Riverbed adds optimization of SSL traffic

Riverbed Technology is adding SSL support to its Steelhead WAN optimization gear, making it possible to accelerate a potentially large volume of network traffic that the equipment couldn't get at before.

With an upgrade of Riverbed's RiOS software, the Steelhead appliances terminate SSL sessions, optimize the traffic, then re-encrypt the traffic as SSL. Before, the devices did not terminate SSL sessions so they could not access the payload to optimize it, the company says.

"There's a lot of encrypted traffic out there," says Zeus Kerravala, an analyst with the Yankee Group, and it is increasing. Since traffic is encrypted because it is considered important, not optimizing it could slow down a business's most important transactions, he says.

As SSL traffic increases, the accelerating effects that WAN optimization gear has will decrease unless the equipment can proxy SSL sessions and optimize the traffic, Kerravala says.

Blue Coat Systems proxies and optimizes SSL traffic, and Juniper Networks says it has plans to add SSL support to its WAN optimization appliances.

Riverbed says it protects SSL keys and certificates that reside within servers by ensuring they don't leave the data center. The certificates and keys are transferred to a Steelhead appliance in the data center, and it intercepts SSL requests headed for the servers. It then establishes SSL sessions with another Steelhead appliance across the WAN using temporary session keys. The two Steelhead devices talk to each other, the data center-side Steelhead device talks to the servers and the remote appliance talks to client machines trying to access the servers.

Also with the RiOS 4.0 software upgrade Steelhead appliances improve the performance of HTTP traffic by more efficiently retrieving objects that make up Web pages that have been requested before. When a page has been requested through a Steelhead appliance, it stores what objects are needed to build the page. On subsequent requests for the same page, the device asks for groups of objects all at once rather than one after another, saving the time it takes to gather all the necessary objects. This works for HTTP/S traffic as well.

Riverbed claims this boosts the speed of HTTP traffic between seven and 20 times more than RiOS 3.0 software did.

RiOS 4.0 introduces a new technology called Maximum Speed TCP, or MX-TCP, which can ensure that large bandwidth WAN links and links transferring large amounts of data are used efficiently. Standard TCP builds slowly up to maximum speed then drops off when it encounters congestion, then builds up slowly again, making maximum use of bandwidth difficult.

MX-TCP uses Steelhead QoS capabilities to dedicate a guaranteed amount of bandwidth on a connection to certain traffic. The devices then start sending at that maximum bandwidth immediately, rather than building up to it gradually as standard TCP does. The Steelhead appliances also manage the traffic going over the dedicated bandwidth and work in retransmissions of lost packets, the company says.

Riverbed customer Wright-Pierce, an engineering firm, uses QoS upgrades in RiOS 4.0 to limit bandwidth available for sending particularly large files from certain servers. Large aerial color photos, for example, could clog up the T-1 line between headquarters and a branch, making it difficult to do any other business over the link until the photo passed, says Ray Sirois, the firm's IT manager.

The QoS mechanism can limit bandwidth per IP address, he says. "I could do this with QoS on my Cisco routers, but it's just much more complicated," he says.

Blue Coat addresses video

Meanwhile, Blue Coat is making alliances with video vendors so its equipment can prioritize corporate-sanctioned video based on authorization issued by the person publishing the video on the network. Partners include Media Publisher and Jubilant Technologies. Blue Coat gear can then prioritize video, to give sanctioned traffic priority, throttle back unsanctioned video and block forbidden video, the company says.

In other WAN acceleration news, Expand Networks is announcing that infrastructure vendor Huawei-3Com will license Expand's software and sell it on router blades by the end of the year.