Solved

Riverbed SteelHead Deployment

Posted on 2012-03-16
7
1,281 Views
Last Modified: 2012-03-20
Hello, Experts! I've a 2 riverbed devices. SH1050 and SH550. Also our company have a high latency and slow speed satellite link. I would like to deploy RB devices to optimize WAN traffic. I think I need in-path config like this: LAN<->RB<->EDGE-ROUTER<->WAN<->EDGE-ROUTER<->RB<->LAN. Could everybody give me any configuration examples or RB docs. It is true that RB appliance work transparency from LAN to EDGE-ROUTER or RB it is like L3 ROUTER? I can not mind, how i need to configure routing, from which segment should be in-path ip adress?
0
Comment
Question by:Khitrov
  • 4
  • 3
7 Comments
 
LVL 10

Accepted Solution

by:
wdurrett earned 500 total points
ID: 37730108
Your setup as described is correct for an in-path deployment.  You will not need to change any routing at all - The RVBD devices simply pass through the traffic.  If you put them in place and do nothing else, your traffic will continue to flow as it did before.

To select the traffic that is optimized, you can either set up fixed target rules in the RVBDs or allow the units to auto-select the traffic to optimize.  I prefer the fixed target rules, as I want to control what the unit is optimizing.

Please note, depending on your edge router, you may need to make a config change.  TCP has provision for optional header fields identified by an option type field. Options 0 and 1 are exactly one octet which is their type field. All other options have their one octet type field, followed by a one octet length field, followed by length-2 octets of option data.

The standard TCP options are Type 0 (End of Option List), 1 (No-Operation), 2 (Maximum Segment Size, len 4), 3 (WSOPT - Window Scale, len 3), 4 (SACK Permitted, len 2), 5 (SACK, len N), and 8 (TSOPT - Time Stamp Option, len 10).

Type 6-7, and 9-255 have no widespread use and are usually blocked by firewall policies. In fact, Cisco recommends blocking these TCP option types in PIX.

Riverbed uses Type 76 which falls in the Unassigned Type range 28-252.

Some firewall configurations will strip TCP options or else drop packets with these options. (For example, Cisco PIX Firewall IOS 7.0 may block the auto-discovery probe.)

Commands:

access-list tcp-traffic permit tcp any any
class-map tcp-traffic
match access-list tcp-traffic
tcp-map allow-probes
tcp-options range 76 78 allow
policy-map global_policy
class tcp-traffic
set connection advanced-options allow-probes


Also ensure that the service policy is applied globally.


service-policy global_policy global


Now the Steelheads auto-discover each other and work as expected.

You will get the following error if the policy was already applied globally.  This is to be expected.


WARNING: Policy map global_policy is already configured as a service policy
0
 

Author Comment

by:Khitrov
ID: 37732136
My network schemeI've the trouble with optimization. My scheme is on the picture. It is my RB test lab. When I download test file by NetBIOS CIFS on host A from host B second time, it is absolutely like first time. License on Windows File sharing is exists on all RB appliances, but in reports->networking i see that is my connection passtrought, not optimized. Also, in connected appliances i can not see each other from both ends. Both RB health status is ok. All optimization rules by default. What is wrong?
0
 
LVL 10

Expert Comment

by:wdurrett
ID: 37732620
Please see the post above and check that you are allowing tcp probes.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:Khitrov
ID: 37732739
I am sure that my hq router does not drop or filter anything, it Linux machine. But i sm not sure about branch router. It is a cisco 2811, not previosly configured, i took it from box, assigned ip and add static routes. Nothing else. Should i do something with tcp probe settings? Ios version is 12.4. Ipbase. If you know what to do with this, let me know. I will try it at monday at my workplace. Thank you and sorry for my newbie.
0
 

Author Comment

by:Khitrov
ID: 37738112
I have check anything and testing once again. No results. Then I've rebooted both appliances and everyrhing goes well. But it is strange: if I restart optimization service at RB web console, it restarted successfully, health is ok, but scheme still not work until full reboot both appliance. What does it mean?
0
 
LVL 10

Expert Comment

by:wdurrett
ID: 37738160
I am not sure about the 2811.  But if they are optimizing traffic, you are all set.

I am also not sure why you graded my answer as a "B."  I gave you a complete answer on how to setup your RVBDs and even included commands for your router if you needed them.  What would an "A" be for you?
0
 

Author Comment

by:Khitrov
ID: 37742813
Oh, Wdurret! I am so sorry. It was a mistake, I have visit this site from my smartphone and I was missed. Youe answer is very helphull and absolutely for me. Now, both RVBDs optimizing traffic. Tomoroow i will studying about out of path configuration.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following recovery method will work on All Cisco Switchs that run ISO software. You will need a good copy of the IOS version you want you use saved on your PC and a Com's Cable. The software for these switches comes as a .tar file. Tar is …
Do you have a computer or other electronic gear that is attached to a rat nest of cables, or alternatively have your cables all bundled nice at neat?  If so then read this post to sidstep common pitfalls. When I was a student at DeVry University,…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now