The Shortcut Guide To

tm

Optimized
WAN Application
Delivery
Ed Tittel
 Introduction

Introduction to Realtime Publishers

by Don Jones, Series Editor

For several years, now, Realtime has produced dozens and dozens of high-quality books that just
happen to be delivered in electronic format—at no cost to you, the reader. We’ve made this
unique publishing model work through the generous support and cooperation of our sponsors,
who agree to bear each book’s production expenses for the benefit of our readers.
Although we’ve always offered our publications to you for free, don’t think for a moment that
quality is anything less than our top priority. My job is to make sure that our books are as good
as—and in most cases better than—any printed book that would cost you $40 or more. Our
electronic publishing model offers several advantages over printed books: You receive chapters
literally as fast as our authors produce them (hence the “realtime” aspect of our model), and we
can update chapters to reflect the latest changes in technology.
I want to point out that our books are by no means paid advertisements or white papers. We’re an
independent publishing company, and an important aspect of my job is to make sure that our
authors are free to voice their expertise and opinions without reservation or restriction. We
maintain complete editorial control of our publications, and I’m proud that we’ve produced so
many quality books over the past years.
I want to extend an invitation to visit us at http://nexus.realtimepublishers.com, especially if
you’ve received this publication from a friend or colleague. We have a wide variety of additional
books on a range of topics, and you’re sure to find something that’s of interest to you—and it
won’t cost you a thing. We hope you’ll continue to come to Realtime for your educational needs
far into the future.
Until then, enjoy.
Don Jones

i
 Table of Contents

Introduction to Realtime Publishers................................................................................................. i 

Chapter 1: Networking Issues and Complexity Increases as Technology Improves and Speeds Up1 
In Terms of Network Performance ..................................................................................................2 
The Intent of this Guide ...................................................................................................................4 
Original Networking Foundations ...................................................................................................4 
Over Time, Network Complexity Increases in Several Dimensions ...................................7 
WAN Technologies Emerge ................................................................................................8 
Special Challenges for Application Measurement, Monitoring, and Optimization...........10 
Internal to Internal Access .....................................................................................12 
Internal to External Access ....................................................................................13 
External to Internal Access ....................................................................................14 
Ways to Meet Challenges in Application Delivery ...........................................................15 
Measuring Complex Data and User Transactions .............................................................17 
It’s Not a Challenge; It’s a Promotion! ..............................................................................18 
Progressing Up the Value Chain ........................................................................................20 
Summary ........................................................................................................................................20 
Chapter 2: Managing Scale and Scope in a Distributed WAN Environment ................................21 
Lessons from the Routing World ...................................................................................................22 
Introduction of Local and Border Distinctions ..............................................................................25 
Introducing the Routing Information Protocol ..............................................................................26 
Open Shortest Path First Algorithms .............................................................................................27 
Interior Gateway Routing Protocol ........................................................................29 
Enhancements Introduced via the Border Gateway Protocol ........................................................30 
Quality or Class of Service Labels and Related Queuing Disciplines ...........................................31 
Historical Attempts at WAN Optimization........................................................................34 
Compression on the Wire.......................................................................................34 
Protocol Tuning, Tunneling, or Replacement ........................................................34 
Caching for Web Access........................................................................................35 
Data Mirroring Boosts Web Access Speeds ..........................................................35 
Wide Area File Services (WAFS)..........................................................................36 
Middle Mile Acceleration ......................................................................................36 
What Conventional Routing Techniques Suggest for WAN Optimization ...................................37 
MPLS Introduces the Network Cloud............................................................................................38 

ii
 Table of Contents

Lessons Learned for Optimizing WAN Application Access .........................................................41 

Mechanisms for Speeding/Prioritizing Delivery ...............................................................41 
Methods to Keep Continued Communications Moving ....................................................41 
Managing Application Flow to Maximize WAN Throughput (NetFlow Models) ............42 
Proxies Enable Inspection, Analysis, Control, and Short-Circuiting.................................42 
Proxies Insert Themselves Directly into Traffic Flow.......................................................43 
Proxies Are Application-Sensitive and Offer Extensive Controls.....................................43 
Proxies Can Mitigate or Fix Protocols and Manage Transactions .....................................44 
WAN Optimization Extends Many Opportunities .........................................................................44 
Chapter 3: WAN Optimization Tools, Techniques, and Technologies .........................................45 
What Makes WAN Optimization Count? ......................................................................................46 
Hierarchy as a Primitive Form of WAN Optimization ..................................................................46 
Grabbing Text as a Primitive Form of Data Acquisition ...............................................................48 
Throttling Bandwidth Helps Manage Link Utilization ......................................................49 
Fixing WAN-Unfriendly LAN Protocols ..............................................................50 
Use of Compression to Reduce Bandwidth ...........................................................52 
Redundant Overlays Bring Files Closer to Users ..................................................53 
State-of-the-Art Acceleration Techniques .....................................................................................55 
Opening Closed Communications Delivers Desirable Results..........................................56 
Advanced Acceleration Techniques Speed Streaming Voice and Video ..........................57 
Flexible Bandwidth Controls Provide Multiple Benefits...................................................57 
Traffic by Type and Source ...................................................................................57 
Traffic by Time of Day ..........................................................................................58 
Application Traffic.................................................................................................58 
Traffic by User or Group Identity ..........................................................................58 
More About Compression Dictionaries and Local Caching ..............................................59 
Maximize Rapid Access to Frequently Used Files, Resources, and Data .........................59 
Use Software Acceleration for Roaming Users on the Go ................................................60 
Caching ..................................................................................................................60 
Coalescing Common Data Elements .....................................................................61 
Bandwidth Control .................................................................................................61 
WAN Technologies Summarized ..................................................................................................61 
Point-to-Point Links ...........................................................................................................62 

iii
 Table of Contents

Circuit Switching ...............................................................................................................62 

Packet Switching................................................................................................................63 
WAN Virtual Circuits ........................................................................................................63 
WAN Dial-Up Services .....................................................................................................63 
WAN Devices ....................................................................................................................64 
WAN Switches.......................................................................................................64 
Access Servers .......................................................................................................64 
Analog Modems .....................................................................................................64 
Channel Service Unit/Data Service Unit ...............................................................64 
ISDN Terminal Adapter .........................................................................................65 
Understanding the WAN Optimization Landscape ...........................................................65 
Data Reduction and Data Caching Compared and Contrasted ......................................................66 
WAN Optimization Delivers the Goods ........................................................................................68 
Chapter 4: Challenges and Best Practices for WAN Optimization ...............................................69 
Benefits of an Improved Application Infrastructure ......................................................................69 
Holistic View of Entire Application Delivery Environment .............................................70 
Observation of Application and User Pairings ..................................................................70 
Organizational Priority and Policy Compliance ................................................................71 
SSL Interception, Split Video Streams, and Local Object Caching ..................................71 
Mobile and Roving User Management ..............................................................................72 
Application Awareness and Real-Time Results ................................................................73 
Symbolic Dictionaries and Sent References ......................................................................74 
LAN-Side Optimization Impacts WAN Delivery..............................................................74 
Proxies and Tunneling .......................................................................................................75 
Special Considerations for Disaster Recovery...................................................................75 
Fixing Broken Protocols ................................................................................................................76 
Achieving Efficiencies: WAN Optimization Usage Cases ............................................................78 
Extending Inmate Tracking Systems for the State of Nevada ...........................................78 
Improve Inter-Campus Communications at a Multinational University ...........................79 
Networx Australia Accelerates Application and Content Delivery ...................................80 
Conclusion and Recommendations ................................................................................................81 

iv
 Copyright Statement

Copyright Statement
© 2008 Realtime Publishers, Inc. All rights reserved. This site contains materials that
have been created, developed, or commissioned by, and published with the permission
of, Realtime Publishers, Inc. (the “Materials”) and this site and any such Materials are
protected by international copyright and trademark laws.
THE MATERIALS ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
TITLE AND NON-INFRINGEMENT. The Materials are subject to change without notice
and do not represent a commitment on the part of Realtime Publishers, Inc or its web site
sponsors. In no event shall Realtime Publishers, Inc. or its web site sponsors be held
liable for technical or editorial errors or omissions contained in the Materials, including
without limitation, for any direct, indirect, incidental, special, exemplary or consequential
damages whatsoever resulting from the use of any information contained in the Materials.
The Materials (including but not limited to the text, images, audio, and/or video) may not
be copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any
way, in whole or in part, except that one copy may be downloaded for your personal, non-
commercial use on a single computer. In connection with such use, you may not modify
or obscure any copyright or other proprietary notice.
The Materials may contain trademarks, services marks and logos that are the property of
third parties. You are not permitted to use these trademarks, services marks or logos
without prior written consent of such third parties.
Realtime Publishers and the Realtime Publishers logo are registered in the US Patent &
Trademark Office. All other product or service names are the property of their respective
owners.
If you have any questions about these terms, or if you would like information about
licensing materials from Realtime Publishers, please contact us via e-mail at
[email protected].

v
 Chapter 1

[Editor's Note: This eBook was downloaded from Realtime Nexus—The Digital Library. All
leading technology guides from Realtime Publishers can be found at
http://nexus.realtimepublishers.com.]

Chapter 1: Networking Issues and Complexity Increases as

Technology Improves and Speeds Up
Today’s business environments have scaled to new heights and reached new plateaus. An
increasingly globalized economy continues to transform modern enterprises to adopt more
adaptive networking and business service management (BSM) models. At the same time, an
increasingly mobile workforce demands remote connectivity for its people, processes, and
resources. As organizations and employees become ever more distributed throughout branch
offices and off-site locations, boosting productivity grows increasingly important in all kinds of
interesting—and unobvious—ways. All users require efficient, secure, and unimpeded access to
critical business applications wherever and whenever they create static or temporary workspaces:
company headquarters, branch offices, and even off-site client locations.
Several distinct and high-impact business requirements and technology trends compel the need
for organizations to further improve performance, while increasing security and managing risk in
their business applications. To remain competitive within increasingly challenging markets, IT
must streamline the business by ensuring superior application responsiveness and delivering an
agile infrastructure without undue (or any) increases to operational costs or headcount. Then too,
a burgeoning set of state and federal regulatory requirements and an increase in underlying
threats and vulnerabilities continues to raise the bar when it comes to managing and accepting
risk. At the same time, the intersection of consolidation, outsourcing, and mobility pushes
applications and end users ever further apart. This creates extraordinary pressures on both
network technologies and network traffic patterns.
Centralized applications and widely distributed users can impose huge performance penalties on
modern business environments, where remotely connected users suffer most from network
latency and bandwidth constraints. Although ongoing trends toward consolidating or outsourcing
critical applications and servers to fewer locations may simplify administration tasks,
consolidation and virtualization can also pose performance problems to a distributed user base.
Such problems are often particularly, if not spectacularly, evident whenever business-critical
applications and resources are scattered among a variety of remote global locations and across
numerous servers. When combating these difficulties, many organizations turn to solutions to
accelerate and secure the delivery of business applications for all users across a distributed
enterprise—including those near Internet gateways, located within branch offices or data centers,
and even at individual end-points.

1
 Chapter 1

In Terms of Network Performance

Network performance can be monitored and measured and is typically defined using any number
of metrics and terminology such as link/line speeds, throughput and round-trip times, bandwidth
utilization, and inherent delay. This last element captures network latency, or the minimum time
required to move data between endpoints on a network—and is a crucial determining factor
when it comes to calculating most performance penalties. Latency is an important component for
network performance, and describes delays that are inherent in any connected computing
environment. Whenever network latency exists (particularly when it’s lumped into the common
concept of user-visible latency to describe the total delay from end-user click to endpoint action),
it can never be completely eliminated, only mitigated or reduced (and often, only for special,
preferred classes of services and applications). Latency also represents an ugly truth and a
difficult proposition, particularly for network designers as they struggle to meet service level
requirements in a fast-moving, quickly expanding business environment that typically
encompasses a mixture of unlike networking components, protocols, and technologies.
There are many types of latency—computer processing speed, distances traversed across global
networks as signals propagate from senders to receivers, delays associated with round-trip times
and communications frequency, and delays associated with device queues. Several types of
latency discussed later may be addressed only by upgrading slower components for faster ones
but can never be completely eliminated. Those that remain are an ongoing and constant
challenge for network designers and end users alike.

We often refer to the speed of light—the absolute maximum transmission speed—as being a
fundamental latency. For example, despite a “perfect” network link operating under ideal conditions
between the United States and India, there is a 60ms latency just to account for the speed of light
across the total distance and media traversed from “here” to “there.” This becomes glaringly obvious
in satellite communications, where the round trip to a single satellite typically adds a half-second to
latency, and where multiple satellite hops can add as much as 2 to 3 seconds to overall delays from
sender to receiver (and back again).

Latency is usually understood in the following terms:

• Computational latency refers to the amount of time it takes to process a given workload,
and depends upon the speed and capacity of the hardware in use at each step in the
communications path between sender and receiver. Using “faster” hardware is generally
the only way to reduce this type of latency.
• Signal propagation delay refers to the amount of time it takes for a signal to travel from
one end of a connection to another, and depends on the length of the link and the number
of bits that can be transmitted across the link at any one time. Although many types of
network communication may be multiplexed, that is, may involve transmission of
multiple channels of data at the same time, there is still a limit to how fast signals can
move across any networking medium. There is little anyone can do to reduce this type of
latency. Signal propagation delay is most noticeable when satellite communication links
enter into consideration: given that the orbit of geosynchronous satellites is more than
20,000 miles above the earth, even a single up-and-down satellite link can introduce a
half-second of delay between sender and receiver (this can double when satellite-to-
satellite relays are also required).

2
 Chapter 1

• Serialization delay refers to the amount of time it takes to convert an n-bit wide signal
into a corresponding series of individual bit values for transmission across a network
medium. Thus, for example, if data shows up in 8-bit bytes at an interface, serialization
involves stripping all bits from each byte in some specific order, then emitting each one
in that order onto the network medium on the sending side (and works in reverse on the
receiving end). Except for increasing the signal clock used to synchronize transmissions
from sender to receiver (which again involves a hardware upgrade), serialization delay
remains a constant source of latency in networked communications.
• Queue delay refers to how long a message element must “stand in line” to wait its turn
for media access, and generally applies when transmissions must traverse a router or a
switch of some kind. Here again, this is a case where latency depends on the type of
hardware used to store and forward network transmissions, as well its queuing capacity.
When link oversubscription occurs, in fact, sufficient congestion can occur to make users
think that they have “run out of bandwidth.”

Generically, latency is a measure for the time that any one part of a system or network spends
waiting for another portion to catch up or respond to communication activity. Latency describes any
appreciable delay or the time that elapses between stimulus and response. Such delays occur
virtually throughout all operational aspects of any given computing environment but not all forms of
latency are perceptible in human terms. Once introduced into any computing environment—within a
system or network—the cause itself must be removed, mitigated, or reduced to improve performance.

Latency is measured in a number of ways, include one-way transit time from sender to receiver
as well as round-trip time (often the most useful measure of latency because a complete
transaction from sender to receiver invariably involves transmission of a request of some kind
from sender to receiver, followed by delivery of a response to the request back from the receiver
to the sender). Round-trip latency also offers the advantage that it can be measured at any single
point on a network. On a complex, far-flung network, in fact, variations in round-trip latency
between minimum to maximum values may be more interesting from a quality control standpoint
than average round-trip latency, because those users subject to maximum round-trip latency will
be those whose experience of a system’s responsiveness and efficiency is worst.
But how do you accommodate latency incurred by the needs of users who are accessing
resources cross-country or across the globe? Or to further compound the problem, how can you
accommodate protocols that may require multiple round-trips to satisfy a single service request?
What if a given protocol format specification doesn’t directly provide any means for protocol
acceleration or traffic prioritization?
Consequently, network designers and implementers have had to consider performance and
latency from a radically different perspective, as the networking landscape has shifted to include
more services and applications, each with its own unique operational parameters and specific
properties. Mobile workers, remote offices, and distant partnerships are an important aspect of
this brave new networking world, and demands acceptable performance for a diverse set of
applications, platforms, and users. And when the end-user experience suffers or degrades,
network designers must shoulder the inevitable blame that follows in its wake. For remote users
and remote applications, the Internet is your WAN, therefore Internet latency reduction should
be a key factor when choosing any WAN optimization solution.

3
 Chapter 1

We’ll use the term end-user experience throughout this guide. The end user serves as our barometer
for the overall status and well being of any business network, as they drive business operations and
experience the most severe penalties whenever performance lags or falters. Thus, the “end-user
experience” encompasses all aspects of their interactions with a company, its services, and its
products. To deliver a truly superior user experience requires seamless integration among multi-
disciplinary platforms and services, and a holistic, end-to-end view of networks that sets and
manages user expectations and carefully monitors and manages network behavior and performance.

The Intent of this Guide

The intent of this guide is to discuss, detail, and decipher the issues, properties, and solutions
associated with optimal, timely delivery of applications and services to end users across the
globe. This guide also seeks to translate business application, process, and end-user needs into
usable, intelligible techniques to help you improve performance goals and meet business
objectives. Part of this process involves due diligence and demands that we dig into subject
matters relevant to business-critical platforms and protocols that provide the basis for
understanding—and ultimately improving upon—network performance.
This guide to optimized Wide Area Network (WAN) application delivery examines the scope of
modern computing enterprises and their increasing needs to meet ever-expanding demand, while
enhancing both efficiency and effectiveness. Sharing business assets and applications has
fostered a renewed and invigorated quest for operational efficiency and applicability among the
large numbers of people and processes that networks must serve across dispersed and often
disjointed regions and territories.

Original Networking Foundations

Given that the original scope for Local Area Network (LAN) communications was purely local,
starting with handfuls of machines that needed to communicate at a single location (often in a
single room), the original vision for applications interacting with the LAN was understandably
indifferent to latency. Short distances between data collection and processing end-points were
the norm, where a narrowly limited scope of operations defined the then-current networking
environment.
Early designers of networking technology neither considered nor accounted for long-haul
linkages so common in modern enterprise network topologies, which can frequently span
multiple regional territories and geographically dispersed locations. Such early designs were
once well-suited to low-throughput traffic characteristic of bygone days. But today’s rich
networking environment must accommodate increasing levels of high-bandwidth, resource-
intensive protocols and payloads. This has outstripped the tenets of basic network design,
particularly for wide-area communications, and now burdens infrastructure designers with
managing and prioritizing loads to restore balance and order. At the same time, these designers
must ensure that security measures keep up with these performance enhancements and that they
remain in compliance with security policy and applicable mandates.

4
 Chapter 1

Traditional network protocols favor short, bursty communications and chatty information
exchanges along short, transitory paths—and include no formal concept of traffic shaping or
prioritization. This includes well-known application support protocols such as NetBIOS as well
as various distributed file services—most notably Microsoft’s Common Internet File Services
(CIFS). Because of the erratic nature of so-called “best effort” delivery mechanisms and limited
consideration for careful consumption of WAN resources, it becomes extremely difficult to
predict the demands of the network and how much operational capacity may be necessary at any
given moment. When sufficient resources are unavailable, only buffering can help offset
demand—but this is only a stopgap measure and not a true resolution. Ultimately, enough bursty
traffic at any given moment produces severe contention for network resources and introduces
difficulties for modern globally distributed network designs, no matter how they might have been
deliberately over-provisioned when initially specified and introduced.
Existing network services and applications operate primarily in terms of simple data exchanges
and generally short message lengths and durations—such as HTTP. HTTP is notoriously chatty
and exchanges numerous small bits of data (text files, graphics, style sheets, and so forth) to
accommodate the client-server request-response cycle. Consequently, any good WAN
optimization strategy seeks to address this issue, often by batching multiple requests into a single
transmission, and doing likewise for all the responses produced to answer those requests. Lots of
other client-server applications likewise employ protocols that utilize “chatty” response
mechanisms and produce large amounts of traffic on a per-request basis. This works perfectly
well on a local network in most cases, but remote Web-based applications and high-latency
protocols typically suffer from performance degradation when employed across long-haul
networks, particularly when large numbers of such traffic streams must share the same WAN
links. Typically, these applications and services utilize parameters within the Transmission
Control Protocol/Internet Protocol (TCP/IP) framework for session initiation, management, and
tear-down.
Then, too, it is not uncommon for enterprises to recognize that as the level of WAN traffic
increases, it becomes ever more necessary to regulate which protocols and applications may
access the WAN and to what degree. Detailed inspection of protocol distributions for such traffic
may, for example, reveal the presence of unauthorized and unwanted peer-to-peer (P2P)
protocols such as BitTorrent, FreeNet, or KaZaA, which typically do not play an official role on
enterprise networks and can be blocked at the gateway without affecting critical services or
applications.
However, many of the protocols for important services and applications built atop TCP/IP lack
native traffic prioritization schemes (or fail to exploit any such properties that TCP/IP may offer
to developers) to alleviate some of the traffic burden so typical of streaming protocols and short-
duration bursts of activity. This leaves the network medium exposed to saturation issues because
both short- and long-term protocol sessions coexist in the same resource space with no real
differentiation between importance and potential.

5
 Chapter 1

TCP/IP is the protocol framework that defines the most prominent types of network interaction but is
by no means the only format. Many Internet-based transactions occur via TCP/IP with some foreign
or little-used protocols encapsulated as payloads. Our focus throughout this guide is primarily geared
toward higher prioritization and enhanced performance in the existing TCP/IP framework. It’s crucial
to understand the operational parameters and properties of TCP/IP to properly design, implement,
and utilize performance-enhancing programs, platforms, and procedures. One of the very best books
to help guide you into this subject is by Geoff Hughes: Internet Performance Survival Guide (Wiley
Computer Publishing, 2000, ISBN: 0471378089); despite its publication date, it offers the best in-
depth analysis of WAN application and protocol behaviors we know of in print.

Efficiency in throughput hits a downward spiral as more applications, services, and end users
share and increasingly occupy the same medium. Additional in-line network appliances and
routing devices only increase the congestion burden because inherent performance issues are not
directly addressed but compounded instead. And as the distance between end users and
applications also increases, some network designers optimistically assume they can create a
“one-size-fits-all” network solution for most scenarios, which is entirely incorrect when it comes
to serious WAN optimization, where an understanding of the various factors that come into play
is needed, and where different situations dictate different optimization approaches.
Research firm Gartner uses the terminology of application and vendor silos to explain that
networking professionals are responsible for delivering more than just the bits and bytes
involved in networked communications, and must also be sensitive to the quality of the end-user
experience. Typically, an application or service is viewed as a standalone silo, which implies a
challenging and severely limited reach or range of capability. The goal then becomes to find a
common language, both in the real-world and world of technology, so that network architects
and application architects can exchange information about overall performance and behavior. By
way of explanation, an information silo is any management system incapable of reciprocal
interaction with other related management systems. This, too, directly impacts and influences the
end-user experience because it means that the systems used to monitor and assess that experience
cannot provide a single, coherent, end-to-end view of that experience. This works against
developing a broader understanding of network conditions and behavior, and often has to be
forcibly offset by creating mechanisms to deliver measurements and analysis of the real end-user
experience and of end-to-end activity and response times. In many cases, enterprises find
themselves forced to add a set of probes or agents to deliberately create (or simulate) end-user
activity, just so it can be measured and monitored. WAN optimization solutions can also offer
such information because measuring and managing response time is such a key component in
making such technology function properly.

A system is considered a silo if it cannot exchange information with other related systems within its
own organization, or with the management systems of its customers, vendors, or business partners.
The term silo is a pejorative expression used to describe the absence of operational reciprocity.

The original networking model plays well for LANs where latency does not typically create a
significant role in communication delays. Local transmissions often happen without much
perceptual lag and usually have no substantial impact on throughput, where distances are kept at
a minimum and technologies may operate at or near maximum speeds. Scale this into much
larger, more modern networking environments and these seemingly insignificant factors soon
impose significant hindrances on site-to-site communications.

6
 Chapter 1

This institutionalized chaos also puts forward a strong case for introducing quality or class of
service mechanisms into enterprise networks. These mechanisms relegate protocols, applications,
and services into specific well-defined categories and offer priority access to WAN bandwidth
for mission-critical or time-sensitive applications according to such category assignments.
However, a quality of service scheme can downgrade less time-sensitive data transfers so that
they fit themselves in around such higher-priority traffic. It is important to recognize when using
these methods that overall bandwidth and throughput for the entire network usually degrades
slightly because of the processing overhead involved in classifying and organizing traffic by
class or type of service. But indeed the end-user experience for important or time-sensitive
services and applications should improve: why else would one abandon best-effort delivery in
favor of priority mechanisms? At the same time, performance for less time-sensitive, lower-
priority traffic will actually degrade, but if the right protocols, services, and applications are
relegated to this category, the overall end-user experience should not change for them, or be too
noticeable anyway.

Over Time, Network Complexity Increases in Several Dimensions

A complete perspective of the modern networking environment requires comprehensive
knowledge of the elements and links and the behavioral properties involved in its operation.
Dynamic business needs and an ever-increasing set of applications and services in turn ratchet up
demand and put greater stress on existing networking capabilities, techniques, and technologies.
Service agreements and a focus on the end-user experience also propel the growing need to
enhance application performance, especially for remote and roaming employees, or for Internet-
connected customers or partners.
Executive management almost universally applies pressure to accelerate those business processes
that drive the bottom line. This includes product development, inter-regional team collaboration,
supply chain management, virtual presence and services, and national or international sales.
These business processes can never be too efficient nor their people too productive: their
surrounding climate is one of constant, incremental improvement and change.
Consequently, the underlying network infrastructure must also accelerate to accommodate the
pace of business in a transparent and performance-enhancing manner. Network design takes into
account at least three primary disciplines: cost, performance and reliability. All three properties
influence and are influenced by network scope, making individual roles and contributions
entirely different for different networks and situations.
To put things into proper perspective, consider that the LAN is no longer the staple medium for
communications within large scale enterprises. Large (and sometimes unwieldy) WANs and
mobile networking become the most prominent means for linking sites or users together, and for
forming partnerships among companies. Contention management for LAN and WAN, which
occurs when multiple prospective consumers of such resources vie for their use at the same time,
becomes geometrically complex with advances in throughput and processing capabilities within
the underlying networking technologies. To further aggravate this situation, the ebb and flow of
network traffic is best characterized in the form of asynchronous bursts of information that occur
at irregular intervals. This causes randomness, unpredictability and confusion. Couple this with
predictable, cyclic demand for backups, end-of-period reports and accounting, and other
recurring network events, and demand and utilization can evolve from modest to major in a
matter of seconds.

7
 Chapter 1

There is another, arguably more important, issue around iterative improvements to application
delivery: going up the protocol stack. Any bit-pushing aspects of the network infrastructure have
seen endless improvement at Layers 1 through 3, and even some at Layer 4 for UDP and TCP.
Thus, though there is little left to optimize below Layer 4, there is ample opportunity to resolve
issues at the application layer. The reason this hasn’t already happened is because of the complex
nature of managing application layer issues at line speeds. However, this is crucial in situations
where performance remains a constant problem because there are no further iterative
improvements available for optimization at Layers 4 and below.
The distance between points (A) and (B) now spans to include various regions, territories and
continents. What was once an easily manageable network environment by a few on-site
personnel has expanded to long-haul linkages between distant end-points. Many of these
connections involve the use of satellite communications, making the problem of network
management increasingly more difficult, thanks to delays that can be as long as several seconds
as soon as one or more geosynchronous satellites enter into the latency equation.

WAN Technologies Emerge

WAN is quickly becoming a staple element of many modern business computing environments
where it doesn’t already exist. LAN distances are far too restrictive and limiting in scope, scale
and capacity to support the burgeoning push of an increasingly globalized market space. Plus,
they’re inherently local in nature. The LAN environment has simply become the underlying
infrastructure to meet local demand that must couple up to globalized resources to achieve a
common and individually unattainable goals or business objectives.

Wide Area Network is any computer-based communications network that covers a broad range, such
as links across major metropolitan, regional, or national territorial boundaries. Informally, a WAN is a
network that uses routers and public Internet links (or in some cases, private and expensive leased
lines). WANs are the new-age bailing wire that ties and interconnects separate LANs together, so that
users and computers in one location can communicate with those in another location, and so that all
can share in the use of common resources, services, and applications.

Services and applications include complex transactions that occur among many multi-tiered
applications, and employ multiple server and service hierarchies. “One size fits all” approaches
and “end-all be-all/mother-of-all” methodologies simply cannot apply. Network designers are
forced to re-examine their approaches to design and implementation best practices and
reconsider what they know works best, as a shifting business landscape dictates new and
different operational parameters and workplace requirements to meet changing or increasing
business needs. “Add more bandwidth” is neither practical nor the panacea that it once was,
because not all forms of delay are amenable to cure by increasing WAN throughput.

8
 Chapter 1

Figure 1.1: Typical enterprise architectures involve long-haul links between data and operations centers.
Here, New York provides the servers and the computing facilities, while LA and Tokyo drive business
activity.

As Figure 1.1 is meant to illustrate, many typical enterprise network architectures connect distant
users (in Tokyo and Los Angeles, in this case) with data centers and other centralized resources
(in NYC as depicted). Without careful attention to how the WAN links between the user centers
and the datacenter get used, enterprises can easily find themselves woefully short on bandwidth,
and dolefully long on response time. The end user experience can’t help but suffer in such
situations, without careful forethought, intelligent design, and judicious use of WAN
optimization tools and technologies.
Multiple carriers and operators control various portions of the intervening infrastructure between
sites (and also between computing resources and mobile users as well), which itself introduces
trust and control issues. The diverse nature of hardware and software operating platforms and the
introduction of dispersed and diverse employee bases—and all related permissions, parameters
and properties—creates a complex management nightmare. It’s all too easy to inherit problems
associated with other platforms through newly-formed partnerships, or via mergers and
acquisitions. As operational wants, needs and concerns are addressed for some given platform in
a particular environment, they may still prove insufficient when applied to the much larger
context in a business computing environment that encompasses many platforms, technologies,
and computing strategies.

9
 Chapter 1

Anyone can control operational behavior in site-specific and localized contexts, but no single
entity or organization can expect to completely control behavior from end-to-end. The
management nightmare only worsens when public Internets become involved versus leased-line,
site-to-site connections. As the old saying goes, “Jack of all trades is master of none,” and this
holds truest in a global network context. Personnel may adapt and acclimate, and even become
adept at handling site-to-site procedures for a specific set of operational conditions and criteria.
Users and network staff may even get used to poor performance because that is the only kind
they’ve ever experienced for certain applications. But when you introduce a global computing
context for business networking, such expectations and specific adaptive behaviors developed in
response to particular conditions will soon go by the wayside.
In essence this phenomenon explains why the one size/method fits all approach falls so
drastically short of meeting business goals. Local and specific solutions targeting only packet
delivery issues cannot and will never cover WAN application and management needs, and
instead create only dysfunctional infrastructures that require remediation or redesign.

Special Challenges for Application Measurement, Monitoring, and Optimization

Traditional measurements of link latency and utilization are mismatched with perceived end-user
service or application experiences and expectations. Perhaps more precisely, people often don’t
realize that WAN latency is a primary determinant for the end-user performance experience.
However, it remains only one component in latency end-to-end, and serves as a single metric
building block for a much larger performance matrix.
The imposition of Service Oriented Architectures (SOAs) and related service delivery contracts
increases requirements for managing response time, setting end-user expectations, and managing
agreed-upon availability, throughput, and so forth. With SOA, systems are architected for life
cycle management of business processes through specific IT infrastructure provisions and
documented through end-user or provider expectations as outlined and defined in related service
agreements or requirements. Basically, this contractual obligation ties infrastructure performance
to end-user or provider expectations with regard to delivery of services and business application
interactions. Many service agreements relate directly to time-sensitive, bandwidth-hungry
applications such as Voice over IP (VoIP), streaming or on-demand video, and Citrix/Remote
Desktop Protocol (RDP).
It’s also the case that SOAs, and the applications they deliver, can blur the “internal-external”
distinction that profoundly affects WAN use and its optimization potential. That’s because even
though an SOA application may reside inside organizational boundaries, at least some of the data
it needs and uses may come from outside those boundaries, as in public or private Internet-hosted
sources. This poses an interesting challenge for IT in that while the SOA application will
undoubtedly be trusted, the data it presents to the user uses may include unwanted or
unauthorized content simply because the data source is unwilling or unable to deliver clean,
malware-free information. This puts the onus on the consuming organization to inspect and clean
incoming data before passing it on to end users: a task for which WAN optimization devices are
uniquely well-suited.

10
 Chapter 1

Interestingly, it’s also sometimes the case that SOA-based applications load significant amounts
of data that particular users may not need at any given moment. The nature of Web delivery is
such that a page typically won’t finish loading until all its data is available (transferred to the
client), which can impose increasingly onerous delays when that data is unnecessary or irrelevant
to the task at hand. This is another situation where the caching that WAN optimization devices
provide can reduce delays, because as long as a local cached copy is current, it can be supplied at
LAN speeds to users rather than forcing them to wait for transfer of that information across the
WAN.
The notion of service contracts within an SOA context is similar to though distinctly different
from the kinds of service level agreements, or SLAs, with which network professionals are
already familiar—namely, packet delivery (latency, bandwidth, and loss). SOA service contracts
involve application uptime, data coherency, and schema compliance in addition to response time.
Network SLAs, in contrast, deal with link uptimes, packet losses, and average sustained
throughput levels. An application that compiles data from multiple sources throughout a data
center and across a distributed enterprise or global network, may fail to meet higher-level
business service requirements. This occurs when a network imposes delays in getting access to
the distributed data that SOA is supposed to compile and present in new and silo-busting ways.
These kinds of applications must, however, be understood and prioritized within the overall
application and services context, lest they rob precious bandwidth needed to process orders,
synchronize databases, ferry payroll and payment information, and all the other critical business
transactions that go straight to the bottom line (or not, as the case may be).

A Service Oriented Architecture (SOA) is a computer systems architectural style for creating and
using business processes, packaged as services, throughout their life cycle. SOA also defines and
provisions the IT infrastructure to allow different applications to exchange data and participate in
business processes.

A Service Level Agreement (SLA) is part of a service contract where the level of service is formally
defined, which is formally negotiated between two participating parties. This contract exists between
customers and service provider, or between separate service providers, and documents common
understanding about services, priorities, responsibilities and guarantees (collectively the level of
service).

Related access issues can be logically divided into three separate elements: internal users
accessing distant internal applications (internal to internal); internal users accessing distant
external applications (internal to external); and external users accessing distant internal
applications (external to internal). We omit coverage of the final case: external users accessing
distant external applications, because those types of communications are not normally addressed
with WAN optimization and are outside the scope of this guide. Here’s a diagram for what we’ve
just described, after which we take an individualized look into each of these different operational
perspectives and see how they apply and affect business processes related to WAN optimization.

11
 Chapter 1

Figure 1.2: Different ways to involve the WAN between users and applications.

Internal to Internal Access

Internal users accessing internal or intranet resources stress demands on localized networking
contexts—namely, the LAN. This is where the greatest performance and throughput is attained.
In networking terms, latency is more easily controlled through implementing the fastest routers,
utilizing the highest wire-rated cables, and organizing the most efficient network topology. When
internal users in one place access internal applications in another place, they are also able to
exploit the benefits of WAN optimization because a single company or organization definitely
controls both ends of the WAN link and, when leased-lines are used, may even be said to
“control” the link as well. This is the optimum situation for WAN optimization because it
permits the owner to employ compatible WAN optimization equipment on both ends of such a
connection (or all ends of such connections, where applicable) without involving any third
parties.
Internal users may connect with internal applications and services such as an intranet Web site or
Common Internet File System (CIFS), which provides shared access to files, printers and
miscellaneous connection points between nodes on the network. Typically, there isn’t a
substantial delay in satisfying local requests for local resources under this usage scenario. But
CIFS is indeed a chatty protocol, and does not behave at all well if that file system is projected
across multiple sites (and perforce also across multiple wide area links).

Figure 1.3: When an outside supplier has parts ready for delivery to the fulfillment center, it interacts with an
automated ordering process to inform the center of pending delivery.

12
 Chapter 1

In general, scaling applications and services to make most effective use of WAN links means
choosing protocols and services that behave more reasonably when using such links where
possible. Alternatively, it means using technologies that act as local proxies for chatty protocols
and services, while implementing more efficient, less chatty replacement protocols and services
across wide area links in the background.
When making WAN-friendly protocol or service choices isn’t possible, it becomes necessary to
use local proxies to accommodate chatty, bursty services and applications. Then organizations
can repackage and reformat WAN communications to behave more responsibly, to communicate
less frequently, and to make best possible use of bandwidth when data must actually traverse a
WAN link. This is also a case where shared cache data (identical information elements
maintained in mirrored sets of storage at both ends of a WAN link) can speed communications
significantly, because pairs of devices with such caches can exchange cache references (which
may require only hundreds of bytes of data to be exchanged) rather than shuttling the actual data
between sender and receiver (which may require exchanges at megabyte to gigabyte ranges).
Most organizations consider private WANs to be internal-to-internal application delivery issues,
but it remains a subject of debate as to whether this view is strictly true or false for semi-public
MPLS. It’s definitely true for point-to-point links such as frame relay. Internal-to-internal
acceleration is the basis for the WAN optimization market as it currently stands, whereas today’s
CIFS/MAPI issues will become the intranet/portal issue of tomorrow.

Internal to External Access

Internal users accessing external resources are where the rubber really meets the road. Utilizing
high-speed local hardware to access external linkages and resources emphasizes the lowest
common denominator. That is, your network is only as fast as its slowest link—in this case, the
vast performance differential and bottlenecking that occurs when hitting a shared network
medium (the Internet) rife with contention and collision (among other issues).
Latency between local and global networks is largely out of the hands and subsequent control of
networking professionals. An inescapable fact is that it takes about 150ms or 1/8th of a second to
transmit from New York city to Tokyo, Japan—on a good day with low utilization trends and
high resource availability. That’s nearly 100 times longer than the typical network latency on a
LAN.
In practice, network latency turns out to be quite significant, because a badly designed
application might require thousands or tens of thousands of seconds per interaction to process
data across a WAN. Such an application might also make many round trips between sender and
receiver using numerous small packets for each individual action or request/reply sequence. Each
fraction of a second adds up and becomes an increasingly noticeable part of the end-user
experience when one or more WAN links enters the picture. What’s perfectly fine on local, low
latency networks becomes impossible and impractical at WAN latencies. Although this effect is
additive, with enough WAN activity involved in a long series of individual data exchanges, it
soon takes on multiplicative if not exponential delay characteristics. That explains why LAN
applications that also display these characteristics are never, or only very seldom, used in an
Internet context.

These same observations hold true for private networks. There is about 120ms delay between
internal-to-internal configurations where long distance transmission is involved.

13
 Chapter 1

Figure 1.4: When the California HQ operation needs to exchange design information with a Hong Kong
partner, it used a shared network link to ferry that data across the Pacific

In practice, this means that applications and services should be designed to minimize back-and-
forth communications, and to stuff as much data as possible into messages whenever they must
move between sender and receiver. Thus, as shown in Figure 1.4, when the HQ operation needs
to share design plans with its Hong Kong partner, the mechanisms employed to manage and
ensure their delivery must work as quickly and efficiently as possible, so that individual file
transfers proceed rapidly, and so that transmission errors or failures can neither abort nor
severely slow down or damage key data files and information. Here again, this requires judicious
selection and use of protocols and services optimized for WAN situations.

External to Internal Access

At some point in their workday, a mobile end user will want to establish an inbound connection
to the organization to make use of internal resources. Ironically, by taking the branch-side WAN
links out of the equation, remote access often improves worker productivity, especially when
those workers are furnished with special-purpose client software to help them maximize the
performance of their remote access links and use applications designed to perform as well as
possible in a remote access situation. This even presents a case where “one-sided WAN
optimization” (on the remote server/application end) delivers useful and measurable performance
improvements as well.
Imagine instead that the same remotely-connected client is making requests via CIFS, which is
often limited on the client end (by Windows) to 4KB reads per request. Over the LAN, this is
often imperceptible; introduce WAN link delays and the effects can quickly turn into a
harrowing experience. A client requesting a 20MB file (at 4KB chunks) over a WAN with a
300ms delay requires 5,000 reads for this single request. That client will wait approximately 25
minutes for completion of the request. Thus, when a roaming client in Tokyo accesses the
corporate Web site in NYC as shown in Figure 1.5, such access should be carefully crafted to let
them navigate around the site, send messages, and handle financial transactions without incurring
substantial delays during any step in that sequence (or within any particular activity, either).
That’s where careful and thoughtful application design and good remote access tools really pay
off.

14
 Chapter 1

Figure 1.5: A client in Tokyo accesses the corporate Web site in the New York office to access messaging
and financial services applications

Soon someone somewhere will notice that the existing state of affairs on this Internet-based
WAN is insufficient and unsupportive in its operational limitations, capacity, and speed. The
ability to provide a fast and safe connection to all users and applications efficiently and
effectively, regardless of workstation and location will also prove problematic. This is
particularly evident where no strategies are in place yet to integrate the Internet into the existing
WAN topology beyond a basic VPN-based approach.
CIFS/Server Message Block (SMB), Real-Time Streaming Protocol (RTSP), VoIP, HTTPS, and
various other protocols all present significant challenges for application monitoring,
measurement and optimization. Additionally, Secure Socket Layer (SSL) and HTTPS
acceleration is necessary to enhance speed and security, especially when traffic must traverse
Internet and WAN links.

Ways to Meet Challenges in Application Delivery

A WAN optimization solution ultimately seeks to accelerate performance for distant branch,
remote and roaming users, and to bring their end-user experiences into line with near-native
LAN speeds. Policy-driven controls can be applied to better manage network resource utilization
to keep users, applications, and data in line compliance with responsible usage policies and
business priorities.

15
 Chapter 1

The benefits of WAN optimization include:

• Increased productivity levels driven by faster delivery of applications and data to remote
users. In the simplest of terms, users who spend less time waiting for replies to their
requests spend more time getting things done.
• Enable implementation of various IT mandates such as server consolidation, outsourcing,
and SOA. WAN optimization lets data centers make more effective use of virtualization
technologies, for example, so that a smaller number of (more centralized) servers can
deliver a larger number of applications and services to end users, wherever they may be.
• Internet utilization versus costlier private WAN interconnects. WAN optimization
delivers significant reductions in the bandwidth required to handle various levels of
activity, so that public Internet links may be used (with access and equipment charges in
the tens of thousands of dollars) rather than expensive leased lines (with access and
equipment charges often in the hundreds of thousands). More importantly, the latency
delta between private and VPN-over-public WAN (if any) is outweighed by strategies to
mitigate risk associated with open Internet access.
• Cost reductions by delaying additional bandwidth purchases. Because WAN optimization
makes more effective use of bandwidth already available, it can extend the usable life
cycle for specific bandwidth allocations and keep costs the same. Though purchasing
additional bandwidth can introduce economies of scale (unit costs) it seldom, if even,
introduce outright savings (absolute costs).
• Traffic redundancy reduction to ensure greater availability. WAN optimization
technology introduces shared caches that must be updated only as needed, and substitutes
very short cache reference exchanges across the WAN thereafter for arbitrarily long data
exchanges between senders and receivers. Though the cost and capacity of cache will
limit how much efficiency will be introduced, it’s not uncommon for traffic volumes to
drop by 30 to 60% when common data elements can be abstracted from multiple or
recurring traffic streams.
• Operational savings expenditures from reduced WAN utilization. When enterprises must
pay as they go for metered WAN bandwidth, reduced WAN utilization or lower
bandwidth consumption translates directly into cost savings—at least for satellite. The
more pressing issue—bursting—involves exceeding the allotted bandwidth for MPLS,
which can be limited through traffic shaping when corporate policy dictates that traffic is
valued highly enough to justify the cost. These are offset to some extent by modest fixed
costs for WAN optimization technology, but reduction of regular recurring costs for
bandwidth quickly swamps one-time expenses and related support or maintenance costs.
• Internet usage instead of backhauling leased lines to headquarters or implementing a hub-
and-spoke WAN topology. Use of WAN optimization permits use of local Tx/Ex lines to
ISPs, rather than requiring expensive leased lines or dedicated circuits from branch
locations to regional hubs, or from regional locations to corporate HQ operations. Here
again, connection costs often drop from tens to hundreds of thousands of dollars per
month for backhauled circuits to hundreds to thousands of dollar per month for high-
bandwidth ISP connections.

16
 Chapter 1

• Controlled access to corporate network resources. Use of WAN optimization technology

also enables consistent, controlled enforcement of access controls, and permits only
authorized, useful services and applications to consume WAN bandwidth. Not only does
this permit more efficient use of bandwidth, it also helps to avoid the kinds of headaches
that unauthorized or unwanted protocols and services (and the data they convey) can
cause.
• Corporate resource prioritization remains consistent with organizational policies and
imperatives. Use of WAN optimization ensures coherent, consistent application of
security policy, access controls, and traffic priorities. WAN optimization technology
permits centralized control and management over all WAN links, and enables
organizations to impose and enforce the controls and priorities congruent with their needs
and priorities, and to make and control changes over time as needs dictate.
A well-designed WAN optimization solution may be delivered and deployed using appliances in
remote and headquarters offices to improve performance in a variety of ways. Two early ways to
achieve accelerated application delivery come from Quality of Service (QoS) classifications, and
bandwidth management techniques to prioritize and groom traffic. Other performance-enhancing
techniques involve caching algorithms, shared data dictionaries and cache entries, and protocol
acceleration through proxy services. But how do these apply in a world where clients, servers,
and data come in so many different types?

Measuring Complex Data and User Transactions

It suffices to say: that which cannot be measured cannot be monitored. Without a formal means
of establishing benchmarks and performance metrics, there simply isn’t any means for
monitoring application delivery. The introduction of simulation/probe and passive measurement
techniques becomes the basis through which performance benchmarks can be obtained and
monitoring techniques applied and understood. Many connections are serially-oriented—
operating as a progression of individual events—as opposed to creating several concurrent
connections in parallel. This leaves much to be desired—and much more to be optimized.
Several significant considerations must be applied:
• Understand the protocols being used, then optimize them to improve performance and
efficiency. WAN optimization technology uses proxies to manage local, chatty services
and applications on the LAN, and to map this kind of frequent, recurring local network
traffic into more efficient communications and data transfers across the WAN.
• Save and re-use recurring requests for data via objects and data string caching. Caches
and symbol dictionaries may be created and maintained across multiple WAN
optimization devices, and updated only when actual changes occur. In the meantime,
references to arbitrarily large data objects or strings may be sent across the WAN instead
of requiring transfer of the actual data involved. Because the size of such references
seldom exceeds 10 KB, and each such reference can point to data that is significantly
larger, data volume reductions up to 99% are possible. Consistent reductions in the 30-
60% range are typical.

17
 Chapter 1

• Instant, predetermined compression and encryption of data before distribution across the
WAN. WAN optimization devices employ sophisticated hardware compression and
encryption devices to make sure that the communications that actually traverse WAN
links are both compact and as indecipherable to unauthorized third parties as modern
technology will allow.
• Data caching is challenging when considering that a majority of objects by count (and by
size) are too small to fit in a byte cache as described here. Unless they happen to appear
in exactly the same order, which is highly unlikely on a contended network, byte caching
won’t improve performance. The only improvement for large (that is, video) and small
(that is, Web page) object performance is through an object cache. Byte caching is
designed for CIFS and MAPI optimizations, where it continues to perform the best.
Object caching, however, often delivers the most dramatic improvements in performance
when WAN optimization techniques are properly employed.
• Establishment of data delivery priorities based on users, applications, and processes.
WAN optimization technology lets enterprises determine what kinds of traffic gets to
jump to the front of the queue and obtains the best quality of service or service level
guarantees. This not only helps to make effective use of WAN links and bandwidth, it
also helps to ensure that end-user experiences are as positive as their priority ranking and
assigned importance will allow.
If you don’t measure and model your network infrastructure through a well-constructed service
commitment, SLA breaches may go undetected. Reasonable expectations cannot be stated or met
in terms of the service commitment when informal or ad-hoc service architectures are in place.
Enforcement of said commitments becomes an infeasible and impractical proposition.
If you don’t monitor the end-user experience, end-user perception and end-to-end response time,
unpleasant surprises lie in wait on the bumpy network path ahead. Expectations can neither be
defined nor met without a formal understanding of these performance properties. Ultimately, it’s
the end user who suffers the most with an indirect but significant impact on business flow.

It’s Not a Challenge; It’s a Promotion!

Visualize and utilize the proposition of network performance enhancement as a promotion, not a
challenge. Delivering applications, rather than just packets, requires an enhanced skill set for
networking professionals that ultimately aligns them closer to the value-adding parts of the
organization. Treating all network connections as a singular flow of packet traffic gives neither
the flexibility nor the scalability to ensure that business-critical applications perform as desired
and expected.

18
 Chapter 1

Protocol optimization requires in-depth protocol knowledge to accelerate end-user response time
and enhance serially-oriented network requests. Optimization strategies can better anticipate user
requests through by understanding the intricacies of how certain protocols function natively on
the LAN, and how they can better function across the WAN. Applications that use serialized
requests (e.g., HTTP, CIFS, etc.) and traditionally “chatty” applications (e.g., RPC, RTSP) or
those designed for LAN environments (i.e., CIFS, MAPI) achieve considerable performance
gains through by bundling or short-circuiting transactions, or using pre-fetch techniques to
anticipate upcoming requests and data transfers. Essentially this translates into batching up
groups of related requests on one side of the WAN link, then doing likewise for related responses
on the other side of the WAN link. It also involves use of proxies to carry on conversations
locally for chatty protocols, then switching to bulk transfer and communication mechanisms
across the WAN to lower the amount of back-and-forth traffic required across such links.
Networking professionals ultimately inherit the responsibility of promoting service and
performance levels because IT and Information Management System (IMS) are inherently
problematic. Remote Windows branch office servers have proven unmanageable, and IT
governance doesn’t mean the same thing to all people. Many organizations use spur-of-the-
moment processes that are either too loosely or too rigidly adhered, often concentrating efforts
on the wrong aspects and failing to focus on key operational factors that make the IT process
work efficiently. Oftentimes, there’s no surefire direction or method of approach to ensure the
right aspects of performance are maintained at reasonable levels. Sometimes this results in the
end user pointing the accusative finger of blame directly to those hard-working network
professionals.
Shortly thereafter follows all kinds of server proliferation as an interim solution that proves
equally unmanageable. Many of these so-called solutions still require manual intervention to
operate and maintain, which is neither a model of efficiency nor room for innovation to thrive.
Router blades for Domain Name Services (DNS), Dynamic Host Control Protocol (DHCP), and
Remote Authentication Dial-In User Service (RADIUS) largely rely on the data professional
delivering these goods over time. Print, file and services delivery are also an integral component
to this unmanageably complex nightmare.
Moreover, these services are not integrated into routers because it’s the optimal architectural
place for them—the performance issues inherent in hosting high-level services in a store-and-
forward appliance are obvious. Such services are integrated into routers because there is a
profound organizational desire to have network administrators manage them, and for that
purpose, there is no better obvious placement.
Get involved in the application and protocol format: deconstruct the entire application and
analyze its format to perform protocol optimization and manipulation. It requires a keen
programmer’s insight—well, almost—and fundamental understanding of protocol topics to
design, implement and deliver the appropriate optimization solution.

19
 Chapter 1

Progressing Up the Value Chain

Network IT professionals are moving higher up the value chain as these issues raise significant
performance problems on business operations. Once part of the transparent business process,
network professionals are now a very visible and valuable aspect of the IT value chain. Even
end-user awareness has increased to include these networking professionals, as their efforts
directly affect the end-user experience. And we’re not just talking about the accusative finger-
wagging sort of end-user awareness.
Consolidating servers out of branch offices assumed that the network would consume any excess
capacity resulting from their aggregation. In theory, this may have made for sound composition;
in practice, reality paints an ugly picture. Consider the example of Messaging Application
Programming Interface (MAPI). Using MAPI—a messaging architecture and a Component
Object Model based API for MS Windows—allows client programs to become e-mail
messaging-enabled, messaging-aware and messaging–based. MAPI subsystem routines interface
with certain messaging services that are closely related to the proprietary protocol that MS
Outlook uses for communications with MS Exchange. However, another ugly reality rears its
head as the MAPI framework fails to scale meaningfully within much larger network contexts.
That’s not to say that Microsoft was necessarily trying to lock customers into branch office
servers. Protocols were written for contention management networks where small packets and
short, bursty chattiness were acceptable, and desirable for reducing the impact of network
collisions. Here again, impact of WAN level latency and round trip times played little or no role
in protocol and service designs.
Originally, these conversational, busy protocols worked well when networks had relatively low
latency and more demand for available bandwidth. Excessive round-trip times per request,
particularly for large payloads as seen in video and audio-bearing communications channels,
create inordinate amounts of wasteful line noise that invariably adds to such network latency.
When mapped onto widely-dispersed long-haul connections, such latency often multiplies by one
or more orders of magnitude (tenths of seconds to full seconds or longer), and delay quickly
becomes a massive management nightmare.

Summary
This chapter lays the foundation and defines the concepts for WAN concepts and components,
with an emphasis toward enhancing and optimizing its operation. By layering WAN topologies
over LAN technologies, performance decreases in a dramatic and discernible way. There are
methods of monitoring, measuring, and modifying operational aspects of WAN technologies to
improve the end-user experience and alleviate strain on potentially overworked networking
professionals. In the next chapter, we’ll adopt a more focused perspective on the types of routing
protocols, processes, and procedures used to address these performance issues.

20
 Chapter 2

Chapter 2: Managing Scale and Scope in a Distributed WAN

Environment
At the very core of every network infrastructure is the routing process. Network cabling and
media, in all its various forms, creates the veins and arteries for the network, where routing is a
dynamic internal process through which data travels around a system composed of intermediary
devices and connection endpoints. Routing manages the communications path selection process
in computer and telecommunications networks—and is a component function in all such
networks—and determines when and where to deliver data-bearing traffic. Routing involves the
direct forwarding of data packets in packet-switched networks to designated endpoint addresses
through intermediary devices known as routers, bridges, switches, firewalls, and gateways.

This chapter uses the term routing in a broadly defined, generally applicable way. This usage is
entirely different from the more specific term router, which is effectively a TCP/IP Layer 3 device.
Request for Comment (RFC) 1983 defines routing as “The process of selecting the correct interface
and next hop for a packet being forwarded.” That’s really what this guide is all about—finding and
using the next best hop to ensure secure, timely, and/or qualitative delivery of network data, and
optimizing traffic across hops that involve wide area network (WAN) links.

The science of routing is the process of identifying connective pathways along which to deliver
data between subnets or external network sources, using a variety of logical and algorithmic
techniques. It is the directional flow of datagram or packet traffic from source to destination
according to some defined passageway that is typically specified through administratively
managed memory-resident routing tables. A router selects the correct interface from its available
routing table and determines the next hop along which to forward a packet. Similar network
address structures (closely related numeric values) imply proximity within a network, even for
WAN-spanning connections. The process of accessing the Internet through a WAN connection is
depicted in Figure 2.1.

21
 Chapter 2

Figure 2.1: When moving a packet across a WAN link, the router picks it up from some internal interface,
then forwards it out an external interface, which typically delivers the packet into an “Internet cloud.” At the
destination side, the same packet eventually arrives at the router’s external interface for forwarding into an
internal LAN.

Lessons from the Routing World

Routing doesn’t make the world go round, but it does help telecommuters get around. Much of
its operation is transparent and unknown to the majority in the networked working world, the
very nature of which is lost on the non-technically minded. However, routing is still universally
understood to be a necessary and vital process to establish a connection in the computing world,
and to stay that way. There are many valuable lessons to be learned and worthwhile observations
to be made from past experiences and present encounters with routing applications, services, and
technologies, even where WAN optimization is concerned.
Routers themselves create broadcast domains that enable neighboring equipment to identify
unknown hosts within the boundaries of the network perimeter. Broadcast traffic reaches all
connected hosts, and by virtue of this fact, bandwidth utilization can get out of hand quickly
within large-scale networks. Overly chatty protocols such as the Address Resolution Protocol
(ARP) and Reverse ARP (RARP) are present in TCP/IP network environments wherever IP
addresses are mapped to Media Access Control (MAC) addresses. ARP and RARP broadcast
“who has” queries to elicit “is at” responses to identify these IP and MAC pairings (or lack
thereof) for the purposes of bootstrapping network-loading operating systems (OSs) to initialize
appliances and devices that are network-aware and to manage routing and special handling for
low-level, locally connected client interfaces. This explains why such traffic is usually restricted
to specific access domains and is almost always a purely local (rather than wide-area) form of
interaction.

22
 Chapter 2

From a processing resource perspective, routing grows exponentially complex particularly in

large networks owing to the number of potential intermediate destinations a packet may traverse
before reaching its final destination. Routers manage information about paths that enable packet-
based messages to reach their intended recipients, forwarding units of digital information along a
particular path designated in headers and defined by parameters (protocol fields) contained
within the message. In a much broader sense of the term, routing may also include the translation
of such messages between Local Area Network (LAN) segments that utilize different Link Layer
Control (LLC) protocols.

A packet is the basic unit on any TCP/IP-based packet-switched pathway. It is a formatted block of
information that includes protocol fields, headers, trailers, and optional payloads. Protocol properties
parameterize how a packet is to be handled and delivered. They also include putative identities (in
the form of IP addresses) for both sender and recipient stations, error-control information, message
payload, and optional routing characteristics, all of which we discuss in more detail later in this
chapter.

A packet can be a complete unit in itself or part of some larger ongoing communication between
endpoints. Computer communications links that do not support packets, such as traditional point-
to-point (PPP) telecommunications links, simply transmit data as a series or stream of bytes,
characters, or bits. TCP/IP networks handle such links with relative ease by providing reversible
encodings to enable them to be transited using native formats, then retransformed back into
packet-based traffic on the other side of such links. Also, TCP/IP networks chop up large data
sequences into smaller packets for transmission and logically group data according to the DoD
network reference model, which creates four layers populated with various protocol definitions.
Imagine a router is the mail room for a busy postal clerk who’s constantly rushing deliverables
between senders and recipients. Envision each packet as an envelope full of mail circulating the
globe, and for many fleeting moments throughout his day, this busy mail clerk processes such
items. Now consider that some mail has higher priority than others and is marked accordingly to
reflect its status. That mail will be processed with more attention to delivery timeframes than
other pieces of mail, so it may very well “jump the line” or receive other special handling along
its way.
Also consider that certain pieces of mail are too big (in size, shape, or weight) to fit into a single
envelope or reasonably large box, so its contents are broken into a larger number of smaller,
simpler packages and elements, and sent in multiple bit and pieces. Perhaps some of these items
are marked “fragile” or “one of many,” indicating other special handling or delivery
considerations. In essence, these parcels specify some special handling characteristics that are
dealt with by other post office personnel who may handle them at some point during their trip
from sender to receiver. From a simplified perspective, this model is analogous to packet routing.
Alas, this is where the router-as-a-mailman analogy ends and a more accurate definition of
routing prevails. The analogy breaks down because network routing is far more complex than
what mail courier services encounter and endure. Packets possess a vast variety of protocol
properties and parameters that influence their handling and delivery throughout the routing
process, enough to swamp mere human minds but well within the primitive (but more
calculating) capabilities of the kinds of computer “brains” present in modern high-speed
networking gear (switches, routers, and so forth).

23
 Chapter 2

A router can itself be a computer or some functional equivalent that is used to interconnect two
or more network segments. It operates at Layer 3 of the OSI reference model, routing traffic
through network segments so as to move it toward the final destination to which it is addressed.
A router accomplishes this task by interpreting the network (Layer 3) address of every packet it
receives to make an algorithm-based decision about the next interface to which that packet must
be delivered.
The pathways along which packets travel may be static or dynamic. Static routes use pathways
that must be explored, negotiated, and then established before traffic can proceed across them,
whereas dynamic routes are made and used as needed, in keeping with parameters presented
within packets in motion or based on data included in connection requests that last only as long
as they’re needed. Either way, a router must keep up with changes to network topology, route
availability, traffic conditions, and other factors that can influence if, when, and how quickly
traffic moves across pathways accessible through specific interfaces. Figure 2.2 shows a
simplified routing grid, with cost factors applied for paths to networks A through E.

Figure 2.2: Routers must track and keep up with path cost factors to understand how to forward specific
types of packets for transmission across the WAN, symbolized by the light blue cylinder at the picture’s
center.

24
 Chapter 2

Introduction of Local and Border Distinctions

Local and border distinctions define the edges of a given network perimeter, from the
perspective that traffic is essentially bound or confined to some virtual circuit pathway or
transmission space on its way across perimeter access points, whether inbound (from the WAN
to the LAN) or outbound (from the LAN to the WAN). On local or private networks, packet
transmission between recipients is tightly bound to a LAN topology. A LAN topology may span
one or more LAN segments, which themselves reside within a network border that outlines the
perimeter or outermost edge of a network’s reach.
Network boundaries or borders are where a great deal of interesting activity typically occurs.
This is as much a boundary that distinguishes between levels of knowledge (absolute knowledge
inside the border, limited knowledge outside the border) as it does between levels of control
(absolute control inside the border, limited or no control outside the border), cost (lower costs
inside the border, higher outside), and speed (higher speeds inside the border, lower speeds
outside—with differences sometimes as high as three or more orders of decimal magnitude). By
no surprising coincidence, all these conditions also hold for WAN optimization, and likewise
play a significant role in designing and implementing effective WAN optimization techniques.
It’s also the case that communications across the boundary, and over the WAN, is more costly
and time-consuming than communications that stay within local LAN boundaries. This also
explains why compression is so commonly applied to all WAN traffic, as a way of helping to
limit communications costs and associated bandwidth consumption.
Within the border, network routers can behave more or less as they want to, and impose all kinds
of control and management schemes on traffic as they see fit, including classes or quality of
service controls to prioritize and manage traffic of different kinds and importance in different
and appropriate ways. Within the border, enterprises can establish their own routing systems to
establish and maintain whatever routing regimes they might want to use and change them over
time as they see fit. They can even choose whatever kinds of routing protocols they like, and
configure them any way they like.
Outside the network border, however, freedom of choice disappears, and flexibility is
considerably diminished. Border routers must use whatever protocols are required in the exterior
(outside the border) routing environment, and must adhere to whatever controls, tags, addresses,
and so forth that the exterior environment decrees. Irrespective of whatever kinds of quality or
class of service mechanisms may be in use inside the border, outbound traffic must map into
whatever kinds of labels or tags are known to the exterior environment, and often means that
quality and class of service information either becomes irrelevant or is reduced to two or perhaps
three levels (fast and slow, or perhaps slow, middling, and faster, where three different levels are
available).

25
 Chapter 2

Outside the border is also where big delays kick in (WAN links are invariably far slower than
LAN links, and public pathways likewise slower than private ones, if only because of higher
utilization and traffic volumes) and where traffic gets more expensive to move. This
phenomenon helps to explain much of the appeal inherent to WAN optimization, and stems from
reductions in traffic achieved through all sorts of clever techniques that include protocol proxies,
caching, shared symbol and data dictionaries, and more.

Throughout the remainder of this chapter, several references will be made to the concept of an
autonomous system (AS)—a collection or collective group of IP networks and routers under control of
a common administration with common routing policies. An official definition can be found in RFC
1930 at http://tools.ietf.org/html/rfc1930. An AS may reside inside the network boundary and operate
within its borders. Anything outside the border is usually under somebody else’s control, though that
routing domain is probably also an AS. But exterior routing requires consensus to operate and
adherence to common rules and requirements to use.

Introducing the Routing Information Protocol

Routing Information Protocol (RIP) was once commonly used on internal networks as an Interior
Gateway Protocol (IGP) so that routers could dynamically adapt to changes to network
connections via route advertisements. These advertisements communicate information regarding
reachable networks and metric distances to those networks. Although RIP is still actively used to
lesser extents in small-scale modern environments (fewer than a dozen routers, fewer than a
thousand nodes), it has been rendered obsolete and surpassed by far superior routing protocols
designed to behave well in large, complex networking environments (hundreds to thousands of
routers and many, many thousands of nodes).

IGP is a routing protocol used within an AS to determine reachability between endpoints within that
system. In its distance-vector form, IGP identifies available pathways through advertisement of
routing locations (in relation to other locations that likewise advertise themselves). When IGP uses a
link-state-oriented protocol, each node possesses complete network topology information for all
available pathways. Both distance-vector and link-state concepts are described shortly.

However, RIP quickly shows is crippling limitations within any sizable network environment.
Chiefly among its inadequacies is a non-negotiable 15-hop limitation, which severely restricts
the operational capacity and logical expanse of WAN topologies. RIP also cannot handle
variable-length subnet masks (VLSM), a problem for an ever-shrinking IP address space. RIP
routers also periodically advertise full routing tables that are a major unnecessary consumer of
available bandwidth—another major blemish for WAN topologies. Convergence on RIP
networks occurs slowly, with routers enduring a period of holding formation and garbage
collection before expiring information that has not been recently received—also inappropriate
for large-scale networks, particularly slow links and WAN clouds.

26
 Chapter 2

From a network management perspective, RIP possesses no concept of network delays and link
costs, and therefore provides no resolution for these issues. Routing decisions are entirely hop
count-based, even despite better aggregate link bandwidth or lower latency. Also problematic is
the fact that RIP network topologies are uncharacteristically flat, with no concept of containment
boundaries or logically divided areas. RIP networks fall drastically behind without Classless
Inter-Domain Routing (CIDR) capability, the use of link aggregation or route summarization.
A second version, RIPv2, seeks to address several shortcomings and glaring omissions from its
predecessor but still possesses the 15-hop limitation and slow convergence. Both of these
properties are essential to support modern large-scale network environments. As is usually the
case, technological innovation designed by human inspiration has a way of besting the most
difficult of challenges. RIP also describes the most basic kind of operation that involves WAN
optimization, in that it is most often applied between pairs of devices across a single, specific
link, where the parties on each side of a WAN connection have thorough or exhaustive
knowledge of everything they need to know about what’s on the “other side” of that WAN link.
This might be viewed as a paragon of static routing, in that much of what WAN optimization
devices can do depends on knowing the ins and outs of operations and characteristics on both
sides of the WAN link, and of taking steps based on that knowledge to limit the use of that WAN
link as much as such knowledge will permit.

Open Shortest Path First Algorithms

The Open Shortest Path First (OSPF) protocol is one of several hierarchical interior gateway
protocols (IGPs) used for routing in IP between small to large networks, utilizing link-state data
in the individual areas or routing domains that define the hierarchy. An algorithm-based
computation calculates the shortest path tree inside each area and is perhaps the most widely
used IGP in large enterprise networks. OSPF dynamically determines the best routing path for IP
traffic over a TCP/IP network and is designed to generate less router update traffic than is
required by the RIP format it replaces. By design, OSPF also incorporates least-cost, equal-cost,
and load-balancing capabilities. Unlike RIP, OSPF incorporates cost or preference information
when selecting the routes it will use from the routes it knows about. This kind of selective
behavior is also typical for WAN optimization, which at some level is all about managing costs
and limiting WAN access as much as possible, without impeding communication.

What is meant by link-state? Consider a link as any interface on the WAN router. The state of that link
describes the interface and its relationship to nearby routers; this state description includes its IP
address, subnet mask, network connection type, interconnected routers, and so forth. Collectively,
this information forms a link-state database, described later.

RIP is a distance-vector protocol, which means that it uses hop count to select the shortest route
to a destination network. RIP always uses the lowest hop count despite the speed or reliability
properties of its supplied network link. OSPF is a link-state protocol, meaning it can
algorithmically consider a variety of link-related conditions when determining the best path to a
network destination, including speed and reliability properties. Furthermore, OSPF has no hop
limitation and routers can be added to the network as necessary making it highly suitable for
highly scalable enterprise WAN environments.

27
 Chapter 2

OSPF also provides several other enhancements still outstanding from its predecessors, RIP
versions 1 and 2. OSPF has unlimited hop count, VLSM capability, and uses IP multicast to send
link-state updates as they occur to reduce network noise. Routing changes are propagated
instantaneously, so OSPF has better convergence than RIP. OSPF allows for better load-
balancing, enables the logical definition of networks (with routers divided into areas), and limits
the delivery of link-state updates network-wide. Password-secured route authentication, external
route tagging for AS, and aggregate routing are also advantages OSPF has over RIP.

What is meant by convergence? From a network routing perspective, convergence is essentially the
combination and merging of advertised routes and route updates from all available sources of such
information (other routers). When we say that RIP converges more slowly than OSPF, that means it
takes longer to propagate updates through a collection of RIP routers because each update goes
through hold-off and garbage collection periods that timeout and delete stale information more slowly
than is the case in OSPF.

A link-state database (LSDB) is constructed as a tree-image of the network topology and

identical copies are periodically updated on all routers in each OSPF-aware area. Assigned areas
in an OSPF model are designated numeric values that correspond to regions of an enterprise
network, with each additional OSPF area directly or virtually connected to the backbone area.
OSPF is hierarchical, propagates changes quickly, and supports overlapping variable subnet
masks (VLSMs) to enable multicasting within distinct network areas. This, too, makes OSPF
more efficient than RIP and helps keep update traffic volumes down. After initialization, OSPF
routers only advertise updates as routes change and never include an entire routing table in a
single update (as RIP is wont to do). Also, OSPF areas may be logically segmented and
summarized to reduce routing table sizes; the OSPF protocol remains an open standard
unregulated by any single vendor. As such, OSPF is well-suited to WAN deployment where
combinatorial network topologies may have no clear hierarchy, contain large numbers of routers,
lack an efficient means for route update propagation, or utilize potentially conflicting
subnetworks and masks. Overall, WAN overhead is lowered through more efficient delivery of
routing tables, and traffic reduction strategies built-in to OSPF further help eliminate potential
line noise and subsequent bandwidth waste.
That said, OSPF taxes processing resources heavily and maintains multiple copies of routing
information. OSPF uses very little bandwidth where no network changes exist but will flood
network devices after recovering from a power outage. It isn’t perfect, but it’s a perfectly
functional model. The analogies to WAN optimization are also fairly strong, in that initial setup
and cache population will tax such systems most heavily, just as resynchronization activities will
impose the greatest overhead on communications between pairs of WAN optimization devices.

The OSPF protocol format is specified in RFC 2328, which you can find by pointing your favorite
online browser to http://www.ietf.org/rfc/rfc2328.txt.

28
 Chapter 2

Interior Gateway Routing Protocol

Interior Gateway Routing Protocol (IGRP) is a routing protocol developed at Cisco Systems in
the mid-1980s, as the company sought to implement a robust and efficient routing protocol
within autonomous systems. As a first attempt to improve upon and optimize overhead for RIP,
and to add support for protocols other than TCP/IP (especially OSI connectionless network
protocol or CLNP networks), IGRP combines a distance vector algorithm with a number of
wide-ranging metrics for internetwork delay, available bandwidth, reliability, and network load
to offer a more flexible and accommodating routing regime than RIP could deliver.
Metric values for reliability and load are eight-bit values that can accommodate numbers from 0
to 255. Bandwidth metrics can represent speeds from 1200 bits per second (bps) to 10 Gbps.
Delay values are 24-bit numbers than can accommodate any value from 0 to 224 – 1. IGRP also
lets network administrators define constants they can use to influence route selection, where such
values are hashed against these metrics, and each other, using a special IGRP routing algorithm
to produce a single composite metric value. This lets administrators give high or lower weighting
to specific metrics, and thereby, to fine-tune IGRP’s route selection capabilities.
IGRP also supports multi-path routing, where bandwidth can be load balanced across multiple
links, or where failure of a primary link automatically brings a backup link into use (a situation
commonly described as failover). To keep update traffic and activity under control, IGRP also
makes use of numerous timers and convergence features to limit update frequency, to decide
how long to keep quiet routes for which no updates have been received active, and to determine
how long to maintain routing table entries as they age over time. All of these characteristics
provided significant improvements over RIP without switching to a link-state view of the
networks that IGRP serves.
Over time, IGRP has been one of the most widely used and successful routing protocols. Cisco
took great pains to preserve useful functions from RIP but greatly expanded IGRP’s reach and
capabilities. IGRP does lack support for VLSMs, which led to the introduction of Enhanced
IGRP (and many switchovers to OSPF), in the early 1990s as pressure on IP address space and a
desire to compress routing tables drove service providers, communications companies, and large
organizations and corporations to abandon IGRP in favor of newer, still more capable routing
protocols.
IGRP’s numerous metrics and their wide representational capabilities provide a strong indication
of what determined, well-designed programming can do to better represent network traffic needs
and conditions. In much the same vein, WAN optimization devices also employ numerous
complex metrics to characterize and manage WAN traffic and to reshape such traffic to better
map LAN characteristics for WAN transmission and transport.

29
 Chapter 2

Enhancements Introduced via the Border Gateway Protocol

Border Gateway Protocol (BGP) is the core routing protocol for the Internet—thus, it is an
exterior routing protocol used for informational exchanges between ASs. As an inter-
autonomous path vector protocol, BGP operates by maintaining tables of IP networks or prefixes
that designate network reachability (much like a telecommunications exchange) among ASs.
BGP does not use traditional interior gateway metrics but rather bases its routing decisions
according to pathway, network policies, and administrative rule sets. Currently, BGP exists in
versions 2, 3, and 4.
BGP was intended to replace the now defunct Exterior Gateway Protocol (EGP). It now far
outclasses and outnumbers original EGP installations. BGP provides a fully decentralized routing
scheme, thereby enabling the Internet itself to operate as a truly decentralized system. It supports
internal sessions—routes between routers in the same AS—and external sessions between
routers from differing ASs. BGP can be used alongside OSPF where an autonomous system
boundary router uses BGP as its exterior (Internet-facing) gateway protocol and OSPF as the
IGP.

BGP and OSPF interaction is all spelled out in RFC 1403—BGP OSPF Interaction. You can read up
on this subject at http://www.ietf.org/rfc/rfc1403.txt.

BGP exchanges routing information for the Internet and acts as the adhesive protocol between
Internet Service Providers (ISPs). Customer and client networks (such as university or corporate
enterprise networks) will usually employ an IGP (such as RIP or OSPF, where the former
suffices for small, simple networks and the latter becomes necessary for larger, more complex
ones) for internal routing exchanges. These customers and client networks then connect to ISPs
that use BGP to exchange customer/client and ISP routes. When BGP is utilized between Ass,
the protocol is referred to as an External BGP (EBGP). When an ISP uses BGP to exchange
routes within a single AS, it’s called an Interior BGP (IBGP).
BGP is a robust, reliable, and scalable routing protocol capable of handling tens of thousands of
routes via numerous route parameters called attributes that define routing policies and maintain a
stable routing environment. Classless Inter-Domain Routing (CIDR) and route aggregation (to
reduce routing table size) are two prominent features of BGP version 4, as widely used on the
Internet. Route aggregation is a technique used to conserve address space and limit the amount of
routing information that must be advertised to other routers. From a conceptual viewpoint, CIDR
takes a block of contiguous class C addresses and represents them in an abbreviated and
concatenated numerical form.
BGP offers capabilities and scale that goes well beyond current WAN optimization technology,
which seldom scales to embrace systems by the thousands, let alone in larger numbers.
Nevertheless, BGPs facilities at aggregating traffic, managing complex routes, and reducing
addressing and traffic complexity have provided important models for WAN optimization
techniques, albeit at a smaller scale.

30
 Chapter 2

Quality or Class of Service Labels and Related Queuing Disciplines

One common denominator for many of these WAN-worthy enterprise network protocols is
traffic congestion control. For routers to route effectively, their pathways must be unobstructed
and their presence must maintain a complete view of their operational domains. Surprisingly for
some, routers don’t actually exercise much control over what network traffic they route because
they do not ultimately originate such traffic. A router is merely a conduit through which traffic is
conducted, and can only serve to influence the nature of its traffic flow. WAN optimization
works in much the same way, where both routers and WAN optimization devices can impose
controls on the traffic they see, according to predetermined rules or filters.
A router can drop traffic altogether, selectively accept or reject traffic, or place certain frames
ahead of others as they queue up to access some particular interface. Between a cooperative set
of hosts with similar specialized components, a router even can accept reservations and retain
bandwidth for resource-intensive applications. However, all but the last method provide only
primitive forms of traffic control. That last entry is in a league of its own that involves qualitative
delivery of network service capacity with an absolute guarantee of minimum performance
values.
Class of Service (COS) and Quality of Service (QoS) are two such strategies and include an ad
hoc collection of technologies and techniques designed to designate priority values for certain
types of traffic so as to do their best to ensure that minimal performance levels are achieved for
higher priority types. Typically, the elements of QoS schemes are somewhat ad hoc in nature and
often reflect only momentary or perhaps even idiosyncratic notions of priority and relative
weight or importance. Because of this, QoS deployment can erect barriers for creating a true end-
to-end strategy because applications, platforms, and vendors frequently differ in the techniques
and technologies they use to define and assign QoS or CoS designations.
Furthermore, this creates great difficulty for IT groups seeking to deploy a consistent, seamless
QoS solution across an enterprise WAN, which invariably spans multiple departments and sites
and may even involve multiple sets of common carriers for long-haul links. Each department
might rely on diverse sets of architectures, platforms, and software. Bringing all these elements
into agreement through a common QoS approach can be as much of a chore as it is a challenge,
and always involves lots of time, negotiation, and many drafts en route to a consensual and
workable solution. Some of the different types of related queuing mechanisms used to prioritize
traffic include the following (and remember that these mechanisms only have an impact when
and as traffic starts piling up at some interface queue, waiting for its turn to be transmitted; only
if multiple packets line up together for transmission can any kind of priority be imposed):
• Priority Queuing (PQ)—Traffic is prioritized according to a priority list and sorted into
one of four (high, medium, normal, and low) priority queues.
• Custom Queuing (CQ)—Traffic is divided into several queues, one of which is serviced
first (keep-alives, critical traffic) and the remaining traffic is serviced in a round-robin
fashion
• Weighted Fair Queuing (WFQ)—Automatically sorts among traffic, capable of managing
two-way data streams, with packets sorted in weighted order of arrival of the last bit

31
 Chapter 2

• Weighted Random Early Detection (WRED)—A congestion avoidance mechanism that

uses TCP congestion control to drop packets randomly but does so based on IP
precedence (this provides the weighting mechanism where higher-precedence packets are
less likely to be dropped than lower-precedence ones), prior to periods of high
congestion; such packet losses require their transmitters to decrease their transmission
rates, normally to the point where all packets reach their destination, thereby indicating
that congestion has cleared
• Weighted Round Robin (WRR)—A congestion avoidance mechanism that segregates
traffic into various classes of queues and then grants access to the interface to each queue
for a duration determined by the priority associated with its class; this avoids starvation
problems that strict round-robin queuing can experience, where lower-ranked queues may
be completely blocked from access to the interface as soon as higher-ranked queues begin
to experience congestion (even though a low-ranked queue may enjoy only small,
infrequent time slices for access, it will still get some access to an associated interface
when WRR is used).

Figure 2.3: In general, queuing priority works by inspecting incoming packets for internal CoS or QoS
identifiers, then depositing those packets into any of a number of priority queues. The ways in which queues
are serviced, and how long each queue gains exclusive access to the attached network interface, determines
how each of the preceding queuing disciplines is implemented.

Data packets are scheduled on the network through a series of queue service disciplines used to
determine service priority, delay bounds, jitter bounds, and bandwidth allocation. Each queue is
assigned a certain weight indicative of the amount of its guaranteed capacity. Among these
choices, the Weighted Round Robin (WRR) technique may be mathematically proven to provide
the most reasonable performance both in guaranteeing bandwidth and achieving fairness
requirements. WRR, however, fails to accommodate some end-to-end delay requirements and
jitter bounds, and thus may not be suitable for time-sensitive streaming traffic such as video or
voice.

When discussing QoS, the terms service priority, delay bounds, jitter bounds, and bandwidth
allocation all describe properties of queue service disciplines. Service priority is the precedence value
given to specific application, service, or protocol traffic. Delay bounds specify predetermined
operational latency values, whereas jitter bounds specify a predefined range of transmission signal
variance. Bandwidth allocation is the amount of traffic (or range of signal frequency) provisioned on a
given transmission medium.

32
 Chapter 2

QoS does confer an ability to apply priority levels for various applications, users, or data flows,
and to guarantee a certain level of performance for a specific data flow. Individual requirements
can be guaranteed for bit rates, delay, jitter, packet drop probability, and error rate. Such
guarantees may be necessary where network capacity is insufficient to accommodate any and all
traffic using best-effort delivery (no QoS, no priority) particularly for real-time streaming
multimedia applications such as VoIP, IP-TV, or other fixed bit-rate, time-sensitive protocols.
QoS mechanisms can be instrumental to improving performance anywhere network capacity is
limited and multiple protocols are in use, particularly when some of that traffic takes precedence
over the rest or where exceeding certain delay thresholds may make such traffic unusable or the
user experience unacceptable.
Many branch office routers support various forms of QoS and will allow network administrators
to apply traffic-shaping policies to network flows both inbound and outbound. This can help to
ensure that business-critical applications perform acceptably as long as sufficient bandwidth is
available to them.
Available tools to establish QoS between a service provider and a subscriber may include a
contractual Service Level Agreement (SLA) that specifies guarantees for network or protocol
performance, throughput, or latency values. These guarantees are typically based on mutually
agreed upon measures and enforced through traffic prioritization.

SLAs are discussed briefly in Chapter 1. For more information about SLAs in general, please visit the
SLA Information Zone at http://www.sla-zone.co.uk/.

At this point, we’ve coursed through the evolution of network topology-aware protocols that
work within defined parameters (or perimeters, if you prefer) of network boundaries. These
protocols use their existing knowledge of network topology to make instantaneous decisions
about how to handle packet transmissions, including when and where to make delivery. Such
protocols can be encapsulated one within another, in fact, wrapped in layers of enveloping
protocol data much like a set of nested Russian Matrioshka dolls. Ultimately, however, some
outer layer tag, label, or value helps to set priority and instructs routers how to handle the
contents whenever it encounters a non-empty queue for some network interface.
WAN Optimization techniques often prove surprisingly helpful as organizations seek to
implement class or quality of service mechanisms for their network traffic. Of course, because
such priorities weigh most heavily on traffic that crosses WAN links, there’s a definite and
beneficial synergy between QoS mechanisms and WAN optimization. On the one hand, QoS
seeks to make sure that the most important and deserving traffic gets an appropriate share of
WAN bandwidth and is subject to the lowest possible latencies. On the other hand, WAN
optimization seeks to compress, compact, and reduce the amount of data that actually has to
traverse WAN links between specific pairs of senders and receivers. Thus, WAN optimization
often helps to impose and enforce all kinds of traffic policy, including class or quality of service,
as well as providing the means whereby companies and organizations can make the most and
best use out of WAN bandwidth made available to them.
We’ve covered the many traditional and time-honored protocols introduced to enhance routing
performance using a number of techniques, tactics, and technological approaches. Let’s
transition into more modernized big-league protocols that significantly up the ante for routing
gambles.

33
 Chapter 2

Historical Attempts at WAN Optimization

Before the advent of explicit WAN optimization technologies and tools, and devices designed
specifically to support them, numerous technologies appeared that sought to deliver some of the
same kinds of benefits as explicit WAN optimization, in many cases using tools or techniques
that would also be employed in WAN optimization to good effect. We take a look at some of
these in the sections that follow.

Compression on the Wire

Even early in the Internet era, hardware vendors realized that WAN bandwidth was more
precious than LAN bandwidth, and took aggressive steps to compress traffic before shipping it
across such links (where it could be decompressed at the other end before entering another
LAN). Computer modem technology is a testament to benefits of compression, in that newer
generations (V.34, V.44, V.90, V.92) use the same phone lines and underlying communications
infrastructure to achieve ever-improving analog bandwidth of up to 56 Kbps thanks mostly to
ever-better and more capable compression algorithms. The same holds true for the hardware used
to establish most types of WAN links, where compression is likewise an integral part of data
communications using such gear.
WAN optimization seeks to take compression several steps further. For one thing, it can take a
more logical view of data, and perform symbol substitutions before compression is applied for
sending, and use them after a received message is decompressed. The potential savings in
bandwidth can be enormous, as when multi-megabit or even multi-gigabit objects or files can be
replaced with symbol references that are at most 64 kilobits in size. Also, WAN optimization
devices can make use of whatever the state of the art for compression hardware happens to be at
the time they’re built, and can also apply encryption/decryption at the same time providing
proper keys are available to make such transforms.

Protocol Tuning, Tunneling, or Replacement

The Transmission Control Protocol, or TCP, is the workhorse at the TCP/IP transport layer. It
offers reliable, robust delivery but also requires acknowledgements for transmissions received,
and includes numerous mechanisms (windowing, congestion management, slow start, and so
forth) to manage its own performance and latency characteristics. Much has been said about, and
much can be made of TCP’s tuning mechanisms. But one enduring and valuable way for WAN
acceleration and optimization to occur is for TCP traffic to be repackaged inside UDP packets
for WAN transport, thereby foregoing window management, acknowledgements, and other
reliability and robustness mechanisms altogether, often by “spoofing” necessary TCP behavior
on either end of a WAN connection, and sometimes by rearchitecting applications to replace
TCP with UDP (usually along with built-in reliability and robustness mechanisms higher in the
protocol stack, or in the application itself, to compensate for the loss of functionality that TCP
delivers). These techniques have been used for some time to improve WAN performance and
reduce latency, and remain just as applicable to WAN optimization as ever.

34
 Chapter 2

Caching for Web Access

Web caching, as this technique is sometimes known, seeks to reduce the distance between the
users who request Web documents and the servers that supply them, based on the reduction in
latency that proximity delivers. In fact, the closer the server, the lower the latency. Essentially, a
web cache sits at some location between its users and a primary server, where the closer such a
cache server sits to the users, the lower the latency they will experience when requests for
documents may be satisfied from its cache.
The cache maintains a set of copies of documents that users request through it, so that any
subsequent request for a document in the cache may be satisfied directly and more immediately.
Users will still experience the latency associated with accessing the primary server each time
they ask for something that’s not in the cache server’s stores, and maintaining cache currency
will impose some overhead on access. But for reducing latency on frequently-accessed
information, a cache server can deliver impressive improvements.
Modern-day WAN optimization devices make heavy use of caching to achieve often impressive
latency reductions. Because site-to-site traffic often involves repeated access to a common set of
documents, in fact, WAN optimization devices often deliver better latency improvements by
using bigger, faster caches and by using cache dictionaries to exchange symbol references across
WAN Links. Because cache symbols can point to cache entries at object and file levels, data
reductions for WAN traffic of many orders of magnitude become possible.

Data Mirroring Boosts Web Access Speeds

Other historical approaches for speeding up Web access relied on mirroring servers at multiple
locations, where again the guiding principle was to reduce end-user latency by minimizing the
distance between the server and any user who wishes to access its contents. Mirroring is like a
more proactive form of caching, in that instead of waiting for access requests to move data or
documents from the primary server to a local cache, every time anything changes on the primary
server that change is pushed to the mirrored servers, wherever they happen to be (and vice-versa,
in a world where Web pages grow increasingly interactive).
The mirroring approach proves particularly useful for applications or services that use
bandwidth-intensive content, such as multimedia (videos, movies, games, music, and other forms
of streaming media). The best mirroring approaches also perform geographic analysis of network
traffic patterns, in the never-ending quest to situate servers so as to keep end-user latency as low
as cost factors will allow.
This approach plays into WAN optimization in that use of proactive and aggressive caching and
copying techniques is a hallmark of both approaches, and where intense scrutiny of user behavior
and traffic patterns helps to maintain local copies of information most likely to be requested in
the near future.

35
 Chapter 2

Wide Area File Services (WAFS)

Although WAFS was introduced in 2004, and thus follows the preceding two items by five years
or more, it has already become a historical rather than a current approach to WAN optimization.
Although virtually all of the early WAN optimization vendors offered some form of Wide Area
File Services in their earliest implementations, the current state of WAN optimization has
progressed beyond WAFS to include the more generic notions of Wide Areas Application
Services (WAAS) or Wide Area Data Management (WADM) which supports storage area
network (SAN) consolidation by providing users with real-time, read-write access to data centers
where corporate applications and data repositories typically reside.
WAFS seeks to reduce latency and overcome bandwidth limitations by caching data center
content at remote offices or sites, and incurring bandwidth and access use only when
synchronizing caches across WAN links. Other typical optimization techniques used for WAFS
include protocol substitution (where LAN-centric file system protocols such as CIFS or NFS are
replaced behind the scenes by more WAN-friendly alternatives), hardware
compression/decompression of traffic entering and exiting WAN links, and data deduplication
techniques that make heavy use of symbol dictionaries at both file and object levels.
Modern WAN optimization techniques tend to do more of the same things that WAFS did, and
to do them better. They often involve more aggressive and proactive caching, bigger caches with
more RAM and high-speed RAID arrays for disk storage, and faster, more capable symbol
dictionary creation and management capabilities.

Middle Mile Acceleration

In traditional networking or telecommunication terms, the middle mile is the WAN link that
spans between a service provider and the Internet backbone, or that span between the servers that
deliver broadband applications and the network core. The bandwidth required to service such
sites is often called “backhaul” and refers to the number and type of network connections
required to deliver the necessary aggregated bandwidth, usually measured in some number of T-
1 connections per site. For mobile phone companies, for example, backhaul often represents 30%
of their overall expenses, and provides a strong impetus for acceleration and optimization
techniques.
Techniques to make the most of middle mile acceleration often involve situating servers at the
edge of the Internet, thereby bringing them close to users whose locations force them through
some particular edge point to obtain Internet access. Situating a server in the same place brings
all of the benefits of caching and mirroring already discussed in earlier items in this section into
play, and is particularly well-suited for streaming media of all kinds (video, TV, movies on
demand, music, and so on).
WAN optimization technology uses these same principles to bring needed data or multimedia
closer to its users, thereby limiting causes for spikes in utilization that can swamp WAN
connections, and cause severe latency for all users who must share some particular WAN link.
It’s entirely appropriate to view this kind of technology as a “load-leveling” approach to WAN
bandwidth utilization because it uses careful analysis of demand to anticipate requests for
specific materials, and makes sure they’ve been pushed across WAN links before they’re needed
(and can then be accessed at the edge of the Internet or some equivalent communications
infrastructure, rather than requiring its constant traversal).

36
 Chapter 2

What Conventional Routing Techniques Suggest for WAN

Optimization
It’s certainly a truism that WAN latencies and communications behaviors vary greatly from their
LAN counterparts and primarily in scope and extent. Simply put, anything that happens quickly
or involves low latency on a LAN is likely to happen more slowly and involve longer latency
(sometimes, by two or more orders of magnitude) on a WAN. This explains why one of the
primary characteristics of WAN optimization involves techniques designed to reduce the number
of packets that must flow across a WAN link as well as techniques to reduce the frequency of
communication and the volume of data that must actually be transported from one end of a WAN
link to the other (and vice versa, when response follows request as is invariably the case).
To that end, WAN optimization makes use of a variety of techniques to cut down on WAN
traffic:
• Protocol substitution—WAN optimization devices often elect to manage “chatty”
protocol sessions locally on the LAN, then encapsulate and manage related
communications across the WAN using different, less chatty protocols instead (where
they can also consolidate multiple short messages into one or more longer ones). This
offers the benefits of reducing the number and frequency of messages that must traverse a
WAN link and enables designers to choose and use WAN-friendly message structures
and information transfers instead.
• Data substitution and caching—WAN optimization can inspect packet payloads at the
application layer, looking for recurring strings or data elements. Once these are copied
across the WAN link, as long as they don’t change thereafter, pairs of WAN optimization
devices can exchange index values or pointers to arbitrarily long strings or data elements,
and reduce the amount of data that must flow across the WAN link by many orders of
magnitude. In general, this technique type lowers data volumes by 30 to 60% across the
board.
• Data compression (and encryption)— To outgoing traffic already subjected to protocol
substitution as well as data substitution and caching, WAN optimization can apply a final
“squeeze play” prior to transmission and usually employs special-purpose high-speed
hardware to perform this task. This process may also include an encryption step to render
packets in transit as opaque to unauthorized third parties between sending and receiving
ends as modern technology will allow.
In general, WAN optimization devices can be considered part of the equipment at the network
boundary because they generally sit between the LAN on one side and the boundary router that
connects to the WAN on the other. This lets them apply their techniques—including those just
mentioned in the preceding paragraph—to traffic on its way out one end of the WAN connection,
where another device on the other end of the connection reverses those changes (or carries on its
side of a local conversation, where protocol substitution may be at work). This relationship is
depicted in Figure 2.4, which shows that WAN optimization devices sit between the LAN side of
a boundary router and the LAN itself.

37
 Chapter 2

Figure 2.4: When installed, WAN optimization devices typically sit between the LAN and the boundary router
(or most properly, on the stream of traffic destined for any WAN links inside the boundary router).

MPLS Introduces the Network Cloud

Then along came the Multi-Protocol Label Switching (MPLS) data-carrying mechanism for
packet-switched networks. It straddles Layers 2 (data link) and 3 (network) of the OSI reference
model and is designed to provide a unified data-carrying service for both circuit-switched and
packet-switched clients that require datagram-driven service. MPLS can handle many types of
network traffic including IP packets, along with frame formats native to Asynchronous Transfer
Mode (ATM), Synchronous Optical Network (SONET), and Ethernet.

Circuit switching is an early communications technology designed for analog-based phone networks
modified to use digital circuit switching technology for dedicated connections between sender and
receiver. Packet switching is a follow-up communications system that utilizes digital packets to
transmit all forms of communications signals and serves as the primary method of communications
for the Internet and other digital communications. A datagram-driven service is one where individual
packets that comprise entire messages are sent individually across the transmission medium.

The original motivation for MPLS was to support construction of simple but extremely fast
network switches so that IP packets could be forwarded as quickly as available high-speed
technologies will permit. This approach keeps traffic continually on the move and requires little
or no intermediate storage in slower queues where traffic must pause and wait for its allotted
service interval. MPLS also supports multiple service models and can perform traffic
management on the fly.

38
 Chapter 2

Figure 2.5: WAN optimization devices provide ingress and egress for services for Layer 1 to Layer 3
protocols.

Figure 2.5 shows how service elements (which might include boundary routers and WAN
optimization devices) can provide ingress and egress for services at Layers 1 through 3 of the
ISO/OSI model, along with access for streaming or time-sensitive services such as voice, video,
and so forth. In an MPLS environment, traffic essentially flows from an ingress service element
to some corresponding egress service element through an IP/MPLS core architecture where only
MPLS labels need to be inspected and managed as traffic flows through a core network cloud.
Here, the cloud analogy is a good one because IT professionals lose substantial visibility into and
access to what is going on in the IP/MPLS core, but in exchange obtain better traffic
management and much higher transit times through that core.
MPLS prefixes packets that enter the cloud at any egress point with an MPLS header, which
contains one or more 32-bit MPLS label fields (because multiple labels may be affixed, this data
structure is called a label stack). Each label is constructed as follows:
• 20-bit label value
• 3-bit QoS field (actually this is better described as a prioritized CoS scheme, though this
flag is still called QoS)
• 1-bit bottom of stack flag (if set, indicates the current label is the bottom of the stack)
• 8-bit time to live (TTL) field
MPLS-labeled packets can be switched from an incoming to an outgoing port based on a simple
label lookup rather than requiring a lookup into a routing table for IP addresses (a more complex,
compute-intensive operation). Such lookups can be performed while the packet is moving
through a switch fabric rather than requiring the attention of a separate CPU. Entry and exist
points for MPLS networks are called Label Edge Routers (LERs). These devices push MPLS
labels onto packets as they enter the cloud, then strip them off when they leave the cloud. In the
core, routers that forward traffic purely on the basis of the MPLS label are called Label Switch
Routers (LSRs), though an LSR may push a second (or additional) label onto a packet with an
MPLS label from an LER already affixed.

39
 Chapter 2

Labels are distributed among LERs and LSRs using a special Label Distribution Protocol (LDP).
LSRs in MPLS networks periodically exchange label and reachability data according to standard
algorithms to permit them to manage a complete map of the network paths they may use to
forward packets according to their labels. When a labeled MPLS packet hops from one MPLS
router to another, it is said to be traversing an MPLS tunnel. Label Switch Paths (LSPs) may also
be configured in an MPLS network to support network-based IP virtual private networks (IP
VPNs) or to move traffic across specific paths in the network. In many ways, LSPs resemble
permanent virtual circuits (PVCs) in Frame Relay or ATM networks, although they do not
require specific Layer 2 technologies to be at their disposal.
When an unlabeled packet enters an LER to transit the MPLS cloud, the LER determines that
packet’s forwarding equivalence class (FEC) and pushes one or more labels onto the packet’s
freshly created label stack. This is also where QoS/CoS regimes may be applied so as to expedite
high-priority traffic. Once the label stack is complete, the LER passes the packet onto the next
hop router. When an MPLS router receives a labeled packet, the topmost label in the stack is
examined. Depending on its contents, one of the following operations will be performed:
• Swap—The topmost label is switched out for a new label, and the packet gets forwarded
along the associated path for that label.
• Push—A new label is pushed on top of the stack, on top of the existing label, thereby
encapsulating that packet inside another layer of MPLS information. This technique
supports hierarchical routing for MPLS packets, and explains how MPLS VPNs operate
within the MPLS cloud (the core sees only relevant path information, and only VPN
service routers deal with private traffic data).
• Pop—The topmost label is removed from the label stack, which may reveal another label
beneath it (when this occurs, it is called decapsulation). If it is the bottom label in the
stack, the packet will no longer be traversing an MPLS tunnel on its next hop and is
leaving the MPLS cloud behind. Perforce this step is usually handled at an egress router
(LER). Sometimes when an LER handles many MPLS tunnels, the MPLS router one hop
ahead of the LER may pop the final label(s) to relieve the processing involved in cleaning
up the label stack.
Although MPLS traffic remains in the cloud, the contents of such packets is completely ignored,
except for the contents of the MPLS label stack. Even then, transit routers (LSRs) typically only
work with the label at the top of the stack, and forwarding occurs based on label content only.
This explains how MPLS operates independently of other routing protocols and the routing
tables they require as well as the well-known IP longest prefix match performed at each hop in a
conventional IP router.
Successful implementation of QoS/CoS for MPLS depends on its ability to handle multiple
services and to manage traffic priority and flow thanks to extremely quick label inspection and
label stack operations. MPLS can be especially helpful when service providers or enterprises
want to impose service level requirements for specific classes of service so that low-latency
applications such as voice over IP (VoIP) or video teleconferencing can count on acceptable
levels of latency and jitter for traffic on the move.
That said, MPLS carriers differ in the number of classes of service they offer (up to a maximum
of 8 different classes, as dictated by the QoS field size). Specific features, service guarantees,
and pricing for classes of service also differ from carrier to carrier.

40
 Chapter 2

Lessons Learned for Optimizing WAN Application Access

WAN optimization works very well with MPLS environments where CoS labels may be invoked
to speed priority traffic on its way. The MPLS label method also makes an excellent metaphor
for the kinds of speedups that protocol substitution and reduced message frequency techniques
provide for WAN optimization—that is, they permit traffic to be expedited and moved without
requiring intermediate devices to dig too deeply into packet structures or to invoke intelligence
about how higher-layer protocols work and behave. Once traffic is properly packaged, be it
either in the MPLS or the WAN optimization context, all that is then needed is to speed it on its
way from sender to receiver (where egress devices at the other end restore that traffic to its
pristine original state).

Mechanisms for Speeding/Prioritizing Delivery

CoS or QoS data permits time-sensitive traffic to transit the WAN (which may apply to the
MPLS cloud or at other steps along the way) more quickly than it otherwise might. But WAN
optimization devices can also inspect and rearrange outgoing traffic to push higher-priority
applications and services to the front of the line simply by recognizing protocols, services, or
source/destination addresses involved. This only adds to the overall capabilities to provide (and
honor) service guarantees or to meet SLAs.

Methods to Keep Continued Communications Moving

In the MPLS environment, a tunnel can be maintained as long as data flow persists across some
particular path (or between specific ingress and egress ports at the edge of the MPLS cloud).
Once the tunnel is set up and corresponding label and path information has been specified, it
becomes extremely quick and efficient to keep related data moving through it. In a similar
fashion, WAN optimization devices can maintain and use state information about existing (and
persisting) connections between senders and receivers to keep application data moving smoothly
between them. Session establishment and tear-down may involve certain delays, but as long as
an ongoing session remains active, it’s very easy to move data between the parties to that
session.

41
 Chapter 2

Managing Application Flow to Maximize WAN Throughput (NetFlow Models)

Properly equipped routers can also monitor and report on data flows between communication
partners or peers. Network flows, which often fall within the Cisco-defined NetFlow rubric, are
conceptualized as a unidirectional sequence of packets, all of which share at least five common
values:
• Source IP address
• Destination IP address
• Source UDP or TCP port number
• Destination UDP or TCP port number
• IP protocol
Routers maintain information about duration and volume of data flows and emit flow records
when inactivity or explicit flow termination occurs (TCP makes this easy with explicit
connection establishment and closing behaviors, but timers must be set and watched for those
connections that do not close normally or explicitly). Analysis of network flow data permits
construction of a comprehensive view of traffic by type, volume, duration, and even security
implication or events. In much the same way, monitoring and management of traffic through a
WAN optimization device supports ready characterization and volume analysis but also supports
application of acceptable use and security policies. Not only does WAN optimization compress
and reduce desirable network traffic, it also provides a ready foil for unwanted or unauthorized
network traffic, protocols, and services.

Proxies Enable Inspection, Analysis, Control, and Short-Circuiting

In computing terms, a proxy server is any computer system or application instance (as in
virtualized contexts) placed anywhere on the network (at endpoints or intermediary points) that
services the requests of its clients by directing requests to other servers. Conceptually, it is an
intermediary device—physical or virtual—that sits between two communicating parties and
provides some level of middleman service roles.
A client connects to the proxy agent, requests some server or service (that is, a remote server
connection, a file, or resource) and the proxy handles the request from the target server on behalf
of the client. The proxy server may—at the administrator’s discretion—provide file- or page-
caching, content filtration, secure transmission (for example, SSL, TLS, S/MIME) or policy
enforcement among many other things. A proxy that passes all requests back to the client
unmodified is a gateway or tunneling proxy.
Having an intermediary device acting in direct control over client-server traffic affords
administrators several unique advantages. Proxies enable inspection of traffic flow, analysis of
traffic patterns according to payload or protocol, explicit traffic control, and short-circuiting of
unapproved traffic. In many cases, a proxy server is a protocol accelerator or response-time
enhancer, such as SSL/TLS and Web caching proxy. Content-filtering proxies concentrate
Internet traffic into a chokepoint-like sieve and apply administratively-controlled content
delivery as defined by an Acceptable Use Policy (AUP).

42
 Chapter 2

Proxies Insert Themselves Directly into Traffic Flow

Proxies are deployed between internal end points and external destinations where they can
directly influence network traffic flow, giving them a distinct vantage point on and control over
client-server transmissions. Thus, the proxy can identify the types of traffic moving through it
and can prioritize some traffic over other traffic. In addition, the proxy can police unwanted or
unauthorized traffic.

Where such traffic isn’t blocked completely, it may prove useful to limit bandwidth to some ridiculously
small value—for example, 1 Kbps. Doing so will keep connections active long enough for
administrators to document them and, if necessary, drop in on offenders to remind them about
acceptable use policy requirements and possible repercussions for its violation.

A transparent or intercepting proxy is used in combination with a gateway within an enterprise

network setting to coerce client browsers through the proxy chokepoint, often invisibly to the
client. Client connections are redirected from the intended gateway to the proxy without client-
side configuration or knowledge and are used to prevent flouting or avoidance of
administratively defined acceptable use policy. The transparency value originates from the
manner in which the proxy operates with the client completely unaware of its presence.

Proxies Are Application-Sensitive and Offer Extensive Controls

Unlike firewalls, proxies are application-sensitive and offer extensive controls over application
workloads across the network—providing complementary functionality to most firewalls.
Although a firewall understands basic protocols and rules regarding their usage, a proxy is more
application-aware in that it can actually distinguish and differentiate in the data beyond the IP or
protocol header. A proxy can, in fact, dig deeply into the payloads enclosed within those
protocols.
This ability to employ application- or service-specific intelligence gives the proxy the ability to
apply rule bases to all kinds of application activities. Authorized applications or services may be
associated with authorized source and destination addresses, data types, and so forth, so that they
remain useful for regular workaday activities but useless for other outside activities. Thus, a
secure file transfer application could proceed to copy or obtain financial and personnel data from
specific servers, but users who attempt to use the same tools to download videos or images from
other, perhaps less savory, servers will find themselves prevented from doing so.

43
 Chapter 2

Proxies Can Mitigate or Fix Protocols and Manage Transactions

Certain protocols have resource implications that aren’t always readily apparent or immediately
significant. Security protocols that utilize encryption routines tend to consume resources in a
very dynamic and sometimes edacious manner. Largely, this remains imperceptible and goes
undetected until other applications occupying the same general-purpose resource space usurp it
to near-full capacity. In this moment, all resource-intensive heavy-hitters become illuminated
and systems become unresponsive and at worst irrecoverable.
Particular proxy platforms accelerate encryption-related network protocols such as IP Security
(IPSec) and SSL/TLS by offloading the processing burden to dedicated hardware. Though not
considerable as a proxy in this context, such offload engines are present in PCI-based network
cards that even provide a fully functional TCP/IP network stack. In addition to relieving general-
purpose resources of network-oriented encryption processing tasks, proxies that facilitate
encryption offloading provide security where it doesn’t already exist—in the applications or
platform—in a full-coverage manner.
From an administrative viewpoint, intermediary proxy devices also make the full range of
network activity visible to network support personnel. This data can be approached statistically
to yield all kinds of information about general employee activities, productivity, and time
allocation. But it can also be approached on an event-triggered basis to signal possible security
breaches, violations of acceptable use policy, or unwanted or unauthorized access to files and
services to provide information about (and, if necessary, legally admissible evidence) such things
as they occur and through logging or auditing after the fact.

WAN Optimization Extends Many Opportunities

By filtering and prioritizing traffic before it hits the WAN, then compressing, encrypting, and
reducing all traffic that actually transits the WAN, WAN optimization supports careful
conservation of a scarce and often expensive resource. Though the optimization applied may
obscure the traffic that actually traverses the WAN, careful inspection and characterization of
what goes into a WAN optimization device on the sending end, and equal attention to what
comes out of such a device on the receiving end, can provide a wealth of information about how
networks are used (and how well they’re used) within most businesses and organizations.
Certainly, the ability to limit bandwidth consumption and control costs helps explain the value
that WAN optimization adds to the bottom line. But the visibility into activity and the
opportunity for consistent, centralized management and control over network use and activity
also explains why WAN optimization offers more than financial incentives to its users.
This concludes our discussion of managing scale and scope in a WAN environment. In the next
chapter, you will learn more about the details involved in WAN optimization tools and
techniques, as we explore traditional, legacy approaches to this issue, as well as modern, state-of-
the-art WAN acceleration techniques.

44
 Chapter 3

Chapter 3: WAN Optimization Tools, Techniques, and

Technologies
Any good tool requires its builders to cycle from circumstances (necessity), to conceptualization
and creation (invention), before they can explore those developmental processes that kick-start
innovation and growth. Software and hardware are no different in this regard. Even when tools
are short-lived and quickly replaced or retired, they often serve as a basis or foundation for future
developments. WAN optimization tools borrow tips, tricks, and techniques from many other
disciplines that are not unique to WAN solutions. Even so, WAN optimization solutions usually
combine multiple approaches and algorithms, some disjoint and independent, others interrelated
and interdependent, into a single framework designed to enhance WAN performance.
Outmoded legacy applications and protocols also guide us to better designs, in part by serving as
base references for inspiration and new implementations. Likewise, tried and true optimization
techniques from areas as diverse as operating systems and databases also play a role in inspiring
and informing WAN optimization tools and technologies. Although WAN optimization draws its
ideas and techniques from many different computing disciplines, it uses them in its own
interesting and specific ways to reduce the amount of data that must traverse WAN links, the
frequency at which such traversals must occur, and the kinds of communications and protocols
used to communicate across them.
If you perceive earlier network protocols as having grandfathered a newer generation of
performance-enhancing network processes, protocols, and procedures you already have a good
grasp on where WAN optimization is headed. You might also notice that steady, incremental
improvements have also helped to optimize routing behaviors in an ever-increasing number of
ways. This lets all of us understand that the motivation behind improving network performance
remains the same, even when the modus operandi changes. From the broadest possible
perspective, then, WAN optimization is just one class of tools available to designers and
managers to help them make the most of their networks.

45
 Chapter 3

What Makes WAN Optimization Count?

Seamless connectivity across distant and widely dispersed offices is essential for any global
organization, especially those enterprises seeking to attain a truly global reach. Optimal WAN
connectivity is essential when it comes to delivering services and information to anyone,
anywhere, at any time. Disaster recovery, workflow automation (run books and IT process
automation), server consolidation and voice services all require a well-designed and -managed
WAN infrastructure to become truly effective, and to ensure an acceptable return on the
investments involved in acquiring such capabilities.
Indeed WAN optimization is particularly important for many reasons; here, we clarify some of
the most important ones that lead enterprises and organizations into investing in such technology.
In terms of cost, the expense of WAN links is a primary drag upon their initial adoption and
consequently, on exploiting WAN connectivity to the fullest extent possible. WAN services may
be delivered across many different types of media that include: leased-line, local loop, frame
relay, ATM, DSL, Internet, and so forth. Assembling various WAN links and their
communications to be consistent and coherent enterprise-wide remains a challenge, even when
WAN optimization helps to make the most of what those links can carry.
Bandwidth allocation can also be crucial, when it comes to providing and supporting end-users
in a cost-efficient, effective manner over the long-term. The same urgency applies to
uninterrupted service and unimpeded communications anywhere they’re needed, because they
can make or break how business is conducted and carried out. Finally, support for widely-
distributed users, services, and databases are integral to the maintenance, management, and
monitoring in any network with broad geographic span, even if it’s not truly global. That’s why
we discuss these various topics in more detail in the sections that follow.

Hierarchy as a Primitive Form of WAN Optimization

Organizations with complex network topologies spanning regional and territorial locations often
utilize hub-and-spoke architectures for Wide Area Network (WAN) deployment. Each endpoint
location represents a cog or spoke that links into a much larger hub represented by a headquarters
data center. These larger networks might also include numerous smaller regional or territorial
hubs—each one implementing its own territorial hub-and-spoke network—with any number and
variety of high-bandwidth interconnections between them. This type of arrangement is depicted
in Figure 3.1, but it’s important to recognize that traffic volumes and priorities in this kind of
scheme are built right into the architecture—namely, that higher volumes (and importance)
attaches to traffic from the regional hubs to the central hub, and lower volumes (and importance)
attaches to outbound traffic on the outermost links from regional hubs to branch offices.
Legacy WAN optimization schemes come from this hierarchical environment, where traffic
optimization maps readily into link optimization. Such systems arrange large devices (or large
collections of devices) at hub locations, with smaller devices at each spoke endpoint. Each spoke
communicates with the hub through an explicitly-configured site-to-site tunnel through which
compressed packets reach their final destinations. Endpoints, aka branch offices, seldom need to
communicate with each other so they learn to live with the delays inherent in jumping from
endpoint to regional hub to central hub and back out again. The hierarchical arrangement of
network sites typical of a hub-and-spoke WAN topology appears in Figure 3.1.

46
 Chapter 3

Figure 3.1: Blue links indicate “fat WAN pipes” between HQ and Regional hubs, red links “skinny WAN
pipes” between Regional hubs and branch offices. Not shown: remote access links into all hubs!

But as the underpinnings of WAN technology have continued to evolve, a hierarchical, tunnel-
based approach can be seen as an impairment rather than an improvement. Given the flexibility,
scalability and performance available from more modern cloud architectures (which don’t need
implicit or explicit hierarchy to function), the hub and spoke model can pose problems when
changes in relationships, traffic patterns, or even work assignments overload WAN links at the
periphery. Organizations and enterprises have found themselves scrapping hub-and-spoke
architectures in favor of MPLS clouds, because these allow them faster access between arbitrary
pairs of endpoints, and because additional carrying capacity can be laid on (or taken off) as
changing traffic patterns and needs dictate.

47
 Chapter 3

Grabbing Text as a Primitive Form of Data Acquisition

Screen scraping is a term that refers to software techniques that open program windows,
establish some kind of interactive session, initiate behavior, then read the results as they appear
in the program’s window. Thus, the notion of scraping the screen refers to grabbing the output
text that appears thereupon to use as input to other programs and processes. Indeed, screen
scraping represents a “lowest common denominator” form of software integration, and serves as
the tool of last resort when grabbing data from any information source for which no other means
of access or delivery is available. Where applications do offer any kind of more formal data
access capabilities, typically through some kind of Application Programming Interface (API),
there is no need for this type of practice. But where no direct APIs exist, screen scraping still
prevails to this day. As painful as this process may sound, it’s both a clever and brutal form of
data acquisition. It is also pretty a pretty venerable practice in that it’s been used for a long time,
especially for legacy or older mainframe applications for which APIs aren’t available and
unlikely to be developed.
In essence, screen scraping is a method for manually processing and parsing character data to
elicit its meaning and to supply record- or object-oriented data elements to other applications or
services. Thus, screen scraping programs create links between modern platforms and legacy
applications originally designed to work with inaccessible, inoperable or obsolete I/O devices
and user interfaces. This extends their accessibility, and enhances the usability of associated
logic and data, so that legacy programs and platforms can continue to serve some useful purpose.
Simplified computer interfaces that amount to text-based dumb terminals are often difficult to
integrate with, or to interoperate with modern equipment. Elegant solutions require what may be
non-existent luxuries: APIs, original documentation and source code, and legacy application
programmers with experience on the target platform. Often the only practical solution is a screen
scraper that acts as go-between for legacy and modern systems. A screen scraper may emulate
command sequences or keystrokes to navigate the legacy user interface, process resulting display
output, extract desired data, then pass it along to the modern system in whatever form and format
it expects.

48
 Chapter 3

The concept of screen scraping is still utilized to harvest information in useful ways. Web
scraping, a modern-age variant, generically describes any of several methods to extract content
from Web sites to reformat or transform content into another context. Example scraper
applications may scour retail sites—all coded in various languages and differently formatted—in
search of books, cookware, and electronics categorized and indexed for online bargain hunters.
Figure 3.2 shows a screen scraper at work, harvesting text from a Web browser and depositing
same in a database.

Figure 3.2: A screen scraper operates a browser window just so it can harvest text on display there.

Screen scraping applications make excellent candidates for WAN optimization because they can
fall prey to inefficiencies that WAN optimization tools address quite readily. First, they produce
regular streams of character data that inevitably benefit from compression but also may benefit
from dictionary and string caching capabilities. Second, screen scraping applications may utilize
inefficient protocols, involve frequent communications, and be subject to “chatty” behavior.
Properly repackaged through proxy agents, WAN optimization tools can help with all these
shortcomings. But most important, the sheer doggedness of screen scraping as a technique for
grabbing data when no other means is available shows us that clever programming techniques
can also be applied when seeking to optimize WAN traffic, even if only at the level of brute
force via compression or protocol streamlining.

Throttling Bandwidth Helps Manage Link Utilization

Treating symptoms rather than causes is a common but all too often unsuccessful solution for
many problems, including bandwidth consumption. Results may appear positive at first, but
these effects are generally short-lived, unreliable or unpredictable, and do not scale well.
Bandwidth throttling reflects this approach by seeking to treat the symptoms (slow transfers or
excessive response times) rather than the causes (low bandwidth availability, cyclical processing
peaks, unauthorized applications, inappropriate resource links, and so forth). Nevertheless, this
technique has yet to fall into disuse or total disrepute.
Bandwidth throttling ensures that bandwidth-intensive devices such as routers or gateways limit
the quantities of data transmitted and received over some specific period of time. Bandwidth
throttling limits network congestion and reduces server instability resulting from network
saturation. For ISPs, bandwidth throttling restricts user speeds across certain applications or
during peak usage periods. But without understanding the causes of traffic spikes that require
links to be throttled, it’s always just a matter of time before the load comes back again, ready to
be throttled again.

49
 Chapter 3

Data-bearing servers operate on a simple principle of supply and demand: clients make requests,
and servers respond to them. But Internet-facing servers that service client requests are especially
prone to overload during peak operating hours and under heavy, intense network loads. Such
peak load periods create data congestion or bottlenecking across the connection that can cause
server instability and eventual system failure, resulting in downtime. Bandwidth throttling is
used as a preventive method to control the server’s response level to any surges in client requests
throughout peak hours of the day.
In February of 2008, members of the Federal Communications Commission announced they
might consider establishing regulations to discourage Internet providers from selectively
throttling bandwidth from sites and services that would otherwise consume large amounts. In late
2007, Comcast actively interfered with some of its high-speed Internet subscribers using file-
sharing clients and protocols by throttling such connections during peak hours (and only for
uploads). This sparked a controversy that continues to this day.
Organizations can (and should) use bandwidth throttling or firewall filters to limit or block traffic
that explicitly violates Acceptable Use Policy. But otherwise, bandwidth-throttling is best
applied in the form of Class of Service or Quality of Service (CoS/QoS) markers applied to
various types or specific instances of network traffic. CoS and QoS represent classification
schemes for network traffic that give priority to time-sensitive and mission-critical traffic rather
than by limiting a specific type of traffic explicitly. Many experts recommend that unauthorized
or unwanted protocols be throttled to extremely low levels of bandwidth (under 10 Kbps) rather
than blocked completely, so as to give network administrators an opportunity to ferret out and
deal with users or programs involved. Thus, for example, by limiting bandwidth available to
peer-to-peer protocols such as BitTorrent (used for video and other personal media downloads)
or FastTrack (the Kazaa protocol) to only 5K or 10K bits per second, administrators may have
time to identify the workstations or servers acting as endpoints for related peer-to-peer activities,
and identify the individuals involved in their use. They can then counsel or discipline users as
per prevailing acceptable use policies (AUP).

Fixing WAN-Unfriendly LAN Protocols

As we discussed initially in Chapter 1, many existing protocols that support vital internal and
external business functions operate with limited scope and scalability. These are almost always
LAN-based legacy protocols that can impose a serious drag upon wide-scale WAN. For
example, the Common Internet Files System, aka CIFS, grows exponentially unwieldy in transit
across WAN linkages. Likewise, real-time streaming and voice protocols often introduce needs
for traffic shaping. In this practice, controls are applied to network traffic so as to optimize
performance, meet performance guarantees, or increase usable bandwidth, usually by delaying
packets that may be categorized as relatively delay insensitive or that meet certain classification
criteria that mark such traffic as low priority. Traffic shaping is often employed to provide users
with satisfactory voice and video services, while still enabling “networking as usual” to proceed
for other protocols.

50
 Chapter 3

In the same vein, encryption and security protocol acceleration tools become resource-intensive
but utterly necessary burdens, especially when sensitive traffic must traverse Internet links. Even
the most widely used protocol on the Internet—namely, HTTP—may be described as both chatty
(involving frequent communications) and bursty (involving numerous periods during which tens
to hundreds of resource requests may be in flight on the network at any given moment). The
protocol trace shown in Figure 3.3 indicates that the display of a single Web page, involves back-
and-forth exchange of information about a great many elements over a short period of time (12
showing on the sample trace, with more out of sight below).

Figure 3.3: A single Web page fetch can spawn tens to hundreds of HTTP “Get” requests and associated
data-bearing replies.

Fixing these “broken” aspects of the network environment becomes a traffic engineering
proposition that takes into account not just the applications themselves but application
programming in general. Knowing how an application operates, its protocol formats and
parameters, and observable run-time behaviors is crucial to understanding how it fits with other
applications, services, and protocols on the network. It’s not just a patchwork proposition that
involves mending individual parts, but instead requires accommodating best practices for
efficient WAN communications: send and receive infrequently, in bulk, and in the form of
complete transactions whenever possible.

51
 Chapter 3

The TCP format was originally designed and engineered to operate reliably over unreliable
transmission media irrespective of transmission rates, inherent delays, protocol corruption, data
duplication, and segment reordering. Because of this, TCP is indeed a robust and reliable
mechanism for delivery of applications, services, and protocols. But this design strength also
exposes inherent weakness in TCP delivery when deployed across modern, higher-speed media
that completely exceed the conditions under which TCP was originally intended to be used.
Re-engineering these and other “broken” network protocols occurs in WAN optimization
solutions, usually through some form of proxy. Such a proxy permits unfettered protocol
behavior so that protocols can behave normally and unhindered on the LAN. But the same proxy
also translates and typically repackages LAN-oriented transmissions to reduce or eliminate
“chattiness” across WAN links, while also batching up individual transmissions to limit the
number and maximize the payloads for such WAN transmissions as do occur. This approach
maximizes use of available bandwidth when transferring request and reply traffic across WAN
links.
IP blindly sends packets without checking on their arrival; TCP maintains ongoing end-to-end
connections throughout setup and tear-down phases, and even requires periodic
acknowledgements for receipt of data. Unacknowledged data triggers an exponential back-off
algorithm that times out and retries transmissions until they’re received and acknowledged, or
times out to signal connection failure. Sliding TCP window sizes—these denote the number of
packets that can be sent before receipt of an acknowledgement is required—directly influences
performance where larger values equal greater throughput (but also, much longer potential
delays). TCP employs a well-defined “slow start” algorithm that initiates communications with a
small window size, then scales TCP window sizes to optimal proportions as connections are
established and maintained while they remain active. Each of these and other such procedures of
the TCP/IP stack introduce network delay addressed in WAN optimization solutions through
connection optimization techniques and aggressive windowing methods.

For an outstanding discussion on TCP window size, the slow start algorithm, and other TCP
congestion management techniques, please consult Charles Kozierok’s excellent book The TCP/IP
Guide. This book is available in its entirely online; the section on TCP Reliability and Flow Control
Features and Protocol Modifications includes detailed discussion of TCP window management,
window size adjustment, congestion handling, and congestion avoidance mechanisms.

Use of Compression to Reduce Bandwidth

As a result of their ability to reduce traffic volume, various performance-improving compression
schemes have been an integral part of Internetwork communications since way back when X.25
and Bulletin Board Systems (BBSs) used the ZMODEM file transfer protocol introduced in
1986. Over twenty years later, compression regularly appears in more modern network-oriented
protocols like Secure Shell (SSH) and byte-compressing data stream caching in contemporary
WAN optimization products.

52
 Chapter 3

In telecommunication terms, bandwidth compression means: a reduction of the bandwidth

needed to transmit a given amount of data in a given time; or a reduction in the time needed to
transmit a given amount of data within a given amount of available bandwidth. This implies a
reduction in normal bandwidth (or time) for information-bearing signals without reducing the
information content, thanks to proper use of data compression techniques. These are well and
good in the WAN environment, but can be ineffective without access to accelerated compression
hardware to achieve maximum compression and decompression with minimum time delays
(though software is fast nowadays, hardware is usually several orders of magnitude faster—an
essential characteristic, given modern WAN link speeds). WAN optimization devices generally
include symbol and object dictionaries to reduce data volumes even more than compression can
provide alone, and are discussed later in this chapter.
Recurring redundancy, which describes the ways in which patterns and elements tend to repeat in
regular traffic streams between pairs of senders and receivers, remains the crucial reason why
compression schemes still thrive. From the right analytical perspective, much of the data
transiting networks includes unnecessary repetition, which wastes bits and the time and
bandwidth necessary for their conveyance. Compressing data by all possible means helps restore
balance to the networking order and is just one of several counters against unwanted network
delay.
Various types of compression techniques are eminently suitable for network media, but all of
them strive to reduce bandwidth consumed during WAN traversal. Header and payload
compression techniques utilize pattern-matching algorithms to identify short, frequently
recurring byte patterns on the network that are replaced by shorter segments of code to reduce
final transmitted sizes. Simplified algorithms identify repeat byte patterns within individual
packets where sophisticated forms of compression may analyze patterns across multiple packets
and traffic flows.
Any gains that compression strategies provide must vary according to the mix and makeup in
WAN traffic. Compressed archives of data (such as ZIP or tar files) cannot be reduced much
further using network compression schemes, but applying compression across various flows of
traffic can still enhance effective WAN bandwidth. Voice protocols significantly benefit from
UDP header compression in conjunction with other techniques such as packet coalescing,
described in the following section.

Redundant Overlays Bring Files Closer to Users

Redundancy isn’t always bad for network performance or throughput. There are many
applications and instances where multiplicity can enhance performance. In fact, WAN
environments benefit greatly from using redundant overlays of file services that bring files and
data closer to their end-users.
As the DNS system has shown us, a network can operate effectively in consolidated and
decentralized ways at the same time. A single, uniform body of information can be consolidated
from many sources and distributed throughout a completely decentralized system for delivery
anywhere in the networked world. Consolidating aggregate data in a single location only creates
benefits for those users likely to be in close network proximity to the data center, but can pose
accessibility issues for other users more than one network hop away, especially those who must
use narrow or expensive WAN links to connect to that data.

53
 Chapter 3

Resorting to a central authority or source of information for a globally-dispersed company can

have predictable negative issues for remote and roaming users, so it’s better to replicate
information in places where its users can access it quickly, no matter where they might be. DNS
databases, with their masters and slaves, and authoritative and non-authoritative versions, along
with careful use of caching of recent activity, create a model for widespread, dispersed use of
distributed information that works well enough to keep the global Internet humming along. In
similar fashion, redundant overlays seek to keep the files that users are most likely to access no
more than one or two WAN hops away from their machines, no matter where they might be at
any given moment in time.
Today, many companies toil with the challenge of server consolidation and proliferation.
Numerous in-house servers service a variety of application services and network protocols, and
despite their overwhelming ubiquity they aren’t always in the right place to serve at the right
time. Many companies opt instead to roll out several key servers in strategically-located
installations throughout their geographical and territorial boundaries to better accommodate
“away” teams and users. This approach permits a group of carefully synchronized servers that
handle multiple basic business needs to deliver comparable accessibility, bandwidth, and security
to anyone anywhere. Replication across multiple physical servers makes this approach possible,
while virtualization so that individual services run in separate virtual code spaces makes the
process more practical and maintenance and monitoring more workable.
Network assets and end-users are often dispersed across branch offices, customer sites, and ISPs
that span multiple regions. A well-designed server consolidation strategy necessarily centralizes
the infrastructure and reduces server count to save on costs and improve management.
Unfortunately, this also effectively places the burden of ensuring seamless connectivity between
remote locations directly onto WAN links, and fails to deliver the goods whenever such links
fail. This means there must be some mechanism or mechanisms in place to pick up traffic that
occurs as the number of remotely-connected users increases.
During opening hours, many businesses endure a surge of initial network traffic that consists
largely of multiple users logging in simultaneously to one or more servers. Authentication and
DNS directory services access is commonly problematic during this pre-game warm-up routine
where everyone shows up to log-in at the same time, so there needs to be some way to optimize
and prioritize traffic so wait times at login prompts are minimal. A consolidated WAN
optimization solution helps obtain the best use of network architecture because it confers an
ability to make the most of the bandwidth a WAN link can carry, while also optimizing priority
traffic so that when congestion occurs important data gets through anyway. Thus, the morning
user, coffee in one hand, keyboard in the other, might have to wait a minute (literally) to
download e-mail, but he or she will still get a quick response when they hit return after supplying
an account name and password.

54
 Chapter 3

State-of-the-Art Acceleration Techniques

Technology has become another greatly anticipated (though artificial) evolution for mankind
ever since the big initial discoveries of man-made fire and the wheel. Technology continues to
evolve to suit a greater variety of purposes or deliver an ever-increasing range of functionality.
Technology also continually adapts and occasionally demands redesigns to remain viable in an
ever-changing environment, until it eventually reaches retirement age and enlistment into the
annals of historical or disused technologies.
Technology replacement often comes swiftly, where replacements often provide vast
improvements over original designs. Any-to-any network clouds, which utilize MPLS or ATM
infrastructures to create and manage links between arbitrary pairs or collections of sites using
high-speed WAN links, have an increasing presence in the network landscape, but carry along
the inherent issue of too many tunnels because WAN optimization devices usually work in pairs
rather than in groups. Even with completely error-free, fully-operational WAN links there are
performance-dampening provisioning technologies and practices causing packet-loss at the
network layer. Combined with high-latency, timed retransmissions, and congestion-avoidance
behaviors native to TCP, this problem can cause application performance to suffer perceptibly
even when bandwidth is available and affordable. It’s not enough to have a WAN to use, it’s also
important to understand how to make best use of that resource as well.
One problem for network cloud operation comes from a preponderance of encapsulated tunnel
traffic between pairs of peers. The notion is that traffic flows from two sets of networks through
an established tunnel that moves traffic through the network medium between endpoints to that
tunnel. WAN optimization must be sensitive to this type of communication flow, and make
intelligent use of tunnel and receiver connection setup and maintenance to use no more
bandwidth or connections than are absolutely necessary when communications move through a
cloud.
Indeed, many organizations now utilize any-to-any network clouds that replace the hub-and-
spoke paradigm mentioned earlier in this chapter, where these clouds are often based and built
upon Multi-Protocol Label Switching (MPLS). This next-generation forwarding and switching
architecture realizes WAN “cloud” deployment complete with WAN optimization strategies and
important advantages for advanced services and traffic engineering.
Disaster recovery sites require redundant high-speed WAN links for timely and critical data
backups to be both accurate and effective at all times. Workflow automation accounts for
internal business processes, internal business personnel, and the entire evolution of the business
ecosystem including suppliers, partners and customers. Neither scenario is satisfied nor well-
served by improperly or poorly-managed WAN links. What happens when crucial customer
orders need priority reception? You must ensure delivery of critical business processes for the
ordering system across the WAN link, which may involve WAN-applicable Quality of Service
(QoS) policies. Orders expedited to manufacturing plant enterprise resource planning (ERP)
systems may even require dedicated leased-line linkages to HQ offices. Here again, we find
multiple opportunities for WAN acceleration to move information faster and more efficiently
using heavily-shared, heavily-utilized network WAN links.

55
 Chapter 3

Opening Closed Communications Delivers Desirable Results

Our technological approach and intellectual analysis of the greater framework involving
networking applications, protocols and technologies expands both how we conceive the network
(as a whole) and how we deploy its various components to satisfy operational needs. We no
longer see communications as “I need to send this message or file from point A to point B”, but
instead take a deeper analytical approach and explore the parameters that define that message or
file, how it travels across a number of links, and what operational inconveniences it imposes. We
see the protocol fields and values that influence its routing behavior and the routing
characteristics that define its path and progress through the network.
Using the appropriate viewfinders, we can even peer into and visualize our network as a much
larger landscape comprising a universe unto itself. We can open, inspect and accelerate Secure
Socket Layer (SSL) applications, which is absolutely vital for WAN optimization. Encrypted
network data streams are invisible unless they can be opened and handled somehow, which is
why WAN optimization devices are often furnished with the necessary encryption keys and
certificates to handle those tasks. This enables WAN optimization to peer inside encrypted traffic
to analyze data redundancy and lets it enforce traffic policies it might not otherwise be able to
invoke. This view inside encrypted streams also makes it possible to analyze and define traffic
patterns to apply classic compression techniques, and to use shared symbol and object
dictionaries to further reduce the volume of data in motion. This capability is depicted in Figure
3.4.

Figure 3.4: Given the ability to decrypt encrypted data streams, WAN optimization devices can enforce
policy, impose throttling, and even apply various compression and dictionary schemes.

56
 Chapter 3

Advanced Acceleration Techniques Speed Streaming Voice and Video

Latency mitigation strategies reduce and shorten delivery times between sender and receiver,
which effect increases proportionally constant to the distance travelled. In other words, distance
introduces delay; longer distances introduce longer delays. Latency is also increased in transit by
queuing and processing through intermediary network appliances and routing devices. These
incremental delays levy appreciable impacts on WAN performance, where severe latency
incurred from overly chatty TCP conversations and payload-bearing bulk transfers can
potentially sever throughput.
Local caching at endpoints is an excellent strategy for delivering information efficiently at
reduced data transmission levels. By keeping recent copies of large or repeated requests and
transfers nearby, less redundancy and bandwidth need be consumed when passing such data to
its consumers. However, caching does require a more analytical and focused perspective on
ongoing network communications along with access to the right on-site caching mechanisms to
be truly effective.

Flexible Bandwidth Controls Provide Multiple Benefits

Well-defined policies should drive flexible bandwidth controls to throttle junk traffic and ensure
better response time for important traffic. High-level application content and user information
weighs heavily upon formulating such policies, which are best orchestrated by involving
executive staff, key stakeholders, management, and representatives from the user community.
It’s also essential to test the impact of resulting policy schemes on the user experience, and to
keep ongoing tabs on that experience to adjust policy settings over time to reflect changing needs
and priorities.
Acceptable use policy also plays a surprisingly important role in maximizing the value and use
of WAN links. It’s well known that reducing network noise enhances signal clarity; it’s less clear
to many (especially undereducated users) that wasting bandwidth on non-work related activities
really can place a serious and unwelcome drain on the bottom line. Eliminating unnecessary and
undesirable traffic can be a major factor when imposing network traffic management policies.
Such controls must be well-considered, carefully deployed, and flexible enough to accommodate
the many different types of (authorized) traffic typical on modern enterprise networks.

Traffic by Type and Source

In some cases, traffic policing or WAN optimization may fail to preserve original client-server
address designations and protocol formats, or to keep such data easily accessible. That’s because
of the many layers of embedding and encapsulation that can occur at various layers of the
protocol stack. Applications, WAN optimization tools, and traffic policies that aren’t careful to
observe or maintain sufficient original context are in for worlds of trouble if they block or
downgrade priority on traffic that really needs to get through.

57
 Chapter 3

Monitoring solutions must be sensitive to both original and encapsulated formats so as to

accurately and effectively report end-to-end performance and traffic conditions. Many WAN
optimization solutions tunnel protocol traffic that’s necessary for this monitoring process to work
properly and thereby obscure network conditions. A monitoring system can lose visibility into
individual application flows as they disappear into optimized WAN ports or tunnels. That’s why
it’s important to ask about such behaviors, and to tell WAN optimization vendors what kinds of
management and flow related data they should capture and relay for monitoring and management
purposes.

Traffic by Time of Day

Peak hours for various procedures, processes, sites, and users generally occur at regular,
predictable intervals on the networks they use. Peak business hours can be observed, monitored
and predicted over a given timeline and then used to construct a time-sensitive traffic
management strategy. Offline hours then become peak activity windows for off-duty processes,
such as daily accounting or inventorying systems, and network-based backup. Time of day is
crucial for monitoring operational behaviors on the network and controlling resource availability,
so also are periodic peaks that include end-of month, end-of-quarter, and end-of-year cycles, as
well as occasional on-demand cycles (audits or emergencies, for example).

Application Traffic
An inordinate number of applications and application protocols exist that can be controlled and
monitored consistently and cohesively Each obtains its own priority assignment, poses its own
unique value in the network management equation. Not all applications are created equally,
though many are designed equally badly (or are comparatively worse) when it comes to WAN
deployment. The abilities that WAN optimization solutions confer to tame these sometimes
savage beasts remain among their most potent value propositions.
Some vendors offer Web acceleration appliances that optimize only certain types of traffic by
off-loading certain servers. Other products optimize all TCP traffic equally regardless of
differences in their application-layer behaviors. A complete and comprehensive WAN
optimization solution must be able to selectively prioritize traffic, especially in situations where
WAN links are heavily-utilized or operating at (or above) their rated capacity.

Traffic by User or Group Identity

User and group identity for sender and receiver pairs is another parameter that may be factored
into WAN optimization. Authentication is critical for WAN optimization because it enables
acceleration or prioritization of traffic based on individual and group membership. This means
that user identity and/or group membership may be used as a criterion for allowing or
disallowing traffic, or for prioritizing some traffic, and not prioritizing others. For example,
email bound to or from the CEO goes ahead of the line but the mailroom clerk has to wait for
“slack” capacity for his messages to be handled.

58
 Chapter 3

User identity tracking also facilitates better end-to-end network visibility. It can allow network
engineers and planners to streamline security and prioritize delivery of certain traffic from
certain sources. Identity may be used to block or allow certain types of traffic, or to apply
varying levels of priority to the same kinds of traffic (CEO and customer support email goes
ahead of all other email, for example). In the same vein, a salesperson located in some remote
branch office may be granted higher priority than a marketing staff employee when accessing the
company’s centralized CRM application, because of the perceived difference in importance for
such access (servicing an existing customer in the former case, prospecting for new customers or
expanding on an existing relationship in the latter case).

More About Compression Dictionaries and Local Caching

A compression dictionary is any location where an algorithm stores its data sequences,
predictions, shortened substitutions and other process-related data. Each dictionary has an
associated size governing the amount of data stored and retrieved for compression and
decompression.
Compression algorithms shrink data transfer sizes without altering critical protocol payloads—a
form of lossless compression. Many algorithms spot repeated sequences of data and store them
for later look-up and retrieval. Some algorithms learn the series order of predictable data
sequences rather than actual data content, and then predict subsequent content based on
preceding patterns. Where such predictions prove correct, indicators of success are transmitted
(as opposed to live, repeat data) to a compression partner on the receiving end. This partner notes
the positive indicator and restores original data in place of the signifying notification.

Maximize Rapid Access to Frequently Used Files, Resources, and Data

In the realm of servers and workstations, disk defragmentation seeks to boost operational
performance by resituating frequently and recently used files, resources, and information. A
process of physical reorganization and analysis of access patterns helps determine what data and
which files should fit together closely and contiguously for fast access.
In much the same way, frequently and recently-accessed network files, data, and resources
should take priority over less frequently referenced elements. Some situations and scenarios call
for decentralized servers to house consolidated information and resources as described earlier in
this chapter when we discussed DNS decentralization. In any case, the notion is that by watching
what kinds of access have repeated in the past, we can predict what kinds will repeat in the
future, and use that information to populate local caches that can cut down on the need for WAN
access.

59
 Chapter 3

Use Software Acceleration for Roaming Users on the Go

Endpoint client applications for WAN optimization are necessary in addition to the
authentication-driven, identity-based traffic prioritization and tracking we mentioned earlier in
this chapter Such applications open the boundaries of an enterprise and help make an
optimization solution and strategy extend truly end-to-end, rather than remaining oriented
primarily at specific tunnels between optimization devices (as is the case for most
implementations). Furthermore, client-based software acceleration applications allow all kinds of
policy-based controls and priorities to be applied, even when a client is operating independently
in a Starbucks in Des Moines, far from her branch office in Dubuque 50 miles away.
Software acceleration clients benefit from built-in “situational awareness”—that is to say, from
the client’s perspective the WAN optimization solution is aware of its location (branch office,
remote VPN link, HQ) and can automatically apply an appropriate optimization strategy to
match. Client software can approximate its proximity to the source server to determine its best
possible routes and security options as well.

Caching
Caching is an excellent strategy in any aspect of computing. Router hardware caches MAC
address tables and maintains lists of IP assignments; application proxies cache application layer
data to conserve bandwidth against repeat requests; and WAN optimization technologies cache
sequences of traffic data to avoid duplicate replay of protocol patterns on the network. And the
process can be entirely application-independent for general-purpose usage. Single-purpose
caches work only with specific applications or repeat requests for the same resource irrespective
of all other network traffic (Web-only, email-only, backup-only, ERP and so forth). WAN
optimization devices have a global view of all traffic that passes over the links they manage, so
their caches can handle data for all the applications whose traffic traverses those links (making
them a “links-only” rather than “application-only” type of cache).
Data reduction is an efficient means for WAN application and bandwidth optimization. The trick
here is to avoid sending as much data as possible, or at least, never to send the same data more
than once. Acceleration appliances examine data in real-time prior to its transmission across the
WAN, and store objects and items locally. Any duplicate detected triggers the appropriate
appliance to resend data locally instead of moving that same data (unnecessarily) across a WAN
link.
Wherever data is stored by intermediary devices, it should also be handled in a secure, policy-
driven manner. Caching copies of repeatedly issued data across a network is a great strategy for
network performance but a terrible hindrance for application security across the data path. Any
information obtained from this cache must also be secured so that it’s both accurate and timely
upon delivery to the requesting source, but also safe and secure from unwarranted inspection or
alteration by unauthorized third parties.
Ideally, a cache should also be free of deployment constraint. Transparency plays a crucial role
in the peaceful coexistence of intermediary device and end-user, so having to expose caching
servers and services through end-user configurations can be a labor-intensive hands-on process.
Zero-configuration is the objective in many of today’s application platforms, and this area is no
exception. Any and all network optimizations should be readily accessible and completely
transparent to the end-user.

60
 Chapter 3

Coalescing Common Data Elements

Smaller recurring packets have repeatable header data patterns that consume substantial amounts
of bandwidth, which grows comparatively exponential in relation to the payloads. Packet
coalescing merges multiple packets into one, provided they traverse the same link to reach the
same endpoints.
In combination with header compression, this applies single header across multiple packets to
decrease operational overhead and achieve bandwidth requirements. Web, voice and interactive
multimedia applications all benefit greatly from packet coalescence.

Bandwidth Control
Bandwidth control and bandwidth management are two ways of saying the same thing. It is the
process of measuring and controlling packet-based network communications to avoid overusing
capacity, which results in network congestion and poor performance. The channel capacity of
partitioned, multiple-user Internetwork links is administratively limited. Once this threshold is
reached, performance degrades in a highly noticeable way—network congestion.
Controlling and managing network traffic reduces capacity use to maintain smooth, continuous
service between endpoints. The art and science of controlling and managing traffic is a deeply-
faceted practice of its own, with myriad solutions at virtually every layer of the network protocol
stack. ISPs typically retain control over queue management and QoS to subscribers, window
shaping promotes traffic flow reduction in high-end enterprise products and other such solutions
increase usability of network capacity and resources.
The majority of WAN protocols utilized today include Integrated Services Digital Network
(ISDN), frame relay, Multi-Protocol Label Switching (MPLS), Asynchronous Transfer Mode
(ATM), and Point-to-Point Protocol (PPP) over Synchronous Optical Network (SONET).
Harmonizing and orchestrating optimal performance among this heterogeny requires handling a
series of deeply complex tasks.

WAN Technologies Summarized

The following material contains introductory subject matter on the topic of current and existing
WAN environments and technologies. Topics include point-to-point links, circuit and packet
switching methodologies, virtual circuits, dial-up services, and WAN endpoint devices.
WAN data communications encompass broad geographically dispersed areas facilitated by
transmission services of common carriers, as depicted in Figure 3.5. WAN technologies
generally function at layers 1 through 3 of the OSI TCP/IP reference model, which is why most
network engineers also function at this level. However, WAN appliances can also be
“application aware” in that they are capable of analyzing application protocol streams and
manipulating their behavior according to policy.

61
 Chapter 3

Figure 3.5: A key benefit of the “Managed WAN Cloud” is its ability to accommodate different kinds of WAN
links for ingress and egress.

Point-to-Point Links
An established, individual communications path from subscriber to provider is referred to as a
point-to-point link. In this arrangement, a carrier network (such as a local telephone company)
provides a direct connection via leased lines (that may include copper wiring and other necessary
hardware such as CSU/DSU units) to the customer’s premises. Accordingly, both sets of links
will generally use the same service provider network arrangements.
Circuits are normally priced according to bandwidth requirements and the distance between the
two connection points. Point-to-point links are typically priced higher than Frame Relay links but
also provide permanently established, exclusive connectivity between provider and subscriber
regardless of the extent to which allocated bandwidth may be utilized. Another common term for
such a link is leased line (which refers to the ongoing reservation of the connection between the
two endpoints).

Circuit Switching
Using circuit-switching communications, data paths are formed as needed and terminated when
such use ceases. This setup operates much like a typical telephone network in that
“conversations” are arbitrarily created and terminated, existing only for the duration of the “call”
(which is actually an active data connection between at least two parties).
ISDN is a primary example of this kind of technology: a switched circuit is initiated whenever a
router possesses data for a remote site, which essentially places a direct-dial call into the remote
site’s circuit. Once the two parties are authenticated and connected, they begin the transfer of
data from source to destination. Upon completion, the call terminates.

62
 Chapter 3

Packet Switching
WAN packet-switching technology uses a shared carrier infrastructure unlike the private, one-on-
one pairings used in a circuit-switched network arrangement. This scenario enables the carrier to
make more efficient use of its infrastructure, often resulting in better subscriber costs for similar
levels of service. In a packet-switched environment, a shared WAN medium is distributed and
utilized among a broad subscriber base that creates virtual connections between sites for packet
delivery.
Such a topology is called a cloud and includes protocols such as Asynchronous Transfer Mode
(ATM), Frame Relay, Switched Multimegabit Data Services (SMDS), and—less commonly in
the US—X.25. Packet-switched connectivity is ideal for organizations whose WAN traffic is
“bursty” or variable in nature and does not require strictly dedicated bandwidth or always-on
WAN links.

WAN Virtual Circuits

So-called virtual circuits may be defined as any logical circuit created between two network
devices across a shared network medium. There are two types: switched and permanent virtual
circuits.
Switched virtual circuits are dynamically established on-demand and terminated once interaction
between the two linked parties ceases. Three phases define a switched virtual circuit’s operation:
circuit establishment (connect parties), data transfer (exchange information), and circuit
termination (end conversation). This setup is analogous to making a telephone call, which
follows this sequence: dial the other party and establish the call (connect parties), conduct a
conversation (exchange information), then disconnect the call (end conversation).
Once initially established, permanent virtual circuits (PVCs) remain locked into data transfer
mode thereafter for an indefinite period of time. (Though such circuits can and do go down
occasionally for various reasons, they are considered “always up” by virtue of their operation.)
PVCs are utilized in situations in which data exchanges are constant and ongoing between two
points. These circuits involve increased costs for usable bandwidth owing to their constant
availability, but that bandwidth also comes with availability and reliability guarantees.

WAN Dial-Up Services

Dial-on-demand routing and dial backup are two popular and cost-effective dial-up services for
WAN connectivity. Dial-on-demand dynamically initiates calls when data is ready to be sent and
specifies an idle timer that disconnects after a specified period of inactivity.
Dial backup uses switched circuits to provide backup services for a primary circuit such as point-
to-point or packet switching. Routers are configured for failure detection and automatic failover
until a disrupted primary connection is restored.

63
 Chapter 3

WAN Devices
A typical WAN comprises numerous networking devices, most of which are not unique to the
WAN environment itself. Modems, switches, and servers are non-specific, general-purpose
elements in every business computing landscape. These devices bridge network connectivity
among LAN and WAN segments, where each type provides different advantages and benefits,
along with individually applicable disadvantages and drawbacks. Let’s examine each
representative category in turn.

WAN Switches
Typical LAN-based Ethernet switches are multiport networking devices used in localized
environments. Similarly, WAN switches perform identical functions for distributed networking
contexts. They operate at the data-link layer (OSI Layer 2) and switch traffic from Frame Relay
and SMDS.

Access Servers
Central dial-in/dial-out gateways for dial-up connections are called access servers. These devices
provide LAN and WAN networking equipment access to asynchronous devices. Network access
servers function as control points for roaming and remote users so that they may access internal
resources (or to an ISP) from external locations.

Analog Modems
An analog modem translates between analog and digital signaling. This enables data-bearing
communications to transmit via voice-based telephony. Digital signals are converted into an
analog format suitable for transmission through analog carriers and then restored to digital
format on the receiving end.

Channel Service Unit/Data Service Unit

Digital phone line subscribers are connected to telephone service provider network equipment
through channel service units (CSUs). End-user equipment (for example, routers, computers)
interfaces this modem-like device to access network resources through the provider’s local
digital telephone loop such as a T1, E1, or DS-3.
The device that connects CSU to data terminal equipment (DTE) is called the data service unit
(DSU). It adapts the physical interface on the DTE to the provider transmission facility (for
example, E1, T1, DS-3) that converts between subscriber and provider protocol formats.

64
 Chapter 3

ISDN Terminal Adapter

An ISDN terminal adapter is like a modem in that it joins Basic Rate Interface (BRI)
connections to different physical interfaces on a router. Unlike a modem, it does not convert
between analog and digital signaling.

Understanding the WAN Optimization Landscape

Because of the many types of WAN links in use, there are likewise many challenges to and best
practices for making the most of WAN optimization, where no two vendor solutions and
strategies are exactly alike (though most share numerous elements in common). Some
optimization techniques are incremental and provide only marginal performance improvements
for application-specific traffic flows. Other optimization solutions are instrumental to sustaining
long-term performance-enhancing goals and can fundamentally change the way certain network
protocols operate—most of which occurs transparently between the application and its end user.
In addition, some vendors provide different classes of accelerated performance in their
optimization products, including such major enterprise applications as Microsoft Office
SharePoint, SAP, and Oracle Financials.
One key aspect in accelerating fundamental WAN performance comes from changing
undesirable behaviors, primarily by eliminating excessive, repeated, and wasteful transmissions.
The most efficient strategy in achieving this goal comes from avoiding unnecessary data
transmissions altogether. Data caching, data compression, and data reduction are three
techniques that haven’t proven able to provide measurable benefits in this regard. Data caching,
data compression, and data reduction strategies have been discussed in preceding chapters, so
their redefinition here is unnecessary. Extensive acceleration strategies go well beyond these
concepts, but WAN optimization absolutely involves multiple forms of data caching,
compression, and reduction.

See Chapter 2 for more information about data substitution, caching, and compression.

Actual data reduction implementations and methods vary widely among vendors and product
platforms. For the purposes of this chapter, it suffices simply to distinguish among distinctive
differences between data caching and data reduction approaches (data compression is completely
different and mutually independent).

65
 Chapter 3

Data Reduction and Data Caching Compared and Contrasted

Data reduction has the following advantages over data caching:
• Application breadth—Reduction strategies detect patterns across diverse types of traffic,
whereas caching takes an application-specific object-level orientation. Data reduction is
an endpoint-oriented technique that reduces traffic volume by sending placeholders in the
absence of duplicate data (it gets restored and reissued on the other side). Byte-level
granularity detects higher resolution by indexing blocks of patterns in network traffic
even when an application protocol (such as backup or replication) performs similar
functions at another level (especially at the file, block, or object level). When repeated
sequences are replaced in data flows, corresponding index or dictionary references—not
repeated data elements—are sent across the WAN link. This approach offers sometimes
extraordinary reductions in data volume.
• Application transparency—No client-server modification is necessary to employ data
reduction methods, but some caching environments require individual endpoint
configurations for all participating clients.
• Coherency—Preservation of client-server communications eliminates the chances of
delivering stale or inconsistent information when employing data reduction strategies.
Maintaining cache currency and coherence can involve significant amounts of processing
activity and WAN communications.
• Effectiveness—Data reduction operates at the byte level instead of the object level for
data caching techniques. This offers a more granular, higher-resolution hit rate when
detecting duplicate information, including information contained within apparently
different objects.
Both data caching and data reduction employ a common data management strategy: that is, both
depend upon a central point of access that also acts as the controlling authority for endpoint-to-
endpoint transactions. Despite vast differences among vendor platforms and products, there are
several noteworthy aspects common to all such implementations:
• Long-term timeline storage—Highly effective data reduction strategies leverage native
drive storage housed in network appliances to maintain historical snapshots of application
and protocol behavior. Access to several months of traffic patterns and data efficiently
eliminates duplicate data delivery over the long term by recognizing extensive recurring
patterns that may otherwise be missed in shorter-term trend analyses.
• Effective capacity—Vendors differ greatly in the methods they employ to parse and store
data as part of a data reduction strategy. Some are more efficient than others, and make
more effective use of available storage. Bidirectional solutions operate using two-way
communications and can optimize flows in both directions, whereas unidirectional
strategies must manage data separately for every individual traffic flow.

66
 Chapter 3

• Application breadth—Data reduction solutions operate at the network layer of the TCP/IP
network stack to support any transport protocol including UDP. Solutions that
specifically target TCP flows are designed to footprint and store bulk TCP application
data (such as file transfers and email messages). Support for UDP streams expands the
breadth of supported applications (including VoIP as used for IP Telephony and related
services, and the Real Time Streaming Protocol—RTSP, as used for streaming media
playback over the Internet, primarily for entertainment videos).
• Data protection—Data reduction solutions take protective measures to safeguard end-user
information that usually involves application of encryption mechanisms. Compression
and reduction strategies work well on repetitive data elements, but effective encryption
randomizes such data and renders those strategies ineffective. SSL acceleration
originating and terminating on the WAN optimizer expedites overall traffic by permitting
optimization mechanisms to operate even within encrypted (therefore unintelligible)
transmission streams (essentially, this involves sharing keys or certificates, decrypting
data streams in the device to seek out repetition, applying data reduction and caching
techniques, then re-encrypting the reduced output for transmission across the WAN. The
benefits of WAN optimization usually outweigh the associated overhead involved,
making this approach entirely cost effective).
• Granular matching—Each solution also differs in how it seeks matching data patterns
both in the granularity of the search employed and the resulting long-term database
fingerprints. Some solutions work well for duplicate data strings or streams sent in rapid
succession but may be ineffective when working with derived data or duplicates sent
after older data ages out of the cache.
Finally, data compression seeks to reduce traffic traversing the WAN topology. Simple
algorithms identify repetitive byte sequences within a single packet, whereas more sophisticated
implementations go beyond the packet level to match packet sequences and entire protocol
streams. Header compression provides further bandwidth gains through specialized algorithms
designed for protocol-specific properties. Payload compression algorithms identify relatively
short byte-pattern sequences in data-bearing protocols that recur over a measured duration,
which are replaced with shorter references. Compression across various flows of traffic is called
crossflow compression and works even on UDP-based traffic.
In each of these strategies, a centralized analysis and control point is required to monitor and
modify entire network transactions through individual conversations. The proxy appliance or
proxy server dutifully services this role and proves itself a greatly effective tool in enhancing
performance and security capabilities for given client-server needs.

67
 Chapter 3

WAN Optimization Delivers the Goods

Through a consistent notion of where and how data travels, what is repeated (and thus, may be
copied), and which applications (and identities, services, and so forth) are utilizing WAN links,
WAN optimization devices create a model for networked communications that lets them
maximize the traffic that WAN links can handle, and make the most of the WAN resources and
bandwidth at their disposal. Enterprises and organizations also quickly realize that these devices
provide a “golden opportunity” to impose and enforce policy and police network usage at the
very chokepoints unwanted traffic might otherwise overwhelm. It’s rare that technology
solutions pay off more handsomely than they’re expected to do so, but WAN optimization enable
savvy buyers to put their money right where the pain and pressure usually reside, and realize a
veritable bonanza as a result.
In the fourth and final chapter of this e-book, we will dig into the challenges most likely to be
encountered when implementing WAN optimization, and the best practices that organization and
enterprises should heed when deploying WAN optimization solutions. By the time you finish
that material, you should have some good ideas about how to respond to those challenges, and
what best practices you’ll want to implement as well.

68
 Chapter 4

Chapter 4: Challenges and Best Practices for WAN

Optimization
WAN acceleration is a key enabler of strategic IT initiatives and enterprise goals, including
branch office networking, central storage repositories, and business continuity planning. WAN
connections and delivery may be established using dedicated leased lines or cloud services that
are owned and operated by providers and shared by multiple subscribers. Furthermore, the
diversity among protocols, platforms, and performance rates adds layers of complexity to traffic
optimization for network engineers and infrastructure implementers.
Ultimately, the real meat of the WAN optimization discussion hinges on application delivery.
This topic is probably best understood as a form of optimization that incorporates a deep and
detailed understanding of application traffic patterns, network messages, and overall behavior.
This approach provides a foundation for optimization techniques that includes smart use of
proxies, protocol optimization, application behavior optimization, and more. It makes effective
use of the techniques and technologies described in the previous chapter, particularly
compression, various levels of caching, and streamlining of network traffic behavior to make the
most of the WAN bandwidth available for application use. Above all, with a serious focus on
delivering the best overall end-use experience, optimization and its metrics can improve
productivity and usability. In turn, this depends on creating and maintaining an optimal
application infrastructure, designed to improve response time and to deliver a positive
application access experience.

Benefits of an Improved Application Infrastructure

The benefits of proxies and WAN optimization devices in the enterprise network landscape are
numerous. A centralized outlook on network transactions creates a holistic view of the
application delivery environment and lets IT observe application-user pairings including
applicable content. A proxy coordinates with service priority and security policy requirements to
allow or deny transit, then to prioritize all allowed traffic. WAN optimization incorporates such
functionality and makes use of protocol optimization (where applicable) and various levels of
caching to minimize the size and frequency of networked communications.
These are only a few of the immediately appreciable benefits of utilizing a WAN optimization
architecture that includes improved application delivery, proxy accelerator, and security
appliance capabilities at the network boundary. Let’s revisit a few of these and other key points
for an individual perspective on WAN optimization benefits.

69
 Chapter 4

Holistic View of Entire Application Delivery Environment

The primary approach to acquiring a complete knowledge of the application delivery
environment is to ascertain all traffic types and content that passes through some central or
shared access point. A centralized WAN optimization device provides comprehensive visibility
into and control over information about network protocols and payloads of interest. Such a
device serves as a single gateway through which all monitored traffic passes, and offers a single
source viewpoint from which to observe end-user and system-to-system network interactions.
WAN optimization devices are designed to peer into network traffic and—in some cases—
perform granular byte-level optimization on application and protocol traffic. Traffic acceleration
is facilitated by predefined proxies, protocol optimizations, and traffic filtering/priority
schemes—each with individual parameter tweaks—for many types of common traffic including
instant messaging, SOCKS servers, Telnet, and DNS or through customized HTTP and CIFS
proxies. SSL/TLS traffic—which some optimization devices will not touch—can also be
selectively decrypted, optimized, and re-encrypted according to administratively defined policy
and procedure.
Because of its more holistic perspective on network traffic and activity, this comprehensive
perspective into network application and protocol payloads provides significant performance
enhancements, along with greater granularity in control. Contrast this with individual end-point
solutions (such as firewalls, Quality of Service—QoS—appliances, and routers), which provide
varying levels of granularity and inconsistency or incompatibility because their perspective on
network traffic is invariably obtained from what flows between pairs of endpoints, not from end-
to-end across an entire network infrastructure.

Observation of Application and User Pairings

WAN optimization device presence permits IT staff to monitor and observe interactions between
end users complete with contextual content and application data. Network staff can analyze
traffic trends through information collected, analyze report data, then tune performance and
security parameters accordingly.
Where unwanted or unauthorized protocols are discovered, it becomes easy to block them
completely or to throttle back available bandwidth to a mere trickle (5 to 10Kbps). This latter
approach has the advantage of keeping such connections alive so that network administrators can
identify the parties (or at least the computers) involved in such activity. This provides an
opportunity to identify the individuals who may be violating acceptable use policies and to offer
counseling or take appropriate remedial action as such policies require.

70
 Chapter 4

Organizational Priority and Policy Compliance

Preservation of confidentiality, privacy, and security are reasonable expectations of any WAN
accelerator that is likely to pass and process sensitive or proprietary data and documents.
Accordingly, WAN optimization solutions should strictly adhere to organizational priorities and
policies when handling data.
By way of example, MS SharePoint services marks select content as private and non-cacheable,
which defeats some of the optimization strategies in a WAN optimization device. Newer
document formats utilize Open XML specifications that cannot be further compressed or
differenced by conventional means. The Open XML format uses compression, and subsequently
inhibits any further WAN optimization and document differencing strategies.
Bottom line: organizations must determine the applicability and serviceability of such
applications over the WAN and assess related performance issues. For SharePoint services and
Open XML specifications, some WAN optimization devices have taken to blueprinting
application protocol behaviors to overcome inherently prohibitive factors. In the case of Open
XML, certain WAN optimization solutions can and will decompress, decompose, and determine
differences within document formats for data reduction and caching purposes, thereby ensuring
optimal delivery. This is a similar approach to that which sometimes applies to encrypted traffic
described in the next section, where a WAN optimization device is granted the ability to peer
into and operate on content inside already compressed and quantized document representations,
enabling it to optimize the data it finds based on caching, protocol optimization, and so forth.

SSL Interception, Split Video Streams, and Local Object Caching

Communication via WAN often involves cryptographic protocols necessary to protect sensitive
information in transit. If encryption occurs upstream from the WAN optimization device, special
actions are required to handle such data at the appliance: it must decrypt that traffic, optimize it
by all possible means, then encrypt that traffic (again). Otherwise, the WAN optimization device
has no visibility into this traffic, and cannot provide optimization services. The same is true for
compressed data streams as well. That explains why in most cases encryption or compression is
best leveraged on the WAN optimization device itself.
Because it is guaranteed to be party to all relevant network traffic, a WAN optimization device is
the only practical platform suitable for intercepting encrypted SSL transactions, split video
streams, and for caching local objects. On a distributed scale, WAN optimization device
intervention is also the best possible way to intercept, optimize, and continue network
transmissions for multiple clients in a controlled and unified manner. Using such processing
elements on the WAN can apply hardware-based SSL acceleration to increase network-driven
encryption response time and offload end-point processing burdens related to cryptographic
processing.
Some appliances take a single video stream and divide it locally into a sufficient number of
streams to service all participating viewers. They can also record live video for future playback
and even identify individual end users to track employee viewership trends.

71
 Chapter 4

Mobile and Roving User Management

Additionally, a WAN optimization device provides the operational oversight needed to manage
roving or mobile users. Roaming employees operate outside the WAN perimeter, which is
normally beyond the reach of organizationally defined security policies. Managing and securing
remote users’ access to organizational resources thus turns into a special-case situation.
In a typical WAN topology, stationary acceleration devices operate at corresponding ends of a
WAN link. The problem with a mobile computing workforce is that these appliances cannot
accompany those who roam beyond the boundaries of the WAN. Instead, some WAN
optimization products utilize mobile client software to approximate LAN-like performance
across public telecommunication media, as depicted in Figure 4.1. Client software reproduces
WAN accelerator functionality on the mobile platform to reduce application and protocol
latency, accelerate file sharing, and expedite email exchange. Where specific applications must
be supported and software accelerator components are available, they too can be incorporated
into this kind of “virtual WAN optimization end-point” architecture.

Figure 4.1: What WAN optimization devices do for WAN links, client software does for individual remote
access.

72
 Chapter 4

Application Awareness and Real-Time Results

WAN accelerators capable of handling applications and protocols directly can deliver better
optimization than those that look only at traffic at the packet, byte, or bit level. Of course, this is
a primary motivation for building and maintaining application optimization and delivery
mechanisms. Furthermore, you can configure and manage optimization appliances in much the
same way as routers, using either command-line interfaces (CLI) or Graphical User Interfaces
(GUIs).
Certain implementations require enterprises to apply configuration changes to routing devices to
redirect traffic into the optimization appliance. Thus, all relevant routing protocols, load-
balancing acts, and asymmetric traffic flow must be considered during the design phase, prior to
deploying WAN optimization hardware. However, unlike a router, a WAN optimization
appliance operates at up to the application layer (which is what endows it with a quality we call
“application awareness”) and therefore involves both network engineers (who usually focus their
activities at OSI layers 1 through 3) and IT administrators (who work primarily at OSI layers 4
through 7).
Altering client-server behavior can produce complex, sometimes unintended and unforeseen
consequences that can be either harmless or disastrous, depending on the nature of the network
transactions affected. Incremental performance benefits may be earned through application-
specific latency optimization techniques that include acceleration of HTTP, SSL, and SQL
traffic, and using pre-fetching techniques to anticipate upcoming content requests.
WAN accelerators can mitigate and mend broken protocols and interrupted communications on
the fly without requiring manual intervention. As an example, forward error correction permits
recipient WAN accelerators to detect and correct erroneous transmissions without having to
reissue original data transmissions. Packet order correction handles packets delivered out of
sequence and transparently rearranges them in proper order. Likewise, WAN accelerators can
deliver and manage application data in a reliable, repeatable manner, then store current
application data values locally to permit repeated access to such information without requiring
repeated WAN traffic to match.
In terms of WAN optimization, application awareness is essential to accelerating robust business
platforms. To illustrate, a WAN accelerator utilizes built-in blueprinting mechanisms for
commonly utilized business applications (including Oracle eBusiness Suite, Microsoft Office
System, and Microsoft SharePoint). Therefore, the appliance must learn only local transaction
patterns, and when the time to transmit across the WAN comes, it needs to push only changes
and differences instead of entire documents and datasets.
Fast differencing algorithms utilized to accelerate WAN traffic also exercise application
awareness. These functions store individual historical records for each object an application uses.
Each history can be separately aggregated and versioned. This way, differencing occurs only
against correlated content.

73
 Chapter 4

Security is an issue primarily in two situations: data at rest and data in motion. Data at rest is any
information stored on the WAN accelerator and must therefore comply with any applicable
organizational and federal regulations governing the storage of private and confidential data. At
the same time, data in motion—anything sent across the wire—must also be securely encrypted
where applicable. For these reasons, encryption must necessarily occur for drive partitions and
data pathways whenever sensitive information is involved. This data security must also be
backed up by proper access control and user authentication systems.

Symbolic Dictionaries and Sent References

WAN optimization devices can use local symbol dictionaries and effect quick, efficient pattern
lookups to eliminate redundant transmission of objects or data sequences (see Figure 4.2). This
way, individual end users never need to send or receive complete communications from end to
end; instead, transmissions are sent with placeholder references to defined symbolic “keywords”
contained in each end-point symbolic dictionary. This is a direct consequence of the dual data
caching and data reduction strategy built-in to basic WAN optimization device behavior.

Figure 4.2: Moving symbol dictionary references instead of the data referenced thereby can achieve data
reductions of three orders or magnitude or better.

LAN-Side Optimization Impacts WAN Delivery

LAN-side optimization handling accounts for network acknowledgements, maintains short
response times, and uses shared symbol or content dictionaries to exchange large amounts of
information by reference (rather than by outright exchange). This approach essentially short-
circuits local application delivery to bring rapid-fire resumption and succession of remote
activities across the LAN. The presence of WAN optimization devices at the LAN to WAN
transition point also maintains consistency and helps synchronize both ends of a conversation
quickly and efficiently

74
 Chapter 4

Proxies and Tunneling

The entire problem with managing and maintaining globally, regionally, or territorially disparate
networks is in finding a cohesive, comprehensive manner to unify diverse and mostly
incompatible applications and protocols. When a WAN optimization device controls the
conversation between tunneled endpoint pairings, greater and more granular control is exercised
over the domain of operation between them.
WAN accelerators are designed to have functional counterparts on each end of a conversation to
establish mechanisms for controlling application protocol delivery. Therefore, the WAN
optimization appliance platform is an ideal checkpoint through which sub-optimal traffic passes
to be prioritized and optimized for distribution across distant networks. It lets LAN conditions
persist right up to the network periphery, then imposes transparent optimization onto traffic
aimed at the WAN to improve the end-user experience, speed delivery, and shorten overall
response times.

Special Considerations for Disaster Recovery

WAN links also service disaster recovery procedures and processes, so there are special
requirements for deploying WAN optimization in such environments. Limited bandwidth, high
latency, and lost and out-of-order packets put data replication and backup initiatives in jeopardy.
Consequently, Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) aren’t
met in a timely fashion and the entire disaster recovery process suffers. This places heightened
demand on WAN optimization tools capable of improving replication time while obtaining
maximal bandwidth efficiency during such processes.
At the forefront of the evaluation process reside a few key principles:
• Know your applications and protocols—Observe how much traffic generates from
replication processes, what and when peak loads occur, and the duration of data in transit
between points.
• Know your network—Determine how much effective throughput is actually achieved
across the WAN topology, taking into account excessive retransmissions from MPLS and
VPN usage.
• Know your limits—Quantify traffic flow across the network to gauge how WAN
optimization devices appropriately handle the volume.
Slight drops in throughput can have significant impact on particularly large backup and
replication processes, which may consequently fail to complete. Latency also adversely affects
disaster recovery operations, which is unavoidable for geographically disparate WAN endpoints.
In certain instances, TCP acceleration techniques (including selective acknowledgements—
SACK, adjustable window sizing, and round-trip time monitoring) can address this issue. All
individual network appliances and intermediary network devices account for the many
bottlenecking points that may limit effective throughput. Routers and firewalls may impose
restrictions against the delivery of certain forms of traffic that adversely affects high-volume
flow. Such issues need to be addressed directly through individual configuration on each network
element or indirectly by way of WAN optimization techniques such as packet striping.

75
 Chapter 4

Packet striping overcomes quota restrictions emplaced on bandwidth for TCP streams and
enforced by firewalls or routers. The intention is to prevent overutilization of available
bandwidth. Packet striping divides the aggregate throughput for any given data stream among
multiple flows. In this way, multiple smaller streams can still play by the rules without a large
payload subject to checkpoint restrictions in passage. A single, bulky 100Mbps stream transiting
a router restriction of 10Mbps per flow easily divides into 10 separate streams for optimal
delivery.
Though beneficial, these routing restriction enforcements may unintentionally inhibit important
traffic (such as scheduled online backups) with equal prejudice among several competing but
less significant flows (for example, client HTTP traffic, Simple Network Management
Protocol—SNMP—interactions, and routine network status checks). Striping breaks high-
bandwidth traffic into several discrete flows for optimal transmission and later reassembly at the
receiving end. It may be prudent to synthesize your approximate WAN conditions using a
simulator or emulator as part of your WAN optimization evaluation process. Switching or
upgrading existing network infrastructure to MPLS and VPN technology necessitates this
discovery process and greatly benefits from its results. Good WAN emulators effectively
reproduce real-world conditions specific to your network properties to include effective
bandwidth, inherent latency, and non-sequential packet delivery.

Fixing Broken Protocols

Even when fixes are short-lived and properly addressed through application update or redesign,
WAN accelerators can address notoriously WAN-unfriendly protocols. Known offenders on the
itemized list of “broken WAN protocols” include both CIFS (file sharing) and MAPI (mail
exchange). Vendors overcome the limitations of these protocols across the WAN using content
prefetching or preemptive read-ahead and write-behind techniques.

Data pre-fetching builds a cache repository based on read and requested file segments for maximal
efficiency. Read requests are served from partially cached files if requested elements are present.
Data read-ahead takes a predictive approach to accelerating WAN traffic by preemptively requesting
file data ahead of the current cached portion to increase cache hits and performance.
Data write-behind techniques accelerate file transfers by deferring write requests until sufficient data
accumulates to warrant issuing an all-at-once write.

For example, previous MAPI issues associated with Outlook 2000 are addressed in Microsoft
Exchange 2003, which includes a new cached mode of operation to improve WAN performance.
Although CIFS is designed for remote file sharing access across the Internet and other IP-based
networks, it’s a fairly chatty protocol issuing hundreds to thousands of round-trip packets for a
single file transfer (see Figure 4.3). CIFS performance is strictly LAN-bound and its chatty
nature directly impinges WAN performance. Across the WAN, file shares accessed from a
centralized data center undergo bandwidth and latency constraints that negatively impact
performance.

76
 Chapter 4

Figure 4.3: Replacing NFS or CIFS with WAN-capable file services and caching enables greatly improved
communication efficiencies.

How Transactions and Conversations Can Be Short-Circuited (and Fast-Tracked)

Caching and reduction strategies facilitate faster end-user conversations and endpoint
transactions by eliminating duplicate or wasteful transmissions. However, LAN-side acceleration
appliances challenge how WAN optimizers implement QoS in branch offices and data centers.
Traffic flowing internal (LAN) to external (WAN) has its protocol headers and payloads
obscured by these appliances, thus preventing downstream devices (such as WAN routers) from
applying optimization logic.
QoS mechanisms maximize WAN utilization particularly on oversubscribed WAN links or
unmanaged sources of over-saturating data. Less important data usurps bandwidth from
significantly more important data where demand exceeds capacity on the WAN. Unmanaged
traffic in tight contention for the same limited resource deprives critical application and protocol
data from timely and efficient delivery.
QoS serves to classify traffic based on application or protocol characteristics and prioritize
delivery of critical conversations over insignificant traffic. Policy-based routing decisions ensure
that proper and timely delivery is handled with utmost efficiency, including weighted queuing
mechanisms that correspond to varying delay and usage constraints. Important data gets fast-
tracked over lesser important data.

Enhanced Compression and Transaction Optimization

Compression strategies are present virtually anywhere storage volumes thrive in anticipation of
eventual over-saturation. Many types of storage device perform basic compression techniques
that will not prevent WAN optimization device operation but will significantly hamper or hinder
its overall effectiveness. Preemptive data compression techniques restrict the visibility into
application and protocol payloads for WAN optimization solutions.
In many cases, WAN optimization techniques perform similarly or superiorly compared with
native compression strategies in storage arrays and should therefore be disabled for such
volumes. Typically, this yields overall net performance improvement gains and alleviates the
burden of processing compression algorithms and data on the storage arrays themselves. An
enhanced level of compression and transaction optimization can occur—in some cases factoring
up to 100 times the improvement for end-user response time.

77
 Chapter 4

Achieving Efficiencies: WAN Optimization Usage Cases

As the following use cases illustrate, specific WAN topologies and circumstances are amenable
to various types of performance improvements using WAN optimization technologies. In the
headings that follow, we examine a few different but specific cases in point.

Extending Inmate Tracking Systems for the State of Nevada

The Department of Corrections in Nevada operates numerous facilities in extremely remote
locations. Some of them are more than 8 hours’ travel time away from the department’s Tahoe
headquarters location. Though that remoteness serves as an additional barrier against escape, the
distances involved posed interesting challenges to the department’s key homegrown inmate
tracking system. A batch-oriented system with no real-time data interface, its developer is no
longer available, which makes internal code changes impractical.
Thanks to its age and old-fashioned design, this inmate tracking system presented numerous
deficiencies. Thus, the department chose to replace it using a centralized real-time management
system purchased from Syscon Justice Systems that features a Web-based interface accessible
from any Internet connection. The new software handles all basic inmate operations, such as
calculating sentences, tracking funds held in trust for inmates, and monitoring inmate location at
all times.
Unfortunately, the Syscon program was not developed to take WAN latency issues into account.
Though it performs adequately on a LAN, across slower WAN links, individual pages took
nearly a full minute to load and display data. For sites not yet equipped with T1 lines, this could
involve substantial added expense and even then, T1 connections were simply not available to
the most remote of these sites.
Application-specific WAN optimization came to the rescue here. An appliance was installed near
the WAN gateway at each location to manage traffic on each link. This led to substantial
improvements in throughput, while caching enabled load times to decrease to around 5 seconds
in most cases (after initial page loads had occurred). In addition, the Nevada Department of
Corrections found itself able to manage all Internet access at all of its sites, and to control and
groom Internet access. As a nice side effect, WAN optimization eliminated unnecessary WAN
traffic, thereby freeing additional bandwidth for legitimate users and applications.
With 20 WAN optimization appliances at HQ and remote locations, implementation took some
time and effort. The department had to develop access and security policies for the appliances to
enforce, and they had to be tuned to provide an optimal mix of functions to meet user needs. As a
result, database applications have manifested a 600% performance improvement, and page loads
have improved by as much as 1000%.

78
 Chapter 4

Improve Inter-Campus Communications at a Multinational University

Though Heriot-Watt University is based in the United Kingdom, it operates a campus in Dubai,
UAE, as well as the main campus in Edinburgh, Scotland. Though this involves a distance
halfway around the globe, communications between both campuses are critical: the majority of
the teaching staff and instructional resources are housed in Edinburg, but students and staff on
the Dubai campus need ready access to them. To meet its instructional needs, Heriot-Watt has
implemented a Virtual Learning Environment (VLE) that permits inter-campus sharing of
educational materials and online interactive tools that students share with instructors and each
other. Also, Heriot-Watt uses the inter-campus WAN link for voice and video conferencing
facilities.
Unfortunately, the WAN link in use provides only limited bandwidth so that data volume is
limited and is subject to high latency, which poses severe problems for streaming or near real-
time applications such as voice and video. This combination of hurdles made VLE problematic
between the two campuses, where page load times might easily run as high as 20 seconds, and
where a load of more than half a dozen active users would bog down the link sufficiently to
interrupt communications.
Because of the distance between the two campuses, Heriot-Watt decided that a bandwidth
upgrade was too expensive to afford and too difficult to implement. Even then, overall latency
would still have remained fairly high owing to use of long-haul satellite links. Careful
implementation of a pair of WAN optimization appliances with application proxy capabilities
enabled the university to implement its VLE across that link. A combination of WAN
optimization techniques that included compression, object and byte caching, and traffic
prioritization, along with application protocol optimization, allowed Heriot-Watt to make use of
video-based e-learning technology across the WAN link as well. Page load times declined from
nearly 20 seconds to around 1 second, and delivered significant performance boosts to VLE and
email communications. The ability for students and staff on both campuses to access the same
learning materials at nearly the same instant also means the university can offer virtual classes to
students on both campuses at the same time.
Because of application and file-level caching, on-demand video e-learning modules can be
transported across the WAN during non-peak hours, and then stored locally on both campuses.
The university can also offer live video feeds across the WAN by sending a single video stream,
then splitting that feed into as many individual streams as are needed on each campus. This has
enabled numerous e-learning pilots, which the university had hitherto considered infeasible.
The WAN optimization appliance also supports acceleration of SSL-encrypted traffic so that
Heriot-Watt can move optimized, secure traffic related to administrative applications across the
WAN link. This lets the university make much better use of available bandwidth, yet still make
use of critical applications as they’re needed. Also, only traffic that needs to move between
Dubai and Edinburgh traverses the WAN link, as both WAN optimization devices can provide
Web security for local Internet connections as well as block against malware and other malicious
threats locally. Likewise, these appliances can impose security and allowable use policies on the
Internet link to block or limit unwanted or inappropriate applications, such as peer-to-peer file
sharing.

79
 Chapter 4

Networx Australia Accelerates Application and Content Delivery

Networx Australia is a managed service provider that works with Australian enterprises and
organizations. It offers its clients Internet access, WAN connectivity, and security solutions for
all kinds of business needs. Today’s managed service environment in Australia is highly
competitive so that service providers are continually on the lookout for ways and means to
differentiate themselves and to inspire customer loyalty and retention.
To that end, Networx Australia chose to provide WAN optimization services to its customers to
accelerate application and content delivery without increasing—and in many cases, decreasing—
bandwidth consumption. Because WAN bandwidth is often limited and/or metered, reductions in
bandwidth consumption can translate into cost savings or make room for rich media applications
including teleconferencing, telepresence, and VoIP.
For many of its customers, Networx Australia provides the WAN infrastructure between their
own headquarters’ centralized data centers and branch offices. End users in the branch locations
need access to data, applications, and services housed in the data center but want to obtain LAN-
grade performance and response time when doing so. Prior to deployment of its WAN
optimization devices, many branch users experienced excessive network latencies to the point
where applications ran painfully slowly or did not even work at all. Adding bandwidth can’t
completely address such problems, but WAN optimization helped bring latency levels under
control and enabled branch users to increase their productivity while speeding overall response
time and usability.
Networx Australia’s use of WAN optimization devices also enabled them to improve the security
as well as the performance of their WAN infrastructure. In addition to accelerating application
access and reducing network latency, these devices provided a means whereby companies could
look to Networx Australia to provide malware protection, impose URL filters to block access to
inappropriate or disallowed sites and content, and prohibit use of unwanted or unsafe
applications that might be illegal, unauthorized, unlicensed, or not related to normal workaday
use (such as peer-to-peer music or video access, BitTorrent downloads, and other “personal use”
protocols or services not needed on business networks).
By deploying WAN optimization devices at customer branch offices and at their data centers,
Networx Australia was able to accelerate application and content delivery at the same time it
improved Web security and network controls. Customers report improved behavior and usability
of approved distributed applications and file services, more overall available bandwidth, and
improved application experiences for end users.
Behind the scenes, Networx Australia also was able to reduce its own operational costs, thanks to
more efficient use of its WAN infrastructure, and to improve customer loyalty and retention.
Caching technology and protocol optimization have enabled customers to speed CIFS file
transfers by factors of up to 200 times. Web-based applications now run seconds faster per click,
on average, and login/startup times for customers have improved dramatically.
The same security protections that customers enjoy in their data centers and branch offices also
benefit Networx Australia, with increased protection against malware and unauthorized or
unwanted applications. Traffic management (and reductions from elimination or throttling of
unauthorized programs and services) has also let Networx Australia make better use of its WAN
infrastructure, and improve its overall profitability without increasing operation costs. Across the
board, introducing WAN optimization has been a win-win for both the provider and its
customers, and has helped them to develop and retain a growing and satisfied customer base.

80
 Chapter 4

Conclusion and Recommendations

Companies and organizations seeking to optimize use of existing WAN links, and to maximize
their ROI on new WAN links, will find that in addition to increasing the utility of bandwidth
consumed, WAN optimization devices offer improved security, increased control, and more
effective use of key applications through appropriate proxy deployments. Many buyers discover
to their delight that the payback period for investments in WAN optimization are shorter than
originally projected because increased usability, improved response time, and better application
control often leads to higher-than-projected growth in WAN usage and unexpected productivity
gains. Any company or organization that uses WAN links for regular, ongoing communications
will find it worthwhile to contemplate, and probably to implement, some kind of WAN
optimization strategy.

Download Additional eBooks from Realtime Nexus!

Realtime Nexus—The Digital Library provides world-class expert resources that IT
professionals depend on to learn about the newest technologies. If you found this eBook to be
informative, we encourage you to download more of our industry-leading technology eBooks
and video guides at Realtime Nexus. Please visit http://nexus.realtimepublishers.com.

81