Software push the WAN performance envelope

I sometimes wonder why there aren't any movies made about IT superheroes. Sure, there's always Superman (able to leap tall buildings in a single bound) and Batman (the caped crusader), but what about WANman -- the IT superhero that accelerates high-latency traffic and saves the company from additional Internet bandwidth costs? Well, the tights and cape might not go over well (except on casual Fridays), but any IT staffer that can give enterprise users more performance is well on their way to superhero stardom.

Luckily, WANman has his own utility belt when it comes to making traffic flow faster over the WAN. A variety of hardware solutions available attack the problem using compression, TCP/IP optimization, and advanced caching techniques, all in an effort to get more out of what is available. Riverbed Technologies has long been out in front of the WAN optimization and acceleration space, helping IT staffers become superheroes in their own right. Riverbed not only addresses site-to-site WAN optimization, but now has a software client for mobile and small branch office deployments. Both appliance and client are based on the same optimization engine, and in my tests proved very adept at making WAN circuits appear cleaner and faster than they really were.

Steelhead Mobile 1.0.2

Not every situation needs -- or can justify -- a hardware-based solution. In many cases, what is needed is a software client that can provide the same type of WAN acceleration as a full-blown appliance. The Steelhead Mobile client is one of the first WAN acceleration clients for individual users. Steelhead Mobile provides all of the basic features found in the Steelhead appliance: sequenced byte reduction (SDR), TCP optimization, and CIFS- and MAPI-specific support. A central management appliance, the Steelhead Mobile Controller, manages the optimization and cache policy for each deployed end point, and collects performance metrics for reporting. The only thing missing from this release is HTTPS support.

Testing Steelhead Mobile required a slightly different test bed than what I've used in the past for site-to-site optimization. This go-round I used my trusty Shunra VE to emulate two different WAN circuits and physical connection types. One scenario mimicked a typical cable modem connection (3Mbps/512Kbps, 65ms latency) to a Dell OptiPlex client PC running Windows XP Pro. The other depicted a Wi-Fi hotspot with the Shunra emulating a DSL connection (1.5Mbps/386Kbps, 50ms) over a true 802.11g wireless link back to the same Dell PC. As in my previous tests of WAN devices, I used the Macro Scheduler utility from MJT Net to execute and time the tests.

The performance increases delivered by the Steelhead Mobile client were nothing short of tremendous. One of my tests, copying a large number of small files over CIFS, took longer than 20 minutes to complete over both WAN circuits without optimization. On the first pass with Steelhead Mobile installed, the transfer took just over 5 minutes to complete -- a 3.9X increase in performance. Other tests over CIFS showed similar results, with FTP traffic posting a 1.5X improvement on first pass. Saving a file attachment from an Exchange server showed the most modest increase, a 1.7X improvement on a cold pass.

When deploying Steelhead Mobile clients, there has to be at least one Steelhead WAN accelerator appliance at the datacenter to be the other "end point" for the optimized traffic. Another requirement is the addition of a second appliance, the Steelhead Mobile Controller (SMC), to create the optimization policies and to manage each installed end point. The SMC boosts the cost of the overall deployment a minimum of $12,995, which includes 30 concurrent Mobile licenses. You'll want to keep that in mind when considering software client deployments. The SMC is capable of managing up to 2,000 end points on a single appliance and collects usage and performance statistics for each connected user. These stats are sent over to the core Steelhead appliance for inclusion in its overall performance reporting.

For branch offices with more than 10 users, installing one of the smaller Steelhead appliances, like the model 300 (MSRP $9,995), makes better sense than deploying the software client. But for situations where there are a large number of users in many different locations, Steelhead Mobile fits perfectly and allows these users to see better WAN performance. Another excellent use case is the laptop user who is always on the go. Steelhead Mobile can speed up traffic to and from the central office no matter where the mobile user connects from.

In order to optimize traffic, admins create an end-point acceleration policy using the Web-based UI of the SMC. Each package defines which traffic to accelerate or ignore, any source/destination rules to apply, and whether TCP, CIFS, and MAPI optimizations are enabled. The end-point policy defines the cache size and which controller the client will communicate with. The acceleration and end-point policies are bound together in a deployment package suitable for all Windows clients from Windows 2000 to Vista -- sorry, no Mac or Linux support.

Each Mobile client is essentially the same Riverbed operating system found on the appliances, just in miniature. It provides all of the same optimization features, such as TCP/IP optimization, CIFS and MAPI specific optimizations, and Sequenced Data Reduction. SDR proved to be very effective and, as with the appliance, is shared across applications. So if a user FTPs a file to their laptop, then copies it back to the datacenter using CIFS, only the changed part of the file is sent across the WAN.

Steelhead Mobile gives users local control over some optimization features, and also shows how the client has impacted performance. In this screen image, our Steelhead Mobile client shows the amount of data taken off the WAN at 67 percent, equating to an overall performance increase of 3X.

As great as Mobile sounds, there are a couple of shortcomings. Steelhead Mobile can't accelerate NFS and encrypted traffic such as SSL. Remote users logging into the corporate portal using SSL or accessing files on an NFS server won't see any real benefit from installing Mobile. It takes a Steelhead appliance to accelerate this traffic. Also, whereas the Steelhead appliance shares a cache with all users, each Mobile client has its own unique SDR cache. This means that one user can't take advantage of data cached when previously accessed by another user.

Reporting is very well done with statistical information and traffic reduction information available in the client software as well as aggregated in the Steelhead appliance. Each Steelhead Mobile client appears as an appliance in all reports generated by the Steelhead.

Steelhead 1520 with RiOS 4.1

For situations where a permanent end-to-end solution is required, Riverbed's Steelhead family of appliances fits the bill. Now in release 4.1, the Steelhead RiOS software just keeps getting better and better, showing increased overall performance from last release (see my review of Version 3.0) and new application optimizations for HTTPS and Oracle Java Initiator. The new release also improves HTTP acceleration and introduces MX-TCP, a method of handling packet loss on the WAN.

This round of appliance testing consisted of a pair of Steelhead 1520 appliances and the Shunra WAN simulator. To stay as consistent as possible, I used the same test set as in my previous appliance reviews and found the results to be overall better than with release 3.0. All CIFS-based file copies, whether of many small files or a single large ISO, came in with much reduced transfer times. The Steelhead was at its best when handling the large number of small files, reducing the time from just over 4 hours without optimization to an acceptable 23 minutes on a first pass.

FTP traffic showed good improvement over last year's release, with an FTP of a single large file showing a reduced transfer time from 2 hours, 40 minutes nonoptimized to just under 11 minutes on the first pass (20 minutes faster than the last release). Subsequent FTP gets of the same file clocked in nearly identically to the times recorded with release 3.0, just a tick under 1 minute.

One new feature in release 4.1 that made a big difference in packet loss is MX-TCP, a proprietary TCP optimization method for dealing with congested or "dirty" links. Normally, when TCP detects a dropped packet, it reduces the congestion window by half and slowly starts ramping back up to full speed, at least until it detects another dropped packet. This creates the classic sawtooth network performance graph. MX-TCP turns off TCP congestion control, so when packet loss occurs, instead of backing off dramatically as TCP does, MX-TCP backs off only a little.

One of my Shunra test scenarios includes 0.5 percent packet loss. I tried this in two test runs of my FTP test, one with MX-TCP off and the other with it enabled. The result was remarkable. MX-TCP proved to be a major factor in improving test results over Version 3.0. For example, a first pass without MX-TCP took longer than 51 minutes to complete, compared to just under 11 minutes with MX-TCP enabled. MX-TCP is application agnostic; a similar test using CIFS showed roughly the same improvement.

RiOS 4.1 also boasts two new application-specific optimizations. First, the Steelhead can now accelerate HTTPS traffic between appliances. Like the SG family of appliances from Blue Coat Systems (see my review), Steelhead intercepts the HTTPS session from the client, decrypts the traffic, optimizes it, and re-encrypts it over the WAN, where the process is reversed by the second appliance. This "man in the middle" approach requires IT to install the appropriate certificates on each appliance, but the end-user's experience doesn't change. Setup and configuration of the SSL encryption and decryption is a bit involved, but not so difficult that this highly useful feature should be ignored. My pair of Steelhead's handled HTTPS traffic well in the lab, though I was not able to measure the performance. My seat-of-the-pants view is that users will not notice any slowdown during initial setup, and will experience better overall performance for secure traffic.

The second new optimization improves the performance of Oracle E-Business applications over the WAN. The Oracle Java Initiator (JInitiator) is a browser plug-in that allows users to access Oracle Forms and E-Business content. Riverbed's blade decrypts, optimizes, and re-encrypts JInitiator traffic, and can optionally encrypt it with IPSec for secure transport over the WAN.

Not to be left out, Steelhead's hardware received some enhancements also. To make sure no data is vulnerable, optional encryption of the data store using AES-128, AES-192, or AES-256 is available. Fault tolerance gets a boost with better Active-Active failover support. The data stores are kept synchronized at all times for faster fail-over regardless of deployment -- serial or parallel.

Reporting has always been a strong point with the Steelhead, and while there are no major changes in release 4.1, there have been some subtle improvements in granularity. I've always liked the simplicity of the reporting engine, which makes it easy to read and filter the current information. During my test I constantly referred to the Current Connections page to make sure traffic was being optimized as I expected. I also like that I can export NetFlow information on a per-interface basis for further analysis.

From weak link to SuperWAN

There is no argument whether WAN optimization is necessary -- it is. The question becomes which solution to choose based on the types of traffic and WAN conditions in place. Riverbed has consistently led the way with a broad range of application support and excellent performance. The latest offerings, both hardware and software, continue to push the performance and functionality envelope.

Software-based WAN acceleration is finally coming of age, and Riverbed's Steelhead Mobile client is one of the best efforts to date. Performance is outstanding, and the centralized management capability makes IT's life a lot easier. The additional cost of the Steelhead Mobile Controller may be a road block to some deployments, but for many, the benefits will make it well worth the investment.

The Steelhead family of appliances continues to evolve, and Riverbed continues to improve on an already capable product. New application support for HTTPS and Oracle JInitiator complement a well-rounded set of optimizations. Overall performance is still among the best available, and reporting leaves nothing out. Riverbed has once again bolstered the utility belt for WAN-weary IT superheroes.

Learn more about this topic


This story, "Software push the WAN performance envelope" was originally published by InfoWorld.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

IT Salary Survey: The results are in