1. Manuals
  2. Brands
  3. Riverbed Manuals
  4. Network Hardware
  5. SteelHead 570-SD
  6. User manual

Riverbed SteelHead 570-SD User Manual

Version steelhead sd 2.0, steelconnect 2.11.1
Hide thumbs Also See for SteelHead 570-SD:
Table of Contents

Advertisement

Quick Links

See also: Installation Manual
SteelHead
SD User Guide
Models 570-SD, 770-SD, 3070-SD, SDI-2030
Version SteelHead SD 2.0, SteelConnect 2.11.1
December 2018

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SteelHead 570-SD and is the answer not in the manual?

Questions and answers

Related Manuals for Riverbed SteelHead 570-SD

Summary of Contents for Riverbed SteelHead 570-SD

  • Page 1 SteelHead SD User Guide ™ Models 570-SD, 770-SD, 3070-SD, SDI-2030 Version SteelHead SD 2.0, SteelConnect 2.11.1 December 2018...
  • Page 2 © 2019 Riverbed Technology, Inc. All rights reserved. Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed. All other trademarks used herein belong to their respective owners. The trademarks and logos displayed herein cannot be used without the prior written consent of Riverbed or their respective owners.

  • Page 3: Table Of Contents

    Contents Welcome to SteelHead SD ........................7 Documentation and release notes ................... 7 Contacting Riverbed ........................ 7 1 - Introducing SteelHead SD ......................9 Introducing SteelHead SD ....................... 9 SteelHead SD and SteelConnect feature compatibility by model........... 11 SD-WAN feature restrictions for SteelHead SD 2.0 ..............12 SteelHead feature changes after upgrading to SteelHead SD 2.0 ..........
  • Page 4 Contents 4 - Configuring Local Subnet Discovery on SteelHead SD..............31 Introducing local subnet discovery ..................31 Routing criteria ........................31 Defining global subnet discovery at the organization level ............ 32 Defining local subnet discovery ..................... 33 5 - Configuring BGP, OSPF, Static Routing, and Route retraction on SteelHead SD......37 Configuring BGP on SteelHead SD ..................
  • Page 5 Contents Symmetric and asymmetric uplink connectivity .............. 76 Layer 2 and Layer 3 support at the branch ............... 77 Failure conditions ......................78 Prerequisites......................... 79 Configuring a SteelHead SD HA pair ..................80 Configuring the AUX port on the HA pair ................80 Configuring the LAN zone for the SteelHead SD HA pair ..........
  • Page 6 Contents SVM ports ........................101 RVM ports ........................102 vSH ports ........................102 B - TOS, DSCP, QoS Traffic Class Table....................103 TOS, DSCP, and QoS Traffic Classes Table ................103 SteelHead SD User Guide...

  • Page 7: Welcome To Steelhead Sd

    For a high-level look at how SteelConnect works, see the SteelConnect Manager User Guide. Documentation and release notes The most current version of all Riverbed documentation can be found on the Riverbed Support site at https://support.riverbed.com. See the Riverbed Knowledge Base for any known issues, how-to documents, system requirements, and common error messages.
  • Page 8 Welcome to SteelHead SD Contacting Riverbed SteelHead SD User Guide...

  • Page 9: Introducing Steelhead Sd

    Introducing SteelHead SD SteelHead SD combines SD-WAN and cloud networking capabilities (powered by SteelConnect) with Riverbed WAN optimization (powered by RiOS) into a single appliance. SteelHead SD seamlessly integrates advanced SD-WAN functionality with industry-leading WAN optimization, security, and visibility services all in one streamlined appliance. SteelHead SD WAN optimization reduces bandwidth utilization and accelerates application delivery and performance, while providing SteelConnect integration in the SteelOS environment.
  • Page 10 Introducing SteelHead SD Introducing SteelHead SD SteelHead SD 2.0 advanced routing and high availability (HA) features are supported on the SteelHead SD 570-SD, 770-SD, and 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch. For details, see the SteelHead SD User Guide and the SteelConnect Manager User Guide. Figure 1-1.

  • Page 11: Steelhead Sd And Steelconnect Feature Compatibility By Model

    SteelHead SD and SteelConnect feature compatibility by model Introducing SteelHead SD SteelHead SD and SteelConnect feature compatibility by model Feature SteelHead SDI- SDI-130 SDI-330 SDI-1030 SDI- Virtual GW Cloud GW 570-SD, 2030 5030 770-SD, 3070-SD eBGP iBGP OSPF — single area OSPF —...

  • Page 12: Sd-Wan Feature Restrictions For Steelhead Sd 2.0

    Introducing SteelHead SD SD-WAN feature restrictions for SteelHead SD 2.0 Feature SteelHead SDI- SDI-130 SDI-330 SDI-1030 SDI- Virtual GW Cloud GW 570-SD, 2030 5030 770-SD, 3070-SD Brownfield transit for (As an (As an (As an (As an (As an internet- edge edge edge...
  • Page 13 RADIUS/Authentication server RADIUS/Authentication server under Sites configuration in SCM is not under Sites configuration in supported on SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-2030 appliances. Consult with your Riverbed sales engineer or Riverbed Professional Services at http://www.riverbed.com/services/index.html. SteelHead SD User Guide...

  • Page 14: Steelhead Feature Changes After Upgrading To Steelhead Sd 2.0

    Introducing SteelHead SD SteelHead feature changes after upgrading to SteelHead SD 2.0 SteelHead feature changes after upgrading to SteelHead SD 2.0 These tables summarize the SteelHead features after you upgrade SteelHead appliances to SteelHead SD 2.0 appliances. For details on upgrading SteelHead appliances to SteelHead SD 2.0 appliances, see the SteelHead SD In-Field Upgrade Guide.

  • Page 15: Steelhead Features Changed After Upgrading To Steelhead Sd 2.0

    SteelHead feature changes after upgrading to SteelHead SD 2.0 Introducing SteelHead SD SteelHead feature Feature after upgrading to SteelHead SD 2.0 Management access controls SteelHead SD supports SteelHead management access controls including Radius and TACACS, and role-based access. TCP dump export SteelHead SD supports SteelHead export of TCP dumps.
  • Page 16 Sites supported on SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-2030 appliances. Consult with your Riverbed sales engineer or Riverbed Professional Services at http://www.riverbed.com/services/index.html. Redirection of UDP traffic Redirection of UDP traffic through the virtual SteelHead is not supported in through the virtual SteelHead SteelHead SD 2.0.
  • Page 17 SteelHead feature changes after upgrading to SteelHead SD 2.0 Introducing SteelHead SD SteelHead feature Feature after upgrading to SteelHead SD 2.0 Source NAT on underlay traffic Source NAT on underlay traffic is not supported on SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-2030. SteelHead SD appliances do not perform source NATing on underlay traffic exiting via the Internet uplink if it is destined for a private address, regardless of the configured outbound NAT setting.

  • Page 18: Hardware And Software Requirements

    Introducing SteelHead SD Hardware and software requirements Hardware and software requirements Riverbed component Hardware and software requirements SteelHead SD appliance The SteelHead SD 570-SD and 770-SD appliances are desktop models. The SteelHead SD 3070-SD appliance requires a 19-inch (483 mm) four-post rack. For details, see the Rack Installation Guide.

  • Page 19: Ethernet Network Compatibility

    Hardware and software requirements Introducing SteelHead SD Make sure the firewall ports 80 and 443 are open so that software installation and SCM operations aren’t blocked. For details on SteelConnect default ports, see the SteelConnect Manager User Guide. Ethernet network compatibility The SteelHead SD appliance supports these Ethernet networking standards.
  • Page 20 Introducing SteelHead SD Hardware and software requirements SteelHead SD User Guide...

  • Page 21: Configuring Wan Optimization

    Configuring WAN Optimization This topic describes how to enable WAN optimization for SteelHead SD 2.0. It includes these sections: “Overview” on page 21  “Assigning the in-path IP address and default gateway in SCM” on page 22  “Enabling WAN Optimization in SCM” on page 23 ...

  • Page 22: Assigning The In-Path Ip Address And Default Gateway In Scm

    Configuring WAN Optimization Assigning the in-path IP address and default gateway in SCM When WAN optimization is enabled, a virtual SteelHead instance is automatically provisioned by the system. The primary port on the SteelHead SD appliance is connected directly to the primary interface of the virtual SteelHead instance.

  • Page 23: Enabling Wan Optimization In Scm

    Enabling WAN Optimization in SCM Configuring WAN Optimization 3. Under IPv4 Network, specify the LAN zone subnet. Write down this IP address. You will use this address when you configure the inpath0_0 interface for WAN optimization on the virtual SteelHead instance.
  • Page 24 Configuring WAN Optimization Enabling WAN Optimization in SCM 2. Select the SteelHead SD appliance to expand the page. 3. Select the Services tab. Figure 2-2. Enabling WAN optimization in SCM 4. Under WAN Optimization Service, fill out these required session attributes: WAN Optimization Service - Click Enabled to enable the WAN optimization service for the selected ...

  • Page 25: Identifying The Primary Ip Address Of The Steelhead

    Enabling WAN optimization on the virtual SteelHead instance Configuring WAN Optimization Identifying the primary IP address of the SteelHead You use the primary IP address to connect to the virtual SteelHead instance. You can identify the primary IP address of the SteelHead in one of the following ways: When SteelConnect acts as the DHCP server - You can set the SteelConnect virtual gateway to act ...
  • Page 26 Configuring WAN Optimization Enabling WAN optimization on the virtual SteelHead instance 4. Choose Networks > Networking: In-Path Interfaces. Figure 2-3. In-Path Interfaces page 5. Select the interface to expand the page. Figure 2-4. Configuring the in-path interface 6. Type the IP address that you assigned in SCM. For details, see “To assign the in-path IP address and the default gateway in SCM”...

  • Page 27: Troubleshooting

    Troubleshooting Configuring WAN Optimization 7. Type the subnet mask address. The subnet mask on the in-path must match the subnet mask on the zone (typically /24, but it can be whatever you specified in the zone settings). 8. Type the IP address that you assigned in SCM for the default gateway. For details, see “To assign the in-path IP address and the default gateway in SCM”...
  • Page 28 Configuring WAN Optimization Troubleshooting SteelHead SD User Guide...

  • Page 29: Configuring Zscaler On Steelhead Sd

    Configuring Zscaler on SteelHead SD This topic describes how to integrate Zscaler on SteelHead SD 2.0. It includes these sections: “Zscaler overview” on page 29  “Key features” on page 29  “SteelHead SD Restrictions” on page 29  “Basic steps” on page 30 ...

  • Page 30: Basic Steps

    Configuring Zscaler on SteelHead SD Basic steps Basic steps Perform these basic steps to configure Zscaler. For details, see the SteelConnect Manager User Guide. 1. On SCM, enable Zscaler by selecting the Zscaler Cloud. 2. On SCM, select the ZEN lists either automatically or manually. 3.

  • Page 31: Configuring Local Subnet Discovery On Steelhead Sd

    Configuring Local Subnet Discovery on SteelHead SD This topic describes how to configure SteelHead SD 2.0 to discover global and local subnets on the LAN side of the network. It includes these topics: “Introducing local subnet discovery” on page 31 ...

  • Page 32: Defining Global Subnet Discovery At The Organization Level

    Configuring Local Subnet Discovery on SteelHead SD Defining global subnet discovery at the organization level Zone inclusion list - You select one or more of the configured LAN zones. Routes whose next-hop  interface matches one of the selected zones are qualified as local subnets. Preexisting zones that are directly connected to a site are added to the list automatically.

  • Page 33: Defining Local Subnet Discovery

    Defining local subnet discovery Configuring Local Subnet Discovery on SteelHead SD 3. Click New Included Network. Figure 4-2. Defining included networks 4. Specify a Classless Inter-Domain Routing (CIDR) IPv4 address, including the network prefix to be included in local subnet autodiscovery. 5.
  • Page 34 Configuring Local Subnet Discovery on SteelHead SD Defining local subnet discovery To define local subnet discovery 1. Choose Network Design to display the sites for the organization. 2. Select the site for which you want to define local subnet discovery. 3.
  • Page 35 Defining local subnet discovery Configuring Local Subnet Discovery on SteelHead SD 8. Specify a Classless Inter-Domain Routing (CIDR) IP address, including the network prefix, and click Submit. 9. Click Included Next Hop. Figure 4-7. Defining the next hop 10. Enter the IPv4 IP address for the next hop, and click Submit. 11.
  • Page 36 Configuring Local Subnet Discovery on SteelHead SD Defining local subnet discovery 4. Under Local subnet discovery exclusion, click On to globally exclude subnets and next hops. Whatever subnets were configured for inclusion or exclusion at the organization level can be inherited at the site level.

  • Page 37: Configuring Bgp, Ospf, Static Routing, And Route Retraction On Steelhead Sd

    Configuring BGP, OSPF, Static Routing, and Route retraction on SteelHead SD This topic describes how to configuring SteelHead SD 2.0 Border Gateway Protocol (BGP), open shortest path first (OSPF) with an area border router (ABR), static routing, and route retraction. It includes these sections: “Configuring BGP on SteelHead SD”...

  • Page 38: Configuring Bgp On Steelhead Sd

    Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD Configuring BGP on SteelHead SD SteelHead SD 2.0 provides support for both exterior Border Gateway Protocol (eBGP) and interior Border Gateway Protocol (iBGP). SteelHead SD doesn’t restrict BGP to the LAN or the WAN; it can communicate with its associated neighbors regardless of whether it is on the LAN or WAN.
  • Page 39 Configuring BGP on SteelHead SD Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD 5. Specify a name for the BGP neighbor. 6. Specify the IP address of the BGP neighbor. 7. Specify the remote AS number that the BGP peer belongs to: for example, 200. The range is from 1 to 4294967295.

  • Page 40: Configuring Inbound And Outbound Prefixes, As Paths

    Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD Configuring BGP on SteelHead SD 11. Repeat this process for other SteelHead SDs behind other routers. Note: BGP redistribution and summarization can only be configured after you have defined route maps and prefixes.

  • Page 41: Configuring Bgp Route Redistribution

    Configuring BGP on SteelHead SD Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD AS list - Specify the AS paths. The route to the neighbor is permitted if the AS path matches the  regular expression in the AS path list. Routemap - Specify the route policy for the BGP neighbor.

  • Page 42: Configuring Bgp Route Summarization

    Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD Configuring BGP on SteelHead SD 5. Click the search selector to select the route map. This option only applies to those route maps with the use case of static and connected route injection in BGP. This option redistributes static and connected routes in BGP using a list of IPv4 prefixes.

  • Page 43: Viewing Bgp Status

    Configuring OSPF with ABR on SteelHead SD Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD 4. Click Automatic to have the system calculate the prefixes automatically, or click Manual to specify the prefix. For automatic prefix calculation, specify a starting and an ending address, and SteelConnect ...

  • Page 44: Introducing Ospf With Abr

    Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD Configuring OSPF with ABR on SteelHead SD “Creating OSPF areas” on page 48  “Redistributing OSPF settings” on page 50  “Configuring OSPF route summarization” on page 52 ...
  • Page 45 Configuring OSPF with ABR on SteelHead SD Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD To create an OSPF network 1. Deploy the SteelHead SD and assign a zone and uplink to a port. 2. Choose Routing > OSPF. 3.
  • Page 46 Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD Configuring OSPF with ABR on SteelHead SD For a routing device to become an OSPF neighbor with another device, both devices must belong to the same area ID and their passwords and authentication methods must match. Inherit Org Defaults - Click On to allow the OSPF network and area to automatically inherit the ...

  • Page 47: Configuring Ospf Interfaces

    Configuring OSPF with ABR on SteelHead SD Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD The routing device that has the highest priority value on the logical IP network or subnet is elected as the designated router. A priority value of 0 means that the routing device never becomes the designated router;...

  • Page 48: Creating Ospf Areas

    Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD Configuring OSPF with ABR on SteelHead SD 2. Select the OSPF Interfaces tab. 3. Click Attach Interface. Figure 5-9. Attaching an OSPF interface 4. Fill out these interface attributes: Zone Uplink - Select the zone or uplink to attach to the OSPF area.
  • Page 49 Configuring OSPF with ABR on SteelHead SD Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD To create an OSPF area 1. Choose Routing > OSPF and select the OSPF network for which you want to create an area. 2.

  • Page 50: Redistributing Ospf Settings

    Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD Configuring OSPF with ABR on SteelHead SD Click Off to define unique settings for the network and to lock the network configuration so any changes do not overwrite the settings. This OSPF network’s settings will change to match the new values.
  • Page 51 Configuring OSPF with ABR on SteelHead SD Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD 2. Select the Redistribute Settings tab. Figure 5-11. Redistributing OSPF settings 3. Optionally, specify the default metric with a range of 1 to 16777214. The ABR generates a default route with a specified metric into the stub area.

  • Page 52: Configuring Ospf Route Summarization

    Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD Configuring OSPF with ABR on SteelHead SD – Type 1 (EI)- This type includes the external cost to the destination as well as the cost (metric) to reach the AS boundary router. –...

  • Page 53: Viewing Ospf Status

    Defining static routing on SteelHead SD Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD 6. Fill out the these attributes for automatic or manual: Summarized Prefix - Specify the IP prefix designated for the range of addresses, including the ...

  • Page 54: Route Retraction For Steelhead Sd

    Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD Route retraction for SteelHead SD 2. Click Add Static Route. Figure 5-13. Adding static routes 3. Select the Appliance to which you want to add the static route. Only SteelHead SD appliances are listed.
  • Page 55 Route retraction for SteelHead SD Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD To redistribute the overlay into the internet gateway protocol on the LAN 1. In SCM, choose Routing > OSPF. 2. Select your OSPF network to edit the settings. 3.
  • Page 56 Configuring BGP , OSPF, Static Routing, and Route retraction on SteelHead SD Route retraction for SteelHead SD SteelHead SD User Guide...

  • Page 57: Configuring Asbr Routing Policies On Steelhead Sd

    Configuring ASBR Routing Policies on SteelHead SD This topic describes how to configure autonomous system boundary routers (ASBR) and route policies on SteelHead SD 2.0. It includes these sections: “Introducing ASBR-full route policies on SteelHead SD” on page 57  “What are routing policies?”...

  • Page 58: What Are Routing Policies

    Configuring ASBR Routing Policies on SteelHead SD What are routing policies? For example, if you have a SteelHead SD on Branch-1 with eBGP configured on the WAN uplink and OSPF configured on the LAN zones. The SteelHead SD can distribute LAN routes to the WAN and WAN routes to the LAN.

  • Page 59: Basic Steps

    What are routing policies? Configuring ASBR Routing Policies on SteelHead SD Default route origination in BGP for a neighbor.  Each route map clause has two types of values: A match value selects routes to which the clause should be applied. ...

  • Page 60: Creating Routing Ipv4 Prefix Lists

    Configuring ASBR Routing Policies on SteelHead SD Creating routing IPv4 prefix lists 2. Configure IPv4 prefix lists. For details, see “Creating routing IPv4 prefix lists” on page 3. Configure community lists. For details, see “Creating routing community lists” on page 4.

  • Page 61: Creating Routing Community Lists

    Creating routing community lists Configuring ASBR Routing Policies on SteelHead SD 7. Click Add Prefix. Figure 6-4. Adding a prefix 8. Enter the IP prefix designated for the range of addresses to distribute. Use the format: xxx.xxx.xxx.xxx/xx 9. Click Submit. Tip: Click Actions to delete a list.

  • Page 62: Creating Routing As Path Lists

    Configuring ASBR Routing Policies on SteelHead SD Creating routing AS path lists no-export - Instructs routers not to export a prefix to eBGP neighbors. For instance, subnets of a  larger block can be advertised to influence external AS best-path selection, and those not required for this traffic engineering purpose may be tagged NO-EXPORT to prevent them from being leaked to the internet (and thus contributing to unnecessary global routing table growth).

  • Page 63: Configuring Use Case Route Maps

    Configuring use case route maps Configuring ASBR Routing Policies on SteelHead SD 4. Click the search selector for a list of AS list options. Enter one or more AS numbers from 1 to 4294967295. Separate multiple numbers with a space. Anything - Specifies the BGP expression “.*”, which matches anything.
  • Page 64 Configuring ASBR Routing Policies on SteelHead SD Configuring use case route maps 2. Click New Route Map. Figure 6-9. Creating route maps 3. Specify the name of the route map. 4. Select a use case from the drop-down list: Route injection in OSPF - Allows the creation of match clauses that can be applied during BGP, ...
  • Page 65 Configuring use case route maps Configuring ASBR Routing Policies on SteelHead SD 7. Fill out the fields for the Match Criteria and Set Criteria using this table. The criteria differ according to the use case you have chosen. Use case Match criteria Set criteria Route...
  • Page 66 Configuring ASBR Routing Policies on SteelHead SD Configuring use case route maps Use case Match criteria Set criteria Static and Interface - Optionally, click the search AS path - Click On to set the AS path for   selector and select the interface. When the the route.
  • Page 67 Configuring use case route maps Configuring ASBR Routing Policies on SteelHead SD Use case Match criteria Set criteria OSPF route Interface - Optionally, select the interface. AS path - Click On to set the AS path for   When the interface matches the next-hop the route.
  • Page 68 Configuring ASBR Routing Policies on SteelHead SD Configuring use case route maps Use case Match criteria Set criteria Policies at the Community - Optionally, select the AS path - Click On to set the AS path for   community list. A BGP route is permitted if it the route.
  • Page 69 Configuring use case route maps Configuring ASBR Routing Policies on SteelHead SD Use case Match criteria Set criteria Default route Metric - Optionally, enter a value from 0 to AS path - Click On to set the AS path for ...
  • Page 70 Configuring ASBR Routing Policies on SteelHead SD Configuring use case route maps SteelHead SD User Guide...

  • Page 71: Defining Vlan Trunk Ports On Steelhead Sd

    Defining VLAN Trunk Ports on SteelHead This topic describes how to configure VLAN trunk ports for multiple zones on SteelHead SD. It includes these sections: “Introducing multizone VLAN trunk mode on LAN ports” on page 71  “Defining trunk mode on ports” on page 71 ...
  • Page 72 Defining VLAN Trunk Ports on SteelHead SD Defining trunk mode on ports 2. Click the VLAN tab. Figure 7-2. Creating a VLAN trunk 3. Specify a VLAN tag, if necessary. Every zone has a VLAN tag assigned. If you leave this field empty, the system picks a free VLAN ID from the pool.
  • Page 73 Defining trunk mode on ports Defining VLAN Trunk Ports on SteelHead SD 8. Click Submit. 9. Navigate back to Appliances > Zones to enable VLAN on the configured port. 10. Under Management Zones, click On and Submit to activate multizone (VLAN trunk) connectivity for this zone.
  • Page 74 Defining VLAN Trunk Ports on SteelHead SD Defining trunk mode on ports SteelHead SD User Guide...

  • Page 75: Configuring High Availability On Steelhead Sd

    Configuring High Availability on SteelHead This topic describes how to configure high availability (HA) on SteelHead SD 2.0. It includes these sections: “Overview” on page 75  “Prerequisites” on page 79  “Configuring a SteelHead SD HA pair” on page 80 ...

  • Page 76: Symmetric And Asymmetric Uplink Connectivity

    Configuring High Availability on SteelHead SD Overview Figure 8-1 shows an example of a symmetric deployment where the SteelHead SD HA pair are both connected to WAN 1 and WAN 2 via four uplinks. Figure 8-1. Active-active HA deployment at the branch SteelHead SD also supports asymmetric HA deployments.

  • Page 77: Layer 2 And Layer 3 Support At The Branch

    Overview Configuring High Availability on SteelHead SD Symmetric - In symmetric mode, each peer appliance is connected to all uplinks so that they  essentially act as a single appliance. For example, you can have the 2 WAN uplinks connected to the peer appliances with four uplinks.

  • Page 78: Failure Conditions

    Configuring High Availability on SteelHead SD Overview L2 LAN - With L2, you can have a switch on the LAN-side connected to SteelHead SDs that have the  same LAN zone with different IP address for each appliance. The system assigns a single virtual IP address (VIP) on the zone that is owned by the master appliance.

  • Page 79: Prerequisites

    Prerequisites Configuring High Availability on SteelHead SD For an L3 LAN failure, routing converges to send traffic to backup appliance. Traffic is moved between appliances through the AUX port depending on which uplink the traffic needs to exit the HA pair. Figure 8-5.

  • Page 80: Configuring A Steelhead Sd Ha Pair

    Configuring High Availability on SteelHead SD Configuring a SteelHead SD HA pair Configuring a SteelHead SD HA pair These steps assume that you have installed, registered, and performed the initial configuration of the SteelHead SD HA pair. You should create your branch site where the HA pair will be located, along with the associated zone and uplinks.

  • Page 81: Configuring The Lan Zone For The Steelhead Sd Ha Pair

    Configuring a SteelHead SD HA pair Configuring High Availability on SteelHead SD Configuring the LAN zone for the SteelHead SD HA pair The next step is to configure the LAN zone for the SteelHead SDHA pair. If it is a Layer 2 or Layer 3 zone, you configure the correct gateway.

  • Page 82: Configuring The Appliances Into An Ha Pair

    Configuring High Availability on SteelHead SD Configuring a SteelHead SD HA pair 3. Select the LAN port to expand the pane. Figure 8-10. Configuring the LAN port 4. Under Mode, select Singlezone or Multizone. If you select Singlezone, select the zone from the drop- down list.

  • Page 83: Monitoring A High-Availability Pair

    Monitoring a high-availability pair Configuring High Availability on SteelHead SD Once the two appliances are paired, you can see them negotiate their roles in the Appliances Overview page. The master and backup roles are assigned and appear for the paired appliances. 5.
  • Page 84 Configuring High Availability on SteelHead SD Monitoring a high-availability pair SCM manages both appliances in a pair as one. For example, if you view the ports for an HA pair, they appear together. Figure 8-13. HA pair ports To view appliance health of an HA pair 1.

  • Page 85: Troubleshooting

    AUX port (that is, the dedicated HA port) is enabled and it is configured as HA mode. If the AUX port is configured and enabled, then collect a system dump from the appliances and contact Riverbed Support at https://support.riverbed.com. The HA role is established with a daemon named keepalived. Search the logs for “keepalived” to ...
  • Page 86 Configuring High Availability on SteelHead SD Troubleshooting SteelHead SD User Guide...

  • Page 87: Configuring Qos Shaping On Steelhead Sd

    Configuring QoS Shaping on SteelHead SD This topic describes how to configure QoS shaping on SteelHead SD 2.0. It includes these sections: “Introducing QoS shaping for SteelHead SD appliances” on page 87  “If you set the QoS priority in a traffic rule” on page 88 ...

  • Page 88: If You Set The Qos Priority In A Traffic Rule

    Configuring QoS Shaping on SteelHead SD If you set the QoS priority in a traffic rule classifies traffic based on the DSCP mark and shapes it according to a fixed bandwidth allocation  designated for each traffic class to ensure that their aggregate bandwidth doesn’t exceed the configured rate.

  • Page 89: Configuring Qos Shaping On Steelhead Sd

    Configuring QoS shaping on SteelHead SD Configuring QoS Shaping on SteelHead SD Setting the QoS priority in the traffic rule marks the traffic with the configured DSCP value upon egress, which executes independently of QoS shaping. For example, if the original DSCP mark on the traffic is NORMAL priority and matches the traffic rule with the QoS priority set to URGENT, then QoS shaping will be influenced as follows: Inbound QoS shaping queues and processes the traffic as NORMAL priority, before the traffic rule ...
  • Page 90 Configuring QoS Shaping on SteelHead SD Configuring QoS shaping on SteelHead SD SteelHead SD User Guide...

  • Page 91: Health Check And Reporting On Steelhead Sd

    Health Check and Reporting on SteelHead This topic describes the health-check and reporting features on SteelHead SD 2.0. It includes these sections: “Checking SteelHead SD connectivity to SCM” on page 91  “Viewing the SteelHead SD HA IP address” on page 92 ...

  • Page 92: Viewing The Steelhead Sd Ha Ip Address

    Health Check and Reporting on SteelHead SD Viewing the SteelHead SD HA IP address 2. Select the SteelHead SD appliance to expand the page. Figure 10-1. Viewing appliance health 3. Under Manageability: Connectivity, click the plus sign (+). The current status for the appliance is displayed.

  • Page 93: Displaying Underlay Fib And Arp Tables

    Displaying underlay FIB and ARP tables Health Check and Reporting on SteelHead SD 3. Under Manageability: Hardware, click the plus sign (+). The current HA IP address and status for the appliance is displayed. Figure 10-3. Viewing the SteelHead SD HA IP address and status Displaying underlay FIB and ARP tables SCM displays the underlay Forward Information (FIB) and Address Resolution Protocol (ARP) tables for SteelHead SD 570-SD, 770-SD, 3070-SD appliances and the SteelConnect SDI-2030 gateway located...

  • Page 94: Displaying Fib Tables For An Organization

    Health Check and Reporting on SteelHead SD Displaying FIB tables for an organization Displaying FIB tables for an organization SCM displays the FIB tables at the organization level for SteelHead SD 570-SD, 770-SD, 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch. To display FIB tables for an organization 1.

  • Page 95: Displaying Ospf Nodes And Routes

    Displaying OSPF nodes and routes Health Check and Reporting on SteelHead SD To display a BGP peer table 1. Choose Health Check > Routing Tables. 2. Select the BGP tab. 3. To display the BGP tables for all the appliances in the organization, select the BGP Tables tab. All the BGP learned and advertised routes are displayed.

  • Page 96: Displaying Ntp Server Status

    Health Check and Reporting on SteelHead SD Displaying NTP server status To display OSPF nodes and routes 1. Choose Health Check > Routing Tables. 2. To display the OSPF tables for all the appliances in the organization, select the OSPF Tables tab. All the OSPF nodes are displayed.

  • Page 97: Enabling Snmp Reporting And Logging

    Enabling SNMP reporting and logging Health Check and Reporting on SteelHead SD To display NTP server status 1. Choose Health Check > Appliance Health. 2. Select the SteelHead SD to expand the pane. Figure 10-11. Viewing appliance health 3. Under Manageability, select Management Interfaces. Figure 10-12.

  • Page 98: Exporting Syslog Messages To An External Syslog Server

    Health Check and Reporting on SteelHead SD Exporting syslog messages to an external syslog server When direct SNMP reporting is enabled, your network management system (NMS) initiates the SNMP poll to all individual appliances in a realm. The appliances send SNMP data directly to the NMS. You can override this setting to limit the SNMP data to all gateways within an organization.

  • Page 99: A - Port Mapping For Steelhead Sd

    Port Mapping for SteelHead SD This appendix summarizes the port mapping for SteelHead SD appliances. It includes these sections: “SteelHead SD 570-SD and 770-SD appliances” on page 99  “SteelHead SD 3070-SD appliance” on page 101  SteelHead SD 570-SD and 770-SD appliances Physical ports The SteelHead SD 570-SD and 770-SD appliances have these ports: AUX, PRI, LAN0_0, WAN0_0, LAN0_1, WAN0_1...

  • Page 100: Vswitch Mapped Vm Ports

    Port Mapping for SteelHead SD SteelHead SD 570-SD and 770-SD appliances vSwitch mapped VM ports The vSwitch port mapping state can be fetched at runtime using this command on the CVM: XNXXXXD8XXXA9FF9-CVM:>orchestrator-agent --get_port_interface_mapping Node name Interface name Port knet2 knet3 knet4 LAN0_0 knet5...

  • Page 101: Bridged Vm Ports For Internal Communication

    SteelHead SD 3070-SD appliance Port Mapping for SteelHead SD Bridged VM ports for internal communication Source Port IP address Protocol Remote end Purpose name port1 169.254.0.2 Static Hypervisor mgmt_br bridge Connects to hypervisor port2 169.254.169.254 Static Hypervisor linklocal_br bridge Connects to service chain VMs port1 —* Static*...

  • Page 102: Rvm Ports

    Port Mapping for SteelHead SD SteelHead SD 3070-SD appliance RVM ports There are four more virtual NICs in RVM for each physical add-on NIC. vSH ports The vSH has these ports: hpn, PRI, AUX, LAN0_0, WAN0_0, inpath0_0  vSH has only one LAN-WAN pair and will not change with the addition of any physical add-on NIC. SteelHead SD User Guide...

  • Page 103: B - Tos, Dscp, Qos Traffic Class Table

    TOS, DSCP, QoS Traffic Class Table This appendix contains the TOS, DSCP, and QoS traffic Classes table. For details on configuring QoS shaping for SteelHead SD appliances, see “Configuring QoS Shaping on SteelHead SD” on page TOS, DSCP, and QoS Traffic Classes Table TOS Value DSCP Value Traffic Class ID...
  • Page 104 TOS, DSCP , QoS Traffic Class Table TOS, DSCP , and QoS Traffic Classes Table TOS Value DSCP Value Traffic Class ID Traffic Class Priority High Normal High Normal High Normal High Normal High Normal Urgent Normal High Normal High Normal High Normal...
  • Page 105 TOS, DSCP , and QoS Traffic Classes Table TOS, DSCP , QoS Traffic Class Table TOS Value DSCP Value Traffic Class ID Traffic Class Priority Urgent Normal Normal Normal Normal Normal Normal Normal SteelHead SD User Guide...
  • Page 106 TOS, DSCP , QoS Traffic Class Table TOS, DSCP , and QoS Traffic Classes Table SteelHead SD User Guide...

This manual is also suitable for:

Steelhead 770-sdSteelhead sdi-2030Steelhead sdi-130Steelhead sdi-330Steelhead sdi-5030Steelhead sdi-1030 ... Show all

Table of Contents