Problem solve Get help with specific problems with your technologies, process and projects.

WAN acceleration scalability: Part 2

Dr. David Hughes continues his discussion of the top considerations for scaling a WAN acceleration appliance. Here are numbers three through six: performance under load, hardware acceleration for encryption, breadth of application supported and QoS.

In Part I of this series, I began to discuss the top considerations for scaling a WAN acceleration appliance. I highlighted ways of verifying WAN throughput in an appliance, and illustrated how TCP flow limits can present a potential bottleneck.

Read the entire series
WAN acceleration scalability: 1

WAN acceleration scalability: 2

WAN acceleration scalability: 3
Here are four more scalability considerations:

3. Performance under load

Performance can vary based on the number of users and/or applications deployed in a network. If a WAN acceleration appliance does not have enough memory or disk space to support large environments, performance will start to degrade as the network grows. This often starts to occur well before stated throughput and flow limits are reached, and it worsens as the network continues to increase in size.

The right hardware platform can help ensure better performance under load. A 64-bit architecture, for example, will have more memory and disk space than older platforms, making it better suited to large environments. By using multi-core processors, appliances can achieve higher performance with increased memory addressability. In addition, while native 64-bit architectures enable physical and virtual memory to be directly addressed, 32-bit architectures can address only 4 GB of physical memory directly. This requires more complex memory de-referencing, which is substantially slower under heavy load.

4. Hardware acceleration for encryption

The last thing enterprises want to do is sacrifice security for the sake of application performance when they replace branch office servers with new WAN acceleration appliances. To overcome this issue, many vendors will employ encryption on their WAN acceleration devices. Encryption of local drives can protect data at rest, while technologies like IPsec can use encryption to protect data sent across the WAN. To perform data reduction and compression techniques on SSL traffic, the WAN appliance must securely become part of the trusted security domain, decrypt the SSL streams, optimize the traffic and then re-encrypt the traffic. This requires fast authentication, and high-speed encryption and decryption. Often these techniques are used together. For instance, it is very dangerous to store decrypted SSL content in-the-clear on a disk. So encrypting data at rest is a co-requisite for secure SSL optimization.

More on this topic
SSL or IPsec VPNs: Considerations for comparison
Encryption is very computationally intensive, which can have an adverse impact on the performance and scalability of a WAN acceleration appliance. Even if the WAN link is only a few Mbps (and within reach of software encryption), peak LAN bandwidth can be greater than 100 Mbps. In addition, WAN acceleration appliances often require several hundred Mbps of bandwidth to perform disk read and writes. As all of this traffic needs to be encrypted and decrypted, dedicated multi-Gbps security hardware co-processors are required to offload encryption functionality. This is the only way to ensure maximum throughput when encrypting network traffic, enabling a WAN acceleration solution to grow in a secure and reliable fashion. Even small branch office appliances can benefit from hardware acceleration for encryption to handle SSL acceleration and encryption of local data stores.

5. Breadth of application supported

The business case for WAN acceleration is often predicated on the number of applications being accelerated. When more applications are supported by a WAN acceleration solution, enterprises experience larger productivity gains. This makes it easier to justify investments in new WAN acceleration hardware and software.

The most scalable WAN acceleration solutions are designed to support new applications and future revisions of existing applications with minimal configuration. To achieve this, the following are required:

  • Transparency. When modifications are required to clients, servers, routers or the application itself, it becomes increasingly harder to support future revisions or new types of traffic. The most scalable WAN acceleration solutions are completely transparent to existing infrastructure.
  • Multi-protocol support. A WAN acceleration solution that supports only TCP-based applications will have less applicability across the enterprise than a solution that supports both TCP and UDP. The latter, for example, can be used to improve the performance of VoIP, video, disaster recovery and other applications.
  • Low latency. If a WAN acceleration solution imposes high latency on WAN traffic, it cannot be used for time-sensitive traffic. This limits its focus to bulk applications, such as file transfers and email.

More on WAN optimization
Application acceleration: An introduction to data reduction

The ABCs of WAN optimization

WAN optimization and bottlenecks: Is the WAN really the weakest link?

Optimizing WAN bandwidth for the enterprise
6. Quality of Service (QoS)

QoS is a key feature for scalability as it enables more applications to co-exist on a single network. In addition, it ensures that bandwidth is adequately distributed as more applications are vying for a shared limited resource.

Policing and traffic shaping are an indispensable part of any complete WAN acceleration solution. Even with drastic reductions in aggregate bandwidth consumption, there are still bursts of uncompressible data, so it is critical to guarantee bandwidth for enterprise critical applications. In a well-designed network, QoS will be managed at every potential bottleneck point. It is particularly important to implement QoS in the WAN acceleration appliance, as it is the only element that has both a pre- and post-optimization view of the traffic.

About the author:
Dr. David Hughes is CTO at Silver Peak Systems Inc., which he founded in 2004. He previously held senior architect positions at Cisco Systems Inc., StrataCom Inc., Blueleaf and Nortel Networks Ltd. He has a Ph.D. in packet network optimization.

This was last published in October 2006

Dig Deeper on WAN technologies and services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.