In Part I of this series, I began to discuss the top considerations for scaling a WAN acceleration appliance. I highlighted ways of verifying WAN throughput in an appliance, and illustrated how TCP flow limits can present a potential bottleneck.
3. Performance under load
Performance can vary based on the number of users and/or applications deployed in a network. If a WAN acceleration appliance does not have enough memory or disk space to support large environments, performance will start to degrade as the network grows. This often starts to occur well before stated throughput and flow limits are reached, and it worsens as the network continues to increase in size.
The right hardware platform can help ensure better performance under load. A 64-bit architecture, for example, will have more memory and disk space than older platforms, making it better suited to large environments. By using multi-core processors, appliances can achieve higher performance with increased memory addressability. In addition, while native 64-bit architectures enable physical and virtual memory to be directly addressed, 32-bit architectures can address only 4 GB of physical memory directly. This requires more complex memory de-referencing, which is substantially slower under heavy load.
4. Hardware acceleration for encryption
The last thing enterprises want to do is sacrifice security for the sake of application performance when they replace branch office servers with new WAN acceleration appliances. To overcome this issue, many vendors will employ encryption on their WAN acceleration devices. Encryption of local drives can protect data at rest, while technologies like IPsec can use encryption to protect data sent across the WAN. To perform data reduction and compression techniques on SSL traffic, the WAN appliance must securely become part of the trusted security domain, decrypt the SSL streams, optimize the traffic and then re-encrypt the traffic. This requires fast authentication, and high-speed encryption and decryption. Often these techniques are used together. For instance, it is very dangerous to store decrypted SSL content in-the-clear on a disk. So encrypting data at rest is a co-requisite for secure SSL optimization.
5. Breadth of application supported
The business case for WAN acceleration is often predicated on the number of applications being accelerated. When more applications are supported by a WAN acceleration solution, enterprises experience larger productivity gains. This makes it easier to justify investments in new WAN acceleration hardware and software.
The most scalable WAN acceleration solutions are designed to support new applications and future revisions of existing applications with minimal configuration. To achieve this, the following are required:
- Transparency. When modifications are required to clients, servers, routers or the application itself, it becomes increasingly harder to support future revisions or new types of traffic. The most scalable WAN acceleration solutions are completely transparent to existing infrastructure.
- Multi-protocol support. A WAN acceleration solution that supports only TCP-based applications will have less applicability across the enterprise than a solution that supports both TCP and UDP. The latter, for example, can be used to improve the performance of VoIP, video, disaster recovery and other applications.
- Low latency. If a WAN acceleration solution imposes high latency on WAN traffic, it cannot be used for time-sensitive traffic. This limits its focus to bulk applications, such as file transfers and email.
QoS is a key feature for scalability as it enables more applications to co-exist on a single network. In addition, it ensures that bandwidth is adequately distributed as more applications are vying for a shared limited resource.
Policing and traffic shaping are an indispensable part of any complete WAN acceleration solution. Even with drastic reductions in aggregate bandwidth consumption, there are still bursts of uncompressible data, so it is critical to guarantee bandwidth for enterprise critical applications. In a well-designed network, QoS will be managed at every potential bottleneck point. It is particularly important to implement QoS in the WAN acceleration appliance, as it is the only element that has both a pre- and post-optimization view of the traffic.
About the author:
Dr. David Hughes is CTO at Silver Peak Systems Inc., which he founded in 2004. He previously held senior architect positions at Cisco Systems Inc., StrataCom Inc., Blueleaf and Nortel Networks Ltd. He has a Ph.D. in packet network optimization.