WANaccel_Overview
WAN Acceleration Overview
This chapter provides an overview of the SonicWALL WXA series appliance, basic and advanced deployment scenarios, and configuration and verification examples. This chapter contains the following sections:
The following sections provide an introduction to the Wide Area Network (WAN) Acceleration service:
What is WAN Acceleration?
The SonicWALL WXA series appliances deployed in one-arm mode with SonicWALL NSA/TZ series appliances allow network administrators to accelerate WAN traffic using Transmission Control Protocol (TCP) and Windows File Sharing (WFS) between a data center and a remote site. In this type of deployment, the SonicWALL NSA/TZ series appliance provides dynamic security services, such as attack prevention, Virtual Private Network (VPN), routing, and Web Content Filtering. Without WAN Acceleration, WAN connections like T1/E1 or xDSL typically have a round trip time of between 25ms and 100 ms, causing some applications to perform poorly. The WAN Acceleration service can increase application performance more effectively.
Figure 78:17 illustrates the basic network topology for the SonicWALL WXA series appliances and the SonicWALL NSA/TZ series appliances.
|
|
NSA/TZ and WXA |
Transmission Control Protocol Acceleration Overview
Most modern networks are sending an increasing number of files and data sets over the WAN, reducing the amount of available bandwidth.TCP Acceleration is a process that decreases the amount of data passing through the WAN by sending a reference index instead of the actual data and breaking long end-to-end TCP connections into several smaller TCP connections. These TCP Acceleration features work together to increase network throughput.
The SonicWALL WXA series appliances utilize TCP Acceleration by accelerating selected traffic passing between a local data center and a remote site. The selected traffic is replaced in the SonicWALL WXA series appliances’ shared databases as blocks of data with reference indexes. A complete data set needs to be sent the first time before TCP Acceleration can take place; each SonicWALL WXA series appliance needs to have matching data stored.
The three separate TCP connections are created between network devices that work together to accelerate traffic using TCP Acceleration. This reduces response time to packet losses and increases throughput. The three TCP connections are created independently, with the remote site’s PC to the remote site’s SonicWALL WXA series appliance connection being the initiator. If one of the sessions is not established, then the remaining connections are closed immediately. Traffic is still passed from the remote site to the data center, but it is not accelerated.
|
|
TCP Connections |
The following list details the three separate TCP connections and the transfer of data using shared databases:
|
|
The Web Server sends data to the SonicWALL WXA series appliance on the data center through the SonicWALL NSA/TZ series appliance. The data is stored in a data block and given a reference index. |
|
|
The SonicWALL WXA series appliance on the data center sends the reference index (instead of the actual data) to the SonicWALL WXA series appliance on the remote site through their respective SonicWALL NSA/TZ series appliances. |
|
|
The SonicWALL WXA series appliance on the remote site finds the matching data block, reassembles the data, and sends it through the SonicWALL NSA/TZ series appliance to the PC. |
Windows File Sharing Acceleration Overview
WAN Acceleration has a wide range of technologies that are aimed at accelerating applications, improving throughput, and enabling bandwidth scalability. Windows File Sharing (WFS) Acceleration is a subset of WAN Acceleration.
SonicWALL WFS Acceleration allows remote users to access and share files at near-LAN speeds over the WAN. Distributed enterprises that deploy WFS Acceleration solutions are often to consolidate storage to corporate data centers, eliminating the need to back up and manageable data that previously resided in their remote offices. Basically, the use of WFS Acceleration within your network reduces the impact of high-latency and low-bandwidth links by approximating streaming behavior through the use of read-ahead and write-behind functionality and caching with automatic cache validation.
Benefits
The WFS Acceleration service provides the following benefits:
How Does Windows File Sharing Acceleration Work?
WFS Acceleration reduces overall network congestion with techniques such as data compression and storing recurrent data patterns in a local cache. When a SonicWALL WXA series appliance is connected to a SonicWALL NSA or TZ security appliance and WFS Acceleration is enabled, traffic passing through the WAN travels between points with speeds similar to a LAN connection. Refer to “Configuring WAN Acceleration” section for details on how to configure WFS Acceleration on SonicWALL security appliances.
|
|
SonicWALL WXA Connection for WFS Acceleration |
The SonicWALL WXA series appliance allows the user to reach such speeds because WFS Acceleration is implemented between the two devices. This is how it works:
|
|
The SonicWALL WXA series appliances join the data center domain.
This step allows the WXA series appliances to talk to each other. |
|
|
A hostname is assigned to each SonicWALL WXA series appliance.
This step allows the two hostnames to be accessible across the domain. |
|
|
The SonicWALL WXA at the data center is configured to share All Shares on the File Server. |
|
|
The SonicWALL WXA at the remote site is configured to share
All Shares
on the WXA appliance located at the data center. Steps 3 and 4 allow the domain users to access shares on the data center. |
Deployment Pre-Requisites
The Pre-Requisites for deploying the WAN Acceleration service are as follows:
|
|
|
The remote sites use services in the data center for example, a central file or SharePoint repository. |
Deployment Considerations
Consider the following when deploying the SonicWALL WXA series appliance:
|
|
|
The SonicWALL WXA series appliances require deployment with SonicWALL NSA/TZ series appliances running SonicOS 5.8.1 or higher. |
|
|
|
Typically the SonicWALL WXA series appliances are deployed in a site-to-site VPN configuration through their respective SonicWALL NSA/TZ series appliances. However, you can also use routing or L2 Bridge Mode, refer to the SonicOS 5.8.1 Administrators Guide for details. |
|
|
|
If a SonicWALL WXA series appliance is used in a high availability configuration, a switched connection to both SonicWALL high availability pairs is required. |
|
|
|
Encrypted traffic is highly randomized and does not materially benefit from the SonicWALL WXA series appliance’s WAN Acceleration service. Therefore, SSL and TLS traffic types are not accelerated. |
|
|
|
WFS Acceleration supports Windows file services using Active Directory/Kerberos for authentication and authorization. |
|
|
|
If the remote offices have Domain Controllers and DNS Servers, it is recommend that you use the local DNS server addresses and domain DNS name in the DHCP scope. Configure the Domain Name and Domain DNS server IP addresses in the configured DHCP scope. The WXA appliance will auto-discover Kerberos, LDAP, and NTP servers based on this type of information to assist in joining the appliance to the domain. |
|
|
|
Review the LDAP, Kerberos, and NTP services. In a multi-site domain where sites and services are not explicitly configured, the WXA appliance might not choose the closest servers. |
|
|
|
Configure the zone properties of an interface to which the WXA appliance is connected as a LAN zone. |
Configuration Task List Overview
This section provides an overview of the SonicOS user interface for the SonicWALL WXA series appliance. This section contains the following subsections: