disabling the Use of the Accelerator DNS To enable or disable the Accelerator ’s DNS: Enter the comand string that is shown in the table below: Command AC C 1( D NS -A C C) #u s e- a cc el e ra to r d ns [e n ab le | di s ab l e] Description Enables/disables the use of Accelerator DNS, thereby defining the Accelerator as a DNS client. By so doing, the Accelerator will always intercept traffic and use its setting to process the traffic, even if that traffic was sent to another DNS server. If you enable the use of Accelerator DNS, you have to configure an IP name server under the DNS node. Parameters Enable to enable, Disable to disable. Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e AC C 1( D NS -A C C) #u s e- a cc el e ra to r d ns enable Co n fi g ura t io n Co m m an d s 493 Enabling Traffic Encryption i NOTE: In the Accelerator, subnets that are not defined as local subnets are considered by default as remote subnets (subnets over the WAN). Thus, when IPsec is enabled, users sending traffic from such subnets will not be able to communicate with the Accelerator, as their packets will be dropped. Therefore, enabling these subnets to communicate with the Accelerator requires you to define them as local in the Accelerator, by using the following CLI command: subnet network x.x.x.x/y This section features the following options: Displaying the Traffic Encryption (crypto) on a Specific Link, on page 493 Displaying the Current Crypto Configuration of a Specific Accelerator, on page 493 Displaying the Crypto Details of a Specific Accelerator, on page 494 Displaying the Process of the IPsec Policy Creation on a Specific Accelerator, on page 494 Displaying the Traffic Encryption (crypto) on a Specific Link To display traffic encryption details on a specific link: Enter the comand string that is shown in the table below: Command AC C1 ( co n fi g) # sh ow in t er fa c e l in k Description Lets you view whether IPsec is enabled, which IPsec policy is used and other details. Parameters Enter the link number. Example with Syntax AC C1 ( co n fi g) # sh ow in t er fa c e l in k 1 Displaying the Current Crypto Configuration of a Specific Accelerator To display the current configuration: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 494 C h ap t er H: Command Line Interface Command AC C 1( c on fi g )# sh o w r un ni n gc on f ig Description Lets you view the entire details of the current crypto configuration, such as crypto mode, policy rules and decision number. Parameters No additional parameters required. Example with Syntax AC C 1( c on fi g )# sh o w r un ni n gc on f ig Displaying the Crypto Details of a Specific Accelerator To display the crypto details: Enter the comand string that is shown in the table below: Command AC C 1( c on fi g )# sh o w c ry pt o Description Lets you view the entire details of Accelerator’s crypto, such as the crypto mode, the IKE and the IPsec policies. Parameters No additional parameters required. Example with Syntax AC C 1( c on fi g )# sh o w c ry pt o Displaying the Process of the IPsec Policy Creation on a Specific Accelerator To apply an aggregation class to an application: Enter the comand string that is shown in the table below: Command AC C 1( c ry pt o )# sh o w t ec he nc r yp t io n Description Lets you view the IPsec tunnel status and the Pluto log. Parameters No additional parameters required. Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e AC C 1( c ry pt o )# sh o w t ec he nc r yp t io n Co n fi g ura t io n Co m m an d s 495 Configuring ARP This section contains the following configurations: Adding Entries to the ARP Cache, on page 495 Clearing the ARP Cache, on page 495 Setting the Limit on the ARP Cache, on page 495 Setting Additional Limits on the ARP Cache, on page 496 Adding Entries to the ARP Cache To add an entry to the ARP Cache: Enter the comand string that is shown in the table below: Command ACC1(config)#a r p [ IP a d dr es s x .x . x. x] [M AC ad d re ss x x :x x :x x: x x: xx : xx ] Description Sets manual ARP cache entries Parameters Enter a valid IP address and MAC address. Example with Syntax ACC1(config)#a r p I P ad d re ss 100.100.50.2 M AC Ad dr e ss 00:06:5B:15:04:B4 Clearing the ARP Cache To clear the ARP Cache: Enter the comand string that is shown in the table below: Command ACC1(config)#a r p c le ar - ta bl e [ vo l at il e ] Description Clears the ARP cache table. Using the volatile variable lets you clear entries from the active ARP without clearing the database. Parameters No additional parameters required. Example with Syntax ACC1(config)#a r p c le ar - ta bl e [ vo l at il e ] Setting the Limit on the ARP Cache To set a limit to the ARP cache: R ev isi o n 2. 0 496 C h ap t er H: Command Line Interface Enter the comand string that is shown in the table below: Command ACC1(config)#ar p c ac h e ma x -s iz e [ number between 128000 and 8000000] Description Sets a limit on the size of the ARP cache Parameters Enter the maximum size within the range listed above. Example with Syntax AC C1 (c on fi g) # a rp ca c he ma x -s iz e 800000 Setting Additional Limits on the ARP Cache To set an additional limit on the ARP cache: Enter the comand string that is shown in the table below: Command ACC1(config)#ar p c ac h e li m it s [ three numbers between 128000 and 8000000] Description Sets three limits on the size of the ARP cache Parameters Enter up to three numbers within the valid range Example with Syntax ACC1(config)#ar p c ac h e li m it s 200000 300000 400000 Additional Configurations This section contains the following configuration options: Adding a WAN, on page 496. Modifying Interface Speed and Duplex, on page 497. Setting VLAN, on page 497. Autodetecting HSRP Groups, on page 498. Setting HSRP Group Number, on page 498. Setting VRRP Group Number, on page 499. Disabling Bridging, on page 500. Setting an IP address for Eth 0, on page 500. Adding a WAN To add a new WAN: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s 497 Enter the comand string that is shown in the table below: Command ACC1(config)#w a n [name] Description Creates a new WAN. Parameters Enter the name of the WAN. Example with Syntax ACC1(config)#w a n mywan Modifying Interface Speed and Duplex To modify interface speed and duplex: Enter the comand string that is shown in the table below: ACC1(config)#i n te r fa ce et he r ne t [0, 0/1, 0/0] ACC1(interface)l i nk -m o de 10 00 M bi t -f ul l Command 10 0M b it - fu ll 10 0M b it - ha lf 10 Mb i t- f ul l 10 Mb i t- h al f au to Description Sets the speed and duplex setting of the interface. Parameters No additional parameters required Example with Syntax ACC1(config)#i n te r fa ce et he r ne t 0 ACC1(interface)l i nk -m o de auto Setting VLAN To set a VLAN: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 498 C h ap t er H: Command Line Interface Command ACC1(config)#in t er fa c e vl a n [number] x. x .x . x x .x . x. x (enter ip address and subnet mask) or n at i ve or n at i ve ta gg e d Description Enables VLAN, sets group number and IP address or native or native tagged Accelerator IP address as VLAN group IP address. Parameters Enter a valid group number, a valid IP address and subnet mask. Example with Syntax ACC1(config)#in t er fa c e vl a n 1 100.100.50.5 Autodetecting HSRP Groups To enable or disable the autodetection of HSRP groups: Enter the comand string that is shown in the table below: Command ACC1(config)#HS R P au t od et e ct e na b le / di sa b le Description The Accelerator can auto-detect HSRP groups on its networks and add them to its Group Table Parameters Enable to enable, Disable to disable. Example with Syntax ACC1(config)#HS R P au t od et e ct enable Setting HSRP Group Number i NOTE: In AcceleratorOS versions up to 6.0, adding an HSRP group automatically included the Accelerator in the group. Starting from AcceleratorOS 6.0, after HSRP group parameters are updated, the Accelerator must join the group. In the CLI this is accomplished using the join/leave commands. To set the HSRP group number: Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s 499 ACC1(config)#H S RP [number] au th e nt i ca ti o n [s t ri n g] fo rc e -p r io ri t y ip ( up da t e I P ad d re ss - c r ea te g ro u p if it d o es no t e xi st ) Command jo in leave (l ea v e H SR P g ro up ) preempt pr io r it y [ nu m be r 0 - 25 4] ti me r s vi rt u al - ma c (virtual MAC address) vlan (assign HSRP group to VLAN) Description Sets manual configuration of HSRP Parameters Enter a valid IP address, a mac address and a HRSP group number ACC1(config)#H S RP 20 au th e nt i ca ti o n myauthentication fo rc e -p r io ri t y ip 100.100.50.2 Example with Syntax jo in pr ee m pt pr io r it y 1 ti me r s vi rt u al - ma c F:F:F:F:F:F:F:F vl an 2 Setting VRRP Group Number To set the VRRP group number: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 500 C h ap t er H: Command Line Interface AC C 1( c on fi g )# VR R P [ nu mb e r] ip (u p da te IP a d dr e ss - c re at e g ro u p i f it do es no t e xi s t) Command pr e em p t pr i or i ty [ n um be r 0 - 25 4 ] ti m er Description Sets manual configuration of VRRP Parameters Enter a valid IP and priority number AC C 1( c on fi g )# VR R P [ nu mb e r] ip 10 0 .1 00 . 23 .4 Example with Syntax pr e em p t pr i or i ty 100 ti m er Disabling Bridging To disable bridging: Enter the comand string that is shown in the table below: Command ACC1(config)#in t er fa c e e t he rn e t 0 ACC1(interface)# b ri d ge d -s ta t e d is a bl e Description Disables bridge support for the Ethernet 0 interface. Parameters No additional parameters needed Example with Syntax ACC1(config)#in t er fa c e e t he rn e t 0 ACC1(interface)# b ri d ge d -s ta t e disable Setting an IP address for Eth 0 To set the IP address for ETH O: Enter the comand string that is shown in the table below: Command ACC1(config)#in t er fa c e e t he rn e t 0 ACC1(interface)# i p a dd r es s [ x. x .x . x y. y .y .y ] Description Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Sets an IP address and subnet mask for the Ethernet 0 interface. Co n fi g ura t io n Co m m an d s Parameters Example with Syntax 501 Enter a valid IP and subnet mask ACC1(config)#i n te r fa ce e th e rn et 0 ACC1(interface)# i p ad d re s s 100.100.23.2 255.255.255.255 Defining Link Settings The following settings can be configured in this section: Assigning a Link to a WAN, on page 501 Setting a Link to Work in Large Cache Mode, on page 501 Enabling Packet Fragmentation, on page 502 Enabling Packet Aggregation, on page 502 Setting a Link to be Accelerated, on page 503 Setting IPcomp Preservation, on page 503 Forcing Tunneling, on page 504 Including Checksum, on page 504 Assigning a Link to a WAN To assign a link to a WAN: Enter the comand string that is shown in the table below: Command ACC1(config)#i n te r fa ce li nk ACC1(LINK)#w a n- i d [ number/ d ef a ul t] Description Sets the WAN to which this Link is assigned. Parameters Enter a valid IP, VRRP group number, and priority number Example with Syntax ACC1(config)#i n te r fa ce li nk ACC1(LINK)#w a n- i d [ number/ d ef a ul t] Setting a Link to Work in Large Cache Mode To set a link to work in large cache mode: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 502 C h ap t er H: Command Line Interface Command ACC1(LINK)# ca c he -s i ze l a rg e e na b le Description Sets the link to work in Large cache size mode. Parameters No additional parameters needed. Example with Syntax ACC1(LINK)# ca c he -s i ze l a rg e enable Enabling Packet Fragmentation To enable packet fragmentation: Enter the comand string that is shown in the table below: Command AC C 1( L IN K) # fr ag m en t at io n a ut o [ nu m be r ] Description Enables packets to be fragmented on this link. If packets arrive larger than the set size (68 to 6000), the QoS mechanism breaks them up. This setting is useful for handling latency on low bandwidth links, and applies only to traffic set with a CoS value of low, medium and high priority. Fragmentation does not have to be configured symmetrically on both ends. Fragmentation is accomplished on outgoing packets before the packets are compressed. Parameters Enter a valid number as described above Example with Syntax AC C 1( L IN K) # fr ag m en t at io n a ut o 900 Enabling Packet Aggregation To enable packet aggregation: Enter the comand string that is shown in the table below: Command Ac ce ler at o rOS 6 .1 .2 Us er Gui d e AC C 1( L IN K) # ag gr e ga t io n a ut o [ nu m be r ] Co n fi g ura t io n Co m m an d s Description Enables small packets to be aggregated on this link. If packets arrive smaller than the set size (68 to 6000), the QoS mechanism aggregates them and sends them together across the link. This only applies to traffic set with a CoS value of low, medium and high priority. Aggregation is accomplished on outgoing packets before the packets are compressed, and therefore you do not have to configure the aggregation symmetrically on both ends. Aggregation is applied only on congested links, to avoid adding unnecessary latency on non-problematic links. Parameters Enter a valid number as described above Example with Syntax 503 AC C1 ( LI N K) #a g gr eg a ti o n au t o 900 Setting a Link to be Accelerated To assign a link be accelerated: Enter the comand string that is shown in the table below: Command ACC1(LINK)# a c ce l er at i on e n ab l e/ d is a bl e Description Sets the link to accelerate all traffic Parameters Enable to enable, Disable to disable Example with Syntax ACC1(LINK)# a c ce l er at i on enable Setting IPcomp Preservation To assign a link to a WAN: Enter the comand string that is shown in the table below: ACC1(LINK)# h e ad e r pr e se rv a ti o n Command [s rc ] [t os ] [t tl ] R ev isi o n 2. 0 504 C h ap t er H: Command Line Interface Description Sets source IP address, ToS bit or ttl header preservation. SRC: Preserves the source IP address of the original IP header. This setting, which is useful for Policy Routing, also enables distinguishing between sessions. The SRC setting is disabled by default. TOS: Preserves the original ToS point settings - this is enabled by default. TTL: Preserves the original TTL. This is disabled by default. Parameters No additional parameters required ACC1(LINK)# he a de r p re se r va t io n src Example with Syntax tos ttl Forcing Tunneling To set the link to force all traffic into the tunnel: Enter the comand string that is shown in the table below: Command ACC1(LINK)# fo r ce e n ab le / di s ab le Description Sets the link to force all traffic into the tunnel. Parameters Enable to enable, Disable to disable Example with Syntax ACC1(LINK)# fo r ce enable Including Checksum To include a checksum: Enter the comand string that is shown in the table below: Command ACC1(LINK)# ch e ck su m e na b le / d is a bl e Description Includes a checksum in all packet transmissions. This setting is useful for high error rate links and troubleshooting purposes. Parameters Enable to enable, Disable to disable Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e ACC1(LINK)# ch e ck su m enable Co n fi g ura t io n Co m m an d s 505 Configuring Expand View Settings This section demonstrates how to configure the Accelerator to work with ExpandView NMS. For more information on ExpandView, contact your Expand Networks supplier. This section contains the following configuration options: Enabling / Disabling the ExpandView Agent, on page 505 Setting the ExpandView Server IP Address, on page 505 Setting the ExpandView Server Port, on page 506 Displaying ExpandView Status, on page 506 Enabling / Disabling the ExpandView Agent To enable or disable the ExpandView Agent: Enter the comand string that is shown in the table below: ACC1(config)# e x pa n d- vi e w Command AC C1 ( EV I EW )# ag en t [ e na bl e / d is a bl e] Description Enables/Disables interaction with ExpandView. Parameters Enable to enable, Disable to disable Example with Syntax ACC1(config)# e x pa n d- vi e w AC C1 ( EV I EW )# ag en t enable Setting the ExpandView Server IP Address To set the ExpandView Server IP address: Enter the comand string that is shown in the table below: Command AC C1 ( EV I EW )# IP a d dr e ss [ x. x .x .x ] Description Sets the address of the ExpandView server in an Accelerator. Parameters Enter a valid IP address of the ExpandView server Example with Syntax AC C1 ( EV I EW )# IP a d dr e ss 100.100.25.5 R ev isi o n 2. 0 506 C h ap t er H: Command Line Interface Setting the ExpandView Server Port To set the Expand View Server Port: Enter the comand string that is shown in the table below: Command AC C 1( E VI EW ) # po r t [ xx xx ] Description Sets the port to use for interaction with the ExpandView server. Parameters Enter a legal port number that should be used to interact with the ExpandView server. Example with Syntax AC C 1( E VI EW ) # po r t 81 Displaying ExpandView Status To display the ExpandView status: Enter the comand string that is shown in the table below: Command Description Verifies whether the unit is connected to ExpandView. Parameters No additional parameters Example with Syntax i AC C 1( E VI EW ) # show AC C 1( E VI EW ) # show NOTE: For more information on ExpandView, please refer to the ExpandView user guide. Configuring SNMP This section contains the following configuration options: Enabling / Disabling SNMP, on page 507. Enabling / Disabling SNMP Traps, on page 507. Setting SNMP Trap Community, on page 507. Setting SNMP Community, on page 508. Setting SNMP Version 3 Authentication, on page 508. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s 507 Enabling / Disabling SNMP To enable SNMP: Enter the comand string that is shown in the table below: Command ACC1(config)#s n mp en ab l e/ di s ab l e Description Enables/Disables SNMP support in the Accelerator. Parameters Enable to enable, Disable to disable. Example with Syntax ACC1(config)#s n mp enable Enabling / Disabling SNMP Traps To enable SNMP: Enter the comand string that is shown in the table below: Command ACC1(config)#s n mp tr ap s e na b le / d is a bl e Description Enables/Disables SNMP trap support. Parameters Enable to enable, Disable to disable. Example with Syntax ACC1(config)#s n mp tr ap s enable Setting SNMP Trap Community i NOTE: If, after defining snmp trap manager-ip, snmp read community or snmp trap community, you want to clear these values, use the no command to reverse this definition. For example: no snmp read community [name] To set SNMP trap community: Enter the comand string that is shown in the table below: Command ACC1(config)#s n mp tr a p c om mu n it y [ na m e] Description Sets the name of the SNMP trap community. The default is Public. Parameters Enter a valid name as described above. Example with Syntax ACC1(config)#s n mp tr a p c om mu n it y public R ev isi o n 2. 0 508 C h ap t er H: Command Line Interface Setting SNMP Community To set SNMPcommunity: Enter the comand string that is shown in the table below: Command ACC1(config)#sn m p co m mu ni t y [ na m e] ac ce s s [r e ad - on ly / re ad w ri t e] Description Sets the name of the SNMP community (a group of users that are granted access to certain Accelerator devices). Each SNMP community can have either read-only or read-write authorization. The default community is Public, and its authorization is readwrite. Parameters Enter a valid name and access type as described above. Example with Syntax ACC1(config)#sn m p co m mu ni t y Public access read-write Setting SNMP Version 3 Authentication To set SNMP version 3 authentication: Enter the comand string that is shown in the table below: Command ACC1(config)#sn m p ch a ng e- v 3p as s wo r d Description Sets the password SNMP v.3 password. The default password is expand_initial_password and should be changed. Parameters Enter a valid password as described above. Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e ACC1(config)#sn m p ch a ng e- v 3p as s wo r d expand_initial_password Co n fi g ura t io n Co m m an d s i 509 NOTE: When monitoring for specific MIBs, add the index number of the processor even if only one processor exists. Failing to add the index number results in an error message. For example: using the snmpget command with the syntax snmpget -v 1 -c expand 10.65.0.209 1.3.6.1.4.1.3405.1.3.1.1.2.1.3 returns the following error: There is no such variable name in this MIB. Failed object: SNMPv2-SMI:enterprises.3405.1.3.1.1.2.1.3 The correct string would be: snmpget -v 1 -c expand 10.65.0.209 1.3.6.1.4.1.3405.1.3.1.1.2.1.3.1 <processor id> Configuring the Log Enabling / Disabling the Log, on page 509. Setting the Syslog Facility Number, on page 509. Setting the Syslog Server’s IP Address, on page 510. Defining Sent Events, on page 510. Enabling / Disabling the Log To enable or disable the log: Enter the comand string that is shown in the table below: Command ACC1(config)#l o gg i ng ACC1(logging)#s y sl o g ac t iv e [ di s ab le | en a bl e ] Description Enables Syslog events to be sent. Parameters Enable to enable, Disable to disable Example with Syntax ACC1(config)#l o gg i ng ACC1(logging)#s y sl o g ac t iv e enable Setting the Syslog Facility Number To set the syslog facility number: R ev isi o n 2. 0 510 C h ap t er H: Command Line Interface Enter the comand string that is shown in the table below: ACC1(config)#lo g gi ng ACC1(logging)#sy sl o g f ac il i ty [ number] Command Description Sets the Syslog facility number. Parameters Enter a valid number ACC1(config)#lo g gi ng ACC1(logging)#sy sl o g f ac il i ty 23 Example with Syntax Setting the Syslog Server’s IP Address To set the IP address of the syslog server: Enter the comand string that is shown in the table below: ACC1(config)#lo g gi ng ACC1(logging)#sy sl o g s er ve r i p [ IP address (x.x.x.x)] Command Description Sets the IP address of the Syslog server. Parameters Enter a valid IP address as described above. ACC1(config)#lo g gi ng ACC1(logging)#sy sl o g s er ve r i p 100.100.20.3 Example with Syntax Defining Sent Events To define a sent event: Enter the comand string that is shown in the table below: ACC1(config)#lo g gi ng ACC1(logging)#sy sl o g s ev er i ty Command m in i mu m [ in f o | w ar ni n g | e rr or | f a ta l] ma x im um [f at a l | e rr or | w a rn i ng | in fo ] Description Defines which events to send, from the minimum to the maximum. Parameters Enter a valid event as described above. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s Example with Syntax 511 ACC1(config)#l o gg i ng ACC1(logging)#s y sl o g se v er it y minimum warning maximum error Enabling / Disabling Event Notification To enable or disable event notification: Enter the comand string that is shown in the table below: Command ACC1(config)#l o gg i ng ACC1(logging)#m a il ac ti v e [ di s ab le | en a bl e ] Description Sets the Accelerator to send email notification when events and alerts are received Parameters Enable to enable, disable to disable Example with Syntax ACC1(config)#l o gg i ng ACC1(logging)#m a il ac ti v e enable Creating an Accelerator Messenger Account To set the email address: Enter the comand string that is shown in the table below: Command ACC1(config)#l o gg i ng ACC1(logging)#m a il fr om [name] Description Sets the name to appear in the From field of emails sent from the Accelerator. Parameters Enter a valid password as described above. Example with Syntax ACC1(config)#l o gg i ng ACC1(logging)#m a il fr om [name] Setting the Notification Recipient To set who will receive the notifications: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 512 C h ap t er H: Command Line Interface Command ACC1(config)#lo g gi ng ACC1(logging)#ma il re c ip ie n t [ name] Description Sets the name to appear in the To field of emails sent from the Accelerator. Parameters Enter a valid email address as described above. Example with Syntax ACC1(config)#lo g gi ng ACC1(logging)#ma il re c ip ie n t [email protected] Setting the Mail Server’s IP Address To set the mail server ’s IP address: Enter the comand string that is shown in the table below: Command ACC1(config)#lo g gi ng ACC1(logging)#ma il se r ve r i p[ ip address (x.x.x.x)] Description Sets the IP address of the mail server. Parameters Enter a valid IP address as described above. Example with Syntax ACC1(config)#lo g gi ng ACC1(logging)#ma il se r ve r i p 100.100.50.8 Setting the Mail Server’s Port Number To set the port of the mail server: Enter the comand string that is shown in the table below: Command ACC1(config)#lo g gi ng ACC1(logging)#ma il se r ve r p or t [port number] Description Sets the port of the mail server. Parameters Enter a valid port number as described above. Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e ACC1(config)#lo g gi ng ACC1(logging)#ma il se r ve r p or t 86 Co n fi g ura t io n Co m m an d s 513 Setting SNMP Version3 Authentication To set SNMP version 3 authentication: Enter the comand string that is shown in the table below: ACC1(config)#l o gg i ng ACC1(logging)#m a il se ve r it y Command m in i mu m [ in fo | wa r ni ng | er r or | f at a l] m a xi m um [ e rr or | fa t al | i n fo | wa rn i ng ] Description Defines which events are sent, from the minimum to the maximum. Log events are as follows: info - informational events warning - warnings error - errors in acceleration fatal - fatal errors Parameters Enter the event as described above. Example with Syntax ACC1(config)#l o gg i ng ACC1(logging)#m a il se ve r it y minimum info maximum fatal Creating Log Archives The log archive creation does not have its own mode, and can be carried out either from the Enable or Config modes. The following options are available: Creating a Log Archive, on page 513. Deleting a Log Archive, on page 514. Uploading Log Archive Files, on page 514. Displaying Log Archive Files, on page 515. Creating a Log Archive To create a log archive: Enter the comand string that is shown in the table below: Command ACC1#lo g a rc hi v e [ pr ef i x] R ev isi o n 2. 0 514 C h ap t er H: Command Line Interface Description Enables creating a log archive. To insert your selected prefix, type this prefix in the WORD field. Parameters Enter a valid prefix if desired Example with Syntax ACC1#lo g a rc h iv e myprefix Deleting a Log Archive To delete an log archive: Enter the comand string that is shown in the table below: Command ACC1#lo g a rc h iv e [ de l et e] [ fi l en a me ] | [ al l ] Description Enables deleting a log archive. You can select between the following options: WORD - to delete a specific file. all - to delete all files. Parameters Enter a specific file name or All to delete all files as described above. Example with Syntax ACC1#lo g a rc h iv e delete all Uploading Log Archive Files To upload a log archive file: Enter the comand string that is shown in the table below: Command ACC1#lo g u pl o ad [m et h od ] [ fi l en a me ] | [ la t es t ] [ de s ti n at io n ] Description Lets you select the parameters for uploading log archive files: which method to use, which files to upload, and the requested destination. The optional values are as follows: Method - FTP, SFTP, TFTP and SCP Filename - to select a specific file. Latest - to upload the latest generated log archive. Destination - the destination of the file. Parameters Enter parameters as described above Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e ACC1#lo g u pl o ad FTP myfilename latest T:\\mynetworkdrive Co n fi g ura t io n Co m m an d s 515 Displaying Log Archive Files To display a log archive file: Enter the comand string that is shown in the table below: Command ACC1#sh ow lo g a rc h iv e Description Lets you view all archived log files, including name, size and time stamp. Parameters No additional parameters required. Example with Syntax ACC1#sh ow lo g a rc h iv e Using Configuration Tools The following topics are available: Displaying the Configuration Settings, on page 515. Saving the Running Configuration, on page 516. Reverting Back to the Last Saved Startup, on page 516. Restoring the Configuration to Factory Default Settings, on page 516. Sending a Ping, on page 517. Sending a Traceroute, on page 517. Viewing Technical Support Statistics, on page 518. Displaying the Configuration Settings To display the configuration: Enter the comand string that is shown in the table below: Command AC C1 ( co n fi g) # wr it e t e rm in a l Description Displays the running configuration on the terminal screen (similar to the show startup-config command). Parameters No additional parameters required Example with Syntax AC C1 ( co n fi g) # write terminal R ev isi o n 2. 0 516 C h ap t er H: Command Line Interface Saving the Running Configuration To save the running configuration: Enter the comand string that is shown in the table below: Command AC C 1( c on fi g )# wr i te st ar t up c on f ig Description Saves the running configuration as the startup configuration. Parameters No additional parameters required Example with Syntax AC C 1( c on fi g )# write startup- config Reverting Back to the Last Saved Startup To revert back to the last saved startup: Enter the comand string that is shown in the table below: Command ACC1(config)#co p y st ar t up -c o nf i g r un n in g -c on f ig Description Reverts the running configuration to the last saved startup configuration. Parameters No additional parameters required Example with Syntax ACC1(config)#co p y st ar t up -c o nf i g r un n in g -c on f ig Restoring the Configuration to Factory Default Settings To restore the default settings: Enter the comand string that is shown in the table below: Command ACC1(config)#er a se s t ar tu p c on f ig u ra ti o n Description Restores the Accelerator’s configuration to the Factory Default Settings. Parameters No additional parameters required Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e ACC1(config)#er a se s t ar tu p c on f ig u ra ti o n Co n fi g ura t io n Co m m an d s 517 Sending a Ping To send a ping: Enter the comand string that is shown in the table below: ACC1(config)#p i ng [i p (x.x.x.x) | Command hostname] Description Pings network devices Parameters Enter a valid IP and host ACC1(config)#p i ng 100.100.10.4 myhostname Example with Syntax Sending a Traceroute To send a traceroute: Enter the comand string that is shown in the table below: Command ACC1(config)#t r ac e ro ut e [i p (x.x.x.x) | hostname] Description Sends a traceroute to network devices Parameters Enter a valid IP and host Example with Syntax ACC1(config)#t r ac e ro ut e 100.100.10.4 myhostname Displaying the Packets’ TraceRoute To display the packet’s traceroute: Enter the comand string that is shown in the table below: Command Description Parameters Example with Syntax {hostname}:filecontroller0# traceroute [host] Displays the route to a remote machine, where [host] represents the machine host’s name. No additional parameters required. {hostname}:filecontroller0# traceroute [host] R ev isi o n 2. 0 518 C h ap t er H: Command Line Interface Viewing Technical Support Statistics To view technical support statistics: Enter the comand string that is shown in the table below: Command ACC1(config)#sh o w te c h- su p po rt [ co n ti n uo us ] Description Gathers troubleshooting statistics from the Accelerator. Press More to view additional output each time; alternatively, add the parameter cotinuous, to enable continuous output. Parameters Only add the continuous parameter if you want continuous output Example with Syntax ACC1(config)#sh o w te c h- su p po rt continuous Enabling Accdump Files The following configuration options are available: Accessing the AccDump Configuration Menu, on page 518. Enabling / Disabling ACCDump, on page 519. Configuring Tcpdump File Size, on page 519. Configuring Tcpdump File Format, on page 519. Configuring Tcpdump File Number, on page 520. Configuring Tcpdump Optional Flags, on page 520. Uploading Tcpdump Files, on page 520. Selecting the TCPDump Interface, on page 521. Selecting the TCPDump Filter Expressions, on page 521. Accessing the AccDump Configuration Menu To access the accdump menu options: Enter the comand string that is shown in the table below: Command AC C 1( c on fi g )# accdump Description Enables accdump (default) Parameters No additional parameters needed Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e AC C 1( c on fi g )# accdump Co n fi g ura t io n Co m m an d s 519 Enabling / Disabling ACCDump To enable or disable ACCDump: Enter the comand string that is shown in the table below: Command ACC1(ACCDUMP)#i p t c pd um p e na b le / d is a bl e Description Enables or disables accdump. Note: If you choose enable, all values you configured do not affect the database. The database is being updated only after you carry out the exit command. Parameters Enable to enable, Disable to disable Example with Syntax ACC1(ACCDUMP)#i p t c pd um p enable Configuring Tcpdump File Size To configure the TCPDump File Size: Enter the comand string that is shown in the table below: Command ACC1(accdump)#i p t c pd um p f il e s iz e [ number] Description Configures the tcpdump file size. Possible values are 1 to 1000 MB. Parameters Enter a valid number as described above. Example with Syntax ACC1(accdump)#i p t c pd um p f il e s iz e 500 Configuring Tcpdump File Format To configure the TCPDump file format: Enter the comand string that is shown in the table below: Command ACC1(accdump)#i p t c pd um p f il e sf or m at e n c/ pc a p Description Configures the tcpdump file format. The available types are Pcap (saves the default format) and enc (reformats the file) Parameters Enter a valid IP and host R ev isi o n 2. 0 520 C h ap t er H: Command Line Interface Example with Syntax ACC1(accdump)#ip t c pd u mp f i le sf or m at enc Configuring Tcpdump File Number To configure the TCPDump File Number: Enter the comand string that is shown in the table below: Command ACC1(accdump)#ip t c pd u mp f i le sn um b er au to / [ number] Description Configures the tcpdump file number. Possible values are 1 to 1000. If you type auto, the system sets the file number and file size to default (100 and 10MB, respectively). Parameters Enter a valid number or auto as described above Example with Syntax ACC1(accdump)#ip t c pd u mp f i le sn um b er auto Configuring Tcpdump Optional Flags To configure the optional flags: Enter the comand string that is shown in the table below: Command Description ACC1(accdump)#ip t c pd u mp f l ag s ( f l a g n a m e) Lets you select tcpdump optional flags. For a detailed description of the optional flags, see in the appendix, tcpdump Optional Flags, on page 417. Parameters Enter a flag name as described in in the appendix, tcpdump Example with Syntax Optional Flags, on page 417. ACC1(config)#tr a ce ro u te 100.100.10.4 myhostname Uploading Tcpdump Files To upload the TCPDump file: Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ura t io n Co m m an d s Command ACC1(accdump)#i p t c pd um p u pl o ad [ me t ho d] [f il e ] [ de st i na ti o n] Description Lets you select the parameters for uploading tcpdump files: which method to use, which files to upload, and the requested destination. The optional values are as follows: Method - FTP, SFTP, TFTP and SCP File - one of the accdump files Destination - like in the Copy operation: user.password@ip/ file_destination_path Parameters Enter a valid IP and host Example with Syntax 521 ACC1(accdump)#i p t c pd um p u pl o ad FTP myfile T:\mynetworkdrive Selecting the TCPDump Interface To select the TCPDump Interface: Enter the comand string that is shown in the table below: Command ACC1(accdump)#i p t c pd um p i nt e rf ac e Description Lets you select one of the following options for an interface: any - capture packets from all interfaces. eth-local - capture packets from local interfaces. eth0 - captures packets from ethernet 0 eth0/0 - captures packets from ethernet 0/0 eth0/0 - captures packets from ethernet 0/1 internal - captures packets from internal interfaces Parameters Enter a valid interface as described above Example with Syntax ACC1(accdump)#i p t c pd um p i nt e rf ac e any Selecting the TCPDump Filter Expressions To select a TCPDump Filter Expression: Enter the comand string that is shown in the table below: Command Description ACC1(accdump)#i p t c pd um p f il t er Lets you filter the download of the tcpdump files by using filter expressions in the formats acceptable by the system, such as net_10.2.3.0/24_and_port_20. R ev isi o n 2. 0 522 C h ap t er H: Command Line Interface Parameters Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Enter a valid expression ACC1(accdump)#ip t c pd u mp f i lt er net_10.2.3.0 Configuring WAFS Co n fi g ur in g WAF S 523 Most of the WAFS configuration is done through the CLI, letting you display and manage printing devices and printing authorizations. The following configurations are available: Basic Operations, on page 523. Basic Operations, on page 523. Print Administration Activities, on page 527. Setting Drivers, on page 529. Managing CUPS, on page 531. Working with Printer Ports, on page 532. Managing Printers, on page 534. Managing WAFS Transparency, on page 535. Creating Excluded Servers, on page 536. Managing CIFS, on page 537. Compression Filters, on page 538. Managing Time and Dates, on page 539. Additional Options, on page 539. Fetch, on page 542. FileBank Director Configuration Settings, on page 543. Getting WAFS Help, on page 546. Licensing WAFS, on page 547. WAFS Log Files, on page 548. Managing Replication Services, on page 551. Managing the Replication User, on page 555. Scheduling Events, on page 560. Service Management, on page 562. Software, on page 565. Statistics, on page 565. Stf_filters, on page 566. Transaction Monitoring, on page 568. TTCP, on page 569. User, on page 570. Wins, on page 572. Basic Operations These operations require a confirmation. R ev isi o n 2. 0 524 C h ap t er H: Command Line Interface The options available include: Starting the WAFS Module, on page 524. Stopping the WAFS Module, on page 524. Restarting the WAFS Module, on page 524. Rebooting the WAFS Module, on page 525. Shutting down the System, on page 525. Pinging a Remote Machine, on page 525. Quiting the CLI, on page 526. Starting the WAFS Module Starts the WAFS module. To start the WAFS module: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# start Description Starts the WAFS module on the logged device. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# start Stopping the WAFS Module Stops the WAFS module. To stop the WAFS Module: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# stop Description Stops the WAFS module on the logged device. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# stop Restarting the WAFS Module Stops and then starts the application again. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur in g WAF S 525 To restart the WAFS Module: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# restart Description Stops and then restarts the application. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# restart Rebooting the WAFS Module To reboot the WAFS Module : Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# r eb o ot Description DIsplays the current syslog status. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0# r eb o ot Shutting down the System To shut down the system: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# shutdown Description Shuts down the system. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0# shutdown Pinging a Remote Machine To ping a remote machine: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 526 C h ap t er H: Command Line Interface Command {hostname}:filecontroller0#p i ng [ ho s t] Description Pings a remote machine. Parameters Enter a valid IP address Example with Syntax {hostname}:filecontroller0#ping 122.222.22 Quiting the CLI See Exiting or Quitting the Shell, on page 542. Cache Manages and displays cache-related information. The following configuations are available: Displaying Cache-related Information, on page 526. Displaying Cache Time To Live for Directories or Files, on page 526. Resetting Cached Information, on page 527. Displaying Cache-related Information To display the cache related information: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#cache [show] Description Displays cache-related information. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0#cache [show] Displaying Cache Time To Live for Directories or Files To display the cache time to live for directories or files: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur in g WAF S 527 Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#cache ttl set directories/files [seconds] Description Displays or sets cache Time To Live for directories or files. The Time To Live is expressed in seconds, where the default is 1800 (30 minutes) and the Maximum is 14,400. Parameters Enter a valid parameter as described above. Example with Syntax {hostname}:filecontroller0#cache ttl set directories/files 2500 Resetting Cached Information To reset the cache: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#cache invalidate Description Resets the TTL for the cached information, thereby forcing the FB to validate the updated information with the EFS. Parameters Enter a valid parameter as described above. Example with Syntax {hostname}:filecontroller0#cache invalidate Print Administration Activities The following configurations are available: Displaying Print Administrators, on page 527. Adding and Deleting Print Administrator Users, on page 528. Adding and Deleting Print Administrator Groups, on page 528. Displaying a List of Local Printers, on page 529. Displaying a Printing Driver’s Status, on page 529. Displaying Print Administrators To display print administrators: R ev isi o n 2. 0 528 C h ap t er H: Command Line Interface Enter the comand string that is shown in the table below: Command {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g a d mi ns li st Description Displays a list of printer administrators’ users and groups Parameters No additional parameters required Example with Syntax {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g a d mi ns li st Adding and Deleting Print Administrator Users To add or delete print administrators: Enter the comand string that is shown in the table below: {hostname}:filecontroller0#p r in ti Command n g a dm i ns a d d| de l et e u se r { [d o ma i n\ ]u s er } Description Lets you add or delete printer administrators users. Parameters No additional parameters required Example with Syntax {hostname}:filecontroller0#p r in ti n g a dm i ns a d d| de l et e u se r { [d o ma i n\ ]u s er } Adding and Deleting Print Administrator Groups To add or delete a print administrator group: Enter the comand string that is shown in the table below: Command {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g a d mi ns ad d| d el e te g r ou p { [d o ma i n\ ]u s er } Description Lets you add or delete printer administrators’ groups. Parameters Enter the username/group for the printer administrator Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g a d mi ns ad d username Co n fi g ur in g WAF S 529 Displaying a List of Local Printers To display a list of local printers: Enter the comand string that is shown in the table below: {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g d ev i ce s l is t Command Description Shows information regarding locally connected printers. Parameters No additional parameters required {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g d ev i ce s list Example with Syntax Displaying a Printing Driver’s Status To display a printing driver ’s status: Enter the comand string that is shown in the table below: {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g d ri v er s [ sh o w] Command Description Displays the status of the printing drivers. Parameters No additional parameters required Example with Syntax {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g d ri v er s show Setting Drivers The following configurations are available: Setting Automatic Client Driver Installation, on page 529. Setting Manual Client Driver Installation, on page 530. Storing Printer Drivers on the File Bank, on page 530. Storing Printer Drivers on the File Server, on page 530. Using Domain Users for Migrating Drivers, on page 531. Setting Automatic Client Driver Installation To set automatic client driver installation: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 530 C h ap t er H: Command Line Interface Command {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g d r iv er s s et se r ve r Description Setting point and print mode for client driver installation. Parameters No additional parameters required Example with Syntax {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g d r iv er s s et se r ve r Setting Manual Client Driver Installation To set manual client driver installation: Enter the comand string that is shown in the table below: Command {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g d r iv er s s et cl i en t Description Setting manual mode for client driver installation. Parameters No additional parameters required Example with Syntax {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g d r iv er s s et cl i en t Storing Printer Drivers on the File Bank To store printer drivers on the file bank: Enter the comand string that is shown in the table below: Command {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g d r iv er s s et lo c al Description Store uploaded printer drivers on local print $ share (on the File Bank). Parameters No additional parameters required Example with Syntax {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g d r iv er s s et lo c al Storing Printer Drivers on the File Server To store printer drivers on the file server: Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur in g WAF S 531 {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g d ri v er s s et re mo t e Command Description Store uploaded printer drivers on remote print $ share (on the File Server). Parameters Enter a valid UserID and domain name {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g a dm i ns a d d usermyuser Example with Syntax Using Domain Users for Migrating Drivers To use the domain user for migrating drivers: Enter the comand string that is shown in the table below: {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g d ri v er s m ig r at e { do m ai n| u se r} Command Description Use domain user to migrate drivers from File Server to the File Bank Parameters Enter a valid UserID and domain name {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g a dm i ns a d d usermyuser Example with Syntax Managing CUPS The following configurations are available: Restarting the CUPS Service, on page 531. Checking the CUPS Service, on page 532. Restarting the CUPS Service To restart the CUPS service: Enter the comand string that is shown in the table below: Command Description {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g r es t ar t Restarts the CUPS service, which is responsible for the print spooling and processing in the system. R ev isi o n 2. 0 532 C h ap t er H: Command Line Interface Parameters Example with Syntax No additional parameters required {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g restart Checking the CUPS Service To check the CUPS service: Enter the comand string that is shown in the table below: Command {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g s t at us Description Cheks the status of the CUPS service. This command checks only whether this service is supposed to run, and not the service’s actual state Parameters No additional parameters required Example with Syntax {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g s t at us Working with Printer Ports The following configurations are available: Displaying the Printer Ports’ List, on page 532. Adding and Deleting Printer Ports, on page 533. Forcing the Printer and the Share Name to be Equal, on page 533. Adding a Printer, on page 533. Deleting a Printer, on page 534. Displaying the Printer Ports’ List To display the printer ports list: Enter the comand string that is shown in the table below: Command Description Ac ce ler at o rOS 6 .1 .2 Us er Gui d e {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g p o rt s Displays the list of the existing printer ports, with their names and URI. Accelerator Local Port is the default printer port, which appears always, and only its name is displayed. All other printers added afterwards appear with both their names and URIs Co n fi g ur in g WAF S Parameters Example with Syntax 533 No additional parameters required {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g p or t s Adding and Deleting Printer Ports To add or delete printer ports: Enter the comand string that is shown in the table below: Command {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g p or t [ de l et e | a d d] [ n am e] Description Lets you add or delete a printing port. The default port Accelerator Local Port - cannot be modified or deleted. Parameters Enter a valid printing port name Example with Syntax {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g p or t a dd Accelerator Local Port2 Forcing the Printer and the Share Name to be Equal To force the printer and the share names to be equal: Enter the comand string that is shown in the table below: Command {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g s et t in gs fo r ce [ sh ow ] [ en a bl e| d is ab l e] Description Prevents the Windows Client from renaming the printer when uploading a new driver. Changing this setting requires restarting SAMBA. You should pay attention to the warning that appears in the CLI: "Changing this setting may cause clients that are connected to exported printer queues to be unable to print until they delete and reconnect to the print queue” Parameters No additional parameters required Example with Syntax {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g s et t in gs fo r ce show Adding a Printer To add a printer: R ev isi o n 2. 0 534 C h ap t er H: Command Line Interface Enter the comand string that is shown in the table below: {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g p r in te r s ad d [ n am e] [ UR I |I D ] [d e sc ri p ti o n] Command Description Adds a specific printer, inclduing the printer’s alphanumeric name, URI or ID and (optionally) a textual description. Parameters Enter a valid printer name, URI, ID and a descrption. {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g p r in te r s ad d myprinter Example with Syntax laserjet Deleting a Printer To delete a printer: Enter the comand string that is shown in the table below: Command {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g p r in te r s de l et e [ na m e] Description Deletes a specific printer by indicating the printer’s alphanumeric name. Parameters Enter the printer name Example with Syntax {h o st n am e} : fi le c on t ro ll e r0 #p r in t in g p r in te r s de l et e myprinter Managing Printers The following configurations are available: Changing an Existing Printer URI, on page 534. Displaying a List of all Existing Printers, on page 535. Printing a Test Page, on page 535. Changing an Existing Printer URI To change a printer ’s URI: Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur in g WAF S 535 {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g p ri n te rs se t [ na m e] [ n ew U RI ] [ ne w c om m en t ] Command Description Changes the URI of an existing printer. Parameters Enter a valid domain and user {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g a dm i ns add user Example with Syntax {mydomain\myuser} Displaying a List of all Existing Printers To display a list of all existing printers: Enter the comand string that is shown in the table below: {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g p ri n te rs [l i st ] Command Description Displays a list of all printers. Parameters No additional parameters required {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g p ri n te rs list Example with Syntax Printing a Test Page To print a test page: Enter the comand string that is shown in the table below: Command {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g p ri n te rs te s tp ag e { na m e} Description Prints a test page. Parameters Enter name of printer Example with Syntax {h os t na m e} :f i le co n tr o ll er 0 #p ri n t in g p ri n te rs te s tp ag e myprinter Managing WAFS Transparency The following configurations are available: Enabling / Disabling WAFS Transparency, on page 536. R ev isi o n 2. 0 536 C h ap t er H: Command Line Interface Excluding Certain Servers from WAFS Transparency, on page 536. Enabling / Disabling WAFS Transparency To add or delete print administrators: Enter the comand string that is shown in the table below: AC C 1( c on fi g )# wa f s Command AC C 1( W AF S) # tr an s pa r en cy e na b le | d is a bl e Description Enables or disables WAFS transparency. When WAFS transparency is enabled, the FileBank polls all servers by default. Parameters Enable to enable, disable to disable Example with Syntax AC C 1( c on fi g )# wa f s AC C 1( W AF S) # tr an s pa r en cy enable Excluding Certain Servers from WAFS Transparency To exclude certain servers from WAFS Transparency: Enter the comand string that is shown in the table below: Command AC C 1( W AF S) # tr an s pa r en cy e xc l ud e e xc l ud e d- se r ve rs Description Defines which servers to exclude from WAFS transparency. Parameters No additional parameters required Example with Syntax AC C 1( W AF S) # tr an s pa r en cy e xc l ud e e xc l ud e d- se r ve rs Creating Excluded Servers The following configurations are available: Displaying the Excluded Servers’ List, on page 537. Clearing the Excluded Servers’ List, on page 537. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur in g WAF S 537 Displaying the Excluded Servers’ List To display the excluded server ’s list: Enter the comand string that is shown in the table below: ACC1(W AF S )# s ho w t ra ns p ar e nc y e xc l ud ed - se rv e rs Command Description Displays the list of servers that are excluded from WAFS transparency. Parameters No additional parameters required ACC1(W AF S )# s ho w t ra ns p ar e nc y e xc l ud ed - se rv e rs Example with Syntax Clearing the Excluded Servers’ List To clear the excluded server ’s list: Enter the comand string that is shown in the table below: AC C1 ( WA F S) #t r an sp a re n cy e xc l ud ed se rv e rs cl ea r Command Description Clears the excluded servers’ list. Parameters No additional parameters required Example with Syntax AC C1 ( WA F S) #t r an sp a re n cy e xc l ud ed se rv e rs cl ea r Managing CIFS The following configurations are available: Displaying the CIFS Status, on page 537. Displaying the CIFS Status To display the CIFS status: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#cifs status R ev isi o n 2. 0 538 C h ap t er H: Command Line Interface Description Displays status of CIFS connections, shares and locks. Parameters No additional parameters required Example with Syntax {hostname}:filecontroller0#cifs status Compression Filters Displays and manages the list of compression filters. The followig configurations are available: Displaying Current Compression Filter’s List, on page 538. Adding/deleting a Filter to/from a List, on page 538. Displaying Current Compression Filter’s List To display the current compression filter ’s list: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#comp_f ilters list/clear Description Displays/clears a list of current compression filters. Parameters No additional parameters required Example with Syntax {hostname}:filecontroller0#comp_f ilters list/clear Adding/deleting a Filter to/from a List To add or delete a filter to/from the list: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#comp_f ilters add/delete {filter} Description Adds/deletes a given filter to/from a list. Parameters Add to add Delete to delete Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur in g WAF S Example with Syntax 539 {hostname}:filecontroller0#comp_f ilters delete {filter} Managing Time and Dates Changes and displays current date and/or time. The following options are available: Changing the System’s Date and Time, on page 539. Displaying the System’s Date and Time, on page 539. Changing the System’s Date and Time To change the date or time: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#date [DATE] [TIME] Description Changes the current system’s date and time. Parameters Make sure the date is mmddyyyy and time is hh:mm:ss Example with Syntax {hostname}:filecontroller0#date [DATE] [TIME] Displaying the System’s Date and Time To change the date or time: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#date Description Displays the current system’s date and time. Parameters No additional parameters necessary Example with Syntax {hostname}:filecontroller0#date Additional Options The following configurations are available: R ev isi o n 2. 0 540 C h ap t er H: Command Line Interface Diagnostics, on page 540. Setting a Domain Name, on page 540. Displaying the Current Domain Name, on page 541. Joining a FileBank to a Domain, on page 541. Switching to a UNIX Command Prompt, on page 541. Exiting or Quitting the Shell, on page 542. Diagnostics Runs Diagnostic Tests To run a diagnostic test: Enter the comand string that is shown in the table below: Command {h o s tn a m e} : f il e c on t r ol l e r0 # d ia g n os t ic s al l se t t in g s ha r d wa r e co m m un i c at i o n Description Runs diagnostics tests. You can use this command to diagnose either the full system, the configuration settings of the Accelerator, hardware problems or communication problems. Parameters All for complete diagnostics, settings to check the settings, hardware to check hardware functioning, or communication to test communication settings. Example with Syntax {h o s tn a m e} : f il e c on t r ol l e r0 # d ia g n os t ic s all Setting a Domain Name Sets or displays the Windows NT domain on a local network. This command also defines a domain name. To set the domain name: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#domain set Description Sets a domain name. Parameters No additional parameters needed Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur in g WAF S Example with Syntax 541 {hostname}:filecontroller0#domain set Displaying the Current Domain Name To display the domain name: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#domain show Description Displays the current domain name. Parameters No additional parameters needed Example with Syntax {hostname}:filecontroller0#domain show Joining a FileBank to a Domain To join the file bank to a domain name: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#domain join Description Joins a FileBank to the current domain. Parameters No additional parameters needed Example with Syntax {hostname}:filecontroller0#domain join Switching to a UNIX Command Prompt To switch toa UNIX command prompt: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#enable Description Switches to privileged mode command prompt (root shell). Requires knowledge of the root password. Parameters No additional parameters needed. Enter password when prompted. R ev isi o n 2. 0 542 C h ap t er H: Command Line Interface Example with Syntax {hostname}:filecontroller0#enable Exiting or Quitting the Shell To exit or quit the UNIX shell: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#exit/ quit Description Logs out from shell. Parameters No additional parameters needed. Example with Syntax {hostname}:filecontroller0#quit Fetch Manages fetch jobs and instances. The fetch commands are used for prepopulating the FileBank’s cache. Fetch jobs describe the entity that should be fetched, namely: a specific directory on a file server. Fetch instances perform the actual work. The following configuration options are available: Managing Fetch Jobs and Instances, on page 542. Displaying the Log of Fetch Instances, on page 543. Managing Fetch Jobs and Instances To manage Fetch jobs and instances: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#fetch jobs/instances Description Manages fetch jobs/instances. Parameters No additional parameters needed. Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e {hostname}:filecontroller0#fetch jobs Co n fi g ur in g WAF S 543 Displaying the Log of Fetch Instances To manage Fetch jobs and instances: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#fetch log Description Shows the log of current and completed fetch instances. Parameters No additional parameters needed. Example with Syntax {hostname}:filecontroller0#fetch log FileBank Director Configuration Settings Displays or manages the connected <Default ¬¹ Font>FileBank Director<Default ¬¹ Font> configuration. The following configurations are available: Displaying a List of FileBank Directors, on page 543. Adding or Deleting a FileBank Director:, on page 544. Defining the IP Port, on page 544. Enabling Disconnected Operation Handling, on page 544. Forcing Disconnected Mode, on page 545. Refreshing the List of Servers and Shares, on page 545. Getting Disk Utilization Reports, on page 545. Displaying a List of FileBank Directors To display a list of FileBank directors: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#fport list Description Shows a list of <Default ¬¹ Font>FileBank Director<Default ¬¹ Font>s. Parameters No additional parameters needed. Example with Syntax {hostname}:filecontroller0#fport list R ev isi o n 2. 0 544 C h ap t er H: Command Line Interface Adding or Deleting a FileBank Director: To add or delete a FileBank Director: Enter the comand string that is shown in the table below: {hostname}:filecontroller0#fport {add | delete} {FP} Command Description Adds or deletes a named <Default ¬¹ Font>FileBank Director<Default ¬¹ Font> to or from the FileBank Directors’ list. Default ports: UDP 4049, TCP 4049 are then assigned to this {FP}. Parameters Use a legal port number. {hostname}:filecontroller0#fport 4049 add FP Example with Syntax Defining the IP Port To define the IP port: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#fport {TCP | UDP} {FP}{PORT} Description Defines the IP port {PORT} for networking with the specified <Default ¬¹ Font>FileBank Director<Default ¬¹ Font> {FP}. Parameters Use a legal port number. Example with Syntax {hostname}:filecontroller0#fport {TCP | UDP} {FP}{PORT} Enabling Disconnected Operation Handling To enable disconnected operation handling: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#fport disconnected handle {FP}[on|off] Description Enable/disable disconnected operation handling for {FP}. Changes take effect only after FileBank reset. Parameters Use on to enable and Off to disable Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur in g WAF S Example with Syntax 545 {hostname}:filecontroller0#fport disconnected handle on Forcing Disconnected Mode To force disconnected operation mode: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#fport disconnected force {FP}[on|off] Description Force / unforce {FP} to be in disconnected mode. Changes take effect only after FileBank reset. Parameters Use on to enable and Off to disable Example with Syntax {hostname}:filecontroller0#fport disconnected force on Refreshing the List of Servers and Shares To refresh the list of File Servers and shares: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#gns refresh Description Refreshes the list of file servers. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0#gns refresh Getting Disk Utilization Reports To display the disk utilization report: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#iostat Description Shows the disk utilization report. Parameters No additional parameters required. R ev isi o n 2. 0 546 C h ap t er H: Command Line Interface Example with Syntax {hostname}:filecontroller0#iostat Getting WAFS Help Displays general or command-specific usage information. The following configurations are available: Displaying Help for All Available Commands, on page 546. Displaying Command-specific Help Information, on page 546. Displaying Help for All Available Commands To display help for all availabe commands: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#help Description Lists the commands and parameters. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0#help Displaying Command-specific Help Information To display help for all specific commands: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#help <command>/help <command> <subcommand> Description Provides command-specific help information. If a command is typed without a required parameter (or a wrong parameter), usage information is provided. Parameters No additional parameters required. Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e {hostname}:filecontroller0#help license install Co n fi g ur in g WAF S 547 Licensing WAFS Manages and displays license files. The following options are available: Installing a License, on page 547. Displaying the License File, on page 547. Checking the Validity of a License File, on page 547. Installing a License To install a license: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#license install {path} Description Installs a license file from the specified path. Parameters enter a valid path to the file. Example with Syntax {hostname}:filecontroller0#l ic e ns e i n st al l m yP a th t om yS e rv er Displaying the License File To install a license: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#l ic e ns e s h ow Description Shows the current license file. Parameters No additional parameters are required. Example with Syntax {hostname}:filecontroller0#license install myPathtomyServer Checking the Validity of a License File To check the validity of a license: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 548 C h ap t er H: Command Line Interface {hostname}:filecontroller0#l i ce ns Command e c h ec k [ {p a th }] Description Checks the validity of a license file (specified or current). Parameters No additional parameters are required. {hostname}:filecontroller0#license Example with Syntax check [{path}] WAFS Log Files Creates a log file and uploads it to a destination URL. This command also lists the event log, shows the current level of the log file and sets the minimal level. The following configurations are available: Uploading Logs to a URL, on page 548. Displaying Event Log, on page 548. Defining Minimal Level for Events to Log, on page 549. Displaying Log Level, on page 549. Displaying the Syslog Status, on page 550. Displaying All Log Archive Files, on page 550. Generating a New Log Archive File, on page 550. Uploading a Log Archive File, on page 551. Uploading Logs to a URL To upload logs to a URL : Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#log upload {URL} Description Uploads the current logs to the indicated URL. Parameters No additional parameters are required. Example with Syntax {hostname}:filecontroller0#log upload www.myurl.com Displaying Event Log To upload logs to a URL : Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur in g WAF S 549 Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#log show [all|communication|security|system] Description Lists the event log. Parameters No additional parameters are required. Example with Syntax {hostname}:filecontroller0#log show all Defining Minimal Level for Events to Log To define minimal level for events to be logged : Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#log level set {info|warning|error|critical} Description Sets minimal level for events to log. The lowest level being info and the highest being critical. Any log events below the level you set are not logged. Parameters Enter the log level (info, warning, error, critical) Example with Syntax {hostname}:filecontroller0#log level set info Displaying Log Level To display the log level : Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#log level show Description Displays the current log level. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0#log level show R ev isi o n 2. 0 550 C h ap t er H: Command Line Interface Displaying the Syslog Status To display the Syslog status : Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#log syslog status Description DIsplays the current syslog status. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0#log syslog status Displaying All Log Archive Files To display the log archive status : Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#l og ar ch i ve [l is t ] Description Lists all log archive files. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0#log archive [list] Generating a New Log Archive File To generate a new log file : Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#l og ar ch i ve ge ne r at e Description Generates a new log archive file. Parameters No additional parameters are needed Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e {hostname}:filecontroller0#l og ar ch i ve ge ne r at e Co n fi g ur in g WAF S 551 Uploading a Log Archive File To upload a log archive file : Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#l og a rc h iv e u pl oa d Description Uploads a log archive file to an FTP server. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0#log archive upload Managing Replication Services The following options are available: Starting an Unscheduled Replication, on page 551. Preparing for Replication, on page 552. Stopping Replication, on page 552. Displaying the Replication Status, on page 552. Enabling / Disabling Replication, on page 553. Displaying Replication Logs, on page 553. Displaying a Specific Log, on page 553. Setting Up Replication Service, on page 554. Managing the Replication User, on page 554. Managing the Replication Filters, on page 554. Managing the Replication Instances, on page 555. Managing the Replication Paths, on page 555. Starting an Unscheduled Replication To start an unscheduled replication : Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# r ep l ic at i on s t ar t Description Starts an unscheduled replication process now. Parameters No additional parameters are needed R ev isi o n 2. 0 552 C h ap t er H: Command Line Interface Example with Syntax {hostname}:filecontroller0# r ep l ic a ti on st ar t Preparing for Replication To prepare for a replication : Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# r ep l ic a ti on st ar t i n it ia l Description Starts initial pre-population of replication files from the file server to the FileBank Director. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0# r ep l ic a ti on st ar t i n it ia l Stopping Replication To stop the replication process: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# r ep l ic a ti on st op Description Stops the replication process. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0# replication stop Displaying the Replication Status To display the replication status : Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# r ep l ic a ti on st at u s Description Displays the replication process status. Parameters No additional parameters are needed Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur in g WAF S 553 {hostname}:filecontroller0# Example with Syntax r ep l ic at i on s t at u s Enabling / Disabling Replication To enable replication : Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# r ep l ic at i on e n ab l e/ di s ab le Description Enables or disables the replication service. Parameters Enable to enable, Disable to disable. Example with Syntax {hostname}:filecontroller0# r ep l ic at i on enable Displaying Replication Logs To display a replication log: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# r ep l ic at i on l o g l is t Description Lists all replication log files. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0# r ep l ic at i on l o g l is t Displaying a Specific Log To display a specific replication log: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# r ep l ic at i on l o g [ sh ow ] Description Displays a specific replication log. Parameters No additional parameters are needed R ev isi o n 2. 0 554 C h ap t er H: Command Line Interface Example with Syntax {hostname}:filecontroller0# replication log [show] Setting Up Replication Service To start an unscheduled replication : Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# r ep l ic a ti on se tu p Description Sets up replication service. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0# replication setup Managing the Replication User To manage the replication user: Enter the comand string that is shown in the table below: Command Description {hostname}:filecontroller0# r ep l ic a ti on us er Manages the replication user. For details see Managing the Replication User, on page 555. Parameters Example with Syntax No additional parameters are needed {hostname}:filecontroller0# replication user Managing the Replication Filters To manage the replication filter: Enter the comand string that is shown in the table below: Command Description {hostname}:filecontroller0# r ep l ic a ti on fi lt e rs Manages the replication filters. For details see Replication Service, on page 209. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur in g WAF S Parameters 555 No additional parameters are needed {hostname}:filecontroller0# Example with Syntax replication filters Managing the Replication Instances To manage a replication instance: Enter the comand string that is shown in the table below: {hostname}:filecontroller0# Command Description replication instances Manages the replication instances. For details see Replication Service, on page 209. Parameters No additional parameters are needed {hostname}:filecontroller0# Example with Syntax replication instances Managing the Replication Paths To manage a replication path: Enter the comand string that is shown in the table below: {hostname}:filecontroller0# Command Description r ep l ic at i on p a th s Manages the replication paths. For details see section Replication Service, on page 209. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0# r ep l ic at i on p a th s Managing the Replication User You must first define the internal replication user on the system with the user command (see User, on page 570.), and then assign this user as replication user with the Replication User command. The following are available: Displaying the Current Replication User, on page 556. R ev isi o n 2. 0 556 C h ap t er H: Command Line Interface Defining the Replication User, on page 556. Deleting the Replication User, on page 557. Displaying the Current Replication Filters, on page 557. Clearing All Replication Filters, on page 557. Adding or Deleting a Replication Filter, on page 558. Listing the Replication Instances, on page 558. Adding a New Replication Path, on page 559. Deleting a Replication Paths, on page 559. Deleting All Replication Paths, on page 559. Displaying the Current Replication User To display a replication user: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# r ep l ic a ti on us er [s h ow ] Description Displays the current replication user. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0# r ep l ic a ti on us er [s h ow ] Defining the Replication User To define a replication user: Enter the comand string that is shown in the table below: {hostname}:filecontroller0# Command r ep l ic a ti on us er se t { do m ai n \u se r na me } Description Sets the replication user. Parameters No additional parameters are needed Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e {hostname}:filecontroller0# r ep l ic a ti on us er se t { do m ai n \u se r na me } Co n fi g ur in g WAF S 557 Deleting the Replication User To delete a replication user: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# r ep l ic at i on u s er de le t e Description Deletes the current replication user. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0# r ep l ic at i on p a th s Displaying the Current Replication Filters To display the current replication filter: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# r ep l ic at i on f i lt e rs [ l is t] Description Lists the current replication filters (file types). Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0# r ep l ic at i on f i lt e rs [ l is t] Clearing All Replication Filters To clear all replication filters: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# r ep l ic at i on f i lt e rs c l ea r Description Clears the current replication filters (file types). Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0# replication filters clear R ev isi o n 2. 0 558 C h ap t er H: Command Line Interface Adding or Deleting a Replication Filter To delete a replication user: Enter the comand string that is shown in the table below: {hostname}:filecontroller0# Command r ep l ic a ti on fi lt e rs ad d/ d el et e { fi l te r } Description Adds or deletes the current replication filter. Parameters No additional parameters are needed Example with Syntax {hostname}:filecontroller0# replication filters add myfilter Listing the Replication Instances To list a replication instance: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# r ep l ic a ti on in st a nc e s [l i st ] Description Displays all replication instances. The possible values are as follows: Running The instance is running FinishedThe instance has finished successfully FailedThe instance has failed due to an error (see log) AbortedThe instance has been aborted by the user Parameters Enter one of the parameters above Example with Syntax {hostname}:filecontroller0# replication instances running Displaying all Replication Paths To display all replication paths: Enter the comand string that is shown in the table below: Command Description Ac ce ler at o rOS 6 .1 .2 Us er Gui d e {hostname}:filecontroller0# r ep l ic a ti on pa th s [ l is t] List all current replication paths. Co n fi g ur in g WAF S Parameters Example with Syntax 559 Enter one of the parameters above {hostname}:filecontroller0# r ep l ic at i on p a th s [ li s t] Adding a New Replication Path To add a new replication path: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# replication paths add {UNCPATH} [PRIORITY] Description Adds a new replication path. Parameters Path and priority Example with Syntax {hostname}:filecontroller0# replication paths add {UNCPATH} [PRIORITY] Deleting a Replication Paths To delete a replication path: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# replication paths delete {PATH-ID Description Deletes a replication path. Parameters Enter the name of the path Example with Syntax {hostname}:filecontroller0# replication paths delete {PATH-ID Deleting All Replication Paths To delete all replication paths: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# replication paths clear Description Deletes all replication paths. Parameters Enter one of the parameters above R ev isi o n 2. 0 560 C h ap t er H: Command Line Interface Example with Syntax {hostname}:filecontroller0# replication paths clear Scheduling Events Displays and manages scheduled events. The following actions can be performed: Displaying Scheduled Events, on page 560. Adding Scheduled Events, on page 561. Deleting Scheduled Events, on page 561. Clearing All Scheduled Events, on page 561. Displaying Actions for Scheduling To display actions for scheduling: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# schedule actions Description Lists all actions that can be scheduled. Replication schedule actions: replication.start and replication.stop Parameters No additional parameters required Example with Syntax {hostname}:filecontroller0# schedule actions Displaying Scheduled Events To display scheduled events: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# schedule events [list] Description Lists all events. Parameters No additional parameters required Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e {hostname}:filecontroller0# schedule events [list] Co n fi g ur in g WAF S 561 Adding Scheduled Events To add a scheduled event: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# schedule events add {ACTION NAME] {TIME} Description Adds a new daily recurring event. Parameters Enter the following: A name for the action that appears on the list of actions A time for it to occur. HH:MM Example with Syntax {hostname}:filecontroller0# schedule events add clear 23:00 Deleting Scheduled Events To delete a scheduled event: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# schedule events delete {EVENT ID} Description Deletes a scheduled event. Parameters Enter one of the parameters above Example with Syntax {hostname}:filecontroller0# schedule events delete {EVENT ID} Clearing All Scheduled Events To clear all scheduled events: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# schedule events clear Description Clears all scheduled events. Parameters Enter one of the parameters above Example with Syntax {hostname}:filecontroller0# schedule events clear R ev isi o n 2. 0 562 C h ap t er H: Command Line Interface Service Management Lets you enable or disable the current service, and also check whether the service is enabled. The following actions can be performed: Enabling or Disabling the Current Service, on page 562. Checking whether the Current Service is Enabled, on page 562. Displaying the List of Services, on page 563. Activating a Service, on page 563. Creating a <Default ¬¹ Font>FileBank Director<Default ¬¹ Font> Service, on page 563. Creating a <Default ¬¹ Font>FileBank Director<Default ¬¹ Font> HA, on page 564. Creating a <Default ¬¹ Font>FileBank<Default ¬¹ Font> Service, on page 564. Enabling or Disabling the Current Service To enable or disable the current service: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# service [enable] [disable] Description Enables or disables the current service. Parameters Enable to enable, Disable to disable Example with Syntax {hostname}:filecontroller0# service enable Checking whether the Current Service is Enabled To check if the current service is enabled: Enter the comand string that is shown in the table below: Command Description Ac ce ler at o rOS 6 .1 .2 Us er Gui d e {hostname}:filecontroller0# service [status] Checks whether the current service is enabled. Co n fi g ur in g WAF S Parameters Example with Syntax 563 No additional parameters needed {hostname}:filecontroller0# service [status] Displaying the List of Services To display a list of services: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# services [list] Description Displays the list of services Parameters No additional parameters needed Example with Syntax {hostname}:filecontroller0# services [list] Activating a Service To activate a service: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# services set {service-name} Description Sets the SERVICE as active. All operations will act on SERVICE from now on. Service-name should be a valid service name (for example: FileBank Director0/FileBank Director1), monitored by cluster. Parameters enter the service’s name Example with Syntax {hostname}:filecontroller0# services set {service-name} Creating a <Default ¬¹ Font>FileBank Director<Default ¬¹ Font> Service To create a FileBank director service: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 564 C h ap t er H: Command Line Interface Command {hostname}:filecontroller0# services create FileBank Director Description Creates a <Default ¬¹ Font>FileBank Director<Default ¬¹ Font> service. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# services create FileBank Director Creating a <Default ¬¹ Font>FileBank Director<Default ¬¹ Font> HA To create a FileBank director HA: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# services create FileBank Director ha Description Creates a <Default ¬¹ Font>FileBank Director<Default ¬¹ Font> HA. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# services create FileBank Director ha Creating a <Default ¬¹ Font>FileBank<Default ¬¹ Font> Service To create a file bank service: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# services create filecontroller Description Creates a <Default ¬¹ Font>FileBank<Default ¬¹ Font> service. Parameters No additional parameters required. Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e {hostname}:filecontroller0# services create filecontroller Co n fi g ur in g WAF S 565 Software Displays version numbers for all currently installed software packages. The following configuration options are available: Displaying Version Numbers, on page 565. Displaying Version Numbers To display the version number: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# software version Description Displays the version numbers of all currently installed software packages. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# software version Statistics Shows product statistics. The following configuration options are available: Displaying File Statistics, on page 565. Uploading Yearly Statistics, on page 566. Displaying the Current Status, on page 566. Displaying File Statistics To display file statistics: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# stastics Description Displays a table of indicated file statistics for today/past week/ past month. Parameters No additional parameters required. R ev isi o n 2. 0 566 C h ap t er H: Command Line Interface Example with Syntax {hostname}:filecontroller0# stastics Uploading Yearly Statistics To create a file bank service: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# statistics upload {FTP_URL} Description Uploads the yearly statistics file to the destination URL. Note: The URL protocol must be FTP and the URL must end in a filename. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# statistics upload {FTP_URL} Displaying the Current Status Displays the current status of the system. To create a file bank service: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# status Description Shows the current status of the system. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# status Stf_filters Displays, adds and deletes STF (Short Term Files) filters. STF filters define the files which are not sent by the <Default ¬¹ Font>FileBank<Default ¬¹ Font> to the <Default ¬¹ Font>FileBank Director<Default ¬¹ Font>. For example, the default STF filter in the <Default ¬¹ Font>FileBank<Default ¬¹ Font> includes *.TMP files which are not sent by the <Default ¬¹ Font>FileBank<Default ¬¹ Font> to the <Default ¬¹ Font>FileBank Director<Default ¬¹ Font>. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur in g WAF S 567 The following configuration options are available: Displaying Current STF Filters, on page 567. Clearing the List of Current STF Filters, on page 567. Adding or Deleting a Filter, on page 567. Displaying Current STF Filters To display current STF filters: Enter the comand string that is shown in the table below: Command Description Parameters Example with Syntax {hostname}:filecontroller0# stf filters list Lists current STF filters. No additional parameters required. {hostname}:filecontroller0# stf filters list Clearing the List of Current STF Filters To clear the list of current filters: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# stf filters clear Description Clears the list of filters. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# stf filters clear Adding or Deleting a Filter To add or delete filters: Enter the comand string that is shown in the table below: Command Description {hostname}:filecontroller0# stf filters add/delete {FILTER} Add or deletes a given filter to/from the list. R ev isi o n 2. 0 568 C h ap t er H: Command Line Interface Parameters Example with Syntax No additional parameters required. {hostname}:filecontroller0# stf filters delete filtername Transaction Monitoring Enables the monitoring of Read and Write transactions. The following configuration options are available: Displaying the Requested Transactions, on page 568. Stopping the Transaction of a Specific ID, on page 568. Displaying the Requested Transactions To display the requested transaction: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# transaction list Description Lists transactions that match the filter. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# transaction list Stopping the Transaction of a Specific ID To stop a transaction of a specific ID: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# transaction stop [id] Description Stops the transaction of the given ID. Parameters No additional parameters required. Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e {hostname}:filecontroller0# transaction stop [id] Co n fi g ur in g WAF S 569 TTCP Times the transmission and reception of the data between two systems using TCP protocol. Client should receive a server's hostname parameter, which indicates the remote TCP server destination. Measuring the Receiving Host To measure the receiving host: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# ttcp server Description Run this on the host to which you want measure traffic. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# ttcp server Measuring the Sending Host To measure the sending host: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# ttcp client {server} Description Run this on the host from which you want measure traffic. Specify the host on which you run the 'ttcp server' as SERVER. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# ttcp client {server} Displaying the System’s Current Uptime To display the system’s current uptime: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# uptime R ev isi o n 2. 0 570 C h ap t er H: Command Line Interface Description Displays the period of time for which the system has been running since it was last booted. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# uptime User Manages the users’ database. The following configuration options are available: Displaying a List of All Users, on page 570. Adding or Deleting a User, on page 570. Changing a User’s Password, on page 571. Displaying a List of All Users To display a list of all users: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# user list Description Lists all users. Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# user list Adding or Deleting a User To add or delete a user: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# user add/ delete {domain\user} Description Adds or deletes a given user to/from the list. Parameters Add to add, Delete to delete. You also need the domain and UserName. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur in g WAF S Example with Syntax 571 {hostname}:filecontroller0# user delete mydomain\myuser Changing a User’s Password To change a user ’s password: Enter the comand string that is shown in the table below: Command Description Parameters Example with Syntax {hostname}:filecontroller0# user password {domain\user} Changes the given user's password (prompts for new password). old password, new password {hostname}:filecontroller0# user password mydomain\myuser Configuring Virtual Memory Statistics Reports virtual memory statistics. The report is repeated 10 times at 5 seconds’ intervals. The following configuration options are available: Displaying Virtual Memory Statistics, on page 571. Displaying Virtual Memory Statistics To virtual memory statistics: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0# vmstat Description Reports virtual memory statistics. The report is repeated 10 times at 5 second intervals. Note:Press Ctrl-C to interrupt Parameters No additional parameters required. Example with Syntax {hostname}:filecontroller0# uptime R ev isi o n 2. 0 572 C h ap t er H: Command Line Interface Wins Manages WINS server settings for automatic registration. The following configuration options are available: Setting a WINS Server Address, on page 572. Deleting Current WINS Server, on page 572. Displaying Current WINS Server, on page 572. Setting a WINS Server Address To set a WINS server address: Enter the comand string that is shown in the table below: Command Description Parameters Example with Syntax {hostname}:fp0# wins server set {ADDRESS} Sets the WINS server address. No additional parameters required. {hostname}:fp0# wins server set {ADDRESS} Deleting Current WINS Server To delete the current WINS server: Enter the comand string that is shown in the table below: Command {hostname}:fp0# wins server delete Description Deletes the current WINS server settings. Parameters No additional parameters required. Example with Syntax {hostname}:fp0# wins server delete Displaying Current WINS Server To display the current WINS server: Enter the comand string that is shown in the table below: Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Co n fi g ur in g WAF S Command {hostname}:fp0# wins server [show] Description Shows the current WINS server settings. Parameters No additional parameters required. Example with Syntax 573 {hostname}:fp0# wins server [show] R ev isi o n 2. 0 574 C h ap t er H: Command Line Interface Configuring Security You can set the following basic AAA parameters: Accessing the Transport Type ! WARNING! Disabling Console access immediately disconnects you from the Accelerator’s CLI Enabling or Disabling Access to the Transport Type To enable or disable access to the transport type: Enter the comand string that is shown in the table below: ACC1(conf)#aa a Command Description AC C 1( a aa )# t ra ns p or t i np u t ( te l ne t |s sh | co ns o le | we b| s ec ur e w eb | ft p |s nm p |t ft p ) ( en a bl e |d is a bl e) Enables or disables access to the transport type. For example, typing: transport input web disable disables access to the Accelerator via the WebUI. By default, all transport types are set to enabled, except FTP and TFTP which are set to disabled Parameters Enter parameter string as described above ACC1(conf)#aa a Example with Syntax AC C 1( a aa )# t ra ns p or t i np u t ( te l ne t |s sh | co ns o le | we b| s ec ur e w eb | ft p |s nm p |t ft p ) ( en a bl e |d is a bl e) Configuring Servers The following options are available: Configuring the IP Address and Port, on page 575. Setting the Radius Server Timeout, on page 575. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C o n fi gu r i ng S ec ur it y 575 Configuring the TACACS Server, on page 575. Setting the TACACS Server Timeout, on page 576. Configuring Authentication, on page 576. Displaying the Authentication Server, on page 577. Defining/Deleting the Authentication Server, on page 577. Configuring the IP Address and Port To configure the raduis server: Enter the comand string that is shown in the table below: Command AC C1 ( aa a )# ra d iu s n a me [ server name] i p [ x. x. x .x ]| ke y [ encryption key] | p or t [ tcp port for the server]) Description Sets the RADIUS server and server information including IP address, encryption key and TCP port. The default port is 49. Parameters Enter server name, IP address and port number Example with Syntax AC C1 ( aa a )# ra d iu s n a me [ server name] i p [ x. x. x .x ]| ke y [ encryption key] | p or t [ tcp port for the server]) Setting the Radius Server Timeout To set the radius server timeout: Enter the comand string that is shown in the table below: Command AC C1 ( aa a )# ra d iu s n a me [ server name] t im e ou t Description Sets the timeout in seconds between 0 and 5000 to wait for a server to reply. The default timeout is 180 seconds. Parameters Enter parameter string as described above Example with Syntax AC C1 ( aa a )# ra d iu s n am e myserver t im e ou t 180 Configuring the TACACS Server To configure the TACACS Server: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 576 C h ap t er H: Command Line Interface Command AC C 1( a aa )# t ac ac s + n am e [ server name] i p [ x. x .x .x ] | k ey [ encryption key] | or de r [ server authentication order] | p or t [ tcp port for the server] Description Sets the TACACS server and server information including IP address, encryption key and TCP port. The default port is 1645. Parameters Enter parameter string as described above Example with Syntax ACC1(aaa)#tacacs+ name myserver ip 122.22.222| key mykey | order 2| port 8080 Setting the TACACS Server Timeout To set the TACACS server timeout: Enter the comand string that is shown in the table below: Command AC C 1( a aa )# t ac ac s na me [ server name] t im e ou t Description Sets the timeout in seconds between 0 and 5000 to wait for a server to reply. The default timeout is 180 seconds. Parameters Enter parameter string as described above Example with Syntax ACC1(aaa)#tacacs name myserver timeout 2000 Configuring Authentication To set the server to be authenticated: Enter the comand string that is shown in the table below: Command AC C 1( a aa )# a ut he n ti c at io n l og i n [ lo c al | ra d iu s | t a ca cs ] Description Sets server to be checked. If more than one authentication type is used, lists the server types in the order in which they are to be authenticated. Parameters Enter parameter string as described above Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e ACC1(aaa)#authentication login local C o n fi gu r i ng S ec ur it y 577 Displaying the Authentication Server To display the authentication server: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#authsr v [list] Description Displays current authentication server. Parameters No additional parameters required Example with Syntax {hostname}:filecontroller0#authsr v [list] Defining/Deleting the Authentication Server To set the server to be authenticated: Enter the comand string that is shown in the table below: Command {hostname}:filecontroller0#authsr v add/delete {host} Description Defines or deletes current authentication server. Parameters Add to add, Delete to delete Example with Syntax {hostname}:filecontroller0#authsr v add/delete {host} Configuring Users’ Accounts This section contains the following configuration options Enabling / Disabling a User’s Account Creating and Setting a User’s Access Setting the Local Password Enabling / Disabling a User’s Account To enable or disable a specified user ’s account: Enter the comand string that is shown in the table below: R ev isi o n 2. 0 578 C h ap t er H: Command Line Interface A CC 1 (a aa ) #u se r [ user name] [ l oc k |u nl o ck ] Command Description Disables or enables the specified user’s account. Parameters Enter the user name and Lock to lock, Unlock to unlock. A CC 1 (a aa ) #u se r myusername lock Example with Syntax Creating and Setting a User’s Access To create and set a specified user ’s access level: Enter the comand string that is shown in the table below: AC C 1( aa a )# u se r [ user name] r ol e [ ad m in is t ra t or | n et ad m in | mo ni t or ] p as s wo rd lo c al [ password | n o ne ] Command Description Creates users and sets the user’s access level: Administrators have complete access to the Accelerator and its commands. netadmins have complete access to the Accelerator and its commands with the exception of the Security commands. monitors can access the Accelerator’s CLI but cannot modify configuration. Only administrator users can write a configuration. To set a local password, type in the user name and local password and press Enter. You will be prompted to enter a password. If local is set to none, passwords are necessary only for the remote authentication servers. Parameters Enter parameter string as described above Example with Syntax AC C 1( aa a )# u se r myuser ro l e administrator p as sw o rd lo ca l mypassword Setting the Local Password To set the local password: Enter the comand string that is shown in the table below: Command AC C 1( a aa )# e xi t Ac c 1# pa ss w or d l oc a l Description To set a local password, type in the user name and local password and press Enter. You will be prompted to enter a password. Parameters Enter parameter string as described above Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C o n fi gu r i ng S ec ur it y AC C1 ( aa a )# ex i t Example with Syntax i 579 Ac c1 # p a ss wo r d lo c al myusername mypssword NOTE: Use the command no user [name] to remove a user. You cannot remove a root user, but you can modify the password. (Changing an <Default ¬¹ Font>Expand<Default ¬¹ Font> user’s password will automatically change the root user as well.) Viewing AAA Configuration You can use the following show commands to view AAA configuration: show aaa You can enter the show aaa command from the configuration mode. This command lists all the AAA options and their settings. Acc1(config)# show aaa telnet transport-input status.....enable ssh transport-input status........enable console transport-input status....enable web transport-input status........enable secure-web transport-input status.enable ftp transport-input status........disable tftp transport-input status.......disable snmp transport-input status.......enable User Name Status Role root permitted administrator <Default ¬¹ Font>expand<Default ¬¹ Font> permitted administrator user1 permitted administrator user2 permitted netadmin user3 permitted monitor First Authentication Method.......Local Second Authentication Method......Radius Third Authentication Method.......TACACS+ Maximum Failed Login Attempts.....5 R ev isi o n 2. 0 580 C h ap t er H: Command Line Interface Server Name Server Order IP Port Time-out radius first rad2 10.0.130.139 1645 180 radius second rad3 10.0.130.132 1645 180 radius third rad4 24.0.214.160 1645 180 tacacs first tac2 21.0.214.160 49 180 Co nf i gu ra t io n C ha n ge A u di t E ve n t. .d i sa b le Cr ea t e Li n k A ud it Ev en t .. . .. .. . .. .d i sa b le show authentication order The show authentication order command lists which of the authentication servers is set as the first, second and third level authentication server. Ac c1 ( aa a) # s h ow a u th en t ic a ti on lo gi n o r de r Fi rs t A ut h en t ic at i on M e th o d. .. . .. .L o ca l Se co n d Au t he n ti ca t io n M et h od .. . .. .R a di u s Th ir d A ut h en t ic at i on M e th o d. .. . .. .T A CA C S+ show servers The show servers command lists the authentication servers defined in the Accelerator. Ac c1 ( aa a) # s h ow s e rv er s Server Order Server Name IP Port Time-out radius first rad2 10.0.130.139 1645 180 radius second rad3 10.0.130.132 1645 180 radius third rad4 24.0.214.160 1645 180 tacacs first tac2 21.0.214.160 49 180 -+ show transport input The show transport input command lists all possible management protocols and services available and their status. Ac c1 ( aa a) # s h ow t r an sp o rt in pu t te ln e t tr a ns p or t- i np ut st a tu s. . .. .e n ab l e ss h t ra ns p or t -i np u t st a tu s .. .. . .. .e n ab l e Ac ce ler at o rOS 6 .1 .2 Us er Gui d e C o n fi gu r i ng S ec ur it y 581 c o ns ol e t ra n sp o rt -i n pu t s ta t us .. . .e na b le w e b tr a ns po r t- i np ut st at u s. . .. .. . .e na b le s e cu re - we b t ra n sp or t -i np u t s ta tu s .e na b le f t p tr a ns po r t- i np ut st at u s. . .. .. . .d is a bl e t f tp t r an sp o rt - in pu t s ta t us . .. .. . .d is a bl e s n mp t r an sp o rt - in pu t s ta t us . .. .. . .e na b le show user The show user command lists the users and their authorization levels. A c c1 (a a a) # s ho w u se r User Name Status Role root permitted administrator expand permitted administrator user1 permitted administrator user2 permitted netadmin user3 permitted monitor Unlocking or Locking the Keypad i NOTE: If you lock the keypad via the WebUI or via the CLI, you cannot use the keypad’s unlock sequence to unlock the keypad. In such a case, the unlock operation can be carried out only via the CLI or the WebUI To lock or unlock the keypad: Enter the comand string that is shown in the table below: Command ACC1(config)#l c d l oc k | u nl o ck Description Locks/unlocks the keypad. Parameters Lock to lock, Unlock to unlock Example with Syntax ACC1(config)#l c d lock R ev isi o n 2. 0 582 C h ap t er H: Command Line Interface Upgrading the Software OS Copying the New Bundle File To copy the new bundle file: Enter the comand string that is shown in the table below: Command AC C1 # copy [scp | sftp | tftp | ftp | http] [bu n d l e n a m e ] [b u n d l e location] Description This command, used for copying any file, lets you upgrade the AcceleratorOS in any of the methods mentioned above, by copying the upgrade bundle file from its location. You should use the following format for specifying the location: user:password@ip/file-path. Parameters Enter the parameters as described above Example with Syntax AC C1 # copy ftp mybundlename mybundlelocation Rebooting the Accelerator after Copying the New Bundle File To reboot after copying the file: Enter the comand string that is shown in the table below: Command AC C1 # reboot [b u n d l e n a m e ] Description This command should be used when upgrading, for the Accelerator to use the new bundle file after rebooting. Parameters Enter the same bundle name you entered in the previous section Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e AC C1 # reboot mybundlename Tech n ic al S u p p or t In fo r m a ti on Technical Support Information 583 Initiating ByPass Mode Showing Technical Support Information To show technical support information: Enter the comand string that is shown in the table below: ACC1#sh ow te ch - su p po rt [ co n ti nu o us ] Command Description Lists all information necessary to troubleshoot Accelerator problems. Information gathered here includes: version information, license state, CPU and memory utilization, events, link statistics, interface statistics, QoS configuration, route-rules, discovered traffic, running configuration and startup configuration. Press More to view additional output each time; alternatively, add the parameter Continuous to enable continuous output. Parameters Enter the same bundle name you entered in the previous section Example with Syntax ACC1#sh ow te ch - su p po rt continuous Listing Log Events To reboot after copying the file: Enter the comand string that is shown in the table below: Command AC C1 # sh o w AC C 1# sh o w e ve nt s [ lo n g | s ho rt ] f i lt er se ve r it y f ro m [ fa ta l | w ar n in g | er r or | i nf o ] to [f at a l | w ar n in g | e rr o r |i n fo ] t ai l [ nu m be r o f l as t x e v en ts to be d i sp la y ed ] R ev isi o n 2. 0 584 C h ap t er H: Command Line Interface Description Lists Accelerator events. Long gives all available information on the event, while short gives a brief summary of each event. Parameters Enter the same bundle name you entered in the previous section Example with Syntax Ac ce ler at o rOS 6 .1 .2 Us er Gui d e AC C 1# s ho w A CC 1 #s ho w ev en t s long filter severity from fatal to info tail 100 Appendix I: Glossary This chapter provides brief descriptions of some key terms mentioned in this user guide, together with the relevant context of these terms to the AcceleratorOS. A AAA Protocols AAA stands for Authentication, authorization, and accounting, a system used in IP-based networking for controlling access to computer resources, enforcing policies, and tracking the activity of users over a network Authentication provides a means for identifying a user, usually by having the user enter a valid user name and valid password before access is granted. Authorization grants or denies a user access to network resources, after the user has logged in to a system (namely: has been authenticated via the username and password). Accounting tracks the user activity while accessing the network and measures the resources a user consumes during access, such as the amount of data a user has sent and/or received during a session. This data is used for purposes such as auditing, billing and trend analysis. The AcceleratorOS supports the AAA functionality as a fundamental method for ensuring security within the Accelerator. For details, see section Security, on page 287. 586 C h ap t er I: Glossary ACL An access control list (ACL) is a table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. The most common privileges include the ability to read a file (or all the files in a directory), to write to the file or files, and to execute the file (if it is an executable file, or program). Microsoft Windows NT/2000, Novell's NetWare, Digital's OpenVMS, and Unix-based systems are among the operating systems that use access control lists. The list is implemented differently by each operating system. ARP ARP (Automatic Resolution Protocol) is a low-level protocol within the TCP-IP suite, which maps IP addresses to a physical address, for example: a corresponding Ethernet or MAC address. The AcceleratorOS lets you add a static ARP entry, by mapping a specific IP address to a specific MAC address. For details, see section Creating Static ARP Entries, on page 255. Authentication server A Windows domain controller (either a PDC, BDC or Active Directory) to be used for authenticating users. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 587 B Bit Error Rate (BER) Bit Error Ratio (BER) is the ratio of bits that have errors compared with the total number of bits received in a transmission, used for measuring the quality of a signal path.The BER is usually shown as a negative exponent (for example: 10-6, which means one of 1,000,000 bits is in error). AcceleratorOS offers WAN compression over various network topologies, including High BER networks. For details, see section Features and Benefits, on page 2. C Citrix/ICA Citrix ICA stands for Citrix® Independent Computing Architecture. This protocol enables Citrix to separate screen updates and user input processing from the rest of the application’s logic. When using a Citrix ICA Client, all application logic executes on the server and only screen updates, mouse movements and keystrokes are transmitted via the Citrix ICA session. Almost any application can run on a Citrix server, and therefore use Citrix ICA. The AcceleratorOS uses Citrix (Post Acceleration) Aggregation, which handles and optimizes the transfer of small packets by aggregating several small packets into one big packet. CIFS Common Internet File System (CIFS) is a standard proposed by Microsoft for remote file-system access protocol for use over the Internet. CIFS lets groups of users work together and share documents across the Internet or within corporate Intranets, by enabling programs to make requests for files and services on remote computers on the Internet. R ev isi o n 2. 0 588 C h ap t er I: Glossary The WAFS solution integrated within the AcceleratorOS accelerates CIFS traffic. For details, see section Application-specific Acceleration, on page 3. CLI Command Line Interface D DC Domain Controller DFS Distributed File System DHCP DHCP stands for Dynamic Host Configuration Protocol, a protocol for assigning dynamic IP addresses to devices on a network. You can choose to enable DHCP so that the IP address and default gateway are determined dynamically at startup time. A DHCP server must be running on your network to use this feature. Reserve static IP addresses for the EXPAND devices. The MAC address for each device is printed on the device. Dynamic addressing enables a device to have a different IP address every time it connects to the network. The AcceleratorOS offers DHCP server functionality in the remote branch. For details, see section Configuring DHCP Servers, on page 71. DNS servers Domain Name Service. Up to 3 DNS servers can be used to dynamically lookup host names. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e DSFS DiskSites File Services E EFS Enterprise Filing System Ethernet The most widely-installed LAN standard, which is used for connecting network peripherals, such as scanners, printers and computers, within the same building or campus. The original form of Ethernet is officially known as the IEEE 802.3 Ethernet standard. However, with the advance of technology and networks speed, several faster adaptations have emerged, with data rates of 10 Mbits/sec, 100 Mbits/sec (Fast Ethernet), and 1,000 Mbits/ sec (Gigabit Ethernet). All Accelerator models have a dedicated Ethernet port, which supports both 10 Mbits/sec and 100 Mbits/sec rates. For details, see section Connecting the Network Cables, on page 16. You can also use the WebUI for viewing a statistic detailing of the data displayed on the monitoring graphs. For details, see section Viewing Ethernet Statistics, on page 96. 590 C h ap t er I: Glossary H Hop An intermediate connection between two network devices, for example: transferring a data packet from one router to the next in a routed network such as the Internet. The larger the number of hops in a routing process, the longer it takes for a data packet to travel from source to destination. In On-LAN configuration, the Expand Accelerator becomes the next hop for traffic on the LAN destined to the WAN. For details, see section OnLAN, on page 8. HSRP HSRP (Hot Standby Routing Protocol) is Cisco routing protocol that enables automatic switching to a backup router in the event of failure. Using HSRP, several routers act as a single virtual router, so that if a certain router fails, the routing responsibilities are transferred to another router in a process that is transparent to the user. Using HSRP, Expand Accelerators can take part in HSRP/VRRP groups with available routers or Layer-3 switches (or even other available Accelerators) to provide backup in the rare case of Accelerator failure. For details, see section On-LAN, on page 8. HTTP HTTP (Hypertext Transfer Protocol) is an application protocol that runs on top of the TCP/IP suite of protocols and is used for transferring files of any type on the World Wide Web between Web clients and Web servers. The AcceleratorOS offers HTTP acceleration. For details, see section Configuring HTTP Acceleration, on page 144. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 591 I IPCOMP The IP Payload Compression protocol (IPComp) reduces the size of IP dekagrams by compressing the datagrams to increase the communication performance between two partners. The intent is to increase overall communication performance when the communication is over slow or congested links. IPComp does not provide any security and must be used along with either an AH or an ESP transform when the communication occurs over a VPN connection. When setting up a link, the AcceleratorOS lets you select IPCOMP as one of the methods to encapsulate the packets streaming through your network. For details, see section Adding Links, on page 47. J Jitter In Voice over IP (VoIP), jitter refers to a packet delay that affects the quality of the voice conversation. Expand Networks’ Citrix Acceleration plug-in reduces latency and jitter, especially over slow WAN links. L LAN Local Area Network Latency Latency refers to the time it takes a packet to cross a network connection, from sender to receiver. In networking, latency and bandwidth determine the speed of your connection; high latency and low bandwidth lead to slow, inefficient connection speed. Latency typically increases when moving from LAN to WAN. R ev isi o n 2. 0 592 C h ap t er I: Glossary Real-time applications, such as robotics and aircraft, and interactive applications, such as desktop conferencing, are extremely sensitive to high latency. The AcceleratorOS offers several measures for combatting high latency, such as: WAN compression, TCP acceleration and using QoS for prioritizing the traffic. For details see section Application-specific Acceleration, on page 3, and chapter Applying QoS, on page 101. M MIME Type A file identification method, based on the MIME encoding system. The MIME type has become the de facto standard for identifying content on the Internet. For example, an e-mail message that contains an attachment has a MIME type embedded in its header, in order to identify the attachment type. MIME Type is one of the main parameters used for detecting applications to provide the QoS service. Expand supports many MIME types. For details and examples of the most common MIME types supported by the AcceleratorOS, see appendix MIME Types. MPLS MPLS (Multi Protocol Label Switching) is a packet switching protocol, which adds a 32-bit label to each packet to improve network efficiency and to enable routers to direct packets along predefined routes in accordance with the required quality of service (QoS). The label is added when the packet enters the MPLS network, and is based on an analysis of the packet header. The label contains information on the route along which the packet may travel, and the forwarding equivalence class (FEC) of the packet. Packets with the same FEC are routed through the network in the same way. The use of FECs allows guaranteeing QoS levels to be guaranteed, and MPLS allows creating IP tunnels through a network, so that VPNs can be implemented without encryption. MPLS is one of the various network topologies to which the AcceleratorOS fits seamlessly, providing the highest WAN compression Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 593 performance available. For details, see section Features and Benefits, on page 2. N Nagle The Nagle algorithm is used for reducing LAN and other network congestion from TCP applications, by automatically concatenating several small buffer messages. This process (called nagling) increases the efficiency of a network application system by decreasing the number of packets that must be sent. When properly applied, the nagling process enables TCP applications to use network resources more efficiently. O OSPF OSPF (Open Shortest Path First) is a routing protocol that determines the best path for routing IP traffic over a TCP/IP network based on distance between nodes and several quality parameters. Using OSPF, a host that obtains a change to a routing table or detects a change in the network immediately multicasts the information to all other hosts in the network so that all hosts will have the same routing table information. The AcceleratorOS can be configured to work with dynamic routing protocols, such as OSPF and RIP. For details, see section Working with OSPF, on page 59. R ev isi o n 2. 0 594 C h ap t er I: Glossary P Packet Header Packet header is the portion of data packet that is placed at the beginning of a block of data being stored or transmitted. In internet transmissions, the header contains data necessary for successful transmission, such as the sender’s and recipient’s IP addresses and timing information. Expand Networks’ Router Transparency encapsulation (RTM) enables compressing only the packets’ payload, while leaving the original IP header and the original TCP/UDP header in their original forms so that their information is available across the network. Policy-Based Routing Policy-based routing (PBR) enables routing packets based on policies set by network administrators, instead of by using routing tables. This technique may be useful when needing to specify a path or a higher priority for certain traffic, or when the packet should be forwarded based on a different criteria than set by the routing table. PBR is one of the methods used for redirecting WAN traffic through the Accelerator, to enable the Accelerator’s deployment in On-LAN mode. For details, see section Enabling Packet Interception, on page 63. Q QoS QoS, which stands for Quality of Service, is a mechanism for controlling and ensuring resource reservation. Setting a QoS policy helps system administrators prioritze the traffic that flows across the network, in order to prevent greedy and rogue applications from dumping the network, and to combat the congestion and latency that all contribute to poor application and network performance. Using QoS enables organizations to allocate bandwidth to mission-critical applications, slow down noncritical applications, and stop bandwidth abuse in order to efficiently deliver networked applications to the branch office. Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 595 The AcceleratorOS offers a powerful yet simple QoS solution, which lets system administrators quickly obtain a comprehensive picture of the traffic that traverses the network, and easily apply the QoS policy. For details see chapter Applying QoS, on page 101. R RADIUS RADIUS (Remote Authentication Dial-In User Service) is an open and scalable client/server security system. RADIUS is one of the AAA Protocols used for applications such as network access or IP mobility, and it is intended to work in both local and roaming situations. The RADIUS server is one of the authentication servers that the AcceleratorOS lets you set and manage in the Accelerator. For details, see Setting Authentication Preferences, on page 291. RIP RIP (Routing Information Protocol) is a routing protocol used for exchanging the entire routing table among routers in an autonomous network, such as a corporate LAN or an interconnected group of such LANs. The routing table transmission takes place every 30 seconds, thereby making RIP more suitable for small homogenous networks. In larger, more complicated networks the major alternative to RIP, OSPF, is generally used. The AcceleratorOS can be configured to work with dynamic routing protocols, such as OSPF and RIP. For details, see section Working with RIP, on page 63. S SCPS SCPS (Space Communication Protocol Standard) is a protocol suite, designed to enable communication over challenging environments such as satellite and wireless links. This suite was jointly developed by R ev isi o n 2. 0 596 C h ap t er I: Glossary NASA and the Department of Defense USSPACECOM, as TCP/IP was frequently found inefficient in such environments, due to latency created by long transmission path lengths and the noise associated with wireless links. However, SCPS’ transport protocol (SCPS-TP) functioning over the existing terrestrial Internet system was found to be as good as that of TCP/IP, and SCPS was adopted as a standard by ISO. For additional details regarding SCPS, see SCPS website ((http:// www.scps.org). Expand Networks’ TCP Acceleration uses the SCPS protocol package to reduce the impact of TCP limitations. For more details, see section Studying SCPS, Expand’s TCP Acceleration Solution, on page 134. SNACK SNACK (Selective Negative Acknowledgement) is a method used by the SPCS-TP protocol for reducing the amount of data that needs to be transmitted and increasing the retransmissions’s speed. SNACK does that by sending only a request for missing packets, unlike TCP, which retransmits the missing packet as well as all packets already transmitted after the missing packet. For additional details, see section Error Detection and Proactive Resolution, on page 135. STF Short Term Files T TACACS+ TACACS+ (Terminal Access Controller Access Control System+) is a TCP-based authentication protocol, which enables administration of user passwords in a central database that resides on a separate server, instead of in individual routers, thereby providing an easily scalable network security solution. TACACS+ is an open protocol that can be ported to any username or password database. The AcceleratorOS lets you set Authentication Servers (Radius, TACACS+ and Local) and Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 597 manage these servers and their preference order in the Accelerator. For details, see section Setting Authentication Preferences, on page 291. TCP TCP (Transmission Control Protocol) is used, together with the Internet protocol (IP) for sending data in the form of message units between computer over the Internet. TCP manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. In the Open System Interconnection (OSI) model, TCP is in Layer-4, the Transport Layer. TCP performs well on LANs but does not deal well with the high latency and high-packet-loss found on many WANs. For details, see section Studying SCPS, Expand’s TCP Acceleration Solution, on page 134. Tunneling A technology that enables one network (usually a private, corporate network) to send its data via another network’s connections (usually a public network). Tunneling works by encapsulating the private network data and protocol information within the public network transmission units so that the private network protocol information appears to the public network as data. Tunneling allows the use of the Internet, which is a public network, to convey data on behalf of a private network. AcceleratorOS lets you set a link so that all its traffic is forced into the tunnel. U UDP UDP (User Datagram Protocol), just like TCP, is a communication protocol used together with the Internet protocol (IP) for sending data in the form of message units between computer over the Internet. However, unlike TCP, UDP transfers packets as a whole and does not provide the services of dividing, reassembling and sequencing the packets. Therefore, this protocol is suitable for network applications that R ev isi o n 2. 0 598 C h ap t er I: Glossary want to save processing time because they have very small data units to exchange and very little reassembling to do. In the Open System Interconnection (OSI) model, UDP is in Layer-4, the Transport Layer. Expand Networks’ encapsulation accelerates the transmission of either UDP or TCP packets, by compressing either the entire packet or only the packet’s payload. V VRRP VRRP (Virtual Router Redundancy Protocol) is an Internet protocol that enables having one or more backup routers when using a statically configured router on a LAN. Two or more routers are set up with VRRP, and one is elected the "master." The master router continuously sends advertisement packets to the backups, and if the advertisements stop, one of the backup routers becomes the master. All routers share a "virtual IP" address, so they are all seen as one address. VRRP can also be used for load sharing. Using HSRP, Expand Accelerators can take part in HSRP/VRRP groups with available routers or Layer-3 switches (or even other available Accelerators) to provide backup in the rare case of Accelerator failure. For details, see section On-LAN, on page 8. W WAN Wide Area Network WCCP The Web Cache Communication Protocol (WCCP) is a Ciscodeveloped content-routing technology that specifies interactions between one or more routers (or Layer 3 switches) and one or more Ac ce ler at o rOS 6 .1 .2 Us er Gui d e 599 web-caches. The purpose of the interaction is to establish and maintain the transparent redirection of selected types of traffic flowing through a group of routers. “Transparent” in this context means that end users need not configure their browsers to use a web proxy, but rather use the target URL to request content, and have their requests automatically redirected to a cache engine. The traffic redirection optimizes resource usage and lowers response times. WCCP is one of the methods used for redirecting WAN traffic through the Accelerator in order for the ON-LAN deployment to work. For additional details, see section Enabling Packet Interception, on page 63. R ev isi o n 2. 0 600 C h ap t er I: Glossary Ac ce ler at o rOS 6 .1 .2 Us er Gui d e Appendix J: Index A AAA configuring via the CLI 574 configuring the Radius server 574 configuring users 577 viewing AAA configuration 579 configuring via the WebUI 290 configuring users 290 defining the security settings 293 setting authentication preferences 291 description 288 ACC1 421 AccDump 328 download files 329 enable 328 access authentication 288 activating WCCP 449 Active Directory 586 adding entries to the ARP cache 495 advanced QoS configuring 122 setting parameters 115 using 39 aggregation aided by Syslog server 271 applying aggregation classes to an application 487 configuring classes 482 defining aggregation class 106 enabling classes per link 485 prioritizing applications 103 selecting a class 156 setting by using the Decision screen 127 setting in the My Links screen 260 setting limit 485, 486 setting window 486 ARP adding entries to the ARP cache via the CLI 495 clearing the ARP cache 495 creating static ARP entries 255 Assigning 501 assigning a link to a wan 501 Authentication 164 Authentication server 586 Authentication servers, compatibility with 162 B bandwidth setting a minimum bandwidth desired 40 bandwidth management Layer-7 and bandwidth management 4 setting the bandwidth 44 bypass mode carrying out the troubleshooting procedure 300 checking the link status 307 602 C h ap t er J: Index description 14 in an On-Path deployment 250 C Cache Management 202 checking Ethernet settings 308 checking for corrupted terminals 313 checking HSRP malfunction 314 checking lack of acceleration 311 checking link malfunction 312 checking QoS malfunction 315 CIFS defining active cache method 22 clearing the ARP cache 495 Compact Flash replacing the Accelerator in the field 28 upgrading the AcceleratorOS software 318 compression by using IPComp 23, 48 by using IPComp encapsulation 261 Citrix’s internal compression mechanism 346 configuring header compression 261 disabling compression disabling Citrix encryption and compression 347 disabling Citrix NFuse compression 346 in the PNAgent client 352 on SAP 358 next-generation WAN compression 3 QoS’ integration with 103 viewing compression statistics per application 91 per link 82 Compression filter 197 Configuring 159 configuring Accelerator NetFlow 356 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e configuring Accelerator networking 41 configuring DHCP servers 71 configuring OSPF via the WebUI 60 configuring remote subnets manually 56 configuring RIP via the CLI 446 via the WebUI 63 configuring router polling via the CLI 443 via the WebUI 61 configuring secondary IP addresses 45 configuring subnets manually 54 via the CLI 425, 433 Configuring the File Server/Domain Controller 166 configuring the WAN 44 configuring the wizard 21 configuring WCCP via CLI 448 copying last saved startup configuration to running configuration 516 new bundle file 582 rebooting the Accelerator after 582 running configuration as startup configuration 320 core allocation tuning in deployments with asymmetric bandwidth 452 creating static ARP entries 255 D Defining Shared Directories 166 deployment Citrix deployment benefits in terminal and thin client deployments 347 603 Citrix metaframe deployments 106 controlling latency and jitter 346 configuring via the CLI 424 defining deployment size 22 defining deployment type 22 setting deployment type via the CLI 427 transparency configuring transparency support 147, 463 in On-LAN deployments 143 in On-Path deployments 143, 261 DFS 195, 588 DHCP servers configuring via the CLI 454 via the WebUI 71 Disconnected Operation 227 reconnection 228 DISKSITES Services Issues DHCP services 244 displaying information for troubleshooting 305 DNS 229 DNS acceleration 152 benefits 4, 38 DNS Acceleration Configuring via the WebUI 152 DNS servers 588 Domains 163 DSFS 589 dynamic routing a feature in WAN compression 3 configuring RIP dynamic routing 32 configuring router polling 33 integrating into networks that use 32 setting routing strategy 27 E Editing 50 Enabling Packet Interception 63 enabling WCCP 449 encryption 104 Ethernet checking Ethernet settings 308 Ethernet port configuring NetFlow 356 connecting out-of-band management 269 Ethernet statistics viewing via the CLI 471 via the WebUI 96 event log checking for unusual errors checking error events 302 checking fatal events 303 checking info events 302 checking warning events 302 Expand solution 160 ExpandView working with Accelerators via 247 external monitoring devices 33 external QoS devices integrating into 33 F Fetch Settings 207 Fetch Users 203 File Server/Domain configuring 166 File servers 195 File servers, compatibility with 162 File Services Functions 199 FileBank adding FileBank Directors 199 cache management 202 deleting FileBank Directors 199 fetch settings 207 filters 204 license settings 184 R ev isi o n 2. 0 604 C h ap t er J: Index print services 215 short term files filter 204 Time to Live settings 202 users 203 Windows domain 201 FileBank Director compression filter 197 file servers 195 file services 193 settings 193 Setup Wizard 174, 178 system functions 174, 178 FileBank Director Settings 193 Filters 204 FTP acceleration configuring via the WebUI 149 definition 4 H high latency environment installing in 37 HSRP configuring autodetecting HSRP groups 498 enabling HSRP automatic detection 280 setting HSRP group number 498 setting manual HSRP configuration 280 understanding router redundancy protocols 256 HTTP acceleration configuring 144 via the CLI 459 via the WebUI 144 definition 4 setting rules 148 HTTP transparency in On-Path deployment 143 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e I installing the Accelerator On-Path using bypass mode 14 OnPath 8 IP address configuration 21 configuring router polling 62 configuring secondary 45 configuring subnets manually 54 configuring the Accelerator 425 creating QoS rules 124 creating static ARP entries 255 defining OSPF and RIP neighbors defining a RIP neighbor 447 defining an OSPF neighbor 442 editing a subnet 55 enabling NetFlow 475 settings 22, 25 setting a network for broadcasting the Accelerator’s rules 442 setting ExpandView agent parameters 73 setting links via the wizard 23 setting the Accelerator’s clock 70 setting the remote device 429 setting the WCCP router IP 451 L latency causing slower session start 134 computing 137 increased by waiting for ACK packets 133 installing in a high latency environment 37 SpeedScreen Latency Reduction Manager 351 TCP poor handling of high latency 132 605 using Citrix acceleration plug-in to reduce 106 using packet fragmentation to prevent violation of VoIP/video latency budgets 103 ways to reduce DNS acceleration 152 DNS caching 152 packet aggregation 503 packet fragmentation 260, 502 scaling the transmission window 135 TCP Vegas 140 using QoS 102, 594 using SCPS 135 Layer-7 applications classifying 110 discovering 88 identifying Citrix Layer-7 applications 353 Layer-7 QoS 4 monitoring and reporting 5 License Settings 184 links adding via the my links screen 47 assigning a link to a WAN 501 creating and editing 46 via the CLI 52 defining advanced settings 22 defining maximum number of 22 editing via the my links screen 50 enabling citrix acceleration 156 generating trend reports via ExpandView 267 managing 259 noisy links 34 setting applications as monitored 473 setting definitions for a new link 260 setting the Accelerator to enable external QoS 33 setting the bandwidth of 118 checking QoS malfunction 315 setting to work in large cache mode 501 traffic discovery 94 using graphs to view link statistics 80 acceleration 81 compression 82 summary graphs 95 utilization 80 using the statistics table to view link statistics 83 checking lack of acceleration 311 viewing interface statistics for a specific link 472 for all links 471 M monitoring window description 78 my links screen uses adding links 47 editing links 50 using for setting links 23 N NetFlow configuring NetFlow support 98 enabling via the CLI 474 via the WebUI 99 identifying the traffic 98 NetFlow compliance as an Expand benefit 5 NetFlow monitored statistics 331 requiring router transparency encapsulation 49 template fields 334 network topology optimizing 42 R ev isi o n 2. 0 606 C h ap t er J: Index networks asymmetric networks optimization 136 computing latency 138 congestion avoidance 136 defining printers for 190 IP-based network On-LAN 8 On-Path 8 managing links 259 overviewing your network performance 95 preparing network integration 13, 54 Non-Link 46 O On-LAN deployment asymmetrical encapsulation settings 261 configuring transparency support 147 defining encapsulation settings 430 enabling packet interception 63 RTM support for 49 setting routing strategy 27 setting the deployment type in the CLI 427 using WCCP to forward traffic to an On-LAN accelerator 65 working with VLAN in 252 On-LAN installation at a data center 35 configuring Accelerator NetFlow in 357 defining encapsulation settings 23 use in IP-based network 8 On-Path deployment applying HTTP transparency to the server side 143 configuring NetFlow support 98 configuring transparency support 147 defining encapsulation settings 23 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e enabling router transparency encapsulation 261 operating in bypass mode 250 setting the deployment type in the CLI 427 using bridge route 27 working with bypass mode 14 working with VLAN 253 On-Path installation configuring NetFlow 357 operating requirements 21 OSPF adding remote subnets manually 56 configuring 32, 60 configuring subnets manually 54 setting dynamic routing 53, 59 using out-of-band management 269 working with 59 P packet interception configuring 35 enabling 63 Print Services 215 prioritizing applications methods of 39 when creating a new Citrix application 112 when creating a new Web application 110 when creating a QoS rule 123 when filtering traffic 117 prioritizing traffic by using traffic shaping 119, 120 Q QoS And router transparency 594 applications 607 creating 105, 109 creating Citrix applications 111 creating Web applications 110 modifying 109 benefits of the Expand QoS solution end-to-end application performance monitoring 102 guaranteed bandwidth for specific applications 103 restricting rouge and greedy applications 103 seamless integration with compression 103 transparent to existing QoS infrastructure 102 checking lack of acceleration 311 malfunction 315 configuring the WAN 44 configuring via the CLI 475 defining scalable 268 dropped out packets 84 external QoS devices 33 Layer-7 QoS bandwidth management 4 managing links 259 part of On-Path configuration 8 providing QoS services to virtual links 46 router transparency 23 rules creating 122 editing 126 understanding 116 setting inbound 121 understanding how QoS works QoS rules 116 studying QoS bandwidth allocation 118 traffic filtering 117 traffic shaping 118 using advanced 39 R RAID 277 RDP description 347 disabling compression and encryption 348 recovering the password 301 redundancy 277 RIP configuring 63, 65, 66 via the CLI 446 via the WebUI 32, 63 packet interception 35 setting routing 53 dynamic routing 59 subnet routing 53 setup checklist 15 working with 63 RIP dynamic routing configuring 32 router polling configuring via the CLI 443 setting dynamic routing 59 setting routing strategy 27 using out-of-band management 269 working with 61 router redundancy HSRP 278 On-LAN deployment 9 understanding router redundancy protocols 278 VRRP 278 router transparency creating new links 261 monitoring device in a cloud 43 preserving network integrity 6 setting links via the wizard 23 setting the link to work with 430 WAN compression 3 with a QoS device 43 R ev isi o n 2. 0 608 C h ap t er J: Index RS232 console 11 rules route rules working with router polling 61 S SCPS standard compliance of TCP acceleration with 4 congestion avoidance 136 description 132 error detection via SNACK 135 link outage support 136 preserving network integrity 6 standard number 410 studying SCPS 134 TCP spoofing 136 secondary IP address configuring in the WebUI 45 Security 287 security Accelerator’s AAA 288 authentication setting authentication method 292, 293 setting authentication servers 292 entering user-defined password 25, 256 locking and unlocking the keypad 295 managing users defining authorization for a new user 290 deleting users 291 modifying authorization for an existing user 291 using Verisign security certificate 78 setup via the WebUI 19 setup wizard accessing 21 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e configuring 21 defining advanced settings 22 reviewing configuration 25 setting links via 22 setting time 24 Shared Directories defining 166 Short Term Files filter 204 SNACK use in SCPS protocol 135 SNTP setting the Accelerator’s time 70 SSH enabling secure management 6, 18 logging into the Accelerator via 420 subnet routing setting 53 summary graphs viewing 95 T TCP acceleration computing latency 137 configuring 139 via the WebUI 139 editing links 50 enabling 141 link outage support 136 optimizing WANs in a high latency environment 37 understanding the shortcomings of TCP 132 TCP service ID setting 36 technical support displaying information for troubleshooting 305 time setting the Accelerator time 70 Time to Live settings 202 traffic discovery 609 discovering Layer-7 applications 88 enabling L-7 traffic discovery via the CLI 472 gathering statistics for detected applications 93, 95, 99 viewing detailed 86 traffic shaping how it is applied 118 prioritizing applications 39, 103 role in the QoS mechanism 115 transparency support configuring 147, 463 Troubleshooting 299 DISKSITES services issues 244 general 236 networking issues 236, 239 security issues 238, 242 troubleshooting displaying information for 305 U UDP service ID setting 36 upgrading the AcceleratorOS software via the CLI 582 via the WebUI 318 V Verisign security certificate using 78 virtual links 46 VLAN including the Accelerator in a VLAN group 253 setting in the CLI 497 working with in an On-LAN configuration 252 in an On-Path configuration 253 VRRP Setting VRRP Group Number 499 understanding router redundancy protocols 256 W WAFS FileBank categories 192 additional services 190 file services 189 system 189 utilities 190 FileBank Director categories 187 file services 187 system 187 utilities 188 WAFS transparency enabling 536 excluding servers from 536 WAN adding via the CLI 497 via the WebUI 248 addressing ‘WAN-Outs’ 4 assigning a link to 501 configuring configuring NetFlow support 98 configuring the WAN 44 defining link speed 78 enabling bursts 482 enabling packet interception 63 identifying ongoing traffic 98 setting the bandwidth of QoS bandwidth allocation 118 setting inbound QoS 121 via the CLI 428 via the WebUI 22 setting to work in strict-priority mode 482 viewing detected applications 86 WAN bandwidth R ev isi o n 2. 0 610 C h ap t er J: Index configuring the Accelerator 428 setting 22 studying QoS bandwidth allocation 118 WAN bursts 119 WCCP configuring via the CLI 448 activating 449 enabling 449 setting authentication 450 setting priority 450 setting router IP 451 setting TCP service ID 451 setting UDP service ID 451 installing On-LAN at a data center 35 using out-of-band management 269 Web-intensive environment installing in 38 Windows Domain 201 Windows domain controller 586 Working with Accelerators Via ExpandView 205 Ac ce ler at o rOS 6 .1 .2 Us er Gui d e