Deployment Topologies

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 1

Objectives

• To understand Exinda’s wire bypass functionality, deployment topologies and

operational modes

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 2

Networking

• OSI Layer – Yes it starts here.

• At what layer does the Exinda device
operate?
§ Hint: Transparent Bridge

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 3

Deployment
§ Typically, Exinda appliances are deployed in-line, between the core switch and the WAN/Internet
router
§ All models come with at least 1 hardware bypass port pair, marked LAN and WAN. These ports
are designed to fail-over to pass-though mode in the event of system failure or loss of power.
§ Exinda appliances should be deployed with the appliance powered off. This will ensure hardware
bypass is working correctly

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 4

Wire Bypass
§ Wire bypass mode ensures that the Exinda does not introduce a single point of
failure in the network
§ The appliance will go into wire bypass mode in the event of a power, hardware or
software failure

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 5

Fail Safe Operation

Optimizer ON

Optimization
Optimizer OFF
Software
Monitoring

Hardware
Bypass
WAN LAN Optimization Data Path

Monitoring Data Path

Bypass Data Path

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 6

Management Port

Enabling the management port mode assigns the management IP address to GB1
(4061 or higher) or eth1 (4010)

Manages the appliance out of path

WAN /
Core Switch Firewall / Internet
Router

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 7

 Single Unit Deployments

Single unit deployments provide visibility and control

User

Server
Exinda

WAN /
Internet User
Core Switch Firewall /
Router

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 8

 Multiple Unit Deployments

Multiple unit deployments provide visibility, control, and acceleration

Exinda
User

Server
Exinda

WAN / Exinda
Internet User
Core Switch Firewall /
Router

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 9

Topologies with Firewalls

A typical deployment places the Exinda inside the firewall for greatest level of
control and visibility of internal IP addresses

User

Exinda

WAN /
Core Switch Router Internet
Firewall

Server

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 10

Multiple Bridges – LAN and DMZ

Enabling multiple bridges creates multiple LAN/WAN pairs. Allows monitoring &
optimization of two physical networks

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 11

Topologies with Proxies
In this scenario the Exinda must go on the outside of the firewall/proxy, since it’s
the firewall’s traffic the one utilizing the link

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 12

Topologies with VPNs – 1 of 2
A typical deployment places the Exinda between the internal LAN switch and VPN
terminator. This allows for monitoring and optimization of traffic before it is encrypted and
transported in the VPN tunnel

* If you intend to accelerate VPN traffic, Exinda must be deployed on the internal side of the VPN
as shown in diagram

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 13

Topologies with VPNs – 2 of 2
Deployment of the Exinda outside the VPN allows user to monitor encrypted tunnel traffic
and control traffic based on source and destination of tunnels

* Acceleration for VPN traffic will not work in this type of deployment

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 14

Multiple WAN Topology

Exinda can support two or more physical WAN segments (depending upon
platform). This topology is used when customers need to have Exinda across
multiple physical paths to the Internet and/or WAN

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 15

Out of Path Deployment

Used when customers need only monitoring without installing Exinda in-line.
Appliance will monitor and report on all traffic presented on the SPAN/Mirror
port.

* Similar for non-intrusive environments of acceleration with WCCP, PBR

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 16

High Availability Topologies
Exinda devices support a variety of high availability deployment options.

Redundant Router & Load

Balancing

Redundant Router

All monitoring and configuration data synchronized between Exinda’s

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 17

High Availability Configuration

Failed Exinda

Failed another device connected

Web Console: System > Network >NICs

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 18

Virtual Appliance Representation

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 19

Summary

• Deployment considerations:
§ All traffic traversing the WAN link must go through the unit
§ Inside of VPN and firewalls - Insert the Exinda in the location that can “see” the
most
§ Outside of Proxies
§ Select the right operational mode – “Global QoS”
§ Single unit – monitor, report, control/QoS
§ Multiple units – monitor, report, control/QoS, optimize and accelerate

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 20

Questions?

© 2002 – 2013, Exinda Networks Inc. Proprietary & Confidential | 21