Anda di halaman 1dari 195

PacketShaper PacketShaper ISP

Getting Started Guide


Models 1200, 1550, 1700, 2500, 3500, 6500, 7500, 9500, 10000 PacketWise 8.0

P/N 20-0237-01 Revision B

Disclaimer
THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY EXPRESS OR IMPLIED WARRANTY OF ANY KIND, INCLUDING WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT OF INTELLECTUAL PROPERTY, OR FITNESS FOR ANY PARTICULAR PURPOSE. IN NO EVENT SHALL PACKETEER OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OF OR INABILITY TO USE THIS DOCUMENT OR THE PRODUCTS DESCRIBED HEREIN, EVEN IF PACKETEER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME JURISDICTIONS PROHIBIT THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. Packeteer and its suppliers further do not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this document, or assume liability for any incidental, indirect, special, or consequential damages in connection with the furnishing, use, or performance of the information in this document. Packeteer may make changes to this document, or to the products or software described herein, at any time, without notice. Packeteer makes no commitment to update this document.

Copyright/Trademarks/Patents
Packeteer, the Packeteer logo, and combinations of Packeteer and the Packeteer logo, as well as PacketWise, PacketSeeker, PacketShaper, PacketShaper Xpress, and PolicyCenter, are trademarks or registered trademarks of Packeteer, Inc. in the United States and other countries. Other product and company names used in this document are used for identification purposes only, may be trademarks of other companies, and are the property of their respective owners. Copyright 19962006 Packeteer, Inc. All rights reserved. No part of this document may be reproduced, photocopied, stored on a retrieval system, transmitted, or translated into another language without the express written consent of Packeteer, Inc. PacketShaper, PacketShaper Xpress and PacketSeeker appliances, and PolicyCenter and PacketWise software protected by, or for use under, one or more of the following U.S. Patents: 5,802,106; 6,018,516; 6,038,216; 6,046,980; 6,115,357; 6,205,120; 6,285,658; 6,298,041; 6,412,000, 6,456,630; 6,457,051; 6,591,299; 6,741,563; 6,928,052; 6,934,745; 6,970,432; 7,003,572; 6,460,085; 6,529,477; 6,584,083; 6,654,344 and 6,934,255; 7,013,342 and 7,012,900. Other U.S. and international patents pending. Portions of the product incorporate software licensed from General Software, Inc. Copyright 2001 General Software, Inc. All rights reserved. This product also includes software for zipping and unzipping. Copyright 1990-2001 Info-ZIP. All rights reserved.

U.S. Government Restricted Rights


Packeteer software comprises commercial computer software and commercial computer software documentation as such terms are used in 48 C.F.R. 12.212 (SEPT 1995) and is provided to the United States Government (i) for acquisition by or on behalf of civilian agencies, consistent with the policy set forth in 48 C.F.R. 12.212; or (ii) for acquisition by or on behalf of units of the Department of Defense, consistent with the policies set forth in 48 C.F.R. 227-7202-1 (JUN 1995) and 227.7202-3 (JUN 1995). Packeteer software is provided with RESTRICTED RIGHTS. Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in FAR 52.227-14 and DFAR 252.227-7013 et seq. or their successors. Use of Packeteer products or software by the U.S. Government constitutes acknowledgment of Packeteers proprietary rights in them and to the maximum extent possible under federal law, the U.S. Government shall be bound by the terms and conditions set forth in Packeteers end user agreement. Packeteer, Inc. 10201 North De Anza Boulevard Cupertino, CA 95014 http://www.packeteer.com

Printing History
June, 2006 PacketWise 8.0

Regulatory Information
For information on regulatory compliance, see Appendix F:, Safety and Regulatory Information.

ABOUT THIS GUIDE


Getting Started Guide The PacketShaper Getting Started Guide provides the basic information needed for setting up the PacketShaper and initially configuring the PacketWise software. Chapter 1: Before You Install covers information you need to know before you set up your PacketShaper, such as determining a deployment strategy and filling in the preinstallation checklist. Chapter 2: Hardware Installation (PacketShaper 1200, 1550, 2500, 6500) includes instructions and illustrations to help you connect your PacketShaper to the network. Chapter 3: Hardware Installation (PacketShaper 1700, 3500, 7500) provides the same information as Chapter 2, with information specific to the 1700, 3500 and 7500 models. Chapter 4: Hardware Installation (PacketShaper 9500, 10000) provides the same information as Chapter 2, with information specific to the 9500 and 10000 models. Chapter 5: PacketWise Software Configuration explains how to initially configure the PacketWise software and modify the settings after installation. Chapter 6: Redundant Configurations is for deployments in which two PacketShapers are used redundantly, for example two units connected to different routers in a redundant topology. Chapter 7: Non-Inline Deployment explains how PacketShapers can monitor networks when deployed non-inline for monitoring and/or compression estimation. This capability is part of the watch mode feature. The final chapters are product-specific. Read the chapter that corresponds to the product you are using (PacketShaper, Xpress, or PacketShaper ISP): Chapter 8: PacketShaper Quick Start tells you how to quickly become productive with your PacketShaper. This chapter provides basic instructions on using a PacketShaper to classify traffic, analyze application and network performance, and solve performance problems. For complete detailed information, see PacketGuide (described on next page). Chapter 9: Getting Started with Compression and Acceleration describes the compression and acceleration modules and explains how to configure Xpress and view reports. Chapter 10: PacketShaper ISP Quick Start shows service providers an effective way to set up the PacketShaper ISP to allocate bandwidth to their subscribers.

Other Resources

Online Help The PacketWise browser interface contains context-sensitive help with sufficient detail to assist you in setting up and maintaining configurations. To access help, click the help button and context-sensitive help will display in a separate window. The command-line interface (CLI) also has online help, which provides command syntax details. PacketGuide Included with all PacketShaper models is a browser-based reference resource called PacketGuide. In addition to complete reference material pertaining to the use of PacketWise software, PacketGuide contains recommendations for using Packeteer products to solve common network and application problems.

PacketShaper Getting Started Guide

There are three ways to access PacketGuide: Click the packetguide button in the PacketWise browser interface. Enter the following URL in your Netscape or Internet Explorer browser window:
http://support.packeteer.com/documentation/packetguide/version.htm

and then choose version 8.0 from the PacketShaper list. Use the PacketGuide CD included with your PacketShaper. Quick Start Guide This concise booklet is shipped with all units and covers hardware installation and basic configuration. Complete installation and configuration instructions are provided in the Getting Started Guide (this manual). PacketGuide CD The PacketGuide CD includes an off-line version of the PacketGuide reference resource, plus PDF versions of the Quick Start Guide, Getting Started Guide, CLI Commands, Release Notes, and Preconfigured Graphs documents. Note that the latest online versions of these documents can be found by clicking the packetguide button in the PacketWise browser interface. Customer Support If you have a technical question about your PacketShaper, go to the Packeteer customer support website: http://support.packeteer.com. This website has a Technical Information Library (TIL) and an Online Support Center. Best Practices The Best Practices website offers a single location where you can come to answer the question, What should I be doing now? in any phase of your process with Packeteer products. It lists and describes the tasks involved at the various stages of deployment, and it provides links to information contained elsewhere on Packeteer websites that can give you detailed specifics. The URL is:
http://support.packeteer.com/documentation/BestPractices/

PacketShaper Getting Started Guide

TABLE OF CONTENTS
CHAPTER 1: BEFORE YOU INSTALL
Introduction .................................................................................................................................................. 1-1 Determining Your Enterprise Deployment Strategy .................................................................................... 1-3 Placing PacketShapers into Redundant Topologies ..................................................................................... 1-8 Deploying Non-Inline PacketShapers .......................................................................................................... 1-9 Determining Your PacketShaper ISP Deployment Strategy ...................................................................... 1-10 Determining Which Mode to Use............................................................................................................... 1-11 Pre-Installation Checklist for Local Mode ................................................................................................. 1-12 Pre-Installation Checklist for Shared Mode ............................................................................................... 1-17

CHAPTER 2: HARDWARE INSTALLATION (PACKETSHAPER 1200, 1550, 2500, 6500)


Overview ...................................................................................................................................................... 2-1 Front Panel.................................................................................................................................................... 2-2 Rack-Mounting the Unit (optional) .............................................................................................................. 2-4 Connecting a PacketShaper to the Network ................................................................................................. 2-5 Turning on the PacketShaper........................................................................................................................ 2-7

CHAPTER 3: HARDWARE INSTALLATION (PACKETSHAPER 1700, 3500, 7500)


Overview ...................................................................................................................................................... 3-1 Front Panel.................................................................................................................................................... 3-2 Rack-Mounting the Unit (optional) .............................................................................................................. 3-4 Connecting a PacketShaper to the Network ................................................................................................. 3-5 Turning on the PacketShaper........................................................................................................................ 3-8

CHAPTER 4: HARDWARE INSTALLATION (PACKETSHAPER 9500, 10000)


Overview ...................................................................................................................................................... 4-1 Front Panel.................................................................................................................................................... 4-2 Rack-Mounting the Unit (optional) .............................................................................................................. 4-5 Connecting the PacketShaper 9500/10000 to the Network .......................................................................... 4-6 Turning on the PacketShaper 9500/10000 ................................................................................................. 4-13

CHAPTER 5: PACKETWISE SOFTWARE CONFIGURATION


Before You Begin......................................................................................................................................... 5-1 Configuring the PacketWise Software ......................................................................................................... 5-6 Changing Settings after Installation ............................................................................................................. 5-9

CHAPTER 6: REDUNDANT CONFIGURATIONS


Modifying a PacketShaper for Direct Standby............................................................................................. 6-4 Connecting to a Redundant Router Topology ............................................................................................ 6-12 Setting Up Direct Standby.......................................................................................................................... 6-22

CHAPTER 7: NON-INLINE DEPLOYMENT


Overview....................................................................................................................................................... 7-1 Connecting Non-Inline Units to the Network............................................................................................... 7-3 Configuring Watch Mode ............................................................................................................................. 7-7 Connecting to a Network Tap ....................................................................................................................... 7-9 Configuring the Compression Estimator .................................................................................................... 7-10

CHAPTER 8: PACKETSHAPER QUICK START


Overview....................................................................................................................................................... 8-1 Classifying Traffic on the Network .............................................................................................................. 8-2 Analyzing Network Traffic........................................................................................................................... 8-4 Solving Performance Problems .................................................................................................................... 8-7 Advanced Features...................................................................................................................................... 8-10

CHAPTER 9: GETTING STARTED WITH XPRESS COMPRESSION AND ACCELERATION


Overview....................................................................................................................................................... 9-1 Migrating to Xpress 8.0 ................................................................................................................................ 9-6 Using Enhanced Tunnel Mode ................................................................................................................... 9-13

CHAPTER 10: PACKETSHAPER ISP QUICK START


Overview..................................................................................................................................................... 10-1 Using the Classification-Accelerator Cache ............................................................................................... 10-2 Traffic Tree Configuration.......................................................................................................................... 10-3 Defining Classes for Each Subscriber ........................................................................................................ 10-5 Allocating Bandwidth to Subscribers ......................................................................................................... 10-7 Creating a Data Entry Form........................................................................................................................ 10-8 Verifying that the IP Class Lookup Accelerator Cache is Being Used ...................................................... 10-9 Advanced Features.................................................................................................................................... 10-10

APPENDIX A: PRODUCT SPECIFICATIONS


PacketShaper 10000 Specifications ............................................................................................................. A-1 PacketShaper 9500 Specifications ............................................................................................................... A-2 PacketShaper 7500 Specifications ............................................................................................................... A-3 PacketShaper 6500 Specifications ............................................................................................................... A-4 PacketShaper 3500 Specifications ............................................................................................................... A-5 PacketShaper 2500 Specifications ............................................................................................................... A-6 PacketShaper 1700 Specifications ............................................................................................................... A-7 PacketShaper 1550 Specifications ............................................................................................................... A-8 PacketShaper 1200 Specifications ............................................................................................................... A-9

APPENDIX B: PINOUT DESCRIPTIONS


Console Port Pinout Description.................................................................................................................. B-1

APPENDIX C: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 1700


Power Supply................................................................................................................................................C-1 Field-Replaceable Cooling Unit ...................................................................................................................C-2

APPENDIX D: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 3500, 7500


Power Supplies .............................................................................................................................................D-1 Field-Replaceable Hard Drive ......................................................................................................................D-2 Field-Replaceable Cooling Units .................................................................................................................D-5

APPENDIX E: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 9500, 10000


Hot-Swappable Power Supplies ................................................................................................................... E-1 Field-Replaceable Hard Drive (10000) ........................................................................................................ E-4 Field-Replaceable Cooling Unit (10000) ..................................................................................................... E-7

APPENDIX F: SAFETY AND REGULATORY INFORMATION


Safety Warnings ........................................................................................................................................... F-1 Electro-Magnetic Interference/Compatibility and Safety Compliance ........................................................ F-5 Proper Disposal of Packeteer Products......................................................................................................... F-8 RoHS Compliance ........................................................................................................................................ F-8

INDEX

CHAPTER 1: BEFORE YOU INSTALL


Introduction
Packeteer Products This guide covers the installation and setup of the following Packeteer products: PacketShaper The PacketShaper is the physical platform that supports Packeteers WAN application optimization components. Four modules are available: Monitoring: The monitoring module, included with all PacketShapers, lets you gain visibility into your network. The PacketShaper tells you precisely which applications traverse the network, what portion of the network they consume, how well they perform, and where delays originate. A PacketShaper configured with only a monitoring module was previously known as a PacketSeeker. Shaping: Enabled with a software key, the shaping module allows you to take control of network traffic. With shaping, the PacketShaper can boost or curb application performance over the WAN and Internet using policy-based bandwidth allocation. Flexible policies protect critical applications, pace greedy traffic, limit recreational usage, and block malicious activity. Compression: Enabled with a software key, the compression module increases the usable capacity of your network. Compression enables more data to flow through constrained WAN links, freeing bandwidth to enhance the performance of applications that are most critical. A PacketShaper with the compression module was previously known as a PacketShaper Xpress. Acceleration: The acceleration module enhances the performance of applications on your network. Acceleration allows you to maximize bandwidth utilization, speed up application response times, accelerate the transfer of large files, and minimize the impact of other problems that are common with TCP-based applications on high-latency links.

PacketShaper ISP PacketShaper ISP models all include the monitoring and shaping modules (the compression and acceleration modules are not available for the PacketShaper ISP). The PacketShaper ISPs high-level capacities for classes and partitions allow service providers and universities to perform bandwidth farming: they can allocate bandwidth to each of their subscribers or students and use the PacketShapers extensive reports to verify usage. Information about hardware installation and software setup that is applicable to all Packeteer products is covered in the first part of this guide (Chapters 17). Specific configuration information for each Packeteer product is included in Quick Start chapters (Chapters 810).

Considerations

Before you proceed to hardware and software setup, you need to consider the following: Your placement strategy Its important to know where you will install the PacketShapers in your network. The locations depend on a number of factors, such as the type of network topology and what traffic you want the unit to monitor and manage. See

PacketShaper Getting Started Guide

1-1

Chapter 1: Before You Install

Determining Your Enterprise Deployment Strategy on page 1-3, Placing PacketShapers into Redundant Topologies on page 1-8, Deploying Non-Inline PacketShapers on page 1-9, or Determining Your PacketShaper ISP Deployment Strategy on page 1-10. Which mode youll use When you run Guided Setup, the initial software configuration program, you will need to select either local or shared mode. The modes are explained in Determining Which Mode to Use on page 1-11. Your configuration settings By filling in the checklist on page 1-12 (local mode) or page 1-17 (shared mode), you will have all the information you need to answer the Guided Setup questions.

1-2

PacketShaper Getting Started Guide

Chapter 1: Before You Install

Determining Your Enterprise Deployment Strategy


PacketShapers generally sit behind WAN-link routers and/or Internet-link routers at main sites and branch offices. Each unit must be positioned so it sees all the traffic you want to monitor or manage. The most common topological locations for PacketShapers are at the: Main sites WAN link connects a main site to branch offices across a private corporate WAN Main sites Internet link connects a main site to branch offices across a virtual private network (VPN) and/or is a link to the Internet Main sites WAN/Internet links and at each branch office referred to as a distributed deployment Each of these deployment strategies is illustrated and described in detail in the following pages. For additional information, see the technical guide, Enterprise Deployment Topologies. Some enterprises first deploy PacketShapers at the main sites WAN and/or Internet links. Then, as the need for more granular management at branch offices is identified, additional units are deployed at the branches. Note: For installing a PacketShaper unit into a redundant network topology, see page 1-8; for a non-inline deployment, see page 1-9. For PacketShaper ISP deployment strategies, see page 1-10.

PacketShapers are not Intended to be Firewalls Although PacketShapers can help identify performance problems due to viruses, worms, and denial-of-service attacks and can even help block some of this undesired traffic, they are not intended to act as firewalls. Packeteer recommends that you use a firewall or antivirus tools to protect your network from viruses and worms.

Main Site WAN Link Deployment

When a main site WAN link connects the main site to branch offices across a private corporate WAN, connect the PacketShaper to the WAN router as shown in the illustration below.

Enterprise Servers

Corporate WAN

PacketShaper

Main Site LAN

Main Site WAN Link

Branch Offices Connected via WAN

PacketShaper Getting Started Guide

1-3

Chapter 1: Before You Install

Assuming that you want to manage the WAN connections of the branch offices in addition to the main sites WAN link, this strategy is appropriate in hub-and-spoke topologies where the PacketShaper can see all branch traffic. All branch traffic must go through the main site PacketShaper, and there should be no direct branch-to-branch traffic. In this deployment strategy, the application and intranet servers are at the main sites data center, and each branch office must access the Internet through either the main site or a totally separate Internet connection that doesnt use the same last-mile WAN connection.

Note: Pure hub-and-spoke design is not necessary if you are managing only the main sites WAN link and not the branch offices WAN connections.

There are two basic reasons for placing a PacketShaper at a main site WAN link: To monitor or provision bandwidth to each branch office To monitor or provision bandwidth to each branch office and analyze and/or control individual application performance at each site

Depending on your purpose for deploying a PacketShaper, you will need to configure your unit differently. See the Enterprise Deployment Topologies guide for details. The number of branch offices a single PacketShaper can support depends on the complexity of the configuration. For example, in a complex configuration where a unit is managing bandwidth for each remote site in addition to controlling individual application performance at each site, a PacketShaper would not be able to manage as many branch offices as in a simpler configuration where the unit is not controlling application performance.

Main Site Internet Link Deployment

A main site Internet link topology has a PacketShaper unit at the main sites link to VPNconnected branch offices, dial-up VPN users, partner extranets, and/or simply the Internet. Applications for VPN-connected branch offices are hosted at the main site servers.

Enterprise Servers

Main Site LAN PacketShaper

Internet

Main Site Internet Link

Branch Offices Connected via VPN

When an Internet link supports both critical and casual traffic, you can use a PacketShaper to distinguish between the different types of Internet traffic. For example, a PacketShaper with the Monitor Module can determine how much of the link is going to web browsing and MP3 downloads, and even produce a list of top link users and Web destinations. With PacketShapers control module features, you can make sure dial-up users get the bandwidth they need, contain unsanctioned music downloads, and pace Voice over IP (VoIP) and streaming video traffic for stutter-free performance.

1-4

PacketShaper Getting Started Guide

Chapter 1: Before You Install

Virtual Private Networks (VPN) If you use VPN, you can install PacketShaper on either side of your VPN gateway. Its position with respect to the VPN gateway dictates whether it will classify applications before or after encryption. If you want to be able to classify, monitor, or control individual applications, place the PacketShaper between the LAN and the VPN gateway (see first illustration below). On the other hand, if you want to classify and protect all encrypted VPN traffic, place the unit between the router and the VPN gateway (second illustration).
VPN gateway LAN Internet router PacketShaper

LAN VPN gateway

router Internet PacketShaper

Multiple LANs (DMZ and Private LAN) If you have a private local-area network (LAN) and a Demilitarized Zone (DMZ) connected to your Internet link, you can purchase a Packeteer LAN Expansion Module (LEM) to provide additional connections. The private LAN is connected to the built-in ports, and the DMZ is connected to the LEM ports.
DMZ LAN

LAN Internet PacketShaper with LEM firewall with DMZ port router

PacketShaper Getting Started Guide

1-5

Chapter 1: Before You Install

Proxy Server/NAT Some proxy servers also perform Network Address Translation (NAT), so both functions need to be considered when you are determining the placement of PacketShapers. To be effective, the units should be placed outside a proxy server, since proxy servers typically terminate and restart TCP sessions. A unit inside a proxy server would see all inbound traffic sourced from the proxy server.

inside

outside

Internet proxy server PacketShaper router

LAN web server mail server

For details on configuring the traffic tree at a main site Internet link, see the Enterprise Deployment Topologies guide.

Distributed Deployment (Main Site and Branch Offices)

A distributed deployment includes PacketShapers at the main site and at each branch office. This strategy monitors and/or controls all application performance at all offices regardless of network size or topology. By having PacketShapers at each branch office in addition to the main site, you can get a more granular view of application bandwidth use and performance.

Enterprise Servers

Corporate WAN

PacketShaper

Main Site LAN

Internet PacketShaper

Main Site WAN Link

Main Site InternetLink

PacketShapers

PacketShapers

Branch Offices Connected via WAN

Branch Offices Connected via VPN

1-6

PacketShaper Getting Started Guide

Chapter 1: Before You Install

To effectively control bi-directional non-TCP-based applications, such as UDP and IPX, youll need to place PacketShapers on both ends of the link, one at the main site to control traffic outbound to the branch office, and one at the branch office to control traffic outbound to the main site. This is also recommended for point-to-point and mesh topologies that use technologies like Frame Relay and SMDS.
Main Site Branch Offices

router Frame Relay cloud

PacketShaper clients

PacketShaper server router PacketShaper

servers

PacketShaper with Compression or Acceleration Another topology that requires a distributed deployment is one which includes a PacketShaper configured with the compression and/or acceleration modules (previously known as a PacketShaper Xpress). The Xpress feature works by identifying other Xpressenabled PacketShapers on the network and dynamically setting up a communication link, called a tunnel, between the units, and sendng data through the tunnels. In the illustration below, Tunnel A is created for the traffic between the clients in Branch Office A and the servers at the main site. Likewise, Tunnel B is created for the traffic between the clients in Branch Office B and the main site servers. Tunnel C is created for the traffic between the clients in Branch Office A and the clients in Branch Office B. For more information on using Xpress, see Chapter 9, Getting Started with Xpress Compression and Acceleration.
Branch Office A Main Site Servers Branch Office B

PacketShaper Corporate WAN

PacketShaper Main Site LAN

PacketShaper Internet

PacketShaper

Tunnel A Tunnel C

Tunnel B

Packet Capture Another reason you might want PacketShapers at each site is to analyze detailed information about packets. Using the packet capture feature, you can capture packets for future analysis. For details on configuring the traffic trees at branch offices and main sites in a distributed deployment, see the Enterprise Deployment Topologies guide.

PacketShaper Getting Started Guide

1-7

Chapter 1: Before You Install

Placing PacketShapers into Redundant Topologies


PacketShapers can be placed into a variety of redundant topologies those with redundant routers, redundant switches, two data paths, two LANs, and/or redundant firewalls. For the PacketShapers to function in these topologies, connect one unit into each redundant network path and the directly connect the two units. This Packeteer feature is called direct standby. One of the basic direct standby topologies is illustrated below. For additional topologies and details on connecting PacketShapers into these redundant topologies, see Connecting to a Redundant Router Topology on page 6-12.

clients

WAN

Live data path Direct connection

PacketShapers routers switches servers

Notes: To use a PacketShaper in a redundant network, a Packeteer LAN Expansion Module (LEM) is required. If you are already using a LEM for another purpose, you will need two LEMs. PacketShapers must be directly connected through the upper-most or right-most LEM. Direct standby is not available when using enhanced Xpress tunnels; it can only be enabled when the PacketShaper is set to legacy tunnel mode. For more information on direct standby, see Redundant Configurations on page 6-1.

1-8

PacketShaper Getting Started Guide

Chapter 1: Before You Install

Deploying Non-Inline PacketShapers


When you want to monitor traffic without having the PacketShaper cabled into the main data path, you can use Packeteers watch mode feature. This feature works with all PacketShapers except for those running enhanced or migration mode compression. When a unit is in watch mode, it passively watches the traffic on your network and performs all typical monitoring tasks: identify your network traffic, measure response times, track bandwidth utilization, notify you of conditions of interest, and report on the performance of your applications and network. Additionally, watch mode can estimate outbound compression gains, so that you can see how much compression would be achieved if PacketShapers were deployed inline. Compression estimation mode is for evaluation purposes only, since it does not actually compress data.

Note: Because a PacketShaper in watch mode cannot perform traffic shaping, this feature is more often used on PacketShapers configured only with the monitoring module. If your PacketShaper is configured with the compression module, you must set compression to legacy mode prior to enabling watch mode.

One of the basic non-inline topologies is shown below. For illustrations of all supported topologies, see Chapter 7.
Routers

PacketShaper
Outside port (for monitoring) Inside port (for management) SPAN port

Switch

The PacketShaper can also be connected to the network through a tap. A network tap is a transmit-only hardware device, placed inline, that provides a permanent access port for passive network monitoring. When a PacketShaper is connected to a tap, it receives the same traffic as if it were located directly on the wire.
Routers

Hub PacketShaper Tap

Switch

PacketShaper Getting Started Guide

1-9

Chapter 1: Before You Install

Determining Your PacketShaper ISP Deployment Strategy


To maximize performance, configure PacketShaper ISP models so that the inside port of the unit is on the same side as the blocks of IP addresses being managed. The following network topologies show configurations that optimize PacketShaper ISP units. For details on configuring PacketShaper ISP units, see Chapter 11, PacketShaper ISP Quick Start.

ISP Upstream Link

To set up an ISP upstream link configuration, connect the PacketShaper ISP units outside port to the router and connect the inside port to the ISP network.

Internet
router

outside

inside

ISP Network

PacketShaper ISP

Cable or DSL Head End

To set up a cable or DSL head end configuration, connect the PacketShaper ISPs outside port to the ISP network and the inside port to the distribution network that contains the users.

outside

inside

ISP Network
PacketShaper ISP DSLAM or cable head-end

cable or DSL users

1-10

PacketShaper Getting Started Guide

Chapter 1: Before You Install

Determining Which Mode to Use


Local Mode vs. Shared Mode PacketShapers can operate two different ways. Local mode is for units operating independently. For example, if you have only a few units and they serve different functions, use local mode. If you have many units, but some of them perform a unique function, put the unique units in local mode. If a unit will be in local mode, complete the checklist in this chapter titled Pre-Installation Checklist for Local Mode on page 1-12. Shared mode uses a directory server and works with PolicyCenter, a centralized management application used to configure and manage multiple PacketShapers throughout the enterprise. PolicyCenter offers a quick way to set up many units with similar configurations, for example, dozens (or even hundreds) of PacketShapers installed at your branch offices. If you decide to purchase PolicyCenter, install PolicyCenter first and then install your PacketShapers in shared mode. (For more information, see the PolicyCenter Getting Started Guide.) For PacketShapers in shared mode, complete the checklist in this chapter titled Pre-Installation Checklist for Shared Mode on page 1-17.

Determining Your Local Operating Mode

If you are configuring a PacketShaper in local mode, the Guided Setup utility will prompt you to select an operating mode: Shaping This option enables traffic discovery and shaping. Use this setting to automatically discover the traffic running on your network and apply default policies and partitions. To create new policies and partitions, see Chapter 9. Monitor Only Use this mode to have PacketShaper automatically create traffic classes based on the traffic it detects, but not control (shape) the traffic. Monitor Only mode is the most common choice for initial setup, since users typically want to discover and monitor traffic before turning on shaping controls. Shaping can be enabled later under the setup tab. Custom Traffic discovery and shaping are initially disabled. These options can be enabled later under the setup tab. If you have PacketShaper 1200, you will want to select Custom mode.

PacketShaper Getting Started Guide

1-11

Chapter 1: Before You Install

Pre-Installation Checklist for Local Mode


You will need to supply the information described below to configure your PacketShaper. To prepare for Guided Setup, fill in the third column with your settings. You may need to consult your system administrator or network administrator. Parameter IP Address Description IP address to be assigned to the PacketShaper, for example 10.1.2.3 Consult your network administrator to obtain an unassigned address. Note that when using the compression module (Xpress), all PacketShaper Xpress units need to be assigned additional IP addresses in order to exchange data with all other Xpress units. For more information, see the Compression parameter at the end of this section. Net Mask Subnet mask for the subnet on which the PacketShaper resides, for example 255.255.255.0 IP address of the access router to the link the PacketShaper is managing, for example 10.1.2.254 When you set the site router to none (recommended), the unit manages all traffic passing through it, regardless of whether the traffic is going to or from the site router. Most customers set site router to none; this is the recommended setting. When you set a site router IP address, the unit only monitors/manages Ethernet packets going to and from this router. All other Ethernet packets, including multicast, are ignored. Your Setting

Site Router

Note: When configuring a PacketShaper with the acceleration module, site router must be set to none.

Gateway

IP address the PacketShaper uses to reach other networks, for example 10.1.2.254 The gateway routes PacketShaper-initiated transactions to a non-local address.

DNS List (optional)

IP address(es) of the Domain Name Server(s), for example 192.181.5.1 You can enter a maximum of eight addresses, separated by spaces.

Domain Name (optional)

Default domain name, for example packeteer.com

1-12

PacketShaper Getting Started Guide

Chapter 1: Before You Install

Parameter Look Password

Description Password for read-only access, for example READ. Passwords can be up to nineteen characters long and are case sensitive. They can consist of a combination of letters, numbers, and all special characters. Password for read/write access, for example 7JX1R5 Inbound and outbound link speeds in bits per second. Use the same link speed as that set in the network router. Data rates may be specified as integer bits per second, followed by a k (thousands), M (millions), or G (billions), or specified symbolically (T1, E1, T3). Examples: 1.536 M or T1. For a full-duplex WAN link, enter the total link speed for the inbound and outbound rates. Because full-duplex has wires that can simultaneously communicate in both inbound and outbound directions, you should enter the same rate for Inbound Rate and Outbound Rate. For example, if you have two T1 lines (3 Mbps), you should enter 3M for Inbound Rate and 3M for Outbound Rate. In rare situations in which the PacketShaper is managing half-duplex links, split the rate between the inbound and outbound links. For example, if you are managing a 10 Mbps half-duplex link, you could configure 5 Mbps for the inbound rate and 5 Mbps for the outbound rate since data can be transmitted in only one direction at a time. Note: If you set any NIC in the PacketShaper to halfduplex, you will not be able to transmit and receive at the same time, limiting the bandwidth to half. For example, if you have set 10 Mbps half-duplex on the NIC, the PacketShaper will be able to pass only 5 Mbps IN and 5 Mbps OUT at one time. Hence, you will not be able to manage a WAN link size greater than 5 Mbps. When using the direct standby feature (described in Chapter 6) in a load-sharing topology, set the link speed to the sum of both WAN links. Because each unit receives copied packets from its partner, the overall Inbound and Outbound partition sizes must be able to support that level of extra traffic. In this situation, you may want to use the access-link monitoring feature (advanced mode) to monitor the routers WAN interfaces and avoid over-subscribing the WAN bandwidth. See PacketGuide for details.

Your Setting

Touch Password Inbound and Outbound Rates

PacketShaper Getting Started Guide

1-13

Chapter 1: Before You Install

Parameter Inbound and Outbound Rates (continued)

Description The linksize key associated with a units shaping license may enforce an upper limit on the configurable link size. Note: 10BaseT links rarely reach the 10 Mbps limit. Keep Ethernets practical limits in mind when configuring rates. If your unit is using LAN Expansion Modules (LEMs) to manage different WAN links and you dont want to control each LEM separately, the rate should be the size of the smallest LEM. For example, if you have two 100 Mbps LEMs managing two links, you should specify 100M for the rate. On the other hand, if you want to control each link separately, the rate should be the sum of the link speeds on all devices. For example, if the built-in device is controlling a T1 line (1.5 Mbps) and a LEM is managing two T1 lines (3.0 Mbps), you should specify 4.5M for the rate. To control traffic across each link separately, you can create a class for each device (for example, Builtin_LEM and Upper_LEM) and assign partitions that match the link size (1.5M for the Builtin_LEM class and 3.0M for the Upper_LEM class). If your unit is using two LEMs to manage a single WAN link, specify the WAN link speed for the rate. Although the Info page will give you an error message (such as Link speed of 155 Mbps exceeds outside NIC speed of 100 Mbps) in the latter situation, it is still appropriate to specify the actual size of the link for the rate.

Your Setting

1-14

PacketShaper Getting Started Guide

Chapter 1: Before You Install

Parameter Inside and Outside NIC Modes

Description PacketShaper 1200, 1550, 1700, 2500, 3500, 6500, 7500 Choose: auto-negotiate, 10BaseT half-duplex, 10BaseT full-duplex, 100BaseT half-duplex, 100BaseT full-duplex, or 1000BaseT full-duplex (1700, 3500, and 7500 only). When you select auto-negotiate, the PacketShaper detects the connected devices port speed and configures the speed and duplex settings for a best match. While the PacketShaper automatically negotiates ports according to the IEEE 802u standard, other connected devices may not operate in compatible modes, which can result in connectivity problems. PacketShaper 9500, 10000 (Gigabit Fiber-Optic) The choices for gigabit fiber-optic are auto-negotiate, autoneg-only, and 1000BaseX full-duplex. If autonegotiate is specified and auto-negotiation signals are not received from the other side, the negotiation will time out in one second and the interface will be set at 1000 fixed. To force auto-negotiation without timing out, use the autoneg-only option. PacketShaper 3500, 7500, 9500, 10000 (Gigabit Ethernet) For gigabit Ethernet, you can specify auto-negotiate or 1000BaseT full-duplex. (1000BaseT actually does the same thing as auto-negotiate; manual setting to gigabit Ethernet is not part of the 802.3 Ethernet standard.) Note: Although you can specify different fixed speeds on the Inside and Outside interfaces, such a configuration will result in a network interruption if the PacketShaper is turned off because the end devices will not be able to negotiate the correct speed for the link.

Your Setting

Time Zone

A drop-down menu that allows you to select the time zone. (The default is local time, depending on time zone configuration.) Once you configure a time zone, the local time automatically changes at the start and end of daylight savings time.

Date

Current date. Enter the date in the format: mm dd yyyy, for example 01 15 2005 for January 15, 2005. Current time. Enter the time in the 24-hour format: hh:mm:ss, for example 14:36:23.

Time

PacketShaper Getting Started Guide

1-15

Chapter 1: Before You Install

Parameter Operating Mode (PacketShaper)

Description See Determining Your Local Operating Mode on page 1-11 for details on the three operating modes: Shaping, Monitor Only, and Custom. The PacketShaper can be configured to compress, pack, and accelerate data based on application type. When these features are enabled, a tunnel will be created automatically and will be used to transport compressed, packed, and/or accelerated data between PacketShapers. Use the Xpress tab in the browser interface to define Xpress-IP addresses, enable features, and configure other compression or acceleration settings. You will need to configure units situated on both sides of the tunnel. On PacketShapers configured with the compression module, you can choose one of three modes for Xpress: Legacy Use legacy mode to enable compression tunnels between PacketShapers running the same compression mode (note that enhanced compression and acceleration was introduced in PacketWise 8.0). Enhanced Use enhanced mode to enable compression tunnels only between PacketShapers running PacketWise 8.0 or later. Migration Use migration mode to enable both legacy and enhanced modes. Legacy tunnels will be created between this PacketShaper and other PacketShapers running versions of PacketWise earlier than 8.0, and enhanced tunnels between this PacketShaper and other PacketShapers running PacketWise 8.0 or later. For more information about configuring Xpress, see Getting Started with Xpress Compression and Acceleration on page 9-1.

Your Setting

Xpress Compression and Acceleration

1-16

PacketShaper Getting Started Guide

Chapter 1: Before You Install

Pre-Installation Checklist for Shared Mode


You will need to supply the information described below to configure your PacketShaper in shared mode (that is, to work with PolicyCenter). To prepare for Guided Setup, fill in the third column with your settings. You may have to consult your system administrator or network administrator. Parameter IP Address Description IP address to be assigned to the PacketShaper, for example 10.1.2.3 Consult your network administrator to obtain an unassigned address. Net Mask Subnet mask for the subnet on which the PacketShaper resides, for example 255.255.255.0 IP address of the access router to the link the PacketShaper is managing, for example 10.1.2.254 When you set the site router to none (recommended), the unit manages all traffic passing through it, regardless of whether the traffic is going to or from the site router. Most customers set site router to none; this is the recommended setting. When you set a site router IP address, the unit only monitors/manages Ethernet packets going to and from this router. All other Ethernet packets are ignored. Your Setting

Site Router

Note: When configuring a PacketShaper with the acceleration module, site router must be set to none.

Gateway

IP address the PacketShaper uses to reach other networks, for example 10.1.2.254 The gateway routes PacketShaper-initiated transactions to a non-local address. The gateway address is often the same as the site router address.

DNS List (optional)

IP address(es) of the Domain Name Server(s), for example 192.181.5.1 You can enter a maximum of eight addresses separated by spaces.

Domain Name (optional) Directory Server Host Name

Default domain name, for example packeteer.com

The domain name or dotted-decimal IP address for the Directory Server. The Directory Server is usually the computer with PolicyCenter installed on it.

PacketShaper Getting Started Guide

1-17

Chapter 1: Before You Install

Parameter Default Touch Password

Description Password to access PolicyCenter default group, for example 7JX1R5; allows you to add units to PolicyCenter. Passwords can be up to nineteen characters long and are case sensitive. They can consist of letters, numbers, and all special characters. PacketShaper 1200, 1700, 1550, 2500, 3500, 6500, 7500 Choose: auto-negotiate, 100BaseT half-duplex, 10BaseT full-duplex or 100BaseT full-duplex. When you select auto-negotiate, the PacketShaper detects the connected devices port speed and configures the speed and duplex settings for a best match. While the PacketShaper automatically negotiates ports according to the IEEE 802u standard, other connected devices may not operate in compatible modes, which can result in connectivity problems. PacketShaper 9500, 10000 (Gigabit Fiber-Optic) The choices for gigabit fiber-optic are auto-negotiate, autoneg-only, and 1000BaseX full-duplex. If autonegotiate is specified and auto-negotiation signals are not received from the other side, the negotiation will time out in one second and the interface will be set at 1000 fixed. To force auto-negotiation without timing out, use the autoneg-only option. PacketShaper 3500, 7500, 9500, 10000 (Gigabit Ethernet) For gigabit Ethernet, you can specify auto-negotiate or 1000BaseT full-duplex. (1000BaseT actually does the same thing as auto-negotiate; manual setting to gigabit Ethernet is not part of the 802.3 Ethernet standard.) Note: Although you can specify different fixed speeds on the Inside and Outside interfaces, such a configuration will result in a network interruption if the PacketShaper is turned off because the end devices will not be able to negotiate the correct speed for the link.

Your Setting

Inside and Outside NIC Modes

Time Zone

A drop-down menu that allows you to select the time zone. (The default is local time, depending on time zone configuration.) Once you configure a time zone, the local time automatically changes at the start and end of daylight savings time.

1-18

PacketShaper Getting Started Guide

CHAPTER 2: HARDWARE INSTALLATION (PACKETSHAPER 1200, 1550, 2500, 6500)


Overview
This chapter describes how to install a PacketShaper (model 1200, 1550, 2500, 6500) into your network. Installing a unit is simple: no network reconfiguration is required. You can insert Packeteer units directly into your existing network. These are the steps you will follow: 1. 2. 3. Rack-mount the unit (optional). Connect the PacketShaper to the network. Connect the power and (for some units) turn the unit on.

Failover Bypass

A bypass switch connects the inside and outside built-in interfaces together when a Packeteer unit is not powered on or is reset. This feature prevents the unit from interrupting network traffic. When set into bypass mode, the PacketShaper acts like a crossover cable, so cabling configurations that work with the unit powered on will also work with the unit powered off. As part of installation testing, you should verify that network devices attached to the PacketShaper correctly negotiate Ethernet options (speed and duplex), both with the unit powered on and with the unit powered off. When the unit is powered on, each device negotiates Ethernet options with the corresponding port of the PacketShaper. When the unit is powered off and in bypass mode, the devices must be able to negotiate with each other directly in order to prevent network downtime.

Note: When using the standby feature, the hardware bypass must be disabled. For more information about the standby feature and instructions for disabling the hardware bypass relays, see Redundant Configurations on page 6-1.

PacketShaper Getting Started Guide

2-1

Chapter 2: Hardware Installation (PacketShaper 1200, 1550, 2500, 6500)

Front Panel
A PacketShaper front panel, shown in the following illustration, has two network ports, INSIDE and OUTSIDE. The unit has an AT-compatible DB-9 serial port (CONSOLE) to connect a terminal or PC to the unit for local configuration. (A null-modem cable is provided for this purpose.) The LCD (liquid crystal display) panel on the front of some Packeteer models indicate the units operating state; see LCD Panel on page 2-7 for more information.
Outside RJ-45 Connector Inside RJ-45 Connector

DB-9 Serial Port

Expansion Slots

CONSOLE STATUS FAULT POWER

LINK Tx/Rx 100

INSIDE

LINK Tx/Rx 100

OUTSIDE

LCD

Note: The front panel of your unit may differ from the one shown. See Hardware Features on page 2-3 to see which features your unit has.

A straight-through and an orange crossover patch cable with RJ-45 connectors are provided to complete the installation. See Connecting a PacketShaper to the Network on page 2-5 for additional information to help you determine which cable to use. If you are managing more than one LAN or using the direct standby feature, you can add LAN Expansion Modules (LEMs) to the expansion slots.

LED Indicators

The front panel has the following LED indicators: Indicator Status Description If all of the following conditions are true, the Status LED is green: all links are up traffic shaping is on the configured site router address is detected by the PacketShaper, or the site router address is set to none If any of the above conditions are not true, the LED is amber. Fault Power Illuminated when unit is in safe or corrupted mode Illuminated when unit is plugged into an active power outlet and the unit is turned on Illuminated when the network cable is properly connected on both ends Flickers when the unit is transmitting and receiving data

Link

Tx/Rx

2-2

PacketShaper Getting Started Guide

Chapter 2: Hardware Installation (PacketShaper 1200, 1550, 2500, 6500)

Indicator 100 Indicates link speed: green = 100 Mbps off = 10 Mbps

Description

Hardware Features

PacketShaper models have different features, as described below: Maximum Link Speed 2 Mbps 2 Mbps 10 Mbps 100 Mbps Expansion Slots for LEMs none none 2 2

Model

Power

LCD

1200 1550 2500 6500

single outlet with switch single outlet with switch single outlet with switch dual outlets with no switch

no no yes yes

See Appendix A for detailed product specifications.

PacketShaper Getting Started Guide

2-3

Chapter 2: Hardware Installation (PacketShaper 1200, 1550, 2500, 6500)

Rack-Mounting the Unit (optional)


PacketShapers can be installed in standard 19-inch racks. Included with the unit are: 2 mounting brackets 6 bracket screws 4 mounting screws

Each side of the Packeteer case has three sets of screw holes (located in the front, middle, and rear) so that you can rack-mount the box in any of these positions. The following illustration shows details for rack installation:

Rack Rack Air Flow Vents

Bracket
STATU S FAULT POWE R CONS OLE

Rear-Mounting Position
LINK Tx/Rx 100 INSIDE LINK Tx/Rx 100 OUTS IDE

Bracket Mounting Screws

Center-Mounting Position Front-Mounting Position

Bracket Screws

To rack-mount a PacketShaper: 1. 2. 3. Decide whether the unit will be mounted in the front, center, or rear position in the rack, and locate the corresponding set of screw holes on the sides of the case. Attach one bracket to the left side of the unit and one bracket to the right side, as shown. Each bracket requires three bracket screws. Attach the PacketShaper to the rack with two mounting screws on the racks left side and two mounting screws on the racks right side, as shown.

When operating the unit in an equipment rack, ensure that: The ambient temperature around the unit (which may be higher than the room temperature) is within the limit specified for the unit There is sufficient airflow around the unit Electrical circuits are not overloaded consider the nameplate rating of all the connected equipment, and make sure you have over current protection. The equipment is properly grounded No objects are placed on top of the unit

2-4

PacketShaper Getting Started Guide

Chapter 2: Hardware Installation (PacketShaper 1200, 1550, 2500, 6500)

Connecting a PacketShaper to the Network

Selecting the Right Cable

Note: If you are deploying a PacketShaper in a redundant configuration, see Chapter 6, Redundant Configurations, for instructions and illustrations of supported topologies.

You can use either a crossover or straight-through cable to connect a PacketShaper to a network. Which cable you use depends on what you are connecting directly to the unit. Follow these guidelines when connecting devices: Between a Packeteer unit and a: router firewall server uplink ports hub switch Use this cable: crossover (orange) crossover (orange) crossover (orange) crossover (orange) straight-through straight-through

Connecting to a Router

To connect a PacketShaper to a router: 1. 2. 3. On the router, disconnect the straight-through cable that goes to the switch or hub. Reconnect this cable to the PacketShapers front panel port labeled INSIDE. Connect the OUTSIDE port to the router, using the orange crossover cable.
Router
INPUT 100-240 MAX 50-60Hz

Transceiver

Outside RJ-45 Connector Inside RJ-45 Connector PacketShaper

CONSOLE STATUS FAULT POWER

LINK Tx/Rx 100

INSIDE

LINK Tx/Rx 100

OUTSIDE

To Hub

4.

Proceed to Turning on the PacketShaper on page 2-7.

PacketShaper Getting Started Guide

2-5

Chapter 2: Hardware Installation (PacketShaper 1200, 1550, 2500, 6500)

Connecting to a Server

To connect a PacketShaper to a server: 1. 2. 3. 4. On the server, disconnect the straight-through cable that goes to the switch or hub. Connect this cable to the PacketShapers front panel port labeled OUTSIDE. Connect the orange crossover cable to the units port labeled INSIDE. Connect the other end of this cable to the server.
Server

Outside RJ-45 Connector Inside RJ-45 Connector PacketShaper

CONSOLE STATUS FAULT POWER

LINK Tx/Rx 100

INSIDE

LINK Tx/Rx 100

OUTSIDE

To Hub

5.

Proceed to Turning on the PacketShaper on page 2-7.

2-6

PacketShaper Getting Started Guide

Chapter 2: Hardware Installation (PacketShaper 1200, 1550, 2500, 6500)

Turning on the PacketShaper


Your PacketShaper may have a dual power supply. If it does, connect both power connectors, using two separate AC outlets. 1. Connect the power cord(s) to the PacketShapers outlet(s) and plug the other end into AC power. If the unit has redundant power supplies, connect the power cords to outlets on separate circuit breakers. If there is a power switch on the back, turn the power on.

2.

LCD Panel

An LCD on the front of some PacketShaper models indicate the units operating state. The LCD graphically represents the traffic throughput for the units inside and outside interfaces. Every six seconds, the PacketShaper checks for conditions that may affect normal operations and then displays appropriate messages on the LCD. The following status information should be displayed sequentially on the Packeteer LCD after power is connected: LCD Information Booting... Version: 8.0 PacketShaper State System Startup Initialization Description The PacketShaper initializes and displays the startup status on the LCD. Upon successful bootup, the software version is displayed for several seconds. The numbers represent the amount of inbound and outbound traffic in Mbps. The bar graphs represent the percentage of link speed consumed by the inbound and outbound traffic. To the right of the bar, a vertical line indicates the tensecond peak.

Operational Mode Throughput Graph alternates with message Not Configured

3.

Check the following: Are the transmit (Tx) and receive (Rx) LEDs illuminated and flickering on the front panel of your Packeteer unit? If they are, the cables are connected correctly. Does the LCD window have an error message? If so, see Problems? on page 2-8.

4.

Follow the directions in Chapter 5 to configure your software.

PacketShaper Getting Started Guide

2-7

Chapter 2: Hardware Installation (PacketShaper 1200, 1550, 2500, 6500)

Problems?

Is there an error message in the LCD window? If so, check this chart for directions. PacketShaper Condition Bypass mode

Message

Description In bypass mode, the LCD no longer displays the bar graph. Bypass mode prevents both packet shaping and network management access. For additional details, see the setup shaping command in the online PacketGuide. Contact Packeteer Support. Unable to detect link state of the inside interface. Check Packeteer unit cabling. Unable to detect link state on both interfaces. Check PacketShaper cabling. L=Lower These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling. Indicates that the PacketShaper is configured only with the monitoring module. To shape, compress, or accelerate traffic, additional modules must be purchased. Site router is incorrectly configured or PacketWise cannot find it. Use the setup tab in the browser interface or the setup siterouter CLI command to configure a site router. This is expected, since you havent configured the system yet. This message will disappear after you run Guided Setup to set the PacketShapers IP address for your network. Unable to detect link state of the outside interface. Check PacketShaper cabling.

? Bypass Mode

Corrupt Config

Corrupt file Network connectivity problem Network connectivity problem Network connectivity problem

? In Link Down

? Links Down

L-InLink Down L-OutLink Down

Measurement Only

Unit not licensed to shape traffic

No Router Found

Network connectivity problem

Not Configured

Factory-default IP address configured

? Out Link Down

Network connectivity problem

2-8

PacketShaper Getting Started Guide

Chapter 2: Hardware Installation (PacketShaper 1200, 1550, 2500, 6500)

Message Power 1 Failed

PacketShaper Condition Power supply problem

Description Your PacketShaper may have redundant power supplies. If one fails, the other one keeps the unit operational. Verify that both power supplies are connected to a power source. If this message occurs when both power supplies are connected to a power source, contact your reseller for service.

Router Inside

Network connectivity problem Network connectivity problem Safe mode

The site router is incorrectly connected to the INSIDE port. See Connecting a PacketShaper to the Network on page 25. A site router has not been configured. Use the setup tab in the browser interface or the setup siterouter CLI command to configure a site router. PacketWise reverts to safe mode after repeated system failures. For safe mode details, see Safe Mode in the online PacketGuide. Shaping can be enabled by going to the setup tab in the browser interface. U=Upper These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling.

Router=0.0.0.0

Safe Mode

? Shaping Off
U-InLink Down U-OutLink Down

Shaping is not enabled Network connectivity problem

PacketShaper Getting Started Guide

2-9

Chapter 2: Hardware Installation (PacketShaper 1200, 1550, 2500, 6500)

2-10

PacketShaper Getting Started Guide

CHAPTER 3: HARDWARE INSTALLATION (PACKETSHAPER 1700, 3500, 7500)


Overview
This chapter describes how to install a PacketShaper 1700, 3500, or 7500 into your network. Installing a unit is simple: no network reconfiguration is required. You can insert PacketShapers directly into your existing network. These are the steps you will follow: 1. 2. 3. Rack-mount the unit (optional). Connect the PacketShaper to the network. Connect the power and turn the unit on.

Failover Bypass

A bypass switch connects the inside and outside built-in interfaces together when a PacketShaper is not powered on or is reset. This feature prevents the unit from interrupting network traffic. When set into bypass mode, the PacketShaper acts like a crossover cable, so cabling configurations that work with the unit powered on will also work with the unit powered off. As part of installation testing, you should verify that network devices attached to the PacketShaper correctly negotiate Ethernet options (speed and duplex), both with the unit powered on and with the unit powered off. When the unit is powered on, each device negotiates Ethernet options with the corresponding port of the PacketShaper. When the unit is powered off and in bypass mode, the devices must be able to negotiate with each other directly in order to prevent network downtime. Note: When using the direct standby feature, the hardware bypass must be disabled. For more information about the standby feature and instructions for disabling the hardware bypass relays, see Redundant Configurations on page 6-1.

PacketShaper Getting Started Guide

3-1

Chapter 3: Hardware Installation (PacketShaper 1700, 3500, 7500)

Front Panel
An example of a PacketShaper front panel is shown in the illustration below. While the front panel of your unit may differ in appearance, all PacketShaper 1700, 3500, and 7500 models include the following features: An LCD (liquid crystal display) panel that indicates the PacketShapers operating state; see LCD Panel on page 3-8 for more information Two RJ-45 Ethernet ports, INSIDE and OUTSIDE One RJ-45 Ethernet out-of-band management port (MGMT) to access and manage the unit on a management network; see Using the Out-of-Band Management Port (1700/3500/7500 only) on page 5-1 One AT-compatible DB-9 serial port (CONSOLE) to connect a terminal or PC to the PacketShaper for local configuration Two USB ports, reserved for future use
DB-9 Serial Port Expansion Slots

INSIDE

INSIDE

SPEED

SPEED

Tx/Rx

Tx/Rx

LINK

LINK

IN: OUT:

USB Power Status Fault

CONSOLE CONSOLE

MGMT
LINK Tx/Rx SPEED

INSIDE
LINK Tx/Rx SPEED

OUTSIDE
LINK Tx/Rx SPEED OUTSIDE OUTSIDE

LCD

USB Ports

Management RJ-45 Connector Inside RJ-45 Connector Outside RJ-45 Connector

3500/7500 models only: expansion slots for LAN Expansion Modules (LEMs), which are used when managing more than one LAN or using the direct standby feature.

A straight-through and an orange crossover patch cable with RJ-45 connectors are provided to complete the installation. See Connecting a PacketShaper to the Network on page 3-5 for additional information to help you determine which cable to use.

LED Indicators

The front panel has the following LED indicators: Indicator Fault Description Illuminated when unit is in safe or corrupted mode

3-2

PacketShaper Getting Started Guide

Chapter 3: Hardware Installation (PacketShaper 1700, 3500, 7500)

Indicator Status

Description If all of the following conditions are true, the Status LED is green: all links are up traffic shaping is on the configured site router address is detected by the PacketShaper, or the site router address is set to none If any of the above conditions are not true, the LED is amber.

Power Link Tx/Rx Speed

Illuminated when unit is plugged into an active power outlet and the unit is turned on Illuminated when the network cable is properly connected on both ends Flickers when the unit is transmitting and receiving data Indicates link speed: amber = 1 Gbps green = 100 Mbps off = 10 Mbps

Hardware Features

The PacketShaper 1700 has the following hardware features: Supports maximum link speed of 45 Mbps Power switch Field-replaceable power supply Field-replaceable, hot-swappable cooling unit

The PacketShaper 3500 and 7500 have the following hardware features: Supports maximum link speed of 200 Mbps (7500) and 45 Mbps (3500) Power switch for each power supply Field-replaceable power supply; the PacketShaper 7500 has two hot-swappable power supply modules Field-replaceable, hot-swappable cooling unit Field-replaceable hard drive Two expansion slots

See Product Specifications on page A-1 for detailed product specifications. See FieldReplaceable Components: PacketShaper 1700 on page C-1 and Field-Replaceable Components: PacketShaper 3500, 7500 on page D-1 for instructions on installing fieldreplaceable components.

PacketShaper Getting Started Guide

3-3

Chapter 3: Hardware Installation (PacketShaper 1700, 3500, 7500)

Rack-Mounting the Unit (optional)


PacketShapers can be installed in standard 19-inch racks. Included with the unit are: 2 mounting brackets 6 bracket screws 4 mounting screws

Each side of the Packeteer case has two sets of screw holes (located in the front and middle) so that you can rack-mount the box in either of these positions. The following illustration shows details for rack installation:

Rack

Rack Bracket

Air Flow Vents

Mounting Screws

Bracket Center-Mounting Position

Front-Mounting Position

Bracket Screws

To rack-mount a PacketShaper: 1. 2. 3. Decide whether the unit will be mounted in the front or center position in the rack, and locate the corresponding set of screw holes on the sides of the case. Attach one bracket to the left side of the unit and one bracket to the right side, as shown. Each bracket requires three bracket screws. Attach the PacketShaper to the rack with two mounting screws on the racks left side and two mounting screws on the racks right side, as shown.

When operating the unit in an equipment rack, ensure that: The ambient temperature around the unit (which may be higher than the room temperature) is within the limit specified for the unit There is sufficient airflow around the unit Electrical circuits are not overloaded consider the nameplate rating of all the connected equipment, and make sure you have over current protection. The equipment is properly grounded No objects are placed on top of the unit

3-4

PacketShaper Getting Started Guide

Chapter 3: Hardware Installation (PacketShaper 1700, 3500, 7500)

Connecting a PacketShaper to the Network

Note: If you are deploying a PacketShaper in a redundant configuration, see Chapter 6, Redundant Configurations, for instructions and illustrations of supported topologies. If you are deploying a PacketShaper non-inline, see Chapter 7, Non-Inline Deployment.

Selecting the Right Cable

You can use either a crossover or straight-through cable to connect a PacketShaper to a network. Which cable you use depends on what you are connecting directly to the unit. Follow these guidelines when connecting devices: Between a PacketShaper and a: router firewall server uplink ports hub switch Use this cable: crossover (orange) crossover (orange) crossover (orange) crossover (orange) straight-through straight-through

Connecting to a Router

To connect a PacketShaper to a router: 1. 2. 3. On the router, disconnect the straight-through cable that goes to the switch or hub. Reconnect this cable to the PacketShapers front panel port labeled INSIDE. Connect the OUTSIDE port to the router, using the orange crossover cable.
Router
INPUT 100-240 MAX 50-60Hz

Transceiver

Outside RJ-45 Connector Inside RJ-45 Connector PacketShaper

IN: OUT:

USB CONSOLE Power Status Fault

MGMT
LINK Tx/Rx SPEED

INSIDE
LINK Tx/Rx SPEED

OUTSIDE
LINK Tx/Rx SPEED

To Hub

PacketShaper Getting Started Guide

3-5

Chapter 3: Hardware Installation (PacketShaper 1700, 3500, 7500)

4.

If desired, connect an Ethernet cable from the MGMT port to a router on your management network.
Router
INPUT 100-240 MAX 50-60Hz

Transceiver

Management Port PacketShaper

IN: OUT:

USB CONSOLE Power Status Fault

MGMT
LINK Tx/Rx SPEED

INSIDE
LINK Tx/Rx SPEED

OUTSIDE
LINK Tx/Rx SPEED

To Hub

To Management Network

5.

Proceed to Turning on the PacketShaper on page 3-8.

3-6

PacketShaper Getting Started Guide

Chapter 3: Hardware Installation (PacketShaper 1700, 3500, 7500)

Connecting to a Server

To connect a PacketShaper to a server: 1. 2. 3. 4. On the server, disconnect the straight-through cable that goes to the switch or hub. Connect this cable to the PacketShapers front panel port labeled OUTSIDE. Connect the orange crossover cable to the units port labeled INSIDE. Connect the other end of this cable to the server.
Server

Outside RJ-45 Connector Inside RJ-45 Connector PacketShaper

IN: OUT:

USB CONSOLE Power Status Fault

MGMT
LINK Tx/Rx SPEED

INSIDE
LINK Tx/Rx SPEED

OUTSIDE
LINK Tx/Rx SPEED

To Hub

5.

If desired, connect an Ethernet cable from the MGMT port to a router on your management network.
Server

Management Port PacketShaper

IN: OUT:

USB CONSOLE Power Status Fault

MGMT
LINK Tx/Rx SPEED

INSIDE
LINK Tx/Rx SPEED

OUTSIDE
LINK Tx/Rx SPEED

To Hub

To Management Network

6.

Proceed to Turning on the PacketShaper on page 3-8.

PacketShaper Getting Started Guide

3-7

Chapter 3: Hardware Installation (PacketShaper 1700, 3500, 7500)

Turning on the PacketShaper


PacketShaper 1700 and 3500 units have one power supply module; the PacketShaper 7500 has two hot-swappable modules. For information about replacing power supply modules, see Appendix D (1700) and Appendix E (3500, 7500).

Powering On

One power cable is included for each installed power supply. Each power supply has its own power switch, located on the back of the unit. 1. 2. 3. Connect the power cord(s) to the PacketShapers outlet(s) in the back of the unit. Plug the other ends of the power cord(s) into AC power. When using two power supplies, be sure to connect the two power cords to outlets on separate circuit breakers. Press the power switch on each power supply.

Powering Off

To turn off the PacketShaper, press the power switch(es) or disconnect the power cord(s). Note: Behind the rear access door is a reset button that should not be used without the direction of Packeteer customer support or a qualified systems engineer. Pressing this button will result in a hardware reset, causing all PacketShaper functions to cease temporarily.

LCD Panel

An LCD on the front of the unit indicate the operating state. The LCD graphically represents the traffic throughput for the units inside and outside interfaces. Every six seconds, the PacketShaper checks for conditions that may affect normal operations and then displays appropriate messages on the LCD. The following status information should be displayed sequentially on the Packeteer LCD after power is connected: LCD Information Booting... Version: 8.0 PacketShaper State System Startup Initialization Description The PacketShaper initializes and displays the startup status on the LCD. Upon successful bootup, the software version is displayed for several seconds. The numbers represent the amount of inbound and outbound traffic in Mbps. The bar graphs represent the percentage of link speed consumed by the inbound and outbound traffic. To the right of the bar, a vertical line indicates the tensecond peak.

Operational Mode Throughput Graph alternates with message Not Configured

4.

Check the following: Are the transmit (Tx) and receive (Rx) LEDs illuminated and flickering on the front panel of your PacketShaper? If they are, the cables are connected correctly. Does the LCD window have an error message? If so, see Problems? on page 3-9.

3-8

PacketShaper Getting Started Guide

Chapter 3: Hardware Installation (PacketShaper 1700, 3500, 7500)

5.

Follow the directions in Chapter 5 to configure your software.

Problems?

Is there an error message in the LCD window? If so, check this chart for directions. PacketShaper Condition Regulators indicate that voltage is out of the normal range

Message Bad 2.5v reg Bad 3.3v reg Bad 5v reg Bad 12v reg Bad CPU reg Bad Right LEM Bad Left LEM

Description Contact Packeteer Support.

Incompatible LEM installed

PacketShaper 3500/7500 units require a LEM designed specifically for these models. If your unit doesnt recognize the LEM or you get one or both of the LCD error messages shown (opposite), you may have installed a LEM that was designed for a different PacketShaper model. In bypass mode, the LCD no longer displays the bar graph. Bypass mode prevents both packet shaping and network management access. For additional details, see the setup shaping command in the online PacketGuide. Contact Packeteer Support. Unable to detect link state of the inside interface. Check cabling. Unable to detect link state on both interfaces. Check Packeteer unit cabling. L=Left These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling. Indicates that the PacketShaper is configured only with the monitoring module. To shape, compress, or accelerate traffic, additional modules must be purchased. Site router is incorrectly configured or PacketWise cannot find it. Use the setup tab in the browser interface or the setup siterouter CLI command to configure a site router.

? Bypass Mode

Bypass mode

Corrupt Config

Corrupt file Network connectivity problem Network connectivity problem Network connectivity problem

? In Link Down

? Links Down

L-InLink Down L-OutLink Down

Measurement Only

Unit not licensed to shape traffic

No Router Found

Network connectivity problem

PacketShaper Getting Started Guide

3-9

Chapter 3: Hardware Installation (PacketShaper 1700, 3500, 7500)

Message Not Configured

PacketShaper Condition Factory-default IP address configured

Description This is expected, since you havent configured the system yet. This message will disappear after you run Guided Setup to set the PacketShapers IP address for your network. Unable to detect link state of the outside interface. Check PacketShaper cabling. Power 1 refers to the lower power supply. Power 2 refers to the upper power supply (PacketShaper 7500 only). The PacketShaper 7500 has redundant power supplies. If one fails, the other one keeps the unit operational. Verify that both power supplies are connected to a power source. If this message occurs when both power supplies are connected to a power source, contact your reseller for service.

? Out Link Down

Network connectivity problem Power supply problem

Power 1 Failed Power 2 Failed

Router Inside

Network connectivity problem Network connectivity problem Safe mode

The site router is incorrectly connected to the INSIDE port. See Connecting a PacketShaper to the Network on page 35. A site router has not been configured. Use the setup tab in the browser interface or the setup siterouter CLI command to configure a site router. PacketWise reverts to safe mode after repeated system failures. For safe mode details, see Safe Mode in the online PacketGuide. Shaping can be enabled by going to the setup tab in the browser interface. R=Right These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling.

Router=0.0.0.0

Safe Mode

? Shaping Off
R-InLink Down R-OutLink Down

Shaping not enabled Network connectivity problem

3-10

PacketShaper Getting Started Guide

CHAPTER 4: HARDWARE INSTALLATION (PACKETSHAPER 9500, 10000)


Overview
This chapter describes how to connect PacketShaper models 9500 or 10000 to your copper Ethernet or fiber-optic Ethernet network. Installing a unit is simple: no network reconfiguration is required. You can insert PacketShapers directly into your existing network. These are the steps you will follow: 1. 2. 3. Rack-mount the unit (optional). Connect the PacketShaper to the network. Connect the power and turn the unit on.

Failover Bypass

A bypass switch connects the inside and outside interfaces together when a PacketShaper with RJ-45 connectors is not powered on or is reset. This feature prevents the unit from interrupting network traffic. When set into bypass mode, the PacketShaper acts like a crossover cable, so cabling configurations that work with the unit powered on will also work with the unit powered off. The failover bypass capability is built into PacketShaper 9500 and 10000 models with RJ-45 connectors.

Note: In order to use the failover bypass feature on fiber-optic PacketShaper 9500 and 10000 models, you need to purchase and install the Packeteer Fiber Bypass Switch. See Connecting a PacketShaper 9500/10000 to a Fiber Bypass Switch on page 4-10.

As part of installation testing, you should verify that network devices attached to the PacketShaper correctly negotiate Ethernet options (speed and duplex), both with the unit powered on and with the unit powered off. When the unit is powered on, each device negotiates Ethernet options with the corresponding port of the PacketShaper. When the unit is powered off and in bypass mode, the devices must be able to negotiate with each other directly in order to prevent network downtime.

Note: When using the standby feature, you must disable the hardware bypass on PacketShaper 9500 and 10000 models with RJ-45 connectors. For more information about the standby feature and instructions for disabling the hardware bypass relays, see Redundant Configurations on page 6-1.

PacketShaper Getting Started Guide

4-1

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

Front Panel
The front panel of PacketShaper models 9500 and 10000 varies depending on whether it has RJ-45 or fiber-optic connectors. Refer to the section below that applies to your model.

RJ-45 Connectors

As shown in the following illustration, the front panel of PacketShaper models 9500 and 10000 has two RJ-45 ports, INSIDE and OUTSIDE for connecting to an Ethernet LAN using twisted-pair cables. The unit also has an AT-compatible DB-9 serial port (CONSOLE) to connect a terminal or PC to the unit for local configuration. (A nullmodem cable is included for this purpose.) The LCD (liquid crystal display) panel indicates the units operating state; see LCD Panel on page 4-13 for more information.
Outside RJ-45 Connector Inside RJ-45 Connector DB-9 Serial Port Expansion Slots

INSIDE
LINK Tx/Rx SPEED
INSIDE

OUTSIDE
LINK Tx/Rx SPEED
OUTSIDE

CONSOLE STATUS FAULT POWER

LCD

A straight-through and an orange crossover patch cable with RJ-45 connectors are provided to complete the installation. See Connecting the PacketShaper 9500/10000 to the Network on page 4-6 for information to help you determine which cable to use. If you are managing more than one LAN or using the direct standby feature, you can add LAN Expansion Modules (LEMs) to the expansion slots.

Fiber-Optic Connectors

The fiber-optic PacketShaper 9500/10000 front panel, shown in the following illustration, has two fiber-optic ports, labeled INSIDE and OUTSIDE. You can install either SX or LX small form-factor pluggable (SFP) transceivers into these ports. The CONTROL port can be used with the Packeteer Fiber Bypass Switch to provide failover bypass; see Connecting a PacketShaper 9500/10000 to a Fiber Bypass Switch on page 4-10. If you do not have the bypass switch, the CONTROL port is not used.

4-2

PacketShaper Getting Started Guide

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

The unit also has an AT-compatible DB-9 serial port (CONSOLE) to connect a terminal or PC to the unit for local configuration. A null-modem cable is included for this purpose. The LCD (liquid crystal display) panel indicates the units operating state; see LCD Panel on page 4-13 for more information.
Outside Transceiver Inside Transceiver DB-9 Serial Port Bypass Control Port Expansion Slots

INSIDE
CONTROL

OUTSIDE
Link Tx/Rx
SX/LX
OUTSIDE

Link Tx/Rx
SX/LX

INSIDE

CONSOLE STATUS FAULT POWER

LCD

If you are managing more than one LAN or using the direct standby feature, you can add LAN Expansion Modules (LEMs) to the expansion slots.

LED Indicators

The front panel has the following LED indicators: Indicator Status Description If all of the following conditions are true, the Status LED is green: all links are up traffic shaping is on the configured site router address is detected by the PacketShaper, or the site router address is set to none If any of the above conditions are not true, the LED is amber. Fault Power Illuminated when unit is in safe or corrupted mode Illuminated when unit is plugged into an active power outlet and the unit is turned on Illuminated when the network cable is properly connected on both ends Flickers when the unit is transmitting and receiving data Indicates link speed: amber = 1 Gbps green = 100 Mbps off = 10 Mbps

Link

Tx/Rx Speed (copper Ethernet)

PacketShaper Getting Started Guide

4-3

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

Indicator SX/LX (fiber-optic)

Description Indicates types of fiber-optic transceiver installed in the port: green = SX yellow = LX

Hardware Features of PacketShaper 9500 Models

PacketShaper 9500 models have the following hardware features: Power switch Supports maximum link speed of 200 Mbps LCD RJ-45 or fiber-optic connectors Two expansion slots for LAN Expansion Modules Dual hot-swappable power supplies

See Product Specifications on page A-1 for detailed product specifications. For instructions on installing field replaceable components, see Field-Replaceable Components: PacketShaper 9500, 10000 on page E-1.

Hardware Features of PacketShaper 10000 Models

PacketShaper 10000 models have has the following hardware features: Power switch Supports maximum link speed of 1 Gbps LCD RJ-45 or fiber-optic connectors Two expansion slots for LAN Expansion Modules Dual hot-swappable power supplies Field-replaceable hard drive Field-replaceable cooling unit

See Product Specifications on page A-1 for detailed product specifications. For instructions on installing field replaceable components, see Field-Replaceable Components: PacketShaper 9500, 10000 on page E-1.

4-4

PacketShaper Getting Started Guide

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

Rack-Mounting the Unit (optional)


PacketShapers can be installed in standard 19-inch racks. Included are: 2 mounting brackets 6 bracket screws 4 mounting screws

Each side of the PacketShaper case has three sets of screw holes (located in the front, middle, and rear) so that you can rack-mount the unit in any of these positions. The following illustration shows details for rack installation:

Rack Rack Air Flow Vents

Bracket
STATU S FAULT POWE R CONS OLE

Rear-Mounting Position Center-Mounting Position Front-Mounting Position

Bracket Mounting Screws

Bracket Screws

To rack-mount the PacketShaper: 1. 2. 3. Decide whether the unit will be mounted in the front, center, or rear position in the rack, and locate the corresponding set of screw holes on the sides of the Packeteer case. Attach one bracket to the left side of the unit and one bracket to the right side, as shown. Each bracket requires three bracket screws. Attach the PacketShaper to the rack with two mounting screws on the racks left side and two mounting screws on the racks right side, as shown.

When operating the unit in an equipment rack, ensure that: The ambient temperature around the unit (which may be higher than the room temperature) is within the limit specified for the unit There is sufficient airflow around the unit Electrical circuits are not overloaded consider the nameplate rating of all the connected equipment, and make sure you have over current protection. The equipment is properly grounded No objects are placed on top of the unit

PacketShaper Getting Started Guide

4-5

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

Connecting the PacketShaper 9500/10000 to the Network


This section covers two methods of hardware installation: Installing PacketShaper models 9500/10000 with RJ-45 Connectors (below). Connecting PacketShaper 9500/10000 models to a Fiber-Optic Network (page 48). Note: If you are deploying PacketShaper 9500/10000 units in a redundant configuration, see Chapter 6, Redundant Configurations for instructions and illustrations of supported topologies. If you are deploying a PacketShaper noninline, see Chapter 7, Non-Inline Deployment.

Installing PacketShaper models 9500/10000 with RJ-45 Connectors

You can use either a crossover or straight-through cable to connect a PacketShaper with RJ45 connectors to an Ethernet network. Which cable you use depends on what you are connecting directly to the unit. Follow these guidelines when connecting devices: Between PacketShaper 9500/10000 and a: router or GBIC connection on a router for 1000Base-T firewall server uplink ports hub switch or GBIC connection on a switch for 1000Base-T

Use this cable: crossover (orange)

crossover (orange) crossover (orange) crossover (orange) straight-through straight-through

Connecting a PacketShaper 9500/10000 Between a Router and Hub To connect to a router: 1. 2. On the router, disconnect the straight-through cable that goes to the switch or hub. Reconnect this cable to the units front panel port labeled INSIDE.

4-6

PacketShaper Getting Started Guide

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

3.

Connect the router to the OUTSIDE port, using the orange crossover cable.
WAN Router
INPUT 100-240 MAX 50-60Hz

WAN

PacketShaper 9500/10000
INSIDE
LINK Tx/Rx SPEED
INSIDE

OUTSIDE
LINK Tx/Rx SPEED
OUTSIDE

CONSOLE STATUS FAULT POWER

To hub

4.

Proceed to Turning on the PacketShaper 9500/10000 on page 4-13.

Connecting a PacketShaper 9500/10000 Between a Server and Hub To connect to a server: 1. 2. 3. 4. On the server, disconnect the straight-through cable connected to the switch or hub. Connect this cable to the units front panel port labeled OUTSIDE. Connect the orange crossover cable to the units port labeled INSIDE. Connect the other end of this cable to the server.
Server

PacketShaper 9500/10000
INSIDE
LINK Tx/Rx SPEED
INSIDE

OUTSIDE
LINK Tx/Rx SPEED
OUTSIDE

CONSOLE STATUS FAULT POWER

To hub

5.

Proceed to Turning on the PacketShaper 9500/10000 on page 4-13.

PacketShaper Getting Started Guide

4-7

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

Connecting PacketShaper 9500/ 10000 models to a Fiber-Optic Network

The fiber-optic PacketShaper 9500/10000 uses modular SFP transceivers, allowing the unit to be used in a wide variety of fiber-optic networks. SX transceivers are included with the 9500/10000; if you need LX transceivers, you can purchase one or more Single-Mode Transceiver Upgrade Kits. (Each kit contains a single SFP transceiver.) Inserting SFP Transceiver Modules If the transceivers are not already installed, follow these steps to insert the modules into the PacketShapers fiber-optic ports: 1. Remove the rubber protectors from the connectors on the transceivers.

2.

Pull down on the latch handle until the latch on each transceiver is open at a 90-degree angle.

Note: If your transceiver does not have a handle or latch similar to the one shown here, refer to the transceivers manufacturer for specific instructions.

4-8

PacketShaper Getting Started Guide

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

3.

Ensure that the transceivers are oriented as shown, then carefully insert them into their slots.

4.

Push up on the small latch on each transceiver until it clicks, to lock the transceiver into place.

Connecting a PacketShaper 9500/10000 Between a Router and a Switch To cable a fiber-optic PacketShaper 9500/10000 to a fiber-optic router and switch: 1.

On the router, disconnect the fiber-optic cable connected to the switch. Note: If your router has SC connectors, replace this cable with a LC-to-SC cable. Reconnect this cable to the units front panel port labeled INSIDE. Use the appropriate cable (either LC-to-LC or LC-to-SC) to connect the OUTSIDE port to the router.
WAN Router
INPUT 100-240 MAX 50-60Hz

2. 3.

WAN

PacketShaper 9500/10000
INSIDE
BYPASS CTRL

OUTSIDE
INSIDE

Link Tx/Rx
SX/LX

Link Tx/Rx
SX/LX

OUTSIDE

CONSOLE STATUS FAULT POWER

To switch

4.

Proceed to Turning on the PacketShaper 9500/10000 on page 4-13. Note: PacketShaper 9500/10000 units with fiber-optic connection do not have builtin bypass mode; if this unit fails, the network will be briefly disrupted while the unit reboots. If you require fiber bypass capability, use the Packeteer Fiber Bypass Switch. See Connecting a PacketShaper 9500/10000 to a Fiber Bypass Switch on page 4-10 for more information.

Connecting a PacketShaper 9500/10000 Between a Server and a Switch To connect PacketShaper 9500/10000 to a server and switch:

PacketShaper Getting Started Guide

4-9

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

1.

2. 3.

On the server, disconnect the fiber-optic cable connected to the switch. Note: If your server has SC connectors, replace this cable with a LC-to-SC cable. Connect this cable to the units front panel port labeled OUTSIDE. Use the appropriate cable (either LC-to-LC or LC-to-SC) to connect the INSIDE port to the server.
Server

PacketShaper 9500/10000
INSIDE
BYPASS CTRL

OUTSIDE
Link Tx/Rx
SX/LX
OUTSIDE

Link Tx/Rx
SX/LX

INSIDE

CONSOLE STATUS FAULT POWER

To switch

4.

Proceed to Turning on the PacketShaper 9500/10000 on page 4-13.

Connecting a PacketShaper 9500/10000 to a Fiber Bypass Switch You can add fiber failover bypass functionality to a PacketShaper 9500/10000 by installing the Packeteer Fiber Bypass Switch. This bypass switch has four duplex-LC fiber-optic connectors labeled Inside, Outside, To Packeteer Inside, and To Packeteer Outside as well as an RJ-45 port labeled Control.
To Packeteer Inside LC port To Packeteer Outside Outside LC port LC port

Inside LC port

Control RJ-45 port

To cable a fiber-optic PacketShaper 9500/10000 to a fiber-optic network using a Fiber Bypass Switch: 1. 2. On the router, disconnect the fiber-optic cable connected to the switch. Reconnect this cable to the Fiber Bypass Switch port labeled Inside.

4-10

PacketShaper Getting Started Guide

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

3.

Connect a two-meter long LC-to-LC or LC-to-SC cable from the bypass switchs Outside port to the router.
WAN Router
INPUT 100-240 MAX 50-60Hz

WAN

Inside LC port Fiber Bypass Switch

To Switch Outside LC port

4. 5.

Connect a one-meter LC-to-LC cable from the To Packeteer Inside port on the bypass switch to the units INSIDE port. Connect a one-meter LC-to-LC cable from the To Packeteer Outside port on the bypass switch to the units OUTSIDE port.
To Packeteer Inside LC port To Packeteer Outside LC port

Fiber Bypass Switch

To Switch To Router

PacketShaper 9500/10000

INSIDE
BYPASS CTRL

OUTSIDE
Link Tx/Rx
SX/LX
OUTSIDE

Link Tx/Rx
SX/LX

INSIDE

CONSOLE STATUS FAULT POWER

PacketShaper Getting Started Guide

4-11

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

6.

Connect a control cable between the RJ-11 port (labeled CONTROL) on the PacketShaper 9500/10000 to the RJ-45 port (labeled Control) on the bypass switch.
Fiber Bypass Switch

Control RJ-45 port

To Switch To Router

Bypass Control RJ-11 port

PacketShaper 9500/10000

INSIDE
CONTROL

OUTSIDE
Link Tx/Rx
SX/LX
OUTSIDE

Link Tx/Rx
SX/LX

INSIDE

CONSOLE STATUS FAULT POWER

4-12

PacketShaper Getting Started Guide

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

Turning on the PacketShaper 9500/10000


Your PacketShaper 9500/10000 has dual hot-swappable alternating power supplies. For information about removing power supply modules, see Field-Replaceable Components: PacketShaper 9500, 10000 on page E-1.

Powering On

Two power cables are included with your PacketShaper one for each power supply. The power switch is located on the back of the unit. 1. 2. Connect the power cords to the PacketShapers outlets in the back of the unit. Plug the other ends of the power cords into AC power. Be sure to connect the two power cords to outlets on separate circuit breakers. The PacketShaper should immediately turn on; if it doesnt, press the power switch on the back of the unit. 3. 10000 only: Press the power switch momentarily. (If you press the switch too long, it will not power up. If this happens, just press the switch again.)

Powering Off

To turn off the PacketShaper: 9500: Press the power switch, or disconnect both power cords. 10000: Hold down the power switch for about five seconds, until the unit powers off, or disconnect both power cords.

LCD Panel

An LCD on the front of the PacketShaper 9500/10000 indicates the operating state. The LCD graphically represents the traffic throughput for the units inside and outside interfaces. Every six seconds, the PacketShaper checks for conditions that may affect normal operations and then displays appropriate messages on the LCD. The following status information should be displayed sequentially on the PacketShaper LCD after power is connected: LCD Information Booting... Version: 8.0 PacketShaper State System Startup Initialization Description The PacketShaper initializes and displays the startup status on the LCD. Upon successful bootup, the software version is displayed for several seconds. The numbers represent the amount of inbound and outbound traffic in Mbps. The bar graphs represent the percentage of link speed consumed by the inbound and outbound traffic. To the right of the bar, a vertical line indicates the tensecond peak.

Operational Mode Throughput Graph alternates with message Not Configured

PacketShaper Getting Started Guide

4-13

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

4.

Check the following: Are both the transmit (Tx) and receive (Rx) LEDs flickering on the front panel of your PacketShaper? If they are, the cable is connected correctly. Does the LCD window have an error message? If so, see Problems? on page 414.

5.

Follow the directions in Chapter 5 to configure your software.

Problems?

Is there an error message in the LCD window? If so, check this chart for directions. PacketShaper Condition Incompatible LEM installed

Message Bad Upper LEM Bad Lower LEM

Description PacketShaper 10000 models are only compatible with newer-generation LEMs. If your 10000 model does not recognize the LEM, or you get one or both of the LCD error messages shown (opposite), you may have installed an older LEM2-1000M-T or LEM2-1000M-SX LAN Expansion Module into a Packeteer 10000 series. Check the packaging for the LEM and verify its serial number; PacketShaper 10000 models require a LEM2-1000M-T with a serial number greater than 006-10010001, or a LEM2-1000M-SX with a serial number greater than 007-10010001. If the LEM has a smaller serial number, remove the LEM from the unit and replace it with a Packeteer LEM with a compatible serial number.

? Bypass Mode

Bypass mode

When the unit is in bypass mode, the LCD no longer displays the bar graph. Bypass mode prevents both packet shaping and network management access. Contact Packeteer Support. Unable to detect link state of the inside interface. Check PacketShaper cabling. Unable to detect link state on both interfaces. Check PacketShaper cabling. L=Lower These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling.

Corrupt Config

Corrupt file Network connectivity problem Network connectivity problem Network connectivity problem

? In Link Down

? Links Down

L-InLink Down L-OutLink Down

4-14

PacketShaper Getting Started Guide

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

Message Measurement Only

PacketShaper Condition Unit not licensed to shape traffic

Description Indicates that the PacketShaper is configured only with the monitoring module. To shape, compress, or accelerate traffic, additional modules must be purchased. The site router is incorrectly configured or PacketWise cannot find it. Use the setup tab in the browser interface to configure a site router. This is expected, since you havent configured the system yet. The message will disappear after you run Guided Setup to set the PacketShapers IP address for your network. Unable to detect link state of the outside interface. Check PacketShaper cabling. Your PacketShaper has redundant power supplies. If one fails, the other one keeps the unit operational. Verify that both power supplies are connected to a power source. If this message occurs when both power supplies are connected to a power source, contact your reseller for service.

No Router Found

Network connectivity problem Factory-default IP address configured

Not Configured

? Out Link Down

Network connectivity problem Power supply problem

Power 1 Failed

Router Inside

Network connectivity problem Network connectivity problem Safe mode

The site router is incorrectly connected to the INSIDE port. See Connecting the PacketShaper 9500/10000 to the Network on page 4-6. A site router has not been configured. Use the setup tab to configure a site router. PacketWise reverts to safe mode after repeated system failures. For safe mode details, see the online PacketGuide. Shaping can be enabled by going to the setup tab in the browser interface. U=Upper These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling.

Router=0.0.0.0

Safe Mode

? Shaping Off
U-InLink Down U-OutLink Down

Shaping not enabled Network connectivity problem

PacketShaper Getting Started Guide

4-15

Chapter 4: Hardware Installation (PacketShaper 9500, 10000)

4-16

PacketShaper Getting Started Guide

CHAPTER 5: PACKETWISE SOFTWARE CONFIGURATION


Before You Begin
After you install the PacketShaper into your network, you need to configure the PacketWise software. The PacketWise web browser interface provides a Guided Setup that prompts you for all required settings and provides information to help you make configuration decisions. You can also run Guided Setup from a command line with a remote login utility (such as Telnet) or through a console connection.

Pre-Installation Checklist

Be sure that you have completed one of the Pre-Installation Checklists in Chapter 1; you will need this information during installation.

Using the Out-ofBand Management Port (1700/3500/7500 only)

PacketShaper models 1700, 3500, and 7500 have an out-of-band Ethernet management port (MGMT) that you can use to access and manage the unit via a web browser or a remote login utility. This port can be connected to the same network the PacketShaper is monitoring or to a different network (such as a management network). When the MGMT port is connected to a management network, you may want to enable the Dedicated Management Port option so that the unit cannot be accessed from other networks; this provides increased security. Enabling dedicated management port access will cause loss of remote connectivity to the unit through all other ports. When considering whether to enable the dedicated management port feature, bear in mind that certain Packeteer features will not function properly unless the network administrator provides outside hosts with a route to reach the PacketShaper through the management port. These features include, but are not limited to, the following: PolicyCenter Access Link Monitoring Frame Relay and ATM HP OpenView Flow Detail Records Adaptive response SNMP traps and polling from third-party applications Synthetic transactions Customer portal traffic (if the portal IP address is set to be the same as the management IP address)

To use the dedicated management port: 1. 2. Connect an Ethernet cable from the MGMT port to a router on your management network. Access the PacketShaper (described below) and run Guided Setup (see Configuring the PacketWise Software on page 5-6).

PacketShaper Getting Started Guide

5-1

Chapter 5: PacketWise Software Configuration

3.

Enable the dedicated management port: Click the setup tab. From the Choose Setup Page list, choose management port. The Management Port setup page appears. For Dedicated Management Port, choose on. Click apply changes. Note: Changing management port access may cause temporary loss of access to the PacketShaper through the management port.

Accessing the PacketShaper

There are three ways to access the PacketShaper and configure the PacketWise software: Through a web browser Through a remote login utility With a direct console connection

Accessing PacketWise Guided Setup With a Browser You should have a browser such as Netscape Navigator or Internet Explorer to configure this software. The settings can be accessed using the English versions of the following web browsers: 1. Netscape 7.1 or higher (Windows NT, 2000, or XP) Microsoft Internet Explorer v5.5 or higher (Windows NT, 2000, or XP) Set to accept cookies, the default setting for most web browsers. JavaScript enabled. Cache preference set to verify documents every time in the Netscape browser and every visit to the page in Internet Explorer. As you modify PacketWise configurations in the browser interface, the browser must update the page each time rather than displaying the data already stored in the cache. For optimal formatting of features such as graphs, reports, and data charts, set the screen resolution to 1024x768. To maximize the amount of data that can be viewed on the screen, you may want to adjust the font.

Be sure your web browser is configured as follows:

2.

Start your browser, then enter either the factory-set IP address 207.78.98.254 or the DNS name unconfigured.packetshaper.com in your browsers Address or Location box.

Note: Using the DNS name to access an unconfigured unit works only if a DNS server is configured on your network and your desktop computer is connected to the Packeteer units interface marked INSIDE.

Did you successfully access the PacketShaper? If so, the Guided Setup window appears, and you are ready to configure the software (see Configuring the PacketWise Software on page 5-6).

5-2

PacketShaper Getting Started Guide

Chapter 5: PacketWise Software Configuration

If you did not successfully access the PacketShaper, turn to Problems? on page 5-4. Accessing Guided Setup With a Remote Login Utility You are free to choose any remote login utility that is available for your operating system. For example, for clear text connections, you can use Telnet. For secure connections, you can choose any SSH client, such as SecureCRT for Windows or OpenSSH for UNIX operating systems. To access Guided Setup using the command-line interface: 1. Connect to unconfigured.packetshaper.com (or 207.78.98.254) at your login utilitys command line for example telnet 207.78.98.254 or ssh 207.78.98.254. The PacketShapers factory-installed IP address and password prompt appear. 2. Press Enter to bypass the password for now. You will set the password and new IP address later. When you successfully connect to Guided Setup, you will see a banner and prompt similar to the following:
PacketShaper v8.0 2006-06-06 Copyright (c) 1996-2006 Packeteer, Inc. All rights reserved. PacketShaper not yet configured. Do you wish to be guided through initial setup of PacketShaper? (yes):

3.

Press Enter.

Did you successfully access Guided Setup? If so, you can now complete the Guided Setup. Turn to page 5-6 and configure the software. If you did not successfully access Guided Setup, see Problems? on page 5-4. Accessing Guided Setup With a Console Connection If these remote-access methods do not work due to network or configuration issues, you can access the unit directly with a null-modem cable. This cable, included with the PacketShaper, offers both 9-pin and 25-pin connectors on each end. To access the command-line interface with a serial connection: 1. 2. 3. 4. Attach the null-modem cable to the serial port on your workstation or PC, using the connector that matches your serial port configuration (9-pin or 25-pin). Connect the 9-pin connector on the other end of the null-modem cable to the PacketShapers port labeled CONSOLE. Open a terminal emulation program (such as HyperTerminal). Verify that you have configured your program with the following values to communicate with the PacketShapers console serial port: 9600 bps, 8 data bits, 1 stop bit, no parity, hardware flow control If you are using a modem connected to the serial port, the modem must be set to: 9600 bps, 8 data bits, 1 stop bit, no parity, auto-answer (usually ATS0=1 in the

PacketShaper Getting Started Guide

5-3

Chapter 5: PacketWise Software Configuration

standard Hayes command set), and DTR always on (usually the command AT&D0 or a DIP-switch setting). Check the modem manual for details. 5. Power on the PacketShaper, if you have not already done so. If the unit was already turned on, you will need to press Enter several times to make the connection. The password prompt appears. For example:
PacketShaper (console) Password:

6.

Press Enter to bypass this prompt. You will configure passwords during setup. The PacketShaper prompt appears.

7.

Press Enter to start Guided Setup.

Did you successfully access Guided Setup? If so, turn to page 5-6 and configure the software. If you did not successfully access the PacketShaper, see Problems? below.

Problems? Whats wrong? Link light on front of unit is not lit and the Tx/Rx lights are not flickering. What might fix it: You may have used the wrong type of cable to connect the PacketShaper. See the chart on page 2-5. If you are using the correct type of cable, the cable itself may be bad. Try a different cable. Ethernet auto negotiation may be failing. Packeteer Ethernet settings can be configured manually with either the command line setup nic command or the Setup:Basic Setup page in the browser interface. Check the router, switch, and PacketShaper with the setup show CLI command. If they are set to auto-negotiate, reset at least one of them to another setting. For instructions on accessing the CLI, see Accessing Guided Setup With a Remote Login Utility on page 5-3. For details on the setup nic command, see the online PacketGuide. PacketShaper is blocking traffic. Turn off traffic shaping from the setup tab. If this corrects the problem, policies or partitions are configured incorrectly. Check the policies and partitions you have created. You may have used the wrong type of cable to connect the PacketShaper. See the chart on page 2-5. Telnet is not responding. Exit the Telnet session and start a new one. Make sure the PacketShaper is placed between the client and the default gateway. Are you sure the site router address you provided is correct? Is it a real IP address or just a virtual address? Cant access unit with a browser. Are you sure the site router address you provided is correct? Is it a real IP address or just a virtual address?

5-4

PacketShaper Getting Started Guide

Chapter 5: PacketWise Software Configuration

Whats wrong? The lights on front of unit are not illuminated or flickering.

What might fix it: Some PacketShapers have an on/off switch. Check the back of the unit and press the switch if there is one. Are your network interface card (NIC) settings correct? Check them with the setup show CLI command. PacketShaper Ethernet settings can be configured manually with either the command line setup nic command or the setup tab in the browser interface. For instructions on accessing the CLI, see Accessing Guided Setup With a Remote Login Utility on page 5-3. For details on the setup nic command, see the online PacketGuide. You may have a bad NIC card in your PacketShaper; call support for further instructions.

Configuring Multiple PacketShapers

If you want to configure another PacketShaper, you need to open a new browser window. If you reload the current window, the browser remembers the connection to the first unit and displays the login window instead of the Guided Setup window.

PacketShaper Getting Started Guide

5-5

Chapter 5: PacketWise Software Configuration

Configuring the PacketWise Software


Running Guided Setup Once you have accessed the PacketShaper, you are ready to configure the settings. This process is called Guided Setup. A screen similar to the one below should be displayed in your browser:

1.

Select local or shared mode. Shared mode is used to configure multiple PacketShapers with the PolicyCenter software. If you are not using PolicyCenter, or if you want to configure the unit independently of other units, choose local mode.

2.

Answer the questions as they are asked, using the information from the PreInstallation Checklist for Local Mode on page 1-12 or Pre-Installation Checklist for Shared Mode on page 1-17. When you are finished, click Commit All Settings. A dialog box notifies you that your configuration will be saved to your unit.

3.

Logging In

After you complete Guided Setup, the login window appears. 1. 2. 3. Enter the password (if any) that you just provided during Guided Setup. If a secure connection is desired, select the Secure Login checkbox. Click login.

When you successfully log in using a browser, the PacketWise software appears in your browser window. The info tab, shown below, is displayed initially.

5-6

PacketShaper Getting Started Guide

Chapter 5: PacketWise Software Configuration

Checking the LCD Panel

When the PacketShaper is operating, the LCD panel (if your model includes one) shows traffic passing through it.

Note: When the PacketShaper is in bypass mode, the traffic throughput display is not available. For details on bypass mode, see Failover Bypass on page 2-1, page 3-1, or page 4-1.

Problems? Whats wrong? Both the inbound and outbound values shown in the LCD are zero. What might fix it: Traffic is not flowing through the PacketShaper. First be sure there is actually traffic on the network. Then, access the PacketShaper and check the setup tab to make sure the IP addresses are correct for both devices that the unit is connected to (the site router IP address for example). Traffic passing through the PacketShaper is asymmetric. Access the Packeteer unit and check the setup tab to make sure the IP addresses are correct for both devices that the unit is connected to (the site router, for example). Traffic Discovery may not be turned on. Access the PacketShaper and check the setup tab to make sure Traffic Discovery is set to on. Your browser may not be set to reread the HTML page source every time as required by PacketWise. See Accessing PacketWise Guided Setup With a Browser on page 5-2.

Either the inbound or the outbound value in the LCD is zero. The LCD readout shows traffic but the traffic tree is empty.

PacketShaper Getting Started Guide

5-7

Chapter 5: PacketWise Software Configuration

Whats wrong? Traffic discovery is not collecting information the way I expected it to do.

What might fix it: Its possible that you accidentally connected the PacketShaper backwards that is, with the cable for inbound in the OUTSIDE connector and vice versa. If you set up your cables this way, your router must have been set to none (or you would have gotten the error Router Inside in your LCD window when you initially set up the unit). To find out if your cables are switched, specify a router in the setup tab. If you then get the error message Router Inside, your cables are connected incorrectly. Switch your cables. Is shaping turned on? If so, turn it off. Does this help network performance? If so, one of the policies or partitions needs to be reconfigured. Turn the PacketShaper off (or unplug it). Does this solve the problem? If so, the unit is probably not placed in a good location on the network. For example, it could be overwhelmed with traffic at the central server. Are you sure the default gateway address you provided is correct? Is it a real IP address or just a virtual address?

The network (even the LAN) slowed way down after I installed the PacketShaper.

Cant access unit via Telnet or a web browser. The PacketShaper failed and no network traffic is going beyond it.

If the NIC link settings are set to full duplex for one port and half duplex for the other (to accommodate connected equipment), the PacketShaper copes with it. When the unit fails or is off, the bypass switch cant work because of the different duplex settings. Inbound and outbound link rates are probably set too high. Check the setup tab to be sure rates match the router rate.

Router is swamped.

5-8

PacketShaper Getting Started Guide

Chapter 5: PacketWise Software Configuration

Changing Settings after Installation


Accessing the PacketShaper In your web browser, access the PacketWise software with the IP address or domain name you configured in Guided Setup.

Changing the Configuration

To change the configuration: 1. 2. Click the setup tab in the PacketWise browser interface. In the Setup window, verify or modify configuration details. Note that there is more than one setup page; change pages using the Choose Setup Page drop-down menu at the top of the screen.

3.

Click apply changes to update the settings with any changes you made.

PacketShaper Getting Started Guide

5-9

Chapter 5: PacketWise Software Configuration

Forgot Your Password?

If you forget the touch password, you can use the password recovery method to access the unit and then reset the password. To ensure that security is not compromised, this feature works only when you are directly connected to the units CONSOLE port. 1. 2. 3. Connect the null-modem cable (included with your unit) from the units CONSOLE port to the serial port on your PC or workstation. Open a terminal emulation program (such as HyperTerminal). Verify that you have configured the program with the following values to communicate with the units CONSOLE serial port: 9600 bps, 8 data bits, 1 stop bit, no parity, hardware flow control If you are using a modem connected to the serial port, the modem must be set to: 9600 bps, 8 data bits, 1 stop bit, no parity, auto-answer (usually ATS0=1 in the standard Hayes command set), and DTR always on (usually the command AT&D0 or a DIP-switch setting). Check the modem manual for details. 4. 5. 6. Power cycle the PacketShaper. If your unit doesnt have a power switch, unplug the power cord and then plug it back in. When prompted for the password, type touchpwd= within thirty seconds, and press Enter. You will then be prompted for a new password. Enter a new password.

5-10

PacketShaper Getting Started Guide

CHAPTER 6: REDUNDANT CONFIGURATIONS

High Availability

In a general sense, high availability is a network topology feature that ensures mission critical applications are available 100% of the time. This goal is typically accomplished by having multiple access routers with multiple WAN interfaces. PacketShapers can sit in these redundant router topologies and perform their traffic management responsibilities, without disrupting the existing high availability configuration. As part of the high availability solution, you can install PacketShapers in redundant network paths to provide PacketShaper redundancy in case one of the units fails. This capability is called direct standby. It is described more fully below. Another part of the solution is access-link monitoring. This feature allows the PacketShaper to automatically adjust Inbound and Outbound partition sizes as WAN links go down and back up. In addition, this feature can help prevent link overload that may occur when a loadbalancing scheme is less than perfect. Configuration of access-link monitoring is outside the scope of the Getting Started Guide; however, it is described in detail in the online PacketGuide.

Standby Modes

PacketWise offers two modes to provide PacketShaper redundancy. Direct standby allows two PacketShapers to work in a redundant network topology, with each unit connected to a different router. The other mode, hot standby, allows PacketShapers to act as a redundant pair connected to the same router. The remainder of this chapter describes how to configure PacketShapers for direct standby; for further information on hot standby, see PacketGuide. Note: In order to use standby, you must modify each standby unit to inhibit the normal failover bypass function of a disabled or powered-down PacketShaper. See Disabling Bypass Relays (3500, 7500) on page 6-4, Disabling Bypass Relays (2500, 6500) on page 6-6, or Disabling Bypass Relays (9500, 10000) on page 6-8.

Direct Standby

The direct standby function allows two PacketShapers to work in a redundant network topology, with each unit connected to a different router. The two units are directly connected to each other, through the OUTSIDE port on a LAN Expansion Module (LEM). Both units are considered active and each unit can receive and forward traffic. To ensure that both units accumulate the same traffic tree and measurement data, each PacketShaper processes the packets received by the other unit. When a unit directly receives traffic, it will copy that traffic and transmit it to the other unit. The other unit will classify the traffic, just

PacketShaper Getting Started Guide

6-1

Chapter 6: Redundant Configurations

as if it had received it directly, but it will never forward the traffic onto the LAN. As a result, each unit is ready at any time to take over full PacketShaper responsibility should the other unit fail.

clients

WAN

Live data path Direct connection

PacketShapers routers switches servers

The direct standby feature can operate in a redundant topology that is set up to do load balancing (in other words, traffic flows through both paths) or one that is set up as a backup in case of component failure (traffic flows through one path). When using the direct standby feature in a load-sharing topology, set the link speed to the sum of both WAN links. Because each unit receives copied packets from its partner, the overall Inbound and Outbound partition sizes must be able to support that level of extra traffic.

Note: In this situation, you may want to use the access-link monitoring feature (advanced mode) to monitor the routers WAN interfaces and avoid oversubscribing the WAN bandwidth. See PacketGuide for details.

The direct standby feature also works well in a topology in which inbound traffic goes through one path and outbound traffic goes through the other. Without the direct connection, PacketWise would classify these flows as asymmetric and would be unable to manage application traffic or take advantage of Packeteers TCP Rate Control, a technology that smooths bursty traffic. With the direct standby feature, each PacketShaper is able to see both inbound and outbound traffic and manage the traffic appropriately. Feature Requirements and Limitations The direct standby feature has the following requirements and limitations: The following Packeteer features cannot be used in conjunction with the direct standby feature: Frame Relay and ATM. The direct standby feature cannot be used on PacketShapers running enhanced or migration mode compression; it can be used on PacketShapers running legacy compression. The two units must be directly connected using the OUTSIDE ports on the uppermost or right-most LEM. In other words, if the PacketShaper has two LEMs installed, the upper or right LEM must be used for the direct connection. This LEM cannot be configured for compression. When legacy compression and direct standby are both enabled, Packeteer recommends that automatic reprobe mode be used on Xpress units at all branch offices. Use the setup compression reprobe auto CLI command to enable automatic reprobe mode. Both units must be running the same version of PacketWise and have the same plug-ins installed.

6-2

PacketShaper Getting Started Guide

Chapter 6: Redundant Configurations

Both units must have the same configuration limits. For example, both units must be 256-class PacketShaper 2500s. You should not mix units with different capacities since the units will be passing the same traffic and require identical configurations. Both units must have identical hardware configuration: the same PacketShaper model, link speed, installed memory, number of LEMs installed, and type of LEMs (fiber optic vs. copper Ethernet). If there is any difference in the two partner units, the direct standby feature will not function optimally. The two units must be configured with the same touch password. A customer portal IP address should not be configured. The bypass relays in the PacketShaper and all LEMs must be disabled. See Modifying a PacketShaper for Direct Standby on page 6-4. Note: Since PacketShapers with fiber-optic connectors dont have bypass jumpers, they do not need to be modified. The Packeteer Fiber Bypass Switch should not be deployed in direct standby mode.

Because the bypass relays have been disabled, PacketShapers should not be powered off when they sit in a redundant configuration doing so will cause loss of connectivity on that link and all traffic will be routed to the other path. The direct link connection between the two PacketShapers must be equal to or greater in speed than each of the WAN links. This requirement ensures that each unit receives copies from the other unit fast enough to prevent out-of-order packets. The following types of packets are not copied over the direct connection: broadcast/multicast/unicast packets, attack packets, and IPComp control packets (when using legacy compression). Link state mirroring is automatically enabled when direct standby is enabled if the redundant management link is connected. (With link state mirroring, PacketWise will bring down the second port of a NIC pair if the first goes down.)

PacketShaper Getting Started Guide

6-3

Chapter 6: Redundant Configurations

Modifying a PacketShaper for Direct Standby


To implement direct standby operation, you must modify the motherboard to disable the normal bypass relay function of a powered-down PacketShaper. In a typical installation, if a unit fails or loses power, relays close to allow user traffic to pass unhindered between the two ports. As a component of a redundant configuration, however, a powered-down PacketShaper needs to be a point of failure in the network. Therefore, disabling the bypass functionality ensures that an out-of-service, failed, or powered-down unit does not pass traffic. For instructions on disabling bypass relays, see the appropriate section for your model: Disabling Bypass Relays (3500, 7500) on page 6-4 Disabling Bypass Relays (2500, 6500) on page 6-6 Disabling Bypass Relays (9500, 10000) on page 6-8. Note that PacketShapers with fiber-optic connectors do not need to be modified, and the Packeteer Fiber Bypass Switch should not be deployed. Note: Because the PacketShaper models 1200, 1550, and 1700 dont have expansion slots and cant accommodate a LAN Expansion Module, you will not be able to use the direct standby feature on these models.

Disabling Bypass Relays (3500, 7500)

To disable the bypass relays: 1. Disconnect the system from any telecommunication links, networks, or modems, and then turn off the system power source. WARNING: Failure to disconnect these cables before you open the unit can result in personal injury or equipment damage.

2. 3.

Unplug the power cords. Ground yourself. WARNING: Electrostatic discharge (ESD) can damage system components. If an ESD station is not available, wear a wrist strap attached to a metal part of the unit. If you dont have a strap, touch some metal part of the case to ground yourself.

4. 5.

If they are present, remove the rackmount ears. In order to remove the top cover, the LEM cover must be removed: Using a Phillips-head screwdriver, remove the two screws on the side.

6-4

PacketShaper Getting Started Guide

Chapter 6: Redundant Configurations

Lift up the hinged cover and remove.

6.

Remove the screws that attach the top cover to the chassis:

7.

Slide the cover toward the back of the unit as shown below, and then lift the cover up to remove.

PacketShaper Getting Started Guide

6-5

Chapter 6: Redundant Configurations

8.

Remove all nine jumpers from the motherboard. These jumpers are located just behind the INSIDE RJ-45 connector, between two relays, as shown in the following illustration.

Jumpers

9.

Note: Retain the jumpers in case the unit is later used in a non-standby application. If this unit has RJ-45 connector LEMs installed in either of the two slots, you must remove the jumpers from these cards. Note that fiber-optic LEMs should NOT be connected to a Fiber Bypass Switch when using direct standby.

10. Set the cover on top of the chassis and slide the cover forward, toward the front of the unit. As you slide the cover into the chassis, make sure the lip on the cover fits into the slot on the chassis. 11. Replace the LEM cover and all screws. 12. Repeat the above steps for the other standby unit. 13. Proceed to Connecting to a Redundant Router Topology on page 6-12.

Disabling Bypass Relays (2500, 6500)

To disable the bypass relays: 1. Disconnect the system from any telecommunication links, networks, or modems, and then turn off the system power source. WARNING: Failure to disconnect these cables before you open the unit can result in personal injury or equipment damage.

2. 3.

Unplug the power cords. Ground yourself. WARNING: Electrostatic discharge (ESD) can damage system components. If an ESD station is not available, wear a wrist strap attached to a metal part of the unit. If you dont have a strap, touch some metal part of the case to ground yourself.

4. 5.

If they are present, remove the rackmount ears. Remove the three cover screws. One screw is located next to the power supply receptacles at the back of the unit.

6-6

PacketShaper Getting Started Guide

Chapter 6: Redundant Configurations

6.

Two screws are located on the bottom of the unit, near the back panel.

Remove the cover.

7.

Remove five jumpers from the motherboard. These jumpers are located just behind the INSIDE RJ-45 connector, between two relays, as shown in the following illustration.

LINK Tx /R 10 x 0

INS IDE

LINK Tx LINK Tx /R 10 x 0
INS IDE

/R 10 x 0

OU TS IDE

LINK Tx

/R 10 x 0

OU TS IDE

Jumpers

LIN K Tx /R 10 x 0

LIN K Tx /R 10 x 0

PacketShaper Getting Started Guide

6-7

Chapter 6: Redundant Configurations

8.

Note: Retain the jumpers in case the unit is later used in a non-standby application. If this unit has RJ-45 connector LEMs installed in either of the two slots, you must remove the jumpers from these cards. Refer to the LAN Expansion Module documentation for instructions. Note that fiber-optic LEMs should NOT be connected to a Fiber Bypass Switch when using direct standby. Replace the cover and screws.

9.

10. Repeat the above steps for the other standby unit. 11. Proceed to Connecting to a Redundant Router Topology on page 6-12.

Disabling Bypass Relays (9500, 10000)

Note: If your PacketShaper has fiber-optic connectors, you can skip this section the unit doesnt have bypass jumpers. However, you will have to remove bypass jumpers from any RJ-45 connector LEMs. See the LAN Expansion Module documentation for instructions.

To disable the bypass relays on PacketShapers with RJ-45 connectors: 1. Disconnect the PacketShaper from any telecommunication links, networks, or modems, and then turn off the system power source. WARNING: Failure to disconnect these cables before you open the unit can result in personal injury or equipment damage.

2. 3.

Unplug the power cords. Ground yourself. WARNING: Electrostatic discharge (ESD) can damage system components. If an ESD station is not available, wear a wrist strap attached to a metal part of the unit. If you dont have a strap, touch some metal part of the case to ground yourself.

4. 5.

If they are present, remove the rackmount ears. Remove screws and side door as shown.

6-8

PacketShaper Getting Started Guide

Chapter 6: Redundant Configurations

6.

Remove the screws from the top cover.


PacketShaper 9500

PacketShaper 10000

7.

Remove the top cover: 9500: Lift the cover straight up. 10000: Slide the cover toward the back of the unit as shown below, and then lift the cover up to remove.

PacketShaper Getting Started Guide

6-9

Chapter 6: Redundant Configurations

8.

Remove nine jumpers from the built-in Ethernet card. These jumpers are located just behind the INSIDE RJ-45 connector, between two relays, as shown in the following illustration.

LIN K Tx /R x

9.

Note: Retain the jumpers in case the unit is later used in a non-standby application. If any RJ-45 connector LAN Expansion Modules have been added to the two available slots, you must also remove the jumpers from those cards. For details, see the LEM manual. Note that fiber-optic LEMs should NOT be connected to a Fiber Bypass Switch when using direct standby.

6-10

PacketShaper Getting Started Guide

Chapter 6: Redundant Configurations

10. Replace the top cover: 9500: Set the cover on top. 10000: Angle the cover as shown below. As you slide the cover into the case, make sure the lip on the cover fits into the slot on the case.

Lower the cover so that its resting on top of the case. Slide the cover towards the back of the unit so that the cover overhangs approximately 3/8 inch (1 cm); when you hear a click as the rear lip drops below the rear slot, slide the cover forward. 11. Replace the screws. 12. Replace the side door and screws. 13. Repeat the above steps for the other standby unit. 14. Proceed to Connecting to a Redundant Router Topology on page 6-12.

PacketShaper Getting Started Guide

6-11

Chapter 6: Redundant Configurations

Connecting to a Redundant Router Topology


PacketShapers can be placed into a variety of redundant topologies those with redundant routers, redundant switches, two data paths, two LANs, and/or redundant firewalls. For the PacketShapers to function in these topologies, connect each unit into each redundant network path and directly connect the two units, as shown in the illustration below. When a unit directly receives traffic, it will copy that traffic and transmit it to the other unit, through the direct connection. The other unit will classify the traffic and maintain historical measurement data, just as if it had received it directly, but it does not forward the traffic onto the LAN.

Legend:
I O I O I O I O

I O

Live data path Direct Connection Router Switch Inside Outside

The illustration above is an example of one of four supported redundant topologies. The complete set of supported topologies appears later in this section. You directly connect PacketShapers via a LEM. If two LEMs are present, you must use the upper-most or right-most LEM for the direct connection between PacketShapers. More detail on the direct connection appears below. When you connect a PacketShaper in a redundant topology, you can access and manage the unit from any of the LAN-connected ports. If desired, the INSIDE port on the directstandby LEM can be connected to a management network. Note, however, that when this port is connected, it becomes the exclusive management port for the unit; you will not be able to access the unit from the other ports. On PacketShaper 3500 and 7500 models, you can connect to a management network via the MGMT port. This connection would provide a secondary way to access the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only. If both the MGMT port and the INSIDE port on the direct standby LEM are connected, the MGMT port takes precedence.

6-12

PacketShaper Getting Started Guide

Chapter 6: Redundant Configurations

Connecting PacketShapers into a Redundant Network Refer to the topology diagrams on the following pages as you follow these basic connection instructions: 1. Make sure you have disabled the bypass relays. See Disabling Bypass Relays (3500, 7500) on page 6-4, Disabling Bypass Relays (2500, 6500) on page 6-6, or Disabling Bypass Relays (9500, 10000) on page 6-8. On the router, disconnect the straight-through cable that goes to the switch. Reconnect this cable to the PacketShapers built-in port labeled INSIDE. Connect the built-in OUTSIDE port to the router, using the orange crossover cable. Repeat the above steps for the other router/switch. To directly connect the two PacketShapers, connect a crossover cable between the OUTSIDE LEM port on each unit. If a unit has two LEM cards installed, you must use the upper or right LEM. Proceed to Turning on the PacketShaper on page 2-7 (models 1550/2500/6500), Turning on the PacketShaper on page 3-8 (models 1700/3500/7500 models), or Turning on the PacketShaper 9500/10000 on page 4-13 (models 9500/10000).

2. 3. 4. 5. 6.

7.

PacketShaper Getting Started Guide

6-13

Chapter 6: Redundant Configurations

Topology 1 Before PacketShaper

With PacketShaper 3500, 7500

Legend: Live data path Direct Connection Alternate Management Link Router Switch Inside Outside

I O

I O

I O

I O

I O

Mgmt. Network

This basic redundant router topology uses a single LEM to connect the redundant PacketShapers. On PacketShaper 3500 and 7500 units (shown above), the MGMT port can be connected to a management network to provide an alternate way to manage the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only.

6-14

PacketShaper Getting Started Guide

Chapter 6: Redundant Configurations

With PacketShaper 4500, 6500, 8500, 9500, 10000

Legend: Live data path Direct Connection Router Switch Inside Outside

I O

I O

I O

I O

I O

This basic redundant router topology uses a single LEM to connect the redundant PacketShapers.

PacketShaper Getting Started Guide

6-15

Chapter 6: Redundant Configurations

Topology 2 Before PacketShaper

With PacketShaper 3500, 7500

I O

I O

I O

I O

Mgmt. Network

This topology requires two LEMs. The left LEM is for the redundant data path and the right LEM is used to connect the PacketShapers directly. On PacketShaper 3500 and 7500 units (shown above), the MGMT port can be connected to a management network to provide an alternate way to manage the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only.

Legend: Live data path Direct Connection Alternate Management Link Router Switch Inside Outside

I O

6-16

PacketShaper Getting Started Guide

Chapter 6: Redundant Configurations

Topology 2 contd With PacketShaper 4500, 6500, 8500, 9500, 10000

I O I O I O

I O

Legend: Live data path Direct Connection Router Switch Inside Outside

I O

This topology requires two LEMs. The lower LEM is for the redundant data path and the upper LEM is used to connect the PacketShapers directly.

PacketShaper Getting Started Guide

6-17

Chapter 6: Redundant Configurations

Topology 3 Before PacketShaper

With PacketShaper 3500, 7500

Legend:
I O I O

I O

I O

I O

Live data path Direct Connection Alternate Management Link Router Switch Firewall Inside Outside

Mgmt. Network

The firewall shown in this topology can actually be any generic device that sits in this position. A single LEM is needed to connect the redundant PacketShapers. On PacketShaper 3500 and 7500 units (shown above), the MGMT port can be connected to a management network to provide an alternate way to manage the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only.

6-18

PacketShaper Getting Started Guide

Chapter 6: Redundant Configurations

Topology 3 contd With PacketShaper 4500, 6500, 8500, 9500, 10000

Legend:
I O I O I O I O

I O

Live data path Direct Connection Router Switch Firewall Inside Outside

The firewall shown in this topology can actually be any generic device that sits in this position. A single LEM is needed to connect the redundant PacketShapers.

PacketShaper Getting Started Guide

6-19

Chapter 6: Redundant Configurations

Topology 4 Before PacketShaper

With PacketShaper 3500, 7500

I O

I O

I O

I O

Mgmt. Network

In this topology, there are routers on each side of each PacketShaper. On PacketShaper 3500 and 7500 units (shown above), the MGMT port can be connected to a management network to provide an alternate way to manage the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only.

Legend: Live data path Direct Connection Alternate Management Link Router Switch Inside Outside

I O

6-20

PacketShaper Getting Started Guide

Chapter 6: Redundant Configurations

Topology 4 contd With PacketShaper 4500, 6500, 8500, 9500, 10000

I O I O I O

I O

Legend: Live data path Direct Connection Router Switch Inside Outside

I O

In this topology, there are routers on each side of each PacketShaper.

PacketShaper Getting Started Guide

6-21

Chapter 6: Redundant Configurations

Setting Up Direct Standby


Before you can configure a pair of PacketShapers for direct standby, make sure you have taken the following steps: Removed jumpers from each units motherboard and from all LEMs; see Modifying a PacketShaper for Direct Standby on page 6-4. Connected the two PacketShapers into your redundant network. See Connecting to a Redundant Router Topology on page 6-12.

Configuring Units to Have Similar Traffic Trees

The two PacketShapers must have similar traffic trees so that flows will be classified and controlled identically, and the same measurement data will be collected on each unit. Youll want to make sure each unit has the same traffic classes, policies, partitions, and settings. Packeteer offers several ways you can configure units with the same settings. Save and Load Configurations With this technique, you configure one of the standby units, save its configuration, and then load the configuration on the other standby unit. 1. 2. 3. 4. 5. Set up one unit with the desired classes, policies, partitions, events, agents, and other settings. (See Chapter 8, PacketShaper Quick Start) Save the configuration with the config save CLI command. This creates a file with a .ldi extension. Use PacketWises File Browser to copy the .ldi file to a PC or network drive. Log into the other standby unit and use the File Browser to upload the .ldi file. Load the configuration with the config load CLI command.

If you need more detail on any of the above steps, refer to PacketGuide. Use PolicyCenter PolicyCenter is a Packeteer software package that centralizes management and propagates configuration changes to multiple PacketShapers. You can use PolicyCenter to distribute traffic configurations between direct standby units.


2. 3. 1.

Note: PolicyCenter is a separate product, not included with the PacketShaper.

Enabling Direct Standby

To configure units for direct standby: For each standby unit, configure the IP address and all other parameters. Note: The two units must be configured with the same touch password. Open a browser window, enter the IP address of one of the PacketShapers, and log in. Click the setup tab. On the Choose Setup Page list, choose standby. The Standby Configuration screen appears. For the Type, select Direct. Click apply changes. Repeat the above steps to enable direct standby on the other unit.

4. 5. 6. 7.

6-22

PacketShaper Getting Started Guide

Chapter 6: Redundant Configurations

8.

To check the standby status, go to the Standby Configuration setup page. You should see the message Standby/Direct is active with partner. Check the table below if you see a different status message. Status Message Description The unit is unable to establish communication with another PacketShaper. Make sure the units are directly cabled though the OUTSIDE port on the upper-most or right-most LEM. When two PacketShapers are directly connected, traffic is running, and then the direct standby feature is disabled on one of the partner units, the copied packets coming through the direct link between the units are leaking onto the LAN causing the receiving unit to see duplicate packets. Note that this situation happens only for a short time period because the unit sending the copied packets would stop sending packets immediately upon realizing that its partner is down.

Standby/Direct has not found a partner.

Standby/Direct disabled (connected to site LAN).

Disabling Direct Standby

To disable the direct standby feature, choose None on the Standby Configuration setup page. Note: You must also replace the jumpers removed from the motherboard and all LEMs. If you fail to re-install the jumpers, the PacketShaper will not bypass traffic when it is powered down or in a failed state. In a non-standby configuration, all WAN traffic would be blocked.

PacketShaper Getting Started Guide

6-23

Chapter 6: Redundant Configurations

6-24

PacketShaper Getting Started Guide

CHAPTER 7: NON-INLINE DEPLOYMENT


Overview
Watch Mode This chapter describes how to install PacketShapers into a network when your situation requires that the unit monitor the traffic non-inline, in other words, when you dont want the unit to be cabled into the main data path. This type of deployment is sometimes required for data centers that have restrictions on the introduction of inline elements into the network. This Packeteer feature is called watch mode and works with all PacketShaper models except for the PacketShaper 1200. When a unit is in watch mode, it passively monitors the traffic on your network and performs all the traffic classification and reporting tasks that PacketShapers typically do: identify your network traffic, measure response times, track bandwidth utilization, notify you of conditions of interest, and report on the performance of your applications and network. Consistent with its role as a passive watcher, a PacketShaper in watch mode will not perform traffic shaping or compression; any existing policies and partitions will be ignored. Note: Because a PacketShaper in watch mode cannot perform traffic shaping, this feature is more often used on units configured only with the monitoring module.

The watch mode feature offers functionality similar to a network probe, but the PacketShaper can classify and record measurement data by application (layer 7), not just by port. For example, suppose youre investigating slow SAP performance. A probe might give you packet rates for one of the hosts using SAP, but doesnt tell you which portion is SAP traffic. The PacketShaper gives you usage rates for SAP traffic for all hosts or specific hosts. PacketShapers in watch mode have the following capabilities: Compatible with SPAN ports, mirrored switch ports, and hubs connecting multiple routers Monitor traffic to/from up to 256 WAN routers Receive traffic from up to three network segments (if LAN Expansion Modules are installed) Manageable from a separate network than the one being monitored

Non-Inline Deployment Requirements and Limitations Packeteers non-inline deployment has the following requirements and limitations: Packeteer has tested and certified watch mode compatibility with the Cisco Catalyst 4000/5000 series and the Dell PowerConnect 5212. Packeteer has tested and certified tap compatibility with the following NetOptics taps: 10/100 Ethernet, Gigabit 1000BaseTX, and fiber-optic splitter. See Connecting to a Network Tap on page 7-9. Packeteers watch mode and direct standby features cannot be used together.

PacketShaper Getting Started Guide

7-1

Chapter 7: Non-Inline Deployment

Watch mode can be enabled in legacy tunnel mode, but not in migration or enhanced mode. Device classification cannot be used in watch mode. Because PacketWise performs classification by device (LEM) when a packet exits the PacketShaper, and watch mode drops all packets, the packets do not exit on any interface and thus cannot be classified by interface. If you are using watch mode and want to classify and/or control traffic by device, you can create classes based on the MAC address of the watch mode routers. VoIP latency cannot be measured by a PacketShaper in watch mode.

Compression Estimator Mode

Another useful application of watch mode is to evaluate Packeteers Xpress compression feature, using a single PacketShaper. When a PacketShaper is deployed non-inline with compression and watch mode enabled, PacketWise will estimate the amount of compression that would have occurred on outbound data if the unit had been deployed inline. All the compression statistics, graphs, and reports are accessible and reflect an estimation of compression benefits. To come up with these estimates, Xpress does not compress the live data; it compresses the packets that were copied to the unit and then drops the compressed data. Packeteers Compression Estimator provides you with a simple way to project compression gains from PacketShapers compression module with a single unit evaluation. Deployed using mirrored switch ports, taps, or SPAN ports, Compression Estimator allows a PacketShaper to monitor traffic and estimate the bytes saved for different application traffic types and produce overall compression savings estimation for the entire link. See Configuring the Compression Estimator on page 7-10. Compression Estimator Limitations Compression Estimator mode has the following limitations: Works on outbound traffic only. An outbound data center traffic installation represents a good proxy for traffic mixes. Due to the asymmetric nature of traffic, the majority of traffic is served outbound from data center servers and represents a suitable proxy for overall network traffic. Works only in legacy tunnel mode, but not in migration or enhanced mode. Offers statistics on byte savings and bandwidth increases, but doesnt provide differences in response times. (An inline deployment of a PacketShaper with the compression module offers this capability.) Is not applicable where existing PacketShapers are deployed inline. This mode is targeted for new customers. Existing customers with inline deployments can enable compression evaluation keys on two PacketShapers to enable a real-world test.

7-2

PacketShaper Getting Started Guide

Chapter 7: Non-Inline Deployment

Connecting Non-Inline Units to the Network


Overview In watch mode, a PacketShaper will monitor network traffic connected to any of its OUTSIDE ports (built-in or on LEMs). For accessing and managing the unit itself, you can use an INSIDE port, or on the PacketShaper 1700, 3500, and 7500, you can use the builtin MGMT port. If an INSIDE or MGMT port isnt connected to a network, the OUTSIDE port can be used for management. If more than one INSIDE port is connected, only one will be active and pass traffic; the other connected ports will provide redundant management access. The PacketShaper decides which port to use for management access according to the following order: MGMT (if available), built-in INSIDE, upper/right LEM INSIDE, lower/left LEM INSIDE. Note: If the Dedicated Management Port feature is enabled on a PacketShaper 1700, 3500, or 7500, you will only be able to access the unit through the MGMT port; you cannot manage via any other port.

Watch mode is supported in a variety of network configurations. The supported topologies are illustrated and described in the following pages. Use this legend when referring to the topologies on the following pages.
Legend: Router Switch Hub Management Link Inside Outside

I O

If a PacketShaper is connected to a switch, it should be connected to a SPAN (Switched Port Analyzer) port so that it can monitor the WAN traffic. To monitor traffic sent by the switch to the router, copy the bidirectional traffic on the switchs router port to the SPAN port so that it can be received and monitored by the PacketShaper.

Note: Do not actually make the connections shown in the following topologies until you have read Configuring PacketWise Software on page 7-7.

Topology 1

In this topology, a hub is connected to the OUTSIDE port on the PacketShaper and nothing is connected to the INSIDE port. The unit will be accessed and managed from the same LAN that is being monitored.

I O

PacketShaper Getting Started Guide

7-3

Chapter 7: Non-Inline Deployment

Topology 2

In this topology, the PacketShaper monitors network traffic via a connection between its OUTSIDE port and a switchs SPAN port. The INSIDE port, which is connected to the switch, is used for PacketShaper access and management. Traffic received on the management port is not classified or measured.

I O
SPAN port

Topology 3

This topology is similar to Topology 2 in that the PacketShapers OUTSIDE port is connected to a switchs SPAN port. In Topology 3, however, you can access the PacketShaper from a PC on another LAN. On a PacketShaper 1700, 3500, or 7500, you can use the MGMT port to manage the unit from another LAN.

IO
SPAN port Management port

On other PacketShaper models, you can manage the unit from an INSIDE port on a LEM. Traffic received on the LEM management port is not classified or measured.

Management port

I O I O
SPAN port

7-4

PacketShaper Getting Started Guide

Chapter 7: Non-Inline Deployment

Topology 4

In this topology, the PacketShaper monitors traffic on up to three different LAN segments. This is achieved by using two LEMs. The built-in OUTSIDE port is connected to a switch or hub on one LAN and the OUTSIDE ports on two LEMs are connected to two other LANs. On a PacketShaper 1700, 3500, and 7500, you can use the MGMT port to manage the unit from another LAN.

Management port

IO

On other PacketShaper models, you can manage the unit from any of the INSIDE ports (built-in or LEM).

Management port

I O I O

PacketShaper Getting Started Guide

7-5

Chapter 7: Non-Inline Deployment

Topology 5

In this topology, the network to be monitored is connected to the OUTSIDE port on a LEM. The built-in INSIDE port is used for management access to the unit. This configuration is appropriate, for example, when a fiber-optic LEM is installed on a PacketShaper 6500 in order to monitor a fiber-optic network.

I O I O
Management port

On a PacketShaper 1700, 3500, or 7500, you can use the MGMT port to manage the unit from another LAN.

IO
Management port

I O

7-6

PacketShaper Getting Started Guide

Chapter 7: Non-Inline Deployment

Configuring Watch Mode


Configuring PacketWise Software Follow this basic procedure: 1. Connect one cable (either MGMT, INSIDE or OUTSIDE). Pick the port you will be using to access the PacketShaper during Guided Setup. Refer to Chapters 24 for details on connecting cables to your PacketShaper. Important: Do not connect both cables until after watch mode is enabled. If the PacketShaper is configured inline when you enable watch mode, network connectivity problems will occur. This is because in watch mode packets are dropped and not forwarded through the network. 2. Run Guided Setup, as described in Chapter 5. To access the PacketShaper, use a workstation that is on the network connected to the cabled port. Alternatively, you can connect directly to the unit using the CONSOLE port. Enable watch mode. See Enabling Watch Mode below. If applicable to your topology, connect the other cable(s) to the PacketShaper. Refer to the topologies illustrated on the previous pages. Add routers to the watch list. See Adding Routers on page 7-7.

3. 4. 5.

Watch Mode and Site Routers When watch mode is enabled, the Site Router field is ignored. If you have defined a site router IP address when watch mode is turned on, a message similar to the following may appear on the Info screen:
Site router configuration is ignored in watch mode.

This message doesnt appear if you have set the Site Router field to none.

Enabling Watch Mode

To turn on watch mode: 1. 2. 3. Click the setup tab. Set Shaping to watch. Click apply changes.

The LCD panel flashes Watch Mode and the Info page says Shaping: Watch. Although watch mode is enabled, traffic cannot be monitored until you connect the OUTSIDE port to the network you want to monitor and add routers to your watch list.

Note: When connecting a PacketShaper to a tap, do not use watch mode; instead, set Shaping to off. You will not need to create a router watch list in this case, since the list is only used in watch mode.

Adding Routers

The watch mode feature can monitor traffic to/from up to 256 routers. The PacketShaper uses the router list to determine direction of the packets the unit is monitoring: if a packet is from the router, it will be considered to be inbound or if the packet is to the router, the packet will be considered outbound. If both the source and destination addresses of a packet are in the watch list, the packet is considered same side traffic.

PacketShaper Getting Started Guide

7-7

Chapter 7: Non-Inline Deployment

You identify each router by its IP or MAC address. If you enter an IP address, PacketWise will attempt to resolve its MAC address. Note that when the PacketShaper lacks two-way communication with the end host, you must define the router by its MAC address. For example, when a PacketShaper is connected to a switchs SPAN port, the unit receives copies of the packets that go through the switch, but since communication is one way, it cannot send ARP requests to determine the routers MAC address. In this case, you must define the router by its MAC address, not IP address. To add a router to the watch list: 1. If you are still on the Basic Settings setup page, click the Watch Mode Configuration link. or Click the setup tab and choose watch mode from the Choose Setup Page drop-down list. 2. Click add router. The Add Watch Mode Router screen appears.

3.

In the Name field, enter a descriptive name to uniquely identify the router (up to 32 characters; no spaces are allowed, the only special characters allowed are colon, dash, underline, and period.) In the IP Address field, enter the routers IP address. or In the MAC Address field, enter the routers MAC address.

4.

5. 6.

Click add router. Repeat steps 2-5 for each router you want to add to the watch list.

Next Step

Once watch mode is configured, the PacketShaper will begin collecting data for the traffic it is watching. For information on viewing statistics, graphs, and reports, see Chapter 8, PacketShaper Quick Start.

7-8

PacketShaper Getting Started Guide

Chapter 7: Non-Inline Deployment

Connecting to a Network Tap


In this topology, the PacketShaper is connected to the network through a tap. A network tap is a transmit-only hardware device, placed inline, that provides a permanent access port for passive network monitoring. When a PacketShaper is connected to a tap, it receives the same traffic as if it were located directly on the wire. The PacketShapers INSIDE and OUTSIDE ports are connected to the tap and watch mode is not enabled. The tap will copy traffic in both inbound and outbound directions. Since the tap does not pass traffic back to the network, you must use the MGMT port (on PacketShaper 1700, 3500, and 7500 models) to manage the unit.

IO
TAP
Management port

On other models, you must use a LEM to manage the PacketShaper.

Management port

I O I O
TAP

If you have set your site router to none, you can access the unit via the INSIDE or OUTSIDE LEM port. The units address can be on the same or different subnet from the subnet being monitored (where the tap is located). If you have set a specific site router address, it is recommended that you manage the PacketShaper via the OUTSIDE LEM port. In addition, the units address, site router, and management port connection need to be on the same subnet.

PacketShaper Getting Started Guide

7-9

Chapter 7: Non-Inline Deployment

Configuring the Compression Estimator


The Compression Estimator is a simple way of evaluating Packeteers compression module. You set up a PacketShaper non-inline (that is, not in the main data path) and enable compression and watch mode. PacketWise will estimate the amount of compression that would have occurred on outbound data if the unit had been deployed inline.

Notes: The Compression Estimator can only be used in legacy tunnel mode since the watch mode feature is not available in migration or enhanced mode. The Compression Estimator is not available on the Packeteer 1200 model.

In order to use the Compression Estimator, you need to request an evaluation compression module key; contact your Packeteer representative or Customer Support to request the key. To configure the Compression Estimator: 1. Connect one cable (either MGMT, INSIDE, or OUTSIDE) pick the port you will be using to access the PacketShaper. Do not connect both cables until after watch mode is enabled. Caution: If the PacketShaper is configured inline when you enable watch mode, network connectivity problems will occur. This is because in watch mode packets are dropped and not forwarded through the network.

2. 3.

Install the compression module key, following the instructions included with the key. Set the Xpress-IP address and gateway for the device (main or LEM) you are using for compression estimation: a. b. Click the xpress tab. Click xpress-ip settings. The Xpress-IP Settings screen appears.

7-10

PacketShaper Getting Started Guide

Chapter 7: Non-Inline Deployment

c.

For each network interface (built-in or LEM) you want to use for Xpress tunneling, fill in the following information: Field IP Address Description Xpress-IP (XIP) address to assign to the interface; each interface must have a unique address. Note that this address is used by the Xpress feature and is not for managing the PacketShaper. An XIP address can NOT be the same as the units management address or customer portal address. Subnet mask IP address of the router; leave blank or enter none if there is no gateway. The gateway is required in the following situations: If the tunnel partner is not on the same subnet - or If acceleration is enabled, and the TCP connection endpoints are not on the same subnet as the XIP address

Net Mask Gateway

For VLAN networks only: VLAN ID 802.1Q VLAN ID (0 - 4095)

Note: A maximum of three VLAN IDs can be assigned per Xpress unit (one for each device).

VLAN Priority

802.1P VLAN priority (0-7) If your network isnt using VLAN IDs but you want to set a VLAN priority, you must set a VLAN ID of 0 (zero) before you can select a priority.

d. 4. 5. 6. 7. 8. 9.

Click OK to update the settings.

Make sure Xpress is in legacy mode, which is displayed on the xpress tab. For more information, see Xpress Modes on page 9-3. Click the setup tab. The Basic Settings screen is automatically displayed in the Setup window. In the Shaping field, select watch to turn on watch mode. Click apply changes to update the settings. Add your router(s) to the watch list. (See Adding Routers on page 7-7). Enable compression on legacy tunnels. For more information, see Step 2: Verify Legacy Compression on page 9-7.

PacketShaper Getting Started Guide

7-11

Chapter 7: Non-Inline Deployment

To see an estimate of how compression is working on your link, you can look at compression reports. For more information, see View the Compression Summary on page 9-17.

Note: If you arent seeing compression results, its possible that the PacketShaper isn't able to resolve the gateways IP address. In this case, youll need to manually add the address to the ARP table using the arp privadd command.

If you are satisfied with the estimated compression results and want to use the Xpress feature to compress data, you will need to purchase the compression module key and deploy additional PacketShapers (to create compression tunnels). All units must be deployed inline in order to compress data.

7-12

PacketShaper Getting Started Guide

CHAPTER 8: PACKETSHAPER QUICK START


Overview
This quick start chapter will show you how to use a PacketShaper to: Classify network traffic Analyze network and application performance Solve performance problems Note for PacketShaper 1200 users: Because PacketShaper 1200 models are intended for use in wide-spread distributed deployments, we recommended that you configure these units with PolicyCenter, Packeteers central management product. Using PolicyCenter, you can configure a traffic tree with appropriate policies and partitions and then distribute this configuration to all the PacketShapers installed at your branch offices. Refer to the PolicyCenter Getting Started Guide for details. For generating graphs and reports use Packeteers centralized reporting product, ReportCenter. See the ReportCenter Getting Started Guide for details.

If your PacketShaper is configured with the compression or acceleration module, read this chapter before turning to the next chapter, Getting Started with Xpress Compression and Acceleration. If you are using a PacketShaper ISP model, see Chapter 10, PacketShaper ISP Quick Start.

PacketShaper Getting Started Guide

8-1

Chapter 8: PacketShaper Quick Start

Classifying Traffic on the Network


PacketShapers traffic discovery feature detects and identifies the traffic running on a network and automatically creates traffic classes for each application, service, or protocol that it discovers. These classes are organized into a hierarchical traffic tree. Classification is a prerequisite for other PacketShaper functions. To analyze a particular applications performance, you must first identify that applications traffic. Likewise, to control an applications performance, you isolate its traffic to adequately ration and assign resources. Note that traffic discovery is not appropriate for all situations. If PacketShaper units are at branch office deployments where you are monitoring and controlling application performance, you can use the traffic discovery feature to create application-based traffic trees. In deployments where the PacketShaper is located at the main sites WAN or Internet link, you will want a location-based traffic tree that has traffic classes for each branch office; in this situation, you would not want to use automatic traffic discovery. For a detailed explanation of these traffic tree strategies, see the Enterprise Deployment Topologies guide or the online PacketGuide. Note: Because PacketShaper 1200 models are limited to 64 classes, you will probably not want to enable the automatic traffic discovery feature.

Discovering Traffic

Automatic traffic discovery may already be enabled. To check the status of the Traffic Discovery setting: 1. 2. 3. 4. 5. Access the PacketWise software by entering PacketShapers URL or IP address in your browser. Check the status line underneath the tabs. If it says Discovery: On, you can skip the following steps. Click the setup tab in the PacketWise navigation bar. To enable automatic traffic discovery, select on for Traffic Discovery. Click apply changes.

Viewing the Traffic Tree

Traffic needs to run through the PacketShaper over time before you can see trends and decide on a course of action. We suggest you collect data for at least three days. Note: Make sure the mission-critical applications are being accessed during this time so that the protocols, services, and/or applications will be auto-discovered.

The traffic discovery process creates traffic classes automatically, based on the traffic types it detects. For example, web surfing is categorized in the HTTP traffic class. To see what classes the PacketShaper has auto-discovered, display the traffic tree: 1. 2. Access the PacketWise software by entering PacketShapers URL or IP address in your browser. Click the monitor or manage tab in the PacketWise navigation bar. The discovered classes appear in a hierarchical tree under the Inbound and Outbound folders.

PacketWise displays applications in a hierarchical tree representing application traffic traveling inbound and outbound, with respect to the PacketShaper. Applications listed in the Outbound folder represent a request for data from external servers or responses of data

8-2

PacketShaper Getting Started Guide

Chapter 8: PacketShaper Quick Start

from internal servers to outside requests. Applications shown in the Inbound folder represent the data being transmitted from outside servers to the LAN or requests for data from internal servers. When managing an applications performance, you must consider the characteristics and significance of an application flows direction. For example, suppose a user is running Oracle as a published application over Citrix Metaframe. Assume the Oracle user is on the LAN side of PacketShaper, and the server is on the outside. In the traffic tree, the /Outbound/Citrix/Oracle class tracks the data entry activity. The /Inbound/Citrix/Oracle class tracks the data downloads.

Problems? Whats wrong? The traffic tree is empty. The traffic tree doesnt have classes for some of the applications I know are on the network. What might fix it: Is traffic discovery turned on? Look at the status line underneath the tabs to make sure it says Discovery: On. Have users initiated new sessions after connecting the unit to the network and configuring the PacketShaper? A PacketShaper cant discover traffic classes until it sees the traffic. Make sure users are accessing the critical applications and establishing new sessions on the network. To avoid creating classes needlessly, the PacketShaper must see at least three* distinct flows of an application before it deems the flows significant enough to warrant autodiscovery. The flows must begin within the same time-out interval, typically one minute, and should have different source/destination address pairs. If youre performing tests and want a specific application to be auto-discovered, it may be necessary to open a session, quit, and then re-open the application so that PacketWise sees another session. Is the PacketShaper installed on an Internet link between the VPN gateway and the router? If so, the unit sees encrypted traffic, not individual applications; consequently, the applications will not appear in the traffic tree. In order to differentiate between encrypted applications, the unit must be positioned between the LAN and the VPN gateway. Although PacketWise classifies hundreds of applications, there could be custom or unique applications that do not get auto-classified. To accommodate these situations, PacketWise provides the ability to create classes manually. Are you using PacketShaper 1200? If you have enabled automatic traffic discovery on the 1200 series, the traffic tree will likely reach its maximum capacity (64 classes) quickly, and perhaps not with the applications you need to classify. For the PacketShaper 1200 models, Packeteer recommends that you not enable traffic discovery; instead, manually create classes for the applications, or use PolicyCenter. *The number of flows required to trigger class discovery can be adjusted using the Autodiscovery variables on the System Variables setup page.

PacketShaper Getting Started Guide

8-3

Chapter 8: PacketShaper Quick Start

Analyzing Network Traffic


Analyzing Data After the PacketShaper has a chance to collect data, you can look at some of the statistics that have been generated. Here are some analytical questions you can start with: Question: What type of traffic is consuming the most bandwidth right now? How to find the answer: Click the top ten tab to display the Top Ten Average Rate report. Which inbound traffic class has consumed the most bandwidth in the last hour? Which outbound traffic class? Click the monitor tab. Find FTP in the traffic class tree on the left and then look at the value in the Class Hits column. First, you need to enable host analysis. Click the manage tab and select Citrix in the traffic tree. Enable Top Talkers and Top Listeners, then click apply changes. Later, go back to this page and click the Top Talkers or Top Listeners links to see the hosts that have generated the most Citrix traffic. Note that this feature shows top hosts since the feature was last reset. You can use the reset button on the Top Talkers or Top Listeners page to clear the list and restart the host-tracking process. What was the peak bps rate for web traffic? What is the link utilization? Click the monitor tab. Find HTTP in the traffic tree and look at the value in the Peak column. Click the report tab, and look at the first chart, Utilization. The red line is average inbound link utilization and the blue line is peak inbound link utilization. Scroll down and look at the outbound chart.

How many times has FTP been used?

Who is generating the most Citrix traffic? (If you dont have Citrix, use any other class of interest.)

Note: Detailed reporting is also available via Packeteer ReportCenter. Because PacketShaper 1200 models have limited reporting capabilities, it is recommended that you use ReportCenter to generate your reports.

8-4

PacketShaper Getting Started Guide

Chapter 8: PacketShaper Quick Start

Analyzing Network Performance

The Network Performance Summary shows you where most traffic occurs on the network. To view the summary: 1. Click the report tab on the navigation bar. The Network Performance Summary report appears. This report contains six graphs Utilization, Network Efficiency, and Top 10 Classes, for both the Inbound and Outbound directions. The default report graphs data from the last hour, but you can select a different time interval (such as three days), if you like. 2. To choose a different time interval, enter the number of minutes, hours, days, weeks, or months in the Show field, and then select the unit of time. For example, by entering 3 in the Show field and selecting day for the unit of time, you create a report with the data the PacketShaper collected over the last three days. 3. 4. 5. Click update to apply the new time interval settings. The new report appears. Scroll down to see the Top 10 Classes graph for inbound traffic. Scroll down further to see the Top 10 Classes graph for outbound traffic. Note: As you are viewing the Top 10 Classes pie chart in the Network Performance Summary, you may want more detail on a particular class. A quick way to get this detailed information is to click the class name on the pie chart legend. When you click a class name, the Statistics:Reports screen appears, where you can change the period or select additional graphs to include in the report. To print the report, click print.

6.

PacketShaper Getting Started Guide

8-5

Chapter 8: PacketShaper Quick Start

Looking at Top Ten Reports

The Top Ten tab offers several reports that allow you to quickly see which classes have the highest average rate, peak rate, total bytes, or network efficiency. For example:

1. 2.

Note: The top ten tab is not available on the PacketShaper 1200 models.

To view the Top Ten reports: Click the top ten tab on the navigation bar. In the View top field, enter the number of classes you want to view in the report (default is 10). To view all classes, clear this field so that its blank. Note: If you dont want to change the view (the next step), you must click update to see the revised list.

3. Select the desired view: View Average Rate Description The classes with the highest average bandwidth rate in the designated time interval; measured in bits per second (the default report type) The classes with the highest peak bandwidth rate in the designated time interval; measured in bits per second The classes with the highest total bandwidth consumed in the designated time interval; measured in bytes The classes with the most retransmissions (that is, the lowest network efficiency)

Peak Rate

Total Bytes

Network Efficiency

8-6

PacketShaper Getting Started Guide

Chapter 8: PacketShaper Quick Start

Solving Performance Problems


PacketShapers configured with the shaping module offer two ways to solve application and network performance problems: Setting policies. A policy determines how an applications individual flows are treated in the context of competing applications and allows you to manage bandwidth on a flow-by-flow basis. With policies, you can give each flow of mission-critical traffic the bandwidth it needs for optimum performance, as well as protect it from demanding, less important traffic. In addition, policies can keep non-urgent traffic flows (such as FTP) from consuming more than an appropriate share of bandwidth or can block flows completely. Creating partitions. A partition manages bandwidth for a traffic class aggregate flows, so that all of the flows for the class are controlled together as one. You can use partitions to protect mission-critical traffic by guaranteeing that a traffic class always gets a defined amount of bandwidth. In addition, you can use partitions to limit aggressive, non-critical traffic by allowing that traffic class to consume only a defined amount of bandwidth.

Set Policies

A policy controls traffic on a flow-by-flow basis. When you apply a policy to a traffic class, you define how each flow will be treated when competing with other applications. While there are several different types of policies you can create in PacketWise, the rate policy is the most common. With this type of policy, you can: Guarantee each flow a minimum bits-per-second rate Give each flow prioritized access to excess bandwidth Limit each flow to a maximum amount of bandwidth Take advantage of Packeteers TCP Rate Control technology that prevents traffic from being sent at a rate that is higher than it can be transferred and received, thereby greatly reducing queuing in router buffers and controlling inbound traffic Smooth bursty traffic (such as HTTP)

Priority policies, another type of PacketWise policy, establish a priority for traffic without specifying a particular rate. Use priority policies for non-IP traffic types, or traffic that does not burst (for example, Telnet). In addition to creating policies for mission-critical applications, you may also want to place controls on some of the most active services and applications on the network (such as HTTP or FTP). PacketShapers supply a set of suggested policies for many supported protocols and services. You can apply a suggested policy to a traffic class, whether it was manually created or automatically created by the traffic discovery process.

Note: Most suggested rate policies set the guaranteed rate to zero with bursting enabled. If you have a specific minimum rate requirement for an application, such as Voice over IP, you will need to modify the suggested policy.

To create a policy using PacketShapers suggested settings: 1. 2. Click the manage tab on the navigation bar. The Traffic Class window appears. Select a class in the tree in the left window pane.

PacketShaper Getting Started Guide

8-7

Chapter 8: PacketShaper Quick Start

3. 4.

In the Traffic Class window pane, click policy and select add from the menu. Click suggest policy in the New Policy window. A pop-up window appears, notifying you whether a default policy was found for this service type.

5. 6. 7.

Click OK in the pop-up window. To fine-tune the policy, overwrite the displayed values or select a new policy type. To create the policy, click add policy in the New Policy window.

Create Partitions

A partition is a virtual pipe that you can create for a given traffic class. This virtual pipe reserves bandwidth for all flows of a given type the traffic class aggregate. Partitions can protect traffic by guaranteeing a defined amount of bandwidth for the mission-critical traffic classes. For example, you could set a 128 Kbps partition for SNA traffic. This partition ensures that SNA will always have at least 128 Kbps of bandwidth. Partitions can also limit less important traffic by putting a cap on the amount of bandwidth a traffic class can use. For example, you can assign a 64 Kbps partition to FTP traffic. This prevents FTP traffic from consuming your entire link and blocking more important traffic. To create a partition: 1. 2. 3. 4. 5. 6. 7. Click the manage tab on the navigation bar. The Traffic Class window displays. Select the class in the traffic tree. Click partition in the Traffic Class window and click add. The New Partition window appears. In the Size field, enter the minimum partition size in bits per second (bps). Alternatively, you can select % and enter a percentage of the parent partition size. To allow the partition to use available excess bandwidth, select the Burstable checkbox. Optional: In the Limit field, set a maximum bandwidth limit to be used when the partition bursts. This limit must be greater than the partition minimum. Click add partition to create the partition.

Turn Shaping On

Policies and partitions have no effect unless traffic shaping is turned on. To do this: 1. 2. 3. Click the setup tab. Turn Shaping on. Click apply changes.

Verify that the Policies are Working

To verify that a traffic class and policy are working as expected, you can: Observe the number of Class Hits and Policy Hits for that class in the Monitor Traffic window. Class Hits are the number of times flows match the class and Policy Hits are the number of times the policy has been enforced. Generate more traffic for that traffic class to see if the number of hits increases. Compare the statistics (such as the peak rate) before and after the policy was set. Make a Class Utilization graph. Be sure to specify a time period that includes before and after the creation of the policy.

8-8

PacketShaper Getting Started Guide

Chapter 8: PacketShaper Quick Start

Problems? Whats wrong? My graphs look strange: the data cant be correct. The LCD readout shows traffic but the traffic tree is empty. What might fix it: Do you have the date set correctly? Check the date & time page under the setup tab. Is traffic discovery turned on? Look at the status line underneath the tabs to make sure it says Discovery: On. Is your browser set to reread the HTML page source every time? This is a PacketShaper requirement. See Accessing PacketWise Guided Setup With a Browser on page 5-2. Is shaping turned on? Policies are only applied if shaping is on. Look at the status line underneath the tabs to make sure it says Shaping: On. Did you set too many policies? Try just setting policies for your most critical and most bandwidth-greedy classes. Is shaping turned on? Policies are only applied if shaping is on. Look at the status line underneath the tabs to make sure it says Shaping: On. Are you looking at current data? Use the update button to refresh the screen or the clear stats button to zero out the values and begin displaying new (post-policy) data.

Performance hasnt improved since I set policies and created partitions.

Statistics on the Monitor Traffic screen dont seem to be consistent with the policies I set.

PacketShaper Getting Started Guide

8-9

Chapter 8: PacketShaper Quick Start

Advanced Features
PacketShapers also have advanced monitoring and control features, for example: Response Time Measurement (RTM) The RTM feature tracks delay (network and server) statistics for connection-based TCP traffic classes. You can set acceptable responsetime thresholds for selected traffic classes. Response times are defined as bad or good according to the threshold you set. When a transactions total delay is lower than the threshold, the transaction is considered good. When the total delay is higher, the transaction is considered bad. Adaptive Response Packeteers adaptive response feature allows you to monitor the status of your network, the applications running on the network, and the capacities and loads of the PacketShaper. This feature can also detect hosts that are using up too much of the link, and allows you to set thresholds for specific traffic classes, links, and partitions and will notify you when thresholds are exceeded. For example, you can use adaptive response to automatically send an email, SNMP trap, or a Syslog message when there are unacceptable network delays. By having PacketWise send you notifications automatically, you have the opportunity to be aware of situations before they trigger user complaints. Flow Detail Records The Flow Detail Records (FDR) feature is an alternate method for gathering and processing per-flow statistics. When FDR is enabled, the PacketShaper will become an emitter, automatically pushing data to a remote system, called a collector, on a continuous basis. The unit will emit records that contain details of all flows that go through the PacketShaper to a collector, such as Packeteers ReportCenter 3. In ReportCenter, you can view a wide variety of reports to summarize and analyze the data for troubleshooting, diagnostics, or application-usage billing. A record format is also available for collectors and analyzers with Cisco NetFlow compatibility, such as Evident Billing Software and Cisco Collector. Packet Capture The packet capture feature captures packets for future analysis, allowing you to analyze detailed information about the packets in a class, such as the source and destination IP addresses and protocols used. For example, you can analyze packets in a Default or a port-numbered class to get details about the traffic hitting these classes. Or, you can use packet capture to investigate what an IP address-based class is doing. For information on these and other advanced features, see the online PacketGuide (click the packetguide button in the browser interface).

8-10

PacketShaper Getting Started Guide

CHAPTER 9: GETTING STARTED WITH XPRESS COMPRESSION AND ACCELERATION


Overview
Packeteers Xpress feature allows you to use compression to increase the virtual size of WAN bandwidth, use acceleration to fully utilize bandwidth in moderate- to high- latency environments, and use compression and/or acceleration to improve application performance on your network. By integrating these technologies with traffic management, PacketWise ensures that the increased virtual WAN pipe is not consumed by aggressive, non-mission critical applications that burst to consume any bandwidth given to them. In addition, the effective throughput of the mission critical traffic can also increase, providing a double benefit. Traffic management protects mission critical traffic, contains recreational and unsanctioned traffic, and smoothes peaks in bursty traffic, while Xpress provides greater throughput and network capacity. Xpress works by identifying other PacketShapers on the network, dynamically setting up a communication link, called a tunnel, between the units, and sending data through the tunnels. Xpress uses tunnels to transport compressed data, packed data, and/or accelerated data. Each of these features is described in the following sections.

Note: Compression and packing are features included with the compression key. Acceleration requires the acceleration key.

Compression

Xpress compression shrinks the size of transferred traffic, effectively increasing the amount of bandwidth available on a link. It uses a variety of methods, called compression algorithms, to compress data, for example ICNA, CNA, PRED1, PRED2, and RETD. You can enable/disable compression globally, for a specific tunnel, or on a per-class or perservice basis. Xpress does not attempt to compress all traffic. Because PacketShaper is application intelligent, it is able to identify each traffic flow and compress only the flows that are likely to achieve useful gains. Previously compressed traffic (such as streaming media) and encrypted data (such as HTTPS) are examples of non-compressible traffic. The ability to apply appropriate compression algorithms to different applications is built into the Xpress compression engine. Xpress automatically assigns the appropriate algorithm to each application, in order to achieve the best compression ratio, with minimal latency.

Packet Packing

When Xpress packing is enabled, multiple packets are combined into a single super packet before being sent through the Xpress tunnel. Since fewer packets are sent, packing saves on overhead introduced by packet headers. You can enable/disable packet packing globally, for a specific tunnel, or on a per-class or per-service basis. Packing is a feature that is included with the compression key.

PacketShaper Getting Started Guide

9-1

Chapter 9: Getting Started with Xpress Compression and Acceleration

The maximum size of the super packet is determined by the Maximum Transfer Unit, or MTU. MTU is the largest datagram than can be transmitted by an IP interface, without it needing to be broken down into smaller units. Because the packet size is maximized to the MTU, packing improves link utilization. The MTU can be set globally or for an individual tunnel. Since different types of traffic can tolerate different amounts of latency, each service is assigned an appropriate packing hold time the length of time the super packet is held to wait for additional packets to be packed into it. For example, latency-sensitive services, such as RadioNetscape and Streamworks, have a pre-set 1ms packing hold time. The default packing settings are appropriate in most situations, but CLI commands are available to fine-tune these settings if you find the need. Due to the inherent delay in the process of combining packets, packing will increase network latency. On very busy links, packing doesnt cause much latency because the packets are bundled and sent off quickly. On less active links, Xpress may have to wait to get enough packets in a bundle, possibly creating application performance problems. If you are experiencing latency, try lowering the packing wait time or disabling packing altogether. Packing is most efficient and effective when dealing with small packets or packets that can be reduced in size with compression.

Acceleration

The acceleration feature significantly improves the performance of TCP/IP over satellite links or long-delay terrestrial networks. It accelerates both transactions and file transfers to enhance network performance. Xpress acceleration allows you to maximize bandwidth utilization, speed up application response times, accelerate the transfer of large files, and minimize the impact of other problems that are common with TCP-based applications on high-latency links. A high-latency environment is generally any link with ping time of 150 ms or more. Virtually all overseas connections and the majority of East Coast - West Coast US links are high latency. The benefits of acceleration are not restricted to networks with high latency other factors come into play as well. High-speed links with small window sizes and moderate latency can also benefit from Xpress acceleration. For example, a data center with a 45 Mbps link, using Windows 2000 with a 16K window size, has a 30 ms round-trip time during data backups. Because of the small window size, the link is underutilized and is less than 10 percent full. With Xpress acceleration, the data center would be able to fully utilize the bandwidth in the 45 Mbps link. You can enable/disable acceleration globally, for a specific tunnel, or on a per-class or perservice basis. In addition to accelerating data between PacketShapers, Xpress can accelerate data between a PacketShaper and a SkyX device. This is called a SkyX tunnel. Transport Acceleration: XTP or SCPS One type of acceleration is transport acceleration. Xpress intercepts the TCP connection from the client and converts the data to XTP (Xpress Transport Protocol) for transmission through the Xpress tunnel. The PacketShaper on the other side of the tunnel translates the XTP data back to TCP. XTP is a reliable protocol optimized for high-latency links. The XTP implementation in Xpress includes a rate-based congestion control which allows a connection to quickly attain full-speed operation when significant bandwidth is available. Over long distance networks,

9-2

PacketShaper Getting Started Guide

Chapter 9: Getting Started with Xpress Compression and Acceleration

where acknowledgements are slow to return, the TCP window size often sets a hard limit on the maximum throughput rate. Large links become less and less utilized as delay increases because valuable time is spent simply waiting for acknowledgements. To look at an example, on a 45 Mbps link, approximately 88 percent of the bandwidth is wasted due to TCP and window size limitations. (This example assumes one flow, 95 ms latency, and a 64k window size.) Using Xpress acceleration allows you to more fully utilize the bandwidth in the WAN link. An alternative to XTP is SCPS (Space Communications Protocol Standards). When SCPS is enabled, it becomes the transport protocol for the transmission of data over the satellite portion of the link. XTP provides higher performance than SCPS under most conditions, but SCPS is available for organizations that have standardized on SCPS as the required transport protocol.

Xpress Modes

To help in the transition to the new capabilities in Xpress, three modes are offered: enhanced, legacy, and migration. Legacy mode uses the PacketWise v6.x/7.x tunnel infrastructure. In legacy mode, the commands and capabilities are limited to those that were available in PacketWise 7.x. A tunnels sole capability is to transport compressed data. Enhanced mode uses the new 8.0 tunnel infrastructure. In enhanced mode, a tunnel serves multiple purposes and can include one or more of the following: compression, packing, and acceleration. Although the basic functionality of compression is the same in legacy and enhanced modes, enhanced compression is more efficient, has better firewall and MPLS support, and is more tolerant to latency and loss. Instead of the IPCOMP protocol used in legacy compression, enhanced mode transports compressed data with TCP in stateful mode and raw IP (protocol 99) in stateless mode. Migration mode supports both types of tunnels: legacy and enhanced. Use this mode when migrating from earlier versions of PacketWise. By default, 50 percent of compression memory is allocated to legacy compression tunnels and 50 percent is assigned to enhanced Xpress tunnels. This ratio can be modified.

The default mode for new installations is enhanced mode; see Using Enhanced Tunnel Mode on page 9-13. The default mode for units that have upgraded to 8.0 is migration mode, in most cases; see Migrating to Xpress 8.0 on page 9-6. The exception is when watch mode or direct standby is enabled before the upgrade. If either feature is enabled in 7.x, the unit will be in legacy mode after the upgrade. (This is because watch mode and direct standby only operate in legacy mode.)

PacketShaper Getting Started Guide

9-3

Chapter 9: Getting Started with Xpress Compression and Acceleration

Xpress Feature Requirements and Limitations

The list below describes the requirements and limitations for the Xpress feature: Xpress is supported on the following PacketShaper models. Make sure your model has the minimum amount of memory listed below: PacketShaper Models 1200 1550 1700 2500 Minimum Memory Requirement 256 MB 256 MB 512 MB 512 MB Note: A Memory Upgrade Kit may be required. 1 GB 512 MB 2 GB 1 GB Maximum Number of Xpress Tunnels 5 10 15 30

3500 6500 7500 8500

30 50 100 100 (1 GB RAM) 200 (2 GB RAM) 300 300

9500 10000

2 GB 2 GB

Xpress is not available on PacketShaper ISP models. If there is a firewall between partner PacketShapers, firewall support must be enabled. To use compression on a DiffServ network, you will need to enable DiffServ mode. On a point-point link, PacketShapers can shape and compress traffic when connected back-to-back via routers, bridges, or VPN connections. To use Xpress on existing PacketShapers, you need to purchase an Xpress compression and/or acceleration software key from Packeteer, and install it onto each unit. You must configure an Xpress-IP address for each PacketShaper device (built-in or LEM) you want to use for Xpress compression, packing, or acceleration. Direct standby and watch mode are not available with enhanced Xpress tunnels. These features can be enabled only when PacketShaper is set to legacy tunnel mode. Unlike unicast compression hosts, multicast hosts will not be discovered automatically. However, multicast traffic will get compressed if the Class D addresses are added to remote and/or local host lists (with the tunnel local add and tunnel remote add commands). In order for the traffic to get disseminated to

9-4

PacketShaper Getting Started Guide

Chapter 9: Getting Started with Xpress Compression and Acceleration

multiple recipients, the decompressed multicast traffic must be forwarded to a router; if not, only one host will receive the flow. Note that multicast traffic cannot be accelerated. If Xpress is deployed in a Virtual Private Network (VPN), the (private) address space on both sides of the VPN tunnel between PacketShapers needs to be separate and unique in order to allow the two units to set up an Xpress tunnel.

Acceleration The site router should be set to none if you are using acceleration. For best performance, Packeteer recommends that shaping be enabled when using acceleration. In nested PacketShaper configurations (PS1-PS2-PS3-PS4), if the middle PacketShaper units (PS2 and PS3) have acceleration enabled and discovery off, accelerated XTP traffic that is sent between the outer units (PS1 and PS4) will get blocked. To enable this configuration, go to the setup tab in the PacketWise browser interface and change the system variable Strict Host Check for Acceleration from off (default) to on. When acceleration is enabled, a flow gets divided into three separate segments (TCP, XTP, TCP), and a single PacketShaper cannot know the state of segments to which it isnt directly connected. This means that flows in an acceleration tunnel cannot take advantage of inbound TCP Rate Control, which requires an end-to-end view of the complete connection. Instead, PacketShaper uses UDP Rate Control techniques to control latency and minimize packet loss in accelerated flows. This limitation is only an issue if the PacketShaper is one of the accelerating partners on the edge. However, if a PacketShaper is using SCPS acceleration and it is an intermediary PacketShaper, it can apply TCP Rate Control to the flow. Another implication of TCP being converted to XTP is that the response-time measurement (RTM) variables arent able to measure a transaction through its complete round trip, and do not account for the portion that is not TCP. Because of this, RTM data is not meaningful and should not be used or relied upon if acceleration is enabled.

PacketShaper Getting Started Guide

9-5

Chapter 9: Getting Started with Xpress Compression and Acceleration

Migrating to Xpress 8.0


Migration Mode When you upgrade to v8.0, PacketShaper is automatically in migration mode. In migration mode, the enhanced Xpress code (v8.0) and legacy compression code (included in 6.x/7.x) run in parallel. PacketShapers in migration mode will be able to create compression tunnels with units running 6.x/7.x software and compress data between these units. In addition, units with migration mode enabled can create Xpress tunnels with units running 8.0 software and compress, pack, and accelerate data between these units. Migration mode is useful for upgrading PacketShapers from 6.x/7.x versions of PacketWise to the new Xpress capabilities in PacketWise v8.0. Migration mode is intended to be a temporary, transitional mode of operation. For best results and to take advantage of all the capabilities Xpress offers, it is important to move to enhanced mode as soon as possible. This section describes the best way to accomplish the migration. Migration mode has full support of legacy functionality and a subset of support for enhanced functionality. Legacy functionality: As in previous versions of Xpress, compression tunnels will automatically form with auto-discovered Xpress partners. Compression tunnels are formed with partners that are running PacketWise v8.0 in legacy mode, v8.0 in migration mode, or v6.x/7.x. Note that compression must be enabled on both PacketShapers for a tunnel to be formed between them. All of the compression-related CLI commands (such as class compress and setup compression) are available. Enhanced functionality: Unlike in enhanced mode, migration modes enhanced Xpress tunnels will not form automatically because the mechanism for autodiscovery of hosts and partners for enhanced tunnels is not available. Enhanced Xpress tunnels must be manually configured in migration mode. In addition, hosts must be assigned to each tunnel using CLI commands (tunnel remote add and tunnel local add). However, all other enhanced mode functionality is available: transport acceleration, HTTP acceleration, tunnel monitoring and configuration via the new Xpress tab, ability to override global settings on a per-tunnel basis, a new set of tunnel-related CLI commands, and so forth.

Migration Procedure

If you are upgrading to 8.0 so that you can use the enhanced Xpress features, Packeteer recommends using the following migration procedure: 1. 2. 3. 4. 5. 6. 7. 8. Starting with one remote site, upgrade PacketShaper to v8.0. Verify legacy compression tunnels are working. Set enhanced tunnel options. Upgrade a partner unit to v8.0. Set tunnel passwords. Test enhanced tunnels (using manually-created tunnels) and verify compression is working. Upgrade all units to v8.0. Switch to enhanced mode on all units. Note: Details for each step are described in the following pages.

9-6

PacketShaper Getting Started Guide

Chapter 9: Getting Started with Xpress Compression and Acceleration

This procedure assumes that you have been running Xpress successfully on your network using PacketWise v7.x software. It is also assumed that Xpress-IP addresses have been configured and compression has been enabled.

Step 1: Upgrade One Site to PacketWise v8.0

Decide which PacketShaper would be best for the initial 8.0 installation; most likely this will be one of your remote sites. Once you have selected the initial unit, you can load the 8.0 software on it. Download the software image file from the Packeteer support website (http://www.packeteer.com/support/down_main.cfm) to your client workstation and then FTP the file to the PacketShaper. You can then load the new software image using the image load command in the command-line interface.

Step 2: Verify Legacy Compression

In order for compression to work, Xpress-IP addresses must be configured on all devices that will be used for compression. The upgrade process will automatically use the same addresses you configured in v7.x. PacketWise 8.0 has the additional requirement that the Xpress-IP address cannot be the same as the management IP address. If they are the same, you will see the following error message on the Info tab (in the browser) or in the CLI banner after you log in: Warning: No XIP addresses have been configured. Compression will not work until you configure the Xpress-IP addresses. You can view and change Xpress-IP addresses using the new Xpress tab in v8.0: 1. 2. 3. Click the xpress tab. Click xpress-ip settings. The Xpress-IP Settings window appears. For each network interface (built-in or LEM) you want to use for Xpress tunneling, fill in the following information:

Field IP Address

Description Xpress-IP address to assign to the interface; each interface must have a unique address. Note that this address is used by the Xpress feature and is not for managing the PacketShaper. An Xpress-IP address can NOT be the same as the units management address or customer portal address. Subnet mask (for example, 255.255.0.0) IP address of the router; leave blank or enter none if there is no gateway. The gateway is required in the following situations: If the tunnel partner is not on the same subnet - or If acceleration is enabled and the TCP connection endpoints are not on the same subnet as the XIP address

Net Mask Gateway

4.

Click OK to update the settings.

PacketShaper Getting Started Guide

9-7

Chapter 9: Getting Started with Xpress Compression and Acceleration

Make sure legacy compression is enabled: 1. 2. Click the xpress tab. Click global tunnel settings. The Edit Global Tunnel Settings window appears. Note: The Tunnel Mode should be set to Migration. Set Legacy Compression to on. Click OK.

3.

4.

To verify legacy compression is working and compression tunnels are being established, use the setup compression show command in the CLI. The output should show that compression is enabled, list the IP address and status of active tunnel partners, and list details about the services that have active flows being compressed. For example:
setup compression show Tunnel Interface: Tunnel Partner: Tunnel Status: Tunnel Quality: Tunnel Savings: main 192.21.0.85 Compressing (Up: 30m 54s, Idle: 1s) 100 33 KBpm

Compressors Type %Bytes Saved -----------------------------------------------------------------------------GROUP DICTIONARY cna-1M 38% ( 1 secs old) NetBIOS-IP-SSN cna-1M 38% ( 1 secs old) DNS cna-1M 3% ( 22 secs old) KaZaA-Cmd cna-1M 45% ( 50 secs old) DCOM cna-1M ----% (126 secs old) Observed cna-1M 29% ( 60 secs old) Compression: On Memory: 1282 KB / 318750 KB Tunnels: 1 Active, 0 Idle, 1 Total

Step 3: Set Enhanced Tunnel Options

Your settings for the DiffServ interoperability and firewall support variables were automatically carried forward during the upgrade process. These variables apply to legacy compression only. The corresponding settings for enhanced tunnels can be set via the Xpress tab, as described below. 1. 2. 3. 4. Click the xpress tab. The current global settings are displayed next to the global tunnel settings button. Click global tunnel settings. The Edit Global Tunnel Settings window appears. Set Compression to on. (The Compression setting applies to enhanced tunnels.) Set global options: Feature Firewall Description Enable firewall support if the PacketShaper will be sending or receiving tunneled traffic through a firewall.

9-8

PacketShaper Getting Started Guide

Chapter 9: Getting Started with Xpress Compression and Acceleration

Feature DiffServ

Description Enable DiffServ mode when using compression or packing on a DiffServ network. If an Xpress tunnel has DiffServ enabled, Xpress will inspect all packets for its DiffServ Code Point (DSCP) value. Within the tunnel, it will create a separate lane for each DSCP value. When Xpress sees packets with a DSCP different from those seen before, it will create a new lane associated with that DSCP. Any packets with that DSCP are then sent through the associated lane. Notes: When DiffServ mode is enabled, the tunneled super packets will inherit the DiffServ markings of the original packets. If a super packet is marked with a different DSCP value while its inside the MPLS network, the partner PacketShaper at the other end of the tunnel will remark each of the original packets with this new value. Xpress supports up to five DSCP values. If your network exceeds the maximum, the super packets in the tunnel will not have DiffServ markings. However, if the super packet is marked with a different DSCP value while its inside the MPLS network, the partner PacketShaper will remark each of the original packets with the new value.

Discovery

Enable/disable the auto-discovery of hosts and partners on all Xpress tunnels. Note: In migration mode, Discovery is disabled because this feature operates in enhanced mode only. Most likely, you will want to enable Discovery after switching to enhanced mode.

MTU

Set the Maximum Transmission Unit (MTU) used for packing and acceleration. The MTU defines the maximum size of the super packet its the largest datagram than can be transmitted by an IP interface, without it needing to be broken down into smaller units. Valid MTU values are 100-1500; the default is 1500. Choose auto to let the system pick the best MTU based on other shaping settings; the auto setting requires traffic shaping to be enabled.

5.

Click OK.

PacketShaper Getting Started Guide

9-9

Chapter 9: Getting Started with Xpress Compression and Acceleration

Step 4: Upgrade a Partner Unit

To verify that enhanced tunnels are functioning properly, youll need to upgrade and configure a partner PacketShaper following the same steps as you did for the initial unit.

Step 5: Set Tunnel Passwords

For security purposes, you should configure a community password for Xpress tunnels. This authentication mechanism is used to determine whether tunnel partners can be trusted for purposes of receiving host updates. When tunnel partners have matching passwords, the tunnels will be in secure mode and will exchange host updates. Follow these steps to set the same password on each Xpress partner: 1. 2. 3. Click the xpress tab. Click global tunnel settings. The Edit Global Tunnel Settings window appears. In the Password field, type the tunnel password. Passwords can be up to nine characters long and are case sensitive. They can consist of a combination of letters, numbers, and all special characters. In the Retyped Password field, type the password again. Click OK.

4. 5.

Dont forget to repeat the above steps for the partner unit.

Step 6: Test Enhanced Tunnels

In enhanced mode, Xpress is able to auto-discover tunnel partners and hosts and therefore tunnels are created automatically. In migration mode, legacy compression tunnels are autodiscovered but enhanced tunnels must be manually configured. Before switching to enhanced mode, youll want to define an enhanced tunnel to make sure it is able to form and then verify that it is compressing data. To define a tunnel, you must assign it a name, specify the tunnel partners Xpress-IP address, and indicate on which device (built-in or LEM) that the tunnel will be formed. If you want the tunnel to have special parameters different from the default settings, you can change the settings while creating the tunnel. To create a static tunnel: 1. 2. 3. Click the xpress tab. Click add tunnel. The Add Tunnel window appears. Enter a descriptive Name for the tunnel. The name can be up 24 characters long and may include alphanumeric characters and the following special characters: .-_:@$%=+[]{} Spaces are not allowed. For Partner IP, specify the Xpress-IP address of the partner PacketShaper. For Device, select the device to configure on the local unit: main built-in interface upper upper LAN Expansion Module (LEM) lower lower LEM right right LEM left left LEM 6. 7. If you want the tunnel to use all of the default global tunnel settings, you can click OK to create the tunnel. Otherwise, select the appropriate setting for each option. Click OK. The static tunnel will now be listed in the Xpress Tunnels Overview. If you changed any of the default settings, the tunnel name will be italicized.

4. 5.

9-10

PacketShaper Getting Started Guide

Chapter 9: Getting Started with Xpress Compression and Acceleration

Add Hosts Since automatic host discovery is not available for enhanced tunnels in migration mode, you will need to assign hosts using the tunnel local add or tunnel remote add commands in the command-line interface. If you specified identical tunnel passwords in Step 5, you will need only to assign local hosts. If you dont assign passwords or the passwords dont match on the partner units, you will need to assign remote hosts. To configure the subnets, host ranges, and individual hosts that are local to a particular physical interface, use the following command:
tunnel local add <device> <host>|<range>|<subnet>/<cidr>|list:<hostlist>

For example:
tunnel local add main 10.0.0.0/8 192.168.0.0-192.168.0.60 192.168.10.12

Any tunnel formed on that interface will then assume that those hosts are eligible to receive traffic on that tunnel. To add remote hosts to a static Xpress tunnel, use this command:
tunnel remote add <tunnel> <host>|<range>|<subnet>/<cidr>|list:<hostlist>

For example:
tunnel remote add tunnel3 192.168.0.0-192.168.10.100

Monitor Enhanced Tunnels The Xpress tab provides a convenient way to monitor your enhanced Xpress tunnels. It lists all the enhanced tunnels that have been formed with your PacketShaper and indicates configuration information and statistics for each tunnel. To see if the enhanced tunnel you created for testing purposes is actively compressing data, click the xpress tab. The tunnel you created should be listed on the Xpress Tunnels Overview, and statistics should appear in the Outbound and Inbound columns.

PacketShaper Getting Started Guide

9-11

Chapter 9: Getting Started with Xpress Compression and Acceleration

On the partner unit, the tunnel should appear as a dynamic tunnel on its Xpress Tunnels Overview.

Step 7: Upgrade All Units to PacketWise v8.0

At this stage, you are ready to upgrade the remainder of your PacketShapers to PacketWise v8.0. If you are managing your units with PolicyCenter, you can use the image distribution feature to upgrade all units at once.

Step 8: Switch to Enhanced Tunnel Mode

Because migration mode has its limitations, the goal is to get all your units running in enhanced mode as soon as possible. 8. 9. Click the xpress tab. Click global tunnel settings. The Edit Global Tunnel Settings window appears.

10. Select Enhanced for the tunnel mode. 11. Click OK. A pop-up window explains that PacketShaper must be reset to enable the new tunnel mode. 12. Click OK. On the Xpress Tunnels Overview page, the tunnel mode setting doesnt appear to have changed, and a warning icon appears next to the mode. The new tunnel mode will not take effect until you reset the device. The warning icon will disappear after the reboot and re-login. To reset the PacketShaper: 1. 2. 3. Click the setup tab. From the Choose Setup Page list, choose unit resets. Click reset device and click OK.

After you log back in, click the xpress tab and verify that the Tunnel Mode is set to Enhanced. At this point you might want to make sure global Discovery is enabled so that enhanced tunnels can be auto-discovered. You can also enable packing and acceleration, if applicable. For more information on using enhanced mode, see the following pages.

9-12

PacketShaper Getting Started Guide

Chapter 9: Getting Started with Xpress Compression and Acceleration

Using Enhanced Tunnel Mode


In enhanced mode, Xpress tunnels are created automatically when all of the following conditions are met: Tunnel host and partner discovery is enabled. A flow is destined for a host on the other side of a PacketShaper or a flow is received from a host on the other side of an PacketShaper. The two PacketShapers are configured outside port to outside port. An Xpress-IP address is configured for each PacketShaper device (built-in or LEM) you want to use for Xpress compression, packing, or acceleration. (This configuration is required for automatic and manual tunnels.)
LAN LAN

INSIDE OUTSIDE

WAN or Internet

INSIDE

OUTSIDE

Each units OUTSIDE port connected to router

Tunnels that are auto-discovered in this manner are called dynamic tunnels. Optionally, you can manually configure an Xpress tunnel by specifying the device to configure on the local unit (such as the main interface or upper LEM) and the IP address of the partner PacketShaper. Tunnels that you manually create are called static tunnels. Dynamic Xpress tunnels can be converted to static tunnels so that the settings can be fine tuned. Because certain settings (such as manually adding remote hosts) can be configured for static tunnels only, youll need to convert the tunnel to static if you want to adjust these settings.

Enabling/Disabling Tunnel Features

As part of Xpress configuration, you need to configure the default settings for tunnel features and options. As dynamic and static tunnels are created, they will inherit these default settings. On the Global Tunnel Settings page, you can globally enable one or more of the following tunnel features: acceleration, compression, and/or packing. In addition, you can set the default options for your tunnels: firewall support, DiffServ support, automatic host and partner discovery, and MTU size. To set default settings for tunnel features: 1. 2. Click the xpress tab. The current global settings are displayed. Click global tunnel settings. The Edit Global Tunnel Settings window appears.

PacketShaper Getting Started Guide

9-13

Chapter 9: Getting Started with Xpress Compression and Acceleration

3.

Turn on/off the features you want to enable/disable globally: Feature Acceleration Description Xpress acceleration allows you to maximize bandwidth utilization, speed up application response times, accelerate the transfer of large files, and minimize the impact of other problems that are common on highlatency links (such as satellite links). (Available when acceleration is enabled) The Prefetch feature reduces the time required to download and display web pages. The Prefetch client mechanism intercepts browser connections destined to ports 80 and 8080, and attempts to match them with connections already in the process of delivering content from the remote PacketShaper. The Prefetch server mechanism operates on the PacketShaper closest to the web server; it inspects all content returning from connections to ports 80 and 8080, tries to find and prefetch any embedded objects that the browser will probably request, and will immediately start pushing that content back towards the browser-side PacketShaper. The Prefetch client and server can be enabled/disabled independently. For prefetching to work, Prefetch client support must be enabled on the PacketShaper closest to the browser machines, and Prefetch server support must be enabled on the PacketShaper closest to the web server. If there are web servers on both sides of the link and you want to provide prefetching for web connections in both directions, you can enable Prefetch client and server on both PacketShapers. Note: When Prefetch is enabled, the PacketShaper and partner must be configured with the address of at least one DNS server. If more than one DNS server is configured, the Prefetch logic will spread its requests equally among them.

Prefetch (client)

Prefetch (server)

9-14

PacketShaper Getting Started Guide

Chapter 9: Getting Started with Xpress Compression and Acceleration

Feature FastStart

Description (Available when acceleration is enabled) The FastStart feature accelerates web downloads by reducing the time needed to establish each new HTTP connection. Using FastStart, Xpress acknowledges TCP connections immediately without waiting for a connection to be established to the web server. This immediate acknowledgment allows the browser to send its HTTP GET request right away. Xpress then combines the HTTP GET request with the XTP connection request. This process delivers the HTTP request to the web server one round-trip faster. For web pages that consist of large numbers of objects, FastStart greatly improves the responsiveness of the web page display. FastStart is enabled by default. There is typically no need to disable FastStart unless you are using SCPS.

SCPS

(Available when acceleration is enabled) When SCPS (Space Communications Protocol Standards) is enabled, it becomes the transport protocol for the transmission of data over the satellite portion of the link.

Compression

Xpress compression shrinks the size of transferred traffic, effectively increasing the amount of bandwidth available on a link. When Xpress packing is enabled, multiple packets are combined into a single super packet before being sent through the Xpress tunnel. Notes: The maximum size of the super packet is determined by the MTU. Packing is most efficient and effective when dealing with small packets or packets that can be reduced in size with compression.

Packing

4.

Click ok.

Setting Global Tunnel Options

Through the global tunnel options, you can set default values for firewall support, DiffServ support, auto-discovery of hosts and tunnel partners, and MTU size. To set default settings for tunnel options: 1. 2. Click the xpress tab. The current global settings are displayed next to the global tunnel settings button. Click global tunnel settings. The Edit Global Tunnel Settings window appears.

PacketShaper Getting Started Guide

9-15

Chapter 9: Getting Started with Xpress Compression and Acceleration

3.

Set global options: Feature Firewall Description Enable firewall support if the PacketShaper will be sending or receiving tunneled traffic through a firewall. Firewall support is disabled by default. Enable DiffServ mode when using compression or packing on a DiffServ network. If an Xpress tunnel has DiffServ enabled, Xpress will inspect all packets for its DiffServ Code Point (DSCP) value. Within the tunnel, it will create a separate lane for each DSCP value. When Xpress sees packets with a DSCP different from those seen before, it will create a new lane associated with that DSCP. Any packets with that DSCP are then sent through the associated lane. Discovery Enable/disable the auto-discovery of hosts and partners on all Xpress tunnels. Set the Maximum Transmission Unit (MTU) used for packing and acceleration. The MTU defines the maximum size of the super packet its the largest datagram than can be transmitted by an IP interface (without it needing to be broken down into smaller units). Valid MTU values are 100-1500; the default is 1500. Choose auto to let the system pick the best MTU based on other shaping settings; this setting requires traffic shaping to be enabled.

DiffServ

MTU

Monitor Tunnels

To see the dynamic tunnels that the Discovery feature has created, go to the Xpress tab and look at the Xpress Tunnels Overview. Static tunnels you have manually defined, as well as dynamic tunnels you have converted to static, are also listed here. It lists all the enhanced tunnels that have been formed with your PacketShaper and indicates configuration information for each tunnel: name, functionality (Compression, Packing, Acceleration), the IP address of the Xpress partner, and whether its static or dynamic. Dynamic tunnels will have names that identify the endpoints of the tunnel: the partners IP address and the device (such as main or upper) on the local unit, for example, 172.21.18.160:Main.

9-16

PacketShaper Getting Started Guide

Chapter 9: Getting Started with Xpress Compression and Acceleration

In addition, the Xpress tab displays Inbound and Outbound statistics for each tunnel: speed before and after compression/decompression, percentage of bytes saved due to compression, and rate of accelerated traffic. If there is a problem with the tunnel, a warning icon will appear next to the tunnel name.

View the Compression Summary

The Xpress tab gives per-tunnel statistics. If you would like a report on how compression is performing overall on your link, you can display the Compression Summary report. The top of this report has a table that summarizes compression statistics for the Inbound and Outbound links. The Inbound statistics represent inbound traffic that gets decompressed by Xpress, and the Outbound statistics represent outbound traffic that Xpress compresses. This report contains a total of eight graphs four graphs for the Inbound direction and four for Outbound. The graphs compare bandwidth usage, with and without compression, so that you can quickly see the amount of compression on your link. To see a meaningful Compression Summary, wait approximately an hour after enabling compression before viewing the report. To display the compression summary: 1. 2. Click the report tab. Click compression summary. The Compression Summary report displays in the current window. Note: By default, only compressible traffic is included in the graphs and data. If you want to show all traffic (compressible and non-compressible), select the include non-compressible traffic in graphs and data checkbox. When this checkbox is selected, you may also want to select the include link size in graphs checkbox. (Link size is less meaningful when viewing only some of the traffic, as is the case when non-compressible traffic is not included.) Adjust the time period and end date, if desired.

3.

PacketShaper Getting Started Guide

9-17

Chapter 9: Getting Started with Xpress Compression and Acceleration

The top of the Compression Summary report has a table that summarizes compression statistics for the Inbound and Outbound links. Each statistic is described below: Statistic Precompression Bytes Description Outbound: For compressible outbound traffic, the number of bytes before compression has been applied Inbound: For inbound compressed traffic, the number of bytes after decompression Postcompression Bytes Outbound: For outbound traffic sent through a compression tunnel, the number of bytes after compression has been applied Inbound: For inbound compressed traffic, the number of bytes before decompression Bytes Saved The number of bytes that didnt have to traverse the link, due to compression; allows you to see how many bytes the compression feature actually saved on the link. Bytes Saved is the difference between precompression bytes and postcompression bytes. For traffic sent through a compression tunnel, the percentage of bytes saved, due to compression For traffic sent through a compression tunnel, the percentage by which virtual bandwidth is increased due to compression

% Bytes Saved

Bandwidth Multiple

Heres an example of one of the compression graphs in the Compression Summary.

9-18

PacketShaper Getting Started Guide

Chapter 9: Getting Started with Xpress Compression and Acceleration

The Compression Summary report contains the following graphs: Graph Average Rates Description Compares average bandwidth usage of compressible traffic, with and without compression. The Tunneled Postcompression Average Rate line represents usage with compression enabled, and the Tunneled Precompression Average Rate line represents what average usage would have been without compression. If you enable the include non-compressible traffic in graphs and data checkbox, the graph includes all traffic (compressed and non-compressible) and compares Postcompression Average Rate with Precompression Average Rate. Peak Rates Compares peak bandwidth usage of compressible traffic, with and without compression. The Tunneled Postcompression Peak Rate line represents usage with compression enabled and the Tunneled Precompression Peak Rate line represents what peak usage would have been without compression. If you enable the include non-compressible traffic in graphs and data checkbox, the graph includes all traffic (compressed and non-compressible) and compares Postcompression Peak Rate with Precompression Peak Rate. Compression Shows the total number of bytes recorded on the link, with and without compression. The Tunneled Postcompression Bytes line shows the number of bytes that went through a compression tunnel. The Tunneled Precompression Bytes line represents the number of bytes that would have passed through the link if compression werent enabled. The Bytes Saved line shows the number of bytes that didnt have to traverse the link, due to compression; its the difference between precompression and postcompression bytes. If you enable the include non-compressible traffic in graphs and data checkbox, the graph includes all traffic (compressed and non-compressible) and compares Postcompression Bytes with Precompression Bytes. This graph includes an additional line, Noncompressible Bytes, which shows the number of bytes that PacketWise did not attempt to compress, either because they didnt belong to a compressible service or because they were destined for a location without an Xpress partner.

PacketShaper Getting Started Guide

9-19

Chapter 9: Getting Started with Xpress Compression and Acceleration

Graph Percent Bytes Saved

Description Shows the percentage of bytes saved on the link, due to compression. The Tunneled Percent Bytes Saved value is calculated by subtracting tunneled postcompression bytes (the size after compression) from tunneled precompression bytes (the size without any compression) and dividing this difference by tunneled precompression bytes. For example, if a link would have had 700k without compression and is 400k after being compressed, the Tunneled Percent Bytes Saved would be approximately 43%: (700-400)/700. If you enable the include non-compressible traffic in graphs and data checkbox, the graph includes all traffic on the link (compressible and non-compressible). The Percent Bytes Saved value is calculated by subtracting precompression bytes (the size without any compression) and postcompression bytes (the size after compression) and dividing this difference by precompression bytes. For example, if the link in the example above had 100k of non-compressible traffic, the Percent Bytes Saved would be 38%: ((700+100)(400+100))/(700+100).

If your Compression Summary doesnt show any compression data, see Compression Problems? on page 9-21.

Display the Acceleration Summary

For an overview of how acceleration is working on your link, you can display the Traffic Acceleration Summary report. There is one graph for the Inbound direction and another for Outbound. Each graph displays bandwidth utilization of accelerated bytes that went through Xpress tunnels. A red horizontal line above the graph indicates the periods that acceleration was enabled during the time period.

9-20

PacketShaper Getting Started Guide

Chapter 9: Getting Started with Xpress Compression and Acceleration

To display the acceleration summary: 1. 2. 3. 4. Click the report tab. Click acceleration summary. The Traffic Acceleration Summary report displays in the current window. To display the link size as a horizontal green line on each graph, select the include link size in graphs checkbox and click update. Adjust the time period and end date, if desired.

Compression Problems?

If your compression reports dont show any results, check the table below for possible problems and solutions. Problem Cables are connected backwards. Solution Refer to the chapters earlier in this guide for instructions on connecting your PacketShaper to the network. If you discover that you have miscabled the unit, reconnect the cables properly, and then turn compression off and back on. Make sure compression is enabled on the PacketShaper in front of the host.

You are not sending/receiving flows to/from a host on the other side of a compression-enabled PacketShaper. Compression is not enabled on the partner unit(s).

Xpress cant compress data unless the partner unit has also turned on compression. Log in to each of the partner units and go to the xpress tab and make sure Compression is set to on. Xpress will not create tunnels or compress data for devices (main or LEM) that are not configured with Xpress-IP (XIP) settings. To configure XIP settings for each device, go to the xpress tab and open the Xpress-IP Settings page. Note: In PacketWise v8.0, the XIP cannot be the same as the management IP address. If the addresses were the same when you upgraded from 7.x, the XIP address will be cleared and compression will be disabled.

Xpress-IP settings are not configured.

PacketShaper Getting Started Guide

9-21

Chapter 9: Getting Started with Xpress Compression and Acceleration

Problem The Compression Summary shows little compression savings.

Solution Enable the checkbox include noncompressible traffic in graphs and data and click update. Look at the Non-compressible Bytes line in the Compression graph. If this line shows that non-compressible bytes are at about the same level as precompression bytes, most of the traffic on your link is not compressible. This could be because: the traffic is destined to sites without Xpress. Make a site-based traffic tree, creating classes for each of your branch offices. Look at compression reports for each class. If no traffic is being compressed to a site, its possible that there is no PacketShaper, compression is not turned on, or Xpress-IP settings havent been configured. or the applications are non-compressible. Go to the Top Ten page and make note of the top Outbound classes. Examples of noncompressible applications are streaming media and encrypted data. View Class Compression Bytes Transferred graphs for each class and enable the checkbox Include NonCompressible Traffic in Compression Graphs. If the Non-compressible Bytes line is at about the same level as the Precompression Bytes line, most of the traffic in the class is not compressible.

9-22

PacketShaper Getting Started Guide

Chapter 9: Getting Started with Xpress Compression and Acceleration

Problem Some traffic isnt getting compressed.

Solution To see the reasons why traffic isnt being compressed, you can look at the NonCompressible Traffic graph. On the Compression Summary, enable the checkbox include non-compressible traffic in graphs and data and click update. Click the Noncompressible traffic breakdown link. The Non-Compressible Traffic line graph indicates the amount of traffic that was noncompressible due to each of the following reasons: Compression Disabled Compression was not enabled (for example, a particular tunnel had compression disabled so none of the traffic in the tunnel was compressed). Traffic Policy The traffic was classified as a non-compressible service, compression was disabled for the service or class, or the traffic was broadcast or multicast. (Note: Multicast traffic wont be compressed unless the Class D addresses are added to remote and/or local host lists.) System Availability There was insufficient compression memory to tunnel the traffic or the CPU was too busy. No Tunnel for Host Hosts were restricted from using compression, partners were excluded from using compression, a tunnel partner wasnt found, or hosts were not discovered.

You applied a never-admit policy to the RSVP class.

The tunnel discovery process will not function if the RSVP class has a never-admit policy. Delete the policy.

If you are still experiencing problems with compression after trying the above solutions, use the tunnel show and tunnel compression show commands in the command-line interface. These commands provide tunnel partner status. PacketGuide provides additional troubleshooting details just search for tunnel troubleshooting.

PacketShaper Getting Started Guide

9-23

Chapter 9: Getting Started with Xpress Compression and Acceleration

Acceleration Problems?

If your acceleration report doesnt show any data being accelerated, check the table below for possible problems and solutions. Problem Cables are connected backwards. Solution Refer to the chapters earlier in this guide for instructions on connecting your PacketShaper to the network. If you discover that you have miscabled the unit, reconnect the cables properly, and then turn acceleration off and back on. Make sure acceleration is enabled on the PacketShaper in front of the host, or that a SkyX device is in front of the host.

You are not sending/receiving flows to/from a host on the other side of an acceleration-enabled PacketShaper or a SkyX device. Acceleration is not enabled on the partner unit(s).

Xpress cant accelerate data unless the partner unit has also turned on acceleration. Log in to each of the partner units and go to the xpress tab and make sure Acceleration is set to on. Xpress will not create tunnels or accelerate data for devices (main or LEM) that are not configured with Xpress-IP (XIP) settings. To configure XIP settings for each device, go to the xpress tab and open the Xpress-IP Settings page. Note: In PacketWise v8.0, the XIP cannot be the same as the management IP address. If the addresses were the same when you upgraded from 7.x, the XIP address will be cleared.

Xpress-IP settings are not configured.

A site router is configured.

Acceleration wont work if a site router is configured. Set the site router to none. The tunnel discovery process will not function if the RSVP class has a never-admit policy. Delete the policy.

You applied a never-admit policy to the RSVP class.

If you are still experiencing problems with acceleration after trying the above solutions, use the tunnel show and tunnel acceleration show commands in the command-line interface. PacketGuide provides additional troubleshooting details just search for tunnel troubleshooting.

9-24

PacketShaper Getting Started Guide

CHAPTER 10: PACKETSHAPER ISP QUICK START


Overview
PacketShaper ISP models offer bandwidth provisioning and management solutions for Internet Service Providers, educational institutions, and other bandwidth providers. For providers, it is often most effective to organize the PacketShapers traffic tree by subscriber rather than by application. A PacketShaper offers two ways to track and allocate bandwidth per subscriber: By manually creating traffic classes, one per subscriber, and then assigning partitions to each of these classes. Subscribers can be allocated different amounts of bandwidth, depending on the terms of their contract. By using the dynamic partition feature to allocate bandwidth to users as they log on to the network. With this technique, each user is allocated the same amount of bandwidth. You can use the flow detail records or host accounting features to track usage.

This chapter shows you how to configure your PacketShaper using the first method. If you want to explore the possibility of using dynamic partitions and host accounting, see PacketGuide for details. In addition, PacketGuide includes a recommendation, Provision Bandwidth Equitably, that may be of particular interest to educational institutions and service providers who want to ensure that each user gets an equal share of bandwidth.

PacketShaper Getting Started Guide

10-1

Chapter 10: PacketShaper ISP Quick Start

Using the Classification-Accelerator Cache


PacketShaper ISP models offer a caching feature that stores qualified IP address-based classes in a cache, thereby increasing the speed at which the PacketShaper classifies flows on the inside of the unit. Best performance is achieved when address-based classes are cached in the classification-accelerator cache. Caching can reduce the number of CPU cycles needed for classification by ten times, leaving more processing capability available for traffic shaping. In particular, the cache provides benefits if you have more than 750 classes in your traffic tree. To take advantage of the classification-accelerator cache: 1. Position PacketShaper ISP units so that most of the IP addresses or subnets are located on the INSIDE port (unless you change the Caching of IP address-based classes system variable to outside). See Determining Your PacketShaper ISP Deployment Strategy on page 1-10 for topology examples. For each subscriber, create an IP address-based class. (See Defining Classes for Each Subscriber on page 10-5.) Note: Using other criteria, such as specific services or ports, you can create classes that do not use the address cache. Append additional matching rules, if applicable. (See Adding Matching Rules on page 10-5.) Make sure cacheable classes are indeed being cached. (See Verifying that the IP Class Lookup Accelerator Cache is Being Used on page 10-9.)

2.

3. 4.

10-2

PacketShaper Getting Started Guide

Chapter 10: PacketShaper ISP Quick Start

Traffic Tree Configuration


A traffic tree is a hierarchical list of traffic classes. A traffic class is a logical grouping of traffic flows that share the same characteristics a specific application, protocol, address, or set of addresses. Typically, on PacketShaper ISP units, each subscriber is configured as a traffic class based on an IP address or subnet.

Direction

Note: If you want to control application performance in addition to allocating bandwidth, you can create application-based traffic classes as well. However, this quick-start chapter focuses on the creation of subscriber-based classes.

PacketShapers have a fixed number of traffic classes for example, a maximum of 5000 classes on the 9500/ISP series. Therefore, give careful consideration to whether you want PacketShaper to manage traffic in one or both directions. If inbound traffic uses an insignificant amount of bandwidth, you may not want to create classes for the inbound direction. By creating classes for only one direction, you will be able to create twice as many classes.

Organization

Before creating any classes, you should also think about how you want to organize the traffic tree. By grouping your subscriber classes into categories, you will be able to locate them more easily in the tree and create more meaningful reports and graphs. Here are a few ways you can organize your subscriber classes: by rack by subnet by subscriber plan (gold, bronze, silver) by region

For example:
Outbound Gold_Plan Brians_Bridal Florences_Flowers Gregs_Greetings Jeffs_Java Jennifers_Jellies Silver_Plan Pats_Pets Steves_Stereos Todds_Toys

In the above example, Gold_Plan and Silver_Plan are folder classes, used for organizing and logically grouping traffic classes.

Using the CommandLine Interface

Since you will be manually creating many classes and partitions, Packeteer recommends using the command-line interface (CLI) for initial configuration. To access the PacketWise CLI with a remote login utility (such as Telnet or SSH): 1. 2. Connect to the unit using its IP address for example telnet 10.10.1.100. When you connect successfully, you will be prompted for the units password. Enter the password and press Enter.

PacketShaper Getting Started Guide

10-3

Chapter 10: PacketShaper ISP Quick Start

Creating Folder Classes

The CLI command for creating a folder class is:


class new <parent_name> <name> folder

For example, to create an Inbound folder named Gold_Plan:


class new inbound Gold_Plan folder

10-4

PacketShaper Getting Started Guide

Chapter 10: PacketShaper ISP Quick Start

Defining Classes for Each Subscriber


Most often, ISPs can identify subscribers by IP address, by subnet, by VLAN, or by HTTP 1.1 host name, so configuring PacketShaper involves manually creating traffic classes, one per subscriber. PacketShaper ISP models have been optimized for these IP address-centric configurations. You will need to define a traffic class for each subscriber (either single IP address or subnet) on the inside of the PacketShaper.

Creating Classes

The CLI command for creating IP address-based classes is:


class new <parent_name> <tclass> inside <ipaddr>[/<cidr>] [:<submask>]

Examples: To create a traffic class based on a single IP address, enter the following command at the PacketShaper# command-line prompt:
class new inbound/gold_plan sample_subscriber_ip inside 192.168.1.1

Notice that the above command specifies the folder (inbound/gold_plan) in which you want the class created. To create a traffic class based on a subnet, using CIDR (Classless Inter-Domain Routing) shorthand to represent the IP network/subnet mask pair:
class new inbound/gold_plan sample_subscriber_subnet inside 192.168.2.0/24

When creating a child class of an IP address-based parent, you will probably want to use the class news nodefault parameter. For example:
class new outbound/silver_plan 216.158.145.0 nodefault inside net:216.158.145.0/19 outside host:any

With the nodefault parameter, PacketWise will not create a Default match-all class as it normally does. Be aware that match-all siblings or parents of cacheable classes can create redundancies in the tree and cause problems in the accelerator cache. (See Improving Cache Performance on page 10-9.)

Adding Matching Rules

Matching rules define the criteria PacketWise uses to identify traffic types. If a subscriber has more than one IP address or subnet range, you will need to append additional matching rules to the class. Repeat as necessary if multiple subnets or IP addresses are allocated to a single subscriber. Consider using host lists if more than two IP address ranges are assigned to a single subscriber. A host list contains a list of IP addresses, ranges of IP addresses, subnets, and DNS names. If the number of IP addresses exceeds the size of the host database, additional flows will be classified in the /Inbound/Default and /Outbound/Default classes. To avoid this, optimize the definition of matching rules so that the total number of IP addresses or subnets for all of the matching rules does not exceed the size of the host database. The host database size is listed in the online PacketGuide reference section. The CLI command for adding a matching rule to an IP address-based class is:
class rule add <tclass> inside <ipaddr>[/<cidr>] [:<submask>]

PacketShaper Getting Started Guide

10-5

Chapter 10: PacketShaper ISP Quick Start

Examples: To add a matching rule for an additional IP address to the sample_subscriber_ip traffic class:
class rule add inbound/gold_plan/sample_subscriber_ip inside 192.168.1.2

To add a matching rule for an additional subnet to the sample_subscriber_subnet class:


class rule add inbound/gold_plan/sample_subscriber_subnet inside 192.168.3.0/24

To create a host list, use the hl new command. To add hosts to an existing host list, use the hl add command. For example:
hl new mylist 192.168.4.0/24 hl add mylist 192.168.1.10-19.168.1.200 class rule add inbound/gold_plan/subscriber inside list:mylist

Adding Subscriber Comments

You can use the comment field to include additional information about each subscriber. For example, enter the following command to note that sample_subscriber_ip is a subscriber with two IP addresses:
class note inbound/gold_plan/sample_subscriber_ip "Class for subscriber with 2 IP addresses"

The note will appear in the Comment field on the Traffic Class page in the browser interface.

Adding Owners

The customer portal feature, described in detail in PacketGuide, allows you to offer customized screens of PacketWise statistics to your subscribers. If you plan to use the customer portal feature, you may want to assign an owner to each class after you create it, using the following command:
class owner <tclass> <ownername>

The <ownername> should match the login ID you plan to give the subscriber.

10-6

PacketShaper Getting Started Guide

Chapter 10: PacketShaper ISP Quick Start

Allocating Bandwidth to Subscribers


To allocate bandwidth to a subscriber, assign a partition of a specific size to its traffic class. A partition is a virtual pipe that you can create for a given traffic class. This virtual pipe reserves bandwidth for all flows of a given type such as all traffic associated with an IP address or subnet. The partition can be used either to place bandwidth utilization limits on a subscriber or to guarantee the subscriber a minimum amount of bandwidth. Some ISPs use partitions to enforce maximum bandwidth usage limits, which are similar to Frame Relays concept of EIR (Excess Information Rate) but offer no guaranteed bandwidth (such as Frame Relays concept of 0 Committed Information Rates [CIRs]). Other ISPs may design their service offerings so that each subscriber is guaranteed a minimum quantity of bandwidth, either with or without a maximum bandwidth utilization limit.

Examples

The first example below shows a partition with 0 Kbps CIR, 256 Kbps EIR. The second example shows a partition with 64 Kbps CIR, 256 Kbps EIR. To allocate a minimum of 0 bandwidth and a maximum bandwidth of 256 Kbps to the sample_subscriber_ip class:
partition apply /inbound/gold_plan/sample_subscriber_ip 0 256k

To allocate a minimum of 64 Kbps and a maximum of 256 Kbps:


partition apply /inbound/gold_plan/sample_subscriber_ip 64k 256k

For an ISP upstream link configuration, you will want to create a partition for each subscriber in the ISP network. For a web hosting configuration, you will want to create a class and a partition for the IP address of each virtual web server. If you are using HTTP 1.1 Host Name headers (multiple host names per single IP address), create the class using the HTTP Criterion option to specify the Virtual Host name. For a cable or DSL head end configuration, you will want to create a partition for each cable or DSL subscriber, based on IP addresses or subnets. These environments use DHCP (Dynamic Host Configuration Protocol), so IP address policies will be ineffective. This is a good application for dynamic partitions. (For details about dynamic partitions, see your online PacketGuide.)

Turning Shaping On

Partitions have no effect until traffic shaping is turned on. To do this in the CLI, type:
setup shaping on

Or, in the browser interface: 1. 2. 3. Click the setup tab. Turn Shaping on. Click apply changes.

PacketShaper Getting Started Guide

10-7

Chapter 10: PacketShaper ISP Quick Start

Creating a Data Entry Form


Instead of using the CLI to manually create all of your IP address-based classes and partitions, PacketWise offers a way to automate the process with a fill-in-the-blanks data entry form. An HTML form is generated from a command file that consists of CLI commands and variables. You can fill in the blanks in the HTML form, and when the data is processed, the CLI commands in the source command file will be executed. For more information on this technique, see the online PacketGuide. (In the PacketGuide navigation bar, choose Tasks > Administration > Create Forms.)

10-8

PacketShaper Getting Started Guide

Chapter 10: PacketShaper ISP Quick Start

Verifying that the IP Class Lookup Accelerator Cache is Being Used


Cacheable Classes PacketShaper ISP models follow certain criteria to determine whether a class can go into the accelerator cache. In order for a class to be considered cacheable: It must be a leaf class (that is, it cant have any children). Its parents and siblings must be either IP address-based classes or match-all classes. The class matching rules must specify outside host:any if the cache is on inside addresses (the default).

Use the class show command to determine if a class is cacheable. Cacheable classes are marked with a C flag. Cacheable classes are always address-based (marked with an a flag) and their parents are also address-based or match-all classes (marked with an m flag). Note that exception classes are not cacheable.
class show Derivation: (I)nherited (O)verride (U)nderride (L)ocal Class Flags: (A)utocreated (D)iscovering (E)xception (I)nherit (P)olicy (C)acheable Rule Types: (o)ptimized (m)atch-all (a)ddress is cacheable Class Name Inbound Localhost 10.7.38.0 SUBSCRIBER mysite.org Default Outbound Localhost 10.7.38.0 SUBSCRIBER mysite.org Default Flags Partition Name m E P /Inbound a /Inbound ma /Inbound C a /Inbound IP m /Inbound m E P /Outbound a /Outbound ma /Outbound C a /Outbound IP m /Outbound

In this example, the class mysite.org in the Inbound and Outbound direction is cacheable.

Improving Cache Performance

If a cacheable class has more than one match-all sibling or parent, it will not be treated as cacheable. You can use the flags in the output of the class show command to determine if this situation exists in your traffic tree. These flags indicate whether the class is (C)acheable, (a)ddress-based, and/or (m)atch-all. Because uncached classes can use more CPU resources to classify traffic, you can improve performance by making all qualified address-based leaf classes cacheable. One way to do this is to remove a redundant match-all class near the uncached class, such as removing a Default bucket that is a sibling of the uncached class(es) or a sibling of the parent of the uncached class(es). In the example below, you can make the mysite.org class cacheable by removing the Default class that is mysite.orgs sibling.
Class Name . . . SUBSCRIBER mysite.org Default Flags Partition Name

ma /Inbound a /Inbound m /Inbound

PacketShaper Getting Started Guide

10-9

Chapter 10: PacketShaper ISP Quick Start

Advanced Features
PacketShapers also have advanced tuning and reporting features, such as policies for guaranteeing per-flow Quality of Service, subscriber usage reports, and automatic event notification. For information on these and other advanced features, see the online PacketGuide (click the packetguide button in the browser interface).

10-10

PacketShaper Getting Started Guide

APPENDIX A: PRODUCT SPECIFICATIONS


PacketShaper 10000 Specifications
Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 3.50 in. (8.89 cm) Width: 17.31 in. (43.97 cm) Depth: 20.25 in. (51.43 cm) including handles Weight Network Ports per NIC 33 lbs. (14.97 kg) Two gigabit Ethernet ports: 1000Base-T, 100Base-T, or 10Base-T or Two gigabit fiber-optic ports with small form-factor pluggable (SFP) transceivers: 1000Base-SX or 1000Base-LX Two (each slot can accommodate one LAN Expansion Module) RS-232 (AT-compatible) serial port with male DB-9 connector If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper, or the unit has the site router address set to none Network LEDs Fault LED Power Supply Green flicker for network activity Illuminated when the PacketShaper is in safe or corrupted mode Rating: 100/240 VAC, 50/60 Hz, 6A Typical power consumption: 235 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) ambient 0% to 95% non-condensing 0 to 10,000 ft. operating

Expansion Slots Serial Port Status LED

Environmental (Operating) Managed Link Speed

Multiple configurations are offered; supports links up to 1 Gbps full duplex. Software configuration determines maximum shaping capacity.

Warning Attention Warnung

Class 1 laser product. Produit laser de classe 1 Laserprodukt der Klasse 1.

PacketShaper Getting Started Guide

A-1

Appendix A: Product Specifications

PacketShaper 9500 Specifications


Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 3.50 in. (8.89 cm) Width: 17.31 in. (43.97 cm) Depth: 19.25 in. (48.90 cm) including handles Weight Network Ports per NIC 27 lbs. (12.25 kg) Two gigabit Ethernet ports: 1000Base-T, 100Base-T, or 10Base-T or Two gigabit fiber-optic ports with small form-factor pluggable (SFP) transceivers: 1000Base-SX or 1000Base-LX Two (each slot can accommodate one LAN Expansion Module) RS-232 (AT-compatible) serial port with male DB-9 connector If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper, or the unit has the site router address set to none Network LEDs Fault LED Power Supply Green flicker for network activity Illuminated when the PacketShaper is in safe or corrupted mode Rating: 100/240 VAC, 50/60 Hz, 6A Typical power consumption: 199 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) ambient 0% to 95% non-condensing 0 to 10,000 ft. operating

Expansion Slots Serial Port Status LED

Environmental (Operating) Managed Link Speed

Multiple configurations are offered; supports links up to 200 Mbps full duplex. Software configuration determines maximum shaping capacity.

Warning Attention Warnung

Class 1 laser product. Produit laser de classe 1 Laserprodukt der Klasse 1.

A-2

PacketShaper Getting Started Guide

Appendix A: Product Specifications

PacketShaper 7500 Specifications


Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 3.50 in. (8.89 cm) Width: 17.35 in. (44.07 cm) Depth: 16 in. (40.64 cm) Weight Expansion Slots Network Ports per NIC Management Port Serial Port USB Ports Status LED 20.48 lbs. (9.29 kg) Two (each slot can accommodate one LAN Expansion Module) Two gigabit Ethernet ports: 1000Base-T, 100Base-T, or 10Base-T

One gigabit Ethernet port RS-232 (AT-compatible) serial port with male DB-9 connector Two (reserved for future use) If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none

Network LEDs Fault LED Power Supply

Green flicker for network activity Illuminated when in safe or corrupted mode Rating: AC 100-240 V, 50/60 Hz, 2.5 A Typical power consumption: 48 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating

Environmental (Operating) Managed Link Speed

Multiple configurations are offered; supports links up to 200 Mbps full duplex. Software configuration determines maximum shaping capacity.

Warning Attention Warnung

Class 1 laser product. Produit laser de classe 1 Laserprodukt der Klasse 1.

PacketShaper Getting Started Guide

A-3

Appendix A: Product Specifications

PacketShaper 6500 Specifications


Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 3.50 in. (8.89 cm) Width: 17.00 in. (43.18 cm) Depth: 15.25 in. (38.74 cm) including handles Weight Network Ports per NIC Expansion Slots Serial Port Status LED 17 lbs. (7.71 kg) Two Ethernet ports: 10BaseT or 100BaseT

Two (each slot can accommodate one LAN Expansion Module) RS-232 (AT-compatible) serial port with male DB-9 connector If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none

Network LEDs Fault LED Power Supply

Green flicker for network activity Illuminated when in safe or corrupted mode Rating: 100/240 VAC, 50/60 Hz, 2A Typical power consumption: 30 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating

Environmental (Operating) Managed Link Speed

Multiple configurations are offered; supports links up to 100 Mbps full duplex. Software configuration determines maximum shaping capacity.

Warning Attention Warnung

Class 1 laser product. Produit laser de classe 1 Laserprodukt der Klasse 1.

A-4

PacketShaper Getting Started Guide

Appendix A: Product Specifications

PacketShaper 3500 Specifications


Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 3.50 in. (8.89 cm) Width:17.35 in. (44.07 cm) Depth: 16 in. (40.64 cm) Weight Expansion Slots Network Ports per NIC Management Port Serial Port USB Ports Status LED 18.04 lbs. (8.18 kg) Two (each slot can accommodate one LAN Expansion Module) Two gigabit Ethernet ports: 1000Base-T, 100Base-T, or 10Base-T

One gigabit Ethernet port RS-232 (AT-compatible) serial port with male DB-9 connector Two (reserved for future use) If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none

Network LEDs Fault LED Power Supply

Green flicker for network activity Illuminated when in safe or corrupted mode Rating: AC 100-240 V, 50/60 Hz, 2.5 A Typical power consumption: 48 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating

Environmental (Operating) Managed Link Speed

Multiple configurations are offered; supports links up to 45 Mbps full duplex. Software configuration determines maximum shaping capacity.

Warning Attention Warnung

Class 1 laser product. Produit laser de classe 1 Laserprodukt der Klasse 1.

PacketShaper Getting Started Guide

A-5

Appendix A: Product Specifications

PacketShaper 2500 Specifications


Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 3.50 in. (8.89 cm) Width: 17.00 in. (43.18 cm) Depth: 14.00 in. (35.56 cm) Weight Network Ports per NIC Expansion Slots Serial Port Status LED 16 lbs. (7.36 kg) Two Ethernet ports: 10BaseT or 100BaseT

Two (each slot can accommodate one LAN Expansion Module) RS-232 (AT-compatible) serial port with male DB-9 connector If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none

Network LEDs Fault LED Power Supply

Green flicker for network activity Illuminated when in safe or corrupted mode Rating: 100/240 VAC, 50/60 Hz, 2A Typical power consumption: 30 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating

Environmental (Operating)

Managed Link Speed

Multiple configurations are offered; supports links up to 10 Mbps full duplex. Software configuration determines maximum shaping capacity.

Warning Attention Warnung

Class 1 laser product. Produit laser de classe 1 Laserprodukt der Klasse 1.

A-6

PacketShaper Getting Started Guide

Appendix A: Product Specifications

PacketShaper 1700 Specifications


Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 1.75 in. (4.45 cm) Width: 17.00 in. (43.18 cm) Depth: 14.00 in. (35.56 cm) Weight Network Ports Management Port Serial Port 14.00 lbs. (6.35 kg) Two Ethernet ports: 10BaseT or 100BaseT One gigabit Ethernet port RS-232 (AT-compatible) serial port with male DB-9 connector Two (reserved for future use) If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none Network LEDs Power Supply Green flicker for network activity Rating AC 100-240 V, 50/60 Hz, 2.5 A Typical power consumption: 48 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating

USB Ports Status LED

Environmental (Operating)

Managed Link Speed

Multiple configurations are offered; supports links up to 45 Mbps full duplex. Software configuration determines maximum shaping capacity.

PacketShaper Getting Started Guide

A-7

Appendix A: Product Specifications

PacketShaper 1550 Specifications


Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 1.75 in. (4.45 cm) Width: 17.00 in. (43.18 cm) Depth: 14.00 in. (35.56 cm) Weight Network Ports Serial Port 11 lbs. (4.99 kg) Two Ethernet ports: 10BaseT or 100BaseT RS-232 (AT-compatible) serial port with male DB-9 connector If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none Network LEDs Power Supply Green flicker for network activity Rating: 100/240 VAC, 50/60 Hz, 2A Typical power consumption: 18 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating

Status LED

Environmental (Operating)

Managed Link Speed

Multiple configurations are offered; supports links up to 2 Mbps full duplex. Software configuration determines maximum shaping capacity.

A-8

PacketShaper Getting Started Guide

Appendix A: Product Specifications

PacketShaper 1200 Specifications


Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 1.75 in. (4.45 cm) Width: 17.00 in. (43.18 cm) Depth: 14.00 in. (35.56 cm) Weight Network Ports Serial Port 11 lbs. (4.99 kg) Two Ethernet ports: 10BaseT or 100BaseT RS-232 (AT-compatible) serial port with male DB-9 connector If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none Network LEDs Power Supply Green flicker for network activity Rating: 100/240 VAC, 50/60 Hz, 2A Typical power consumption: 18 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating

Status LED

Environmental (Operating)

Managed Link Speed

Multiple configurations are offered; supports links up to 2 Mbps full duplex. Software configuration determines maximum shaping capacity.

PacketShaper Getting Started Guide

A-9

Appendix A: Product Specifications

A-10

PacketShaper Getting Started Guide

APPENDIX B: PINOUT DESCRIPTIONS


Console Port Pinout Description
The PacketShapers CONSOLE port is a standard DB-9 male connection, operating at 9600 baud, 8 bits, no parity, 1 stop bit:
.

Pin 1 2 3 4 5 6 7 8 9

Name DCD -Data Carrier Detect RXD - Received Data TXD - Transmitted Data DTR - Data Terminal Ready GND - Signal Ground DSR - Data Set Ready RTS - Request To Send CTS - Clear To Send RI - Ring Indicator

Function Indicates there is a valid connection to another serial device Indicates incoming data (from the terminal to the PacketShaper) Indicates outgoing data (from the PacketShaper to the terminal) Indicates the terminal (the PacketShaper) is ready Signal return for all signal lines Indicates that the terminal is ready to receive data from the PacketShaper Tells the terminal that the PacketShaper wants to send data Indicates the terminal is ready to receive data from the PacketShaper Not used by the PacketShaper

A lap link serial cable has the following configuration: DCD RXD TXD DTR GND DSR RTS CTS RI DCD RXD TXD DTR GND DSR RTS CTS RI

PacketShaper Getting Started Guide

B-1

Appendix B: Pinout Descriptions

B-2

PacketShaper Getting Started Guide

APPENDIX C: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 1700


Two of the components on the PacketShaper 1700 are field replaceable: Power supply Cooling unit

This appendix describes how to replace each of these components in case of failure.

Power Supply
The power supply module on a PacketShaper 1700 is field replaceable. 1. 2. Turn off the power supply and disconnect its power cord. To remove a defective power supply, loosen the two captive thumb screws as shown below. You may need a Phillips-head screwdriver.

Power supply screws

3.

Pull out and remove the power supply, as shown below.

4. 5. 6. 7.

Make sure the replacement power supply is turned off and unplugged. Insert the new power supply module. Tighten the two screws on the power supply. Reconnect the power cord, and turn on the power supply.

PacketShaper Getting Started Guide

C-1

Appendix C: Field-Replaceable Components: PacketShaper 1700

Field-Replaceable Cooling Unit


PacketShaper 1700 units have a field-replaceable, hot-swappable cooling unit. If you have configured PacketWise to send SNMP traps, a trap will be sent automatically if the fan fails. Packeteer recommends that you power down the PacketShaper after a fan failure, in order to avoid damage to the unit. Before removing the cooling unit, make sure you have the replacement unit on hand. If you are hot-swapping a cooling unit as part of scheduled maintenance, the new cooling unit should be installed within a minute of removing the old one, to prevent overheating of system components.

Remove Rear Door

The cooling unit is located behind a door on the back of the unit. 1. 2. 3. Turn off the PacketShaper by flipping the power switch on the power supply. Disconnect the power cord. Loosen the captive screw on the door on the back of the unit, using a screwdriver.

Back panel screw

4.

The rear door is hinged on the left side. To remove the door, swing the door open slightly and pull to the right. Set the door aside.

Remove System Cooling Unit

To remove the system cooling unit: 5. Loosen the captive thumb screw on the cooling unit.
VIDEO

Cooling unit screw

C-2

PacketShaper Getting Started Guide

Appendix C: Field-Replaceable Components: PacketShaper 1700

6.

Grasp the handle on the cooling unit and pull out the unit as shown below; no wires need to be disconnected.

Handle

Install New System Cooling Unit

To install the new system cooling unit: 1. 2. Slide in the new cooling unit and tighten the captive screw. To replace the rear door, slide the tab on the left side of the door into the slot and push the door in place.

3.

Tighten the screw.

PacketShaper Getting Started Guide

C-3

Appendix C: Field-Replaceable Components: PacketShaper 1700

C-4

PacketShaper Getting Started Guide

APPENDIX D: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 3500, 7500


Several of the components on the PacketShaper 3500 and 7500 are field replaceable: Power supplies Hard drive Cooling units

This appendix describes how to replace each of these components in case of failure.

Power Supplies
PacketShaper 3500 and 7500 units have removable power supplies. PacketShaper 3500 units have one power supply module and PacketShaper 7500 units have two hot-swappable power supplies that is, they can be replaced while a unit has power and is operating. 1. 2. Turn off the power supply to be removed and disconnect its power cable. To remove a defective power supply, loosen the two captive thumb screws as shown below. You may need a Phillips-head screwdriver.

power supply screws

3.

Pull out and remove the power supply, as shown below.

When you remove one of the two power supplies on the PacketShaper 7500, you will see a message in the LCD window that says Power 1 Failed or Power 2 Failed. This will not interrupt operation because there are two power supplies. If you remove both power supplies, the unit will fail. 4. 5. 6. 7. Make sure the replacement power supply is turned off. Insert the new power supply module. Tighten the two screws on the power supply. Turn on the power supply. After a moment, the Power failed message on the LCD window will disappear.

PacketShaper Getting Started Guide

D-1

Appendix D: Field-Replaceable Components: PacketShaper 3500, 7500

Field-Replaceable Hard Drive


PacketShaper models 3500 and 7500 have a field-replaceable hard drive; replacement drives can be ordered from Packeteer. Before removing the drive, make sure you have the replacement drive on hand. You will need to power down the unit, but drive removal and installation can be done in just a few minutes.

Remove Rear Door

Note: After the hard drive is replaced, the measurement engine will reset and all measurement data will be cleared.

1. 2. 3.

The hard drive is located behind a door on the back of the unit. Warning: The hard drive is NOT hot swappable. You must turn off and unplug the PacketShaper before removing the hard drive.

Turn off the PacketShaper by flipping the power switch on both power supplies. Disconnect the power cords. Loosen the captive thumb screw on the door on the back of the unit, using a screwdriver.

Back panel screw

4.

The rear door is hinged on the right side. To remove the door, swing the door open slightly and pull to the left. Set the door aside.

D-2

PacketShaper Getting Started Guide

Appendix D: Field-Replaceable Components: PacketShaper 3500, 7500

Remove Hard Drive

To remove the hard drive: 1. Loosen the captive thumb screw on the hard drive.

Hard drive screw

2.

To remove the drive, pull the drive tray out; no wires need to be disconnected.

PacketShaper Getting Started Guide

D-3

Appendix D: Field-Replaceable Components: PacketShaper 3500, 7500

Install Hard Drive

To install the new drive: 1. 2. Slide the new drive tray in the drive slot and tighten the captive screw. To replace the rear door, slide the tabs on the right side into their respective holes and push the door in place.

3. 4. 5.

Tighten the screw. Reconnect the power cords. Turn on the PacketShaper by flipping the power switch on each power supply.

D-4

PacketShaper Getting Started Guide

Appendix D: Field-Replaceable Components: PacketShaper 3500, 7500

Field-Replaceable Cooling Units


PacketShaper 3500 and 7500 units have field-replaceable, hot-swappable cooling units. All units have a system cooling unit. On the PacketShaper 7500, an additional cooling unit is installed next to the power supplies. If you have configured PacketWise to send SNMP traps, a trap will be sent automatically if either of the fans fail. Packeteer recommends that you power down the PacketShaper after a fan failure, in order to avoid damage to the unit. Before removing the cooling unit, make sure you have the replacement unit on hand. If you are hot-swapping a cooling unit as part of scheduled maintenance, the new cooling unit should be installed within a minute of removing the old one, to prevent overheating of system components.

Remove System Cooling Unit

To remove the system cooling unit: 1. 2. The system cooling unit is located behind a door on the back of the PacketShaper. See Remove Rear Door on page D-2. Loosen the captive thumb screw on the cooling unit.

Cooling unit screw

3.

Grasp the handle on the cooling unit and pull out the unit as shown below; no wires need to be disconnected.

Handle

PacketShaper Getting Started Guide

D-5

Appendix D: Field-Replaceable Components: PacketShaper 3500, 7500

Install New System Cooling Unit

To install the new system cooling unit: 1. 2. Slide in the new cooling unit and tighten the captive screw. To replace the rear door, slide the tabs on the right side of the door into their respective holes and push the door in place.

3.

Tighten the screw.

Replace Power Supply Cooling Unit

On the PacketShaper 7500, a second cooling unit is installed next to the power supplies. To replace the power supply cooling unit: 1. Loosen the captive thumb screw on the power supply cooling unit.

cooling unit screw

2. 3. 4.

Pull the power supply cooling unit out of the chassis. Insert the replacement cooling unit. Tighten the screw.

D-6

PacketShaper Getting Started Guide

APPENDIX E: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 9500, 10000


Some of the components on PacketShaper models 9500 and 10000 are field replaceable: Power supplies on the PacketShaper 9500 and 10000 Hard drive on the PacketShaper 10000 Cooling unit on the PacketShaper 10000

This appendix describes how to replace each of these components in case of failure.

Hot-Swappable Power Supplies


PacketShaper models 9500 and 10000 have dual removable power supplies. These power supplies can be hot swapped that is, replaced while a unit has power and is operating. The RoHS-compliant PacketShaper 10000 Revision G uses a new power supply that is not compatible with older PacketShaper 9500 and 10000 models. The two power supplies on the PacketShaper 10000 Revision G are stacked vertically, while the power supplies on older PacketShaper 10000 models and all PacketShaper 9500 models are installed side-byside. Choose the procedure appropriate for the model and revision of your PacketShaper: Replacing the Power Supply on a PacketShaper 10000 Revision G on page E-1 Replacing the Power Supply on a PacketShaper 9500 or 10000 on page E-3

Replacing the Power Supply on a PacketShaper 10000 Revision G Each power supply module for the PacketShaper 10000 Revision G features an LED to the left of the locking screw. If the LED is green, the power supply is operating normally. If the LED is off, the power supply is not operational.

Warning: The external temperature of the power supply module can range between 50 to 60 degrees Celsius (122 to 140 degrees Farenheit). To protect your hands from burns, Packeteer recommends that you wear insulating gloves when removing the power supply from a powered unit.

PacketShaper Getting Started Guide

E-1

Appendix E: Field-Replaceable Components: PacketShaper 9500, 10000

1.

Turn the locking screw counter-clockwise to loosen, and then pull the locking lever to the left to release the power supply from its bracket.

2.

While continuing to pull the locking lever to the left, grasping the handle and pull out and remove the power supply, as shown below.

When you remove either one of the power supplies, you will see a message in the LCD window that says Power 1 Failed. This will not interrupt operation because there are two power supplies. If you remove both power supplies, the unit will fail. 3. 4. Insert the new power supply until the locking tab clicks into place. Tighten the locking screw.

E-2

PacketShaper Getting Started Guide

Appendix E: Field-Replaceable Components: PacketShaper 9500, 10000

Replacing the Power Supply on a PacketShaper 9500 or 10000 1. Remove the two screws on the security plate.

2.

Pull out and remove the power supply, as shown below.

When you remove either one of the power supplies, you will see a message in the LCD window that says Power 1 Failed. This will not interrupt operation because there are two power supplies. If you remove both power supplies, the unit will fail. 3. 4. Insert the new power supply. Screw the security plate back into position.

PacketShaper Getting Started Guide

E-3

Appendix E: Field-Replaceable Components: PacketShaper 9500, 10000

Field-Replaceable Hard Drive (10000)


The PacketShaper 10000 has a field-replaceable hard drive; replacement drives can be ordered from Packeteer. Although the PacketShaper 10000 has slots for two hard drives, only one slot is used. Before removing the drive, make sure you have the replacement drive on hand. You will need to power down the unit, but drive removal and installation can be done in just a few minutes.

Remove Rear Door

Note: After the hard drive is replaced, the measurement engine will reset and all measurement data will be cleared.

1. 2. 3.

The hard drive is located behind a door on the back of the unit. Warning: The hard drive is NOT hot swappable. You must turn off and unplug the PacketShaper before removing the hard drive.

Turn off the PacketShaper by holding down the power switch for about five seconds, until the unit powers off. Disconnect both power cords. Loosen the screw on the door on the back of the unit, using a screwdriver.

back panel screw

4.

The rear door is hinged on the right side. To remove the door, swing the door open slightly and pull to the left. Set the door aside.

E-4

PacketShaper Getting Started Guide

Appendix E: Field-Replaceable Components: PacketShaper 9500, 10000

Remove Hard Drive

The hard drive is installed in the lower slot. To remove the hard drive: 1. Loosen the captive screw on the hard drive.

hard drive screws

2.

To remove the drive, pull the drive tray out; no wires need to be disconnected.

PacketShaper Getting Started Guide

E-5

Appendix E: Field-Replaceable Components: PacketShaper 9500, 10000

Install Hard Drive

To install the new drive: 1. 2. Slide the new drive tray in the lower drive slot and tighten the captive screw. To replace the rear door, slide the posts on the right side into their respective holes and push the door in place.

3. 4. 5.

Tighten the screw. Reconnect the power cords. Turn on the PacketShaper by pressing the power switch momentarily. (If you press the switch too long, it will not power up. If this happens, just press the switch again.)

E-6

PacketShaper Getting Started Guide

Appendix E: Field-Replaceable Components: PacketShaper 9500, 10000

Field-Replaceable Cooling Unit (10000)


The PacketShaper 10000 has a field-replaceable cooling unit. The assembly contains two sets of in-series fan pairs; if one fan fails in a series pair, the other fan has sufficient cooling capacity under normal environmental conditions. If you have configured PacketWise to send SNMP traps, a trap will be sent automatically if any of the fans fail. Packeteer recommends that you replace the cooling unit as quickly as possible after a fan failure. Before removing the cooling unit, make sure you have the replacement unit on hand. You will need to power down the PacketShaper, but fan removal and installation can be done in just a few minutes.

Remove Cooling Unit

1. 2. 3. 4.

To remove the cooling unit: Warning: The cooling unit is NOT hot swappable. You must turn off and unplug the PacketShaper before removing the cooling unit.

Turn off the PacketShaper by holding down the power switch for about five seconds, until the unit powers off. Disconnect both power cords. The cooling unit is located behind a door on the back of the PacketShaper. See Remove Rear Door on page E-4. Loosen the captive screw on the cooling unit.

cooling unit screw

5.

Grasp the handle on the left side of the cooling unit and pull out the unit as shown below; no wires need to be disconnected.

handle

PacketShaper Getting Started Guide

E-7

Appendix E: Field-Replaceable Components: PacketShaper 9500, 10000

Install New Cooling Unit

To install the new cooling unit: 1. 2. Slide in the new cooling unit and tighten the captive screw. To replace the rear door, slide the posts on the right side of the door into their respective holes and push the door in place.

3. 4. 5.

Tighten the screw. Reconnect the power cords. Turn on the PacketShaper by pressing the power switch momentarily. (If you press the switch too long, it will not power up. If this happens, just press the switch again.)

E-8

PacketShaper Getting Started Guide

APPENDIX F: SAFETY AND REGULATORY INFORMATION


Safety Warnings
SAFETY ELECTRICAL NOTICES WARNING: ELECTRIC SHOCK HAZARD To prevent ELECTRIC shock, do not remove cover. This unit contains HAZARDOUS VOLTAGES and should only be opened by a trained and qualified technician. To avoid the possibility of ELECTRIC SHOCK, disconnect electric power to the product before connecting or disconnecting the LAN cables. LIGHTNING DANGER DANGER: DO NOT WORK on equipment or CABLES during periods of LIGHTNING ACTIVITY. CAUTION: POWER CORD IS USED AS THE MAIN DISCONNECT DEVICE. Ensure that the socket outlet is located/installed near the equipment and is easily accessible. CAUTION: THIS UNIT MAY HAVE MORE THAN ONE POWER SUPPLY CORD. Disconnect all power supply cords before servicing, to avoid electric shock. INSTALLATION ELECTRICALTYPE CLASS 1 EQUIPMENT THIS EQUIPMENT MUST BE GROUNDED. Power plug must be connected to a properly wired earth ground socket outlet. An improperly wired socket outlet could place hazardous voltages on accessible metal parts. CAUTION: Danger of explosion if battery is replaced with incorrect type. Replace only with the same type recommended by the manufacturer. Dispose of used batteries according to the manufacturers instructions. MOUNTING INSTRUCTIONS CAUTION: Air vents must not be blocked and must have free access to the room ambient air for cooling. CAUTION: MECHANICAL LOADINGMounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven loading. CAUTION: PacketShaper models 1200 and 1550 have no operator-serviceable parts inside. Refer service issues to the manufacturer or a factory-authorized service center. When operating the unit in an equipment rack, ensure that: The ambient temperature around the unit (which may be higher than the room temperature) is within the limit specified for the unit There is sufficient airflow around the unit Electrical circuits are not overloaded consider the nameplate rating of all the connected equipment, and make sure you have over current protection. The equipment is properly grounded No objects are placed on top of the unit

PacketShaper Getting Started Guide

F-1

Appendix F: Safety and Regulatory Information

Operating Temperature This product is designed for an ambient temperature of 32 to 104F (0 to 40C). All Countries: Install product in accordance with local and national electrical codes. CAUTION: RISK OF ELECTRIC SHOCK. An improperly wired socket outlet could place hazardous voltages on accessible metal parts. ENERGIE RAYONNEE Ce matriel a t test et est certifi conforme la rglementation amricaine aux normes dfinies pour les appareils. SECURITE INFORMATIONS SUR LELECTRICITE ADVERTISSEMENT: DANGER DELECTROCUTION Pour empcher les dangers dELECTROCUTION, ne pas enlever le couvercle. Lquipement ne contient aucun lment rparable par lutilisateur. Cet appareil comprend des TENSIONS DANGEREUSES et ne doit tre ouvert que par un technicien dment qualifi. Pour viter tout risque dELECTROCUTION, dbrancher lappareil de la prise de courant avant de connecter ou de dconnecter les cables LAN. DANGER DE FOUDRE DANGER: NE PAS MANIER lquipement ou les CABLES pendant les priodes dactivit orageuse. ATTENTION: CET APPAREIL COMPORTE PLUS DUN CORDON DALIMENTATION. Rafin de prvenir les chocs lectriques, debrancher les deux cordons dalimentation avant de faire le dpannage. ATTENTION: Le cordon dalimentation est utilis comme interrupteur gnral. La prise de courant doit tre situe ou installe proximit du matriel et tre facile daccs. INSTALLATION ELECTRICITEEQUIPEMENT DE CLASSE 1 CET APPAREIL DOIT ETRE MIS A LA TERRE. La prise de courant doit tre branche dans une prise femelle correctement mise la terre. Sinon, des tensions dangereuses risqueraient datteindre les pices mtalliques accessibles lutilisateur. ATTENTION: Pour ce qui est de la protection contre les courts-circuits (surtension), ce produit dpend de linstallation lectrique du local. Vrifier quon fusible ou quun disjoncteur de 15A/250V est utilis sur les circuits de CC. ATTENTION: Il y a danger dexplosion sil y a remplacement incorrect de la batterie. Remplacer uniquement avec une batterie du mme type ou dun type quivalent recommand par le constructeur. Mettre au rebut les batteries usages conformment aux instructions du fabricant. INSTRUCTIONS DE MONTAGE ATTENTION: Ne pas bloquer les fentes daration, ce qui empcherait lair ambiant de circuler librement pour le refroidissement. ATTENTION: REPARTITION DE LA CHARGE MECANIQUE Le montage des appareils dans le bti doit tre effectu de telle manire que la rpartition de la charge mcanique ne pose aucun danger. Temperature de Fonctionnement Ce produit est capable de tolrer une temprature ambiante 0 40C.

F-2

PacketShaper Getting Started Guide

Appendix F: Safety and Regulatory Information

Pour tous pays: Installer le produit conformment aux normes lectriques nationales et locales.

Zur sicheren Trennung des Gerates vom Netz ist der Netzstecker zu ziehen. Vergewissern Sie sich, das die Steckdose leicht zuganglich ist. Achtung. Explosionsgefahr wenn die Battery in umgekehrter Polaritt eingesetzt wird. Nur mit einem gleichen oder hnlichen, vom Hersteller empfohlenen Typ, ersetzen. Verbrauchte Batterien mssen per den Instructionen des Herstellers verwertet werden.

Warning:

This product relies on the buildings installation for short-circuit (over current) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15 A U.S. (240 VAC, 10 A international) is used on the phase conductors (all current-carrying conductors). Pour ce qui est de la protection contre les courtscircuits (surtension), ce produit dpend de linstallation lectrique du local. Vrifier quun fusible ou quun disjoncteur de 120 V alt., 15 A U.S. maximum (240 V alt., 10 A international) est utilis sur les conducteurs de phase (conducteurs de charge). Dieses Produkt ist darauf angewiesen, da im Gebude ein Kurzschlu- bzw. berstromschutz installiert ist. Stellen Sie sicher, da eine Sicherung oder ein Unterbrecher von nicht mehr als 240 V Wechselstrom, 10 A (bzw. in den USA 120 V Wechselstrom, 15 A) an den Phasenleitern (allen stromfhrenden Leitern) verwendet wird.

Attention:

Warnung:

Warning:

The plug-socket combination must be accessible at all times, because it serves as the main disconnecting device. La combinaison de prise de courant doit tre accessible tout moment parce quelle fait office de systme principal de dconnexion. Vor dem Anschlieen des Systems an die Stromquelle die Installationsanweisungen lesen.

Attention:

Warnung:

Warning:

The unit has more than one power supply connection; all connections must be removed to remove all power from the unit. Cette unit est quipe de plusieurs raccordements dalimentation. Pour supprimer tout courant lectrique de lunit, tous les cordons dalimentation doivent tre dbranchs.

Attention:

PacketShaper Getting Started Guide

F-3

Appendix F: Safety and Regulatory Information

Warnung:

Diese Einheit verfgt ber mehr als einen Stromanschlu; um Strom gnzlich von der Einheit fernzuhalten, mssen alle Stromzufuhren abgetrennt sein.

Warning: To prevent bodily injury when mounting or servicing this unit in a rack, you must take special precautions to ensure that the system remains stable. The following guidelines are provided to ensure your safety:

unit should be mounted at the bottom of the rack if it is the only unit in the rack. When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the heaviest component at the bottom of the rack. If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the unit in the rack.

This

Attention: Pour viter toute blessure corporelle pendant les operations de montage ou de rparation de cette unit en casier, il convient de prendre des prcautions spciales afin de maintenir la stabilit du systme. Les directives ci-dessous sont destines assurer la protection du personnel: Si cette unit constitue la seule unit monte en casier, elle doit tre place dans le bas. Si cette unit est monte dans un casier partiellement rempli, charger le casier de bas en haut en plaant llment le plus lourd dans le bas. Si le casier est quip de dispositifs stabilisateurs, installer les stabilisateurs avant de monter ou de rparer lunit en casier.

Warnung: Zur Vermeidung von Krperverletzung beim Anbringen oder Warten dieser Einheit in einem Gestell mssen Sie besondere Vorkehrungen treffen, um sicherzustellen, da das System stabil bleibt. Die folgenden Richtlinien sollen zur Gewhrleistung Ihrer Sicherheit dienen: Wenn diese Einheit die einzige im Gestell ist, sollte sie unten im Gestell angebracht werden. Bei Anbringung dieser Einheit in einem zum Teil gefllten Gestell ist das Gestell von unten nach oben zu laden, wobei das schwerste Bauteil unten im Gestell anzubringen ist. Wird das Gestell mit Stabilisierungszubehr geliefert, sind zuerst die Stabilisatoren zu installieren, bevor Sie die Einheit im Gestell anbringen oder sie warten.

F-4

PacketShaper Getting Started Guide

Appendix F: Safety and Regulatory Information

Electro-Magnetic Interference/Compatibility and Safety Compliance


Overview The EMI/EMC emissions and safety compliance information for Packeteer products is listed below.

Products 1200 1550 1700 2500 3500 6500 7500 9500 10000

EMI/EMC Standards AS/NZS 3548 Class A AS/NZS 4252.1 ICES-003, Class A EMC Directive 89/336/EEC EMC Directive 73/23/EEC EMC Directive 93/68/EEC EN 55022:1998 Class A EN 61000-3-2:1995_A1(98) +A2(98), & prA14(00) EN 61000-3-3:1995 EN 55024:1998 VCCI:2002, Class A KN55022 Class A KN6100-4-2,3,4,5,6,8,11 GOST-R 60950-2002 GOST-R 51318.22-99, .24-99 FCC 47 CFR part 15, subpart B, Class A CNS 13438 Class A

Safety Standards IEC 60950-1 EN 60950-1+A11 UL 60950-1: 03 CAN/CSA C22.2 No. 60950-1: 03 EN 60825-1,-2 Class I Laser

United States FCC Statement

This product has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This product generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning this equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Change the direction of the radio or TV antenna. To the extent possible, relocate the radio, TV, or other receiver away from the product. Plug the product into a different electrical outlet so that the product and the receiver are on different branch circuits.

If these suggestions dont help, consult your dealer or an experienced radio/TV repair technician for more suggestions.

PacketShaper Getting Started Guide

F-5

Appendix F: Safety and Regulatory Information

NOTE: This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.

CAUTION: Any modification to the equipment not expressly approved by Packeteer could void your authority to operate the equipment.
European Union (CE) Statement This product is in conformity with the essential requirements of EU directives, specifically EU Directives 89/336/EEC, 73/23/EEC and 93/68/EEC, by applying the following standards EN55022: 1998, EN55024:1998, EN61000-3-2: 2001, EN61000-3-3: 1995 plusA1: 2001,EN60950-1: 2001 CLASS 1 LASER PRODUCT (except for PacketShaper 1200 and 1550 models) The Declaration of Conformity is available on the Internet at: http://support.packeteer.com/documentation/conformity/declaration.pdf

European Union CISPR 22 Statement

WARNING: This is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures.

Japan VCCI Statement

Class A ITE

This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. Internal access to Packeteer devices is intended only for qualified service personnel.

Canada Compliance Statement (Industry Canada)

Cet appareil numrique respecte les limites bruits radiolectriques applicables aux appareils numriques de Classe A prescrites dans la norme sur le matriel brouilleur: Appareils Numriques, NMB-003 dicte par le Ministre Canadien des Communications. This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the interference-causing equipment standard entitled: Digital Apparatus, ICES-003 of the Canadian Department of Communications.

F-6

PacketShaper Getting Started Guide

Appendix F: Safety and Regulatory Information

Taiwan BSMI Class A EMI Statement

Australia C-tick Statement

WARNING The system is designed to operate in a typical office environment. Choose a site that is: Clean and free of airborne particles (other than normal room dust) Well-ventilated and away from sources of heat including direct sunlight Away from sources of vibration or physical shock Isolated from strong electromagnetic fields produced by electrical devices In regions that are susceptible to electrical storms, we recommend you plug your system into a surge suppressor and disconnect telecommunication lines to your modem during an electrical storm. Provided with a properly grounded wall outlet

Do not attempt to modify or use the supplied AC power cord if it is not the exact type required. Ensure that the system is disconnected from its power source and from all telecommunications links, networks, or modem lines whenever the chassis cover is to be removed. Do not operate the system with the cover removed.

Russia Certification

PacketShaper models 1200, 1550, 1700, 2500, 3500, 6500, 7500, and 10000 are Russia GOST-R certified.

PacketShaper Getting Started Guide

F-7

Appendix F: Safety and Regulatory Information

Proper Disposal of Packeteer Products


To reduce waste and to protect the environment from hazardous materials, waste electrical equipment must be disposed of properly. The crossed-out wheelie bin symbol pictured here and labeled on Packeteer products (purchased after August 13, 2005) is a reminder that electrical equipment should not be mixed in with general trash or disposed of in a landfill. Once your Packeteer product or component has reached its end-of-life, you should dispose of it through a reputable, licensed hazardous materials processor. If you are located in one of the European Union Member States, please refer to the product's end user license agreement for further information regarding the proper disposal, reporting, and/or return of the product to Packeteer. For additional information and to obtain return instructions, please go to the Packeteer website at http://www.packeteer.com/program/recycling/.

RoHS Compliance
Packeteer supports the EU directive for Restriction of Hazardous Substances (RoHS). PacketShaper models 1700, 3500, 7500, and 10000 Revision G are RoHS-compliant.

F-8

PacketShaper Getting Started Guide

INDEX
1 Gbps WAN link 4-4 100 LED indicator 2-3 1000 BaseT 4-6 200 Mbps WAN link 4-4 accessing 5-3 using 10-3 comment field 10-6 compression 9-1 displaying Compression Summary 9-17 enabling 1-16 modes 9-3 problems 9-21 Compression Estimator configuring 7-10 described 7-2 Compression Module 1-1, 1-7, 7-2, 7-10, 7-12, 9-1 compression tunnels 1-7 configuration, corrupt 2-8, 3-9, 4-14 console connection 2-2, 3-2, 4-2, 4-3, 5-3, 5-10 console port pinout description B-1 CONTROL port 4-2, 4-12 cookies 5-2 cooling unit (fan), replacing PacketShaper 10000 E-7 PacketShaper 1700 C-2 PacketShaper 3500 D-5 PacketShaper 7500 D-5 copper Ethernet network installing a PacketShaper 9500/10000 4-6 Corrupt Config messages 2-8, 3-9, 4-14 crossover cable 2-5, 3-5, 4-6

A
acceleration 9-2, 9-5 enabling 1-16 Acceleration Module 1-1, 1-7, 1-12, 1-17, 9-1 accelerator cache defined 10-2 verifying 10-9 access-link monitoring feature 6-2 asymmetric flows 6-2 auto-negotiate NIC mode 1-15, 1-18

B
Bad 12v reg message 3-9 Bad 2.5v reg message 3-9 Bad 3.3v reg message 3-9 Bad 5v reg message 3-9 Bad Left LEM message 3-9 Bad Lower LEM message 4-14 Bad Right LEM message 3-9 Bad Upper LEM message 3-9, 4-14 bandwidth allocating 8-8, 10-7 capping 8-8 bandwidth farming 1-1, 10-1 bandwidth limit 8-8 booting, status on LCD 2-7, 3-8, 4-13 browser interface accessing PacketWise 5-2 online help 1-1 browsers configuration 5-2 supported 5-2 bypass control port 4-2, 4-12 bypass mode 2-8, 3-9, 4-9, 4-14 bypass relays, disabling 6-6, 6-8

D
data entry form, creating 10-8 date setup 1-15, 8-9 DB-9 connection 2-2, 3-2, 4-2, 4-3, B-1 Dedicated Management Port feature 5-1, 7-3 Dell PowerConnect 7-1 deployment branch offices 1-6 ISP 1-10 main site 1-3 non-inline 7-1 redundant topologies 1-8 Xpress 1-7 deployment strategies 1-3 direct standby 1-8, 6-1 configuring 6-22 discovery, traffic 8-2 DMZ 1-5 DNS server address(es) 1-12, 1-17 domain name setup 1-12, 1-17 DSL topology 1-10

C
cable modem topology 1-10 cable problems 5-4 cables 2-5, 3-5, 4-6 caching defined 10-2 verifying 10-9 Cisco Catalyst 7-1 Citrix traffic 8-4 classes, traffic 8-2 creating IP address-based 10-5 classification, traffic 8-2 classification-accelerator cache defined 10-2 verifying 10-9 command-line interface

E
enhanced compression 9-3, 9-13 direct standby 6-2 expansion slots 2-2, 3-2, 4-2, 4-3

F
fan assembly, replacing

PacketShaper Getting Started Guide

I-1

Index

PacketShaper 10000 E-7 PacketShaper 1700 C-2 PacketShaper 3500 D-5 PacketShaper 7500 D-5 Fault LED indicator 2-2, 3-2, 4-3, A-1, A-2, A-3, A-4, A-5, A-6 Fiber Bypass Switch 4-10 fiber-optic bypass control port 4-2, 4-12 fiber-optic network connecting a PacketShaper 9500/10000 4-8 firewall 6-18, 6-19 folder classes, creating 10-4 font 5-2 forgotten passwords 5-10 front panel 2-2, 3-2 front panel (PacketShaper 9500/10000) 4-2 FTP 8-4 full-duplex WAN link 1-13

ISP deployment strategies 1-10 ISP models configuring 10-1

L
LAN Expansion Modules expansion slots 2-2, 3-2, 4-2, 4-3 for direct standby 1-8, 6-1 for watch mode 7-4 L-InLink Down message 2-8, 3-9, 4-14 L-OutLink Down message 2-8, 3-9, 4-14 R-InLink Down message 3-10 R-OutLink Down message 3-10 U-InLink Down message 2-9, 4-15 U-OutLink Down message 2-9, 4-15 using two 1-14 LC connectors 4-8 LCD bar graph 2-7, 3-8, 4-13 described 5-7 messages 2-7, 3-8, 4-13 problems 5-7 status 2-7, 3-8, 4-13 LED Fault A-1, A-2, A-3, A-4, A-5, A-6 network A-1, A-2, A-3, A-4, A-5, A-6, A-7, A-8, A-9 Status A-1, A-2, A-3, A-4, A-5, A-6, A-7, A-8, A-9 legacy compression 9-3 direct standby 6-2, 6-3 LEMs expansion slots 2-2, 3-2, 4-2, 4-3 for direct standby 1-8, 6-1 for watch mode 7-4 using two 1-14 Link LED indicator 2-2, 3-3, 4-3 link utilization 8-4 links 1 Gbps 4-4 200 Mbps 4-4 In Link Down message 2-8, 3-9 Links Down message 2-8, 3-9 Out Link Down message 2-8, 3-10 Links Down message 2-8, 3-9, 4-14 links, inbound/outbound 1-13, 1-14 L-InLink Down message 2-8, 3-9, 4-14 load-sharing topology 1-13, 6-2 local mode 1-11, 1-12 login 5-6 look password 1-13, 1-17 L-OutLink Down message 2-8, 3-9, 4-14

G
gateway 1-12, 1-17 GBIC 4-6 Getting Started Guide 1-1 graphing problems 8-9 Guided Setup 5-1, 5-6

H
half-duplex links 1-13 hard drive, replacing PacketShaper 10000 E-4 PacketShaper 3500 D-2 PacketShaper 7500 D-2 hardware installation (PacketShaper 9500/10000) 4-1 hardware, installation 2-1, 3-1 help system 1-1 host lists 10-5, 10-6 hot standby 6-1 hot-swappable power supplies PacketShaper 10000 E-1 PacketShaper 3500 D-1 PacketShaper 7500 D-1 PacketShaper 9500 E-1 HTTPS login 5-6

I
In Link Down message 2-8, 3-9, 4-14 initialization 2-7, 3-8, 4-13 installation hardware 2-1, 3-1 hardware (PacketShaper 9500/10000) 4-1 non-inline 7-3 PacketShaper 9500/10000-to-server 4-7 PacketShaper-to-router 2-5, 3-5 PacketShaper-to-server 2-6, 3-7 rack-mounting 2-4, 3-4 rack-mounting (PacketShaper 9500/10000) 4-5 Internet Explorer browsers 5-2 IP address default PacketShaper 5-3 defining 1-12, 1-17 IP address-based classes 10-2, 10-9 IPX 1-7

M
management port enabling 3-2, 5-1 watch mode 7-3 with direct standby 6-14, 6-16, 6-18, 6-20 mask, subnet 1-12, 1-17 matching rules 10-5 Measurement Only 2-8, 3-9, 4-15 Microsoft Internet Explorer 5-2 migration compression 9-3, 9-6 direct standby 6-2 mode

I-2

PacketShaper Getting Started Guide

Index

bypass 2-8, 3-9, 4-9, 4-14 operating 1-16 safe 2-9, 3-10, 4-15 watch 7-1 modem settings 5-3 monitor only mode 1-16 Monitoring Module 1-1, 2-8, 3-9, 4-15, 7-1

N
NAT 1-6 net mask, defining 1-12, 1-17 NetOptics taps 7-1 Netscape browsers 5-2 network hardware installation 2-1, 3-1 hardware installation (PacketShaper 9500/10000) 4-1 non-inline installation 7-3 ports 2-2, 3-2 ports (PacketShaper 9500/10000) 4-2 Network Address Translation (NAT) 1-6 network link down 2-8, 3-10, 4-15 Network Performance Summary 8-5 network speed problems 5-8 NIC mode 1-15, 1-18 No Router Found message 2-8, 3-9 non-inline deployment 7-1 Not Configured message 2-8, 3-10, 4-15

O
OpenSSH 5-3 operating mode 1-11, 1-16 Out Link Down message 2-8, 3-10, 4-15

P
packet capture 8-10 packet packing 9-1 packet shaping enabling 8-8, 10-7 Shaping Off message 2-9, 3-10 PacketGuide 1-1 PacketShaper accessing with a browser 5-2 accessing with a console connection 5-3 accessing with remote login software 5-3 defined 1-1 deployment strategies 1-3 IP address 1-12, 1-17 modules 1-1 non-inline deployment 7-1 turning on 2-7, 3-8 using 8-1 PacketShaper 10000 cooling unit (fan) replacement E-7 hard drive replacement E-4 hardware features 4-4 hot-swappable power supplies E-1 installing 4-1 powering on 4-13 specifications A-1 PacketShaper 1200 configuring 1-11, 8-1 generating reports 8-1

hardware features 2-3 installing 2-1 powering on 2-7 specifications A-9 PacketShaper 1550 hardware features 2-3 installing 2-1 powering on 2-7 specifications A-8 PacketShaper 1700 cooling unit (fan) replacement C-2 hardware features 3-3 installing 3-1 management port (described) 3-2 management port (enabling) 5-1 management port (watch mode) 7-3, 7-4, 7-6, 7-9 power supply replacement C-1 powering on 3-8 specifications A-7 PacketShaper 2500 hardware features 2-3 installing 2-1 powering on 2-7 specifications A-6 PacketShaper 3500 cooling unit (fan) replacement D-5 hard drive replacement D-2 hardware features 3-3 hot-swappable power supplies D-1 installing 3-1 management port (described) 3-2 management port (direct standby) 6-14, 6-16, 6-18, 6-20 management port (enabling) 5-1 management port (watch mode) 7-3, 7-4, 7-5, 7-6, 7-9 powering on 3-8 specifications A-5 PacketShaper 6500 hardware features 2-3 installing 2-1 powering on 2-7 specifications A-4 PacketShaper 7500 cooling unit (fan) replacement D-5 hard drive replacement D-2 hardware features 3-3 hot-swappable power supplies D-1 installing 3-1 management port (described) 3-2 management port (direct standby) 6-14, 6-16, 6-18, 6-20 management port (enabling) 5-1 management port (watch mode) 7-3, 7-4, 7-5, 7-6, 7-9 powering on 3-8 specifications A-3 PacketShaper 9500 hardware features 4-4 hot-swappable power supplies E-1 installing 4-1 powering on 4-13 specifications A-2 PacketShaper acceleration 9-1 PacketShaper ISP configuring 10-1 defined 1-1 PacketShaper Xpress

PacketShaper Getting Started Guide

I-3

Index

configuring 9-1 PacketWise accessing with a console connection 5-3 accessing with browser 5-2 accessing with remote login 5-3 configuring 5-6 logging in 5-6 partitions assigning with CLI 10-7 creating 8-8, 10-7 defined 8-7 password look 1-13, 1-17 recovery 5-10 touch 1-13, 1-18 pinout description console port B-1 policies creating 8-7 verifying 8-8 PolicyCenter 1-11, 6-22 Power 1 Failed message 2-9, 3-10, 4-15 Power 2 Failed message 3-10 Power LED indicator 2-2, 3-3, 4-3 power supplies, replacing PacketShaper 10000 E-1 PacketShaper 1700 C-1 PacketShaper 3500 D-1 PacketShaper 7500 D-1 PacketShaper 9500 E-1 power supply dual 2-7, 3-8, 4-13 failure 2-9, 3-10, 4-15 power consumption A-1, A-2, A-3, A-4, A-5, A-6, A-7, A-8, A-9 rating A-1, A-2, A-3, A-4, A-5, A-6, A-7, A-8, A-9 proxy servers 1-6

secure login 5-6 SecureCRT 5-3 serial connection 2-2, 3-2, 4-2, 4-3, 5-3 server connecting to PacketShaper 2-6, 3-7 connecting to PacketShaper 9500/10000 4-7 DNS 1-12, 1-17 installation 2-6, 3-7 settings changing 5-9 setup links 1-13, 1-14 software 5-1 Setup window 5-9 SFP transceivers 4-8 shaping enabling 8-8, 10-7 Shaping Module 1-1, 8-7 Shaping Off message 2-9, 3-10, 4-15 shared mode 1-11, 1-17 site router 1-12, 1-17 Small Form-Factor Pluggable transceivers 4-8 software key 1-1, 7-10, 7-12 SPAN port, connecting to 7-3 Speed LED indicator 3-3, 4-3 SSH clients 5-3 SSH login 5-6 standby direct 6-1, 6-22 hot 6-1 Status LED indicator 2-2, 3-3, 4-3, A-1, A-2, A-3, A-4, A5, A-6, A-7, A-8, A-9 straight-through cable 2-5, 3-5, 4-6 subnet mask 1-12, 1-17 switch, using GBIC 4-6 SX/LX LED indicator 4-4 system startup 2-7, 3-8 system startup (PacketShaper 9500/10000) 4-13

R
rack mounting 2-4, 3-4 rack mounting (PacketShaper 9500/10000) 4-5 redundant Packeteer units 6-1 redundant router topologies 1-8, 6-1, 6-12 remote login, accessing PacketWise with 5-3 Response Time Measurement (RTM) 8-10 R-InLink Down message 3-10 RoHS F-8 router connecting to a PacketShaper 9500/10000 4-6 connecting to PacketShaper 2-5, 3-5, 6-13 connectivity problems 2-9, 3-10, 4-15 installation 2-5, 3-5 No Router Found message 2-8, 3-9, 4-15 Router Inside message 2-9, 3-10, 4-15 Router=0.0.0.0 message 2-9, 3-10, 4-15 setup 1-12, 1-17 setup site address 1-12, 1-17 using GBIC 4-6 R-OutLink Down message 3-10

T
taps NetOptics 7-1 taps, connecting to 1-9, 7-9 TCP Rate Control 8-7 Telnet, accessing PacketWise with 5-3 time setup 1-15 time zone setup 1-15, 1-18 Top 10 Classes graph 8-5 Top Ten tab 8-4, 8-6 touch password 1-13, 1-18 traffic classes 8-2 creating IP address-based 10-5 traffic classification 8-2 traffic discovery 8-2 problems 8-3, 8-9 traffic shaping enabling 8-8, 10-7 Shaping Off message 2-9, 3-10 traffic tree 8-2, 10-3 turning on PacketShaper 2-7, 3-8 Tx/Rx LED indicators 2-2, 2-7, 3-3, 3-8, 4-3, 4-14, 5-4

S
safe mode 2-9, 3-10, 4-15 SCPS 9-2

I-4

PacketShaper Getting Started Guide

Index

U
UDP-based applications 1-7 U-InLink Down message 2-9, 4-15 U-OutLink Down message 2-9, 4-15

V
version 2-7, 3-8, 4-13 VPN 1-5, 8-3

W
watch mode 7-1 adding routers to watch list 7-7 enabling 7-7 management port 7-3 web traffic 8-4 web, supported browsers 5-2

X
Xpress 1-7, 1-16 configuring 9-1 deploying on a VPN 9-5 feature requirements 9-4 migrating to enhanced compression 9-6 modes 9-3 XTP 9-2, 9-5

PacketShaper Getting Started Guide

I-5