Beruflich Dokumente
Kultur Dokumente
Disclaimer
THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY EXPRESS OR IMPLIED WARRANTY OF ANY KIND, INCLUDING WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT OF INTELLECTUAL PROPERTY, OR FITNESS FOR ANY PARTICULAR PURPOSE. IN NO EVENT SHALL PACKETEER OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OF OR INABILITY TO USE THIS DOCUMENT OR THE PRODUCTS DESCRIBED HEREIN, EVEN IF PACKETEER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME JURISDICTIONS PROHIBIT THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. Packeteer and its suppliers further do not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this document, or assume liability for any incidental, indirect, special, or consequential damages in connection with the furnishing, use, or performance of the information in this document. Packeteer may make changes to this document, or to the products or software described herein, at any time, without notice. Packeteer makes no commitment to update this document.
Copyright/Trademarks/Patents
Packeteer, the Packeteer logo, and combinations of Packeteer and the Packeteer logo, as well as PacketWise, PacketSeeker, PacketShaper, PacketShaper Xpress, and PolicyCenter, are trademarks or registered trademarks of Packeteer, Inc. in the United States and other countries. Other product and company names used in this document are used for identification purposes only, may be trademarks of other companies, and are the property of their respective owners. Copyright 19962006 Packeteer, Inc. All rights reserved. No part of this document may be reproduced, photocopied, stored on a retrieval system, transmitted, or translated into another language without the express written consent of Packeteer, Inc. PacketShaper, PacketShaper Xpress, and PacketSeeker appliances, and PolicyCenter and PacketWise software protected by, or for use under, one or more of the following U.S. Patents: 5,802,106; 6,018,516; 6,038,216; 6,046,980; 6,115,357; 6,205,120; 6,285,658; 6,298,041; 6,412,000, 6,456,630; 6,457,051; 6,591,299; 6,741,563; 6,928,052; 6,934,745; 6,970,432; 7,003,572; 6,460,085; 6,529,477; 6,584,083; 6,654,344; 6,934,255; 7,013,342 and 7,012,900. Other U.S. and international patents pending. Portions of the product incorporate software licensed from General Software, Inc. Copyright 2001 General Software, Inc. All rights reserved. This product also includes software for zipping and unzipping. Copyright 1990-2001 Info-ZIP. All rights reserved.
Printing History
September, 2006 PacketWise 7.4
Regulatory Information
For information on regulatory compliance, see Appendix G:, Safety and Regulatory Information.
Other Resources
Online Help The PacketWise browser interface contains context-sensitive help with sufficient detail to assist you in setting up and maintaining configurations. To access help, click the help button and context-sensitive help will display in a separate window. The command-line interface (CLI) also has online help, which provides command syntax details.
PacketGuide Included with all PacketShaper models is a browser-based reference resource called PacketGuide. In addition to complete reference material pertaining to the use of PacketWise software, PacketGuide contains recommendations for using Packeteer products to solve common network and application problems. There are three ways to access PacketGuide: Click the packetguide tab in the PacketWise browser interface. Enter the following URL in your Netscape or Internet Explorer browser window:
http://support.packeteer.com/documentation/packetguide/version.htm
and then choose version 7.4 from the PacketShaper list. Use the PacketGuide CD included with your PacketShaper. Quick Start Guide This concise booklet is shipped with all units and covers hardware installation and basic configuration. Complete installation and configuration instructions are provided in the Getting Started Guide (this manual). PacketGuide CD The PacketGuide CD includes an off-line version of the PacketGuide reference resource, plus PDF versions of the Quick Start Guide, Getting Started Guide, CLI Commands, Release Notes, and Preconfigured Graphs documents. Note that the latest online versions of these documents can be found by clicking the packetguide button in the PacketWise browser interface. Customer Support If you have a technical question about your PacketShaper, go to the Packeteer customer support website: http://support.packeteer.com. This website has a Technical Information Library (TIL) and an Online Support Center. Best Practices The Best Practices website offers a single location where you can come to answer the question, What should I be doing now? in any phase of your process with Packeteer products. It lists and describes the tasks involved at the various stages of deployment, and it provides links to information contained elsewhere on Packeteer websites that can give you detailed specifics. The URL is:
http://support.packeteer.com/documentation/BestPractices/
TABLE OF CONTENTS
CHAPTER 1: BEFORE YOU INSTALL
Introduction .................................................................................................................................................. 1-1 Determining Your Enterprise Deployment Strategy .................................................................................... 1-3 Placing PacketShapers into Redundant Topologies ..................................................................................... 1-8 Deploying Non-Inline PacketShapers .......................................................................................................... 1-9 Determining Your PacketShaper ISP Deployment Strategy ...................................................................... 1-10 Determining Which Mode to Use............................................................................................................... 1-11 Pre-Installation Checklist for Local Mode ................................................................................................. 1-12 Pre-Installation Checklist for Shared Mode ............................................................................................... 1-17
PacketShaper 3500 Specifications................................................................................................................A-9 PacketShaper 2500 Specifications..............................................................................................................A-11 PacketShaper 1700 Specifications..............................................................................................................A-13 PacketShaper 1550 Specifications..............................................................................................................A-14 PacketShaper 1400 Specifications..............................................................................................................A-15 PacketShaper 1200 Specifications..............................................................................................................A-16
Index
PacketShaper ISP PacketShaper ISP models all include the monitoring and shaping modules (the compression module is not available for the PacketShaper ISP). The PacketShaper ISPs high-level capacities for classes and partitions allow service providers and universities to perform bandwidth farming: they can allocate bandwidth to each of their subscribers or students and use the PacketShapers extensive reports to verify usage. Information about hardware installation and software setup that is applicable to all Packeteer products is covered in the first part of this guide (Chapters 17). Specific configuration information for each Packeteer product is included in Quick Start chapters (Chapters 911).
Considerations
Before you proceed to hardware and software setup, you need to consider the following: Your placement strategy Its important to know where you will install the PacketShapers in your network. The locations depend on a number of factors, such as the type of network topology and what traffic you want the unit to monitor and manage. See Determining Your Enterprise Deployment Strategy on page 1-3, Placing PacketShapers into Redundant Topologies on page 1-8, Deploying Non-Inline PacketShapers on page 1-9, or Determining Your PacketShaper ISP Deployment Strategy on page 1-10. Which mode youll use When you run Guided Setup, the initial software configuration program, you will need to select either local or shared mode. The modes are explained in Determining Which Mode to Use on page 1-11.
1-1
Your configuration settings By filling in the checklist on page 1-12 (local mode) or page 1-17 (shared mode), you will have all the information you need to answer the Guided Setup questions.
1-2
Note: For installing a PacketShaper unit into a redundant network topology, see page 1-8; for a non-inline deployment, see page 1-9. For PacketShaper ISP deployment strategies, see page 1-10.
PacketShapers are not Intended to be Firewalls Although PacketShapers can help identify performance problems due to viruses, worms, and denial-of-service attacks and can even help block some of this undesired traffic, they are not intended to act as firewalls. Packeteer recommends that you use a firewall or antivirus tools to protect your network from viruses and worms.
When a main site WAN link connects the main site to branch offices across a private corporate WAN, connect the PacketShaper to the WAN router as shown in the illustration below.
Enterprise Servers
Corporate WAN
PacketShaper
1-3
Assuming that you want to manage the WAN connections of the branch offices in addition to the main sites WAN link, this strategy is appropriate in hub-and-spoke topologies where the PacketShaper can see all branch traffic. All branch traffic must go through the main site PacketShaper, and there should be no direct branch-to-branch traffic. In this deployment strategy, the application and intranet servers are at the main sites data center, and each branch office must access the Internet through either the main site or a totally separate Internet connection that doesnt use the same last-mile WAN connection.
Note: Pure hub-and-spoke design is not necessary if you are managing only the main sites WAN link and not the branch offices WAN connections.
There are two basic reasons for placing a PacketShaper at a main site WAN link: To monitor or provision bandwidth to each branch office To monitor or provision bandwidth to each branch office and analyze and/or control individual application performance at each site
Depending on your purpose for deploying a PacketShaper, you will need to configure your unit differently. See the Enterprise Deployment Topologies guide for details. The number of branch offices a single PacketShaper can support depends on the complexity of the configuration. For example, in a complex configuration where a unit is managing bandwidth for each remote site in addition to controlling individual application performance at each site, a PacketShaper would not be able to manage as many branch offices as in a simpler configuration where the unit is not controlling application performance.
A main site Internet link topology has a PacketShaper unit at the main sites link to VPNconnected branch offices, dial-up VPN users, partner extranets, and/or simply the Internet. Applications for VPN-connected branch offices are hosted at the main site servers.
Enterprise Servers
Internet
When an Internet link supports both critical and casual traffic, you can use a PacketShaper to distinguish between the different types of Internet traffic. For example, a PacketShaper with the Monitor Module can determine how much of the link is going to web browsing and MP3 downloads, and even produce a list of top link users and Web destinations. With PacketShapers control module features, you can make sure dial-up users get the bandwidth they need, contain unsanctioned music downloads, and pace Voice over IP (VoIP) and streaming video traffic for stutter-free performance.
1-4
Virtual Private Networks (VPN) If you use VPN, you can install PacketShaper on either side of your VPN gateway. Its position with respect to the VPN gateway dictates whether it will classify applications before or after encryption. If you want to be able to classify, monitor, or control individual applications, place the PacketShaper between the LAN and the VPN gateway (see first illustration below). On the other hand, if you want to classify and protect all encrypted VPN traffic, place the unit between the router and the VPN gateway (second illustration).
VPN gateway LAN Internet router PacketShaper
Multiple LANs (DMZ and Private LAN) If you have a private local-area network (LAN) and a Demilitarized Zone (DMZ) connected to your Internet link, you can purchase a Packeteer LAN Expansion Module (LEM) to provide additional connections. The private LAN is connected to the built-in ports, and the DMZ is connected to the LEM ports.
DMZ LAN
LAN Internet PacketShaper with LEM firewall with DMZ port router
1-5
Proxy Server/NAT Some proxy servers also perform Network Address Translation (NAT), so both functions need to be considered when you are determining the placement of PacketShapers. To be effective, the units should be placed outside a proxy server, since proxy servers typically terminate and restart TCP sessions. A unit inside a proxy server would see all inbound traffic sourced from the proxy server.
inside
outside
For details on configuring the traffic tree at a main site Internet link, see the Enterprise Deployment Topologies guide.
A distributed deployment includes PacketShapers at the main site and at each branch office. This strategy monitors and/or controls all application performance at all offices regardless of network size or topology. By having PacketShapers at each branch office in addition to the main site, you can get a more granular view of application bandwidth use and performance.
Enterprise Servers
Corporate WAN
PacketShaper
Internet PacketShaper
PacketShapers
PacketShapers
1-6
To effectively control bi-directional non-TCP-based applications, such as UDP and IPX, youll need to place PacketShapers on both ends of the link, one at the main site to control traffic outbound to the branch office, and one at the branch office to control traffic outbound to the main site. This is also recommended for point-to-point and mesh topologies that use technologies like Frame Relay and SMDS.
Main Site Branch Offices
PacketShaper clients
servers
PacketShaper with Compression Another topology that requires a distributed deployment is one which includes a PacketShaper configured with the compression module (previously known as a PacketShaper Xpress). The Xpress feature works by identifying other compression-enabled PacketShapers on the network and creating compression tunnels between them. A tunnel is automatically set up when traffic is sent through the PacketShaper to a host on the other side of another PacketShaper. In the illustration below, Tunnel A is created for the traffic between the clients in Branch Office A and the servers at the main site. Likewise, Tunnel B is created for the traffic between the clients in Branch Office B and the main site servers. Tunnel C is created for the traffic between the clients in Branch Office A and the clients in Branch Office B. For more information on using Xpress, see Chapter 10, Compression (Xpress) Quick Start.
Branch Office A Main Site Servers Branch Office B
PacketShaper Internet
PacketShaper
Tunnel A Tunnel C
Tunnel B
Packet Capture Another reason you might want PacketShapers at each site is to analyze detailed information about packets. Using the packet capture feature, you can capture packets for future analysis. For details on configuring the traffic trees at branch offices and main sites in a distributed deployment, see the Enterprise Deployment Topologies guide.
1-7
clients
WAN
Note: To use a PacketShaper in a redundant network, a Packeteer LAN Expansion Module (LEM) is required. If you are already using a LEM for another purpose, you will need two LEMs. PacketShapers must be directly connected through the uppermost or right-most LEM.
1-8
Note: Because a PacketShaper in watch mode cannot perform traffic shaping, this feature is more often used on PacketShapers configured only with the monitoring module.
One of the basic non-inline topologies is shown below. For illustrations of all supported topologies, see Chapter 8.
Routers
PacketShaper
Outside port (for monitoring) Inside port (for management) SPAN port
Switch
The PacketShaper can also be connected to the network through a tap. A network tap is a transmit-only hardware device, placed inline, that provides a permanent access port for passive network monitoring. When a PacketShaper is connected to a tap, it receives the same traffic as if it were located directly on the wire.
Routers
Switch
1-9
To set up an ISP upstream link configuration, connect the PacketShaper ISP units outside port to the router and connect the inside port to the ISP network.
Internet
router
outside
inside
ISP Network
PacketShaper ISP
To set up a cable or DSL head end configuration, connect the PacketShaper ISPs outside port to the ISP network and the inside port to the distribution network that contains the users.
outside
inside
ISP Network
PacketShaper ISP DSLAM or cable head-end
1-10
If you are configuring a PacketShaper in local mode, you must also select an operating mode: Shaping This option enables traffic discovery and shaping. Use this setting to automatically discover the traffic running on your network and apply default policies and partitions. To create new policies and partitions, see Chapter 9. Monitor Only Use this mode to have PacketShaper automatically create traffic classes based on the traffic it detects, but not control (shape) the traffic. Monitor Only mode is the most common choice for initial setup, since users typically want to discover and monitor traffic before turning on shaping controls. Shaping can be enabled later under the setup tab. Custom Traffic discovery and shaping are initially disabled. These options can be enabled later under the setup tab. If you have PacketShaper 1200 or 1400 Lite, Packeteer recommends Custom mode.
1-11
Site Router
Password for read-only access, for example READ. Passwords can be up to nineteen characters long and are case sensitive. They can consist of a combination of letters, numbers, and all special characters.
1-12
Description Password for read/write access, for example 7JX1R5 Inbound and outbound link speeds in bits per second. Use the same link speed as that set in the network router. Data rates may be specified as integer bits per second, followed by a k (thousands), M (millions), or G (billions), or specified symbolically (T1, E1, T3). Examples: 1.536 M or T1. For a full-duplex WAN link, enter the total link speed for the inbound and outbound rates. Because full-duplex has wires that can simultaneously communicate in both inbound and outbound directions, you should enter the same rate for Inbound Rate and Outbound Rate. For example, if you have two T1 lines (3 Mbps), you should enter 3M for Inbound Rate and 3M for Outbound Rate. In rare situations in which the PacketShaper is managing half-duplex links, split the rate between the inbound and outbound links. For example, if you are managing a 10 Mbps half-duplex link, you could configure 5 Mbps for the inbound rate and 5 Mbps for the outbound rate since data can be transmitted in only one direction at a time. Note: If you set any NIC in the PacketShaper to halfduplex, you will not be able to transmit and receive at the same time, limiting the bandwidth to half. For example, if you have set 10 Mbps half-duplex on the NIC, the PacketShaper will be able to pass only 5 Mbps IN and 5 Mbps OUT at one time. Hence, you will not be able to manage a WAN link size greater than 5 Mbps. When using the direct standby feature (described in Chapter 7) in a load-sharing topology, set the link speed to the sum of both WAN links. Because each unit receives copied packets from its partner, the overall Inbound and Outbound partition sizes must be able to support that level of extra traffic. In this situation, you may want to use the access-link monitoring feature (advanced mode) to monitor the routers WAN interfaces and avoid over-subscribing the WAN bandwidth. See PacketGuide for details.
Your Setting
1-13
Description The linksize key associated with a units shaping license may enforce an upper limit on the configurable link size. Note: 10BaseT links rarely reach the 10 Mbps limit. Keep Ethernets practical limits in mind when configuring rates. If your unit is using LAN Expansion Modules (LEMs) to manage different WAN links and you dont want to control each LEM separately, the rate should be the size of the smallest LEM. For example, if you have two 100 Mbps LEMs managing two links, you should specify 100M for the rate. On the other hand, if you want to control each link separately, the rate should be the sum of the link speeds on all devices. For example, if the built-in device is controlling a T1 line (1.5 Mbps) and a LEM is managing two T1 lines (3.0 Mbps), you should specify 4.5M for the rate. To control traffic across each link separately, you can create a class for each device (for example, Builtin_LEM and Upper_LEM) and assign partitions that match the link size (1.5M for the Builtin_LEM class and 3.0M for the Upper_LEM class). If your unit is using two LEMs to manage a single WAN link, specify the WAN link speed for the rate. Although the Info page will give you an error message (such as Link speed of 155 Mbps exceeds outside NIC speed of 100 Mbps) in the latter situation, it is still appropriate to specify the actual size of the link for the rate.
Your Setting
1-14
Description PacketShaper 1200, 1400, 1550, 2500, 6500: Choose: auto-negotiate, 10BaseT half-duplex, 10BaseT full-duplex, 100BaseT half-duplex, 100BaseT full-duplex PacketShaper 1700, 3500, 7500: As above, plus 1000BaseT full-duplex When you select auto-negotiate, the PacketShaper detects the connected devices port speed and configures the speed and duplex settings for a best match. While the PacketShaper automatically negotiates ports according to the IEEE 802u standard, other connected devices may not operate in compatible modes, which can result in connectivity problems. PacketShaper 9500, 10000 (Gigabit Fiber-Optic): The choices for gigabit fiber-optic are auto-negotiate, autoneg-only, and 1000BaseX full-duplex. If autonegotiate is specified and auto-negotiation signals are not received from the other side, the negotiation will time out in one second and the interface will be set at 1000 fixed. To force auto-negotiation without timing out, use the autoneg-only option. PacketShaper 1700, 3500, 7500, 9500, 10000 (Gigabit Ethernet): For gigabit Ethernet, you can specify auto-negotiate or 1000BaseT full-duplex. (1000BaseT actually does the same thing as auto-negotiate; manual setting to gigabit Ethernet is not part of the 802.3 Ethernet standard.) Notes: Whenever you wish to change Network Interface Card (NIC) settings, always select auto-negotiate first, then select a different value if desired. Do not change from one non-auto setting to another nonauto setting directly; re-negotiation may fail and In Link Down or Out Link Down appears on the LCD. Although you can specify different fixed speeds on the Inside and Outside interfaces, such a configuration will result in a network interruption if the PacketShaper is turned off because the end devices will not be able to negotiate the correct speed for the link.
Your Setting
1-15
Description A drop-down menu that allows you to select the time zone. (The default is local time, depending on time zone configuration.) Once you configure a time zone, the local time automatically changes at the start and end of daylight savings time.
Your Setting
Date
Current date. Enter the date in the format: mm dd yyyy, for example 09 15 2006 for September 15, 2006. Current time. Enter the time in the 24-hour format: hh:mm:ss, for example 14:36:23. See Determining Your Local Operating Mode on page 1-11 for details on the three operating modes: Shaping, Monitor Only, and Custom. If you have the compression module, you have the option of enabling compression during initial setup. For each PacketShaper device (main or LEM) you want to use for compression, you will need to provide the following information: IP Address IP address to assign to the interface; each interface must have a unique address. Note that this address is used by the Xpress feature and is not for managing the PacketShaper. An Xpress-IP address can NOT be the same as the units management address if you have a LEM installed or if you have enabled the Dedicated Management Port feature. It should not be the same address as the secondary customer portal address. Packeteer strongly recommends that you do not use the management IP address for an Xpress-IP address. Net Mask Subnet mask Gateway IP address of the router; leave blank or enter none if there is no gateway. The gateway is required if the compression partner is not on the same subnet.
Time
Compression
1-16
Site Router
The domain name or dotted-decimal IP address for the Directory Server. The Directory Server is usually the computer with PolicyCenter installed on it.
1-17
Description Password to access PolicyCenter default group, for example 7JX1R5; allows you to add units to PolicyCenter. Passwords can be up to nineteen characters long and are case sensitive. They can consist of letters, numbers, and all special characters. PacketShaper 1200, 1400, 1550, 2500, 6500: Choose: auto-negotiate, 10BaseT half-duplex, 10BaseT full-duplex, 100BaseT half-duplex, 100BaseT full-duplex PacketShaper 1700, 3500, 7500: As above, plus 1000BaseT full-duplex When you select auto-negotiate, the PacketShaper detects the connected devices port speed and configures the speed and duplex settings for a best match. While the PacketShaper automatically negotiates ports according to the IEEE 802u standard, other connected devices may not operate in compatible modes, which can result in connectivity problems. PacketShaper 9500, 10000 (Gigabit Fiber-Optic): The choices for gigabit fiber-optic are auto-negotiate, autoneg-only, and 1000BaseX full-duplex. If autonegotiate is specified and auto-negotiation signals are not received from the other side, the negotiation will time out in one second and the interface will be set at 1000 fixed. To force auto-negotiation without timing out, use the autoneg-only option. PacketShaper 3500, 7500, 9500, 10000 (Gigabit Ethernet): For gigabit Ethernet, you can specify auto-negotiate or 1000BaseT full-duplex. (1000BaseT actually does the same thing as auto-negotiate; manual setting to gigabit Ethernet is not part of the 802.3 Ethernet standard.) Note: Although you can specify different fixed speeds on the Inside and Outside interfaces, such a configuration will result in a network interruption if the PacketShaper is turned off because the end devices will not be able to negotiate the correct speed for the link.
Your Setting
1-18
Description A drop-down menu that allows you to select the time zone. (The default is local time, depending on time zone configuration.) Once you configure a time zone, the local time automatically changes at the start and end of daylight savings time.
Your Setting
1-19
1-20
Failover Bypass
A bypass switch connects the inside and outside built-in interfaces together when a Packeteer unit is not powered on or is reset. This feature prevents the unit from interrupting network traffic. When set into bypass mode, the PacketShaper acts like a crossover cable, so cabling configurations that work with the unit powered on will also work with the unit powered off. As part of installation testing, you should verify that network devices attached to the PacketShaper correctly negotiate Ethernet options (speed and duplex), both with the unit powered on and with the unit powered off. When the unit is powered on, each device negotiates Ethernet options with the corresponding port of the PacketShaper. When the unit is powered off and in bypass mode, the devices must be able to negotiate with each other directly in order to prevent network downtime.
Note: When using the standby feature, the hardware bypass must be disabled. For more information about the standby feature and instructions for disabling the hardware bypass relays, see Redundant Configurations on page 7-1.
2-1
Front Panel
A PacketShaper front panel, shown in the following illustration, has two network ports, INSIDE and OUTSIDE. The unit has an AT-compatible DB-9 serial port (CONSOLE) to connect a terminal or PC to the unit for local configuration. (A null-modem cable is provided for this purpose.) The LCD (liquid crystal display) panel on the front of some Packeteer models indicate the units operating state; see LCD Panel on page 2-7 for more information.
Outside RJ-45 Connector Inside RJ-45 Connector
Expansion Slots
INSIDE
OUTSIDE
LCD
Note: The front panel of your unit may differ from the one shown. See Hardware Features on page 2-3 to see which features your unit has.
A straight-through and an orange crossover patch cable with RJ-45 connectors are provided to complete the installation. See Connecting a PacketShaper to the Network on page 2-5 for additional information to help you determine which cable to use. If you are managing more than one LAN or using the direct standby feature, you can add LAN Expansion Modules (LEMs) to the expansion slots.
LED Indicators
The front panel has the following LED indicators: Indicator Status Description If all of the following conditions are true, the Status LED is green: all links are up traffic shaping is on the configured site router address is detected by the PacketShaper, or the site router address is set to none If any of the above conditions are not true, the LED is amber. Fault Power Illuminated when unit is in safe or corrupted mode Illuminated when unit is plugged into an active power outlet and the unit is turned on Illuminated when the network cable is properly connected on both ends Flickers when the unit is transmitting and receiving data
Link
Tx/Rx
2-2
Indicator 100 Indicates link speed: green = 100 Mbps off = 10 Mbps
Description
Hardware Features
PacketShaper models have different features, as described below: Maximum Link Speed 2 Mbps 2 Mbps 10 Mbps 100 Mbps Expansion Slots for LEMs none none 2 2
Model
Power
LCD
single outlet with switch single outlet with switch single outlet with switch dual outlets with no switch
no no yes yes
2-3
Each side of the Packeteer case has three sets of screw holes (located in the front, middle, and rear) so that you can rack-mount the box in any of these positions. The following illustration shows details for rack installation:
Bracket
STATU S FAULT POWE R CONS OLE
Rear-Mounting Position
LINK Tx/Rx 100 INSIDE LINK Tx/Rx 100 OUTS IDE
Bracket Screws
To rack-mount a PacketShaper: 1. 2. 3. Decide whether the unit will be mounted in the front, center, or rear position in the rack, and locate the corresponding set of screw holes on the sides of the case. Attach one bracket to the left side of the unit and one bracket to the right side, as shown. Each bracket requires three bracket screws. Attach the PacketShaper to the rack with two mounting screws on the racks left side and two mounting screws on the racks right side, as shown.
When operating the unit in an equipment rack, ensure that: The ambient temperature around the unit (which may be higher than the room temperature) is within the limit specified for the unit There is sufficient airflow around the unit Electrical circuits are not overloaded consider the nameplate rating of all the connected equipment, and make sure you have over current protection. The equipment is properly grounded No objects are placed on top of the unit
2-4
Note: If you are deploying a PacketShaper in a redundant configuration, see Chapter 7, Redundant Configurations, for instructions and illustrations of supported topologies.
You can use either a crossover or straight-through cable to connect a PacketShaper to a network. Which cable you use depends on what you are connecting directly to the unit. Follow these guidelines when connecting devices: Between a Packeteer unit and a: router firewall server uplink ports hub switch Use this cable: crossover (orange) crossover (orange) crossover (orange) crossover (orange) straight-through straight-through
Connecting to a Router
To connect a PacketShaper to a router: 1. 2. 3. On the router, disconnect the straight-through cable that goes to the switch or hub. Reconnect this cable to the PacketShapers front panel port labeled INSIDE. Connect the OUTSIDE port to the router, using the orange crossover cable.
Router
INPUT 100-240 MAX 50-60Hz
Transceiver
INSIDE
OUTSIDE
To Hub
4.
2-5
Connecting to a Server
To connect a PacketShaper to a server: 1. 2. 3. 4. On the server, disconnect the straight-through cable that goes to the switch or hub. Connect this cable to the PacketShapers front panel port labeled OUTSIDE. Connect the orange crossover cable to the units port labeled INSIDE. Connect the other end of this cable to the server.
Server
INSIDE
OUTSIDE
To Hub
5.
2-6
2.
LCD Panel
An LCD on the front of some PacketShaper models indicate the units operating state. The LCD graphically represents the traffic throughput for the units inside and outside interfaces. Every six seconds, the PacketShaper checks for conditions that may affect normal operations and then displays appropriate messages on the LCD. The following status information should be displayed sequentially on the Packeteer LCD after power is connected: LCD Information Booting... Version: 7.4 PacketShaper State System Startup Initialization Description The PacketShaper initializes and displays the startup status on the LCD. Upon successful bootup, the software version is displayed for several seconds. The numbers represent the amount of inbound and outbound traffic in Mbps. The bar graphs represent the percentage of link speed consumed by the inbound and outbound traffic. To the right of the bar, a vertical line indicates the tensecond peak.
3.
Check the following: Are the transmit (Tx) and receive (Rx) LEDs illuminated and flickering on the front panel of your Packeteer unit? If they are, the cables are connected correctly. Does the LCD window have an error message? If so, see Problems? on page 2-8.
4.
2-7
Problems?
Is there an error message in the LCD window? If so, check this chart for directions. PacketShaper Condition Bypass mode
Message
Description In bypass mode, the LCD no longer displays the bar graph. Bypass mode prevents both packet shaping and network management access. For additional details, see the setup shaping command in the online PacketGuide. Contact Packeteer Support. Unable to detect link state of the inside interface. Check Packeteer unit cabling. Unable to detect link state on both interfaces. Check PacketShaper cabling. L=Lower These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling. Site router is incorrectly configured or PacketWise cannot find it. Use the setup tab in the browser interface or the setup siterouter CLI command to configure a site router. This is expected, since you havent configured the system yet. This message will disappear after you run Guided Setup to set the PacketShapers IP address for your network. Unable to detect link state of the outside interface. Check PacketShaper cabling. Your PacketShaper may have redundant power supplies. If one fails, the other one keeps the unit operational. Verify that both power supplies are connected to a power source. If this message occurs when both power supplies are connected to a power source, contact your reseller for service.
? Bypass Mode
Corrupt Config
Corrupt file Network connectivity problem Network connectivity problem Network connectivity problem
? In Link Down
? Links Down
No Router Found
Not Configured
Power 1 Failed
2-8
PacketShaper Condition Network connectivity problem Network connectivity problem Safe mode
Description The site router is incorrectly connected to the INSIDE port. See Connecting a PacketShaper to the Network on page 25. A site router has not been configured. Use the setup tab in the browser interface or the setup siterouter CLI command to configure a site router. PacketWise reverts to safe mode after repeated system failures. For safe mode details, see Safe Mode in the online PacketGuide. Shaping can be enabled by going to the setup tab in the browser interface. U=Upper These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling.
Router=0.0.0.0
Safe Mode
? Shaping Off
U-InLink Down U-OutLink Down
2-9
2-10
Failover Bypass
A bypass switch connects the inside and outside built-in interfaces together when a PacketShaper is not powered on or is reset. This feature prevents the unit from interrupting network traffic. When set into bypass mode, the PacketShaper acts like a crossover cable, so cabling configurations that work with the unit powered on will also work with the unit powered off. As part of installation testing, you should verify that network devices attached to the PacketShaper correctly negotiate Ethernet options (speed and duplex), both with the unit powered on and with the unit powered off. When the unit is powered on, each device negotiates Ethernet options with the corresponding port of the PacketShaper. When the unit is powered off and in bypass mode, the devices must be able to negotiate with each other directly in order to prevent network downtime.
Note: The failover bypass feature is not supported on the ports labeled BACKUP INSIDE and BACKUP OUTSIDE. If the PacketShaper 1400 is turned off or disabled, traffic will only continue to pass through the INSIDE and OUTSIDE ports
3-1
Front Panel
PacketShaper 1400 models include the following features: LED indicators that indicate the PacketShapers operating state; see LED Indicators on page 3-2 for more information Two main RJ-45 Ethernet ports, INSIDE and OUTSIDE Two backup RJ-45 Ethernet ports, BACKUP INSIDE and BACKUP OUTSIDE One AT-compatible DB-9 serial port (CONSOLE) to connect a terminal or PC to the PacketShaper for local configuration Two USB ports, reserved for future use
USB CONSOLE INSIDE
POWER STATUS DISK
BACKUP
OUTSIDE
INSIDE
OUTSIDE
A straight-through and an orange crossover patch cable with RJ-45 connectors are provided to complete the installation. See Connecting a PacketShaper to the Network on page 3-5 for additional information to help you determine which cable to use.
LED Indicators
The front panel has the following LED indicators: Indicator Power Description Illuminated when unit is plugged into an active power outlet and the unit is turned on If all of the following conditions are true, the Status LED is green: all links are up traffic shaping is on the configured site router address is detected by the PacketShaper, or the site router address is set to none If any of the above conditions are not true, the LED remains off. Disk Indicates flash memory and/or hard disk activity
Status
Each RJ-45 port has two LED indicators: Indicator Amber Description Off when the link is down On when the link is up Flashing to indicate network traffic Green Off when unit is connected to a 10 Mbps Ethernet link On when unit is connected to a 100 Mbps Ethernet link
3-2
Hardware Features
The PacketShaper 1400 has the following hardware features: Power: single input with standby switch Maximum link speed: 2 Mbps LCD: none Backup Ethernet ports for connection to a backup DSL modem or router
3-3
Each side of the PacketShaper case has a set of screw holes that can accomodate rack mounting brackets, as shown in the following illustration.
CO
NS
OLE
PO WE
US B
ST AT US DIS K
INSI
DE OU TS IDE
INSI DE
BA CK UP
OUT
SIDE
To rack-mount a PacketShaper: 1. 2. Attach one bracket to the left side of the unit and one bracket to the right side, as shown. Each bracket requires three bracket screws. Attach the PacketShaper to the rack with two mounting screws on the racks left side and two mounting screws on the racks right side.
When operating the unit in an equipment rack, ensure that: The ambient temperature around the unit (which may be higher than the room temperature) is within specified limits. See PacketShaper 1400 Specifications on page A-15. There is sufficient airflow around the unit Electrical circuits are not overloaded consider the nameplate rating of all the connected equipment, and make sure you have over current protection. The equipment is properly grounded No objects are placed on top of the unit
3-4
Note: If you are deploying a PacketShaper in a redundant configuration, see Chapter 7, Redundant Configurations, for instructions and illustrations of supported topologies. If you are deploying a PacketShaper non-inline, see Chapter 8, Non-Inline Deployment.
You can use either a crossover or straight-through cable to connect a PacketShaper to a network. Which cable you use depends on what you are connecting directly to the unit. Follow these guidelines when connecting devices: Between a PacketShaper and a: router firewall server uplink ports hub switch Use this cable: crossover (orange) crossover (orange) crossover (orange) crossover (orange) straight-through straight-through
Connecting to a Router
To connect a PacketShaper to a router: 1. 2. 3. On the router, disconnect the straight-through cable that goes to the switch or hub. Reconnect this cable to the PacketShapers front panel port labeled INSIDE. Connect the OUTSIDE port to the router, using the orange crossover cable.
Router
INPUT 100-240 MAX 50-60Hz
Transceiver
OUTSIDE
INSIDE
OUTSIDE
To Hub
3-5
4. 5.
(Optional) If you have a backup router, repeat the previous three steps to connect a it to the PacketShapers BACKUP INSIDE and BACKUP OUTSIDE ports. Proceed to Turning on the PacketShaper on page 3-7.
Connecting to a Server
To connect a PacketShaper to a server: 1. 2. 3. 4. On the server, disconnect the straight-through cable that goes to the switch or hub. Connect this cable to the PacketShapers front panel port labeled OUTSIDE. Connect the orange crossover cable to the units port labeled INSIDE. Connect the other end of this cable to the server.
Server
OUTSIDE
INSIDE
OUTSIDE
To Hub
5.
3-6
Powering On
1. 2. 3.
Connect the power cord to the PacketShapers power connector outlet in the back of the unit. Plug the other end of the power cord into AC power. Flip the standby switch to the on position.
Powering Off
To put the PacketShaper into standby mode, flip the standby switch to the off position. To fully remove power from the motherboard, disconnect the power cord.
3-7
3-8
Failover Bypass
A bypass switch connects the inside and outside built-in interfaces together when a PacketShaper is not powered on or is reset. This feature prevents the unit from interrupting network traffic. When set into bypass mode, the PacketShaper acts like a crossover cable, so cabling configurations that work with the unit powered on will also work with the unit powered off. As part of installation testing, you should verify that network devices attached to the PacketShaper correctly negotiate Ethernet options (speed and duplex), both with the unit powered on and with the unit powered off. When the unit is powered on, each device negotiates Ethernet options with the corresponding port of the PacketShaper. When the unit is powered off and in bypass mode, the devices must be able to negotiate with each other directly in order to prevent network downtime.
Note: When using the direct standby feature, the hardware bypass must be disabled. For more information about the standby feature and instructions for disabling the hardware bypass relays, see Redundant Configurations on page 7-1.
4-1
Front Panel
An example of a PacketShaper front panel is shown in the illustration below. While the front panel of your unit may differ in appearance, all PacketShaper 1700, 3500, and 7500 models include the following features: An LCD (liquid crystal display) panel that indicates the PacketShapers operating state; see LCD Panel on page 4-8 for more information Two RJ-45 Ethernet ports, INSIDE and OUTSIDE One RJ-45 Ethernet out-of-band management port (MGMT) to access and manage the unit on a management network; see Using the Out-of-Band Management Port (1700/3500/7500 only) on page 6-1 One AT-compatible DB-9 serial port (CONSOLE) to connect a terminal or PC to the PacketShaper for local configuration Two USB ports, reserved for future use
DB-9 Serial Port Expansion Slots
INSIDE
INSIDE
SPEED
SPEED
Tx/Rx
Tx/Rx
LINK
LINK
IN: OUT:
CONSOLE CONSOLE
MGMT
LINK Tx/Rx SPEED
INSIDE
LINK Tx/Rx SPEED
OUTSIDE
LINK Tx/Rx SPEED OUTSIDE OUTSIDE
LCD
USB Ports
3500/7500 models only: expansion slots for LAN Expansion Modules (LEMs), which are used when managing more than one LAN or using the direct standby feature.
A straight-through and an orange crossover patch cable with RJ-45 connectors are provided to complete the installation. See Connecting a PacketShaper to the Network on page 4-5 for additional information to help you determine which cable to use.
LED Indicators
The front panel has the following LED indicators: Indicator Fault Description Illuminated when unit is in safe or corrupted mode
4-2
Indicator Status
Description If all of the following conditions are true, the Status LED is green: all links are up traffic shaping is on the configured site router address is detected by the PacketShaper, or the site router address is set to none If any of the above conditions are not true, the LED is amber.
Illuminated when unit is plugged into an active power outlet and the unit is turned on Illuminated when the network cable is properly connected on both ends Flickers when the unit is transmitting and receiving data Indicates link speed: amber = 1 Gbps green = 100 Mbps off = 10 Mbps
Hardware Features
The PacketShaper 1700 has the following hardware features: Supports maximum link speed of 45 Mbps Power switch Field-replaceable power supply Field-replaceable, hot-swappable cooling unit
The PacketShaper 3500 and 7500 have the following hardware features: Supports maximum link speed of 200 Mbps (7500) and 45 Mbps (3500) Power switch for each power supply Field-replaceable power supply; the PacketShaper 7500 has two hot-swappable power supply modules Field-replaceable, hot-swappable cooling unit Field-replaceable hard drive Two expansion slots
See Product Specifications on page A-1 for detailed product specifications. See FieldReplaceable Components: PacketShaper 1700 on page D-1 and Field-Replaceable Components: PacketShaper 3500, 7500 on page E-1 for instructions on installing fieldreplaceable components.
4-3
Each side of the Packeteer case has two sets of screw holes (located in the front and middle) so that you can rack-mount the box in either of these positions. The following illustration shows details for rack installation:
Rack
Rack Bracket
Mounting Screws
Front-Mounting Position
Bracket Screws
To rack-mount a PacketShaper: 1. 2. 3. Decide whether the unit will be mounted in the front or center position in the rack, and locate the corresponding set of screw holes on the sides of the case. Attach one bracket to the left side of the unit and one bracket to the right side, as shown. Each bracket requires three bracket screws. Attach the PacketShaper to the rack with two mounting screws on the racks left side and two mounting screws on the racks right side, as shown.
When operating the unit in an equipment rack, ensure that: The ambient temperature around the unit (which may be higher than the room temperature) is within the limit specified for the unit There is sufficient airflow around the unit Electrical circuits are not overloaded consider the nameplate rating of all the connected equipment, and make sure you have over current protection. The equipment is properly grounded No objects are placed on top of the unit
4-4
Note: If you are deploying a PacketShaper in a redundant configuration, see Chapter 7, Redundant Configurations, for instructions and illustrations of supported topologies. If you are deploying a PacketShaper non-inline, see Chapter 8, Non-Inline Deployment.
You can use either a crossover or straight-through cable to connect a PacketShaper to a network. Which cable you use depends on what you are connecting directly to the unit. Follow these guidelines when connecting devices: Between a PacketShaper and a: router firewall server uplink ports hub switch Use this cable: crossover (orange) crossover (orange) crossover (orange) crossover (orange) straight-through straight-through
Connecting to a Router
To connect a PacketShaper to a router: 1. 2. 3. On the router, disconnect the straight-through cable that goes to the switch or hub. Reconnect this cable to the PacketShapers front panel port labeled INSIDE. Connect the OUTSIDE port to the router, using the orange crossover cable.
Router
INPUT 100-240 MAX 50-60Hz
Transceiver
IN: OUT:
MGMT
LINK Tx/Rx SPEED
INSIDE
LINK Tx/Rx SPEED
OUTSIDE
LINK Tx/Rx SPEED
To Hub
4-5
4.
If desired, connect an Ethernet cable from the MGMT port to a router on your management network.
Router
INPUT 100-240 MAX 50-60Hz
Transceiver
IN: OUT:
MGMT
LINK Tx/Rx SPEED
INSIDE
LINK Tx/Rx SPEED
OUTSIDE
LINK Tx/Rx SPEED
To Hub
To Management Network
5.
4-6
Connecting to a Server
To connect a PacketShaper to a server: 1. 2. 3. 4. On the server, disconnect the straight-through cable that goes to the switch or hub. Connect this cable to the PacketShapers front panel port labeled OUTSIDE. Connect the orange crossover cable to the units port labeled INSIDE. Connect the other end of this cable to the server.
Server
IN: OUT:
MGMT
LINK Tx/Rx SPEED
INSIDE
LINK Tx/Rx SPEED
OUTSIDE
LINK Tx/Rx SPEED
To Hub
5.
If desired, connect an Ethernet cable from the MGMT port to a router on your management network.
Server
IN: OUT:
MGMT
LINK Tx/Rx SPEED
INSIDE
LINK Tx/Rx SPEED
OUTSIDE
LINK Tx/Rx SPEED
To Hub
To Management Network
6.
4-7
Powering On
One power cable is included for each installed power supply. Each power supply has its own power switch, located on the back of the unit. 1. 2. 3. Connect the power cord(s) to the PacketShapers outlet(s) in the back of the unit. Plug the other ends of the power cord(s) into AC power. When using two power supplies, be sure to connect the two power cords to outlets on separate circuit breakers. Press the power switch on each power supply.
Powering Off
To turn off the PacketShaper, press the power switch(es) or disconnect the power cord(s).
Note: Behind the rear access door is a reset button that should not be used without the direction of Packeteer customer support or a qualified systems engineer. Pressing this button will result in a hardware reset, causing all PacketShaper functions to cease temporarily.
LCD Panel
An LCD on the front of the unit indicate the operating state. The LCD graphically represents the traffic throughput for the units inside and outside interfaces. Every six seconds, the PacketShaper checks for conditions that may affect normal operations and then displays appropriate messages on the LCD. The following status information should be displayed sequentially on the Packeteer LCD after power is connected: LCD Information Booting... Version: 7.4 PacketShaper State System Startup Initialization Description The PacketShaper initializes and displays the startup status on the LCD. Upon successful bootup, the software version is displayed for several seconds. The numbers represent the amount of inbound and outbound traffic in Mbps. The bar graphs represent the percentage of link speed consumed by the inbound and outbound traffic. To the right of the bar, a vertical line indicates the tensecond peak.
4.
Check the following: Are the transmit (Tx) and receive (Rx) LEDs illuminated and flickering on the front panel of your PacketShaper? If they are, the cables are connected correctly. Does the LCD window have an error message? If so, see Problems? on page 4-9.
4-8
5.
Problems?
Is there an error message in the LCD window? If so, check this chart for directions. PacketShaper Condition Regulators indicate that voltage is out of the normal range
Message Bad 2.5v reg Bad 3.3v reg Bad 5v reg Bad 12v reg Bad CPU reg Bad Right LEM Bad Left LEM
PacketShaper 3500/7500 units require a LEM designed specifically for these models. If your unit doesnt recognize the LEM or you get one or both of the LCD error messages shown (opposite), you may have installed a LEM that was designed for a different PacketShaper model. In bypass mode, the LCD no longer displays the bar graph. Bypass mode prevents both packet shaping and network management access. For additional details, see the setup shaping command in the online PacketGuide. Contact Packeteer Support. Unable to detect link state of the inside interface. Check cabling. Unable to detect link state on both interfaces. Check Packeteer unit cabling. L=Left These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling. Site router is incorrectly configured or PacketWise cannot find it. Use the setup tab in the browser interface or the setup siterouter CLI command to configure a site router. This is expected, since you havent configured the system yet. This message will disappear after you run Guided Setup to set the PacketShapers IP address for your network.
? Bypass Mode
Bypass mode
Corrupt Config
Corrupt file Network connectivity problem Network connectivity problem Network connectivity problem
? In Link Down
? Links Down
No Router Found
Not Configured
4-9
Message
Description Unable to detect link state of the outside interface. Check PacketShaper cabling. Power 1 refers to the lower power supply. Power 2 refers to the upper power supply (PacketShaper 7500 only). The PacketShaper 7500 has redundant power supplies. If one fails, the other one keeps the unit operational. Verify that both power supplies are connected to a power source. If this message occurs when both power supplies are connected to a power source, contact your reseller for service.
Router Inside
The site router is incorrectly connected to the INSIDE port. See Connecting a PacketShaper to the Network on page 45. A site router has not been configured. Use the setup tab in the browser interface or the setup siterouter CLI command to configure a site router. PacketWise reverts to safe mode after repeated system failures. For safe mode details, see Safe Mode in the online PacketGuide. Shaping can be enabled by going to the setup tab in the browser interface. R=Right These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling.
Router=0.0.0.0
Safe Mode
? Shaping Off
R-InLink Down R-OutLink Down
4-10
Failover Bypass
A bypass switch connects the inside and outside interfaces together when a PacketShaper with RJ-45 connectors is not powered on or is reset. This feature prevents the unit from interrupting network traffic. When set into bypass mode, the PacketShaper acts like a crossover cable, so cabling configurations that work with the unit powered on will also work with the unit powered off. The failover bypass capability is built into PacketShaper 9500 and 10000 models with RJ-45 connectors.
Note: In order to use the failover bypass feature on fiber-optic PacketShaper 9500 and 10000 models, you need to purchase and install the Packeteer Fiber Bypass Switch. See Connecting a PacketShaper 9500/10000 to a Fiber Bypass Switch on page 5-10.
As part of installation testing, you should verify that network devices attached to the PacketShaper correctly negotiate Ethernet options (speed and duplex), both with the unit powered on and with the unit powered off. When the unit is powered on, each device negotiates Ethernet options with the corresponding port of the PacketShaper. When the unit is powered off and in bypass mode, the devices must be able to negotiate with each other directly in order to prevent network downtime.
Note: When using the standby feature, you must disable the hardware bypass on PacketShaper 9500 and 10000 models with RJ-45 connectors. For more information about the standby feature and instructions for disabling the hardware bypass relays, see Redundant Configurations on page 7-1.
5-1
Front Panel
The front panel of PacketShaper models 9500 and 10000 varies depending on whether it has RJ-45 or fiber-optic connectors. Refer to the section below that applies to your model.
RJ-45 Connectors
As shown in the following illustration, the front panel of PacketShaper models 9500 and 10000 has two RJ-45 ports, INSIDE and OUTSIDE for connecting to an Ethernet LAN using twisted-pair cables. The unit also has an AT-compatible DB-9 serial port (CONSOLE) to connect a terminal or PC to the unit for local configuration. (A nullmodem cable is included for this purpose.) The LCD (liquid crystal display) panel indicates the units operating state; see LCD Panel on page 5-13 for more information.
Outside RJ-45 Connector Inside RJ-45 Connector DB-9 Serial Port Expansion Slots
INSIDE
LINK Tx/Rx SPEED
INSIDE
OUTSIDE
LINK Tx/Rx SPEED
OUTSIDE
LCD
A straight-through and an orange crossover patch cable with RJ-45 connectors are provided to complete the installation. See Connecting the PacketShaper 9500/10000 to the Network on page 5-6 for information to help you determine which cable to use. If you are managing more than one LAN or using the direct standby feature, you can add LAN Expansion Modules (LEMs) to the expansion slots.
Fiber-Optic Connectors
The fiber-optic PacketShaper 9500/10000 front panel, shown in the following illustration, has two fiber-optic ports, labeled INSIDE and OUTSIDE. You can install either SX or LX small form-factor pluggable (SFP) transceivers into these ports. The CONTROL port can be used with the Packeteer Fiber Bypass Switch to provide failover bypass; see Connecting a PacketShaper 9500/10000 to a Fiber Bypass Switch on page 5-10. If you do not have the bypass switch, the CONTROL port is not used.
5-2
The unit also has an AT-compatible DB-9 serial port (CONSOLE) to connect a terminal or PC to the unit for local configuration. A null-modem cable is included for this purpose. The LCD (liquid crystal display) panel indicates the units operating state; see LCD Panel on page 5-13 for more information.
Outside Transceiver Inside Transceiver DB-9 Serial Port Bypass Control Port Expansion Slots
INSIDE
CONTROL
OUTSIDE
Link Tx/Rx
SX/LX
OUTSIDE
Link Tx/Rx
SX/LX
INSIDE
LCD
If you are managing more than one LAN or using the direct standby feature, you can add LAN Expansion Modules (LEMs) to the expansion slots.
LED Indicators
The front panel has the following LED indicators: Indicator Status Description If all of the following conditions are true, the Status LED is green: all links are up traffic shaping is on the configured site router address is detected by the PacketShaper, or the site router address is set to none If any of the above conditions are not true, the LED is amber. Fault Power Illuminated when unit is in safe or corrupted mode Illuminated when unit is plugged into an active power outlet and the unit is turned on Illuminated when the network cable is properly connected on both ends Flickers when the unit is transmitting and receiving data Indicates link speed: amber = 1 Gbps green = 100 Mbps off = 10 Mbps
Link
5-3
Description Indicates types of fiber-optic transceiver installed in the port: green = SX yellow = LX
PacketShaper 9500 models have the following hardware features: Power switch Supports maximum link speed of 200 Mbps LCD RJ-45 or fiber-optic connectors Two expansion slots for LAN Expansion Modules Dual hot-swappable power supplies
See Product Specifications on page A-1 for detailed product specifications. For instructions on installing field replaceable components, see Field-Replaceable Components: PacketShaper 9500, 10000 on page F-1.
PacketShaper 10000 models have has the following hardware features: Power switch Supports maximum link speed of 1 Gbps LCD RJ-45 or fiber-optic connectors Two expansion slots for LAN Expansion Modules Dual hot-swappable power supplies Field-replaceable hard drive Field-replaceable cooling unit
See Product Specifications on page A-1 for detailed product specifications. For instructions on installing field replaceable components, see Field-Replaceable Components: PacketShaper 9500, 10000 on page F-1.
5-4
Each side of the PacketShaper case has three sets of screw holes (located in the front, middle, and rear) so that you can rack-mount the unit in any of these positions. The following illustration shows details for rack installation:
Bracket
STATU S FAULT POWE R CONS OLE
Bracket Screws
To rack-mount the PacketShaper: 1. 2. 3. Decide whether the unit will be mounted in the front, center, or rear position in the rack, and locate the corresponding set of screw holes on the sides of the Packeteer case. Attach one bracket to the left side of the unit and one bracket to the right side, as shown. Each bracket requires three bracket screws. Attach the PacketShaper to the rack with two mounting screws on the racks left side and two mounting screws on the racks right side, as shown.
When operating the unit in an equipment rack, ensure that: The ambient temperature around the unit (which may be higher than the room temperature) is within the limit specified for the unit There is sufficient airflow around the unit Electrical circuits are not overloaded consider the nameplate rating of all the connected equipment, and make sure you have over current protection. The equipment is properly grounded No objects are placed on top of the unit
5-5
You can use either a crossover or straight-through cable to connect a PacketShaper with RJ45 connectors to an Ethernet network. Which cable you use depends on what you are connecting directly to the unit. Follow these guidelines when connecting devices: Between PacketShaper 9500/10000 and a: router or GBIC connection on a router for 1000Base-T firewall server uplink ports hub switch or GBIC connection on a switch for 1000Base-T
Connecting a PacketShaper 9500/10000 Between a Router and Hub To connect to a router: 1. 2. On the router, disconnect the straight-through cable that goes to the switch or hub. Reconnect this cable to the units front panel port labeled INSIDE.
5-6
3.
Connect the router to the OUTSIDE port, using the orange crossover cable.
WAN Router
INPUT 100-240 MAX 50-60Hz
WAN
PacketShaper 9500/10000
INSIDE
LINK Tx/Rx SPEED
INSIDE
OUTSIDE
LINK Tx/Rx SPEED
OUTSIDE
To hub
4.
Connecting a PacketShaper 9500/10000 Between a Server and Hub To connect to a server: 1. 2. 3. 4. On the server, disconnect the straight-through cable connected to the switch or hub. Connect this cable to the units front panel port labeled OUTSIDE. Connect the orange crossover cable to the units port labeled INSIDE. Connect the other end of this cable to the server.
Server
PacketShaper 9500/10000
INSIDE
LINK Tx/Rx SPEED
INSIDE
OUTSIDE
LINK Tx/Rx SPEED
OUTSIDE
To hub
5.
5-7
The fiber-optic PacketShaper 9500/10000 uses modular SFP transceivers, allowing the unit to be used in a wide variety of fiber-optic networks. SX transceivers are included with the 9500/10000; if you need LX transceivers, you can purchase one or more Single-Mode Transceiver Upgrade Kits. (Each kit contains a single SFP transceiver.) Inserting SFP Transceiver Modules If the transceivers are not already installed, follow these steps to insert the modules into the PacketShapers fiber-optic ports: 1. Remove the rubber protectors from the connectors on the transceivers.
2.
Pull down on the latch handle until the latch on each transceiver is open at a 90-degree angle.
Note: If your transceiver does not have a handle or latch similar to the one shown here, refer to the transceivers manufacturer for specific instructions.
5-8
3.
Ensure that the transceivers are oriented as shown, then carefully insert them into their slots.
4.
Push up on the small latch on each transceiver until it clicks, to lock the transceiver into place.
Connecting a PacketShaper 9500/10000 Between a Router and a Switch To cable a fiber-optic PacketShaper 9500/10000 to a fiber-optic router and switch: 1. On the router, disconnect the fiber-optic cable connected to the switch. Note: If your router has SC connectors, replace this cable with a LC-to-SC cable. Reconnect this cable to the units front panel port labeled INSIDE. Use the appropriate cable (either LC-to-LC or LC-to-SC) to connect the OUTSIDE port to the router.
WAN Router
INPUT 100-240 MAX 50-60Hz
2. 3.
WAN
PacketShaper 9500/10000
INSIDE
BYPASS CTRL
OUTSIDE
INSIDE
Link Tx/Rx
SX/LX
Link Tx/Rx
SX/LX
OUTSIDE
To switch
4.
Proceed to Turning on the PacketShaper 9500/10000 on page 5-13. Note: PacketShaper 9500/10000 units with fiber-optic connection do not have builtin bypass mode; if this unit fails, the network will be briefly disrupted while the unit reboots. If you require fiber bypass capability, use the Packeteer Fiber Bypass Switch. See Connecting a PacketShaper 9500/10000 to a Fiber Bypass Switch on page 5-10 for more information.
Connecting a PacketShaper 9500/10000 Between a Server and a Switch To connect PacketShaper 9500/10000 to a server and switch:
5-9
1.
On the server, disconnect the fiber-optic cable connected to the switch. Note: If your server has SC connectors, replace this cable with a LC-to-SC cable. Connect this cable to the units front panel port labeled OUTSIDE. Use the appropriate cable (either LC-to-LC or LC-to-SC) to connect the INSIDE port to the server.
Server
2. 3.
PacketShaper 9500/10000
INSIDE
BYPASS CTRL
OUTSIDE
Link Tx/Rx
SX/LX
OUTSIDE
Link Tx/Rx
SX/LX
INSIDE
To switch
4.
Connecting a PacketShaper 9500/10000 to a Fiber Bypass Switch You can add fiber failover bypass functionality to a PacketShaper 9500/10000 by installing the Packeteer Fiber Bypass Switch. This bypass switch has four duplex-LC fiber-optic connectors labeled Inside, Outside, To Packeteer Inside, and To Packeteer Outside as well as an RJ-45 port labeled Control.
To Packeteer Inside LC port To Packeteer Outside Outside LC port LC port
Inside LC port
To cable a fiber-optic PacketShaper 9500/10000 to a fiber-optic network using a Fiber Bypass Switch: 1. 2. On the router, disconnect the fiber-optic cable connected to the switch. Reconnect this cable to the Fiber Bypass Switch port labeled Inside.
5-10
3.
Connect a two-meter long LC-to-LC or LC-to-SC cable from the bypass switchs Outside port to the router.
WAN Router
INPUT 100-240 MAX 50-60Hz
WAN
4. 5.
Connect a one-meter LC-to-LC cable from the To Packeteer Inside port on the bypass switch to the units INSIDE port. Connect a one-meter LC-to-LC cable from the To Packeteer Outside port on the bypass switch to the units OUTSIDE port.
To Packeteer Inside LC port To Packeteer Outside LC port
To Switch To Router
PacketShaper 9500/10000
INSIDE
BYPASS CTRL
OUTSIDE
Link Tx/Rx
SX/LX
OUTSIDE
Link Tx/Rx
SX/LX
INSIDE
5-11
6.
Connect a control cable between the RJ-11 port (labeled CONTROL) on the PacketShaper 9500/10000 to the RJ-45 port (labeled Control) on the bypass switch.
Fiber Bypass Switch
To Switch To Router
PacketShaper 9500/10000
INSIDE
CONTROL
OUTSIDE
Link Tx/Rx
SX/LX
OUTSIDE
Link Tx/Rx
SX/LX
INSIDE
5-12
Powering On
Two power cables are included with your PacketShaper one for each power supply. The power switch is located on the back of the unit. 1. 2. Connect the power cords to the PacketShapers outlets in the back of the unit. Plug the other ends of the power cords into AC power. Be sure to connect the two power cords to outlets on separate circuit breakers. The PacketShaper should immediately turn on; if it doesnt, press the power switch on the back of the unit. 3. 10000 only: Press the power switch momentarily. (If you press the switch too long, it will not power up. If this happens, just press the switch again.)
Powering Off
To turn off the PacketShaper: 9500: Press the power switch, or disconnect both power cords. 10000: Hold down the power switch for about five seconds, until the unit powers off, or disconnect both power cords.
LCD Panel
An LCD on the front of the PacketShaper 9500/10000 indicates the operating state. The LCD graphically represents the traffic throughput for the units inside and outside interfaces. Every six seconds, the PacketShaper checks for conditions that may affect normal operations and then displays appropriate messages on the LCD. The following status information should be displayed sequentially on the PacketShaper LCD after power is connected: LCD Information Booting... Version: 7.4 PacketShaper State System Startup Initialization Description The PacketShaper initializes and displays the startup status on the LCD. Upon successful bootup, the software version is displayed for several seconds. The numbers represent the amount of inbound and outbound traffic in Mbps. The bar graphs represent the percentage of link speed consumed by the inbound and outbound traffic. To the right of the bar, a vertical line indicates the tensecond peak.
5-13
4.
Check the following: Are both the transmit (Tx) and receive (Rx) LEDs flickering on the front panel of your PacketShaper? If they are, the cable is connected correctly. Does the LCD window have an error message? If so, see Problems? on page 514.
5.
Problems?
Is there an error message in the LCD window? If so, check this chart for directions. PacketShaper Condition Incompatible LEM installed
Description PacketShaper 10000 models are only compatible with newer-generation LEMs. If your 10000 model does not recognize the LEM, or you get one or both of the LCD error messages shown (opposite), you may have installed an older LEM2-1000M-T or LEM2-1000M-SX LAN Expansion Module into a Packeteer 10000 series. Check the packaging for the LEM and verify its serial number; PacketShaper 10000 models require a LEM2-1000M-T with a serial number greater than 006-10010001, or a LEM2-1000M-SX with a serial number greater than 007-10010001. If the LEM has a smaller serial number, remove the LEM from the unit and replace it with a Packeteer LEM with a compatible serial number.
? Bypass Mode
Bypass mode
When the unit is in bypass mode, the LCD no longer displays the bar graph. Bypass mode prevents both packet shaping and network management access. Contact Packeteer Support. Unable to detect link state of the inside interface. Check PacketShaper cabling. Unable to detect link state on both interfaces. Check PacketShaper cabling. L=Lower These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling.
Corrupt Config
Corrupt file Network connectivity problem Network connectivity problem Network connectivity problem
? In Link Down
? Links Down
5-14
Description The site router is incorrectly configured or PacketWise cannot find it. Use the setup tab in the browser interface to configure a site router. This is expected, since you havent configured the system yet. The message will disappear after you run Guided Setup to set the PacketShapers IP address for your network. Unable to detect link state of the outside interface. Check PacketShaper cabling. Your PacketShaper has redundant power supplies. If one fails, the other one keeps the unit operational. Verify that both power supplies are connected to a power source. If this message occurs when both power supplies are connected to a power source, contact your reseller for service.
Not Configured
Power 1 Failed
Router Inside
The site router is incorrectly connected to the INSIDE port. See Connecting the PacketShaper 9500/10000 to the Network on page 5-6. A site router has not been configured. Use the setup tab to configure a site router. PacketWise reverts to safe mode after repeated system failures. For safe mode details, see the online PacketGuide. Shaping can be enabled by going to the setup tab in the browser interface. U=Upper These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling.
Router=0.0.0.0
Safe Mode
? Shaping Off
U-InLink Down U-OutLink Down
5-15
5-16
Pre-Installation Checklist
Be sure that you have completed one of the Pre-Installation Checklists in Chapter 1; you will need this information during installation.
PacketShaper models 1700, 3500, and 7500 have an out-of-band Ethernet management port (MGMT) that you can use to access and manage the unit via a web browser or a remote login utility. This port can be connected to the same network the PacketShaper is monitoring or to a different network (such as a management network). When the MGMT port is connected to a management network, you may want to enable the Dedicated Management Port option so that the unit cannot be accessed from other networks; this provides increased security.
Note: Enabling dedicated management port access will cause loss of remote connectivity to the unit through all other ports.
When considering whether to enable the dedicated management port feature, bear in mind that certain Packeteer features will not function properly unless the network administrator provides outside hosts with a route to reach the PacketShaper through the management port. These features include, but are not limited to, the following: PolicyCenter Access Link Monitoring Frame Relay and ATM HP OpenView Flow Detail Records Adaptive response SNMP traps and polling from third-party applications Synthetic transactions Customer portal traffic (if the portal IP address is set to be the same as the management IP address)
To use the dedicated management port: 1. Connect an Ethernet cable from the MGMT port to a router on your management network.
6-1
2. 3.
Access the PacketShaper (described below) and run Guided Setup (see Configuring the PacketWise Software on page 6-6). Enable the dedicated management port: Click the setup tab. From the Choose Setup Page list, choose management port. The Management Port setup page appears. For Dedicated Management Port, choose on. Click apply changes. Note: Changing management port access may cause temporary loss of access to the PacketShaper through the management port.
There are three ways to access the PacketShaper and configure the PacketWise software: Through a web browser Through a remote login utility With a direct console connection
Accessing PacketWise Guided Setup With a Browser You should have a browser such as Netscape Navigator or Internet Explorer to configure this software. The settings can be accessed using the English versions of the following web browsers: 1. Netscape 7.1 or higher (Windows NT, 2000, or XP) Microsoft Internet Explorer v5.5 or higher (Windows NT, 2000, or XP) Set to accept cookies, the default setting for most web browsers. JavaScript enabled. Cache preference set to verify documents every time in the Netscape browser and every visit to the page in Internet Explorer. As you modify PacketWise configurations in the browser interface, the browser must update the page each time rather than displaying the data already stored in the cache. For optimal formatting of features such as graphs, reports, and data charts, set the screen resolution to 1024x768. To maximize the amount of data that can be viewed on the screen, you may want to adjust the font.
2.
Start your browser, then enter either the factory-set IP address 207.78.98.254 or the DNS name unconfigured.packetshaper.com in your browsers Address or Location box.
Note: Using the DNS name to access an unconfigured unit works only if a DNS server is configured on your network and your desktop computer is connected to the PacketShapers interface marked INSIDE.
6-2
Did you successfully access the PacketShaper? If so, the Guided Setup window appears, and you are ready to configure the software (see Configuring the PacketWise Software on page 6-6).
If you did not successfully access the PacketShaper, turn to Problems? on page 6-4. Accessing Guided Setup With a Remote Login Utility You are free to choose any remote login utility that is available for your operating system. For example, for clear text connections, you can use Telnet. For secure connections, you can choose any SSH client, such as SecureCRT for Windows or OpenSSH for UNIX operating systems. To access Guided Setup using the command-line interface: 1. Connect to unconfigured.packetshaper.com (or 207.78.98.254) at your login utilitys command line for example telnet 207.78.98.254 or ssh 207.78.98.254. The PacketShapers factory-installed IP address and password prompt appear. 2. Press Enter to bypass the password for now. You will set the password and new IP address later. When you successfully connect to Guided Setup, you will see a banner and prompt similar to the following:
PacketShaper v7.4 2006-09-01 Copyright (c) 1996-2006 Packeteer, Inc. All rights reserved. PacketShaper not yet configured. Do you wish to be guided through initial setup of PacketShaper? (yes):
3.
Press Enter.
Did you successfully access Guided Setup? If so, you can now complete the Guided Setup. Turn to page 6-6 and configure the software. If you did not successfully access Guided Setup, see Problems? on page 6-4. Accessing Guided Setup With a Console Connection If these remote-access methods do not work due to network or configuration issues, you can access the unit directly with a null-modem cable. This cable, included with the PacketShaper, offers both 9-pin and 25-pin connectors on each end. To access the command-line interface with a serial connection: 1. 2. 3. 4. Attach the null-modem cable to the serial port on your workstation or PC, using the connector that matches your serial port configuration (9-pin or 25-pin). Connect the 9-pin connector on the other end of the null-modem cable to the PacketShapers port labeled CONSOLE. Open a terminal emulation program (such as HyperTerminal). Verify that you have configured your program with the following values to communicate with the PacketShapers console serial port:
6-3
9600 bps, 8 data bits, 1 stop bit, no parity, no hardware flow control If you are using a modem connected to the serial port, the modem must be set to: 9600 bps, 8 data bits, 1 stop bit, no parity, auto-answer (usually ATS0=1 in the standard Hayes command set), and DTR always on (usually the command AT&D0 or a DIP-switch setting). Check the modem manual for details. 5. Power on the PacketShaper, if you have not already done so. If the unit was already turned on, you will need to press Enter several times to make the connection. The password prompt appears. For example:
PacketShaper (console) Password:
6.
Press Enter to bypass this prompt. You will configure passwords during setup. The PacketShaper prompt appears.
7.
Did you successfully access Guided Setup? If so, turn to page 6-6 and configure the software. If you did not successfully access the PacketShaper, see Problems? below.
Problems? Whats wrong? Link light on front of unit is not lit and the Tx/Rx lights are not flickering. What might fix it: You may have used the wrong type of cable to connect the PacketShaper. See the chart on page 2-5. If you are using the correct type of cable, the cable itself may be bad. Try a different cable. Ethernet auto negotiation may be failing. Packeteer Ethernet settings can be configured manually with either the command line setup nic command or the Setup:Basic Setup page in the browser interface. Check the router, switch, and PacketShaper with the setup show CLI command. If they are set to auto-negotiate, reset at least one of them to another setting. For instructions on accessing the CLI, see Accessing Guided Setup With a Remote Login Utility on page 6-3. For details on the setup nic command, see the online PacketGuide. PacketShaper is blocking traffic. Turn off traffic shaping from the setup tab. If this corrects the problem, policies or partitions are configured incorrectly. Check the policies and partitions you have created. You may have used the wrong type of cable to connect the PacketShaper. See the chart on page 2-5. Telnet is not responding. Exit the Telnet session and start a new one. Ensure that the PacketShaper is placed between the client and the default gateway. If you are using a site router, ensure that the site router address is correct. Is it a real IP address or just a virtual address?
6-4
Whats wrong? Cant access unit with a browser. The lights on front of unit are not illuminated or flickering.
What might fix it: If you are using a site router, ensure that the site router address is correct. Is it a real IP address or just a virtual address? Some PacketShapers have an on/off switch. Check the back of the unit and press the switch if there is one. Are your network interface card (NIC) settings correct? Check them with the setup show CLI command. PacketShaper Ethernet settings can be configured manually with either the command line setup nic command or the setup tab in the browser interface. For instructions on accessing the CLI, see Accessing Guided Setup With a Remote Login Utility on page 6-3. For details on the setup nic command, see the online PacketGuide. You may have a bad NIC card in your PacketShaper; call support for further instructions.
If you want to configure another PacketShaper, you need to open a new browser window. If you reload the current window, the browser remembers the connection to the first unit and displays the login window instead of the Guided Setup window.
6-5
1.
Select local or shared mode. Shared mode is used to configure multiple PacketShapers with the PolicyCenter software. If you are not using PolicyCenter, or if you want to configure the unit independently of other units, choose local mode.
2.
Answer the questions as they are asked, using the information from the PreInstallation Checklist for Local Mode on page 1-12 or Pre-Installation Checklist for Shared Mode on page 1-17. When you are finished, click Commit All Settings. A dialog box notifies you that your configuration will be saved to your unit.
3.
Logging In
After you complete Guided Setup, the login window appears. 1. 2. 3. Enter the password (if any) that you just provided during Guided Setup. If a secure connection is desired, select the Secure Login checkbox. Click login.
When you successfully log in using a browser, the PacketWise software appears in your browser window. The info tab, shown below, is displayed initially.
6-6
When the PacketShaper is operating, the LCD panel (if your model includes one) shows traffic passing through it.
Note: When the PacketShaper is in bypass mode, the traffic throughput display is not available. For details on bypass mode, see Failover Bypass on page 2-1, page 3-1, page 4-1, or page 5-1.
Problems? Whats wrong? Both the inbound and outbound values shown in the LCD are zero. What might fix it: Traffic is not flowing through the PacketShaper. First be sure there is actually traffic on the network. Then, access the PacketShaper and check the setup tab to make sure the IP addresses are correct for both devices that the unit is connected to (the site router IP address for example). Traffic passing through the PacketShaper is asymmetric. Access the Packeteer unit and check the setup tab to make sure the IP addresses are correct for both devices that the unit is connected to (the site router, for example). Traffic Discovery may not be turned on. Access the PacketShaper and check the setup tab to make sure Traffic Discovery is set to on. Your browser may not be set to reread the HTML page source every time as required by PacketWise. See Accessing PacketWise Guided Setup With a Browser on page 6-2.
Either the inbound or the outbound value in the LCD is zero. The LCD readout shows traffic but the traffic tree is empty.
6-7
Whats wrong? Traffic discovery is not collecting information the way I expected it to do.
What might fix it: Its possible that you accidentally connected the PacketShaper backwards that is, with the cable for inbound in the OUTSIDE connector and vice versa. If you set up your cables this way, your router must have been set to none (or you would have gotten the error Router Inside in your LCD window when you initially set up the unit). To find out if your cables are switched, specify a router in the setup tab. If you then get the error message Router Inside, your cables are connected incorrectly. Switch the cables. Is shaping turned on? If so, turn it off. Does this help network performance? If so, one of the policies or partitions needs to be reconfigured. Turn the PacketShaper off (or unplug it). Does this solve the problem? If so, the unit is probably not placed in a good location on the network. For example, it could be overwhelmed with traffic at the central server. Ensure that the default gateway address is correct. Is it a real IP address or just a virtual address?
The network (even the LAN) slowed way down after I installed the PacketShaper.
Cant access unit via Telnet or a web browser. The PacketShaper failed and no network traffic is going beyond it.
If the NIC link settings are set to full duplex for one port and half duplex for the other (to accommodate connected equipment), the PacketShaper copes with it. When the unit fails or is off, the bypass switch cant work because of the different duplex settings. Inbound and outbound link rates are probably set too high. Check the setup tab to be sure rates match the router rate.
Router is swamped.
6-8
To change the configuration: 1. 2. Click the setup tab in the PacketWise browser interface. In the Setup window, verify or modify configuration details. Note that there is more than one setup page; change pages using the Choose Setup Page drop-down menu at the top of the screen.
3.
Click apply changes to update the settings with any changes you made.
6-9
If you forget the touch password, you can use the password recovery method to access the unit and then reset the password. To ensure that security is not compromised, this feature works only when you are directly connected to the units CONSOLE port. 1. 2. 3. Connect the null-modem cable (included with your unit) from the units CONSOLE port to the serial port on your PC or workstation. Open a terminal emulation program (such as HyperTerminal). Verify that you have configured the program with the following values to communicate with the units CONSOLE serial port: 9600 bps, 8 data bits, 1 stop bit, no parity, no hardware flow control If you are using a modem connected to the serial port, the modem must be set to: 9600 bps, 8 data bits, 1 stop bit, no parity, auto-answer (usually ATS0=1 in the standard Hayes command set), and DTR always on (usually the command AT&D0 or a DIP-switch setting). Check the modem manual for details. 4. 5. 6. Power cycle the PacketShaper. If your unit doesnt have a power switch, unplug the power cord and then plug it back in. When prompted for the password, type touchpwd= within thirty seconds, and press Enter. You will then be prompted for a new password. Enter a new password.
6-10
High Availability
In a general sense, high availability is a network topology feature that ensures mission critical applications are available 100% of the time. This goal is typically accomplished by having multiple access routers with multiple WAN interfaces. PacketShapers can sit in these redundant router topologies and perform their traffic management responsibilities, without disrupting the existing high availability configuration. As part of the high availability solution, you can install PacketShapers in redundant network paths to provide PacketShaper redundancy in case one of the units fails. This capability is called direct standby. It is described more fully below. Another part of the solution is access-link monitoring. This feature allows the PacketShaper to automatically adjust Inbound and Outbound partition sizes as WAN links go down and back up. In addition, this feature can help prevent link overload that may occur when a loadbalancing scheme is less than perfect. Configuration of access-link monitoring is outside the scope of the Getting Started Guide; however, it is described in detail in the online PacketGuide.
Standby Modes
PacketWise offers two modes to provide PacketShaper redundancy. Direct standby allows two PacketShapers to work in a redundant network topology, with each unit connected to a different router. The other mode, hot standby, allows PacketShapers to act as a redundant pair connected to the same router. The remainder of this chapter describes how to configure PacketShapers for direct standby; for further information on hot standby, see PacketGuide.
Note: In order to use standby, you must modify each standby unit to inhibit the normal failover bypass function of a disabled or powered-down PacketShaper. See Disabling Bypass Relays (3500, 7500) on page 7-4, Disabling Bypass Relays (2500, 6500) on page 7-6, or Disabling Bypass Relays (9500, 10000) on page 78. An exception is the PacketShaper 1400, which requires no modification.
Direct Standby
The direct standby function allows two PacketShapers to work in a redundant network topology, with each unit connected to a different router. The two units are directly connected to each other, through the OUTSIDE port on a LAN Expansion Module (LEM), or through the port labeled BACKUP OUTSIDE on a PacketShaper 1400. Both units are considered active and each unit can receive and forward traffic. To ensure that both units accumulate the same traffic tree and measurement data, each PacketShaper processes the packets received by the other unit. When a unit directly receives traffic, it will copy that traffic and transmit it to the other unit. The other unit will classify the traffic, just as if it
7-1
had received it directly, but it will never forward the traffic onto the LAN. As a result, each unit is ready at any time to take over full PacketShaper responsibility should the other unit fail.
clients
WAN
The direct standby feature can operate in a redundant topology that is set up to do load balancing (in other words, traffic flows through both paths) or one that is set up as a backup in case of component failure (traffic flows through one path). When using the direct standby feature in a load-sharing topology, set the link speed to the sum of both WAN links. Because each unit receives copied packets from its partner, the overall Inbound and Outbound partition sizes must be able to support that level of extra traffic.
Note: In this situation, you may want to use the access-link monitoring feature (advanced mode) to monitor the routers WAN interfaces and avoid oversubscribing the WAN bandwidth. See PacketGuide for details.
The direct standby feature also works well in a topology in which inbound traffic goes through one path and outbound traffic goes through the other. Without the direct connection, PacketWise would classify these flows as asymmetric and would be unable to manage application traffic or take advantage of Packeteers TCP Rate Control, a technology that smooths bursty traffic. With the direct standby feature, each PacketShaper is able to see both inbound and outbound traffic and manage the traffic appropriately. Feature Requirements and Limitations The direct standby feature has the following requirements and limitations: The following Packeteer features cannot be used in conjunction with the direct standby feature: Frame Relay and ATM. All PacketShaper models except the 1400: the two units must be directly connected using the OUTSIDE ports on the upper-most or right-most LEM. In other words, if the PacketShaper has two LEMs installed, the upper or right LEM must be used for the direct connection. This LEM cannot be configured for compression. PacketShaper 1400 only: the two units must be directly connected using their BACKUP OUTSIDE ports. When compression and direct standby are both enabled, Packeteer recommends that automatic reprobe mode be used on Xpress units at all branch offices. Use the setup compression reprobe auto CLI command to enable automatic reprobe mode. Both units must be running the same version of PacketWise and have the same plug-ins installed.
7-2
Both units must have the same configuration limits. For example, both units must be 512-class PacketShaper 3500s, 64-class PacketShaper 1400 Lites, and so on. You should not mix units with different capacities since the units will be passing the same traffic and require identical configurations. Both units must have identical hardware configuration: the same PacketShaper model, link speed, installed memory, number of LEMs installed, and type of LEMs (fiber optic vs. copper Ethernet). If there is any difference in the two partner units, the direct standby feature will not function optimally. The two units must be configured with the same touch password. A customer portal IP address should not be configured. The bypass relays in the PacketShaper and all LEMs must be disabled (not applicable to the PacketShaper 1400). See Modifying a PacketShaper for Direct Standby on page 7-4. Note: Since PacketShapers with fiber-optic connectors dont have bypass jumpers, they do not need to be modified. The Packeteer Fiber Bypass Switch should not be deployed in direct standby mode.
Because the bypass relays have been disabled, PacketShapers should not be powered off when they sit in a redundant configuration doing so will cause loss of connectivity on that link and all traffic will be routed to the other path. The direct link connection between the two PacketShapers must be equal to or greater in speed than each of the WAN links. This requirement ensures that each unit receives copies from the other unit fast enough to prevent out-of-order packets. The following types of packets are not copied over the direct connection: broadcast/multicast/unicast packets, attack packets, and IPComp control packets (when using Xpress). Link state mirroring is automatically enabled when direct standby is enabled if the redundant management link is connected. (With link state mirroring, PacketWise will bring down the second port of a NIC pair if the first goes down.)
7-3
To disable the bypass relays: 1. Disconnect the system from any telecommunication links, networks, or modems, and then turn off the system power source. WARNING: Failure to disconnect these cables before you open the unit can result in personal injury or equipment damage.
2. 3.
Unplug the power cords. Ground yourself. WARNING: Electrostatic discharge (ESD) can damage system components. If an ESD station is not available, wear a wrist strap attached to a metal part of the unit. If you dont have a strap, touch some metal part of the case to ground yourself.
4. 5.
If they are present, remove the rackmount ears. In order to remove the top cover, the LEM cover must be removed: Using a Phillips-head screwdriver, remove the two screws on the side.
7-4
6.
Remove the screws that attach the top cover to the chassis:
7.
Slide the cover toward the back of the unit as shown below, and then lift the cover up to remove.
7-5
8.
Remove all nine jumpers from the motherboard. These jumpers are located just behind the INSIDE RJ-45 connector, between two relays, as shown in the following illustration.
Jumpers
9.
Note: Retain the jumpers in case the unit is later used in a non-standby application. If this unit has RJ-45 connector LEMs installed in either of the two slots, you must remove the jumpers from these cards. Note that fiber-optic LEMs should NOT be connected to a Fiber Bypass Switch when using direct standby.
10. Set the cover on top of the chassis and slide the cover forward, toward the front of the unit. As you slide the cover into the chassis, make sure the lip on the cover fits into the slot on the chassis. 11. Replace the LEM cover and all screws. 12. Repeat the above steps for the other standby unit. 13. Proceed to Connecting to a Redundant Router Topology on page 7-12.
To disable the bypass relays: 1. Disconnect the system from any telecommunication links, networks, or modems, and then turn off the system power source. WARNING: Failure to disconnect these cables before you open the unit can result in personal injury or equipment damage.
2. 3.
Unplug the power cords. Ground yourself. WARNING: Electrostatic discharge (ESD) can damage system components. If an ESD station is not available, wear a wrist strap attached to a metal part of the unit. If you dont have a strap, touch some metal part of the case to ground yourself.
4. 5.
If they are present, remove the rackmount ears. Remove the three cover screws. One screw is located next to the power supply receptacles at the back of the unit.
7-6
6.
Two screws are located on the bottom of the unit, near the back panel.
7.
Remove five jumpers from the motherboard. These jumpers are located just behind the INSIDE RJ-45 connector, between two relays, as shown in the following illustration.
LINK Tx /R 10 x 0
INS IDE
LINK Tx LINK Tx /R 10 x 0
INS IDE
/R 10 x 0
OU TS IDE
LINK Tx
/R 10 x 0
OU TS IDE
Jumpers
LIN K Tx /R 10 x 0
LIN K Tx /R 10 x 0
7-7
8.
Note: Retain the jumpers in case the unit is later used in a non-standby application. If this unit has RJ-45 connector LEMs installed in either of the two slots, you must remove the jumpers from these cards. Refer to the LAN Expansion Module documentation for instructions. Note that fiber-optic LEMs should NOT be connected to a Fiber Bypass Switch when using direct standby. Replace the cover and screws.
9.
10. Repeat the above steps for the other standby unit. 11. Proceed to Connecting to a Redundant Router Topology on page 7-12.
Note: If your PacketShaper has fiber-optic connectors, you can skip this section the unit doesnt have bypass jumpers. However, you will have to remove bypass jumpers from any RJ-45 connector LEMs. See the LAN Expansion Module documentation for instructions.
To disable the bypass relays on PacketShapers with RJ-45 connectors: 1. Disconnect the PacketShaper from any telecommunication links, networks, or modems, and then turn off the system power source. WARNING: Failure to disconnect these cables before you open the unit can result in personal injury or equipment damage.
2. 3.
Unplug the power cords. Ground yourself. WARNING: Electrostatic discharge (ESD) can damage system components. If an ESD station is not available, wear a wrist strap attached to a metal part of the unit. If you dont have a strap, touch some metal part of the case to ground yourself.
4. 5.
If they are present, remove the rackmount ears. Remove screws and side door as shown.
7-8
6.
PacketShaper 10000
7.
Remove the top cover: 9500: Lift the cover straight up. 10000: Slide the cover toward the back of the unit as shown below, and then lift the cover up to remove.
7-9
8.
Remove nine jumpers from the built-in Ethernet card. These jumpers are located just behind the INSIDE RJ-45 connector, between two relays, as shown in the following illustration.
LIN K Tx /R x
9.
Note: Retain the jumpers in case the unit is later used in a non-standby application. If any RJ-45 connector LAN Expansion Modules have been added to the two available slots, you must also remove the jumpers from those cards. For details, see the LEM manual. Note that fiber-optic LEMs should NOT be connected to a Fiber Bypass Switch when using direct standby.
7-10
10. Replace the top cover: 9500: Set the cover on top. 10000: Angle the cover as shown below. As you slide the cover into the case, make sure the lip on the cover fits into the slot on the case.
Lower the cover so that its resting on top of the case. Slide the cover towards the back of the unit so that the cover overhangs approximately 3/8 inch (1 cm); when you hear a click as the rear lip drops below the rear slot, slide the cover forward. 11. Replace the screws. 12. Replace the side door and screws. 13. Repeat the above steps for the other standby unit. 14. Proceed to Connecting to a Redundant Router Topology on page 7-12.
7-11
Legend:
I O I O I O I O
I O
The illustration above is an example of one of four supported redundant topologies. The complete set of supported topologies appears later in this section. You directly connect PacketShapers via a LEM. If two LEMs are present, you must use the upper-most or right-most LEM for the direct connection between PacketShapers. More detail on the direct connection appears below. When you connect a PacketShaper in a redundant topology, you can access and manage the unit from any of the LAN-connected ports. If desired, the INSIDE port on the directstandby LEM can be connected to a management network. Note, however, that when this port is connected, it becomes the exclusive management port for the unit; you will not be able to access the unit from the other ports. On PacketShaper 3500 and 7500 models, you can connect to a management network via the MGMT port. This connection would provide a secondary way to access the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only. If both the MGMT port and the INSIDE port on the direct standby LEM are connected, the MGMT port takes precedence.
7-12
Connecting PacketShapers into a Redundant Network Refer to the topology diagrams on the following pages as you follow these basic connection instructions: 1. Make sure you have disabled the bypass relays (not applicable to the PacketShaper 1400). See Disabling Bypass Relays (3500, 7500) on page 7-4, Disabling Bypass Relays (2500, 6500) on page 7-6, or Disabling Bypass Relays (9500, 10000) on page 7-8. On the router, disconnect the straight-through cable that goes to the switch. Reconnect this cable to the PacketShapers built-in port labeled INSIDE. Connect the built-in OUTSIDE port to the router, using the orange crossover cable. Repeat the above steps for the other router/switch. To directly connect the two PacketShapers, connect a crossover cable between the OUTSIDE LEM port on each unit, or between the BACKUP OUTSIDE ports on the PacketShaper 1400. If a unit has two LEM cards installed, you must use the upper or right LEM. Proceed to Turning on the PacketShaper on page 2-7 (models 1550/2500/6500), Turning on the PacketShaper on page 3-7 (model 1400), Turning on the PacketShaper on page 4-8 (models 1700/3500/7500 models), or Turning on the PacketShaper 9500/10000 on page 5-13 (models 9500/10000).
2. 3. 4. 5. 6.
7.
7-13
Legend: Live data path Direct Connection Alternate Management Link Router Switch Inside Outside
I O
I O
I O
I O
I O
Mgmt. Network
This basic redundant router topology uses a single LEM to connect the redundant PacketShapers. On PacketShaper 3500 and 7500 units (shown above), the MGMT port can be connected to a management network to provide an alternate way to manage the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only.
7-14
Legend: Live data path Direct Connection Router Switch Inside Outside
I O I O
I O
This basic redundant router topology uses the BACKUP OUTSIDE ports to connect the redundant PacketShapers.
Legend: Live data path Direct Connection Router Switch Inside Outside
I O
I O
I O
I O
I O
This basic redundant router topology uses a single LEM to connect the redundant PacketShapers.
7-15
I O
I O
I O
I O
Mgmt. Network
This topology requires two LEMs. The left LEM is for the redundant data path and the right LEM is used to connect the PacketShapers directly. On PacketShaper 3500 and 7500 units (shown above), the MGMT port can be connected to a management network to provide an alternate way to manage the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only.
Legend: Live data path Direct Connection Alternate Management Link Router Switch Inside Outside
I O
7-16
I O I O I O
I O
Legend: Live data path Direct Connection Router Switch Inside Outside
I O
This topology requires two LEMs. The lower LEM is for the redundant data path and the upper LEM is used to connect the PacketShapers directly.
7-17
Legend: Live data path Direct Connection Alternate Management Link Router Switch Firewall Inside Outside
I O
I O
I O
I O
I O
Mgmt. Network
The firewall shown in this topology can actually be any generic device that sits in this position. A single LEM is needed to connect the redundant PacketShapers. On PacketShaper 3500 and 7500 units (shown above), the MGMT port can be connected to a management network to provide an alternate way to manage the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only.
7-18
Legend:
I O I O Backup Outside Ports I O I O
I O
Live data path Direct Connection Router Switch Firewall Inside Outside
The firewall shown in this topology can actually be any generic device that sits in this position. The BACKUP OUTSIDE port connects the redundant PacketShapers. With PacketShaper 4500, 6500, 8500, 9500, 10000
Legend:
I O I O I O I O
I O
Live data path Direct Connection Router Switch Firewall Inside Outside
The firewall shown in this topology can actually be any generic device that sits in this position. A single LEM is needed to connect the redundant PacketShapers.
7-19
I O
I O
I O
I O
Mgmt. Network
In this topology, there are routers on each side of each PacketShaper. On PacketShaper 3500 and 7500 units (shown above), the MGMT port can be connected to a management network to provide an alternate way to manage the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only.
Legend: Live data path Direct Connection Alternate Management Link Router Switch Inside Outside
I O
7-20
Legend:
I O I O I O I O
I O
7-21
The two PacketShapers must have similar traffic trees so that flows will be classified and controlled identically, and the same measurement data will be collected on each unit. Youll want to make sure each unit has the same traffic classes, policies, partitions, and settings. Packeteer offers several ways you can configure units with the same settings. Save and Load Configurations With this technique, you configure one of the standby units, save its configuration, and then load the configuration on the other standby unit. 1. 2. 3. 4. 5. Set up one unit with the desired classes, policies, partitions, events, agents, and other settings. (See Chapter 9, PacketShaper Quick Start) Save the configuration with the config save CLI command. This creates a file with a .ldi extension. Use PacketWises File Browser to copy the .ldi file to a PC or network drive. Log into the other standby unit and use the File Browser to upload the .ldi file. Load the configuration with the config load CLI command.
If you need more detail on any of the above steps, refer to PacketGuide. Use PolicyCenter PolicyCenter is a Packeteer software package that centralizes management and propagates configuration changes to multiple PacketShapers. You can use PolicyCenter to distribute traffic configurations between direct standby units.
To configure units for direct standby: For each standby unit, configure the IP address and all other parameters. Note: The two units must be configured with the same touch password. Open a browser window, enter the IP address of one of the PacketShapers, and log in. Click the setup tab. On the Choose Setup Page list, choose standby. The Standby Configuration screen appears. For the Type, select Direct. Click apply changes. Repeat the above steps to enable direct standby on the other unit.
2. 3. 4. 5. 6. 7.
7-22
8.
To check the standby status, go to the Standby Configuration setup page. You should see the message Standby/Direct is active with partner. Check the table below if you see a different status message. Status Message Description The unit is unable to establish communication with another PacketShaper. Make sure the units are directly cabled though the OUTSIDE port on the upper-most or right-most LEM, or through the BACKUP OUTSIDE port in the PacketShaper 1400. When two PacketShapers are directly connected, traffic is running, and then the direct standby feature is disabled on one of the partner units, the copied packets coming through the direct link between the units are leaking onto the LAN causing the receiving unit to see duplicate packets. Note that this situation happens only for a short time period because the unit sending the copied packets would stop sending packets immediately upon realizing that its partner is down.
To disable the direct standby feature, choose None on the Standby Configuration setup page.
Note: You must also replace the jumpers removed from the motherboard and all LEMs. If you fail to re-install the jumpers, the PacketShaper will not bypass traffic when it is powered down or in a failed state. In a non-standby configuration, all WAN traffic would be blocked.
7-23
7-24
Note: Because a PacketShaper in watch mode cannot perform traffic shaping, this feature is more often used on units configured only with the monitoring module.
The watch mode feature offers functionality similar to a network probe, but the PacketShaper can classify and record measurement data by application (layer 7), not just by port. For example, suppose youre investigating slow SAP performance. A probe might give you packet rates for one of the hosts using SAP, but doesnt tell you which portion is SAP traffic. The PacketShaper gives you usage rates for SAP traffic for all hosts or specific hosts. PacketShapers in watch mode have the following capabilities: Compatible with SPAN ports, mirrored switch ports, and hubs connecting multiple routers Monitor traffic to/from up to 256 WAN routers Receive traffic from up to three network segments (if LAN Expansion Modules are installed) Manageable from a separate network than the one being monitored
Non-Inline Deployment Requirements and Limitations Packeteers non-inline deployment has the following requirements and limitations: Packeteer has tested and certified watch mode compatibility with the Cisco Catalyst 4000/5000 series and the Dell PowerConnect 5212. Packeteer has tested and certified tap compatibility with the following NetOptics taps: 10/100 Ethernet, Gigabit 1000BaseTX, and fiber-optic splitter. See Connecting to a Network Tap on page 8-9. Packeteers watch mode and direct standby features cannot be used together.
8-1
Device classification cannot be used in watch mode. Because PacketWise performs classification by device (LEM) when a packet exits the PacketShaper, and watch mode drops all packets, the packets do not exit on any interface and thus cannot be classified by interface. If you are using watch mode and want to classify and/or control traffic by device, you can create classes based on the MAC address of the watch mode routers. Watch mode is not supported on the PacketShaper 1200 and 1400 Lite models.
Another useful application of watch mode is to evaluate Packeteers Xpress compression feature, using a single PacketShaper. When a PacketShaper is deployed non-inline with compression and watch mode enabled, PacketWise will estimate the amount of compression that would have occurred on outbound data if the unit had been deployed inline. All the compression statistics, graphs, and reports are accessible and reflect an estimation of compression benefits. To come up with these estimates, Xpress does not compress the live data; it compresses the packets that were copied to the unit and then drops the compressed data. Packeteers Compression Estimator provides you with a simple way to project compression gains from PacketShapers compression module with a single unit evaluation. Deployed using mirrored switch ports, taps, or SPAN ports, Compression Estimator allows a PacketShaper to monitor traffic and estimate the bytes saved for different application traffic types and produce overall compression savings estimation for the entire link. See Configuring the Compression Estimator on page 8-11. Compression Estimator Limitations Compression Estimator mode has the following limitations: Works on outbound traffic only. An outbound data center traffic installation represents a good proxy for traffic mixes. Due to the asymmetric nature of traffic, the majority of traffic is served outbound from data center servers and represents a suitable proxy for overall network traffic. Offers statistics on byte savings and bandwidth increases, but doesnt provide differences in response times. (An inline deployment of a PacketShaper with the compression module offers this capability.) Is not applicable where existing PacketShapers are deployed inline. This mode is targeted for new customers. Existing customers with inline deployments can enable compression evaluation keys on two PacketShapers to enable a real-world test.
8-2
Note: If the Dedicated Management Port feature is enabled on a PacketShaper 1700, 3500, or 7500, you will only be able to access the unit through the MGMT port; you cannot manage via any other port.
Watch mode is supported in a variety of network configurations. The supported topologies are illustrated and described in the following pages. Use this legend when referring to the topologies on the following pages.
Legend: Router Switch Hub Management Link Inside Outside
I O
If a PacketShaper is connected to a switch, it should be connected to a SPAN (Switched Port Analyzer) port so that it can monitor the WAN traffic. To monitor traffic sent by the switch to the router, copy the bidirectional traffic on the switchs router port to the SPAN port so that it can be received and monitored by the PacketShaper.
Topology 1
Note: Do not actually make the connections shown in the following topologies until you have read Configuring PacketWise Software on page 8-7.
In this topology, a hub is connected to the OUTSIDE port on the PacketShaper and nothing is connected to the INSIDE port. The unit will be accessed and managed from the same LAN that is being monitored.
I O
8-3
Topology 2
In this topology, the PacketShaper monitors network traffic via a connection between its OUTSIDE port and a switchs SPAN port. The INSIDE port, which is connected to the switch, is used for PacketShaper access and management. Traffic received on the management port is not classified or measured.
I O
SPAN port
Topology 3
This topology is similar to Topology 2 in that the PacketShapers OUTSIDE port is connected to a switchs SPAN port. In Topology 3, however, you can access the PacketShaper from a PC on another LAN. On a PacketShaper 1700, 3500, or 7500, you can use the MGMT port to manage the unit from another LAN.
IO
SPAN port Management link (MGMT port)
On the PacketShaper 1400, you can manage the unit from the BACKUP INSIDE port. Traffic received on the management port is not classified or measured..
I O I O
SPAN port
On other PacketShaper models, you can manage the unit from an INSIDE port on a LEM.. Traffic received on the management port is not classified or measured.
Management link
I O I O
SPAN port
8-4
Topology 4
In this topology, the PacketShaper monitors traffic on up to three different LAN segments. This is achieved by using two LEMs. The built-in OUTSIDE port is connected to a switch or hub on one LAN and the OUTSIDE ports on two LEMs are connected to two other LANs. On a PacketShaper 1700, 3500, and 7500, you can use the MGMT port to manage the unit from another LAN.
I O
On other PacketShaper models, you can manage the unit from any of the INSIDE ports (built-in or LEM).
Management link
I O I O
8-5
Topology 5
In this topology, the network to be monitored is connected to the OUTSIDE port on a LEM, or to the BACKUP OUTSIDE port of the PacketShaper 1400. The built-in INSIDE port is used for management access to the unit. This configuration is appropriate, for example, when a fiber-optic LEM is installed on a PacketShaper 6500 in order to monitor a fiberoptic network.
I O I O
Management link
On a PacketShaper 1400, the network to be monitored is connected to the BACKUP OUTSIDE port. The INSIDE port is used for management access to the unit
I O I O
Management link (INSIDE port)
On a PacketShaper 1700, 3500, or 7500, you can use the MGMT port to manage the unit from another LAN.
I O
I O
8-6
3. 4. 5.
Watch Mode and Site Routers When watch mode is enabled, the Site Router field is ignored. If you have defined a site router IP address when watch mode is turned on, a message similar to the following may appear on the Info screen:
Site router configuration is ignored in watch mode.
This message doesnt appear if you have set the Site Router field to none.
To turn on watch mode: 1. 2. 3. Click the setup tab. Set Shaping to watch. Click apply changes.
The LCD panel flashes Watch Mode and the Info page says Shaping: Watch. Although watch mode is enabled, traffic cannot be monitored until you connect the OUTSIDE port to the network you want to monitor and add routers to your watch list.
Adding Routers
Note: When connecting a PacketShaper to a tap, do not use watch mode; instead, set Shaping to off. You will not need to create a router watch list in this case, since the list is only used in watch mode.
The watch mode feature can monitor traffic to/from up to 256 routers. The PacketShaper uses the router list to determine direction of the packets the unit is monitoring: if a packet is from the router, it will be considered to be inbound or if the packet is to the router, the packet will be considered outbound. If both the source and destination addresses of a packet are in the watch list, the packet is considered same side traffic.
8-7
You identify each router by its IP or MAC address. If you enter an IP address, PacketWise will attempt to resolve its MAC address. Note that when the PacketShaper lacks two-way communication with the end host, you must define the router by its MAC address. For example, when a PacketShaper is connected to a switchs SPAN port, the unit receives copies of the packets that go through the switch, but since communication is one way, it cannot send ARP requests to determine the routers MAC address. In this case, you must define the router by its MAC address, not IP address. To add a router to the watch list: 1. If you are still on the Basic Settings setup page, click the Watch Mode Configuration link. or Click the setup tab and choose watch mode from the Choose Setup Page drop-down list. 2. Click add router. The Add Watch Mode Router screen appears.
3.
In the Name field, enter a descriptive name to uniquely identify the router (up to 32 characters; no spaces are allowed, the only special characters allowed are colon, dash, underline, and period.) In the IP Address field, enter the routers IP address. or In the MAC Address field, enter the routers MAC address.
4.
5. 6.
Click add router. Repeat steps 2-5 for each router you want to add to the watch list.
Next Step
Once watch mode is configured, the PacketShaper will begin collecting data for the traffic it is watching. For information on viewing statistics, graphs, and reports, see Chapter 9, PacketShaper Quick Start.
8-8
IO
TAP
Management port
On the PacketShaper 1400, you must use one of the BACKUP ports to manage the PacketShaper.
I O I O
TAP
If you have set your site router to none (recommended), you can access the unit via the BACKUP INSIDE or BACKUP OUTSIDE port. The units address can be on the same or different subnet from the subnet being monitored (where the tap is located). If you have set a specific site router address, Packeteer recommends that you manage the PacketShaper via the BACKUP OUTSIDE port. In addition, the units address, site router, and management port connection must be on the same subnet.
8-9
On other models, you must use a LEM port to manage the PacketShaper.
Management link
I O I O
TAP
If you have set your site router to none, you can access the unit via the INSIDE or OUTSIDE LEM port. The units address can be on the same or different subnet from the subnet being monitored (where the tap is located). If you have set a specific site router address, Packeteer recommends that you manage the PacketShaper via the OUTSIDE LEM port. In addition, the units address, site router, and management port connection must be on the same subnet.
8-10
2. 3.
Install the compression module key, following the instructions included with the key. Set the Xpress-IP address and gateway for the device (main or LEM) you are using for compression estimation: a. From the Choose Setup Page list, select compression. The Xpress-IP Settings screen appears.
8-11
b.
For each Packeteer device (PacketShaper or LEM) you want to use for compression, fill in the following information: Field IP Address Description IP address to assign to the interface; each interface must have a unique address. Note that this address is used by the compression module (Xpress) feature and is not for managing the PacketShaper. An Xpress-IP address can NOT be the same as the units management address if you have a LEM installed or if you have enabled the Dedicated Management Port feature. It should not be the same address as the secondary customer portal address. Packeteer strongly recommends that you do not use the management IP address for an Xpress-IP address. Net Mask Gateway Subnet mask IP address of the router
c. 4. 5. 6. 7. 8.
From the Choose Setup Page list, select basic. Set Compression to on to enable compression. Set Shaping to watch to turn on watch mode. Click apply changes to update the settings. Add your router(s) to the watch list. (See Adding Routers on page 8-7.)
To see an estimate of how compression is working on your link, you can look at compression reports. For more information, see Displaying Compression Reports on page 10-6.
Note: If you arent seeing compression results, its possible that the PacketShaper isn't able to resolve the gateways IP address. In this case, youll need to manually add the address to the ARP table using the arp privadd command.
If you want to use the compression module to compress data, you will need to purchase the compression module key and deploy additional PacketShapers (to create compression tunnels). All units must be deployed inline in order to compress data.
8-12
If your PacketShaper is configured with the compression module, read this chapter before turning to the next chapter, Compression (Xpress) Quick Start. If you are using a PacketShaper ISP model, see Chapter 11, PacketShaper ISP Quick Start.
9-1
Discovering Traffic
Note: Because PacketShaper 1200 and 1400 Lite models are limited to 64 classes, you may want to create traffic classes manually rather than enabling the automatic traffic discovery feature.
Automatic traffic discovery may already be enabled. To check the status of the Traffic Discovery setting: 1. 2. 3. 4. 5. Access the PacketWise software by entering PacketShapers URL or IP address in your browser. Check the status line underneath the tabs. If it says Discovery: On, you can skip the following steps. Click the setup tab in the PacketWise navigation bar. To enable automatic traffic discovery, select on for Traffic Discovery. Click apply changes.
Traffic needs to run through the PacketShaper over time before you can see trends and decide on a course of action. We suggest you collect data for at least three days.
Note: Make sure the mission-critical applications are being accessed during this time so that the protocols, services, and/or applications will be auto-discovered.
The traffic discovery process detects traffic types and creates traffic classes automatically. For example, web surfing is categorized in the HTTP traffic class. To see what classes the PacketShaper has auto-discovered, display the traffic tree: 1. 2. Access the PacketWise software by entering PacketShapers URL or IP address in your browser. Click the monitor or manage tab in the PacketWise navigation bar. The discovered classes appear in a hierarchical tree under the Inbound and Outbound folders.
9-2
PacketWise displays applications in a hierarchical tree representing application traffic traveling inbound and outbound (relative to the PacketShaper). Applications listed in the Outbound folder represent a request for data from external servers or responses of data from internal servers to outside requests. Applications shown in the Inbound folder represent the data being transmitted from outside servers to the LAN or requests for data from internal servers. When managing an applications performance, you must consider the characteristics and significance of an application flows direction. For example, suppose a user is running Oracle as a published application over Citrix Metaframe. Assume the Oracle user is on the LAN side of PacketShaper, and the server is on the outside. In the traffic tree, the /Outbound/Citrix/Oracle class tracks the data entry activity. The /Inbound/Citrix/Oracle class tracks the data downloads.
Problems? Whats wrong? The traffic tree is empty. The traffic tree doesnt have classes for some of the applications I know are on the network. What might fix it: Is traffic discovery turned on? Look at the status line underneath the tabs to make sure it says Discovery: On. Have users initiated new sessions after connecting the unit to the network and configuring the PacketShaper? A PacketShaper cant discover traffic classes until it sees the traffic. Make sure users are accessing the critical applications and establishing new sessions on the network. To avoid creating classes needlessly, the PacketShaper must see at least three* distinct flows of an application before it deems the flows significant enough to warrant autodiscovery. The flows must begin within the same time-out interval, typically one minute, and should have different source/destination address pairs. If youre performing tests and want a specific application to be auto-discovered, it may be necessary to open a session, quit, and then re-open the application so that PacketWise sees another session. Is the PacketShaper installed on an Internet link between the VPN gateway and the router? If so, the unit sees encrypted traffic, not individual applications; consequently, the applications will not appear in the traffic tree. In order to differentiate between encrypted applications, the unit must be positioned between the LAN and the VPN gateway. Although PacketWise classifies hundreds of applications, there could be custom or unique applications that do not get auto-classified. To accommodate these situations, PacketWise provides the ability to create classes manually. Are you using a PacketShaper 1200 or 1400 Lite? If you have enabled automatic traffic discovery, the traffic tree will likely reach its maximum capacity (64 classes) quickly, and perhaps not with the applications you need to classify. For PacketShaper 1200 and 1400 Lite models, Packeteer recommends that you not enable traffic discovery; instead, manually create classes, or use PolicyCenter.
9-3
*The number of flows required to trigger class discovery can be adjusted using the Autodiscovery variables on the System Variables setup page.
9-4
Who is generating the most Citrix traffic? (If you dont have Citrix, use any other class of interest.)
Note: Detailed reporting is also available via Packeteer ReportCenter. Because PacketShaper 1200 and 1400 Lite models have limited reporting capabilities, it is recommended that you use ReportCenter to generate your reports.
9-5
The Network Performance Summary shows you where most traffic occurs on the network. To view the summary: 1. Click the report tab on the navigation bar. The Network Performance Summary report appears. This report contains six graphs Utilization, Network Efficiency, and Top 10 Classes, for both the Inbound and Outbound directions. The default report graphs data from the last hour, but you can select a different time interval (such as three days), if you like. 2. To choose a different time interval, enter the number of minutes, hours, days, weeks, or months in the Show field, and then select the unit of time. For example, by entering 3 in the Show field and selecting day for the unit of time, you create a report with the data the PacketShaper collected over the last three days. 3. 4. 5. Click update to apply the new time interval settings. The new report appears. Scroll down to see the Top 10 Classes graph for inbound traffic. Scroll down further to see the Top 10 Classes graph for outbound traffic. Note: As you are viewing the Top 10 Classes pie chart in the Network Performance Summary, you may want more detail on a particular class. A quick way to get this detailed information is to click the class name on the pie chart legend. When you click a class name, the Statistics:Reports screen appears, where you can change the period or select additional graphs to include in the report. To print the report, click print.
6.
9-6
The Top Ten tab offers several reports that allow you to quickly see which classes have the highest average rate, peak rate, total bytes, or network efficiency. For example:
1. 2.
Note: The top ten tab is not available on PacketShaper 1200 and 1400 Lite models.
To view the Top Ten reports: Click the top ten tab on the navigation bar. In the View top field, enter the number of classes you want to view in the report (default is 10). To view all classes, clear this field so that its blank. Note: If you dont want to change the view (the next step), you must click update to see the revised list.
3. Select the desired view: View Average Rate Description The classes with the highest average bandwidth rate in the designated time interval; measured in bits per second (the default report type) The classes with the highest peak bandwidth rate in the designated time interval; measured in bits per second The classes with the highest total bandwidth consumed in the designated time interval; measured in bytes The classes with the most retransmissions (that is, the lowest network efficiency)
Peak Rate
Total Bytes
Network Efficiency
9-7
Set Policies
A policy controls traffic on a flow-by-flow basis. When you apply a policy to a traffic class, you define how each flow will be treated when competing with other applications. While there are several different types of policies you can create in PacketWise, the rate policy is the most common. With this type of policy, you can: Guarantee each flow a minimum bits-per-second rate Give each flow prioritized access to excess bandwidth Limit each flow to a maximum amount of bandwidth Take advantage of Packeteers TCP Rate Control technology that prevents traffic from being sent at a rate that is higher than it can be transferred and received, thereby greatly reducing queuing in router buffers and controlling inbound traffic Smooth bursty traffic (such as HTTP)
Priority policies, another type of PacketWise policy, establish a priority for traffic without specifying a particular rate. Use priority policies for non-IP traffic types, or traffic that does not burst (for example, Telnet). In addition to creating policies for mission-critical applications, you may also want to place controls on some of the most active services and applications on the network (such as HTTP or FTP). PacketShapers supply a set of suggested policies for many supported protocols and services. You can apply a suggested policy to a traffic class, whether it was manually created or automatically created by the traffic discovery process.
1. 2.
Note: Most suggested rate policies set the guaranteed rate to zero with bursting enabled. If you have a specific minimum rate requirement for an application, such as Voice over IP, you will need to modify the suggested policy.
To create a policy using PacketShapers suggested settings: Click the manage tab on the navigation bar. The Traffic Class window appears. Select a class in the tree in the left window pane.
9-8
3. 4.
In the Traffic Class window pane, click policy and select add from the menu. Click suggest policy in the New Policy window. A pop-up window appears, notifying you whether a default policy was found for this service type.
5. 6. 7.
Click OK in the pop-up window. To fine-tune the policy, overwrite the displayed values or select a new policy type. To create the policy, click add policy in the New Policy window.
Create Partitions
A partition is a virtual pipe that you can create for a given traffic class. This virtual pipe reserves bandwidth for all flows of a given type the traffic class aggregate. Partitions can protect traffic by guaranteeing a defined amount of bandwidth for the mission-critical traffic classes. For example, you could set a 128 Kbps partition for SNA traffic. This partition ensures that SNA will always have at least 128 Kbps of bandwidth. Partitions can also limit less important traffic by putting a cap on the amount of bandwidth a traffic class can use. For example, you can assign a 64 Kbps partition to FTP traffic. This prevents FTP traffic from consuming your entire link and blocking more important traffic. To create a partition: 1. 2. 3. 4. 5. 6. 7. Click the manage tab on the navigation bar. The Traffic Class window displays. Select the class in the traffic tree. Click partition in the Traffic Class window and click add. The New Partition window appears. In the Size field, enter the minimum partition size in bits per second (bps). Alternatively, you can select % and enter a percentage of the parent partition size. To allow the partition to use available excess bandwidth, select the Burstable checkbox. Optional: In the Limit field, set a maximum bandwidth limit to be used when the partition bursts. This limit must be greater than the partition minimum. Click add partition to create the partition.
Turn Shaping On
Policies and partitions have no effect unless traffic shaping is turned on. To do this: 1. 2. 3. Click the setup tab. Turn Shaping on. Click apply changes.
To verify that a traffic class and policy are working as expected, you can: Observe the number of Class Hits and Policy Hits for that class in the Monitor Traffic window. Class Hits are the number of times flows match the class and Policy Hits are the number of times the policy has been enforced. Generate more traffic for that traffic class to see if the number of hits increases. Compare the statistics (such as the peak rate) before and after the policy was set. Make a Class Utilization graph (not available on PacketShaper 1200 and 1400 Lite models). Be sure to specify a time period that includes before and after the creation of the policy.
9-9
Problems? Whats wrong? My graphs look strange: the data cant be correct. The LCD readout shows traffic but the traffic tree is empty. What might fix it: Is the date set correctly? Check the date & time page under the setup tab. Is traffic discovery turned on? Look at the status line underneath the tabs to make sure it says Discovery: On. Is your browser set to reread the HTML page source every time? This is a PacketShaper requirement. See Accessing PacketWise Guided Setup With a Browser on page 6-2. Is shaping turned on? Policies are only applied if shaping is on. Look at the status line underneath the tabs to make sure it says Shaping: On. Did you set too many policies? Try just setting policies for your most critical and most bandwidth-greedy classes. Is shaping turned on? Policies are only applied if shaping is on. Look at the status line underneath the tabs to make sure it says Shaping: On. Are you looking at current data? Use the update button to refresh the screen or the clear stats button to zero out the values and begin displaying new (post-policy) data.
Statistics on the Monitor Traffic screen dont seem to be consistent with the policies I set.
9-10
Advanced Features
Most PacketShaper models also support advanced monitoring and control features, for example: Response Time Measurement (RTM) The RTM feature tracks delay (network and server) statistics for connection-based TCP traffic classes. You can set acceptable responsetime thresholds for selected traffic classes. Response times are defined as bad or good according to the threshold you set. When a transactions total delay is lower than the threshold, the transaction is considered good. When the total delay is higher, the transaction is considered bad. Adaptive Response Packeteers adaptive response feature allows you to monitor the status of your network, the applications running on the network, and the capacities and loads of the PacketShaper. This feature can also detect hosts that are using up too much of the link, and allows you to set thresholds for specific traffic classes, links, and partitions and will notify you when thresholds are exceeded. For example, you can use adaptive response to automatically send an email, SNMP trap, or a Syslog message when there are unacceptable network delays. By having PacketWise send you notifications automatically, you have the opportunity to be aware of situations before they trigger user complaints. Flow Detail Records The Flow Detail Records (FDR) feature is an alternate method for gathering and processing per-flow statistics. When FDR is enabled, the PacketShaper will become an emitter, automatically pushing data to a remote system, called a collector, on a continuous basis. The unit will emit records that contain details of all flows that go through the PacketShaper to a collector, such as Packeteers ReportCenter 3. In ReportCenter, you can view a wide variety of reports to summarize and analyze the data for troubleshooting, diagnostics, or application-usage billing. A record format is also available for collectors and analyzers with Cisco NetFlow compatibility, such as Evident Billing Software and Cisco Collector. Packet Capture The packet capture feature captures packets for future analysis, allowing you to analyze detailed information about the packets in a class, such as the source and destination IP addresses and protocols used. For example, you can analyze packets in a Default or a port-numbered class to get details about the traffic hitting these classes. Or, you can use packet capture to investigate what an IP address-based class is doing. For information on these and other advanced features, see the online PacketGuide (click the packetguide tab in the browser interface).
9-11
9-12
PacketShaper Internet
PacketShaper
Tunnel A Tunnel C
Tunnel B
Xpress does not attempt to compress all traffic. Because the PacketShaper is application intelligent, it is able to identify each traffic flow and compress only the flows that are likely to achieve useful gains. Previously compressed traffic (such as streaming media) and encrypted data are examples of non-compressible traffic. The ability to apply appropriate compression algorithms to different applications is built into the Xpress compression engine. With this design, you can choose, for each application, the appropriate algorithm that will yield the best compression ratio, with minimal latency.
Note: If you want to evaluate the compression feature before purchase, you can use the Compression Estimator. See Chapter 7 for more information.
10-1
The list below describes the requirements and limitations for the Xpress feature: Xpress is supported on the following PacketShaper models. Make sure your model has the minimum amount of memory listed below: Packeteer Models 1200 1400 1550 1700 2500 Minimum Memory Requirement 256 MB 512 MB 256 MB 256 MB 512 MB Note: A Memory Upgrade Kit may be required. 1 GB 512 MB 2 GB 1 GB 2 GB 2 GB
To use Xpress on existing PacketShaper units, you need to purchase a compression module software key from Packeteer, and install it onto each unit. Xpress is not available on PacketShaper ISP models. If you are using Xpress with Packeteers direct standby feature, the LEM that is used for direct connection cannot be configured for compression. If Xpress is deployed in a Virtual Private Network (VPN), the (private) address space on both sides of the VPN tunnel between the Xpress units needs to be separate and unique in order to allow the two Xpress units to set up a compression tunnel. Only packets with unicast destination addresses are sent through the compression tunnel; broadcast and multicast packets are not sent through the tunnel. Non-IP protocol traffic (such as IPX and SNA) is not sent through the compression tunnel.
10-2
Configuring Compression
The Xpress feature requires that each network interface (built-in or LEM) on the PacketShaper be assigned a unique IP address, called an Xpress-IP address. The Xpress-IP address is used for establishing compression tunnels between PacketShapers.You may have already configured Xpress-IP addresses during Guided Setup; if so, you can skip this section. To configure compression settings: 1. Click the setup tab. The Basic Settings screen is displayed in the Setup window. Note: If compression is already turned on, the Basic Settings screen will have a link to Compression Settings. You can click this link to go directly to the Xpress-IP Settings page. From the Choose Setup Page list, select compression. The Xpress-IP Settings screen appears.
2.
10-3
3.
For each PacketShaper device (main or LEM) you want to use for compression, fill in the following information:
Field IP Address
Description IP address to assign to the interface; each interface must have a unique address. Note that this address is used by the Xpress feature and is not for managing the PacketShaper. An Xpress-IP address can NOT be the same as the units management address if you have a LEM installed or if you have enabled the Dedicated Management Port feature. It should not be the same address as the secondary customer portal address. Packeteer strongly recommends that you do not use the management IP address for an Xpress-IP address.
Subnet mask IP address of the router; leave blank or enter none if there is no gateway. The gateway is required if the compression partner is not on the same subnet.
4. 5. 6. 7. 8.
Click apply changes to update the settings. From the Choose Setup Page list, select basic. In the Compression field, select on to enable compression. Click apply changes. Log in to each PacketShaper on your network and repeat the above steps.
As soon as compression is enabled and compressible traffic goes through your PacketShaper, Xpress will automatically set up compression tunnels with other compression-enabled units that are detected on the network. Xpress creates tunnels and compresses data when the following conditions are true: Compression is enabled. The flow is destined for a host on the other side of a compression-enabled PacketShaper. The flow belongs to a compressible service. Services that are unlikely to achieve useful gains from compression are not compressed by default. VoIP and encrypted data are examples of traffic that are not compressed.
10-4
The two PacketShapers are configured outside port to outside port. For example:
LAN LAN
INSIDE OUTSIDE
WAN or Internet
INSIDE
OUTSIDE
Direct Standby
PacketShapers can be used in a redundant configuration using Packeteers direct standby feature. The direct standby function allows two PacketShapers to work in a redundant network topology, with each unit connected to a different router. See Chapter 7, Redundant Configurations for more information on direct standby configuration. When compression and direct standby are both enabled, Packeteer recommends that automatic reprobe mode be used on PacketShapers at all branch offices. In auto reprobe mode, the PacketShaper manages connectivity and periodically sends maintenance probes to ensure that compressed traffic is routed via an available path. If a host does not respond to the probe (perhaps because a router has failed, making the host unreachable through the existing data path), the unreachable host will be removed from the compression tunnel and the PacketShaper will attempt to re-discover it through an alternate path, if one exists. The default probing mode is manual. To enable automatic mode, use the following CLI command:
setup compression reprobe auto
10-5
3.
The top of the Compression Summary report has a table that summarizes compression statistics for the Inbound and Outbound links. Each statistic is described below: Statistic Precompression Bytes Description Outbound: For compressible outbound traffic, the number of bytes before compression has been applied Inbound: For inbound compressed traffic, the number of bytes after decompression Postcompression Bytes Outbound: For outbound traffic sent through a compression tunnel, the number of bytes after compression has been applied Inbound: For inbound compressed traffic, the number of bytes before decompression Bytes Saved The number of bytes that didnt have to traverse the link, due to compression; allows you to see how many bytes the compression feature actually saved on the link. Bytes Saved is the difference between precompression bytes and postcompression bytes.
10-6
Description For traffic sent through a compression tunnel, the percentage of bytes saved, due to compression For traffic sent through a compression tunnel, the percentage by which virtual bandwidth is increased due to compression
Bandwidth Multiple
The Compression Summary report contains the following graphs: Graph Average Rates Description Compares average bandwidth usage of compressible traffic, with and without compression. The Tunneled Postcompression Average Rate line represents usage with compression enabled, and the Tunneled Precompression Average Rate line represents what average usage would have been without compression. If you enable the include non-compressible traffic in graphs and data checkbox, the graph includes all traffic (compressed and non-compressible) and compares Postcompression Average Rate with Precompression Average Rate. Peak Rates Compares peak bandwidth usage of compressible traffic, with and without compression. The Tunneled Postcompression Peak Rate line represents usage with compression enabled and the Tunneled Precompression Peak Rate line represents what peak usage would have been without compression. If you enable the include non-compressible traffic in graphs and data checkbox, the graph includes all traffic (compressed and non-compressible) and compares Postcompression Peak Rate with Precompression Peak Rate.
10-7
Graph Compression
Description Shows the total number of bytes recorded on the link, with and without compression. The Tunneled Postcompression Bytes line shows the number of bytes that went through a compression tunnel. The Tunneled Precompression Bytes line represents the number of bytes that would have passed through the link if compression werent enabled. The Bytes Saved line shows the number of bytes that didnt have to traverse the link, due to compression; its the difference between precompression and postcompression bytes. If you enable the include non-compressible traffic in graphs and data checkbox, the graph includes all traffic (compressed and non-compressible) and compares Postcompression Bytes with Precompression Bytes. This graph includes an additional line, Noncompressible Bytes, which shows the number of bytes that PacketWise did not attempt to compress, either because they didnt belong to a compressible service or because they were destined for a location without an Xpress partner.
Shows the percentage of bytes saved on the link, due to compression. The Tunneled Percent Bytes Saved value is calculated by subtracting tunneled postcompression bytes (the size after compression) from tunneled precompression bytes (the size without any compression) and dividing this difference by tunneled precompression bytes. For example, if a link would have had 700k without compression and is 400k after being compressed, the Tunneled Percent Bytes Saved would be approximately 43%: (700-400)/700. If you enable the include non-compressible traffic in graphs and data checkbox, the graph includes all traffic on the link (compressible and non-compressible). The Percent Bytes Saved value is calculated by subtracting precompression bytes (the size without any compression) and postcompression bytes (the size after compression) and dividing this difference by precompression bytes. For example, if the link in the example above had 100k of non-compressible traffic, the Percent Bytes Saved would be 38%: ((700+100)(400+100))/(700+100).
If your Compression Summary doesnt show any compression data, see Problems? on page 10-10.
10-8
PacketWise offers two reports that list the applications, services, or protocols that achieved the most compression. A third compression-related report lists the classes that had the most traffic along with their compression savings.
1. 2. 3.
Note: The top ten tab is not available on PacketShaper 1200 and 1400 Lite models.
To view the Top Ten compression reports: Click the top ten tab on the navigation bar. In the View top field, enter the number of classes you want to view in the report (default is 10). To view all classes, clear this field so that its blank. Click the View drop-down list and select Compression % Bytes Saved.
This report lists the classes with the highest percentage of bytes saved, due to compression, in the designated time interval. The Compression % Bytes Saved value is calculated by subtracting pre-compression bytes (the size without any compression) and postcompression bytes (the size after compressible bytes were compressed) and dividing this difference by pre-compression bytes.
4.
To choose a different time interval, enter the number of minutes, hours, days, weeks, or months in the Show field, and then select the unit of time. For example, by entering 3 in the Show field and selecting day for the unit of time, you create a report with the data collected over the last three days.
5. 6.
Click update to apply the new time interval settings. The new report appears. To see another Top Ten compression report, click the View drop-down list and select Compression Bytes Saved.
10-9
This report lists the classes in which compression offered the most bytes savings. For each class, this view lists the number of bytes that didnt have to traverse the link, because compression was used. 7. View the Average Rate, Precompressed with % Bytes Saved report. This report lists the classes that had the highest volume of precompressed traffic along with the compression savings. If your Top Ten reports dont show any compression data, see Problems? on page 10-10.
Problems?
If your compression reports dont show any results, check the table below for possible problems and solutions. Problem Cables are connected backwards. Solution Refer to Chapter 2, 3, or 4 for instructions on connecting your PacketShaper to the network. If you discover that you have miscabled the unit, reconnect the cables properly, and then turn compression off and back on. If the host does not have a compressionenabled PacketShaper in front of it, data cannot be compressed. Xpress cant create a compression tunnel unless the partner unit has also turned on compression. Log in to each of the partner units and go to the Setup tab and make sure Compression is set to on. Xpress will not create compression tunnels or compress data for devices (main or LEM) that are not configured with Xpress-IP settings. To configure Xpress-IP settings for each device, go to the setup tab and choose the Compression page.
You are not sending/receiving flows to/from a host on the other side of a compression-enabled PacketShaper. Compression is not enabled on the partner unit(s).
10-10
Solution Enable the checkbox include noncompressible traffic in graphs and data and click update. Look at the Non-compressible Bytes line in the Compression graph. If this line shows that non-compressible bytes are at about the same level as precompression bytes, most of the traffic on your link is not compressible. This could be because: the traffic is destined to sites without Xpress. Make a site-based traffic tree, creating classes for each of your branch offices. Look at compression reports for each class. If no traffic is being compressed to a site, its possible that there is no PacketShaper, compression is not turned on, or Xpress-IP settings havent been configured. or the applications are non-compressible. Go to the Top Ten page and make note of the top Outbound classes. Examples of noncompressible applications are streaming media and encrypted data. View Class Compression Bytes Transferred graphs for each class and enable the checkbox Include NonCompressible Traffic in Compression Graphs. If the Non-compressible Bytes line is at about the same level as the Precompression Bytes line, most of the traffic in the class is not compressible.
The compression tunnel discovery process will not function if the RSVP class has a neveradmit policy. Delete the policy.
If you are still experiencing problems with compression after trying the above solutions, use the setup compression show command in the command-line interface. This command provides compression tunnel partner status. PacketGuide provides additional troubleshooting details just search for compression troubleshooting.
10-11
10-12
This chapter shows you how to configure your PacketShaper using the first method. If you want to explore the possibility of using dynamic partitions and host accounting, see PacketGuide for details. In addition, PacketGuide includes a recommendation, Provision Bandwidth Equitably, that may be of particular interest to educational institutions and service providers who want to ensure that each user gets an equal share of bandwidth.
11-1
2.
3. 4.
11-2
Direction
Note: If you want to control application performance in addition to allocating bandwidth, you can create application-based traffic classes as well. However, this quick-start chapter focuses on the creation of subscriber-based classes.
PacketShapers have a fixed number of traffic classes for example, a maximum of 5000 classes on the 9500/ISP series. Therefore, give careful consideration to whether you want PacketShaper to manage traffic in one or both directions. If inbound traffic uses an insignificant amount of bandwidth, you may not want to create classes for the inbound direction. By creating classes for only one direction, you will be able to create twice as many classes.
Organization
Before creating any classes, you should also think about how you want to organize the traffic tree. By grouping your subscriber classes into categories, you will be able to locate them more easily in the tree and create more meaningful reports and graphs. Here are a few ways you can organize your subscriber classes: by rack by subnet by subscriber plan (gold, bronze, silver) by region
For example:
Outbound Gold_Plan Brians_Bridal Florences_Flowers Gregs_Greetings Jeffs_Java Jennifers_Jellies Silver_Plan Pats_Pets Steves_Stereos Todds_Toys
In the above example, Gold_Plan and Silver_Plan are folder classes, used for organizing and logically grouping traffic classes.
Since you will be manually creating many classes and partitions, Packeteer recommends using the command-line interface (CLI) for initial configuration. To access the PacketWise CLI with a remote login utility (such as Telnet or SSH): 1. 2. Connect to the unit using its IP address for example telnet 10.10.1.100. When you connect successfully, you will be prompted for the units password. Enter the password and press Enter.
11-3
11-4
Creating Classes
Examples: To create a traffic class based on a single IP address, enter the following command at the PacketShaper# command-line prompt:
class new inbound/gold_plan sample_subscriber_ip inside 192.168.1.1
Notice that the above command specifies the folder (inbound/gold_plan) in which you want the class created. To create a traffic class based on a subnet, using CIDR (Classless Inter-Domain Routing) shorthand to represent the IP network/subnet mask pair:
class new inbound/gold_plan sample_subscriber_subnet inside 192.168.2.0/24
When creating a child class of an IP address-based parent, you will probably want to use the class news nodefault parameter. For example:
class new outbound/silver_plan 216.158.145.0 nodefault inside net:216.158.145.0/19 outside host:any
With the nodefault parameter, PacketWise will not create a Default match-all class as it normally does. Be aware that match-all siblings or parents of cacheable classes can create redundancies in the tree and cause problems in the accelerator cache. (See Improving Cache Performance on page 11-9.)
Matching rules define the criteria PacketWise uses to identify traffic types. If a subscriber has more than one IP address or subnet range, you will need to append additional matching rules to the class. Repeat as necessary if multiple subnets or IP addresses are allocated to a single subscriber. Consider using host lists if more than two IP address ranges are assigned to a single subscriber. A host list contains a list of IP addresses, ranges of IP addresses, subnets, and DNS names. If the number of IP addresses exceeds the size of the host database, additional flows will be classified in the /Inbound/Default and /Outbound/Default classes. To avoid this, optimize the definition of matching rules so that the total number of IP addresses or subnets for all of the matching rules does not exceed the size of the host database. The host database size is listed in the online PacketGuide reference section. The CLI command for adding a matching rule to an IP address-based class is:
class rule add <tclass> inside <ipaddr>[/<cidr>] [:<submask>]
11-5
Examples: To add a matching rule for an additional IP address to the sample_subscriber_ip traffic class:
class rule add inbound/gold_plan/sample_subscriber_ip inside 192.168.1.2
To create a host list, use the hl new command. To add hosts to an existing host list, use the hl add command. For example:
hl new mylist 192.168.4.0/24 hl add mylist 192.168.1.10-19.168.1.200 class rule add inbound/gold_plan/subscriber inside list:mylist
You can use the comment field to include additional information about each subscriber. For example, enter the following command to note that sample_subscriber_ip is a subscriber with two IP addresses:
class note inbound/gold_plan/sample_subscriber_ip "Class for subscriber with 2 IP addresses"
The note will appear in the Comment field on the Traffic Class page in the browser interface.
Adding Owners
The customer portal feature, described in detail in PacketGuide, allows you to offer customized screens of PacketWise statistics to your subscribers. If you plan to use the customer portal feature, you may want to assign an owner to each class after you create it, using the following command:
class owner <tclass> <ownername>
The <ownername> should match the login ID you plan to give the subscriber.
11-6
Examples
The first example below shows a partition with 0 Kbps CIR, 256 Kbps EIR. The second example shows a partition with 64 Kbps CIR, 256 Kbps EIR. To allocate a minimum of 0 bandwidth and a maximum bandwidth of 256 Kbps to the sample_subscriber_ip class:
partition apply /inbound/gold_plan/sample_subscriber_ip 0 256k
For an ISP upstream link configuration, you will want to create a partition for each subscriber in the ISP network. For a web hosting configuration, you will want to create a class and a partition for the IP address of each virtual web server. If you are using HTTP 1.1 Host Name headers (multiple host names per single IP address), create the class using the HTTP Criterion option to specify the Virtual Host name. For a cable or DSL head end configuration, you will want to create a partition for each cable or DSL subscriber, based on IP addresses or subnets. These environments use DHCP (Dynamic Host Configuration Protocol), so IP address policies will be ineffective. This is a good application for dynamic partitions. (For details about dynamic partitions, see your online PacketGuide.)
Turning Shaping On
Partitions have no effect until traffic shaping is turned on. To do this in the CLI, type:
setup shaping on
Or, in the browser interface: 1. 2. 3. Click the setup tab. Turn Shaping on. Click apply changes.
11-7
11-8
Use the class show command to determine if a class is cacheable. Cacheable classes are marked with a C flag. Cacheable classes are always address-based (marked with an a flag) and their parents are also address-based or match-all classes (marked with an m flag). Note that exception classes are not cacheable.
class show Derivation: (I)nherited (O)verride (U)nderride (L)ocal Class Flags: (A)utocreated (D)iscovering (E)xception (I)nherit (P)olicy (C)acheable Rule Types: (o)ptimized (m)atch-all (a)ddress is cacheable Class Name Inbound Localhost 10.7.38.0 SUBSCRIBER mysite.org Default Outbound Localhost 10.7.38.0 SUBSCRIBER mysite.org Default Flags Partition Name m E P /Inbound a /Inbound ma /Inbound C a /Inbound IP m /Inbound m E P /Outbound a /Outbound ma /Outbound C a /Outbound IP m /Outbound
In this example, the class mysite.org in the Inbound and Outbound direction is cacheable.
If a cacheable class has more than one match-all sibling or parent, it will not be treated as cacheable. You can use the flags in the output of the class show command to determine if this situation exists in your traffic tree. These flags indicate whether the class is (C)acheable, (a)ddress-based, and/or (m)atch-all. Because uncached classes can use more CPU resources to classify traffic, you can improve performance by making all qualified address-based leaf classes cacheable. One way to do this is to remove a redundant match-all class near the uncached class, such as removing a Default bucket that is a sibling of the uncached class(es) or a sibling of the parent of the uncached class(es). In the example below, you can make the mysite.org class cacheable by removing the Default class that is mysite.orgs sibling.
Class Name . . . SUBSCRIBER mysite.org Default Flags Partition Name
11-9
Advanced Features
PacketShapers also have advanced tuning and reporting features, such as policies for guaranteeing per-flow Quality of Service, subscriber usage reports, and automatic event notification. For information on these and other advanced features, see the online PacketGuide (click the packetguide button in the browser interface).
11-10
Environmental (Operating)
A-1
Environmental (Storage)
Packeteer product packages meet the storage standard ETS 300 0191-1, Class 1.2. The storage climatic conditions for warehousing Packeteer products are: Low air temperature: High air temperature: Low relative humidity: High relative humidity: Low air pressure: High air pressure: -13 F (-25C) 131 F (55C) 5% 95 % 70 kPa 106 kPa
Multiple configurations are offered; supports links up to 1 Gbps full duplex. Software configuration determines maximum shaping capacity.
A-2
Environmental (Operating)
A-3
Environmental (Storage)
Packeteer product packages meet the storage standard ETS 300 0191-1, Class 1.2. The storage climatic conditions for warehousing Packeteer products are: Low air temperature: High air temperature: Low relative humidity: High relative humidity: Low air pressure: High air pressure: -13 F (-25C) 131 F (55C) 5% 95 % 70 kPa 106 kPa
Multiple configurations are offered; supports links up to 200 Mbps full duplex. Software configuration determines maximum shaping capacity.
A-4
One gigabit Ethernet port RS-232 (AT-compatible) serial port with male DB-9 connector Two (reserved for future use) If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none
Green flicker for network activity Illuminated when in safe or corrupted mode Rating: AC 100-240 V, 50/60 Hz, 2.5 A Typical power consumption: 48 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating
Environmental (Operating)
A-5
Environmental (Storage)
Packeteer product packages meet the storage standard ETS 300 0191-1, Class 1.2. The storage climatic conditions for warehousing Packeteer products are: Low air temperature: High air temperature: Low relative humidity: High relative humidity: Low air pressure: High air pressure: -13 F (-25C) 131 F (55C) 5% 95 % 70 kPa 106 kPa
Multiple configurations are offered; supports links up to 200 Mbps full duplex. Software configuration determines maximum shaping capacity.
A-6
Two (each slot can accommodate one LAN Expansion Module) RS-232 (AT-compatible) serial port with male DB-9 connector If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none
Green flicker for network activity Illuminated when in safe or corrupted mode Rating: 100/240 VAC, 50/60 Hz, 2A Typical power consumption: 30 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating
Packeteer product packages meet the storage standard ETS 300 0191-1, Class 1.2. The storage climatic conditions for warehousing Packeteer products are: Low air temperature: High air temperature: Low relative humidity: High relative humidity: Low air pressure: High air pressure: -13 F (-25C) 131 F (55C) 5% 95 % 70 kPa 106 kPa
Multiple configurations are offered; supports links up to 100 Mbps full duplex. Software configuration determines maximum shaping capacity.
A-7
A-8
One gigabit Ethernet port RS-232 (AT-compatible) serial port with male DB-9 connector Two (reserved for future use) If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none
Green flicker for network activity Illuminated when in safe or corrupted mode Rating: AC 100-240 V, 50/60 Hz, 2.5 A Typical power consumption: 48 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating
Environmental (Operating)
A-9
Environmental (Storage)
Packeteer product packages meet the storage standard ETS 300 0191-1, Class 1.2. The storage climatic conditions for warehousing Packeteer products are: Low air temperature: High air temperature: Low relative humidity: High relative humidity: Low air pressure: High air pressure: -13 F (-25C) 131 F (55C) 5% 95 % 70 kPa 106 kPa
Multiple configurations are offered; supports links up to 45 Mbps full duplex. Software configuration determines maximum shaping capacity.
A-10
Two (each slot can accommodate one LAN Expansion Module) RS-232 (AT-compatible) serial port with male DB-9 connector If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none
Green flicker for network activity Illuminated when in safe or corrupted mode Rating: 100/240 VAC, 50/60 Hz, 2A Typical power consumption: 30 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating
Packeteer product packages meet the storage standard ETS 300 0191-1, Class 1.2. The storage climatic conditions for warehousing Packeteer products are: Low air temperature: High air temperature: Low relative humidity: High relative humidity: Low air pressure: High air pressure: -13 F (-25C) 131 F (55C) 5% 95 % 70 kPa 106 kPa
Multiple configurations are offered; supports links up to 10 Mbps full duplex. Software configuration determines maximum shaping capacity.
A-11
A-12
Packeteer product packages meet the storage standard ETS 300 019-1-1, Class 1.2. The storage climatic conditions for warehousing Packeteer products are: Low air temperature: High air temperature: Low relative humidity: High relative humidity: Low air pressure: High air pressure: -13 F (-25C) 131 F (55C) 5% 95 % 70 kPa 106 kPa
Multiple configurations are offered; supports links up to 45 Mbps full duplex. Software configuration determines maximum shaping capacity.
A-13
Status LED
Packeteer product packages meet the storage standard ETS 300 019-1-1, Class 1.2. The storage climatic conditions for warehousing Packeteer products are: Low air temperature: High air temperature: Low relative humidity: High relative humidity: Low air pressure: High air pressure: -13 F (-25C) 131 F (55C) 5% 95 % 70 kPa 106 kPa
Multiple configurations are offered; supports links up to 2 Mbps full duplex. Software configuration determines maximum shaping capacity.
A-14
Packeteer product packages meet the storage standard ETS 300 019-1-1, Class 1.2. The storage climatic conditions for warehousing Packeteer products are: Low air temperature: High air temperature: Low relative humidity: High relative humidity: Low air pressure: High air pressure: -13 F (-25C) 131 F (55C) 5% 95 % 70 kPa 106 kPa
Multiple configurations are offered; supports links up to 2 Mbps full duplex. Software configuration determines maximum shaping capacity.
A-15
Status LED
Packeteer product packages meet the storage standard ETS 300 019-1-1, Class 1.2. The storage climatic conditions for warehousing Packeteer products are: Low air temperature: High air temperature: Low relative humidity: High relative humidity: Low air pressure: High air pressure: -13 F (-25C) 131 F (55C) 5% 95 % 70 kPa 106 kPa
Multiple configurations are offered; supports links up to 2 Mbps full duplex. Software configuration determines maximum shaping capacity.
A-16
Pin 1 2 3 4 5 6 7 8 9
Name DCD -Data Carrier Detect RXD - Received Data TXD - Transmitted Data DTR - Data Terminal Ready GND - Signal Ground DSR - Data Set Ready RTS - Request To Send CTS - Clear To Send RI - Ring Indicator
Function Indicates there is a valid connection to another serial device Indicates incoming data (from the terminal to the PacketShaper) Indicates outgoing data (from the PacketShaper to the terminal) Indicates the terminal (the PacketShaper) is ready Signal return for all signal lines Indicates that the terminal is ready to receive data from the PacketShaper Tells the terminal that the PacketShaper wants to send data Indicates the terminal is ready to receive data from the PacketShaper Not used by the PacketShaper
A lap link serial cable has the following configuration: DCD RXD TXD DTR GND DSR RTS CTS RI DCD RXD TXD DTR GND DSR RTS CTS RI
B-1
B-2
Note: After the hard drive is replaced, the measurement engine will reset and all measurement data will be cleared.
If your unit is mounted in an equipment rack, you must remove it before replacing the hard drive: 1. 2. 3. 4. Turn off the PacketShaper using the power switch on the back of the unit. Unplug the power cord and all other cabling. Remove the screws that attach the units mounting brackets to the equipment rack and set aside. Remove the unit from the rack and place on a sturdy work surface.
The hard drive is located under the top cover of the unit.
1. 2.
Warning: The hard drive is NOT hot swappable. You must turn off and unplug the PacketShaper before removing the hard drive.
Turn off the PacketShaper by flipping the power switch. Disconnect the power cord.
C-1
3.
Using a screwdriver, remove the screws that attach the top cover of the unit. Remove the top cover and set aside.
PO WE ST R AT US FA UL T
US
CO NS OL E
MGM
LIN K Tx Sp /R x ee d
INSI
DE
LIN K Tx /R x Sp ee d
OU
TS
IDE
LIN K Tx /R x Sp ee d
C-2
To remove the hard drive and its mounting bracket: 1. Unplug the data and power cables from the hard drive.
K C A B
P T U O
E ID
E ID S IN
E T S ID
U O
E S IN ID
B S U
2.
Remove the screws that attach the hard drives mounting bracket to the unit and remove the hard drive assembly.
K C A B
P T U O
E ID
E ID S IN
E T S ID
U O
E S IN ID
B S U
C-3
3.
Remove the screws that attach the hard drive to its mounting bracket and set the old drive aside.
Note: You will re-use the mounting bracket and screws with the new hard drive.
C-4
To install the new hard drive: 1. Attach the new hard drive to the original mounting bracket that came with your PacketShaper 1400.
C-5
2.
Plug the data and power cables from the PacketShaper into the hard drive.
K C A B
P T U O
E ID
E ID S IN
U O
E ID S T
E S IN ID
B S U
3.
E
P T U O
ID S
K C A B
E ID S IN
E T S ID
U O
E S IN ID
B S U
4. 5. 6. 7.
Replace the top cover. If necessary, re-install the unit in your equipment rack. Reconnect the power cord and other cabling. Turn on the PacketShaper by flipping the power switch.
C-6
This appendix describes how to replace each of these components in case of failure.
3.
4. 5. 6. 7.
Make sure the replacement power supply is turned off and unplugged. Insert the new power supply module. Tighten the two screws on the power supply. Reconnect the power cord, and turn on the power supply.
D-1
Note: After the hard drive is replaced, the measurement engine will reset and all measurement data will be cleared.
If your unit is mounted in an equipment rack, you must remove it before replacing the hard drive: 1. 2. 3. 4. Turn off the PacketShaper using the power switch on the back of the unit. Unplug the power cord and all other cabling. Remove the screws that attach the units mounting brackets to the equipment rack and set aside. Remove the unit from the rack and place on a sturdy work surface.
The hard drive is located under the top cover of the unit.
1. 2.
Warning: The hard drive is NOT hot swappable. You must turn off and unplug the PacketShaper before removing the hard drive.
Turn off the PacketShaper by flipping the power switch. Disconnect the power cord.
D-2
3.
Using a screwdriver, remove the six screws that attach the top cover of the unit. Remove the top cover and set aside.
PO
WE ST R AT US FA UL T
US
CO NS OL E
MGM
LIN K Tx Sp /R x ee d
INSI
DE
LIN K Tx /R x Sp ee d
OU
TS
IDE
LIN K Tx /R x Sp ee d
D-3
To remove the hard drive and its mounting bracket: 1. Remove the screws that attach the hard drives mounting bracket to the unit and remove the hard drive assembly.
2.
Unplug the data and power cables from the hard drive.
D-4
3.
Remove the screws that attach the hard drive to its mounting bracket and set the old drive aside.
Note: You will re-use this mounting bracket with the new hard drive.
D-5
The replacement hard drive may ship with a mounting bracket designed for other PacketShaper models. To install this hard drive in your PacketShaper 1700, you will need to remove the drive from this bracket and then attach it to the original mounting bracket that came with your PacketShaper: 1. 2. Remove the screws that attach the new hard drive to its mounting bracket and set this bracket aside (it is not needed). Attach the new hard drive to the original mounting bracket that came with your PacketShaper 1700.
D-6
3.
Plug the data and power cables from the PacketShaper into the hard drive.
4.
5. 6. 7. 8.
Replace the top cover. If necessary, re-install the unit in your equipment rack. Reconnect the power cord and other cabling. Turn on the PacketShaper by flipping the power switch.
D-7
The cooling unit is located behind a door on the back of the unit. 1. 2. 3. Turn off the PacketShaper by flipping the power switch on the power supply. Disconnect the power cord. Loosen the captive screw on the door on the back of the unit, using a screwdriver.
4.
The rear door is hinged on the left side. To remove the door, swing the door open slightly and pull to the right. Set the door aside.
To remove the system cooling unit: 5. Loosen the captive thumb screw on the cooling unit.
VIDEO
D-8
6.
Grasp the handle on the cooling unit and pull out the unit as shown below; no wires need to be disconnected.
Handle
To install the new system cooling unit: 1. 2. Slide in the new cooling unit and tighten the captive screw. To replace the rear door, slide the tab on the left side of the door into the slot and push the door in place.
3.
D-9
D-10
This appendix describes how to replace each of these components in case of failure.
Power Supplies
PacketShaper 3500 and 7500 units have removable power supplies. PacketShaper 3500 units have one power supply module and PacketShaper 7500 units have two hot-swappable power supplies that is, they can be replaced while a unit has power and is operating. 1. 2. Turn off the power supply to be removed and disconnect its power cable. To remove a defective power supply, loosen the two captive thumb screws as shown below. You may need a Phillips-head screwdriver.
3.
When you remove one of the two power supplies on the PacketShaper 7500, you will see a message in the LCD window that says Power 1 Failed or Power 2 Failed. This will not interrupt operation because there are two power supplies. If you remove both power supplies, the unit will fail. 4. 5. 6. 7. Make sure the replacement power supply is turned off. Insert the new power supply module. Tighten the two screws on the power supply. Turn on the power supply. After a moment, the Power failed message on the LCD window will disappear.
E-1
Note: After the hard drive is replaced, the measurement engine will reset and all measurement data will be cleared.
The hard drive is located behind a door on the back of the unit.
1. 2. 3.
Warning: The hard drive is NOT hot swappable. You must turn off and unplug the PacketShaper before removing the hard drive.
Turn off the PacketShaper by flipping the power switch on both power supplies. Disconnect the power cords. Loosen the captive thumb screw on the door on the back of the unit, using a screwdriver.
4.
The rear door is hinged on the right side. To remove the door, swing the door open slightly and pull to the left. Set the door aside.
E-2
To remove the hard drive: 1. Loosen the captive thumb screw on the hard drive.
2.
To remove the drive, pull the drive tray out; no wires need to be disconnected.
E-3
To install the new drive: 1. 2. Slide the new drive tray in the drive slot and tighten the captive screw. To replace the rear door, slide the tabs on the right side into their respective holes and push the door in place.
3. 4. 5.
Tighten the screw. Reconnect the power cords. Turn on the PacketShaper by flipping the power switch on each power supply.
E-4
To remove the system cooling unit: 1. 2. The system cooling unit is located behind a door on the back of the PacketShaper. See Remove Rear Door on page E-2. Loosen the captive thumb screw on the cooling unit.
3.
Grasp the handle on the cooling unit and pull out the unit as shown below; no wires need to be disconnected.
Handle
E-5
To install the new system cooling unit: 1. 2. Slide in the new cooling unit and tighten the captive screw. To replace the rear door, slide the tabs on the right side of the door into their respective holes and push the door in place.
3.
On the PacketShaper 7500, a second cooling unit is installed next to the power supplies. To replace the power supply cooling unit: 1. Loosen the captive thumb screw on the power supply cooling unit.
2. 3. 4.
Pull the power supply cooling unit out of the chassis. Insert the replacement cooling unit. Tighten the screw.
E-6
This appendix describes how to replace each of these components in case of failure.
Replacing the Power Supply on a RoHS-Compliant PacketShaper 10000 (revision G or higher) Each power supply module for the RoHS-compliant PacketShaper 10000 features an LED to the left of the locking screw. If the LED is green, the power supply is operating normally. If the LED is off, the power supply is not operational.
Warning: The external temperature of the power supply module can range between 50 to 60 degrees Celsius (122 to 140 degrees Farenheit). To protect your hands from burns, Packeteer recommends that you wear insulating gloves when removing the power supply from a powered unit.
F-1
1.
Turn the locking screw counter-clockwise to loosen, and then pull the locking lever to the left to release the power supply from its bracket.
2.
While continuing to pull the locking lever to the left, grasping the handle and pull out and remove the power supply, as shown below.
When you remove either one of the power supplies, you will see a message in the LCD window that says Power 1 Failed. This will not interrupt operation because there are two power supplies. If you remove both power supplies, the unit will fail. 3. 4. Insert the new power supply until the locking tab clicks into place. Tighten the locking screw.
F-2
Replacing the Power Supply on a PacketShaper 9500 or 10000 1. Remove the two screws on the security plate.
2.
When you remove either one of the power supplies, you will see a message in the LCD window that says Power 1 Failed. This will not interrupt operation because there are two power supplies. If you remove both power supplies, the unit will fail. 3. 4. Insert the new power supply. Screw the security plate back into position.
F-3
Note: After the hard drive is replaced, the measurement engine will reset and all measurement data will be cleared.
The hard drive is located behind a door on the back of the unit.
1. 2. 3.
Warning: The hard drive is NOT hot swappable. You must turn off and unplug the PacketShaper before removing the hard drive.
Turn off the PacketShaper by holding down the power switch for about five seconds, until the unit powers off. Disconnect both power cords. Loosen the screw on the door on the back of the unit, using a screwdriver.
4.
The rear door is hinged on the right side. To remove the door, swing the door open slightly and pull to the left. Set the door aside.
F-4
The hard drive is installed in the lower slot. To remove the hard drive: 1. Loosen the captive screw on the hard drive.
2.
To remove the drive, pull the drive tray out; no wires need to be disconnected.
F-5
To install the new drive: 1. 2. Slide the new drive tray in the lower drive slot and tighten the captive screw. To replace the rear door, slide the posts on the right side into their respective holes and push the door in place.
3. 4. 5.
Tighten the screw. Reconnect the power cords. Turn on the PacketShaper by pressing the power switch momentarily. (If you press the switch too long, it will not power up. If this happens, just press the switch again.)
F-6
1. 2. 3. 4.
Warning: The cooling unit is NOT hot swappable. You must turn off and unplug the PacketShaper before removing the cooling unit.
Turn off the PacketShaper by holding down the power switch for about five seconds, until the unit powers off. Disconnect both power cords. The cooling unit is located behind a door on the back of the PacketShaper. See Remove Rear Door on page F-4. Loosen the captive screw on the cooling unit.
5.
Grasp the handle on the left side of the cooling unit and pull out the unit as shown below; no wires need to be disconnected.
handle
F-7
To install the new cooling unit: 1. 2. Slide in the new cooling unit and tighten the captive screw. To replace the rear door, slide the posts on the right side of the door into their respective holes and push the door in place.
3. 4. 5.
Tighten the screw. Reconnect the power cords. Turn on the PacketShaper by pressing the power switch momentarily. (If you press the switch too long, it will not power up. If this happens, just press the switch again.)
F-8
G-1
Operating Temperature This product is designed for an ambient temperature of 32 to 104F (0 to 40C). All Countries: Install product in accordance with local and national electrical codes. CAUTION: RISK OF ELECTRIC SHOCK. An improperly wired socket outlet could place hazardous voltages on accessible metal parts. ENERGIE RAYONNEE Ce matriel a t test et est certifi conforme la rglementation amricaine aux normes dfinies pour les appareils. SECURITE INFORMATIONS SUR LELECTRICITE ADVERTISSEMENT: DANGER DELECTROCUTION Pour empcher les dangers dELECTROCUTION, ne pas enlever le couvercle. Lquipement ne contient aucun lment rparable par lutilisateur. Cet appareil comprend des TENSIONS DANGEREUSES et ne doit tre ouvert que par un technicien dment qualifi. Pour viter tout risque dELECTROCUTION, dbrancher lappareil de la prise de courant avant de connecter ou de dconnecter les cables LAN. DANGER DE FOUDRE DANGER: NE PAS MANIER lquipement ou les CABLES pendant les priodes dactivit orageuse. ATTENTION: CET APPAREIL COMPORTE PLUS DUN CORDON DALIMENTATION. Rafin de prvenir les chocs lectriques, debrancher les deux cordons dalimentation avant de faire le dpannage. ATTENTION: Le cordon dalimentation est utilis comme interrupteur gnral. La prise de courant doit tre situe ou installe proximit du matriel et tre facile daccs. INSTALLATION ELECTRICITEEQUIPEMENT DE CLASSE 1 CET APPAREIL DOIT ETRE MIS A LA TERRE. La prise de courant doit tre branche dans une prise femelle correctement mise la terre. Sinon, des tensions dangereuses risqueraient datteindre les pices mtalliques accessibles lutilisateur. ATTENTION: Pour ce qui est de la protection contre les courts-circuits (surtension), ce produit dpend de linstallation lectrique du local. Vrifier quon fusible ou quun disjoncteur de 15A/250V est utilis sur les circuits de CC. ATTENTION: Il y a danger dexplosion sil y a remplacement incorrect de la batterie. Remplacer uniquement avec une batterie du mme type ou dun type quivalent recommand par le constructeur. Mettre au rebut les batteries usages conformment aux instructions du fabricant. INSTRUCTIONS DE MONTAGE ATTENTION: Ne pas bloquer les fentes daration, ce qui empcherait lair ambiant de circuler librement pour le refroidissement. ATTENTION: REPARTITION DE LA CHARGE MECANIQUE Le montage des appareils dans le bti doit tre effectu de telle manire que la rpartition de la charge mcanique ne pose aucun danger. Temperature de Fonctionnement Ce produit est capable de tolrer une temprature ambiante 0 40C.
G-2
Pour tous pays: Installer le produit conformment aux normes lectriques nationales et locales. Zur sicheren Trennung des Gerates vom Netz ist der Netzstecker zu ziehen. Vergewissern Sie sich, das die Steckdose leicht zuganglich ist. Achtung. Explosionsgefahr wenn die Battery in umgekehrter Polaritt eingesetzt wird. Nur mit einem gleichen oder hnlichen, vom Hersteller empfohlenen Typ, ersetzen. Verbrauchte Batterien mssen per den Instructionen des Herstellers verwertet werden.
Warning:
Read the installation instructions before connecting the system to the power source. Avant de brancher le systme sur la source dalimentation, consulter les directives dinstallation. Vor dem Anschlieen des Systems an die Stromquelle die Installationsanweisungen lesen.
Attention:
Warnung:
Warning:
This product relies on the buildings installation for short-circuit (over current) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15 A U.S. (240 VAC, 10 A international) is used on the phase conductors (all current-carrying conductors). Pour ce qui est de la protection contre les courtscircuits (surtension), ce produit dpend de linstallation lectrique du local. Vrifier quun fusible ou quun disjoncteur de 120 V alt., 15 A U.S. maximum (240 V alt., 10 A international) est utilis sur les conducteurs de phase (conducteurs de charge). Dieses Produkt ist darauf angewiesen, da im Gebude ein Kurzschlu- bzw. berstromschutz installiert ist. Stellen Sie sicher, da eine Sicherung oder ein Unterbrecher von nicht mehr als 240 V Wechselstrom, 10 A (bzw. in den USA 120 V Wechselstrom, 15 A) an den Phasenleitern (allen stromfhrenden Leitern) verwendet wird.
Attention:
Warnung:
Warning:
The plug-socket combination must be accessible at all times, because it serves as the main disconnecting device. La combinaison de prise de courant doit tre accessible tout moment parce quelle fait office de systme principal de dconnexion. Der Netzteilstecker muss immer zugnglich sein, da er als Hauptabschaltgert dient.
Attention:
Warnung:
G-3
Warning:
The unit has more than one power supply connection; all connections must be removed to remove all power from the unit. Cette unit est quipe de plusieurs raccordements dalimentation. Pour supprimer tout courant lectrique de lunit, tous les cordons dalimentation doivent tre dbranchs. Diese Einheit verfgt ber mehr als einen Stromanschlu; um Strom gnzlich von der Einheit fernzuhalten, mssen alle Stromzufuhren abgetrennt sein.
Attention:
Warnung:
Warning: To prevent bodily injury when mounting or servicing this unit in a rack, you must take special precautions to ensure that the system remains stable. The following guidelines are provided to ensure your safety:
unit should be mounted at the bottom of the rack if it is the only unit in the rack. When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the heaviest component at the bottom of the rack. If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the unit in the rack.
This
Attention: Pour viter toute blessure corporelle pendant les operations de montage ou de rparation de cette unit en casier, il convient de prendre des prcautions spciales afin de maintenir la stabilit du systme. Les directives ci-dessous sont destines assurer la protection du personnel: Si cette unit constitue la seule unit monte en casier, elle doit tre place dans le bas. Si cette unit est monte dans un casier partiellement rempli, charger le casier de bas en haut en plaant llment le plus lourd dans le bas. Si le casier est quip de dispositifs stabilisateurs, installer les stabilisateurs avant de monter ou de rparer lunit en casier.
G-4
Warnung: Zur Vermeidung von Krperverletzung beim Anbringen oder Warten dieser Einheit in einem Gestell mssen Sie besondere Vorkehrungen treffen, um sicherzustellen, da das System stabil bleibt. Die folgenden Richtlinien sollen zur Gewhrleistung Ihrer Sicherheit dienen: Wenn diese Einheit die einzige im Gestell ist, sollte sie unten im Gestell angebracht werden. Bei Anbringung dieser Einheit in einem zum Teil gefllten Gestell ist das Gestell von unten nach oben zu laden, wobei das schwerste Bauteil unten im Gestell anzubringen ist. Wird das Gestell mit Stabilisierungszubehr geliefert, sind zuerst die Stabilisatoren zu installieren, bevor Sie die Einheit im Gestell anbringen oder sie warten.
G-5
Products 1200 1400 1550 1700 2500 3500 6500 7500 9500 10000
EMI/EMC Standards AS/NZS 3548 Class A AS/NZS 4252.1 ICES-003, Class A EMC Directive 89/336/EEC EMC Directive 73/23/EEC EMC Directive 93/68/EEC EN 55022:1998 Class A EN 61000-3-2:1995_A1(98) +A2(98), & prA14(00) EN 61000-3-3:1995 EN 55024:1998 VCCI:2002, Class A KN55022 Class A KN6100-4-2,3,4,5,6,8,11 GOST-R 60950-2002 GOST-R 51318.22-99, .24-99 FCC 47 CFR part 15, subpart B, Class A CNS 13438 Class A
Safety Standards IEC 60950-1 EN 60950-1+A11 UL 60950-1: 03 CAN/CSA C22.2 No. 60950-1: 03 EN 60825-1,-2 Class I Laser
This product has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This product generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning this equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Change the direction of the radio or TV antenna. To the extent possible, relocate the radio, TV, or other receiver away from the product. Plug the product into a different electrical outlet so that the product and the receiver are on different branch circuits.
If these suggestions dont help, consult your dealer or an experienced radio/TV repair technician for more suggestions.
G-6
NOTE: This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
This product is in conformity with the essential requirements of EU directives, specifically EU Directives 89/336/EEC, 73/23/EEC and 93/68/EEC, by applying the following standards EN55022: 1998, EN55024:1998, EN61000-3-2: 2001, EN61000-3-3: 1995 plusA1: 2001,EN60950-1: 2001 CLASS 1 LASER PRODUCT (except for PacketShaper 1200, 1400, 1550, and 1700 models) The Declaration of Conformity is available on the Internet at: http://support.packeteer.com/documentation/conformity/declaration.pdf
WARNING: This is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures.
Class A ITE
This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. Internal access to Packeteer devices is intended only for qualified service personnel.
Cet appareil numrique respecte les limites bruits radiolectriques applicables aux appareils numriques de Classe A prescrites dans la norme sur le matriel brouilleur: Appareils Numriques, NMB-003 dicte par le Ministre Canadien des Communications. This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the interference-causing equipment standard entitled: Digital Apparatus, ICES-003 of the Canadian Department of Communications.
G-7
WARNING The system is designed to operate in a typical office environment. Choose a site that is: Clean and free of airborne particles (other than normal room dust) Well-ventilated and away from sources of heat including direct sunlight Away from sources of vibration or physical shock Isolated from strong electromagnetic fields produced by electrical devices In regions that are susceptible to electrical storms, we recommend you plug your system into a surge suppressor and disconnect telecommunication lines to your modem during an electrical storm. Provided with a properly grounded wall outlet
Do not attempt to modify or use the supplied AC power cord if it is not the exact type required. Ensure that the system is disconnected from its power source and from all telecommunications links, networks, or modem lines whenever the chassis cover is to be removed. Do not operate the system with the cover removed.
Russia Certification
PacketShaper models 1200, 1400, 1550, 1700, 2500, 3500, 6500, 7500, and 10000 are Russia GOST-R certified.
G-8
RoHS Compliance
Packeteer supports the EU directive for Restriction of Hazardous Substances (RoHS). PacketShaper models 1400, 1700, 3500, 7500, and 10000 (Revision G and higher) are RoHS-compliant.
G-9
G-10
INDEX
1 Gbps WAN link 5-4 100 LED indicator 2-3 1000 BaseT 5-6 200 Mbps WAN link 5-4 using 11-3 comment field 11-6 compression displaying Compression Summary 10-6 displaying Top Ten reports 10-9 enabling 1-16, 10-3 problems 10-10 using with direct standby 10-5 Compression Estimator configuring 8-11 described 8-2 Compression Module 1-1, 1-7, 8-2, 8-11 compression tunnels 1-7, 10-1, 10-3, 10-4, 10-10 configuration, corrupt 2-8, 4-9, 5-14 console connection 2-2, 3-2, 4-2, 5-2, 5-3, 6-3, 6-10 console port pinout description B-1 CONTROL port 5-2, 5-12 cookies 6-2 cooling unit (fan), replacing PacketShaper 10000 F-7 PacketShaper 1700 D-8 PacketShaper 3500 E-5 PacketShaper 7500 E-5 copper Ethernet network installing a PacketShaper 9500/10000 5-6 Corrupt Config messages 2-8, 4-9, 5-14 crossover cable 2-5, 3-5, 4-5, 5-6
A
accelerator cache defined 11-2 verifying 11-9 access-link monitoring feature 7-2 asymmetric flows 7-2 auto-negotiate NIC mode 1-15, 1-18
B
BACKUP INSIDE port 3-2 BACKUP OUTSIDE port 3-2 Bad 12v reg message 4-9 Bad 2.5v reg message 4-9 Bad 3.3v reg message 4-9 Bad 5v reg message 4-9 Bad Left LEM message 4-9 Bad Lower LEM message 5-14 Bad Right LEM message 4-9 Bad Upper LEM message 4-9, 5-14 bandwidth allocating 9-9, 11-7 capping 9-9 bandwidth farming 1-1, 11-1 bandwidth limit 9-9 booting, status on LCD 2-7, 4-8, 5-13 browser interface accessing PacketWise 6-2 online help 1-1 browsers configuration 6-2 supported 6-2 bypass control port 5-2, 5-12 bypass mode 2-8, 4-9, 5-9, 5-14 bypass relays, disabling 7-6, 7-8
D
data entry form, creating 11-8 date setup 1-16, 9-10 DB-9 connection 2-2, 3-2, 4-2, 5-2, 5-3, B-1 Dedicated Management Port feature 6-1, 8-3 Dell PowerConnect 8-1 deployment branch offices 1-6 ISP 1-10 main site 1-3 non-inline 8-1 redundant topologies 1-8 Xpress 1-7 deployment strategies 1-3 direct standby 1-8, 7-1 configuring 7-22 using with Xpress 10-5 discovery, traffic 9-2 Disk LED indicator 3-2 DMZ 1-5 DNS server address(es) 1-12, 1-17 domain name setup 1-12, 1-17 DSL topology 1-10
C
cable modem topology 1-10 cable problems 6-4 cables 2-5, 3-5, 4-5, 5-6 caching defined 11-2 verifying 11-9 Cisco Catalyst 8-1 Citrix traffic 9-5 classes, traffic 9-2 creating IP address-based 11-5 classification, traffic 9-2 classification-accelerator cache defined 11-2 verifying 11-9 command-line interface accessing 6-3
E
Ethernet BACKUP INSIDE port 3-2 BACKUP OUTSIDE port 3-2 INSIDE port 3-2 OUTSIDE port 3-2
I-1
Index
F
fan assembly, replacing PacketShaper 10000 F-7 PacketShaper 1700 D-8 PacketShaper 3500 E-5 PacketShaper 7500 E-5 Fault LED indicator 2-2, 4-2, 5-3, A-1, A-3, A-5, A-7, A-9, A-11 Fiber Bypass Switch 5-10 fiber-optic bypass control port 5-2, 5-12 fiber-optic network connecting a PacketShaper 9500/10000 5-8 firewall 7-18, 7-19 folder classes, creating 11-4 font 6-2 forgotten passwords 6-10 front panel 2-2, 3-2, 4-2 front panel (PacketShaper 9500/10000) 5-2 FTP 9-5 full-duplex WAN link 1-13
default PacketShaper 6-3 defining 1-12, 1-17 IP address-based classes 11-2, 11-9 IPX 1-7 ISP deployment strategies 1-10 ISP models configuring 11-1
L
LAN Expansion Modules expansion slots 2-2, 4-2, 5-2, 5-3 for direct standby 1-8, 7-1 for watch mode 8-4 L-InLink Down message 2-8, 4-9, 5-14 L-OutLink Down message 2-8, 4-9, 5-14 R-InLink Down message 4-10 R-OutLink Down message 4-10 U-InLink Down message 2-9, 5-15 U-OutLink Down message 2-9, 5-15 using two 1-14 LC connectors 5-8 LCD bar graph 2-7, 4-8, 5-13 described 6-7 messages 2-7, 4-8, 5-13 problems 6-7 status 2-7, 4-8, 5-13 LED Fault A-1, A-3, A-5, A-7, A-9, A-11 network A-1, A-3, A-5, A-7, A-9, A-11, A-13, A-14, A15, A-16 Status A-1, A-3, A-5, A-7, A-9, A-11, A-13, A-14, A-15, A-16 LEMs expansion slots 2-2, 4-2, 5-2, 5-3 for direct standby 1-8, 7-1 for watch mode 8-4 using two 1-14 Link LED indicator 2-2, 4-3, 5-3 link utilization 9-5 links 1 Gbps 5-4 200 Mbps 5-4 In Link Down message 2-8, 4-9 Links Down message 2-8, 4-9 Out Link Down message 2-8, 4-10 Links Down message 2-8, 4-9, 5-14 links, inbound/outbound 1-13, 1-14 L-InLink Down message 2-8, 4-9, 5-14 load-sharing topology 1-13, 7-2 local mode 1-11, 1-12 login 6-6 look password 1-12, 1-17 L-OutLink Down message 2-8, 4-9, 5-14
G
gateway 1-12, 1-17 GBIC 5-6 Getting Started Guide 1-1 graphing problems 9-10 Guided Setup 6-1, 6-6
H
half-duplex links 1-13 hard drive, replacing PacketShaper 10000 F-4 PacketShaper 3500 E-2 PacketShaper 7500 E-2 hardware installation (PacketShaper 9500/10000) 5-1 hardware, installation 2-1, 3-1, 4-1 help system 1-1 host lists 11-5, 11-6 hot standby 7-1 hot-swappable power supplies PacketShaper 10000 F-1 PacketShaper 3500 E-1 PacketShaper 7500 E-1 PacketShaper 9500 F-1 HTTPS login 6-6
I
In Link Down message 2-8, 4-9, 5-14 initialization 2-7, 4-8, 5-13 installation hardware 2-1, 3-1, 4-1 hardware (PacketShaper 9500/10000) 5-1 non-inline 8-3 PacketShaper 9500/10000-to-server 5-7 PacketShaper-to-router 2-5, 3-5, 4-5 PacketShaper-to-server 2-6, 3-6, 4-7 rack-mounting 2-4, 3-4, 4-4 rack-mounting (PacketShaper 9500/10000) 5-5 Internet Explorer browsers 6-2 IP address
M
management port enabling 4-2, 6-1 watch mode 8-3 with direct standby 7-14, 7-16, 7-18, 7-20 mask, subnet 1-12, 1-17 matching rules 11-5 Microsoft Internet Explorer 6-2
I-2
Index
mode bypass 2-8, 4-9, 5-9, 5-14 operating 1-16 safe 2-9, 4-10, 5-15 watch 8-1 modem settings 6-4 monitor only mode 1-16 Monitoring Module 1-1, 8-1
N
NAT 1-6 net mask, defining 1-12, 1-17 NetOptics taps 8-1 Netscape browsers 6-2 network hardware installation 2-1, 3-1, 4-1 hardware installation (PacketShaper 9500/10000) 5-1 non-inline installation 8-3 ports 2-2, 3-2, 4-2 ports (PacketShaper 9500/10000) 5-2 Network Address Translation (NAT) 1-6 network link down 2-8, 4-10, 5-15 Network Performance Summary 9-6 network speed problems 6-8 NIC mode 1-15, 1-18 No Router Found message 2-8, 4-9 non-inline deployment 8-1 Not Configured message 2-8, 4-9, 5-15
O
OpenSSH 6-3 operating mode 1-11, 1-16 Out Link Down message 2-8, 4-10, 5-15
P
packet capture 9-11 packet shaping enabling 9-9, 11-7 Shaping Off message 2-9, 4-10 PacketGuide 1-2 PacketSeeker non-inline deployment 8-1 PacketShaper accessing with a browser 6-2 accessing with a console connection 6-3 accessing with remote login software 6-3 defined 1-1 deployment strategies 1-3 IP address 1-12, 1-17 modules 1-1 turning on 2-7, 3-7, 4-8 using 9-1 PacketShaper 10000 cooling unit (fan) replacement F-7 hard drive replacement F-4 hardware features 5-4 hot-swappable power supplies F-1 installing 5-1 powering on 5-13 specifications A-1 PacketShaper 1200 configuring 1-11, 9-1
generating reports 9-1 hardware features 2-3 installing 2-1 powering on 2-7 specifications A-16 PacketShaper 1400 BACKUP INSIDE port 3-6 BACKUP OUTSIDE port 3-6 hardware features 3-3 installing 3-1 powering on 3-7 specifications A-15 PacketShaper 1400 Lite configuring 9-1 generating reports 9-1 PacketShaper 1550 hardware features 2-3 installing 2-1 powering on 2-7 specifications A-14 PacketShaper 1700 cooling unit (fan) replacement D-8 hardware features 4-3 installing 4-1 management port (described) 4-2 management port (enabling) 6-1 management port (watch mode) 8-3, 8-4, 8-6, 8-9 power supply replacement D-1 powering on 4-8 specifications A-13 PacketShaper 2500 hardware features 2-3 installing 2-1 powering on 2-7 specifications A-11 PacketShaper 3500 cooling unit (fan) replacement E-5 hard drive replacement E-2 hardware features 4-3 hot-swappable power supplies E-1 installing 4-1 management port (described) 4-2 management port (direct standby) 7-14, 7-16, 7-18, 7-20 management port (enabling) 6-1 management port (watch mode) 8-3, 8-4, 8-5, 8-6, 8-9 powering on 4-8 specifications A-9 PacketShaper 6500 hardware features 2-3 installing 2-1 powering on 2-7 specifications A-7 PacketShaper 7500 cooling unit (fan) replacement E-5 hard drive replacement E-2 hardware features 4-3 hot-swappable power supplies E-1 installing 4-1 management port (described) 4-2 management port (direct standby) 7-14, 7-16, 7-18, 7-20 management port (enabling) 6-1 management port (watch mode) 8-3, 8-4, 8-5, 8-6, 8-9 powering on 4-8 specifications A-5
I-3
Index
PacketShaper 9500 hardware features 5-4 hot-swappable power supplies F-1 installing 5-1 powering on 5-13 specifications A-3 PacketShaper ISP configuring 11-1 defined 1-1 PacketShaper Xpress configuring 10-1 PacketWise accessing with a console connection 6-3 accessing with browser 6-2 accessing with remote login 6-3 configuring 6-6 logging in 6-6 partitions assigning with CLI 11-7 creating 9-9, 11-7 defined 9-8 password look 1-12, 1-17 recovery 6-10 touch 1-13, 1-18 pinout description console port B-1 policies creating 9-8 verifying 9-9 PolicyCenter 1-11, 7-22 Power 1 Failed message 2-8, 4-10, 5-15 Power 2 Failed message 4-10 Power LED indicator 2-2, 3-2, 4-3, 5-3 power supplies, replacing PacketShaper 10000 F-1 PacketShaper 1700 D-1 PacketShaper 3500 E-1 PacketShaper 7500 E-1 PacketShaper 9500 F-1 power supply dual 2-7, 4-8, 5-13 failure 2-8, 4-10, 5-15 power consumption A-1, A-3, A-5, A-7, A-9, A-11, A13, A-14, A-15, A-16 rating A-1, A-3, A-5, A-7, A-9, A-11, A-13, A-14, A-15, A-16 proxy servers 1-6
Router Inside message 2-9, 4-10, 5-15 Router=0.0.0.0 message 2-9, 4-10, 5-15 setup 1-12, 1-17 setup site address 1-12, 1-17 using GBIC 5-6 R-OutLink Down message 4-10
S
safe mode 2-9, 4-10, 5-15 secure login 6-6 SecureCRT 6-3 serial connection 2-2, 3-2, 4-2, 5-2, 5-3, 6-3 server connecting to PacketShaper 2-6, 3-6, 4-7 connecting to PacketShaper 9500/10000 5-7 DNS 1-12, 1-17 installation 2-6, 3-6, 4-7 settings changing 6-9 setup links 1-13, 1-14 software 6-1 Setup window 6-9 SFP transceivers 5-8 shaping enabling 9-9, 11-7 Shaping Module 1-1, 9-8 Shaping Off message 2-9, 4-10, 5-15 shared mode 1-11, 1-17 site router 1-12, 1-17 Small Form-Factor Pluggable transceivers 5-8 software key 1-1, 8-11, 8-12 SPAN port, connecting to 8-3 Speed LED indicator 4-3, 5-3 SSH clients 6-3 SSH login 6-6 standby direct 7-1, 7-22 hot 7-1 Status LED indicator 2-2, 3-2, 4-3, 5-3, A-1, A-3, A-5, A-7, A-9, A-11, A-13, A-14, A-15, A-16 straight-through cable 2-5, 3-5, 4-5, 5-6 subnet mask 1-12, 1-17 switch, using GBIC 5-6 SX/LX LED indicator 5-4 system startup 2-7, 4-8 system startup (PacketShaper 9500/10000) 5-13
R
rack mounting 2-4, 3-4, 4-4 rack mounting (PacketShaper 9500/10000) 5-5 redundant Packeteer units 7-1 redundant router topologies 1-8, 7-1, 7-12 remote login, accessing PacketWise with 6-3 Response Time Measurement (RTM) 9-11 R-InLink Down message 4-10 RoHS F-1, G-8 router connecting to a PacketShaper 9500/10000 5-6 connecting to PacketShaper 2-5, 3-5, 4-5, 7-13 connectivity problems 2-9, 4-10, 5-15 installation 2-5, 3-5, 4-5 No Router Found message 2-8, 4-9, 5-15
T
taps NetOptics 8-1 taps, connecting to 1-9, 8-9 TCP Rate Control 9-8 Telnet, accessing PacketWise with 6-3 time setup 1-16 time zone setup 1-16, 1-19 Top 10 Classes graph 9-6 Top Ten Compression reports 10-9 Top Ten tab 9-5, 9-7 touch password 1-13, 1-18 traffic classes 9-2 creating IP address-based 11-5 traffic classification 9-2
I-4
Index
traffic discovery 9-2 problems 9-3, 9-10 traffic shaping enabling 9-9, 11-7 Shaping Off message 2-9, 4-10 traffic tree 9-2, 11-3 turning on PacketShaper 2-7, 3-7, 4-8 Tx/Rx LED indicators 2-2, 2-7, 4-3, 4-8, 5-3, 5-14, 6-4
U
UDP-based applications 1-7 U-InLink Down message 2-9, 5-15 U-OutLink Down message 2-9, 5-15
V
version 2-7, 4-8, 5-13 VPN 1-5, 9-3
W
watch mode 8-1 adding routers to watch list 8-7 enabling 8-7 management port 8-3 web traffic 9-5 web, supported browsers 6-2
X
Xpress 1-7, 1-16 configuring 10-1 feature requirements 10-2
I-5