Steelhead®Appliance Deployment Guide Including the Steelhead® Mobile Controller April 2014 © 2014 Riverbed Technology. All rights reserved. Riverbed®, Cloud Steelhead®, Granite™, Interceptor®, RiOS®, Steelhead®, Think Fast®, Virtual Steelhead®, Whitewater®, Mazu®, Cascade®, Shark®, AirPcap®, BlockStream™, SkipWare®, TurboCap®, WinPcap®, Wireshark®, TrafficScript®, FlyScript™, WWOS™, and Stingray™ are trademarks or registered trademarks of Riverbed Technology, Inc. in the United States and other countries. Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed Technology. All other trademarks used herein belong to their respective owners. The trademarks and logos displayed herein cannot be used without the prior written consent of Riverbed Technology or their respective owners. Akamai® and the Akamai wave logo are registered trademarks of Akamai Technologies, Inc. SureRoute is a service mark of Akamai. Apple and Mac are registered trademarks of Apple, Incorporated in the United States and in other countries. Cisco is a registered trademark of Cisco Systems, Inc. and its affiliates in the United States and in other countries. EMC, Symmetrix, and SRDF are registered trademarks of EMC Corporation and its affiliates in the United States and in other countries. IBM, iSeries, and AS/400 are registered trademarks of IBM Corporation and its affiliates in the United States and in other countries. Juniper Networks and Junos are registered trademarks of Juniper Networks, Incorporated in the United States and other countries. Linux is a trademark of Linus Torvalds in the United States and in other countries. Microsoft, Windows, Vista, Outlook, and Internet Explorer are trademarks or registered trademarks of Microsoft Corporation in the United States and in other countries. Oracle and JInitiator are trademarks or registered trademarks of Oracle Corporation in the United States and in other countries. UNIX is a registered trademark in the United States and in other countries, exclusively licensed through X/Open Company, Ltd. VMware, ESX, ESXi are trademarks or registered trademarks of VMware, Incorporated in the United States and in other countries. This product includes Windows Azure Linux Agent developed by the Microsoft Corporation (http://www.microsoft.com/). Copyright 2012 Microsoft Corporation. This product includes software developed by the University of California, Berkeley (and its contributors), EMC, and Comtech AHA Corporation. This product is derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm. NetApp Manageability Software Development Kit (NM SDK), including any third-party software available for review with such SDK which can be found at http://communities.netapp.com/docs/DOC-1152, and are included in a NOTICES file included within the downloaded files. For a list of open source software (including libraries) used in the development of this software along with associated copyright and license agreements, see the Riverbed Support site at https//support.riverbed.com. This documentation is furnished “AS IS” and is subject to change without notice and should not be construed as a commitment by Riverbed Technology. This documentation may not be copied, modified or distributed without the express authorization of Riverbed Technology and may be used only in connection with Riverbed products and services. Use, duplication, reproduction, release, modification, disclosure or transfer of this documentation is restricted in accordance with the Federal Acquisition Regulations as applied to civilian agencies and the Defense Federal Acquisition Regulation Supplement as applied to military agencies. This documentation qualifies as “commercial computer software documentation” and any use by the government shall be governed solely by these terms. All other use is prohibited. Riverbed Technology assumes no responsibility or liability for any errors or inaccuracies that may appear in this documentation. Riverbed Technology 199 Fremont Street San Francisco, CA 94105 Phone: 415.247.8800 Fax: 415.247.8801 Part Number Web: http://www.riverbed.com 712-00003-19 Contents Preface.........................................................................................................................................................1 About This Guide..........................................................................................................................................1 Audience..................................................................................................................................................2 Types of Steelhead Appliances.............................................................................................................2 Document Conventions.........................................................................................................................3 Additional Resources....................................................................................................................................3 Release Notes..........................................................................................................................................4 Riverbed Documentation and Support Knowledge Base.................................................................4 Online Documentation...........................................................................................................................4 Contacting Riverbed......................................................................................................................................4 Internet.....................................................................................................................................................4 Technical Support...................................................................................................................................4 Professional Services..............................................................................................................................5 Documentation........................................................................................................................................5 What Is New...................................................................................................................................................5 Chapter 1 - Optimization Techniques and Design Fundamentals..........................................................7 How Steelhead Appliances Optimize Data...............................................................................................7 Data Streamlining...................................................................................................................................8 Transport Streamlining..........................................................................................................................9 Application Streamlining....................................................................................................................13 Management Streamlining..................................................................................................................14 RiOS Data Store Synchronization..............................................................................................................15 RiOS Data Store Synchronization Requirements.............................................................................15 RiOS Data Store Error Alarms............................................................................................................15 Choosing the Right Steelhead Appliance.................................................................................................16 Deployment Modes for the Steelhead Appliance...................................................................................17 The Auto-Discovery Protocol.....................................................................................................................18 Original Auto-Discovery Process.......................................................................................................19 Configuring Enhanced Auto-Discovery...........................................................................................21 Auto-Discovery and Firewall Considerations.........................................................................................21 Steelhead Appliance Deployment Guide iii Contents Removal of the Riverbed TCP Option Probe....................................................................................21 Stateful Firewall Device in a Multiple In-Path Environment.........................................................22 Multiple In-Path Discovery Behavior.......................................................................................................23 Controlling Optimization...........................................................................................................................24 In-Path Rules.........................................................................................................................................24 Default In-Path Rules...........................................................................................................................25 Peering Rules.........................................................................................................................................25 The Kickoff and Automatic Kickoff Features...................................................................................26 Controlling Optimization Configuration Examples...............................................................................28 Configuring High-Bandwidth, Low-Latency Environment...........................................................28 Configuring Pass-Through Transit Traffic........................................................................................30 Fixed-Target In-Path Rules.........................................................................................................................33 Configuring a Fixed-Target In-Path Rule for an In-Path Deployment.........................................34 Fixed-Target In-Path Rule for an Out-Of-Path Deployment..........................................................35 Best Practices for Steelhead Appliance Deployments............................................................................36 Chapter 2 - Network Integration Tools....................................................................................................39 Redundancy and Clustering......................................................................................................................39 Physical In-Path Deployments...........................................................................................................39 Virtual In-Path Deployments..............................................................................................................40 Out-of-Path Deployments...................................................................................................................40 Fail-to-Wire and Fail-to-Block....................................................................................................................41 Overview of Link State Propagation.........................................................................................................41 Connection Forwarding..............................................................................................................................42 Configuring Connection Forwarding................................................................................................43 Multiple-Interface Support Within Connection Forwarding.........................................................44 Failure Handling Within Connection Forwarding..........................................................................44 Connection-Forwarding Neighbor Latency.....................................................................................45 Overview of Simplified Routing................................................................................................................45 Chapter 3 - WAN Visibility Modes...........................................................................................................49 Overview of WAN Visibility......................................................................................................................49 Correct Addressing......................................................................................................................................50 Transparent Addressing..............................................................................................................................51 Port Transparency.................................................................................................................................52 Full Address Transparency.................................................................................................................53 Full Address Transparency with Forward Reset..............................................................................55 Implications of Transparent Addressing..................................................................................................56 Stateful Systems....................................................................................................................................56 Network Design Issues........................................................................................................................57 Integration into Networks Using NAT..............................................................................................60 The Out-of-Band Connection.....................................................................................................................69 Overview of OOB Connections and Addressing Modes................................................................70 iv Steelhead Appliance Deployment Guide Contents Configuring OOB Connection Destination Transparency..............................................................70 Configuring OOB Connection Full Transparency...........................................................................71 Configuring WAN Visibility Modes.........................................................................................................72 Chapter 4 - QoS Configuration and Integration.....................................................................................75 Overview of Riverbed QoS.........................................................................................................................76 Introduction to Riverbed QoS.............................................................................................................76 Enforcing QoS Policies using Riverbed QoS....................................................................................78 Integrating Steelhead Appliances into Existing QoS Architectures.....................................................78 WAN-Side Traffic Characteristics and QoS.......................................................................................79 QoS Integration Techniques................................................................................................................79 QoS Marking.........................................................................................................................................80 Application Flow Engine............................................................................................................................83 Overview of Application Flow Engine..............................................................................................83 AFE and Microsoft Lync......................................................................................................................84 Basic Outbound QoS...................................................................................................................................84 Configuring Basic Outbound QoS.....................................................................................................85 Basic Outbound QoS Mode Restrictions...........................................................................................86 WAN Oversubscription.......................................................................................................................87 Advanced Outbound QoS..........................................................................................................................88 QoS Classes............................................................................................................................................88 Choosing a QoS Enforcement System...............................................................................................91 QoS Class Parameters..........................................................................................................................92 QoS Rules...............................................................................................................................................94 Inbound QoS.................................................................................................................................................98 Inbound QoS Limitations....................................................................................................................99 Inbound QoS Limits...........................................................................................................................100 Guidelines for the Maximum Number of QoS Classes, Sites, and Rules..........................................100 LAN Bypass................................................................................................................................................103 QoS for IPv6................................................................................................................................................103 QoS in Virtual In-Path and Out-of-Path Deployments........................................................................104 QoS in Multiple Steelhead Appliance Deployments............................................................................104 QoS and Multiple WAN Interfaces.........................................................................................................105 QoS Enforcement Best Practices..............................................................................................................105 Migrating Between Basic and Advanced Outbound QoS Modes......................................................107 Upgrading to RiOS v6.5 or Later.............................................................................................................108 Chapter 5 - QoS Configuration Examples............................................................................................109 Visualizing and Drawing Your QoS Configuration..............................................................................109 Configuring QoS Using Best Practices....................................................................................................113 Example QoS Scenario.......................................................................................................................113 Configuring QoS on the Data Center Steelhead Appliance.........................................................115 Steelhead Appliance Deployment Guide v Contents Configuring QoS on the Branch Office Steelhead Appliance......................................................119 Configuring QoS Marking on Steelhead Appliances...........................................................................121 Configuring QoS for Citrix Traffic...........................................................................................................125 Configuring Basic Outbound QoS and Citrix Traffic in a Pure Interactive Environment.......125 Configuring Inbound QoS and Citrix Traffic..................................................................................127 Configuring Advanced Outbound QoS and Citrix Traffic in a Mixed-Traffic Environment..131 Configuring QoS and MX-TCP................................................................................................................135 Creating Host Labels.................................................................................................................................141 Configuring QoS for SSL Common Name Matching...........................................................................142 Configuring QoS for PCoIP......................................................................................................................143 Configuring QoS for SnapMirror............................................................................................................145 Chapter 6 - Path Selection.....................................................................................................................151 Overview of Path Selection......................................................................................................................151 Path Selection Implementation................................................................................................................152 Path Selection Properties...................................................................................................................152 Example Path Selection Implementation........................................................................................153 Identifying Traffic Flow Candidates................................................................................................154 Site Default Path.........................................................................................................................................156 Configuring Riverbed Path Selection.....................................................................................................157 Valid Path Selection Deployment Design Examples............................................................................159 Basic Multiple Route Path Deployment..........................................................................................160 Complex Parallel Path Deployment................................................................................................162 Complex Single In-Path Interface Deployment.............................................................................163 Serial Deployment..............................................................................................................................164 Firewall Path Traversal Deployment...............................................................................................164 Path Selection and Virtual In-Path Deployment...................................................................................166 Design Validation.......................................................................................................................................167 Design Considerations..............................................................................................................................169 Chapter 7 - Physical In-Path Deployments...........................................................................................171 Overview of In-Path Deployment...........................................................................................................171 The Logical In-Path Interface...................................................................................................................172 In-Path IP Address Selection.............................................................................................................173 In-Path Default Gateway and Routing............................................................................................173 Failure Modes.............................................................................................................................................174 Fail-to-Wire Mode...............................................................................................................................174 Fail-to-Block Mode.............................................................................................................................175 Configuring Failure Modes...............................................................................................................176 Configuring Link State Propagation.......................................................................................................176 Cabling and Duplex...................................................................................................................................177 vi Steelhead Appliance Deployment Guide Contents Choosing the Correct Cables.............................................................................................................177 Duplex Configuration........................................................................................................................178 Troubleshooting Cable and Duplex Issues.....................................................................................179 Physical In-Path Deployment Configuration Examples......................................................................180 Configuring a Basic Physical In-Path Deployment.......................................................................180 Configuring a Physical In-Path with Dual Links Deployment....................................................182 Configuring a Serial Cluster Deployment with Multiple Links..................................................183 In-Path Redundancy and Clustering Examples....................................................................................184 Configuring Master and Backup Deployments.............................................................................184 Configuring Serial Cluster Deployments .......................................................................................187 Configuring Simplified Routing..............................................................................................................191 Multiple WAN Router Deployments......................................................................................................192 Configuring Multiple WAN Router Deployments Without Connection Forwarding.............194 Configuring Multiple WAN Router Deployments with Connection Forwarding....................198 802.1Q Trunk Deployments......................................................................................................................206 Overview of VLAN Trunk.................................................................................................................207 Configuring a Steelhead Appliance on an 802.1Q Trunk Link....................................................208 Capturing Network Traces Using tcpdump...................................................................................209 Layer-2 WAN Deployments.....................................................................................................................209 Layer-2 WANs.....................................................................................................................................209 Broadcast Layer-2 WANs...................................................................................................................210 VLAN Bridging Deployments.................................................................................................................211 Overview of VLAN Bridging Deployment.....................................................................................211 VLAN Bridging Considerations.......................................................................................................212 VLAN Bridging Variations................................................................................................................213 Chapter 8 - Virtual In-Path Deployments..............................................................................................217 Overview of Virtual In-Path Deployment..............................................................................................217 Configuring an In-Path, Load-Balanced, Layer-4 Switch Deployment.............................................218 Configuring Flow Data Exports in Virtual In-Path Deployments......................................................220 Chapter 9 - WCCP Virtual In-Path Deployments..................................................................................221 Overview of WCCP...................................................................................................................................221 WCCP Fundamentals................................................................................................................................222 Service Groups....................................................................................................................................222 Assignment Methods.........................................................................................................................223 Redirection and Return Methods.....................................................................................................225 WCCP Clustering and Failover........................................................................................................227 Multiple In-Path WCCP.....................................................................................................................228 The Advantages and Disadvantages of WCCP.....................................................................................228 Configuring WCCP...................................................................................................................................229 Basic Steps for Configuring WCCP..................................................................................................229 Configuring a Simple WCCP Deployment.....................................................................................230 Steelhead Appliance Deployment Guide vii Contents Adding a Steelhead Appliance to an Existing WCCP Deployment............................................233 Configuring a WCCP High Availability Deployment...................................................................234 Configuring a Basic WCCP Router..................................................................................................242 Configuring Additional WCCP Features...............................................................................................243 Specifying the Service Group Password.........................................................................................243 Configuring Multicast Groups.........................................................................................................244 Configuring Group Lists to Limit Service Group Members........................................................245 Configuring Access Control Lists.....................................................................................................246 Configuring Load Balancing in WCCP...........................................................................................249 Flow Data in WCCP..................................................................................................................................252 Verifying and Troubleshooting WCCP Configurations.......................................................................252 Chapter 10 - Policy-Based Routing Virtual In-Path Deployments......................................................255 Overview of PBR........................................................................................................................................255 PBR Failover and Cisco Discovery Protocol...................................................................................256 Alternate PBR Failover Mechanisms...............................................................................................257 Connecting the Steelhead Appliance in a PBR Deployment...............................................................258 Configuring PBR........................................................................................................................................258 Overview of Configuring PBR..........................................................................................................258 Configuring a Steelhead Appliance to Directly Connect to the Router......................................259 Configuring a Steelhead Appliance to Connect to Layer-2 Switch.............................................260 Configuring a Steelhead Appliance to Connect to a Layer-3 Switch..........................................262 Configuring a Steelhead Appliance with Object Tracking...........................................................263 Configuring a Steelhead Appliance with Multiple PBR Interfaces.............................................264 Configuring Multiple Steelhead Appliances to Connect to Multiple Routers..........................265 Configuring PBR for Load-Balancing WAN Circuits....................................................................268 Configuring Local PBR for ICMP Redirection in a Mixed MTU Environment.........................272 Exporting Flow Data and Virtual In-Path Deployments.....................................................................273 Chapter 11 - IPv6.....................................................................................................................................275 Overview of IPv6.......................................................................................................................................275 RiOS RFC Compliance and Feature Compatibility.......................................................................276 IPv6 Addressing..................................................................................................................................278 Traffic Interception.............................................................................................................................279 In-Path Rules..............................................................................................................................................280 Deployment Options.................................................................................................................................280 Configuring an In-Path Steelhead Appliance IPv6 Deployment................................................281 Configuring a Steelhead Appliance Serial Cluster IPv6 Deployment........................................282 Configuring a Connection Forwarding and Steelhead Appliance IPv6 Deployment..............284 Configuring a Virtual In-Path Steelhead Appliance IPv6 Deployment.....................................285 Configuring a Fixed-Target Rule Steelhead Appliance IPv6 Deployment................................286 Protocol Support........................................................................................................................................287 Verification and Troubleshooting............................................................................................................287 viii Steelhead Appliance Deployment Guide Contents Chapter 12 - Packet Mode Optimization...............................................................................................289 Overview of Packet Mode Optimization................................................................................................289 Comparison with TCP Proxy Mode Optimization...............................................................................289 Configuring Packet Mode Optimization................................................................................................290 Design Considerations..............................................................................................................................294 Best Practices for Packet Mode Optimization........................................................................................295 Chapter 13 - Satellite Optimization.......................................................................................................297 Overview of Satellite Networks...............................................................................................................297 Impact of Latency...............................................................................................................................298 Impact of Loss.....................................................................................................................................298 Satellite Transport Options................................................................................................................299 Overview of SCPS......................................................................................................................................299 SCPS Benefits.......................................................................................................................................300 Common Uses for SCPS....................................................................................................................300 SCPS and Steelhead Appliances.......................................................................................................300 TCP Optimization for Satellite Environments.......................................................................................301 SCPS Discovery...................................................................................................................................302 Transport Optimization for Satellite Environments......................................................................302 Configuring Automatic Detect TCP Optimization........................................................................305 Integrating the Steelhead Appliance with Existing Satellite Modem TCP Acceleration.........306 Licensing SCPS on a Steelhead Appliance.............................................................................................306 Configuring Satellite Optimization Features.........................................................................................307 Configuring Transport Optimization..............................................................................................307 Configuring Rate Pacing...................................................................................................................311 ........................................................Configuring Single-Ended Connection Rule Table Settings311 Configuring Single-Ended Rules......................................................................................................313 Verification and Troubleshooting............................................................................................................315 Analyzing Connection Optimization Information........................................................................316 Analyzing Packets for Discovery Probe Stripping........................................................................319 Understanding the Health of the Satellite Signal...........................................................................321 Potential Performance Impact of Loss at the Start of Flow..........................................................322 Variance in SCPS Performance.........................................................................................................322 Chapter 14 - VPN Routing and Forwarding..........................................................................................323 Overview of NSV with VRF Select..........................................................................................................323 Virtual Routing and Forwarding .....................................................................................................324 NSV with VRF Select .........................................................................................................................325 IOS Requirements...............................................................................................................................326 Prerequisites for NSV.........................................................................................................................326 Example NSV Network Deployment.....................................................................................................326 Configuring NSV.......................................................................................................................................328 Basic Steps for Configuring NSV.....................................................................................................329 Steelhead Appliance Deployment Guide ix Contents Configuring the Data Center Router...............................................................................................329 Configuring the PBR Route Map......................................................................................................330 Decoupling VRF from the Subinterface to Implement NSV........................................................331 Configuring Static Routes.................................................................................................................331 Configuring the Branch Office Router ............................................................................................332 Configuring the Data Center Steelhead Appliance.......................................................................333 Configuring the Branch Office Steelhead Appliance ...................................................................333 Chapter 15 - Out-of-Path Deployments.................................................................................................335 Overview of Out-of-Path Deployment...................................................................................................335 Limitations of Out-of-Path Deployments...............................................................................................336 Configuring Out-of-Path Deployments..................................................................................................337 Chapter 16 - Data Protection Deployments..........................................................................................339 Overview of Data Protection....................................................................................................................339 Planning for a Data Protection Deployment.........................................................................................340 LAN-side Throughput and Data Reduction Requirements.........................................................340 Predeployment Questionnaire..........................................................................................................342 Configuring Steelhead Appliances for Data Protection.......................................................................345 Adaptive Data Streamlining Feature Settings................................................................................346 CPU Settings........................................................................................................................................346 Best Practices for Data Streamlining and Compression................................................................347 MX-TCP Settings.................................................................................................................................348 The Steelhead Appliance WAN Buffer Settings.............................................................................348 The Router WAN Buffer Settings.....................................................................................................348 Common Data Protection Deployments................................................................................................349 Remote Office, Branch Office Backups............................................................................................349 Network Attached Storage Replication...........................................................................................349 Storage Area Network Replication..................................................................................................350 Designing for Scalability and High Availability...................................................................................351 Overview of N+M Architecture.......................................................................................................351 Using MX-TCP in N+M Deployments............................................................................................351 SnapMirror Optimization.........................................................................................................................353 Troubleshooting and Fine-Tuning...........................................................................................................354 Third-Party Interoperability.....................................................................................................................355 Chapter 17 - Storage Area Network Replication..................................................................................357 Overview of SAN Replication..................................................................................................................357 Storage Optimization Modules................................................................................................................358 FCIP Optimization Module...............................................................................................................358 SRDF Optimization Module.............................................................................................................361 Best Practices for SAN Replication Using TCP/IP...............................................................................366 x Steelhead Appliance Deployment Guide
Description: