Features

A massive amount of traffic is traversing enterprise WANs, and the flow is growing rapidly. Among the reasons for this data deluge: consolidation of branch servers to cut costs and comply with the data protection requirements of regulations such as Sarbanes-Oxley; increasingly distributed project teams and workgroups collaborating using shared data and applications; globalization and the proliferation of the distributed enterprise; users’ need for immediate access to data from wherever they happen to be; centralized applications that perform poorly on WANs (e.g., Web-based applications, file sharing); and increased implementation of voice and video applications.

As a result, business applications–most of which were originally designed to run on LANs–suffer performance drop-offs when they encounter the larger data flows, bandwidth-constrained network links, latency-inducing satellite links and multihops, and globe-spanning distances characteristic of today’s WANs. Web-based protocols that are profligate in their bandwidth use can create additional performance problems.

Solutions on the market employ several strategies to make applications and services run faster and more efficiently over WANs. For example, data compression uses algorithms to reduce the number of data-segment bits that need to be transmitted, achieving ratios as high as 100:1. Data suppression keeps track of the data sent over a link and prevents unnecessary repetition.

Flow optimization uses parameters to improve the performance of TCP and other protocols that tend to slow traffic. Application proxies overcome latency by suppressing, localizing, bundling, forwarding or predicting the application-related communications that pass between devices. Application caching stores application-specific information that proxies can use to serve validated content to clients.

Each strategy addresses particular WAN performance issues, and an accelerator product may use one or more of them. These accelerator products can also potentially be implemented in three different places: on servers, at the desktops or in the network.

Determine transparency
Today’s primary and preferred implementation approach is as dedicated network-based devices. For these network-based devices, vendors typically offer standalone appliances or as integrated modules in multiservice infrastructure equipment.

Since so many application-acceleration solutions promise similar results, one useful way to differentiate them is to determine whether they are transparent to the network infrastructure. Many solutions are essentially nontransparent because they overlay a WAN optimization network on top of the existing network infrastructure.

The overlay network defines the best path for packets to take between accelerator devices. These static paths override the underlying network’s routing decisions.

A transparent solution determines data paths by using the underlying IP network. Transparent solutions may take advantage of additional network capabilities to discover accelerators throughout the infrastructure. The accelerator then checks for a peer accelerator in the path and transparently negotiates an optimization policy for the packets.

If no peer accelerator is discovered, the packets remain untouched. That transparency is preserved because both optimized and untouched packets remain readable to network services and contain the original Layer 3 and 4 information required for decision making by these services.

Proponents of the nontransparent, overlay network approach assert that the acceleration network provides application awareness (Layer 7 visibility) and packet-handling intelligence that the underlying network infrastructure intrinsically lacks. Some vendors also cite improved monitoring, reporting or security as benefits. They may offer additional quality of service (QoS) enhancements that are able to pick out business-critical applications and give them priority over more bandwidth-aggressive but less important applications.

Since an overlay network is managed separately, it can be administered by a different team than the one managing the main network, providing organizational flexibility. Because a nontransparent solution is independent of existing switches and routers, limited configuration changes are needed on those devices during implementation.

On the other hand, overlay networks govern only their own traffic, so they may be less than ideal for processing all the traffic on the shared network links and may not be aware of all the routing factors, such as link load balancing, asymmetric link bandwidth, link fail-over and flexible MPLS-based network topologies.

reasons against overlays
That means that QoS, security and other add-on features offered by these solutions may not be able to address all the traffic on the WAN, limiting their effectiveness. Also, there may be good reasons why an IT group may not want to adopt a proprietary QoS technology that replaces what they already have, especially if they are running voice over IP or other QoS-dependent services.

In addition, nontransparent solutions usually involve tunneling mechanisms that preempt the accelerated paths of the existing network. The tunnels hide certain packet header information that may be needed by existing services, including QoS, access control lists, firewalls, NetFlow monitoring and network-based application recognition. Some vendors claim to achieve transparency with peer auto-discovery features. These solutions help ease deployment and integration with routing dynamics, but do not necessarily solve the tunneling problems.

Proponents of the transparent approach, which integrates application acceleration within the logical infrastructure of the existing network, argue that since enterprises have expended considerable time, effort and money to perfect their infrastructures, implementing application acceleration that preserves the network’s routing capabilities and does not affect services makes sense.

Both modules and stand-alone devices are widely available. Choosing between them is largely a matter of weighing operational and cost considerations.

Deploying a simple overlay acceleration network may seem to be the easiest alternative, but such a bare-bones implementation will probably not yield the best results on a sophisticated enterprise WAN. Of course, “easy” does not necessarily equate to “seamless” or “scalable” when it comes to network operations.

In most cases, enterprises can expect to spend some time configuring and installing any solution they choose. One advantage of a transparent solution is that it can be rolled out in phases, rather than having to be implemented everywhere all at once.

A key factor is whether the prospect of tweaking existing routers or switches is more or less attractive than installing and managing a second, overlay network. Add to this “pain” assessment the possibility that services could be disrupted by a nontransparent approach that leaves the infrastructure equipment alone but proves invasive to operations. With some solutions, a business application will become unavailable if the accelerator goes down, even if the rest of the network is running normally.

As always, look before you leap. Conduct a thorough pre-install analysis beforehand, taking into account such things as whether the new solution will obscure necessary routing information, compromise existing security measures or disrupt traffic prioritization.

For more information from Cisco Systems:
www.rsleads.com/611cn-252