"I'll just get a faster pipe" is an appropriate response to many network problems, but a slow WAN isn't one of them. Surprising though it may seem, a bandwidth upgrade will often do nothing to improve application response times or speed file transfers over a wide area network. To squeeze better performance out of a WAN, you need to resort to tricks -- tricks that only a WAN optimisation solution such as Riverbed's Steelhead can provide.
Some simple math shows why. WAN performance is bound by two factors, TCP window size and network latency, that have almost nothing to do with the bandwidth of the link. It is easy to calculate the maximum possible throughput of a WAN link by using the following equation:
For example, a 1Gb Ethernet link from St. Louis to Miami with a latency of 50ms and the standard 64KB TCP window size gives us a maximum possible throughput of 10.49Mbps - and a bigger pipe wouldn't change a thing. Even if the pipe were a mythical 100Gb link, users would still see 10.49Mbps (and a lot of money wasted).
In order to "fill the pipe," either latency has to decrease or TCP window size has to increase. Riverbed's Steelhead can do both and a lot more. This combination of hardware and highly specialized software plays tricks with TCP window sizes, compresses data to squeeze more onto the wire, removes redundant data bits through deduplication, and uses application-specific optimisation engines to reduce overall response time.
With the Riverbed Optimization System (RiOS) version 7, this feature-rich platform gets even richer, adding UDP optimisation, IPv6 support, video stream splitting, and enhancements for remote desktop and VDI (virtual desktop infrastructure) environments. Riverbed continues to enhance its TCP optimization, and the inclusion of UDP closes a gap with competitors. Performance proved top-notch, as always, and the reporting engine gives admins all the information they could want.
Steelhead vs. WAN latency
This is the fifth time I've had the opportunity to review the Riverbed WAN optimization solution, and for the fifth time, it did not disappoint. There are a number of other vendors with good all-around solutions, but few come close to what Riverbed offers.
My test bed consisted of a pair of Steelhead 2050 1U appliances running RiOS 7.0.1, my Shunra Storm WAN simulation tool, and a handful of Windows 7 clients. I added a couple of new tests -- live streaming video and remote desktop traffic -- aimed specifically at new features in the RiOS 7 release. I used Microsoft Expression Encoder 4 to create my live video streams and Login VSI by Login Consultants to automate the VDI tests.
In addition to the new tests, I dipped back into my old toolkit to make sure Riverbed didn't slip up on its long-standing optimization services for CIFS and FTP file transfers. For the CIFS tests, I copied a single large ISO file, then a large number of small files from data center to branch office client to see how well RiOS 7 handled the chattiness of Microsoft's file access protocol. I used the same ISO for my FTP tests. As in the past, I ran all of these tests against three simulated WAN links: a "short" 128Kbps link with 40ms RTT (roundtrip time), a "long" T1 with 500ms RTT and 10^6 packet loss, and a T3 with 100ms RTT.
In all cases, RiOS 7 performed better or on a par with previous releases, with Riverbed's Scalable Data Referencing engine proving once again to efficiently cache data segments as they pass through the appliance regardless of link speed and latency. You can view my RiOS 6 and RiOS 7 test results for the simulated T1 link in the table below.
The most exciting addition to RiOS 7 is the UDP optimization. Long missing from RiOS, UDP support takes the form of a packet-by-packet optimization engine aimed at reducing data sent to remote sites during a disaster recovery (DR) backup session. Many DR solutions, such as those from Veritas and Aspera, use UDP to stream the data to the destination. In previous versions of RiOS, this traffic was simply passed through the appliance without deduplication. Considering the large amounts of redundant data in the typical backup set, this was a glaring hole in Riverbed's arsenal. Now, RiOS 7 will apply the same Scalable Data Referencing (deduplication) algorithms to UDP and cache data segments for future reuse.
One instance where UDP traffic is still going to be passed through unoptimized is VMware's PCoIP protocol for VDI communications. PCoIP is UDP-based, but the packets are compressed by VMware to speed up VDI connections. Because of this compression, RiOS 7 cannot properly analyze the contents of the UDP stream and therefore cannot optimize it. Riverbed is a member of the Teradici Network Solutions partner program (Teradici developed PCoIP), so work is being done to add full PCoIP support to RiOS; as of now, there is no timetable for its completion.
TCP-based VDI traffic gets a boost with an enhanced Citrix-specific software blade in RiOS 7. Instead of applying generic TCP optimizations to Citrix ICA traffic, RiOS 7 can apply ICA-specific optimizations, even to SSL-encrypted ICA streams. RiOS 7 also supports Citrix client drive mapping, meaning it can optimize the data flows between USB sticks and other drives plugged into remote thin clients and virtual desktops in the data center.
Remote Desktop Services sessions also benefit from TCP optimization, but with a caveat. In order for RiOS to provide any data reduction, admins will have to disable Remote Desktop's built-in compression and encryption. I had to turn off compression completely and take encryption down to its lowest level to see any data reduction. As with PCoIP, if the RDP stream is compressed, RiOS cannot optimize it beyond simple TCP optimizations. Using Login VSI, I scaled my remote access tests up to 25 concurrent users on a Windows Server 2008 R2 Remote Desktop Server and held it steady for a full 15-minute Login VSI test run. During this run, I saw a 57 percent reduction in WAN traffic. Disabling compression has to be done on each client, but it's certainly worth the effort.
Riverbed requires compression and encryption to be rolled back in order to optimize Remote Desktop Services traffic, but disabling them pays off. Using Login VSI to run 25 simultaneous Remote Desktop Services connections over my simulated WAN, I saw an overall data reduction of 57 percent.
Crossing the video stream
Live and on-demand streaming video is another traffic type that gets an optimization makeover in RiOS 7. Typically, when remote users view streaming video from a central server, there are as many video streams as there are users. If there are 200 users in 10 branch offices, all viewing the monthly sales Webinar, then there are 200 distinct traffic flows from the data center to users.
RiOS 7 comes with HTTP video stream splitting for Adobe Flash and Microsoft Silverlight video. From our example, if there are 200 users spread across 10 offices, instead of 200 connections between users and the central server, there are only 10 between the remote offices and data center. Each branch office Steelhead splits the stream at the local network and opens only one connection to the data center. Better yet, stream splitting is handled dynamically, on the fly - no configuration necessary.
I tested this new feature using Microsoft Expression Web 4 encoder to create a live video stream from a USB webcam. I accessed the video stream from various clients and monitored WAN usage using Riverbed's built-in reporting tools. As each additional client connected to the live feed, the WAN usage was unchanged, regardless of how many users were online. RiOS 7 allowed a single video stream over the WAN and successfully split it at the branch to all of my users.
On-demand video also gets a boost through the ability to "pre-populate" branch office Steelheads with video content. Previously, only CIFS files and HTTP objects took part in "pre-population." RiOS 7 adds static video content to the mix, further reducing overall bandwidth usage.
Riverbed's video stream splitting technology is a great boon to enterprises that do a lot of video broadcasts. Here we see a reduction in video traffic over the WAN as additional users come online.
Keys to the cloud
RiOS 7 includes two more important updates: end-to-end Kerberos support and IPv6. With the explosion of software as a service (SaaS), preserving secure authentication is imperative. RiOS 7 allows Kerberos tokens to pass unmolested between users and cloud-based offerings such as Microsoft Office 365. Previous versions of RiOS required security tokens to be downgraded to NTLM in order to pass through a Steelhead.
The coming commitment to IPv6 at the provider and enterprise level necessitates its addition into RiOS 7. All network devices will need to speak IPv6, and WAN optimization appliances are no different. IPv6 is now native to RiOS for both the management interface and for optimized traffic. All IT has to do is enable IPv6 support - no other configuration is needed.
Reporting has always been a strong suit in RiOS, and RiOS 7 takes it another step further with the integration of Cascade Shark. Previously available as an add-on virtual server package, Cascade Shark allows admins to capture traffic at the packet level for in-depth analysis. It's a big plus for network diagnostics and troubleshooting, and it takes network reporting to its logical conclusion. UDP optimisation, video stream splitting, IPv6 and Kerberos support, and VDI-related enhancements all add to a proven WAN optimisation solution that not only makes slow, congested WAN links run better, but also provides VMware-based server virtualisation in a separate partition, easing deployment of other services at the branch office. With each new release, Riverbed continues to define what a WAN optimization solution should be.