TRAINING LABS

VIRTUAL ENVIRONMENT

ECNA
EXINDA CERTIFIED NETWORK ADMINISTRATOR

2020
EXINDA TRAINING - ECNA
TRAINING LABS

Laboratory Overview
The Exinda Laboratory lets you perform lab exercises designed to simulate real-world customer networks
and troubleshooting scenarios. Before proceeding with the lab exercises, familiarize yourself with the
laboratory and its components.
Network Layout

Each student has a virtual environment over VMware where you can access through the shared credentials
by instructor for email:

Website:
https://avex-labs.com/guacamole

Remote Desktop:
Then the successful login, each student can see a remote desktop to interact in your environment

Exinda Virtual:
With any web browser in the remote desktop, you can access to Exinda virtual of your network:

Service Name IP Address Description

User: admin
Exinda 192.168.1.254
Password: exinda

Requirements
Before starting into the labs, you will need:
• Web browser, such as Google Chrome or Firefox

If you are unsure if you meet these requirements, please ask your lab instructor.

Tips
Bear in mind these recommendations for you have a best experience with the labs:
• Read the entire exercise before starting
• Experiment with different options
• Please listen to any additional instructions from your lab instructor

PAGE 2
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Lab 1 (Review only)

Deploying and Setting Exinda
Overview
In this exercise we will physically deploy the Exinda appliance into our test network with the case of the
Exinda the unit will remain without power. Once successfully installed our network functionality should be
uninterrupted regardless of the fact that the unit is powered off, thereby proving the bypass functionality of
the unit.

Careful preparations will ensure a smooth and efficient installation:

1. Inspect the package contents. The package contents vary slightly depending on model. In general,
the following items are included:
§ 1 × Exinda appliance
§ 1 × Power Leads
§ 1 × UTP Straight Cable (usually blue)
§ 1 × UTP Crossover Cable (usually red)
§ 1 × Serial Cable

2. Determine the location of the appliance in your network

3. Collect all the information needed for system configuration. The initial configuration wizard requires
the following:
§ Host Name: A name that you give to the Exinda appliance so that you can remember and refer to it more easily.
§ Ethernet Negotiation Settings: Any Ethernet negotiation settings with any particular equipment that the Exinda
appliance will be connected to, such as hard-coded Ethernet speed and/or duplex settings.
§ IP Address and Netmask: An available IP address and netmask.
§ Default Gateway: The default gateway IP address.
§ DNS Server(s): At least 1 DNS server is required, so that the Exinda appliance can resolve hostnames.
§ SMTP Server: An SMTP server, if you wish to receive e-mail notifications from the Exinda appliance.
§ Time Zone: The Exinda appliance's time zone.

Lab Deployment
Step 1 Connect a Ethernet cable (straight or crossover) that connects your Exinda WAN interface
to the Firewall in port with same number your POD and connect with other Ethernet cable
(straight) your Exinda LAN interface to the POD's switch.
NOTE: The Exinda appliance should to be without electric power.

Switch Firewall /
Router

Step 2 Connect your laptop to the POD’s switch and using DHCP get an IP address. You should
get an IP in 172.14.x.100 – 105 (“x” is POD number), write down here your IP, default
gateway and DNS settings.

PAGE 3
2020
EXINDA TRAINING - ECNA
TRAINING LABS

My IP Address: 172.14.___.___ / 24
Default Gateway: 172.14.___.1
DNS: ___.___.___.___

Step 3 Confirm you have a working connection from your LAN to the core network by performing
a “ping” test to your default gateway; your default gateway was checked in previous step.

ping 172.14.x.1 -t

Also, you can confirm connectivity to Internet, by performing a “ping” to any Internet
services, ex:
ping 8.8.8.8 -t

Step 4 Once we have confirmed your existing connectivity we will power on the Exinda appliance,
maintain the recursive ping to your default gateway and Internet services and check to see
if the act of powering up the Exinda causes any packet loss.

Number packet loss: ____

Initial Configuration
Overview
We should now have our Exinda appliance physically installed into the network. The next stage is to add
the basic configuration required in order to allow us full access to the unit. Although we can add numerous
configuration values through the varying interface, in order to achieve basic access, we need to add the IP
details as a bare minimum.

These IP configurations should be:

IP Address: 172.14.x.10
Subnet Mask: 255.255.255.0
Default Gateway: 172.14.x.1
Where “x” should be POD number

Remember the default credential for Exinda is:

User: admin
Password: exinda

Now, Your Exinda device should either have a default IP address or a automatically configured, your
alternatives for configure are:

- Using a serial console cable access the CLI prompt

- Using default IP address into management interface

Below are two cases configuration, which should make only one according to your choice for this lab:

Option 1 - CLI
Step 1 Connect to Console port and use any serial communication Client (ex: Putty), check if you
have any answer asking credential for login in Exinda.

Step 2 Login with admin user and execute the following commands:

PAGE 4
2020
 EXINDA TRAINING - ECNA
TRAINING LABS

> enable
# configure terminal
(config) # _

Step 3 Proceed to change the IP address using one of the following two options:

Option 1.1
Commands Set

Sequence Command Comment

Indicate management port or the bridge to
1. Review default where you want to review the IP.
show interface <eth# or br#>
IP address Ex:
# show Interface br1
2. Disable DHCP Indicate management port or the bridge to
request in disable DHCP.
no interface <eth# or br#> dhcp
interface (if Ex:
applicable) # no interface eth1 dhcp
Indicate management port or the bridge to
3. Assigning an where you’re assigning the IP.
IP address interface <eth# or br#> ip address <IP> Ex:
/<netmask> # interface eth1 ip address 192.168.1.133
/24
Ex:
4. Default ip default-gateway <IP-Gtwy> <interface>
# ip default-gateway 192.168.1.254 eth1
Gateway
Ex:
5. Set date Clock timezone <timezone> # Clock timezone América South Colombia
Clock set hh:mm:ss Bogotá
# Clock set 12:42:41
Ex:
6. Set hostname Hostname <number of POD>
# hostname EX-POD7

Option 1.2
CLI Wizard

Execute the command: (config) # configuration jump-start

Example: EX-2061 console

Exinda-Central (config) # configuration jump-start

Exinda Configuration Jump Start

Warning: Changes are applied immediately after pressing Enter at each question

Step 1: Enable IPv6? [Yes] no

Step 2: Enable IPv6 autoconfig (SLAAC) on eth1 interface? [no] no
Step 3: Use eth1 for management access. Note: This disable br1 (Y/N)? [Y] no
Step 4: Enable br1 (Y/N)? [Y] yes
Step 5: Use DHCP on br1 (Y/N)? [N] no
Step 6: br1 IP address and netmask? 172.14.7.10 /24
Step 7: Enable br3 (Y/N)? [Y] yes
Step 8: Use DHCP on br3 (Y/N)? [N] no
Step 9: br3 IP address and netmask?
Step 10: Default gateway? 172.14.7.1
Step 11: Hostname? EX-POD7
Step 12: Domain name?
Step 13: Primary DNS server? 4.2.2.2
Step 14: SMTP server address? []

PAGE 5
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Step 15: An email address for report and alerts?

Step 16: Admin password (Enter to leave unchanged)?
Step 17: Do you want to configure the interface speed and duplex settings? (Y/N)? [N] no
Step 18: Do you want to change HTTP proxy settings (Y/N)? [N] no
Step 19: Do you want to check for a new license online (Y/N)? [Y] no
Step 20: Enter your license key?
Step 21: Do you want to configure optimization policies (Y/N)? [N] no
Step 22: Check for new firmware (Y/N)? [Y] no

Step 4 Open a browser connection and go to https://configured-IP, (use admin/exinda to log into
the device).

Option 2 - GUI
Step 1 Connect directly your laptop with Exinda into management interface with default IP Address
that is 172.14.1.57, open a Web browser and go to https://172.14.1.57

Step 2 Login with admin user and go to Configuration >>> System >>> Basic Install Wizard, in
this view you should see as the following picture:

Step 3 Start the wizard, taking into account the following information for each step:

Step 1: Select AUTO in Speed and Duplex of connected interface

Step 2: Select static option and complete each item of IP configuration (IP address,
Netmask, Default Gateway and DNS), as well, hostname for this unit with number of POD
(Ex: EX-POD7)

Step 3: Select Next, No configuration is required

Step 4: Select appropriate time zone

Step 5: Select Next, No configuration is required

Step 6: Select Next, No configuration is required

Step 7: Select Next, No configuration is required

Step 8: In two question select NO and then Finish

PAGE 6
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Conclusion
Initial installation of the Exinda product range is quick and simple, requiring very little downtime for the
network. In the case of the x700 and x800 families the installation should be performed with the unit
powered down. This ensures that the bypass functionality is working prior to configuration.

At the end of this laboratory you should be comfortable with adding basic IP structure to your Exinda devices
and should now be in a position to access the unit via a web browser for full management and configuration.

PAGE 7
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Lab 2
Objects
Network Objects

Network objects represent hosts on a network and can include subnets, single hosts, or groups of both.
Once defined, a network object may be used throughout the Exinda appliance for monitoring, for identifying
which traffic should be processed in the policy engine, and to configure other objects, such as applications,
adaptive response rules, application performance score objects, and application performance metric
objects. Network objects are also used to determine which traffic is considered inbound to your network
and which traffic is outbound.

The location of a network object determines the direction of traffic. If one end of the conversation is defined
in an external network object and the other is defined in an internal network object, then traffic from an
external network object to an internal network object is considered inbound traffic. Conversely, traffic from
an internal network object to an external network object is considered outbound traffic.

Step 1 Go to Configuration >>> Objects >>> Network

Step 2 Find “Private net” object and delete following subnets: 10.0.0.0/8, 172.16.0.0/12 and
192.168.0.0/16

Step 3 Define a name and add your IP address of Remote Desktop with following options:
Internal Location and select Subnet Report

Step 4 Select Add New Network Object

Step 5 Generate traffic from remote desktop for about 5 minutes, then review activity using the
historical subnet page (Monitor >>> Subnets)

Application Objects
Application objects are used to classify traffic on the network and are made up of layer 7 signatures or
TCP/UDP port numbers and port ranges. Application classification can be used to monitor traffic or to create
application-specific policy. There are many predefined applications on the appliance. You can add any
applications that are not already in the list.

PAGE 8
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Applications can be created from various combinations of L7 signatures, TCP/UDP port numbers or ranges,
and network object. The following are valid combinations:

§ Applications based on L7 signatures. For example, you can create an application for a particular
website by selecting http, host, and entering the domain of the website.
§ Applications based on L7 signature and TCP/UDP port numbers or ranges, which are OR'd together.
For example, you could define HTTP based on TCP port 80 OR 'http' L7 signature.
§ Applications based on network object and TCP/UDP port numbers or ranges, which are AND'd
together. For example, you could define an application based on a particular port number on a
particular server (specified by network object).
§ Applications based on only network object. For example, you could define an application based on
a particular application server (specified by network object).
§ Applications based on only TCP/UDP port number or ranges. For example, you could create an
application based on a particular port.

<<Network objects cannot be used in conjunction with a layer 7 signature>>

Case 1
Create application objects for capturing all visits performed to following websites in an object for each URL:
www.nba.com
www.fifa.com
www.olympic.org

Step 1 Go to Configuration >>> Objects >>> Applications

Step 2 Write a name that represents the type of traffic, example: Basketball Website

Step 3 You can work with a Layer 7 signature for achieve a better traffic identification, so, select
HTTP in L7 signature, then select host in next field available and write URL of interest in
last field

No configuration is required in other options because to work with signature included

information of protocol and TCP/UDP port

Step 4 Select Add New Application

Step 5 Go to Monitor >>> Real Time and generate traffic of each website with a created object,
validate if new traffic is show with name select in Step 2

PAGE 9
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Case 2
Create an application object for capturing all visits performed to following websites in an only object:
www.ford.com
www.mazda.com
www.bmw.com

Step 1 Go to Configuration >>> Objects >>> Applications

Step 2 Write a name that represents all traffic these websites, example: Car Portals

Step 3 Select HTTP in L7 signature, then select host in next field available and write the first URL
of interest in last field

Step 4 Select Add New Application

Step 5 Search the recent created Application and click in Edit

Step 6 Below of line in defined L7 signature, will show a new field where you can select HTTP
again and repeat Step 3 and 4 with the second URL

Step 7 Considering the explanation of Step 6, please repeat the process with the third URL

Application Groups
Application groups are used to group together applications into a logical group. The application groups can
be used to monitor the traffic or to create policy based on a category. For example, you can monitor and
throttle streaming applications or you can monitor and protect business critical applications categorized as
your ordering system that may include an inventory system and a point of sale system.

There are several predefined application groups, such as Mail, P2P, Voice, etc. You can edit existing
application groups or create new ones.

A given application can exist in multiple application groups. However, monitored groups must not contain
applications which are already a member of another group being monitored. Any given application can only
be monitored within a single application group.

Step 1 Go to Configuration >>> Objects >>> Application >>> Application Groups

PAGE 10
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Step 2 Create an application group object to monitor YouTube, LinkedIn, Facebook and HTTP
traffic on a single group, activate Monitoring option.

Could you generate the requested object? Y ___ N ___

Step 3 Repeat the step 2, but no activate Monitoring option.

Could you generate the requested object? Y ___ N ___

Why this situation?

_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________

Conclusion
Network/application Objects are vital in the discovery of subnet and application traffic. Subnet monitoring
details traffic flow to subnets and offers a comprehensive breakdown of applications, hosts and
conversations. Ensure you are familiar with both network objects and subnet monitoring prior to completing
this exercise.

Users and Group

The Network Users page displays a pre-populated list of users (and their associated IP addresses) from
either the Exinda Active Directory Connector, or from static users entered using the CLI. Select which
individual users you want to define as dynamic network objects. Once a user is defined as a dynamic
network object, it can be used in the Optimizer policies.

The following option is for simulate action of Exinda AD agent, so you can create static users and groups
in this lab but in practice this actions is performed automatically for our agent.

Step 1 Access with admin user for CLI in Exinda Appliance, you can use SSH (with IP Address)
or Serial Console

Step 2 Create a username for your IP address of remote desktop (different name to created in
network objects), in next picture, an example to create an user named “Administrative1”
with IP address 192.168.1.105:

Step 3 Create a user group that included the created users in step 2, in next picture, an example
to create a group named "Administrators" including to "Administrative1" user.

PAGE 11
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Step 4 You can review in Configuration >>> Objects >>> Users & Groups if appears created users
and group, generate traffic and you can view behaviour in Monitor >>> Real Time >>>
Conversations with activate "Show users" option

Step 5 After of 5 minutes of generate traffic, you can review in Monitor >>>Users to obtain a report
by each user

Adaptive Response

Adaptive Response Limits allow administrators to specify rules based on combinations of data transfer
amounts and/or the amount of time on the network, and then establish priorities so that different policies
can be applied both before and after the limit is reached. This allows you to provide data transfer caps,
throttle data transfer after a limit has been reached, or to throttle only particular types of traffic after the limit
has been reached.

To implement such policies, the following steps are required:

1. Create a network object that defines what traffic is to be monitored 


The source network object can either be a static network object, which includes one or more
subnets, or the source network object can be a dynamic network object mapped from an Active
Directory group.

2. Create an adaptive response limit object
The adaptive response limit object allows administrators
to specify the traffic to monitor using a network object, and what data limit or time limit should be
applied and for what period. The appliance then dynamically creates a new network object that
keeps track of the IP addresses that have exceeded their limit.

When a time limit is specified, the time is tracked in increments of 5 minutes and starts counting
down from the first flow for a given user.

3. Create policies intended for the traffic matching the over-the-limit network object and policies
intended for the traffic matching the source network object.

Ensure that the over-the-limit policy filters the traffic using the over-the-limit network object, and
that the policy appears in the policy tree before the policies intended for the users who have not
exceed their quota. Traffic attempts to match the policy tree nodes in a top-down order. Since IP
addresses that have exceeded their quota will match either the destination or source network
object, you need those that exceed their quota to be matched against the destination node first.

When creating the adaptive response limit object, you can create exceptions such that certain IP addresses,
specified by one or more network objects, can be excluded from the limit rules. By editing the adaptive
response limit object, you can specify which IP addresses are exempt from the rule. The exception network
object can be internal or external. By creating an exception for an internal network object, those IP
addresses will not have the limit applied to them. By creating an exception for an external network object,
those IP addresses in the source network object will be excluded when they are conversing with an IP in
the external exception network object.

You can also create an alert that sends an email to the Exinda appliance email recipients when a specified
quota threshold has been exceeded. The email will contain all the IP addresses that have exceeded the
threshold. Note that the Info Emails checkbox must be checked for each recipient on the email
configuration page.

PAGE 12
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Step 1 Go to Configuration >>> Objects >>> Adaptive Response

Step 2 In a new AR object configure the following parameters:

Name: Quota_10M
Source NO: All
Destination NO: Transgresor_Quota
Duration: Daily
Direction: Inbound
Limit Type: Data
Amount (MB): 10
Enable: Yes

Step 3 Select Add New Limit

Step 4 Generate traffic in laptop of each participant and monitoring in Configuration >>> Objects
Network >>> Dynamic using the pull down menu review if any host appear in the list

What should be the obvious next step after an AR object has been configured?

_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________

Application Performance Score

Analysing the performance of networked applications is a common task faced by network administrators.
Often the root cause of an applications poor performance is not understood, and a common response is to
undertake an expensive, often unnecessary upgrade of network capacity.

Application Performance Score (APS) is a technology provided by Exinda that monitors an application's
network performance. The method works by passively measuring several properties of a TCP conversation
and combining them to given an overall score. These properties are referred to as Application Performance
Metrics (APM). APS can be used to replace traditional non-passive methods that attempt to measure
network performance - such as ICMP echo (ping) or SNMP measurements of server load.

PAGE 13
2020
EXINDA TRAINING - ECNA
TRAINING LABS

The APS object is used to assess the network users’ network performance experience of business-critical
applications. The score, ranging between 0 and 10, where 0 is poor and 10 is excellent, indicates whether
the app is performing as well as expected or is performing poorly. By creating an APS object, you indicate
which application to monitor. Optionally, you can also specify a network object so that the application is
only monitored when observed on that part of the network. You set thresholds on one or more network
metrics. Later, traffic for that application is assessed against those thresholds to determine how well the
application is performing.

The appropriate thresholds for an application is unique for each network environment. You can manually
set the thresholds for the network metrics or you can have the system automatically create threshold values
by having the system observe traffic to determine reasonable baseline values. The metrics include network
delay, server delay, round trip time, jitter, and network loss. Note that you can manually set the network
loss metric, however, it will not be automatically be calculated during the baseline analysis. You can use
one or more of these metrics in your APS object. Most applications use transactional protocols. Applications
like Citrix XenApp server or Microsoft Remote Desktop use non-transactional protocols that send
information between the client and server at arbitrary times. With these types of applications, the standard
method of calculating the network delays and server delays does not produce an accurate metric. If the
application uses a non-transactional protocol, you must specify that when creating APS object.

For the baselining analysis, traffic is analyzed during the specified period, and a set of metric thresholds is
generated. The threshold recommendations target an APS of 8.5. If the application reports an APS below
8.5, the application is performing worse than the baseline. If no traffic is observed during the baselining
period, then the appliance will automatically start another the baseline analysis for the next larger time
period. Email will be sent for each unsuccessful baseline analysis.

Step 1 Go to Configuration >>> Objects >>> Service Levels >>> Application Performance Score

Step 2 Click in Add a new APS object

Step 3 In the new APS object configure the following parameters:

APS Name: Corp App
Application: An application with traffic created in Page 9
Network Object – Internal ALL
Network Object – External ALL
Alert enable no check
Auto Baseline no check

In Scoring Metrics:
Normalized Network Delay <<blank>>
Normalized Server Delay <<blank>>

PAGE 14
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Network Delay 50ms

Server Delay 1ms
Network Jitter 2ms
Round Trip Time 50ms
Network Loss 1%

Step 4 Click on “Add New APS Object”

Step 5 Generate traffic into selected application in this APS Object

Step 6 Go to Monitor >>> Service Levels >>> Application Performance Score (APS) where should
now appear in the list of "APS Scores" this created object; bear in mind that APS is a
passive measurement that starts after that traffic is generated, so you have modified to
"Last 5 minutes" in Range option

Step 7 Review delay, jitter and loss for that traffic in the table

APS Metrics Value

Network Delay
Server Delay
Jitter
Network Loss

Conclusion
APS objects are critical to assessing application performance. Monitoring details will allow you to maintain
a single quality indicator for a mission critical application while breaking down on the specific metrics being
evaluated.

PAGE 15
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Lab 3
Monitoring

Overview
This series of exercises in the lab shows the monitoring capabilities of the Exinda. Simple to understand
yet offer a very extensive breakdown of network/application performance and requirements.

Real Time Monitoring

The real-time monitors display information related to the traffic that has passed through your monitored
links during the previous 10 seconds. There are several views into understanding the network traffic in real
time. These include traffic by applications, by hosts (and users), by conversations, and by reduction per
application. Typically, conversations in real time are the most valuable view, as each conversation is shown
separately rather than collapsing across an application or host. Also, the conversation view allows you to
filter the view by IP address or subnet.

When investigating a current issue, the real-time monitors allow you to answer questions like:
§ My link is congested; which conversations, applications, or hosts may be contributing to the
congestion?
§ I know I have an issue with a particular host or subnet; what traffic is that host handling?

Step 1 Access to several websites that generate excessive traffic like social networking,
streaming, software download or news

Step 2 Go to Monitor >>> Real Time and change the value to 10 seconds in “Auto-Refresh Rate”
option

Step 3 Review your generated traffic and identify the following:

• Identify the applications on the link

What is application that consumes more resources?
_____________________________

• Identify internal hosts on the link and bandwidth utilization

What is host/User that consumes more resources?
______________________________

• Identify retransmissions on the link

Which IP address has more retransmissions in your communication?
_______________

• Identify and record the transfer rate, packet rate and number of flows for 5 applications
more representative for both the inbound and outbound connection:

INBOUND CONVERSATIONS
Application Transfer Rate Packet Rate Flows

PAGE 16
2020
EXINDA TRAINING - ECNA
TRAINING LABS

OUTBOUND CONVERSATIONS
Application Transfer Rate Packet Rate Flows

Step 4 Try to generate different traffic to HTTP or HTTPS as FTP, IM or P2P, example:

FTP >>> ftp://ftp.netspace.net.au/pub/ubuntu/releases/

FTP >>> ftp://mirror.cedia.org.ec/ubuntu-releases/
Torrent >>> https://ubuntu.com/download/alternative-downloads

Monitor Historical Data

Monitor >>> Interface

The interface reports allow you to see the volume of traffic flowing into and out of your network in terms of
either the bandwidth consumed (the Interfaces Throughput report) or the volume of packets flowing
outbound from your network (the Interfaces Packets per Second report). These reports can provide answers
to important questions about your network traffic.

Step 1 Go to Monitor >>> Interface and select “Last 60 minutes” in Range option

Step 2 You review generated report and reply these questions:

Is my link is congested? Y ___ N ___ Why?

_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________

Was there a brief maximum burst or is the traffic consistent over average? Y ___ N ___
Why?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________

Monitor >>> Applications

This Report details which applications have consumed the most amount of bandwidth. This monitor allows
us to identify heavy use (legal or illegal) traffic on the Network.

Step 1 Go to Monitor >>> Applications and select “Last 60 minutes” in Range option

Step 2 Identify the number of applications that represent between 80% to 90% total traffic
consumed (Inbound and Outbound)

Qty Inbound Applications: ____

PAGE 17
2020
EXINDA TRAINING - ECNA
TRAINING LABS

What applications:
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________

Qty Outbound Applications: ____

What applications:
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________

Frequently, HTTP app is between TOP 3 of traffic consumed, so is important review URL
report to analyse this traffic type and support the customizing of Applications, as was done
in Case 1 and Case 2 (Application Objects - Page 9)

Step 3 Go to Monitor >>> URLs and select “Last 60 minutes” in Range option

Step 4 You review generated report and reply this question:

Which websites are generating the most traffic?

_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________

Monitor >>> Hosts

The Hosts report shows the top hosts by data volume for the selected time period. Traffic inbound into your
LAN is reported separately from the outbound traffic. You can choose to view either the internal hosts or
the external hosts on the hosts report, and data is graphed separately for Top Listeners and Top Talkers.

This allows an enterprise with multiple sites to monitor all their corporate systems while excluding
monitoring of all the servers on the Internet. These graphs can answer questions such as:
§ What internal hosts are the top talkers and top listeners?
§ Which external hosts are top talkers from which internal hosts are retrieving information?
§ Which external hosts are top listeners from which internal hosts are sending information to?
§ Could one host be choking out my network?

Use this information to determine if you need to create policies for these high data volume hosts. You may
want to create protection policies for your business-critical server machines or create control policies to
limit hosts that are abusing the network.

Step 1 Go to Monitor >>> Host and select “Last 60 minutes” in Range option

Step 2 Revise and identify the TOP host sending and receiving traffic in the following table:

INTERNAL Host Receiving

INTERNAL Host Sending

Step 3 Click in any host (drill down) for detail the applications being used.

Monitor >>> Conversations

The Conversations Report shows the top conversations by data volume for the selected time period. Traffic
inbound to your LAN is reported separately from the outbound traffic. These charts can answer questions
such as, “What are the top conversations on my network? Could one conversation be choking out the other

PAGE 18
2020
EXINDA TRAINING - ECNA
TRAINING LABS

application traffic?” Using this information, you can determine if you need to create policies for these high
data volume conversations. You may want to create limiting policies for particular hosts or users accessing
particular applications.

A conversation is defined as data that is transacted between two host machines using the same application
within a specified time period. Conversations may also be referred to as sessions.

Step 1 Go to Monitor >>> Conversations and select “Last 60 minutes” in Range option

Step 2 Identify the top Inbound conversation

INBOUND conversation

Step 3 Identify the top Outbound conversation

OUTBOUND conversation

Step 4 Analyse this, Could one conversation be choking out the other application traffic?
Y ___ N ___

Why?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________

Monitor >>> Subnets

A network object, referred to as a subnet for monitoring purposes, can include multiple network subnets
and/or multiple IP addresses. The subnets report shows the top subnets by volume and their average
throughput for the selected time period. When subnets are defined, they can be specified as being either
internal to your network or external. The inbound and outbound traffic for these subnets are reported
separately. Inbound and outbound traffic is relative to the subnet, not relative to the Exinda. Subnets are
not required to be mutually exclusive, and so traffic may be reported in more than one subnet. You can
optionally show the top three applications for each of the top subnets.

These charts can answer questions such as:

§ What are the top subnets in my network?
§ How much bandwidth does my subnet for the New York branch or for my finance department or for
my PBX phones typically consume?
§ Do each of my branches or departments (partitioned by subnet) have the same top applications?

Step 1 Go to Monitor >>> Subnets and select “Last 60 minutes” in Range option

Step 2 Identify the following items for your subnet about network object created in exercise page
8:

INBOUND Name % of BW utilized

Top Application
Top User
Top URL

OUTBOUND Name % of BW utilized

Top Application
Top User

PAGE 19
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Top URL

Conclusion
At the end of these labs you should be familiar with the basic monitoring capabilities of the Exinda and be
able to monitor traffic to identify peaks in bandwidth, heavily utilised applications, power users and large
downloads, such as email, P2P or file transfers.

PAGE 20
2020
EXINDA TRAINING - ECNA
TRAINING LABS

LAB 4
Control
Overview

The Optimizer delivers Quality of Service, caching and Application Acceleration (techniques to improve
application performance on the network). The intuitive, policy-based management helps match network
behavior to business objectives.

The optimizer provides:

• Rate shaping
• Traffic prioritization
• Application Acceleration
• Per Host QoS
• ToS/DSCP tagging
• Traffic blocking
• Time-based policies

Optimizer Policies are organized in a tree structure and traffic is matched top-down, first by Circuit (C), then
by Virtual Circuits (VC) and final by Policies (P). As traffic flows through the Exinda appliance, it is first
matched to a Circuit (Bridge), then by Virtual Circuit (in order of Virtual Circuit number) and final by a Policy
within that Virtual Circuit (by order of Policy number).

Once traffic falls into a Virtual Circuit, it will never leave, so it must be captured by a policy within that Virtual
Circuit. Similarly, once traffic is matched by a Policy, it never leaves. The means, more specific Virtual
Circuits and Policies should be configured higher in order (towards the top) whereas more general Virtual
Circuits and Polices should be last.

Lab Preparation
Step 1 Stop all executed scripts in laptops of POD

Step 2 Go to Configuration >>> Optimizer and select “Create New Circuit”

Step 3 In this configuration, please configure according to following picture:

Select the bridge in use

PAGE 21
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Step 4 Click on “Add New Circuit”, bear in mind that you should create a circuit according to
amount of managed links, i.e. 1 managed link then only just 1 Circuit

Step 5 Start Optimizer

Exercise 1
Protecting Mission-critical application from an Aggressive traffic
Step 1 Stop all traffic that you’re generating like downloads, streaming and close all opened
websites

Step 2 Do ping using the following command using a terminal (CMD) and you register the
response time that show this command:

Ping 4.2.2.2 -t

Response time: _____ms

Step 3 Generate excessive traffic and check again the response time in the Ping

Objective:
Using a VC/Policy combination must be able to get echo-reply traffic to respond close to the value under
no load on the link (step 2). Ex: If the destination responded at 5ms with no load on the link, after you
implement your control policies the server should respond to ping traffic around that value with executed
traffic.

Exercise 2
Fairness BW Distribution
Step 1 Stop all traffic that you’re generating like downloads, streaming, close all opened
websites and delete all Virtual Circuit created and restart Optimizer

Step 2 Use the following website:

https://launchpad.net/ubuntu/+cdmirrors?_ga=2.147310327.154812437.1591733545-
2084458567.1591733545

Generate FTP traffic (download) and reply this question:

FTP can consume all bandwidth of managed link? Y ___ N ___

Now, Generate HTTP traffic (Download) and reply this question:

FTP maintains your consumption? Y ___ N ___

Why?
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________

Objective:
Using a VC/Policy combination must be able to allow BW fairness distribution between 2 applications, i.e.
if you generate only FTP traffic should get 100% of the BW but if you generate FTP and HTTP traffic should
get 50% of BW each application.

PAGE 22
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Exercise 3
Priority access
Step 1 Stop all traffic that you’re generating like downloads, streaming, close all opened websites
and delete all Virtual Circuit created and restart Optimizer

Step 2 On a Web browser, please visit https://www.speakeasy.net/speedtest/ and click in “Begin

test”, record the following data:

Download Speed _____Kbps Upload Speed _____Kbps

Step 3 Generate HTTP traffic (Download) and repeat step 2, record the following data again:

Download Speed _____Kbps Upload Speed _____Kbps

Objective:
Using a VC/Policy combination must be able to prioritize access to a SpeedTest website with 100%
background traffic on the link, i.e. with generated FTP traffic, you should obtain the results recorded in step
2.

Exercise 4
Controlling an Exception
Step 1 Stop all traffic that you’re generating like downloads, streaming, close all opened websites
and delete all Virtual Circuit created and restart Optimizer

Step 2 Go to Configuration >>> Objects >>> Adaptive Response and delete any created object

Step 3 In a new AR object configure the following parameters:

Name: Quota_20M
Source NO: All
Destination NO: Transgresor_Quota20MB
Duration: Daily
Direction: Both
Limit Type: Data
Amount (MB): 20
Enable: Yes

Step 4 Select Add New Limit

Objective:
Initially, your traffic should get 100% of BW till any user that has violated its quota where should apply a
control to reduce to 30% of BW, i.e. after a user transfer information to exceed the threshold of 20MB, your
maximum transfer rate must be to 300Kbps.

Additional you can generate a HTML response to notify (overcome your quota), when the user ask
http://www.gfi.com

Example HTML Response:

https://manuals.gfi.com/en/exinda/help/content/exos/objects/config_html_response.htm

PAGE 23
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Exercise 5
Discard an unwanted traffic

Case 1
Step 1 Stop all traffic that you’re generating like downloads, streaming, close all opened websites
and delete all Virtual Circuit created and restart Optimizer

Objective:
Using a VC/Policy combination must be able to allow web traffic to created portals in Lab 2 (Page 9) and
discard all web traffic to the Internet.

Case 2 (Optional)
Objective:
Can you block skype? Can you block it for a single user? Make a diagram of the hierarchy deployed to deny
traffic for a single user in your network.

PAGE 24
2020
EXINDA TRAINING - ECNA
TRAINING LABS

LAB 5 (Review only)

Optimization via Application Acceleration
Overview
In order to accelerate traffic over the WAN, Exinda transparently proxies TCP connections at each and both
the client and server think they have established a connection with each other; however, they have
connected with their local Exinda devices.

By transparently proxying TCP connections like this, Exinda has full control of the TCP connection over the
WAN. It is this WAN connection that TCP Acceleration technologies are applied. In addition to facilitating
other acceleration technologies like WAN Memory and CIFS acceleration, TCP acceleration also provides
window scaling and selectable congestion control algorithms.

In order for you to accelerate/optimize traffic, many elements have to be in place:

- Must have at least 2 units
- Units must be licensed with bandwidth of acceleration
- Devices have to belong to the same community
- The optimizer has to be enabled
- Need to have an acceleration policy

At the end of this activity you should be able:

- Review that the basic elements are in place for WAN optimization to work
- Enable an acceleration policy in your Exinda for a particular application
- Track an accelerated flow through the unit as well as the gains related to that traffic

Remember that a session that is accelerated must be intercepted from the beginning of the flow, ongoing
flows will not be intercepted therefore won’t experience any benefits. CIFS is particularly difficult; you may
need to reboot your station in order to break active flows.

Moving Files Across the WAN

Step 1 Stop all executed scripts in laptops, delete all Virtual Circuit created and restart Optimizer

Step 2 Download a large file from server, measure the time it takes to bring it across the WAN and
the folders. Measure the time it takes to bring them across the WAN:
100MB __ min: __Seg
10MB __ min: __Seg
5MB __ min: __Seg
500KB __ min: __Seg

PAGE 25
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Acceleration Basics
Step 1 Check the following in your unit
License
Community
Acceleration Peers

Step 2 Stop all executed scripts in laptops of POD and delete all Circuit created

Step 3 Go to Configuration >>> Optimization >>> Community, please configure according to

following picture:

Note: IP address 172.14.1.10 corresponds to Instructor’s Exinda

Step 4 Go to Configuration >>> Optimizer >>> Wizard and complete each item to install a default
policy set that included optimization, the following picture is an example of configuration:

PAGE 26
2020
EXINDA TRAINING - ECNA
TRAINING LABS

Optimizing Traffic
Step 1 Generate traffic between laptop and Instructor’s server, as HTTP, FTP and/or shared
folder (CIFS)

Step 2 What would you expect the time to be at the first accelerated pass? How about the second?

HTTP
Archive (Size) 1st pass 2nd pass
100MB
10MB
5MB
500KB

FTP
Archive (Size) 1st pass 2nd pass
100MB
10MB
5MB
500KB

CIFS
Archive (Size) 1st pass 2nd pass
100MB
10MB
5MB
500KB

Step 3 Via CLI (SSH) enable the following commands in your unit:
acceleration wm reduction small-matcher always-list CIFS
acceleration wm reduction small-matcher enable

Step 6 Restart WM, SMB, and TCP services on the unit (Configuration >>> Optimization >>>
Services) and try again

Step 7 Measure your times

CIFS
Archive (Size) 1st pass 2nd pass
100MB
10MB
5MB
500KB

PAGE 27
2020