An upgrade to the plumbing

HHS inspector general's office uses optimization tool to get its WAN up to speed

  • By William Jackson
  • Jul 27, 2006

WAN optimization

CHALLENGE: For the HHS inspector general, a T1 upgrade of WAN links among 85 field and 10 regional offices produced disappointing performance results. The OIG needed a way to get the most out of those new pipes before consolidating resources into data centers.

SOLUTION: The OIG installed 95 Steel-head WAN optimization appliances from Riverbed Technology Inc. These are TCP proxies that offload much of the TCP and application overhead traffic onto the faster LANs and cache data locally so it does not have to be passed over the WAN between client and server.

MISSION BENEFIT: Caching and reducing overhead has improved application
performance and improved the signal-to-noise ratio on the T1 pipes. One field office that regularly makes large file transfers reported near-LAN performance over the WAN.

LESSONS LEARNED: Riverbed Technology is a relatively new company, and the OIG was concerned about doing business with the new kid on the block, CTO Chris Finucane said. 'We don't want to be cutting edge. If you put all of your money in it and then there's no support, you look kind of stupid.' But the field of WAN optimization was new enough that 'we knew anything we dealt with would be new.' Steelhead worked for the HHS OIG because it fit well into its mesh network, Finucane said. 'Look at your own architecture first, because our solution isn't the answer for everybody.'

EASY: Chris Finucane says Steelhead's ease of implementation tipped the scales.

Rick Steele

The inspector general at the Health and Human Services Department has 10 regional offices that house servers accessed by 85 field offices throughout the country. Recently, the OIG wanted to modernize its IT infrastructure and consolidate resources in data centers.

'On paper, it seemed like a good idea,' said OIG chief technology officer Chris Finucane.

But there were problems. The offices were linked in a hub-and-spoke configuration with dedicated frame relay connections.

'On a good day, they might get 128K,' Finucane said.

This WAN did not adequately support data access in its existing configuration and needed to be upgraded before any consolidation could be done. It was replaced with T1 links that provided 1.54-Mbps connections to the MCI mesh network cloud.

'Every office was point-to-point with every other office,' Finucane said. But the problem did not go away. 'The performance wasn't noticeably improved by the upgrade.'

The OIG considered another WAN upgrade before the consolidation. 'But doubling the amount of bandwidth wasn't going to gain us anything,' he said.

The difficulty was that the transport and application algorithms on the file transfers did not work efficiently. A lot of the available bandwidth was simply being wasted, and applications were suffering from the latency.

'We weren't completely saturating the T1s,' Finucane said. 'I understood enough about the philosophy of networking to know bandwidth wasn't the only element.' So he sat in on a webinar on data center consolidation and WAN acceleration. There he was introduced to the Steelhead WAN optimization appliance from Riverbed Technology Inc. of San Francisco.

Steelhead is designed to address significant problems, said Alan Saldich, vice president of marketing for Riverbed Technology.

First are bandwidth issues'applications that work fine over the LAN (up to 1 Gbps) can show lousy performance on the WAN (often 100 Mbps). Second is latency, which affects the performance of applications over TCP, the transport layer component of the Internet Protocols, which is sensitive to latency. Delays on a LAN often are measured in microseconds'millionths of a second'while on WAN they can be measured in milliseconds'thousandths of a second.

Steelhead is a rack-mounted appliance that sits at each end of a WAN link, usually between the switch and router. It acts as a TCP proxy, intercepting TCP traffic and setting up its own session with the appliance at the other end. Each appliance reduces the volume of traffic by analyzing data being passed and storing it in short segments. As data is exchanged, only new data is passed between appliances.

'Anything repetitive gets eliminated from the network,' Saldich said. 'That's usually more than 50 percent and sometimes up to 90 percent of the data.'

Algorithms analyze patterns so data segments are identical at each end of the link.
'If you send the same data through the system twice, the algorithm will always make the same decisions, so you always have the same segments,' Saldich said.

This form of transport streamlining addresses TCP latency by maximizing the amount of data sent in each window, thereby reducing the number of round trips necessary in the TCP session. Application streamlining improves performance because apps normally require numerous exchanges between client and server to set up a session. 'This is a legacy of many years of development,' Saldich said. It often is not noticeable on a LAN, but on a slower WAN, 'it usually is not tolerable for end users.'

Steelhead uses application-specific protocols to set up the session with the server over the LAN, then passes data over the WAN to the appliance on the client side.

In the spring of 2005, Finucane brought in a pair of Steelhead appliances, along with similar tools from Cisco Systems Inc. and Juniper Networks Inc. of Sunnyvale, Calif.

'We did a bake-off between them,' he said. 'At the end of it, Steelhead had the best performance.'

The different brands worked equally well in the first exchange between client and server, when full files are transferred, Finucane said. In each case, compression provided about a 50 percent reduction in volume. But in subsequent exchanges, segment caching kicked in, further improving performance.

'Steelhead seemed to be blazingly fast on the second return,' he said.

But it was ease of implementation rather than speed that tilted the balance toward Steelhead, which worked better with the mesh network serving the HHS OIG and did not require any segmenting or re-engineering.

'The second-rated appliance was really close. The mesh networking was the show stopper,' Finucane said.

HHS began installing the appliances in August 2005 and finished up this past February. It is using the high-end 5010 model in its 10 regional offices, which offers 45 Mbps throughput and up to 4,500 TCP connections for $45,000 each. The 85 field offices have the midsize 1020 model, offering 2 Mbps throughput and up to 625 TCP connections.

The installation was done without additional funds, Finucane said.

'We're really happy with the devices,' Finucane said. One field office that had been doing a lot of large file transfers had complained that the T1 upgrade had not produced any results. After the Steelhead was installed, 'I got an unsolicited e-mail that said, 'What did you uys do to the network? It seems like I'm getting LAN speeds.' ' n

inside gcn

  • Congressman sees broader role for DHS in state and local cyber efforts

    Automating the ATO

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group