SummarySome specifics regarding acceleration port requirements
Acceleration requires certain ports to be allowed between the communicating Exinda devices. If there are any issues with acceleration, make sure the following ports are open:
TCP port 8013 - WAN Memory Sync: Connections between Exinda appliances on this port allow the WAN Memory cache to be synchronized.
TCP port 8014 - Exinda Community: Connections between Exinda appliances on this port allow Exinda appliances to communicate knowledge of other Exinda appliances to each other.
Also, some TCP options will be inserted into the packet's header which will also be required for acceleration to work. If the above ports are open, make sure the following options are not being stripped from the packet headers:
TCP option 230 - ExOS version 6.4.4 and later.
TCP option 30 - ExOS version 6.4.3 and earlier.
Acceleration TCP Options Mode - Specifies which option code to use in tagging accelerated packets.Historically, Exinda appliances used TCP option 30, however, TCP option 30 has be assigned to indicate multi-path TCP. Exinda started using 230 in v7.0.
- 30+230: Send 230 where possible, 30 when unsure, accept both (default) - The system will respond with whatever the remote used. If both options 230 and 30 are available, option 230 will be used. This is the best choice when some of your appliances are v7.0 and later and some are v6.x and earlier. This is a compatibility mode.
- 230: Send and accept options 230 only - Only option 230 will be used. Packets with option 30 will not be looked at. Use this when all your appliances are v7.0 and later.
- 30: Send and accept options 30 only - Only option 30 will be used. Packets with option 230 will not be looked at. Use this when all your appliances are earlier than v7.0.
- 230-compat: Send options 230, accept incoming options 30 - Always sends using option 230 and uses compatibility mode for receiving packets, that is, it will handle receiving both option 230 and option 30.
- 30-compat: Send options 30, accept incoming options 230 - Always sends using option 30 and uses compatibility mode for receiving packets, that is, it will handle receiving both option 230 and option 30.
Multi-Path TCP (MPTCP) Acceleration Bypass - Specifies whether to attempt acceleration if the traffic is identified as multi-path TCP and falls into an acceleration policy.
- When enabled and the traffic falls into an acceleration policy, multi-path TCP flows are not accelerated. The multi-path TCP options are not stripped and the flows will continue to work in a multi-path TCP fashion.
- When disabled and the traffic falls into an acceleration policy, the multi-path TCP options will be stripped and acceleration will be attempted.
- When the traffic does not fall into an acceleration policy (regardless of this setting), the multi-path TCP options with not be stripped and the flows will work in a multi-path TCP fashion.
End Acceleration (no acceleration on the LAN) - Forces acceleration to end on this appliance.
- When enabled, any incoming acceleration connections on the WAN will be terminated at this appliance and no attempt will be made to find another appliance out the LAN interface. This has no effect on accelerated connections arriving on the LAN.
Consider traffic passing from the client to the server through two accelerated Exinda appliances:
Client -> (LAN-side) Exinda (WAN-side) -> WAN -> (WAN-side) Exinda (LAN-side) -> Server
Normally, the server side Exinda would send out an option 30 packet to the server. However, if the server doesn't know how to handle with an option 30, it will return a SYN/ACK without an option 30. Enabling this setting allows the server-side Exinda to know that it is the last appliance in the chain and so it will not send out a SYN with option 30 and it terminates the acceleration connection.
In addition to stopping this appliance from sending option 30 packets to servers that are known to not handle them, it also reduces the timeouts that happen with protocol 139 when attempting to accelerate past the last appliance. It allows servers/firewalls that refuse options to work. It prevents sending random options out to the internet, which is the case in an accelerated backhauled traffic environment with only a single pair of Exinda appliances. If you have a hub-and-spoke topology then you won't want to enable this setting.
It has observed that the option 30 is some times blocked by firewalls(e.g.:Fortinet). In such a case advise the customer to either switch to option 230.
or Enable the option End Acceleration (no acceleration on the LAN) under the TCP settings(This depends on where the firewalls exists in the customers network)
Note: In V7 for the default TCP options value(30+230: Send 230 where possible, 30 when unsure, accept both). Exinda adds value 30 in the TCP packets.(related to defect D-05950)
If this causes an issue in the customers environment switch to option 230.