Application Acceleration
Reply
Contributor
Okunz
Posts: 22
Registered: ‎07-05-2011
0

SAP application traffic

Hello,

I need some clarification on what exactly the SAP application defined by default on the WXC is.

I noticed on our deployment that the WXC started picking up a lot of SAP traffic (about 3 days ago) & tho they are compressing, the compression statistics aren't impressive so it doesn't do the overall effective WAN capacity a whole lot of good.

Please note that the concern here is also that the customer claims they don't use any SAP application hence my need for clarification on the SAP application.

Thanks
Distinguished Expert
aarseniev
Posts: 1,622
Registered: ‎08-21-2009
0

Re: SAP application traffic

Hello,

in WXOS, the default SAP application is defined as follows:

 

config application add name "SAP" type default
config application rule add name "SAP" src-port 3200,3300-3388,3390-3399,3600-3699 dst-port 1024-65535 
config application rule add name "SAP" src-port 1024-65535 dst-port 3200,3300-3388,3390-3399,3600-3699 

config acceleration active-flow-pipelining application add "SAP"
config reduction network-sequence-mirroring application add "SAP"

 SAP GUI (either thick client or HTTP) needs to have compression disabled to fully benefit from WXOS compression/acceleration. 

Please contact the SAP support (if the traffic you are seeing is indeed SAP) for an advice how to disable SAP compression (must be done either in thick client or SAP server in case of HTTP).

HTH

Rgds
Alex 

 

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Contributor
Okunz
Posts: 22
Registered: ‎07-05-2011
0

Re: SAP application traffic

Hello,

Thanks for the response.

The challenge here is that the customer claims they don't even have the SAP application on their network and the WXCs only started picking A LOT of SAP traffic about 3 days ago. That's exactly what puzzles me here.

Why would the WXC pick up a lot of SAP traffic all of a sudden when the client claims there isn't any SAP application on their network?

And like I said earlier, the compression for this 'supposed' SAP traffic is very poor.

Trusted Contributor
mageshs
Posts: 70
Registered: ‎04-15-2010
0

Re: SAP application traffic

 

Hi,

 

Can you please check the source and the destination ip address shown for the SAP application in the Flow Diagnostics?

 

Please confirm if the source and the destination ip address falls under the Local/Remote routes of the WXC. 

 

Please check for the same flow in both the WXC devices and see if its getting compressed under the Application Defintion name "SAP".

 

Once you confirm the ip address, you can check those clients whether they are really generating the SAP application traffic or not.

 

As you say, there is no SAP traffic , try giving the application definition precedence as the least value for the SAP traffic, so that it will avoid any wrong match of the Application Defintion.

 

Please confirm these.

 

 

Thanks,

Magesh S.

Juniper Networks

Advanced JTAC Engineer - WX/MFC

 

Contributor
Okunz
Posts: 22
Registered: ‎07-05-2011
0

Re: SAP application traffic

Hi Magesh,

I have checked everything.

The source and the destination ip addresses fall under the Local/Remote routes of the WXC; Compression is under the application definition name SAP.

I have given it an IP precedence value of zero under ToS bits in the Advanced application definition for SAP.

Situation still remains thesame. SAP traffic is still being picked up & it's compressing & acceleration (though poorly).

Thanks
Contributor
Okunz
Posts: 22
Registered: ‎07-05-2011
0

Re: SAP application traffic

Please note that the source ip addresses (from HQ) picking up the SAP traffic varies. I have seen about 4 consistent ip addresses & only one of them isn't in the compression subnet and the source port for this ip address is also different from the others. The other source ip addresses (in compression subnet) ALL pick up traffic from source port 5061 while the ip address not in the compression subnet picks up traffic from sorce port 8081.

Also I have noticed the destination ports on the destination ip addresses (which all fall in the compression subnet) are actually port numbers that are pre-defined by default as SAP application on the WXC. So I can say that the clients are actually the ones 'requesting/generating' the SAP traffic.

PS: This is when looking @ flow diags on the Hub.

Thanks

Trusted Contributor
mageshs
Posts: 70
Registered: ‎04-15-2010
0

Re: SAP application traffic

 

Hi,

Are you seeing the same flows in the Spoke WXC as well? Flow i mean, same source ip, source port , destination ip , destination port?


Can you please share (paste) the Application definition for the SAP application. I feel the Application Definition configuration might be wrong.


As i said earlier, try configuring the SAP application definition with least precedence and see if you are still seeing the same issue.

Thanks,
Magesh S.
Juniper Networks
Advanced JTAC Engineer - WX/MFC
 

Contributor
Okunz
Posts: 22
Registered: ‎07-05-2011
0

Re: SAP application traffic

Hi Magesh,

Like I mentioned, the customer doesn't use SAP application in their environment at all so there was nothing defined for SAP application except the one that's defined on the WXC by default (which is only a range of port numbers).

Could you please let me know exactly what you mean by 'least precedence'? How do I go about configuring that for the application?

Also, from what I mentioned earlier (from flow diag analysis), I think it's quite evident that it's d clients generating the SAP traffic right? What are your thoughts on this?

Thanks
Recognized Expert
DannyJ
Posts: 319
Registered: ‎11-02-2007
0

Re: SAP application traffic

Hello,

 

Let me jump in here and explain this one.

 

Basically the L4 traffic definition for SAp uses port numbers, ANYTIME we see ANY FLOW using the defined port numbers we will classify that flow as SAP or what ever application matched that port. With application definitions that use emphenical ports  (ports over 1024) there always exist the possibility that a flow will be mis-clarified as these ports are not reserved and are available to be used by ANY application..Its just that some application have defined themselves as using these particular ports to listen on but this is L4 to be 100% sure when a flow uses a port over 1024 you would require some sort of DPI/IDP to look at the application signature to understand what it is..Just like saying I have an app running on port 80...Oh then its http...maybe it could be twitter/facebook/even telnet.... you get the picture now I hope.

 

If you used some L3 app def (IP based not port based) in your network then some of these mis clarification could be fixed....however I'd say if the app traffic is so small I'd maybe just ignore this traffic mis-clarification.

 

 

Danny Jump
Technical Marketing Manager - Access and Acceleration Business Unit
Contributor
Okunz
Posts: 22
Registered: ‎07-05-2011
0

Re: SAP application traffic

Thanks Danny

I believe I understand your explanaition.

So since there isn't any SAP application being used on the network. My guess is that it's a sort of traffic mis-clarification.

About the volume of traffic being picked up, it's relatively much more than traffic from other applications & the compression isn't so fantastic so it's generally reducing the effective WAN capacity :smileysad: ... I'm happy the other defined applications show good compression statistics indicidually tho but I would just love to see impressive general overall statistics (effective WAN capacity) :smileyhappy:

Let me have your suggestion on this

Regards
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.