THE SKINNY ON FAT PIPE: Requirements for Performing WAN Acceleration on High Capacity WAN Links
Disaster recovery, server centralization and other strategic initiatives are increasing the amount of data on the Wide Area Network (WAN), resulting in a growing demand for high capacity WAN connections. These larger WAN links have unique performance, scalability and configuration challenges that affect application delivery and therefore must be taken into consideration when deploying a WAN Acceleration device.
CHARACTERISTICS OF A "FAT PIPE"
A high capacity WAN link (a.k.a "fat pipe") is simply defined as a WAN connection that supports 30 Mbps or higher throughput. One often sees such a connection between large data centers, disaster recovery facilities, regional hubs and when communicating to large branch offices (typically with highly skilled remote employees, such as law firms, professional services firms, healthcare institutions, manufacturing facilities and financial institutions.)
As data volumes increase, more enterprises are turning to "fat pipes" to support data center and branch office needs
There is no magical association with the 30 Mbps number - it is simply an artificial line drawn in the WAN sand chosen for the commonality of DS-3 connections in large enterprises, and the fact that most WANs at or above this speed display the following common characteristics:
Bandwidth challenges. Even though fat pipes offer significantly more bandwidth than alternative WAN links, that bandwidth is still a fraction of the throughput offered by Local Area Networks (LANs), which often run at Gigabit per Second (Gbps) speeds. As a result, applications still must compete with one another for limited bandwidth resources.
When distance is introduced into the equation, an additional bandwidth challenge can emerge on fat pipes. High latency can prevent enterprises from effectively achieving their maximum WAN capacity. Even though hundreds of Mbps might be more than adequate throughout to support an enterprise's traffic delivery needs, if the company can only achieve 10 or 20 percent utilization on that WAN link application performance will suffer. Furthermore, the accounting department will be none too pleased given the amount of money spent on bandwidth that is not being utilized.
Large volumes of data. By their very nature, high capacity WAN links are meant to support large volumes of network traffic. Depending on the size of the WAN connection, this can easily be Terabytes (TB) of data each day, as opposed to the Megabytes (MB) that are traditionally seen on smaller WAN links. In addition, fat pipes typically support many more simultaneous users than smaller WAN links. This can result in tens of thousands of simultaneous TCP flows between office locations.
More applications. The general makeup of traffic on high capacity WAN links often differs from smaller branch office connections. For example, in addition to traditional user productivity tools, such as file services, email, and web traffic, large WAN links often support more server-based traffic, such as replication, backup, SQL transactions, and disaster recovery. This mix of traffic places unique performance requirements on fat pipes.
Security. As fat pipes carry large volumes of sensitive corporate data there is a higher tendency for enterprises to use encryption on these connections (as opposed to smaller branch office links, which only support a small fraction of the enterprise's overall data set).
WAN ACCELERATION CHALLENGES
While large WAN links are not new, the optimization techniques used to improve application performance on these links has changed significantly in the past two years. Most notably, traditional compression, QoS, and TCP acceleration techniques have been augmented with the introduction of disk based data reduction.
Disk based data reduction works by placing a WAN acceleration appliance with dedicated local drives in each office location (such as a data center and disaster recovery facility).
The appliances monitor all server/server and client/server communications in real-time, "fingerprinting" data sets and storing a single instance of each piece of information locally for future reference. Whenever duplicate data is sent between communicating devices, the appliances detect this and send a reference across the WAN instead of the actual data.
The information is then delivered from the local data store on the far end appliance. This eliminates the transfer of duplicate data across the WAN, which can eliminate over 95% of WAN traffic. In addition, it leads to LAN-like performance across the WAN as information is delivered locally whenever possible. Disk based data reduction yields 10-20x (90-95 percent) average performance improvements across the WAN, with peaks exceeding 100x (99 percent) under the right circumstances.
Disk based data reduction improves WAN efficiency and application performance by eliminating the transfer of duplicate data across the WAN
There are unique challenges associated with performing disk based data reduction on high capacity WAN links. For one, it involves lots of parallel reads and writes to disk at very high speeds, which requires efficient fingerprinting algorithms and significant hardware processing power. Secondly, a significant amount of storage capacity is required on data reduction appliances to handle the large volumes of data produced in fat pipe environments. In addition, extremely efficient methods of indexing/storing are required to access and retrieve this data over time.
The diverse makeup of traffic traversing large WAN links also has an impact on data reduction. In addition to "bulk TCP" applications, such as email and file, high capacity WAN links also must support real-time traffic, such as data replication, SQL, voice and video.
As many of these applications run over UDP (not TCP), scalable data reduction solutions must work across all applications, regardless of transport protocol. In addition, the fingerprinting process employed by data reduction appliances cannot add more than a few milliseconds of latency, and must deliver consistent latency throughout the course of operations. Applications like data replication perform poorly when latency fluctuates. As a result, the wrong WAN acceleration solution can cause more harm than good in some instances.
WAN ACCELERATION ON FAT PIPES
A variety of things can help WAN acceleration solutions address the performance, scalability, and management requirements for high capacity WAN links. These include:
Hardware architecture. Great performance starts with the underlying hardware. For example, a WAN acceleration appliance with multi processor, multi-core 64 bit processors will be able to handle more data than a 32-bit appliance with a single processor. In addition, dedicated, multi-Gigabit per second (Gbps) security processors can help offload key management and encryption functions to ensure line rate speed when encryption is enabled (e.g., SSL and IPsec.)
Byte Level Granularity: Different vendors employ different techniques when performing data reduction. For example, some solutions employ session buffer architectures that require blocks of data to be aggregated before making a data reduction decision; others use a packet-oriented architecture whereby variable length redundant patterns are detected down to byte level resolution. The latter method typically provides better granularity when matching patterns and leads to less latency and higher data reduction results on fat pipes. This becomes particularly apparent when performing data replication and backup across the WAN, which involve the transfer of large streams of data that typically have undergone some form of de-duplication (i.e. the removal of repetitive data by the storage application).
Optimization Features. A variety of optimization techniques can be used to improve performance on high capacity WAN links. In addition to disk based data reduction, traditional compression (LZ, header, crossflow), TCP acceleration (selective acknowledgements, adjustable window sizing, etc), and advanced Quality of Service (QoS) techniques all can help improve application performance. Loss mitigation might also be useful in MPLS and IP-VPN environments, where packet loss might be problematic.
Large Local Data Store. The more data store used for data reduction, the better the performance over time. Fat pipe environments typically will require a WAN acceleration appliance with several Terabytes of space available for data reduction functions.
Single Instance Networking. Vendors use different methods to store data when performing data reduction. Some techniques are more efficient than others, resulting in better usage of available storage space. For example, solutions that store a single instance of information for all offices connected to an appliance will have more capacity than those that store a separate instance for each individual WAN link. Given these differences, two appliances with equal stated storage capacities may not perform identically over time on fat pipe networks.
High Flow Count. A high capacity WAN environment may generate tens of thousands of simultaneous flows through the course of normal operations. Artificial flow limits within a WAN acceleration device may prevent that device from reaching its stated WAN capacity. In addition, it may make it difficult to support a large number of remote offices connected to a single data center, as well as the ability to support thousands of simultaneous sessions across the WAN (e.g. data replication), as is often required on large WAN connections.
Application Breadth. To support the wide array of applications in a fat pipe environment, data reduction techniques should work on all types of traffic. This includes bulk TCP applications (file, email, web), UDP traffic (voice, video) and real-time traffic (SQL, Citrix, and data replication). To achieve this, the data reduction technology must be transport protocol agnostic, and add as little latency as possible.
Disk encryption. The only way to protect data stored in WAN acceleration appliances is with a proven method of disk encryption, such as AES. Dedicated processors help to ensure that disk encryption takes place at line rate, ensuring that data privacy does not come at the expense of performance and scalability.
Secure transport. IPsec is commonly used to protect data sent between appliances. Dedicated hardware ensures that the IPsec encryption process does not adversely impact the performance of WAN acceleration appliances.
Secure Access. Access to all WAN acceleration devices should be tightly controlled using TACACS+ and/or RADIUS. This ensures complete AAA protection, including user tracking and auditing per-command authorization, and group based authentication privileges. Enterprises can use their existing AAA / security infrastructure, eliminating the need to maintain separate databases for administrative passwords, credentials, and other security privileges.
Centralized Policy Engine: Large enterprise environments can greatly benefit from the ability to configure and enforce Access Control Lists (ACLs) and other advanced authentication policies from a central location. This includes "device authentication", whereby only valid WAN acceleration appliances are allowed on the network, and "connection authentication", whereby connectivity can only be established between trusted WAN acceleration devices (with approved IP addresses).
Advanced QoS: WAN acceleration appliances should honor existing tags (DSCP) and enables the creation and enforcement of new traffic management policies that can be applied per flow. For example, QoS policies can be configured by IP address, port range, application, and other commonly used parameters.
Silver Peak provides easy to use templates for enterprise-wide policies
Per-application optimization: Individual optimization techniques can be applied on a per-application basis for optimum network performance based on individual traffic characteristics. Stateful deep packet inspection can be employed to make intelligent acceleration decisions when handling applications that use ephemeral (i.e. temporary) ports, such as Voice over IP (VoIP) and FTP. When used in conjunction with port and flow based filtering schemes, WAN acceleration devices can provide granular control and applicability across the widest breadth of enterprise applications.
It is becoming increasingly difficult to manage information in today's enterprise.
These trends are placing an increased burden on the Wide Area Network, which is compounded as enterprises deploy larger WAN connections to keep pace with emerging IT demands. To satisfy these fat pipe environments, enterprises require WAN acceleration solutions that are designed to address performance, security and management without sacrificing enterprise scalability requirements. ENS
Jeff Aaron is director of product marketing at Silver Peak Systems. He can be reached at .
Copyright ©2003-2007 by Publications & Communications Inc. (PCI)