TCP Optimization

Table 1. Feature History
Feature Name

Release Information

Description
TCP Optimization Cisco IOS XE Catalyst SD-WAN Release 16.12.1d

This feature optimizes TCP data traffic by decreasing any round-trip latency and improving throughput.

Information about TCP Optimization

Overview of TCP Optimization

TCP optimization fine tunes the processing of TCP data traffic to decrease round-trip latency and improve throughput.

This article describes optimizing TCP traffic in service-side VPNs on Cisco IOS XE Catalyst SD-WAN devices.

Optimizing TCP traffic is especially useful for improving TCP traffic performance on long-latency links, such as transcontinental links and the high-latency transport links used by VSAT satellite communications systems. TCP optimization can also improve the performance of SaaS applications.

With TCP optimization, a router acts as a TCP proxy between a client that is initiating a TCP flow and a server that is listening for a TCP flow, as illustrated in the following figure:

The figure shows two routers acting as proxies. Router A is the proxy for the client, and is called the client proxy. Router B is the proxy for the server, called the server proxy. Without TCP optimization, the client establishes a TCP connection directly to the server. When you enable TCP optimization on the two routers, Router A terminates the TCP connection from the client and establishes a TCP connection with Router B. Router B then establishes a TCP connection to the server. The two routers cache the TCP traffic in their buffers to ensure that the traffic from the client reaches the server without allowing the TCP connection to time out.

It is recommended that you configure TCP optimization on both the routers, the router closer to the client and the router closer to the server. This configuration is sometimes called a dual-ended proxy. It is possible to configure TCP optimization only on the router closer to the client, a scenario called single-ended proxy, but this configuration is not recommended because the TCP optimization process is compromised. TCP is a bidirectional protocol and operates only when connection-initiation messages (SYNs) are acknowledged by ACK messages in a timely fashion.

If both the client and the server are connected to the same router, no TCP optimization is performed.

To use TCP optimization, first enable the feature on the router. Then define which TCP traffic to optimize. Before you configure TCP optimization, to start with the configuration transaction, you can use the following command such as, 

ntp server 198.51.241.229 source GigabitEthernet1 version 4

Topology and Roles

For a branch, the Cisco IOS XE Catalyst SD-WAN device acts as both controller and service-node.

Data Center

For a data center, the controller and service-node roles are performed by separate Cisco IOS XE Catalyst SD-WAN devices. This optimizes performance and enables handling more traffic.

The service-node is an external node that has control connections to vManage to receive configurations.


Note

The service-node Cisco IOS XE Catalyst SD-WAN device must have an underlay connection to the controller on the global VRF to establish an appnav tunnel.

Supported Platforms

Starting from Cisco IOS XE Catalyst SD-WAN Release 17.2.1r, TCP Optimization is supported on the following platforms.

  • Cisco 4331 Integrated Services Router (ISR 4331)

  • Cisco 4431 Integrated Services Router (ISR 4431)

  • Cisco 4321 Integrated Services Router (ISR 4321)

  • Cisco 4351 Integrated Services Router (ISR 4351)

  • Cisco 4451 Integrated Services Router (ISR 4451)

  • Cisco 4461 Integrated Services Router (ISR 4461)

  • Cisco CSR 1000v Cloud Services Router (CSRv)

Minimum Resource Requirements

  • The platforms must have a minimum of 8 GB of DRAM.

  • The platforms must have four or more data cores, with the exception of Cisco 4321 Integrated Services Router (ISR 4321), which is supported in spite of having fewer than four data cores.

TCP Optimization Configuration Examples

Example: Configure Service Insertion using CLI – Branch Router

This example configures a branch Cisco IOS XE Catalyst SD-WAN device to act as controller and service-node. 

service-insertion appnav-controller-group ACG-APPQOE
 appnav-controller 192.3.3.1
!
service-insertion service-node-group SNG-APPQOE
 service-node 192.3.3.2
!
service-insertion service-context appqoe/1
 appnav-controller-group ACG-APPQOE
 service-node-group      SNG-APPQOE
 enable
 vrf global
!

interface VirtualPortGroup2
 no shutdown
 ip address 192.3.3.1 255.255.255.0
 service-insertion appqoe
exit

Example: Configure Service Insertion Using Cisco SD-WAN Manager – Branch Router

For a branch, the Cisco IOS XE Catalyst SD-WAN device acts as both controller and service-node.

This example configures the branch Cisco IOS XE Catalyst SD-WAN device as controller and service-node.


Note

When enabling the AppQoE feature on a device through Cisco SD-WAN Manager, ensure that you remove any Virtual Port Groups (VPG) that already have service-insertion appqoe in their configuration and have an IP address that differs from the one you are pushing through vManage. Enabling AppQoE on a device that has an existing service-insertion appqoe configuration on a VPG could lead to a conflict in configurations. This conflict may result in the AppQoE status remaining indeterminate.

  1. In Cisco SD-WAN Manager, navigate to Configuration > Templates.

  2. At the top of the page, select Feature.

  3. Select a device from one of the device options listed.

  4. Under Other Templates, select AppQoE.

  5. Enter a name and description for the template.

  6. Select the Controller button.

  7. Enter the following details for the controller option:

    • Controller IP: Corresponds to the appnav-controller value that would be configured by the service-insertion appnav-controller-group command when configuring by CLI.

    • Internal: Select this option.

    • Service Node IP: Corresponds to the service-node value that would be configured by the service-insertion service-node-group command when configuring by CLI.

  8. Click Save.

  9. Add the feature template that was created in a previous step, to a device template page. In the AppQoE dropdown menu, select the name of the feature template. Add the AppQoE template you created in the previous following the steps below.

    1. Navigate to Configuration > Templates

    2. Select Device at the top of the page.

    3. From the devices listed on the page, select the device you want to attach the AppQoE template to and click the More Options icon () next to the selected device. Click Edit.

    4. Click Additional Templates and under the AppQoE drop-down menu, select the AppQoE template created.

  10. Click Update.

Example: Configure Service Insertion Using Cisco SD-WAN Manager – Data Center Controller

  1. In Cisco SD-WAN Manager, navigate to Configuration > Templates.

  2. At the top of the page, select Feature.

  3. In Select Devices, select the branch device to configure.

  4. In Other Templates, select AppQoE.

  5. Enter a name and description for the template.

  6. Select the Controller button.

  7. Create a feature template for the Cisco IOS XE Catalyst SD-WAN device acting as controller. Enter:

    • Controller IP: Corresponds to the appnav-controller value that would be configured by the service-insertion appnav-controller-group command when configuring by CLI.

    • Internal: Leave this option unchecked.

    • Service Node IP: Corresponds to the service-node value that would be configured by the service-insertion service-node-group command when configuring by CLI.

  8. Click Save.

  9. Add the feature template that was created in a previous step, to a device template page. In the AppQoE dropdown menu, select the name of the feature template. Add the AppQoE template you created in the previous following the steps below.

    1. Navigate to Configuration > Templates

    2. Select Device at the top of the page.

    3. From the devices listed on the page, select the device you want to attach the AppQoE template to and click the More Options icon () next to the selected device. Click Edit.

    4. Click Additional Templates and under the AppQoE drop-down menu, select the AppQoE template created.

  10. Click Update.

Example: Configure Service Insertion Using vManage – Data Center Service-Node


Note

When enabling the AppQoE feature on a device through vManage, ensure that you remove any Virtual Port Groups (VPG) that already have service-insertion appqoe in their configuration and have an IP address that differs from the one you are pushing through vManage. Enabling AppQoE on a device that has an existing service-insertion appqoe configuration on a VPG could lead to a conflict in configurations. This conflict may result in the AppQoE status remaining indeterminate.

  1. In vManage, open Configuration.

  2. At the top of the page, select Feature.

  3. In Select Devices, select the branch device to configure.

  4. In Other Templates, select AppQoE.

  5. Select the Service Node button.

  6. Create a feature template for the Cisco IOS XE Catalyst SD-WAN device acting as service-node. Enter:

    • Template Name

    • Service Node IP: Corresponds to the appnav-controller value that would be configured by the service-insertion service-node-group command when configuring by CLI.

    • Virtual Port Group IP: Corresponds to the service-node value that would be configured by the interface VirtualPortGroup2 command when configuring by CLI.

  7. Click Save.

  8. Add the feature template that was created in a previous step, to a device template page. In the AppQoE dropdown menu, select the name of the feature template.

  9. Click Create.