Acc OS61 UG

Accelerator OS 6
Software Configuration Guide
Software version 6.1

Guide Version 1.0.0
Pub no. UG-1001

This guide is delivered subject to the following conditions and restrictions:
This guide contains proprietary information belonging to Expand Networks Inc. Such information is supplied solely for the purpose of
assisting explicitly and properly authorized users of the Expand product series.
No part of its contents may be used for any other purpose, disclosed to any person or firm or reproduced by any means, electronic, photo-
graphic or mechanical, without the express prior written permission of Expand Networks, Inc.
The text and graphics are for the purpose of illustration and reference only. The specifications on which they are based are subject to
change without notice.
The software described in this guide is furnished under a license. The software may be used or copied only in accordance with the terms
of that agreement.
Information in this guide is subject to change without notice. Corporate and individual names and data used in examples herein are ficti-
tious unless otherwise noted.
Copyright© 2004 Expand Networks Inc. All rights reserved.
AcceleratorOS™, Accelerator 00™, Accelerator 6800/6810/6920/6840/4800/4810/4820/4920/1800/1810/1820/1920™ and ECT™ are trademarks of
Expand Networks Inc.
Flex 2.5™ includes software developed by the University of California, Berkeley and its contributors. Copyright© 1990, The Regents of the
University of California. All rights reserved.
Other company and brand product and service names are trademarks or registered trademarks of their respective holders.
Terms and Conditions of Sale applicable federal, state, municipal and promptly pay all taxes and assessments
other government taxes (such as sales, upon the Products or use of the Products.
Please read these terms and conditions use and similar taxes), as well as import or
carefully before using the product. By customs duties, license fees and similar
using the product you agree to be bound charges, however designated or levied on Risk of Loss
by the terms and conditions of this the sale of the Products (or the delivery Risk of loss or damage to the Products
agreement. If you do not agree with the thereof) or measured by the purchase price
provisions of these terms and conditions, shall pass to the Purchaser upon delivery
paid for the Products. (Expand's prices set of the Products to the common carrier,
promptly return the unused products, forth on the front side of the invoice does regardless of whether the purchase price
manual, and related equipment (with proof not include such taxes, fees and charges.)
of payment) to the place of purchase for a has been paid in full. Unless advised
Unless otherwise specified, payment terms otherwise, Expand may insure the
full refund. are COD in United States Dollars. Expand, Products shipped to full value and all such
at its discretion, may require reasonable insurance costs shall be for the
advance assurances of payment through
Acceptance irrevocable bank letters of credit or
Purchaser's account. The Purchaser shall
inspect the Products immediately upon
These terms and conditions of sale otherwise. All unpaid invoices shall bear receipt and shall promptly file any
(“Terms and Conditions”) are the terms interest at an amount equal to 1-1/2% of applicable claims with the carrier when
and conditions upon which Expand the outstanding balance per month (or the there is evidence of damage during
Networks, Ltd. and its affiliates and maximum rate of interest allowed to be shipping.
subsidiaries (together “Expand“) make all contracted for by law, whichever is less),
sales. Expand will not accept any other commencing upon the date payment is
terms and conditions of sale, unless due. Expand shall have no continuing Warranty
Purchaser and Expand have executed an obligation to deliver Products on credit,
agreement that expressly supersedes and and any credit approval may be withdrawn Expand warrants to the purchaser for a
period of ninety (90) days from shipment
replaces these Terms and Conditions. by ExpandExpand at any time and without
that the products shall be free from defects
Acceptance of all purchase orders is prior notice.
expressly made conditional upon in material and workmanship and shall
perform in substantial conformance with
Purchaser's assent, expressed or implied,
to the Terms and Conditions set forth Title and Security Interest specifications published by Expand.
herein without modification or addition. Expand's obligations under these terms
Title to the Products shall vest in the and conditions shall be limited solely to
Purchaser's acceptance of these Terms Purchaser upon date of shipment of the Expand making, at Expand's cost and
and Conditions shall be indicated by Products to Purchaser. Expand shall retain
Purchaser's acceptance of any shipment of expense, such repairs and replacements as
a security interest in the Products until the are necessary to place the products in
any part of the items specified for delivery Products price and all other monies good working order and to conform the
(the “Products”) or any other act or payable hereunder are paid in full. The
expression of acceptance by Purchaser. products to Expand's published
Purchaser shall execute, upon request by specifications. This warranty is in lieu of
Expand's. acceptance is expressly limited Expand, financing statements deemed all other warranties, express or implied,
to the Terms and Conditions hereof in their necessary or desirable by Expand to
entirety without addition, modification or including without limitation, implied
perfect its security interest in the Products. warranties of merchantability and fitness
exception, and any term, condition or Purchaser authorizes Expand to file a copy for a particular purpose.
proposals hereafter submitted by of the invoice, these Terms and Conditions
Purchaser (whether oral or in writing) or a financing statement with the
which is inconsistent with or in addition to appropriate state authorities at any time Product Returns
the Terms and Conditions set forth hereon thereafter as a financing statement in order
is objected to and is hereby rejected by to perfect Expand's security interest. A Return of Products purchased hereunder
Expand. shall be governed by Expand's RMA
financing statement may be filed without
policies in effect on the date of the invoice.
Purchaser's signature on the basis of
Expand's invoice or these Terms and Expand reserves the right to modify or
Price and Payment Conditions where permitted by law.
eliminate such policies at any time. The
right to return defective Products, as
The Purchaser agrees to pay the purchase Purchaser shall keep the Products in good
price for the Products as set forth in order and condition until the purchase previously described, shall constitute
Expand's sole liability and Purchaser's
Expand's invoice on the date of price has been paid in full and shall
exclusive remedy in connection with any
installation. Purchaser shall bear all
claim of any kind relating to the quality, interest in and to the Software, including any other remedies which Expand may
condition or performance of any Product, associated intellectual property rights, are have, refuse to provide service on the
whether such claim is based upon and shall remain with Expand. Products under any applicable
principles of contract, warranty, negligence maintenance agreement relating to the
or other tort, breach of any statutory duty, Products then in effect between the parties
principles of indemnity or contribution, the Limitation of Liability at the time of the default.
failure of any limited or exclusive remedy In no event shall Expand be liable for loss
to achieve its essential purpose, or of profits, indirect, special, incidental, or
otherwise. In the event Expand issues a consequential damages (including, without
Indemnity
return authorization to Purchaser allowing limitation, loss of use, income or profits, Expand shall defend or settle any suit or
Purchaser to return Product to Expand, losses sustained as a result of personal proceeding brought against Purchaser
Purchaser will deliver the Product to injury or death, or loss of or damage to based on a claim that Products sold
Expand's address in the United States, if property including, but not limited to, hereunder constitutes an infringement of
so required by Expand, and Purchaser property handled or processed by the use any existing United States patent,
shall bear all applicable federal, state, or application of the products) arising out copyright or trade secret providing that
municipal and other government taxes of any breach of these Terms and Expand is notified promptly in writing and
(such as sales, use and similar taxes) as Conditions or obligations under these is given complete authority and
well as import or customs duties, license Terms and Conditions. Expand shall not be information required for the defense.
fees and similar charges, however liable for any damages caused by delay in Expand shall pay all damages and costs
designated or levied, on any replacement delivery, installation, or furnishing of the awarded against Purchaser, but shall not
Product to be shipped by Expand to Products hereunder. No action arising out be responsible for any cost, expense or
Purchaser. of any claimed breach of these Terms and compromise incurred or made by
Conditions or transactions under these Purchaser without Expand's prior written
Terms and Conditions may be brought by consent. If any Products is in the opinion
License Grant either party more than two years after the of Expand likely to or does become the
The Products, though primarily composed cause of action has accrued. Expand's subject of a claim for patent infringement,
of hardware components, contain software liability under these Terms and Conditions Expand may, at its sole option, procure for
that is proprietary to Expand or its shall in no event exceed the purchase the Purchaser the right to continue using
licensors. Expand hereby grants to price of the Products. the Products or modify it to become non-
Purchaser, and Purchaser accepts, a infringing. If Expand is not reasonably able
personal nonexclusive, nontransferable to modify or otherwise secure the
license to use the Program, in object code Default Purchaser the right to continue using the
form only, and the accompanying The failure of the Purchaser to perform its Products, Expand shall remove the
documentation (collectively referred to as obligations under these Terms and Products and refund the Purchaser the
the “Software”) only as authorized in these Conditions including but not limited to amounts paid in excess of a reasonable
Terms and Conditions. The Software is payment in full of the purchase price for rental for past use. Expand shall not be
licensed for Purchaser's internal use and the Products, or the filing of any voluntary liable for any infringement or claim based
the Software or any derivative or by- or involuntary petition under the upon use of the Products in combination
product of the Software may not be used Bankruptcy Code, insolvency, assignment with other Products or with software not
by, sub-licensed, re-sold, rented or for the benefit of creditors, or liquidation of supplied by Expand or with modifications
distributed to any other party. Purchaser the Purchaser's business shall constitute a made by the Purchaser.
agrees that Purchaser will not assign, default under these Terms and Conditions
sublicense, transfer, pledge, lease, rent, or and shall afford Expand all the remedies of
share Purchaser's rights under these a secured party under the Uniform
General
Terms and Conditions. Purchaser shall not Commercial Code. In the event of default, Expand shall not be liable for Expand's
copy, modify, reverse assemble, reverse Expand may, with or without demand or failure to perform or for delay in
engineer, reverse compile, or otherwise notice to Purchaser, declare the entire
translate all or any portions of the
performance of Expand's obligations
unpaid amount immediately due and under these Terms and Conditions if
Software. The Software and the payable, enter the premises where the
Documentation are proprietary to Expand such performance is prevented,
Products is located and remove it, and sell
and are protected under U.S. and any or all the Products as permitted under
hindered or delayed by reason of any
international copyright, trademark, trade applicable law. Expand may, in addition to cause beyond the reasonable control
secret and patent laws. All right, title, and of Expand. These Terms and
Conditions and the rights and duties of the State of New York. Each party Conditions may not be modified or
hereunder shall not be assignable by acknowledges that it has read, fully altered except by a written instrument
either party hereto except upon understands and agrees to be bound duly executed by both parties. If any
written consent of the other. by these Terms and Conditions, and provision of these Terms and
Purchaser agrees to pay to Expand further agrees that it is the complete Conditions shall be held to be invalid,
any reasonable attorney's fees and and exclusive statement of the illegal or unenforceable, the validity,
other costs and expenses incurred by agreement between the parties, which legality and enforceability of the
Expand in connection with the supersedes and merges all prior remaining provisions shall in no way
enforcement of these Terms and proposals, understandings and all be affected or impaired thereby. The
Conditions. These Terms and other agreements, oral and written, failure of either party to exercise in
Conditions and performance between the parties relating to the any respect any right provided for
hereunder shall be governed by and subject matter of these Terms and herein shall not be deemed a waiver
construed in accordance with the laws Conditions. These Terms and of any right hereunder.
NOTE: Means reader take note. Notes contain helpful sug-

gestions or references to materials not contained in this
manual
WARNING: Means reader be careful. In this situation, you might do something

that could result in equipment damage or loss of data.
IMPORTANT: Means reader do not proceed without

reading this information. Important notes contain critical
information about Accelerator details and functionality.
Open Source Provisions
The Software is accompanied by the following third party products: JfreeChart (Copyright 2000-2004, by
Object Refinery Limited. All rights reserved), Cewolf, and JBoss, which are subject to the GNU Lesser
General Public License (the “LGPL”), as published by the Free Software Foundation, Inc., 59 Temple Place,
Suite 330, Boston, MA 02111-1307 USA (or found at http://jasperreports.sourceforge.net/license.html#lgpl),
and the following terms:
Expand agrees, upon request to provide, at the cost of distribution only, a complete machine-readable copy
of the source code for JfreeChart, Cewolf, or JBoss software. This offer is valid for three (3) years from
installation of the Software.
The Software is accompanied by the following third party product: Apache Copyright © 1999-2004, The
Apache Software Foundation, which is subject to the Apache License Version 2.0 (found at
www.apache.org/licenses/LICENSE-2.0).
The Software is accompanied by the following third party product: TouchGraph Software: (Copyright ©2001-
2002 Alexander Shapiro. All rights reserved) developed by TouchGraph LLC (http://www.touchgraph.com/),
which is subject to the TouchGraph LLC. Apache-Style Software License.
The Software is accompanied by the following third party product: JavaMail, which is subject to the
following terms: Copyright 1994-2004 Sun Microsystems, Inc. All Rights Reserved
Neither the name of Sun Microsystems, Inc. or the names of contributors may be used to endorse or
promote products derived from this software without specific prior written permission.
This software is provided “AS IS,” without a warranty of any kind. ALL EXPRESS OR IMPLIED
CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
EXCLUDED. SUN MICROSYSTEMS, INC. (“SUN”) AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS
SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR
PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING
OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
You acknowledge that this software is not designed, licensed or intended for use in the design,
construction, operation or maintenance of any nuclear facility.
The Software is accompanied by the following third party product: AdventNet SNMP API 4 (Release 4.0.0),
which is subject to the following terms: Copyright (c) 1996-2002 AdventNet, Inc. All Rights Reserved. This
software may not be distributed in any modified form without the prior consent from AdventNet, Inc.
-6
2
RFC/Standard List for AcceleratorOS 6.0
Modules RFC /Standard #
Router Protocols
RIP 1058
RIPv2 1723, 2082
OSPFv2 2328, 2370
WCCP 3040
Router Polling 2096
Networking
Spanning Tree Protocol IEEE 802.1D
VLAN 802.1Q IEEE 802.1Q
HSRP 2281
VRRP 3768
SCPS ISO 15893:2000
CCSDS-714.0-B-1
MIL-STD-2045-44000
NetFlow 3954
Management
MIB-2 1213
Telnet COM port 2217
Telnet service 818
TFTP 1350
FTP 959
HTTP, HTTPS 2045, 2616, 2818
NTP 1361
SSH, SCTF, SFTP IETF drafts
Security
HMAC 2104 (HMAC), 2403(96),
2404 (96), 1321 (MD5)
HMAC 2404
MD5 Signing 1321
Radius 2138, 2865
TACACS+ 1492
HW
-7
Safety approvals UL 1950,
CAN/CSA C22.2,
EN60950/A4,
No. 950-95
EMC approvals FCC Part 15 Class B
EN55022:1998 Class B
EN55024:1998
IEC EN61000-4-2:1995
IEC EN61000-4-3:1995
IEC EN61000-4-4:1995
IEC EN61000-4-5:1995
IEC EN61000-4-6:1996
IEC EN61000-4-11:1994
IEC EN61000-3-2:2000
IEC EN61000-3-3:1995
CISPR16-1:1999
CISPR16-2:1999
ITU IEC 60950-1:2001, EN
60950-1:2001.
QMS ISO 9001:2000, EN 46001,
ISO 13485
Manufacturing ISO 9000
Environmental and Vibration ETSI EN 300019-2(1999-09),
tests ESTI EN 300019-2(1994),
Bellcore standard: GR-63-
ORE.
MTBF Telcordia (Bellcore)
-8
2
Chapter 1 Preface: Introducing the Accelerator
Features and Benefits ....................................................................................................... 2
Redefining Application Traffic Management ...................................................... 2
Next-generation WAN Compression ................................................................................ 3
Application-specific Acceleration ........................................................................ 3
Layer-7 QoS and Bandwidth Management ...................................................................... 5
Layer-7 Monitoring and Reporting ....................................................................... 5
Footprint for Value-Add Branch Office Features ................................................ 6
Rapid Deployment, Dependable Results ............................................................. 6
Maximum Uptime and Reliability ......................................................................... 6
The Accelerator Product Line ........................................................................................... 7
How the Accelerator Works .............................................................................................. 8
IP-Based Network .................................................................................................. 8
On-Path ...................................................................................................... 8
On-LAN ....................................................................................................... 9
Configuration and Management ....................................................................................... 10
Chapter 2 Installing the Accelerator

Checking the Accelerator Packing List ........................................................................... 12
Mounting the Accelerator .................................................................................................. 14
Performing Accelerator Hardware Installation ................................................................ 15
Inserting the Compact Flash ................................................................................ 15
Connecting the Network Cables .......................................................................... 16
On-LAN Setup Installation ........................................................................ 16
On-Path Setup Installation ....................................................................... 18
Connecting Out-of-band Management ................................................................ 19
Configuring Terminal Emulation ............................................................. 20
Connecting the Power Cord ................................................................................. 21
Turning on the Accelerator ................................................................................... 21
Working with Bypass Mode .............................................................................................. 22
Reviewing the Setup Checklist ......................................................................................... 23
Performing Setup via the LCD .......................................................................................... 25
Performing Setup via the WebUI ...................................................................................... 27
Studying The WebUI Menu ................................................................................... 28
Performing Setup via the Wizard ...................................................................................... 30
Configuring the Wizard ......................................................................................... 31
Defining Advanced Settings ................................................................................. 31
Setting Links via the Wizard ................................................................................. 32
Setting the Time ..................................................................................................... 35
Modifying the Password ....................................................................................... 35
Reviewing Wizard Configuration ......................................................................... 36
Modifying Basic Setup Configuration ................................................................. 37
Setting Routing Strategy .......................................................................... 38
Licensing the Accelerator ................................................................................................. 39
Performing Basic Setup via the CLI ................................................................................. 43
Sample CLI basic configuration ........................................................................... 43
Logging into the Accelerator ................................................................................ 44
Logging out of the Accelerator............................................................... 44
Configuring the Accelerator ................................................................................. 45
Entering Configuration Mode ................................................................... 45
Entering Interface Mode ........................................................................... 45
Setting a Device Name ............................................................................. 45
Setting an IP Address ............................................................................... 45
Setting a Default Gateway ........................................................................ 46
Setting the Deployment Type ................................................................... 46
Setting the Default WAN Bandwidth ....................................................... 46
Setting the Remote Device ....................................................................... 46
Setting the IP Address of the Remote Device ........................................ 46
Setting the Bandwidth to a Remote Device ............................................ 46
Setting the Link to Work with IPcomp ..................................................... 47
Setting the Link to Work with Router Transparency ............................. 47
Licensing the Accelerator ........................................................................ 47
Saving/Uploading the Basic Configuration ............................................ 48
Viewing Basic Configuration Settings .................................................... 48
Chapter 3 Preparing the Network Integration

Integrating the Accelerator into Your Network ............................................................... 50
Integrating into Standard Network ....................................................................... 50
Integrating into Networks that use Dynamic Routing ........................................ 51
Integrating into External QoS/Monitoring Devices ............................................. 52
Installing in Noisy Links’ Environments ............................................................. 53
Installing On-LAN at a Data Center ...................................................................... 55
Installing in a High Latency Environment ........................................................... 58
Installing in a Web-Intensive Environment ......................................................... 59
Using Advanced QoS ............................................................................................ 60
What is QoS? ............................................................................................. 60
How to Know what’s on Your Network ................................................... 60
How to Prioritize Applications ................................................................. 60
Chapter 4 Configuring Accelerator Networking

Optimizing the Network Topology .................................................................................... 64
Configuring Core Allocation ................................................................................. 64
Configuring Core Allocation via the CLI ................................................. 66
Taking into Account Network-Specific Considerations ..................................... 67
2
Defining WAN Setup .......................................................................................................... 69
Setting the Bandwidth ........................................................................................... 69
Configuring the WAN ............................................................................................ 69
Configuring Secondary IP Addresses ............................................................................. 70
Creating and Editing Links ............................................................................................... 71
Studying the Links Screen ................................................................................... 72
Adding Links .......................................................................................................... 72
Editing Links .......................................................................................................... 74
Adding and Editing Links via the CLI ...................................................... 76
Setting Subnet Routing ..................................................................................................... 77
Configuring Subnets Manually ............................................................................. 78
Editing a Subnet ........................................................................................ 80
Configuring Remote Subnets Manually .............................................................. 80
Configuring Subnets via the CLI .......................................................................... 82
Adding Static Routes ......................................................................................................... 83
Setting Dynamic Routing .................................................................................................. 84
Working with OSPF ............................................................................................... 85
Configuring OSPF ................................................................................................. 86
Configuring OSPF via the CLI .................................................................. 87
Working with Router Polling ................................................................................ 89
Configuring Router Polling via the CLI ................................................... 90
Working with RIP ................................................................................................... 92
Configuring RIP ..................................................................................................... 93
Configuring RIP via the CLI ...................................................................... 94
Enabling Packet Interception ............................................................................... 95
Setting WCCP on the Router .................................................................... 97
Configuring WCCP via CLI ....................................................................... 97
Setting the Accelerator’s Time ......................................................................................... 99
Configuring DHCP Servers ............................................................................................... 100
Activating DHCP Relay Agent .............................................................................. 100
Configuring an Accelerator to carry out DHCP Relay ........................... 101
Setting ExpandView Agent Parameters ........................................................................... 103
Studying Sample CLI Subnet Configuration Network .................................................... 104
Chapter 5 Monitoring the Network

Introduction to Monitoring ................................................................................................ 106
Working with Monitoring ................................................................................................... 107
Installing the JAVA Applet .................................................................................... 107
Using Verisign Security Certificate ...................................................................... 107
Studying The Monitoring Window ....................................................................... 109
Using Link Statistics and Graphs ..................................................................................... 111
Viewing Throughput Statistics per Link .............................................................. 111
Viewing Utilization Statistics per Link ................................................................. 112
Viewing Acceleration Statistics per Link ............................................................ 112
Understanding Acceleration .................................................................... 113
Viewing Compression Statistics per Link ........................................................... 114
Viewing Statistics per Link ................................................................................... 115
Discovering Traffic ............................................................................................................ 119
Viewing Detected applications ............................................................................. 119
Viewing Detailed Traffic Discovery ...................................................................... 120
Viewing Monitored Applications .......................................................................... 122
Discovering Layer-7 Applications ........................................................................ 123
Viewing Applications’ Statistics and Graphs .................................................................. 125
Viewing Throughput Statistics Per Application ................................................. 127
Viewing Utilization Statistics per Application ..................................................... 128
Viewing Acceleration Statistics per Application ................................................ 128
Viewing Compression Statistics per Application ............................................... 129
Viewing Bandwidth Distribution Statistics per Application .............................. 129
Monitoring Applications ....................................................................................... 130
Gathering Statistics for Detected Applications .................................................. 131
Viewing Summary Graphs ................................................................................................ 132
Viewing Ethernet Statistics ............................................................................................... 133
Via the WebUI ......................................................................................................... 133
Via the CLI .............................................................................................................. 134
Viewing Interface Statistics ...................................................................... 134
Viewing Interface Statistics per Specific Link ........................................ 134
Enabling L-7 Traffic Discovery ................................................................ 134
Viewing L-7 Traffic .................................................................................... 135
Viewing Application Statistics ................................................................. 135
Setting Applications as Monitored .......................................................... 135
Viewing Application Traffic ...................................................................... 135
Enabling Statistics History ....................................................................... 135
Clearing Statistics ..................................................................................... 136
Configuring NetFlow Support ........................................................................................... 137
Identifying the Traffic ............................................................................................ 138
Enabling NetFlow ...................................................................................... 138
Chapter 6 Applying QoS

Accelerator QoS ................................................................................................................. 142
Studying the QoS Solution ................................................................................... 142
Carrying Out Basic QoS Configuration ........................................................................... 144
Viewing My Applications ...................................................................................... 144
Creating New Applications ................................................................................... 146
Modifying Applications ......................................................................................... 154
Classifying Layer-7 Applications ......................................................................... 154
Creating Web Applications ................................................................................... 155
2
Creating Citrix Applications ................................................................................. 157
Setting Advanced QoS Parameters .................................................................................. 159
How QoS Works ..................................................................................................... 159
Understanding QoS Rules ........................................................................ 160
How Traffic Filtering is Applied ............................................................................ 161
How Traffic Shaping is Applied ............................................................................ 162
Studying QoS Bandwidth Allocation ....................................................... 162
Setting Inbound QoS ............................................................................................. 165
Creating QOS Rules .............................................................................................. 166
Editing QoS Rules ................................................................................................. 170
Making Decisions for Specific Applications ....................................................... 171
Troubleshooting ................................................................................................................. 173
Configuring QoS via the CLI ................................................................................. 174
Viewing Detected Applications ................................................................ 174
Creating a New Application ...................................................................... 174
Creating a Web Application ..................................................................... 174
Setting an Application to Accelerate/Not to Accelerate ........................ 174
Setting an Application to Tunnel/Not to Tunnel ..................................... 175
Filtering an Application Globally ............................................................. 175
Filtering an Application per Link ............................................................. 175
Setting the Application Criteria ............................................................... 175
Setting the Order for the Rule .................................................................. 175
Setting Minimum Bandwidth (Desired) ................................................... 176
Setting Maximum Bandwidth (Limit) ....................................................... 176
Prioritizing the Application ...................................................................... 176
Critical Application Pass-through ........................................................... 176
Setting Bursts for a Rule .......................................................................... 176
Setting the WAN to Work in Strict-priority Mode ................................... 177
Enabling Bursts ......................................................................................... 177
Configuring Aggregation Classes ........................................................... 177
Enabling Aggregation Classes per Link ................................................. 179
Setting Aggregation Limit ....................................................................... 179
Setting Aggregation Threshold ............................................................... 179
Setting Aggregation Window ................................................................... 180
Applying an Aggregation Class to an Application ................................. 181
Chapter 7 Optimizing Acceleration Services

Studying TCP Acceleration ............................................................................................... 184
Understanding the Shortcomings of TCP ........................................................... 184
Studying SCPS, Expand’s TCP Acceleration Solution ...................................... 187
Scaling the Transmission Windows ........................................................ 187
Computing Latency ................................................................................... 189
Configuring TCP Acceleration ............................................................................. 192
Enabling TCP Acceleration ...................................................................... 193
Setting Link Outage .................................................................................. 195
Configuring TCP via the CLI ............................................................................................. 196
Defining TCP Acceleration Settings .................................................................... 196
Enabling TCP Acceleration ...................................................................... 196
Setting the Typical Round Trip Time ....................................................... 196
Setting the Typical Acceleration Rate ..................................................... 197
Applying Global TCP Acceleration Settings to a Link ........................... 197
Setting Congestion Control ..................................................................... 197
Enabling/disabling Link Outage .............................................................. 198
Setting Acknowledge Rate Packet .......................................................... 198
Setting Acknowledge Rate Wait .............................................................. 198
Setting Acknowledge Timeout ................................................................. 198
Setting Send Window Size ....................................................................... 199
Setting Send Window Max Size ............................................................... 199
Setting Receive Window Size .................................................................. 199
Setting Receive Window Max Size .......................................................... 199
Setting Snack ............................................................................................ 200
Setting Snack Wait .................................................................................... 200
Setting Nagle ............................................................................................. 200
Configuring WAFS ............................................................................................................. 201
Using the CLI to Configure WAFS Transparency ............................................... 201
Enabling WAFS Transparency ................................................................. 201
Excluding certain servers from WAFS Transparency ........................... 201
Displaying the excluded servers’ list ...................................................... 202
Clearing the excluded servers’ list .......................................................... 202
Configuring WAFS Management Screen ......................................................................... 203
FileBank Categories .............................................................................................. 203
FileBank System .................................................................................................... 203
FileBank Services .................................................................................................. 204
Additional Services ............................................................................................... 204
FileBank Utilities .................................................................................................... 204
FileBank Director Categories ............................................................................... 205
FileBank Director System ..................................................................................... 205
File Services ........................................................................................................... 205
FileBank Director Utilities ..................................................................................... 206
Understanding DNS Acceleration .................................................................................... 207
Configuring DNS Acceleration ............................................................................. 207
Enabling DNS Acceleration ...................................................................... 207
Enabling DNS Transparency .................................................................... 208
Setting Query Timeout .............................................................................. 208
Clearing the Cache ................................................................................... 208
Adding Static Entries ................................................................................ 208
Deleting Static Entries .............................................................................. 208
2
Enabling TCP Service ............................................................................... 208
Setting Cache Size .................................................................................... 209
Setting Cache Server ................................................................................ 209
Disabling Cache Server ............................................................................ 209
Showing DNS Acceleration ...................................................................... 209
Understanding Web Acceleration .................................................................................... 210
Configuring WEB Acceleration via the WebUI .................................................... 211
Configuring HTTP Acceleration ............................................................... 211
Setting Advanced HTTP Parameters ....................................................... 212
Setting HTTP Acceleration Rules ......................................................................... 213
Configuring FTP Acceleration .............................................................................. 215
Configuring WEB Acceleration via the CLI ......................................................... 217
Setting Web Acceleration ......................................................................... 217
Clearing the Cache .................................................................................... 217
Viewing Web Acceleration Parameters ................................................... 217
Using Regular Expression in HTTP Acceleration/Caching ................... 217
Configuring HTTP Acceleration via the CLI ........................................................ 219
Enabling/Disabling HTTP Acceleration ................................................... 219
Configuring the Proxy Server IP and Port .............................................. 219
Specifying Directly Forwarded Requests ............................................... 220
Preventing the Caching of Specific Pages ............................................. 221
Configuring whether to Preserve the Client’s Original Source Port .... 222
Configuring Transparency Support ........................................................ 222
Setting the HTTP Port ............................................................................... 222
Setting Content to be Cached .................................................................. 223
Setting the Cache Size .............................................................................. 223
Setting the Maximum Object Size ............................................................ 223
Clearing the Cache .................................................................................... 223
Setting the Connection Timeout .............................................................. 223
Setting logs ................................................................................................ 224
Configuring FTP Acceleration via the CLI .............................................. 224
Enabling Citrix Acceleration ............................................................................................. 227
Chapter 8 Setting Advanced Parameters

Handling WANs .................................................................................................................. 230
Adding a WAN ........................................................................................... 231
Handling Interfaces ............................................................................................................ 232
Modifying Interface Speed and Duplex ................................................... 233
Working with VLAN ............................................................................................... 233
Setting VLAN ............................................................................................. 237
Creating Static ARP Entries .............................................................................................. 238
Adding Entries to the ARP Cache via the CLI ........................................ 238
Clearing the ARP Cache ........................................................................... 238
Defining Authentication Settings ..................................................................................... 240
Understanding Router Redundancy Protocols .................................................. 240
Configuring HSRP ................................................................................................. 243
Enabling HSRP Automatic Detection ...................................................... 243
Setting Manual HSRP Configuration ....................................................... 244
Autodetecting HSRP Groups ................................................................... 248
Setting HSRP Group Number ................................................................... 248
Configuring VRRP ................................................................................................. 249
Setting VRRP Group Number ................................................................... 251
Configuring DNS .................................................................................................... 251
Managing Links .................................................................................................................. 253
Setting Remote Subnets for the Links ................................................................ 260
Editing Existing Links ........................................................................................... 261
Using Dynamic Bandwidth ....................................................................... 262
Defining Link Settings ........................................................................................... 263
Assigning a Link to a WAN ...................................................................... 263
Setting a Link to Work in Large Cache Mode ......................................... 263
Enabling Packet Fragmentation .............................................................. 263
Enabling Packet Aggregation .................................................................. 264
Setting a Link to be Accelerated .............................................................. 264
Setting IPcomp Preservation ................................................................... 264
Forcing Tunneling ..................................................................................... 265
Including Checksum ................................................................................. 265
Sample Network Configuration ............................................................................ 266
Dial-on-Demand ................................................................................................................. 269
Configuring Dial-on-Demand ................................................................................ 269
Setting Keepalive Dialer ........................................................................... 269
Chapter 9 Configuring Management Options

Studying the ExpandView System ................................................................................... 272
Using Dynamic Network Map ............................................................................... 272
Simplifying WAN Optimization ............................................................................. 273
Generating Advanced Alerts for World-Class NOCs ......................................... 273
Enabling End-to-End WAN Performance Visibility ............................................. 273
Generating Proactive Reports for Network Provisioning .................................. 273
Defining Scalable QoS .......................................................................................... 274
Supporting the AcceleratorOS in ExpandView ................................................... 274
Updating ExpandView Server’s IP Address ........................................... 274
Enabling the ExpandView Server ............................................................ 275
Setting the ExpandView Server IP Address ........................................... 275
Setting the ExpandView Server Port ....................................................... 275
Displaying ExpandView Status ................................................................ 275
2
Using Out-of-Band Management ...................................................................................... 276
Disabling Bridging .................................................................................... 276
Setting an IP address for Eth 0 ................................................................ 276
Using CLI Configuration .................................................................................................... 277
Studying CLI Conventions .................................................................................... 277
Understanding Command Modes ........................................................................ 277
Getting Help ........................................................................................................... 278
Entering Configuration Mode ................................................................... 279
Accessing Configuration Options ....................................................................... 280
Customizing the CLI .............................................................................................. 281
Applying the Banner ................................................................................. 282
Logging into the Accelerator via SSH .............................................................................. 283
Using SNMP ........................................................................................................................ 284
Configuring SNMP via the CLI .............................................................................. 284
Enabling SNMP .......................................................................................... 285
Enabling SNMP Traps ............................................................................... 285
Setting SNMP Trap Community ............................................................... 285
Setting SNMP Read Community .............................................................. 285
Setting SNMP Version 3 Authentication ................................................. 285
Receiving Log Error Messages ........................................................................................ 287
Sending Updates to a Syslog Server ................................................................... 287
Sending Updates via Email ................................................................................... 290
Chapter 10 Using the Accelerator Tools

Upgrading the AcceleratorOS Software .......................................................................... 294
Upgrading via the CLI ........................................................................................... 295
Using the Configuration Tools ......................................................................................... 296
Using Configuration tools via the CLI ................................................................. 297
Using the General Tools .................................................................................................... 299
Pinging via the WebUI ........................................................................................... 300
Sending a Ping via the CLI ....................................................................... 301
Sending a Traceroute Packet ............................................................................... 301
Sending a Traceroute via the CLI ............................................................ 301
Rebooting the Accelerator via the WebUI ........................................................... 301
Gathering Statistics for Technical Support ........................................................ 302
Viewing Technical Support Statistics ..................................................... 302
Managing User Files .......................................................................................................... 303
Viewing System Information ............................................................................................. 304
Chapter 11 Security
Studying the AcceleratorOS AAA .................................................................................... 306
Configuring AAA via the WebUI ....................................................................................... 308
Configuring Users ................................................................................................. 309
Deleting Users ........................................................................................... 310
Setting Authentication Preferences ..................................................................... 310
Setting Authentication Servers ................................................................ 311
Setting the Authentication Method .......................................................... 312
Defining the Security Settings ............................................................................. 313
Configuring AAA via the CLI ............................................................................................. 314
Configuring the Radius Server ............................................................................. 314
Configuring the TACACS Server .......................................................................... 315
Configuring Authentication .................................................................................. 315
Configuring Users’ Accounts ............................................................................... 315
Viewing AAA Configuration .................................................................................. 316
Auditing Administration Activities ................................................................................... 319
Locking/unlocking the Keypad ......................................................................................... 320
Setting the Keypad Lock Definitions ................................................................... 321
Defining Other LCD Settings ................................................................................ 322
Turning Bypass On
Locking the Keypad .................................................................................. 322
Unlocking the LCD .................................................................................... 323
Locking the LCD ........................................................................................ 323
Setting the LCD Unlock Sequence .......................................................... 323
Chapter 12 Troubleshooting
Carrying out the Troubleshooting Procedure ................................................................. 326
Recovering the Password ................................................................................................. 327
Checking the Event Log .................................................................................................... 328
Checking Info Events ............................................................................................ 328
Checking Warning Events .................................................................................... 328
Checking Error Events .......................................................................................... 328
Checking Fatal Events .......................................................................................... 329
Studying Log Message Formats .......................................................................... 330
Using the Show Tech-Support Command ....................................................................... 331
Checking the Link Status .................................................................................................. 332
Checking Ethernet Settings .............................................................................................. 334
Checking Lack of Acceleration ......................................................................................... 337
Accessing Remote Devices .................................................................................. 337
2
Checking Link Malfunction ............................................................................................... 338
Checking for Corrupted Terminal ..................................................................................... 339
Checking HSRP Malfunction ............................................................................................. 340
Checking QoS Malfunction ............................................................................................... 341
Appendix A NetFlow Monitored Statistics

Template Fields .................................................................................................................. 352
Full Template ......................................................................................................... 352
Long Template ....................................................................................................... 352
Short Template ...................................................................................................... 352
Appendix B Pre-Defined Applications
Appendix C Accelerator Integration

Acceleration and Citrix Traffic .......................................................................................... 366
Disabling Citrix NFuse Compression .................................................................. 367
Disabling Citrix Encryption and Compression ................................................... 368
Defining Settings on the Server ............................................................... 368
Setting/checking ICA or RDP listener traffic .......................................... 368
Speed Screen Latency Reduction Manager ........................................... 372
Defining Settings on the Client ............................................................................ 373
Turning Compression off in the PNAgent Client ................................................ 375
Understanding the PNA Problem ............................................................ 375
Resolving the PNA Problem ..................................................................... 375
Identifying Citrix Layer-7 Applications ................................................................ 376
Configuring NetFlow .......................................................................................................... 378
Studying Traffic Measurement ............................................................................. 378
Studying Traffic Monitoring .................................................................................. 379
Configuring Accelerator NetFlow ........................................................................ 380
Disabling Compression on SAP ....................................................................................... 381
Calculating Acceleration Figures with an Application other than ExpandView .......... 383
Appendix D System Specifications

Accelerator 6800 Series .................................................................................................... 386
Accelerator 6900 Series .................................................................................................... 387
Accelerator 1800/4800/4900 Series .................................................................................. 388
Appendix E MIME Types

Application ......................................................................................................................... 390
Audio ................................................................................................................................... 401
Image ................................................................................................................................... 403
Message .............................................................................................................................. 405
Model ................................................................................................................................... 406
Multipart .............................................................................................................................. 407
Text ...................................................................................................................................... 408
Video ................................................................................................................................... 409
Appendix F Contacting TAC
Appendix G Glossary
A .......................................................................................................................................... 413
B .......................................................................................................................................... 414
C .......................................................................................................................................... 414
D .......................................................................................................................................... 415
E ........................................................................................................................................... 415
H .......................................................................................................................................... 415
I ............................................................................................................................................ 416
J ........................................................................................................................................... 417
L ........................................................................................................................................... 417
M .......................................................................................................................................... 417
N .......................................................................................................................................... 418
O .......................................................................................................................................... 418
P ........................................................................................................................................... 419
Q .......................................................................................................................................... 420
R .......................................................................................................................................... 420
S ........................................................................................................................................... 421
T ........................................................................................................................................... 422
U .......................................................................................................................................... 423
V ........................................................................................................................................... 423
W .......................................................................................................................................... 424
2
Appendix H Index
1
1 Preface: Introducing the Accelerator
Expand Networks’ Accelerator is the ideal Application Traffic Management System for
ensuring optimal application performance over the WAN. The Accelerator is a Layer-3
WAN device that dramatically improves application response times through a
combination of bandwidth compression, Layer-7 QoS and acceleration plug-ins for
specific applications.
This chapter includes:
Features and Benefits, on page 2.
Next-generation WAN Compression, on page 3.
Layer-7 QoS and Bandwidth Management, on page 5.
The Accelerator Product Line, on page 7.
How the Accelerator Works, on page 8.
Configuration and Management, on page 11.
C h a p te r 1 P. 1
P re fa c e : I n t ro d u c i n g t h e A c c e l e r a t o r
1
Features and Benefits
The Accelerator’s new and improved algorithms provide the highest WAN compression
performance available, in an easy to install package that fits seamlessly into various
network topologies such as MPLS, QoS clouds, Noisy networks, High BER networks,
Load balanced networks, and networks experiencing many out-of-order errors.
Redefining Application Traffic Management

The Accelerator takes application traffic management to the next level by reducing
WAN costs and improving application performance. In addition to bandwidth
compression capabilities, the Accelerator provides a rich set of features that improve
application response times and provide Layer-7 visibility and control tools, which enable
network managers to align network resources with business priorities. Acceleration of
application response times is achieved through next-generation WAN compression,
application-specific acceleration, Layer-7 QoS capabilities and sophisticated monitoring
and reporting.
2 AcceleratorOS 6.1 User Guide

1
Next-generation WAN Compression
The Accelerators’ bandwidth expansion algorithms provide an effective alternative to
WAN upgrades with a 3 to 9 month ROI.
Typical capacity gains of 100% to 400%+ additional capacity, peaks of 1000%+
Combination of byte-level caching, packet header reduction and adaptive packet
compression.
High performance, low latency algorithms
Packets incur a maximum of 1 millisecond latency passing through the device.
100% lossless, works on all applications.
Supports up to 350 remote sites and 45 Mbps in a single device.
Unique On-LAN deployments enable rack-and-stack above 350 sites and 45 Mbps.
Verified in over 27,000 production installations.
Network transparent RTM (Router Transparency Mode) enables 100% IP header
preservation ensuring guaranteed compatibility with any kind of WAN device. RTM also
preserves Layer 4 for TCP & UDP traffic.
Dynamic routing enables effortless installation even in complex networks that use OSPF,
RIP and other routing protocols.
Application-specific Acceleration
Application-specific acceleration is a breakthrough approach that works in combination
with next-generation compression for improving application response times.
Improves application response times by 100% to 400%, peaks of 1000%+
Extensible architecture based on application acceleration plug-ins for additional application
support
TCP acceleration enables TCP transfer speeds in excess of WAN link speed, even
under challenging latency and packet loss conditions. The TCP acceleration plug-in is
standards-based, meeting the SCPS standard (www.scps.org) that was developed by
NASA and the DoD for performance optimization in high latency links.
HTTP acceleration provides faster web application response times for chatty HTTP
transactions by eliminating repetitive download of frequently accessed objects, applets,
and so on.
FTP acceleration provides faster response times due to elimination of long FTP
transactions by keeping local copies of frequently accessed files.
HTTP acceleration enables compression of encrypted traffic by accelerating and
encrypting traffic to the client browser, and ensures faster response times from secure
application servers by optimizing TCP connections to browsers and web servers.
Chapter 1 3
P r e f a c e : I n t r o d u c i n g t h e A c c e l e ra to r
1
The Accelerator's full-scale WAFS and CIFS acceleration optimizes file access over
the WAN, solving remote server data access from the data center over the WAN.
Server consolidation is made possible without paying the price in WAN application
performance. Expand’s enhanced WAFS offering addresses the key performance,
availability and management issues raised by server consolidation:
LAN-like application performance: With Expand’s acceleration architecture a
replicated copy of the file is kept in the remote cache, thereby maintaining LAN-like
performance for file transfers.
Virtual-Server: Expand’s enhanced WAFS offer retains critical remote branch system
services such as: DNS, DHCP, and print.
Addressing ‘WAN-Outs’: In the event of a network outage, remote users can continue
working because files are served from a local cache.

1
Layer-7 QoS and Bandwidth Management
The Accelerators’ Instant QoS functionality stops bandwidth abuse, guarantees
network resources for critical applications like VoIP and lets network managers
prioritize network applications according to business objectives.
Low operational cost QoS solution, Layer-7 application discovery
Easy to set-up – Instant QoS Maximum flexibility for advanced users
QoS can be applied for both inbound and outbound traffic
Bandwidth limits: desired, maximum
Burst-ability control
Strict priority for real-time traffic
Shaping with High, Medium, Low
Discard rogue applications
Packet fragmentation assures VoIP/video latency budget
Integrates with existing environments
Mark, honor and preserve QoS based on application or QoS markings
Extensible architecture
Additional application classification
QoS troubleshooting/diagnostics mode
Layer-7 Monitoring and Reporting

The Accelerators and the ExpandView stand-alone Application Traffic Management
System provide powerful monitoring and graphical reporting for full application-level
visibility and cost-effective end-to-end network management.
Automatic application detection with hundreds of predefined classes. Dozens of historical
and real-time reports for WAN and links
Throughput, performance, acceleration
Applications and hosts
Throughput, performance, acceleration
System-wide, per link, Peer, IP subnet, application Inbound and outbound user
customizable
Complex rules available for the advanced user including nested rules, order matching,
and so on
Export and print functions
End-to-end view with ExpandView
Chapter 1 5
1
Footprint for Value-Add Branch Office Features
The Accelerators offer much more than just a bandwidth increase. These intelligent
devices deliver a branch office platform that consolidates multiple devices.
Full NetFlow compliance replaces the need for costly probes
Open architecture for future enhancements
Rapid Deployment, Dependable Results

With minimal configuration and no network architecture changes.
2 minute configuration via front panel keypad
Up and running in minutes with environment auto-detection
Easy-to-use WebUI and central deployment stations
Familiar Cisco-like CLI minimizes staff retraining
Secure management with HTTPS, SSH, SNMP (v1/v2c/v3)
Integrates with existing user authentication and administration systems
RADIUS, TACACS+, and Windows Directory
Validated in over 1,000 enterprise and service provider networks
Maximum Uptime and Reliability

The Accelerators’ resilience features and standards-based implementation guarantee
unsurpassed uptime and availability.
Network integrity preserved with standards-based implementation, HSRP/VRRP failover
External flash card for effortless device swap-out (for non hard drive-based models)
Switch-to-wire and software watchdogs assure zero network downtime
Remote access never compromised
Out-of-band management
Network integrity preserved with standards-based implementation
IPComp tunnels
Router Transparency Mode
SCPS for TCP Acceleration
SNMP for device management
NetFlow probe

1
Th e A c c el e r a t o r P r o d u c t L i n e
The Accelerator product line consists of the Accelerator 6800/6900 Series devices, the
Accelerator 4820/4920 devices, and the Accelerator 1820 devices, as follows.
Small Branch Office Large Branch Office/ Large Data Center
Regional Data Center
Accelerator 4920 Accelerator 6910 Accelerator 6940
256 Kbps to 2 Mbps 2 Mbps to 10 Mbps 2 Mbps to 20 Mbps
10 remote sites 50 remote sites 200 remote sites
160 GB Hard Drive 500 GB Hard Drive 500 GB Hard Drive
Capacity Capacity Capacity
256 Kbps to 6 Mbps 2 Mbps to 10 Mbps 2 Mbps to 20 Mbps
64 Kbps to 256 Kbps 256 Kbps to 6 Mbps 256 Kbps to 6 Mbps
160 GB Hard Drive
Capacity
Accelerator 6830 Accelerator 6930
2 Mbps to 15 Mbps 2 Mbps to 15 Mbps
200 remote sites 200 remote sites
500 GB Hard Drive
Capacity
Chapter 1 7
1
How the Accelerator Works
Accelerators can be deployed in any network environment, whether the WAN is a
private line, frame relay, VPN, IP, ATM, xDSL, ISDN, wireless local loop, or satellite.
Accelerators can be connected on the LAN side of the router. Some of the
Accelerator’s benefits can be realized with no far-end Accelerator.
IP-Based Network
In an IP network, you can position the Accelerator on the LAN-side of the router or
directly on the LAN.
The Accelerator can be located either On-Path or On-LAN.
On-Path
On-Path configuration places the Accelerator between the LAN and the router on both
sides of the IP network. The data from the LAN segment passes through the
Accelerator that performs traffic optimization, including compression and QoS, before
the data reaches the router. See the sample On-Path application in the following figure.
In this configuration, internal-bypass circuitry ensures the Accelerator fails-to-wire,

enabling invisible protection of the network in the unlikely event of failure. If the
Accelerator fails-to-wire, traffic will continue passing, but will not be accelerated (bypass
mode).

1
On-LAN
On-LAN configuration places the Accelerator directly on the LAN as a host. The
Accelerator becomes the next hop for traffic on the LAN destined to the WAN. The
accelerated data is redirected to the far-end Accelerator (On-LAN or On-Path) where it
is reconstructed before it reaches its destination IP address.
Usually, one Accelerator is installed on the LAN segment, as shown in the following
figure.
However, if resilience is to be enhanced, you can install two or more Accelerators for
redundancy purposes.
The most common configuration involves creating two links (two Accelerators), one of
which is assigned a higher priority (metric - ranging from 11 to 10,000), so it will be
used as the default link for the connection. If this link fails, traffic switches to the other
link.
If all transparent Proxy services (such as HTTP acceleration or TCP acceleration) are
disabled, you can assign ingoing traffic through one link and outgoing traffic through
the other link. However, if such services are enabled, this setting will not work and
sessions will be disconnected.
Chapter 1 9
1
Another optional configuration is shown below:
In this configuration, Hot Standby Routing Protocol (HSRP) or Virtual Router

Redundancy Protocol (VRRP) enables the Accelerator to take part in HSRP/VRRP
groups with available routers or Layer-3 switches (or even other available Accelerators)
to provide backup in the rare case of Accelerator failure. If the Accelerator fails-to-wire,
traffic will continue passing, but will not be accelerated (bypass mode).
NOTE: If any of these components are missing, please contact

us as soon as possible.
For more information about resilience, see section
Understanding Router Redundancy Protocols, on
page 240.

1
Configuration and Management

You can configure and monitor the AcceleratorOS via a user-friendly Web User Interface
(WebUI). The WebUI is accessible from Microsoft Internet Explorer via the HTTP
protocol or the secured HTTPS protocol. Console-based administration can be
accomplished using a directly connected terminal or terminal software using a serial
connection, a Telnet session, or a secured SSH-based connection. You can carry out
initial configuration by using the front-panel LCD.
The Accelerator operating system, AcceleratorOS, provides a wide range of
management features.
Like most networking equipment, the Accelerator requires some basic initial configuration in
order to function. This configuration is performed locally by using the front-panel LCD, or an
RS-232 console, Telnet console or browser-based management console, and includes
specifying the Accelerator’s IP address. The initial configuration also involves defining
passwords, and the time and date at the Accelerator site. The Accelerator’s user-friendly
Installation Wizard will guide you through the steps necessary to get your Accelerator up
and running.
For Quick Installation Instructions see the Accelerator Quick Installation Guide.
A c c e l e r a t o r O S U s e r G u i d e 11
12 AcceleratorOS User Guide
2
2 Installing the Accelerator
Accelerator installation is accomplished in two parts: Hardware Installation and
AcceleratorOS Software Setup.
This chapter describes the procedures used for installing the Accelerator, connecting
the required cables and inserting the Compact Flash card (for non hard drive-based
Accelerator models), and includes the following sections:
Checking the Accelerator Packing List, on page 12, lists the components supplied in
the Accelerator package.
Mounting the Accelerator, on page 14, describes how to install the Accelerator in a
rack or on a tabletop.
Performing Accelerator Hardware Installation, on page 15, describes how to connect
the required cables for the Accelerator in order to complete the hardware installation.
C h a p te r 2 P. 11
I n s ta l l i n g t h e A c c e l e r a t o r
2
Checking the Accelerator Packing List
Before beginning the hardware installation, open the package and check that the
following components are included:
Accelerator As ordered
Accessories Box Includes the following:
Ethernet Interface One straight and one
cables crossed Ethernet
cable (180 cm, 71")
Console Cable For connecting the
console port to a
console terminal
Power cord(s) Fitted with the
appropriate power
connector for your
area (US, Europe, UK,
or Rest of World) or
with no connector
(170 cm, 67")
Installation brackets For mounting in a
standard 19" rack
Small screws For rack mount
installation, plus spare
screws
Software License
Agreement
Documentation CD Contains Accelerator
documentation

2
Quick Installation Basic Accelerator
Guide configuration for
technicians already
familiar with
Accelerator
configuration
Compact Flash Contains
(present only in AcceleratorOS
packages of non hard software
drive-based
Accelerators)
If any of these components are missing, please contact your Expand Networks’
partner.
Chapter 2 13
I n s t a ll i n g t h e A c c e l e ra to r
2
Mounting the Accelerator
The Accelerator can be either rack-mounted or placed on a tabletop. The Accelerator
package includes brackets to enable rack-mounting of the device.
To rack mount the Accelerator:
1. Attach one bracket to each side of the
Accelerator by using the screws provided for
each side.
2. Use the rack mounting screws to attach the
Accelerator to the left and right sides of the rack.

2
Performing Accelerator Hardware Installation
While the installation steps vary slightly for each different model of the Accelerator, the
basic procedure is as follows:
1. Inserting the Compact Flash (start from this step only if you are installing a non
hard drive-based Accelerator; otherwise, start from “Connecting the Network
Cables”).
2. Connecting the Network Cables
3. Connecting Out-of-band Management
4. Connecting the Power Cord
5. Turning on the Accelerator
Inserting the Compact Flash

Insert the Compact Flash card into the Accelerator’s rear panel by lining up the arrow on
the Compact Flash card with the arrow on the Accelerator.
Warning: The Accelerator MUST be off when the Compact Flash

card is inserted!
1820/4820/4830
6810/6830//6840
Chapter 2 15
2
Connecting the Network Cables
Network Cable connection is accomplished differently depending on where the
Accelerator is installed: On-LAN or On-Path.
On-LAN Setup Installation

Connect the Ethernet Port to the hub or switch by connecting the straight cable (the green
cable) to Ethernet port 0.
Connect the other side of this cable to the LAN segment (hub or switch).
Accelerator 1820/4820/4920
Accelerator 4830/4930

2
Chapter 2 17
2
On-Path Setup Installation
Connect the supplied straight cable with the green connector to the corresponding green
Ethernet port 0/0.
Connect the other side of this cable to the LAN (switch or hub).
Connect the supplied orange cross-over cable to corresponding orange Ethernet port 0/1.
Connect the other side of this cable to the router’s Ethernet port.

2
Connecting Out-of-band Management

You can connect the Accelerator for out-of-band management either via the Console or
by connecting a network or device to the Ethernet 0 port.
Configure your terminal emulation as described in section Configuring Terminal
Emulation, on page 20
Chapter 2 19
2
Configuring Terminal Emulation

Configure your terminal emulation as follows:
9600 baud; 8 data bits; no parity; 1 stop bit; no flow control.
The console should be configured with default values as shown in the HyperTerminal™
example:
To connect via the Ethernet 0 port, connect a standard Category 5 Ethernet cross-over
cable (not provided) to the Accelerator’s Ethernet 0 port. Connect the other side to a PC.

2
Connecting the Power Cord
When all interface connections are established, you can connect the Accelerator to the
AC power supply.
Connect the power cord to the power socket, and then plug the other side of the cable into
the wall power supply.
Warning: If the Accelerator is connected to a Hub, ensure that the

Accelerator is not configured to full duplex
Turning on the Accelerator

The Accelerator 4830/4930/6810/6910/6830/6930 devices have an internal power switch,
which is set by default to “On” position, so that it turns on immediately when the power
cord is connected. However, you can change this power switch to the “Off” position.
To power on the Accelerator 4820/4920 and 1820 devices, after connecting the power
cord, press the Power button.
Chapter 2 21
2
Working with Bypass Mode
When working in On-Path mode, the Accelerator can work in bypass mode to enable
transparent data transmission in the unlikely event of Accelerator failure. The move to
bypass mode is carried out automatically by the bypass switch on the Accelerator. In
addition, all models support invoking the bypass mode through the CLI.
Warning: When bypass is enabled you will lose connectivity to the

CLI/WebUI, unless Out-of-Band management is used.

2
Reviewing the Setup Checklist
Completing the following checklist will ensure that you have all information necessary
to complete Accelerator setup:
Network Checklist Information Needed For more
information see:
What are the port Speed: 10/100/1000
settings of the Duplex: Half / Full
devices that will be
attached to the
Accelerator (switch/
router)?
What is the IP IP Address:
address of the
Default Gateway?
What will the IP IP Address: Performing Setup via
address of the Subnet the Wizard, on page
Accelerator be? Will Secondary (up to 10): 30.
there be secondary VLAN:
IP addresses or
VLAN IP Addresses?
Does this Accelerator Subnet: Setting Subnet
have more than one Acc IP Address: Routing, on page 77.
subnet in its network? Subnet:
Acc IP Address:
Subnet:
Acc IP Address:
Do you have HSRP Yes: HSRP / VRRP Configuring HSRP, on
or VRRP configured? (circle one) No page 243.
Do you have OSPF Yes / No Configuring OSPF via
configured? If yes, OSPF Area ID: the CLI, on page 87.
or IP address:
Do you have RIP Yes / No Configuring RIP via
configured? Version: 1/2 the CLI, on page 94.
If yes, RIP
Authentication:
IP address of remote IP Address: Performing Setup via
Accelerator? the Wizard, on page
30.
Chapter 2 23
2
Network Checklist Information Needed For more
information see:
WAN bandwidth? Performing Setup via
the Wizard, on page
30.
Does your network Yes / No Working with VLAN,
include VLAN 802.1q on page 233.
trunking?
Does your network Yes / No Encapsulation, on
use external traffic page 33.
monitoring software
on the router?
Do you have any ToS MPLS, on page 67.
implementation? Yes / No ToS, on page 258.
MPLS? Yes / No
Diffserv? Yes / No
Any kind of
applications that Yes / No
modify the ToS field?
Do you currently use Yes / No Using SNMP, on page
SNMP? If Yes, what is the 284.
community name?
Do you currently Yes / No Enabling SNMP
collect SNMP traps? If Yes, what is the IP Traps, on page 285.
address of the trap
receiver?
Do you currently use Yes / No Sending Updates to a
a Syslog server? If Yes, what is the IP Syslog Server, on
address of the Syslog page 287.
Daemon?
Do you currently use Yes / No Configuring NetFlow
NetFlow? Support, on page
137.
Does your network Yes / No Studying TCP
have high latency If yes, enable TCP Acceleration, on page
lines above 40 ms? Acceleration 184.

2
Performing Setup via the LCD
Accelerator configuration is made simple with the 1820/48204830/4930/6830/6930/
6840/6940 front-panel LCD.
AcceleratorOS v6.xx should be displayed, where xx is the maintenance release
number (for example 6.10) in addition to a status display (Ready, Bypass, or various
error messages) press Enter to start configuration.
To navigate between the fields:
Refer to these steps:
Press the right/left arrows until the cursor is below the
word/value you want to select or change.
Press the up/down arrows to value of numbers.
Press Enter to navigate to the next screen.
Enter setup by making sure the cursor is under Setup and
pressing Enter.
Setup
Local IP
Subnet Mask
Default Gateway
When asked if you want to save the setup, select Yes or No and press Enter.
Chapter 2 25
2
At this point, management can be performed via the Accelerator’s Web UI, via the CLI,
Telnet, SSH, or via ExpandView - Centralized Management. To work with ExpandView,
you will need to define the ExpandView server IP address via the CLI.
For other LCD settings, see section Locking/unlocking the Keypad, on page 320.

2
Performing Setup via the WebUI
The Accelerator’s Web User Interface (WebUI) provides you with a user-friendly
interface for configuring the Accelerator.
To access the WebUI:
1. The Accelerator comes preconfigured with the IP
address: 10.0.99.99 255.255.255.0
If no other IP address was assigned via the LCD,
use this default address to access the
Accelerator.
If the Accelerator is connected directly to a
management PC, ensure that you set the PC to
the same subnet as the Accelerator’s IP address
2. In the Address field of your web browser, input
the Accelerator’s IP Address.
Alternatively, the Accelerator WebUI supports
access via Secure HTTP, by typing https:// before
the Accelerator IP address.
3. The Accelerator’s WebUI will open and prompt
you to log in to use the WebUI.
When prompted, log in to the Accelerator by entering a user name and
password. The default user name and password (both case sensitive)
that must be used on initial login are as follows:
user name: expand
password: Expand
The first time you access the WebUI, the Setup Wizard will
automatically open and guide you through the steps of basic
Accelerator configuration.
Chapter 2 27
2
Studying The WebUI Menu
The following buttons, which are common to all WebUI menu screens, let you carry out
basic operations as follows:
Setup Wizard Click the Setup Wizard link at any time to open
the Setup Wizard.
Write Click the Write link at any time to write the

current configuration.
Change Password Click the Change Password link at any time to

modify your login password. The password is
case sensitive but the number of characters is
not limited.
Logout Click the Logout link at any time to log out of

the Accelerator.

2
Click the Refresh button at any time to refresh
the data in the WebUI.
Click the Help button at any time to open the

Accelerator’s online help.
Chapter 2 29
2
Performing Setup via the Wizard
The Accelerator’s Setup Wizard guides you on the step-by-step configuration of the
basic parameters necessary to get your Accelerator up and running.
Any parameters set via the front-panel LCD will be displayed in the Wizard.
To access the setup wizard:
1. The first time you access the Accelerator’s
WebUI, the Setup Wizard opens automatically.
On subsequent uses, to return to the Setup
Wizard, click the Setup Wizard button.
2. Read carefully the explanations that appear in
the Welcome screen and click Next to move to
the My Accelerator screen, which lets you define
the local Accelerator settings.
NOTE: To carry out any modifications and additions after initial

configuration, always use the Basic screen or the My
Links screen and not the Wizard. The Wizard resets
other parameters to their default values when accessed.

2
Configuring the Wizard
Set the following parameters on the Wizard’s My Accelerator screen:
Device Name Set a name for the Accelerator of up to 60 characters,
without spaces and special characters.
IP Address Enter the IP address of the Accelerator.
Subnet Mask Enter the Subnet Mask to identify this Accelerator’s local
subnet.
Default Gateway Enter the network’s Default Gateway to which the

Accelerator will forward the traffic it intercepts.
Licensing Enter the Accelerator’s serial number (product ID) and

select either Evaluation, License Key or License File and
enter the license key or file number. For more information
on Licensing, see section Licensing the Accelerator, on
page 39.
Defining Advanced Settings

Clicking the Advanced Settings Configuration button opens the Advanced Settings
screen, which lets you set advanced information about the Accelerator’s setup, as
follows:
Deployment Type On-Path: see section On-Path, on page 8.
On-LAN: sees section On-LAN, on page 16.
Deployment Size From the drop-down list, select the approximate number
of Accelerators to which the local Accelerator will be
connected: 1 - 5,
6 - 10, 11 - 20, 21 - 50, 51 - 100, 101 - 200 or 201 - 500.
Setting an accurate network size enables the Accelerator
to better optimize traffic. In network topologies such as
Mesh and Hub, knowing the network size is important for
the Accelerator in order to know how to divide its system
resources correctly among connected Accelerators.
Chapter 2 31
2
Bandwidth Set the precise bandwidth (in Kbps) of the WAN. 0 is not a
valid bandwidth
Caching Defines the active cache method: WAFS only (for CIFS
traffic), Web Cache only (for HTTP servers), or both.
Maximum Links Used for defining the maximum number of requested

links. You can set here any number between 1 and 450.
IMPORTANT: The WAN bandwidth setting is used by the Accelerator’s

QoS mechanism. Ensure that the WAN bandwidth is not
set too low, otherwise the Accelerator’s QoS mechanism
may drop packets and cause application disconnects.
NOTE: For the Accelerator’s application optimization to work
properly, it is recommended to set an accurate WAN
bandwidth defining the physical link that the Accelerator
sits on. Either select the WAN Bandwidth from the pull-
down menu or select Other and input a specific figure
into the provided field along with its correct unit (bps,
Kbps, Mbps, Gbps).
If you are unsure of your WAN bandwidth setting, use the
default setting of 100 Mbps.
Setting Links via the Wizard

The My Links screen, accessed via the Wizard, lets you set up the basic parameters
necessary to define your network and begin working with the Accelerator.
Follow these steps to set Link information:
Destination IP Enter the IP Address of the remote device.
Name Set a name for the link that will let you identify it in the
future. Up to 31 characters, no spaces, no special
characters.

2
Bandwidth Set the speed of the link that connects the local
Accelerator to the remote Accelerator. This should be either
the local WAN bandwidth or the remote WAN bandwidth -
whichever is lower. To accomplish asymmetrical bandwidth
settings, use either the advanced link parameters or the CLI.
Encapsulation IPComp:
IPComp encapsulation (tunneled encapsulation)
compresses the entire packet. This means that the IP
header, the transport header and the payload are
compressed and the packet traversing the network will
have an IPComp header.
IPComp is the default setting, which enables the best
compression rate.
Router Transparency (RTM):
In Router Transparency encapsulation, only the packets’
payload is compressed, leaving the original IP header and
the original TCP/UDP header in their original forms so that
their information is available across the network.
Router Transparency encapsulation is appropriate in an
environment where header preservation is necessary,
including QoS deployments, monitoring (NetFlow), Load
Balancing, Billing, encryption, MPLS networks and certain
firewall environments.
NOTE: When using router transparency mode, the payload of

packets destined to the router (SNMP requests, Telnet,
and so on) will be compressed, making them
unreadable by the router. In this event, it is necessary to
set up a decision policy that does not tunnel specific
applications, like SNMP (see Creating New Applications,
on page 146); or to exclude specific subnets or IP
addresses from being accelerated on the link (see
Setting Remote Subnets for the Links, on page 260.
Chapter 2 33
2
NOTE: Encapsulation settings can be asymmetric. This means
that one Accelerator can be set to Router Transparency
while the other Accelerator is set to IPComp in the
opposite direction. This is useful when RTM mode is
desired and one of the Accelerators is On-LAN and the
other is On-Path. However, IPComp encapsulation will
not function if the IPComp protocol is blocked by a
firewall. Therefore, ensure that the IPComp protocol is
not blocked before selecting either IPComp or RTM
encapsulation
NOTE: TCP port 1928 is needed for establishing a connection

between Accelerators. Ensure that this port is not
blocked by a firewall that is installed between the
Accelerators.
Use the Delete button to remove added links from the Links Table.
NOTE: Deleting the non-link is impossible, because this link

name is a logical entity that represents all un-specified
traffic in the QoS and Monitoring engines
Click Next to advance to the next screen of the Wizard.

2
Setting the Time
Verifying that the Accelerator’s time is accurately set is extremely important in order to
have an accurate reading of when events occur and when statistic items are gathered
and updated.
Modifying the Password

For security reasons, it is necessary to change the default password before exiting the
setup Wizard. In the Password screen, enter and confirm a new password, and then
click the Next button.
A blank will not be accepted as a password, nor will the password ExpandExpand.
Chapter 2 35
2
Reviewing Wizard Configuration
The Summary screen of the Setup Wizard lets you review the parameters set via the
Wizard before saving them to the Accelerator.
If the configuration is correct, press the Submit button to save the settings to the
Accelerator.
Warning: Clicking Finish will save the configuration as the

Accelerator’s Startup Config

2
Modifying Basic Setup Configuration
To modify the basic Accelerator setup, you can make changes via the Basic screen in
the Setup menu of the WebUI.
NOTE: To carry out any modifications and additions after initial

configuration, always use the Basic screen or the My
Links screen and not the Wizard. The Wizard resets
other parameters to their default values when accessed.
The parameters on this screen are identical to the parameters configurable via the
Setup Wizard’s Basic screen (with the exception of Routing Strategy settings; see
section Setting Routing Strategy, on page 38). For more information see section
Performing Setup via the Wizard, on page 30. In addition, the Basic screen lets you add
a Description to identify the Accelerator.
The Basic screen includes specific details concerning the Accelerator device, as
follows:
Platform Accelerator type
Product ID The product ID is the unique number identifying the

Accelerator, and is used when licensing the product
AcceleratorOS Software (AcceleratorOS) version running on the

Version Accelerator
Current Time Time set in the Accelerator
Chapter 2 37
2
Setting Routing Strategy
The Basic screen lets you set the Routing Strategy.
Routing strategy defines how to route traffic. In environments such as router polling and
dynamic routing networks, it is necessary that the Accelerator route all traffic, and
therefore you should set Routing strategy to Routing only. In environments in which
non-link traffic and inbound traffic should not be directed to the router (normally, when
non-link traffic is transmitted by the Accelerator, it is directed to the router; but this can
cause problems if the destination is a Layer-2 address or for incoming traffic), it is
necessary to set the Routing strategy to Bridge route, which does not route non-link
and inbound traffic - only traffic destined to an accelerated link or a virtual link.
Routing-Only –typically used in On-LAN deployments, or in environments that require the
Accelerator to route all traffic (networks that use Dynamic Routing policies, and so on).
Bridge Route – typically used in On-Path deployments, where traffic is not necessarily
routed through the router.
NOTE: Enabling TCP Acceleration requires you to use “Routing-

Only” routing strategy.

2
Licensing the Accelerator
Accelerators are shipped with a 30-day grace period, during which the product must be
registered and a license must be installed. During this 30-day period, Accelerator
bandwidth capacity is unlimited. Once the 30-day grace period has passed,
acceleration is turned off for all Accelerator links. The Accelerator will continue to pass
data in passthrough mode, but will not optimize traffic in any way. Viewing the license
status is possible in several ways:
Via the Licensing tab of the My Accelerator screen in the WebUI.
By entering the CLI, and in enable mode by using the show license-state
command
In the CLI’s config mode, by using the show licensing command.
NOTE: The 30-day period counts only days during which the
Accelerator is powered on.
NOTE: In the unlikely event of Accelerator failure, if you use a

non hard drive-based Accelerator, you can immediately
replace the Accelerator in the field by inserting the
Compact Flash from an Accelerator with a permanent
license into another Accelerator. This will enable the
second Accelerator to function with a 30-day evaluation
license, allowing you time to register the new
Accelerator.
Chapter 2 39
2
To license an Accelerator:
1. Identify the Accelerator’s Serial number (product
ID) in the upper right hand corner of the Basic
screen of the WebUI.
2. Find the Feature Request Number (I-key) on the
Accelerator Feature Licensing document included
in the Accelerator’s Accessories box.
3. Go to Expand’s Customer Extranet via: http://
extranet.expand.com. If you have not yet
registered in the Extranet, do so and then log in.
4. Click on the Licensing tab.
5. Under My Products, click the Add Product link.
6. In the popup window, enter the software version
number, the Site Name, and the Reseller.
Copy the Serial Number from the Accelerator
WebUI.
Re-enter the serial number.
Click the Submit button.
7. In the next popup window, enter the Feature
Request Number in the I-key field.
Click the Activate button.
The popup window will display the details of the
license which you are attempting to use.
8. Copy the information listed in the first line:
LICENSE KEY IS:
This is the number that you will need to input into
the Accelerator to activate the license.
9. In the Accelerator’s WebUI, click Setup followed
by My Accelerator, and then Licensing.
10. Click the Activate New License button and enter
the Accelerator’s serial number.
11. Paste the License Key as copied from the
Extranet and click Activate.
12. To update the new license features, select the
Refresh acceleration on all links box.

2
NOTE: To locate the serial number via the CLI, use the show
product-id command.
Alternatively, the serial number is imprinted on the
barcode sticker on the Accelerator’s rear panel.
When the 30-day grace period has passed, if the Accelerator was not properly licensed,
acceleration will be disabled. If an Accelerator is not licensed and Acceleration is set to
ON, Acceleration will not function properly and packet drops will occur.
To renew the license, contact Expand’s Help Desk.
When the Accelerator license has expired, or if the Accelerator was installed but its
license was not yet activated, the Accelerator’s status is Active, meaning: it would pass
the data but not accelerate it (Work in pass-through mode), as shown below:
Acc30_6(config)# show interface link summary
Link Destination IP Description Bandwidth Link Status

Address
1 28.0.214.6 L-28.0.214.6 2000 N/A |

active
non N/A non-link 100000 N/A |

active
To move the Accelerator to accelerating status, you have to activate the refresh
acceleration command, as follows:
Acc30_6(config)# interface link 1 refresh-acceleration
Afterwards, the Accelerator will start accelerating the traffic passing through it, as
shown below:
Acc30_6(config)# show interface link summary
Link Destination IP Description Bandwidth Link Status

Address
Chapter 2 41
2
1 28.0.214.6 L-28.0.214.6 2000 N/A |
accelerating
non N/A non-link 100000 N/A |

virtual

2
Performing Basic Setup via the CLI
For information on how to work with the CLI, see section Using CLI Configuration, on
page 277.
Basic Accelerator CLI Configuration needed to get the Accelerator up and running
consists of setting the following parameters:
License key
IP address/subnet mask
IP default gateway
Hostname
Deployment
Link destination
link bandwidth
Sample CLI basic configuration

AcceleratorOS, Accelerator 4900 Series
login: expand
Password: Expand
Version: v6.1(0)
accelerator> enable
accelerator# configure terminal
accelerator(config)# activate-license key ENX1-FUXF-HBJ2-K3Y6
License successfully activated.
The new License state is:
Feature License Time Left
------- ------- ---------
Bandwidth Allowance 45 Mbps Unlimited
Last loaded license key: ENX1-FUXF-HBJ2-K3Y6
accelerator(config)# interface local
accelerator(local interface)# hostname ACC1
ACC1(local interface)# ip address 10.1.0.6 255.255.0.0
ACC1(local interface)#ip default-gateway 10.1.0.1
ACC1(local interface)#deployment onpath
ACC1(local interface)#exit
ACC1(config)#wan default
Chapter 2 43
2
ACC1(wan)#bandwidth 256 kbps
ACC1(wan)#exit
ACC1(config)#interface link
ACC1(LINK)#link destination 10.2.0.6
ACC1(LINK)#bandwidth 128
ACC1(LINK)#encapsulation transparent
ACC1(LINK)#exit
ACC1(config)#write
ACC1(config)show running-config
Logging into the Accelerator

Logging into the Accelerator is accomplished in a series of steps.
When accessing the Accelerator from the CLI, at the login prompt, enter your user
name and password. The default user name isexpand (case sensitive) the default
password is Expand (case sensitive).
Command accelerator >enable [Mandatory]
Purpose Enters enable mode. This is necessary for beginning work with
the Accelerator. Once you have entered Enable mode, the
prompt at the end of the command line changes from > to #.
Logging out of the Accelerator

Command accelerator#exit [Mandatory]
Purpose At any point you can use the Exit command to log out of the
Accelerator. The Exit command exits each level of the CLI
hierarchy one at a time, so you may need to use the Exit
command a number of times to leave the Accelerator session.

2
Configuring the Accelerator
Entering Configuration Mode

Command accelerator#configure terminal
[Mandatory]
Purpose The configure terminal or config command lets you enter the
Accelerator’s main configuration mode, in which most
configuration of the Accelerator takes place.
Entering Interface Mode

Command accelerator(config)#interface local
[Mandatory]
Purpose Enters the local interface for basic parameter configuration.
Setting a Device Name

Command ACC1(local interface)#hostname [name-for-
the-Accelerator] [Mandatory]
Purpose Sets a name for the Accelerator. Changing the hostname will
affect the prompt (in the Example, the hostname set is ACC1).
The hostname cannot contain spaces, and cannot contain
special characters. The hostname can be up to 60 characters.
You can also set the hostname from the conf mode.
Setting an IP Address
Command ACC1(local interface)#IP address
x.x.x.x x.x.x.x [Mandatory]
or
ACC1(local interface)# IP address
x.x.x.x/x
Purpose Sets an IP address and subnet mask for the Accelerator.

You can add secondary after the command, to set this IP
address as the Accelerator’s secondary IP address.
Chapter 2 45
2
Setting a Default Gateway
Command ACC1(local interface)#ip default-
gateway x.x.x.x [Mandatory]
Purpose Sets a default gateway for the Accelerator.
Setting the Deployment Type

Command ACC1(local interface)#deployment
[onpath, onlan] [Mandatory]
Purpose Set the deployment type to On-Path or On-LAN.
Setting the Default WAN Bandwidth

Command ACC1(config)#wan default
ACC1(wan)#bandwidth number 0 to 1000000
[Mandatory]
Purpose Set the precise bandwidth (in Kbps) of the WAN. 0 is not a
valid bandwidth.
Setting the Remote Device

Command ACC1(config)#interface link [Mandatory]
Purpose Creates a link to the remote Accelerator.
Setting the IP Address of the Remote Device

Command ACC1(link)#link destination x.x.x.x
[Mandatory]
Purpose Inputs the IP address of the remote device.
Setting the Bandwidth to a Remote Device

Command ACC1(link)#bandwidth number 0 to
1000000 [Mandatory]

2
Purpose Set the precise bandwidth (in Kbps) of the WAN. 0 is not valid.
Setting the Link to Work with IPcomp

Command ACC1(link)#encapsulation ip-comp
Purpose Sets the link to work with ipcomp encapsulation.

IPComp is the default setting.
Setting the Link to Work with Router Transparency

Command ACC1(link)#encapsulation transparent
[Optional]
Purpose Sets the link to work in router transparent mode.
NOTE: Once the link parameters have been modified, it is

necessary to exit the link mode to save parameters. If
after changing the requested parameters you press
Cancel instead of Exit, the parameters will not be saved.
NOTE: Encapsulation settings can be asymmetric. This means

that you can set one Accelerator to Router Transparency
while setting the other Accelerator to IPComp in the
opposite direction. This is useful when RTM mode is
desired and one of the Accelerators is On-LAN and the
other is On-Path. However, IPCOMP encapsulation will
not function if the IPCOMP protocol is blocked by a
firewall. Therefore, ensure that the IPCOMP protocol is
not blocked before selecting either IPCOMP or RTM
encapsulation.
Licensing the Accelerator

Command ACC1(config)#activate-license key
[valid license key number]
Purpose Enters the valid license key into the Accelerator. [Mandatory]
Chapter 2 47
2
Saving/Uploading the Basic Configuration
Command ACC1(config)#write
Purpose Saves the basic configuration as the startup configuration.

[Mandatory]
Viewing Basic Configuration Settings

Command ACC1(config)#show running-config
Purpose Displays the configuration that was set to the Accelerator.

[Optional]

3
3 Preparing the Network Integration
The AcceleratorOS lets you set up set up the Accelerator via the Wizard, by using the
Accelerator’s default IP address (10.0.99.99). In addition, you can use the CLI to
perform complete setup.
C h a p te r 3 P. 4 9
Preparing the Network Integration
3
Integrating the Accelerator into Your Network
The steps involved in integrating the Accelerator in your network depend entirely on the
structure of the network and the various technologies and devices already in place on
your network.
The following section describes the steps needed to get the Accelerator up and running
for various network topologies and technologies. Your network may need one or any
combination of the following settings.
Integrating into Standard Network

The Accelerator Installation Wizard is designed to get the Accelerator up and running
on a standard network, namely: a network that installs the Accelerators in a point-to-
point, or point-to-multipoint configuration, with one router and one or more remote sites.
After concluding the first stage of using the wizard, as detailed in section Performing
Setup via the Wizard, on page 30, proceed with the configuration by referring to one of
the following sections, depending on the network environment:
Integrating into Networks that use Dynamic Routing, on page 51
Integrating into External QoS/Monitoring Devices, on page 52
Installing in Noisy Links’ Environments, on page 53
Installing On-LAN at a Data Center, on page 55
Installing in a High Latency Environment, on page 58
Installing in a Web-Intensive Environment, on page 59
Using Advanced QoS, on page 60

3
Integrating into Networks that use Dynamic Routing
Follow these steps to install the Accelerator on a network that already uses dynamic
routing.
Use the Installation Wizard to set up basic Accelerator properties.
Use the following steps for networks that use OSPF dynamic routing.
To configure OSPF:
Refer to these steps:
1. In the Accelerator’s WebUI, click on the Setup
tab, and then the My Accelerator tab, followed by
the My Routes menu.
2. Under Dynamic Routing, click the OSPF button.
3. Set the parameters as necessary. For more
information on OSPF, see section Configuring
OSPF, on page 86.
For networks that use RIP dynamic routing.
To configure RIP:
1. In the Accelerator’s WebUI, click on the Setup
tab, and then the My Accelerator tab, followed by
the My Routes menu.
2. Click the RIP button.
3. Set the parameters as necessary. For more
information on RIP, see section Configuring RIP,
on page 93.
Chapter 3 51
P re p a r i n g t h e N e t w o r k I n t e g r a t i o n
3
For networks that use dynamic routing other than OSPF or RIP (such as EIGRP, ISIS or
IGRP), use Router Polling to set up the Accelerator’s network:
To configure router polling:

For instructions on using the CLI, see section Performing Basic Setup via the CLI, on
page 43.
For information on CLI Router Polling commands, see section Working with Router
Polling, on page 89.
Integrating into External QoS/Monitoring Devices

When QoS is deployed on the network (not via the Accelerator, but by using third-party
software), setting up the Accelerator is necessary in order for the QoS device to
continue having access to the traffic traversing the Accelerator, as follows.
To set the Accelerator to enable external QoS:
1. In the WebUI, in the Setup menu, click My Links.
2. Select the link to be affected by QoS device and
set it to work in Router Transparency mode. For
more information on Router Transparency mode
and Link configuration, see section Adding Links,
on page 72.

3
3. If all links from the Accelerator are to be affected

by the QoS device, it may be useful to modify the
default Link parameters so that all new links to be
created will use Router Transparency Mode as the
default setting. To do that, select the My links
command from the Setup menu, and then click
the Advanced button. Set the default link
parameters as needed and click the Save to
template link button.
Installing in Noisy Links’ Environments

If you add the Accelerator to a particularly noisy environment, with a high number of
BERs, drops or collisions (for example, satellite links or a connection with radio
transmissions), the following configuration modifications may help optimize Accelerator
performance.
To set the Accelerator to work in noisy links’
environments:
1. In the Setup menu, under My Links, click the
Advanced button. In the Create New Link screen,
ensure that the Include checksum checkbox is
selected (this is the default setting). Checksum
will cause the Accelerator to automatically resend
packets on which errors are detected.
2. Consider enabling TCP Acceleration if links are
high-latency, as described in section Installing in
a High Latency Environment, on page 58.
Chapter 3 53
3

3
Installing On-LAN at a Data Center
Installing an Accelerator On-LAN at the data center requires taking extra measures in
order to enable redirecting all relevant traffic to the Accelerator. When working in On-
LAN mode, the Accelerator needs to intercept packets from the LAN before they are
handled by the router. This is accomplished either via RIP Route Injection, or via the
Web Cache Communication Protocol (WCCP). For more information, see section
Enabling Packet Interception, on page 95.
To configure packet interception:

1. In the WebUI, click on Setup followed by
Networking and then Packet Interception.
2. In the Packet-Interception menu, select either RIP
or WCCP packet-interception.
3. If RIP is selected, click the Submit button.
If WCCP is selected:
Select the Authentication checkbox and enter a
password (case sensitive) into the Authentication
field.
Enter the WCCP router IP address.
Enter the TCP service ID and UDP service ID (51
to 99).
Click the Submit button.
For information on configuring the router to
support WCCP mode, see section Setting WCCP
on the Router, on page 97.
If resilience is necessary, and HSRP or VRRP is implemented among the routers at

the central site, you can configure the Accelerator to operate within an HSRP or a
VRRP group. For more information see section Understanding Router Redundancy
Protocols, on page 240.
Chapter 3 55
3
To enable the Accelerator to operate within an HSRP
group:
Networking and then HSRP.
2. You can configure the Accelerator either by using
the Auto Detect mode or by manually adding
HSRP configuration.
The auto detect mode enables filling up the
HSRP table automatically with the details of the
HSRP groups detected on the network.
Alternatively, you can manually add HSRP
groups to the Accelerator.
Ensure that the Accelerator “joins” all relevant
HSRP groups.
For more information, see section Configuring
HSRP, on page 243.
To enable the Accelerator to operate within a VRRP group:

Networking and then VRRP.
2. In the VRRP menu, enter the Group ID number,
the Virtual IP address, the Priority (0 - 254), the
preempt status and the timer setting.
3. Click Add.
The VRRP group immediately appears in the
Groups table.
For more information, see section Configuring
VRRP, on page 249.

3
Chapter 3 57
3
Installing in a High Latency Environment
In high latency and high-packet-loss environments, TCP, which was designed to ensure
reliable IP transmission, does not perform well. The TCP limitations are expressed in
the long times required for file transfers over the WAN, degraded web performance and
unresponsive applications. TCP Acceleration feature enables optimization and better
utilization of WANs that suffer from distance-induced TCP limitations. For more
information on TCP Acceleration, see section Studying TCP Acceleration, on page 184.
Use the following table to determine whether your network suffers from high-latency
and would benefit from enabling TCP Acceleration:
Window Size
8 KB 16 KB 32 KB 64 KB
50 160 Kbps 320 Kbps 640 Kbps 1280 Kbps

Round Trip Time
To enable TCP Acceleration:

1. In the Accelerator’s WebUI, click on Services and
then TCP Acceleration.

3
2. In the TCP Acceleration field, select the Enable

TCP Acceleration box.
Enter the typical RTT and Typical Acceleration
rate as described in section Studying TCP
Acceleration, on page 184.
3. In the bottom right corner, click the Submit
button.
For more information on TCP Acceleration
configuration settings, see section Configuring
TCP Acceleration, on page 192.
Chapter 3 59
3
Using Advanced QoS
This section covers the topic of QoS, its uses and the way it is implemented in the
AcceleratorOS. The section includes the following topics:
What is QoS?
How to Know what’s on Your Network
How to Prioritize Applications
What is QoS?
QoS (Quality of Service) is a general term for control mechanisms that can assign
different priorities to different users or data flows, or guarantee a certain level of
performance to a data flow, according to requests from the application program. Quality
of Service guarantees are important if the network capacity is limited, especially for
real-time streaming multimedia applications, such as VoIP and IP-TV. Such applications
often require fixed bit rate and may be delay-sensitive, which makes it difficult to
transmit them in public networks that use ordinary first-in-first-out protocols. You can
use the QoS feature to accelerate packets passing through the Accelerator based on
policy and reservation criteria arranged in advance. QoS lets you use the bandwidth
you pay for more effectively. However, to manage traffic, you first need to know how
much of and what kind of traffic is on your network.
How to Know what’s on Your Network

The Accelerator’s traffic detection, or sniffing, feature lets you obtain a complete picture
of your bandwidth use. Traffic is classified according to hundreds of predefined
applications, and statistics are gathered as to how much of each traffic type is
traversing (or clogging) your network. Often you will find that the applications that
should be receiving the most bandwidth are in fact being slowed down by bandwidth-
greedy applications that are secondary, or even unwanted and potentially harmful.
How to Prioritize Applications

Once you know which applications are on your network and how they affect your traffic
flow, understanding the building blocks of QoS is essential in order to prioritize
applications correctly.
Traffic shaping is accomplished primarily by guaranteeing or limiting the amount of
bandwidth an application can receive, and by prioritizing applications.
Setting a Minimum Bandwidth desired allocates a certain amount of bandwidth for a
specific application during periods of congestion. You should set desired bandwidth for
3
mission-critical, time-sensitive applications such as VoIP, which needs 8 to 16 Kb
allocated throughput to function.
Setting Maximum Bandwidth limit puts a ceiling on the amount of bandwidth that an
application can consume. This is useful for bandwidth-greedy applications such as FTP
or P2P, to limit the amount of bandwidth they consume.
Additionally, you can allocate bandwidth proportionately among applications by setting
the priority to Low, Medium or High. You can give critical traffic a higher priority than all
these by setting it to RealTime. To prevent the flow of undesired traffic on the network,
set it to Blocked.
Applications that you may want to prioritize include VoIP, Citrix and video conferencing.
AcceleratorOS User Guide 61

4
4 Configuring Accelerator Networking
This chapter describes how to perform networking configuration on the Accelerator,
including:
Optimizing the Network Topology, on page 64.
How to fine-tune the Accelerator’s performance in specific network scenarios
Defining WAN Setup, on page 69.
How to define additional WANs for the Accelerator
Configuring Secondary IP Addresses, on page 70.
Setting Secondary IPs on the Accelerator, for connection to multiple subnets on the same
network
Creating and Editing Links, on page 71.
How to create links to other Accelerators
Setting Dynamic Routing, on page 84.
How to set dynamic (OSPF/RIP) or static routing for the Accelerator
Setting Subnet Routing, on page 77.
How to work with manual and dynamic subnet configuration
Setting the Accelerator’s Time, on page 99.
How to set the Accelerator’s clock
Configuring DHCP Servers, on page 100.
How to use the DHCP configuration file
Setting ExpandView Agent Parameters, on page 103.
How to configure the ExpandView agent’s parameters to work with the Accelerator OS
Studying Sample CLI Subnet Configuration Network, on page 104.
How to set networking parameters described in this chapter via the CLI
C h a p te r 4 P. 6 3
C o n f ig u ri n g A c c e le r a t o r N e t w o r k i n g
4
Optimizing the Network Topology
The Accelerator enables support of many complex network topologies. Some of these
environments have special considerations when setting up the Accelerator.
Point-to-Point The Accelerator’s default settings are designed with

a basic point-to-point network in mind. For point-to-
point networks as well as for branch offices
connected to headquarters, the basic Wizard
configuration should suffice.
This is the default setting.
Mesh and Hub In a mesh or hub-and-spoke topology it is

recommended for the Accelerator to have a correct
estimate of the size of the network and the number
of Accelerators connected. To adjust the size of the
deployment, see section Defining Advanced
Settings, on page 31.
If the Topology-Size is set to a number that is too large, the Accelerator will not use all
its resources, resulting in lower acceleration percentages than would be possible if the
Topology-Size were set accurately.
If the Topology-Size is set to a number that is too small, too many negotiation
messages will be sent between the Accelerator and the network. In addition, the
amount of time it takes for the Accelerator to reboot and to recover from a
disconnected link will be longer than necessary.
Configuring Core Allocation

In some scenarios, the Topology-Size is not sufficient and optimizing the Accelerator
for the environment requires a more granular tuning. In such cases, adjust the Core
Allocation. The Accelerator’s memory is divided into cores, or logical memory
components used for acceleration. The larger the core allocated to a link, the higher
the acceleration.
The system allocates cores according to bandwidth settings. For more information on
CLI configuration, see section Performing Basic Setup via the CLI, on page 43 .
Core configuration is divided into resource-policy topology configuration and greedy-
threshold configuration. Resource-policy topology configures the number of
Accelerators on the network. Greedy Threshold sets the minimum number of
4
Accelerators that can connect and optimally share the available memory. Once this
number has been surpassed, the memory will be equally divided according to the
number of Accelerators set in the deployment size, and each connected Accelerator
will get a percentage of the total memory for the complete deployment (even if fewer
Accelerators are actually installed). In deployments in which bandwidth is asymmetric,
you can tune core allocation to allocate larger cores for higher bandwidth installations.
While you can set topology-size via the WebUI (see section Defining Advanced
Settings, on page 31), setting greedy-threshold size is possible only via the CLI, as
follows:
To assign cores:
In the Accelerator’s CLI, in configuration mode, type core allocation. In core

alloc mode, type greedy-threshold followed by the minimum number of
Accelerators to equally share memory, as follows:
ACC1(CORE ALLOC)# greedy-threshold [minimum number of
Accelerators]
The default greedy-threshold size is 1.
To set the number of Accelerators in the network:
In the Accelerator’s CLI, in configuration mode, type core allocation. In core

alloc mode, type resource-policy topology followed by the number of
Accelerators in the network, as follows:
ACC1(CORE ALLOC)# resource-policy topology [number of
Accelerators on the network]
The default resource-policy topology number is 5.
NOTE: After the core allocation is modified, it is recommended

to reboot the Accelerator.
Chapter 4 65
C o n f i g u r in g A c c e le ra to r N e t w o r k i n g
4
Configuring Core Allocation via the CLI
Setting the deployment size
Command ACC1(config)#core-allocation
ACC1(CORE ALLOC)#resource policy
topology-size [number of Accelerators in
deployment]
Purpose Set the number of Accelerators in the deployment

4
Taking into Account Network-Specific Considerations
The Accelerator’s advanced algorithms support multiple complex networks with no
added or special configuration. The algorithms automatically optimize Accelerator
benefits per network setup.
The following are special configuration recommendations for particular networks:
Environment Type Customized Configuration
Noisy environments Noisy environments are handled automatically via

the Accelerator. The Accelerator’s basic
configuration settings automatically optimize for
problematic networks of this type.
Out-of-order Out-of-order environments are handled

automatically via the Accelerator. The Accelerator’s
basic configuration settings automatically optimize
for problematic networks of this type.
Load balancing In load-balanced environments, you should set the

Accelerator to Source IP preservation (CLI
configuration only) to maintain the semblance of a
session, or RTM encapsulation if necessary.
You can perform load balancing per packet or per
session. In a load-balanced environment you should
either enable IPcomp (see section Setting IPcomp
Preservation, on page 264) or use transparent mode
to preserve session information.
MPLS In MPLS networks, enable ToS bit preservation and

source IP preservation. Often it is important to
enable router transparency instead, to work with the
network’s QoS deployment (see section Setting
IPcomp Preservation, on page 264).
Chapter 4 67
4
Environment Type Customized Configuration
QoS cloud or working in Enable router transparency, or ToS bit preservation

conjunction with a QoS &/or Source IP Preservation (see section Setting
device IPcomp Preservation, on page 264) Depending on
the fields in use, enabling one or more of the
IPComp preservation modes may be necessary in
order to use RTM.
Monitoring device in a Enable router transparency, or ToS bit preservation

cloud &/or Source IP Preservation (see section Setting
IPcomp Preservation, on page 264) Depending on
the fields in use, enabling one or more of the
IPComp preservation modes may be necessary in
order to use RTM.

4
Defining WAN Setup
Each Accelerator has a default WAN. The settings on this WAN define the physical
connection of the Accelerator to the WAN.
The WAN bandwidth setting is the total physical bandwidth of the link between the
Accelerator and the network.
The default WAN is automatically generated and will suffice for most networks. For
details regarding the configuration of complex networks, on which more than one WAN
is necessary, see section Handling WANs, on page 230.
Setting the Bandwidth

Correct functioning of the Accelerator’s bandwidth management and flow control
mechanisms requires you to configure an accurate bandwidth for the WAN. The
Bandwidth setting is enforced once it is set. Ensure that you set the Outbound
Bandwidth for the local Accelerator. The Accelerator applies no policy for Inbound
Bandwidth unless otherwise specified. Setting inbound QoS on a link requires setting
the Bandwidth of the inbound link. For more information see section Setting Inbound
QoS, on page 165.
Configuring the WAN

In addition to Bandwidth, you can assign Links per WAN, and configure QoS settings
to be applied on the WAN level. For more information about QoS, see Applying QoS,
on page 141.
To carry out basic WAN configuration, use either the Setup - Basic menu in the
WebUI, or the Setup Wizard. For more information on WAN Bandwidth and Links, see
Setting Advanced Parameters, on page 229.
Chapter 4 69
4
Configuring Secondary IP Addresses
You can set on the Accelerator up to 10 Secondary IPs, for connection to multiple
subnets on the same network. Out-of-band management is set here. If Out-of-band
management is used, it is counted as one of the ten Secondary IP addresses available.
To Configure Secondary IP Address:

1. In the Accelerator’s WebUI, click on Setup > My
Accelerator, followed by Secondary IP.
2. Enter the IP address and Subnet Mask to be
used, select whether to advertise the IP address
and click the Add button.
3. The IP address appears in the Secondary IP List
table.
4. To edit or delete an address already existing,
highlight the row in the table and use the buttons
provided.

4
Creating and Editing Links
A Link is a logical connection between the Accelerator and each connected remote site
and its subnets. The Accelerator optimizes network performance to remote sites with
Accelerators deployed via “Accelerated Links”, and to remote sites without Accelerators
deployed via “Virtual Links”.
The Accelerator’s benefits are greatest when working with another Accelerator on the
other side.
The Accelerator can provide QoS services to Virtual Links, when no other Accelerators
are present on the remote sites.
In addition, the Accelerator enables configuration of a single “Non-link”. The Non-link is
the default link for all traffic not assigned to any known subnet or remote Accelerator.
Internet traffic is one example of traffic assigned to the Non-link. You can manage this
Non-link like any other link, and that lets you determine traffic QoS and bandwidth
restrictions for all traffic not destined for your remote networks and Accelerators.
When a link is first created or re-established, auto-negotiation occurs between the local
and remote ends of the link and uses the inbound and outbound bandwidth settings to
determine the resources to be allocated for each link.
Chapter 4 71
4
Studying the Links Screen
The Links screen lets you add, edit and manage Accelerator links.
Creating a link requires assigning a destination IP address and an outbound bandwidth

to the link.
The following sections detail the operations you can carry out via the My Links screen:
Adding Links, on page 72.
Editing Links, on page 74.
Adding Links
Add links to the Accelerator via the Setup - My Links menu.
To add a link:
1. In the Accelerator WebUI, click on the Setup tab,
and then the My Links menu.
The Links screen opens by default.

4
2. Set the basic Link properties, as follows:
Destination IP IP address of the remote device.
Name Set a name for the Link that will let you
identify the link in the future. Up to 32
characters, no spaces.
Bandwidth Set the Link’s bandwidth, namely: the

maximum throughput allowed to traverse the
link.
IPComp IPComp encapsulation enables the best

compression rate.
IPComp encapsulation (tunneled
encapsulation) defines complete
compression of the packets intercepted by
the Accelerator. This means that the IP
header, the TCP/UDP header and the
payload are compressed and the packet
traversing the network will have an
Accelerator-proprietary IPComp header.
Router Transparency Router Transparency (RTM)

In Router Transparency encapsulation, only
the packets’ payload is compressed, leaving
the original IP header and the original TCP/
UDP header in their original forms so that
their information is available across the
network.
Router Transparency encapsulation is
appropriate in an environment where header
preservation is necessary, including QoS
deployments, monitoring (NetFlow), load
balancing, billing, encryption, MPLS networks
and certain firewall environments.
RTM support for On-LAN deployments is
available in AcceleratorOS 5.0(6) and higher.
TCP port 1928 is needed for establishing a
connection between Accelerators. Ensure that
this port is not blocked by a firewall that is
installed between the Accelerators.
Chapter 4 73
4
3. Click the Add button.
For particularly complex networks, the Accelerator enables advanced Link
configuration.
NOTE: Packet Fragmentation does not work in RTM mode.
For Advanced Configuration options, see section Setting VRRP Group Number, on page
251.
Editing Links
You can use the Edit Links screen to fine-tune and modify existing links. This screen
lets you set basic link parameters, acceleration, tunneling and TCP Acceleration
parameters for the link.
To edit an existing link:
1. In the Links table, either click the name of the
link to be edited, or click the row of the link to be
edited, and click the Edit button
2. In the Edit Link screen that opens now, use the
Parameters section to edit parameters such as
Link Name, Destination IP, Link Metric,
Bandwidth Out and MTU (Maximum Transfer
Unit).
3. Use the Acceleration section to define whether to
accelerate the link and to use header
compression.
4. Use the Tunneling section to define parameters
such as the encapsulation type (IPComp or
Transparent), SRC preservation and Include
checksum.

4
NOTE: When configuring a link, it is advisable to set a link
metric for it, which is the actual metric for all the link’s
subnets, with the exception of excluded Subnets. If you
do not set a link metric for the link, the system will
automatically set a default for the link, which is the
current maximum metric +10, starting from 11.
Use the Link Subnets screen to set the link’s subnets. For configuration details, see
section Configuring Remote Subnets Manually, on page 80.
Chapter 4 75
4
Adding and Editing Links via the CLI
The CLI procedure for adding and editing links is the same as for creating the first link.
For more information, see section Performing Setup via the LCD, on page 25.

4
Setting Subnet Routing
To function properly, the Accelerator must detect correctly the layout of the network to
which it is connected, namely: the direct subnet where the Accelerator resides as well
as all other subnets on both sides of the link that the Accelerator should serve. In this
way, the Accelerator will be able to forward the packets it receives to the correct
destination, as seen in the figure below.
In the figure above, S1 is Accelerator 2’s direct subnet, while S2 and S3 are also
subnets of Accelerator 2. Accelerator 1 must forward traffic destined for devices that
are part of S2 and S3 to Accelerator 2 via Link1. In order for Accelerator 1 to do this, it
must detect S1, S2 and S3 as subnets of Accelerator 2.
Accelerator 2 automatically detects S1 and adds it as its local subnet. You can
manually add S2 and S3 to Accelerator 2’s Subnets list, or use routing protocols to
add them dynamically. If the network supports OSPF or RIP the Accelerator can
function as an OSPF or RIP device to receive routing information. If other dynamic
protocols are in use, the Accelerator can poll routers to learn their routing tables. Then,
Accelerator 2 must advertise its subnet list to Accelerator 1, enabling Accelerator 1 to
properly route packets destined to S1, S2 and S3 to Accelerator 2 via Link 1.
NOTE: The Accelerator supports up to 2500 local subnets and

up to 2500 remote subnets per link
Chapter 4 77
4
Configuring Subnets Manually
If the Accelerator network does not work with dynamic routing, or if a subnet was not
detected via OSPF or RIP, you have to add and edit subnets manually.
To add a subnet to the Accelerator:

and then the My Accelerator tab, followed by the
My Subnets menu.
2. Set the parameters as follows:
IP Address Set the IP address of the Subnet that is

connected to the Accelerator.
Subnet Mask Set the Subnet Mask of the subnet.
Metric The metric setting defines the priority of the

route or the subnet. Set a lower number for
more desirable routes. For example, on a T3
link with 1 hop, set a low metric value, whereas
set a long-haul 128 Kbps link with 8 hops to a
high number.

4
Advertise Advertised subnets are the Accelerator’s
subnets that the Accelerator broadcasts to other
Accelerators when link negotiations occur.
Select whether to advertise this subnet.
By default, subnets that are manually added are
advertised.
Add route rule When adding a subnet, the Add route rule
checkbox lets you create a static route rule to
define how to reach the subnet. This will add an
entry in the My Routes table, which displays
access to the subnet via the next hop.
NOTE: Once the static route is created, no

connection exists between the route-rule added
and the subnet. Any change made in the one
will not affect the other.
Next hop Add a next hop via which the subnet will be
accessed.
The Edit button lets you modify already added

subnets by selecting them in the table and
clicking this button. This may be done for
manually added subnets as well as dynamically
learned subnets.
To delete subnets, select them in the table and

click this button.
When subnets that are set to be advertised are
deleted, they are removed from all connected
Accelerators.
IMPORTANT: The Accelerator’s local subnet will be automatically

detected and added. If more than one local subnet
exists, you have to add all additional local subnets.
Ensure that the local subnets appear in the Local
Subnets Table. Otherwise, in a non-link environment,
the Accelerator QoS and Monitoring features will not
function properly.
Chapter 4 79
4
Editing a Subnet
Once a subnet has been added to the Accelerator, you can use the following steps to
edit it.
To edit a subnet:
1. In the My Subnets screen, highlight one subnet in
the Local Subnet table, and click the Edit button.
2. Edit the IP address, Subnet mask, Metric and
Advertise status as necessary and click the
Submit button.
When subnets that are set to be advertised are
edited, the change is broadcasted to all
connected Accelerators:
Configuring Remote Subnets Manually

If the Accelerator network does not work with dynamic routing, or if a remote subnet
was not detected via OSPF or RIP, you have to manually add, edit and delete remote
subnets to be advertised by the Accelerator. When adding a subnet, you have to apply
it to a specific link of your choice.
This screen lets you display all subnets applied to a specific link. You can also use this
screen to add, edit and delete subnets to be excluded from the link.

4
To add a remote subnet to the Accelerator:

and then the My Links tab, followed by the Link
Subnets menu.
2. Set the parameters as follows:
IP Address Set the IP address of the Subnet you want to

connect to the Accelerator.
Subnet Mask Set the Subnet Mask of the subnet.
Exclude If a subnet has already been added, and

specific IP address(es) are to be excluded, enter
the IP address and mask and select the Exclude
checkbox.
IMPORTANT: The Accelerator’s remote subnet will be automatically

detected and added. If more than one remote subnet
exists, you have to add all additional remote subnets.
Ensure that the local subnets appear in the Remote
Subnets Table. Otherwise, in a non-link environment,
the Accelerator QoS and Monitoring features will not
function properly.
Chapter 4 81
4
Configuring Subnets via the CLI
Configuring Subnets
Command ACC1(config)#subnets
Purpose Enter subnets configuration mode.
Adding a Subnet
Command ACC1(SUBNETS)#network x.x.x.x x.x.x.x
Purpose Enter the subnet IP address followed by the subnet mask.
Advertising a Subnet and Adding a Metric

Command ACC1(SUBNETS)#advertise or not-advertise
x.x.x.x x.x.x.x | metric [number]
Purpose Sets the subnet to be advertised or not advertised (can

optionally add the subnet mask). Adds a metric value to the
subnet.
Deleting a Subnet
Command ACC1(SUBNETS)#no network x.x.x.x x.x.x.x
Purpose Deletes the subnet (can optionally add the subnet mask).
Excluding a Subnet from an Interface

Command ACC1(LINK)#subnet exclude x.x.x.x
x.x.x.x
Purpose Excludes the subnet from the interface.
Viewing subnets
Command ACC1(SUBNETS)#show
Purpose Displays configured subnets.

4
Adding Static Routes
Use the following procedure to add static routes to the Accelerator.
NOTE: The Accelerator supports up to 1500 route entries in the

routing table.
To add a static route:

1. In the Accelerator WebUI, Click on the Setup tab,
and then the My Accelerator tab, followed by the My Routes
menu.
2. Under Static Routing, enter the subnet IP and
Mask, and the next hop to be used for accessing
the subnet.
3. Ensure that you select the Add as local subnet
checkbox, if the subnet being added is local to
the Accelerator. In such a case select also
whether to advertise the subnet by checking the
Advertise Local Subnet checkbox.
The static route now appears in the Route Rules
table.
Chapter 4 83
4
Setting Dynamic Routing
NOTE: Static routes created via the My Subnets menu will also
appear in the Route Rules table. For more information,
see section Configuring Subnets Manually, on page 78.
Once the static route is created, no connection exists
between the route-rule added and the subnet. Any
change made in one of them will not affect the other.
Due to the continuous changes in routing and the vast complexity of collecting
necessary routing parameters, many advanced networks use dynamic routing protocols
to enable routers to exchange routing data automatically. In addition to allowing manual
routing configuration, the Accelerator supports dynamic routing protocols, including
OSPF and RIP v1 and v2 and Router Polling. Supporting dynamic routing protocols
enables the Accelerator to use alternate routes in the event of router failure. In addition,
the Accelerator learns the cost and length of each route (per bandwidth in the case of
OSPF and per hop in the case of RIP), and can forward accelerated packets to the
best router. The Accelerator can also load-balance best routes.
A subnet whose Advertised status is manually manipulated will continue to function
dynamically within the routing protocol, but will maintain the manually altered
Advertising status.
NOTE: Once Subnets are located by using OSPF or RIP, you can
perform manual modifications.
For example, subnets located via RIP are set by default
as Not Advertised; however, you can modify them to be
Advertised subnets.
For Manual Subnet configuration information, see
section Configuring Subnets Manually, on page 78.

4
Working with OSPF
Once the Accelerator is set to work with OSPF, it updates its routing and subnets
tables according to dynamic information coming from OSPF updates.
All local subnets detected via OSPF are automatically set to be “advertised” by default
if their metric value is between the high and the low values. Advertised subnets are the
Accelerator’s subnets, which are broadcasted to other Accelerators when link
negotiations occur.
Chapter 4 85
4
Configuring OSPF
Configuring OSPF is accomplished via the Setup - My Accelerator - My Routes Menu.
To configure OSPF:
1. Click on the OSPF button.
2. Set the parameters as follows.
OSPF Mode Enable or Disabled OSPF Mode.

Enabling OSPF Mode lets you configure OSPF
parameters.
Disabling OSPF Mode will save any previously
configured OSPF settings, but will disable OSPF
capabilities.
Area ID OSPF divides its networks into areas. Therefore,

you must set the Accelerator with its OSPF area
identification number, which lets the Accelerator
identify itself to local routers.
To set the Area of the Accelerator within the OSPF
group, use its number or its IP Address format
number. The default is 0.0.0.0.

4
Authenticatio Authentication on the Accelerator must match the
n OSPF authentication set across the network.
Set the Authentication to None, Key, or MD5:
None: When no authentication is necessary to
communicate with other OSPF devices.
Key: When a non-encrypted authentication
password is needed to communicate with other
devices in the OSPF network, insert the key used.
This key is a common string (non-encrypted) that
must be set according to what is set across all
devices on the network using OSPF.
MD5: When an MD5 authentication password is
needed to communicate with other OSPF devices,
insert the encrypted key used. This must be the
password that is set across all devices on the
network using OSPF. Set the ID number according
to this authentication password’s ID number across
the OSPF network.
Neighbor IP The Accelerator automatically detects neighboring

OSPF routers. If a router was not auto-detected,
you can manually add up to 20 routers to the
Neighbors Table. This is particularly important
when connecting to nonbroadcast networks, such
as an Accelerator on a subnet that does not use
OSPF. This enables the Accelerator to receive
OSPF routing information from a neighboring router
on a subnet that uses OSPF
Configuring OSPF via the CLI

Enabling OSPF
Command ACC1(config)#router ospf
ACC1(config-ospf)#ospf mode enable/
disable
Purpose Enables OSPF on the Accelerator
Chapter 4 87
4
Setting area ID
Command ACC1(config-ospf)#area number or
(x.x.x.x)
Purpose Sets the Area ID for the OSPF group.
Enabling Authentication
Command ACC1(config-ospf)# authentication-mode
enable/disable/MD5
Purpose Sets the Accelerator to require a password to work with other

OSPF devices.
Authentication mode enables MD5 encrypted authentication.
Setting the Locality Metric

Command ACC1(config-ospf)# high locality-metric
[number] low locality-metric [number]
Purpose Determines a range of subnets to be advertised. If a subnet is

between the high value and the low value, it should be
advertised.
Setting Networks
Command ACC1(config-ospf)# network (ip
address) x.x.x.x (subnet mask) x.x.x.x
Purpose Sets the networks to which OSPF will broadcast the

Accelerator’s routes.
Setting an Authentication Key

Command ACC1(config-ospf)# authentication-key
string
Purpose Sets a non-encrypted authentication password for the

Accelerator.
Setting Neighbors
Command ACC1(config-ospf)# neighbor x.x.x.x

4
Purpose Defines an OSPF neighbor for the Accelerator via the IP
address.
Viewing OSPF Configuration

Command ACC1(config-ospf)# show
Purpose Displays OSPF settings.
Working with Router Polling

The Accelerator’s Router Polling feature enables the Accelerator to retrieve route rules
from the router’s routing table. The Accelerator uses SNMP to collect the router’s
routing table and add it to the Accelerator’s list of routes. You can filter the list by
collecting only routes learned by specific protocols.
To configure router polling:

1. Select Setup - Networking - Router Polling.
2. Set the parameters as follows.
Chapter 4 89
4
Router Polling Enable or Disable Router Polling.
Enables the Accelerator to retrieve route rules from
the router’s routing table.
Polling Sets the frequency with which the router is polled

Interval (in seconds). Default is 180 seconds.
Primary Selects whether to use the local default gateway or

Router IP to set an IP address manually.
Address
Secondary Selects whether not to use a secondary router IP

Router IP address (default) or to set an IP address manually.
Address
SNMP Version Sets the SNMP version to be used for polling the
router.
SNMP Sets the SNMP community to be used for polling

Community the router.
Name
Polling Lists the polling protocols used for retrieving the

Protocols route rules from the router’s routing table.
Table
Configuring Router Polling via the CLI

Enabling Router Polling
Command ACC1(config)# router-polling
Purpose Enables the Accelerator to retrieve route rules from the router’s
routing table.
Setting Polling
Command ACC1(router-polling)#polling [enable |
disable]
Purpose Enables/Disables Router Polling.

4
Setting Polling Protocols
Command ACC1(router-polling)#poll [protocol
name(s)]
Purpose Lists the protocols to be polled for.
Setting Polling Interval

Command ACC1(router-polling)#polling-interval
Purpose Sets the frequency with which the router is polled (in seconds).
Default is 180 seconds
Setting Polling Router

Command ACC1(router-polling)# router ip (x.x.x.x)
Purpose Sets the IP address of the router to be polled.
Setting Router Polling SNMP Version

Command ACC1(router-polling)#snmp version [1 |
2c]
Purpose Sets the SNMP version to be used for polling the router.
Setting Router Polling SNMP Community

Command ACC1(router-polling)#snmp community
[name]
Purpose Sets the SNMP community to be used for polling the router.
Chapter 4 91
4
Working with RIP
Once the Accelerator is set to work with RIP, it detects all subnets (including the
Accelerator’s local network) connected to all routers on all connected networks and
adds these to the Accelerator’s subnet and route tables.
By default, all subnets detected via RIP are set to “Not Advertised”. Advertised subnets
are the Accelerator’s subnets, which are broadcasted to other Accelerators when link
negotiations occur.

4
Configuring RIP
Configuring RIP is accomplished via the Setup - My Accelerator - My Routes menu.
To configure RIP:
1. In the Accelerator WebUI, Click on the Setup tab,
and then the My Accelerators tab, followed by the
My Routes menu.
2. Click on the RIP button.
3. Set the parameters as follows:.
RIP Mode Set RIP Mode to Enable, Passive or Disabled.

Enabled Mode allows configuration of RIP
parameters.
Disabled RIP Mode will save any previously
configured RIP settings, but will disable RIP
capabilities.
Passive mode enables RIP in a listening mode
without sending updates.
Version Select the RIP version in use on the network: either

RIP version 1 or RIP version 2.
Note that in cases where RIP route injection is
used, the RIP version should be set to version 2.
Authenticatio Authentication on the Accelerator must match the

n RIP authentication set across the network.
When working with RIP version 1, Authentication must
be disabled. Set the Authentication to None, Key, or
MD5:
None: When no authentication is necessary to
communicate with other RIP devices.
Chapter 4 93
4
Key: When a non-encrypted authentication
password is needed to communicate with other
devices in the RIP network, insert the key used.
This key is a common string (non-encrypted) that
must be set according to what is set across all
devices on the network using RIP.
MD5: When an MD5 authentication password is
needed to communicate with other RIP devices,
insert the encrypted key used. This must be the
password that is set across all devices on the
network that use RIP. Set the ID number according
to this authentication password’s ID number across
the RIP network.
Neighbor IP The Accelerator automatically detects neighboring

RIP routers. If a router was not auto-detected, you
can manually add up to 20 routers to the Neighbors
Table. This is particularly important if the
Accelerator is on a subnet that does not use RIP.
The Accelerator can receive its RIP routing
information from a neighboring router on a subnet
that uses RIP.
Configuring RIP via the CLI

Enabling RIP
Command ACC1(config)#router rip
ACC1(config-rip)#rip-mode enable/
disable
Purpose Enables RIP on the Accelerator.
Enabling authentication
Command ACC1(config-rip)# authentication-mode
enable/disable/MD5
Purpose Sets the Accelerator to need a password to work with other

RIP devices.
authentication mode enables MD5 encrypted authentication.

4
Setting an authentication key
Command ACC1(config-rip)# authentication-key
string
Purpose Sets a non-encrypted authentication password for the

Accelerator.
Setting Networks
Command ACC1(config-rip)# network (ip
address) x.x.x.x (subnet mask) x.x.x.x
Purpose Sets the networks to which RIP will broadcast the Accelerator’s
routes.
Setting neighbors
Command ACC1(config-rip)# neighbor x.x.x.x
Purpose Defines an RIP neighbor for the Accelerator via the IP address.
Setting RIP to Passive Mode

Command ACC1(config-rip)# passive-mode [enable
| disable]
Purpose Sets RIP to work in Passive mode.
Viewing RIP Configuration

Command ACC1(config-rip)# show
Purpose Displays RIP settings.
Enabling Packet Interception

When the Accelerator is deployed in On-LAN mode, WAN traffic must be redirected
through the Accelerator in order for it to work. To do that, use one of the following
methods: RIP Route Injection, Web Cache Communication Protocol (WCCP) or Policy
Based Routing (PBR).
Chapter 4 95
4
RIP Route Injection adds a route rule to the router’s routing table, which forwards all
traffic from the Accelerator’s subnets to the Accelerator. The Accelerator will then return
the packets to the router after they have been processed by the Accelerator. The
routes to these subnets, set on the Accelerator, are learned by the router during RIP
negotiation.
NOTE: RIP must be in Active mode and set to version 2 for RIP
Route Injection to operate. For more information, see
section Working with RIP, on page 92.
WCCP, the Web Cache Communication Protocol, is another way in which the router
can learn to forward all traffic from the Accelerator’s subnets to the On-LAN
Accelerator. WCCP, a protocol usually used for directing Web traffic to a local Web
Cache Server before forwarding requests across the WAN, enables the Accelerator to
receive TCP/UDP traffic from the router (service groups 77 and 78).
By creating an IP GRE tunnel between the Accelerator and the router, the Accelerator
is able to receive and process all relevant traffic and return it to the router before it
traverses the WAN, as follows:
1. The Accelerator is set as a WCCP device.
2. The router directs traffic to the Accelerator.
3. The Accelerator returns accelerated traffic to the router in a GRE tunnel.
4. Data is removed from the GRE tunnel, and sent to its destination.

4
NOTE: For packet-interception with RIP injection, the number
of injected routes is as follows:
the number of injected subnets = 32 – Mask_Len
or if If Mask_Len <= 8, then the formula is:

the number of injected subnets = 32 – Mask_Len + 1
For example: for 10.0.0.0/30, 2 subnets

for 10.0.0.0/8, 25 subnets
Setting WCCP on the Router

When working with WCCP, it is necessary to configure WCCP to work on the
network’s router. You can use the following CLI commands to configure WCCP on the
Accelerator. For information regarding the configuration of WCCP on Cisco routers,
see the Configuration Guide supplied with your router.
Configuring WCCP via CLI

Enabling WCCP
Command ACC1(config)#packet-interception wccp
Purpose Enters WCCP configuration mode.
Activating WCCP
Command ACC1(packet interception WCCP)#wccp-
mode [enable | disable]
Purpose Activates/Deactivates WCCP mode.
Chapter 4 97
4
Setting WCCP Authentication
Command ACC1(packet interception
WCCP)#authentication [none | password
word]
Purpose Sets a password for WCCP authentication.
Setting WCCP Priority

Command ACC1(packet interception
WCCP)#priority [0-255]
Purpose Sets the WCCP priority.
Setting WCCP Router IP

Command ACC1(packet interception WCCP)#router-
ip[x.x.x.x]
Purpose Sets the WCCP router IP address.
Setting WCCP TCP Service ID

Command ACC1(packet interception WCCP)#tcp-
service id [51-99]
Purpose Sets the WCCP TCP service ID.
Setting WCCP UDP Service ID

Command ACC1(packet interception WCCP)#udp-
service id [51-99]
Purpose Sets the WCCP UDP service ID.

4
Setting the Accelerator’s Time
By default, time settings are configured automatically on the Accelerator based on the
local time of the attached management PC. You can alter the time setting manually, or
set it to receive time synchronization from a Simple Network Time Protocol server
(SNTP).
To set the Accelerator’s clock:

Accelerator, followed by Time.
2. In the Time menu, select either Set device time or
Use SNTP.
For manual time settings, insert the local time and
date for the Accelerator.
For SNTP, input the server IP address and the
frequency with which the server is to be polled for
time updates.
3. Click the Submit button.
Chapter 4 99
4
Configuring DHCP Servers
Managing the DHCP server/s on your system requires a configuration file.
By default, the DHCP server is disabled. To enable it, you have to download the
sample DHCP configuration file and save it on your system. When you have a
configuration file, you can either use the current file or customize the file and then
upload the customized file.
To display the lease data of a selected IP address:

1. In the Accelerator’s WebUI, click on Setup >
Networking, followed by DHCP.
2. In the DHCP Server field, set the status to Enable.
3. In the Lease section, enter an IP address of your
choice and click the Show Lease button.
The host name, IP address and expiry date will
be displayed on the screen.
Activating DHCP Relay Agent

The DHCP relay agent allows placing DHCP clients and DHCP servers on different
networks, thus solving the problem that arises because DHCP broadcast messages do
not, by default, cross the router interfaces, without using the costly solution of placing a
DHCP server on each network segment.
Choosing the DHCP relay agent solution lets you use fewer DHCP servers and place
these machines in central locations. To solve the problem of DHCP broadcast
messages, you can configure the routers to pass DHCP/BOOTP messages selectively,
a process known as BOOTP relay.

4
A router or Accelerator that carries out DHCP relay does not just forward BOOTP
broadcast messages, but actually examines the packet, makes appropriate changes to
it, and only then relays the packet to a DHCP server. The DHCP server to which the
packet is relayed is configured by adding a Helper Address on the router or an IP
address under the local interface of the Accelerator.
The relay agent communicates with a DHCP server and acts as a proxy for DHCP
broadcast messages that need to be routed to remote segments. Like the router-based
BOOTP Relay Agent, the DHCP Relay Agent is configured with addresses of DHCP
servers to which they should relay the DHCP message. The DHCP Agent
communicates with the DHCP server by using unicast communications instead of
broadcast messages. Therfore, the Agent’s requests cab be routed to a server on a
remote network, regardless of segment boundaries.
Configuring an Accelerator to carry out DHCP Relay

Follow these steps to configure an Accelerator for functioning as a DHCP relay agent:
1. Under Local Interface, enter IP helper address X.X.X.X as the address of the
DHCP server.
2. Enable DHCP agent under the local interface.
You will see the following output once configured:
A DHCP relay agent may receive a client DHCP packet forwarded from a BOOTP/
DHCP relay agent closer to the client and may or may not already have a DHCP
relay agent option on it.
Chapter 4 101
4
Following is a brief description of each dhcprelay option:

Append - if the append flag is set, the relay agent will append an agent option field to
each request before forwarding it to the server.
Discard - this option will discard all options sent by another DHCP relay.
Forward - this will forward all options from another DHCP relay.
Replace - this option will repalce the options sent by another DHCP relay with options
set on the Accelerator.
Drop-no-match - this will drop the options without counting the packets.
Max-length - this is the maximum length allowed.

4
Setting ExpandView Agent Parameters
If you purchased ExpandView, ExpandView will automatically discover a new
registered Accelerator as soon as a link to that Accelerator is established. However, if
the default settings of ExpandView are changed (for example, port), or if the auto-
discovery fails, you have to update the ExpandView agent’s parameters accordingly.
To define ExpandView agent’s parameters:

Accelerator, followed by ExpandView.
2. In the ExpandView menu, select the Enable
ExpandView Agent box.
3. Enter the ExpandView Agent’s IP address and
port number.
4. Click the Submit button to submit the registration
request.
If all parameters were entered appropriately, the
Status line now displays the current status
(enabled/disabled).
Chapter 4 103
4
Studying Sample CLI Subnet Configuration
Network
The sample CLI Subnet Configuration is as follows:

ACC1# configure terminal
ACC1(config)# router ospf
ACC1(config-ospf)#area 20.0.0.6
ACC1(config-ospf)# authentication-mode enable
ACC1(config-ospf)# authentication-key accelerator
ACC1(config-ospf)# neighbor 30.0.0.0/8

ACC1(config)# routing rip
ACC1(config-rip)# authentication-mode md5
ACC1(config-rip)# authentication-key accelerator
ACC1(config-rip)# neighbor 30.0.0.0/8
ACC1(config)# subnets
ACC1(SUBNETS)#network 30.0.0.0 255.255.0.0
ACC1(SUBNETS)#not-advertise 30.0.0.0 255.255.0.0
ACC1(SUBNETS)#exit

5
5 Monitoring the Network
This chapter explains how to use and understand the Accelerator’s advanced graphic
reporting and statistics feature that enables monitoring of Accelerator performance and
throughput.
This chapter includes the following sections:
Introduction to Monitoring, on page 106
Working with Monitoring, on page 107
Installing the JAVA Applet, on page 107
Studying The Monitoring Window, on page 109
Using Link Statistics and Graphs, on page 111
Viewing Throughput Statistics per Link, on page 111
Viewing Utilization Statistics per Link, on page 112
Viewing Acceleration Statistics per Link, on page 112
Viewing Compression Statistics per Link, on page 114
Discovering Traffic, on page 119
Viewing Detected applications, on page 119
Viewing Monitored Applications, on page 122
Discovering Layer-7 Applications, on page 123
Viewing Applications’ Statistics and Graphs, on page 125
Viewing Throughput Statistics Per Application, on page 127
Viewing Utilization Statistics per Application, on page 128
Viewing Acceleration Statistics per Application, on page 128
Viewing Compression Statistics per Application, on page 129
Viewing Bandwidth Distribution Statistics per Application, on page 129
Monitoring Applications, on page 130
Gathering Statistics for Detected Applications, on page 131
Viewing Summary Graphs, on page 132
Chapter 5 P. 1 0 5
Monitoring the Network
5
Introduction to Monitoring
All statistics generated for these graphic reports are saved in the Accelerator history
log, so that if Windows closes or if an Accelerator reboots, you can easily re-access the
chart or graph via the Accelerator Web UI.
The graphs are automatically updated, according to a set frequency. The Accelerator
samples the data behind-the-scenes and stores it in a compact way, which lets you
view data up to the minute over a period of up to a year. This sampled data represents
the average over the selected period of time.
Expand recommends that you open a maximum of five charts per-Accelerator
simultaneously. The monitoring feature, available via the Monitor tab, lets you view
statistics and graphs for From WAN, To LAN, To WAN, and From LAN traffic, as
described in the following figure:
IMPORTANT: In a non-link environment, if a local subnet is not

defined as LOCAL, the Accelerator QoS and Monitoring
features will not function properly. Ensure that all Local
subnets are defined as local.

5
Working with Monitoring
To work with monitoring, you first need to take several steps, defined in the following
sections:
Installing the JAVA Applet, on page 107
Using Verisign Security Certificate, on page 107
Studying The Monitoring Window, on page 109
NOTE: The Accelerator’s graphic reporting feature works with

the Java-Applet (JRE 1.4 and up). The PC used for
viewing the graphs must support Java runtime
environments and a Java plug-in must be installed in
order to view the Accelerator’s graphs
Installing the JAVA Applet

To determine whether you need to install the Java plug-in, from the Start button, click
Settings and then Control Panel, and then Add or Remove Programs. Search the list
for JAVA 2 Runtime Environment.
If you do have this software installed and have verified that you are using the correct
version, you are ready to begin working with the Accelerator’s Graph Monitoring
feature.
If the JAVA plugin is not installed on the PC, download and install plugin.
This will let you view the Accelerator’s Graphic-Reporting feature by opening a new
Internet Explorer window and entering the Accelerator’s IP address into the Address
field.
Using Verisign Security Certificate

In order to work with the Monitoring feature, Windows will ask you to verify that the
Accelerator is a trusted site, by displaying the popup window shown below.
To avoid seeing the popup each time you try to access the Monitoring menu, it is
recommended that you click the Always button.
Chapter 5 107
M o n i t o r in g t h e N e t w o r k
5

5
Studying The Monitoring Window
Direction The Accelerator’s monitoring feature lets you view

statistics for inbound our outbound traffic on the
Accelerator.
Link The Accelerator’s monitoring feature lets you view

statistics per link, for a specific link, for the total for all
Accelerator’s links, for the total for compressible links,
for the non-link, or for the total for virtual links.
View Last Scroll down in the View Last drop-down menu to select
the period for which the graph is displayed. The default
period is 30 minutes.
Link Speed You can set the link speed in the fields above the graph
to add a line to the displayed graph, enabling you to see
the limit of throughput that can actually traverse the link.
By default, when Auto is selected in the link speed
column, the link speed is set to the bandwidth set for the
link selected. When total is selected in the Link column,
the default link speed (when Auto is selected in the Link
speed column) is set to either the total bandwidth set for
all links or the sum of all WAN bandwidths; total is the
lower value of the two.
Chapter 5 109
5
Peak Data Select the Show checkbox if you want to see the peak
lines representing the highest statistics achieved for the
reported period. All graphs displayed give an average of
the performance for any given interval. Therefore,
viewing Peaks is necessary for understanding the
Accelerator’s overall performance.
Click the Export to CSV button to save the generated

graphs as a CSV file. You will be directed to browse to a
Export to CSV location in which to save the file. The file created
generates a table with the following fields:
Name, Description, Period, Interval, Sample Time, In,
Peak In, Effective In, Effective Peak In, Inbound
Acceleration, Inbound Peak Acceleration, Inbound
Compression, Inbound Peak Compression, Out, Peak
Out, Effective Out, Effective Peak Out, Outbound
Acceleration, Outbound Peak Acceleration, Outbound
Compression, Outbound Peak Compression
For a description of these fields, see section Gathering
Statistics for Detected Applications, on page 131.
Click the Save button to save the generated graphs as

a JPG or a PDF file. You will be directed to browse to a
Save location in which to save the file. The PDF file created
displays each graph in the selected Monitoring window
and a brief description of each.
11 0 AcceleratorOS 6.1 User Guide

5
Using Link Statistics and Graphs
The link statistics and graphs let you monitor the performance of the Accelerator and
its links. Alternatively, you can monitor the Accelerator based on the Applications
traversing its links.
Viewing Throughput Statistics per Link
This Throughput Statistics per Link graph lets you monitor how much traffic passed
through the Accelerator. It lets you compare between accelerated throughput, (what
actually goes over your WAN link) and the pre-accelerated throughput, which is the
throughput that would have been used without the Accelerator’s compression
mechanisms. The blue area represents the actual bandwidth used with the Accelerator,
while the yellow represents the amount of bandwidth that would have been used
without the Accelerator.
NOTE: If the Accelerator is not deployed the available

bandwidth is reduced, therefore one should expect to
see slower rates used by their servers and hosts.
C h a p te r 5 111
5
Viewing Utilization Statistics per Link
The Utilization Statistics per Link graph lets you monitor how much of the links is
being utilized. The traffic displayed is accelerated traffic, and therefore cannot exceed
100% of the link speed. Selecting the link speed is necessary in order for the Utilization
graph to display accurate data.
Viewing Acceleration Statistics per Link
The Acceleration Statistics per Link graph lets you view acceleration percentages for
inbound and outbound traffic on the Accelerator per interface/link or for the total for the
Accelerator.
5
Understanding Acceleration
The Acceleration percentage describes how effectively the Accelerator is processing
and compressing the traffic. This statistic does not take into account traffic that
bypasses the acceleration mechanism. Acceleration percentages are calculated as
follows:
To Calculate acceleration:
Refer to the Monitor > Links > Statistics menu for data to be used
in the following procedure.
1. Multiply the number of In Packets by 14.
(This will account for the Ethernet Layer-2
header.)
Subtract this number from the number of In
Bytes.
2. Divide this number by the sum of the Out Packets
multiplied by 14 and subtracted from Out bytes.
3. Subtract 1 from the sum.
4. Multiply the ratio by 100 to arrive at the
acceleration percentage.
InBytes:
Incoming bytes (from LAN) - Do not tunnel bytes- Routing bytes- Passthrough bytes
InPackets:
Incoming packets (from LAN) - Do not tunnel packets - Routing packets - Passthrough
packets
C h a p te r 5 11 3
5
OutBytes:
Outgoing bytes (to the WAN) - Do not tunnel bytes - Routing bytes - Passthrough bytes -
System messages bytes
OutPackets:
Outgoing packets (to the WAN) - Do not tunnel packets - Routing packets - Passthrough
packets - System messages packets.
Do not tunnel Traffic set with the “Do Not Tunnel” decision, Non-link
traffic, Virtual link traffic
Routing Traffic between the Accelerator and the local router to

retrieve routing information for the local LAN
Passthrough Traffic set with the “Do Not Accelerate” decision,

overload traffic
System messages Keepalives and so on.
For example: in a simple scenario in which the packet size is 1000 bytes:
If InBytes = 300,000 and OutBytes = 100,000 then:
Viewing Compression Statistics per Link

5
The Compression graph displays the amount by which traffic was reduced by the
Accelerator. The figure shown represents in percents, how much less data is passing
over the physical link because of acceleration.
Viewing Statistics per Link

The Accelerator’s Statistics table presents data presented in the Link graphs in table
format per link or for the entire traffic.
To view a statistics table:
1. In the Accelerator’s WebUI, click on Monitor,
followed by the Links tab and then the Statistics
tab.
2. Select a link from the drop-down menu, or Total
to view statistics for all links.
3. From the drop-down menu, select the statistics to
be displayed: All, Throughput, Errors,
Acceleration.
In Bytes Number of input bytes.
Raw In Bytes Total incoming bytes being accelerated using

these links.
C h a p te r 5 11 5
5
In Packets Number of input packets.
Dropped In Incoming Packets that were dropped by QoS

Packets enforcements (queues / obsolete / etc.).
Discarded In Incoming Packets that were discarded by a rule

Packets with discard policy (discard all P2P)
Agg Default In Incoming Packets that were aggregated as part

Packets of the default post-acceleration aggregation
policy.
Agg Custom-1 Incoming Packets that were aggregated as part

In Packets of the custom-1 post-acceleration aggregation
policy.
Agg Custom-2 Incoming Packets that were aggregated as part

In Packets of the custom-2 post-acceleration aggregation
policy.
Agg Citrix In Incoming Packets that were aggregated as part

Packets of the Citrix post-acceleration aggregation
policy.
CRC Errors Number of CRC-errored packets received
Other Errors Unexpected errors received
In Inbound Acceleration percentage

Acceleration
In Actual Acceleration that considers all incoming

Acceleration throughput over the selected period
In Inbound compression percentage

Compression
Out Bytes Number of outgoing bytes
11 6 AcceleratorOS 6.1 User Guide

5
Raw Out Total outgoing bytes being accelerated using
Bytes this link
Out Packets Number of outgoing packets
Dropped Out Outgoing Packets that were dropped by QoS

Packets enforcements (queues, obsolete and so on.)
Discarded Out Outgoing Packets that were discarded by a rule

Packets with discard policy (discard all P2P)
Pass-thru Out Number of packets that were transmitted out of

Packets the Accelerator in Pass-thru mode with no
acceleration
Poly Out Number of small packets aggregated, or

Packets combined, before transmission
Agg Default Outgoing Packets that were aggregated as part

Out Packets of the default post-acceleration aggregation
policy.
Agg Custom-1 Outgoing Packets that were aggregated as part

Out Packets of the custom-1 post-acceleration aggregation
policy.
Agg Custom-2 Outgoing Packets that were aggregated as part

Out Packets of the custom-2 post-acceleration aggregation
policy.
Agg Citrix Out Outgoing Packets that were aggregated as part

Packets of the Citrix post-acceleration aggregation
policy.
Do Not Acc Number of packets sent out marked as Do not

Packets Accelerate
Do Not Tunnel Number of packets sent out marked not to be

Packets routed into the link
C h a p te r 5 11 7
5
Out Outbound Acceleration percentage
Acceleration
Out Actual Acceleration that considers all outgoing

Acceleration throughput
Out Outbound compression percentage

Compression
All statistic items are displayed according to:

Data Lists type of statistic gathered.
System Up Data transferred over the link selected that was

collected since the Accelerator was powered on.
Data is listed in KB, in percentages, or in
number of packets.
Since Clear Data transferred over the link selected that was
collected since the Accelerator’s counters were
last cleared. Data is listed in KB, in percentages,
or in number of packets.
Last 5 Data transferred over the link selected that was

Seconds collected over the last 5 seconds. Data is listed
in Kbps or in percentages.

5
Discovering Traffic
The Traffic menu lets you view applications running on the network. Traffic is divided
into the following categories: Detected traffic (all other applications detected on the
network - non-classified traffic that is not part of a predefined or user-configured
application type), Monitored traffic (all applications set to enable “collect statistics”),
and Layer-7 discovery (the application properties discovered on the network).
Viewing Detected applications

The Detected Applications menu lets you view all detected applications that traverse
the network. You can view the applications coming in both directions (from LAN to
WAN and conversely), the throughput before and after the acceleration, and the
acceleration rate.
C h a p te r 5 11 9
5
Viewing Detailed Traffic Discovery
To view detailed traffic discovery for detected applications:
1. In the Accelerator WebUI, click Monitor, followed
by Traffic Discovery and then Detected
Applications.
2. Click on the Details column.
3. The Traffic Discovery dialog box appears.
This window contains the following items:

The Clear Counters button - this button lets you clear all counters for the discovered
application. This is useful in case you want to start collecting new statistics without
restarting the system.
The Inbound section - details data regarding the inbound traffic. All data items detailed
here can be seen since the system was last started (System up), since the last time the
counters were cleared (Since Clear) or in the last five seconds.
The Outbound section - details data regarding the outbound traffic. All data items detailed
here can be seen since the system was last started (System up), since the last time the
counters were cleared (Since Clear) or in the last five seconds.
The Inbound section details the following data items:
In Bytes - the amount of compressed bytes that entered the link in this specific system.
Raw In Bytes - the amount of pre-compressed bytes that entered the link in this specific
system.
Queued in bytes - the amount of bytes waiting to enter the system.
In Packets - the amount of compressed packets that entered the link in this specific
system.
5
Dropped In Packets - the amount of packets that were not accelerated.
Discarded In Packets - the amount of packets that were discarded before passing through
the link.
The Outbound section details the same data items, in the outbound direction.
Chapter 5 121
5
Viewing Monitored Applications
The Monitored Applications menu lets you view all monitored applications traversing the
network. You can view the applications coming in both directions (from LAN to WAN
and conversely), the throughput before and after the acceleration, and the acceleration
rate.

5
Discovering Layer-7 Applications
The L-7 table lists the application properties discovered on the network. These may be
L7-applications that have been defined already or L7-applications that are not defined
but have been detected. To configure the QoS parameters of these applications,
double-click the applications in the table.
To discover which HTTP/Citrix applications are present on
the network:
1. In the Accelerator WebUI, click Monitor, followed
by Traffic Discovery and then L7 Discovery.
2. In the Parent L7 Application field, select either
HTTP or Citrix.
3. Select the Enable Discovery checkbox.
By default this checkbox is disabled.
4. The L7 table lists the application properties discovered
on the network. These may be L7-applications that
have been defined already or L7-applications that are
not defined but have been detected.
To configure the QoS parameters of these
applications, double-click the applications in the
table.
This eases the process of defining QoS for the
applications, because the L7 application
parameters are detected and filled-in
automatically (MIME type, URL, Citrix Application
name and client and so on).
Chapter 5 123
5

5
Viewing Applications’ Statistics and Graphs
The WebUI lets you display statistics and save them in external formats such as PDF
and Excel. In addition, you can monitor the Accelerators in your system.
The WebUI lets you display statistics and save them in external formats such as PDF
and Excel. In addition, you can monitor the Accelerators in your system.
You can use the WebUI to carry out the following operations:
Viewing Throughput Statistics Per Application, on page 127
Viewing Utilization Statistics per Application, on page 128
Viewing Acceleration Statistics per Application, on page 128
Viewing Compression Statistics per Application, on page 129
Viewing Bandwidth Distribution Statistics per Application, on page 129
Monitoring Applications, on page 130
Gathering Statistics for Detected Applications, on page 131
Graphs viewed per application let you view statistic data items, export them into a CSL
file, or save them in Acrobat (PDF) format.
For each graph, the following options are available, as seen in the screen below:
Chapter 5 125
5
Application Select an application to view, or select Top 10
or From List.
Top 10 will display results for the ten
applications that are most prevalent on your
network.
From List will display the ten applications
selected in the Monitored Applications window.
Direction The Accelerator’s monitoring feature lets you

view data for From WAN, To LAN, To WAN and
From LAN traffic on the Accelerator.
Link The Accelerator’s monitoring feature lets you

view data per link or for the total for all of the
Accelerator’s links.
View Last Scroll down in the View-last drop-down menu to

select the period for which the graph is
displayed. The default period is 30 minutes.
Link Speed You can set the link speed in the fields above
the graph to add a line to the displayed graph,
which lets you see the limit of throughput that
can actually traverse the link.
Peak Data Select the Peak checkbox if you want to see the
peak lines representing the best statistics
achieved for the reported period. Because all
graphs displayed give an estimate of the
performance for any given interval, it is
necessary to view the peaks for a full picture of
the Accelerator’s overall performance.
Setting up Graphs
Only applications defined as “monitored” applications are displayed in the application
graphs. The Traffic Discovery menu lets you view all applications traversing the
network.

5
Viewing Throughput Statistics Per Application
The Throughput Statistics per Application graph lets you monitor how much traffic
per application passed through the Accelerator. It lets you to compare between
accelerated throughput, (what actually goes over your WAN link) and the pre-
accelerated throughput, which is the throughput that would have been passed without
our advanced compression mechanisms. The blue area represents your bandwidth
gains with the Accelerator, allowing you to see just how much the Accelerator is really
adding to the line.
You can view the graph per each application, for the top 10 applications or for ten
selected applications.
To enable monitoring of a discovered application:
1. In the Accelerator’s WebUI, click on Monitor
followed by Applications, followed by Monitor applications.
2. In the Applications table, highlight the
applications to be monitored and use the arrow
keys to add or remove them from the monitored
applications table.
3. In the Apply to Link field, scroll down to select the
link whose traffic you want to display.
Chapter 5 127
5
Viewing Utilization Statistics per Application
The Utilization Statistics per Application graph lets you monitor how much of the
link/s is being utilized. The traffic displayed is accelerated traffic, and therefore cannot
exceed 100% of the link speed.
Viewing Acceleration Statistics per Application
The Acceleration Statistics per Application graph lets you view acceleration
percentages for inbound and outbound applications on the Accelerator per interface/
tunnel or for the total for the Accelerator.

5
Viewing Compression Statistics per Application
Compression graphs display, in percents, the amount by which data traffic over the
physical link was reduced by the Accelerator.
Viewing Bandwidth Distribution Statistics per

Application
To gain a better picture of what kind of traffic is traveling across your line, this
Bandwidth Distribution Graph details the percentage of bandwidth consumed by each
selected class.
The distribution is for accelerated data, meaning that traffic types that benefit from a
high acceleration percentage consume a relatively small percentage of the line, though
they constitute a higher percentage of the pre-accelerated data.
Chapter 5 129
5
Monitoring Applications
This section explains how to use and understand the Accelerator’s advanced graphic
reporting and statistics feature that enables monitoring of accelerated applications.
Applications are either predefined or user-defined. By default, 50 of the predefined
applications are considered Monitored applications (see Pre-Defined Applications, on
page 353), and all user-defined applications are Monitored by default. Monitored
applications are applications for which statistics are saved in the Accelerator to be
displayed in graphs and charts. You can monitor simultaneously up to 50 applications
on each Accelerator, and up to 10 applications on each link.
To gather statistics for a predefined application:

1. In the Accelerator’s WebUI, click on Setup,
followed by My Applications.
2. Under View select Defined Applications.
3. Click the application whose statistics are to be
saved.
The Edit Application screen appears.
4. Select the Collect statistics checkbox.
5. Click Submit.
After you selected the applications for which you want to gather statistics, you can use
the Monitor Applications menu to select up to 10 applications for which statistics can be
provided as a unit. Use the arrow button to move the requested applications from the
Applications table to the Monitored Applications table.
5
Gathering Statistics for Detected Applications
To enable application statistics gathering:
1. In the Accelerator’s WebUI, click on the Monitor
tab, followed by Traffic Discovery.
2. In the Detected Applications window, click on the
name of the requested detected application>
The Create Application from Discovered Traffic
window appears.
3. In this window, select the Collect statistics
checkbox.
The application will now appear in the list of
Monitored Applications.
5. Under Applications, click Monitor Applications.
6. In the Apply to Link scroll down menu, select the
link over which this application should be
monitored: this can be all links, a specific link or
the Non-link.
7. Highlight the names of applications you want to
monitor and use the arrow button to add them to
the list of monitored applications.
The list of monitored applications created can be
selected to be viewed from any of the application
graph screens by selecting From List from the
Applications scroll down text box.
To modify the list, click the Edit List link found
next to the From List selection.
NOTE: As soon as even one undefined packet is detected (TCP/

UDP) it will be displayed as an unrecognized port in the
traffic discovery list.
Chapter 5 131
5
Viewing Summary Graphs
The Accelerator lets you view a selection of important performance graphs to provide
you with an overview of your network performance. The Summary menu lets you view
several graphs via a single screen. The data used in the graphs is based on the total
traffic on all Accelerator links.
To view summary graphs:
1. In the Accelerator’s WebUI, click on Monitor
followed by Summary.
2. Select the link, view last, link speed and peak
data options

5
Viewing Ethernet Statistics
The accelerator lets you view a statistic detailing of the data displayed on the
monitoring graphs. You can view the data in either of the following ways:
Via the WebUI
Via the CLI
Via the WebUI

Follow these steps to view, via the WebUI, a statistic detailing of the data displayed on
the monitoring graphs:
1. In the accelerator’s WebUI, click on monitor followed by interfaces.
2. In the Ethernet statistics screen, select the relevant Ethernet card.
All statistic items, in both inbound and outbound directions, are displayed according to:
Data Lists type of statistic gathered
System Up Data transferred over the selected link, which was

collected since the Accelerator was powered on.
Data is listed in KB, in percentages, or in number of
packets.
Chapter 5 133
5
Since Clear Data transferred over the link selected that was
collected since the Accelerator’s counters were
last cleared. Data is listed in KB, in percentages,
or in number of packets.
Last 5 Data transferred over the link selected that was

Seconds collected over the last 5 seconds. Data is listed
in Kbps or in percentages.
Via the CLI

The following commands let you configure viewing the Ethernet statistics via the CLI.
Viewing Interface Statistics

Command ACC1# show interface link
Purpose Displays Throughput and Performance statistics for all links

since up time, since last cleared and for the last 5 seconds.
Viewing Interface Statistics per Specific Link

Command ACC1# show interface link [ name]
Purpose Displays Throughput and Performance statistics for a link since

up time, since last cleared and for the last 5 seconds.
Enabling L-7 Traffic Discovery

Command ACC1(statistic)# discover [http |
citrix] [enable | disable]
Purpose Enables traffic discovery of HTTP or Citrix traffic traversing the

network.

5
Viewing L-7 Traffic
Command ACC1(config)# show discovered http |
citrix
Purpose Displays list of discovered HTTP or Citrix traffic traversing the

network.
Viewing Application Statistics

Command ACC1(config)# show application
Purpose Displays statistics for all applications.
Setting Applications as Monitored

Command ACC1(config)# monitored-application
[application name] normal [link number | Total]
Purpose Sets a specified application to be monitored over a certain link

or over all links.
Viewing Application Traffic

Command ACC1(config)# show traffic-discovery
[all| application name]
Purpose Displays all applications traversing the network.
Enabling Statistics History

Command ACC1# config
ACC(config)#[application name]
ACC1(name)#statistics-history [enable/
disable]
Purpose Enables gathering statistics for a particular application.
Chapter 5 135
5
Clearing Statistics
Command ACC1# clear counters link all
[ name]
Purpose Clears all counters. Adding a name at the end of the command
will clear statistics for a specific link only.

5
Configuring NetFlow Support
The Accelerator supports Cisco’s NetFlow protocol (version 5) , which enables
collecting traffic flow statistics on routing devices. NetFlow is based on identifying
packet traffic and reporting the traffic statistics to the collector. The traffic reported is
traffic before acceleration, which lets you receive data regarding “real” traffic (not
encrypted, tunneled or accelerated).
NetFlow does not involve setting any connection-setup protocol either between routers
or to any other networking device or end station, and does not require any change
externally—either to the traffic or packets themselves or to any other networking
device.
NetFlow provides various statistical data items (WAN-to-LAN or LAN-to-WAN), in
addition to the items generated by the Accelerator.
NetFlow uses the following SNMP names:
eth 1 (for ETH 0/0)
eth 2 (for ETH 0/1)
By using these names, the Collector will receive on-path indication even when on-LAN
deployment is used.
In the Collector, eth 2 is used as the Out port and eth 1 as the In port in LAN-to-WAN
deployment, while the opposite happens in WAN-to-LAN deployment (eth 1 is used as
the Out port and eth 2 as the In port). When using the CLI to configure NetFlow, you
have to indicate which port is used for connecting to the LAN.
The following traffic types are not reported:
WAN-to-WAN
LAN-to-LAN (including bridgeless traffic).
NOTE: The NetFlow collector listening port is needed for

establishing a connection between the Accelerator and
the collector. Ensure that this port is not blocked by a
firewall installed between the Accelerator and the
collector.
Chapter 5 137
5
Identifying the Traffic
NetFlow detects the local subnets’ source and destination addresses, and determines
the traffic direction according to these addresses: the local address will be detected as
LAN, while the other address will be detected as WAN. However, local subnets that
were configured in the Accelerator to be excluded (namely: to be connected through a
non-link) are detected as WAN.
NetFlow is completely transparent to the existing network, including end stations,
application software and network devices like LAN switches. In addition, NetFlow is
performed independently on each internetworking device, and need not be operational
on each router in the network. NetFlow exports data to a remote workstation for
collection and further processing. NetFlow does consume CPU resources; therefore, it
is important to understand the resources required on your Accelerator before enabling
NetFlow.
The Accelerator communicates data to Collector as it is set to act as any other probe
on the network, forwarding its packet statistics to the NetFlow Collectors, such as
Scrutinizer™ and PRTG™, which let you monitor and analyze Accelerator packets.
NOTE: For your convenience, an evaluation version of the

NetFlow collector has been provided for you on the
Documentation CD.
Enabling NetFlow
Command ACC1# netflow
ACC1(netflow)# ip flow-export [x.x.x.x]
port [1 to 65535] version [5]interface
ethernet
[0, 0/0, 0/1] template [full, long,
short]
Purpose Sets the Accelerator to forward all statistic information to the

NetFlow server for monitoring and analysis.
Input the IP address and port number of the NetFlow
collector, as well as the NetFlow version number. In
addition, enter the interface ethernet to be
monitored (the LAN interface Ethernet.
For more information on NetFlow statistics collected, see
NetFlow Monitored Statistics, on page 343.

5

6
6 Applying QoS
This chapter describes the procedures necessary for configuring the Accelerator’s QoS
plug-in. The QoS plug-in lets you prioritize traffic traversing the Accelerator network.
The chapter is divided into the following basic sections:
Carrying Out Basic QoS Configuration, on page 144.
Basic QoS configuration should be sufficient for relatively simple networks and basic traffic
prioritization. Basic QoS configuration lets you view traffic traversing the network, to create
applications for unrecognized traffic, and to prioritize these applications as well as
predefined applications.
Setting Advanced QoS Parameters, on page 159.
Advanced QoS enables a higher level of control, enabling the creation of rules for different
applications. These rules allow fine-tuning of the type of traffic filtered, as well as the type
of shaping set for the application.
NOTE: QoS settings take effect when there is congestion. Any

minimum bandwidth guaranteed to a traffic type will
only be set aside for this type of traffic if there is enough
of this type of traffic traversing the line.
Chapter 6 P. 1 4 1
A p p l y in g Q o S
6
Accelerator QoS
QoS, or Quality of Service, is designed to help manage traffic across the network in
order to combat the congestion, latency and greedy and rogue applications that all
contribute to poor application and network performance. Organizations need to be able
to allocate bandwidth to mission-critical applications, slow down non-critical
applications, and stop bandwidth abuse in order to efficiently deliver networked
applications to the branch office.
Studying the QoS Solution

The powerful QoS solution was designed with simplicity of management in mind. Traffic
is automatically categorized into application classes - the Accelerator arrives with
hundreds of applications predefined in the system. This makes it easier to generate a
picture of exactly what is traversing the network, in order to then decide what should be
traversing the network. Once a clear picture of the current network and the ideal
network is attained, easy to understand shaping policies like “real-time” or “block”
govern the flow of traffic. The Accelerator’s QoS mechanism is single-sided, in that it
can also work across a Virtual Link, in which the Local Accelerator does not work
opposite a Remote Accelerator. For a complete explanation as to how the QoS
mechanism functions and is implemented, see section Setting Advanced QoS
Parameters, on page 159.
QoS enables the Accelerator to provide the following:
Automatic Traffic Discovery
Accelerators automatically discover and classify hundreds of enterprise applications based
on Layer-3 (IP), Layer-4 (TCP, UDP, and so on) and even Layer-7 parameters including
web URLs, MIME types (for example: streaming audio) or Citrix (published applications
over ICA).
End-to-end application performance monitoring
Accelerators provide complete network visibility and enable speedy response to application
performance changes on an enterprise-wide scale with end-to-end monitoring and dozens
of reports.
Transparent to existing QoS infrastructure
Accelerators are transparent to router-based QoS implementations by honoring and
preserving priorities set on traffic flowing through them. Advanced networking features such
as router-based QoS rely on IP packet header information to be effective. The Accelerators
preserve packet header information and compress only the payload that integrates

6
seamlessly with advanced networking features such as router-based QoS, load-balancing,
WAN monitoring and MPLS tagging.
Priority treatment for critical applications
Accelerators enable important and urgent application traffic to get priority treatment with
advanced traffic shaping for both inbound and outbound traffic. Packet fragmentation
assures that VoIP/video latency budgets are not violated by large data packets, while
packet aggregation ensures higher WAN capacity and stabilizes jitter.
Guaranteed bandwidth for specific applications
Accelerators can reserve bandwidth for specific applications. This guarantees that you can
allocate delay-sensitive traffic such as VoIP a minimum amount of bandwidth to ensure
optimal voice quality even when WAN links are congested or oversubscribed.
Restricting rogue and greedy applications
Accelerators restrict greedy applications like file sharing and Internet audio streaming to a
maximum bandwidth budget in order to guarantee that other important applications are not
bandwidth-starved. Traffic bursts allow applications to take advantage of free capacity if
available.
Seamless integration with compression
When compression is enabled, the QoS mechanism automatically adjusts to account for
the extra available bandwidth created when traffic is compressed.
In the Accelerator, rule limit and desired shaping are applied to traffic before it is
compressed. However, link shaping (bandwidth for the link and the WAN) is applied to
traffic after it has been compressed, because the important result is end-user experience,
not the physical link usage.
While basic traffic management is simple via the My Applications menu, you can program
complex QoS with nested rules, decision trees and other advanced features.
Chapter 6 143
Applying QoS
6
Carrying Out Basic QoS Configuration
Basic QoS configuration is accomplished via the My Applications menu, which is
populated by all traffic types detected on your network. This menu lets you create new,
user-defined applications for traffic not categorized automatically as a predefined
application, and to set basic traffic shaping parameters for predefined and user-defined
applications - how should the network prioritize and handle each application.
IMPORTANT: In a non-link environment, if a local subnet is not

defined as LOCAL, the Accelerator QoS and Monitoring
features will not function properly.
NOTE: By default, the following encrypted applications will not

be accelerated:
pop3s, https, ircs, nntps, ftps, ftps-data, telnets, ssh,
sshell, ldaps, smtps, imaps.
Viewing My Applications
The My Applications Menu in the Accelerator WebUI lets you view traffic per
application, filtered by a certain criteria.
To view traffic per application:
1. Click on Setup followed by My Applications.
2. In the My Applications screen, select Discovered
traffic, Defined Applications, Monitored
Applications or All from the pull-down menu.
Classified traffic lists the traffic per system recognized application. Unclassified traffic
lists the traffic that is not recognized by any of the system-defined applications, per port
number.

6
The table displayed on the My Applications Menu details the Outbound Traffic (by
default, only classified traffic is displayed). Basic data about the settings for each traffic
type is provided, including Application Name, Minimum bandwidth set (if assigned),
Maximum bandwidth set (if assigned), Priority assigned, and acceleration status. The
From-LAN statistics pull-down menu lets you customize the statistics type to be viewed
for the applications, LAN to WAN (outbound traffic) or WAN to LAN (inbound traffic):
Chapter 6 145
Applying QoS
6
Creating New Applications
New applications should be created for all traffic types that do not already exist in the
list of predefined (classified) traffic applications, or as subsets of these applications to
further filter the traffic type selected.
To create an application:
1. In the My Applications menu, click the Create
Application button. The Create Application menu
opens.
2. Update the following parameters to define the
Application and how it is handled:.
Application name The default name for a new application is

new_application. You have to modify the name
of the application to a name indicating the type
of traffic considered in this application.
Maximum of 31 characters, no spaces. Special
characters are allowed.

6
Aggregation class The Aggregation Class setting controls the
Citrix Plug-in. The Citrix Acceleration Plug-in
feature utilizes network resources more
efficiently in LAN-based Accelerator
deployments and delivers improved
acceleration results for Citrix-hosted
applications.
Citrix MetaFrame users repeatedly access the
same content from the network. The
Accelerators’ Citrix Acceleration Plug-in feature
enhances support for Citrix MetaFrame
applications because, through the use of
statistical multiplexing, the Citrix Acceleration
plug-in allows more Metaframe data to traverse
the WAN. The Accelerator achieves this
increase in throughput by:
Consolidating Citrix header data in pure IP
implementations - IP header represents
significant overhead in small packets
generated by Citrix. It constitutes almost
30% of the Citrix packet. The Citrix
Acceleration plug-in removes repeat header
information and sends this data only once
across the network.
Consolidating Citrix payload in all
environments - the Citrix Acceleration plug-
in extracts data from small packets
originating from different Citrix MetaFrame
users, and sends packets optimized for
specific WAN conditions. The Citrix
Acceleration plug-in eliminates all
redundant data transmissions across the
WAN.
Controlling latency and jitter - the Citrix
Acceleration plug-in reduces latency and
jitter, especially over slow WAN links that
are commonly used for Citrix Metaframe
deployments.
Chapter 6 147
Applying QoS
6
The end-result is better, more consistent Citrix
performance; and support of up to four times
more Citrix users on the existing infrastructure.
Aggregation is performed at the link-level and
improves acceleration for traffic with small to
medium packets (like Citrix/ICA traffic or Telnet
traffic), and aggregates compressed packets.
The Aggregation class sets the class to which
this application is related. Aggregation reduces
the size of the traffic by aggregating
compressed packets, before sending them
over the WAN.
The compressed packets will be aggregated in
the link per class. The classes are defined via
the CLI and set the aggregation packet limit,
and will allow a pre-defined delay (window)
before sending the packets.
For aggregation class configuration details,
see Configuring Aggregation Classes, on page
177.
Collect statistics Enabling statistics history saves statistics for

this application for up to one year.
Don’t accelerate Traffic set to Don’t Accelerate will not be

compressed. It will, however, be tunnelled.
This setting is useful for traffic that does not
compress, but does not need to be transparent
(header preservation) to other network devices
while crossing the WAN. QoS will still be
performed on all traffic set to Don’t accelerate.
Don’t tunnel Traffic set to Don’t Tunnel will not be tunneled

and will not be compressed. This is a useful
setting for traffic such as HTTPS or encrypted
Citrix.
QoS will still be performed on all traffic set to
Don’t tunnel.

6
Application criteria The Application Criteria box lets you set the
type of traffic to be considered in an
application. These fields define a rule for
identifying traffic as part of this application.
TCP Port To set the application to be defined on the

basis of a TCP port or a span of TCP ports:
1.Select TCP port from the drop-down menu.
2.In the From field enter the first port
to be considered, in the To field
enter the last port to be considered.
For example, to change HTTP
application 80 to HTTP application
8080, enter 8080 into the From
field.
To define a single port, enter the
port number into the From field and
leave the To field empty.
3.Click the Add button.
The Criteria created appears in the
Criteria Table.
UDP Port To set the application to be defined on the

basis of a UDP port or a span of UDP ports:
1.Select UDP Port from the drop-down menu.
2.In the From field enter the first port
to be considered, in the To field
enter the last port to be considered.
For example, to change the TFTP
application from port 69 to port
4444, enter 69 into the From field
and 4444 into the To field.
To define a single port, enter the
port number into the From field and
Criteria Table.
Chapter 6 149
Applying QoS
6
Over-IP To define an application based on a specific
protocol:
1.Select Over IP from the drop-down menu.
2.In the From field enter the first
protocol number to be considered,
in the To field enter the last
protocol number to be considered.
To define a single protocol, enter
the number into the From field and
Criteria Table.
Criteria Table The criteria table lists all the criteria that must
be met in order for traffic to be considered part
of this application.
To delete entries in the Criteria Table, highlight
them and click the Delete button.
Prioritize The Prioritize box lets you set the shaping or

prioritization to be applied to the traffic type.

6
Order The order parameter sets the importance of
this rule. Traffic that enters the Accelerator is
dealt with by the QoS mechanism based on
Prioritization order number. Traffic that
matches the Application criteria set in order
number 100 will be handled according to the
setting for this application type, even if it may
match the criteria of other Applications with
other, less important priority order numbers.
If the two applications are set with the same
order priority, applications will be matched
according to the highest level of specificity first.
For example, if two applications have a priority
of 210, but one application is created for all
traffic in ports ranging from 2020 to 2060 and
the other application is created for traffic on
port number 2062, the 2062 traffic will be
handled first.
Another example of higher specificity is when
one application defines Layer-7 values and
another application with the same priority order
defines values only up to Layer-4 values; the
Layer-7 application shaping will be applied to
the traffic.
Most QoS settings do not necessitate setting
the Order field.
The order can be set from 100 to 65534.
Minimum bandwidth The Minimum bandwidth desired setting should

(desired) be used carefully. This parameter allocates a
certain amount of bandwidth to be saved for a
specific application type during periods of
congestion. You should set desired bandwidth
only for mission-critical, time-sensitive
applications, such as VoIP, which need 8 to 16
Kbps allocated throughput to function.
Chapter 6 151
Applying QoS
6
Maximum The Maximum bandwidth limit setting will put a
bandwidth (limit) ceiling on the amount of bandwidth that an
application can consume. This is useful for
bandwidth-greedy applications such as FTP or
P2P, to limit the amount of bandwidth they
consume.
ToS You can either preserve the original ToS

setting of the packets or set a new ToS value
for this application.
To preserve the original ToS value, click
the Preserve radio button. By default, ToS
preservation is enabled.
To set a new ToS value for this traffic, click
the Set radio button and select ToS value,
CoS ToS value or Code point from the
drop-down menu. Select a value.

6
Priority Set the Priority of the application to:

Blocked: Traffic set to Blocked will be dropped.
Low, Average and High: Traffic set to Low,
Average and High will be assigned bandwidth
on a proportional scale:
Low receives the lowest proportion of the
bandwidth.
Average receives a medium proportion of
the bandwidth.
High receives the greatest proportion of the
bandwidth.
Real Time: Real-time traffic always receives
bandwidth allocation according to strict priority.
This means that as long as real-time traffic is
traversing the network, all lower priority traffic
types will wait until there is free bandwidth,
thus starving all lower priority applications with
the exception of applications that received a
Minimum bandwidth (desired) setting.
Diagnostic Mode: You should set traffic to
Diagnostic Mode only if the Application is not
responding at all to QoS settings. This is
because Diagnostic Mode traffic overrides all
other QoS settings and starves all other
applications (including real-time and Desired
bandwidth allocated).
If a class is not transmitting at all and seems
not to be working, set the class to Pass-thru/
Diagnostic mode which will disable the QoS
from the traffic type.
IMPORTANT: Ensure that you click the Submit button to save

configuration changes before exiting the Create
Application menu.
Chapter 6 153
Applying QoS
6
NOTE: If you are running a version of AcceleratorOS previous
to 5.0(6), it is important to note that two new
preconfigured applications were added in this version
that may affect user-defined applications on the same
ports. If applications have been configured for port of
1928 (saved for the expand-internal application) or 2598
(citrix-ica-sr), rename these applications exactly as in
the preconfigured application before performing an
upgrade.
If an application exists for a list of ports or range of ports
that include the specified port numbers (1928 and 2598),
remove these ports from the list or range, and create
applications expand-internal with port 1928, and citrix-
ica-sr with port 2598. Then change the policy rules to
match also this application.
Modifying Applications
Selecting an application lets you modify the application definition (the type of traffic,
also known as the traffic rule, or filter) and set up the way the traffic is treated (or
prioritized, also known as shaping).
To modify an application:
1. In the My Applications menu, click the application
name. The Edit Application menu opens.
2. The Edit Application menu lets you modify all
application parameters as listed in Creating New
Applications, above.

configuration changes before exiting the Edit Application
menu.
Classifying Layer-7 Applications

The Accelerator lets you filter HTTP web applications and/or Citrix applications at the
application layer (Layer-7). This higher level of specification enables specific
applications to receive tailored traffic prioritization within the Accelerator.

6
Creating Web Applications
You can create and prioritize HTTP web applications per Layer-7 application. New web
applications are created much in the same way as new Layer-4 applications, with the
addition of Layer-7 (application specific) information.
To create a web application:

Web Application button. The Create Web
Application menu opens.
2. The Web application parameters are identical to
the parameters set for all applications, with the
following additions.
Chapter 6 155
Applying QoS
6
Application Criteria You cannot modify the Application Criteria box
from within the Create Web Application box.
The Layer-4 information for this web-based
application is taken from the web definition. To
modify the Layer-4 criteria, return to the My
Applications menu and click on HTTP to edit
the web application.
Layer-7 Information The Layer-7 information box lets you set the
application-specific details necessary for
filtering this web application. Enter any or all
data to be treated as criteria for matching this
web application type. This means that all traffic
considered as part of this web application will
have to meet all criteria listed in this box, as
follows:
Host Name: the host name of the web
application. The Host Name is the internet
address up until the first “/”, for example, for
the address http://172.10.10.10/
loginindex.asp, the Host Name is
172.10.10.10.
URL Name: the URL name is the internet
address after the first “/”. In the example
above, “extranet” can be used as the URL
name.
MIME Type: enter the content type.
User Agent: enter the name of the HTTP
client (Netscape, Mozilla, and so on)
All Layer-7 information criteria use pattern
matching, meaning that, for example, if the
Host Name is www.expand.com, using expand
as the host name is sufficient (up to 128
character string for all HTTP Layer-7
parameters).

configuration changes before exiting the Create Web
Application menu.

6
Creating Citrix Applications
You can set and prioritize Citrix applications per Layer-7 application. New Citrix
applications are created much in the same way as new Layer-4 applications, with the
addition of Citrix Layer-7 specific information.
To create a Citrix application:

Citrix Application button. The Create Citrix
Application menu opens.
2. The Citrix application parameters are identical to
the parameters that are set for basic applications,
with the following additions:
Chapter 6 157
Applying QoS
6
Application criteria You cannot modify the Application Criteria box
from within the Create Citrix Application box.
The Layer-4 information for this Citrix based
application is taken from the Citrix definition.
To modify the Layer-4 criteria, return to the My
Applications menu and click on Citrix to edit
the Citrix application.
Layer-7 Information The Layer-7 information box lets you set the
application details necessary for filtering a
specific Citrix application. Enter any or all data
to be treated as criteria for matching this Citrix
application type. This means that all traffic
considered as part of this Citrix application will
have to meet all the criteria listed in this box,
as follows:
Published application: List the Citrix
application type, such as Word, Calc and
Notepad.
Client: List the user name of the device to
be set to be considered part of this traffic
type. For example, to set the priority of the
CEO’s Citrix Client to Real-time for Excel,
enter the name of the CEO’s PC into the
Client field.
Layer-7 information for Citrix is not pattern
matching, meaning that the published
application listed must be the full name of the
application traffic that is intended (these
parameters can use strings up to 20
characters).
For more information on working with Citrix, see section Acceleration and Citrix Traffic,
on page 366.

6
Setting Advanced QoS Parameters
Advanced configuration of the Accelerator’s QoS mechanism is intended for expert
users, and networks that are particularly complex. Understanding how QoS works is
necessary in order to properly apply advanced QoS settings.
The following sections provide an in-depth knowledge regarding the way QoS
operates:
How QoS Works, on page 159
How Traffic Filtering is Applied, on page 161
How Traffic Shaping is Applied, on page 162
Setting Inbound QoS, on page 165
Creating QOS Rules, on page 166
Editing QoS Rules, on page 170
Making Decisions for Specific Applications, on page 171
How QoS Works

The Accelerator’s QoS mechanism receives packets from the LAN, and passes them
to the Accelerator’s compression mechanism.
The QoS mechanism automatically adjusts the throughput it transmits to account for
the extra available bandwidth created when traffic is compressed. It is important to
note that while the Accelerator enables the same QoS capabilities on inbound and
outbound traffic, most QoS is accomplished on outgoing bandwidth only. Incoming
traffic shaping is useful for non-links and virtual links, and instances in which limiting or
blocking incoming traffic is desired, for example blocking P2P traffic or limiting
incoming Internet traffic. It is not recommended to use inbound traffic shaping when
the remote Accelerator uses outbound traffic shaping; in this case the inbound shaping
may have only a partial effect on the traffic.
Follow these steps before working with QoS:
1. Set an accurate Bandwidth for the WAN. This will ensure that all traffic shaping
applied will be relative to the actual physical bandwidth on the WAN pipe. The
default bandwidth set for the default WAN is 100 Mbps (fast Ethernet). This
bandwidth setting assumes the largest possible bandwidth so that the Accelerator
will not limit its throughput over the WAN due to a WAN bandwidth setting lower
than the actual bandwidth. However, it is recommended for accurate QoS shaping
that the Bandwidth setting be modified to its actual rate. For more information on
setting WAN bandwidth see section Performing Setup via the Wizard, on page 30.
Chapter 6 159
Applying QoS
6
2. You must set the bandwidth of each link on the WAN. For more information on
setting the Link Bandwidth, see section Performing Setup via the Wizard, on page
30.
Understanding QoS Rules

The Accelerator’s QoS works on the basis of rules. Rules define how QoS controls
applications (streams or sessions). Rules are built out of a filter, a shaper, and can
contain a marker.
While these rules are transparent to the typical user and are not mentioned in the My
Applications screen, for each application defined in the My Applications screen, you
can create a rule that you can view and modify via the Services - QoS Menu in the
Rules Table. There is no limit on the number of rules you can create.
In order to fine-tune traffic management, it is useful to understand the hierarchy that
determines the order in which the QoS mechanism implements traffic shaping rules.
Filter The Filter defines what kind of traffic qualifies
as part of an application. Filters are generally
Layer-4 definitions such as port number,
protocol number, and traffic type. For example,
the application FTP is defined by the traffic
type TCP and the port number 20.
You can modify and add traffic type and port
number for applications that already exist by
default in the Accelerator, as well as defining
new applications.
Shaper The traffic shaper defines how to handle the

traffic filtered into this application: what priority
the application will receive, and how the
application is treated by the Accelerator.
Shaping the traffic enables setting a desired
(or guaranteed) amount of bandwidth to be
preserved for a specific application, setting a
limit on how much bandwidth an application
can consume (to avoid starvation of other
applications), and setting the CoS (Class of
Service priority) and ToS (Type of Service)
values for the application.

6
Shaping is crucial for ensuring application
integrity - that critical traffic applications get the
bandwidth they need, and that other important
applications are not starved completely.
Marking An application in the Accelerator can include a

marker per application. You can save the ToS
marking on the rules, either the original ToS
value or a newly defined ToS value.
This also means that you can set each
application type to be Not-Accelerated or Not-
Tunnelled. This is particularly useful for
applications like HTTPS or Encrypted Citrix,
whose packets do not compress, and ensures
that the Accelerator does not waste resources
attempting to process these packets.
How Traffic Filtering is Applied

The QoS mechanism contains dozens of preconfigured traffic applications (that can be
modified and shaped as needed). All preconfigured traffic applications, as well as new
traffic applications created (see section Creating New Applications, on page 146), are
filtered according to application type. Incoming traffic is matched against the
applications one at a time, starting with the application with the highest “Priority Order”
number, until a match is found. Once a match is found, the application is handled,
despite the fact that it may match other applications as well (this is called overlapping
traffic).
Applications cannot overlap at the Layer-4 level. This means that because Application
FTP is set on TCP port 20, another application cannot be created on port 20 (or
including port 20). However, applications can overlap at the Layer-3 level. for example:
a TCP application could exist and be set to include traffic over-IP protocol 6. In this
case, the Priority Order number given to an application (or rule) will determine which
application rule governs overlapping traffic. In the above example, if the FTP traffic is
set to 200 (the default) and TCP is given an order number of 100, all FTP traffic will be
treated according to the definition of TCP.
If the two applications are set with the same order priority, applications will be matched
according to the highest level of specificity first.
Chapter 6 161
Applying QoS
6
For example, if two applications have a priority of 210, but one application is created
for all traffic in ports ranging from 2020 to 2060 and the other application is created for
traffic on port number 2032, the 2032 traffic will be handled first.
Another example of higher specificity is when one application defines Layer-7 values
and another application with the same priority order defines values only up to Layer-4
values; the Layer-7 application shaping will be applied to the traffic.
How Traffic Shaping is Applied

The QoS mechanism works in a hierarchical fashion. In a complex QoS setup, it is
often important to understand which shaping carries the greatest weight and is related
to first by the QoS mechanism.
Studying QoS Bandwidth Allocation

The QoS mechanism allocates bandwidth as follows:
1. WAN Bandwidth
First, the bandwidth set for the WAN is honored. All further application QoS
decisions are based on the WAN bandwidth.
2. Link Bandwidth
You can set the bandwidth of the Link with a maximum value, limiting the amount of
the total throughput of the WAN available to a particular link. All Application
decisions based on a particular link are bound by this bandwidth.
NOTE: Peer oversubscribing is allowed. For example, if the

WAN bandwidth is T1 (1.5 Mbps), it is possible to set
10 links at 256 Kbps each, and the bandwidth will be
distributed relatively to all links according to the QoS
mechanism.
Like the WAN bandwidth setting, the bandwidth set for a link can never be
exceeded. The bandwidth set for the links is divided by the WAN according to the
priority of the traffic coming across the links. This means that if the WAN bandwidth
is 128 Kbps, and Link 1 is set to 128 Kbps and Link 2 is set to 128 Kbps, if one link
has high priority traffic, the lower priority traffic on the other link could be starved.
However, if the Link bandwidth is set to a portion of the WAN bandwidth, then the
link will not exceed this portion, and bandwidth will be left over for other links.
3. Diagnostic Mode Traffic
Traffic set with a priority setting of Diagnostic Mode overrides the QoS mechanism.
6
Diagnostic Mode traffic has all the bandwidth of the WAN at its disposal and
supersedes all other traffic and all other QoS settings.
The Diagnostic Mode Traffic setting should be used only in emergency cases,
where an application is not responding to the QoS mechanism; Diagnostic Mode
traffic will be forced to override the QoS mechanism.
4. Bandwidth Limits
Maximum bandwidth limits set for applications are honored and the traffic
throughput is limited according to this setting.
5. Bursts
In addition to the hierarchy, if, after all bandwidth is allocated, there is spare
bandwidth, and an application is set to allow bursts, this application will use all
spare bandwidth even if it is set to ordinarily have a maximum bandwidth limit.
For example, if on a 64 Kbps link FTP is limited to 16 Kbps, with burst allowed
FTP will be able to use the entire 64 Kbps if there is no other traffic on the link,
and when there is traffic, the limit of 16 Kbps will be enforced on FTP.
In order for bursts on applications to be allowed, the WAN has to be configured to
allow bursts (by default it is allowed). The WAN Burst parameter also lets you set a
maximum burst bandwidth, meaning that if the WAN bandwidth is 1 MB, you can
set the WAN burst to limit burst traffic to 900 Kbps in order to avoid maximum
utilization situations because of burst traffic. By default the WAN bursts are allowed
to use the entire WAN bandwidth. In certain environments, lowering the WAN burst
by up to 10% may be useful in order to protect the line from congestion caused by
bursts.
NOTE: QoS settings take effect when the WAN link is full.
Any limitations and guarantees placed on traffic will
apply only if not enough bandwidth exists for all
traffic to flow freely.
NOTE: In the Accelerator, rule limit and desired shaping are

applied to traffic before it is compressed, while link
shaping (bandwidth for the link and the WAN) is
applied to traffic after it has been compressed.
6. Desired Bandwidth
Minimum bandwidth Desired set for applications is allocated to all applications on
which a desired minimum bandwidth was set. This is true even for low priority
applications.
For example, in a 64 Kbps link, the applications will divide up the 64 Kbps plus the
Acceleration percentage, like a cake, with the desired bandwidth applications
Chapter 6 163
Applying QoS
6
reserving the first piece. As long as there is no congestion, all applications set to
Desired receive their guaranteed bandwidth. When there is congestion, if high
priority applications are guaranteed bandwidth, they will receive it before low priority
applications that were guaranteed bandwidth. If there is not enough bandwidth for
numerous high priority applications that were guaranteed a desired bandwidth, the
desired bandwidth will be divided proportionately between those applications.
Desired bandwidth is useful especially to prevent starvation of lower priority
applications. Setting a desired bandwidth for a low priority application will ensure
that it receives some small amount of bandwidth even when the high priority
applications are consuming the bulk of the bandwidth.
While the Minimum bandwidth desired is allocated hierarchically according to the
application priority (first to real-time, then to high, then to average, and so on), the
desired bandwidth setting is handled before relative spare bandwidth distribution
among prioritized applications. For this reason it is important to use the Minimum
bandwidth desired setting carefully.
For example: If VoIP is prioritized as high priority traffic on a 1 Mbps connection,
and HTTP traffic receives low priority, but a minimum desired bandwidth setting of
800 Kbps, these 800 Kbps will be allocated to HTTP traffic and the remaining 200
Kbps will be divided proportionally between the VoIP application and the HTTP
traffic.
7. Priority
The relative QoS priority set to the application is considered and bandwidth is
divided proportionally among the applications as follows:
Block: Blocked traffic is discarded.
Real-time: Traffic set to real time receives “strict priority”. This means that as long
as real-time traffic is traversing the network it will receive the entire bandwidth. All
lower priority traffic types will wait until there is free bandwidth, thus starving all
lower priority applications (unless a Minimum bandwidth (desired) was set for
them). For this reason it is important to use the Real-time setting with great care. If
a chatty/bandwidth-greedy application constantly transmits traffic, it is possible that
no other application will receive bandwidth (except those set with a Minimum
bandwidth (desired)).
High/Average/Low: High, average and low traffic priorities divide the bandwidth that
is still available (after desired and real-time traffic) in a proportional method based
on time. High priority traffic waits the shortest amount of time before waiting to be
sent, average priority traffic waits longer than the high priority and low priority traffic
waits longer than the average traffic to be sent. This does not mean that high
priority traffic transmits completely before average traffic starts transmitting, rather
high traffic transmits at a faster rate.
6
Setting the priority to high/average/low is appropriate for most traffic types, setting
the relative importance between the applications without causing starvation.
In advanced configuration, you can set the WAN to handle QoS according to
“strict-priority.” This would set the priorities to act deterministically rather than
proportionally: high priority traffic receives all the available bandwidth (after desired
and real-time traffic), average priority traffic receives bandwidth only if no high
priority traffic exists, and so on. If there is constant high-priority traffic, average and
low priority traffic will be starved completely.
NOTE: Traffic that waits too long to be transmitted will be

discarded as obsolete so as not to cause application
problems by transferring stale packets.
What’s the difference between real-time and desired?

Realtime gets the highest priority; it can cause starvation up to the bandwidth allocated
using the “desired” setting. Guaranteed bandwidth is not touched by applications
because of their real-time priority setting. Because “desired” is useful to protect lower
priority applications from being starved, the default desired setting allocates a minimal
amount of bandwidth (1 Kbps) by default.
Setting Inbound QoS

For Inbound QoS, you can set a bandwidth limitation for the WAN or per link. If a link
was created with a bandwidth limitation set for inbound traffic, a rule will automatically
be created on the sending side limiting outbound traffic to the link.
You can set inbound policy rules globally or per link.
Chapter 6 165
Applying QoS
6
Creating QOS Rules
Advanced QoS configuration is accomplished by creating and editing rules as they
appear in the QoS menu.
To create a rule:
1. In the Accelerator’s WebUI, click on the QoS tab,
and then select QoS Rules.
2. In the View rules for application drop-down menu,
select the application on which to apply the rule.
If the application does not exist, you can use the
Setup - My Applications menu to create a new
application; for more information see section
Creating New Applications, on page 146.
While the QoS menu enables fine-tuning of the
definition of the traffic type to be filtered into an
application, making Layer-4 modifications to the
application itself must be done via the Setup - My
Applications menu.
3. Click the Create new rule button. The Create Rule
Menu opens.
4. In the Rule Name field, give a name to the rule.
This is necessary for identifying the rule if it
needs to be modified at a later date.
5. Use the Define and Prioritize sections to enter the
necessary information per your networking
requirements.

6
Define The Define section lets you enter more
detailed criteria for filtering the traffic
type considered as part of this
application.
Application Select the Application onto which to

apply this rule from the drop-down
menu. You can define applications only
via the My Applications menu. For
information, see section Creating New
Applications, on page 146.
Source IP If you want to filter the application by its

source IP address:
Other: This will be displayed if advanced
configuration was made via the CLI,
which is more complex than the WebUI
display.
Any: set the Source IP to Any if the
application should consider traffic
coming from any device (this is the
default).
Single IP: Select single IP if only traffic
from a single device should receive the
treatment defined in this rule. Input the
IP address.
Subnet: Select Subnet if only traffic from
a particular subnet should receive the
treatment defined in this rule. Input the
subnet address and the subnet mask.
Range: Select range if a particular range
of source IP addresses should receive
the treatment defined in this rule. Input
the first and last IP address to be
considered.
List: Select List and enter up to four IP
addresses to receive the treatment
defined in this rule.
Chapter 6 167
Applying QoS
6
Destination IP If you want to filter the application by its
destination IP address:
Other: This will be displayed if advanced
configuration was made via the CLI,
which is more complex than the WebUI
display.
Any: Set the Destination IP to Any if the
application should consider traffic going
to any device (this is the default)
Single IP: Select single IP if only traffic
headed to a single device should receive
the treatment defined in this rule. Input
the IP address.
Subnet: Select Subnet if only traffic
toward a particular subnet should
receive the treatment defined in this rule.
Input the subnet address and the subnet
mask.
Range: Select range if a particular range
of destination IP addresses should
receive the treatment defined in this rule.
Input the first and last IP address to be
considered.
List: Select List and enter up to four
destination IP addresses to receive the
treatment defined in this rule.
ToS bits To filter traffic based on its ToS setting,

in the drop-down menu select:
Any: to set the rule to apply to the
application’s traffic if it has any ToS
value set (this is the default).
Value: to set a ToS value. This will limit
traffic on which this rule is applied to the
application’s traffic having a particular
ToS value (0 - 255).

6
Links Traffic rules and shaping are applied per
link. Select global to apply to all links or
a specific link to determine how traffic is
categorized and prioritized over a
specific link, or select Non-link.
Direction If a link is selected as a filter for this rule,

you can select the direction of the traffic:
Inbound, Outbound or Both.
Prioritize Prioritizing the traffic based on rules is

accomplished by setting the same
parameters available when creating an
application. For more information on
available settings, see section Creating
New Applications, on page 146. In
addition, you can set the burst
parameter, as follows:
Burst Select/deselect the enable burst

checkbox. When burst is enabled, the
application will use all spare bandwidth
event if it is set to ordinarily have a
maximum bandwidth limit.
Chapter 6 169
Applying QoS
6
Editing QoS Rules

Any changes made to Applications via the My Applications menu appear as rules in the
QoS menu. You can use the QoS menu to edit these changes, and any other rules
created.
To edit a rule:
1. Highlight the Rule to be edited in the Rules Table
and click .
2. Make the necessary changes. For any necessary
explanation, see section Creating QOS Rules, on
page 166.

6
Making Decisions for Specific Applications
The Decision screen lets you set various aggregation and acceleration parameters for
a specific application, such as how many small packets to accumulate for one big
packet (aggregation class), and whether the application will be accelerated and
tunneled.
Chapter 6 171
Applying QoS
6
To make a decision for a specific application:
1. Select an application from the Application Name
drop-down list.
2. Select the aggregation class. Your choices are as
follows:
Citrix - enables Citrix acceleration on Citrix, telnet and ms-
terminal-server applications.
Default - enables acceleration on small-packet, encrypted
applications such as pop3s, https and ftps.
Custom 1 - enables acceleration on a specific, user-defined link.
Custom 2 - enables acceleration on a specific, user-defined link.
3. Select the Tunnel box to send the application as
tunneled.
4. Select the Accelerate box to accelerate the
application. This box can be selected only if you
previously selected the Tunnel box.
5. Click Add to add the newly defined settings.
If a decision already exists for this application, a
message will appear, requesting your
confirmation to modify the existing settings. Click
OK to confirm.
6. To delete a specific application from the list,
highlight the application name in the table and
click the Delete button.

6
Troubleshooting
If the QoS mechanism does not seem to be functioning properly, it could be a result of
the Maximum Queue Length. If there is much latency on the line, the packet drops
may be the result of the queue buffer size, which is normally set per link rate, or
because the packets are waiting too long and are therefore being considered obsolete
packets. By default the packets are considered obsolete after 500 ms.
If limits do not seem to be enforced on traffic, check to see if it is because of the Burst
status. When Burst is enabled during periods of no congestion, limits will appear not to be
enforced properly.
If a class is not transmitting properly and problems are encountered after QoS has
been applied, try setting the class to Diagnostic mode. This will disable QoS for this
traffic type.
To set the Max Queue length:
1. In the Accelerator’s CLI, in interface link
configuration mode, type priority max-
qlen discard [number] low [number]
medium [number] high [number] real-
time [number] pass-through [number]
2. Follow each parameter by the size of the queue
desired.
3. The default greedy-threshold size is 1.
ACC1(LINK)#priority max-qlen discard 1000 low
1000 medium 1000 high 1000 real-time 1000 pass-
through 1000.
Chapter 6 173
Applying QoS
6
Configuring QoS via the CLI
The following lists the commands necessary to perform QoS configuration as described
above via the CLI. For more complete explanation of the features detailed below, see
the WebUI configuration above.
Viewing Detected Applications

Command ACC1(config)#show application
Purpose Displays all detected applications.
Creating a New Application

Command ACC1(config)#application name
tcp [port number]
udp [port number/range]
over-ip [port/range]
Purpose Defines a new application and application criteria.
Creating a Web Application

Command ACC1(config)#application l-7 name http
host-name [x.x.x.x or name]
url-name [name]
mime-type [name]
user-name [name]
Purpose Define a new web application and criteria on the basis of the
specified parameter/s.
Setting an Application to Accelerate/Not to Accelerate

Command ACC1(config)#decision
ACC1(decision)#match application [name]
ACC1(decision)#set accelerate disable /
enable

6
Purpose Sets a specific application to accelerate or do not accelerate.
Setting an Application to Tunnel/Not to Tunnel

Command ACC1(config)#decision
ACC1(decision)#match application [name]
ACC1(decision)#set tunnel disable /
enable
Purpose Sets a specific application to tunnel or do not tunnel.
Filtering an Application Globally

Command ACC1(config)#policy-rule global
outbound/inbound
Purpose Defines a new rule for globally handling an application.
Filtering an Application per Link

Command ACC1(config)#policy-rule link number
outbound/inbound
Purpose Defines a new rule for a specific link.
Setting the Application Criteria

Command ACC1(rule)#match
application [ name or l-7 name]
ip [any, source, destination] x.x.x.x
tos bits
Purpose Defines the filter for what type of traffic is handled by this rule
per IP, tos bits and/or application name.
Setting the Order for the Rule

Command ACC1(rule)#set policy order
[100 to 65534]
Chapter 6 175
Applying QoS
6
Purpose Defines the importance of the rule.
Setting Minimum Bandwidth (Desired)

Command ACC1(rule)#set policy rate desired
number (1 to 1000000)
Purpose Sets a minimum bandwidth for the application.
Setting Maximum Bandwidth (Limit)

Command ACC1(rule)#set policy rate limit number
(1 to 1000000)
Purpose Sets a maximum bandwidth for the application.
Prioritizing the Application

Command ACC1(rule)#set policy priority
high
low
medium
real-time
Purpose Defines the Priority for the application.
Critical Application Pass-through

Command ACC1(rule)#set policy pass-through
Purpose Sets the traffic type to override the entire QoS mechanism and
pass through critical/Diagnostic traffic.
Setting Bursts for a Rule

Command ACC1(rule)# set policy rate burst enable
Purpose Sets the traffic defined for this rule to be allowed to send bursts

6
Setting the WAN to Work in Strict-priority Mode
Command ACC1(config)#wan
ACC1(WAN)#strict-priority enable/disable
inbound
outbound
both
Purpose Sets strict-priority for inbound and/or outbound traffic.
Enabling Bursts
Command ACC1(config)#wan
ACC1(WAN)#burst [number]
Purpose Enables bursts on the WAN up to the set bandwidth (1 to

1000000).
Configuring Aggregation Classes

Transferring a small packet imposes a high penalty in terms of the bandwidth use. If
the average payload size is 15 bytes (typical in a Citrix environment), the overhead is
25 bytes of IP/tunnel headers, which means that about 60% of bandwidth used is
wasted.
Citrix (Post Acceleration) Aggregation is intended to better handle and optimize such
traffic. Citrix Aggregation aggregates several small packets into one big packet. If n
packets are aggregated, the savings is (n - 1) * 25 bytes of IP/tunnel headers. The
smaller the average packet size is, and the greater the number of packets aggregated
together, the greater the percentage of acceleration achieved compared to
performance results without Citrix Aggregation. Citrix Aggregation operates per link.
Each link can have Citrix Aggregation enabled or disabled independently of other links.
Command ACC1(config)#aggregation post class
[default | custom-1 | custom 2 | citrix]
global [enable | disable]
Chapter 6 177
Applying QoS
6
Purpose Sets the Citrix aggregation classes globally.
Citrix Aggregation on a link has 4 predefined classes that
enable different Citrix Aggregation settings to be configured
and applied to different types of traffic:
default
custom-1
custom-2
citrix
Different applications may require different Citrix Aggregation
class configuration (for example: different window size and
aggregated packet size). Several well-known applications are
defined as belonging to 'default' or 'citrix' aggregation class (for
example: Citrix and Telnet applications predefined to belong to
the 'citrix' class, which is pre-configured to properly handle
these applications).
You can disable, enable or configure each class.
You can set each application that exists in the Accelerator to
belong to one of the Citrix Aggregation classes. For information
on setting and defining Layer-7 applications, see section
Creating New Applications, on page 146.
By default, Citrix is enabled but default, custom-1 and custom-
2 are disabled.
The Citrix Aggregation class parameter configuration is only
available per-link. The Global command is for ease of use. It
is not saved in the configuration file; rather it goes over each
link and changes its configuration to enable/disable.
To view Citrix Aggregation statistics, use the show
interface link command from the config prompt.
Command ACC1(conf)#interface link [number]

ACC1(LINK)#aggregation post class
[default | custom-1 | custom 2 | citrix]
[disable | enable | limit| threshold|
window]

6
Purpose Defines a class of post aggregation settings. You can define
settings per link per class or for the entire link. For limit,
threshold and window details see below.
The Citrix Aggregation class parameter configuration is only
available per-link (see following section).
This command is for ease of use. It is not saved in the
configuration file; rather it goes over each link and changes its
configuration to enable/disable.
Enabling Aggregation Classes per Link

ACC1(LINK)#aggregation post [enable |
disable]
Purpose Sets the Citrix aggregation classes per link.
Setting Aggregation Limit

ACC1(LINK)#aggregation post limit [40 -
3000]
Purpose Sets the upper limit for packets to be aggregated. Number in

bytes.
The limit, set in bytes, is the upper ceiling of packet size for
packets to be eligible for Citrix aggregation: packets that are
larger than LIMIT are not aggregated (they are supposed to be
big enough to be sent one at a time). You can configure LIMIT
in range 40-3000 bytes. The default value is 256.
Setting Aggregation Threshold

ACC1(LINK)#aggregation post threshold
[40 - 3000 | auto]
Chapter 6 179
Applying QoS
6
Purpose Sets the post aggregation threshold, number in bytes 40 to
3000 or automatic.
The threshold, set in bytes, is the maximum size of aggregated
packets. That is, when an aggregate packet reaches this size,
it can be sent. You can configure THRESHOLD in range 40-
MTU. The default value is auto, which means that the threshold
will be calculated dynamically according to available bandwidth
as follows:
512 bytes - for bandwidth that is less than or
equal to 512 Kbps
1024 bytes - for bandwidth that is greater than
512 Kbps and less then 1Mbps
MTU (usually 1500 bytes but no more than
3000) - for bandwidth that is more than 1Mbps
If fragmentation is configured in the link, the
threshold auto value will not be larger than the
fragmentation size.
Setting Aggregation Window

ACC1(LINK)#aggregation post window [1 -
100 | auto]
Purpose Sets the post-acceleration window, number in bytes 1 to 100 or

automatic. The window command is set in units of 10 ms. This
is the maximum amount of time a packet can be delayed in
Citrix Aggregation queues. This means that when WINDOW *
10 ms elapses, an aggregate packet is sent (even if its total
size did not reached LIMIT value yet). This is done to avoid
long packet delays. WINDOW can be configured in a range of
1-100 units. The default value is auto, which means that the
WINDOW value is calculated dynamically given the bandwidth
and the threshold value. An estimated value of the auto value
will be bandwidth/Threshold. This enables the aggreagator to
wait enough time to get an aggregated packet with the largest
size close to the THRESHOLD value.

6
Applying an Aggregation Class to an Application
Command ACC1(conf)#decision
ACC1(DECISION)#match application [name]
ACC1(DECISION)#set aggregation-class
[citrix | default | custom-1 | custom-2]
Purpose Sets the post-acceleration class of an application.

An application is coupled with a Citrix Aggregation class
through a decision.
To see which application belongs to which class, type the
show decision command.
Chapter 6 181
Applying QoS
6

7
7 Optimizing Acceleration Services
Expand’s Accelerator lets you reduce the impact of the TCP protocol shortcomings by
applying TCP Acceleration, a standards-based plugin that modifies TCP settings to
optimize throughput in certain environments. In addition, the Accelerator provides
Domain Name Server caching capabilities to shorten the round-trip-time and save
bandwidth over the WAN.
This chapter contains information about the following topics:
Studying TCP Acceleration, on page 184.
Configuring TCP Acceleration, on page 192.
Defining TCP Acceleration Settings, on page 196.
Configuring WAFS, on page 201.
Configuring WAFS Management Screen, on page 203.
FileBank Categories, on page 203.
FileBank Director Categories, on page 205.
Understanding DNS Acceleration, on page 207.
Configuring DNS Acceleration, on page 207.
Understanding Web Acceleration, on page 210.
Configuring WEB Acceleration via the WebUI, on page 211.
Configuring WEB Acceleration via the CLI, on page 217.
Chapter 7 P. 1 8 3
O p t im iz i n g A c c e le r a t i o n S e r v i c e s
7
Studying TCP Acceleration
TCP, which was designed to ensure reliable IP transmission, performs well on LANs
but does not deal well with the high latency and high-packet-loss found on many
WANs. These limitations are expressed in the long times required for file transfers over
the WAN, degraded web performance and unresponsive applications.
SCPS, the Space Communication Protocol Standards developed by NASA and the US
Air Force, is a collection of standards-based TCP enhancements designed to reduce
the impact of TCP limitations in Long-Haul WANs.
Expand Networks has integrated SCPS into its Accelerator product line by creating the
TCP Acceleration feature, designed to optimize and better utilize WANs that suffer from
distance-induced TCP limitations.
Understanding the Shortcomings of TCP

To understand how TCP Acceleration works, it is important to understand the
shortcomings of TCP:
Frequent packet retransmissions:
In TCP transmissions, the sender receives an ACK (Acknowledgement packet) for each
successful packet transmission. If the ACK is not received, the sender resends the packet.
Often, on long distance lines, the packet is retransmitted before the ACK has time to arrive.
Transmission Window:
To ensure that the receiver gets all data items sent from the sender, TCP sends only part
of the data to the receiver in small amounts called a window. The size of the window is
specified by the receiver during the setup of a TCP session, and is measured in bytes. The
sender will transmit a window, and then wait to hear an acknowledgement back from the
receiver if the window was received properly. After an acknowledgment is sent from the
receiver, the sender will transmit more data until all necessary data is sent. The following
figure explains the handshake process involved in establishing a TCP connection:

7
Once the connection is established, TCP data packets are sent in accordance with the
TCP window set - each time the window threshold is met, the receiver responds with
an acknowledge packet, as described in the following figure:
The time wasted waiting for ACK packets to be sent in a TCP connection dramatically
increases latency.
Chapter 7 185
Optimizing Acceleration Services
7
Slow Start:
Because TCP transmissions have no way to know the size of the bandwidth over which
they are being transmitted, each transmission begins slowly, gradually increasing speed
until a packet is dropped - at which point TCP assumes that it has reached the maximum
bandwidth. On high-bandwidth long-distance lines, this slow start wastes much expensive
bandwidth.
The more latency present, the slower the session will start.
Congestion Avoidance:
TCP assumes that any packet lost is due to congestion. Any time a packet is dropped,
TCP reduces transmission rate by half, slowly increasing it until the maximum rate at which
no drops are experienced. On long-distance lines over which packet drops are often the
result of factors other than congestion, transmission is being slowed down unnecessarily.
While these TCP functions are useful in controlling and managing congestion over the
LAN, they cause expensive long-distance links to appear slow.

7
Studying SCPS, Expand’s TCP Acceleration Solution
TCP Acceleration uses the SCPS protocol package to reduce the impact of these well-
known TCP limitations according to the standard developed by NASA (http://
www.scps.org):
Scaling the Transmission Windows

Increases the maximum transmission window to enable ACKs to arrive across long
distance links, thereby reducing the amount of unnecessary packet retransmissions.
Once TCP Acceleration is enabled, the TCP packet transfer process causes less
latency, as seen in the following figure:
Chapter 7 187
7
A larger window enables more packets to be sent before an acknowledge packet is
sent, minimizing the number of acknowledge packets sent and lowering latency.
Error Detection and Proactive Resolution:

The SCPS protocol uses SNACK (Selective Negative Acknowledgement), which
reduces the amount of data that needs to be retransmitted and increases the speed of
retransmissions. This is accomplished by sending only a request for missing packets,
as opposed to TCP, which retransmits the missing packet as well as all packets
already transmitted after the missing packet.
Congestion Avoidance:
SCPS enhances flexibility of Congestion avoidance mechanisms. TCP automatically
uses congestion avoidance, which is not necessary in networks where drops are not
the result of congestion. You can configure SCPS in such a way that congestion
avoidance is not used when it is unnecessary. If there is congestion on the line, you
can select the method of congestion avoidance and control (standard TCP or Vegas).
Local Network Isolation:
The SCPS protocol uses TCP Spoofing to reduce the time required for establishing a
TCP session, thereby enabling the transmission of data without waiting for the TCP
slow-start. SCPS also enables congestion avoidance by preventing slow traffic build-up
before achieving maximum capacity.
Link Outage Support:
TCP Acceleration incorporates several features that support TCP transfers during Link
Outages avoiding the costly and unnecessary packet retransmissions by halting
transfers until communication is reestablished, restarting transmissions at the last ACK
received and anticipating potential link outages before they occur.
Asymmetric Networks Optimization:
In asymmetric environments, if in one direction the bandwidth is significantly lower than
the other, this direction can become congested with ACK packets being sent in the
other direction. TCP Acceleration enables scaling of ACK packets (for example sending
an ACK for only every other packet) to better match uplink/downlink rates.
SCPS-based TCP Acceleration enables the Accelerator to maximize capacity over
Long-Haul links, thereby guaranteeing optimized throughput across WAN links.

7
TCP throughput - Kbps
540msec round-trip-time
4608
With TCP
Acceleration and
4096 compression
3584
With TCP
Acceleration Newly created
No TCP
3072 bandwidth
Acceleration
2560
Kbps
2048
1536 Unutilized bandwidth
1024
512
0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
Time
Throughput Link Speed
Computing Latency
The Accelerator automatically configures TCP Acceleration settings according to the
computation that follows.
The network in the diagram above will be used for example purposes. The math used
for calculating the theoretical maximum throughput is based on this drawing. Substitute
the values from your specific network in order to learn the TCP theoretical limitation for
a single session in your network.
Chapter 7 189
7
The network poses 150 milliseconds (msec) of latency between the client (C) and the
server (S). You can use a ping for determining the end-to-end latency between a client
and server by sending a ping 100 times from the client to the server during business
hours with a 750 byte payload. This payload size ensures some stress on the network,
and should provide a better measurement for latency than simply sending a 64 or 32
byte ping as some operating systems do. An example of this ping command used on
Windows is:
ping x.x.x.x –l 750 –n 100
(x.x.x.x = the server’s ip address, –l is the payload size, and -n is the amount of pings)
You can use the following formula to calculate the theoretical limitation:
Bandwidth equals the window size divided by the round trip time
Bandwidth (BW) is the maximum theoretical throughput. The bandwidth of a link is

normally represented in bits per second.
Window Size (WS) is the amount of data TCP can send before waiting for an
acknowledgement. This value is in bytes; ensure that any values in bytes are converted
to bits.
Round Trip Time (RTT) - even though this value is in seconds, most network tools,
such as ping, report it in milliseconds. In the network example shown above, the
latency was 150 msec, and because 1000 msec equals a full second, then the latency
of this network can be represented in a fraction as 150/1000 msec. Always convert this
fraction into decimal format when calculating the values. In this case the latency will be
represented as .15.
The default window size for Microsoft XP is 8 KBytes. For additional window size
values please consult your operating system vendor. This example assumes that the
client is running Windows XP.
Using the example network provided above, some of the values needed for this formula
are known and can therefore be plugged into the formula in order to determine the
maximum theoretical bandwidth for a single TCP session.
BW = 64000 / .15
After calculating the values, the BW equals 426,666 Bytes. Remember that because
this value is in bytes, it should be multiplied by 8 in order to get the bits per second
(bps). The product shows that the theoretical maximum bandwidth is 3,413,328 bps.
As seen in the example network shown above, the link is a 6 Mb link. 150 msec of
latency has limited a session to about half of the link speed.

7
The following Throughput table lists some common Round Trip Times and the effects
on TCP:
Window Size
8 KB 16 KB 32 KB 64 KB
50 160 320 640 1280

Kbps Kbps Kbps Kbps
100 80 Kbps 160 320 640

Kbps Kbps Kbps
150 53 Kbps 106 212 424

Kbps Kbps Kbps
200 40 Kbps 80 Kbps 160 320

Kbps Kbps
500 16 Kbps 32 Kbps 64 128

Round Trip Time
Kbps Kbps
100 8 Kbps 16 Kbps 32 64

0 Kbps Kbps
As these calculations demonstrate, the maximum throughput was greatly reduced as

the latency increased. The actual maximum throughput that a single TCP session can
have in your network may be even lower.
Chapter 7 191
7
Configuring TCP Acceleration
You can use the WebUI to configure basic TCP Acceleration, such as typical RTT and
typical acceleration rate. In addition, you can set here the send and receive windows’
sizes.
Another significant setting possible through the TCP Acceleration screen is the
congestion control, which can be set to one of the following options:
None - no congestion avoidance is used
Standard - the congestion avoidance conforms to the standard TCP/IP protocol (Reno)
Vegas
TCP Vegas reduces latency and increases overall through-out, by carefully matching
the sending rate to the rate at which packets are successfully being transmitted by the
network.
The Vegas algorithm maintains shorter queues, and is therefore suitable either for low-
bandwidth-delay paths, such as DSL, where the sender is constantly over-running
buffers, or for high-bandwidth-delay WAN paths, where recovering from losses is a
highly time-consuming process for the sender. The shorter queues should also
enhance the performance of other flows that traverse the same bottlenecks.
NOTE: When TCP acceleration is enabled, all traffic is routed

through the Accelerator and is not bridged. For
additional information see section Setting Routing
Strategy, on page 38.

7
Enabling TCP Acceleration
TCP Acceleration should be enabled only over long, high latency links. If you enable
TCP Acceleration via the WebUI, the system’s default values will be used for activating
TCP Acceleration. Expand recommends configuring TCP Acceleration via the CLI.
To enable TCP acceleration:
2. In the TCP Acceleration field, select Enable.
3. In the bottom right corner, click the Submit button.
If after enabling TCP Acceleration the Accelerator does not perform as expected, you
should check the size of the window set by Windows:
To check the size of the window set by Windows:
1. Click the Start button on the main menu bar,
followed by Run. In the Open field, type
regedit.
2. In the Registry Editor, navigate to the following
location:
HKEY_local_machine\system\Curre
ntControlSet\Services\Tcpip\par
ameters
3. Search the listed parameters. If
TcpWindowSize is not listed, the window size
is set to the Windows’ default of 8 KB.
If TcpWindowSize is listed, double-click on
the registry entry to view the value set.
Warning: Editing the registry or using a Registry Editor incorrectly

can cause serious, system-wide problems that may
require you to reinstall Windows to correct them.
Microsoft does not guarantee that problems resulting
from the incorrect use of Registry Editor can be solved.
Back up your registry first and use Registry Editor at
your own risk
To calculate the necessary send window size and receive

window size:
Chapter 7 193
7
Outbound Bandwidth in Bytes/Sec: convert the outgoing bandwidth to Bytes per second,
for example T1 = 1,544 Kbps (193,000 Bytes per second)
Compression Ratio: expected acceleration in a compression ratio format (200%
acceleration = 3, 350% acceleration = 4.5)
Round trip time: in seconds (for example 500 ms round trip is 0.5 seconds, 650ms
round-trip is 0.65 seconds)
For example, a T1 line with 600 ms round trip time with outbound acceleration of
230%:
Bandwidth in bytes/sec - 193000
Compression ratio – 3.3
193000*3.3*0.6*3 = 1146420
To set the send window size and the receive window size to this value, use the
following CLI commands:
Command ACC1(conf)#tcp-acceleration
ACC1(TCP-ACC)#window send [number]
ACC1(TCP-ACC)#window receive [number]
Purpose Sets the window size.
Use the CLI command debug traffic-statistics link [number] to

view the Dropped and Obsolete packets.
Incrementation of the number of obsolete packets indicates that packets are waiting in
the queue too long and are being dropped. Increase the Obsolete timeout value. A
situation where the dropped packets are incrementing, but the obsolete packets are not
increasing, and the maximum queue usage and /or current queue usage has a number
around 1,000, indicates that the size of the queue allocated is not long enough.
Increase the queue size.

7
Setting Link Outage
Enabling link outage will save the TCP Acceleration settings during a link outage and
enable quicker recovery.
To enable link outage:
2. In the Link Outage field, select Enable.
3. In the bottom right corner, click the Submit button.
For more TCP Acceleration configuration details, see section Configuring TCP
Acceleration, on page 192.
Chapter 7 195
7
Configuring TCP via the CLI
For information on how to work with the CLI, see section Using CLI Configuration, on
page 277.
When entering commands, you can enter a unique command prefix instead of the full
command word and AcceleratorOS will recognize the command. For example, enter
conf for configure. If you press <Tab> after typing the unique prefix, the full command
word will be displayed.
Defining TCP Acceleration Settings

You can configure a global setting for TCP Acceleration, and then either apply this
global setting to a link, or configure the link’s TCP Acceleration independently.
When the TCP Acceleration configuration command is modified from within the config
mode, the settings apply to the global configuration that can then be implemented per
link. When the TCP Acceleration configuration command is modified from within a link,
the settings apply to the link.
Enabling TCP Acceleration

Command ACC1(conf)#tcp-acceleration
ACC1(TCP-ACC)#tcp-acceleration enable
Purpose When this configuration is made from config mode, it enables

TCP Acceleration globally. When this configuration in made
from within a specific link, it enables TCP Acceleration per link.
Setting the Typical Round Trip Time

Command ACC1(LINK)# tcp-acceleration
ACC1(TCP-ACC)# typical-rtt
Purpose The typical round trip time has a default setting of 500. If the
typical rtt is known to be otherwise, updating this parameter is
necessary in order to get accurate TCP Acceleration settings
when working with automatic window sizes.

7
Setting the Typical Acceleration Rate
ACC1(TCP-ACC)# typical-acceleration-
rate
Purpose The typical acceleration rate is set by default at 800%. If the

typical acceleration rate is known to be different, it is necessary
to update this parameter to get accurate TCP Acceleration
settings when working with automatic window sizes.
Applying Global TCP Acceleration Settings to a Link

ACC1(TCP-ACC)# use-global-tcp-
acceleration
Purpose The settings made globally are applied per link by using the
use-global-tcp-acceleration command.
Setting Congestion Control

Command ACC1(TCP-ACC)# congestion-control
[none, standard, vegas]
Purpose Sets the throttleback mechanism. None provides no

throttleback, usually best for links such as satellite, in which the
Accelerator controls the entire traffic and packet drops are
known not to result from congestion.
The Standard and Vegas algorithms determine the way in
which throughput is reduced and restored to deal with
congestion when recovering from packet loss.
When TCP Acceleration is enabled via the WebUI, the
Standard algorithm is implemented.
Chapter 7 197
7
NOTE: TCP Vegas increases overall throughout by carefully
matching the sending rate to the rate at which packets
are successfully being transmitted by the network.
The Vegas algorithm maintains shorter queues, and is
therefore suitable for low-bandwidth-delay paths, such
as DSL, where the sender is constantly over-running
buffers, or high-bandwidth-delay WAN paths, where
recovering from losses is a highly time-consuming
process for the sender. The shorter queues should also
enhance the performance of other flows that traverse
the same bottlenecks
Enabling/disabling Link Outage

Command ACC1(TCP-ACC)# link-outage [enable,
disable]
Purpose Sets the timers to be frozen in the event of a link outage.
Setting Acknowledge Rate Packet

Command ACC1(TCP-ACC)# acknowledge rate packet
[number in packets 1 to 2147483647]
Purpose Sets the number of packets for which ACKs will be sent.
(An ACK will be sent each X packets.)
Setting Acknowledge Rate Wait

Command ACC1(TCP-ACC)# acknowledge rate wait
[number in miliseconds 1 to
2147483647]
Purpose Sets the maximum time that should be waited before sending
an ACK packet. An ACK packet is sent this often if the number
of packets set by the ACK rate packet were not received.
Setting Acknowledge Timeout
NOTE: If any of these components are missing, please contact

us as soon as possible.

7
Command ACC1(TCP-ACC)# acknowledge timeout
[number in miliseconds 1 to
2147483647]
Purpose Sets the amount of time to wait before retransmitting packets

for whom ACKs were not received.
Setting Send Window Size

Command ACC1(TCP-ACC)#window send
[number in bytes 1 to
2147483647 or auto]
Purpose Sets the starting point for the bytes of memory used for the
outgoing TCP window buffer.
When set to auto, the send window size will be automatically
configured based on the Round Trip Time value.
Setting Send Window Max Size

Command ACC1(TCP-ACC)#window send max [number
in bytes 1 to 2147483647]
Purpose Sets a limit on the outgoing TCP window buffer, ensuring that
the buffer does not consume too much memory.
Setting Receive Window Size

Command ACC1(TCP-ACC)#window receive [number
in bytes 1 to 2147483647 or auto]
Purpose Sets the starting point for the bytes of memory used for the
incoming TCP window buffer. When set to auto, the send
window size will be automatically configured based on the
Round Trip Time value.
Setting Receive Window Max Size

Command ACC1(TCP-ACC)#window receive max
[number in bytes 1 to 2147483647]
Chapter 7 199
7
Purpose Sets a limit on the incoming TCP window buffer, ensuring that
the buffer does not consume too much memory.
Setting Snack
Command ACC1(TCP-ACC)#snack [enable, disable]
Purpose Enables retransmission efficiency - retransmissions only re-

send packets that were not received.
Setting Snack Wait

Command ACC1(TCP-ACC)#snack wait [number in
miliseconds 1 to 2147483647]
Purpose Sets the maximum time that should be waited before sending a
SNACK packet.
Setting Nagle
Command ACC1(TCP-ACC)#nagle [enable, disable]
Purpose Sets small TCP packet aggregation. Nagle is normally disabled

so as not to interfere with the packets’ original nagle settings.

7
Configuring WAFS
WAFS stands for Wide Area File Service, namely: remote users who access files over
a WAN, such as branch office or mobile users accessing centralized storage. Such
users often experience poor performance.
Expand's WAFS solution allows users fast and efficient access to centralized storage
by using intelligent, dynamic caching.
WAFS configuration is accomplished via a pop-up window that can be opened by
clicking on the WAFS configuration button.
NOTE: This feature is supported only by Accelerators with hard

drive installed.
The upper part of the WAFS screen indicates the WAFS operation mode: either FB
(FileBank) or FBD (FileBank Director). This mode is defined during installation and
cannot be changed here.
The lower part lets you select whether to enable WAFS transparency. If you enable
this feature, the FB will poll the FBD for all file servers it recognizes, as well as each
server that is added or removed. All IP addresses of these file servers are resolved,
and all traffic destined to the servers is redirected to the Accelerator.
Using the CLI to Configure WAFS Transparency
Enabling WAFS Transparency

Command ACC1(config)#wafs
ACC1(WAFS)#transpa rency enable disable
Purpose Enables or disables WAFS transparency. When WAFS

transparency is enabled, by default all servers will be polled by
the FB.
Excluding certain servers from WAFS Transparency

Command ACC1(WAFS)#transpa rency exclude
excluded-servers
Purpose Defines which servers to exclude from WAFS transparency.

Chapter 7 201
7
Displaying the excluded servers’ list
Command ACC1(WAFS)#show transparency excluded-
servers
Purpose Displays the list of servers that are excluded from WAFS
transparency.
Clearing the excluded servers’ list

Command ACC1(WAFS)#transpa rency excluded
servers clear
Purpose Clears the excluded servers’ list.

7
Configuring WAFS Management Screen
The WAFS management screen’s navigation pane is divided into the following work
categories:
System
File Services
Additional Services
Utilities (diagnostics, statistics and so on)
You can view these categories in two different operation modes: FB (FileBank) and
FBD (FileBank Director).
NOTE: Before starting to work with WAFS, it is advisable to set

the Accelerator time and configure DNS, so that the FB
and FBD can recognize each other. For details, see
section Setting the Accelerator’s Time, on page 99, and
section Configuring DNS, on page 251.
FileBank Categories
The following sections describe the WAFS management screen work categories, as
viewed when the WAFS operation mode is FB (FileBank):
FileBank System, on page 203
File Services, on page 205
Additional Services, on page 204
FileBank Utilities, on page 204
FileBank System
The System category includes the following subsections:
Setup Wizard - lets you set up FileBank in several simple steps. Once Setup is
complete, the FileBank can function. You should run the Setup Wizard prior to activating
FileBank. All parameters set via the Setup Wizard can be modified within the GUI.
Boot services - lets you control FileBank service and device status. Controlling the
service status lets you start, stop or restart FileBank service. Controlling the device
status lets you reboot or shut down the FileBank device.
Chapter 7 203
7
FileBank Services
This section describes FileBank File Services functions, which are as follows:
FileBank Directors - displays the current FileBank Director(s) for the FileBank, and lets
you Add or Delete FileBank Directors as necessary.
Virtual Servers - lets you configure FileBank to automatically add a prefix and/or suffix to
the original file server name defined at the FileBank Director site, to represent the local
virtual server. This helps distinguishing the local virtual server name from the Central File
Server name.
Windows Domain - lets you join the FileBank to the domain, use domain administrator
credentials (Username and Password), set the domain name, and add or delete
authentication servers.
Cache Settings - gives you cache statistics, and lets you control basic cache
functionality: cache validation frequency, and manual cache invalidation.
Fetch Settings - lets you define which data will be fetched from the Data Center for pre-
population of the Cache. Once fetched, this data resides in the Cache and can be
accessed immediately. Thus pre-population optimizes first-time access to this data.
System Users - lets you add and delete FileBank system users.
Filters - provides smart filters to enhance performance and bandwidth optimization over
the WAN.
Replication Services - the method by which the system can be set to optimize the
handling of very large files over the bandwidth-limited WAN link.
Additional Services
This section describes the FileBank Additional Services, which are:
Print Services - FileBank can be configured to serve as the local branch print server.
This screen lets you add network printers, view a list of already existing printers, and
delete printers, as required.
FileBank Utilities
This section describes the FileBank utilities, which are as follows:
System Diagnostics - lets you run a diagnostic test on the FileBank device to ensure
that the device is working properly. The results of the test will be displayed in the Results
area of this screen.

7
Logs - lets you generate FileBank activity logs for monitoring, optimization, and
troubleshooting purposes.
License Settings - displays current FileBank License status (Valid/Invalid) and is used
for attaching a valid license file if this was not done during Setup, or if an earlier license
has expired.
System Statistics - displays a list of connected users, with their Session ID, Username,
Group and Machine. To update the list, use the Refresh button.
FileBank Director Categories

The following sections describe the WAFS management screen work categories, as
viewed when the WAFS operation mode is FBD (FileBank Director):
FileBank Director System, on page 205
File Services, on page 205
FileBank Director Utilities, on page 206
FileBank Director System

The System category includes the following subsections:
Setup Wizard - lets you set up FileBank Director in several simple steps. Once Setup is
complete, the FileBank Director can function. You should run the Setup Wizard prior to
activating FileBank Director. All parameters set via the Setup Wizard can be modified
within the GUI.
Boot services - lets you control FileBank Director service and device status. Controlling
the service status lets you start, stop or restart FileBank Director service. Controlling
the device status lets you reboot or shut down the FileBank Director device.
File Services
This section describes the following functions offered by FileBank Director:
FileBank Director Settings - lets you define the Listen Port Assignments settings and
set the FileBank Director ID. The TCP (data transfer) and UDP ("keep alive") ports are set
to 4049 by default, but can be changed if necessary.
System Users - used for managing internal users that are used by specific Expand
services (for example: Replication Service).
Chapter 7 205
7
File Servers - to add file severs to be exported through the Expand WAFS solution and
the FileBank Director, enter the file server name —and optionally an alias—in this screen.
Filters - allow Expand to avoid unnecessary compression attempts on files that are
already compressed, thereby improving overall system performance.
Replication Services - the method by which the system can be set to optimize the
handling of very large files over the bandwidth-limited WAN link.
FileBank Director Utilities

This section describes the FileBank Director utilities, which are as follows:
System Diagnostics - lets you run a diagnostic test on the FileBank Director device to
ensure that the device is working properly. The results of the test will be displayed in the
Results area of this screen.
Logs - lets you generate FileBank Director activity logs for monitoring, optimization, and
troubleshooting purposes.
License Settings - displays current FileBank Director license status (Valid/Invalid) and is
used for attaching a valid license file if this was not done during Setup, or if an earlier
license has expired.

7
Understanding Web Acceleration
The Web Acceleration plug-in improves response times for HTTP/FTP-based
applications.
NOTE: Web Acceleration is supported in hard-drive versions of

the Accelerator. On all other Accelerator platforms,
HTTP traffic will continue to be accelerated by using
Expand’s patented caching and compression algorithms
The Web Acceleration plug-in serves requested objects from its cache. If the object is
not in the cache, it retrieves the object on behalf of the client from the original server,
caches it (when relevant) and serves the client's request.
Web Acceleration guarantees network transparency. When the Accelerator is deployed
on the network, there is no need for any configuration modification of connected LAN
clients.
In On-Path deployments, HTTP transparency will also apply to the server side, meaning
that if a sniffer is used between an Accelerator and the default gateway, HTTP packets
will be seen to contain the client and server IP addresses. FTP traffic will be transparent
only on the client side.
In On-LAN deployments, transparency will apply only to the client side. A sniffer placed
between an Accelerator and the default gateway will see packets containing the
Accelerator and server IP addresses. This later is necessary to guarantee that replies will
travel via the Accelerator’s Web Cache engine and not be delivered directly to the client.
Web Acceleration supports both FTP and HTTP caching.
FTP caching: the Web Acceleration cache guarantees that objects sent to the client from
the cache are always fresh (only supported if the FTP server supports MDTM ex, vsftpd as
well as SIZE headers). Both Passive and Active FTP caching modes are supported.
HTTP caching: the object will have an aging time in the cache until it is retrieved again
from the server.
NOTE: Because the Web Acceleration plugin consumes RAM, it

affects the number of tunnels configurable on the
Accelerator. Web Acceleration can cache objects up to 1
GB in size.
Chapter 7 207
7
Configuring WEB Acceleration via the WebUI
The WebUI lets you configure HTTP acceleration and FTP acceleration.
Configuring HTTP Acceleration

You can use the WebUI to enable HTTP Acceleration and carry out most of the
advanced configuration.
SeT
To enable HTTP caching via the WebUI:

1. Under Services click Web Acceleration,
followed by HTTP Acceleration, and then select
Configuration.
2. In the HTTP acceleration field, scroll down to
Enable.
In addition, you can use the WebUI to clear the
HTTP cache.
To clear the HTTP acceleration cache:

1. Under Services click HTTP Acceleration.
2. Click the Clear Cache button.

7
To set the type of content to be cached:
1. Under Services click HTTP Acceleration.
2. In the Cache content field, scroll down to select
one of the following types of content to be
cached.
Enterprise caches all traffic from links and virtual links.
Internet caches all traffic on the non-link.
All caches all traffic, be it link, virtual link or non-link.
Setting Advanced HTTP Parameters

The Advanced HTTP Acceleration Configuration opens, letting you set the following
parameters:
Connect Timeout The time period (in seconds) that should pass
before disconnection (default: 60).
Maximum Object Can be set, either in Kilobytes or in Megabytes,

Cache Size to any value between 1 and 100 Mbytes.
Cache Lets you define whether to cache data that

authenticated arrives from authenticated servers, such as
requests authentication requests.
If you set this option to Enable, the data from
such servers will be cached even if no Public
indication was set in the authenticated server. If
any other condition exists, which prevents the
data from being cached (for example: a Private
flag), the data will not be cached, but it would
still be accelerated.
Enable Proxy Select this box to enable the proxy server.

Server If this box is selected, you can set manually the
proxy IP address and the proxy port number.
Chapter 7 209
7
Setting HTTP Acceleration Rules
The HTTP Acceleration Rules screen lets you configure Direct and No Cache rules
supported by HTTP acceleration.
To set HTTP Acceleration rules:
1. Under Services click Web Acceleration, followed
by HTTP Acceleration, and then select Rules.
2. In the Type field, scroll down to select either
Direct Rule or No Cache Rule.
You should enter regular expressions in the edit
fields of both rules.
The expression entered in Direct Rule should be
valid on a URL, and determines that all requests
that match this expression are always forwarded
directly to the origin server, without using the
proxy server. For example: if you apply rule direct
avaya, all requests that match the avaya regular
expression will be forwarded directly to the origin
server.
The expression entered in No Cache rule
determines that traffic directed to a specific URL,
which matches this specific expression (for
example: no cache avaya) will be neither cached
nor retrieved from the cache, and after the traffic
is retrieved from the server it will not be cached.
In both cases (Direct and No Cache rules) you
can define multiple rules.

7
NOTE: The Direct rule should be applied only if proxy is
configured.
Follow these steps to configure proxy:
In Internet Explorer - Select Tools > Internet Options,
and then the Connections tab. In the bottom section of
this tab, click the LAN Settings button and use the Proxy
server section of the LAN Settings tab to configure a
proxy server.
In Mozilla FireFox - Select Tools > Options, and in the
Connection section click the Connection Settings button.
In the Connection Settings dialog box, select the Manual
proxy configuration button and use the Proxy server
section of the LAN Settings tab to configure a proxy
server.
NOTE: Before configuring a rule direct regular expression, you

must configure in the client’s browser the same settings
configured in the Accelerator.
For example: If you want to set a rule direct to all sites
beginning with http://www.g4tv, then in Internet
Explorer select Tools > Internet Options, and then the
Connections tab. In the bottom section of this tab, click
the LAN Settings button and select the checkbox Use a
Proxy server for your LAN. Then, click the Advanced
button and in the Exceptions section of the Proxy
Settings tab, indicate http://www.g4tv as the beginning
of an address for which proxy server will not be used.
In Mozilla Firefox, Select Tools > Options, and in the
Connection section click the Use Connection Settings
button. In the Connection Settings dialog box, type http://
www.g4tv in the No proxy for field.
Chapter 7 2 11
7
Configuring FTP Acceleration
To enable FTP caching via the WebUI:

1. Under Services click Web Acceleration, followed
by FTP Acceleration.
2. In the FTP acceleration field, scroll down to
Enable.
In addition, you can use the WebUI to clear the
FTP cache.
To clear the FTP acceleration cache:

1. Under Services click FTP Acceleration.
2. Click the Clear Cache button.
To set advanced FTP parameters, click the Advanced Configuration button.

7
The Advanced FTP Acceleration Configuration opens, letting you set the following
parameters:
Connect Timeout The time period (in seconds) that should pass
before disconnection (default: 60).
Translation Mode Sets the FTP translation mode as follows:

Active: Changes the Client translation mode to
Active.
Active mode FTP may cause the client side
firewall to interpret the connection from the
server as an outside system initiating a
connection to an internal client. This type of
connection is usually blocked.
Passive: Changes the Client translation mode to
Passive.
In passive mode FTP the client initiates both
connections to the server, solving the problem
of firewalls filtering the incoming data port
connection to the client from the server.
By default, the mode set on the FTP client is
used on the Accelerator.
When None is set, no translation is carried out.
Cache per User Ascribes a cache object to a single user.

Namely, when a specific user accesses a file
from the server, the file is cached per this user,
and the next time a user with the same user
accesses the file, it will be served from the
cache. However, for anyone who logs in with a
different user name, the file will be fetched
directly from the origin server and not from the
cache.
Server Port Number Lets you manually set the port number used for
caching (default: 21).
Chapter 7 213
7
Configuring WEB Acceleration via the CLI
Some parameters common to both HTTP and FTP Acceleration are configurable via
the CLI as follows:
Setting Web Acceleration

Command ACC1(config)#web-acceleration
Purpose Enters Web-Acceleration configuration mode
Clearing the Cache

Command ACC1(web-acceleration)#cache clear
Purpose Clears the HTTP and FTP caches.
Viewing Web Acceleration Parameters

Command ACC1(web-acceleration)#show
Purpose Displays Web-Acceleration parameters.
Using Regular Expression in HTTP Acceleration/Caching

The AcceleratorOS incorporates regular expressions in several specific rules for HTTP
acceleration and caching.
A regular expression is a pattern that can match various text strings. Regular
expressions are made up of normal characters (upper and lower case letters and digits)
and metacharacters. The metacharacters have special meanings, as described in detail
in the table below.
For example, when defining the rule no cash, you can use the syntax rule no cash
avaya$, which specifies that pages with avaya at the end of the line, such as
www.avaya, will never be cached, while pages that do not have avaya at the end of the
line, such as www.avaya.com, will be cached and afterwards retrieved from the cache.

7
Metacharacter Description Example
. Matches any single w.rd would match word and
character. ward but not weird.
$ Matches the end of a attack$ would match the end
line. of the string Denial of service
attack but not Denial of
service attacks.
^ Matches the ^in case would match the
beginning of a line. beginning of the string In
case of emergency but not
What to do in case of attack.
* Matches zero or more .* matches any number of
occurrences of the any characters.
character immediately
preceding.
\ Quoting character, used \. matches the period
for treating the following character instead of any
character, which is single character.
usually a \$ matches the dollar sign
metacharacter, as an character instead of the end
ordinary character. of the line.
[] Matches any one of p[aeo]t matches pat, pet and
the characters pot but not put.
between the brackets.
[c1-c2] Matches a range of 0-9] matches any single digit.
characters, specified [A-Za-z] matches any upper
by using a hyphen. or lower characters.
You can also specify
multiple ranges of
characters.
Chapter 7 215
7
Metacharacter Description Example
[^c1-c2] Matches any [^158A-C] matches any
characters except characters except 1, 5, 8 and
those in the range. upper case a, b and c letters.
+ Matches one or more 9+ matches 9, 99, 999.
occurrences of the
character or regular
expression
immediately
preceding it.
Of course, you can combine several regular expressions to look more specifically, as
indicated in the following examples:
^http://www\.*\.com - looks for every website that starts with http://www. and ends with
.com.
\.sol\. - looks for every occurrence of the .sol. string.
Configuring HTTP Acceleration via the CLI
Enabling/Disabling HTTP Acceleration

Command ACC1(http-acceleration)#http-
acceleration [enable | disable]
Purpose Enables/disables HTTP Acceleration. By default HTTP

Acceleration is disabled.
Configuring the Proxy Server IP and Port

Command ACC1(http-acceleration)#proxy outgoing
host <proxy IP> <proxy listening port>
ACC1(http-acceleration)#no proxy
outgoing host <proxy IP> <proxy
listening port>
Purpose Configures the proxy server IP and listening port. This

command should be configured only if DNS is configured.

7
NOTE: If Proxy is enabled, it is not possible to disable DNS
before proxy is disabled.
Specifying Directly Forwarded Requests

Command ACC1(http-acceleration)#rule direct
<url regex>
ACC1(http-acceleration)#no rule direct
<url regex>
ACC1(http-acceleration)#show rule
direct <url regex>
Purpose Defining a regular expression that is valid on a URL. For

example: rule direct avaya. When this rule is applied, all
requests for the avaya URL will be forwarded directly to the
avaya server, without passing through the proxy server.
NOTE: This command should be configured only if proxy is

configured.
Follow these steps to configure proxy:
In Internet Explorer - Select Tools > Internet Options,
and then the Connections tab. In the bottom section of
this tab, click the LAN Settings button and use the Proxy
server section of the LAN Settings tab to configure a
proxy server.
In Mozilla FireFox - Select Tools > Options, and in the
Connection section click the Connection Settings button.
In the Connection Settings dialog box, select the Manual
proxy configuration button and use the Proxy server
section of the LAN Settings tab to configure a proxy
server.
NOTE: You can define multiple rules.
Chapter 7 217
7
NOTE: Before configuring a rule direct regular expression, you
must configure in the client’s browser the same settings
configured in the Accelerator.
For example: If you want to set a rule direct to all sites
beginning with http://www.g4tv, then in Internet
Explorer select Tools > Internet Options, and then the
Connections tab. In the bottom section of this tab, click
the LAN Settings button and select the checkbox Use a
Proxy server for your LAN. Then, click the Advanced
button and in the Exceptions section of the Proxy
Settings tab, indicate http://www.g4tv as the beginning
of an address for which proxy server will not be used.
In Mozilla Firefox, Select Tools > Options, and in the
Connection section click the Use Connection Settings
button. In the Connection Settings dialog box, type http://
www.g4tv in the No proxy for field.
Preventing the Caching of Specific Pages

Command ACC1(http-acceleration)#rule no-cache
<url regex>
ACC1(http-acceleration)#no rule no-
cache <url regex>
ACC1(http-acceleration)#show rule no-
cache <url regex>
Purpose Setting a regular expression, valid on a URL, which defines

that specific pages will never be cached. When this rule is
applied, upon any request for these pages data will not be
retrieved from the cache, and after these pages were retrieved
from the server they will not be cached.
NOTE: The CLI does not allow regular expression using the
following characters: # ‘ “ ,. A message error will be
displayed as a result of any attempt to insert such a
character
NOTE: This command should be configured only if proxy is

configured.
You can define multiple rules.

7
Configuring whether to Preserve the Client’s Original Source Port
Command ACC1(http-acceleration)#port-
transparency [enable | disable]
Purpose This command configures whether the Client's original source

port will be preserved. By default, port transparency is
disabled.
NOTE: Preserving the port may have bad implications on

outgoing traffic from the Web cache. On the other hand,
if the source port is not preserved, it is not possible to
activate the QoS mechanism according to the source
port.
Configuring Transparency Support

Command ACC1(http-acceleration)#transparency
[auto | semi | full]
ACC1(ftp-acceleration)#transparency
[auto | semi | full]
Purpose This command configures the status of the interception proxy.

The interception proxy can be configured as transparent
(namely, the proxy server’s IP address will not be detected by
sniffing). Three statuses are possible:
Semi - applying transparency only on the Client side.
Full - applying transparency on both the Client and the
server sides.
Auto - setting the transparency status automatically
according to deployment, namely: Semi in On-LAN deployment
and Full in On-Path deployment.
Setting the HTTP Port

Command ACC1(http-acceleration)#port [port
number]
Purpose Sets the default port on which HTTP traffic generally arrives.
The default is 80.
Chapter 7 219
7
Setting Content to be Cached
Command ACC1(http-acceleration)#cache-content
[enterprise | internet | all]
Purpose Sets the type of content to be cached:

All caches all link, virtual link and non-link traffic.
Setting the Cache Size

Command ACC1(http-acceleration)#cache-size
[number in MB]
Purpose Sets the size of the cache (between 1 and 60 GB). Default is
16 GB.
Approximately 10 MB of RAM is needed for each 1 GB of data
cached.
Setting the Maximum Object Size

Command ACC1(http-acceleration)#max cached-
object-size [number in MB]
Purpose Sets the maximum size for objects stored in the cache. Default
is 4096 KB.
Clearing the Cache

Command ACC1(http-acceleration)#cache clear
Purpose Clears the HTTP Acceleration cache.
Setting the Connection Timeout

Command ACC1(http-acceleration)#connect-
timeout [number]

7
Purpose Sets the amounts of time (in seconds, between 1 and 600) for
a client to remain connected with no traffic being cached.
Default is 60 seconds.
Setting logs
Command ACC1(http-acceleration)#log-level
[alert | error | info | warning]
Purpose You can set the Accelerator’s log file to accumulate events that
occur in HTTP Acceleration. To set the type of alerts to be
accumulated, set the lowest level of alert to be logged. By
default, logging is disabled. When enabled, the default level is
Error.
Configuring FTP Acceleration via the CLI

Enabling/Disabling FTP Acceleration
Command ACC1(ftp-acceleration)#ftp-
acceleration [enable | disable]
Purpose Enables/disables FTP Acceleration. By default FTP

Acceleration is disabled.
Setting FTP Translation Mode

Command ACC1(ftp-acceleration)#ftp-
translation-mode [active | passive |
none]
Chapter 7 221
7
Purpose Sets the FTP translation mode as follows:
Active: Changes the Client translation mode to Active.
Active mode FTP may cause the client side firewall to interpret
the connection from the server as an outside system initiating a
connection to an internal client. This type of connection is
usually blocked.
Passive: Changes the Client translation mode to Passive.
In passive mode FTP the client initiates both connections to the
server, solving the problem of firewalls filtering the incoming
data port connection to the client from the server.
By default, the mode set on the FTP client is used on the
Accelerator.
When None is set, no translation is carried out.
NOTE: The FTP Translation Mode does not need to be

symmetrical across the network. For example, the
client can operate in passive mode while the Accelerator
operates in active mode.
Setting the FTP Port

Command ACC1(ftp-acceleration)#port [port number]
Purpose Sets the default port on which FTP traffic generally arrives. The
default is 21.
Setting Content to be Cached

Command ACC1(ftp-acceleration)#cache-content
[enterprise | internet | all]
Purpose Sets the type of content to be cached:

All caches all link, virtual link and non-link traffic.
Setting the Cache Size

Command ACC1(ftp-acceleration)#cache-size
[number in MB]

7
Purpose Sets the size of the cache (between 1 and 60 GB). Default is
50 GB.
Approximately 360 KB + 8 MB of RAM is needed for each 1
GB of data cached.
Clearing the Cache

Command ACC1(ftp-acceleration)#cache clear
Purpose Clears the HTTP Acceleration cache.
Setting the connection timeout

Command ACC1(ftp-acceleration)#connect-timeout
[number]
Purpose Sets the amounts of time (in seconds, between 1 and 600) for
a client to remain connected with no traffic being cached.
Default is 60 seconds.
Setting logs Acceleration

Command ACC1(ftp-acceleration)#log-level
[alert | error | info | warning |
debug]
Purpose You can set the Accelerator’s log file to accumulate events for
that occur in FTP Acceleration. To set the type of alerts to be
accumulated, set the lowest level of alert to be logged. By
default, logging is disabled. When enabled, the default level is
Error.
Chapter 7 223
7
Enabling Citrix Acceleration
Citrix Acceleration optimizes applications by using small packets such as Citrix, rdp,
and telnet. To configure Citrix Acceleration for such optimizations, match application to
class and enable the class on all links. To define advanced configuration settings, such
as class configuration and link-specific settings, use the CLI.
The application names are predefined in the system. To add a new application, use the
Setup > My Applications menu.
The aggregation classes are as follows:
Citrix - enables Citrix acceleration on Citrix, telnet and ms-terminal-server applications.
Default - enables Citrix acceleration on small-packet, encrypted applications such as
pop3s, https and ftps.
Custom 1 - enables Citrix acceleration on a specific, user-defined link.
Custom 2 - enables Citrix acceleration on a specific, user-defined link.
To add a new match between an application name and an

application class:
1. Select an application name from the Select
Application drop-down list.
2. Select an aggregation class from the Select Class
drop-down list.
3. Click Add.
The new match now appears in the Matching Application to Class table.
To apply a specific Citrix aggregation class on all links:
1. Select the Enable option for the relevant class.
2. Click the Apply to All Links button.
3. When prompted whether you want to configure
Citrix acceleration on all links, click OK.
Note: The Citrix Acceleration screen lets you apply Citrix

aggregation only on all links. To apply Citrix
aggregation on a specific link, use the Post
Acceleration Aggregation section of the My Links
table under Setup tab. For details, see section
Editing Existing Links, on page 261.

7
Chapter 7 225
7

7

8
8 Setting Advanced Parameters
Advanced setup includes complex configuration that should be attempted only by
trained and certified Accelerator operators.
You can set the following advanced parameters for the Accelerator:
Handling WANs: Adding additional WANs, editing the default WAN
Adding a WAN: Modifying interface settings, working with VLAN
Handling Interfaces: modifying speed and duplex settings via the My Interfaces menu
Creating Static ARP Entries: Modifying the ARP table
Defining Authentication Settings: Setting passwords for the Accelerator
Understanding Router Redundancy Protocols: Working with HSRP and VRRP
Setting VRRP Group Number: Setting advanced link properties
Dial-on-Demand: Deploying the Accelerator in environments that have routers with dial-
up (dial-on-demand) interfaces.
Chapter 8 P. 2 2 9
Setting Advanced Parameters
8
Handling WANs
The Accelerator arrives preconfigured with one default WAN. To define the bandwidth
setting for this default WAN, select Setup - My Accelerator - Basic menu, and then click
the Advanced Settings button to open the Advanced Settings screen.
On large networks (for example in cases where there are two routers or one router with
multiple WAN interfaces) in which the Accelerator will optimize the traffic of more than
one WAN, you can add additional WANs to the Accelerator.
To add a WAN to the Accelerator:

1. In the Accelerator’s WebUI, click the Setup tab,
followed by Networking, and then My WANs.
2. In the WANs menu, enter the name and
Bandwidth Out of the new WAN.
Select the Enable Bandwidth In checkbox to set a
bandwidth limit on incoming traffic, then select the
Bandwidth In value and click Add.
The new WAN will appear below the default-WAN
in the WAN table.
Highlight a WAN and use the Delete button if at
any point you want to delete a WAN.
3. To edit an existing WAN, highlight the WAN in the
WAN Table and click the Edit WAN button.
In the Edit WAN popup, it is possible to modify the
WAN name, and In and Out Bandwidth.

8
NOTE: The total WAN bandwidth will always be enforced. It is

the sum of all WANs configured for the Accelerator
Adding a WAN
Command ACC1(config)#wan [name]
Purpose Creates a new WAN.
Chapter 8 231
8
Handling Interfaces
The Accelerator automatically detects the MAC address and Speed and Duplex
settings for each of its interfaces. You can perform all required speed and duplex
setting modifications via the My Interfaces menu. The interface name corresponds to
the name printed on the back panel of the Accelerator and cannot be modified. The
MAC address is permanent and cannot be modified.
The Speed and Duplex settings let you define the link as either 10 or 100 Mbits (or
1000 Mbits for the Accelerator 6800 series) and as either Half or Full duplex.
The Auto setting will automatically configure the Accelerator to the detected link speed
and duplex setting (this is the default setting).
NOTE: Setting wrong interface speed and duplex values for the
Accelerator may result in many errors on the line
towards the router, and even loss of connectivity. If you
are uncertain as to the speed and duplex setting
required, you can use the Auto setting; however it is
recommended to manually set the speed and duplex.
NOTE: When the Accelerator is installed in an On-Path

deployment, ensure that both interface 0/0 and 0/1 have
the same link speed and duplex settings. If the
Accelerator operates in bypass mode for any reason,
this will enable the two devices adjacent to the
Accelerator to interact.
To modify interface speed and duplex setting:

1. In the WebUI, click the Setup tab, followed by
Advanced, and then My Interfaces.
2. In the Interfaces Table, click on the name of the
Interface to be modified, use the Speed & Duplex
drop-down menu to select the proper speed and
duplex setting and click Submit.
8
Modifying Interface Speed and Duplex
Command ACC1(config)#interface ethernet [0, 0/
1, 0/0]
ACC1(interface)link-mode
1000Mbit-full
100Mbit-full
100Mbit-half
10Mbit-full
10Mbit-half
auto
Purpose Sets the speed and duplex setting of the interface.
Working with VLAN

The Accelerator supports protocol 802.1q VLAN. VLAN is a virtual layer on top of the
Ethernet that enables the Ethernet to be divided into smaller virtual groups.You can
add up to 255 VLAN groups to the Accelerator.
You can set Each VLAN group, identifiable by a number, on any basis (precise
location, department, primary application, type of user, and so on). The Accelerator
can incorporate itself into a VLAN network as follows: You can assign the Accelerator
a VLAN ID, enabling it to be considered as part of a VLAN group.
If VLANs are defined on the Accelerator, all VLAN traffic will pass as bridged traffic.
Defining a VLAN as Native means that the Accelerator uses the IP address from its
local interface as the IP address for a particular VLAN. The Accelerator will handle
packets arriving tagged from the Native VLAN, but will forward them without the tag
(this is especially useful in setups in which the router does not support VLAN). Setting
the Accelerator to work in with Native tagged will enable the Accelerator to set one
VLAN as Native with the IP address from its local interface, but will forward packets
received from the native VLAN with the tag.
If traffic is already handled (for example if VoIP is set on a separate network and
receives priority), the traffic that is not to be handled by the Accelerator should not be
set as a VLAN and it should not be advertised anywhere in the Accelerator network -
the traffic should be bridged through the Accelerator.
Chapter 8 233
8
The following figure depicts working with VLAN in an On-LAN configuration.
In the setup depicted, VLAN 1, 2 and 3 are defined in the Accelerator. VLAN 1 is
defined as native, meaning that it takes its IP address from the Accelerator’s Local
interface. A second 802.1q trunk is created from the Layer-2 switch to the Accelerator
enabling VLAN support in an On-LAN environment.

8
The following figure depicts working with VLAN in an On-Path configuration:
Chapter 8 235
8
The Accelerator is connected directly to a Layer-2 switch via a VLAN (802.1q) trunk.
VLAN 1, 2 and 3 are defined in the Accelerator and VLAN 1 is defined as Native.
To include the Accelerator in a VLAN group:
Advanced, and then VLAN Interfaces.Changed -
used to be My Interfaces. and then click a button
to see VLAN Interfaces - March 8, 2007.
2. In the VLAN Interfaces menu, enter the
necessary VLAN ID number (0 to 4095).
3. The Accelerator must have an extra IP address
and Subnet Mask for each VLAN group it joins.
To enter an IP address and subnet mask to be
used within the VLAN group, select the IP
address radio button and enter the IP address and
subnet mask into the supplied fields.`
To use the Accelerator’s original IP address and
subnet mask as its address within the VLAN
group, select the Native IP setting radio button.
When Native is selected, it is possible to select
the Tagged checkbox to include the VLAN tag in
the packets sent from the Native VLAN.
All VLAN interfaces added will appear in the
VLAN Interfaces table, at the bottom of the
screen.
NOTE: It is unusual for the Native VLAN to be tagged. Please

check if indeed it is. Otherwise the IP address in the
Local Interface will act in the Native VLAN

8
Setting VLAN
Command ACC1(config)#interface vlan [number]
x.x.x.x x.x.x.x (enter ip address and
subnet mask)
or
native
or
native tagged
Purpose Enables VLAN, sets group number and IP address or native or

native tagged.
Accelerator IP address as VLAN group IP address.
Chapter 8 237
8
Creating Static ARP Entries
If you want to make a replacement within the ARP table, you can add a static ARP
entry, by mapping a specific IP address to a specific MAC address.
To map a static ARP entry:
Networking, and then ARP.
In the ARP menu, add the IP address and MAC
address to be mapped.
2. If this change is to be permanent, select the
permanent checkbox. Otherwise, this entry will
remain until the next Accelerator reboot, or until it
is deleted from the ARP table.
3. Click the Add Static Entry button.
The entry appears in the ARP table.
If you want to delete the entry, click the Delete
button. To delete the entire ARP table, including
all its entries, click the Clear All button.
Adding Entries to the ARP Cache via the CLI

Command ACC1(config)#arp [IP address x.x.x.x] [MAC
address x x:xx:xx:xx:xx:xx]
Purpose Sets manual ARP cache entries.
Clearing the ARP Cache

Command ACC1(config)#arp clear-table [volatile]

8
Purpose Clears the ARP cache table. Using the volatile
variable lets you clear entries from the active
ARP without clearing the database.
Command ACC1(config)#arp cache max-size [ number

between 128000 and 8000000]
Purpose Sets a limit on the size of the ARP cache.
Chapter 8 239
8
Defining Authentication Settings
Command ACC1(config)#arp cache limits [ three
numbers between 128000 and 8000000]
Purpose Sets three limits on the size of the ARP cache.
The Accelerator lets you modify the password necessary for logging in.
To modify the password:

followed by Security, and then Authentication.
2. In the field provided, enter the new password.
3. Re-enter the new password for confirmation.
4. Click the Change Password button.
Understanding Router Redundancy Protocols

Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP)
are router redundancy protocols that provide network resilience for IP networks,
ensuring that user traffic immediately and transparently recovers from first-hop failures
in network edge devices or access circuits.
In HSRP and VRRP, multiple network devices can act in concert to present the illusion
of a single virtual router to the hosts on the LAN, by sharing an IP address (known as a
Virtual IP Address or VIP) and a MAC address. HSRP is a Router Protocol developed
by Cisco (RFC 2281), while VRRP is the IETF standard for redundancy protocols (RFC
2338). The main differences between the two are that HSRP requires you to dedicate
an extra IP address as a virtual IP address for the group, while VRRP lets you use the
IP address of one of the devices already in the group, or set a dedicated VIP. VRRP
takes up less network overhead.
In HSRP the devices are all configured with a priority status within the group. In
general, the device with the highest priority will naturally be the Active device; the
8
device with the next-highest priority is the Standby device that takes over in the event
of Active device failure or unavailability. Dominant devices in the virtual HSRP group
continually exchange status messages, enabling one device to assume the routing
responsibility of another, should it stop operating for either planned or unplanned
reasons. If the Active device fails, the Standby device assumes the packet-forwarding
duties of the Active device. If the Standby device fails or becomes the Active device,
another device is selected as the Standby device.
VRRP works in much the same way. In general, the Master device is configured to
have the highest priority and will be active in the group. It acquires the Virtual IP
address of the group, but does not have management functionality of the Virtual IP,
only the transfer capabilities. The Backup devices perform the standby function. The
VRRP can include many backup devices, and this protocol does not support knowing,
at any given time, which backup device will take over in the event of failure.
Hosts continue to forward IP packets to a consistent IP and MAC address, and the
changeover of devices is transparent. The recovery time of the VRRP is about 3 times
faster than HSRP (the HSRP default is 10 seconds instead of 3 seconds in VRRP).
Accelerators can take part in HSRP and VRRP and work in tandem with the routers
that provide backup for the network. The following figures display an Accelerator
Chapter 8 241
8
application working with routers in a virtual HSRP and VRRP group. The Accelerator
and routers are configured with the MAC address and the IP network address of the
virtual HSRP/VRRP group.
The Accelerator is configured to have the highest priority and work as the Active/Master
device. It is configured with the IP address and MAC address of the virtual router and
forwards any packets addressed to the virtual router.
In HSRP, one of the routers acts as the Standby router, so that if, due to severe power
failure or any other unlikely event, the Accelerator stops transferring packets, the router
protocol gets into effect and the router assumes the duties of the Accelerator and
becomes the Active device.
In VRRP, both routers are configured as backup routers. Therefore, if due to severe
power failure or any other unlikely event the Accelerator stops transferring packets, one
of the backup routers assumes the duties of the Accelerator.

8
Configuring HSRP
The AcceleratorOS lets you set up HSRP groups, either manually or by automatic
detection.
The following sections describe the options for configuring HSRP groups.
Enabling HSRP Automatic Detection, on page 243
Setting Manual HSRP Configuration, on page 244
Autodetecting HSRP Groups, on page 248
Setting HSRP Group Number, on page 248
Enabling HSRP Automatic Detection

The Accelerator can auto-detect HSRP groups on its networks and add them to its
Group Table. When the groups are added, by default the Accelerator does not join the
groups.
To automatically detect all HSRP groups:

Networking, and then HSRP.
2. In the HSRP screen, select the Auto Detect
checkbox.
The HSRP table will automatically fill up with the
details of the HSRP groups detected on the
network.
3. While the Accelerator will add these groups, by
default its status in the groups will be Not Joined.
4. To Join the HSRP group or to modify other HSRP
parameters, highlight the HSRP group in the table
and click the Edit button.
Chapter 8 243
8
Setting Manual HSRP Configuration
If the Automatic detection does not find an HSRP group, or an HSRP group is to be
manually added or edited, you can modify the parameters as follows.
To manually modify the HSRP configuration:
Networking, and then HSRP.
2. In the HSRP menu, enter the Group ID number (0
- 255), the Virtual IP address, the Priority (0 -
255), the Virtual MAC address and the status of
the Accelerator in the group (whether the Joined
option is Disabled or Enabled).
3. Click Add.
The HSRP group immediately appears in the
HSRP table.
4. To modify the information, highlight the row in the
HSRP table and click the Edit button to modify
the following parameters:.
Group ID You must enter a group number, even if the

target group is group 0.
Virtual IP All devices in the HSRP group must have

Address the same Virtual IP address.
Adding a virtual IP address of 0.0.0.0 will
put the group into Learn mode, in which the
selected group will try to learn the IP
address from the network.
Priority Setting the Accelerator’s priority lets you

select its status in the HSRP group.
If two devices in the HSRP group have the
same priority, the Active router will be set
according to IP address. Expand does not
recommend this setup.
Virtual MAC All devices in the HSRP group must have

Address the same Virtual MAC address.

8
Joined Enable or Disable the Accelerator’s status
in the group. Joining the group will enable
the Accelerator to function as any other
router in the HSRP group.
Authentication If Authentication is enabled in the HSRP

group, the Authentication command lets you
set the authentication password to
communicate with the routers in the group.
The default setting for the authentication
command is cisco.
If you change the default authentication
setting, verify that all the other devices in
the HSRP group have the same
authentication setting.
Force Priority Force Priority gives the Accelerator the

highest priority in the HSRP group at all
times. When this is enabled, Preempt is
also enabled automatically.
Force Priority is done per group and will
enable the Accelerator to hold the highest
priority of the selected group.
Once the Accelerator is set to have the
highest priority, it will become the active
router in the HSRP group.
Chapter 8 245
8
Preempt Preempt is used for determining how to
react when a higher priority router joins the
group. When enabled, the higher priority
router will prevail, when disabled, the higher
priority router will assume the Standby
mode until the current Active router
experiences a failure.
Setting the Accelerator to enable preempt is
useful when you want the Accelerator to
remain active as much as possible. On the
other hand, the change-over between one
device and another can take two to three
seconds, during which the network has no
default gateway, so you have to use
preempt carefully.

8
Hello and Hold The Hello Time and Hold Time set the
Timers packet rate between the devices in the
HSRP group. Hello time is the interval
between Hello messages (an exchange of
HSRP priority and state information) and the
Hold Time is the interval between a receipt
of a Hello message and the presumption
that the sending router/Accelerator has
failed.
Expand recommends that you do not
change the default timer setting.
The default rate is 3 second Hello Time and
10 second Hold Time.
It is recommended that the Hold Time be
more than three times the length of the
Hello Time.
Decreasing timer-default rates will shorten
the time that the network has without a
default gateway during Active router
changeover, but will increase the protocol
bandwidth overhead and vice versa.
If the Accelerator is not currently the Active
device in the HSRP group, Timer settings
will be derived from the Active device and
any timer configurations that you set in the
Accelerator will not be saved.
All members of the HSRP group must have
the same Hello Time and Hold Time. If you
change the default parameters, ensure that
you update all members of the HSRP group
with the new parameters.
HSRP over If the Accelerator is part of a VLAN group, in

VLAN order to operate with HSRP the VLAN group
number must be updated (0 to 4095).
Chapter 8 247
8
Autodetecting HSRP Groups
Command ACC1(config)#HSRP autodetect enable/
disable
Purpose The Accelerator can auto-detect HSRP groups on its networks

and add them to its Group Table
Setting HSRP Group Number

Command ACC1(config)#HSRP [number]
authentication [string]
force-priority
ip (update IP address- create group if it
doesn't exist)
join
leave (leave HSRP group)
preempt
priority [number 0 - 254]
timers
virtual-mac (virtual MAC address)
vlan (assign HSRP group to VLAN)
Purpose Sets manual configuration of HSRP

8
Configuring VRRP
Unlike HSRP, VRRP cannot be configured automatically and must be added manually.
To manually modify the VRRP configuration:

Networking, and then VRRP.
2. In the VRRP menu, enter the Group ID number (0-
255), the Virtual IP address, the Priority (1-254),
the preempt status and the timer setting.
3. Click Add.
The VRRP group immediately appears in the
VRRP table.
4. To modify the information, highlight the row in the
VRRP table and click the Edit button to modify
the following parameters:.
Group ID You must enter a group number, even if the

target group is group 0. Accelerator VRRP
does not have a default group number.
Virtual IP All devices in the VRRP group must have

the same Virtual IP address.
Chapter 8 249
8
Priority Setting the Accelerator’s priority lets you
select its status in the VRRP group.
If two devices in the VRRP group have the
same priority, the Active router will be set
according to IP address. Expand does not
recommend this setup.
Once the Accelerator is set to have the
highest priority, it will become the active
router in the VRRP group.
Preempt Preempt is used for determining how to

react when a higher priority router joins the
group. When enabled, the higher priority
router will prevail, when disabled, the higher
priority router will assume the Standby
mode until the current Active router
experiences a failure.
Setting the Accelerator to enable preempt is
useful when you want the Accelerator to
remain active as much as possible. On the
other hand, the change-over between one
device and another can take two to three
seconds, during which the network has no
default gateway, so you have to use
preempt carefully.
Timer Sets the interval between the Hello

messages sent between VRRP group
members.
It is critical that all the devices in the VRRP
group have the same Timer setting. If for
some reason this must be modified, it
should be modified for all devices in the
group. The default setting is 1.
NOTE: In previous Accelerator versions, adding an HSRP/VRRP

group automatically included the Accelerator in the
group. In AcceleratorOS 6.0 after HSRP/VRRP group
parameters are updated, the Accelerator must join the
group. In the CLI this is accomplished using the join/
leave commands.
8
Setting VRRP Group Number
Command ACC1(config)#VRRP [number]
ip (update IP address- create group if it
doesn't exist)
preempt
priority [number 0 - 254]
timer
Purpose Sets manual configuration of VRRP
Configuring DNS
The Domain Name Server (DNS) Configuration screen lets you manage Domain Name
Servers and define domain name, domain name search path and static hosts..
To set a domain name:
Networking, and then DNS.
2. Enter the domain name in the Domain Name field.
3. Select whether to enable or disable IP Domain
Lookup.
4. Click Add.
The domain now appears in the Domain Name
Table.
To add a new server:

1. In the servers table, click Add.
2. In the Add New Server dialog box that opens now,
enter the new server’s IP address.
3. Click Submit.
The newly added server now appears in the
Servers Table.
Chapter 8 251
8
To delete an existing server:
1. In the servers table, highlight the line that
contains the server address, in order to select it.
2. Click Delete.
You will be prompted to confirm the deletion.
3. Click OK.
The server is now removed from the Servers
Table.
Use the steps mentioned above in order to add or delete domain names and static
hosts.

8
Managing Links
A Link is a logical connection between the Accelerator and each connected remote site
and its subnets. The Accelerator optimizes network performance over Managed Links
as well as Virtual Links. The Accelerator’s benefits are greatest when working opposite
another Accelerator, in a “Managed Link” environment. The Accelerator can provide
QoS services even to virtual links, when there are no Accelerators present on the
remote sites. In addition to Managed and Virtual links, the Accelerator enables
configuration of a single “Non-link”. The Non-link is the default link for all traffic not
assigned to any known subnet or remote Accelerator. Internet traffic is one example of
traffic assigned to the Non-link. This Non-link can be managed like any other link,
allowing you to determine traffic QoS and bandwidth restrictions for all traffic not
destined for your remote networks and Accelerators.
Clicking the Advanced button from the My Links menu, or highlighting a link in the
table and clicking the Edit button, enables complex link configuration.
To set advanced link properties:
1. In the WebUI, click the Setup tab, and then My
Links.
2. Enter basic link properties (for more information
see section Performing Setup via the Wizard, on
page 30).
3. Click the Advanced button.
4. In the Link Details Menu, update any additional
parameters as necessary:
Chapter 8 253
8
Link Name Set a name for the link, which will let you
identify it in the future (this is especially
important for large deployments).
Destination IP Set the IP address of the remote device.
Bandwidth Set the Outbound and Inbound bandwidth

to be dedicated to the Link by selecting a
value from the first drop-down menu or by
selecting Other and then entering a value
into the second field, and selecting the
relevant units (bps, Kbps, Mbps, Gbps).
The link will not exceed this bandwidth.
Setting the Inbound bandwidth will
automatically enable QoS capabilities on
Inbound traffic for this link.
MTU This sets the MTU of the link - which should

match the router. Only in specific setups
should it be lower, for example if there is a
GRE tunnel configured.

8
WAN Select the WAN over which this link will run.
By default, the Default WAN is selected. If
other WANs have been added to the
Accelerator, use the drop-down menu to
select them as necessary.
Large Cache Select the Large-Cache checkbox if you

would like to work with a cache that can be
larger than 16 MB (up to 256 MB). This
setting takes into account any information
regarding deployment size set in the
Topology setting.
This setting needs to be symmetrical only
on initial setup. Once a link is created, then
using this command will only update the unit
being configured.
Fragmentation Enables packets to be fragmented on this

link. If packets arrive larger than the set size
(68 to 6000), then the QoS mechanism will
break them up. This is useful for handling
latency on low bandwidth links. This applies
only to traffic set with a CoS value of low,
medium and high priority.
You do not have to configure fragmentation
symmetrically on both ends. Fragmentation
is accomplished on outgoing packets before
the packets are compressed.
NOTE: Packet Fragmentation does not work in RTM mode.
Chapter 8 255
8
Aggregation Enables aggregating small packets on this
link. If packets arrive smaller than the set
size (68 to 6000), then the QoS mechanism
will aggregate them and send them together
across the link. This applies only to traffic
set with a CoS value of low, medium and
high priority.
You do not have to configure aggregation
symmetrically on both ends. Aggregation is
accomplished on outgoing packets before
the packets are compressed.
Aggregation is only applied on congested
links, to avoid adding unnecessary latency
on non-problematic links.
Accelerate By default, all links are set to be

accelerated. If the traffic on the link does not
benefit from acceleration (for example if
there is no Accelerator at the remote and
only QoS is required) or should not be
accelerated, deselect the Acceleration
checkbox.
Header The packet header is compressed by

Compression default. Deselect this checkbox to
decompress the header.

8
Encapsulation Select either IPComp or Transparent
Encapsulation, as follows:
IPComp encapsulation enables the best
compression rate.
IPComp encapsulation (tunnelled
encapsulation) sets the packets intercepted
by the Accelerator to be completely
compressed. This means that the IP
header, the TCP/UDP (or any other IP
protocol) header and the payload are
compressed and the packet traversing the
network will have an Accelerator Proprietary
IPComp header.
Transparent (Router Transparency)
encapsulation is appropriate in an
environment where header preservation is
necessary, including original QoS packet
settings, NetFlow, Billing, encryption and
certain firewall environments.
In Router Transparency encapsulation, only
the packets’ payload is compressed, leaving
the original IP header and the original TCP/
UDP header in their original forms so that
their information is available across the
network.
Router Transparency encapsulation is
available in On-Path deployments only.
Encapsulation need not be symmetrical -
the Accelerator can support different
encapsulation in each direction. This allows
flexibility when an Accelerator is deployed
On-LAN.
Chapter 8 257
8
ToS You can either preserve the original ToS
setting of the packets or set a new ToS
value for this application.
To preserve the original
ToS value, select the
Preserve radio button.
To set a new ToS value for
this traffic, select the Set
radio button and select
ToS value, Code Point or
CoS ToS from the drop-
down menu. Set a value.
NOTE: Setting this value is not required if
Transparent Mode is selected.
NOTE: Setting this value is not required if Transparent Mode is

selected
TTL Preservation Preserves the original TTL. This option is

disabled by default.
SRC Preservation Preserves the source IP address of the

original IP header. This is useful for Policy
Routing, and also enables distinguishing
between sessions. This option is disabled
by default.
Force Enables forcing all traffic into the

Tunneling Accelerator encapsulated tunnel.
NOTE: In Version 5 and above, tunnel-force has no real effect

and is supported for backward-compatibility reasons
only.

8
Include Checksum This is an additional checksum for the

Acceleration algorithm - over and above
regular frame checksums.
TCP Acceleration Use Global TCP Acceleration - check this

box to use the globally set TCP acceleration
values.
If you want to set values specific for this
link, deselect this box and set the required
values in the Typical RTT and Typical
Acceleration Rate fields.
Save to template You can create a template that will be used

link to set default settings for all future created
links. These settings will be displayed in the
Advanced links menu for all future created
links.
To update all fields to be considered in the
template to the necessary values, click the
Save to Template Link button.
The templates set on one Accelerator are
not sent to far end Accelerators.
The Status/Compression column in the Links Table reveals the status of each link, the
mouse-over callout provides further detail as to the status as follows:
Load Error Internal error occurred during definition of
the link in the system
Not Managed A Virtual link (no far-end Accelerator)
Inactive Remote Accelerator is not available
Trying to Connect Link is establishing connection
Negotiating Link parameters are being negotiated

(cache size, and so on)
Chapter 8 259
8
Accelerating Link is active and acceleration is on
Active Link is active and the link is tunnelling but

not accelerating traffic
Dropped Communication has been lost
Setting Remote Subnets for the Links

You can add remote subnets to each link created. For details, see section Configuring
Remote Subnets Manually, on page 80.

8
Editing Existing Links
You can use the Edit Links screen to fine-tune and modify already existing links. This
screen lets you set basic link parameters, acceleration, tunneling and TCP Acceleration
parameters for the link.
To edit an existing link:
1. In the My Links menu, click the link’s name in the
Links Table section.
2. In the Edit Link screen that opens now, use the
Parameters section to edit parameters such as
Link Name, Destination IP, Bandwidth Out and
MTU (Maximum Transfer Unit).
3. Use the Acceleration section to define whether to
accelerate the link and to use header
compression.
4. Use the Tunneling section to define parameters
such as the encapsulation type (IPComp or
Transparent), Source preservation and checksum
enabling.
5. In the TCP Acceleration settings section, select
whether to use the global TCP acceleration
settings or to customize these settings by defining
the typical round-trip time (RTT) and the typical
acceleration rate.
6. In the Post Acceleration Aggregation section,
select whether to enable Citrix (post acceleration)
aggregation on your links. Citrix Aggregation
operates per link. Each link can have Citrix
Aggregation enabled or disabled independently of
other links. For details, see section Configuring
Aggregation Classes, on page 177.
7. In the Bandwidth Adjustment section, select
whether to use dynamic bandwidth, as explained
in the following section.
Chapter 8 261
8
Using Dynamic Bandwidth
The Bandwidth Adjustment section lets you define settings to detect traffic congestion
on a link, and adjust the outgoing bandwidth accordingly. This feature is disabled by
default and should be used judiciously.
The feature should be used on low to medium bandwidth links, which can suffer from
changing outgoing bandwidth.
NOTE: Bandwidth adjustment is possible only on an

accelerating link
The bandwidth adjustment mechanism samples internal messages (of the link’s internal
protocol). Based on these messages, the bandwidth adjustment algorithm detects a
state of congestion and decreases the user-defined outgoing bandwidth. Once the
mechanism detects that the state of congestion no longer exists, the bandwidth will
gradually be restored to its user-defined size.
The bandwidth adjustment parameters are as follows:
Minimum Defines the minimum value to which the bandwidth will
Bandwidth be reduced as a result of congestion. This value is
calculated as percentage of the user-defined outgoing
bandwidth size. Default: 50%
Increase Rate Defines the rate by which the link’s bandwidth will be
gradually restored to its former size.
Increasing the bandwidth is much less critical than
decreasing it in case of congestion, and therefore the
default set of the increase is 2%.
Decrease Rate Defines the rate by which the link’s bandwidth will be
decreased by intervals in case of congestion.
Decreasing the bandwidth in case of congestion is a
critical measure, and therefore the default set of the
decrease is 10%.
First Decrease Defines the rate of the first decrease to be higher than
Rate the following bandwidth decreases. If you do not want to
set a special value to the first decrease, leave the default
value None.

8
Increase Interval The interval (in seconds) between each of the bandwidth
increases. Default: 5 seconds.
Decrease Interval The interval (in seconds) between each of the bandwidth
decreases. Default: 2 seconds.
NOTE: To detect a congestion state more accurately, set longer

decrease and increase intervals
After setting all required parameters, click Submit.
Defining Link Settings
Assigning a Link to a WAN

Command ACC1(config)#interface link
ACC1(LINK)#wan-id [ number/default]
Purpose Sets the WAN to which this Link is assigned.
Setting a Link to Work in Large Cache Mode

Command ACC1(LINK)# cache-size large enable
Purpose Sets the link to work in Large cache size mode.
Enabling Packet Fragmentation

Command ACC1(LINK)#fragmentation auto [number]
Chapter 8 263
8
Purpose Enables packets to be fragmented on this link. If packets arrive
larger than the set size (68 to 6000), then the QoS mechanism
will break them up. This is useful for handling latency on low
bandwidth links. This only applies to traffic set with a CoS
value of low, medium and high priority.
Fragmentation does not have to be configured symmetrically
on both ends. Fragmentation is accomplished on outgoing
packets before the packets are compressed.
Enabling Packet Aggregation

Command ACC1(LINK)#aggregation auto [number]
Purpose Enables small packets to be aggregated on this link. If packets

arrive smaller than the set size (68 to 6000), then the QoS
mechanism will aggregate them and send them together
across the link. This only applies to traffic set with a CoS value
of low, medium and high priority.
Aggregation does not have to be configured symmetrically on
both ends, Aggregation is accomplished on outgoing packets
before the packets are compressed.
Aggregation is only applied on congested links, to avoid adding
unnecessary latency on non-problematic links.
Setting a Link to be Accelerated

Command ACC1(LINK)# acceleration enable/disable
Purpose Sets the link to accelerate all traffic
Setting IPcomp Preservation

Command ACC1(LINK)# header preservation
src
tos
ttl

8
Purpose Sets source IP address, ToS bit or ttl header preservation.
SRC: Preserves the source IP address of the original IP
header. This is useful for Policy Routing. It also enables
distinguishing between sessions. This is disabled by default.
TOS: Preserves the original ToS point settings - this is enabled
by default.
TTL: Preserves the original TTL. This is disabled by default.
Forcing Tunneling
Command ACC1(LINK)# force enable/disable
Purpose Sets the link to force all traffic into the tunnel.
Including Checksum
Command ACC1(LINK)# checksum enable/disable
Purpose Includes a checksum in all packet transmissions useful for high

error rate links and troubleshooting purposes.
Chapter 8 265
8
Sample Network Configuration
hostname Acc20
!
interface local
ip address 10.101.20.6 255.255.255.0
ip default-gateway 10.101.20.2
!
no terminal-timeout
interface link 1
description L-10.101.21.6
bandwidth 2400
metric 31
aggregation post class default window 20 limit 700 threshold 1499
aggregation post class default enable
link destination 10.101.21.6
bandwidth adjust
adjust enable
minimal-bandwidth 85
decrease rate first 40
!
tcp-acceleration
use-global-tcp-acceleration disable
tcp-acceleration enable
congestion-control vegas
!
!
interface link virtual 2
description Virtual-Link
metric 41
subnet add 1.1.1.1 255.255.255.255
!
interface ethernet 0
ip address 1.1.1.1 255.255.0.0
!
application 3331 udp 3331

8
application test1 tcp 7777
policy-rule 2 global outbound
set policy order 202
match application imap2
set policy priority real-time
set policy rate limit 768
set policy rate desired 56
!
match application pop3
!
match application ftp-data
!
match application expand-wafs
set policy priority high
!
match application expand-wafs-control
set policy priority real-time
router ospf
ospf-mode enable
area 1
!
router rip
passive-mode disable
!
ip route 172.19.201.0 255.255.255.0 10.101.20.254
ip route 172.18.204.0 255.255.255.0 10.101.20.254
Chapter 8 267
8
web-acceleration
http-acceleration
http-acceleration enable
!
ftp-acceleration
ftp-acceleration enable
!
!
router-polling
polling-interval 30
!
expand-view
agent disable
!
aaa
transport input ftp enable
authentication login max-failed-login 9
!

8
Dial-on-Demand
You can deploy the Accelerator in environments that have routers with dial-up (dial-on-
demand) interfaces.
These interfaces initiate a call (dial to) the remote end (typically over ISDN or Satellite
links) when “interesting” traffic is being sent. After a specific quiet period, the link goes
down again until new “interesting” traffic is sent.
Link establishment of the dial-up interfaces and connectivity time can be fairly
expensive. Therefore you may sometimes want to keep the link down until new
“interesting” traffic is forwarded via the link. The Accelerator poses a problem in these
environments as it uses a keep-alive mechanism to check the health of the link
between the remote sites. By default, the keep alive messages are considered
“interesting” and will keep the dial-up link alive (and costly).
The dial-on-demand solution enables the Accelerator to support dial-on-demand
environments by not sending keepalive messages.
NOTE: Both peers must configure the link in dialup mode with
the same timeout.
NOTE: The ExpandView agent must be disabled.
NOTE: Connecting to a link by using its HSRP address will not

work.
Configuring Dial-on-Demand
Setting the keepalive dialer will activate the Dial-on-Demand mode. This can only be
configured via the CLI, as follows.
Setting Keepalive Dialer

Command ACC1(LINK)# keepalive dialer [number in
seconds]
Purpose Sets the number of seconds to wait while the link is quiet
before dropping the link.
Chapter 8 269
8

9
9 Configuring Management Options
You can configure the Accelerator via CLI via Telnet, SSH, or direct Console
connection. Alternatively, you can configure the Accelerator via WebUI, accessed by
using HTTP or HTTPS. Logging can be sent to SNMP or SyslogD servers and can be
sent via email.
Note: By default, all options mentioned above are

enabled (Telnet, SSH, direct console, HTTP and
HTTPS). To disable a specific service, see section
Configuring AAA via the WebUI, on page 308.
This chapter contains information on the following:

Studying the ExpandView System, on page 272.
Using CLI Configuration, on page 277.
Studying CLI Conventions, on page 277.
Understanding Command Modes, on page 277.
Getting Help, on page 278.
Accessing Configuration Options, on page 280.
Logging into the Accelerator via SSH, on page 283.
Using SNMP, on page 284.
Receiving Log Error Messages, on page 287.
Sending Updates to a Syslog Server, on page 287.
Sending Updates via Email, on page 290.
Chapter 9 P. 2 7 1
Configuring Management Options
9
Studying the ExpandView System
Expand Networks' ExpandView is a centralized monitoring and management system for
Expand Accelerators. ExpandView gives you total visibility, via a Dynamic Network
Map, into global WAN operations, thus enabling global changes to be implemented in
minutes. Detailed graphs and reports, easy-to-use QoS templates and tight integration
with Expand's award-winning Accelerators make ExpandView the ideal Centralized
monitoring and management system for ensuring optimal application performance over
the WAN.
Using Dynamic Network Map

ExpandView is the industry's first to offer a dynamic map that provides a real-time view
of the wide area network (WAN), with the ability to monitor and manage Expand's WAN
optimization devices via simple click and drag operations. Ideal for NOC (Network
Operations Center) operations, the ExpandView map provides an immediate visual
representation of the enterprise's global WAN status, performance and alerts. The
ExpandView map lets IT managers add Accelerators on-demand, create or remove
links between devices, and boost the performance of any application or remote location
- Directly from the map!

9
Simplifying WAN Optimization
ExpandView takes the complexity out of deploying WAN optimization. The new
platform automatically detects all deployed Accelerators and builds up configuration
and performance databases for these Accelerators.
Once new Accelerators are powered up, ExpandView will automatically update them
with all preconfigured parameters and start collecting statistics.
Generating Advanced Alerts for World-Class NOCs

ExpandView generates alerts on application performance thresholds for remote
Accelerators, thus enabling proactive performance management. Acceleration
percentage, CPU utilization and a multitude of other parameters can be used to predict
WAN performance incidents, before they happen, giving IT managers the tool to
correct them. Deployed in the largest and most complex network environments,
Expand understands that up-to-date notifications on network problems impacting the
business are critical to the enterprise
Enabling End-to-End WAN Performance Visibility

ExpandView is a high-level application that monitors performance across the WAN,
enabling global network visibility. ExpandView leverages the powerful and flexible
monitoring tools of the Accelerator and enables complete network statistics collection
and analysis. This simplifies control over application performance and network
utilization.
Generating Proactive Reports for Network Provisioning

ExpandView lets you generate trend reports, which detail anticipated future utilization
of WAN links based on previous usage and performance of the links. Such reports are
useful in helping IT provision networks to accommodate business growth and
expansion.
Chapter 9 273
C o n f ig u ri n g M a n a g e me n t Op t i o n s
9
Defining Scalable QoS

Centralized insight into network traffic and application performance enables informed
and controlled use of available bandwidth. ExpandView enables group configuration of
QoS and policy prioritizing. You can publish new policies to multiple devices in a single
step, and enforce QoS policy consistency by creating QoS templates. Expand's QoS,
simple to configure, maintain and low cost to administer, is now made even easier in
this new scalable solution.
Supporting the AcceleratorOS in ExpandView

AcceleratorOS 5.0(7) and higher contain an ExpandView agent, enabling real-time
communication with ExpandView. The ExpandView server architecture enables
communication with the Accelerator via this dedicated agent in AcceleratorOS. This
agent makes it possible to synchronize ExpandView with the Accelerators in the
network, in real-time. In addition, the Accelerator’s ExpandView agent executes tasks
sent from ExpandView and enables a high level of network monitoring and alert
handling per Accelerator.
Updating ExpandView Server’s IP Address

To work with ExpandView, each Accelerator must be updated with the IP address of
the ExpandView server. The following AcceleratorOS CLI commands enable interaction
with ExpandView by setting the ExpandView server IP address and port number:
9
Enabling the ExpandView Server
Command ACC1(config)# expand-view
ACC1(EVIEW)# agent [enable/disable]
Purpose Enables/Disables interaction with ExpandView.
Setting the ExpandView Server IP Address

ACC1(EVIEW)# IP address [x.x.x.x]
Purpose Sets the address of the ExpandView server in an Accelerator.
Setting the ExpandView Server Port

ACC1(EVIEW)# port [xxxx]
Purpose Sets the port to use for interaction with the ExpandView server.
Displaying ExpandView Status

ACC1(EVIEW)# show
Purpose Verifies whether the unit is connected to ExpandView.
Chapter 9 275
9
Using Out-of-Band Management
You can manage the Accelerator remotely from a management station on a LAN
external to the accelerated network. When Out-of-band management is used, Ethernet
0 cannot participate in VLAN or HSRP/VRRP, should not be part of OSPF or RIP
router polling support, and should not use WCCP or RIP route injection.
To use Out-of-band management:
1. Connect the Accelerator’s Ethernet 0 to the
remote network.
2. Set Ethernet 0 to be removed from the
Accelerator’s bridging capabilities
3. Add a separate IP address for this interface.
Disabling Bridging
Command ACC1(config)#interface ethernet 0
ACC1(interface)# bridged-state disable
Purpose Disables bridge support for the Ethernet 0 interface.
Setting an IP address for Eth 0

Command ACC1(config)#interface ethernet 0
ACC1(interface)# ip address [x.x.x.x
y.y.y.y]
Purpose Sets an IP address and subnet mask for the Ethernet 0

interface.

9
Using CLI Configuration
The Accelerator CLI enables complete configuration of the Accelerator, including basic
and advanced configuration via a Cisco-like Command Line Interface (CLI). Use of the
CLI is for experts and technicians familiar with Cisco CLI configuration.
Studying CLI Conventions

Command descriptions use these conventions:
Commands and keywords in boldface font.
Variables for which you supply values are in italic font.
The following conventions are used in examples:
Examples that contain system prompts denote interactive sessions, indicating that you
enter commands at the prompt. The ()# prompt indicates the current command mode. For
example, the following prompt indicates global configuration mode:
Acc1(config)#
Terminal sessions and information the Accelerator displays are in screen font.
Information you enter is in boldface screen font.
Nonprinting characters, such as passwords, are in angle brackets < >.
Understanding Command Modes

This section describes the Accelerator’s CLI command mode structure. Each command
mode supports specific commands. For example, the bypass enable command
is used only in configuration mode.
Use the following command modes when configuring the scenarios described in this
document:
enabled mode
configuration mode
WAN configuration mode
LINK configuration mode
Interface configuration mode
Chapter 9 277
9
Mode Access Method Prompt Exit Method
Enable Enter the enable Acc1# To exit enter

command to begin the exit
working with the command, or
Accelerator press Ctrl-Z.
Configuration Enter the configure Acc1(config)# To exit to

command while in enabled
privileged EXEC mode mode, enter
the exit
command, or
press Ctrl-Z.
To enter global configuration mode, enter the configure command.

Use this mode to:
Configure Accelerator operating parameters.
Perform the verification steps shown in this guide.
Getting Help
You have to enter only enough characters for the Accelerator to recognize the command
as unique. For example, the following string is enough for the Accelerator to recognize the
show startup configuration command:
Acc1# show startup config
You can use the question mark (?) and arrow keys to help you enter commands.
For a list of available commands under each command, enter a question mark:
Acc1(config)#?
To complete a command, enter a few known characters followed by a tab:
Acc1(config)#sh
For a list of command variables, enter the command followed by a space and a question
mark:
Acc1(config)# show?
To redisplay a command you previously entered, press the up-arrow key. You can continue
to press the up arrow key earlier entered commands.

9
Entering Configuration Mode
To make any configuration changes to your Accelerator, you must be in configuration
mode. This section describes how to enter configuration mode while using a terminal
or PC that is connected to your router CONSOLE port.
To enter configuration mode:
1. After your Accelerator boots up, the Accelerator
banner will be displayed.
2. If you have configured your Accelerator with an
enable password, enter the enable command,
and enter the enable password when you are
prompted for it (default is Expand - case
sensitive).
The enable password does not appear on the
screen when you enter it. This example shows
how to enter configuration mode:
Acc1> enable
Acc1#
Enable mode is indicated by the # in the prompt.
You can now carry out various operations in the
system, such as deleting data, printing and
sending messages.
3. Enter the configure terminal command to enter
configuration mode, indicated by the
(config)# in the prompt:
Acc1# configure terminal
Acc1(config)#
You can now make changes to the Accelerator
configuration.
Chapter 9 279
C o n f ig u ri n g M a n a g e m e n t O p t i o n s
9
Accessing Configuration Options
To access configuration options:
1. Run your terminal-based application, configuring
it as follows:
Baud rate: 9600 bps
Parity: none
Data bits: 8
Stop bits: 1
2. Connect to AcceleratorOS Command Line
Interface (CLI). Press <Enter> several times until
the Accelerator prompt is displayed:
accelerator>.
3. Type enable, and press <Enter> to enter the
privilege mode (privilege mode 15 enables
complete configuration).
4. A # symbol at the end of the prompt indicates that
configuration options are enabled, as shown
below.
accelerator>enable
accelerator#.
NOTE: A > symbol at the end of the accelerator prompt

indicates that configuration options are disabled.
When configuring the Accelerator via a networked
Telnet session, you will be prompted to enter a user
name and password. The default user name is expand,
the password is Expand (both case sensitive).
It is recommended that you change the password. For
further information, see section Logging into the
Accelerator, on page 44.
5. In Enable mode, type configure

terminal, and press <Enter>. The accelerator
prompt is now followed by (config), indicating that
AcceleratorOS is now in Primary Configuration
mode, as shown below:
accelerator #configure terminal
accelerator (config)#.

9
Customizing the CLI
You can customize the CLI banner for your viewing pleasure.
The standard banner appears as follows:
Connected to 10.0.32.99...
Version v5.0(7) (Build1.18)
You can customize the following fields, which can be displayed as part of the banner:
Name, Title, URL, Label, Label LTD., Product Name, Extranet, Product ID, Series,
Serial Number, Software Version, Time and Date.
These parameters are customized as follows.
To apply the banner:
1. Create a text file called banner.txt and save it in /
user_area
by using the CLI command
copy <ftp/scp/tftp/http/sftp>
<[path]/banner.txt>
2. In the body of the text file, use the following
variables to set the desired values:
$OEM_NAME (for example: “expand”)
$OEM_NAME_TITLE (for example: “Expand”)
$OEM_URL (“www.expand.com”)
$OEM_LABEL (“Expand Networks”)
$OEM_LABEL_LTD (“Expand Network Ltd.”)
$OEM_PROD_NAME (“AcceleratorOS”)
$OEM_EXTRANET (“extranet.expand.com”)
$PRODUCT_ID (“4820”)
$SERIES (“4800”)
$SERIAL_NUMBER (“0030.0257.0005”)
$SOFTWARE_VERSION (“Version v5.0(7)
(Build1.03)”)
$TIME = hh:mm:ss (24-hour format)
$DATE = DD-MMM-YYYY (the day-of-month “DD” is
two-digit number, with leading '0' if needed).
3. In the CLI type the command banner apply,
as follows.
Chapter 9 281
9
NOTE: Each variable must be preceded by a $ sign.
The default banner is:
"$OEM_PROD_NAME, Accelerator $SERIES Series”
“$SOFTWARE_VERSION”
“” (empty-line)
Applying the Banner

Command ACC1(config)#banner apply
Purpose Causes the CLI to use the uploaded banner.

9
Logging into the Accelerator via SSH
Secure Shell (SSH) is an application program that provides authentication and
encryption capabilities for secure Internet communications. This lets you log in to the
Accelerator via SSH, if SSH is installed.
The Accelerator supports accessing the CLI via SSH, as follows.
To log into the Accelerator via SSH:
In the Accelerator’s CLI, type the command ssh followed by the Accelerator’s IP
address.
Chapter 9 283
9
Using SNMP
The Accelerator supports SNMP versions 1, 2c and 3, functioning as an SNMP agent
for monitoring performance statistics from a Network Management System (NMS). In
addition, the Accelerator can send SNMP traps to the NMS and other network devices.
To work with the Accelerator’s SNMP management, the network’s SNMP settings must
be updated in the Accelerator. Define the following SNMP Communities and enable
traps (if desired).
To enable SNMP:
followed by Advanced, and then SNMP.
2. Select the Enable SNMP checkbox.
The default Read Community is public.
3. If you want the Accelerator to receive SNMP
traps, select the Enable Traps checkbox, and
enter the Community Name and Manager IP.
4. Click the Submit button in the bottom right hand
corner.
Note SNMP Version 3 user name is expand_user.
Configuring SNMP via the CLI

Use the following options to configure SNMP via the command line.

9
Enabling SNMP
Command ACC1(config)#snmp enable/disable
Purpose Enables/Disables SNMP support in the Accelerator.
Enabling SNMP Traps

Command ACC1(config)#snmp traps enable/disable
Purpose Enables/Disables SNMP trap support.
Setting SNMP Trap Community

Command ACC1(config)#snmp trap community [name]
Purpose Sets the name of the SNMP trap community. The default is
Public.
NOTE: If, after defining snmp trap manager-ip, snmp read

community or snmp trap community, you want to clear
these values, use the no command to reverse this
definition. For example: no snmp read community
[name]
Setting SNMP Read Community

Command ACC1(config)#snmp read community [name]
Purpose Sets the name of the SNMP read community. The default is
Public.
Setting SNMP Version 3 Authentication

Command ACC1(config)#snmp change-v3-password
Purpose Sets the password SNMP v.3 password. The default password
is expand_initial_password and should be changed.
Chapter 9 285
9
NOTE: When monitoring for specific MIBs, add the index
number of the processor even if only one processor
exists. Failing to add the index number will result in an
error message.
For example: using the snmpget command with the
syntax
snmpget -v 1 -c expand 10.65.0.209
1.3.6.1.4.1.3405.1.3.1.1.2.1.3
will return the following error:
There is no such variable name in this MIB.
Failed object: SNMPv2-
SMI:enterprises.3405.1.3.1.1.2.1.3
The correct string would be:

snmpget -v 1 -c expand 10.65.0.209
1.3.6.1.4.1.3405.1.3.1.1.2.1.3.1 <processor id>

9
Receiving Log Error Messages
The Accelerator can send status updates about the Accelerator to a SYSLOG server,
to an email address, or to both.
The following sections detail how status updates are sent:
Sending Updates to a Syslog Server, on page 287
Sending Updates via Email, on page 290
Sending Updates to a Syslog Server

Syslog is a method of collecting messages from devices to a server running a syslog
daemon. Logging to a central syslog server helps in aggregation of logs and alerts.
Accelerator devices can send their log messages to a SYSLOG service. A SYSLOG
service simply accepts messages, and stores them in files or prints them according to
a simple configuration file. This form of logging can provide protected long-term
storage for logs. This is useful both in routine troubleshooting and in incident handling.
Set the Syslog parameters to define the syslog server’s IP address and the severity
level of events by which error notifications will be sent
To set syslog parameters:
followed by Advanced, and then Logging.
2. Enter the following parameters as necessary.
Chapter 9 287
9
Facility The Facility setting sets the Syslog level (0-
23), as follows:
KERNEL 0 kernel messages
USER 1 random user-level messages
MAIL 2 mail system
DAEMON 3 system daemons
AUTH 4 security/authorization messages
SYSLOG 5 messages generated internally by syslogd
LPR 6 line printer subsystem
NEWS 7 network news subsystem
UUCP 8 UUCP subsystem
CRON 9 clock daemon
other codes through 15 reserved for system use
LOCAL0 16 reserved for local use

9
Server IP Address Enter the IP address of the Syslog server.
Severity Maximum Select the maximum severity that you want

to be notified about by email, the default is
fatal.
Severity Minimum Select the minimum severity that you want

to be notified about by email, the default is
information.
Command ACC1(config)#logging
ACC1(logging)#syslog active [disable |
enable]
Purpose Enables Syslog events to be sent.
ACC1(logging)#syslog facility [number]
Purpose Sets the Syslog facility number.
ACC1(logging)#syslog server ip [IP address
(x.x.x.x)]
Purpose Sets the IP address of the Syslog server.
ACC1(logging)#syslog severity minimum
[info | warning | error | fatal] maximum
[fatal | error | warning | info]
Purpose Defines which events to send, from the minimum to the

maximum.
Chapter 9 289
9
Sending Updates via Email
The Accelerator allows log error messages to be sent via email to notify you of
Accelerator status changes.
To set the email logging feature:
followed by Advanced, and then Logging.
2. To enable email notification to be sent, ensure
that the enabled checkbox in the Mail section is
selected.
3. Enter the following parameters as necessary:
From Enter the string you want to appear in the

From field of the email.
Recipient In the email field, enter the email address

that you want the mail to be sent to and
click the Add button.
To delete a previously added email,
highlight the address to be deleted in the
Email table and click the Delete button.
Subject Enter the subject that you want to appear in

the subject field of the email.
Server IP Address Enter the IP address of the email server.
Server port Enter the port number that the email server
uses. The default is 25.
Severity Maximum Select the maximum severity about which

you want to be notified by email; the default
is fatal.
Severity Minimum Select the minimum severity about which

you want to be notified by email; the default
is information.

9
ACC1(logging)#mail active [disable |
enable]
Purpose Sets the Accelerator to send email notification when events

and alerts are received
ACC1(logging)#mail from [name]
Purpose Sets the name to appear in the From field of emails sent from
the Accelerator.
ACC1(logging)#mail recipient [name]
Purpose Sets the name to appear in the To field of emails sent from the
Accelerator.
ACC1(logging)#mail server ip[ip address
(x.x.x.x)]
Purpose Sets the IP address of the mail server.
ACC1(logging)#mail server port[port
number]
Purpose Sets the port of the mail server.
ACC1(logging)#mail severity minimum
[info | warning | error | fatal] maximum
[error | fatal | info | warning]
Purpose Defines which events are sent, from the minimum to the
maximum.
Chapter 9 291
9

10
10 Using the Accelerator Tools
The Accelerator Tools let you manage AcceleratorOS upgrade versions, save and
replace the Accelerator’s configuration file and perform tasks such as traceroute and
ping.
This chapter contains the following sections:
Upgrading the AcceleratorOS Software, on page 294.
Upgrading via the CLI, on page 295.
Using the Configuration Tools, on page 296.
Using Configuration tools via the CLI, on page 297.
Using the General Tools, on page 299.
Pinging via the WebUI, on page 300.
Sending a Traceroute Packet, on page 301.
Rebooting the Accelerator via the WebUI, on page 301.
Gathering Statistics for Technical Support, on page 302.
Managing User Files, on page 303.
Chapter 10 P. 2 9 3
U s i n g t h e A c c e le ra to r To o l s
10
Upgrading the AcceleratorOS Software
You can upgrade the AcceleratorOS software by uploading software from a remote
server or from the local drive.
To upgrade software:
1. In the WebUI, click on the Tools tab, followed by
Upgrade.
2. Scroll down in the Copy method field, to select the
way the file will be copied (FTP, TFTP or HTTP).
3. In the fields provided, enter the user name,
password and IP address of the device from
which the files are to be copied.
4. Enter the path to the file, followed by the file
name (the file will be a .tgz file).
5. Click the Upgrade button to copy the file to the
user area.
6. Reboot the Accelerator with the new file name.
After rebooting, the Accelerator will extract the file
and run it.
7. At least 10 MB of free space is provided on the
Compact Flash card for file extraction.
Alternatively, select Locally stored on Accelerator
to upgrade to an AcceleratorOS version that is
stored locally on the Accelerator.

10
NOTE: If you are running a version of AcceleratorOS previous

to 5.0(6), it is important to note that two new
preconfigured applications were added in this version
that may affect user-defined applications on the same
ports. If applications have been configured for port of
1928 (saved for the expand-internal application) or 2598
(citrix-ica-sr), rename these applications exactly as in
the preconfigured application before performing an
upgrade.
If an application exists for a list of ports or range of ports
that include the specified port numbers (1928 and 2598),
remove these ports from the list or range, and create
applications expand-internal with port 1928, and citrix-
ica-sr with port 2598. Then change the policy-rules to
match also this application.
Upgrading via the CLI

Command ACC1#reboot [bundle name]
Purpose This command should be used when upgrading, for the

Accelerator to use the new bundle file after rebooting.
Chapter 10 295
U s i n g t h e A c c e l e r a t o r To o l s
10
Using the Configuration Tools
Changes made to the Accelerator’s configuration are automatically saved to the
Accelerator’s Running Configuration and will be applied until changed or until the
Accelerator is shut down.
Any changes that you want to remain configured on the Accelerator, even after
shutdown, must be saved to the Accelerator’s Startup Configuration.
To save a startup configuration:

1. In the WebUI, make any changes to be saved.
NOTE: The running configuration will be saved as the startup

configuration, all changes made to the Accelerator since
its last shutdown will now be saved as the startup
configuration
2. In the WebUI, click on Tools, followed by

Configuration Tools.
3. Click the Write Startup Configuration button.
To erase the startup configuration saved on the Compact

Flash Card
2. Click the Erase Startup Configuration button.

10
To export the startup configuration:
Exporting the startup configuration opens a web page dialog that displays the
Accelerator’s startup configuration in CLI command format. You can either save
this file for future reference or upload it to other Accelerators.
2. Click the Export Startup Configuration button
To export the running configuration:

Exporting the running configuration opens a web page dialog that displays the
Accelerator’s running configuration in CLI command format. You can either save
this file for future reference or upload it to other Accelerators.
2. Click the Export Running Configuration button
To import the startup configuration:

Importing the startup configuration opens a web page dialog that lets you browse
to select a configuration file to be uploaded to the Accelerator.
2. Click the Import Configuration button
Using Configuration tools via the CLI

Command ACC1(config)#write
Purpose Saves the running configuration as the startup configuration.
Command ACC1(config)#write startup-config
Purpose Saves the running configuration as the startup configuration.
Command ACC1#copy startup-config running-config
Purpose Reverts the running configuration to the startup configuration.
Command ACC1#erase startup configuration
Chapter 10 297
10
Purpose Restores the Accelerator’s configuration to the Factory Default
Settings.

10
Using the General Tools
General tools are provided to let you use basic networking tools and commands via
the Accelerator WebUI.
The general tools are as follows:

Pinging via the WebUI, on page 300
Sending a Traceroute Packet, on page 301
Rebooting the Accelerator via the WebUI, on page 301
Chapter 10 299
10
Pinging via the WebUI
The Accelerator lets you use the WebUI to Ping network devices and remote
Accelerators.
To ping a network device:
1. In the Accelerator’s WebUI, click Tools followed
by General Tools.
2. Under Ping, in the Destination IP Address field,
enter the IP address of the device to which the
ping will be sent.
3. In the Packet Size field, enter the size of the ping
packets to be sent (default is 64 bytes).
4. In the Number of Times field, enter the number of
times to try sending packets to the remote device.
5. Click the Ping button.

10
Sending a Ping via the CLI
Command ACC1(config)#ping [ip (x.x.x.x) | hostname]
Purpose Pings network devices
Sending a Traceroute Packet

The Accelerator lets you send a traceroute packet to network devices and remote
Accelerators from the Accelerator via the WebUI.
To send a traceroute:
by General Tools.
2. Under Traceroute, in the Destination IP Address
field, enter the IP address of the device to which
the ping will be sent.
3. In the Maximum Number of Hops field, enter the
maximum length the packet can travel before
arriving at the designated destination (default is
30).
4. Click the Trace Route button.
Sending a Traceroute via the CLI

Command ACC1(config)#traceroute [ip (x.x.x.x) |
hostname]
Purpose Sends a traceroute to network devices.
Rebooting the Accelerator via the WebUI

The AcceleratorOS lets you reboot the Accelerator via the WebUI. Rebooting the
Accelerator in this way does not save changes from the current running configuration
Chapter 10 301
10
to the Startup configuration. The Accelerator will reboot using the previously saved
Startup configuration unless other changes were saved.
To reboot the Accelerator:
by General Tools.
2. Under Reboot, click the Reboot button.
Gathering Statistics for Technical Support

In the unlikely event of Accelerator malfunction or error, it may be necessary to gather
many statistics for Expand Networks’ Technical Support. You can use one command to
gather all necessary information.
To view Accelerator troubleshooting statistics:
by General Tools.
2. Under Tech Support, click the Show Technical
Support button.
Viewing Technical Support Statistics

Command ACC1#show tech-support
Purpose Gathers troubleshooting statistics from the Accelerator.

10
Managing User Files

The User Files screen lets you manage the files that are located in the User Area of
your Flash card.
If more space is needed on the Flash card, you can use the User Files screen for
deleting unneeded files.
The date listed for the file is the date when the file was copied to the Accelerator.
To remove files from the Flash:

by User Files.
2. Highlight the file(s) to be deleted.
3. Click the Delete button.

Viewing System Information
The System Information screen lets you view information regarding several aspects of
the system, such as the CPU, CPU utilization and memory utilization.
To display system information in the Accelerator’s WebUI, click Tools followed by System
Information.
Almost all parameters shown in this screen are for display only and cannot be changed.
The only parameter that you can set is Requested Maximum Links.
To set up the requested maximum links:
1. In the Accelerator’s WebUI, click Setup followed
by My Accelerator.
2. Select the Basic tab.
3. Under Basic, click the Advanced Setting
Configuration button.
4. In the Maximum Links section, enter a value in
the Requested Max Links field.
3 04 A c c e l e r a t o r O S U s e r G u i d e
11
11 Security
This chapter describes the various methods for ensuring security within the
Accelerator.
This chapter includes the following sections:
Studying the AcceleratorOS AAA, on page 306
Configuring AAA via the WebUI, on page 308
Configuring AAA via the CLI, on page 314
Auditing Administration Activities, on page 319
Locking/unlocking the Keypad, on page 320
C h a p t e r 11 P. 3 0 5
Security
11
Studying the AcceleratorOS AAA
The Accelerator lets you manage access by means of Authentication, Authorization,
and Accounting (sometimes called Auditing), also known as AAA.
The Accelerator, normally installed in enterprises, government and military
organizations, requires strict security for the networks with which it interacts. Therefore,
the Accelerator’s AAA enables the system to be secured.
Authentication: Validates users' identity in advance of granting login. The
Accelerator’s authentication lets you define the users and set the location in which
passwords are stored. Each user must be defined locally in the Accelerator as well as in
remote AAA servers.
Authorization: Lets users access networks and commands. The Accelerator’s
authorization lets you define the users and their roles.
Accounting: Tracks usage patterns of individual users, service, host, time of day, day
of week, and so on. The Accelerator’s accounting lets you receive logs detailing who
signed in, when, and whether their attempt to access the Accelerator succeeded or failed.
To view the log of these events, use the logging > show events command.
These events can be sent via email or sent to a Syslog server.
The Accelerator’s AAA functionality includes the Accelerator’s ability to use remotely
accessed user-repositories for authenticating users. This functionality enables
controlling different levels of users in the system with different authorities and lists the
auditing functions performed for various operations.
You can configure the Accelerator to make use of a security server via either the
TACACS+ or RADIUS security protocols, or both.
Authentication is the part of the system that will let users define how they authenticate
to the system, allowing the authentication to be based on external authentication
servers. On the authentication side, the new functionality will include per-user settings
to control access to the Accelerator as well as passwords quality verification
functionality and password aging (to be implemented at a later stage).
The Accelerator’s AAA supports multiple users per Accelerator, allowing end-users to
define additional accounts besides the default expand user.
AAA includes control over provided management services, and allows limiting access to
certain management options available on the Accelerator, as well as control access to
the services from a defined set of sources (subnets for ACL).
Setting different user roles, allowing different access levels to the system is supported
with pre-defined roles available in the system. Definition of new roles is user-
configurable.

11
AAA includes auditing of all major operations performed on the Accelerator into log
entries saved in the system log files and routable to email message, syslog server and
SNMP trap.
C h a p te r 11 307
Security
11
Configuring AAA via the WebUI
Configuration of AAA parameters is accomplished via the WebUI, in several steps:
Configuring Users, on page 309
Setting Authentication Preferences, on page 310
Defining the Security Settings, on page 313

11
Configuring Users
To add a new Accelerator user:

Security.
2. In the Users menu, enter a name for the user in
the User Name field.
3. Scroll down in the User Role field to select one of
the following:
Administrator: complete access to the
Accelerator and its commands. Only Administrator
users can modify AAA settings.
Monitor: access the Accelerator’s CLI but cannot
modify configuration.
NetAdmin: complete access to the Accelerator
and its commands with the exception of the
Security commands and WAFS management
screen.
WAFS Administrator: complete access to WAFS
management screen and console, in addition to
web acceleration and DNS configuration.
4. If a local password is to be set for this user, select
the Enable Local Password checkbox, then enter
and confirm a new password for this user. If the
checkbox is not checked, only remote
authentication servers will be able to authenticate
passwords. Passwords must be at least 6
characters in length and cannot be keyboard
sequences (qwertyu, 123456), palindromes, or
simple recognized dictionary words.
5. Click the Add button to apply settings.
C h a p te r 11 309
Security
11
Note: when working with a TACACS server, you must add
each user name into the Accelerator.
To modify an Accelerator user:

Security.
2. In the Users menu, click on the name of the user
in the Users Table.
3. Modify details as needed.
4. Click the Submit button to apply settings.
Deleting Users
To delete an Accelerator user:
1. In the WebUI, click on Setup followed by Security.
2. In the Users menu, highlight the line in the Users
Table that includes the name of the user to be
deleted. Click the delete button.
Setting Authentication Preferences

The Authentication screen lets you set Authentication Servers (Radius, TACACS+ and
Local) and manage these servers and their preference order in the Accelerator.

11
Setting Authentication Servers
To input authentication servers:
2. In the Authentication menu, click the add button
above the Authentication Servers Table.
3. In the Add New Authentication Server dialog box,
enter the following information.
Server Name The name of the server you want to add.
Server Type The server type (Radius or

Tacacs).
IP Address The new server’s IP address.
Server Order Defines whether the server

will be the first, second or
third to be addressed.
Server Port The server’s port.
Server Timeout Time period after which the

connection will time out.
Encryption Key The server’s encryption key.
C h a p te r 11 3 11
Security
11
Setting the Authentication Method
The authentication method lets you define which servers are to be checked. If more
than one authentication type is used, select the server types in the order in which they
are to be authenticated.
To set the authentication method:

2. In the Authentication menu, scroll down in the 1
field to set the first level of Authentication. In the 2
field set the second level of Authentication and so
on.

11
Defining the Security Settings
The Settings screen lets you define security settings, such as which access methods to
use when connecting to the Accelerator and the maximum failed login attempts before
an account would be disabled.
By default, all transport types are set to Enabled, except FTP and TFTP that are set to
Disabled.
To define security settings:

2. In the Settings menu, select the checkboxes of
the types of access methods allowed for
connecting to the Accelerator.
C h a p te r 11 313
Security
11
Configuring AAA via the CLI
You can set the following basic AAA parameters via the CLI.
Command ACC1(conf)#aaa
ACC1(aaa)#transport input
(telnet|ssh|console|web|secure-
web|ftp|snmp|tftp) (enable|disable)
Purpose Enables or disables access to the transport type. For example,

typing:
transport input web disable will disable access
to the Accelerator via the WebUI.
By default, all transport types are set to enabled, except FTP
and TFTP which are set to disabled.
Warning: Disabling Console access will immediately disconnect

you from the Accelerator’s CLI
Configuring the Radius Server

ACC1(aaa)#radius name [server name] ip
[x.x.x.x]| key [encryption key] | port [tcp port
for the server]
Purpose Sets the RADIUS server and server information including IP

address, encryption key and TCP port. The default port is 49.
ACC1(aaa)#radius name [server name] timeout
Purpose Sets the timeout in seconds between 0 and 5000 to wait for a
server to reply. The default timeout is 180 seconds.

11
Configuring the TACACS Server
ACC1(aaa)#tacacs name [server name] ip
[x.x.x.x]| key [encryption key] | order [server
authentication order]| port [tcp port for the server]
Purpose Sets the TACACS server and server information including IP

address, encryption key and TCP port. The default port is
1645.
ACC1(aaa)#tacacs name [server name] timeout
Purpose Sets the timeout in seconds between 0 and 5000 to wait for a
server to reply. The default timeout is 180 seconds.
Configuring Authentication
ACC1(aaa)#authentication login [local |
radius | tacacs]
Purpose Sets server to be checked. If more than one authentication

type is used, list the server types in the order in which they are
to be authenticated.
Configuring Users’ Accounts

ACC1(aaa)#user [user name] [lock|unlock]
Purpose Disables or enables the specified user’s account.
ACC1(aaa)#user [user name] role
[administrator| netadmin|monitor]
password local [password | none]
C h a p te r 11 315
Security
11
Purpose Creates users and sets the user’s access level:
Administrators have complete access to the
Accelerator and its commands. netadmins have complete
access to the Accelerator and its commands with the exception
of the Security commands. monitors can access the
Accelerator’s CLI but cannot modify configuration.
Only administrator users can write a configuration.
To set a local password, type in the user name and local
password and press Enter. You will be prompted to enter a
password.
If local is set to none, then passwords will only be necessary
for the remote authentication servers.
Command Acc1# password local
Purpose To set a local password, type in the user name and local
password and press Enter. You will be prompted to enter a
password.
NOTE: Use the command no user [name] to remove a user. You

cannot remove a root user, but you can modify the
password. (Changing an expand user’s password will
automatically change the root user as well.)
Viewing AAA Configuration

You can use the following show commands to view AAA configuration:
show aaa
You can enter the show aaa command from the configuration mode. This command will
list all the AAA options and their settings.
Acc1(config)# show aaa
telnet transport-input status.....enable
ssh transport-input status........enable
console transport-input status....enable
web transport-input status........enable
secure-web transport-input status.enable
ftp transport-input status........disable
tftp transport-input status.......disable
snmp transport-input status.......enable
11
User Name Status Role

root permitted administrator
expand permitted administrator
user1 permitted administrator
user2 permitted netadmin
user3 permitted monitor
-
First Authentication Method.......Local
Second Authentication Method......Radius
Third Authentication Method.......TACACS+
Maximum Failed Login Attempts.....5
Server Order Server Name IP Port Time-out

radius first rad2 10.0.130.139 1645 180
radius second rad3 10.0.130.132 1645 180
radius third rad4 24.0.214.160 1645 180
tacacs first tac2 21.0.214.160 49 180
Configuration Change Audit Event..disable

Create Link Audit Event...........disable
show authentication order

The show authentication order command lists which authentication server is set as the
first, second and third level authentication servers.
Acc1(aaa)# show authentication login order
First Authentication Method.......Local
Second Authentication Method......Radius
Third Authentication Method.......TACACS+
show servers
The show servers command lists the authentication servers defined in the Accelerator.
Acc1(aaa)# show servers
C h a p te r 11 317
Security
11
Server Order Server Name IP Port Time-out

radius first rad2 10.0.130.139 1645 180
radius second rad3 10.0.130.132 1645 180
radius third rad4 24.0.214.160 1645 180
tacacs first tac2 21.0.214.160 49 180
-+
show transport input

The show transport input command lists all possible management protocols and
services available and their status.
Acc1(aaa)# show transport input
telnet transport-input status.....enable
ssh transport-input status........enable
console transport-input status....enable
web transport-input status........enable
secure-web transport-input status.enable
ftp transport-input status........disable
tftp transport-input status.......disable
snmp transport-input status.......enable
show user
The show user command lists the users and their authorization levels.
Acc1(aaa)# show user
User Name Status Role

root permitted administrator
expand permitted administrator
user1 permitted administrator
user2 permitted netadmin
user3 permitted monitor

11
Auditing Administration Activities
The Audit screen lets you select which administration activities to audit (for example:
changing the configuration, creating links and adding users.)
To select which activities to audit:

Security, and then Audit.
2. In the Accelerator’s audit table, select or deselect the
boxes that refer to the activities you want to audit or to
stop auditing.
C h a p te r 11 319
Security
11
Locking/unlocking the Keypad
The LCD keypad on the front panel of the Accelerator 4820/4920, the Accelerator 1820
and Accelerator 6840/6940 can be locked. To set the lock key combination sequence,
see section Installing the Accelerator, on page 11.
To lock/unlock the keypad via the WebUI:

Security, and then Keypad.
2. In the Keypad menu, from the drop-down menu,
select either Locked, Auto-Locked or Unlocked.
To lock/unlock the Keypad via the CLI:

Command ACC1(config)#lcd lock | unlock
Purpose Locks/unlocks the keypad.
NOTE: If you lock the keypad via the WebUI or via the CLI, you
cannot use the keypad’s unlock sequence to unlock the
keypad. In such a case, the unlock operation can be
carried out only via the CLI or the WebUI

11
Setting the Keypad Lock Definitions
Selecting the Auto-Locked value for the keypad lets you set the number of times after
which the keypad will automatically lock, as well as the key sequence to be entered for
unlocking the keypad once it is locked.
To set the auto-lock timer:
1. In the Keypad screen, enter a number (in
seconds) into the auto-lock timer field.
To set an unlock sequence:

The unlock sequence sets a the sequence of keypad buttons that must be pressed in
order to unlock the LCD.
The default is as follows:
Up arrow, Down arrow, Right arrow, Left arrow, Enter button.
The unlock sequence set should be a combination of the buttons, in any order, up to
five depressions.
1. In the Keypad screen, in the Unlock Sequence fields, scroll down in the fields to
select the button to be pressed in the order intended.
C h a p te r 11 321
Security
11
Defining Other LCD Settings
Turning Bypass On
Locking the Keypad

You can lock the Accelerator’s keypad via the LCD, the WebUI or the CLI. To unlock
the keypad, enter the unlock sequence. The default unlock sequence is Right button,
Left button, Up button, Down button, Enter. You can modify the lock sequence via the
WebUI as described in section Locking/unlocking the Keypad, on page 320, or via the
CLI, as described in section Locking the LCD., on page 323.
Product ID
Management IP
Management Mask

11
Unlocking the LCD
Command ACC1(config)#lcd unlock
Purpose Unlocks the LCD.
Locking the LCD

Command ACC1(config)#lcd lock
Purpose Locks the LCD.
Setting the LCD Unlock Sequence

Command ACC1(config)#lcd unlock sequence [up to
5-character word: RLUDE ]
Purpose Sets a lock sequence for the LCD: R=right, L=left, U=up,
D=down, E=enter.
The sequence set should be 5-characters, any order.
C h a p te r 11 323
Security
11

12
12 Troubleshooting
This chapter describes troubleshooting procedures for the Accelerator and explains
Accelerator alerts and events, as follows:
Carrying out the Troubleshooting Procedure, on page 326
Recovering the Password, on page 327
Checking the Event Log, on page 328
Using the Show Tech-Support Command, on page 331
Checking the Link Status, on page 332
Checking Ethernet Settings, on page 334
Checking Lack of Acceleration, on page 337
Checking Link Malfunction, on page 338
Chapter 12 P. 3 2 5
Tr o u b l e s h o o t i n g
12
Carrying out the Troubleshooting Procedure
If there is a problem with your Accelerator, try using the following steps to help
diagnose the source of the problem:
Check the Event log
Check the topology and host settings - is the default gateway set correctly?
What is being affected? All the links? Particular links?
Use Tools to find the source of the problem
Put the local Accelerator and then the remote Accelerator into bypass mode

12
Recovering the Password
If you forget your password, you can use the reset command from the login prompt
instead of the password. This command will delete all passwords and configurations
and reset all the Accelerator’s settings, including the device’s passwords, to their
default values.
After resetting, you can use the default login (expand) and password (Expand) to log in
and reconfigure the Accelerator.
Trying 172.16.31.12 (PORT:23)...
Connected to 172.16.31.12...
Version v5.0(7) (Build1.19)
login: reset
NOTE: To accomplish this result, use a Console connection.
Chapter 12 327
12
Checking the Event Log
The first thing to do when you encounter problems with Accelerator performance is to
check the Event log for any unusual errors.
The following logging levels are supported:
Checking Info Events, on page 328: Informational messages
Checking Warning Events, on page 328: Warning conditions exist
Checking Error Events, on page 328: Error conditions exist
Checking Fatal Events, on page 329: Unit failure
These levels are related to the severity levels used by email and broadcast functions.
When used with these, the user can define the minimum and maximum event logging
(range) that will be emailed or broadcasted.
Checking Info Events

Info events notify regarding status changes that occur in the normal operation of the
system, for example:
29-Dec-04 10:38:41 <INFO> #1 Add QoS global rule, rule id=1,
direction outbound
Checking Warning Events

Warning events identify issues or configuration errors within the Accelerator. The
system continues to run, but action may be required to return the Accelerator to normal
operating standards, for example:
08-Dec-04 10:29:07 <WARNING> #1 HSRP Message authentication has
failed due t11
Checking Error Events

Error events occur sporadically, but the Accelerator easily recovers from them, for
example:
06-Jun-07 10:38:41 <ERROR> #1 Configuration-load: 'Line# 16,
Error:Warning

12
Checking Fatal Events
Fatal events are events for which you have to take corrective action in order to return
the Accelerator to operation, for example:
23-SEP-04 07:37:59 <fatal> #1 TWDSupervisor.cpp(26)
TWDSupervisor:TWDSupervisor Watch Dog: Reboot system due to a
failure of client, named: TelnetDaemon.
The Accelerator event log records changes in the state of Accelerator links and
changes to configuration, saving them in a list format. In the CLI, use the following
commands to view events.
ACC1# show events
08-Dec-04 10:29:07 <WARNING> #1 HSRP Message authentication has
failed due t11,
08-Dec-04 10:29:07 <WARNING> #1 _peer.cppLink 222.0.0.1 status
changed from acc
29-Dec-04 10:19:19 <INFO> #2 Link ID 1 was Updated
29-Dec-04 10:20:51 <INFO> #1 Subnets for Remote link CP Id 1 changed
29-Dec-04 10:38:41 <INFO> #1 Link 1 was Added
29-Dec-04 10:38:41 <INFO> #1 Add QoS global rule, rule id=1,
direction outbound
29-Dec-04 10:38:41 <ERROR> #1 Configuration-load: 'Line# 16,
Error:Warning
Command ACC1#show ACC1#show events

[long | short] filter severity
from [fatal | warning | error
| info] to [fatal | warning |
error |info] tail [number of
last x events to be
displayed]
Purpose Lists Accelerator events. Long gives all

available information on the event, while short
gives a brief summary of each event.
Chapter 12 329
12
Studying Log Message Formats
Log messages are displayed in the following format:
TIMESTAMP: <LEVEL of SEVERITY> #OCCURRENCE: Message-text;
Timestamp: Log date and time, in the following format: dd/mmm/yy hh:mm:ss
Level of Severity: Debug, information, warning, error, or fatal.
Occurrence: The number of times this log has been recorded.
Message-text: Text string containing detailed information about the event being reported.
Check the Accelerator’s system time when viewing any event the Accelerator
generates. All events are given a timestamp relative to the Accelerator’s local time.
To view the Accelerator system time:
ACC1#show clock
System time is: THU SEP 04
17:37:57 2003
Time zone offset: 0 minutes.

12
Using the Show Tech-Support Command
The Accelerator’s show tech-support command lets you aggregate all
necessary troubleshooting information in the Accelerator via one simple command -
providing a window into the Accelerator’s inner workings and configuration.
ACC1# show tech-support
Command ACC1#show tech-support [continuous]
Purpose Lists all information necessary to troubleshoot Accelerator

problems. Information gathered here includes: version
information, license state, CPU and memory utilization, events,
link statistics, interface statistics, QoS configuration, route-
rules, discovered traffic, running configuration and startup
configuration.
Continuous enables listing the entire output instead of only one
screen at a time.
Chapter 12 331
12
Checking the Link Status
The status of the link may point to the source of a problem. An initial probe is used
during the Accelerator’s initial link connection stage. If this probe fails, it attempts to
retry until the Accelerator responds. If a link is inactive, a keepalive will be
automatically sent to the remote Accelerator. If 10 keepalive packets do not receive a
response, the Accelerator assumes that the remote Accelerator is down and the local
Accelerator automatically passes the link traffic transparently through to the WAN.
ACC1# show interface link summary
--------------------------------------------------------
LINK|DEST IP ADDRESS|DESCRIPTION|BANDWIDTH|LINK STATUS
----+---------------+-----------+---------+-----------
1 | 10.2.0.6 | L-10.2.0.6|15000/N/A |dropped
non | N/A | non-link | 100000/ N/A | virtual
---------------------------------------------------------
Link Status states are as follows:
Link Status
Initialize The remote Accelerator is initializing.
Inactive The remote Accelerator is not active.
Trying to Connect Link is establishing connection.
Negotiating Link parameters are being negotiated

(cache size, and so on).
Remote Found Link is active.
Accelerating Link is active and acceleration is on.
Active Link is active and the link is tunnelling but

not accelerating traffic. Active can be either
No local license, meaning that the link is
inactive because the local Accelerator is not
properly licensed; or No remote license,
meaning that the remote Accelerator is not
properly licensed.

12
Link Status
Drop Communication has been lost.
Load Error Internal error occurred during definition of

the link in the system.
Virtual A Virtual link (no far-end Accelerator).
Unknown Remote Accelerator is not available.
Chapter 12 333
12
Checking Ethernet Settings
Although Ethernet level compatibility is not an issue unique to the Accelerator, it should
be considered in all hardware installations. If an Accelerator goes into hardware
bypass, the two devices that are cabled to the Accelerator are directly connected, and
any incompatibilities between them may cause problems.
Ensure that Ethernet settings are correct.
As a symptom of incorrect Ethernet settings, discarded packets and loss of connectivity

may be experienced on the Accelerator. You can check this by using the appropriate
show interface ethernet commands, as follows.
ACC1# show interface ethernet 0/0 ?
<cr>
continuous continuous output
ACC1# show interface ethernet 0/0
Description.............................ethernet 0/0
MAC.....................................00:02:B3:C8:4E:9
C
Hardware type...........................mii
Link mode...............................auto (100Mbit-
Full) - link is up
Link detected...........................yes
Supports auto-negotiation...............yes
Supports link modes.....................10baseT/Half
10baseT/Full
100baseT/Half 100baseT/Full
LAN throughput data System Up Since Clear Last 30 Secs
In Bytes 3826461 N/A N/A

In Packets 23240 N/A N/A

12
Dropped In Packets 0 N/A N/A

Out Bytes 159363519 N/A N/A
Out Packets 1723079 N/A N/A
Dropped Out Packets o N/A N/A
In Frame Error 0 N/A N/A

In Overruns 0 N/A N/A
Dropped In Packets 0 N/A N/A
In Total Errors 0 N/A N/A
Out Collisions 0 N/A N/A
Out Lost Carrier 92 N/A N/A
Out Underruns 0 N/A N/A
Out Total Errors 92 N/A N/A
Command ACC1#show interface ethernet [0 | 0/0 |

0/1] [continuous]
Purpose Lists all ethernet interface configuration and statistics

information per interface, 0, 0/0 and 0/1. Continuous enables
the entire output rather than one screen at a time.
Chapter 12 335
12
Ensure that Speed and Duplex settings are set correctly. Expand recommends using
the following command to manually set Speed and Duplex values:
Command Syntax link-mode
100Mbit-full 100 Mega bit
full duplex
100Mbit-half 100 Mega bit
half duplex
10Mbit-full 10 Mega bit
full duplex
10Mbit-half 10 Mega bit
half duplex
auto Auto
Description Enters the mode to set

Ethernet interface 0
parameters.
Command Modes configure > interface

ethernet (ethernet number)
Default N/A
Example ACC1# configure

ACC1(config)# interface
ethernet 0
ACC1(interface)# link-mode
10Mbit-half

12
Checking Lack of Acceleration
If applications are not being accelerated, often the source of the problem is missing
information in the subnets, links and routing tables. Check the following tables to
ensure that they contain everything they should:
Subnets table: contains all subnets that are part of the Accelerator’s network that need
to be advertised.
Links table: contains all remote networks that the Accelerator is aware of for
Acceleration and QoS, and remote networks that have no Accelerator for QoS only.
Local and Remote subnets: use the CLI show subnets command to view all local and
remote subnets known to the Accelerator.
Routing table: must list all next hops necessary to reach all remote networks.
If acceleration percentages are not as expected, it is often due to:
Traffic is not associated with the correct link
Another link is being used
QoS classification (application definition) is wrong
QoS rule order is incorrect for the setup
Check link utilization - if the link is underutilized, check for greedy applications
Accessing Remote Devices

If all necessary connections have been made, but the Accelerator is still not functioning
as expected, use the tools Pinging via the WebUI and Sending a Traceroute Packet to
check routes to remote Accelerators and networks.
Can you access a remote device?
Can you access the remote Accelerator?
Can you access the remote router?
From the remote Accelerator, can you ping its router?
Chapter 12 337
12
Checking Link Malfunction
If the link is not operating as expected, ensure that the Accelerator configuration
reflects the hardware and software infrastructure. Some external devices may require
that the Accelerator be transparent - consider using RTM encapsulation.
Perhaps performance is being affected by misapplied MPLS or load balancing in the
network.
Consider the following:
Is bypass disabled on the other side of the link?
Are the bandwidth settings correct?
Is Acceleration enabled on both sides of the link?
Is the MTU size set correctly and not larger than the maximum MTU of the link path?
Are the correct subnets advertised to the remote site?
Is there bandwidth oversubscription on the WAN or on a link?
Are packets being dropped on the link?
In case there is a firewall in the path, are IPComp and TCP port 1928 open?
Is the correct link destination address configured?

12
Checking for Corrupted Terminal
If the terminal settings become corrupted, exit to the login prompt and log into the
Accelerator as the user named 'r' with no password. This will reset the terminal
settings and let you log in as "expand", as usual.
Ensure that the terminal settings on your terminal emulation are correct: 9600 baud; 8
data bits; no parity; 1 stop bit; no flow control.
Chapter 12 339
12
Checking HSRP Malfunction
Ensure that you “join” the HSRP group - in previous Accelerator versions, adding an HSRP
group automatically included the Accelerator in the group. In AcceleratorOS 5.0 and above,
after HSRP group parameters are updated, the Accelerator must join the group. In the CLI
this is accomplished using the join command.
Ensure that the correct HSRP group is configured - check the configuration on the other
units in the group.
Ensure that the correct Priority is configured so the Accelerator will not conflict with the
same priority on another unit in the group.
Ensure that the correct virtual IP address is configured.
If authentication is used, ensure that you use the same password (default cisco)

12
Checking QoS Malfunction
QoS on a non-link: if QoS is not functioning as expected for non-link traffic, it could be due
to the definition of the local subnet. If a local subnet is not defined as LOCAL, the
Accelerator QoS and monitoring features will not function properly. Ensure that all local
subnets are defined as local.
Ensure that the bandwidth statements on the links are correct.
Check that the policy rules are applied on the correct links.
Check that the application definitions are correct.
Chapter 12 341
12

A
A N ET F LOW M ONITORED S TATISTICS
The following table lists all of the Version 9 Field type definitions for statistics that can
be collected from the Accelerator and sent to the NetFlow server.
Table 1: Field Type Definitions (Sheet 1 of 9)

Field Type Value Length (bytes) Description
IN_BYTES 1 N (default is Incoming
4) counter with
length N x 8
bits for
number of
bytes
associated
with an IP
Flow.
IN_PKTS 2 N (default is Incoming
4) counter with
length N x 8
bits for the
number of
packets
associated
with an IP
Flow
FLOWS 3 N Number of
flows that
were
aggregated;
default for N
is 4
PROTOCOL 4 1 IP protocol
byte
Appendix A P. 3 4 3
N e t F l o w M o n it o r e d S t a t is t i c s
A
SRC_TOS 5 1 Type of
Service byte
setting when
entering
incoming
interface
TCP_FLAGS 6 1 Cumulative
of all the
TCP flags
seen for this
flow
L4_SRC_PO 7 2 TCP/UDP
RT source port
number for
example:
FTP, Telnet,
or equivalent
IPV4_SRC_ 8 4 IPv4 source
ADDR address
SRC_MASK 9 1 The number
of contiguous
bits in the
source
address
subnet mask,
namely: the
subnet mask
in slash
notation
INPUT_SNM 10 N Input
P interface
index; default
for N is 2, but
you can use
higher values

A
L4_DST_PO 11 2 TCP/UDP
RT destination
port number
for example:
FTP, Telnet,
or equivalent
IPV4_DST_A 12 4 IPv4
DDR destination
address
DST_MASK 13 1 The number
of contiguous
bits in the
destination
address
subnet mask,
namely: the
subnet mask
in slash
notation
OUTPUT_S 14 N Output
NMP interface
index; default
for N is 2, but
you can use
higher values
IPV4_NEXT_ 15 4 IPv4 address
HOP of next-hop
router
SRC_AS 16 N (default is Source BGP
2) autonomous
system
number
where N
could be 2 or
4
Appendix A 345
N e t F l o w M o n it o r e d S t a t i s t i c s
A
DST_AS 17 N (default is Destination
2) BGP
autonomous
system
number
where N
could be 2 or
4
BGP_IPV4_ 18 4 Next-hop
NEXT_HOP router's IP in
the BGP
domain
LAST_SWIT 21 4 System
CHED uptime at
which the
last packet of
this flow was
switched
FIRST_SWIT 22 4 System
CHED uptime at
which the
first packet of
this flow was
switched
IPV6_SRC_ADDR 27 16 IPv6 Source
Address
IPV6_DST_A 28 16 IPv6
DDR Destination
Address
IPV6_SRC_ 29 1 Length of the
MASK IPv6 source
mask in
contiguous
bits

A
IPV6_DST_ 30 1 Length of the
MASK IPv6
destination
mask in
contiguous
bits
IPV6_FLOW 31 3 IPv6 flow
_LABEL label as per
RFC
2460definitio
n
SAMPLING_ 34 4 When using
INTERVAL sampled
NetFlow, the
rate at which
packets are
sampled for
example: a
value of 100
indicates that
one of every
100 packets
is sampled
SAMPLING_ 35 1 The type of
ALGORITHM algorithm
used for
sampled
NetFlow:
0x01
Deterministic
Sampling,0x
02 Random
Sampling
Appendix A 347
A
FLOW_ACTI 36 2 Timeout
VE_TIMEOU value (in
T seconds) for
active flow
entries in the
NetFlow
cache
FLOW_INAC 37 2 Timeout
TIVE_TIMEO value (in
UT seconds) for
inactive flow
entries in the
NetFlow
cache
ENGINE_TY 38 1 Type of flow
PE switching
engine: RP =
0, VIP/
Linecard = 1
ENGINE_ID 39 1 ID number of
the flow
switching
engine
TOTAL_BYT 40 N (default is Counter with
ES_EXP 4) length N x 8
bits for bytes
for the
number of
bytes
exported by
the
Observation
Domain

A
TOTAL_PKT 41 N (default is Counter with
S_EXP 4) length N x 8
bits for bytes
for the
number of
packets
exported by
the
Observation
Domain
TOTAL_FLO 42 N (default is Counter with
WS_EXP 4) length N x 8
bits for bytes
for the
number of
flows
exported by
the
Observation
Domain
IP_PROTOC 60 Internet
OL_VERSIO 1 Protocol
N Version Set
to 4 for IPv4,
set to 6 for
IPv6. If not
present in
the template,
then version
4 is
assumed.
DIRECTION 61 1 Flow
direction: 0 -
ingress flow,
1 - egress
flow
IPV6_NEXT_ 62 16 IPv6 address
HOP of the next-
hop router
Appendix A 349
A
BPG_IPV6_ 63 16 Next-hop
NEXT_HOP router in the
BGP domain
IPV6_OPTIO 64 4 Bit-encoded
N_HEADER field
S identifying
IPv6 option
headers
found in the
flow
MPLS_LABE 70 3 MPLS label
L_1 at position 1
in the stack
MPLS_LABE 71 3
L_2 MPLS label
at position 2
in the stack
L_3 at position 3
in the stack
L_4 at position 4
in the stack
L_5 at position 5
in the stack
L_6 at position 6
in the stack
L_7 at position 7
in the stack
L_8 at position 8
in the stack

A
L_9 at position 9
in the stack
L_10 at position 10
in the stack
IN_ 85 N (default is Running byte
PERMANEN 4) counter for a
T _BYTES permanent
flow
IN_ 86 N (default is Running
PERMANEN 4) packet
T _PKTS counter for a
permanent
flow
When extensibility is required, the new field types will be added to the list. The new
field types have to be updated on the Exporter and Collector but the NetFlow export
format would remain unchanged.
In some cases the size of a field type is fixed by definition, for example PROTOCOL,
or IPV4_SRC_ADDR. However, in other cases they are defined as a variant type. This
improves the memory efficiency in the collector and reduces the network bandwidth
requirement between the Exporter and the Collector. As an example, in the case
IN_BYTES, on an access router it might be sufficient to use a 32 bit counter (N = 4),
whilst on a core router a 64 bit counter (N = 8) would be required.
All counters and counter-like objects are unsigned integers of size N * 8 bits.
Appendix A 351
A
Te mplate F i e ld s
The following is a list of NetFlow version 9 template fields exported for each predefined
Expand template: full, long and short.
Full Template
%BYTES %PKTS %PROT %TOS %TCP_FLAGS %L4_SRC_PORT %IP_SRC_ADDR
%SRC_MASK %INPUT_SNMP %L4_DST_PORT %IP_DST_ADDR %DST_MASK
%OUTPUT_SNMP %IP_NEXT_HOP %SRC_AS %DST_AS %LAST_SWITCHED
%FIRST_SWITCHED %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK
%IPV6_DST_MASK %ENGINE_TYPE %ENGINE_ID %TOTAL_BYTES_EXP
%TOTAL_PKTS_EXP %TOTAL_FLOWS_EXP %IP_PROTOCOL_VERSION
%DIRECTION %FRAGMENTED %FINGERPRINT %VLAN_TAG
%NW_LATENCY_SEC %NW_LATENCY_NSEC %APPL_LATENCY_SEC
%APPL_LATENCY_NSEC %PAYLOAD
Long Template
%SRC_MASK %INPUT_SNMP %L4_DST_PORT %IP_DST_ADDR %DST_MASK
%OUTPUT_SNMP %IP_NEXT_HOP %SRC_AS %DST_AS %LAST_SWITCHED
%FIRST_SWITCHED %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK
%IPV6_DST_MASK %ENGINE_TYPE %ENGINE_ID %TOTAL_BYTES_EXP
%TOTAL_PKTS_EXP %TOTAL_FLOWS_EXP %IP_PROTOCOL_VERSION
%DIRECTION %FRAGMENTED %FINGERPRINT %VLAN_TAG
Short Template
%SRC_MASK %L4_DST_PORT %IP_DST_ADDR %DST_MASK %IP_NEXT_HOP
%SRC_AS %DST_AS %LAST_SWITCHED %FIRST_SWITCHED
%IP_PROTOCOL_VERSION %DIRECTION %FRAGMENTED %FINGERPRINT
%VLAN_TAG

B
B P RE -D EFINED A PPLICATIONS
The following table lists all applications that are predefined in the Accelerator, their
port/protocol number and whether they are monitored by the Accelerator by default.
Table 1: Predefined Applications (Sheet 1 of 12)
Application Port/Protocol Number Automatically Monitored?
tcpmux 1 No
compressnet-mgmt 2 No
compressnet 3 No
echo 7 No
discard 9 No
systat 11 No
daytime 13 No
qotd 17 No
msp 18 No
chargen 19 No
ftp-data 20 Yes
ftp 21 Yes
ssh 22 Yes
telnet 23 Yes
priv-mail 24 No
smtp 25 Yes
nsw-fe 27 No
msg-icp 29 No
msg-auth 31 No
dsp 33 No
priv-print 35 No
time 37 No
rap 38 No
graphics 41 No
nicname 43 No
ni-ftp 47 No
Appendix B P. 3 5 3
P r e - D e f in e d A p p li c a t i o n s
B
auditd 48 No
tacacs 49 No
xns-time 52 No
domain 53 Yes
xns-ch 54 No
isi-gl 55 No
xns-auth 56 No
priv-term 57 No
xns-mail 58 No
priv-file 59 No
ni-mail 61 No
acas 62 No
whois++ 63 No
covia 64 No
tacacs-ds 65 No
sql*net 66 No
gopher 70 No
priv-dialout 75 No
deos 76 No
priv-rje 77 No
vettcp 78 No
finger 79 No
http-www 80 Yes
hosts2-ns 81 No
xfer 82 No
mit-ml-dev 83 No
ctf 84 No
mfcobol 86 No
priv-termlink 87 No
su-mit-tg 89 No
B
dnsix 90 No
mit-dov 91 No
npp 92 No
dcp 93 No
objcall 94 No
dixie 96 No
swift-rvf 97 No
tacnews 98 No
metagram 99 No
newacct 100 No
hostname 101 No
iso-tsap 102 No
gppitnp 103 No
acr-nema 104 No
csnet-ns 105 No
3com-tsmux 106 No
snagas 108 No
pop2 109 No
pop3 110 Yes
mcidas 112 No
auth 113 No
audionews 114 No
ansanotify 116 No
uucp-path 117 No
sqlserv 118 No
nntp 119 No
erpc 121 No
smakynet 122 No
ansatrader 124 No
locus-map 125 No
Appendix B 355
P r e - D e f in e d A p p l ic a ti o n s
B
unitary 126 No
locus-con 127 No
gss-xlicen 128 No
pwdgen 129 No
cisco-fna 130 No
cisco-tna 131 No
cisco-sys 132 No
ingres-net 134 No
endpoint-mapper 135 No
profile 136 No
netbios-ns 137 Yes
netbios-dgm 138 Yes
netbios-ssn 139 Yes
emfis-data 140 No
emfis-cntl 141 No
bl-idm 142 No
imap2 143 Yes
uma 144 No
uaac 145 No
iso-tp0 146 No
iso-ip 147 No
jargon 148 No
aed-512 149 No
sql-net 150 No
bftp 152 No
netsc-prod 154 No
netsc-dev 155 No
sqlsrv 156 No
knet-cmp 157 No
pcmail-srv 158 No
B
nss-routing 159 No
snmp 161 Yes
snmptrap 162 Yes
xns-courier 165 No
s-net 166 No
namp 167 No
rsvd 168 No
send 169 No
print-srv 170 No
multiplex 171 No
cl-1 172 No
xyplex-mux 173 No
mailq 174 No
vmnet 175 No
genrad-mux 176 No
nextstep 178 No
bgp 179 No
ris 180 No
unify 181 No
audit 182 No
ocbinder 18 No
ocserver 184 No
remote-kis 185 No
kis 186 No
aci 187 No
mumps 188 No
qft 189 No
gacp 190 No
prospero 191 No
osu-nms 192 No
Appendix B 357
B
srmp 193 No
irc 194 No
dn6-nlm-aud 195 No
dn6-smm-red 196 No
dls 197 No
dls-mon 198 No
smux 199 No
src 200 No
at-rtmp 201 No
at-nbp 202 No
at-3-5-7-8 203 No
at-echo 204 No
at-zis 206 No
quickmail 209 No
z39-50 210 No
914c-g 211 No
anet 212 No
vmpwscs 214 No
softpc 215 No
cai-lic 216 No
dbase 217 No
mpp 218 No
uarps 219 No
imap3 220 No
fln-spx 221 No
rsh-spx 222 Yes
cdc 223 No
peer-direct 242 No
sur-meas 243 No
daynachip 244 No
B
link 245 No
dsp3270 246 No
bh-fhs 248 No
ldap 389 Yes
https 443 Yes
smtps 465 No
exec 512 No
login 513 No
shell 514 No
printer 515 No
talk 517 No
ntalk 518 No
ibm-db2 523 No
uucp 540 No
rtsp 554 No
nntps 563 No
banyan-vip 573 No
alternate-http 591, 8008, 8080 No
sshell 614 No
ldaps 636 No
doom 666 No
ftps-data 989 No
ftps 990 No
telnets 992 No
ircs 994 No
pop3s 995 No
notes 1352 Yes
timbuktu-srv 1419 No
ms-sql-server 1433 No
ms-sql-monitor 1434 No
Appendix B 359
B
ms-sna-server 1477 No
ms-sna-base 1478 No
citrix-ica 1494 Yes
sybase_sqlany 1498 Yes
t-120 1503 No
oracl-tns 1521, 1526, 1527 No
ingres-lock 1524 No
oracl-srv 1525 Yes
oracl-coauthor 1529 No
oracl-remdb 1571 No
oracl-names 1575 No
america-online No
h323 1720 No
oracl-em1 1748 No
oracl-em2 1754 No
ms-streaming 1755 No
ms-sms No
ms-mqs 1801, 2101, 2103, No
2105
oracl-vp2 1808 No
oracl-vp1 1809 No
openwindows 2000 No
gupta-sqlbase 2155 No
cvs-pserver 2401 No
citrix-ica-sr 2598 No
sybase-sqlanywhere 2638 No
ccmail 3264 No
ms-terminal-server 3389 Yes
sap-r3 3200 No
ibm-db2-conn-svc 3700 No

B
ibm-db2-int-svc 3701 No
ichat 4020 No
pc-anywhere-data 5631 No
xwin Yes
ircu No
vdolive 7000 No
realaudio 7070 No
cu-seeme No
alternate-rtsp 8554 No
the-palace No
quake 26000 No
filenet-RPC 32769 No
filenet-NCH 32770 No
kazaa 1214 No
gnutella-svc 6346 No
gnutella-rtr 6347 No
edonkey 4662 No
radius 1812 No
radius-acct 1813 No
groupwise 1677 No
smaclmgr 4660 No
nameserver 42 No
wins 1512 No
pcanywhere 65301 No
bittorent No
winmx 6699, 6257 No
microsoft-ds 445 Yes
rlp 39 No
re-mail-ck 50 No
la-maint 51 No
Appendix B 361
B
bootps 67 No
bootpc 68 No
tftp 69 Yes
kerberos 88 Yes
cfdptkt 120 No
ntp 123 Yes
xdmcp 177 No
ipx-tunnel 213 No
subnet-bcast-tftp 247 No
backweb 370 No
timbuktu 407 No
biff 512 No
who 513 No
syslog 514 No
ip-xns-rip 520 No
streamworks-xing- 1558 No
mpeg
citrix-icabrowser 1604 No
h323-gatekeeper- 1718 No
disc
h323-gatekeeper- 1719 No
stat
ms-mqs-discovery 1801 No
ms-mqs-ping 3527 No
rtp 5004 No
rtcp 5005 No
pc-anywhere-stat 5632 No
ivisit 9943, 9945, 56768 No
l2tp 1701 No
sgcp 2427 No
hsrp 1985 No
B
timed 525 No
nfs 2049 Yes
dhcp 546, 547, 647, 847 Yes
mimix-dr1 Yes
mimix-ha1 Yes
mimix-rj 3777 Yes
novel-netware-over- 396 Yes
ip
icmp 1 Yes
igmp 2 Yes
ipencap 4 Yes
egp 8 Yes
igp 9 Yes
trunk-1 23 Yes
trunk-2 24 Yes
leaf-1 25 Yes
leaf-2 26 Yes
ipv6 41 Yes
rsvp 46 Yes
gre 47 Yes
ipv6-crypt 50 Yes
ipv6-auth 51 Yes
ipv6-icmp 58 Yes
eigrp 88 Yes
ospf 89 Yes
ipip 94 Yes
pim 103 Yes
scps 105 Yes
ipcomp 108 Yes
ipx-in-ip 111 Yes
Appendix B 363
B
vrrp 112 Yes
l2tp-over-ip 115 Yes
stp 118 Yes
isis 124 Yes

C
C A CCELERATOR I NTEGRATION
Integrating the Accelerator into environments in which third party applications run on
the network sometimes requires a certain amount of fine tuning. This chapter
describes various environments and applications and how to best set them for
Accelerator performance.
This appendix covers the following topics:
Acceleration and Citrix Traffic, on page 366
Configuring NetFlow, on page 378
Disabling Compression on SAP, on page 381
Calculating Acceleration Figures with an Application other than ExpandView, on
page 383
Appendix C P. 3 6 5
Accelerator Integration
C
Acceleration and Citrix Traffic
The Accelerator utilizes network resources efficiently and delivers improved
acceleration results for Citrix-hosted applications. Citrix users repeatedly access the
same content from the network. The Accelerator enhances support for Citrix
applications because, acceleration allows more Citrix data to traverse the WAN. The
Accelerator achieves this increase in throughput by:
Consolidating Citrix header data in pure IP implementations - IP header represents
significant overhead in small packets generated by Citrix. It constitutes almost 30% of the
Citrix packet. The Accelerator removes repeat-header information and sends this data only
once across the network.
Consolidating Citrix payload in all environments – the Accelerator extracts data from small
packets originating from different Citrix users, and sends packets optimized for specific
WAN conditions. The Accelerator eliminates all redundant data transmissions across the
WAN.
Controlling latency and jitter – the Accelerator reduces latency and jitter, especially over
slow WAN links that are commonly used for Citrix deployments.
The end result is better, more consistent Citrix performance; and support of up to four
times more Citrix users on the existing infrastructure.
Citrix has its own internal compression mechanism. The results achieved by this
mechanism are not at all comparable to the throughput increase achieved by the
Accelerator. When accelerating Citrix traffic, Citrix’s internal compression mechanism
must be disabled so that the Accelerator can access the original data.

C
Disabling Citrix NFuse Compression
You can disable Citrix compression on each Citrix client PC, but disabling compression
via the Web UI will cause all links that are not accelerated to become congested and
unusable.
To disable Citrix compression:
1. Back up the current copy of the following files: template.ica, launch.vbs,
Clogin.vbs, Chtmllogin.vbs.
2.Copy the two ica files provided here into the following directory:
C:\Program Files\Citrix\NFuse
3.Copy the three vbs files into the following directory:
C:\inetpub\wwwroot\Citrix\MetaFrameXP\site\include\serverscripts
4.This will modify the Web Interface server by creating a drop-down menu
on the login page, which will allow users to specify which type of
connection is required. Any link connected to an Accelerator should be
set to No Compression. Links not connected to Accelerators should be
set to With Compression.
5.Restart the World Wide Web service by opening a command prompt
and typing: iisreset
6.Select No Compression for all Accelerated clients in the Web Interface
Login page.
Appendix C 367
A c c e l e ra to r I n t e g r a t i o n
C
Disabling Citrix Encryption and Compression
Citrix is a popular application installed on top of Microsoft’s Remote Desktop Protocol
(RDP) that was created in joint development by Microsoft and Citrix. Citrix, also
referred to as ICA, adds quite a few features that RDP does not have and therefore is
popular for terminal and thin client deployments.
Both RDP and Citrix have the ability to compress traffic sent to and from the servers.
However, these capabilities are limited, and do not perform as well as Expand’s
Accelerators.
Both RDP and Citrix have the ability to encrypt traffic sent to and from the servers.
However, because encryption is random by definition, its very nature limits the ability of
the Accelerators to remove repetitive data.
Defining Settings on the Server

An administrator can set encryption and compression settings on the server for the
RDP and Citrix connections by modifying the protocol’s properties. For Encryption, all
Citrix and RDP communications to the server must meet the minimal encryption
settings of the ICA and RDP protocol listener. Settings made to the ICA or RDP listener
apply to all traffic and applications.
Setting/checking ICA or RDP listener traffic

To disable compression and encryption in RDP
1.Open the Terminal Server Configuration console:
Computer SettingsÆAdministrative ToolsÆTerminal Server
Configuration.
2.In the Connections tab, double-click the RDP-Tcp connection.
The RDP-Tcp properties window opens:

C
3.Under the General Tab, set the encryption level to Low.

4.Click OK, and close the configuration console:
To use group policies for disabling compression and

encryption in RDP:
1.Open the Default Domain Group Policies on the Domain Controller (AD)
2.Browse to Computer ConfigurationsÆAdministrative Templates
ÆWindows ComponentsÆTerminal ServicesÆEncryption and
Security.
3.Double-click the “Set client connection encryption level” setting.
A properties window opens:
Appendix C 369
C
4.Select the option “Enabled” from the radio button.

5.Set the “Encryption Level” to “Low Level”
6.Click OK, and close the configuration console.
Once set, the setting will replicate to the environment. To speed up the process, you
can manually update the group policy by running the following command from the
command line:
gpupdate /force

C
To disable compression and encryption in Citrix:
1.Open the Citrix Connection Configuration tool and double click on the
ICA-TCP connection type.
2.Within the Advanced Connection Settings, encryption should be set to
none.
3.For Published Applications, each application type has the ability to be
individually configured for encryption.
4.Open the Published Applications Manager tool and view the properties
of the application being used. Click on the Client tab and view the
encryption required from the client. If the application is already
published this will be read only. Publishing the application and
recreating the application with the lowest encryption level of Basic can
remove encryption.
Setting the encryption level for Published Applications can require an
identical encryption level from the client. When a company uses
published applications they will normally require a certain encryption
level via the Published Applications Manager. These encryption levels
are the same choices available on the client (see below).
Appendix C 371
C
To disable compression and encryption in NFUSE and
NFUSE Elite Server
Compression and encryption configurations are set during the publishing of
the application and are stored within a file called template.ica. The location of
this file can vary, however it is typically stored on the web server within the
web directory (if necessary, consult with a Citrix administrator for the specific
location).
Compression is enabled by default even though there is not a specific entry
within the template.ica file that mentions this.
1.Edit and the template.ica file by adding a line entered under the
application name that reads Compress=Off. If there are multiple
applications, the command Compress=Off will need to be entered
multiple times.
For additional information on turning off compression, see Citrix
documentation: CTX554864 and CTX101865.
2.To disable encryption, publish the application again with the lowest
encryption level of Basic.
3.In addition in the event that SSL certificates are used for web
connections (web connections that begin with HTTPS: instead of
HTTP). SSL is will also provide encryption for the session. SSL must be
removed and not required for the connections.
Speed Screen Latency Reduction Manager

SpeedScreen Latency Reduction Manager allows an administrator to enable
compression for an application depending on the latency of the connection. When
enabled, Citrix will monitor the round trip time for responses to and from the server and
client and enable compression when needed. Remove any configured application by
clicking Delete.

C
Defining Settings on the Client
For Citrix
NFUSE is controlled via the server, so no settings need to be altered on the client.
Custom Connections and Published Applications allow for changes to be made on the
clients. Each client has a Citrix Program Neighborhood that contains settings for the
connections that can override the settings on the server. For both of these, deselect
compression and set encryption to Basic.
Published applications use a ‘farm’ concept in which these applications can be
grouped together with settings that apply for all the applications. Within the farm
settings, a client can set the encryption and compression.
To disable compression and encryption for ‘farms’:
1.Right-click the farm and choose Application Set settings. Once the
Properties menu is displayed, click on the tab labeled Options to view
and/or change the settings.
2.Each specific published application can also have settings for
encryption and compression.
3.Right click the specific application and choose Application Set settings.
Once the Properties menu is displayed, click on the Options tab to view
and or change the settings.
4.Custom connections are created from the client, and you can use the
Properties page to set all settings during creation or afterwards.
Right-click the custom connection and choose Properties. Once you see
the Properties menu, click on the Options tab to view and/or change the
settings.
For RDP
Only compression can be set on the client and not encryption as previously discussed
regarding the Citrix client. The place to set these values depends on how the RDP
session is being launched. For most environments this will be done through the Client
Connection Manager.
Appendix C 373
C
To disable compression on the RDP client:
1.Within the Client Connection Manager, right click the connection and
choose Properties. Navigate to the Connection Options tab and
deselect the box labeled Enable data compression if it is selected.
2.When the session for RDP is launched from the ‘raw’ Terminal Services
Client icon, the option for compression is presented when choosing the
server to log into.

C
Turning Compression off in the PNAgent Client
This section instructs you how to resolve the Citrix PNA problem by turning of
compression in the PNAgent client.
Understanding the PNA Problem

Citrix Program Neighborhood Agent (PNA) is a combination of published applications
and NFUSE. Data compression in the PNAgent is ON by default if the value disabling
it is not present.
Resolving the PNA Problem

Edit the PNAgent template.ica file on the Web Interface server. This template.ica file is
different than the one used by NFUSE, although the same is required for NFUSE as
well.
To edit the PNA template.ica file:
1.Access the template.ica file:
Default location: C:\Inetpub\wwwroot\Citrix\PNAgent\template.ica
If you are unsure of the location on your server simply search for the
PNAgent directory and look there for a template.ica file.
2.Add the value Compress=Off under the Application tag, as follows:
[[NFuse_AppName]]
Address=[NFuse_AppServerAddress]
InitialProgram=#[NFuse_AppName]
LongCommandLine="[NFuse_AppCommandLine]"
DesiredColor=[NFuse_WindowColors]
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0
AutoLogonAllowed=On
Compress=Off
Appendix C 375
C
Identifying Citrix Layer-7 Applications
Monitoring Citrix/ICA Layer-7 traffic requires each Layer-7 application running through
Citrix to open a separate TCP session; the Accelerator does not support Citrix session
sharing.
Citrix Applications work as follows: Applications are published, meaning that the
Administrator defines certain applications on the server for users to use on their
desktop. The Administrator also assigns names for these applications. The users can
either download the applications and their names from the server, or define them
manually.
When applications are downloaded, for each Citrix application session run between the
client and the server, Citrix creates a TCP session for running the application and a
UDP session that serves as a control for the application.
The Accelerator’s Layer-7 monitoring is aware of both of these sessions, and identifies
the open sessions by the new published application name. If Citrix is configured to
work in single-session (virtual channel) TCP, in which each application does not open a
new TCP session, the Accelerator will not have access to the Layer-7 information it
needs.
NOTE: The Accelerator supports both Automatic and Direct

Citrix application discovery mode.
When applications are added manually, it is still necessary for the Accelerator to
monitor the control session (UDP) that is never encrypted or compressed.
To disable session sharing in the Citrix server:
1.At the command prompt of the Citrix server, open the registry editor by
entering the regedit command.
2.Create the following entry in the server’s registry (which overrides
session sharing):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\C
ontrol\Citrix\WFSHELL\TWI
3.Add the following value:
Name: SeamlessFlags
Data type: REG_DWORD
Data value: 1
4.Setting this registry value to 1 overrides session sharing.
Note that this flag is SERVER GLOBAL.
C
Warning: Editing the registry or using a Registry Editor incorrectly
can cause serious, system-wide problems that may
require you to reinstall Windows NT to correct them.
Microsoft does not guarantee that problems resulting
from the incorrect use of Registry Editor can be solved.
Back up your registry first and use Registry Editor at
your own risk.
NOTE: When creating Layer-7 Citrix applications in the

Accelerator, the application names defined must match
the application names exactly as entered into the Citrix
server
Due to this requirement, take into account the following considerations:

It is recommended to create Citrix Layer-7 applications via the Monitoring > Layer-7
Discovery menu, where traffic types are collected and listed, instead of entering them
manually.
All Citrix application names entered into the Accelerator must be in ALL CAPS. This is
because in some environments, when the client communicates with the server, the client
converts the published application name to capitals.
Appendix C 377
C
Configuring NetFlow
The following configuration modifications are needed in order to use NetFlow with the
Expand Accelerator. While previous versions of AcceleratorOS included RMON, the
AcceleratorOS 6.0 integrates NetFlow support for detailed reporting. With
AcceleratorOS version 6 and NetFlow it is possible to extract statistics like in RMON’s
Top Talker.
The main focus of NetFlow is Traffic Measurement, Traffic Monitoring, Network
Optimization and Planning and Detection of Network Security Violations, as follows.
Studying Traffic Measurement

Traffic Measurement measures usage of relevant traffic activities. NetFlow tracks
network usage, generating a series of statistics for hosts sending data through the
interface. The necessary information is collected by the host running NetFlow by
observing the traffic on the network. This arrangement offloads the processing
requirements from operational nodes to the NetFlow host. All packets in the subnet are
captured and associated with a sender/receiver pair. In this way, it is possible to track
all traffic activities of a particular host. The following are some of the statistics and
reports that you can collect by using NetFlow Traffic Measurement:
DATA SENT /RECEIVED – (TOP 10) the total traffic (volume and packets) generated or
received by the host. The traffic is classified according to network protocol (IP, IPX,
AppleTalk, and so on) and IP protocol (FTP, HTTP, NFS, and so on).
USED BANDWIDTH - Actual, average and peak bandwidth usage.
IP MULTICAST -Total amount of multicast traffic generated or received by the host.
TCP SESSIONS HISTORY - Currently active TCP sessions established/accepted by the
host and associated traffic statistics.
UDP TRAFFIC - Total amount of UDP traffic sorted by port.
TCP/UDP - USED SERVICES - List of IP-based services (for example: open and active
ports) provided by the host with the list of the last five hosts that used them.
TRAFFIC DISTRIBUTION - Local traffic, local to remote traffic, remote to local traffic (local
hosts are attached to the broadcast network).
IP TRAFFIC DISTRIBUTION - UDP vs. TCP traffic, relative distribution of the IP protocols
according to the host name.

C
Studying Traffic Monitoring
Traffic Monitoring lets you identify those situations where network traffic does not
comply with specified policies or when it exceeds a defined threshold. In general,
network administrators specify policies that apply to the behavior of elements in the
managed network.
If a monitoring tool has already been implemented on the network, it may be possible
to integrate NetFlow into the existing tool (for example, Concord, and HP OpenView
support NetFlow). There are open source NetFlow software platforms that you can
download for free. Expand recommends NTop-XTRA, which can be downloaded from
http://www.openxtra.co.uk/products/ntop-xtra.htm
Some NetFlow collectors, such as Crannog’s NetFlow Monitor, require enabling SNMP,
because the graphs can be interface-based (IF.Index). The Accelerator’s SNMP
feature, even when enabled, does not include the IF.Index for flows because the
Accelerator functions as a bridge. Therefore, the NetFlow Monitor software will not
present any statistics when working with an Accelerator. Use software that does not
require the IF.Index. For example, Crannog software has another Netflow collector
called NetFlow Tracker, which does not require the IF.Index for the Netflow statistics
and works very well with the Accelerator.
When configuring NetFlow on the Accelerator, it is important to specify the version
number.
Note: Only NetFlow Version 5 is supported.
Appendix C 379
C
Configuring Accelerator NetFlow
accelerator#config
accelerator (config) #netflow
accelerator (NetFlow) #?
exit exit current node
ip ip NetFlow command
no remove collector
show show NetFlow parameters
Here is an example of the config needed if 172.16.80.21 is the PC running the
NetFlow application:
accelerator(NetFlow) ip flow-export 172.16.80.21 port 2055 version 5
interface ethernet 0/0
accelerator (NetFlow) # show

---------------------------------------------------------
# | COLLECTOR IP | PORT | VERSION | INTERFACE
---------------------------------------------------------
1| 172.16.80.21|2055 | 5 | Ethernet 0/0
NOTE: In On-Path installations, use Ethernet 0; in On-LAN

installations use Ethernet 0/1 when configuring
NetFlow.
KNOWN LIMITATION – You can enable NetFlow only on ethernet or bridge and not
per link or virtual link.
You can configure only one NetFlow probe.

C
Disabling Compression on SAP
If SAP compression must be disabled in order to achieve higher Accelerator efficiency,
the following procedure describes how to disable SAP compression.
1. From My computer, click on Properties, or from the Control Panel click on System.
2. Click on Advanced, followed by Environment Variables.
3. In the Environment Variables window, click the New button.

4. Type TDW_NOCOMPRESS in the Variable Name field, and 1 in the Variable Value
field.
Appendix C 381
C
To undo this procedure and restore SAP compression, delete this variable, or set the
Variable Value to 0.

C
C a lcu lati n g A c c e le ra t i o n F i g u r e s w i th a n
Application other than ExpandView
The following section explains how to calculate the acceleration percentage achieved
on the Accelerator via Excel, by using data captured from a Management Application
other than ExpandView. If you are using ExpandView to monitor Accelerators, and
capture the relevant data, ExpandView will automatically record the acceleration
values, and use the Throughput Recorder for generating the graphs.
For these reasons it is preferable to use ExpandView for this purpose. Alternatively,
you can use the Private MIB to view acceleration figures via external applications, such
as What’s Up Gold, HP OpenView, or SNMPc, as follows:
accInterfacePerformanceInAccelerationPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.31
Full path:
iso(1).org(3).dod(6).internet(1).private(4).enterprises(
1).expandnetworks(
3405).acceleratorOs(3).accInterfaces(4).accInterfaceTabl
e(2).accInterfaceEnt
ry(1).accInterfacePerformanceInAccelerationPeriod(30)
Module: EXPAND-ACCLERETOROS-MIB
Description: Inbound traffic acceleration percentage during
last sampling period.
accInterfacePerformanceOutAccelerationPeriod
OID: 1.3.6.1.4.1.3405.3.4.2.1.34
Full path:
iso(1).org(3).dod(6).internet(1).private(4).enterprises(
1).expandnetworks(
3405).acceleratorOs(3).accInterfaces(4).accInterfaceTabl
e(2).accInterfaceEnt
ry(1).accInterfacePerformanceOutAccelerationPeriod(33)
Module: EXPAND-ACCLERETOROS-MIB
Description: Outbound traffic acceleration percentage
during last sampling period.
In AcceleratorOS versions below 4.0, in which the Private MIB was not supported,
using external applications to view acceleration statistics can be complex and it may be
necessary to follow the method outlined below to avoid errors being generated by
Excel.
Use the standard method for calculating the acceleration percentage:
Appendix C 383
C
((Raw Data/Accelerated Data)-1) x 100
In low traffic, when keepalives are sent and no data is transferred, this causes the raw
data to be low or the accelerated data to be high, causing Excel to return error
messages, or even negative acceleration figures, as seen in the screen capture below:
Working with a small amount of data, this does not cause too much of a problem, as it
is quite easy to alter the resulting acceleration figure to a zero. However, when working
with a large amount of data, it will be almost impossible to remove all these errors, thus
resulting in a graph with gaps, and negative acceleration.
To avoid this, you can use the following formula:
=IF({Accelerated Data}=0,"0",IF({Raw Data}<{Accelerated Data},"0",((({Raw Data}/{Acc.
Data})-1)*100)))
Although this looks difficult, the “real” formula is: =IF(D2=0,"0",IF(C2<D2,"0",(((C2/D2)-
1)*100)))
In effect, what this formula tells Excel, is:
If the Accelerated Data value is 0, then the output, or acceleration percentage will be 0,
if the Raw Data value is less than the Accelerated data, then the output will be 0. Only
if neither of these statements is true will Excel calculate the acceleration percentage.
Although this may be true in terms of the Accelerated Data value being zero, it is a
workaround enabling Excel to calculate the acceleration figures needed to produce a
graph.

D
D S YSTEM S PECIFICATIONS
This chapter details the specifications for the various Accelerator Series:
Accelerator 6800 Series
Accelerator 1800/4800/4900 Series
Appendix D P. 3 8 5
System Specifications
D
Data rates: Up to 45 Mbps
Control Interfaces
Ethernet RJ-45 10/100/1000 BaseT
Management: or
Fiber SC 1000 BaseSX - multimode, 850 nm
Console: RS-232
Baud rate: 9600 bps
Ethernet: Two RJ-45 10/100/1000 BaseT
or
Two Fiber SC 1000 BaseSX
USB: USB-2.2 Type A, female, 480 Mb
Power 6810: 100-240 VAC, 50-60 Hz, 1.74 - 0.87A
6840: 100-240 VAC, 50-60 Hz, 2.6 - 1.13A
Power Consumption 6810: 200W
6840: 260W
Flash Memory 128 MB
DDR Memory 6810: 1 GB
6840: DDR register EEC Memory 4 GB
Physical
Height: 3.40” (8.8 cm) (2U)
Length: 6810: 17.6” (44.7 cm) or 19.6” (49.7 cm) with
brackets
6840: 19” (43.8 cm)
Depth: 6810: 17” (43.2 cm)
6840: 20” (51 cm)
Environment
Temperature: 0 - 40 C (32 - 104 F)
Humidity: Up to 90%, non-condensing
Heat Dissipation 6810: 655 BTU
6840: 900 BTU

D
Data rates: Up to 45 Mbps
Control Interfaces
Ethernet RJ-45 10/100/1000 BaseT
Management: or
Fiber SC 1000 BaseSX - multimode, 850 nm
Console: RS-232
Baud rate: 9600 bps
Ethernet: Two RJ-45 10/100/1000 BaseT
or
Two Fiber SC 1000 BaseSX
USB: USB-2.2 Type A, female, 480 Mb
Power 6910: 100-240 VAC, 50-60 Hz, 1.74 - 0.87A
6940: 100-240 VAC, 50-60 Hz, 2.6 - 1.13A
Power Consumption 6910: 210W
6940: 270W
Flash Memory 6910: 1 GB
6940: 4 GB
Hard Drive 500 GB
DDR Memory 6910: 1 GB
6940: DD
Physical
Height: 3.50” (8.8 cm) (2U)
Length: 17.4” (44.2 cm)
Depth: 6910: 16.7” (42.4 cm)
6940: 20.1” (51.1 cm)
Environment
Temperature: 0 - 40 C (32 - 104 F)
Heat Dissipation 6910: 717 BTU
6940: 921 BTU
Appendix D 387
Sy st em Sp e c i f i c a t i o n s
D
Accelerator 1800/4800/4900 Series
Data Rates 4820: up to 6 Mbps
1810: up to 256 Kbps
Control Interfaces
Ethernet 10/100 BaseT, RJ-45
Management:
Console: EIA-232/V.24
Baud rate: 9600 bps
Ethernet: Two 10/100 BaseT RJ-45
Auxilary: DB-9, can be connected to a PC (via a null cable)
USB 1.1 compliant USB port
Power 120W, 100-240 VAC, 50/60 Hz
Power Consumption 50W
Flash Memory 64 MB
SDRAM Memory 512 MB for 4800 Series
256 MB for 1800 Series
LCD 20 character, 2-line LCD (4820 only)
Keypad 5 button keypad (4820 only)
Physical
4800/1800 Series
Height: 1.70” (4.4 cm) (IU)
Length: 17” (43.2 cm) or 19” (48.3 cm) with brackets
Depth: 13.2 (33.7 cm)
Weight: 6.2 lb (2.8 kg)
Environment
Temperature: 0 - 40 C (32 - 104 F)
Heat Dissipation 170 BTU/H

E
E MIME T YPES
Thousands of possible MIME types can be used as part of Web application definition.
For a definition of and information about MIME types, please see http://www.faqs.org/
rfcs/rfc2045.html, http://www.iana.org/assignments/media-types and
http://www.faqs.org/rfcs/rfc2046.html.
This appendix provides a a list of some very common MIME types.
Appendix E P. 3 8 9
M IM E Ty p e s
E
Application
andrew-inset
applefile
atomicmail
batch-SMTP
beep+xml
cals-1840
cnrp+xml
commonground
cpl+xml
csta+xml
CSTAdata+xml
cybercash
dca-rft
dec-dx
dialog-info+xml
dicom
dns
dvcs
EDI-Consent
EDIFACT
EDI-X12
epp+xml
eshop
fits
font-tdpfr
http
hyperstudio
iges
im-iscomposing+xml
index
index.cmd
index.obj
index.response
index.vnd
iotp
E
ipp
isup
kpml-request+xml
kpml-response+xml
mac-binhex40
macwriteii
marc
mathematica
mbox
mikey
mpeg4-generic
msword
news-message-id
news-transmission
ocsp-request
ocsp-response
octet-stream
oda
ogg
parityfec
pdf
pgp-encrypted
pgp-keys
pgp-signature
pidf+xml
pkcs10
pkcs7-mime
pkcs7-signature
pkix-cert
pkixcmp
pkix-crl
pkix-pkipath
postscript
prs.alvestrand.titrax-sheet
prs.cww
prs.nprend
prs.plucker
Appendix E 391
M IM E Ty p e s
E
rdf+xml
qsig
reginfo+xml
remote-printing
resource-lists+xml
riscos
rls-services+xml
rtf
samlassertion+xml
samlmetadata+xml
sbml+xml
sdp
set-payment
set-payment-initiation
set-registration
set-registration-initiation
sgml
sgml-open-catalog
shf+xml
sieve
simple-filter+xml
simple-message-summary
slate
soap+xml
spirits-event+xml
timestamp-query
timestamp-reply
tve-trigger
vemmi
vnd.3gpp.pic-bw-large
vnd.3gpp.pic-bw-small
vnd.3gpp.pic-bw-var
vnd.3gpp.sms
vnd.3M.Post-it-Notes
vnd.accpac.simply.aso
vnd.accpac.simply.imp
vnd.acucobol
E
vnd.acucorp
vnd.adobe.xfdf
vnd.aether.imp
vnd.amiga.ami
vnd.anser-web-certificate-issue-initiation
vnd.anser-web-funds-transfer-initiation
vnd.audiograph
vnd.blueice.multipass
vnd.bmi
vnd.businessobjects
vnd.canon-cpdl
vnd.canon-lips
vnd.cinderella
vnd.claymore
vnd.commerce-battelle
vnd.commonspace
vnd.cosmocaller
vnd.contact.cmsg
vnd.criticaltools.wbs+xml
vnd.ctc-posml
vnd.cups-postscript
vnd.cups-raster
vnd.cups-raw
vnd.curl
vnd.cybank
vnd.data-vision.rdz
vnd.dna
vnd.dpgraph
vnd.dreamfactory
vnd.dxr
vnd.ecdis-update
vnd.ecowin.chart
vnd.ecowin.filerequest
vnd.ecowin.fileupdate
vnd.ecowin.series
vnd.ecowin.seriesrequest
vnd.ecowin.seriesupdate
Appendix E 393
M IM E Ty p e s
E
vnd.enliven
vnd.epson.esf
vnd.epson.msf
vnd.epson.quickanime
vnd.epson.salt
vnd.epson.ssf
vnd.ericsson.quickcall
vnd.eudora.data
vnd.fdf
vnd.ffsns
vnd.fints
vnd.FloGraphIt
vnd.framemaker
vnd.fsc.weblaunch
vnd.fujitsu.oasys
vnd.fujitsu.oasys2
vnd.fujitsu.oasys3
vnd.fujitsu.oasysgp
vnd.fujitsu.oasysprs
vnd.fujixerox.ddd
vnd.fujixerox.docuworks
vnd.fujixerox.docuworks.binder
vnd.fut-misnet
vnd.genomatix.tuxedo
vnd.grafeq
vnd.groove-account
vnd.groove-help
vnd.groove-identity-message
vnd.groove-injector
vnd.groove-tool-message
vnd.groove-tool-template
vnd.groove-vcard
vnd.hbci
vnd.hcl-bireports
vnd.hhe.lesson-player
vnd.hp-HPGL
vnd.hp-hpid
E
vnd.hp-hps
vnd.hp-PCL
vnd.hp-PCLXL
vnd.httphone
vnd.hzn-3d-crossword
vnd.ibm.afplinedata
vnd.ibm.electronic-media
vnd.ibm.MiniPay
vnd.ibm.modcap
vnd.ibm.rights-management
vnd.ibm.secure-container
vnd.informix-visionary
vnd.intercon.formnet
vnd.intertrust.digibox
vnd.intertrust.nncp
vnd.intu.qbo
vnd.intu.qfx
vnd.ipunplugged.rcprofile
vnd.irepository.package+xml
vnd.is-xpr
vnd.japannet-directory-service
vnd.japannet-jpnstore-wakeup
vnd.japannet-payment-wakeup
vnd.japannet-registration
vnd.japannet-registration-wakeup
vnd.japannet-setstore-wakeup
vnd.japannet-verification
vnd.japannet-verification-wakeup
vnd.jisp
vnd.kde.karbon
vnd.kde.kchart
vnd.kde.kformula
vnd.kde.kivio
vnd.kde.kontour
vnd.kde.kpresenter
vnd.kde.kspread
vnd.kde.kword
Appendix E 395
M IM E Ty p e s
E
vnd.kenameaapp
vnd.kidspiration
vnd.Kinar
vnd.koan
vnd.liberty-request+xml
vnd.llamagraphics.life-balance.desktop
vnd.llamagraphics.life-balance.exchange+xml
vnd.lotus-1-2-3
vnd.lotus-approach
vnd.lotus-freelance
vnd.lotus-notes
vnd.lotus-organizer
vnd.lotus-screencam
vnd.lotus-wordpro
vnd.mcd
vnd.mediastation.cdkey
vnd.meridian-slingshot
vnd.mfmp
vnd.micrografx.flo
vnd.micrografx.igx
vnd.mif
vnd.minisoft-hp3000-save
vnd.mitsubishi.misty-guard.trustweb
vnd.Mobius.DAF
vnd.Mobius.DIS
vnd.Mobius.MBK
vnd.Mobius.MQY
vnd.Mobius.MSL
vnd.Mobius.PLC
vnd.Mobius.TXF
vnd.mophun.application
vnd.mophun.certificate
vnd.motorola.flexsuite
vnd.motorola.flexsuite.adsi
vnd.motorola.flexsuite.fis
vnd.motorola.flexsuite.gotap
vnd.motorola.flexsuite.kmr
E
vnd.motorola.flexsuite.ttc
vnd.motorola.flexsuite.wem
vnd.mozilla.xul+xml
vnd.ms-artgalry
vnd.ms-asf
vnd.mseq
vnd.ms-excel
vnd.msign
vnd.ms-lrm
vnd.ms-powerpoint
vnd.ms-project
vnd.ms-tnef
vnd.ms-works
vnd.ms-wpl
vnd.musician
vnd.music-niff
vnd.nervana
vnd.netfpx
vnd.noblenet-directory
vnd.noblenet-sealer
vnd.noblenet-web
vnd.nokia.landmark+xml
vnd.nokia.landmark+wbxml
vnd.nokia.landmarkcollection+xml
vnd.nokia.radio-preset
vnd.nokia.radio-presets
vnd.novadigm.EDM
vnd.novadigm.EDX
vnd.novadigm.EXT
vnd.obn
vnd.omads-email+xml
vnd.omads-file+xml
vnd.omads-folder+xml
vnd.osa.netdeploy
vnd.palm
vnd.paos.xml
vnd.pg.format
Appendix E 397
M IM E Ty p e s
E
vnd.picsel
vnd.pg.osasli
vnd.powerbuilder6
vnd.powerbuilder6-s
vnd.powerbuilder7
vnd.powerbuilder75
vnd.powerbuilder75-s
vnd.powerbuilder7-s
vnd.previewsystems.box
vnd.publishare-delta-tree
vnd.pvi.ptid1
vnd.pwg-multiplexed
vnd.pwg-xhtml-print+xml
vnd.Quark.QuarkXPress
vnd.rapid
vnd.RenLearn.rlprint
vnd.s3sms
vnd.sealed.doc
vnd.sealed.eml
vnd.sealed.mht
vnd.sealed.net
vnd.sealed.ppt
vnd.sealed.xls
vnd.sealedmedia.softseal.html
vnd.sealedmedia.softseal.pdf
vnd.seemail
vnd.shana.informed.formdata
vnd.shana.informed.formtemplate
vnd.shana.informed.interchange
vnd.shana.informed.package
vnd.smaf
vnd.sss-cod
vnd.sss-dtf
vnd.sss-ntf
vnd.street-stream
vnd.sus-calendar
vnd.svd
E
vnd.swiftview-ics
vnd.syncml.ds.notification
vnd.syncml.+xml
vnd.triscape.mxs
vnd.trueapp
vnd.truedoc
vnd.ufdl
vnd.uiq.theme
vnd.uplanet.alert
vnd.uplanet.alert-wbxml
vnd.uplanet.bearer-choice
vnd.uplanet.bearer-choice-wbxml
vnd.uplanet.cacheop
vnd.uplanet.cacheop-wbxml
vnd.uplanet.channel
vnd.uplanet.channel-wbxml
vnd.uplanet.list
vnd.uplanet.listcmd
vnd.uplanet.listcmd-wbxml
vnd.uplanet.list-wbxml
vnd.uplanet.signal
vnd.vcx
vnd.vectorworks
vnd.vidsoft.vidconference
vnd.visio
vnd.visionary
vnd.vividence.scriptfile
vnd.vsf
vnd.wap.sic
vnd.wap.slc
vnd.wap.wbxml
vnd.wap.wmlc
vnd.wap.wmlscriptc
vnd.webturbo
vnd.wordperfect
vnd.wqd
vnd.wrq-hp3000-labelled
Appendix E 399
M IM E Ty p e s
E
vnd.wt.stf
vnd.wv.csp+xml
vnd.wv.csp+wbxml
vnd.wv.ssp+xml
vnd.xara
vnd.xfdl
vnd.yamaha.hv-dic
vnd.yamaha.hv-script
vnd.yamaha.hv-voice
vnd.yamaha.smaf-audio
vnd.yamaha.smaf-phrase
vnd.yellowriver-custom-menu
watcherinfo+xml
whoispp-query
whoispp-response
wita
wordperfect5.1
x400-bp
xhtml+xml
xml
xml-dtd
xml-external-parsed-entity
xmpp+xml
xop+xml
zip

E
Audio
3gpp
AMR
AMR-WB
basic
BV16
BV32
clearmode
CN
DAT12
dsr-es201108
dsr-es202050
dsr-es202211
dsr-es202212
DVI4
EVRC
EVRC0
EVRC-QCP
G722
G.722.1
G723
G726-16
G726-24
G726-32
G726-40
G728
G729
G729D
G729E
GSM
GSM-EFR
iLBC
L8
L16
L20
L24
Appendix E 401
M IM E Ty p e s
E
LPC
MPA
MP4A-LATM
mpa-robusta
mpeg
mpeg4-generic
parityfec
PCMA
PCMU
prs.sid
QCELP
RED
SMV
SMV0
SMV-QCP
telephone-event
tone
VDVI
vnd.3gpp.iufp
vnd.audiokoz
vnd.cisco.nse
vnd.cns.anp1
vnd.cns.inf1
vnd.digital-winds
vnd.everad.plj
vnd.lucent.voice
vnd.nokia.mobile-xmf
vnd.nortel.vbk
vnd.nuera.ecelp4800
vnd.nuera.ecelp7470
vnd.nuera.ecelp9600
vnd.octel.sbc
vnd.rhetorex.32kadpcm
vnd.sealedmedia.softseal.mpeg
vnd.vmx.cvsd

E
Image
cgm
fits
g3fax
gif
ief
jp2
jpeg
jpm
jpx
naplps
png
prs.btif
prs.pti
t38
tiff
tiff-fx
vnd.cns.inf2
vnd.djvu
vnd.dwg
vnd.dxf
vnd.fastbidsheet
vnd.fpx
vnd.fst
vnd.fujixerox.edmics-mmr
vnd.fujixerox.edmics-rlc
vnd.globalgraphics.pgb
vnd.microsoft.icon
vnd.mix
vnd.ms-modi
vnd.net-fpx
vnd.sealed.png
vnd.sealedmedia.softseal.gif
vnd.sealedmedia.softseal.jpg
vnd.svf
vnd.wap.wbmp
Appendix E 403
M IM E Ty p e s
E
vnd.xiff

E
Message
CPIM
delivery-status
disposition-notification
external-body
http
news
partial
rfc822
s-http
sip
sipfrag
tracking-status
Appendix E 405
M IM E Ty p e s
E
Model
iges
mesh
vnd.dwf
vnd.flatland.3dml
vnd.gdl
vnd.gs-gdl
vnd.gtw
vnd.mts
vnd.parasolid.transmit.binary
vnd.parasolid.transmit.text
vnd.vtu
vrml

E
Multipart
alternative
appledouble
byteranges
digest
encrypted
form-data
header-set
mixed
parallel
related
report
signed
voice-message
Appendix E 407
M IM E Ty p e s
E
Te xt
calendar
css
csv
directory
dns
ecmascript (obsolete)
enriched
example
html
javascript (obsolete)
parityfec
plain
RED
rfc822-headers
richtext
rtx
sgml
t140
troff
uri-list
vnd.IPTC.NewsML [IPTC]
vnd.IPTC.NITF [IPTC] xml
xml-external-parsed-entity

E
Video
3gpp
3gpp2
3gpp-tt
BMPEG
BT656
CelB
DV
example
H261
H263
H263-1998
H263-2000
H264
JPEG
MJ2
MP1S
MP2P
MP2T
mp4
MP4V-ES
MPV
mpeg
mpeg4-generic
nv
parityfec
pointer
raw
rtx
SMPTE292M
vc1 [
Appendix E 409
M IM E Ty p e s
E

F
F C ONTACTING TAC
Expand Networks is dedicated to delivering both excellent products and customer
support. From our Technical Assistance Center (TAC) to our online Knowledge Base,
we are committed to solving your networking problems. TAC is available to all partners
and registered customers and allows posting support inquiries directly to Expand’s help
desk.
The Expand Technical Assistance Center provides around-the-clock support to
customers worldwide. Customer call center agents answer calls and dispatch problems
to Support Engineers (SEs) for resolution. The SE becomes the call owner and is
responsible for ensuring that the problem is addressed and fixed quickly. You can
open Priority 1 and 2 cases by calling TAC; to open Priority 3 cases, use Expand’s
Extranet or Channel Portal.
The TAC works closely with customers to isolate and replicate problems. In a critical
network-down problem, TAC SEs work with customers until their problems are
resolved. In other instances, SEs may replicate a customer's environment in the TAC
laboratory. When deemed necessary, SEs may involve R&D engineers in order to
ensure that problem cases are resolved to the customer's satisfaction. The TAC
includes highly trained engineers, including Cisco Certified Internetwork Experts
(CCIEs) and Microsoft Certified Professionals (MCPs).
Expand Networks wishes to offer you the best tech support it can. To do this, call our
toll free TAC number at:
1-877-4-EXPAND (877-439-7263) within North America
1-920-490-7337 outside of North America
When contacting the TAC, it is essential that information about the nature of the
problem be at your disposal. To gather Accelerator troubleshooting information, use
the show tech-support command as described above.
Appendix F P. 4 11
C o n t a c t i n g TA C
F

G
G G LOSSARY
This chapter provides brief descriptions of some key terms mentioned in this user
guide, together with the relevant context of these terms to the AcceleratorOS.
AAA Protocols
AAA stands for Authentication, authorization, and accounting, a system used in IP-
based networking for controlling access to computer resources, enforcing policies, and
tracking the activity of users over a network
Authentication provides a means for identifying a user, usually by having the user
enter a valid user name and valid password before access is granted.
Authorization grants or denies a user access to network resources, after the user has
logged in to a system (namely: has been authenticated via the username and
password).
Accounting tracks the user activity while accessing the network and measures the
resources a user consumes during access, such as the amount of data a user has
sent and/or received during a session. This data is used for purposes such as auditing,
billing and trend analysis.
The AcceleratorOS supports the AAA functionality as a fundamental method for
ensuring security within the Accelerator. For details, see section Security, on page
305.
ARP
ARP (Automatic Resolution Protocol) is a low-level protocol within the TCP-IP suite,
which maps IP addresses to a physical address, for example: a corresponding
Ethernet or MAC address.
The AcceleratorOS lets you add a static ARP entry, by mapping a specific IP address
to a specific MAC address. For details, see section Creating Static ARP Entries, on
page 238.
Appendix G P. 4 1 3
Glossary
G
B
Bit Error Rate (BER)

Bit Error Ratio (BER) is the ratio of bits that have errors compared with the total
number of bits received in a transmission, used for measuring the quality of a signal
path.The BER is usually shown as a negative exponent (for example: 10-6, which
means one of 1,000,000 bits is in error).
AcceleratorOS offers WAN compression over various network topologies, including
High BER networks. For details, see section Features and Benefits, on page 2
Citrix/ICA
Citrix ICA stands for Citrix® Independent Computing Architecture. This protocol enables
Citrix to separate screen updates and user input processing from the rest of the
application’s logic. When using a Citrix ICA Client, all application logic executes on the
server and only screen updates, mouse movements and keystrokes are transmitted via
the Citrix ICA session.
Almost any application can run on a Citrix server, and therefore use Citrix ICA.
The AcceleratorOS uses Citrix (Post Acceleration) Aggregation, which handles and
optimizes the transfer of small packets by aggregating several small packets into one
big packet. For details, see section Configuring Aggregation Classes, on page 177.
CIFS
Common Internet File System (CIFS) is a standard proposed by Microsoft for remote
file-system access protocol for use over the Internet. CIFS lets groups of users work
together and share documents across the Internet or within corporate Intranets, by
enabling programs to make requests for files and services on remote computers on the
Internet.
The WAFS solution integrated within the AcceleratorOS accelerates CIFS traffic. For
details, see section Application-specific Acceleration, on page 3.

G
D
DHCP
DHCP stands for Dynamic Host Configuration Protocol, a protocol for assigning
dynamic IP addresses to devices on a network. Dynamic addressing enable a device
to have a different IP address every time it connects to the network.
The AcceleratorOS offers DHCP server functionality in the remote branch. For details,
see section Configuring DHCP Servers, on page 100.
Ethernet
The most widely-installed LAN standard, which is used for connecting network
peripherals, such as scanners, printers and computers, within the same building or
campus.
The original form of Ethernet is officially known as the IEEE 802.3 Ethernet standard.
However, with the advance of technology and networks speed, several faster
adaptations have emerged, with data rates of 10 Mbits/sec, 100 Mbits/sec (Fast
Ethernet), and 1,000 Mbits/sec (Gigabit Ethernet).
All Accelerator models have a dedicated Ethernet port, which supports both 10 Mbits/
sec and 100 Mbits/sec rates. For details, see section Connecting the Network Cables,
on page 16. You can also use the WebUI for viewing a statistic detailing of the data
displayed on the monitoring graphs. For details, see section Viewing Ethernet Statistics,
on page 133.
Hop
An intermediate connection between two network devices, for example: transferring a
data packet from one router to the next in a routed network such as the Internet.
Appendix G 415
Glossary
G
The larger the number of hops in a routing process, the longer it takes for a data
packet to travel from source to destination.
In On-LAN configuration, the Expand Accelerator becomes the next hop for traffic on
the LAN destined to the WAN. For details, see section On-LAN, on page 9.
HSRP
HSRP (Hot Standby Routing Protocol) is Cisco routing protocol that enables automatic
switching to a backup router in the event of failure. Using HSRP, several routers act as
a single virtual router, so that if a certain router fails, the routing responsibilities are
transferred to another router in a process that is transparent to the user.
Using HSRP, Expand Accelerators can take part in HSRP/VRRP groups with available
routers or Layer-3 switches (or even other available Accelerators) to provide backup in
the rare case of Accelerator failure. For details, see section On-LAN, on page 9.
HTTP
HTTP (Hypertext Transfer Protocol) is an application protocol that runs on top of the
TCP/IP suite of protocols and is used for transferring files of any type on the World
Wide Web between Web clients and Web servers.
The AcceleratorOS offers HTTP acceleration. For details, see section Configuring HTTP
Acceleration, on page 211
IPCOMP
The IP Payload Compression protocol (IPComp) reduces the size of IP dekagrams by
compressing the datagrams to increase the communication performance between two
partners. The intent is to increase overall communication performance when the
communication is over slow or congested links. IPComp does not provide any security
and must be used along with either an AH or an ESP transform when the
communication occurs over a VPN connection.
When setting up a link, the AcceleratorOS lets you select IPCOMP as one of the
methods to encapsulate the packets streaming through your network. For details, see
section Adding Links, on page 72.
G
J
Jitter
In Voice over IP (VoIP), jitter refers to a packet delay that affects the quality of the
voice conversation. Expand’s Citrix Acceleration plug-in reduces latency and jitter, especially
over slow WAN links.
Latency
Latency refers to the time it takes a packet to cross a network connection, from sender
to receiver. In networking, latency and bandwidth determine the speed of your
connection; high latency and low bandwidth lead to slow, inefficient connection speed.
Latency typically increases when moving from LAN to WAN.
Real-time applications, such as robotics and aircraft, and interactive applications, such
as desktop conferencing, are extremely sensitive to high latency.
The AcceleratorOS offers several measures for combatting high latency, such as: WAN
compression, TCP acceleration and using QoS for prioritizing the traffic. For details see
section Application-specific Acceleration, on page 3, and chapter Applying QoS, on
page 141.
MIME Type
A file identification method, based on the MIME encoding system. The MIME type has
become the de facto standard for identifying content on the Internet. For example, an
e-mail message that contains an attachment has a MIME type embedded in its header,
in order to identify the attachment type.
MIME Type is one of the main parameters used for detecting applications to provide
the QoS service. Expand supports many MIME types. For details and examples of the
most common MIME types supported by the AcceleratorOS, see MIME Types.
Appendix G 417
Glossary
G
MPLS
MPLS (Multi Protocol Label Switching) is a packet switching protocol, which adds a 32-
bit label to each packet to improve network efficiency and to enable routers to direct
packets along predefined routes in accordance with the required quality of service
(QoS). The label is added when the packet enters the MPLS network, and is based on
an analysis of the packet header. The label contains information on the route along
which the packet may travel, and the forwarding equivalence class (FEC) of the packet.
Packets with the same FEC are routed through the network in the same way.The use
of FECs allows guaranteeing QoS levels to be guaranteed, and MPLS allows creating
IP tunnels through a network, so that VPNs can be implemented without encryption.
MPLS is one of the various network topologies to which the AcceleratorOS fits
seamlessly, providing the highest WAN compression performance available. For details,
see section Features and Benefits, on page 2.
Nagle
The Nagle algorithm is used for reducing LAN and other network congestion from TCP
applications, by automatically concatenating several small buffer messages. This
process (called nagling) increases the efficiency of a network application system by
decreasing the number of packets that must be sent. When properly applied, the
naggling process enables TCP applications to use network resources more efficiently.
For additional details, see section Setting Nagle, on page 200.
OSPF
OSPF (Open Shortest Path First) is a routing protocol that determines the best path for
routing IP traffic over a TCP/IP network based on distance between nodes and several
quality parameters.

G
Using OSPF, a host that obtains a change to a routing table or detects a change in the
network immediately multicasts the information to all other hosts in the network so that
all hosts will have the same routing table information.
The AcceleratorOS can be configured to work with dynamic routing protocols, such as
OSPF and RIP. For details, see section Working with OSPF, on page 85.
Packet Header
Packet header is the portion of data packet that is placed at the beginning of a block of
data being stored or transmitted. In internet transmissions, the header contains data
necessary for successful transmission, such as the sender’s and recipient’s IP
addresses and timing information.
Expand’s Router Transparency encapsulation (RTM) enables compressing only the
packets’ payload, while leaving the original IP header and the original TCP/UDP
header in their original forms so that their information is available across the network.
For details, see Encapsulation, on page 33.
Policy-Based Routing
Policy-based routing (PBR) enables routing packets based on policies set by network
administrators, instead of by using routing tables. This technique may be useful when
needing to specify a path or a higher priority for certain traffic, or when the packet
should be forwarded based on a different criteria than set by the routing table.
PBR is one of the methods used for redirecting WAN traffic through the Accelerator, to
enable the Accelerator’s deployment in On-LAN mode. For details, see section
Appendix G 419
Glossary
G
Q
QoS
QoS, which stands for Quality of Service, is a mechanism for controlling and ensuring
resource reservation. Setting a QoS policy helps system administrators prioritze the
traffic that flows across the network, in order to prevent greedy and rogue applications
from dumping the network, and to combat the congestion and latency that all contribute
to poor application and network performance. Using QoS enables organizations to
allocate bandwidth to mission-critical applications, slow down non-critical applications,
and stop bandwidth abuse in order to efficiently deliver networked applications to the
branch office.
The AcceleratorOS offers a powerful yet simple QoS solution, which lets system
adminstrators quickly obtain a comprehensive picture of the traffic that traverses the
network, and easily apply the QoS policy. For details see chapter Applying QoS, on
page 141.
RADIUS
RADIUS (Remote Authentication Dial-In User Service) is an open and scalable client/
server security system. RADIUS is one of the AAA Protocols used for applications such
as network access or IP mobility, and it is intended to work in both local and roaming
situations.
The RADIUS server is one of the authentication servers that the AcceleratorOS lets
you set and manage in the Accelerator. For details, see Setting Authentication
Preferences, on page 310.
RIP
RIP (Routing Information Protocol) is a routing protocol used for exchanging the entire
routing table among routers in an autonomous network, such as a corporate LAN or an
interconnected group of such LANs. The routing table transmission takes place every
30 seconds, thereby making RIP more suitable for small homogenous networks. In
G
larger, more complicated networks the major alternative to RIP, OSPF, is generally
used.
The AcceleratorOS can be configured to work with dynamic routing protocols, such as
OSPF and RIP. For details, see section Working with RIP, on page 92.
SCPS
SCPS (Space Communication Protocol Standard) is a protocol suite, designed to
enable communication over challenging environments such as satellite and wireless
links. This suite was jointly developed by NASA and the Department of Defense
USSPACECOM, as TCP/IP was frequently found inefficient in such environments, due
to latency created by long transmission path lengths and the noise associated with
wireless links. However, SCPS’ transport protocol (SCPS-TP) functioning over the
existing terrestrial Internet system was found to be as good as that of TCP/IP, and
SCPS was adopted as a standard by ISO. For additional details regarding SCPS, see
SCPS website ((http://www.scps.org).
Expand’s TCP Acceleration uses the SCPS protocol package to reduce the impact of TCP
limitations. For more details, see section Studying SCPS, Expand’s TCP Acceleration
Solution, on page 187.
SNACK
SNACK (Selective Negative Acknowledgement) is a method used by the SPCS-TP
protocol for reducing the amount of data that needs to be transmitted and increasing
the retransmissions’s speed. SNACK does that by sending only a request for missing
packets, unlike TCP, which retransmits the missing packet as well as all packets
already transmitted after the missing packet.
For additional details, see section Error Detection and Proactive Resolution:, on page
188.
Appendix G 421
Glossary
G
T
TACACS+
TACACS+ (Terminal Access Controller Access Control System+) is a TCP-based
authentication protocol, which enables administration of user passwords in a central
database that resides on a separate server, instead of in individual routers, thereby
providing an easily scalable network security solution. TACACS+ is an open protocol
that can be ported to any username or password database.
The AcceleratorOS lets you set Authentication Servers (Radius, TACACS+ and Local)
and manage these servers and their preference order in the Accelerator. For details,
see section Setting Authentication Preferences, on page 310.
TCP
TCP (Transmission Control Protocol) is used, together with the Internet protocol (IP) for
sending data in the form of message units between computer over the Internet. TCP
manages the assembling of a message or file into smaller packets that are transmitted
over the Internet and received by a TCP layer that reassembles the packets into the
original message. In the Open System Interconnection (OSI) model, TCP is in Layer-4,
the Transport Layer.
TCP performs well on LANs but does not deal well with the high latency and high-
packet-loss found on many WANs. For details, see section Studying SCPS, Expand’s
TCP Acceleration Solution, on page 187.
Tunneling
A technology that enables one network (usually a private, corporate network) to send
its data via another network’s connections (usually a public network). Tunneling works
by encapsulating the private network data and protocol information within the public
network transmission units so that the private network protocol information appears to
the public network as data. Tunneling allows the use of the Internet, which is a public
network, to convey data on behalf of a private network.
AcceleratorOS lets you set a link so that all its traffic is forced into the tunnel. For
details, see section Forcing Tunneling, on page 265.

G
U
UDP
UDP (User Datagram Protocol), just like TCP, is a communication protocol used
together with the Internet protocol (IP) for sending data in the form of message units
between computer over the Internet. However, unlike TCP, UDP transfers packets as a
whole and does not provide the services of dividing, reassembling and sequencing the
packets. Therefore, this protocol is suitable for network applications that want to save
processing time because they have very small data units to exchange and very little
reassembling to do.
In the Open System Interconnection (OSI) model, UDP is in Layer-4, the Transport
Layer.
Expand’s encapsulation accelerates the transmission of either UDP or TCP packets, by
compressing either the entire packet or only the packet’s payload. For details, see
section Encapsulation, on page 33.
VRRP
VRRP (Virtual Router Redundancy Protocol) is an Internet protocol that enables having
one or more backup routers when using a statically configured router on a LAN. Two
or more routers are set up with VRRP, and one is elected the "master." The master
router continuously sends advertisement packets to the backups, and if the
advertisements stop, one of the backup routers becomes the master. All routers share
a "virtual IP" address, so they are all seen as one address. VRRP can also be used for
load sharing.
Using HSRP, Expand Accelerators can take part in HSRP/VRRP groups with available
routers or Layer-3 switches (or even other available Accelerators) to provide backup in
the rare case of Accelerator failure. For details, see section On-LAN, on page 9
Appendix G 423
Glossary
G
W
WCCP
The Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing
technology that specifies interactions between one or more routers (or Layer 3
switches) and one or more web-caches. The purpose of the interaction is to establish
and maintain the transparent redirection of selected types of traffic flowing through a
group of routers.
“Transparent” in this context means that end users need not configure their browsers to
use a web proxy, but rather use the target URL to request content, and have their
requests automatically redirected to a cache engine. The traffic redirection optimizes
resource usage and lowers response times.
WCCP is one of the methods used for redirecting WAN traffic through the Accelerator
in order for the ON-LAN deployment to work. For additional details, see section

H
H Index
A
AAA
configuring via the CLI 314
configuring the Radius server 314
configuring the TACACS server 315
configuring users 315
viewing AAA configuration 316
configuring via the WebUI 308
configuring users 309
defining the security settings 313
setting authentication preferences 310
description 306
access authentication 306
activating WCCP 97
adding entries to the ARP cache 238
advanced QoS
configuring 166
setting parameters 159
using 60
aggregation
aided by Syslog server 287
applying aggregation classes to an application 181
configuring classes 177
defining aggregation class 147
enabling classes per link 179
prioritizing applications 143
selecting a class 227
setting by using the Decision screen 171
setting in the My Links screen 256
setting limit 179
setting nagle 200
setting window 180
viewing aggregation statistics per link 116
ARP
adding entries to the ARP cache via the CLI 238
clearing the ARP cache 238
creating static ARP entries 238
Appendix H P. 4 2 5
Index
H
Assigning 263
assigning a link to a wan 263
B
bandwidth
setting a minimum bandwidth desired 61
bandwidth management
Layer-7 and bandwidth management 5
setting the bandwidth 69
bypass mode
carrying out the troubleshooting procedure 326
checking the link status 332
description 22
in an On-Path deployment 232
C
checking Ethernet settings 334
checking for corrupted terminals 339
checking HSRP malfunction 340
checking lack of acceleration 337
checking link malfunction 338
checking QoS malfunction 341
CIFS
defining active cache method 32
clearing the ARP cache 238
Compact Flash
erasing the startup configuration 296
in the packing list 13
inserting 11
replacing the Accelerator in the field 39
upgrading the AcceleratorOS software 294
compression
by using HTTPS acceleration 4
by using IPComp 33, 73
by using IPComp encapsulation 257
calculating expected acceleration 194
Citrix’s internal compression mechanism 366
configuring header compression 256
disabling compression
disabling Citrix encryption and compression 368
disabling Citrix NFuse compression 367
H
in the PNAgent client 375
on SAP 381
on the RDP client 374
next-generation WAN compression 3
QoS’ integration with 143
viewing compression statistics
per application 129
per link 114
configuring Accelerator NetFlow 380
configuring Accelerator networking 63
configuring core allocation
via the CLI 66
configuring DHCP servers 100
configuring OSPF
via the CLI 87
via the WebUI 86
configuring remote subnets
manually 80
configuring RIP
via the CLI 94
via the WebUI 93
configuring router polling
via the CLI 90
via the WebUI 89
configuring secondary IP addresses 70
configuring subnets
manually 78
via the CLI 82
configuring the Accelerator 45
configuring the WAN 69
configuring the wizard 31
configuring WCCP via CLI 97
connecting the network cables
in On-LAN deployment 16
in On-Path deployment 18
core allocation
configuring 66
tuning in deployments with asymmetric bandwidth 65
Appendix H 427
Index
H
D
deployment
Citrix deployment
benefits in terminal and thin client deployments 368
Citrix metaframe deployments 147
controlling latency and jitter 366
configuring core allocation via the CLI 66
defining deployment size 31
defining deployment type 31
setting deployment type via the CLI 46
setting routing strategy according to 38
transparency
configuring transparency support 222
in On-LAN deployments 210
in On-Path deployments 210, 257
DHCP servers
configuring 100
dial-on-demand
configuring 269
disabling ExpandView agent 269
DNS
configuring 251
DNS transparency
enabling 208
dynamic bandwidth
using 262
dynamic routing
a feature in WAN compression 3
configuring RIP dynamic routing 51
configuring router polling 52
integrating into networks that use 51
setting routing strategy 38
E
Editing 74
Enabling Packet Interception 95
enabling WCCP 97
encryption 144
Ethernet
H
checking Ethernet settings 334
Ethernet management 386, 387, 388
Ethernet port
configuring NetFlow 380
connecting
configuring terminal emulation 20
in On-LAN setup 16
in On-Path setup 18
out-of-band management 19, 276
Ethernet statistics
viewing
via the CLI 134
via the WebUI 133
event log
checking for unusual errors
checking error events 328
checking fatal events 329
checking info events 328
checking warning events 328
ExpandView
working with Accelerators via 229
ExpandView agent
disabling when dial-on-demand is in use 269
setting parameters 103
external monitoring devices 52
external QoS devices
integrating into 52
F
FTP acceleration
configuring 215
via the CLI 217
via the WebUI 215
definition 3
H
high latency environment
installing in 58
HSRP
configuring
autodetecting HSRP groups 248
Appendix H 429
Index
H
enabling HSRP automatic detection 243
setting HSRP group number 248
setting manual HSRP configuration 244
understanding router redundancy protocols 240
HTTP acceleration
configuring 211
via the CLI 219
via the WebUI 211
definition 3
setting rules 213
using regular expression in 217
HTTP transparency
HyperTerminal 20
I
installing the Accelerator
checking the packing list 12
On-LAN 9
On-Path
using bypass mode 22
OnPath 8
rack mounting 14
IP address
adding links and subnets
adding a subnet via the CLI 82
configuration 31
configuring router polling 90
configuring secondary 70
configuring subnets manually 78, 81
creating QoS rules 167
defining OSPF and RIP neighbors
defining a RIP neighbor 95
defining an OSPF neighbor 89
editing a subnet 80
enabling NetFlow 138
settings 32
setting a network for broadcasting the Accelerator’s rules 88
H
setting cache server 209
setting ExpandView agent parameters 103
setting links via the wizard 32
setting the Accelerator’s clock 99
setting the remote device 46
setting the WCCP router IP 98
L
latency
causing slower session start 186
computing 189
increased by waiting for ACK packets 185
installing in a high latency environment 58
SpeedScreen Latency Reduction Manager 372
TCP poor handling of high latency 184
using Citrix acceleration plug-in to reduce 147
using packet fragmentation to prevent violation of VoIP/video latency budgets 143
ways to reduce
DNS acceleration 207
DNS caching 207
packet aggregation 264
packet fragmentation 255, 264
scaling the transmission window 188
TCP Vegas 192
using QoS 142, 420
using SCPS 187
Layer-7 applications
classifying 154
creating Citrix applications 158
creating Web applications 156
discovering 123
identifying Citrix Layer-7 applications 376
Layer-7 QoS 5
monitoring and reporting 5
Layer-7 QoS 5
links
adding via the my links screen 72
applying QoS traffic rules 169
assigning a link to a WAN 263
creating and editing 71
Appendix H 431
Index
H
via the Audit screen 319
via the CLI 76
defining advanced settings 32
defining maximum number of 32
editing via the my links screen 74
enabling citrix acceleration 227
generating trend reports via ExpandView 273
managing 253
noisy links 53
selecting the direction of a QoS traffic rule 169
setting applications as monitored 135
setting congestion control 197
setting definitions for a new link 254
setting the Accelerator to enable external QoS 52
setting the bandwidth of 162
checking QoS malfunction 341
setting to work in large cache mode 263
traffic discovery 131
updating new license features on all links 40
using graphs to view link statistics 111
acceleration 112
compression 114
summary graphs 132
utilization 112
using the statistics table to view link statistics 115
checking lack of acceleration 337
viewing interface statistics
for a specific link 134
for all links 134
lock keypad 322
M
monitoring window
description 109
my links screen
uses
adding links 72
editing links 74
using for setting links 32
using to carry out modifications 30
H
N
Nagle
Setting 200
NetFlow
configuring NetFlow support 137
enabling 138
identifying the traffic 138
NetFlow compliance as an Expand benefit 6
NetFlow monitored statistics 343
requiring router transparency encapsulation 73
template fields 352
network cables
connecting
in On-LAN deployment 16
network topology
optimizing 64
networks
asymmetric networks optimization 188
computing latency 190
congestion avoidance 188
defining printers for 204
IP-based network
On-LAN 9
On-Path 8
managing links 253
overviewing your network performance 132
preparing network integration 49, 78
Non-Link 71
O
On-LAN deployment
asymmetrical encapsulation settings 257
defining encapsulation settings 47
enabling packet interception 95
RTM support for 73
setting the deployment type in the CLI 46
using WCCP to forward traffic to an On-LAN accelerator 96
Appendix H 433
Index
H
working with VLAN in 234
On-LAN installation
at a data center 55
configuring Accelerator NetFlow in 380
connecting the network cables 16
use in IP-based network 9
On-Path deployment
applying HTTP transparency to the server side 210
enabling router transparency encapsulation 257
operating in bypass mode 232
setting the deployment type in the CLI 46
using bridge route 38
working with bypass mode 22
working with VLAN 235
On-Path installation
configuring NetFlow 380
connecting the network cables 18
operating requirements 30
OSPF
adding remote subnets manually 80
configuring 51, 86
configuring subnets manually 78
setting dynamic routing 77, 84
using out-of-band management 276
working with 85
P
packet interception
configuring 55
enabling 95
packing list
checking 12
power cord
connecting 21
description in the packing list 12
H
prioritizing applications
methods of 60
when creating a new application 150
when creating a new Citrix application 157
when creating a new Web application 155
when creating a QoS rule 166
when filtering traffic 161
prioritizing traffic
by using traffic shaping 162, 164
Q
QoS
a network-specific consideration 68
And router transparency 419
applications
creating 146, 154
creating Citrix applications 155
creating Web applications 155
modifying 148
benefits of the Expand QoS solution
automatic traffic discovery 142
end-to-end application performance monitoring 142
guaranteed bandwidth for specific applications 143
restricting rouge and greedy applications 143
seamless integration with compression 143
transparent to existing QoS infrastructure 142
checking
lack of acceleration 337
malfunction 341
defining scalable 274
dropped out packets 117
external QoS devices 52
Layer-7 QoS
bandwidth management 5
managing links 253
part of On-Path configuration 8
providing QoS services to virtual links 71
router transparency 33
Appendix H 435
Index
H
rules
creating 166
editing 170
understanding 160
setting inbound 165
support in ExpandView 274
understanding how QoS works
QoS rules 160
studying QoS bandwidth allocation 162
traffic filtering 161
traffic shaping 162
using advanced 60
R
rack mounting the Accelerator 14
RDP
description 368
disabling compression and encryption 368
recovering the password 327
RIP
configuring 93
via the CLI 94
via the WebUI 51, 93
packet interception 55
setting routing 77
dynamic routing 84
subnet routing 77
setup checklist 23
working with 92
RIP dynamic routing
configuring 51
router polling
configuring
via the CLI 90
setting dynamic routing 84
working with 89
router redundancy
HSRP 240
H
On-LAN deployment 9
VRRP 241
router transparency
creating new links 257
monitoring device in a cloud 68
preserving network integrity 6
setting links via the wizard 33
setting the link to work with 47
WAN compression 3
with a QoS device 68
RS232 console 10
rules
route rules
working with router polling 89
S
SCPS standard
compliance of TCP acceleration with 3
congestion avoidance 188
description 184
error detection via SNACK 188
link outage support 188
preserving network integrity 6
standard number 7
studying SCPS 187
TCP spoofing 188
secondary IP address
configuring
in the CLI 45
in the WebUI 70
Security 305
security
Accelerator’s AAA 306
authentication
setting authentication method 312
setting authentication servers 311
entering user-defined password 35, 240
locking and unlocking the keypad 320
managing users
Appendix H 437
Index
H
defining authorization for a new user 309
deleting users 310
modifying authorization for an existing user 310
setting encryption levels 369
using Verisign security certificate 107
setup
On-LAN setup installation 16
On-Path setup installation 18
via the WebUI 27
setup wizard
accessing 30
configuring 31
defining advanced settings 31
modifying password 35
reviewing configuration 36
setting links via 32
setting time 35
show tech-support command 331
SNACK
setting 200
setting wait time 200
use in SCPS protocol 188
SNTP
setting the Accelerator’s time 99
Specifications 385
SSH
enabling secure management 6, 10, 26
logging into the Accelerator via 283
subnet routing
setting 77
summary graphs
viewing 132
T
TCP acceleration
computing latency 189
configuring 192
via the CLI 196
via the WebUI 192
editing links 74
H
enabling 193
link outage support 188
optimizing WANs in a high latency environment 58
understanding the shortcomings of TCP 184
TCP service ID
setting 55
technical support
using the show tech-support command 331
time
setting the Accelerator time 99
traffic discovery
description 142
discovering Layer-7 applications 123
enabling L-7 traffic discovery via the CLI 134
gathering statistics for detected applications 131
viewing detailed 120
traffic shaping
how it is applied 162
prioritizing applications 60, 143
role in the QoS mechanism 159
transparency support
configuring 222
Troubleshooting 325
U
UDP service ID
setting 55
V
Verisign security certificate
using 107
virtual links 71
VLAN
including the Accelerator in a VLAN group 236
setting in the CLI 237
working with
in an On-LAN configuration 234
in an On-Path configuration 235
VRRP
configuring 249
Setting VRRP Group Number 251
Appendix H 439
Index
H
W
WAFS
definition 201
FileBank categories 203
additional services 204
file services 204
system 203
utilities 204
FileBank Director categories 205
file services 205
system 205
utilities 206
WAFS transparency
enabling 201
excluding servers from 201
using the CLI to configure 201
WAN
adding
via the CLI 231
via the WebUI 230
addressing ‘WAN-Outs’ 4
assigning a link to 263
configuring
defining link speed 109
enabling bursts 177
identifying ongoing traffic 138
setting the bandwidth of
QoS bandwidth allocation 162
setting inbound QoS 165
via the CLI 46
via the WebUI 32
setting to work in strict-priority mode 177
viewing detected applications 119, 120
WAN bandwidth
H
setting 31
studying QoS bandwidth allocation 162
WAN bursts 163
WCCP
activating 97
enabling 97
setting authentication 98
setting priority 98
setting router IP 98
setting TCP service ID 98
setting UDP service ID 98
installing On-LAN at a data center 55
Web-intensive environment
installing in 59
Appendix H 441
Index
H

Acc OS61 UG

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Acc OS61 UG

Загружено:

Авторское право:

Доступные форматы

Accelerator OS 6

Software Configuration Guide

Software version 6.1

Pub no. UG-1001

NOTE: Means reader take note. Notes contain helpful sug-

WARNING: Means reader be careful. In this situation, you might do something

IMPORTANT: Means reader do not proceed without

Chapter 2 Installing the Accelerator

Chapter 3 Preparing the Network Integration

Chapter 4 Configuring Accelerator Networking

Chapter 5 Monitoring the Network

Chapter 6 Applying QoS

Chapter 7 Optimizing Acceleration Services

Chapter 8 Setting Advanced Parameters

Chapter 9 Configuring Management Options

Chapter 10 Using the Accelerator Tools

Appendix A NetFlow Monitored Statistics

Appendix B Pre-Defined Applications

Appendix C Accelerator Integration

Appendix D System Specifications

Appendix E MIME Types

Appendix F Contacting TAC

Redefining Application Traffic Management

2 AcceleratorOS 6.1 User Guide

4 AcceleratorOS 6.1 User Guide

Layer-7 Monitoring and Reporting

Rapid Deployment, Dependable Results

Maximum Uptime and Reliability

6 AcceleratorOS 6.1 User Guide

In this configuration, internal-bypass circuitry ensures the Accelerator fails-to-wire,

8 AcceleratorOS 6.1 User Guide

In this configuration, Hot Standby Routing Protocol (HSRP) or Virtual Router

NOTE: If any of these components are missing, please contact

10 AcceleratorOS 6.1 User Guide

Configuration and Management

12 AcceleratorOS 6.1 User Guide

14 AcceleratorOS 6.1 User Guide

Inserting the Compact Flash

Warning: The Accelerator MUST be off when the Compact Flash

On-LAN Setup Installation

16 AcceleratorOS 6.1 User Guide

18 AcceleratorOS 6.1 User Guide

Connecting Out-of-band Management

Configuring Terminal Emulation

20 AcceleratorOS 6.1 User Guide

Warning: If the Accelerator is connected to a Hub, ensure that the

Turning on the Accelerator

Warning: When bypass is enabled you will lose connectivity to the

22 AcceleratorOS 6.1 User Guide

24 AcceleratorOS 6.1 User Guide

26 AcceleratorOS 6.1 User Guide

Write Click the Write link at any time to write the

Change Password Click the Change Password link at any time to

Logout Click the Logout link at any time to log out of

28 AcceleratorOS 6.1 User Guide

Click the Help button at any time to open the

NOTE: To carry out any modifications and additions after initial

30 AcceleratorOS 6.1 User Guide

IP Address Enter the IP address of the Accelerator.

Default Gateway Enter the network’s Default Gateway to which the

Licensing Enter the Accelerator’s serial number (product ID) and

Defining Advanced Settings

Click Next to advance to the next screen of the Wizard.

For networks that use RIP dynamic routing.