Solved

Riverbed virtual in-path issue

Posted on 2012-03-21
8
2,753 Views
Last Modified: 2012-03-26
my scheme Hello, dear Experts! I've successfully tried to deploy physical in-path deployment of my riverbed 550 and 1050 and now I am trying to implement virtual in-path configuration. My scheme and pieces of config on the picture. swbr and swhq it is a layer3 cisco 3750. Router - it is a WANem, linux-based router. I am trying to deploy RVBDs via PBR. In network statistic I am seeing passtrough traffic on both RVBDs, but it can not optimize traffic. What is possible mistake or bug in my installation?
0
Comment
Question by:Khitrov
  • 3
  • 3
  • 2
8 Comments
 
LVL 2

Assisted Solution

by:BDC-Net
BDC-Net earned 375 total points
ID: 37754323
I have never used the riverbed product, but I am familiar with cisco's WAAS. Can riverbed use WCCP?
0
 
LVL 2

Accepted Solution

by:
BDC-Net earned 375 total points
ID: 37754848
It looks like riverbed can use WCCP. I would try using WCCP instead of PBR. Here is an example config for a 3750 switch:

ip wccp 61 redirect-list 122
ip wccp 62 redirect-list 123

ip wccp 61 redirect in (on inside)
ip wccp 61 redirect in(on outstide)

access-list 122 permit tcp any 10.50.76.0 0.0.0.255
access-list 122 permit tcp 10.50.76.0 0.0.0.255 any

access-list 123 permit tcp any 10.50.76.0 0.0.0.255
access-list 123 permit tcp 10.50.76.0 0.0.0.255 any

Open in new window

0
 

Author Comment

by:Khitrov
ID: 37755282
BDC-Net, It is good, but our IT-security requires to use PBR. RVBD allows to do this, I've configured it relative to RVBD PBR deployment guide.
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 125 total points
ID: 37755472
WCCP is safer than PBR, because you are less likely to black-hole traffic like you can with PBR. I use Riverbed with WCCP and it works great.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:Khitrov
ID: 37755591
kevinhsieh, PBR on cisco routers can verify next hop address before redirect traffic, it allows to avoid black holes.
0
 
LVL 2

Assisted Solution

by:BDC-Net
BDC-Net earned 375 total points
ID: 37757194
If I am not mistaken with PBR.... If you reboot the riverbed box or stop your PBR session then the existing TCP sessions it is handling will be dropped. Usually, it isn't too big of a deal due to TCP handshaking, but  I have seen issues. WCCP will wait to stop the service or reboot the box until the sessions are done while not excepting new sessions.
0
 

Author Closing Comment

by:Khitrov
ID: 37769864
Thanks for all. I've configured WCCP solution. It works well.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37769941
@BDC-Net, Cisco can verify that the next hop is alive (responds to ping), but that doesn't mean that the Riverbed is actually able to forward the traffic. For example, the Cisco will send traffic to the Riverbed Steelhead appliance before the appliance has been able to start the optimization service, which wll cause those packets to get dropped. I have tested physical in-path, PBR, and WCCP, and I found WCCP to be the least disruptive to traffic when rebooting the appliance.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now