Blue Coat WAN Optimierung MACH5

1
Blue Coat WAN OptimierungMACH5 SG Client

• Mathias Widler

2
About Blue Coat
3
Why Blue Coat Can Deliver

• Founded in 1996 as CacheFlow
• Focused on web acceleration
• Expanded in 2002 as Blue Coat
• Added Control and Security
• Expanded in 2006 with MACH5
• Added WAN Optimization
• 10,000 customers
• 40,000 appliances
• 650 Employees

Its current offering looks strong. Consider
Blue Coat if your branch office needs include
ECDN and media playback, HTTP(S) acceleration
or comprehensive security in addition to WAN
optimization. Gartner 2006
4
Worlds Major Institutions Trust Blue Coat
5
The Wide Area Network Problem
6
An Enterprise Without Boundaries
LOB App
File Servers
E-Mail
Intranet
7
Why Are Applications So Slow?

• Is it File Services?
• Is it Backup?
• Is it a Critical App?

• Latency Ruins LAN Applications
• Overcrowding Makes it Worse
• Bandwidth Upgrades an Endless Cycle

8
Why So Slow?! Take the Quiz
Your Network 34 Mbps yeah, thats big 100 ms
yeah, thats fast
Question You copy a 4MB PPT File. How long will
it take?
ACK!
ACK!
Hint CIFS is a WAN worst-offender. It sends data
in 4KB chunks, then waits for an acknowledgement.
A) 0.9 seconds. 34 Mbps 4.25 MBps so 4 / 4.25
0.9412 s
B) 200 seconds. 4MB 1000 x 4KB chunks 1000
trips there 1000 trips back 2000 trips x 0.1 sec
200
4KB Sent
4KB Sent
9
Why So Slow?!

• Bandwidth is the width of the road
• Latency is the speed
• Add Layer 7 protocols Designed for LANs
• Add rogue traffic
• Add unrealistic expectations

Price
Expectation
Performance ?
Reality
Bandwidth ?
RESULT Non-Linear Performance Gains as
Bandwidth is Added!
10
WAN Optimization Technology
11
Ultimate in WAN Optimization
Multiprotocol Accelerated Caching Hierarchy
12
MACH5 Accelerates Applications
MACH5 Optimizes More Protocol Types, Removes More
Latency and Saves More Bandwidth than Other
Solutions
13
Bandwidth Management Business Process
Salesperson, placing order with Sales Automation
App Priority 1 Min 400Kb, Max 800Kb
Salesperson query with Sales Automation App
Priority 2 Min 100Kb, Max 400Kb
Non-Sales Management Pulls Client List Block
Marketing person, Surfing Sales Automation App
(reporting) Priority 3 Min 0Kb, Max 200Kb

• Divide traffic into classes, by
• User, application, content, transaction,
  application protocol, etc.
• Guarantee priority and min and/or max bandwidth
  for a class
• Align traffic classes to business priorities
• Even for SSL encrypted applications
• Operates alone, or integrates with your existing
  packet-layer QoS

14
Protocol Optimization
10-100X Faster Includes CIFS, MAPI, HTTP, HTTPS,
TCP
15
Object Caching
DATACENTER

• Client served from local proxy
• 100 acceleration no data across WAN
• Works on second, and all subsequent requests

BRANCH
16
Byte Caching
11011111001110010010010111011111111111111111111111
11111111111111111000111100011100110001100000100111
10000001101111010010000000000000000000000000000000
00000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000101010101
00101000010100
11011111001110010010010111011111111111111111111111
11111111111111111000111100011100110001100000100111
10000001101111010010000000000000000000000000000000
00000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000101010101
00101000010100
11011111001110010010010111011111111111111111111111
11111111111111111000111100011100110001100000100111
10000001101111010010000000000000000000000000000000
00000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000101010101
00101000010100
Byte Caching
110111110011100100100101110REF1
00011110001110011000110000010011110000001101111010
010REF2 010101010100101000010100

• Proxies learn common patterns
• Create short references and pass those instead
• Works on all files, all applications over TCP

17
TCP Enhancements

• Windows Scaling
• TCP Selective Acknowledgement (SACK)
• Packet Loss Handling (loosely based on RFC 3649
  HighSpeed TCP for Large Congestion Windows and
  the research paper Scalable TCP Improving
  Performance in Highspeed Wide Area Networks )
• The Blue Coat Difference TCP Double Buffer, TCP
  Connection Control, TCP Pipelining

18
Compression
11011111001110010010010111001100101011101100100001
10100110011100100000111100011100110001100000100111
10000001101111010010000110110100101111100110100111
01101001101001111001000000000000111001011100101101
10110100101011001011001010101010100101010101010101
00101000010100
11011111001110010010010111001100101011101100100001
10100110011100100000111100011100110001100000100111
10000001101111010010000110110100101111100110100111
01101001101001111001000000000000111001011100101101
10110100100100101010100101010101011011001011000101
00
COMPRESSION
11011111001110010010010111001100101011101100100001
001100111001000001111000111001100011

• Industry-standard gzip algorithm compresses all
  traffic
• Removes predictable white space from content
  and objects being transmitted

19
MACH5 Techniques Work Together

• Object Caching
• Caches repeated, static app-level data reduces
  BW and latency

• Byte Caching
• Caches any TCP application using similar/changed
  data reduces BW

• Compression
• Reduces amount of data transmitted saves BW

• Bandwidth Management
• Prioritize, limit, allocate, assign DiffServ by
  user or application

• Protocol Optimization
• Remove inefficiencies, reduce latency

• TCP Enhancements
• Window scaling, SACK, Packet Loss ...

20
Legacy WAN Optimization

• Fix Basic Protocols
• Compress with Byte Caching
• Some Add Wide Area File Services

What about the rest of your traffic?
21
Start Accelerating the Rest

• Web traffic is huge
• HTTP, and then some
• Web services
• Web widgets
• Java clients
• Video a growing issue
• Get rid of the junk

Accelerate the Good. Stop the Bad.
22
MACH5 Accelerates SSL Applications

• One side must participate
• Server-side enables interception of internal
  apps
• Client-side enables interception of both internal
  and external apps
• Server-side enables acceleration
• Offloads server
• Accelerates apps you have keys for
• Delegation of Trust enables security and
  acceleration of all applications, internal and
  external
• Granular policy over users, applications, and
  content
• Accelerate all apps, regardless of ownership or
  location
• Enabled at the Certificate Server

23
MACH5 Accelerates Multimedia Apps

• Video on Demand
• Local cache eliminates latency
• Pre-populate at line speed
• Live Streaming
• Transparent stream splitting
• Record for subsequent broadcast
• No network upgrades needed

24
What About The Office of One?

• Poor performance
• Inconsistent performance
• No control over user experience

Desktop Client for Acceleration and Control
25
The Solution Blue Coat SG Client

• Client software that extends Mach5 acceleration
  capabilities to the desktop
• Improves performance of email, client-server
  applications and file services
• Accelerates traffic between SG appliance and end
  user machine
• Transparent to IPSec VPNs
• No changes to end user experience ? apps and file
  downloads are just faster!
• Byte caching coming soon!

26
SG Client Features Benefits
27
Addressing End User Frustration
Test bed Office 2003, Win XP, 1.544 mbps full
duplex, 200 ms
28
Deploying in the Network
29
Complete Range of Blue Coat Appliances
SG8100 Series

Corporate Headquarters
SG810 Series
SG510 Series
Remote Offices
SG210 Series
ConnectedUsers
Up to 250 users
800 4000 users
3000 50,000 users
150 1000 users
WAN Throughput
2-12 Mbps
Up to 2 Mbps
12-45 Mbps
30-155 Mbps
Performance
30
Inline or Out-of-Path?

• Inline Deployments
• Simple, Fast
• Single Point of Failure
• Out of Path
• More Configuration
• Addresses Logic Failure
• Multiple Points of Semi-Failure
• Supports WCCP, IP Redirect

31
Clustering for HA and Performance

• Active-Active Clusters
• TCP Clustering
• WCCP Clustering
• Active-Passive Clusters
• Explict Proxy Load Balance
• Serial SGRP Cluster
• Automated IP Bypass

32
Visibility and Control in the Tunnel

• Translucent Tunnels Show Netflow Ports
• Maximum Out-of-Path Visibility
• Transparent Tunnels Show IP Address and Ports
• Total Visibility for Inline
• Optionally Encrypt the Data

Maximize Visibility and Security For Any
Deployment Type
33
Explicit vs. Transparent
NetFlow Diagrams
No tunnels (Transparent tunnels, translucent
tunnels)
Tunnels (Explicit tunnels)
34
System-wide Management and Control

• Blue Coat Director
• Centralized configuration of Blue Coat appliances
  set up, policy, etc
• Centralized monitoring appliance health,
  application use, user experience
• Blue Coat Reporter
• Enterprise roll-up and analysis of application
  delivery information appliances, application
  use, user experience

Both Director and Reporter are proven, with
thousands of nodes under management
35
Summary
36
Going Beyond Legacy Optimization
Legacy WAN Optimization
37
Thank you!