Solved

Riverbed SteelHead Deployment

Posted on 2012-03-16
7
1,291 Views
Last Modified: 2012-03-20
Hello, Experts! I've a 2 riverbed devices. SH1050 and SH550. Also our company have a high latency and slow speed satellite link. I would like to deploy RB devices to optimize WAN traffic. I think I need in-path config like this: LAN<->RB<->EDGE-ROUTER<->WAN<->EDGE-ROUTER<->RB<->LAN. Could everybody give me any configuration examples or RB docs. It is true that RB appliance work transparency from LAN to EDGE-ROUTER or RB it is like L3 ROUTER? I can not mind, how i need to configure routing, from which segment should be in-path ip adress?
0
Comment
Question by:Khitrov
  • 4
  • 3
7 Comments
 
LVL 10

Accepted Solution

by:
wdurrett earned 500 total points
ID: 37730108
Your setup as described is correct for an in-path deployment.  You will not need to change any routing at all - The RVBD devices simply pass through the traffic.  If you put them in place and do nothing else, your traffic will continue to flow as it did before.

To select the traffic that is optimized, you can either set up fixed target rules in the RVBDs or allow the units to auto-select the traffic to optimize.  I prefer the fixed target rules, as I want to control what the unit is optimizing.

Please note, depending on your edge router, you may need to make a config change.  TCP has provision for optional header fields identified by an option type field. Options 0 and 1 are exactly one octet which is their type field. All other options have their one octet type field, followed by a one octet length field, followed by length-2 octets of option data.

The standard TCP options are Type 0 (End of Option List), 1 (No-Operation), 2 (Maximum Segment Size, len 4), 3 (WSOPT - Window Scale, len 3), 4 (SACK Permitted, len 2), 5 (SACK, len N), and 8 (TSOPT - Time Stamp Option, len 10).

Type 6-7, and 9-255 have no widespread use and are usually blocked by firewall policies. In fact, Cisco recommends blocking these TCP option types in PIX.

Riverbed uses Type 76 which falls in the Unassigned Type range 28-252.

Some firewall configurations will strip TCP options or else drop packets with these options. (For example, Cisco PIX Firewall IOS 7.0 may block the auto-discovery probe.)

Commands:

access-list tcp-traffic permit tcp any any
class-map tcp-traffic
match access-list tcp-traffic
tcp-map allow-probes
tcp-options range 76 78 allow
policy-map global_policy
class tcp-traffic
set connection advanced-options allow-probes


Also ensure that the service policy is applied globally.


service-policy global_policy global


Now the Steelheads auto-discover each other and work as expected.

You will get the following error if the policy was already applied globally.  This is to be expected.


WARNING: Policy map global_policy is already configured as a service policy
0
 

Author Comment

by:Khitrov
ID: 37732136
My network schemeI've the trouble with optimization. My scheme is on the picture. It is my RB test lab. When I download test file by NetBIOS CIFS on host A from host B second time, it is absolutely like first time. License on Windows File sharing is exists on all RB appliances, but in reports->networking i see that is my connection passtrought, not optimized. Also, in connected appliances i can not see each other from both ends. Both RB health status is ok. All optimization rules by default. What is wrong?
0
 
LVL 10

Expert Comment

by:wdurrett
ID: 37732620
Please see the post above and check that you are allowing tcp probes.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Khitrov
ID: 37732739
I am sure that my hq router does not drop or filter anything, it Linux machine. But i sm not sure about branch router. It is a cisco 2811, not previosly configured, i took it from box, assigned ip and add static routes. Nothing else. Should i do something with tcp probe settings? Ios version is 12.4. Ipbase. If you know what to do with this, let me know. I will try it at monday at my workplace. Thank you and sorry for my newbie.
0
 

Author Comment

by:Khitrov
ID: 37738112
I have check anything and testing once again. No results. Then I've rebooted both appliances and everyrhing goes well. But it is strange: if I restart optimization service at RB web console, it restarted successfully, health is ok, but scheme still not work until full reboot both appliance. What does it mean?
0
 
LVL 10

Expert Comment

by:wdurrett
ID: 37738160
I am not sure about the 2811.  But if they are optimizing traffic, you are all set.

I am also not sure why you graded my answer as a "B."  I gave you a complete answer on how to setup your RVBDs and even included commands for your router if you needed them.  What would an "A" be for you?
0
 

Author Comment

by:Khitrov
ID: 37742813
Oh, Wdurret! I am so sorry. It was a mistake, I have visit this site from my smartphone and I was missed. Youe answer is very helphull and absolutely for me. Now, both RVBDs optimizing traffic. Tomoroow i will studying about out of path configuration.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Keyboard 4 145
Add Mac address reservation to Sonicwall TZ 210 router 1 56
F5 SSL Sticky Load Balancing Question 3 45
Internet Protocol Security question 3 72
When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question