WAN Optimization in MPLS Networks- the Transparency Challenge!



Similar documents
How Network Transparency Affects Application Acceleration Deployment

Certes Networks Layer 4 Encryption. Network Services Impact Test Results

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks

Virtual Privacy vs. Real Security

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.

WAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO

LinkProof And VPN Load Balancing

WAN Optimization. Riverbed Steelhead Appliances

Voice Over IP Performance Assurance

How To Use The Cisco Wide Area Application Services (Waas) Network Module

Cisco CCNP Optimizing Converged Cisco Networks (ONT)

Basics of Internet Security

Cisco Wide Area Application Services (WAAS) Software Version 4.0

Preparing Your IP network for High Definition Video Conferencing

Cisco IWAN and Akamai Intelligent Platform : Maximize Your WAN Investment

Quality of Service (QoS) for Enterprise Networks. Learn How to Configure QoS on Cisco Routers. Share:

WhitePaper: XipLink Real-Time Optimizations

The need for bandwidth management and QoS control when using public or shared networks for disaster relief work

The FX Series Traffic Shaping Optimizes Satellite Links

WAN Optimization with Cisco s WAAS

Private Cloud Solutions Virtual Onsite Data Center

Implementing Cisco Quality of Service QOS v2.5; 5 days, Instructor-led

Cisco IOS Flexible NetFlow Technology

Cisco Network Analysis Module Software 4.0

IMPLEMENTING CISCO QUALITY OF SERVICE V2.5 (QOS)

MPLS and NetEnforcer Synergy. Enhancing the control of MPLS-based, enterprise managed services with Allot's NetEnforcer

AppDirector Load balancing IBM Websphere and AppXcel

Cisco Which VPN Solution is Right for You?

DOMINO Broadband Bonding Network

Firewall Defaults and Some Basic Rules

The Basics. Configuring Campus Switches to Support Voice

Cisco Wide Area Application Services Version 4.0

Assuring Your Business Continuity

Mesh VPN Link Sharing (MVLS) Solutions

Site2Site VPN Optimization Solutions

the about MPLS security

How To Create A Qos

"Charting the Course to Your Success!" QOS - Implementing Cisco Quality of Service 2.5 Course Summary

Monitoring Service Delivery in an MPLS Environment

Preparing Your IP Network for High Definition Video Conferencing

Best Practices in Legal IT. How to share data and protect critical assets across the WAN

How To Choose A Network Firewall

Optimizing Converged Cisco Networks (ONT)

White Paper. Complementing or Migrating MPLS Networks

About Firewall Protection

Extreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF

Introduction of Intrusion Detection Systems

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

Cisco WAAS Express. Product Overview. Cisco WAAS Express Benefits. The Cisco WAAS Express Advantage

Chapter 5 Configuring QoS

Network Performance Monitoring at Minimal Capex

Lecture 17 - Network Security

Application Visibility and Monitoring >

Is Your Network Ready for VoIP? > White Paper

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

NetFlow/IPFIX Various Thoughts

This topic lists the key mechanisms use to implement QoS in an IP network.

Optimizing Performance for Voice over IP and UDP Traffic

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

How-To Configure NetFlow v5 & v9 on Cisco Routers

Cisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved.

5. DEPLOYMENT ISSUES Having described the fundamentals of VoIP and underlying IP infrastructure, let s address deployment issues.

Advanced VSAT Solutions Bridge Point-to-Multipoint (BPM) Overview

The Ultimate Guide to Gaining Control of the WAN

UNIFIED PERFORMANCE MANAGEMENT

IP videoconferencing solution with ProCurve switches and Tandberg terminals

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Quality of Service. Traditional Nonconverged Network. Traditional data traffic characteristics:

Providing Secure IT Management & Partnering Solution for Bendigo South East College

IPCOM S Series Functions Overview

Managed Services: Taking Advantage of Managed Services in the High-End Enterprise

Quality of Service (QoS): Managing Bandwidth More Effectively on the Series 2600/2600-PWR and Series 2800 Switches

Solution Brief. Secure and Assured Networking for Financial Services

QoS (Quality of Service)

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Application Note How To Determine Bandwidth Requirements

AN OVERVIEW OF SILVER PEAK S WAN ACCELERATION TECHNOLOGY

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Whitepaper. Controlling the Network Edge to Accommodate Increasing Demand

AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0

Cisco and Visual Network Systems: Implement an End-to-End Application Performance Management Solution for Managed Services

Integration Guide. EMC Data Domain and Silver Peak VXOA Integration Guide

MITEL. NetSolutions. Flat Rate MPLS VPN

VPN Solution Guide Peplink Balance Series. Peplink Balance. VPN Solution Guide Copyright 2015 Peplink

Introduction to Differentiated Services (DiffServ) and HP-UX IPQoS

VXLAN: Scaling Data Center Capacity. White Paper

Why SSL is better than IPsec for Fully Transparent Mobile Network Access

Analyzing MPLS from an ROI Perspective

Understanding VPN Technology Choices

Transcription:

DATE OF ISSUE May 2005 AUTHOR Efi Gat mor 103 Eisenhower Parkway Roseland, NJ 07068 USA TEL +1.888.892.1250 +1.973.618.9000 FAX +1.973.618.9254 www.expand.com WAN Optimization in MPLS Networks- the Transparency Challenge! White Paper PAGE 1 OF 5

Introduction Today s modern Wide Area Networks (WANs), such as MPLS networks, provide much more than just a framework for information transport. Many large enterprises use a networking infrastructure provided by a service provider (SP) and employ some or all of its services on the network. In fact, the recent consolidation trend of servers, storage and applications relies more heavily on the WAN to provide an intelligent path for connecting users in remote offices to the core and data center. Using the provided services, the enterprise can: Route traffic (routing/vpn) Assure and maintain the network s connectivity (resilience/traffic Engineering) Prioritize and shape the traffic (QoS/Traffic Engineering) Monitor traffic, applications, sessions and users on the network (monitoring) Secure traffic (VPN/encryption) Protect the network (Firewall/IDS) Pay per type of traffic and usage (billing/accounting) Deploying WAN optimization devices in a modern enterprise WAN can present integration challenges, especially when advanced services such as the ones listed above are used. Most WAN optimization devices tunnel the compressed traffic between appliances, changing the original packet header and payload. Any WAN service that relies on the original packet header information will not be able to function once the header and payload have been hidden inside the tunnel traffic. Expand Networks Accelerator was designed to seamlessly integrate into modern WAN's through a combination of features and functions. The Challenges In order to better understand the integration challenges, let s look at a real life example: PAGE 2 OF 5

This enterprise has a central office in New York, three district offices in London, Hong Kong and Johannesburg and about 100 remote branches all over the globe. It uses MPLS infrastructure from the service provider to connect between the offices. Each branch relies on a Customer Edge (CE) router, provided and provisioned by the service provider. The Customer Edge router is connected to a Provider Edge (PE) router and to the MPLS network core. The Customer Edge router is responsible for routing and preparing (marking) the packet for Provider Edge router labeling inside the MPLS network. The MPLS labeling itself is done in the Provider Edge router. The Enterprise s IT department uses the following services: QoS:? The MPLS network provides 3 classes of service: Best Effort/Mission Critical/Real-time? The Enterprise prioritizes its Citrix/ICA traffic as mission critical, its VoIP as real-time and the rest of the traffic gets best effort? The Customer Edge routers implement the necessary classification and marking of the applications Monitoring:? Each Customer Edge router has a NetFlow probe that collects flow information. The center office collects the data and generates reports on traffic flows in the network Security/Protection:? Most of the branches have Firewalls? The central office and the district offices have intrusion detection (IDS) appliances? The Customer Edge routers provide IPSec encryption for the sensitive data in the organization Due to slow application response times and high-bandwidth costs, the enterprise decided to deploy Expand Accelerators in most of the branches in order to optimize applications. On average, the Accelerators provided 4 times more bandwidth on the same physical links and optimized response times; however, there were a few potential integration challenges with the current network services in use. As mentioned earlier, most WAN optimization devices create an IP tunnel to the remote device and send all the compressed packets through this tunnel. The compressed packets have a new IP header that hides the original IP header information. Like all other WAN optimization devices, the Accelerator uses, by default, an IPComp header as the IP header for the tunneled packets. This default encapsulation, however, poses a serious challenge to the additional services used on the network. As soon as the Accelerator starts to compress traffic, the Customer Edge routers stop seeing the original IP flows and see only IPComp traffic (for compressed traffic). This will cause the following: The QoS classification cannot classify Citrix and VoIP traffic and these flows will not be prioritized correctly The NetFlow probes will report only on IPComp traffic instead of the original IP flows PAGE 3 OF 5

Assuming the firewalls and the IDS appliances are deployed after the Accelerator (toward the WAN), they will not be able to protect the sites from internal threats since those threats are tunneled and not visible The Customer Edge router will not be able to apply encryption on parts of the traffic according to its sensitivity Expand is the only vendor to offer an elegant solution to this problem. The Solution These integration challenges are common to all the WAN optimization devices available in the market. Expand Networks offers a unique set of solutions that can overcome these integration problems. All of these solutions can be configured easily via the Accelerator s user-friendly WebUI, or via the Cisco-like CLI. IP Header Preservation The Accelerator can be configured to preserve certain fields of the original IP header and copy them to the tunnel s IPComp header. The Accelerator can preserve the ToS (DSCP) values of the original IP packet and/or the IP source address of the original packet. For some MPLS deployments, preserving these fields is enough to enable the original equipment to tag the packet and prioritize it in the MPLS core. By default, the Accelerator tunnel s encapsulation supports IPComp header with ToS preservation. In our example Enterprise, this mode does not provide sufficient transparency for supporting all the employed services. NetFlow monitoring, for example, will not report on all the IP flows. If the Customer Edge QoS policy is responsible for marking packets, it will not be able to do that in this mode. Also, the security services will not be able to identify threats on the tunneled packets. Router Transparency Mode In order to provide full transparency for compressed traffic, Expand Networks offers a unique tunnel encapsulation mode, Router Transparency Mode (RTM). In Router Transparency Mode, the full IP header and the TCP and UDP header are preserved and the network has full visibility of all IP flows. Using RTM, all of the Enterprise s current and future services are guaranteed to function properly: The Customer Edge routers can classify, shape and mark traffic and IP flows The original provisioning on the routers can be maintained without modification or changes The NetFlow probes can report data on the actual IP flows Encryption can be applied to sensitive traffic Threats (like SYN attacks) can be identified and prevented Unauthorized traffic can be blocked In addition, since RTM maintains the original IP flows; it enables the user to employ per-session-services on the network. For example, session-based load balancing and/or session-based QoS schemes. PAGE 4 OF 5

ToS/DSCP Marking per Application/Flow/Tunnel In addition to the above capabilities, the Accelerator can assist the Customer Edge routers by performing ToS-bit marking instead of the Customer Edge routers. This can be useful in remote branches that have small, relatively old and/or highly utilized routers. The Accelerator will mark the ToS bits (DSCP) on the original packet and preserve them by using the above capabilities (IP Header Preservation or RTM). The Accelerator can mark packets according to IP sessions, applications or at the tunnel level. Conclusion In a modern WAN, full or partial packet transparency is essential for successful integration of different network services that rely on header data. Expand Networks provides a rich set of capabilities that allow the user to deploy Accelerators in complex and feature-rich networking topologies without limiting or disabling additional services that are used in that environment. The most unique offering is Router Transparency Mode. Router Transparency Mode gives the user a best-of-allworlds solution. This capability enables full integration between Expand Networks outstanding compression and acceleration algorithms while guaranteeing compatibility with all current and future advanced WAN technologies. PAGE 5 OF 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information