Transcription
WARPUser’s ManualVersion 9.1.2
WARP User Manual 9.1.2Table of ContentsOverview . 5Chapter 1: Initial Setup . 12Quick Install Instructions . 14Chapter 2: Interfaces . 17LAN . 17WAN . 21Chapter 3: System . 30General .Users .Configuring LDAP .Active Directory Services .Unit Failover .DHCP Server .Syslog .NetFlow .Auto Configuration .Maintenance .30333537404750535455Chapter 4: Load Balancing . 56Algorithms .SmartDNSTM .Statistics .Site Load Balancing .Server Load Balancing .5659727878Chapter 5: Routing . 79Application Profile . 79Network Objects . 80Inbound Policy . 83Outbound Policy . 98Scheduler . 105Global Outbound Policy . 113Static Routes . 113Quality of Service (QoS) . 115Global Quality of Service (QoS) . 115VPN . 115IPv6in4 tunnel . 115
IPv6 Static Routes . 117Advanced Options . 119Chapter 6: Tools . 121Speed Chart .QoS Statistics .Diagnostics .Server Statistics .Session Details .121122122127127Chapter 7: Quality of Service (QoS) . 133Configuration . 134QoS Statistics . 136Layer 7 QoS – Application Level QoS . 139Chapter 8: Site Load Balancing . 142Chapter 9: Server Load Balancing . 147Chapter 10: VPN . 158Chapter 11: VPN Site Failover . 174Chapter 12: Central Manager . 179Chapter 13: Paging Software . 195Addendum A . 201Addendum B . 209FatPipe Virtual Appliance. 209Technical Support . 216FatPipe Product Warranty . 217FatPipe Networks End User . 221Software License Agreement. 221
OverviewFatPipe WARP is a high-speed router-clustering devicefrom FatPipe Networks. It is the ultimate solution forcompanies that want the highest levels of WAN redundancy,reliability, and speed for data traffic directed from thenetwork to the Internet as well as data traffic directedto servers hosted internally.WARP aggregates any combination of DS3, T1, E3, E1, DSL,OCN, ISDN, wireless, 3G, 4G, and cable lines. It enablesdynamic data transmission over multiple paths for thecombined speed of the connections and redundancy,providing you the confidence that your data connectivityis insured regardless of individual router failure. WARPworks with all existing hardware and applications.NoBGP programming is required. FatPipe WARP is availablewith a variety of throughput options. FatPipe canaccommodate small companies and branch offices with itslower throughput versions starting at 5 Mbps, as well asenterprise level customers who require speeds up to guration,andtheFatPipewebsitefromtheconfiguration interface of WARP. The interface also haslinks to the feature set, sales and support contactinformation, and Frequently Asked Questions.Chapter 1: Initial SetupThis chapter provides you with the information figuration for FatPipe WARP. In this chapter you willlearn how to: Install the WARP unitConnect WARP to your networkChapter 2: InterfacesThis chapter explains how to setup the necessarynetworking parameters for FatPipe WARP to work with yourexisting networking environment. In this chapter you willlearn how to: Setup the IP Address, Subnet Mask, and Default Gateway ofeach networking interfaceSetup IPv6 LAN and WAN settings
Overview 6Configure Ethernet MAC addressSet Spillover PriorityActivate VLANEnable or Disable DHCP Relay for LAN connectionConfigure Weighted Load Balancing (please also refer toChapter 4: Load Balancing)Enable or disable access to services running on the WARPunitCheck the status of each WAN connection
Overview7Chapter 3: SystemThis chapter explains how to set general user settings,save a configuration file backup, and establish unitfailover. Along with user accounts, date and time, andSNMP settings, you can also choose to configure the highavailability option using an additional standby WARP unitat your site. This is called Unit Failover. In thischapter you will learn how to: Set user privileges and passwordsSetup Unit Failover between two WARP unitsSet system date and timeBackup and restore the system configurationReset the system configuration to default settingsEnable SNMP access to WARP for monitoring the performanceof your networkConfigure the built-in DHCP Server to assign IP addressesto devices on your local area network (LAN)Export traffic statistics using NetFlow protocolSend event messages to a Syslog ServerConfigure a list containing Hostnames of LAN devices andtheir respective IP address.Chapter 4: Load BalancingWARP dynamically load balances inbound and outbound IPtraffic for the highest levels of reliability ement interface to setup the appropriate LoadBalancing option, Route Test configuration and SmartDNS.In this chapter you will learn how to: Choose the appropriate Load Balancing optionSet your Route Test configurationConfigure SmartDNS for inbound load balancingredundancyConfigure Site Load BalancingConfigure Server Load BalancingandChapter 5: RoutingYou can setup and schedule Inbound and Outbound Policies,Static Routes, Quality of Service (QoS) Rules, and enableOSPF. In this chapter you will learn how to: Configure Inbound Policy to allow connections to internalserversConfigure Outbound Policy to specify rules for outboundconnectionsConfigure Global Outbound Policy (please refer to Chapter14: Central Manager)Configure Static Routes for additional routed subnets
Overview 8Schedule Policy Routing Rules for different times anddays of the week using the SchedulerConfigure Quality of Service (QoS) rules for use withOutbound PolicyConfigure Global QoS (Please refer Chapter 14: CentralManager)Enable and configure OSPFConfigure VPN tunnelsConfigure IPv6in4 tunnelConfigure IPv6 static routesEnable Advanced Routing optionsChapter 6: ToolsUse FatPipe WARP’s remote management interface to monitorthe performance of your network.You can check thestatus of routers and Internet connections using FatPipeWARP’s Diagnostic Tools and view the speed of connectionsusing the Speed Chart.In this chapter you will learnhow to: View the WAN’s performance by using the Speed ChartCheck the status of routers and connections using WARP’sDiagnostic ToolsView your WAN’s performance with System StatisticsView QoS Statistics for traffic going through WARPView Server Load Balancing StatisticsChapter 7: Quality of Service (QoS)You can optimize the efficiency of your network andprioritized data flow up to 10 levels in relation topriority, latency, and packet loss using FatPipe QoS. Itgives you the ability to assign bandwidth parameters tobusiness applications, guaranteeing the minimum qualityand bandwidth as you define it. You can also classifypackets based on the application they belong to.Application Rules supply the patterns used by the Layer 7classifier as an extension of outbound Policy Routingrules. It allows the user to classify traffic based umbers used by transport protocols. QoS is an add-onfeature. Please refer to the contact information in theback of the manual or contact your local FatPiperepresentative for purchasing information.In thischapter you will learn how to: Setup and configure QoSCreate one or more Application RulesCreate a MPSec QoSChapter 8: Site Load Balancing
Overview9WARP units can be configured to automatically loadbalance site traffic to one or more remote sites, whereinbound connectivity to Internet accessible servers iscritical. Site Load Balancing also allows for SiteFailover.This technology utilizes FatPipe Site LoadBalancing, which is an add-on feature.Please refer tothe contact information on the back of the manual orcontact your local FatPipe representative for purchasinginformation. In this chapter you will learn how to: Configure FatPipe Site Load Balancing between two or moreunits residing at different sites
Overview10Chapter 9: Server Load BalancingServer Load Balancing is a very fast and reliablesolution offering high availability, load balancing andproxying for TCP and HTTP-based applications. It isparticularly suited for web sites crawling under sing. Supporting tens of thousands of connectionsis clearly realistic with today’s hardware. Its mode tures very easy and riskless, while offering thepossibility not to expose fragile web servers to theInternet. In this chapter you will learn how to: Setup and configure Server groups and Servers.Chapter 10: VPNWARP can be setup as a VPN end-point. FatPipe VPN is anadd-on feature. Please refer to the contact informationin the back of the manual or contact your local FatPiperepresentative for purchasing information.In thischapter you will learn how to: Setup and configure VPN settingsChapter 11: VPN Site FailoverWARP can be configured to provide failover of VPN tunnelsfrom one site to another. Please refer to the contactinformation in the back of the manual or contact yourlocal FatPipe representative for purchasing information.In this chapter you will learn how to: Setup and configure VPN Site Failover settingsChapter 12: Central ManagerCentral Manager allows you to configure and manage allyou WARP devices from one central location. You canconfigure and manage your branch WARP from a CentralLocation through our centralized GUI. This Chapterexplains how to configure the Central Manager at yourHead Quarters so that remote branch units can be managed.Global Policy Routing Rule allows you configure OutboundPolicy routing rules for all remote location and applythem. Global Policy Routing rules are created in thecentral location and then applied to one or all remotelocations. In this chapter you will learn how to: Configure Central Manager to manage remote WARP devicesConfigure Global Outbound PolicyConfigure Global Quality of Service
Overview11Chapter 13: Paging SoftwareFatPipe provides monitoring software that can be used tocontinuously test the status of your unit.Thismonitoring software, called Paging Software, will sendyou an alert if a failure occurs on the WAN.In thischapter you will learn how to: Install the Paging SoftwareSetup and configure the Paging Software
Chapter 1: Initial SetupFatPipe WARP comes in a 1U, 2U, 4U or desktop formfactor. Each form factor has Ethernet interfaces locatedat the back of the chassis (see Figure 1.1).The LANinterface is used to connect to your LAN.The otherinterfaces are used to connect to your WAN routers. Eachof the Ethernet interfaces must be configured to matchthe IP addresses of your network by using FatPipe WARP’sremote management interface, also known as FatPipe WARPGUI – Graphical User Interface.IMPORTANT: PLEASE REFER TO THE PREINSTALL WORKSHEETINCLUDED IN YOUR CUSTOMER PACKET THAT CAME WITH THISPRODUCT.IF YOU WANT A FATPIPE TECHNICAL SUPPORT ENGINEER TOASSIST YOU WITH INSTALLATION, YOU MUST FILL OUT THEPREINSTALL WORKSHEET AT LEAST 72 HOURS PRIOR TOINSTALLATION AND EMAIL IT TO: FATPIPE TECHNICAL SUPPORTAT support@fatpipeinc.com OR CALL (800) 724-8521 Ext:3Figure 1.1Unpack WARP from its shipping box. You will receive aunit with power cord(s) supplied. (Dual power supplyunits will have two power cords). To install WARP youwill need one Ethernet network cable for each interfaceyou will use.You may also need an Ethernet crossovercable to use in between the LAN interface and a computerfor initial configuration.WARP can be configured and managed remotely through abrowser-based management application.You must use anup-to-date Internet browser with the latest Java VirtualMachine (JVM) installed to access the remote managementinterface.Important: Internet Explorer should install the JVM automatically.Other browsers may not install the JVM by default.Please make sure your browser has the latest JVMinstalled. Visit www.sun.com to find information oninstalling JVM.
Chapter 1: Initial Setup 13If you will be accessing the remote management interfacefrom behind a firewall, make sure TCP port 5001 isallowed for outbound connections. Also make sure Javaapplets are allowed through the firewall.
Chapter 1: Initial Setup14Quick Install InstructionsThe following section is a quick overview of theinstallation process. We recommend that you refer to therest of the manual for detailed descriptions of thevarious menu items and screens.Select a PC on your LAN to configure the WARP appliance.This PC will be referred to as the Management PC. Any PCon the LAN can be used to manage the WARP appliance onceinitial configuration is complete.Connect the WARP unit to a UPS outlet.Power the uniton. It takes less than a minute to boot up.Connect the LAN interface to your local network and ion must be done through the LAN interface.Configure the Management PC with IP address 192.168.0.10,Subnet Mask 255.255.255.0, and Gateway 192.168.0.1.Point the web browser on your Management PC tohttp://192.168.0.1 and this will bring up the initialinterface page of WARP.At your first login, enter "Administrator" as theusername (it is case-sensitive). The unit ships with nopassword. Simply click the Login button to authenticateand bring up the remote management interface.Click on System from the main menu and click on the Userstab and select "Administrator" from the user list. Clickon the Edit button to set the login password. Be sure toremember this password, as you will not be able to accessthe WARP without it. You may also want to add additionalusers at this time.Configure all the active WAN interfaces with IP Address,Subnet Mask, and Default Gateway settings.For moredetails, see “Chapter 2: Interfaces” in this manual. Ifany of your WAN IPs are assigned using DHCP or PPPoE, youcan select those options instead.Configure the LAN interface: Click on the Interfacebutton in the main menu. Click on the LAN tab and thenthe Add button to add a new IP alias. We recommendkeeping the default 192.168.0.1 IP address, assuming itdoes not conflict with anything on your network. Click on
Chapter 1: Initial Setup15the OK button to return to the LAN page. Click on theSAVE button to save the changes.At this point your WARP unit should be setup for Internetaccess. All you need to do is set your Default Gatewayof your LAN to point to the LAN IP of the WARP unit.
Chapter 1: Initial Setup16The Home PageThis page displaysVersion of the firmware running on the unit,Serial number of the unitLicensed throughputLicensed Add-onsHelpful Tips: Once WARP is in place, we recommend that you reboot yourrouters and firewalls to clear their ARP caches.Thiswill assure proper network communication between WARP andyour other network devices.If you are using public IPs on the LAN side of WARP in apass-through configuration, (see Inbound Policy), it maynot be necessary to change your network’s DefaultGateway.WARP uses Proxy ARP to automatically forwardpackets destined for any of the WAN routers. This makesWARP completely transparent to internal devices accessingthe Internet.
Chapter 2: InterfacesThe Interface section is where you configure settings forthe LAN and WAN interfaces of WARP.LANTo access and set LAN parameters, click on the Interfacesbutton in the main menu and click on LAN tab (see Figure2.1).Figure 2.1 – LAN InterfaceEnable Proxy ARPThis will enable or disable Proxy ARP on the LAN side.When this option is enabled, WARP will respond to ARPrequests for any IPs that belong to any of the WANsubnets.If you disable this option, you will not beable to communicate with devices directly connected tothe WAN that are in the same subnet as where you arecoming from.You should only disable Proxy ARP if you have devices onthe LAN side that have IPs from one of the WAN subnets.The default option is to have Proxy ARP enabled.
Chapter 2: Interfaces18Ethernet MAC AddressThis “Set” option allows you to set custom or defaultEthernet MAC address of the LAN interface.Link Speed / Duplex ModeThis option allows you to manually configure Ethernetlink speed and the duplex mode. The default value is setto "Auto-negotiation."VLANA Virtual Local Area Network (VLAN) may be defined as agroup of LANs that have different physical connections,but which communicate as if they are connected on asingle network segment. VLAN is a broadcast domain formedby switches. VLANs allow you to create multiple separatednetworks with only a single switch.VLANs increase overall network performance by groupingusers and resources that communicate most frequently witheach other. To activate VLAN, click on the Activecheckbox and enter a Valid VLAN ID (Range 0 to 4096).Enable DHCP RelayThis option allows you to relay DHCP requests from a LANsegment to a DHCP server on the WAN side.Reporting IP addressThe reporting IP address field is used for sending localSyslog and SNMP messages through VPN or GRE tunnel.IPv4To view the IPv4 LAN configuration, click the IPv4 tab(see Figure 2.1). To add an IPv4 address, click the IPv4tab and click on the Add button. Specify the IP Addressand Subnet Mask for each IP subnet connected to the LANinterface to configure one or more IPs on the LANinterface (see Figure 2.2). Also specify the VLAN ID ofeach subnet if any.
Chapter 2: Interfaces19Figure 2.2 – Add IPv4 LAN IP Address, Subnet Mask and VLAN IDClick onTo editclick onmake thethe SAVE button to make the changes permanent.LAN information, select it from the list andthe Edit button, click on the SAVE button tochanges permanent (see Figure 2.3).Figure 2.3 – Edit IPv4 LAN IP and Subnet MaskIPv6Click the IPv6 tab to view the IPv6 address configuration(see Figure 2.4).
Chapter 2: Interfaces20Figure 2.4 – IPv6 LAN InterfaceTo add an IPv6 address, click the IPv6 tab, and thenclick the Add button. Specify the Scope, IP and prefixlength (see Figure 2.5).Figure 2.5 – Add IPv6 LAN IP and prefix lengthClick on SAVE button to make the changes permanent.To edit LAN information, select it from the list andclick the Edit button, click the SAVE button to make thechanges permanent (see Figure 2.6).
Chapter 2: Interfaces21Figure 2.6 - Edit IPv6 LAN IP and prefix lengthTo delete a LAN IP, select it from the list and click onthe Delete button, click on the SAVE button to make thechanges permanent.WANTo configure each WAN interface in your network, click onInterfaces button in the main menu and click WAN1, WAN2,or WAN3 tab.ISP NameGive name of the ISP to the WAN interfaceRoute TestWhen Usage of an interface is set to "Backup," you canselect when to perform the route test for that interface.It is set to “Always” by default. This means FatPipe willalways check the line for Internet connectivity, even ifthe line is not actively being used for outboundsessions. If you choose the option “On Primary Failure,”then FatPipe will not check for connectivity on that lineunless all interfaces with Usage set as Primary are down.Link Stabilizing FactorThis is the number of consecutive Route Test failures orsuccesses that must occur before Line Status is changed.If the Line Status is UP, the status will change to DOWNonly after this number of consecutive Route Test
Chapter 2: Interfaces22failures. If the Line Status is DOWN, the status willchange to UP only after this number of consecutive RouteTest successes. See Chapter 4, Route Test.Ethernet MAC AddressThis “Set” option allows you to set custom or defaultEthernet MAC address of the WAN interface.Link Speed / Duplex ModeThis option allows you to manually configure Ethernetlink speed and the duplex mode. The default value is‘Auto-negotiation.’
Chapter 2: Interfaces23VLANA Virtual Local Area Network (VLAN) may be defined as agroup of LANs that have different physical connections,but communicate as if they are connected on a singlenetwork segment. VLAN is a broadcast domain formed byswitches. VLANs allow you to create multiple separatednetworks with only a single switch.VLANs increase overall network performance by groupingusers and resources that communicate most frequently witheach other. To activate VLAN, click on the Activecheckbox and enter a Valid VLAN ID (Range 0 to 4096).WeightThis setting is for use with the Weighted Load balancingalgorithm. Values configured here will be assigned as theWeight for that WAN interface.Spillover Priority LevelSpillover priority level allows you to assign differentpriorities to WAN connections to prevent line saturation.Traffic is sent over the lines with the highestpriorities set by you. Traffic is sent over the lowerpriority lines only after at least 90% throughput ofhigher priority lines is reached. You have the option ofmarking a line as ‘backup’. Traffic will be sent out ofa ‘backup’ link only if all the other links are down. ’1’has the highest priority and decreases as the numericvalue increases, depending on the number of WANinterfaces you have.This algorithm provides a solution for users that arecharged for line usage that is proportionate to thetraffic they generate. You will normally want to use thistype of feature as a backup for when your network iscarrying a high load. By assigning lower priority to sucha line, you will achieve optimal usage and minimize cost.ServicesFatPipe is a secure system with most services disabledexcept those needed to provide Remote Management, SSH,DNS, IPSEC, SNMP and Site Load Balancing. Although theseservices present minimal risk, you can enable or disablethese features as desired. You can block Ping (ICMP ECHO)requests to the WAN interface IP. These options do notaffect traffic routed through WARP.
Chapter 2: Interfaces24Watch Parameters – When enabled, FatPipe monitors thelink conditions like latency, jitter and packet loss andallows redirecting traffic to alternate links if a predefined threshold is crossed even if the link is UP. Thisis achieved by configuring the thresholds using OutboundPolicy Routing Rules. FatPipe pings a pre-defined IP(default is 8.8.8.8 but can be changed by FatPipe SupportTeam) to determine the above factors.
Chapter 2: Interfaces25Bandwidth (kbps)Upload - This setting is for use with Quality of Service(QoS). You should specify the maximum outbound bandwidthavailable for your WAN line in Kbps (Kilobits persecond).For example, if you have 1.5Mbps of bandwidthoutbound, you would enter 1500.Download - This setting is for use with Quality ofService (QoS). You should specify the maximum bandwidthavailable inbound for your WAN line in Kbps (Kilobits persecond).For example, if you have 1.5Mbps of bandwidthinbound, you would enter 1500.Enable Bridging with LANIn situations where we cannot split a network to create aseparate small transport subnet, this option enables youto bridge the LAN with the WAN interface of that network.WAN IP ListDefines all the subnets that are on the WAN side of thebridged interface, this helps the FatPipe route trafficaccordingly.IPv4 WAN SettingsSelect “Obtain an IP address automatically using DHCP” tohave WAN IP settings assigned dynamically by a DHCPserver (see Figure 2.7).To connect to your ISP using PPPoE, select “Connect usingPPPoE” (see Figure 2.8 and Figure 2.9).To connect a 3G/4G line, plug a 3G USB Modem to any ofthe USB interfaces on the WARP device. The USB Modem willbe automatically detected. Select “Connect using 3G/4Gdevice.Choose the device model from the “Detected 3G/4G USBModem” Dropdown. IMEI/ESN and Model Name of the USB Modemwill be displayed. This information cannot be modified.The APN and Phone Number will also be displayed. Thisinformation can be modified. Click SAVE to make thechanges permanent. (See Figure 2.10)Select "Specify an IPaddress" to assign IP Address, Subnet Mask, and DefaultGateway settings to each WAN interface.The DefaultGateway is typically the IP address of your WAN router(see Figure 2.11).
Chapter 2: InterfacesFigure 2.7 – Connecting automatically using DHCPFigure 2.8 – Connecting using Dynamic PPPoE26
Chapter 2: InterfacesFigure 2.9 – Connecting using Static PPPoEFigure 2.10 – Connect using 3G/4G device27
Chapter 2: Interfaces28Figure 2.11 – Specify IP AddressNote:Line Status will indicate UP when the nication.Line Status will read DOWN when the WANconnection is unavailable.IPv6 WAN SettingsBy default the “Obtain an IP address automatically usingDHCP” and “Connect using PPPoE” options are disabled forIPv6 WAN settings. Click on IPv6 tab to assign IPv6Address, prefix length, and Default Gateway settings toeach WAN interface. The Default Gateway is typically theIPv6 address of your WAN router (see Figure 2.12 andFigure 2.13).
Chapter 2: Interfaces29Figure 2.12 – Specifying IPv6 AddressFigure 2.13 – Add IPv6 WAN IP and prefix lengthEnable Bridging with LANIn situations where we cannot split a network to create aseparate small subnet, this option enables you to bridgethe LAN with the WAN interface of that network.WAN IP ListDefines all the subnets that are on the WAN side of thebridged interface, this helps the FatPipe route trafficaccordingly.
Chapter 3: SystemThis section allows you to configure basic parameters ofyour WARP unit.Under the System menu, you can setupfailover between multiple WARP units at the same location(Unit Failover). The System section is also where you canset user privileges and user passwords.GeneralTo configure system settings click on System in the mainmenu and click on the General tab (see Figure 3.1).You can set a Host Name and Domain Name to identify thesystem.Figure 3.1 – General settings
Chapter 3: System31Date and Time PropertiesYou can set the date, time and time zone for the system(see Figure 3.2, Figure 3.3).Figure 3.2 – Set dateFigure 3.3 – Set TimeYou can set date and time using the NTP. Check the UseNTP checkbox and click the Set button to synchronize withexternal time servers (see Figure 3.4).Figure 3.4 – Set the date and time using a NTP serverUncheck "Use Custom Time Server" to use the default timeservers. If you want to use a different set of timeservers other than the default ones, check "Use CustomTime Server" and add the time server (see Figure 3.5).
Chapter 3: System32Figure 3.5 – Set the NTP Time ServerSession TimeoutsYou can specify TCP and UDP idle timeouts for connectionsrouted through WARP.The defaults are 120 minutes (2hours) for TCP and 3 minutes for UDP.It is notrecommended that you change these settings, except underrare circumstances.Backup and RestoreYou can backup or restore configuration settings. If youclick on the Backup Settings button you will be promptedto save a backup configuration file in a new popupwindow. If you click on the Restore Settings button, ina new popup window you will be prompted to import apreviously saved backup configuration file. If you clickon the Restore Defaults button, you will be prompted torestore the system back to factory defaults.View ARP TableUse to view the ARP Table of the FatPipe WARP Unit (SeeFigure 3.1).Clear ARPUse this to clear the system’s ARP cache.Login BannerYou can specify a message that will be displayed on theRemote Configuration login page.
Chapter 3: System33UsersTo manage user accounts, click on System button in themain menu and click the Users tab (see
WARP User Manual 9.1.2 Table of Contents Overview. 5
