Riverbed Technology
The Most Scalable and Broadest WAN Optimization Solution
Riverbed Technology offers the most scalable and broadest WAN optimization solution available. Whether you're looking for WAN optimization, application acceleration, Wide Area File Services (WAFS), or Wide Area Application Services (WAAS), Riverbed provides the broadest and best performing products, which are also the easiest to integrate into virtually any enterprise network.
With our award-winning data reduction, WAN optimization, and application-level latency optimizations, along with remote office file and management functionality, Riverbed provides a comprehensive solution for enterprises looking to simplify IT, consolidate infrastructure, and accelerate their applications. In addition to offering the best performing solution available, Riverbed delivers a single solution that scales across the broadest range of applications and network topologies.
See Technical Feature Summary Table for More Information
While some other approaches solve one or two aspects of application acceleration such as packet compression, Quality of Service (QoS), or WAFS (a.k.a. file caching), Riverbed has consistently stayed ahead of the market by simultaneously attacking the three root causes of poor wide-area application performance:
- Insufficient WAN bandwidth
- Inefficient transport protocols
- Inefficient application protocols
SteelHead Appliances Accelerate all Applications
With RiOS, all key enterprise applications are accelerated across the WAN, many to LAN-like performance. The following chart shows the expected range of acceleration for some of the popular applications used by our customers:
Riverbed Classification and QoS Engine:
The Riverbed Technology WAN optimization solution accelerates data and applications across the entire customer network — at the data center, in the cloud, at branch offices, and even for mobile workers. It also enhances visibility into applications over the WAN. Businesses run faster and more efficiently, saving time and cutting the cost of IT infrastructure.
Business Overview
A WAN optimization solution needs to classify applications accurately and apply quality of service rules and policies that help ensure the high performance of business-critical applications. Controlling applications effectively requires visibility to determine which applications need to be protected, which applications should be contained, and how much bandwidth should be allocated to each.
Most WAN optimization vendors use a combination of deep packet inspection (DPI) and basic QoS schedulers, which fail to enhance applications that are sensitive to latency and packet loss, including business VoIP, video, and interactive Web applications. This combination also does little for recreational applications that port-hop, or that change and mask protocols.
Technical Overview
Riverbed QoS delivers a unique combination of best-of-breed classification and an advanced, unique scheduling technique based on Hierarchical Fair Service Curve (HFSC). This combination addresses the need for the accurate classification of applications, the allocation of minimum and maximum bandwidths, and the ability to prioritize applications based on their latency sensitivity, which is not possible with most other approaches.
Riverbed AppFlow – Application Classification Engine
The Riverbed AppFlow engine utilizes a variety of techniques, often in combination, to maximize the accuracy and efficiency of its real-time network traffic classification. These techniques include port-based classification, application signature matching, protocol dissection, future flow registration, behavioral classification and others, to identify applications that may hop ports or be otherwise hard to detect. The AppFlow engine can identify and classify hundreds of common enterprise applications, and is configurable to classify thousands of custom applications. This ensures that critical applications like web, voice, and video are protected, while recreational applications are contained.
The tables below list the categories and applications classified by the DPI engine. Although these applications are mapped to default classes, customers can, of course, customize by combining these classes with other optimization policies.
Business and Productivity Applications
Collaboration
CRM and Database
Email and Messaging
File Services
|
Network Services
|
Remote Access and Thin Client
Voice and Video
Web
|
Recreational Applications
Email and Messaging
File and Document Services
|
Social Media
Streaming Media
|
Voice
P2P
Web
|
Riverbed AppFlow Engine: How it Works
The Riverbed classification, or AppFlow, engine utilizes a variety of techniques, often in combination, to maximize the accuracy and efficiency of its ability to provide application visibility into network traffic in real-time, with the most flexibility. These techniques include portbased classification, application signature matching, protocol dissection, and others. Let's looks in detail at what each of these techniques is.
- Port-based – Port-based classification is based on the knowledge that certain applications utilize certain ports.
- Pattern matching / application signatures - This typically translates to searching the initial traffic for well-known patterns, possibly at well-known offsets, or when combined with protocol dissection within specific protocol elements. This could be via regular expression matching and/or byte or string matching.
- Protocol dissection - This involves having a detailed understanding of the application protocol, and the ability to parse the protocol messages and follow the conversation in order to identify and extract interesting information. Doing so not only ensures accurate classification, but also enables deep contextual sub-classification and protocol attribute extraction.
- Future flow registration – This is the ability to identify and associate a flow that will take place in the future based on a flow that has been identified in the past; it isn't an inspection technique per se, but it is a powerful facilitating tool that ensures accuracy and performance.
- Behavioral - Behavioral classification relies on the detection of behavioral attributes of the network traffic. The Riverbed engine can utilize packet size, packet inter-arrival time, packet rate, data rate, and entropy calculations in its detection of a behavioral signature for an application. Another behavioral technique involves the contextual understanding of what a particular host has been doing recently, or whom it is or has been communicating with.
- Decryption / decoding - Some applications utilize encoding, obfuscation, or a simple encryption technique.
Riverbed Hierarchical Fair Service Curve (HFSC) Scheduling
The Riverbed HFSC scheduler not only addresses the allocation of minimum and maximum bandwidth (as many products do), but also prioritizes and schedules applications based on their latency sensitivity, thus eliminating jitter and starvation of applications. SteelHead appliances can apply these state-of-the-art techniques while remaining compatible with QoS enforcement on routers and other devices.
Riverbed QoS uses a unique scheduler called the Hierarchical Fair Service Curve (HFSC) that addresses not just the allocation of minimum and maximum bandwidths, but also prioritizes and schedules applications based on their latency sensitivity (which is not possible with most other approaches). Imagine, for example, that two different real-time, critical applications such as VoIP and video conferencing were configured with bandwidth guarantees, but without the ability to set priority for each based on sensitivity. During heavy use periods, even jf bandwidth guarantees were honored, queues would become filled with video traffic, causing the rate at which VoIP packets are scheduled to vary, introducing jitter and, as a result, noticeably lower quality calls. Some QoS tools try to work around this drawback by dedicating excess bandwidth, perhaps over-provisioning by 20 percent or more, to certain applications. But this is wasteful, sometimes crude, sometimes complex, and in fact unnecessary. These tools also often encounter problems when trying to prioritize multiple types of traffic at the same time. Riverbed QoS can address these issues smoothly and simply, with distinct controls for both bandwidth and sensitivity. This delivers better, more predictable performance for all-important applications according to their unique needs.
Riverbed SteelHead appliances allow the definition of thousands of QoS classes for maximum scalability in controlling application behavior. Each QoS class represents an arbitrary aggregation of traffic that the SteelHead appliance treats the same way for QoS enforcement purposes. Any given QoS class has an associated latency priority and minimum (guaranteed) bandwidth, and can also have an upper bandwidth limit and/or optimized connection-count limit.
The Riverbed QoS engine delivers streamlined, application-level control and optimization by delivering the following features:
- Content-aware application control – With content-aware application control, the Riverbed QoS engine can identify and classify 100 of the most common enterprise applications, and is configurable to classify thousands of custom applications as well. This ensures that critical applications like web, voice, and video are protected, while recreational applications are contained.
- Template-driven UI – This solution offers simplicity, and the quickest ramp time with respect to QoS policies, by offering built-in policy templates and plug-n-play deployment.
- Latency-aware traffic scheduling – With this feature traffic can be scheduled for applications based on their sensitivity, thus eliminating jitter and starvation.
SteelHead appliances are also compatible with QoS enforcement on routers and specialized QoS devices, and can apply the state-of-theart QoS enforcement capabilities we've discussed here.
Transparency and Ease of Use:
A key reason for the widespread adoption of the Riverbed Technology WAN optimization solution is that it's the easiest to deploy and manage. In the broad sense, this is a transparent solution to your existing network infrastructure. While other solutions try to focus on the narrow issue of network address transparency, Riverbed focuses on the issues of usability, deployability, and manageability.
In addition, Riverbed is the only WAN optimization vendor to offer multiple network address visibility modes allowing customers to decide what mode is right for their deployment: correct addressing (default mode), correct addressing plus port visibility, full IP address, and port visibility.
Using this approach, Riverbed has been able to create an incredibly flexible integration path that's compatible with any routing infrastructure and IP transport mechanism, and is completely cross-functional with existing QoS and VoIP implementations.
ChalkTalk on Easy Setup
When users talk about transparency and application acceleration devices they're actually talking about a number of different feature sets at once:
- User transparency: Do I need to change anything on client machines to achieve application acceleration? Do I have to change user behavior?
- Deployment transparency: Do I have to change anything in my network to deploy this product? Will I have to configure tunnels? Set up additional switching or modify my routers? Change how I manage QoS?
- Visibility: Will I be able to report on traffic both on my LAN and my WAN once this product is in place?
- Port transparency: Will I have to change the ports used to transmit data over the WAN?
- Address transparency: Will I retain visibility to client and server IP addresses? If so, what are the impacts on my network?
Riverbed enables IT managers to deploy a WAN optimization solution to branch offices and mobile workers in 15 minutes or less. It does so by eliminating much of the tedious configuration required by other solutions, while at the same time eliminating the need to reconfigure other components of the IT infrastructure.
The end result is fast, reliable acceleration of applications with no workflow changes to end-users and minimal changes to IT processes.
Security Features:
Riverbed Technology is the only vendor to offer end-to-end security in its WAN optimization solution. By offering a multi-layer security feature set, the Riverbed Optimization System (RiOS) enables the protection of data in motion and at rest. In doing so, Riverbed helps eliminate any trade-off between security and performance for customers who want the best of both worlds.
Enhanced Acceleration and Support for SSL Traffic
SteelHead appliances from Riverbed accelerate SSL WAN traffic to deliver LAN-like performance.
Riverbed is the first company to introduce true SSL acceleration (not SSL off-load) that doesn't require the distribution of certificates or private keys to the edge, yet does enable SSL traffic to be decrypted, optimized, and then re-encrypted before moving onto the WAN. When traffic reaches the other side of the network, the same process is repeated: decryption, decoding (the other side of the Riverbed optimization algorithm), and then re-encryption for delivery to the client. These optimizations are bi-directional, ensuring that all traffic is encrypted end-to-end from client to server, to or from branch offices.
Some other symmetric application acceleration solutions may claim to accelerate encrypted traffic, but they require the distribution of certificates or private keys to the branch office, which introduces significant security vulnerabilities, and isn't acceptable to most IT architects.
Riverbed continues to improve on its industry-leading SSL acceleration functionality by making it even easier to setup and manage. Features include auto-discovery of SSL peers, support for digital certificate domain-level wildcards, and manageability improvements for peer trust relationships. These features simplify SSL acceleration across the enterprise to enable greater scalability and reduce administrative overhead.
Appliance-to-Appliance Encryption
SteelHead appliances offer SSL encryption between appliances as an option. Turning this feature on ensures that the references and underlying data shared between two sites are encrypted before they leave the SteelHead appliances. If you already use a VPN to encrypt data between two sites, this feature may not be needed. SteelHead appliances support DES, 3DES, AES-128, and AES-256 encryption. SteelHead appliances can be required to authenticate with a Unified Trust Model using self-signed or certificate authorities.
Encrypted MAPI
This feature allows SteelHead to operate in secure customer environments where email encryption is used (often by default) between the client and host servers.
Data Store Encryption
RiOS also provides encryption capability for the data stored on disk in SteelHead appliances for organizations that require high levels of security or face stringent compliance requirements. Encryption standards supported include AES-128, AES-192, and AES-256 and keys are maintained in an encrypted key vault.
Additional Technology:
4 Port GigE NIC
Almost all SteelHead appliances from Riverbed Technology support an optional 4-port Gigabit Ethernet card. Larger models support up to three 4-port cards, for a total of 12 GigE interfaces. 4-port cards are essential for dual-router networks to ensure easy integration of a single SteelHead appliance into more complex environments. The cards are available for an additional charge. Please contact your Riverbed sales representative for pricing and availability.
The following simplified picture shows a configuration where a 4-port NIC would be used:
In-path with 4-port Card
Automated Data Store Copying
This feature is useful in environments with two SteelHead appliances, one primary and one backup. With automated datastore copying, the reference data and the references created with SDR are automatically copied from the primary to the backup SteelHead appliance. In the event of a software crash, or a hardware or power failure in the primary SteelHead appliance, the backup appliance can take over with a “warm” data store and begin delivering optimized performance immediately.
Connection Forwarding / Asymmetric Routing Support
For networks with asymmetric routing on either side of the WAN (data center or branch office), RiOS includes mechanisms for connection forwarding. All SteelHead appliances support asymmetric routing, which enables simple integration into the most complex enterprise networks.
Technical Feature Summary:
| Technical Feature Summary | |
|---|---|
| RiOS Features | Benefit |
| Data Streamlining (Bandwidth Optimizations) | |
| Scalable Data Referencing | Removes redundant WAN data for all TCP traffic |
| QoS Using Hierarchical Fair Service Curves (HFSC) | Manage / allocate WAN bandwidth use by application / port while independently prioritizing packets based on latency sensitivity — TCP and UDP traffic |
| Transport Streamlining (TCP Optimizations) | |
| Virtual Window Expansion | Send much more data per payload on each round trip for TCP |
| HS-TCP (High-speed TCP) | Fill the pipe more effectively on high bandwidth, high latency pipes but retain back-off if there's congestion on the link |
| MX-TCP (Max TCP) | Fill the pipe to the maximum possible without backing off in the face of congestion |
| SSL Acceleration / Optimization | Accelerate encrypted WAN traffic by decrypting data and applying Riverbed Technology optimizations — without distributing certificates to the edge |
| Application Streamlining (Latency Optimizations) | |
| CIFS Optimizations | Accelerate Microsoft Windows file sharing for Windows and Mac clients |
| MAPI Optimizations | Accelerate Microsoft Exchange (2000, 2003, 2007, and 2010) |
| HTTP / HTTPS Optimizations | Accelerate web-based applications (whether or not they're encrypted) |
| Microsoft Exchange | Accelerate Microsoft Exchange (2000, 2003, 2007, and 2010) including encrypted email |
| NFS Optimizations | Accelerate UNIX file sharing for NFS v 3.0 |
| MS-SQL Optimizations | Accelerate applications built on MS-SQL |
| Central Print Server Optimizations | Accelerate print servers |
| Other Key Features | |
| Ease of Deployment | |
| Microsoft Office | Accelerate Microsoft Office (Word and Excel) |
| Lotus Notes | Accelerate Lotus Notes (email and replication) |
| Oracle 11i and 12 | Accelerate Oracle Forms on JInitiator or Sun JRE |
| Transparent Deployment | Deploy SteelHead appliances from Riverbed with no changes to networks or other infrastructure |
| Enhanced Auto-Discovery | End-to-end auto-discovery across multi-hop deployments |
| Asymmetric route detection | Detect the presence of asymmetrically routed networks; use connection forwarding (below) to enable optimization in those cases |
| Connection Forwarding | Forwards connections to originating SteelHead appliance in asymmetrically routed networks (easier integration into complex networks) — both client-side and server-side |
| Centralized Key Management | Store SSL certificates centrally even while decrypting traffic at the edge of the WAN |
| Multi-port cards (optional) | Optional 4-port card — Up to 12 ports on larger SteelHead models |
| Agent-less Pre-Population | Preposition content from file servers, filers, from storage onto remote SteelHead appliances to avoid “cold” hits |
| Port / application Auto-discovery | Automatically discover / label well-known ports; custom naming of specific ports |
| Flexible Deployment Options | In-path, out-of-path (PBR, WCCP), Virtual In-Path, High Availability (Serial or Parallel); Asymmetric Networks |
| Proxy File Service (PFS) | Continued access to local files in the event of a WAN outage |
| Active-Active Failover | For high-availability deployments, pre-warm segment stores; either SteelHead appliance can act as primary |
| Security | |
| Appliance to appliance SSL Encryption | Optional encryption of optimized traffic between SteelHead appliances |
| Auto-Discovery | SteelHead appliances automatically find each other across the WAN — no tunnels required. Any SteelHead appliance can peer with up to 4100 others according to a Unified Trust Model |
| Support for RADIUS / TACACS | Ensure administrative security / authentication |
| Management | |
| Central Management Console | Manage up to 2,000 SteelHead appliances from one console |
| NetFlow Export | Integration with NetFlow (including v.9) for traffic transparency / reporting |
| Over-the-wire Upgrade | Upgrade / rollback RiOS versions |
| Software Upgrades | Some models are software upgradeable for easy scalability |
SteelHead Appliances Integrate Easily With Your Infrastructure:
SteelHead appliances from Riverbed Technology are designed to accelerate the applications your organization cares the most about, but do it in a way that makes it very simple to integrate into your network. The appliances are architected to be transparent to your existing network infrastructure, yet give you the flexibility to configure them in a number of different ways to fit your needs.
Truly Transparent Deployment
SteelHead appliances can be deployed with no changes to your servers, routers, applications, or user desktops. SteelHead appliances can accelerate data and files without interfering with your basic network infrastructure.
SteelHead appliances also support auto-discovery to simplify the task of deploying and expanding network deployments. Auto-discovery allows any SteelHead appliance to automatically find its peers in a network and start communicating with them. SteelHead appliances require no tedious tunnelling configurations, eliminating tremendous amounts of IT management.
Works with Any Size WAN Connection
There is no upper or lower requirement to any particular WAN connection when using a SteelHead appliance. As long as there's a persistent WAN connection available, a SteelHead appliance can accelerate applications across that connection. SteelHead appliances come in a range of sizes to meet the needs of your locations.
Simple Qualification for Regulated Environments
SteelHead appliances pass client requests to the origin server. This means there's no significant impact to the operation or security of your current application infrastructure. In highly regulated environments, this approach enables IT managers to quickly and easily qualify SteelHead appliances for use in their network environments.
SteelHead appliances also don't store complete files on disk. Data Streamlining technologies segment data and store it in an application-independent manner, essentially rendering it incomprehensible to the casual observer. Thus, these appliances avoid introducing yet another device that requires strict auditing and control by IT management.
Finally, SteelHead appliances can significantly accelerate the process of backup and replication. By doing so, organizations can perform more frequent backups across the WAN, accelerate data center replication, and even eliminate tape backup in remote offices. These accelerated backup processes can help an organization exceed minimally acceptable practices mandated by the federal government, third-party oversight, or even internal oversight committees.
Tested with MPLS Networks
MPLS is quickly gaining acceptance as an important upgrade to enterprise networks. User benefits include lower cost in most cases, greater control over networks, and more detailed Quality-of-Services. MPLS also provides fully-meshed, any-to-any connectivity among offices and more flexibility in bandwidth provisioning.
SteelHead appliances have been successfully deployed across MPLS networks. In fact, SteelHead appliances require no special configuration to work across an MPLS-enabled network, and possess features that make them more compatible to MPLS networks than other approaches to application acceleration.
Because SteelHead appliances use auto-discovery to automatically find and communicate with all SteelHead peers on a network, IT managers aren't required to perform tedious tunnelling configurations among appliances. If an enterprise needed to configure tunnels for a fully meshed network with 2,000 locations, they would be required to configure a minimum of 3,998,000 (2000 times 1999) tunnels. If the organization had many subnets per location, this number could increase by an order of magnitude. And if an organization wanted to add an additional location, a minimum of 2000 more tunnels would need to be configured. By enabling auto-discovery, SteelHead appliances render tedious tunnelling configuration unnecessary.
Works over Satellite
Similar to MPLS, using SteelHead appliances with satellite requires no special configuration. In fact, given that satellite connections tend to have very high latency, enterprises may see significantly faster application performance. SteelHead appliances are currently accelerating applications via satellite to land locations with limited forms of alternative connectivity, offshore oil platforms, cargo ships, and even submarines.
In-Path and Out-of-Path Configurations
In-Path Configuration
Out-of-Path Configuration
Virtual In-Path Configuration
High Availability Configurations
Single WAN Link Serial Deployment
Dual WAN Links
Redundancy with WCCP
Out-of-Path Redundancy
SkipWare:
SCPS-Based Satellite Acceleration Technology
As a complement to its core WAN optimization technologies, Riverbed Technology offers a satellite-specific, TCP-layer acceleration technology in SkipWare. SkipWare is the Riverbed commercial implementation of the Space Communication Protocol Standard, and is fully compliant with international standards for SCPS and Mil-Std-2045-4400 (Transport Protocol for High-Stress, Bandwidth Constrained Networks). SkipWare’s extensions to TCP allow it to overcome performance loss associated with high bit error ratios and propagation delays, and act as a catalyst to Riverbed core cross-layer WAN optimization technologies. When run in conjunction with the Riverbed Optimization System (RiOS), SkipWare can improve SteelHead appliance performance by 30x or more over the satellite channel, depending on the network’s environmental and operational conditions. The SkipWare feature set includes:
- High bandwidth efficiency over latencies up to 3000 ms (double hop and higher)
- Highly loss-tolerant with rapid recovery from packet loss (SNACK and SACK)
- Multiple operating modes for use in fixed and dynamic bandwidth satcom networks (SCPC, FDMA, TDMA, DVB)
- High degree of cross-vendor interoperability, fully interoperable with standard TCP
- Layer-4 support for IPv6
- Support for speeds up to 155 Mbps bidirectional