?
Solved

Riverbed virtual in-path issue

Posted on 2012-03-21
8
Medium Priority
?
2,952 Views
Last Modified: 2012-03-26
my scheme Hello, dear Experts! I've successfully tried to deploy physical in-path deployment of my riverbed 550 and 1050 and now I am trying to implement virtual in-path configuration. My scheme and pieces of config on the picture. swbr and swhq it is a layer3 cisco 3750. Router - it is a WANem, linux-based router. I am trying to deploy RVBDs via PBR. In network statistic I am seeing passtrough traffic on both RVBDs, but it can not optimize traffic. What is possible mistake or bug in my installation?
0
Comment
Question by:Khitrov
  • 3
  • 3
  • 2
8 Comments
 
LVL 2

Assisted Solution

by:BDC-Net
BDC-Net earned 1500 total points
ID: 37754323
I have never used the riverbed product, but I am familiar with cisco's WAAS. Can riverbed use WCCP?
0
 
LVL 2

Accepted Solution

by:
BDC-Net earned 1500 total points
ID: 37754848
It looks like riverbed can use WCCP. I would try using WCCP instead of PBR. Here is an example config for a 3750 switch:

ip wccp 61 redirect-list 122
ip wccp 62 redirect-list 123

ip wccp 61 redirect in (on inside)
ip wccp 61 redirect in(on outstide)

access-list 122 permit tcp any 10.50.76.0 0.0.0.255
access-list 122 permit tcp 10.50.76.0 0.0.0.255 any

access-list 123 permit tcp any 10.50.76.0 0.0.0.255
access-list 123 permit tcp 10.50.76.0 0.0.0.255 any

Open in new window

0
 

Author Comment

by:Khitrov
ID: 37755282
BDC-Net, It is good, but our IT-security requires to use PBR. RVBD allows to do this, I've configured it relative to RVBD PBR deployment guide.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 500 total points
ID: 37755472
WCCP is safer than PBR, because you are less likely to black-hole traffic like you can with PBR. I use Riverbed with WCCP and it works great.
0
 

Author Comment

by:Khitrov
ID: 37755591
kevinhsieh, PBR on cisco routers can verify next hop address before redirect traffic, it allows to avoid black holes.
0
 
LVL 2

Assisted Solution

by:BDC-Net
BDC-Net earned 1500 total points
ID: 37757194
If I am not mistaken with PBR.... If you reboot the riverbed box or stop your PBR session then the existing TCP sessions it is handling will be dropped. Usually, it isn't too big of a deal due to TCP handshaking, but  I have seen issues. WCCP will wait to stop the service or reboot the box until the sessions are done while not excepting new sessions.
0
 

Author Closing Comment

by:Khitrov
ID: 37769864
Thanks for all. I've configured WCCP solution. It works well.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37769941
@BDC-Net, Cisco can verify that the next hop is alive (responds to ping), but that doesn't mean that the Riverbed is actually able to forward the traffic. For example, the Cisco will send traffic to the Riverbed Steelhead appliance before the appliance has been able to start the optimization service, which wll cause those packets to get dropped. I have tested physical in-path, PBR, and WCCP, and I found WCCP to be the least disruptive to traffic when rebooting the appliance.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not everyone has adapted to a rapid advancement in technology; there are people who are reluctant or afraid to delve into this brave new world of IT. If you have a friend or a family member who suffers from the so-called technophobia, here is how yo…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question