v17 EX-1016 PDF

EXHIBIT
1016
Adaptive Private Networking
Configuration Editor User’s Guide
APNware Release 2.5
FATPIPE-001374
Viptela, Inc. - Exhibit 1016
Page 1
Talari APN Configuration Editor User’s Guide
About Talari™ Networks

Talari Networks is redefining WAN reliability and performance quality. By aggregating multiple broadband
links and continuously adapting to the quality of the network, Talari enables true enterprise-class quality
and reliability at consumer prices. Talari’s patented technology delivers 30-100 times gain in bandwidth per
dollar, 40-90 percent on-going WAN cost reductions and greater visibility and reliability than MPLS or any
other private network. Talari has received numerous industry awards and accolades including being named a
Gartner Cool Vendor, Best of Interop — Performance Optimization and Techworld Awards — 2012 Networking
Application Product of the Year. For more information, visit www.talari.com.
Talari Networks, Inc. reserves the right to make changes to its products or to discontinue any product or
service without notice.
Talari is a trademark of Talari Networks, Inc. All other trademarks mentioned in this document or website are
the property of their respective owners.
© Talari Networks, Inc., 2013
Talari Networks, Inc.
550 S.Winchester Blvd., Suite 500

San Jose, CA 95128 USA
+1 408 689 0400 +1 408 864 2124 fax
info@talari.com | www.talari.com
2
FATPIPE-001375
Page 2
Table of Contents
Introduction......................................................................................... 5
Reference Documents...................................................................... 5
Hardware and Software Requirements............................................ 5
Request for Comments.................................................................... 5
Getting Started.................................................................................... 6
Installing Java................................................................................... 6
Accessing the Program.................................................................... 6
Talari Configuration Files................................................................. 6
Navigation........................................................................................ 7
Menu Bar..........................................................................................................................9
Toolbar........................................................................................................................... 11
Sites.....................................................................................................12
New NCN or Client Site.................................................................. 12
Clone Site Configuration Wizard.................................................... 12
Appliances..........................................................................................18
Interface Groups............................................................................ 19
Virtual IP Addresses....................................................................... 20
Routes............................................................................................ 20
Conduits..............................................................................................22
Classes.................................................................................................26
Rules....................................................................................................28
Selection Criteria........................................................................... 28
Conduit Rule Properties................................................................. 29
Network Services..............................................................................35
Adding Internet Service................................................................. 35
Internet Rules.............................................................................................................. 35
Adding Intranet Service................................................................. 37
Intranet Rules............................................................................................................... 38
3
FATPIPE-001376
Page 3
WAN Links...........................................................................................40
High Availability................................................................................51
Default Sets........................................................................................53
Conduit Default Set........................................................................ 53
Conduit Default Set Classes................................................................................... 54
Conduit Default Set Rules....................................................................................... 56
Conduit Rule Properties................................................................. 57
Internet Default Set....................................................................... 63
Internet Default Set Rules....................................................................................... 63
Intranet Default Set....................................................................... 65
Intranet Default Set Rules....................................................................................... 66
Sample Configuration File...............................................................68
Glossary..............................................................................................72
Index....................................................................................................74
4
FATPIPE-001377
Page 4
Introduction
The Talari Adaptive Private Networking Configuration Editor User’s Guide is intended to provide you
with the basic steps of creating an Adaptive Private Networking configuration file through the use of
the Talari Configuration Editor Tool. The reader of this document is expected to be familiar with the
physical setup and operation of networking equipment.
Reference Documents
For detailed information about installing, configuring, and maintaining your Talari system, please
consult the appropriate guide:
• APN Configuration Reference

• APN Appliance Hardware Guides
• APN Appliance Quick Start Guide
• APN Appliance Operation Guide
Hardware and Software Requirements

Talari Mercury appliances have the following hardware and software requirements:
Hardware: The Talari T510, T730, T750 ,T3000 and T5000 Mercury appliances require a
standard 19 inch (480mm) two or four post rack for mounting.
Software: The Talari APNA Web Console is supported in latest versions of the
following web browser applications.
• Microsoft IE7 – IE9
• Mozilla Firefox
• Google Chrome
• Apple Safari
Supported browsers must have cookies enabled.
Supported browsers must have Javascript installed and enabled.
Sun JRE 6 Update 10 or newer is required for using the APN Configuration
Editor Utility.
Display: A minimum screen resolution of 1024 x 960 or greater is recommended.
Request for Comments

We value the opinions and experiences of our readers. To offer feedback or corrections for this guide,
please contact Talari Networks: http://www.talari.com/support.
Introduction - 5
FATPIPE-001378
Page 5
Getting Started
Installing Java
Sun JRE 6 Update 10 or newer is required for using the APN Configuration Editor Utility. Please refer
to the SUN Java SE Download web site for instructions on downloading and installing JRE 6 software.
The link is: http://www.java.com.
Accessing the Program

To access the APN Configuration Editor, select Launch APN Config Editor from the Manage Network
drop-down menu of your NCN Talari Web Console. The Configuration Editor may also be launched
within the Network Management -> Change Management -> Change Preparation screen, if
needed.
Depending on the type of browser you use, this may also save a Java Network Launch Protocol (JNLP)
icon, (shown below) to your desktop. Double clicking on the icon will result in a prompt to accept the
download and open the configuration editor. This download process will only need to be done the
first time the Configuration Editor is needed.
Talari Configuration Files

Beginning with APN software (APNware) release 1.4, partially completed or invalid configuration
files may be saved for future use. While these partial configurations are considered invalid by Talari
appliances, the ability to save them as partial files allows for troubleshooting or future editing. When
an attempt is made to save an invalid configuration, the appliance will produce an error message and
automatically save the file as a partial configuration. In addition, you may save your invalid or partial
configuration file by selecting File -> Save As from the pull-down menu and save the configuration
Getting Started - 6
FATPIPE-001379
Page 6
file with a “.ptl” file extension. It should be noted that, unlike a valid configuration file, a partial
configuration file is not viewable in common text editors. Note that partial file loading will not work
between different Talari APNware versions. For example, a partial file created with version 2.3 may not
work properly with version 2.5.
Note: You may need to clear the Java cache in order to use the Talari
APN Config Editor. Instructions may be found at: www.java.com/en/
download/help/plugin_cache.xml.
Navigation
The Talari APN Configuration Editor is designed using a tree menu architecture, with Objects listed on
the left of the frame linking to Children Objects on the right. There are both a Menu bar and Toolbar
for use in navigating the Configuration Editor.
Menu Bar
Toolbar
Objects
Navigation
Tree
Objects and their corresponding Children Objects are listed below.
OBJECTS Child Objects

(added, edited, or deleted on the panel or toolbar)
Configuration Sites, Default Sets (Conduit, Internet, Intranet)
Site HA Appliance
Appliance Interface Group, Virtual IP Addresses, Routes, Conduits,
Network Services, WAN Links
Getting Started - 7
FATPIPE-001380
Page 7
Conduit Rules, Classes, Paths

Internet Service Rules
Intranet Service Rules
WAN Link Services (conduit usages, and net service usages), Service
Groups
Default Sets Rules, Classes (Conduit Default Sets)
A summary of allowed and allocated resources is also provided in the Configuration panel to assist the
administrator in tracking APN sites, conduits and paths. A sample is shown below.
Getting Started - 8
FATPIPE-001381
Page 8
Menu Bar
A summary of actions available via the menu bar is shown below.
File
New Select to create a new configuration file.

Open Select to import an existing configuration file. A dialog window will
open to allow for locating the configuration file to be loaded into the
Configuration Editor. The imported file will undergo a validation check.
Save Select this option to save changes to the existing configuration file.
Save As Select this option to save the current configuration file with a new name
or location. Partial or invalid configuration files may be saved with a “.ptl”
file extension.
Import from APN Transfers configuration data from the NCN to the APN Configuration
Editor.
Export to APN Transfers the configuration data from the APN Configuration Editor to the
NCN.
Exit Select to exit the Configuration Editor.
Tools
Audit Select to have current loaded configuration validated by the

Configuration Configuration Editor.
Gather This presents a File dialog box where the user can enter a filename to save
Diagnostics diagnostic data in a .zip file, so it can then be sent off to Talari Networks
Support team for further investigation.
Examples of Audit results are shown below. Audits are also automatically performed when opening or
saving a configuration file.
Getting Started - 9
FATPIPE-001382
Page 9
Help
User’s Guide Clicking this option opens a pop-up window with a pdf version of the
Configuration Editor User’s Guide.
About Click to view Talari Networks APN Configuration Editor versioning and
contact information.
Getting Started - 10
FATPIPE-001383
Page 10
Toolbar
A summary of actions available via the toolbar is shown below.
Icon Function
Import configuration from NCN appliance.
Export configuration to NCN appliance.
Open a configuration file.
Save a configuration file.
Save an imported configuration file locally.
Add a new NCN or Client site.
Clone an existing Client site.
Delete a site.
Add a default Conduit, Internet or Intranet set. Appears

when parent object is selected.
Delete a default Conduit, Internet or Intranet set. Appears
Add an Internet or Intranet network service. Appears when
parent object is selected.
Delete an Internet or Intranet network service. Appears
Create a conduit between this site and a remote site.
Appears when parent object is selected.
Delete a conduit between this site and a remote site.
Add a WAN link to an appliance. Appears when parent
object is selected.
Delete a WAN link from an appliance. Appears when parent
object is selected.
Add an HA appliance to the selected appliance. Appears
Delete an HA appliance from the selected appliance.
Getting Started - 11
FATPIPE-001384
Page 11
Sites
New NCN or Client Site
Add NCN or Client
Site

Model Select the model of the APN appliance. This is used to verify that ports
are used correctly in interface groups.
Mode Select a mode (client, primary_ncn, secondary_ncn) for the new
appliance.
Site Name Type a unique site name comprised of less than 32 characters, each of
which is an alphanumeric, dash, or underscore. The first character of the
site name must be a letter.
Appliance Name Type a unique appliance name comprised of less than 32 characters,
each of which is an alphanumeric, dash, or underscore. The first
character of the appliance name must be a letter.
Secure Key Type a unique 8-16 digit hexadecimal number.
Clone Site Configuration Wizard

To make it easier to add a new client site to a configuration, Talari APN Configuration Editor now allows
the user to clone a pre-existing site’s configuration as a new site.
To clone an existing site using the Talari APN Configuration Editor, select the site that you would like
to clone, and click the Clone Site button. This will bring up a dialog screen containing the cloned site
information that must be changed before being allowed to save the new site information. See Figure
1 below.
Sites - 12
FATPIPE-001385
Page 12
Figure 1
The Site Cloning Process
A new cloned site must contain its own valid site configuration. In other words, the existing
information from the site being cloned (presented on the screen in red) must be changed before the
new site can be created. As you make the needed changes, the text will change from red to black. Any
particular portion of the site being cloned that is uneeded in the new cloned site may be excluded
by clicking on that line item and then clicking the Exclude button, and graying out the uneeded
information. Please see Figure 2 below.
Sites - 13
FATPIPE-001386
Page 13
Provide site and appliance

names for cloned site
Provide a new secure key
Provide new VLAN Virtual IP

addresses and prefixes,
or exclude a particular VLAN
from the cloned site
Provide new local route

and gateway addresses,
or exclude a particular local
route from the cloned site
Provide new WAN link

names, Virtual IP and
Gateway addresses for
the new cloned site,
or exclude particular
WAN links
Figure 2
Once you have edited the screen making sure that all fields are valid and unique from their original
values, the OK button will be enabled (Figure 3). Clicking the OK button will allow an audit of the new
site to make sure the information will be valid for your configuration. If any errors are found, you will
receive an error message pointing out that needs to be corrected.
Sites - 14
FATPIPE-001387
Page 14
Figure 3. New site ready for audit.
If the audit succeeds, you will be presented with a screen detailing the next steps that need to be
performed in making your new site functional in your network (see Figure 4).
Sites - 15
FATPIPE-001388
Page 15
Figure 4. Next steps in the site cloning process message.
Next Steps in the Site Cloning Process

Sample Next Steps for the newly created client site called “ClonedSite:”
1. Please review the configuration of your new Site ‘ClonedSite’ to ensure all information is correct.
The following parameters may need to be modified:
• WAN Link Rates and other WAN Link settings
• Interface Groups, including VLANs
• Conduit Service configuration, including Rules and Classes
• Internet/Intranet Service configuration, including Rules
• Routes
• High Availability, if desired (no HA settings have been copied from the original site)
2. Provision the Conduit Service for your new Site. Navigate to the desired WAN Link(s) at each of
the following Sites and enable the new Conduit Service on the Service Properties tab, then use the
Provisioning tab to allocate bandwidth as necessary:
• Fargo
3. Add paths for all Conduits connecting to your new Site. Some helpful tips to make this process
simpler:
• When setting the Service Properties for a Conduit Service, enabling Auto-gen Paths will
automatically create paths to any other remote WAN Link used by the Conduit that also has
Sites - 16
FATPIPE-001389
Page 16
path auto-generation enabled. This option is only available for public Internet WAN Links.
• If not utilizing path auto-generation or the necessary paths are between to private Intranet
WAN Links, navigate to the Paths tab of the Conduit to add paths manually. If a path is added
with the Reverse Also option enabled, a second path with the same configuration will be
created in the reverse direction.
Sites - 17
FATPIPE-001390
Page 17
Appliances
To configure an APNA, highlight the desired appliance and provide new, or modify existing appliance
information.
Appliance
Type a unique appliance name comprised of less than 32 characters,

Name each of which is an alphanumeric, dash, or underscore. The first
character of the appliance name must be a letter.
Secure Key Type a unique 8-16 digit hexadecimal number.
Model Select the model of the APN appliance. This is used to verify that ports
are used correctly in interface groups.
Mode Select a mode (client, primary NCN, secondary NCN) for the new
appliance.
Default Local The default route cost used for routes added on this APNA. Cost must be
Route Cost between 1 and 15. Lower cost routes will be preferred over higher cost
routes.
Enable WAN to If set, this indicates that this site will be used as a proxy for Mutli-Hop
WAN Forwarding APN traffic.
The route cost advertised for Multi-Hop routes that travel through this
Route Cost appliance. This cost must be between 1 and 15. Lower cost routes will
be preferred over higher cost routes.
Appliances - 18
FATPIPE-001391
Page 18
Interface Groups
Adding New or
Editing an Existing
Interface Group

Secure Zone Determines whether the interface group is on a trusted segment (such as
behind a firewall) or untrusted segment (such as WAN AUX).
Bypass Mode If the ports in the interface group form a bypass pair, setting this to “fail_
to_wire” will cause the interfaces to go into bypass mode when the Talari
service is not running. The default setting is “fail_to_block.”
Ethernet Check the box of corresponding Ethernet devices in this interface group.
Interfaces
Bridge Pairs
Device One The name of the first device to be used in this bridge_pair. Must
correspond to an Ethernet interface used within this interface group.
Device Two The name of the second device to be used in this bridge_pair. Must
correspond to an Ethernet interface used within this interface group.
Virtual Interfaces
Appliances - 19
FATPIPE-001392
Page 19
Name The name to be used when referencing this virtual interface through the
configuration and user interfaces.
VLAN ID The VLAN ID to be used for identifying and marking traffic to and from
this VLAN.
Virtual IP Addresses
Adding New or
Editing an Existing
Virtual IP Address

Virtual Interface The name of the virtual interface that this IP address is associated with.
IP Address A valid local IP used for arping on the subnet designated by the given
prefix. Can also be used as a gateway. Netmask must be included.
Routes
Adding New or
Editing an Existing
Routes
Appliances - 20
FATPIPE-001393
Page 20
Network Address This subnet will be used in the forwarding information database. Packets
destined to this subnet will be directed to the given service.
Cost The route cost for this route. This cost must be between 1 and 15. Lower
cost routes will be preferred over higher cost routes.
Service Select the service for this route.
Next Hop Site If the route service is conduit, this is the remote site of the conduit to
Name which packets will be directed.
Gateway IP If the route service is not conduit, this is the IP address of the gateway to
Address which packets will be directed. If the service is Internet or Intranet, the
Gateway IP Address may not be set.
Enable Eligibility Enabling this option will cause a route to only be valid if the gateway
Based on specified in this route is reachable. Eligible for use in local routes only.
Gateway
Intranet Name The name used to reference this Intranet Service instance.
Enable Eligibility Used for Intranet Services, enable the Intranet route failover feature.
Based on Path When used, route eligibility will be based on the state of an associated
path.
Path Select Path upon which Eligibility is based.
Appliances - 21
FATPIPE-001394
Page 21
Conduits
Adding or Editing a
Conduit
Remote Site The remote site to which the conduit will connect to the current site.
Name
Reverse Also Check if this conduit should be automatically created in the reverse
direction. If not, it must be explicitly defined at both sites.
Properties
Tracking IP
The virtual IP address that will be correlated with the state of this
Address (and conduit, allowing it be tracked via ping.
Addresses)
Default Set Name of the set of conduit defaults that will be used to populate rules
and classes.
Fallback Intranet If the site has multiple Intranet services, the user must decide which of
these Intranet services should be used as the fallback service for this
conduit.
Conduits - 22
FATPIPE-001395
Page 22
Reverse Also Check if this conduit should be automatically created in the reverse
direction. If not, must be explicitly defined at both sites.
Paths (Basic)

From Site/Link Select the site for the source site and WAN link of the path.
To Site/Link Use this to select the destination site and WAN link of the path.
Reverse Also Indicates that a path between the same WAN links, but in the opposite
direction, will be added by the Configuration compiler.
IP Tagging Permits the user to set DSCP tags in the IP header for path traffic. The
user may configure the down stream router to use these fields to ensure
unique paths through the network.
Paths (Advanced)
Enable Indicates whether packets sent along this path should be encrypted.
Encryption
Conduits - 23
FATPIPE-001396
Page 23
Bad Loss If unchecked, high loss will not cause the path to go BAD.
Sensitive
Instability If unchecked, instability will not cause the path to go BAD.
Sensitive
Tracking IP
The virtual IP address that will be correlated with the state of this path,
Address (and allowing it to be tracked via ping utility.
Addresses)
Reverse Tracking The virtual IP address that will be correlated with the auto configured
IP reverse path, allowing it to be tracked via Ping utility.
Defaults

Override Rule If checked, Rule Defaults from this Conduit Default Set will not be used,
From Default Set and custom Rule Defaults may be entered.
Packet Used to allow a lost packet on a fast path to be replaced by its

Duplication Hold replacement on its duplicate path that is slower, without causing reorder
issues. Duplicate must be in order as well, as this will hold prior out-of-
Time
order packets up to this time. If the time expires, the waiting packet will
be sent, and the delayed packet will be discarded.
Non-TCP Packet
Resequencing
Hold Time Sets the default amount of time (in milliseconds) for UDP packets to be
held in the conduit awaiting the re-sequencing of in-order flows.
Discard Late If checked, any packets received after the Hold Time has expired will be
Packets discarded. If unchecked, the packets will be sent.
TCP Packet
Resequencing
Conduits - 24
FATPIPE-001397
Page 24
Hold Time Sets the default amount of time (in milliseconds) for TCP packets to be
held in the conduit awaiting the re-sequencing of in-order flows.
Discard Late If checked, any packets received after the Hold Time has expired will be
Packets discarded. If unchecked, the packets will be sent.
TCP Class The default class for TCP-based rules in which a class id or class name was
not set.
UDP Class The default class for UDP-based rules in which a class id or class name
was not set.
Other Class The default class for non TCP and non UDP based rules in which a class id
or class name was not set.
Enable TCP Check to enable TCP Termination as a default Conduit feature on TCP-
Termination based rules.
Note: When transferring files using FTP or SCP with TCP termination
enabled, the reported rate of transfer is the rate between local client
machine and local APNA. Since TCP termination buffers numerous TCP
packets and acknowledges incoming packets locally, the transfer rate
can be much higher than the user’s WAN link bandwidth.
The transfer is reported complete only when all the packets are sent to
the destination and acknowledgement is received. Therefore, their may
be some delay between seeing a message that the files are 100% sent
and the transfer actually being complete.
Conduits - 25
FATPIPE-001398
Page 25
Classes
Conduit Class

Class Name A text name that can be used to reference this class.
Class Type Select a class type to configure (Realtime, Interactive, or Bulk).
Realtime
Kbits per Second Defines the maximum initial rate in kbps that this class may consume
Initial Rate while the time taken is less than the Initial Period setting.
Kbits per Second Defines the rate this class may consume of the conduit bandwidth in
Sustained Rate kbps if queue depth is greater than the Initial Period setting.
Percentage Defines the maximum initial rate as a percentage of the conduit total
Initial Rate bandwidth that this class may consume while the queue depth is less
than the Initial Period setting.
Percentage Defines the rate this class will use of the conduit bandwidth as a percent
Sustained Rate share of the entire conduit.
Initial Period Defines the queue depth (in milliseconds) at which switch is made
between initial rate and sustained rate.
Interactive

Initial Share Defines the maximum initial rate in as a percentage of the conduit total
(Percent) bandwidth that this class may consume while the queue depth is less
Classes - 26
FATPIPE-001399
Page 26
Sustained Share This setting defines the rate this class will use of the conduit bandwidth
(Percent) as a percent share of the entire conduit.
Initial period (ms) Defines the queue depth at which switch is made between the Initial
Rate and the Sustained Rate.
Bulk

Bulk Share Percentage of the all the bulk classes’ share of the conduit bandwidth
Percentage that this class will use.
Classes - 27
FATPIPE-001400
Page 27
Rules
Selection Criteria
General

Precedence Select precedence used to determine the order in which rules are
applied.
IP Address

Source IP Address Provide source IP address with which to match source packet addresses.
Use for Use the Source IP address for the Destination as well.
Destination
Destination IP Provide destination IP address with which to match destination packet
Address addresses.
DSCP

DSCP Select an explicit DSCP tag as set in IP protocol fields in IP protocol
header.
Rebind Flow If checked, flows which are otherwise identical in terms of match criteria
When DSCP will be treated as separate if their DSCP fields differ.
Changes
Rules - 28
FATPIPE-001401
Page 28
Protocol

Protocol String Select a protocol that the flow must match.
Protocol Number Provide the IP protocol number that a flow must match.
Port

Source Port Source port number that a flow must match.
Use for If checked, the Source port will be used for the Destination port as well.
Destination
Destination Port Destination port number that a flow must match.
Conduit Rule Properties

WAN General

Mode Defines transmit mode. Select from the four available methods of
transferring packets: load_balance_paths, which balance across multiple
paths, duplicating across the two most unique paths (duplicate_paths),
sending on a single persistent_path, and override_service.
Retransmit Lost This parameter specifies that flows matching this rule will be sent using
Packets reliable service to the remote appliance and, as such, that any packets
lost will be retransmitted.
Override Service The destination service that flows of this type should go to.
Rules - 29
FATPIPE-001402
Page 29
Traffic
Optimization
TCP Termination
Enable TCP Check to enable TCP Termination feature on TCP-based rules. Please
Termination see the APN Configuration Reference for more information on TCP
Termination.
Min Resource Allows the user to specify the minimum resource allocation percentage
for TCP Termination traffic on this rule. Please see the APN Configuration
Reference for more information.
Enable Packet
Check to aggregate conduit user data packets that match this rule.
Aggregation
Enable GRE
Header Check to perform GRE header compression.
Compression
Enable IP, TCP,
Check to perform IP, TCP, or UDP header compression. This feature will be
UDP Header
available in a future release.
Compression
Application Name A name given to a rule that will allow rule statistics to be summed in
groups when they are displayed.
Track Check to track performance of a rule over time. Data will be recorded in
Performance a session DB including loss, latency, jitter and bandwidth used.
WAN Ingress
Rules - 30
FATPIPE-001403
Page 30
General
Class Select the class number that is to service traffic flows matching this rule.
Large Packet Packets destined for this class which are larger than or equal to this size
Size will follow large packet drop policy. Packets smaller than this size will
follow the small packet drop policy. If the size is set to 0, all packets will
be treated as small packets.
Drop Limit Defines the maximum amount of estimated time that packets smaller
than “class_tail_drop_large_packet_size_bytes” will have to wait in the
class scheduler . If the estimated time exceeds this threshold, the packet
will be discarded and statistics will be counted. Not valid for Bulk classes.
Drop Depth Defines the maximum queue depth of the class scheduler for packets
smaller than “class_tail_drop_large_packet_size_bytes.” If the queue
depth exceeds this threshold, packets will be discarded and statistics will
be counted.
Large Packets
Drop Limit Defines the maximum amount of estimated time that packets larger
than or equal to “class_tail_drop_large_packet_size_bytes” will have to
wait in the class scheduler. If the estimated time exceeds this threshold,
the packets will be discarded and statistics will be counted. Not valid for
Bulk classes.
larger than or equal to “class_tail_drop_large_packet_size_bytes.” If
the queue depth exceeds this threshold, packets will be discarded and
statistics will be counted.
Duplicate
Packets
Duplicate Designates the amount of time a duplicate packet may wait in the
Disable Limit queue before being discarded, which prevents duplicate packets from
consuming bandwidth when bandwidth is limited.
Duplicate Defines the queue depth of the class scheduler at which point duplicate
Disable Depth packets will begin being discarded.
Reassign
Reassign Class The class number to which flows will be reassigned if the reassign size is
exceeded.
Reassign Size After a flow is established, if a packet that exceeds this size is detected
on WAN ingress, the flow will be moved to the class indicated by the
reassign class ID or name.
than “reassign_class_tail_drop_large_packet_size_bytes” will have to
wait in the class scheduler. If the estimated time exceeds this threshold,
the packets will be discarded and statistics will be counted. Not valid for
Bulk classes.
Rules - 31
FATPIPE-001404
Page 31
smaller than “reassign_class_tail_drop_large_packet_size_bytes.” If
Large Packets
than or equal to “reassign_class_tail_drop_large_packet_size_bytes” will
have to wait in the class scheduler. If the estimated time exceeds this
threshold, the packet will be discarded and statistics will be counted.
larger than or equal to “reassign_class_tail_drop_large_packet_size_
bytes.” If the queue depth exceeds this threshold, packets will be
discarded and statistics will be counted.
Duplicate
Packets
Duplicate Defines the amount of time a duplicate packet can remain in the queue
Disable Limit before being discarded. This prevents duplicate packets from consuming
limited bandwidth.
Duplicate Defines the queue depth of the class scheduler at which point duplicate
Disable Depth packets will begin being discarded.
TCP Standalone
ACK
TCP The class that will be used for standalone TCP ACKs. This has no effect on
Standalone packets that are piggyback ACKs with payload.
ACK Class
Size will follow TCP ACK Large Packet Drop Policy. Packets smaller than this
size will follow the small packet drop policy. If the size is set to 0, all
packets will be treated as small packets.
than “tcp_standalone_ack_class_tail_drop_large_packet_size_bytes” will
threshold, the packets will be discarded and statistics will be counted.
Not valid for Bulk classes.
smaller than “tcp_standalone_ack_class_tail_drop_large_packet_
size_bytes.” If the queue depth exceeds this threshold, packets will be
Large Packets
Rules - 32
FATPIPE-001405
Page 32
than or equal to “tcp_standalone_ack_class_tail_drop_large_packet_
size_bytes” will have to wait in the class scheduler. If the estimated time
exceeds this threshold, the packet will be discarded and statistics will be
counted.
larger than or equal to “tcp_standalone_ack_class_tail_drop_large_
packet_size_bytes.” If the queue depth exceeds this threshold, packets
will be discarded and statistics will be counted.
WAN Egress

Enable Packet Defines that traffic flows that match this rule should be tagged for
Resequencing sequence order, and the packets should be reordered (if necessary) at
the WAN Egress appliance.
Hold Time Defines the maximum delay that a packet may be held awaiting re-
sequencing. When the timer expires, the packet will be sent to the LAN
without further waiting for the pre-requisite sequence numbers
Discard Late After a packet’s sequence timer has expired for a dependent packet, and
Resequence the packets were permitted to the LAN, if a late packet does arrives at
WAN egress, this property defines what is to be done with it.
Packets
DSCP Tag Defines a DSCP tag that will be applied to packets that match this rule on
WAN egress, before they are sent to the LAN.
Deep Packet
Inspection

Enable Passive If checked, this parameter will make processing decision based on user
FTP Detection data.
Rules - 33
FATPIPE-001406
Page 33
Initialize Properties
Using Protocol

Initialize
Click to initialize the rule properties using rule defaults and Talari
Properties Using recommended settings for this protocol.
Protocol
Rules - 34
FATPIPE-001407
Page 34
Network Services
Adding Internet Service
Add Network
Service
Type Select Internet or Intranet service.

Name Enter a name for the new service.
Primary Reclaim Check to enable Primary Reclaim.
Default Set Name of the network service defaults that will be used to populate rules.
Internet Rules

applied.
Network Services - 35
FATPIPE-001408
Page 35
IP Address
Source Provide source IP address with which to match source packet addresses.
Use for
Select to use the same IP address for both Source and Destination.
Destination
Destination Provide destination IP address with which to match destination packet
addresses.
DSCP
DSCP Defines an explicit DSCP tag as it is set in IP protocol fields in the IP
header.
Rebind Flow When checked, flows which are otherwise identical in terms of match
When DSCP criteria will be treated as separate if their DSCP fields differ.
Changes
Protocol
String Select a protocol that the flow must match.
Number Provide the IP protocol number that a flow must match.
Port
Source When set, if source port matches this number, the packet will match the
rule.
Use for
Destination
Destination When set, if destination port matches this number, the packet will match
the rule.
Edit Properties

Mode Select from the available methods of transferring and receiving packets:
1. Override Service - Enables the redirection of flows matching this rule
to the selected service rather than through APN.
2. WAN Link - If WAN link is selected and Internet Load Balancing (ILB) is
used, flow will use the specified WAN link and not one chosen by ILB.
FATPIPE-001409
Page 36
WAN Link If WAN link is selected and Internet Load Balancing (ILB) is used, flow will
use the specified WAN link and not one chosen by ILB.
Type The destination service that flows of this type should go to. Used with
Override Service.
Enable Passive If checked, this parameter will make processing decisions based upon
FTP Detection user data.
Adding Intranet Service

Add Network
Service
Type Select Intranet service.

Name Enter a name for the new service.
Primary Reclaim Check to enable Primary Reclaim.
Default Set Name of the network service defaults that will be used to populate rules.
FATPIPE-001410
Page 37
Intranet Rules

applied.
IP Address
Use for
Destination
addresses.
DSCP
header.
Rebind Flow
When checked, flows which are otherwise identical in terms of match
Changes
Protocol
Port
Source Provide an IP subnet, including subnet mask. When set, if source
matches this number, the packet will match the rule.
Use for Select to use the same IP ports for both Source and Destination.
Destination
the rule.
FATPIPE-001411
Page 38
Edit Properties

FATPIPE-001412
Page 39
WAN Links
Add WAN Link
WAN Link Name Provide a name for this WAN link. The flow will use this specified WAN
link and not one automatically chosen by load balancing.
Automatically
Enable Usages for Enables all conduits to use new WAN link.
all Conduits
General

Access Interfaces
Name Provide a name for this Access Interface.
VLAN Select the virtual interface that this WAN link will use to communicate.
WAN Links 40
FATPIPE-001413
Page 40
IP Address Provide the IP address for the talari endpoint to the WAN.
Gateway Provide the IP address for the gateway router.
Conduit Mode Determines the priority for conduit traffic on this WAN link.
Proxy ARP Enables or disables Proxy ARP for the Access Interface. If other links
share the same gateway IP address as this link, both links must have the
same setting for this parameter.
Properties
Access Type Indicates if the WAN link is connected to a private IP network or to the
public Internet.
Enable Public IP Indicates whether the Talari should automatically detect the public IP
Learning address.
Public IP Provide the IP address of the Network Address Translator or proxy server.
Address
Tracking IP Provide the virtual IP that will be correlated with the state of this WAN
Address link, allowing it be tracked via ping utility.
Advanced
Provider ID Designates that this WAN link belongs to the same service provider as
any other WAN link with the same Provider ID.
Provider Link Bytes of header and trailers that are added in addition to every packet for
Frame Cost the WAN link, when transmitted. MTU should count these.
MTU Size Largest raw packet size.
Congestion The number of microseconds of congestion that must be detected on a
Threshold WAN link before it goes into congestion avoidance mode.
Cell Network
Enable Cell Check if WAN link is on a cell network.
Network
Cell Size Size of a cell, including cell header overhead
Cell Header Size of any cell overhead.
Size
Eligibility
Realtime • WAN Ingress: If unchecked, WAN Ingress paths at the local site with
the specified WAN link as their local WAN link will not be used for
Realtime traffic, unless no other path is up.
• WAN Egress: If unchecked, WAN Egress paths at other sites with the
specified WAN link as their remote WAN link will not be used for
Realtime traffic, unless no other path is up.
WAN Links 41
FATPIPE-001414
Page 41
Interactive • WAN Ingress: If unchecked, WAN Ingress paths at the local site with
Interactive traffic, unless no other path is up.
specified WAN link as their remote WAN link will not be used for
Interactive traffic, unless no other path is up.
Bulk • WAN Ingress: If unchecked, WAN Ingress paths at the local site with
Bulk traffic, unless no other path is up.
specified WAN link as their remote WAN link will not be used for Bulk
traffic, unless no other path is up.
Service Properties
Conduit Services
On Enables or disables Services for this WAN link.
Name Name of the Service.
Group The Provisioning Group to which this Service belongs. To manage
Groups, see the Provisioning tab.
Tunnel Header
Size of the VPN tunnel header.
Size
Active MTU If checked, the APNA will perform probes on all WAN Ingress paths for
Detect this service to detect the current MTU.
UDP Port # This will be used as the source UDP port for all WAN Ingress packets sent
from this link. The APNA will also only accept WAN Egress packets at this
link with the Destination Port set to this port number.
WAN Links 42
FATPIPE-001415
Page 42
UDP Hole If checked, the NCN will assist UDP connectivity between compatible
Punching NAT-protected client sites by communicating the source port of received
packets to each client.
UDP Port
Switching
Enable If checked, the WAN link will alternate it’s UDP port at the specified
Interval for paths on this Conduit.
Alt Port # The alternate UDP port the Conduit will use when UDP port switching is
enabled.
Interval The interval at which the Conduit Service will alternate between UDP
Port # and Alt Port #.
Auto-gen Paths If selected, directs the compiler to automatically generate paths between
this WAN link and all other public WAN links that have autopath enabled.
Internet/Intranet
Services
On Enables or disables Services for this WAN link.
Name Name of the Service.
Group The Provisioning Group to which this Service belongs. To manage
Groups, see the Provisioning tab.
Mode The Service’s mode for traffic redundancy or load balancing.
Tunnel Header
Size of the VPN tunnel header.
Size
WAN Ingress The amount of time to buffer WAN Ingress packets when the Service’s
Max Delay provisioned bandwidth is exceeded.
WAN Egress Select to attempt to prevent WAN Egress traffic from exceeding the
Grooming Service’s provisioned bandwidth by randomly discarding packets.
Access Interface Enables Interface failover to the secondary Access Interface when the
Failover primary is unreachable.
WAN Ingress
Select a DSCP tag to apply to WAN Ingress packets on the Service.
Tagging
WAN Egress
Select a DSCP tag to apply to WAN Egress packets on the Service.
Tagging
WAN Egress Assigns WAN Internet Egress packets matching the specified DSCP tag to
Matching the Service.
WAN Links 43
FATPIPE-001416
Page 43
Provisioning
WAN Link Rates

WAN Ingress
Physical Rate The raw bit rate for WAN Ingress traffic.
Permitted Rate The available rate for WAN Ingress traffic.
WAN Egress
Physical Rate The raw bit rate for WAN Egress traffic.
Permitted Rate The available rate for WAN Egress traffic.
Provisioning
Groups
Name The Provisioning Group name and assigned graph color.
# of Services The number of Services belonging to this particular Group.
WAN Ingress
Fair Shares The number of Fair Shares the Service should take from the WAN link’s
eligible Ingress bandwidth, out of the sum of all Groups. This pool is
independant from shares of the Services within the Group.
Fair The Fair rate available to the Services within the Group, based on its Fair
Shares out of all Groups. Includes the Min rates of all Services within the
Group.
WAN Egress
WAN Links 44
FATPIPE-001417
Page 44
Fair Shares The number of Fair Shares the Service should take from the WAN link’s
eligible Egress bandwidth, out of the sum of all Groups. This pool is
independant from shares of the Services within the Group.
Fair The Fair rate available to the Services within the Group, based on its Fair
Shares out of all Groups. Includes the Min rates of all Services within the
Group.
Services
Name The Service name and assigned graph color.
Group The Provisioning Group to which this Service belongs.
WAN Ingress
Min The minimum bandwidth reserved exclusively for this Service.
Max The maximum bandwidth this Service is allowed to utilize.
Shares of The number of Fair Shares this Service should take from its Groups
Group eligible bandwidth, out of the sum of all Shares in the Group.
Fair The Fair rate of the Service, based on its Shares of all the Services in the
Group. Includes the Min rate and does not exceed the Max rate.
WAN Egress
Min The minimum bandwidth reserved exclusively for this Service.
Max The maximum bandwidth this Service is allowed to utilize.
Shares of The number of Fair Shares this Service should take from its Groups
Group eligible bandwidth, out of the sum of all Shares in the Group.
Fair The Fair rate of the Service, based on its Shares of all the Services in the
Group. Includes the Min rate and does not exceed the Max rate.
An Overview of Provisioning
Provisioning allows for the automatic bidirectional (Ingress/Egress) distribution of bandwidth for a
WAN link among the various services associated with that WAN link. Using the APN Configuration
Editor, the user can enter the values in the text fields and directly into the cells of the table like a
spreadsheet. The Provisioning page is shown below in Figure 5. There are three steps to Provisioning
that provide for this bandwidth distribution in a simple and effective way:
1. WAN Link Rates (Setting the WAN link physical and permitted rates)
2. Provisioning Groups (Create and edit groups of shares of bandwidth)
3. Services (View and edit services for groups or individual site WAN links)
We recently introduced the concept of Fair Shares to the provisioning process. Shares are used to
distribute the permitted bandwidth between the provisioning groups. The bandwidth calculated
is based on the shares allocated for a particular group, divided by the total shares for all groups. A
separate pool of shares is used for both WAN Ingress and WAN Egress traffic.
WAN Links 45
FATPIPE-001418
Page 45
Figure 5
WAN Link Rates
This area allows the user to set both the WAN link Physical Rate (the raw bit rate for the incoming/
outgoing traffic), and the WAN link Permitted Rate (the available rate for incoming/outgoing traffic).
Please see Figure 6 below.
WAN Links 46
FATPIPE-001419
Page 46
Figure 6
Provisioning Groups
A Provisioning Group contains a collection of WAN Link bandwidth usages for any given WAN Link.
This allows the user to allocate and distribute the shares of bandwidth among a smaller set of services
at a high level before drilling down to the individual services for fine-tuning. They also provide a
boundary for the automatic redistribution of bandwidth within the child Services of the Provisioning
Group.
In the Provisioning Groups table, shares are used to distribute the WAN Ingress/Egress eligible
bandwidth, which is the Permitted Rate minus the total Min reserved bandwidth of all Services on
the WAN Link. All Services are initially assigned to a “Default” Group that is allocated all of the eligible
bandwidth. The user can create additional Groups and allocate bandwidth to its members by giving
that Group a number of Fair Shares. The resulting total bandwidth for all Services in the Group is then
shown in the Fair (kbps) column. Please see Figure 7 for a view of the Provisioning Groups section.
WAN Links 47
FATPIPE-001420
Page 47
Figure 7
To create a Provisioning Group:
• Click the Add button

• Provide a Group name
• Provide the number of WAN Ingress and WAN Egress Fair Shares required for the new group
• Reassign Services to the new Group using the Group column in the Services table
Provisioning Groups are available to simplify the provisioning process and are not required if they are
not needed.
The Concept of Using Shares
When provisioning bandwidth for APNs with a large number of sites, using percentages does not
allow for enough granularity as the site count increases.
Talari has instituted the use of shares for each of the Services or Groups of Services within the WAN
Link. The total number of shares is up to the user, allowing any amount of granularity or precision
when allocating bandwidth among the different Services. There are two distinct pools of these shares:
WAN Ingress and WAN Egress.
Note that all Services receive their Min Reserved Bandwidth before Fair distribution, which could result
in Groups with equal Fair Shares having disparate Fair Rates. Fair Rates can also be affected by Service
Maximums, if defined.
WAN Links 48
FATPIPE-001421
Page 48
Services
The services definition for a WAN link are determined in this section (see Figure 8 below). For conduit
services, the user would define the fair shares allocated to a client site. By default, all sites are placed
in the “Default” group with the fair shares divided evenly. Services for individual site WAN links are
shown and may be edited here.
• Display desired particular Provisioning Group or all groups by using the pull-down menu
• Add individual services to a Provisioning Group by selecting the service name and choosing
the desired Group
• Set the desired WAN Ingress and Egress minimum and maximum rates, and Group shares for
the service by double-clicking the cell to change the rate or number of shares
• To set an unlimited maximum rate, enter “0” or “no limit” into the cell
• Click the Apply button to save the settings
Figure 8
WAN Links 49
FATPIPE-001422
Page 49
Shares of Group
On this table, the shares are used in the same way as above, but in this case, it is a new pool of shares
within each group used. These shares are used to divide up the bandwidth among the members of a
group based on the ratio of the current service divided by the total number of shares for the group in
which it is a member.
The Minimum rate acts as a base bandwidth allocation for each service, and the amount of bandwidth
available for fair allocation is based on the total permitted for the group minus the sum of the
minimums for each service in the group.
WAN Links 50
FATPIPE-001423
Page 50
High Availability
Add HA Appliance
Name The name of this HA appliance.
HA Appliance

HA Appliance
Name given to HA appliance.
Name
Failover Time How long the standby HA appliance should wait to take over active state
after losing contact with active appliance.
Shared MAC The base MAC address for the HA appliances to use.
Primary Name of the appliance to be used as the primary appliance if primary
Appliance reclaim in enabled, otherwise just the name of either appliance.
Primary Reclaim Check if the primary HA appliance should forcefully take back the active
role from the secondary.
Enable Serial HA Enables an alternate HA configuration where an appliance directly
follows another in a Fail-to-Wire pair.
High Availability - 51
FATPIPE-001424
Page 51
Notes:
1. When deploying high-availability appliances in a fully-inline
topology, Spanning Tree Protoscol (STP) is used to prevent network
loops. As a result, when one of the appliances in a pair goes down, STP
will block communication between them for up to 40 seconds. Because
of this communication loss, the primary appliance will ALWAYS reclaim
in this scenario regardless of the configuration setting.
2. When using HA appliances in one-arm mode, if the only link on the
primary appliance goes down, both primary and secondary appliances
will become active. When the port on the primary box comes up again,
the primary appliance will stay active and the secondary appliance
switches to standby - no matter what the primary reclaim setting is.
HA Interface Group
Virtual Interface Select Virtual Interface to associate with this HA service.

Primary Control Unique virtual IP address the primary HA appliance will use to
IP Address communicate with its peer.
Secondary
Unique virtual IP address the secondary HA appliance will use to
Control IP communicate with its peer.
Address
External Tracking
IP Addresses

Tracking IP The virtual IP that will be correlated with the state of this device. This
Address IP references an external device that responds to ARP requests, and is
reachable from the virtual interface specified in the containing scope.
Device Select the Ethernet interface device to associate with this tracking IP
address.
High Availability - 52
FATPIPE-001425
Page 52
Default Sets
Conduit Default Set
Conduit Default Set
Name Provide a name for this Conduit Default set.

Rule Defaults
Packet Used to allow a lost packet on a fast path to be replaced by its
Duplication replacement on its duplicate path that is slower, without causing reorder
Hold Time issues. Duplicate must be in order as well, as this will hold prior out-of-
order packets up to this time. If the time expires, the waiting packet will
be sent, and the delayed packet will be discarded.drop
Packet
Resequencing
Default Sets - 53
FATPIPE-001426
Page 53
Hold Time Sets the default for the conduit of the maximum wait time for UDP
packets to be held awaiting for resequencing of in-order flows.
Discard Late If the sequence timer has expired, this parameter sets the default
Packets behavior for the conduit. If checked, then any packets received after the
sequence has expired will be discarded. If unchecked, the packets will be
sent.
TCP
Hold Time Sets the default for the conduit of the maximum wait time for UDP
packets to be held awaiting for resequencing of in-order flows.
Discard Late If the sequence timer has expired, this parameter sets the default
Packets behavior for the conduit. If checked, then any packets received after the
sequence has expired will be discarded. If unchecked, the packets will be
sent.
TCP Class The default class ID for TCP-based rules in which class ID or class name
was not set.
UDP Class The default class ID for UDP-based rules in which class ID or class name
was not set.
Other Class The default class for non-TCP and non-UDP rules in which class ID or class
name was not set.
Enable TCP Use for enabling or disabling TCP Termination feature on TCP-based rules.
Termination
Conduit Default Set Classes

Conduit Classes
Class Name Name used to reference this class.

Class Type:
Bulk
Default Sets - 54
FATPIPE-001427
Page 54
Bulk Share Percentage of the all the bulk classes’ share of the conduit bandwidth
Percentage that this class will use.
Interactive
Initial Share Defines the maximum initial rate in as a percentage of the conduit total
bandwidth that this class may consume while the queue depth is less
Sustained This setting defines the rate this class will use of the conduit bandwidth
Share as a percent share of the entire conduit.
Initial Period Defines the queue depth at which switch is made between initial share
and sustained share.
Realtime
Kbits per
Second
Initial Rate Defines the maximum initial rate in kbps that this class may consume
while the queue depth is less than the Initial Period setting.
Sustained Rate Defines the rate this class may consume of the conduit bandwidth in
kbps if queue depth is greater than the Initial Period setting.
Percentage
Initial Rate Defines the maximum initial rate as a percentage of the conduit total
bandwidth that this class may consume while the queue depth is less
Default Sets - 55
FATPIPE-001428
Page 55
Sustained Rate Defines the rate this class will use of the conduit bandwidth as a percent
share of the entire conduit.
Initial Period Defines the queue depth at which switch is made between initial rate
and sustained rate.
Conduit Default Set Rules

Conduit Rules

applied.
IP Address

Source IP Provide source IP address with which to match source packet addresses.
Address
Use for Use the Source IP address for the Destination as well.
Destination
Destination IP Provide destination IP address with which to match destination packet
Address addresses.
DSCP

DSCP Select an explicit DSCP tag as set in IP protocol fields in IP protocol
header.
Rebind Flow If checked, flows which are otherwise identical in terms of match criteria
When DSCP will be treated as separate if their DSCP fields differ.
Changes
Default Sets - 56
FATPIPE-001429
Page 56
Protocol

Protocol Provide the IP protocol number that a flow must match.
Number
Protocol String Select a protocol that the flow must match.
Port

Source Port Source port number that a flow must match.
Destination Destination port number that a flow must match.
Port
Use for The Source port matches the Destination port.
Destination
Conduit Rule Properties

WAN General
Default Sets - 57
FATPIPE-001430
Page 57
Mode Select from the three available methods of transferring packets: Load
balancing across multiple paths, duplicating across the two most unique
paths, and sending on a single persistent path. You may also select to
use an Override Service, which enables the redirection of flows matching
this rule to the selected service rather than through APN.
Retransmit Lost This parameter specifies that flows matching this rule will be sent using
Packets reliable service to the remote appliance and, as such, that any packets
lost will be retransmitted.
Traffic
Optimization
TCP Termination
Enable TCP Check to enable TCP Termination feature on TCP-based rules. Please
Termination see the APN Configuration Reference for more information on TCP
Termination.
Min Resource Allows the user to specify the minimum resource allocation percentage
for TCP Termination traffic on this rule. Please see the APN Configuration
Reference for more information.
Enable GRE
Header Check to perform GRE header compression.
Compression
Enable IP, TCP,
Check to perform IP, TCP, or UDP header compression. This feature will be
UDP Header
available in a future release.
Compression
Enable Packet
Check to aggregate conduit user data packets that match this rule.
Aggregation
Track Check to track performance of a rule over time. Data will be recorded in
Performance a session DB including loss, latency, jitter and bandwidth used.
Default Sets - 58
FATPIPE-001431
Page 58
WAN Ingress

General
Class Select the class number that is to service traffic flows matching this rule.
than “class_tail_drop_large_packet_size_bytes” will have to wait in the
class scheduler . If the estimated time exceeds this threshold, the packet
will be discarded and statistics will be counted. Not valid for Bulk classes.
smaller than “class_tail_drop_large_packet_size_bytes.” If the queue
depth exceeds this threshold, packets will be discarded and statistics will
be counted.
Large Packets
Drop Limit Defines the maximum amount of estimated time that packets larger than
or equal to “class_tail_drop_large_packet_size_bytes” will have to wait
in the class scheduler. If the estimated time exceeds this threshold, the
packet will be discarded and statistics will be counted. Not valid for Bulk
classes.
larger than or equal to “class_tail_drop_large_packet_size_bytes.” If
Duplicate
Packets
Default Sets - 59
FATPIPE-001432
Page 59
Drop Limit Defines the amount of time a duplicate packet can remain in the queue
before being discarded. This prevents duplicate packets from consuming
limited bandwidth.
Drop Depth Defines the queue depth of the class scheduler at which point duplicate
packets will begin being discarded.
Reassign
Reassign Class The class number to which flows will be reassigned if the reassign size is
exceeded.
Reassign Size After a flow is established, if a packet that exceeds this size is detected
on WAN ingress, the flow will be moved to the class indicated by the
reassign class ID or name.
than “reassign_class_tail_drop_large_packet_size_bytes” will have to
wait in the class scheduler . If the estimated time exceeds this threshold,
the packet will be discarded and statistics will be counted. Not valid for
Bulk classes.
smaller than “reassign_class_tail_drop_large_packet_size_bytes.” If
Large Packets
than or equal to “reassign_class_tail_drop_large_packet_size_bytes” will
threshold, the packet will be discarded and statistics will be counted.
larger than or equal to “reassign_class_tail_drop_large_packet_size_
bytes.” If the queue depth exceeds this threshold, packets will be
Duplicate
Packets
Drop Disable Designates the amount of time a packet may wait in the queue before
Limit duplication is not performed. This prevents duplicate packets from
consuming limited bandwidth.
Drop Disable Defines the queue depth of the class scheduler at which point duplicate
Depth packets will not be generated.
TCP Standalone
ACK
Default Sets - 60
FATPIPE-001433
Page 60
TCP The class that will be used for standalone TCP ACKs. This has no effect on
Standalone packets that are piggyback ACKs with payload.
ACK Class
Size will follow TCP ACK Large Packet Drop Policy. Packets smaller than this
size will follow the small packet drop policy. If the size is set to 0, all
packets will be treated as small packets.
than “tcp_standalone_ack_class_tail_drop_large_packet_size_bytes” will
threshold, the packets will be discarded and statistics will be counted.
smaller than “tcp_standalone_ack_class_tail_drop_large_packet_
size_bytes.” If the queue depth exceeds this threshold, packets will be
Large Packets
than or equal to “tcp_standalone_ack_class_tail_drop_large_packet_
size_bytes” will have to wait in the class scheduler. If the estimated time
exceeds this threshold, the packet will be discarded and statistics will be
counted. Not valid for Bulk classes.
larger than or equal to “tcp_standalone_ack_class_tail_drop_large_
packet_size_bytes.” If the queue depth exceeds this threshold, packets
will be discarded and statistics will be counted.
WAN Egress

Enable Packet Defines that traffic flows that match this rule should be tagged for
Resequencing sequence order, and the packets should be reordered (if necessary) at
the WAN Egress appliance.
Hold Time Defines the maximum delay that a packet may be held awaiting re-
sequencing. When the timer expires, the packet will be sent to the LAN
without further waiting for the pre-requisite sequence numbers
Discard Late After a packet’s sequence timer has expired for a dependent packet, and
Resequence the packets were permitted to the LAN, if a late packet does arrives at
WAN egress, this property defines what is to be done with it.
Packets
Default Sets - 61
FATPIPE-001434
Page 61
DSCP Tag Defines a DSCP tag that will be applied to packets that match this rule on
WAN egress, before they are sent to the LAN.
Deep Packet
Inspection

Enable Passive If checked, this parameter will make processing decision based on user
FTP Detection data.
Initialize Properties
Using Protocol

Initialize
Click to initialize the rule properties using rule defaults and Talari
Properties Using recommended settings for this protocol.
Protocol
Default Sets - 62
FATPIPE-001435
Page 62
Internet Default Set

Type Select type of service being added.

Name Enter the name for the service.
Primary Reclaim If checked, this will be the default set for Internet service.
Internet Default Set Rules

Rules

applied.
Default Sets - 63
FATPIPE-001436
Page 63
IP Address
Use for
Select to use the same IP ports for both Source and Destination.
Destination
addresses.
DSCP
header.
Rebind Flow When checked, flows which are otherwise identical in terms of match
Changes
Protocol
Port
rule.
Use for
Destination
the rule.
Edit Properties

Rule Properties
Default Sets - 64
FATPIPE-001437
Page 64
Mode Select from the available methods of transferring and receiving packets:
1. Override Service - Enables the redirection of flows matching this rule
to the selected service rather than through APN.
2. WAN Link - If WAN link is selected and Internet Load Balancing (ILB) is
used, flow will use the specified WAN link and not one chosen by ILB.
WAN Link If WAN link is selected and Internet Load Balancing (ILB) is used, flow will
use the specified WAN link and not one chosen by ILB.
Type The destination service that flows of this type should go to. Used with
Override Service.
Intranet Default Set

Intranet Default Set
Type Select type of service being added.

Name Enter the name for the service.
Primary Reclaim If checked, this will be the default set for Internet service.
Default Sets - 65
FATPIPE-001438
Page 65
Intranet Default Set Rules

applied.
IP Address
Use for
Destination
addresses.
header.
Rebind Flow
When checked, flows which are otherwise identical in terms of match
Changes
Protocol
Port
rule.
Use for
Destination
the rule.
Default Sets - 66
FATPIPE-001439
Page 66
Edit Properties

Override Service The destination Service to which flows of this type should go.
Default Sets - 67
FATPIPE-001440
Page 67
Sample Configuration File

//****************************************
//ncn - raleigh
//****************************************
define site name=raleigh

{
add appliance name=primary
{
set appliance_properties
model=t3000
secure_key=0xcafe0004beef5533
appliance_mode=primary_ncn
default_direct_route_cost=6;
add interface_group
{
set properties
bypass_mode=fail_to_block;
add ethernet_interface device=1;

add virtual_interface name=vlan1 vlan_id=100;
add virtual_interface name=vlan3 vlan_id=native;
}
add interface_group
{
set properties
secure_zone=untrusted
bypass_mode=fail_to_block;

add virtual_interface name=vlan4 vlan_id=native;
}
add virtual_ip_addrn virtual_interface_name=vlan1 ip_addrn=192.168.50.6/24;
add route
net=192.168.0.0/16
gw_ip_addr=192.168.50.5
cost=7
service=local;
add conduit_service remote_site_name=sjc

{
set rule_default
discard_late_tcp_resequence_packets=false
discard_late_non_tcp_resequence_packets=false;
set interactive_class
class_id=1
class_name=udp_class
initial_share_pct=12
sustained_share_pct=12;
Sample Configuration File - 68

FATPIPE-001441
Page 68
set interactive_class
class_id=2
class_name=class_2
initial_share_pct=12
sustained_share_pct=12;
set bulk_class
class_id=3
class_name=class_3
bulk_share_pct=100;
add rule
{
set match_criteria
protocol_str=udp;
set properties
precedence=low;
set ingress_properties
class_name=udp_class;
set wan_properties
transmit_mode=duplicate_paths
retransmit_lost_packets=true;
set egress_properties
resequence_packets=true;
}
}
add internet_service
{
}
add virtual_wan_link name=raleigh-t1

{
add access_interface name=raleigh-t1-accessint0
virtual_interface_name=vlan1
virtual_ip_addr=192.168.50.66
gw_ip_addr=192.168.50.1;
set properties
primary_conduit_access_interface=raleigh-t1-accessint0
wan_ingress_physical_rate_kbps=1444
wan_egress_physical_rate_kbps=1444
wan_ingress_permitted_rate_kbps=1444
wan_egress_permitted_rate_kbps=1444
public_ip_addr=224.54.13.54;
add conduit_usage
remote_site_name=sjc
wan_egress_rate_fair_share=800000
wan_ingress_rate_fair_share=800000
service_group_name=default
wan_egress_minimum_reserved_bandwidth_kbps=200
wan_ingress_minimum_reserved_bandwidth_kbps=200;
add net_usage
service_type=internet
service_group_name=default;
add service_group
name=default
wan_ingress_rate_fair_share=1000000;
}

FATPIPE-001442
Page 69
}
add ha_appliance name=secondary;
add ha_service
{
set properties
primary_appliance_name=primary
secondary_appliance_name=secondary;
add interface_group
{
set interface_properties
primary_ip_addr=192.168.50.101
secondary_ip_addr=192.168.50.102;
}
}
}
//****************************************
//site - sjc
//****************************************
define site name=sjc

{
add appliance name=talari
{
set appliance_properties
model=t730
secure_key=0xcafe7777cafe7777;
add interface_group
{
set properties
bypass_mode=fail_to_wire;

add bridge_pair
device_one=1
device_two=2;
}
add conduit_service remote_site_name=raleigh

{
}
add virtual_wan_link name=sjc-cbl

{
add access_interface name=sjc-cbl-accessint0
virtual_ip_addr=192.168.61.6
gw_ip_addr=192.168.61.1;
set properties
primary_conduit_access_interface=sjc-cbl-accessint0
wan_ingress_physical_rate_kbps=4000
wan_egress_physical_rate_kbps=20000
wan_ingress_permitted_rate_kbps=4000
wan_egress_permitted_rate_kbps=20000
enable_public_ip_learning=true;
add conduit_usage

FATPIPE-001443
Page 70
remote_site_name=raleigh
service_group_name=default
wan_egress_minimum_reserved_bandwidth_kbps=100
wan_ingress_minimum_reserved_bandwidth_kbps=100;
add service_group
name=default
wan_ingress_rate_fair_share=1000000;
}
}
}

FATPIPE-001444
Page 71
Glossary
Adaptive Private Networking (APN)
As used in this guide, the process of using an Adaptive Private Network, or the name for the whole
network that includes the Adaptive Private Networking Appliances, the Wide Area Network, the
Conduits between peer APNAs, as well as other network application services. APN is configured from
a single APNA, which is the Network Control Node (NCN).
Adaptive Private Networking Appliance (APNA)
The general name for a specific Talari network appliance, also occasionally referred to as a Talari
Appliance.
Client Node (Client)
A Talari Client Node is an APN appliance that is located across the Talari network from the NCN.
Although an NCN may potentially have multiple clients, each client has only one NCN.
Conduit Service
The Conduit service is a logical combination of one or more paths, and is the typical mode for
enterprise site-to-site Intranet traffic, utilizing the full value of the Talari’s Adaptive Private Networking.
In this mode, depending on configuration, the traffic is actively managed across multiple WAN links to
create an end-to-end Conduit.
Ethernet Interface
A physical or configurable interface of the APNA. For example, the T730 has nine user-defined
Ethernet Gigabit interfaces, plus a predefined Management interface.
Flow
A flow is a stateful instance (memory) used to track and treat application traffic from its source to its
destination across APN. The properties of a particular flow are derived from the routes, rules, and
service that the traffic flow matches.
Internet Network Service
The Internet Service is for traffic between an enterprise user and sites on the public Internet. Traffic of
this type is not encapsulated. During times of congestion, Talari APN does actively manage bandwidth
by rate-limiting Internet traffic relative to the Conduit and Intranet traffic as per the configuration
established by the administrator.
Intranet Network Service
The Intranet Service is for any portion of enterprise Intranet traffic that has not been defined for
transmission across an APN Conduit. As with Internet traffic, it remains unencapsulated, and APN
manages bandwidth by rate-limiting this traffic relative to other service types during times of
congestion. Note that under certain conditions, and if configured for Intranet Fallback on the Conduit,
traffic between a pair of APNAs that ordinarily travels via a Conduit may instead be treated as Intranet
in order to maintain network reliability.
Network Control Node (NCN)
The NCN is the central APNA that acts as the master controller of APN, as well as the central point of
administration for the client nodes. The NCN’s primary purpose is to establish and utilize a Conduit
with one or more Talari Client Nodes across the network for enterprise site-to-site communications. A
particular NCN can administer and have Conduits to multiple Client Nodes.
Network Service
A logical set of operations performed on the traffic as it uses APN. The set of services supported are
Bypass, Passthrough, Internet, Intranet, and Conduit.
Glossary - 72
FATPIPE-001445
Page 72
Passthrough Network Service

Traffic directed to the Passthrough service includes broadcasts, ARPs and other non-IPv4 traffic, as well
as traffic on the APNA’s local subnet, specifically configured subnets, or rules applied by the network
administrator. The APNA does not delay, shape or modify this traffic. Because the Talari service
does not hinder this traffic, the network administrator must be sure that Passthrough traffic does
not consume substantial resources on the WAN links which the APNA is configured to use for other
services. Example: Passthrough may be used if a host is located on the WAN side of the APNA, but
access to the host does not impact the APNA’s specific WAN links. Think of the special management IP
of the WAN link router as a typical example of a proper explicit use of Passthrough.
Redundant APN Control Protocol (RACP)
The protocol developed by Talari to provide functionality for two high availability (HA) APNAs to
communicate availability information.
Rule
A Talari Networking Service equivalent of a typical router access control list or filter mask. A rule
defines match criteria and properties for IP flows. Flows that match those criteria use the service with
which the rule is associated.
Talari Path
A Talari Path is a logical link between two WAN links.
Talari Conduit Class
A Class is a queued service point into a Talari Conduit. The Class to which traffic is assigned determines
its share of the Conduit bandwidth, permitted queue depth, and its priority, relative to other traffic, for
Talari Network resources.
TCP Termination
TCP termination provides the ability to split a single TCP connection into three separate TCP
connections all managed and maintained by the APN. TCP termination is only used for Conduit traffic.
Traffic Service Types
Traffic Service Types apply while the system is in the Active state noted above.
Trust Relay Points (TRP)
A Cisco Systems software function implemented in voice over IP networks that provides multiple voice
capabilities, such as transversing trusted firewalls.
Trusted WAN Interface
Appliance interface processing network traffic that is protected by a firewall, performing as if it were a
traditional WAN port.
Untrusted WAN Interface
Appliance interface processing network segment traffic that is not being protected by a firewall.
Non-Conduit traffic from the WAN is unable to communicate to any network interface inside of the
appliance. The segment is entirely isolated from the rest of the network with the exception of the
APNs own 128-bit AES-encrypted paths.
WAN Link
The general term for an enterprise’s connection to a WAN. These WAN links are typically connected to
router ports. Some examples of WAN Links are T1, DSL, or Frame Relay.
Glossary - 73
FATPIPE-001446
Page 73
Index
A T
Accessing the Program 6 Talari Configuration Files 6
The Concept of Using Shares 48
C The Site Cloning Process 13
Conduit Default Set 52 Toolbar 11
D V
Default Sets 52 Virtual IP Addresses 20
H
Hardware and Software Requirements 5
High Availability 51
I
Installing Java 6
Interface Groups 19
Internet and Intranet Default Sets 63, 65
Internet or Intranet Service 35, 37
M
Menu Bar 9
N
Navigation 7
Network Service Rule 38
Network Services 35
New NCN or Client Site 12
O
Overview of Provisioning 45
P
Provisioning 44
Provisioning Groups 47
R
Reference Documents 5
Request for Comments 5
Routes 20
S
Sample Configuration File 68
Shares 48
Index - 74
FATPIPE-001447
Page 74
Adaptive Private Networking Configuration Editor User’s Guide
APNware Release 2.5
About Talari™ Networks

Talari Networks is redefining WAN reliability and Talari Networks, Inc.
performance quality. By aggregating multiple
broadband links and continuously adapting to the 550 S.Winchester Blvd., Suite 500
quality of the network, Talari enables true San Jose, CA 95128 USA
enterprise-class quality and reliability at consumer +1 408 689 0400 +1 408 864 2124 fax
prices. Talari’s patented technology delivers 30-100 info@talari.com | www.talari.com
times gain in bandwidth per dollar, 40-90 percent
on-going WAN cost reductions and greater visibility
and reliability than MPLS or any other private
network. Talari has received numerous industry
awards and accolades including being named a
Gartner Cool Vendor, Best of Interop — Performance
Optimization and Techworld Awards — 2012
Networking Application Product of the Year. For
more information, visit www.talari.com.
Talari Networks, Inc. reserves the right to make changes to its products or to discontinue any product or service without notice. Talari is a
trademark of Talari Networks, Inc. All other trademarks mentioned in this document or website are the property of their respective owners.
© Talari Networks, Inc., 2013
FATPIPE-001448
Page 75

v17 EX-1016 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

v17 EX-1016 PDF

Uploaded by

Copyright:

Available Formats

EXHIBIT

About Talari™ Networks

© Talari Networks, Inc., 2013

Talari Networks, Inc.

550 S.Winchester Blvd., Suite 500

• APN Configuration Reference

Hardware and Software Requirements

Supported browsers must have cookies enabled.

Supported browsers must have Javascript installed and enabled.

Display: A minimum screen resolution of 1024 x 960 or greater is recommended.

Request for Comments

Accessing the Program

Talari Configuration Files

Objects and their corresponding Children Objects are listed below.

OBJECTS Child Objects

Conduit Rules, Classes, Paths

New Select to create a new configuration file.

Audit Select to have current loaded configuration validated by the

Export configuration to NCN appliance.

Open a configuration file.

Save a configuration file.

Save an imported configuration file locally.

Add a new NCN or Client site.

Clone an existing Client site.

Add a default Conduit, Internet or Intranet set. Appears

Clone Site Configuration Wizard

Provide site and appliance

Provide a new secure key

Provide new VLAN Virtual IP

Provide new local route

Provide new WAN link

Figure 3. New site ready for audit.

Figure 4. Next steps in the site cloning process message.

Next Steps in the Site Cloning Process

Type a unique appliance name comprised of less than 32 characters,

Packet Used to allow a lost packet on a fast path to be replaced by its

Conduit Rule Properties

Type Select Internet or Intranet service.

Adding Intranet Service

Type Select Intranet service.

WAN Link Rates

• Click the Add button

Name The name of this HA appliance.

Virtual Interface Select Virtual Interface to associate with this HA service.

Name Provide a name for this Conduit Default set.

Conduit Default Set Classes

Class Name Name used to reference this class.

Conduit Default Set Rules

Conduit Rule Properties

Internet Default Set

Type Select type of service being added.

Internet Default Set Rules

Intranet Default Set

Type Select type of service being added.

Intranet Default Set Rules

Sample Configuration File

define site name=raleigh

add ethernet_interface device=1;

add ethernet_interface device=4;

add virtual_ip_addrn virtual_interface_name=vlan1 ip_addrn=192.168.50.6/24;

add virtual_ip_addrn virtual_interface_name=vlan2 ip_addrn=192.168.51.6/24;

add virtual_ip_addrn virtual_interface_name=vlan3 ip_addrn=192.168.52.6/24;

add conduit_service remote_site_name=sjc