Summary
This article provides detailed insight into how the WANScaler operates when in group mode.
Background
Group mode is one solution to the problem of “asymmetric routing,” which is defined as any case where some packets in a given connection pass through a given WANScaler appliance, but others do not.
Group mode applies only to the appliances on one side of the WAN link; the local appliances neither know nor care whether the remote appliances are using group mode.
The following screen shots show two example installations.
1. Group mode over redundant links:
2. Group mode over non-redundant links with possible asymmetric routing:
How group mode works–packet level
The appliances that are part of the group each take ownership for a portion of the group’s connections. Each appliance creates a hash table of connections that determines which unit is the owning appliance of that particular connection.
The following screen shot shows the sending side traffic flow in a network with group mode set up. It displays how packets are handled between two appliances in group mode. The important thing to note is that this setup does not disturb the traffic's original path for delivery:
Breakdown:
1. The appliance receives a packet for a connection it does not own.
2. Based off the hash table, the non-owning unit forwards it to the appliance that is the owner through Generic Routing Encapsulation (GRE).
3. The owning unit examines the packet, makes the appropriate acceleration decisions, and forwards the output packets back to the non-owning appliance.
4. This preserves the link selection made by the router, while allowing all packets in the connection to be managed by the owning appliance.
The following screen shot shows the receiving side traffic flow in a network with a group mode setup. Once again, the packet is returned to its original path as to not disturb the original routing path:
Breakdown:
1. The appliance receives a packet it does not own.
2. Based off the hash table, the non-owning unit forwards it to the appliance that is the owner through GRE.
3. The owning unit examines the packet, makes the appropriate acceleration decisions, and forwards the output packets back to the non-owning appliance.
4. The non-owning unit passes through the accelerated traffic, keeping the original traffic path for delivery intact.
Group mode uses a heartbeat mechanism to verify that other members of the group are active. Packets are only forwarded to group mode members that are in the active state.
The result is that, from the routers’ point of view, the introduction of the WANScalers has no routing consequences at all, and the routers do not need to be reconfigured in any way. In addition, the WANScaler appliances do not need to understand the routing mechanism; they simply accept the routers’ forwarding decisions. The WANScaler does not participate in layer 3 routing.
How group mode works–architecture level
Each member of the group verifies that its group mode configuration is identical to the others. Once the configuration is verified, the units all apply the same algorithm to determine which of them owns a given connection.
The “owner” of a group-mode connection is set by default according to a hash of IP/port pairs. It can optionally be set according to specific IP/port-based rules.
The hash value is calculated from the following:
Source IP, Port, and Destination IP, Port
The hash is direction-agnostic:
hash(src,dst) == hash(dst,src)
