SteelFusion User Guide : Modifying Host and Network Interface Settings : Modifying base interfaces
  
Modifying base interfaces
You view and modify settings for the appliance primary and auxiliary interfaces in the Networking > Networking: Base Interfaces page.
When you initially ran the Configuration wizard, you set required settings for the base interfaces for the SteelHead. Only use the controls in this page if you require modifications or additional configuration:
•  Primary Interface - On the appliance, the primary interface is the port you connect to the LAN switch. The primary interface is the appliance management interface. You connect to the primary interface to use the web UI or the CLI.
•  Auxiliary Interface - On the appliance, the auxiliary interface is an optional port you can use to connect the appliance to a non-Riverbed network management device. The IP address for the auxiliary interface must be on a subnet different from the primary interface subnet.
•  Main Routing Table - Displays a summary of the main routing table for the appliance. If necessary, you can add static routes that might be required for out-of-path deployments or particular device management subnets.
IPv6 support
RiOS supports for IPv6 traffic with packet-mode optimization, and supports autodiscovery and fixed-target rules. By using autodiscovery or fixed-target in-path rules, RiOS can apply transport and application streamlining techniques (similarly as it does for TCP connections over IPv4) to improve the user experience as the transition to IPv6 continues.
IPv6 is enabled by default. The support for IPv6 is twofold:
•  Managing appliances - Support for management access using IPv6 IP addresses on primary and auxiliary interfaces.
•  Optimizing IPv6 traffic - RiOS appliances can optimize IPv6 traffic.
For details on IPv6 deployments, see the SteelHead Deployment Guide. For details on in-path rules, see “Configuring in-path rules” on page 100.
This table lists IPv6 support by feature and notes any limits and special considerations.
RiOS IPv6 support includes
RiOS version
Notes
Enhanced autodiscovery of SteelHeads.
9.5 and later for IPv6-only (single- stack) networks
8.5 and later for IPv4 only or dual-stack IPv4 and IPv6 networks
Starting with RiOS 9.5, enhanced autodiscovery is supported for SteelHeads in networks that run IPv6 only (IPv6 single-stack).
SteelHeads running RiOS 8.5 to 9.2 require IPv4 for the TCP inner connections between the peer SteelHeads.
IPv6 support for the SteelHead communication channel with the SteelCentral Controller for SteelHead, appliance manageability (for example, NTP servers, logging, hosts, DNS, Web/FTP proxy, email, and management interfaces) policy pages, and Interceptor Cluster pages (for example, in-path rules and load balancing).
9.5 and later
 
Encrypted Outlook Anywhere latency optimization.
8.6 and later
 
MAPI, eMAPI latency optimization.
8.6 and later
Authentication is over IPv4.
Authentication over IPv6.
8.6 and later
 
Latency optimization of signed-SMB, CIFS/SMB1, SMB2, and SMB3 using IPv6 endpoint addressing.
8.5.2 and later
The authentication stack continues to require IPv4 endpoint addressing.
Conformance with Request for Comments (RFCs) 1981, 2460, 2464, 2710, 3590, 4007, 4291, 4443, 4861, 4862, 4943, 5095, and 5156.
8.5 and later
 
TCP IPv6 traffic interception between source and destination, bandwidth optimization.
8.5 and later
 
Ability to automatically discover fixed-target and pass-through in-path rules, along with ability to deny and reject IPv6 TCP traffic as configured in the in-path rules.
8.5 and later
RiOS doesn’t support the neural framing modes Always, TCP Hints, and Dynamic.
RiOS doesn’t support the Oracle forms and Oracle forms over SSL pre-optimization policies.
HTTP and HTTPS latency optimization for IPv6 TCP traffic.
8.5 and later
 
Ability to configure serial clusters.
8.5 and later
 
Interception of IPv6 traffic for in-path, virtual in-path, and server-side out-of-path configurations.
8.5 and later
WCCPv6 support is not available. Virtual in-path support is PBR. Interceptor deployments are supported in RiOS 9.5 and Interceptor 6.0.
Intercepting and passing through IPv4 and/or IPv6 traffic, depending on the in-path rules.
8.5 and later
 
Ability to detect asymmetric routes for IPv6 TCP traffic; enables connection forwarding of IPv6 TCP traffic in asymmetric conditions.
8.5 and later
The connection-forwarding control channel between the neighbors is strictly IPv4. You must configure IPv4 addresses on the SteelHead appliances' in-path interfaces when using a connection-forwarding control channel.
Ability to configure IPv4 and IPv6 addresses on every in-path interface and intercepting and optimizing IPv4 and IPv6 traffic.
8.5 and later
 
Ability to configure one IPv6 address configuration for every in-path interface.
RiOS intercepts and optimizes traffic matching the scope of the IPv6 address configured on the in-path interface. Not applicable for a link-local address configured on the in-path interface.
8.5 and later
RiOS passes through IPv6 TCP traffic not matching the scope of the IPv6 address configured on the in-path interface.
Ability to configure IPv6 addresses on any in-path interface.
8.5 and later
RiOS 8.5 - RiOS 9.2: IPv6 TCP inner connections only in fixed target cases.
Enhanced autodiscovery of SteelHead appliances for IPv6 TCP traffic.
8.5 and later
RiOS 8.5 - RiOS 9.2: TCP inner connections between the peer SteelHead appliances is IPv4 only. RiOS 9.5 allows for IPv6 TCP inner connections between peers.
Simplified routing for IPv6 TCP traffic.
8.5 and later
 
Connection forwarding for IPv6 traffic in multi-interface mode.
8.5 and later
The control connection between neighbors is still IPv4 only.
When multiple interface support in the Networking > Network Integration: Connection Forwarding page is not enabled, IPv6 traffic is passed through.
Ability to configure peering rules for IPv6 traffic.
8.5
The peer client-side SteelHead IP address is IPv4 only.
Ability to configure IPv6 addresses in Single Ended Interception (SEI) rules under Optimization > Network Services: Transport Settings.
8.5 and later
 
Global and automatic kickoff for pass-through TCP IPv6 traffic.
8.5 and later
 
Ability to configure asymmetric VLANs for IPv6 TCP traffic.
8.5 and later
 
Features not supported with IPv6
These features are not IPv6 compatible:
•  Transparency
•  NetFlow
•  Path selection
•  QoS
•  Host labels
•  IPSec
•  Automatic address assignment through DHCPv6
•  Multicast listener discovery
•  IPv6 stateless address autoconfiguration
•  WCCP using anything other than IPv4 outer connections
•  NFS version 3.0 (only supported with IPv4)
 
To display and modify the configuration for base interfaces
1. Choose Networking > Networking: Base Interfaces to display the Base Interfaces page.
Figure: Base Interfaces page
2. Under Primary Interface, complete the configuration as described in this table.
Control
Description
IPv4 Address
Specify an IP address. This IP address is the in-path main interface.
IPv4 Subnet Mask
Specify the subnet mask.
In-Path Gateway IP
Specify the IP address for the in-path gateway. If you have a router (or a Layer-3 switch) on the LAN side of your network, specify this device as the in-path gateway.
Note: If there’s a routed network on the LAN-side of the in-path appliance, the router that is the default gateway for the appliance must not have the ACL configured to drop packets from the remote hosts as its source. The in-path appliance uses IP masquerading to appear as the remote server.
NAT IPs and Ports
In the case of UDP encapsulation with NAT, different SteelHeads could use the same public-facing destination addresses. To uniquely identify such SteelHeads, specify a NAT IPv4 address paired with a specific port opened on the NAT.
Specify multiple NAT IPs and ports on separate lines.
Enable IPv6
Select this check box to assign an IPv6 address. IPv6 addresses are disabled by default. You can only assign one IPv6 address per in-path interface.
Note: The primary and in-path interfaces can share the same subnet. The primary and auxiliary interfaces can’t share the same network subnet.
IPv6 Address
Specify a global or site-local IPv6 address. This IP address is the in-path main interface. You can’t use a DHCP server to assign an IPv6 address automatically.
IPv6 Prefix
Specify the prefix. The prefix length is 0 to 128 bits, separated from the address by a forward slash (/). In this example, 60 is the prefix:
2001:38dc:52::e9a4:c5:6282/60
IPv6 Gateway
Specify the IPv6 address for the in-path gateway. You can use a link local address. If you have a router (or a Layer-3 switch) on the LAN side of your network, specify this device as the in-path gateway.
Note: If there’s a routed network on the LAN-side of the in-path appliance, the router that is the default gateway for the appliance must not have the ACL configured to drop packets from the remote hosts as its source. The in-path appliance uses IP masquerading to appear as the remote server.
LAN Speed and Duplex
WAN Speed and Duplex
Speed - Select Auto, 1000, 100, or 10 from the drop-down list. The default value is Auto.
Duplex - Select Auto, Full, or Half from the drop-down list. The default value is Auto.
If your network routers or switches don’t automatically negotiate the speed and duplex, be sure to set them on the device manually.
The speed and duplex must match (LAN and WAN) in an in-path configuration. To avoid a speed and duplex mismatch, configure your LAN external pair to match the WAN external pair.
Note: Speed and duplex mismatches can easily occur in a network. For example, if one end of the link is set at half or full-duplex and the other end of the link is configured to autonegotiate (auto), the link defaults to half-duplex, regardless of the duplex setting on the nonautonegotiated end. This duplex mismatch passes traffic, but it causes interface errors and results in degraded optimization.
These guidelines can help you avoid speed and duplex mismatches when configuring the SteelHead:
•  Routers are often configured with fixed speed and duplex settings. Check your router configuration and set it to match the SteelHead WAN and LAN settings. Make sure that your switch has the correct setting.
•  After you finish configuring the SteelHead, check for speed and duplex error messages (cyclic redundancy check (CRC) or frame errors) in the System Log page of the Management Console.
•  If there’s a serious problem with the SteelHead and it goes into bypass mode (that is, it automatically continues to pass traffic through your network), a speed and duplex mismatch might occur when you reboot the SteelHead. To avoid a speed and duplex mismatch, configure your LAN external pair to match the WAN external pair.
MTU
Specify the MTU value. The MTU is the largest physical packet size, measured in bytes, that a network can send. Applies to optimized traffic only. The default value is 1500.
VLAN Tag ID
Specify the VLAN tag that the appliance uses to communicate with other SteelHeads in your network. The VLAN Tag ID might be the same value or a different value than the VLAN tag used on the client. A zero (0) value specifies nontagged (or native VLAN) and is the correct setting if there are no VLANs present.
As an example, if the in-path interface is 192.168.1.1 in VLAN 200, you would specify tag 200.
When the SteelHead communicates with a client or a server, it uses the same VLAN tag as the client or the server. If the SteelHead can’t determine which VLAN the client or server is in, it doesn’t use the VLAN tag (assuming that there’s no router between the SteelHead and the client or server).
You must also define in-path rules to apply to your VLANs.
 
3. Under Auxiliary Interface, complete the configuration as described in this table.
Control
Description
Enable Aux Interface
Enables an auxiliary interface, which can be used only for managing the SteelHead. It can’t be used for an out-of-path (OOP) SteelHead data service. Typically this is used for device-management networks.
Obtain IPv4 Address Automatically
Select this option to automatically obtain the IP address from a DHCP server. A DHCP server must be available so that the system can request the IP address from it.
Note: The primary and in-path interfaces can share the same subnet. The primary and auxiliary interfaces can’t share the same network subnet.
Enable IPv4 Dynamic DNS
Select this option to send the hostname with the DHCP request for registration with Dynamic DNS. The hostname is specified in the Networking > Networking: Host Settings page.
Specify IPv4 Address Manually
Select this option if you don’t use a DHCP server to set the IPv4 address. Specify these settings:
•  IPv4 Address - Specify an IP address.
•  IPv4 Subnet Mask - Specify a subnet mask.
(SteelHead EX only)
Do Not Assign An IPv4 Address
Enables the interface without assigning an IP address. Use this option if all traffic on this interface is for VSP.
Specify IPv6 Address Manually
Select this option and specify these settings to set an IPv6 address.
•  IPv6 Auto-Assigned - Displays the link-local address that is automatically generated when IPv6 is enabled on the base interfaces.
•  IPv6 Address - Specify an IP address, using this format: eight 16-bit hexadecimal strings separated by colons, 128-bits. For example:
2001:38dc:0052:0000:0000:e9a4:00c5:6282
You don’t need to include leading zeros: for example
2001:38dc:52:0:0:e9a4:c5:6282
You can replace consecutive zero strings with double colons (::). For example,
2001:38dc:52::e9a4:c5:6282
•  IPv6 Prefix - Specify a prefix. The prefix length is 0 to 128, separated from the address by a forward slash (/). In this example, 60 is the prefix:
2001:38dc:52::e9a4:c5:6282/60
Note: You can’t set an IPv6 address dynamically using a DHCP server.
Speed and Duplex
Speed - Select the speed from the drop-down list. The default value is Auto.
Duplex - Select Auto, Full, or Half from the drop-down list. The default value is Auto.
If your network routers or switches don’t automatically negotiate the speed and duplex, be sure to set them on the device manually.
The speed and duplex must match (LAN and WAN) in an in-path configuration. To avoid a speed and duplex mismatch, configure your LAN external pair to match the WAN external pair.
MTU
Specify the MTU value. The MTU is the largest physical packet size, measured in bytes, that a network can send. The default value is 1500.
 
4. Click Apply to apply your changes to the running configuration.
5. Click Save to save your changes permanently.
To configure routes for IPv4
•  Under Main IPv4 Routing Table, you can configure a static routing in the main routing table for out-of-path deployments or if your device-management network requires static routes.
You can add or remove routes from the table list as described in this table.
Control
Description
Add a New Route
Displays the controls for adding a new route.
Destination IPv4 Address
Specify the destination IP address for the out-of-path appliance or network management device.
IPv4 Subnet Mask
Specify the subnet mask.
Gateway IPv4 Address
Specify the IP address for the gateway. The gateway must be in the same network as the primary or auxiliary interface you are configuring.
Interface
Select an interface for the IPv4 route from the drop-down list.
Add
Adds the route to the table list.
Remove Selected
Select the check box next to the name and click Remove Selected.
 
The Management Console writes your configuration changes to memory.
To configure routes for IPv6
•  Under Main IPv6 Routing Table, you can configure static routing in the main routing table if your device-management network requires static routes.
You can add or remove routes from the table list as described in this table.
Control
Description
Add a New Route
Displays the controls for adding a new route.
Destination IPv6 Address
Specify the destination IP address.
IPv6 Prefix
Specify a prefix. The prefix length is from 0 to 128 bits, separated from the address by a forward slash (/).
Gateway IPv6 Address
Specify the IP address for the gateway. The gateway must be in the same network as the primary or auxiliary interface you are configuring.
Interface
Select an interface for the IPv6 route from the drop-down list.
Add
Adds the route to the table list.
Remove Selected
Select the check box next to the name and click Remove Selected.
 
The Management Console writes your configuration changes to memory.