Oded nahum branch repeater 6 technical introduction

Branch Repeater 6.0A Technical Introduction

Oded Nahum – Branch Repeater Product SpecialistSeptember 2011

• Introducing Branch Repeater 6.0

• Initial Configuration – Exercise 1• Licensing

• Configuring Links

• Management Access

• Monitoring Mode

• Quality of Service – Exercise 2• Links

• Application Classifiers

• Traffic Shaping Policies

• Service Classes

• CIFS Acceleration – Exercise 3• CIFS (SMB and Signed SMB) Traffic

• MultiStream ICA – Exercise 4• Enabling and testing

• Reporting and Monitoring – Exercise 5• Monitoring Links, Applications and Service Classes

• Customizing and Generating Reports

Agenda

Citrix Confidential - Do Not Distribute

Introducing Branch Repeater 6.0

General Availability: RTW June 27th

Branch Repeater 6.0

The next generation of Branch Repeater Technology

Advanced traffic classification, prioritization, shaping and reporting

Improved XenDesktop and XenApp acceleration

Clustering via NetScaler

SMB 2, Encrypted MAPI and Outlook/Exchange 2010 Acceleration

Centralized licensing – Citrix License Server

RepeaterBranch Repeater

WAN

Adaptive

TCP

Flow Control

Adaptive

Compression

Adaptive

Protocol

Acceleration

Smart

Acceleration

WAN

Optimization

• Assess and identify all services

• Classify 500+ services out-of-the-box

• Control bandwidth allocation, compression, shaping and enforcement

• Monitor services delivery and report

• Sense network conditions, remediateand respond; minimize help desk calls

Assess

Classify

Monitor Control

Remediate

Service-centric WAN Optimization… Not just network-centric WAN optimization

Smart

Acceleration

SmartAcceleration for Deeper Visibility and Granular Control

0011100011101001110111000100010100001110 000111000

1001100110011101000011000

• Visibility for 500+ apps and protocols out-of-the-box, + more custom

• Prioritize XenDesktop, multimedia, web and Windows apps, custom services

• Auto-detect and auto-configure XenDesktop; no changes to network or XenDesktop

• Prioritize by app, branch or user location, app type, protocol, traffic direction, more

MicrosoftApps

XenApp

Voice, Video

XenDesktop

File, Print

Smarter, Granular Prioritization Policies

Global

Branch

Service Class

Partner OfficeMed pri

BeijingHi pri

LondonMed pri

NYMed pri

SFLo pri

Citrix TVHi pri

YouTubeLo pri

Exec XDsHi pri

Employee XDs

Lo priSub-class

XenDesktopHi pri

VideoMed pri

Datacenter

Data CenterBranch Office

User-centric XenDesktop Prioritization

0011100011101001110111000

100010100001110 000111000

1001100110011101000011000

MicrosoftApps

XenApp

Voice, Video

XenDesktop

File, Print

Prioritize published apps and

desktops by user groups

Prioritize different types of

traffic (mouse, print, etc)

across user sessions

Sales Product

Executive

Data CenterBranch Office

Microsoft email (Encrypted MAPI

and Exchange 2010)

Microsoft file servers

(SMBv2, Signed SMB v1/v2)Layer 7 optimizations

Faster Encrypted Email and File Transfers

0011100011101001110111000

100010100001110 000111000

1001100110011101000011000

• Initial Branch Repeater 6.0 release is intended for Linux-based appliances and VPX appliances on XenServer and VMWare.

• The same update file downloaded from MyCitrix will work for both platforms.

• The Repeater Plug-In 6.0 release will follow soon after the Capri release.

• The Branch Repeater with Windows Server will be updated with the BR 6.0 technology in a subsequent release.

Platform Support and Upgrades

Flexibility to Meet All Your Needs

Branch Repeater Product Family

Repeater

AppliancesRepeater Plug-in –

Software Client

Branch Repeater with

Windows Server

Branch Repeater VPX

– Virtual Appliance

Software

BR 6.0

Initial

Release

BR 6.0

Initial

Release

Coming

Soon…

Coming

Later…

Initial Configuration

• Branch Repeater 6.0 needs to know where the LAN and WAN are.

• Determine and remember which accelerated pair port is connected to the WAN and which to the LAN. (inline mode)

• Either port can be connected to either side using the proper cables.

First things first…apA1 apA2

apA1 apA2 apA1 apA2

•Switch

•DSL Modem

•Cable Modem

Straight

Through Cable

•Router

•Direct to Server

•Direct to Client

Crossover

Cable

• Click the Quick Installation node in the Command menu.

• This page is a collection of all the configuration steps condensed into one simple form.

New Quick Installation Page

• The Quick Installation is intended for simple Branch Repeater deployments.

• If any of the following are needed, a manual configuration is required;• Virtual Inline Mode

• WCCP Deployment Mode

• Group Mode

• High Availability

• SSL Acceleration

• Repeater Plugin Support

• Hardboost Bandwidth Mode

• Encrypted SMB or MAPI Support


• Enter all the required information and click the Install button.

• Once completed, the appliance will reboot and then you should see successful traffic flow in the Dashboard.


• Click the Licensing node in the Configuration menu.

• Chose the License Server tab if your license requires using a stand alone Citrix License server.• Retail (Appliance, Plug-in, Crypto)

• XenDesktop Platinum Entitlement

• Chose the Local Licenses tab if your license type required local installation.• Evaluation License

• Not for Re-sale

• Express

Branch Repeater Licensing

• Click on the Links node in the Configuration menu.

• Click the Edit button for the first pre-defined apA link.

• Configure the link according to network it is connected to;• Link Type (LAN of WAN side)

• Bandwidth In

• Bandwidth Out

• Descriptive Link Name (optional)

• Click Save.

• Repeat this configuration on both the apA1 and apA2 links.

Must configure the default apA links

• Traffic Processing• Master enable/disable switch. When disabled, all features of the Appliance are disabled and all

traffic passes through without modification or traffic shaping

• Traffic Acceleration• enables and disables the acceleration engine

• Traffic Shaping• enables and disables the traffic-shaping engine

• Traffic Bridging (VPX Only)• Enable / Disable the software bridge, default for new installs is disabled


Branch Repeater Features page

• Branch Repeater can ne installed in a “monitoring-only”mode

• No compression, flow control or traffic shaping will be used, however full traffic visibility will be available.

• Use the Features node in the Command Menu to disable;• Traffic Acceleration

• Traffic Shaping

.

Traffic Processing and Acceleration

• Link level In / Out - Regulates all traffic, accelerated as well as non-accelerated

• Bandwidth Management – Regulate only accelerated traffic, effects inbound traffic only

• Recommended configuration – Use local WAN link sizing


Bandwidth Management

Today’s Lab EnvironmentsYour student work

environment

(WinXP)

Complete Exercise 1

Quality of Service

Quality of Service in v5.7 and prior releases

• Five queues (Named “A” though “E”. Names can be changed)

• All traffic is assigned to Queue A by default

• Each Service Class can be assigned to a one traffic queue.

• Each queue determines the minimum bandwidth allocation when bandwidth contention with a higher queue occurs.

• ICA Packet priorities are mapped to quality of service (QoS) queues.

Bandwidth

AllocationsQoS Queues

Service Classes

ICA Packet

Priorities

Acceleration

Engine

Quality of Service – The Basics of Traffic Shaping

• All WAN traffic is subject to traffic shaping• Accelerated connections, non-accelerated connections, non-TCP traffic such

as UDP flows, GRE streams, etc.

• The algorithm used is weighted fair queuing• Every connection is assigned a weight based on the appliance’s policies

between 1 and 256.

• Traffic shaping is applied to the WAN in both inbound and outbound after the compression engine

• Weighted priorities are applied during bandwidth contention to both ingress and egress traffic even when the other side of the link is not equipped with QoS.

• DSCP Is fully supported both as a classifier and an enforcer

• More information in Branch Repeater Traffic Shaping technology can be found here http://www.citrix.com/skb/articles/RDY4005

http://www.citrix.com/skb/articles/RDY4005

Quality of Service in v6.0 - Configuration

• Quality of Service is applied using 4 mechanisms.

• Links: Tells the traffic shaper which WAN link the packet is using. In a site with multiple link, each link has its own bandwidth limits and is managed independently.

• Application Classifiers: Identify and determines which protocol or application class traffic belongs to.

• Traffic Shaping Policies: Tell the traffic shaper weighted priority and bandwidth limits to assign to which traffic type (application classifier).

• Service Classes: Map applications to acceleration decisions, traffic filters and traffic-shaping policies.

Quality of ServiceLink Definition

• Links : Physical or Logical

• WAN connections between remote sites.

• WAN links between datacenters and branches.

• WAN links between cities or countries.

• WAN data paths between branches and specific servers or server farms.

Data Center 2

Data Center 1

Branch 1

DC1 Link

XenApp Traffic Link

DC2 Link

Streaming Traffic Link

Quality of ServiceLink Definition

• Define Links

• By Accelerated Port

• By Source or Destination Network

• By WCCP Service Group

• By Source or Destination MAC Address

• By VLAN Tag

• By default link definitions are automatically created for each adapter port.

• The number of supported links are limited by Branch Repeater model:

• 83xx, 85xx = 5 links

• 88xx = 10 links

• VPX = up to 5 links

• If Links are misconfigured there will be compression values less than 1:1.

Quality of ServiceTraffic Shaping Policies

• By default there are 10 pre-configured traffic shaping policies. (subject to change)

• VOIP Traffic

• High Priority Traffic

• Medium Priority Traffic

• Low Priority Traffic

• Default QoS

• ICA Priorities

• Each traffic shaping policy has a weighted priority value associated with it.

• The maximum number of traffic shaping policies supported is 50 per appliance.

Quality of ServiceTraffic Shaping Policies

• Weighted Priority is used to determine traffic precedence when calculating send and receive rates.

• And.. Or…

Bandwidth limits can also now used to control allocation.

• Percentage of Link Bandwidth

• Absolute Fixed Date Rate.

• Even within an SSL tunnel !!*

*Citrix Patent Pending

Quality of ServiceApplication Classifiers

• Application classifiers are used by service classes to distinguish between application traffic types.

• Applications are classified by:• Ethertype not all competitors can do this

• IP Classification (TCP, GRE, L2TP, etc)

• TCP Port

• UDP Port

• Web URL

• ICA Published App not all competitors can do this

• Application classifiers are categorized into 1 of 25 Application Groups

Quality of ServiceApplication Classifiers

• Custom application classifiers can be created.

• The maximum number of classifiers supported is 600 per appliance.

• The classification parameters entered cannot conflict with an existing classifier.

Quality of ServiceApplication Classifiers – XenApp and XenDesktop

• ICA Published Applications or Desktops groups can be manually created or auto-discovered.

• Once discovered, they will appear in the application classifier list as well as in all reports and monitoring pages.

• Temporarily enabling and then disabling auto discovery can be used to prepopulate the online applications list for editing or exporting at a later time.

Quality of ServiceService Classes in v5.7 and prior

• Service Classes in Branch Repeater 5.7 and prior releases identified traffic two possible ways:

• IP address/range (client or server)

• TCP port number

• Service Classes were evaluated in order with mirrored policies required on all appliances.

• If Service Classes did not match on both appliances with an acceleration pair, those connections would pass through un-accelerated (UR Code 6).

Quality of ServiceService Classes in v6.0

• Service Classes are the main QoS mechanism, bringing together:

• Traffic Shaping Policies

• Application Classifiers

• Link Configurations

• Service Classes are evaluated in order with policies higher in the list having priority over ones lower.

• Service classes need to exist but not be mirrored on all appliances; will result in lowest common setting being used.

Quality of ServiceService Classes

• Service Classes are still used to enforce bandwidth priority among traffic types however now map to Traffic Shaping Policies instead of QoS Queues.

• Traffic Shaping Policies within a Service Class can be applied by:

• Single Traffic Shaping Policy per Single Service Class

• Per-link Traffic Shaping Policies per Single Service Class

• The maximum number of supported Service Classes is 64 per appliance.

Quality of ServiceService Classes

• Service classes can use AND rules as well as OR rules.

• Rules can include any and all of the following filters:• Application Name

• Source IP

• IP sync/direction

• Destination IP

• VLAN Tag

• DiffServ bit

• SSL Profile

• The maximum number of Service Class Filter Rules supported is 10 per Service Class.

AND

OR

Complete Exercise 2

Signed SMB / Secure Partner configuration

• Branch Repeater 5.7 and earlier supported compression and acceleration of unsigned SMB1 traffic only.

• If enabled, Signed SMB had to be turned off on servers and clients via group policy to enable acceleration.

• Connections from Vista and Win7 clients had SMB2 connections rolled back to SMB1.


SMB Support in v5.7

• There are three SMB acceleration scenarios you may observe when monitoring SMB CIFS connections.• Unaccelerated SMB 1 or 2 Connections

• Accelerated SMB 1 or 2 Connections

• Accelerated Signed SMB 1 or 2 Connections


SMB Acceleration in v6.0

• There are three SMB acceleration scenarios you may observe when monitoring SMB CIFS connections.• Unaccelerated SMB 1 or 2 Connections

• Accelerated SMB 1 or 2 Connections

• Accelerated Signed SMB 1 or 2 Connections


SMB Acceleration Requirements

Connection

Type

Secure

Partner

Windows

Domain

Member

NTLMv1

Required

SMB 1 No No No

SMB 2 No No No

Signed SMB 1 Yes Yes Yes

Signed SMB 2 Yes Yes Yes

• Domain membership is only required on the server-side Branch Repeater.

• Once joined, the appliance or VPX should now have a machine account in the specified domain.

• NOTE: Signed SMB is not enabled yet!


• A secure connection must be established between Branch Repeaters (secure partners).

• SSL credentials (cert and key) are used for authentication and trust between Branch Repeaters.

• The SSL Key Store must be enabled to hold the SSL credentials used by the Branch Repeaters.

• A Crypto license is required to enable the SSL feature set.



• SSL Support must be enabled by clicking the SSL Encryption node under Configuration.

• Trusted SSL credentials must be installed and used to authenticate all Branch Repeaters and create a secure data channel between them.



• The Secure Partner connection is configured on a per appliance basis.

• A signaling mechanism is used to provide discovery and communication between trusted appliances.



Complete Exercise 3

MultiStream ICA (MSI)

What is an ICA Virtual Channel?

A Citrix Independent Computing Architecture (ICA) virtual

channel is a bidirectional connection for the exchange of

generalized packet data between a Citrix XenApp Server and

a ICA compliant client.

Virtual channels correspond to virtual drivers; each

providing a specific function. Some are required for normal

operation, and others are optional.

Virtual drivers operate at the presentation layer protocol

level. There can be a number of these protocols active at any

given time by multiplexing channels.

There are a total of 32 virtual channels in the ICA protocol.

However for most user sessions, between 8 -12 are usually

utilized.

ICA Review – Virtual Channels

ICA Priority Packet Tagging

• ICA Priority Tagging consists of a two bit tag within each ICA packet header.

• These tags can be evaluated on the fly and the application activity determined.

• Earlier versions of MetaFrame use a framing header that does not contain the two priority bits.

Channel Name Default Priority Description Virtual DriverCTXTW 0 Remote Session Screen Update (THINWIRE) vdtw30n.dll

CTXTWI 0 Seamless Windows Screen Update (THINWIRE) vdtwin.dll

CTXTWN 0 Winstation wfica32.exe

CTXEUEM 0 End User Experience Monitoring vdeuemn.dll

CTXZLFK 0 Local Text Echo and Keyboard Feedback vdzlcn.dll

CTXZLC 0 Speed Screen Latency Reduction - Screen vdzlcn.dll

CTXZLFK 0 Speed Screen Latency Reduction - Fonts vdfon30n.dll

CTXCTL 0 ICA Session Control vdctln.dll

CTXFLSH 1 Multimedia - Flash vdflash.dll

CTXGUSB 1 USB Redirection vdgusbn.dll

CTXMM 1 Multimedia - Streaming vdmmn.dll

CTXCLIP 1 Client Clipboard Mapping vdclipn.dll

CTXCAM 1 Client Audio Mapping vdcamN.dll

CTXLIC 1 License Management wfica32.exe

CTXVFM 1 Video Server – (no longer used) n/a

CTXPN 1 Program Neighborhood vdpnn.dll

CTXCCM 2 Client COM Port Mapping vdcom30N.dll

CTXCDM 2 Client Drive Mapping vdcdm30n.dll

CTXPASS 2 Transparent Key Pass-Through vdkbhook.dll

CTXCPM 3 Printer Mapping for Spooling Clients vdcpm30N.dll

CTXCM 3 Client Management (Auto-Update) vdcmN.dll

CTXLPT1 3 Legacy LP1 Port Mapping wfica32.exe

CTXLPT2 3 Legacy LPT2 Port Mapping wfica32.exe

CTXCOM1 3 Legacy COM1 Port Mapping wfica32.exe


Virtual Channels

ICA QoS in BR 5.7

ICA Priority Packet Tagging allows

prioritization of ICA sessions based

on the virtual channel data being

transmitted. (what the user is doing within the

app/session)

This is done by associating each

virtual channel’s two-bit priority to a

packet priority.

The two priority bits combine to form

four priority values:00 (0) - High Priority

01 (1) - Medium Priority

10 (2) - Low Priority

11 (3) - Background Priority

These priority bits can then be assigned

to Branch Repeater Quality of Service

queues to allow dynamic QoS.

ICA QoS in BR 6.0 (Single Stream)

ICA Priority Packet Tagging allows

prioritization of ICA sessions based

on the virtual channel data being

transmitted. (what the user is doing within the

app/session)

This is done by associating each

virtual channel’s two-bit priority to a

packet priority.

The two priority bits combine to form

four priority values:00 (0) - High Priority

01 (1) - Medium Priority

10 (2) - Low Priority

11 (3) - Background Priority

These priority bits can then be assigned

to Branch Repeater Quality of Service

queues to allow dynamic QoS.

The Single Stream ICA Problem

compressed and encrypted ICA data

•The user creates an ICA session.

•User interface traffic is tagged with a

priority bit of zero (thin wire).

•Branch Repeater identifies the priority

tags in real time and applies QoS

appropriately.

Session Bandwidth



•The user then starts a print job within

the ICA session.

•Print traffic is tagged with a priority bit

of three (real time).

•Branch Repeater identifies the new

priority tags in real time and applies

QoS appropriately.

Session Bandwidth



•The user then either returns to the app’s user

interface or starts a second application. (thin wire)

•The new observed priority bits of the session

cause the session to be QoS’ed as a priority zero.

•Prioritization of printing traffic is now lost.

Session Bandwidth

Enter Multi-Stream ICA

ICA Stream #1

ICA Stream #2

ICA Stream #3

ICA Stream #4

Channel Name Default Priority Description Virtual DriverCTXTW 0 Remote Session Screen Update (THINWIRE) vdtw30n.dll

CTXTWI 0 Seamless Windows Screen Update (THINWIRE) vdtwin.dll

CTXTWN 0 Winstation wfica32.exe

CTXEUEM 0 End User Experience Monitoring vdeuemn.dll

CTXZLFK 0 Local Text Echo and Keyboard Feedback vdzlcn.dll

CTXZLC 0 Speed Screen Latency Reduction - Screen vdzlcn.dll

CTXZLFK 0 Speed Screen Latency Reduction - Fonts vdfon30n.dll

CTXCTL 0 ICA Session Control vdctln.dll

CTXFLSH 1 Multimedia - Flash vdflash.dll

CTXGUSB 1 USB Redirection vdgusbn.dll

CTXMM 1 Multimedia - Streaming vdmmn.dll

CTXCLIP 1 Client Clipboard Mapping vdclipn.dll

CTXCAM 1 Client Audio Mapping vdcamN.dll

CTXLIC 1 License Management wfica32.exe

CTXVFM 1 Video Server – (no longer used) n/a

CTXPN 1 Program Neighborhood vdpnn.dll

CTXCCM 2 Client COM Port Mapping vdcom30N.dll

CTXCDM 2 Client Drive Mapping vdcdm30n.dll

CTXPASS 2 Transparent Key Pass-Through vdkbhook.dll

CTXCPM 3 Printer Mapping for Spooling Clients vdcpm30N.dll

CTXCM 3 Client Management (Auto-Update) vdcmN.dll

CTXLPT1 3 Legacy LP1 Port Mapping wfica32.exe

CTXLPT2 3 Legacy LPT2 Port Mapping wfica32.exe



Virtual Channels

• Single-port, Multi-stream ICA (MSI Default)• 4 random ports at client, 1 primary port on server

• Automatically enabled on ICA server by Branch Repeater 6.0.

• Multi-port, Multi-stream ICA• 4 random ports at client, 1 primary and up to 3 secondary ports on server

• Most common deployment if used without Branch Repeater

• Single-port, Single-stream ICA• 1 random port at client, 1 primary port on server

• The pre-MSI default connection type

• If any Branch Repeater on the link vetos MSI, or old versions used


Multi-Stream ICA Terminology


Enable MSI on ICA Server


Enable MSI on Branch Repeater

For backward compatibility, MSI is disabled by default on

Branch Repeater, XenDesktop and XenApp


Up to 4 TCP connections for a single ICA application

This is the first view that MSI is working as expected


How MSI streams are identified

Under Monitoring Citrix (ICA/CGP)

ICA Statistics ICA Session Count

If MSI is active and connected, Multi Stream

counter will be non-zero

• Only Branch Repeater can parse a single port/multi-stream

ICA connection and apply QoS appropriately.

• The benefits:

• Lower overhead on the network and server infrastructure

• Works on standard ICA (CGP) ports, does not require Firewalls reconfiguration

• Hassle-free, automated IT administration

• In all other cases, you get multi-server port MSI or single-

stream ICA


What is the competitive advantage

Multi-Stream ICA in Action


•Application UI performance level is maintained.

•Printing traffic does not adversely affect this or

any other WAN users.

Session 1 GUI Session 1 Printing Session 2 GUI

Complete Exercise 4

Reporting, Monitoring and Statistics

• The Branch Repeater Admin Console now has a landing page called Dashboard.

• The Dashboard can be automatically refreshed as well as manually refreshed by clicking the Refresh button.

• The sections that are displayed and the refresh rate can be customized also buy clicking the Customize button.


The New Dashboard

• Branch Repeater has a new graphing and statistics rendering engine.

• Graphing options include• Pie Charts

• Stacked Area Graphs

• Line Graphs

• Dynamic bar graphs

• Data and statistics can be displayed in tables with hyperlinked cells for data drill down.

The New Graphs and Tables

The New Graphs and Tables

• Branch Repeater has a new graphing and statistics rendering engine.

• Graphing options include• Pie Charts

• Stacked Area Graphs

• Line Graphs

• Dynamic bar graphs

• Data and statistics can be displayed in tables with hyperlinked cells for data drill down.

• Generating reports now produces a multi-page PDF document that can be saved or printed.

• Graphs displayed in reports are determined by the graph display settings within the Admin console.

• Reports can include historical data as well as can be run as a aggregate or drill down report.• (more on this later)

The New PDF Reports with Historical Data

• The Monitoring pages are now listed in a collapsible Monitoring node, and listed alphabetically.

• Changes, enhancements or additions have been made to the following monitoring pages:• Connections

• Filesystem (CIFS/SMB)

• Citrix (ICA/CGP)

• Secure Partners


The Monitoring Pages

• The Connections page now used a tabular interface with separate tabs for Accelerated and non-accelerated connections.

• Connection filtering can now be done by Service Class.

• The connections lists now have customizable columns.

Monitoring Changes

UR:0 NONE "internal (accelerated)"

UR:1 UNKNOWN "unknown"

UR:2 NO_ORBITAL "no partner unit detected"

UR:3 NO_SYN_SEEN"routing asymmetry detected: not all packets are going through this

unit"

UR:4 NO_SYN_ACK_SEEN"routing asymmetry detected, not all packets are going through this

unit, (no SYN-ACK seen)"

UR:5 NO_SPACE_FOR_OPTIONS"not enough room left in the TCP packet header to append unit

specific options"

UR:6 POLICY "service policy rule"

UR:7 PORT_EXCLUDE "acceleration port include or exclude list"

UR:8 IP_EXCLUDE "acceleration ip address include or exclude list"

UR:9 MODE_MISMATCH"one unit is configured with softboost mode and the other with

hardboost mode"

UR:10 MAX_CONNECTIONS_LIMIT "maximum number of accelerated connection reached"

UR:11MAX_SYN_TRIES_EXCEED

ED

"could not connect to the destination when unit specific options

were appended to the tcp packet"

UR:12 DONT_PROBE

"could not connect to the destination when unit specific options

were appended to the tcp packet, but connection without such

options succeeded"

UR:13 ORBS_ON_BOTH_SIDES "this unit is between two other units and daisy-chaining is enabled"

UR:14 MAX_FAST_FLOWS_LIMIT "maximum number of simultaneous partner units reached"

UR:15 BAD_LOCAL_SRC_IP "no proxy entry for source IP address is configured"

UR:16 SIMULATION_MODE "unit runs in simulation mode"

UR:17 PORT_LIMIT_LICENSE"connections with this TCP port are not allowed to be accelerated

by the license"

UR:18 BAD_PROXY_CONFIG "bad proxy configuration detected on the partner unit"

UR:19 PROXY_EXLUDED_PORT

"bad proxy configuration detected, acceleration for connections

with this source or destination TCP port is disabled by port include

or exclude list"

UR:20 PROXY_LOOP "bad proxy configuration detected: there is a loop"

UR:21 OUT_OF_SOCKETS "too many proxy connections: failed to allocate a socket"

UR:22 NO_HANDSHAKE_SEEN "no initial TCP handshake seen"

UR:23 GROUP"a different member of the appliance group accelerates this

connection"

UR:24 NO_AUTO_DISCOVERY "auto-discovery disabled"

UR:25 GROUP_PASSTHROUGH "acceleration disabled in group mode"

UR:26EDGE_CONNECTION_WITH_

BAD_VIP

"appliance received an Citrix Acceleration Plug-in connection

with wrong destination VIP"

UR:27NO_CONNECTION_TO_APPLI

ANCE"no connection to appliance"

UR:28 INCORRECT_MODE "Transparent connection at an appliance in redirector mode"

UR:29 CLIENT_RULES "client rules disallow acceleration"

UR:30NO_SIGNALING_CONN_TO_C

LIENT"no signaling connection to client"

UR:31ISA_CACHED_LOCAL_CONNE

CTION"ISA cached local connection"

UR:32ISA_NAT_INITIATED_LOCAL_

CONNECTION"ISA NAT local connection"

UR:33MAX_ACTIVE_CONNECTIONS

_LIMIT"maximum number of active accelerated connection reached"

UR:34SYN_ACK_WITHOUT_OPTION

S"a syn-ack was received without options"

UR:35SSL_VPN_CONNECTION_REF

LECTING_TRAFFIC

"an ssl VPN is causing packets to transverse the Acceleration

Plug-in multiple times"

UR:36 APPLIANCE_IS_ON_LAN "Appliance/Client are on the same LAN",

UR:37APPLIANCE_SIGNALING_CON

NECTION"Signaling connection to partner appliance"

UR:38CACHED_LOCAL_CONNECTI

ON"HTTP Cached Local Connection"

Admin console reporting has been re written and organized into the Reports node.

The aggregate reports available are:• Compression

• LAN vs. WAN Traffic

• Link Usage

• Service Classes

• Top Applications

• Traffic Shaping

• Within each of these aggregate report views, several drill down reports are available in addition to all PDF reports.

The Reporting Pages

• The Top Applications report breaks out total throughput and relative bandwidth usage by application and optionally by link for both send and receive traffic.

• Report windows range from the last minute to last month, as well as since last appliance restart.

• Up to 10 applications can be reported on at a time, while being displayed in either line graphs or stacked area graphs.

• Click Customize allows you to select specific links as well as the number of applications to report on.

Report Creation Example

• Clicking on the Active Applications tab displays a list of all identified application and service traffic (TCP and UDP) at the current moment.

• Clicking Customize allows the specifying if configured Links to report on.

• Then clicking an application name hyperlink displays application specific link usage for send and receive traffic.


• Click the PDF Report button to generate a report isolating that application only.


• Clicking on the Administrator Interface node under Configuration accesses all GUI access and display related settings.

• Enabling and disabling of graphs, graph combinations, and refresh rates are all controlled here.

• Clicking on the Clear Statistics node under System Maintenance accesses the clearing of link, application, traffic shaping and service class statistics.

Configuration – Refresh and Clear

Complete Exercise 5

The “Ask me anything…” slide

[email protected]

Oded nahum branch repeater 6 technical introduction

Technology

Transcript of Oded nahum branch repeater 6 technical introduction