Product Documentation

Service Classes

Dec 28, 2012

Service Class Definition Tab

Service classes map applications, IP ranges, incoming Diffserv (DSCP) fields, or VLANs to acceleration and traffic-shaping policies.
Figure 1. Service Class Definition Tab

This page shows the list of defined service classes. This is an ordered list; the first matching service-class definition will be used. Each service class has controls to move the definition within the list, edit the definition, or delete it.

By default, only the service class names are shown, but they can be expanded to summarize their definitions as well.

Creating a New Service Class
Click on the Create button at the top of the page. This will pop up the Create Service Class Page. Give the new service class a name, select an acceleration policy (choices are: none, flow-control only, memory-based compression only, and disk-based compression), assign a traffic-shaping policy, and enter a set of filter rules. Typically a single filter rule will be used, specifying an application or an IP range.

Rules can be based on the application, source and destination IP address, VLAN tag, or the incoming DiffServ (TOS/DSCP) bits. If the SSL Profiles field is used, any traffic matching the service class is considered to also match the selected SSL profile.

The traffic-shaping policies can be set to the same policy for all links or with per-link policies. In most installations, per-link policies are not desirable.

Multiple rules can be specified. Fields within a single rule are ANDed together, so all specified fields must match. When multiple rules are used, they are evaluated in order. If any rule matches, the traffic is considered to belong to the service class.

Traffic-shaping policies are chosen from the pull-down menu. By default, a range of policies from Very Low to Very High are defined, each policy having twice the weighted priority of the next-lower policy. In addition, there is a VoIP Traffic policy that has an effectively infinite weight (and thus must be used with caution), and a Default Policy.

Editing an Existing Service Class
This process is essentially the same as creating a new service class.
Meaning of Acceleration Policies

Flow Control Only--The Flow Control checkbox enables or disables acceleration. Recommended for traffic that is 100% uncompressible because the same data will never be seen twice (mostly encrypted protocols and live video). Note that pre-compressed traffic such as JPG images, ZIP archives, and audio/video streams that are played more than once are all highly compressible on the second pass. For example, if two people play the same YouTube video, the compressor will achieve a high compression ratio for the second users, since the video data will be the same as before and will match the first copy.

Disk Compression--Enables flow control and the full range of compression features (disk-based and memory-based compression). Recommended for most traffic.

Memory-based Compression--Enables flow control and memory-based compression only. This option is rarely used.

Rules are Evaluated In Order
Acceleration policy--When a connection is opened, the first matching policy in the list will be used. Rules can be moved up and down in the list using the Move Up and Move Down buttons. Changes do not take effect until the Apply button is pressed.

Acceleration policies are based solely on information available on the first packet of the connection (the SYN packet). The results of deep packet inspection are not available until later in the connection, so such matches cannot be made.

Acceleration policies are only meaningful on accelerated connections.

Traffic-Shaping Policy--The initial traffic-shaping policy is based on the first packet seen, but deep-packet inspection may change this decision. For example, an application that is defined based on a URL will match when a data packet containing an HTTP GET url command is seen. This will reclassify the traffic-shaping policy for the connection.

All WAN data flows have a traffic-shaping policy, whether they are accelerated or non-accelerated, TCP or non-TCP.

Only Acceleration Features Allowed by Both Units Are Used
Only acceleration options that are agreed upon by both Appliances will be used. For example, if one unit selects compression for a connection and the other does not, the connection will be uncompressed. Traffic will not be accelerated unless there are two Appliances involved, one at either end of the link, and both enable flow-control or compression for the connection.

Other TCP Traffic is a special category that specifies the default acceleration action to take if no other service classes apply.

Special-Case Handling for Internet HTTP/HTTPS
The service class policies for HTTP and HTTPS are split into Private and Internet variants. The reason for this is that some Web sites have paranoid firewalls that reset TCP connections with unknown TCP options, which sometimes include acceleration options. While such connections will be retried as unaccelerated connections after a timeout period, this is time-consuming and annoying to the users.

The Web (Private) and Web (Private-Secure) service classes define HTTP and HTTPS service on the standard private networks of 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16, as defined in RFC1918. These addresses are not routable on the public Internet, and instead are used by most organizations for their private networks. As such, we can assume that the problem of paranoid firewalls will not occur on these networks, and HTTP and HTTPS traffic can be accelerated normally.

The Web (Internet) and Web (Internet-Secure) service classes are for non-private Web traffic and have flow control and compression disabled.

The ordering of the two sets of rules is important; the Private rules need to occur first in the Service Class Policy list.

These rules are not necessary unless Internet traffic passes through a single Appliance. If Internet traffic passes through two Acceleration units (two Appliances or an Appliance and a Plug-in), the Internet rules can be set to the same values as the Private rules, allowing acceleration on all Web traffic.

Traffic Shaping Tab

This tab reiterates the service classes, but with the traffic-shaping policies listed as one line per link, to make it easier to examine or alter per-link policies.