1. Manuals
  2. Brands
  3. Riverbed Manuals
  4. Network Hardware
  5. SteelHead SD Series
  6. User manual

Riverbed SteelHead SD Series User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
SteelHead
SD User Guide
Models 570-SD, 770-SD, 3070-SD
SteelHead SD 2.12, SteelConnect 2.12
May 2019

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SteelHead SD Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Riverbed SteelHead SD Series

Summary of Contents for Riverbed SteelHead SD Series

  • Page 1 SteelHead SD User Guide ™ Models 570-SD, 770-SD, 3070-SD SteelHead SD 2.12, SteelConnect 2.12 May 2019...
  • Page 2 © 2019 Riverbed Technology, Inc. All rights reserved. Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed. All other trademarks used herein belong to their respective owners. The trademarks and logos displayed herein cannot be used without the prior written consent of Riverbed or their respective owners.

  • Page 3: Table Of Contents

    Contents Welcome to SteelHead SD ............................. 7 Documentation and release notes ......................7 Contacting Riverbed ............................7 1 - Introducing SteelHead SD ..........................9 Overview of the SteelHead SD ........................9 Routing features by model ......................... 11 Hardware and software requirements ..................... 12 NIC support ............................
  • Page 4 Defining global subnet discovery at the organization level ..............28 Defining local subnet discovery ....................... 30 5 - Configuring AutoVPN on SteelHead SD .....................33 Overview of AutoVPN on SteelHead SD....................33 Configuring AutoVPN on SteelHead SD....................34 6 - Defining VLAN Trunk Ports on SteelHead SD.................... 37 Overview of multizone VLAN trunk mode on SteelHead SD..............37 Defining trunk mode on ports ........................38 7 - Configuring BGP, OSPF, Static Routing, and Route Retraction on SteelHead SD ......
  • Page 5 Creating routing AS path lists ........................74 Configuring route maps..........................76 9 - Configuring LAN-Side Internet Breakout on SteelHead SD ..............85 Overview of LAN-side internet breakout on SteelHead SD ..............85 Configuring LAN-side internet breakout....................86 Troubleshooting ............................89 10 - Configuring High Availability on SteelHead SD ..................91 Overview of HA on SteelHead SD......................
  • Page 6 Exporting Netflow data ..........................115 A - Port Mapping for SteelHead SD ......................... 117 SteelHead SD 570-SD and 770-SD appliances ..................117 Physical ports ............................117 CVM ports ............................. 117 Physical port to flows port mapping....................117 Service chain virtual machines ......................117 vSwitch mapped VM ports ........................

  • Page 7: Welcome To Steelhead Sd

    For a high-level look at how SteelConnect works, see the SteelConnect Manager User Guide. Documentation and release notes The most current version of all Riverbed documentation can be found on the Riverbed Support site at https://support.riverbed.com. See the Riverbed Knowledge Base for any known issues, how-to documents, system requirements, and common error messages.
  • Page 8 Contacting Riverbed • Documentation - Have suggestions about the online documentation or printed materials? Send comments to techpubs@riverbed.com. 8 | Welcome to SteelHead SD...

  • Page 9: Introducing Steelhead Sd

    Overview of the SteelHead SD SteelHead SD combines SD-WAN and cloud networking capabilities (powered by SteelConnect) with Riverbed WAN optimization (powered by RiOS) into a single appliance. SteelHead SD seamlessly integrates advanced SD-WAN functionality with industry-leading WAN optimization, security, and visibility services all in one streamlined appliance.
  • Page 10 Overview of the SteelHead SD SteelHead SD advanced routing and high availability (HA) features are supported on the SteelHead SD 570-SD, 770-SD, and 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch. For details, see the SteelHead SD User Guide and the SteelConnect Manager User Guide. Figure 1-1.

  • Page 11: Routing Features By Model

    Routing features by model Routing features by model Feature SteelHead- SDI- SDI-130 SDI-330 SDI-1030 SDI- SDI-VGW SD 570-SD, 2030 5030 770-SD, 3070-SD eBGP iBGP OSPF single area OSPF multi- area ABR ASBR Yes* Yes* Yes* Yes* (Underlay (Underlay (Underlay (Underlay routing inter- routing inter- routing inter-...

  • Page 12: Hardware And Software Requirements

    Hardware and software requirements Hardware and software requirements Riverbed component Hardware and software requirements SteelHead SD appliance The SteelHead SD 570-SD and 770-SD appliances are desktop models. The SteelHead SD 3070-SD appliance requires a 19-inch (483 mm) four-post rack. For details, see the Rack Installation Guide.

  • Page 13: Ethernet Network Compatibility

    Next steps All communication is sourced from the site out to the SteelConnect management service. There’s no need to set up elaborate firewall or forwarding rules to establish the dynamic full-mesh VPN or to gain connectivity to the cloud. After you register an appliance, it receives its assigned configuration automatically.
  • Page 14 Next steps 14 | Introducing SteelHead SD...

  • Page 15: Configuring Virtual Steelhead Wan Optimization

    Configuring Virtual SteelHead WAN Optimization This topic describes how to enable SteelHead WAN optimization for SteelHead SD 2.0. It includes these sections: • “Overview of WAN optimization on the virtual SteelHead” on page 15 • “Assigning the in-path IP address and default gateway in SCM” on page 16 •...

  • Page 16: Assigning The In-Path Ip Address And Default Gateway In Scm

    Assigning the in-path IP address and default gateway in SCM • When WAN optimization is enabled in SCM, there is a momentary interruption to service as the SteelConnect is reconfigured with its SteelHead LAN and WAN interfaces. When WAN optimization is enabled, a virtual SteelHead instance is automatically provisioned by the system.

  • Page 17: Enabling Wan Optimization In Scm

    Enabling WAN Optimization in SCM 3. Under IPv4 Network, specify the LAN zone subnet. Write down this IP address. You will use this address when you configure the inpath0_0 interface for WAN optimization on the virtual SteelHead instance. Figure 2-1. Assigning the IP address for the in-path IP address and default gateway For example, if the network IP address is 172.16.20.0/24, you can assign any IP address from 172.16.20.1 to 172.16.20.254 for the SteelHead in-path interface.
  • Page 18 Enabling WAN Optimization in SCM 2. Select the SteelHead SD appliance to expand the page. 3. Select the Services tab. Figure 2-2. Enabling WAN optimization in SCM 4. Under WAN Optimization Service, fill out these required session attributes: • WAN Optimization Service - Click Enabled to enable the WAN optimization service for the selected SteelHead SD appliance.

  • Page 19: Identifying The Primary Ip Address Of The Steelhead

    Enabling WAN optimization on the virtual SteelHead instance As the virtual SteelHead instance boots within SteelHead SD, its primary interface tries to obtain an IP address via DHCP. It is important to ensure the SteelHead SD primary port is attached to a network where a DHCP service is available.
  • Page 20 Enabling WAN optimization on the virtual SteelHead instance To configure the in-path interface and the default gateway in the SteelHead 1. Using the Primary IP address you obtained from SCM, SCC, or the DHCP server, enter it in the address bar of your web browser using HTTPS.

  • Page 21: Troubleshooting

    Troubleshooting 5. Select the interface to expand the page. Figure 2-4. Configuring the in-path interface 6. Type the IP address that you assigned in SCM. For details, see “To assign the in-path IP address and the default gateway in SCM” on page 7.
  • Page 22 Troubleshooting – In-path interface of virtual SteelHead instance – Knet interfaces of the service virtual machine. To gather and verify information, check these SteelHead reports: • Current Connections • In-path Rule Counters • Throughput 22 | Configuring Virtual SteelHead WAN Optimization...

  • Page 23: Configuring Dhcp Options In Zones On Steelhead Sd

    Configuring DHCP Options in Zones on SteelHead SD This topic describes how to configure DHCP options in zones on SteelHead SD appliances. It includes these sections: • “Configuring DHCP options on SteelHead SD LAN clients” on page 23 • “Overriding DNS on guest zones on SteelHead SD” on page 24 These procedures describe how to configure DHCP options in zones on SteelHead SD 570-SD, 770-SD, and 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch.

  • Page 24: Overriding Dns On Guest Zones On Steelhead Sd

    13. To enable a HTTP proxy, in the Options type: # Example for HTTP proxy using vendor attributes option vendor:Riverbed,42,”address:port" 14. Click Submit. Overriding DNS on guest zones on SteelHead SD SteelHead SD appliances support the ability to override DNS settings on guest zones in Zones > DHCP tab: DHCP options.
  • Page 25 Overriding DNS on guest zones on SteelHead SD 5. Under Guest zone, click On. 6. Optionally, specify the IPv4 network using the a.b.c.d/nn format. This IP address can be autoassigned. 7. When multiple SteelHead SD appliances are available, select the default gateway for this appliance from the list.
  • Page 26 Overriding DNS on guest zones on SteelHead SD 26 | Configuring DHCP Options in Zones on SteelHead SD...

  • Page 27: Configuring Local Subnet Discovery On Steelhead Sd

    Configuring Local Subnet Discovery on SteelHead SD This topic describes how to configure SteelHead SD to discover global and local subnets on the LAN side of the network. It includes these topics: • “Overview of local subnet discovery” on page 27 •...

  • Page 28: Defining Global Subnet Discovery At The Organization Level

    Defining global subnet discovery at the organization level • Zone inclusion list - You select one or more of the configured LAN zones. Routes whose next-hop interface matches one of the selected zones are qualified as local subnets. Preexisting zones that are directly connected to a site are added to the list automatically.
  • Page 29 Defining global subnet discovery at the organization level 2. Select the Global Subnet Discovery tab. Figure 4-1. Defining organization level subnet discovery 3. Click Add Network. Figure 4-2. Defining included networks 4. Specify the IPv4 address, including the network prefix to be included in local subnet autodiscovery. 5.

  • Page 30: Defining Local Subnet Discovery

    Defining local subnet discovery Defining local subnet discovery After you have defined subnet discovery at the organization level, you can drill down to particular sites to define inclusion and exclusion lists. For OSPF routes, make sure that your branch has the LAN zone and WAN uplink attached to it before you begin.
  • Page 31 Defining local subnet discovery 8. Optionally, specify a tag to include all the routes that carry that tag. All the routes matching any tag are reported as local subnets from the configured site. You can specify multiple tags separated by a comma.
  • Page 32 Defining local subnet discovery 7. Click Submit. 8. Click Excluded Networks. Figure 4-7. Excluding networks 9. Specify the network prefix to be excluded from local subnet discovery. 10. Click Submit. 32 | Configuring Local Subnet Discovery on SteelHead SD...

  • Page 33: Configuring Autovpn On Steelhead Sd

    Configuring AutoVPN on SteelHead SD This topic describes how to configure AutoVPN on SteelHead SD appliances. It includes these sections: • “Overview of AutoVPN on SteelHead SD” on page 33 • “Configuring AutoVPN on SteelHead SD” on page 34 These procedures describe how to configure AutoVPN on SteelHead SD 570-SD, 770-SD, and 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch.

  • Page 34: Configuring Autovpn On Steelhead Sd

    Configuring AutoVPN on SteelHead SD • Override AutoVPN port - Enables a different AutoVPN port for this uplink at the site level. The port is used for the source and target ports for this uplink. The AutoVPN port can only be overridden for SteelHead SD 570-SD, 770-SD, and 3070-SD, and SDI-2030 appliances.
  • Page 35 Configuring AutoVPN on SteelHead SD 5. Under AutoVPN IPv4 target address, select one of these options: – Auto-Detect Internet IPv4 (recommended for internet uplinks) - The system automatically detects the external IP that is facing towards the internet. This is the default setting. –...
  • Page 36 Configuring AutoVPN on SteelHead SD 36 | Configuring AutoVPN on SteelHead SD...

  • Page 37: Defining Vlan Trunk Ports On Steelhead Sd

    Defining VLAN Trunk Ports on SteelHead This topic describes how to configure VLAN trunk ports for multiple zones on SteelHead SD. It includes these sections: • “Overview of multizone VLAN trunk mode on SteelHead SD” on page 37 • “Defining trunk mode on ports” on page 38 These procedures describe how to configure multizone VLAN trunk ports on SteelHead SD 570-SD, 770- SD, and 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch.

  • Page 38: Defining Trunk Mode On Ports

    Defining trunk mode on ports 2. Click the VLAN tab. Figure 6-2. Creating a VLAN trunk 3. Specify a VLAN tag, if necessary. Every zone has a VLAN tag assigned. If you leave this field empty, the system picks a free VLAN ID from the pool. 4.
  • Page 39 Defining trunk mode on ports 7. Click the port for which you want to create the VLAN trunk. For example, LAN0_0. Figure 6-3. Creating a LAN trunk port 8. Under Port mode, select Trunk Port from the drop-down list. Important: For 2030 appliances, if the port has already been set to either Singlezone or Trunk Port, you must first disable the port before making a change to the Port mode.
  • Page 40 Defining trunk mode on ports – ARP aging timeout - Sets how long, in seconds an ARP entry stays in the cache before the cache refreshes. The default value is 1500. Figure 6-4. VLAN enabled on the trunk port for the zone 14.

  • Page 41: Configuring Bgp, Ospf, Static Routing, And Route Retraction On Steelhead Sd

    Configuring BGP, OSPF, Static Routing, and Route Retraction on SteelHead SD This topic describes how to configuring SteelHead SD Border Gateway Protocol (BGP), open shortest path first (OSPF) with an area border router (ABR), static routing, and route retraction. It includes these sections: •...

  • Page 42: Bgp On Steelhead Sd Overview

    Configuring BGP on SteelHead SD BGP on SteelHead SD overview SteelHead SD provides full BGP support for local autonomous system (AS) numbers and neighbor configurations (including router ID, password, keepalive time, and hold time) for SteelHead SD 570-SD, 770-SD, and 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch. SteelHead SD provides support for both exterior Border Gateway Protocol (eBGP) and interior Border Gateway Protocol (iBGP).
  • Page 43 Configuring BGP on SteelHead SD 5. Under BGP neighbors, click Add BGP Neighbor. Figure 7-1. Creating a BGP neighbor 6. Specify a name for the BGP neighbor. 7. Specify the IP address of the BGP neighbor. 8. Specify the remote AS number that the BGP peer belongs to: for example, 200. The range is from 1 to 4294967295.

  • Page 44: Configuring Bgp Routing Policies

    Configuring BGP on SteelHead SD The hold-time value is three times the interval at which keepalive messages are sent. Using the default values for the keepalive time of 60 and the hold time of 180, the settings work together like this: after two neighbors establish an eBGP session, 60 seconds later they’ll each send a keepalive message.

  • Page 45: Configuring Bgp Path Selection

    Configuring BGP on SteelHead SD Configuring BGP path selection BGP path selection uses a defined set of criteria to determine the most efficient route through a network. The criteria is listed in the same order in which BGP uses them to select the optimal routes to be injected into the IP routing table.

  • Page 46: Configuring Bgp Inbound And Outbound Prefixes

    Configuring BGP on SteelHead SD 10. Router ID - The path that originates from the BGP router with the lowest router ID is preferred. The router ID can be set manually and refers to the IP address with the highest router value. The router ID is the final tiebreaker in the BGP route selection process if there are multiple identical prefixes learned in the RIB.

  • Page 47: Configuring Bgp Route Redistribution

    Configuring BGP on SteelHead SD 5. Click Submit. Note: After the BGP neighbor is created, it appears in the BGP neighbors list. Click Edit to modify neighbor settings. Configuring BGP route redistribution SteelHead SD includes BGP options to globally configure: •...

  • Page 48: Configuring Conditional Default-Route Originate Routing

    Configuring BGP on SteelHead SD The Branch Community option is per site and takes a community list as an argument. Every site will have a default branch community configured. You can override the default branch community by attaching a community list. The prefixes reported from a site are tagged with the branch community of its own site and with the branch community of the site where the prefix is specified.

  • Page 49: Configuring The Bgp Origin-Type Attribute

    Configuring BGP on SteelHead SD You configure the conditional default-route originate attribute when you create a BGP route-map with the use case: Default route origination in BGP for a neighbor. For details on configuring route maps, see “Configuring route maps” on page To configure conditional default-route originate 1.
  • Page 50 Configuring BGP on SteelHead SD • Incomplete - The routes that are redistributed into BGP from other protocols. The prefix originates from an aggregate statement or via redistribution of a static route. The lowest origin type is the preferred path: IGP is lower than EGP, and EGP is lower than Incomplete. Only the routes with the lowest origin value are considered when multiple routes share the shortest AS path, then the algorithm continues by considering the multi exit discriminator (MED) settings.

  • Page 51: Enabling Multi Exit Discriminator (Med) Settings

    Configuring BGP on SteelHead SD 7. Select the origin type from the list: • igp - Set the prefix to originate from routing information learned from the interior gateway protocol (IGP) such as OSPF. • egp -Network layer reachability information (NLRI) is learned via EGP, as indicated by “e” in the BGP table.

  • Page 52: Configuring Bgp Route Summarization

    Configuring BGP on SteelHead SD 2. Select the BGP tab. Figure 7-5. Configuring MED settings 3. Under Multi exit discriminator, enable one of these MED settings: – Deterministic MED - Click On to ensure the comparison of the MED variable when choosing routes advertised by different peers in the same AS.
  • Page 53 Configuring BGP on SteelHead SD When configured, the routing policy advertises a summary address only and not the individual prefixes to a BGP neighbor. Note: Routing policies only impact the underlay routing. They do not impact the overlay routing orchestrated by SCM.

  • Page 54: Resetting Bgp Sessions

    Configuring BGP on SteelHead SD Resetting BGP sessions If a BGP routing policy changes due to a configuration change, the BGP neighbors must be reset. Configurable routing policies for a neighbor may impact inbound or outbound routing table updates. Whenever there is a change in the routing policy, the BGP session must be cleared or reset for the new policy to take effect.

  • Page 55: Viewing Bgp Status

    Configuring OSPF with ABR on SteelHead SD – Hard reset - A hard reset tears down the connection between peers including the TCP connection and deletes routes coming from the specified peer. Session will reestablish from the start once hard reset is done. The prefixes in the BGP, IP, and Forwarding Information Base (FIB) tables provided by the neighbor are lost.

  • Page 56: Introducing Ospf With Abr

    Configuring OSPF with ABR on SteelHead SD • “Configuring redistribution settings for OSPF” on page 62 • “Configuring OSPF route summarization” on page 64 • “Viewing OSPF status” on page 65 Introducing OSPF with ABR SteelHead SD provides single and multiple area OSPF with ABR and route redistribution between OSPF zone interfaces and ABRs on the LAN side of the network.
  • Page 57 Configuring OSPF with ABR on SteelHead SD 2. Choose Routing > OSPF. 3. Click Add OSPF Network. 4. Select the site for the new OSPF network. After you select a site for an OSPF network, the system automatically populates all the remaining fields based on the default settings.
  • Page 58 Configuring OSPF with ABR on SteelHead SD Click Off to define unique settings for the network and to lock the network configuration so any changes do not overwrite the settings. • Password - Specify a password. The authentication methods appear when typing a password. All OSPFv2 exchanges between routing devices can be authenticated using one of these methods: –...

  • Page 59: Configuring Ospf Interfaces

    Configuring OSPF with ABR on SteelHead SD To ensure that a routing device is elected as the designated routing device, configure the priority value to a higher value than any other interface on the Ethernet network. The range is from 0 to 255.

  • Page 60: Creating Ospf Areas

    Configuring OSPF with ABR on SteelHead SD 3. Click Attach Interface. Figure 7-12. Attaching an OSPF interface 4. Fill out these interface attributes: • OSPF Area - Select the OSPF area associated with the interface from the drop-down list. • Inherit Area Values - Click On to allow the interface to automatically inherit the area settings.
  • Page 61 Configuring OSPF with ABR on SteelHead SD • Totally Stub - This type of router is similar to a stub router. They accept inter-area routes and the default route from their ABR. They do not accept ASBR injected external routes. A totally stub type can only contain type 1 and 2 LSAs, and a single type 3 LSA.

  • Page 62: Configuring Redistribution Settings For Ospf

    Configuring OSPF with ABR on SteelHead SD • Inherit OSPF Network Values - Click On to allow the OSPF network to inherit the OSPF network values previously configured, such as password, hello interval, dead interval, priority, and cost. Click Off to define unique settings for the network and to lock the network configuration so any changes do not overwrite the settings.
  • Page 63 Configuring OSPF with ABR on SteelHead SD 2. Select the Redistribute Settings tab. Figure 7-14. Redistributing OSPF settings 3. Optionally, specify the default metric with a range of 1 to 16777214. The ABR generates a default route with a specified metric into the stub area. The default route matches any destination that is not explicitly reachable from within the area.

  • Page 64: Configuring Ospf Route Summarization

    Configuring OSPF with ABR on SteelHead SD • Route map - Click the search selector and select the route map. This option applies a routing policy based on which routes will be redistributed into OSPF. 5. Under Redistribute settings, specify your OSPF redistribution settings: •...

  • Page 65: Viewing Ospf Status

    Configuring OSPF with ABR on SteelHead SD You can configure one or more summary addresses matching the individual addresses to advertise to a OSPF peer. You can also advertise individual addresses. By default, only summary addresses are advertised. Figure 7-15. Summarizing routes for OSPF 5.

  • Page 66: Defining Static Routes On Steelhead Sd Appliances

    Defining static routes on SteelHead SD appliances Defining static routes on SteelHead SD appliances SteelHead SD provides static routing at the appliance level where it essentially acts as a router. The static route is not tied to a particular zone. Static routes: •...

  • Page 67: Route Retraction For Steelhead Sd

    Route retraction for SteelHead SD Route source Default distance OSPF IS-IS EIGRP external BGP internal (iBGP) Unknown 7. Optionally, include any notes that will help identify this static route. 8. Click Submit. SCM sends the static route configuration to the gateway. The static route appears in the Static Routes page and adds the event to the Event Log.
  • Page 68 Route retraction for SteelHead SD 4. Click Submit. 68 | Configuring BGP, OSPF, Static Routing, and Route Retraction on SteelHead SD...

  • Page 69: Configuring Bgp And Ospf Routing Policies On Steelhead Sd

    Configuring BGP and OSPF Routing Policies on SteelHead SD This topic describes how to configure autonomous system boundary routers (ASBR) and route policies. It includes these sections: • “Overview of routing policies on SteelHead SD” on page 69 • “What are routing policies?” on page 70 •...

  • Page 70: What Are Routing Policies

    What are routing policies? For example, if you have a SteelHead SD on Branch-1 with eBGP configured on the WAN uplink and OSPF configured on the LAN zones. The SteelHead SD can distribute LAN routes to the WAN and WAN routes to the LAN.
  • Page 71 What are routing policies? • Static and connected route injection BGP. • OSPF route injection in BGP. • Policies at the BGP neighbor level. • Default route origination in BGP for a neighbor. Each route map clause has two types of values: •...

  • Page 72: Basic Steps

    Creating routing IPv4 prefix lists Basic steps Perform these basic steps to configure routing polices. 1. If you have a SteelConnect SDI-2030 gateway, configure a dynamic routing policy. For details, see the SteelConnect Manager User Guide. Note: You can’t create dynamic routing policies for SteelHead SD 570-SD, 770-SD, and 3070-SD appliances located at the branch.

  • Page 73: Creating Routing Community Lists

    Creating routing community lists 5. To define the prefixes for the list, select the list in the IPv4 Prefix List page. Figure 8-3. Defining IPv4 prefixes list 6. Click Allow to distribute only the specified prefixes and deny the rest. Click Deny to stop distribution of the prefixes specified and allow the rest.

  • Page 74: Creating Routing As Path Lists

    Creating routing AS path lists 4. Click the search selector for community list options. In addition to the keywords below, you can also configure numbers in the range from 1 to 65535 and numbers in AA:NN format where the range for AA and NN is 1 to 65535.
  • Page 75 Creating routing AS path lists 2. Click Add AS Path List to expand the page. Figure 8-7. Creating an AS path list 3. Enter a descriptive name for the AS path list. 4. Click the search selector for a list of AS list options. Enter one or more AS numbers from 1 to 4294967295.

  • Page 76: Configuring Route Maps

    Configuring route maps Configuring route maps After you configure AS lists, community lists, and IPv4 lists, you configure route maps. A route map defines the routes from the specified routing protocol that are redistributed into the target routing process. You define each route map with match and set conditions for each use case. For details on how route maps is used in BGP path selection, see “Configuring BGP path selection”...
  • Page 77 Configuring route maps 6. To define the match and set criteria, select the route map to expand the page. The Match Criteria and Set Criteria tabs are displayed depending on the match and set requirements for each use case. Figure 8-10. Match Criteria and Set Criteria tabs 7.
  • Page 78 Configuring route maps Use case Match criteria Set criteria Static and • Interface - Optionally, click the search • AS path - Click On to set the AS path for connected selector and select the interface. When the the route. Specify the AS string as space route injection interface matches the next-hop interface of separated list from 1 to 4294967295.
  • Page 79 Configuring route maps Use case Match criteria Set criteria OSPF route • Interface - Optionally, select the interface. • AS path - Click On to set the AS path for injection in When the interface matches the next-hop the route. Specify the AS string as space interface of the route, the route qualifies for separated list from 1 to 4294967295.
  • Page 80 Configuring route maps Use case Match criteria Set criteria Policies at the • Origin type - The path attribute in the BGP • Origin type - The path attribute in the BGP neighbor update message that indicates the origin of BGP update message that indicates the level the route.
  • Page 81 Configuring route maps Use case Match criteria Set criteria Policies at the • Tag - Optionally, enter value to be BGP neighbor attached to all routes. The range is from level cont. 0 to 4294967295. When a tag in a route matches this value, the route qualifies for distribution by the router.
  • Page 82 Configuring route maps Use case Match criteria Set criteria Default route • Tag - Optionally, enter value to be origination in attached to all routes. The range is from BGP for a 0 to 4294967295. When a tag in a route neighbor matches this value, the route qualifies for cont.
  • Page 83 Configuring route maps Use case Match criteria Set criteria User defined • Interface- Optionally, select the interface. • Origin type - The path attribute in the route map When the interface matches the next-hop BGP update message that indicates the interface of the route, the route qualifies for origin of the route.
  • Page 84 Configuring route maps Use case Match criteria Set criteria User defined • Community - Optionally, select the • AS path - Click On to set the AS path for route map community list. A BGP route is permitted if it the route.

  • Page 85: Configuring Lan-Side Internet Breakout On Steelhead Sd

    Configuring LAN-Side Internet Breakout on SteelHead SD This topic describes how to configure LAN-side internet breakout on SteelHead SD appliances. It includes these topics: • “Overview of LAN-side internet breakout on SteelHead SD” on page 85 • “Configuring LAN-side internet breakout” on page 86 •...

  • Page 86: Configuring Lan-Side Internet Breakout

    Configuring LAN-side internet breakout Note: The default route may not be learned from the LAN-side. The traffic is applied to the interface on which the default route is learned. If a default route is learned from a WAN uplink and the internet breakout preference is underlay, the traffic would be put on that uplink.
  • Page 87 Configuring LAN-side internet breakout 3. Select the WAN/AutoVPN tab. Figure 9-2. Configuring intent breakout at the site level 4. Click the search selector and select Underlay. 5. Click Submit. To configure LAN-side internet breakout at the zone level 1. Choose Network Design > Zones. 2.
  • Page 88 Configuring LAN-side internet breakout 3. Select the WAN tab. Figure 9-3. Configuring internet breakout at the zone level 4. Click the search selector and select Underlay. When sending traffic to the internet, the default behavior is to use direct internet uplinks (local breakout).

  • Page 89: Troubleshooting

    Troubleshooting 4. Specify the traffic rule options. For details, see the SteelConnect Manager User Guide. Figure 9-4. Configuring internet breakout in a traffic rule 5. Click the search selector in the Path preference field and select Underlay. 6. Click Submit. Troubleshooting Enter the show connections CLI command to verify that the TX path is underlay.
  • Page 90 Troubleshooting 90 | Configuring LAN-Side Internet Breakout on SteelHead SD...

  • Page 91: Configuring High Availability On Steelhead Sd

    Configuring High Availability on SteelHead This topic describes how to configure high availability (HA) on SteelHead SD 2.0. It includes these sections: • “Overview of HA on SteelHead SD” on page 91 • “Prerequisites” on page 94 • “Configuring a SteelHead SD HA pair” on page 94 •...

  • Page 92: Symmetric And Asymmetric Uplink Connectivity

    Overview of HA on SteelHead SD SteelHead SD also supports asymmetric HA deployments. Figure 10-2. Asymmetric HA deployment SteelHead SD includes these HA features: • Symmetric and asymmetric connectivity. • Layer 2 (L2) and Layer 3 (L3) LAN topologies. • OSPF and BGP where SteelHead SD can peer with a router.

  • Page 93: Layer 2 And Layer 3 Support At The Branch

    Overview of HA on SteelHead SD • Asymmetric - In asymmetric mode, different WANs are connected to the peer appliances. If there is an appliance failure or a LAN-side fail over, the master appliance becomes to peer appliance. Figure 10-3. Symmetric and asymmetric HA deployment examples at the branch Layer 2 and Layer 3 support at the branch With SteelHead SD 2.0, you can configure BGP and OSPF on the LAN branch.

  • Page 94: Failure Conditions

    Prerequisites Failure conditions SteelHead SD supports appliance, uplink, LAN, and dedicated port failure conditions. This list describes some typical use cases: • Appliance failure - For failures due to power, hardware, or VM failures, the master role is moved to the peer appliance.

  • Page 95: Configuring The Aux Port On The Ha Pair

    Configuring a SteelHead SD HA pair • “Configuring the appliances in an HA pair” on page 97 • “Configuring a standby LAN HA link” on page 98 Configuring the AUX port on the HA pair The first task is to configure the AUX port on the SteelHead SD HA pair. You will select the HA or Cluster mode for the port.

  • Page 96: Assigning The Lan Zone To The Steelhead Sd Ha Pair

    Configuring a SteelHead SD HA pair 2. Select the Zone for the appliance to expand the page. 3. Under IPv4 Network and IPv4 Gateway, specify the gateway IP address. Figure 10-5. Configuring the LAN zone gateway 4. Click Submit. 5. For L3 LAN topologies, repeat Step 1 through Step 4...

  • Page 97: Configuring The Appliances In An Ha Pair

    Configuring a SteelHead SD HA pair 4. Under Port Mode, select Singlezone or Multizone. If you select Singlezone, select the zone from the drop-down list. 5. Click Submit. 6. Repeat Step 1 through Step 5 for each appliance port that needs to be assigned to a zone. Configuring the appliances in an HA pair To configure the appliances into an HA pair 1.

  • Page 98: Configuring A Standby Lan Ha Link

    Configuring a SteelHead SD HA pair 6. If you have a L2 zone in your network, click Configure Zone to configure the LAN interface IP addresses. Figure 10-8. Configuring the LAN interfaces for L2 zones 7. Select the zone for the HA pair. 8.
  • Page 99 Configuring a SteelHead SD HA pair • The loopback IP address must contain the zones belonging to the current site. It must be a /32 address and should not have a physical port attached to it. Figure 10-9. Standby LAN HA link When the AUX link is offline, all the HA traffic is switched to the LAN link.
  • Page 100 Configuring a SteelHead SD HA pair 3. Select the Routing tab. Figure 10-10. Configuring loopback IP 4. Select the loopback zone from the drop-down list. All the zones associated with the appliance are listed. 5. Specify the loopback IP address for the specified zone. The loopback IP address should not be same as the zone IP address.

  • Page 101: Monitoring A High-Availability Pair

    Monitoring a high-availability pair 2. Select the HA tab. Figure 10-11. Configuring the standby LAN HA link 3. Under Standby HA link configuration, select the standby LAN link from the drop-down list. 4. Click Submit. After you submit your request, it is cascaded to the other HA appliance. Monitoring a high-availability pair SCM displays all appliances belonging to a high-availability pair with a blue HA icon in all views.
  • Page 102 Monitoring a high-availability pair SCM manages both appliances in a pair as one. For example, under Appliances > Ports, if you view the ports for an HA pair, they appear together. Figure 10-12. HA pair ports To view appliance health of an HA pair 1.

  • Page 103: Troubleshooting

    If the appliance HA role is Unknown or if the appliance pair is listed as Master/Master, make sure the AUX port (that is, the dedicated HA port) is enabled and it is configured as HA mode. If the AUX port is configured and enabled, then collect a system dump from the appliances and contact Riverbed Support at https://support.riverbed.com.
  • Page 104 Troubleshooting 104 | Configuring High Availability on SteelHead SD...

  • Page 105: Configuring Qos Shaping On Steelhead Sd

    Configuring QoS Shaping on SteelHead SD This topic describes how to configure QoS shaping. It includes these sections: • “QoS shaping on SteelHead SD” on page 105 • “If you set the QoS priority in a traffic rule” on page 106 •...

  • Page 106: If You Set The Qos Priority In A Traffic Rule

    If you set the QoS priority in a traffic rule • classifies traffic based on the DSCP mark and shapes it according to a fixed bandwidth allocation designated for each traffic class to ensure that their aggregate bandwidth doesn’t exceed the configured rate.

  • Page 107: Configuring Qos Shaping On Steelhead Sd

    Configuring QoS shaping on SteelHead SD Setting the QoS priority in the traffic rule marks the traffic with the configured DSCP value upon egress, which executes independently of QoS shaping. For example, if the original DSCP mark on the traffic is NORMAL priority and matches the traffic rule with the QoS priority set to URGENT, then QoS shaping will be influenced as follows: •...
  • Page 108 Configuring QoS shaping on SteelHead SD 3. Specify the percentage of bandwidth for the outbound traffic. If you set the bandwidth to 99%, it will ensure there is overhead free in case there is total saturation of the scheduler. If your egress throughput traffic rate on the Wan1_Uplink is 5 Mbps and you want to constrain it to not exceed 3 Mbps.

  • Page 109: Health Check And Reporting On Steelhead Sd

    Health Check and Reporting on SteelHead This topic describes the health-check and reporting features. It includes these sections: • “Checking SteelHead SD connectivity to SCM” on page 109 • “Viewing the SteelHead SD HA status” on page 110 • “Displaying underlay ARP tables” on page 110 •...

  • Page 110: Viewing The Steelhead Sd Ha Status

    Viewing the SteelHead SD HA status 3. Under Manageability: Connectivity, click the plus sign (+) next to the Connectivity and the Management Interfaces sections. The current status for the appliance and management interfaces is displayed. Figure 12-1. Viewing if SteelHead SD is connected to SCM Viewing the SteelHead SD HA status You can view the SteelHead SD high availability (HA) status of the appliance in the Health Check >...

  • Page 111: Displaying Fib Tables

    Displaying FIB tables To display the underlay ARP tables 1. Choose Health Check > Appliance Health. 2. Select the SteelHead SD appliance to expand the page. 3. Under Networking, click Underlay ARP to display the FIB table. Figure 12-3. Displaying underlay ARP table Displaying FIB tables SCM displays the Forward Information (FIB) tables for SteelHead SD 570-SD, 770-SD, 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch.

  • Page 112: Displaying Bgp Peer Tables

    Displaying BGP peer tables The Route Type specifies whether the route is directly connected. It can be connected either by OSPF or BGP. You can navigate using the page buttons. Displaying BGP peer tables SCM displays the BGP peer and routing tables for SteelHead SD 570-SD, 770-SD, 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch.

  • Page 113: Displaying Ntp Server Status

    Displaying NTP server status To display OSPF nodes and routes 1. Choose Health Check > Routing Tables. 2. Select the OSPF Tables tab to display all the appliances in the organization with OSPF. You can search for an appliance by serial number or search for appliances by site name. 3.

  • Page 114: Enabling Snmp Reporting And Logging

    Enabling SNMP reporting and logging 3. Under Manageability, select Management Interfaces. Figure 12-7. Displaying NTP server status Enabling SNMP reporting and logging SNMP reporting is supported on SteelHead SD SD-570, SD-770, SD-3070 and 2030-SDI appliances located at the branch. When direct SNMP reporting is enabled, your network management system (NMS) initiates the SNMP poll to all individual appliances in a realm.

  • Page 115: Exporting Netflow Data

    Exporting Netflow data For details on sending syslog data to a remote server, see the SteelConnect Manager User Guide. Exporting Netflow data Exporting NetFlow data is supported on the SDI-2030 on the SDI-130, SDI-330, SDI-1030, virtual gateways, SDI-2030, SDI-5030, and SteelHead SD appliances. NetFlow export is disabled by default. Appliances running SteelConnect 2.12 can be enabled as flow exporters to export network flow information to a flow collector.
  • Page 116 Exporting Netflow data 116 | Health Check and Reporting on SteelHead SD...

  • Page 117: A - Port Mapping For Steelhead Sd

    Port Mapping for SteelHead SD This appendix summarizes the port mapping for SteelHead SD appliances. It includes these sections: • “SteelHead SD 570-SD and 770-SD appliances” on page 117 • “SteelHead SD 3070-SD appliance” on page 119 SteelHead SD 570-SD and 770-SD appliances Physical ports The SteelHead SD 570-SD and 770-SD appliances have these ports: •...

  • Page 118: Vswitch Mapped Vm Ports

    SteelHead SD 570-SD and 770-SD appliances vSwitch mapped VM ports The vSwitch port mapping state can be fetched at runtime using this command on the CVM: XNXXXXD8XXXA9FF9-CVM:>orchestrator-agent --get_port_interface_mapping Node name Interface name Port knet2 knet3 knet4 LAN0_0 knet5 WAN0_0 knet6 LAN0_1 knet7 WAN0_1...

  • Page 119: Bridged Vm Ports For Internal Communication

    SteelHead SD 3070-SD appliance Bridged VM ports for internal communication Source Port IP address Protocol Remote end Purpose name port1 169.254.0.2 Static Hypervisor mgmt_br bridge Connects to hypervisor port2 169.254.169.254 Static Hypervisor linklocal_br bridge Connects to service chain VMs port1 —* Static* Hypervisor linklocal_br bridge...

  • Page 120: Rvm Ports

    SteelHead SD 3070-SD appliance RVM ports There are four more virtual NICs in RVM for each physical add-on NIC. vSH ports The vSH has these ports: • hpn, PRI, AUX, LAN0_0, WAN0_0, inpath0_0 vSH has only one LAN-WAN pair and will not change with the addition of any physical add-on NIC. 120 | Port Mapping for SteelHead SD...

  • Page 121: B - Tos, Dscp, Qos Traffic Class Table

    TOS, DSCP, QoS Traffic Class Table This appendix contains the TOS, DSCP, and QoS traffic Classes table. For details on configuring QoS shaping for SteelHead SD appliances, see “Configuring QoS shaping on SteelHead SD” on page 107. TOS, DSCP, and QoS Traffic Classes Table TOS Value DSCP Value Traffic Class ID...
  • Page 122 TOS, DSCP, and QoS Traffic Classes Table TOS Value DSCP Value Traffic Class ID Traffic Class Priority High Normal High Normal High Normal High Normal High Normal Urgent Normal High Normal High Normal High Normal Urgent Normal Normal Normal Urgent Normal Urgent Normal...
  • Page 123 TOS, DSCP, and QoS Traffic Classes Table TOS Value DSCP Value Traffic Class ID Traffic Class Priority Urgent Normal Normal Normal Normal Normal Normal Normal TOS, DSCP, QoS Traffic Class Table | 123...
  • Page 124 TOS, DSCP, and QoS Traffic Classes Table 124 | TOS, DSCP, QoS Traffic Class Table...

This manual is also suitable for:

Steelhead 770-sdSteelhead 570-sdSteelhead 3070-sd

Table of Contents