WAN Accelerators

We tested three units per vendor (a central office unit and two remote units). Generally, you'd need one more WAN accelerator than you have WAN links: one central office unit, plus a unit in each branch office. And because each manufacturer uses proprietary compression, all the devices must be from a single vendor.

The accelerators can be deployed in a hub-and-spoke or mesh topology, based on your organization's setup. Devices that require you to create links manually, however, are difficult to configure in a mesh environment. That's one limitation of Expand's and Swan Labs' accelerators. By comparison, Packeteer's PacketShaper Xpress, which detects peers and sets up a compression tunnel automatically, makes the configuration process easier across the board.

You'll also want to consider using each vendor's centralized management software, especially if you're managing a large number of WAN links in a mesh setup. Centralized management software can be deployed anywhere, but ideally on a separate Windows server in the central office. The management software polls all units and pushes configuration files to all appliances.

Rules of Compression

As a general rule, the more compressible the data--text files and Web pages, for instance--the better the throughput. In one of our benchmarks, we transferred 30 Web pages over a simulated T1 link in 93 seconds. With compression enabled, that time fell dramatically: 24 seconds, for example, when we tested Peribit's SM-500. Binary files, nonrepeating data, VoIP (voice over IP) traffic, streaming video and already compressed traffic don't fare as well as Web and text files. When we transferred a 15-MB data file composed of random ASCII and extended ASCII characters, we shaved off only a second or two.Some products also handle repeated traffic quite well. When we transmitted a 42-MB PowerPoint data file, then made minor changes and retransmitted it, the Peribit SM-500 and Expand Networks Accelerators sent the altered file in seconds rather than minutes. These devices don't employ file caches in the conventional sense. That is, they don't act as proxies, nor do they look at the file name. Instead, they look at network traffic patterns. The server is always contacted and transmits the complete file--the network accelerator determines what needs to be sent and what doesn't. Conventional file caches send the client a local copy of a file without downloading it. A vendor-specific pattern-matching algorithm is used to detect repeated traffic. Some devices detect repeated patterns inside specific data blocks, others try to predict future traffic based on past patterns, and still others use small segments of traffic to determine if those segments are part of a larger pattern.

The more storage space in a unit, the more data can be cached and the bigger the device's compression dictionary can be. The dictionary is a collection of data that correlates the compressed information with its associated uncompressed values. Compression algorithms reference the dictionary to shrink or expand data. The Peribit SM-500 can hold the most RAM--up to 16 GB--four times that of its competitors. The units we tested had from 512 MB to 2 GB of RAM, but our benchmark suites did not transfer more than 512 MB of data in any one run. Units with hard drives, such as those by Peribit, let you store large quantities of data. With 500 GB of space available, it would take a T1 several weeks of full saturation to exhaust the cache. RAM caching offers superior performance to disk caching, though the effect is less noticeable at lower speeds.

Regardless of the results on our network, your own WAN performance will depend on what type of data you send, how often you send it, how compressible it is and how easily it can be cached. If you're sending huge, incompressible files--such as graphic or audio/video files--you might not gain much throughput. If, on the other hand, you daily modify and send the same basic text files, such as stock price listings or grocery store UPC codes, you're likely to see significant performance improvement with a Peribit SM-500 or an Expand Accelerator because of their caching abilities. When we tested these devices in a midlevel compression scenario (a combination of compressible text files and incompressible random files), we saw increases of 150 percent to 230 percent. When we performed our high-compression test (text files and Web pages that can be compressed at least 50 percent individually), throughput increased up to 380 percent.

Packet loss and high latency cause a TCP connection to throttle back and slow down. This means that you might of have paid for a 1.5-Mbps connection, but use only 500 Kbps. With Internet VPNs, which are popular because of their low costs, you have little control over latency or packet loss. The products we tested all help TCP recover from slowdowns quicker than it does on its own.Finally, prioritizing traffic lets you improve application response time by throttling back less vital and less time-sensitive traffic. The QoS mechanisms employed are for protocol prioritization and rate limiting. You won't find DiffServ or IntServ technologies, though some vendors support setting ToS (type of service) bits, which isn't too helpful. Instead, you can rate-limit how much bandwidth a particular user or application may have access to or set a guaranteed minimum. All the devices we tested let you adjust TCP window sizes to control TCP traffic, and all rely on a queuing algorithm for UDP.

To determine how well the products stuck to QoS policies, we transmitted 30 highly compressible Web pages with QoS enabled. Our goal was for the Web pages to get 95 percent to 97 percent of available bandwidth for HTTP. Not surprisingly, Packeteer's PacketShaper Xpress really shined in this test. Packeteer started with an excellent QoS product and added on compression, while the other vendors did the reverse. When we enabled QoS policies, the PacketShaper added only three seconds to its transfer speed, indicating close adherence to the policies without much delay.

Best of the Best

We gave our Editor's Choice award to the Peribit SM-500 because of its superior performance metrics and easy management, but each product has strengths. All four accelerators boost WAN performance, offer simple configuration options, give access to advanced configuration capabilities and produce clear reports. In addition, all support passthrough failover. If any accelerator is unplugged, traffic will nonetheless pass through the device as if it were part of the wire.

Some products have stronger features. The Peribit and Swan Labs accelerators handle packet loss very well, for example. Packeteer's PacketShaper Xpress, meanwhile, has the most QoS features, and lets you place limits on protocols, users, subnets or individual connections. None of the other devices offer that much granularity.

All the vendors license their products based on link speed. In many cases, the same hardware model supports a range of speeds from T1 to T3. If you change WAN speeds, you may only need a new license key. Peribit and Swan Labs both submitted the same hardware models for branch and central office use. For Peribit, the 1.544-Mbps license is $19,750; the 10-Mbps license is $41,000. Swan Labs charges $10,499 and $33,999, respectively. All our benchmarks were conducted with a 1.544-Mbps link. In hub-spoke environments, you'll most likely need higher speed on the central office unit than on the remote devices. Expect to pay for extras, too. If you plan to have one central unit, it may need additional memory to store a larger dictionary. To use the vendors' centralized management software, you'll pay anywhere from $2,499 to $15,000.

As companies expand and set up international WAN links--for corporate use or outsourcing--better performance becomes more important. Corporate DSL and cable connections are cheap, but can be unpredictable and don't offer significant gains in bidirectional bandwidth compared with leased lines. WAN accelerators help you get more out of your pipes, and your users don't even need to know about them.

The SM-500 is a world-class WAN accelerator, with superior performance and a solid feature set. Not surprisingly, the SM-500 comes with a world-class price tag, too.

The SM-500 was the only product we tested with a hard drive to hold additional compression dictionary data. This model ships with 500 GB of storage, in the form of dual 250-GB IDE drives. Data is cached until the drive fills up, and then the oldest data is removed. Expand's was the only other device to offer caching.Peribit's device also detects repeated network traffic. We sent a 42-MB PowerPoint file across our T1 line in 204 seconds. We then made a change that resulted in less than 1 MB of difference between the original and modified files. The new 43-MB PowerPoint file transferred in less than six seconds. Furthermore, in our high-compression Web test, the SM-500 cut transfer time from 93 seconds to 24 seconds, considerably faster than the nearest competitor.

The SM-500 performed well when faced with packet loss. On our poor link test, it took 962 seconds to complete a transfer on a T1 with 250-millisecond round-trip latency and 0.5 percent random loss, but only 109 seconds when we enabled error correction--less than half the time of the second-best performer. The device also handled our QoS test well, though Packeteer's PacketShaper Xpress stuck to the defined policies better.

Adding SM-500 units to your WAN is simple. Any Peribit device on your network can act as a registration server, though the most logical choice in a hub-spoke environment is the central unit. After you input an IP address and a password for each additional spoke unit, the registration server establishes a compression tunnel. If you have a mesh network, the registration server tells the spokes about all other units in the mesh and creates all the links. The registration server also lets you set up limited ad hoc management, so a peer can get its compression settings and find the locations of other peers.

The SM-500 also can create LAN-to-LAN IPsec VPN tunnels between units. However, because these devices are meant to be used in tandem with a peer, you can create VPN tunnels only between Peribit units. But you can mix and match the vendor's hard drive and non-hard drive models.Centralized management software lets you control, read and load configurations onto all your end units. You also can set further options, such as traffic-prioritization policies, system configurations and firmware revisions. The software lets you see compression savings across all devices and create a customized home page for basic stats and figures. Multiple users can be created in the central management suite, and each user can customize his or her home page. The software offers read-only and administrator user levels.

The SM-500's reporting engine is fair. We saw stat tables, pie charts and line graphs for traffic, compression percentages and QoS. We also could specify time intervals to graph. However, the graphs cannot be exported.

Peribit asks you to pay dearly for the additional hardware and capabilities. The SM-500's central office unit, as we tested it, sells for $41,000; the branch office units, as tested, are $19,750. The second-most expensive units, from Swan Labs, sell for $33,999 and $10,499, respectively. Yet, even though we penalized the SM-5000 heavily in our Report Card's price category, the system still beat the competition. No other device came close to the SM-500's performance.

Sequence-Mirror 500. Peribit Networks, (866) 737-4248, (408) 330-5600. www.peribit.com

Although Expand Networks' Accelerator and Packeteer's PacketShaper Xpress devices tied on our Report Card, Expand's device has the better performance numbers and price. Were it not for the Accelerator's central management system, which didn't support our test unit's new firmware, this entry would have been a contender for first.Expand's Accelerator is reasonably easy to configure, with a console cable, push-button switches on the front panel and a Web setup wizard. However, you must manually create links on one accelerator before its peers configure themselves. That's not too terrible for a hub-and-spoke setup, but without full autodetection, establishing a mesh network would be a hassle.

Setting the Accelerator's bandwidth limits and prioritization is straightforward. The device supports Layer 7 inspection on HTTP and Citrix communications. Each application can be assigned a priority or bandwidth guarantees and limits. We limited QoS policies to take effect on specified IPs, subnets or accelerator links. Policy compliance, however, was spotty. The device handled our high-compression Web test in 39 seconds, but with a 95 percent and "high" priority for Web traffic, the device needed 78 seconds to transfer the Web traffic when run concurrently with FTP traffic. When we set the priority to "real time," the highest setting, the same test took only 42 seconds. Expand couldn't explain why the bandwidth thresholds didn't hold as well at a slightly lower priority.

The Accelerator performed nearly as well as the Peribit device in our PowerPoint test and essentially tied for first in our medium-compression test. Unlike the Peribit box, however, the Accelerator lacks a hard drive. Therefore, if we had sent as much nonrepeated data as there was RAM installed (rather than just the 42-MB file) through the device, the cached PowerPoint content would have been overwritten. The Accelerator also managed only a distant third in our packet-loss test.

Although we couldn't test centralized reporting, we did view basic end-unit reporting, which appears clean, if not overly simple. Line graphs display throughput, link utilization, acceleration percentage and compression percentage. You can also view raw statistics for Layer 2 information (bytes, packets and CRC errors, for example). You can get graphs only at predefined time intervals, but they can be exported to an Excel file. Bar graphs showing statistics for specific applications are available, too. However, Java must be installed and enabled to read the graphs.With QoS factored in, the Expand Accelerator is the only WAN optimizer product that costs less than $50,000. Unless you have no plans to employ centralized management, we recommend waiting for an improved version of this product. When the centralized management and reporting software are complete, the device will be an attractive and affordable option.

Accelerator 4820 (branch-office model); Accelerator 6810, (central-office model). Expand Networks, (888) 892-1250, (973) 618-9000. www.expand.com

Packeteer added on-the-fly compression to a product we once named an Editor's Choice, but the PacketShaper Xpress is hardly the speed demon its new name implies. This device had the best traffic-shaping features and lowest cost of the products we tested--and the worst performance.

Setting up compression tunnels was easy. Just turn compression on and the unit automatically detects peers and creates a compression tunnel. The PacketShaper supplies many options and fine granularity for each policy. The only downside to this level of detail is that configuring the QoS policies is challenging.

In our QoS test, Packeteer held to our desired policy closer than any other device. The high-compression Web test that took 70 seconds by itself took just 72 seconds with the traffic-shaping policy. No device came closer to achieving our 95 percent guaranteed bandwidth requirement. Unfortunately, the PacketShaper Xpress fell short in other areas. We saw no speed benefits in the PowerPoint test, and in all other tests this device came in last.

Centralized management is available using PolicyCenter. We defined several groups, and set configuration and QoS policies for each. Then we logged on to our branch-office unit, specified the IP of the PolicyCenter computer.

Among the devices we tested, the PacketShaper has the best reporting capabilities. Each unit can display and graph a full list of compression levels, application performance and utilization. A centralized reporting server, ReportCenter, collects data from all units. Here you can group PacketShapers into various locations or networks, and make graphs for one or many units.

If you need a device that will strongly enforce your QoS policies, the PacketShaper is for you. Otherwise, the other devices work better.

PacketShaper 2500 Xpress and PacketShaper 6500, Xpress. Packeteer, (408) 873-4400, (800) 697-2253. www.packeteer.comAlthough NetCelera handled our tests well, this device, which Swan acquired from ITWorx earlier this year, has some shortcomings, including problems with setup, management and QoS policy adherence.

NetCelera's compression tunnels must be configured manually. Fortunately, the product's centralized management software identifies all other NetCelera products installed. But anything short of autodetection is insufficient for creating large mesh networks.

The product also fell short on traffic-shaping features. NetCelera gives each WAN link its own policy, in which you set minimum or maximum bandwidth as a percentage of the whole for each protocol. But the device doesn't offer prioritization settings. And you can't share policies across multiple WAN links.

NetCelera's performance was good in many of our benchmarks. The device faltered, however, in adhering to QoS policies and in our PowerPoint test.NetCelera's reports are adequate. You can create graphs showing utilization and compression by percentage, and graph total incoming and outgoing traffic.

NetCelera Model T. Swan Labs Corp., (408) 324-5100, (866) 375-SWAN (7926). www.swanlabs.com

Michael J. DeMaria is an associate technology editor based at Network Computing's Syracuse University Real-World Labs®. Write to him at [email protected].

WAN accelerators use caching, compression and QoS (quality of service) technologies to increase transmission speeds. In network caching, the accelerators use proprietary algorithms to detect data traffic patterns and can reduce transmission times from minutes to seconds. Compression relies on checksums and algorithms to reduce the traffic traveling across the network. QoS lets these units prioritize traffic so the most time-sensitive data reaches its destination fastest.

We tested WAN accelerators from Expand Networks, Packeteer, Peribit Networks and Swan Labs. They all accelerated file transport regardless of file size and compressibility. The Peribit SM-500 earned our Editor's Choice award for its superior management software and dramatic wins in several of our performance tests.Each vendor submitted a central office unit supporting a 10-Mbps connection and two remote office units on a T1 (1.544 Mbps). We created a WAN with a Shunra Storm STX-100 line simulator, which we used for routing, inserting latency and causing packet loss. We used a Netgear FS108 switch in the remote office and a Cisco Catalyst 2948G switch for the central office, with connections set to 100-Mbps full duplex. Five client machines in the remote office pulled data from two servers in the central office. The clients were 600-MHz Pentium 3 units with 256 MB of RAM. The servers were dual 2.4-GHz Xeons, with 1 GB of RAM and 35-GB RAID 5 drives.

We ran tests with files of varying levels of compressibility, using Mercury Interactive's LoadRunner emulator for FTP, HTTP and IMAP tests. With our custom-written program, we generated random, text and HTML files. The random data files included regular and extended ASCII characters and were nearly incompressible. Text and HTML files were generated by pulling words randomly from a dictionary of 1,251,140 words and phrases. Text files were considered medium-compressible files. HTML files were highly compressible because of HTML tag repetition, embedded tables and commonly embedded GIF files.

We generated 60 Web pages that referenced up to 99 unique GIF files; however, most of the pages we transmitted contained between two and 10 GIFs. We generated 10 random data files of approximately half a megabyte and 10 text files of 2 MB to 10 MB for FTP traffic. We generated 10 text files between 6 KB and 18 KB for e-mail messages, and 10 random files of 59 KB to 1.2 MB to represent attachments.

For our compression tests, we created three sets of data, each unique but similar in size and content to the others. We ran each benchmark three times, then averaged the results. In all three tests, we imposed the following conditions: 50-millisecond round-trip latency, no jitter and 0 percent packet loss.

For our PowerPoint test, we tested the products' ability to detect large, previously transmitted files. To complete this test, we downloaded a 42-MB PowerPoint file from an internal CMP Web server to multiple CMP branch offices. We then modified one slide in the middle of the presentation and saved this file as "presentation2.ppt." The two files differed by only 818 KB of data. We transferred the first file, then the second one, using Windows FTP, with the same latency, jitter and packet-loss conditions as the above tests.For our QoS enforcement test, we timed a transfer of 30 Web pages with compression enabled. Then we cleared the caches on each appliance, ran a large, incompressible FTP transfer and simultaneously ran the Web transfers again. We expected the first and second transmissions to take nearly the same amount of time. Such a result would indicate that bandwidth was correctly allocated to the high-priority application.

Finally, our poor-link test measured conditions under a different set of conditions: 250-ms round- trip latency, 10 percent jitter and 0.5 percent random packet loss.

R E V I E W

WAN Accelerators

Sorry,
your browser
is not Java
enabled

Welcome to NETWORK COMPUTING's Interactive Report Card, v2. To launch it, click on the Interactive Report Card ® icon above. The program components take a few moments to load.

Once launched, enter your own product feature weights and click the Recalc button. The Interactive Report Card ® will re-sort (and re-grade!) the products based on the new category weights you entered.Click here for more information about our Interactive Report Card ®.