Adaptive Private Networking

TCP Termination
Application Note
Talari APN TCP Termination Application Note

Talari Networks is a trademark of Talari Networks, Inc. in the United States and other
countries.

All other trademarks, service marks, registered trademarks, or registered service marks are
the property of their respective owners.

All specifications are subject to change without notice.

Products made or sold by Talari Networks or components thereof may be covered by one or
more of the following patents that are owned by or licensed to Talari Networks: U.S. Patents
pending.

Copyright © 2011, Talari Networks, Inc. All rights reserved.

The information in this document is current as of the date listed in the revision history.

Talari Networks assumes no responsibility for any inaccuracies in this document. Talari
Networks reserves the right to change, modify, transfer, or otherwise revise this publication
without notice.

Talari Networks, Inc.

550 S. Winchester Blvd., Suite 500
San Jose, CA 95128

Phone: 408.689.0400
Fax: 408.864.2124
Web: www.talari.com

Last Update: 3/22/2011

2
Talari APN TCP Termination Application Note

Table of Contents
Introduction................................................................................ 4
About This Application Note.................................................................4
Introduction to TCP termination...........................................................4
Functionality in Detail................................................................. 6
Configuration Commands............................................................ 7
Design Consideration.................................................................. 9
Troubleshooting TCP Termination.............................................. 11
Summary.................................................................................. 12

3
Talari APN TCP Termination Application Note

Introduction

About This Application Note

The purpose of this application note is for the reader to understand the concept and
operation of TCP termination within Adaptive Private Networking (APN). Configuration
commands required to enable this capability will also be discussed in this document. The
reader of this document is expected to be a network administrator or a network architect.

Introduction to TCP termination

Without TCP termination, a single TCP connection would be established from Host-A to
Host-B where the two hosts reside on separate network segments across the WAN network.
Please see Figure 1 for details. TCP termination provides the ability to split a single TCP
connection into three separate TCP connections all managed and maintained by the APN, as
shown in Figure 2. TCP termination is only used for conduit traffic.

NCN Site Client Site

WAN
NCN-RTR Client-RTR

Host-A Host-B
TCP Connection End-to-End

Figure 1

In Figures 1 and 2, the diagrams indicate traffic flow from the NCN site to a Client
site. Traffic flow could also be Client to Client traffic through a conduit. For diagram
simplification, a typical two site Talari APN is depicted, one NCN and one Client site. The
assumption in Figure 2 is that a Talari conduit between APNAs exists.

4
Talari APN TCP Termination Application Note

NCN Site Client Site

APNA-A WAN APNA-B

NCN-RTR Client-RTR

TCP 1 TCP 2 Host-B

Host-A

Talari TCP Over Talari Conduit

TCP Connection End-to-End

Figure 2

The three separate connections used for TCP termination would be defined as:

 Host A to APNA-A
 APNA-A to APNA-B – conduit services
 APNA-B to Host B

Some of the benefits of TCP termination include the ability to increase throughput across
the conduit/WAN. Significant performance improvements are seen when there is loss
on the link and a high round trip time (RTT) across the WAN, or both. TCP termination
provides maximum throughput through the Talari conduit while locally terminating
the tcp session. Typically file transfer applications will yield the best TCP termination
performance. With interactive applications the performance gains may not be as
significant (ssh, scp). These additional benefits provide a compelling reason to enable TCP
termination.

5
Talari APN TCP Termination Application Note

Functionality in Detail
The functionality as described above creates three TCP sessions. The initial TCP handshake
is from Host A to Host-B. As Host-A communicates with Host-B; the APNAs monitor the
TCP flow and support a modified end-to-end three way handshake creating three separate
TCP connections. Once the separate TCP session are established, a data transfer can begin.
The APNAs will then maintain a TCP session between the local Hosts and a third TCP
session across the conduit between APNAs. These sessions will be established for any TCP
flow that is identified as a TCP terminated flow.

For conduit traffic a separate Talari-TCP will be used. This Talari-TCP will identify each
unique flow and allow the APNA’s to maintain multiple sessions across the conduit. This
Talari-TCP is encapsulated in the conduit and not seen by the user. The APNAs also have
built-in support for failure scenarios. In the event of a host or Talari failure, the TCP
connections will be reset gracefully. If the conduit is down, the APNAs will terminate the
TCP-terminated connection and the Hosts will have to re-establish their TCP session.

The system has a dynamic capability which can be used to disable TCP termination if
system resources are getting low. In this scenario, the APNA notifies all other APNAs
to which it has conduits that it is low on resources, and directs them to disable TCP
termination for that immediate time frame. Once system resources become available on
the APNA, the TCP termination functionality will then be re-enabled and communicated
to all other APNAs within the network. This function is an internal component of the TCP
termination capability, and protects the system from potential catastrophic events.

Commands to enable TCP Termination are described in the next section.

6
Talari APN TCP Termination Application Note

Configuration Commands
There are a number of commands required to enable the TCP termination capability.
These commands are available in the APN Configuration Editor or can be added to the
configuration file with a text editor. For information on the APN Configuration Editor,
including command line options, please see the 2.2 APN Configuration Editor Users
Guide at www.talari.com/support.

The first requirement is that TCP termination is enabled; this is done under the conduit
section of the configuration. The default rule for the conduit will perform TCP termination
on all conduit traffic that is TCP traffic. To enable TCP termination for a specific conduit,
use the following command:

add conduit_service remote_site_name=text

{
[set conduit_properties]
[tracking_ip_addr=x.x.x.x]
[reverse_also={yes | no}]
[default_set_name=text];
[set rule_default]
[tcp_resequence_holdtime_ms=n]
[discard_late_tcp_resequence_packets={yes | no}]
[non_tcp_resequence_holdtime_ms=n]
[discard_late_non_tcp_resequence_packets={yes | no}]
[packet_duplication_holdtime_ms=n]
[tcp_class_id=n]
[tcp_class_name=text]
[udp_class_id=n]
[udp_class_name=text]
[other_class_id=n]
[other_class_name=text]
[enable_tcp_termination={yes | no}];

“enable_tcp_termination = no” (indicating TCP termination is disabled), is the default value for
the enable_tcp_termination command. This is not a required command.

Additionally, TCP termination can be configured with more granularity under Conduit - Rule
– Properties section of the configuration file. This allows a user to configure more specific
rules for certain traffic types. For example, FTP could have a specific rule defined for TCP
termination. When using this option, you can also specify a minimum percentage to this rule. A
detailed example of minimum percentage will be presented in the Design Consideration section
of this Application Note.
[set traffic_optimization_properties]
[enable_tcp_termination={yes | no}]
[tcp_termination_min_resource_pct=p];

“tcp_termination_enable = no” (indicating TCP termination is disabled), is the default value

for enabling or disabling the TCP termination feature for this (TCP-based) rule.

The “tcp_termination_min_resrc_pct = p” parameter specifies the minimum resource

7
Talari APN TCP Termination Application Note

allocation percentage for TCP termination traffic on this rule. Specify the minimum amount
of resources used by TCP terminated traffic. More detail regarding this command may be
found in the Design consideration section of this document.

When configuring TCP termination it is not required to

configure it for the conduit. A user could just configure the
capability to match a specific rule only. When used in this
manner, TCP termination is only used for the specific rule
and no other conduit traffic.

No other commands are required when enabling TCP termination. There are a number
of Design Consideration to be aware of when implementing TCP termination, these are
described in the next section.

8
Talari APN TCP Termination Application Note

Design Consideration
There are a number of design consideration to be aware of when implementing TCP
termination, including:

• When enabled will use the maximum allowable resources per platform (defined
below).
• Use Rules to guarantee TCP termination is not starved out of the conduit , should be
used with TCP_ACK Class (see note below).
• Total TCP flow numbers are based on Inbound and outbound flows per platform.
• Supports High Availability (HA) configuration (sessions not maintained across HA
failure).

Note: If only the default bulk class is defined, TCP-

terminated traffic could use all available bandwidth and
starve out any potential new TCP-terminated flows. The
recommendation is to define a specific rule and class for
TCP-terminated traffic.

Additionally, TCP termination is currently not supported

with Riverbed implementations.

Talari TCP termination has a limit to the number of TCP-terminated flows that may be
supported based on the APN appliance used. These limits are listed below and are based
on the hardware capabilities of the individual platform. Once the supply of flows has been
exceeded, any new flows will not be TCP-terminated until pre-existing flows end and TCP
termination resources are freed. The platform numbers for TCP termination are as follows:

 The T200 APNA supports a maximum of 500 TCP flows.

 The T700 APNA supports a maximum of 4000 TCP flows.
 The T730 APNA supports a maximum of 4000 TCP flows.
 The T750 APNA supports a maximum of 8000 TCP flows.
 The T3000 APNA supports a maximum of 16000 TCP flows.

For example, the APN T730 appliance supports a total of 4000 terminated flows. If a rule is
defined for ssh using TCP termination, with a set minimum resource usage of ten percent.
In this case, at least 400 ssh sessions can be used for TCP termination. The remaining TCP
termination sessions (3600) would be used for any other TCP session sourced or destined
for the same conduit.

When the Talari APNA has multiple conduits defined, TCP termination must allocate
resources for each conduit. The method TCP termination uses to allocate resources to a
specific conduit is:

9
Talari APN TCP Termination Application Note

• Determine if a conduit has TCP termination enabled (default rule).

• Determine if there is any rule defined for TCP termination.
• Allocate resources based on minimum allocation defined per rule for a conduit (if
rule applies to two sites the min_resrc_pct is divided by two) See note below.
• Any remaining resources are allocated on a first come first server basis until
platform resources are depleted.

Note: When a rule is added for the TCP termination capability, a site should
be defined for each rule. If 20% is defined for the “min_resrc_pct” and “*” is
selected for the from site, the Compiler will add in two rules: one for the NCN
and one for the Client site. These two rules will divide the 20% by two impacting
resources on a site basis. When using the “*” for site the user needs to be aware
of the impact, since it will use resources on both appliances. If there are more
than two APNAs in the network, all APNAs would have the rule applied if the “*”
option is used in the rule, reducing the minimum resources per site.

10
Talari APN TCP Termination Application Note

Troubleshooting TCP Termination

The APNA can provide useful information regarding TCP terminated flows. This
information can be viewed from the appliance Web Console, by selecting Monitor and
then Flows from the drop-down menu. Next, click the TCP Termination check box. All
conduit flows that are using TCP termination will be displayed on this page. The page will
include relevant information on a per flow basis. Figure 3 below illustrates typical screen
displaying TCP-terminated flows.

Figure 3

Additionally, TCP termination will add entries into the APN_common.log file. An example shown
below indicates that there has been a reset sent from the client host-A to the remote Host-B that the
connection has been reset. The local APNA instructing the remote APNA to tear down or reset the TCP
connection.

tcp_do_segment@forward/tcp_input.c:1813 tp:0x29aeabfc 10.30.10.21:445 -->10.10.10.21:49330

got reset, close the connection.

These are logged to assist the user in monitoring the state of the terminated flows. The TCP-
terminated flows are conduit flows only, and consist solely for traffic between APN sites. This
can simplify the troubleshooting process. Any other issues related to troubleshooting TCP
termination would require Talari Support personnel to assist. Prior to contacting them, it is
recommended to collect a diagnostic log file from the APNAs in question, using the APNA web
console Diagnose pull-down menu. A diagnostic data capture tool will collect log files as well
as low level debug information from the APNA and save it to a file, which can be forwarded to
your Talari representative for review.

11
Talari APN TCP Termination Application Note

Summary
The addition of TCP termination to the Talari product line provides additional throughput
based on the WAN link RTT and any potential circuit loss. This capability can increase
throughput multiple times over existing throughput, depending on circuit characteristics.
TCP termination is easily configured and maintained within the Talari APNA. For additional
questions, please contact your local Talari representative.

12
Adaptive Private Networking
TCP Termination Application Note

Thank you for choosing Talari Adaptive Private Networking appliances.

Swift and Sure

Talari Networks, Inc. Talari Networks, Inc. reserves the right to make changes
550 S. Winchester Blvd., Suite 500 to its products or to discontinue any product or service
without notice.
San Jose, CA 95128
(408) 689-0400 Talari Networks is a trademark of Talari Networks, Inc.
(408) 864-2124 fax
www.talari.com Copyright © 2006-2011 Talari Networks, Inc.
All Rights Reserved.