The Flows page retrieves a list of existing connections. The maximum visible number depends on which browser you user.Ports are unique. If a port or a range includes a built-in port, then the custom application is the one that lays claim to it.
• All – all flows
• Optimized – optimized flows
• Optimized* – these flows originally had a Status of Alert, and the user chose to no longer receive Alerts of the same type
• Pass-through – includes shaped and unshaped traffic
• Alert – notifies the user of any issue that might be inhibiting optimization, and offers a possible solution
•
•
• Ended Last 5 minutes
• For debugging. A slow device is one that cannot tolerate having its connections accelerated. Generally, this occurs when the WAN side is congested, resulting in too much data on the LAN side. To protect the health of the appliance, you’ll need to disable TCP acceleration in the Optimization Policy. IP1 (2) / Port1 (2)
• Entering 0 in any IP address’s octet position acts as a wild card for that position. 0 in the Port field is also a wild card.
• All – all optimized and pass-through traffic.
• Policy Drop – traffic with a Set Action of Drop in the Route Policy
• Optimized Traffic – the sum of all optimized traffic. That is, all tunnelized traffic.
• Pass-through Shaped – all unoptimized, shaped traffic.
• Pass-through Unshaped – all unoptimized, unshaped traffic.
• [a named Tunnel] – that specific tunnel’s optimized traffic. Resetting the flow kills it and restarts it. It is service-affecting.
n You can customize by adding the following additional columns:
n
1
2 Select additional columns, and click OK. The columns append to the right side of the table.Silver Peak Support uses the Flow Detail page for troubleshooting.
Most of the information on the Flow Detail page exceeds what is included in the Current Flows table.
When the answer is YES, the Silver Peak appliance is able to intercept connection establishment in only one direction. As a result, this flow is not accelerated. When this happens, it indicates that there is asymmetric routing in the network. [Yes/No] If Yes, then this is the server side and the appliance is not accelerating (only the client side accelerates).
• Yes means it was signed. If that’s the case, then the appliance was unable to accelerate any CIFS traffic.
• No means it wasn’t signed. If that’s the case, then server requirements did not preclude CIFS acceleration.
• Overridden means that SMB signing is ON and the appliance overrode it.
• Maximize Reduction — optimizes for maximum data reduction at the potential cost of slightly lower throughput and/or some increase in latency. It is appropriate for bulk data transfers such as file transfers and FTP where bandwidth savings are the primary concern.
• Minimize Latency — ensures that no latency is added by Network Memory processing. This may come at the cost of lower data reduction. It is appropriate for extremely latency-sensitive interactive or transactional traffic. It is also appropriate if WAN bandwidth saving is not a primary objective, and instead it is desirable to fully utilize the WAN pipe to increase LAN–side throughput.
• Balanced — This is the default setting. It dynamically balances latency and data reduction objectives and is the best choice for most traffic types.
• Disabled — No Network Memory is performed.
RESOLUTION: Most likely reason is asymmetric routing. RESOLUTION: Sometimes older operating systems (like Windows 95) do not send the TCP MSS option. You will have to upgrade the operating system software on the endpoints. RESOLUTION: This is a transient condition. If it persists, take a tcpdump for this flow from both the client and server machines and contact Silver Peak Support. RESOLUTION: Contact Silver Peak Support for further help. RESOLUTION: If you want this flow to be TCP accelerated, enable it in the optimization map. RESOLUTION: Contact Silver Peak Support for further help. RESOLUTION: This could be due to various reasons: RESOLUTION: Wait for a minute and then reset the flow. RESOLUTION: Wait for a minute and then reset the flow. If the problem reappears, the two most likely reasons are: 1) The remote server is slow in responding to TCP connection requests, or 2) a firewall is dropping packets containing Silver Peak TCP options. RESOLUTION: This could be due to various reasons: RESOLUTION: Contact Silver Peak about upgrading to an appliance with higher flow capacity. RESOLUTION: Contact Silver Peak Support for further help. RESOLUTION: This is a transient condition. You can reset the flow and then verify that it gets accelerated. If it does not, then take a tcpdump for this flow from both the client and server machines and contact Silver Peak Support. RESOLUTION: Fix the Set Action in the route policy entry. RESOLUTION: Fix the Set Action in the route policy entry. RESOLUTION: Upgrade software on one or both appliances to the same version of software. RESOLUTION: Contact Silver Peak Support for further help. RESOLUTION: Contact Silver Peak Support for further help. You may want to reset the connection to see if the problem resolves. RESOLUTION: Contact Silver Peak about upgrading to an appliance with higher flow capacity. RESOLUTION: Check the flow acceleration status on an upstream appliance. RESOLUTION: This is a transient condition. You can wait for this flow to reset, or you can reset it manually now. RESOLUTION: This is a transient condition. The flow is in the process of being reset. RESOLUTION: Investigate why the tunnel is down. RESOLUTION: Contact Silver Peak Support for further help. You may want to reset the connection to see if the problem resolves.When there is an acceleration failure, the appliance generates an Alert link that you can access on the Flows page. The Alert details the reason and the possible resolution.
When there is an acceleration failure, the appliance generates an Alert link that you can access on the Flows page. The Alert details the reason and the possible resolution.
• Protocol versions: SSLv3, TLS1.0, TLS1.1, TLS1.2
• Cipher algorithms: AES128, AES256, RC4, 3DES
• Key exchanges: RSA, DHE, ECDHE
• Digests: MD5, SHA1, SHA2If the resolution calls for removing or reinstalling the certificate, refer to “SSL Certificates Template” on page 69.
RESOLUTION: Check the certificate. Possible problems include: RESOLUTION: Check the SSL protocols on the client and the server. They must be compatible with what Silver Peak supports. If you find that they’re incompatible, you must remove it and install the correct certificate. RESOLUTION: Check the SSL protocol on the client and the server. They must be compatible with what Silver Peak supports. RESOLUTION: Check the SSL protocol on the client and the server. They must be compatible with what Silver Peak supports. RESOLUTION: Check the Subject Alternate Name fields in the SAN certificate. It may be an issue with SAN certificate format or with the certificate not matching the one that’s installed on the server. If it’s incorrect, you must remove it, and install the correct certificate. RESOLUTION: Contact Silver Peak Support for assistance. RESOLUTION: Remove the certificate, and reinstall the correct certificate. RESOLUTION: Check the client-side application’s SSL cipher algorithm settings to verify that they’re compatible with what Silver Peak supports. RESOLUTION: Check the client-side application’s SSL protocol settings to verify that they’re compatible with what Silver Peak supports. RESOLUTION: Contact Silver Peak Support for assistance. RESOLUTION: Check that the private key file that was installed is correct and matches the server’s private key. RESOLUTION: Check the SSL server’s cipher algorithm settings. RESOLUTION: Check the server-side application’s SSL protocol settings to verify that they’re compatible with what Silver Peak supports. RESOLUTION: Contact Silver Peak support for assistance. RESOLUTION: Contact Silver Peak Support for assistance. RESOLUTION: If the certificate is missing, install the correct one. Otherwise, restart the client SSL application. RESOLUTION: Install the certificate on both appliances. RESOLUTION: Install the correct certificate and key. RESOLUTION: Contact Silver Peak Support for assistance. RESOLUTION: To get full SSL acceleration, restart the application. RESOLUTION: Install the missing SAN certificate. RESOLUTION: Configure IPsec on the tunnel. RESOLUTION: If the Orchestrator shows no SSL certificate, install an appropriate one. RESOLUTION: On the other appliance, access the Current Flows report, and look at the reason code.(In some cases, the code is displayed only on one side). RESOLUTION: Check the client-side application’s SSL cipher algorithm settings to verify that they’re compatible with what Silver Peak supports. RESOLUTION: On both the client and the server, disable the SSL compression method. RESOLUTION: Check the server-side application’s SSL cipher algorithm settings to verify that they’re compatible with what Silver Peak supports. RESOLUTION: Check the server-side application’s SSL protocol settings to verify that they’re compatible with what Silver Peak supports.When there is an acceleration failure, the appliance generates an Alert link that you can access on the Flows page. The Alert details the reason and the possible resolution.
RESOLUTION: Check RESOLUTION: Contact Silver Peak. RESOLUTION: Relaunch the Citrix session. RESOLUTION: Check the encryption level setting on the Citrix server. RESOLUTION: Contact Silver Peak. RESOLUTION: Contact Silver Peak. RESOLUTION: Contact Silver Peak. RESOLUTION: Contact Silver Peak. RESOLUTION: See system logs. Contact Silver Peak. RESOLUTION: Contact Silver Peak. RESOLUTION: Contact Silver Peak. RESOLUTION: Contact Silver Peak. RESOLUTION: Contact Silver Peak.In the list of Alerts, you can look for the flows that aren’t being accelerated, but could be. Generally, this means flows that use TCP protocol and are not TCP-accelerated:
• This includes tunnelized TCP traffic that is not TCP-accelerated. TCP connections are not accelerated if they already exist when the tunnel comes up or when the appliance reboots.
Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com. |