Oded nahum branch repeater 6 technical introduction
-
Upload
digicomp-academy-ag -
Category
Technology
-
view
467 -
download
0
description
Transcript of Oded nahum branch repeater 6 technical introduction
Branch Repeater 6.0A Technical Introduction
Oded Nahum – Branch Repeater Product SpecialistSeptember 2011
• Introducing Branch Repeater 6.0
• Initial Configuration – Exercise 1• Licensing
• Configuring Links
• Management Access
• Monitoring Mode
• Quality of Service – Exercise 2• Links
• Application Classifiers
• Traffic Shaping Policies
• Service Classes
• CIFS Acceleration – Exercise 3• CIFS (SMB and Signed SMB) Traffic
• MultiStream ICA – Exercise 4• Enabling and testing
• Reporting and Monitoring – Exercise 5• Monitoring Links, Applications and Service Classes
• Customizing and Generating Reports
Agenda
Citrix Confidential - Do Not Distribute
Introducing Branch Repeater 6.0
General Availability: RTW June 27th
Branch Repeater 6.0
The next generation of Branch Repeater Technology
Advanced traffic classification, prioritization, shaping and reporting
Improved XenDesktop and XenApp acceleration
Clustering via NetScaler
SMB 2, Encrypted MAPI and Outlook/Exchange 2010 Acceleration
Centralized licensing – Citrix License Server
RepeaterBranch Repeater
WAN
Adaptive
TCP
Flow Control
Adaptive
Compression
Adaptive
Protocol
Acceleration
Smart
Acceleration
WAN
Optimization
• Assess and identify all services
• Classify 500+ services out-of-the-box
• Control bandwidth allocation, compression, shaping and enforcement
• Monitor services delivery and report
• Sense network conditions, remediateand respond; minimize help desk calls
Assess
Classify
Monitor Control
Remediate
Service-centric WAN Optimization… Not just network-centric WAN optimization
Smart
Acceleration
SmartAcceleration for Deeper Visibility and Granular Control
0011100011101001110111000100010100001110 000111000
1001100110011101000011000
• Visibility for 500+ apps and protocols out-of-the-box, + more custom
• Prioritize XenDesktop, multimedia, web and Windows apps, custom services
• Auto-detect and auto-configure XenDesktop; no changes to network or XenDesktop
• Prioritize by app, branch or user location, app type, protocol, traffic direction, more
MicrosoftApps
XenApp
Voice, Video
XenDesktop
File, Print
Smarter, Granular Prioritization Policies
Global
Branch
Service Class
Partner OfficeMed pri
BeijingHi pri
LondonMed pri
NYMed pri
SFLo pri
Citrix TVHi pri
YouTubeLo pri
Exec XDsHi pri
Employee XDs
Lo priSub-class
XenDesktopHi pri
VideoMed pri
Datacenter
Data CenterBranch Office
User-centric XenDesktop Prioritization
0011100011101001110111000
100010100001110 000111000
1001100110011101000011000
MicrosoftApps
XenApp
Voice, Video
XenDesktop
File, Print
Prioritize published apps and
desktops by user groups
Prioritize different types of
traffic (mouse, print, etc)
across user sessions
Sales Product
Executive
Data CenterBranch Office
Microsoft email (Encrypted MAPI
and Exchange 2010)
Microsoft file servers
(SMBv2, Signed SMB v1/v2)Layer 7 optimizations
Faster Encrypted Email and File Transfers
0011100011101001110111000
100010100001110 000111000
1001100110011101000011000
• Initial Branch Repeater 6.0 release is intended for Linux-based appliances and VPX appliances on XenServer and VMWare.
• The same update file downloaded from MyCitrix will work for both platforms.
• The Repeater Plug-In 6.0 release will follow soon after the Capri release.
• The Branch Repeater with Windows Server will be updated with the BR 6.0 technology in a subsequent release.
Platform Support and Upgrades
Flexibility to Meet All Your Needs
Branch Repeater Product Family
Repeater
AppliancesRepeater Plug-in –
Software Client
Branch Repeater with
Windows Server
Branch Repeater VPX
– Virtual Appliance
Software
BR 6.0
Initial
Release
BR 6.0
Initial
Release
Coming
Soon…
Coming
Later…
Initial Configuration
• Branch Repeater 6.0 needs to know where the LAN and WAN are.
• Determine and remember which accelerated pair port is connected to the WAN and which to the LAN. (inline mode)
• Either port can be connected to either side using the proper cables.
First things first…apA1 apA2
apA1 apA2 apA1 apA2
•Switch
•DSL Modem
•Cable Modem
Straight
Through Cable
•Router
•Direct to Server
•Direct to Client
Crossover
Cable
• Click the Quick Installation node in the Command menu.
• This page is a collection of all the configuration steps condensed into one simple form.
New Quick Installation Page
• The Quick Installation is intended for simple Branch Repeater deployments.
• If any of the following are needed, a manual configuration is required;• Virtual Inline Mode
• WCCP Deployment Mode
• Group Mode
• High Availability
• SSL Acceleration
• Repeater Plugin Support
• Hardboost Bandwidth Mode
• Encrypted SMB or MAPI Support
New Quick Installation Page
• Enter all the required information and click the Install button.
• Once completed, the appliance will reboot and then you should see successful traffic flow in the Dashboard.
New Quick Installation Page
• Click the Licensing node in the Configuration menu.
• Chose the License Server tab if your license requires using a stand alone Citrix License server.• Retail (Appliance, Plug-in, Crypto)
• XenDesktop Platinum Entitlement
• Chose the Local Licenses tab if your license type required local installation.• Evaluation License
• Not for Re-sale
• Express
Branch Repeater Licensing
• Click on the Links node in the Configuration menu.
• Click the Edit button for the first pre-defined apA link.
• Configure the link according to network it is connected to;• Link Type (LAN of WAN side)
• Bandwidth In
• Bandwidth Out
• Descriptive Link Name (optional)
• Click Save.
• Repeat this configuration on both the apA1 and apA2 links.
Must configure the default apA links
• Traffic Processing• Master enable/disable switch. When disabled, all features of the Appliance are disabled and all
traffic passes through without modification or traffic shaping
• Traffic Acceleration• enables and disables the acceleration engine
• Traffic Shaping• enables and disables the traffic-shaping engine
• Traffic Bridging (VPX Only)• Enable / Disable the software bridge, default for new installs is disabled
Citrix Confidential - Do Not Distribute
Branch Repeater Features page
• Branch Repeater can ne installed in a “monitoring-only”mode
• No compression, flow control or traffic shaping will be used, however full traffic visibility will be available.
• Use the Features node in the Command Menu to disable;• Traffic Acceleration
• Traffic Shaping
.
Traffic Processing and Acceleration
• Link level In / Out - Regulates all traffic, accelerated as well as non-accelerated
• Bandwidth Management – Regulate only accelerated traffic, effects inbound traffic only
• Recommended configuration – Use local WAN link sizing
Citrix Confidential - Do Not Distribute
Bandwidth Management
Today’s Lab EnvironmentsYour student work
environment
(WinXP)
Complete Exercise 1
Quality of Service
Quality of Service in v5.7 and prior releases
• Five queues (Named “A” though “E”. Names can be changed)
• All traffic is assigned to Queue A by default
• Each Service Class can be assigned to a one traffic queue.
• Each queue determines the minimum bandwidth allocation when bandwidth contention with a higher queue occurs.
• ICA Packet priorities are mapped to quality of service (QoS) queues.
Bandwidth
AllocationsQoS Queues
Service Classes
ICA Packet
Priorities
Acceleration
Engine
Quality of Service – The Basics of Traffic Shaping
• All WAN traffic is subject to traffic shaping• Accelerated connections, non-accelerated connections, non-TCP traffic such
as UDP flows, GRE streams, etc.
• The algorithm used is weighted fair queuing• Every connection is assigned a weight based on the appliance’s policies
between 1 and 256.
• Traffic shaping is applied to the WAN in both inbound and outbound after the compression engine
• Weighted priorities are applied during bandwidth contention to both ingress and egress traffic even when the other side of the link is not equipped with QoS.
• DSCP Is fully supported both as a classifier and an enforcer
• More information in Branch Repeater Traffic Shaping technology can be found here http://www.citrix.com/skb/articles/RDY4005
Quality of Service in v6.0 - Configuration
• Quality of Service is applied using 4 mechanisms.
• Links: Tells the traffic shaper which WAN link the packet is using. In a site with multiple link, each link has its own bandwidth limits and is managed independently.
• Application Classifiers: Identify and determines which protocol or application class traffic belongs to.
• Traffic Shaping Policies: Tell the traffic shaper weighted priority and bandwidth limits to assign to which traffic type (application classifier).
• Service Classes: Map applications to acceleration decisions, traffic filters and traffic-shaping policies.
Quality of ServiceLink Definition
• Links : Physical or Logical
• WAN connections between remote sites.
• WAN links between datacenters and branches.
• WAN links between cities or countries.
• WAN data paths between branches and specific servers or server farms.
Data Center 2
Data Center 1
Branch 1
DC1 Link
XenApp Traffic Link
DC2 Link
Streaming Traffic Link
Quality of ServiceLink Definition
• Define Links
• By Accelerated Port
• By Source or Destination Network
• By WCCP Service Group
• By Source or Destination MAC Address
• By VLAN Tag
• By default link definitions are automatically created for each adapter port.
• The number of supported links are limited by Branch Repeater model:
• 83xx, 85xx = 5 links
• 88xx = 10 links
• VPX = up to 5 links
• If Links are misconfigured there will be compression values less than 1:1.
Quality of ServiceTraffic Shaping Policies
• By default there are 10 pre-configured traffic shaping policies. (subject to change)
• VOIP Traffic
• High Priority Traffic
• Medium Priority Traffic
• Low Priority Traffic
• Default QoS
• ICA Priorities
• Each traffic shaping policy has a weighted priority value associated with it.
• The maximum number of traffic shaping policies supported is 50 per appliance.
Quality of ServiceTraffic Shaping Policies
• Weighted Priority is used to determine traffic precedence when calculating send and receive rates.
• And.. Or…
Bandwidth limits can also now used to control allocation.
• Percentage of Link Bandwidth
• Absolute Fixed Date Rate.
• Even within an SSL tunnel !!*
*Citrix Patent Pending
Quality of ServiceApplication Classifiers
• Application classifiers are used by service classes to distinguish between application traffic types.
• Applications are classified by:• Ethertype not all competitors can do this
• IP Classification (TCP, GRE, L2TP, etc)
• TCP Port
• UDP Port
• Web URL
• ICA Published App not all competitors can do this
• Application classifiers are categorized into 1 of 25 Application Groups
Quality of ServiceApplication Classifiers
• Custom application classifiers can be created.
• The maximum number of classifiers supported is 600 per appliance.
• The classification parameters entered cannot conflict with an existing classifier.
Quality of ServiceApplication Classifiers – XenApp and XenDesktop
• ICA Published Applications or Desktops groups can be manually created or auto-discovered.
• Once discovered, they will appear in the application classifier list as well as in all reports and monitoring pages.
• Temporarily enabling and then disabling auto discovery can be used to prepopulate the online applications list for editing or exporting at a later time.
Quality of ServiceService Classes in v5.7 and prior
• Service Classes in Branch Repeater 5.7 and prior releases identified traffic two possible ways:
• IP address/range (client or server)
• TCP port number
• Service Classes were evaluated in order with mirrored policies required on all appliances.
• If Service Classes did not match on both appliances with an acceleration pair, those connections would pass through un-accelerated (UR Code 6).
Quality of ServiceService Classes in v6.0
• Service Classes are the main QoS mechanism, bringing together:
• Traffic Shaping Policies
• Application Classifiers
• Link Configurations
• Service Classes are evaluated in order with policies higher in the list having priority over ones lower.
• Service classes need to exist but not be mirrored on all appliances; will result in lowest common setting being used.
Quality of ServiceService Classes
• Service Classes are still used to enforce bandwidth priority among traffic types however now map to Traffic Shaping Policies instead of QoS Queues.
• Traffic Shaping Policies within a Service Class can be applied by:
• Single Traffic Shaping Policy per Single Service Class
• Per-link Traffic Shaping Policies per Single Service Class
• The maximum number of supported Service Classes is 64 per appliance.
Quality of ServiceService Classes
• Service classes can use AND rules as well as OR rules.
• Rules can include any and all of the following filters:• Application Name
• Source IP
• IP sync/direction
• Destination IP
• VLAN Tag
• DiffServ bit
• SSL Profile
• The maximum number of Service Class Filter Rules supported is 10 per Service Class.
AND
OR
Complete Exercise 2
Signed SMB / Secure Partner configuration
• Branch Repeater 5.7 and earlier supported compression and acceleration of unsigned SMB1 traffic only.
• If enabled, Signed SMB had to be turned off on servers and clients via group policy to enable acceleration.
• Connections from Vista and Win7 clients had SMB2 connections rolled back to SMB1.
Citrix Confidential - Do Not Distribute
SMB Support in v5.7
• There are three SMB acceleration scenarios you may observe when monitoring SMB CIFS connections.• Unaccelerated SMB 1 or 2 Connections
• Accelerated SMB 1 or 2 Connections
• Accelerated Signed SMB 1 or 2 Connections
Citrix Confidential - Do Not Distribute
SMB Acceleration in v6.0
• There are three SMB acceleration scenarios you may observe when monitoring SMB CIFS connections.• Unaccelerated SMB 1 or 2 Connections
• Accelerated SMB 1 or 2 Connections
• Accelerated Signed SMB 1 or 2 Connections
Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements
Connection
Type
Secure
Partner
Windows
Domain
Member
NTLMv1
Required
SMB 1 No No No
SMB 2 No No No
Signed SMB 1 Yes Yes Yes
Signed SMB 2 Yes Yes Yes
• Domain membership is only required on the server-side Branch Repeater.
• Once joined, the appliance or VPX should now have a machine account in the specified domain.
• NOTE: Signed SMB is not enabled yet!
SMB Acceleration Requirements
• A secure connection must be established between Branch Repeaters (secure partners).
• SSL credentials (cert and key) are used for authentication and trust between Branch Repeaters.
• The SSL Key Store must be enabled to hold the SSL credentials used by the Branch Repeaters.
• A Crypto license is required to enable the SSL feature set.
Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements
• SSL Support must be enabled by clicking the SSL Encryption node under Configuration.
• Trusted SSL credentials must be installed and used to authenticate all Branch Repeaters and create a secure data channel between them.
Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements
• The Secure Partner connection is configured on a per appliance basis.
• A signaling mechanism is used to provide discovery and communication between trusted appliances.
Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements
Complete Exercise 3
MultiStream ICA (MSI)
What is an ICA Virtual Channel?
A Citrix Independent Computing Architecture (ICA) virtual
channel is a bidirectional connection for the exchange of
generalized packet data between a Citrix XenApp Server and
a ICA compliant client.
Virtual channels correspond to virtual drivers; each
providing a specific function. Some are required for normal
operation, and others are optional.
Virtual drivers operate at the presentation layer protocol
level. There can be a number of these protocols active at any
given time by multiplexing channels.
There are a total of 32 virtual channels in the ICA protocol.
However for most user sessions, between 8 -12 are usually
utilized.
ICA Review – Virtual Channels
ICA Priority Packet Tagging
• ICA Priority Tagging consists of a two bit tag within each ICA packet header.
• These tags can be evaluated on the fly and the application activity determined.
• Earlier versions of MetaFrame use a framing header that does not contain the two priority bits.
Channel Name Default Priority Description Virtual DriverCTXTW 0 Remote Session Screen Update (THINWIRE) vdtw30n.dll
CTXTWI 0 Seamless Windows Screen Update (THINWIRE) vdtwin.dll
CTXTWN 0 Winstation wfica32.exe
CTXEUEM 0 End User Experience Monitoring vdeuemn.dll
CTXZLFK 0 Local Text Echo and Keyboard Feedback vdzlcn.dll
CTXZLC 0 Speed Screen Latency Reduction - Screen vdzlcn.dll
CTXZLFK 0 Speed Screen Latency Reduction - Fonts vdfon30n.dll
CTXCTL 0 ICA Session Control vdctln.dll
CTXFLSH 1 Multimedia - Flash vdflash.dll
CTXGUSB 1 USB Redirection vdgusbn.dll
CTXMM 1 Multimedia - Streaming vdmmn.dll
CTXCLIP 1 Client Clipboard Mapping vdclipn.dll
CTXCAM 1 Client Audio Mapping vdcamN.dll
CTXLIC 1 License Management wfica32.exe
CTXVFM 1 Video Server – (no longer used) n/a
CTXPN 1 Program Neighborhood vdpnn.dll
CTXCCM 2 Client COM Port Mapping vdcom30N.dll
CTXCDM 2 Client Drive Mapping vdcdm30n.dll
CTXPASS 2 Transparent Key Pass-Through vdkbhook.dll
CTXCPM 3 Printer Mapping for Spooling Clients vdcpm30N.dll
CTXCM 3 Client Management (Auto-Update) vdcmN.dll
CTXLPT1 3 Legacy LP1 Port Mapping wfica32.exe
CTXLPT2 3 Legacy LPT2 Port Mapping wfica32.exe
CTXCOM1 3 Legacy COM1 Port Mapping wfica32.exe
CTXCOM2 3 Legacy COM2 Port Mapping wfica32.exe
Virtual Channels
ICA QoS in BR 5.7
ICA Priority Packet Tagging allows
prioritization of ICA sessions based
on the virtual channel data being
transmitted. (what the user is doing within the
app/session)
This is done by associating each
virtual channel’s two-bit priority to a
packet priority.
The two priority bits combine to form
four priority values:00 (0) - High Priority
01 (1) - Medium Priority
10 (2) - Low Priority
11 (3) - Background Priority
These priority bits can then be assigned
to Branch Repeater Quality of Service
queues to allow dynamic QoS.
ICA QoS in BR 6.0 (Single Stream)
ICA Priority Packet Tagging allows
prioritization of ICA sessions based
on the virtual channel data being
transmitted. (what the user is doing within the
app/session)
This is done by associating each
virtual channel’s two-bit priority to a
packet priority.
The two priority bits combine to form
four priority values:00 (0) - High Priority
01 (1) - Medium Priority
10 (2) - Low Priority
11 (3) - Background Priority
These priority bits can then be assigned
to Branch Repeater Quality of Service
queues to allow dynamic QoS.
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user creates an ICA session.
•User interface traffic is tagged with a
priority bit of zero (thin wire).
•Branch Repeater identifies the priority
tags in real time and applies QoS
appropriately.
Session Bandwidth
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user then starts a print job within
the ICA session.
•Print traffic is tagged with a priority bit
of three (real time).
•Branch Repeater identifies the new
priority tags in real time and applies
QoS appropriately.
Session Bandwidth
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user then either returns to the app’s user
interface or starts a second application. (thin wire)
•The new observed priority bits of the session
cause the session to be QoS’ed as a priority zero.
•Prioritization of printing traffic is now lost.
Session Bandwidth
Enter Multi-Stream ICA
ICA Stream #1
ICA Stream #2
ICA Stream #3
ICA Stream #4
Channel Name Default Priority Description Virtual DriverCTXTW 0 Remote Session Screen Update (THINWIRE) vdtw30n.dll
CTXTWI 0 Seamless Windows Screen Update (THINWIRE) vdtwin.dll
CTXTWN 0 Winstation wfica32.exe
CTXEUEM 0 End User Experience Monitoring vdeuemn.dll
CTXZLFK 0 Local Text Echo and Keyboard Feedback vdzlcn.dll
CTXZLC 0 Speed Screen Latency Reduction - Screen vdzlcn.dll
CTXZLFK 0 Speed Screen Latency Reduction - Fonts vdfon30n.dll
CTXCTL 0 ICA Session Control vdctln.dll
CTXFLSH 1 Multimedia - Flash vdflash.dll
CTXGUSB 1 USB Redirection vdgusbn.dll
CTXMM 1 Multimedia - Streaming vdmmn.dll
CTXCLIP 1 Client Clipboard Mapping vdclipn.dll
CTXCAM 1 Client Audio Mapping vdcamN.dll
CTXLIC 1 License Management wfica32.exe
CTXVFM 1 Video Server – (no longer used) n/a
CTXPN 1 Program Neighborhood vdpnn.dll
CTXCCM 2 Client COM Port Mapping vdcom30N.dll
CTXCDM 2 Client Drive Mapping vdcdm30n.dll
CTXPASS 2 Transparent Key Pass-Through vdkbhook.dll
CTXCPM 3 Printer Mapping for Spooling Clients vdcpm30N.dll
CTXCM 3 Client Management (Auto-Update) vdcmN.dll
CTXLPT1 3 Legacy LP1 Port Mapping wfica32.exe
CTXLPT2 3 Legacy LPT2 Port Mapping wfica32.exe
CTXCOM1 3 Legacy COM1 Port Mapping wfica32.exe
CTXCOM2 3 Legacy COM2 Port Mapping wfica32.exe
Virtual Channels
• Single-port, Multi-stream ICA (MSI Default)• 4 random ports at client, 1 primary port on server
• Automatically enabled on ICA server by Branch Repeater 6.0.
• Multi-port, Multi-stream ICA• 4 random ports at client, 1 primary and up to 3 secondary ports on server
• Most common deployment if used without Branch Repeater
• Single-port, Single-stream ICA• 1 random port at client, 1 primary port on server
• The pre-MSI default connection type
• If any Branch Repeater on the link vetos MSI, or old versions used
Citrix Confidential - Do Not Distribute
Multi-Stream ICA Terminology
Citrix Confidential - Do Not Distribute
Enable MSI on ICA Server
Citrix Confidential - Do Not Distribute
Enable MSI on Branch Repeater
For backward compatibility, MSI is disabled by default on
Branch Repeater, XenDesktop and XenApp
Citrix Confidential - Do Not Distribute
Up to 4 TCP connections for a single ICA application
This is the first view that MSI is working as expected
Citrix Confidential - Do Not Distribute
How MSI streams are identified
Under Monitoring Citrix (ICA/CGP)
ICA Statistics ICA Session Count
If MSI is active and connected, Multi Stream
counter will be non-zero
• Only Branch Repeater can parse a single port/multi-stream
ICA connection and apply QoS appropriately.
• The benefits:
• Lower overhead on the network and server infrastructure
• Works on standard ICA (CGP) ports, does not require Firewalls reconfiguration
• Hassle-free, automated IT administration
• In all other cases, you get multi-server port MSI or single-
stream ICA
Citrix Confidential - Do Not Distribute
What is the competitive advantage
Multi-Stream ICA in Action
compressed and encrypted ICA data
•Application UI performance level is maintained.
•Printing traffic does not adversely affect this or
any other WAN users.
Session 1 GUI Session 1 Printing Session 2 GUI
Complete Exercise 4
Reporting, Monitoring and Statistics
• The Branch Repeater Admin Console now has a landing page called Dashboard.
• The Dashboard can be automatically refreshed as well as manually refreshed by clicking the Refresh button.
• The sections that are displayed and the refresh rate can be customized also buy clicking the Customize button.
Citrix Confidential - Do Not Distribute
The New Dashboard
• Branch Repeater has a new graphing and statistics rendering engine.
• Graphing options include• Pie Charts
• Stacked Area Graphs
• Line Graphs
• Dynamic bar graphs
• Data and statistics can be displayed in tables with hyperlinked cells for data drill down.
The New Graphs and Tables
The New Graphs and Tables
• Branch Repeater has a new graphing and statistics rendering engine.
• Graphing options include• Pie Charts
• Stacked Area Graphs
• Line Graphs
• Dynamic bar graphs
• Data and statistics can be displayed in tables with hyperlinked cells for data drill down.
• Generating reports now produces a multi-page PDF document that can be saved or printed.
• Graphs displayed in reports are determined by the graph display settings within the Admin console.
• Reports can include historical data as well as can be run as a aggregate or drill down report.• (more on this later)
The New PDF Reports with Historical Data
• The Monitoring pages are now listed in a collapsible Monitoring node, and listed alphabetically.
• Changes, enhancements or additions have been made to the following monitoring pages:• Connections
• Filesystem (CIFS/SMB)
• Citrix (ICA/CGP)
• Secure Partners
Citrix Confidential - Do Not Distribute
The Monitoring Pages
• The Connections page now used a tabular interface with separate tabs for Accelerated and non-accelerated connections.
• Connection filtering can now be done by Service Class.
• The connections lists now have customizable columns.
Monitoring Changes
UR:0 NONE "internal (accelerated)"
UR:1 UNKNOWN "unknown"
UR:2 NO_ORBITAL "no partner unit detected"
UR:3 NO_SYN_SEEN"routing asymmetry detected: not all packets are going through this
unit"
UR:4 NO_SYN_ACK_SEEN"routing asymmetry detected, not all packets are going through this
unit, (no SYN-ACK seen)"
UR:5 NO_SPACE_FOR_OPTIONS"not enough room left in the TCP packet header to append unit
specific options"
UR:6 POLICY "service policy rule"
UR:7 PORT_EXCLUDE "acceleration port include or exclude list"
UR:8 IP_EXCLUDE "acceleration ip address include or exclude list"
UR:9 MODE_MISMATCH"one unit is configured with softboost mode and the other with
hardboost mode"
UR:10 MAX_CONNECTIONS_LIMIT "maximum number of accelerated connection reached"
UR:11MAX_SYN_TRIES_EXCEED
ED
"could not connect to the destination when unit specific options
were appended to the tcp packet"
UR:12 DONT_PROBE
"could not connect to the destination when unit specific options
were appended to the tcp packet, but connection without such
options succeeded"
UR:13 ORBS_ON_BOTH_SIDES "this unit is between two other units and daisy-chaining is enabled"
UR:14 MAX_FAST_FLOWS_LIMIT "maximum number of simultaneous partner units reached"
UR:15 BAD_LOCAL_SRC_IP "no proxy entry for source IP address is configured"
UR:16 SIMULATION_MODE "unit runs in simulation mode"
UR:17 PORT_LIMIT_LICENSE"connections with this TCP port are not allowed to be accelerated
by the license"
UR:18 BAD_PROXY_CONFIG "bad proxy configuration detected on the partner unit"
UR:19 PROXY_EXLUDED_PORT
"bad proxy configuration detected, acceleration for connections
with this source or destination TCP port is disabled by port include
or exclude list"
UR:20 PROXY_LOOP "bad proxy configuration detected: there is a loop"
UR:21 OUT_OF_SOCKETS "too many proxy connections: failed to allocate a socket"
UR:22 NO_HANDSHAKE_SEEN "no initial TCP handshake seen"
UR:23 GROUP"a different member of the appliance group accelerates this
connection"
UR:24 NO_AUTO_DISCOVERY "auto-discovery disabled"
UR:25 GROUP_PASSTHROUGH "acceleration disabled in group mode"
UR:26EDGE_CONNECTION_WITH_
BAD_VIP
"appliance received an Citrix Acceleration Plug-in connection
with wrong destination VIP"
UR:27NO_CONNECTION_TO_APPLI
ANCE"no connection to appliance"
UR:28 INCORRECT_MODE "Transparent connection at an appliance in redirector mode"
UR:29 CLIENT_RULES "client rules disallow acceleration"
UR:30NO_SIGNALING_CONN_TO_C
LIENT"no signaling connection to client"
UR:31ISA_CACHED_LOCAL_CONNE
CTION"ISA cached local connection"
UR:32ISA_NAT_INITIATED_LOCAL_
CONNECTION"ISA NAT local connection"
UR:33MAX_ACTIVE_CONNECTIONS
_LIMIT"maximum number of active accelerated connection reached"
UR:34SYN_ACK_WITHOUT_OPTION
S"a syn-ack was received without options"
UR:35SSL_VPN_CONNECTION_REF
LECTING_TRAFFIC
"an ssl VPN is causing packets to transverse the Acceleration
Plug-in multiple times"
UR:36 APPLIANCE_IS_ON_LAN "Appliance/Client are on the same LAN",
UR:37APPLIANCE_SIGNALING_CON
NECTION"Signaling connection to partner appliance"
UR:38CACHED_LOCAL_CONNECTI
ON"HTTP Cached Local Connection"
Admin console reporting has been re written and organized into the Reports node.
The aggregate reports available are:• Compression
• LAN vs. WAN Traffic
• Link Usage
• Service Classes
• Top Applications
• Traffic Shaping
• Within each of these aggregate report views, several drill down reports are available in addition to all PDF reports.
The Reporting Pages
• The Top Applications report breaks out total throughput and relative bandwidth usage by application and optionally by link for both send and receive traffic.
• Report windows range from the last minute to last month, as well as since last appliance restart.
• Up to 10 applications can be reported on at a time, while being displayed in either line graphs or stacked area graphs.
• Click Customize allows you to select specific links as well as the number of applications to report on.
Report Creation Example
• Clicking on the Active Applications tab displays a list of all identified application and service traffic (TCP and UDP) at the current moment.
• Clicking Customize allows the specifying if configured Links to report on.
• Then clicking an application name hyperlink displays application specific link usage for send and receive traffic.
Report Creation Example
• Clicking on the Active Applications tab displays a list of all identified application and service traffic (TCP and UDP) at the current moment.
• Clicking Customize allows the specifying if configured Links to report on.
• Then clicking an application name hyperlink displays application specific link usage for send and receive traffic.
Report Creation Example
• Click the PDF Report button to generate a report isolating that application only.
Report Creation Example
• Clicking on the Administrator Interface node under Configuration accesses all GUI access and display related settings.
• Enabling and disabling of graphs, graph combinations, and refresh rates are all controlled here.
• Clicking on the Clear Statistics node under System Maintenance accesses the clearing of link, application, traffic shaping and service class statistics.
Configuration – Refresh and Clear
Complete Exercise 5
The “Ask me anything…” slide