Single-sided solution, Load balancing via wccp, Source ip preservation – Comtech EF Data FX Series Administrator Guide User Manual

Comtech EF Data / Stampede

FX Series Administration Guide - Version 6.1.1

25

Chapter: Overview - FX Series
Section: Single-Sided Solution

MN-FXSERIESADM6 Rev 5

1.3

Single-Sided Solution

1.3.1 Load Balancing via WCCP

The Web Cache Communications Protocol (WCCP) allows satellite network service providers to
transparently inject acceleration into their satellite network infrastructure by redirecting traffic flows in
real-time to network devices such as the FX Series. WCCP has built-in load balancing, scaling, fault
tolerance, and service-assurance (failsafe) mechanisms to ensure network devices can scale and have
high-availability. For fault tolerance, if one of the FX Series appliances incurs a hardware failure, the
WCCP-enabled router will stop sending traffic to that device and redirect traffic to the other FX Series
appliances with zero down-time.

Load balancing via WCCP intelligently distributes the TCP and HTTP workload across multiple FX Series
appliances. For flexible scalability, service providers can simply add an FX Series appliance to the cluster,
and WCCP will split the traffic load among all the FX Series appliances. Up to thirty-two FX Series
appliances can be set up within a cluster and dynamically load balanced.

WCCP enables network service providers to implement the FX Series into their network with greater
deployment flexibility, without requiring the FX Series to be physically in-line. The FX Series can be
deployed "virtually" in-line, hence, not all traffic is required to pass through the FX Series appliance. The
network administrator programs the router to redirect traffic to the FX Service appliance in-bound and
out-bound based on the router policies. This allows the administrators to make changes to their network
environment by simply changing the router policies.

Stampede's FX Series (running WCCP) localizes content, and responds to content requests in order to
reduce the amount of data going over the WAN. This improves application delivery response times, and
allows the WAN link to support more traffic. Using WCCP, traffic is transparently redirected to the FX
Series appliance for TCP and HTTP acceleration, compression, caching and other optimization services.

With WCCP configured, the router redirects traffic to the FX Series to perform the application acceleration
and WAN optimization functions. When an end-user makes a request, the router intercepts the request,
and redirects the request to the FX Series inside a generic routing encapsulation (GRE) frame to prevent
any modifications to the original packet. The FX Series with WCCP can be used to transparently route
traffic, so that you don't have to make changes to Web browsers, and configure the FX Series as a proxy
server to offload servers, accelerate application delivery and optimize the network.

1.3.2 Source IP Preservation

Source IP Preservation is a technology that is used to support security policies that require a specific
source IP address, or range of IP addresses. It is also used to prevent the FX Series appliance from being
blacklisted.

For example, in the event where a situation is deemed inappropriate, such as a SPAM event, the sending
device Source IP address will be blacklisted. To avoid this problem, the FX Series uses the end-user's
Source IP address when making a request to a Web or application server. The FX Series configuration
method makes implementing Source IP Preservation easy within a WCCP or inline environment. The FX
Series is usually configured to use the IP address of the client when making requests to content servers,
whereas, other FXs make requests to Web servers using their own IP address. IP addressing problems can
occur when, for example, an end-user is involved with illegal online activity and the IP address of the FX is
recorded in the Web server's logs. If the IP address of the FX is used to make the client request to the
server, it will likely be placed on a blacklist, and therefore cause considerable network problems. By
spoofing the IP address of the client, the FX Series is able to avoid this problem.