WAN Optimisation day four: Packet sniffing fun

Just how does WAN Optimisation work? What's going on when the packet hits the appliance? Ian Yates explains all in part four of our feature.

Yesterday (https://www.techtarget.com/searchnetworking/.au/topics/article.asp?DocID=6100251) we saw that WAN optimisation is about more than just traffic taming and you'll get no argument on that score from Packeteer's Bede Hackney.

"There are a number of different technology approaches you can take, but really that foundation is visibility," says Hackney. "If I drill into the analyst's definition of this space, they talk about it being those five different technologies, but then they say a WAN optimisation product is anything that does two or more of those five technologies. I think that implies very strongly that there's a lot of silver bullet technologies in this space. A lot of vendors who really just do one thing."

"I would argue that there's very few organisations that can't get some benefit out of WAN optimisation," says Hackney. "I haven't come across one yet. So I would argue that there's almost always value to be had in the technology, but as an organisation, you really need to focus and understand which of the technologies has the most value to offer in your environment. The environment that's going to be particular to your applications, your network, your geographical disparity." Which means you could happily buy one black box and knocking off two of the list of five, thinking you're fully optimised until somebody points out there's a whole other area like that gnarly old SSL.

"At Packeteer we sell three different acceleration technologies," says Hackney. "We're very happy to position an acceleration solution, but if the reality is that the bulk of the traffic on your network is peer-to-peer traffic, that's maybe unsanctioned, then you probably just employed an expensive acceleration technology to accelerate your peer-to-peer traffic - your recreational traffic. You haven't solved any of your business problems, but it's super fast. And as I said, to be absolutely clear, Packeteer leads the market in these acceleration technologies, but you must know what it is that's slowing down your WAN link."

Riverbed Technology is one vendor with a focus on fixing the problem of how to improve SSL traffic, which is on the rise, and used to be considered beyond the realm of compression. "It's estimated that about 17% of traffic currently is encrypted traffic, SSL, https, and that will likely increase as more and more applications move to a web based, portal based architecture," says Riverbed's Steve Dixon. Riverbed's latest product release claims to fully optimise encrypted traffic in a way that preserves the trust model.

"The way it does that is that the certificate is held in the data centre, a secure connection is established to a remote site, and then a temporary session key is issued to the remote site, and the remote client for that particular encrypted traffic session," says Dixon. "At the end of that session, that temporary session is deleted. So it maintains a very, very secure way of handling the certificates, and now allows us to fully optimise encrypted traffic. We do that by bringing encrypted traffic into our box. We decrypt it, we fully optimise it, and then we re-encrypt it again back into SSL, in some cases something stronger like a 256-byte encryption. And across the network, to the data centre box where again we will then decrypt it, de-optimise it, re-encrypt it and send it back out to the final destination." Sounds like an awful lot of jiggery pokery in order to get this stuff compressed.

"It is," agrees Dixon. "However, the results have been quite extraordinary. We're seeing transactions that may previously be taking 300 or 400 seconds to complete, the encrypted traffic stream is now only taking six or seven seconds, even with all that jiggery pokery." And of course it's completely transparent to the end user? "Completely transparent, and completely secure," says Dixon.



Read more on WAN performance and optimisation