Академический Документы
Профессиональный Документы
Культура Документы
Chris Rogers
Director of Training Services
crogers@silver-peak.com
Confidential | 2015 Silver Peak Systems, Inc. All Rights Reserved.
CPX Technology
NA, NI, NM, NS
Bridge Mode and VLAN Deployment
Logging
Troubleshooting
Monitoring and Reporting
Issue resolution / getting help
What is CPX?
VX vs. CPX
Static
Static License
License
Key (Perpetual)
Fixed
Fixed
Limits
Hardcoded
Hardcoded Min.
Min.
Resourcing
Resourcing
Dynamic (No
License Key)
License
Key)
Configurable
System Limits
Limits
System
Flexible
Flexible
Resourcing
Resourcing
Cloud
Portal
Client
Registration
Registration
Renewal
Renewal
Reporting
Reporting
VX
CPX
CPX Solution
Components & Form factors
Silver
Silver Peak
Peak
Customer
Provider A
e.g. Virtela
Customer:
Enterprise
P
Customer:
Enterprise
B
Provider B
e.g. AT&T
Silver Peak
Cloud Services
Portal
Customer:
Enterprise
O
Customer's
Customer's
Customers
Customers
Customer:
Enterprise
R
Customer:
Enterprise
Gr
Customer:
Enterprise
G
CPX Nodes
Management Plane (REST/HTTPS)
Optimized Data Plane (IPsec)
Virtual
Appliance Disk
Image
5
5
4
Customer A
Site 1 (Branch)
1.
2.
3.
4.
5.
6.
7.
8.
CPX
node
CPX boots up
CPX attempts to reach cloud portal
Portal acks CPX request
CPX sends:
1. Account Key
2. Account Name
Authentication against local db
CPX receives reg approval (lease):
1. Manually provider admin
2. Auto (configurable)
Silver Peak tunnels created
Traffic can pass via CPX endpoints
Internet
MPLS
Backbone
3
2
CPX
node
Customer A
Site 2 (DC)
Each reboot
Every 24 hours
Can be changed per providers custom requirement / contractual terms by Silver Peak
https://cloudportal.silver-peak.com
Embedded in CPX nodes no config needed
Resolves to fixed public IP address
Redundancy via auto-failover to backup portal
- For security, Account Key and Account Name can be re-generated periodically
- DNS Whitelist provides additional security by only allowing registration requests by CPX nodes in specified domains
- Registration approval can be enforced (default Manual) or permissive (Auto)
Confidential | 2015 Silver Peak Systems, Inc. All Rights Reserved.
CPX
node
CPX
node
Technology Overview
NETWORK ACCELERATION
EXTEND DISTANCE
Mitigate protocol latency and chattiness
NETWORK INTEGRITY
FIX CONGESTION / PACKET LOSS
Traffic Shaping/Quality of Service (QoS)
Forward Error Correction (FEC)
Packet Order Correction (POC)
Data Center
NETWORK MEMORY
TM
INCREASE BANDWIDTH
DR Site
NETWORK ENCRYPTION
PROTECT DATA
Accelerated IP SEC Encryption for all traffic
Symptoms:
Cannot fill the pipe
o Applications never seem to run
faster even when there is more
bandwidth
o User complain of slowness
during times of sub-maximum
utilization
o CIFS file transfers are slow
o
Miles/Second
Symptoms:
Video quality is poor with pixilation and halts
o Transmission rates for many applications is very
poor with high-end applications especially
suffering
o VoIP calls suffer poor quality or experience
increases in jitter:
o
Dropped calls
Echos
Clicks
Symptoms
Link to the WAN is frequently fully utilized
o Users complain of slowness
o Long delays in connection establishment
o Replication falls behind target because it cannot
push data fast enough
o
WAN
Internet
IPSec
IPSec
TCP Acceleration
Transmit
WAN
Ack
Latency 1ms
Total 4ms
Transmit
Ack
Latency 100ms
Total 400ms
Confidential | 2015 Silver Peak Systems, Inc. All Rights Reserved.
Ack
Ack
WAN
Asymmetry
Asymmetric flows cant be accelerated, but path conditioning and de-dupe still apply
Confidential | 2015 Silver Peak Systems, Inc. All Rights Reserved.
Packet Loss
Packet
Lost
Request Retransmit
Out-of-order packets
Detect Out-of-Order
Request Retransmit
Packet
Lost
Detect Out-of-Order
1
4
Reorder
Confidential | 2015 Silver Peak Systems, Inc. All Rights Reserved.
Network Memory
Byte-level De-duplication
Not Cached
Cached
2. Compress + Transmit
4. Deliver
Confidential | 2015 Silver Peak Systems, Inc. All Rights Reserved.
Balanced
o
It dynamically balances latency and data reduction objectives and is the best choice for most traffic types.
Maximize Reduction
o
Optimizes for maximum data reduction at the potential cost of slightly lower throughput and/or some increase in latency.
Use for bulk traffic types such as File Transfers and Replication when Bandwidth is the main concern.
Minimize Latency
o
Ensures that minimal latency is added by Network Memory processing. This may come at the cost of lower data reduction.
It is appropriate when higher throughput is the main concern, i.e. replication over high latency link, or for very latency sensitive applications
Disabled
o
Selected when no deduplication benefit is expected and traffic is only tunneled for Acceleration, Network Integrity or Header compression.
Network Memory
can be erased
from the UI
SSL Session
X
LAN
IPSec
LAN
SSL Session
LAN
IPSec
LAN
Virtual
IPSec
VX-9000
VX-8000
VX-7000
VX-6000
VX-5000
VX-4000
VX-3000
VX-2000
VX-1000
VX-500
SSL Flows
Physical Supported
NX-11000
20000
NX-10000
20000
NX-9000
20000
NX-8000
20000
NX-7000
20000
NX-6000
10000
NX-5000
10000
NX-4000
1000
NX-3000
1000
NX-2000
1000
NX-1000
1000
NX-700
1000
Disconnect the Ethernet Local Area Network (LAN) switch from the WAN router
Connect the LAN interface of the appliance to the Ethernet LAN switch
Connect the WAN interface of the appliance to the WAN router
No Ethernet LAN switch or WAN router configuration modification is required
Confidential | 2015 Silver Peak Systems, Inc. All Rights Reserved.
Installing or replacing an
appliance in bridge mode
requires taking down a
network link!
lan0
Relay
WAN
wan0
Bridge Options
Choice of 2 Port and 4
Port bridge
In 4 port mode, IP
addresses can be in the
same subnet
VLAN Trunking
A Bridge Virtual sub-Interface must be created for non-native VLANs in bridge mode
Logging
Logging Overview
Orchestrator
o Many logs available. Downloadable as a zipped file.
Netflow
NetFlow provides a way to send flow records to a centralized collector from the
appliances
NetFlow data is sent directly from the appliances, not via Orchestrator
Configured on the Orchestrator as a Template
Reports against two virtual interfaces:
o
o
MIB:
MIB: Management
Management Information
Information Base
Base
Configuration:
o
Syslog
Sends appliance events directly to a logging server(s) not via the Orchestrator
Syslog is set up as a Template called Logging in a Template
Define:
o
o
o
Level of logging
File rotation policy
Syslog servers
Bars implicitly
display ratios
Confidential | 2015 Silver Peak Systems, Inc. All Rights Reserved.
BANDWIDTH (NORMAL)
BANDWIDTH (PEAK)
LOSS
FEC Enabled
Charts (Appliance)
Charts cover:
o
o
o
o
o
o
o
Bandwidth utilization
Data reduction
Packet loss
Out of order packets
Latency
Flow volume
Packets per Second
WAN rate
&
Compression
Ratio
QoS
Stats,
TCs 2 & 3
Flow Monitoring
Inbound means
FROM the WAN
Outbound means
TOWARD the WAN
Confidential | 2015 Silver Peak Systems, Inc. All Rights Reserved.
Flow Statistics
QoS Information
Troubleshooting
Manuals
MIBs
Quickstart Guides
Tech Tips
System
Requirements
etc
Access SW downloads, Case management, Licenses, RMA and the Knowledge Base
o
Login required
Tools
Troubleshooting
Built-In Tools
Ping
Traceroute
TCPPERF
Built-In Tools
IPERF
o
Orchestrator automatically
sends PT or PTU
TCP Asymmetry
Troubleshooting
Outbound means
TOWARD the WAN
San Jose
Atlanta
Silver Peak A
Silver Peak J
TUNNEL
Router A
Router J
Host A
Server J
San Jose
Default gateway set to Router J rather
than Silver Peak J
Atlanta
Silver Peak A
Silver Peak J
TUNNEL
TCP SYN
Router A
Host A
Router J
San Jose
Default gateway set to Router J rather
than Silver Peak J
Atlanta
Silver Peak A
Silver Peak J
TUNNEL
Router A
Router J
Host A
Server J
San Jose
Default gateway set to Router J rather
than Silver Peak J
Atlanta
Silver Peak J
Silver Peak A
TUNNEL
Router A
Router J
Host A
Server J
Due to the router not redirecting to the appliance, or due to a complete physical
bypass of traffic from the appliance. (Physical bypass may be intentional due to
network routing.)
Can be either a router mode or bridge mode deployment.
San Jose
Atlanta
Silver Peak A
Silver Peak J
TUNNEL
TCP SYN
Router A
Router J
Host A
Server J
San Jose
Atlanta
Silver Peak A
Silver Peak J
TUNNEL
Router A
Router J
Host A
Server J
SP 1
TCP SYN
WAN
WAN
WAN
LAN
SP 2
Confidential | 2015 Silver Peak Systems, Inc. All Rights Reserved.
San Jose
Silver Peak A
SYN/ACK
Silver Peak J
TUNNEL
SYN
ACK
Host A
Firewall A
Firewall drops ACK packet
due to out-of-state
Even without
firewalls, this will be
asymmetric
Firewall J
Server J
192.168.3.13
Confidential | 2015 Silver Peak Systems, Inc. All Rights Reserved.
San Jose
Default gateway set to Firewall J
rather than Silver Peak J
Atlanta
Silver Peak A
Silver Peak J
TUNNEL
SYN
Host A
Firewall A
Firewall J
SYN/ACK
Server J
192.168.3.13
SYN/ACK from Server J is out-of-state and
will be dropped by the firewall. Confidential | 2015 Silver Peak Systems, Inc. All Rights Reserved.
Asymmetric Flow
NI
NM
NA
mgmt1
mgmt1
Flow Redirection
Make sure you arent unintentionally bypassing or optimizing a flow. Make sure your policies
match on both ends.
Fix routing and switching configuration issues to ensure that the Silver Peak can see both ends of a
TCP connection and that there is no bypass.
LAN
Design Changes
o
Data Path
Redirects flows to the appliance that owns the original flow where there are redundant Silver Peaks at a
site and the SYN went through one, and the SYN/ACK went through the other.
Can help eliminate the need to configure route policies, and related errors
WAN
Subnet Sharing
o
Data Path
LAN
WAN
Will the LAN-side device talk to the WAN-side device if cabled in that way?
When set to auto-negotiate, the appliance also uses auto-MDIX so cabling issues may not be
readily apparent until bypass happens
lan0
Relay
wan0
WAN
Troubleshooting
Routing/Switching Issues
Routing Issues
WCCP
o
LAN
What is CDP?
Troubleshooting Guide
Troubleshooting
Check Route, Optimization and QoS Map entries a flow matched in the flow detail
Make sure they are not iproprerly optimized (e.g. NM setting on VOIP or replication traffic) if they are not supposed to be.
Check alarms
o
Look for things like loss and latency that might be causing an issue
Test Connectivity
o
Use Iperf and other tools to verify actual bandwidth, latency and loss
Confidential | 2015 Silver Peak Systems, Inc. All Rights Reserved.
NM off
Payload off
TCP off
CIFS off
Try disabling optimization for just those devices with an optimization or route map entry.
This is less disruptive for your users that are up and working OK.
Getting Help
Troubleshooting
Manuals
MIBs
Quickstart Guides
Tech Tips
System
Requirements
etc
Access SW downloads, Case management, Licenses, RMA and the Knowledge Base
o
Login required
Make sure CPX can talk to Silver Peak Cloud Portal (Internet
access) on management interface
Thank You!
Chris Rogers
Director of Training Services
crogers@silver-peak.com
@silverpeakchris
Confidential | 2015 Silver Peak Systems, Inc. All Rights Reserved.