Understanding WAN Traffic Manager

Network directories, such as eDirectory, create server-to-server traffic. If this traffic crosses wide area network (WAN) links unmanaged, it can needlessly increase costs and overload slow WAN links during high-usage periods.

WAN Traffic Manager lets you control server-to-server traffic (over WAN links) generated by eDirectory and control eDirectory traffic between any servers in an eDirectory tree. WTM can restrict traffic based on cost of traffic, time of day, type of eDirectory operations, or any combination of these.

For example, you might restrict eDirectory traffic over a WAN link during high-usage times. This shifts high-bandwidth activities to off-hours. You might also limit replica synchronization traffic to times when rates are low to reduce costs.

WAN Traffic Manager controls only periodic events initiated by eDirectory, such as replica synchronization. It does not control events initiated by administrators or users, nor does it control non-eDirectory server-to-server traffic such as time synchronization.

The eDirectory processes listed in Table 62 generate server-to-server traffic:


Table 62. Novell eDirectory Processes that Generate Server-to-Server Traffic

Process Description

Replica synchronization

Ensures that changes to eDirectory objects are synchronized among all replicas of the partition. This means that any server that holds a copy of a given partition must communicate with the other servers to synchronize a change.

Two types of replica synchronization can occur:

  • Immediate sync occurs after any change to an eDirectory object or any addition or deletion of an object in the directory tree.
  • Slow sync occurs for specific changes to an eDirectory object that are repetitive and common to multiple objects, such as changes to login properties. Some examples of this are updates to Login Time, Last Login Time, Network Address, and Revision properties when a user logs in or out.

The slow sync process runs only in the absence of an immediate sync process. By default, immediate sync runs 10 seconds after any change is saved and slow sync runs 22 minutes after other changes are made.

Schema synchronization

Ensures that the schema is consistent across the partitions in the directory tree and that all schema changes are updated across the network.

This process runs once every 4 hours by default.

Heartbeat

Ensures that directory objects are consistent among all replicas of a partition. This means that any server with a copy of a partition must communicate with the other servers holding the partition to check the consistency.

This process runs by default once every 30 minutes on every server that contains a replica of a partition.

Limber

Ensures that a server's replica pointer table is updated when that server's name or address is changed. Such changes occur when:

  • The server is rebooted with a new server name or IPXTM internal address in the AUTOEXEC.NCF file.
  • An address is added for an additional protocol.

When a server is booted, the limber process compares the server's name and IPX address with those stored in the replica pointer table. If either is different, eDirectory automatically updates all replica pointer tables that contain a listing of that server.

The limber process also checks that the tree name is correct for each server in a replica ring.

Limber runs 5 minutes after the server boots up and then every 3 hours.

Backlink

Verifies external references, which are pointers to eDirectory objects that are not stored in the replicas on a server. The backlink process normally runs 2 hours after the local database is opened and then every 13 hours.

Connection management

Servers in a replica ring require a highly-secure connection for transferring NCP packets. These secure connections, called virtual client connections, are established by the connection management process.

The connection management process might also need to establish a virtual client connection for schema synchronization or backlink processes. Time synchronization might also require such a connection, depending on the configuration of time services.

Server status check

Each server without a replica initiates a server status check. It establishes a connection to the nearest server that holds a writable replica of the partition containing the Server object.

The server status check runs every 6 minutes.

LAN Area Objects

A LAN Area object lets you easily administer WAN traffic policies for a group of servers. Once you create a LAN Area object, you can add servers to or remove servers from the LAN Area object. When you apply a policy to the LAN Area, that policy applies to all the servers in the LAN Area.

You should create a LAN Area object if you have multiple servers in a LAN that is connected to other LANs by wide area links. If you do not create a LAN Area object, you must manage each server's WAN traffic individually.


Creating a LAN Area Object

  1. In ConsoleOne, right-click the container you want to create LAN Area object in.

    2.

  2. Click New > Object.

    3.

  3. Under Class, click WANMAN:LAN Area > OK.

    4.

  4. Enter a name for the object > click OK.

    5.

  5. Continue with one of the topics below:

    Adding Servers to a LAN Area Object

    Applying WAN Policies

    6.

Adding Servers to a LAN Area Object

A server can belong to only one LAN Area object. If the server you are adding already belongs to a LAN Area object, the server will be removed from that object and added to the new object.

  1. In ConsoleOne, right-click a LAN Area object.

    2.

  2. Click Properties > Members.

    3.

  3. Click Add.

    4.

  4. Select the server you want > click OK.

    5.

  5. Repeat Step 3 through Step 4 for each server you want to add.

    To apply a WAN policy to the LAN Area object, thereby applying the policy to all the servers in the group, see Applying WAN Policies.

    6.

  6. Click Apply > OK.

    7.

Adding Additional Information to a LAN Area Object

You can add descriptive information to a LAN Area object.

  1. In ConsoleOne, right-click a LAN Area object.

    2.

  2. Click Properties > General.

    3.

  3. Add the Owner, Description, Location, Department, and Organization information you want.

    4.

  4. Click Apply > OK.

    5.

WAN Traffic Policies

A WAN traffic policy is a set of rules that control the generation of eDirectory traffic. These rules are created as text and are stored as an eDirectory property value on the Server object, the LAN Area object, or both. The policy is interpreted according to a simple processing language.

You can apply policies to individual servers or you can create LAN Area objects and assign several servers to one of these objects. Any policy that is applied to the LAN Area object is automatically applied to all servers that are assigned to the object.

WAN Traffic Manager comes with several predefined policy groups. You can use these policies as they are, modify them to meet your needs, or write new policies.


Predefined Policy Groups

Table 63 lists groups of predefined policies with similar functions:


Table 63. Predefined Policy Groups with Similar Functions

Policy Group Description

1-3AM.WMG

Limits the time traffic is sent to between 1 a.m. and 3 a.m.

7AM-6PM.WMG

Limits the time traffic is sent to between 7 a.m. and 6 p.m.

COSTLT20.WMG

Only allows traffic to be sent that has a cost factor below 20.

IPX.WMG

Allows only IPX traffic.

NDSTTYPS.WMG

Provides sample policies for various eDirectory traffic types.

ONOSPOOF.WMG

Allows only existing WAN connections to be used.

OPNSPOOF.WMG

Allows only existing WAN connections to be used but assumes that a connection that hasn't been used for 15 minutes is being spoofed and should not be used.

SAMEAREA.WMG

Allows traffic only in the same network area.

TCPIP.WMG

Allows only TCP/IP traffic.

TIMECOST.WMG

Restricts all traffic to between 1 a.m. and 1:30 a.m. but allows servers in the same location to talk continuously.

For detailed information on the predefined policy groups and their individual policies, see WAN Traffic Manager Policy Groups.


Applying WAN Policies

You can apply WAN policies to an individual server or to a LAN Area object. Policies applied to an individual server manage eDirectory traffic for that server only. Policies applied to a LAN Area object manage traffic for all servers that belong to the object.

WAN Traffic Manager will look in WANMAN.INI for a WAN policy groups section, which contains a key = values statement. Key is the policy name displayed in the snap-in and value is the path to the text files containing delimited policies.


Applying WAN Polices to a Server

  1. In ConsoleOne, right-click the Server object that you want to apply a policy to.

    2.

  2. Click Properties > WAN Traffic Manager-Policies.

    3.

  3. Click Load > select the policy group you want.

    See Predefined Policy Groups for more information.

    4.

  4. Click Open.

    The Policies list box displays a list of the policies loaded from the policy group.

    5.

  5. To review the policies, select the policy > click Edit.

    You can read what the policy does, make changes to the policy, or click Check to check for errors in the policy.

    6.

  6. Click Save if you made any changes.

    or

    Click Cancel to return to the WAN Traffic Manager-Policies page.

    7.

  7. To remove any policies that you don't want, select a policy > click Delete > Yes.

    8.

  8. Click Apply > OK.

    9.

Applying WAN Policies to a LAN Area Object

  1. In ConsoleOne, right-click the LAN Area object that you want to apply a policy to.

    2.

  2. Click Properties > Policies.

    3.

  3. Click Load, then select the policy group you want.

    See Predefined Policy Groups for more information.

    4.

  4. Click Open.

    The Policies list box displays a list of the policies loaded from the policy group.

    5.

  5. To review the policies, select the policy > click Edit.

    You can read what the policy does, make changes to the policy, or click Check to check for errors in the policy.

    6.

  6. Click Save if you made any changes.

    or

    Click Cancel to return to the WAN Traffic Manager-Policies page.

    7.

  7. To remove any policies that you don't want, select a policy > click Delete > Yes.

    8.

  8. Click Apply > OK.

    9.

Modifying WAN Policies

You can modify one of the predefined policy groups included with WAN Traffic Manager to meet your own needs. You can also modify a policy you wrote yourself.


Modifying WAN Policies Applied to a Server

  1. In ConsoleOne, right-click the Server object that contains the policy you want to edit.

    2.

  2. Click Properties > WAN Traffic Manager-Policies.

    3.

  3. Select the policy you want > click Edit.

    4.

  4. Edit the policy to meet your needs.

    To understand the structure of a WAN policy, see WAN Policy Structure.

    To understand the syntax of a WAN policy, see Construction Used within Policy Sections.

    5.

  5. Click Check to identify errors in syntax or structure.

    WAN Traffic Manager will not run policies with errors.

    6.

  6. Click Save if you made any changes.

    or

    Click Cancel to return to the WAN Traffic Manager-Policies page.

    7.

  7. To remove any policies that you don't want, select a policy > click Delete > Yes.

    8.

  8. Click Apply > OK.

    9.

Modifying WAN Policies Applied to a LAN Area Object

  1. In ConsoleOne, right-click the LAN Area object that contains the policy you want to edit.

    2.

  2. Click Properties > Policies.

    3.

  3. Select the policy you want > click Edit.

    4.

  4. Edit the policy to meet your needs.

    To understand the structure of a WAN policy, see WAN Policy Structure.

    To understand the syntax of a WAN policy, see Construction Used within Policy Sections.

    5.

  5. Click Check to identify errors in syntax or structure.

    WAN Traffic Manager will not run policies with errors.

    6.

  6. Click Save if you made any changes or Cancel to return to the WAN Traffic Manager-Policies page.

    7.

  7. To remove any policies that you don't want, select a policy > click Delete > Yes.

    8.

  8. Click Apply > OK.

    9.

Renaming an Existing Policy

  1. In ConsoleOne, right-click a Server or LAN Area object.

    2.

  2. Click Properties > WAN Traffic Manager-Policies (for a Server object) or Policies (for a LAN Area object).

    3.

  3. Select the policy you want > click Rename.

    4.

  4. Enter a new name for the policy.

    The name must be a fully distinguished name.

    5.

Creating New WAN Policies

You can write a WAN policy for a Server object or a LAN Area object. Policies written for an individual server manage eDirectory traffic for that server only, while policies written for a LAN Area object manage traffic for all servers that belong to the object.


Creating a WAN Policy for a Server Object

  1. In ConsoleOne, right-click the Server object that you want to add a new policy to.

    2.

  2. Click Properties > WAN Traffic Manager-Policies.

    3.

  3. Click Add > enter a name for the new policy.

    The name you enter for the new policy should be a fully distinguished name.

    4.

  4. Enter the necessary information in the Policy list box.

    To understand the structure of a WAN policy, see WAN Policy Structure.

    To understand the syntax of a WAN policy, see Construction Used within Policy Sections.

    You might also look at one or more predefined policies as examples. In many cases it is easier to modify an existing policy than to write an entirely new one.

    5.

  5. Click Check to identify errors in syntax or structure.

    WAN Traffic Manager will not run policies with errors.

    6.

  6. Click Save to return to the WAN Traffic Manager-Policies page.

    7.

  7. Click Apply > OK.

    8.

Creating a WAN Policy for a LAN Area Object

  1. In ConsoleOne, right-click the LAN Area object that you want to add a new policy to.

    2.

  2. Click Properties > Policies.

    3.

  3. Click Add > enter a name for the new policy.

    The name you enter for the new policy should be a fully distinguished name.

    4.

  4. Enter the necessary information in the Policy list box.

    To understand the structure of a WAN policy, see WAN Policy Structure.

    To understand the syntax of a WAN policy, see Construction Used within Policy Sections.

    You might also look at one or more predefined policies as examples. In many cases it is easier to modify an existing policy than to write an entirely new one.

    5.

  5. Click Check to identify errors in syntax or structure.

    WAN Traffic Manager will not run policies with errors.

    6.

  6. Click Save return to the WAN Traffic Manager-Policies page.

    7.

  7. Click Apply > OK.

    8.

Limiting WAN Traffic

WAN Traffic Manager comes with two predefined WAN Policy groups that limit traffic to specific hours. (For more information, see 1-3AM.WMG and 7AM-6PM.WMG.) You can modify these policies to limit traffic to any span of hours you select.

The instructions below are for modifying the 1:00 a.m. to 3:00 a.m. group, but you can use the same steps to accomplish the same thing with the 7:00 a.m.to 6:00 p.m. group.

  1. In ConsoleOne, right-click a Server or LAN Area object.

    2.

  2. Click Properties > WAN Traffic Manager-Policies (for a Server object) or Policies (for a LAN Area object).

    3.

  3. Click Load > select 1-3AM.WMG > click Open.

    The Policies list box displays the policies in the group. Two policies will load: 1-3 am and 1-3 am, NA. If you plan to manage backlink traffic, you will need to follow the steps below for both 1-3 am and 1-3 am, NA.

    4.

  4. In the Policies list box, select the 1-3 am policy > click Edit.

    The policy is displayed in a simple text editor, which allows you to make changes. For example, if you want to limit traffic to 2:00 a.m. to 5:00 p.m. rather than from 1:00 a.m. to 3:00 a.m., make the following changes:

    /* This policy limits all traffic to between 2 and 5 pm */LOCAL BOOLEAN Selected;SELECTOR  Selected := Now.hour >= 2 AND Now.hour < 17;  IF Selected THEN    RETURN 50; /* between 2am and 5pm this policy has a high priority */  ELSE    RETURN 1;  /* return 1 instead of 0 in case there are no other policies */               /* if no policies return > 0, WanMan assumes SEND */  ENDENDPROVIDER  IF Selected THEN    RETURN SEND; /* between 2am and 5pm, SEND */  ELSE    RETURN DONT_SEND; /* other times, don't */  ENDEND

    In the comment lines (set off with /* and */), the hour can be designated using a.m. and p.m. In the active code, however, it must be designated using 24-hour format. In that case, 5:00 p.m. becomes 17.

    To better understand the structure of a WAN policy, see WAN Policy Structure.

    To better understand the syntax of a WAN policy, see Construction Used within Policy Sections.

    5.

  5. Click Check to identify errors in syntax or structure.

    WAN Traffic Manager will not run policies with errors.

    6.

  6. Click Save.

    7.

  7. If you want to keep the original 1-3 a.m.policy, add the new policy under a different name.

    8.

  8. Click Apply > OK.

    9.

Assigning Cost Factors

Cost factors let WAN Traffic Manager compare the cost of traffic with certain destinations, then manage the traffic using WAN policies. WAN policies use cost factors to determine the relative expense of WAN traffic. You can then use this information in determining whether to send traffic.

A cost factor is expressed as expense per unit of time. It can be in any units as long as the same units are used consistently in each WAN traffic policy. You can use dollars per hour, cents per minute, yen per second, or any other ratio of expense to time, as long as you use that ratio exclusively.

You can assign destination cost factors representing the relative expense of traffic to particular address ranges. Therefore, you can assign cost for an entire group of servers in one declaration. You can also assign a default cost factor to be used when no cost is specified for a destination.

If no cost is assigned for the destination, the default cost is used. If you have specified no default cost for the server or LAN Area object, a value of -1 is assigned.

For information about a sample policy that restricts traffic based on cost factor, see COSTLT20.WMG.

For information about how to modify a policy, see Modifying WAN Policies.


Assigning Default Cost Factors

  1. In ConsoleOne, right-click a Server or LAN Area object.

    2.

  2. Click Properties > WAN Traffic Manager-Cost (for a Server object) or Cost (for a LAN Area object).

    3.

  3. Enter a cost in the Default Cost field.

    The cost must be a non-negative integer. If supplied, the default cost will be assigned to all destinations in the Server or LAN Area object that do not fall within a destination address range with an assigned cost. For example, you might specify the cost in monetary units, such as dollars, or in packets per second.

    4.

  4. Click Apply > OK.

    5.

Assigning a Cost to a Destination Address Range

  1. In ConsoleOne, right-click a Server or LAN Area object.

    2.

  2. Click Properties > WAN Traffic Manager-Cost (for a Server object) or Cost (for a LAN Area object).

    3.

  3. Click Add TCP/IP or Add IPX.

    4.

  4. Specify the start address and stop address of the range, in the appropriate format for TCP/IP or IPX.

    5.

  5. Specify the cost as a non-negative integer.

    6.

  6. Click OK.

    7.

  7. Click Apply > OK.

    Before new cost factors become effective, you must either enter the WANMAN REFRESH IMMEDIATE command at the server console or reload WTM.

    8.


Previous | Next