Control | Description |
Enable Capacity Adjustment | If pressure monitoring is enabled, select this option to enable the capacity adjustment feature. When enabled, this feature reduces the number of new connections sent to local SteelHeads for which the Interceptor determines a High pressure value. For a local SteelHead with a High pressure value, this feature artificially and temporarily reduces the capacity of the SteelHead for Interceptor load-balancing calculations. As a result of using a downward-adjusted capacity for a particular SteelHead, the Interceptor moves existing paired peers from that SteelHead to less-used SteelHeads. The Interceptor uses the artificially reduced capacity value for that Interceptor in load-balancing calculations until the SteelHead returns to a Normal pressure value. |
Enable Pressure Monitoring | Select this option to enable the pressure monitoring feature. When enabled, this feature provides more detailed information about the health of the local SteelHeads, to enable the Interceptor to better manage and balance traffic. We recommend that you enable pressure monitoring only in conjunction with Fair Peering v2. |
Enable Capacity Adjustment | If pressure monitoring is enabled, select this option to enable the capacity adjustment feature. When enabled, this feature reduces the number of new connections sent to local SteelHeads for which the Interceptor determines a High pressure value. For a local SteelHead with a High pressure value, this feature artificially and temporarily reduces the capacity of the SteelHead for Interceptor load-balancing calculations. As a result of using a downward-adjusted capacity for a particular SteelHead, the Interceptor moves existing paired peers from that SteelHead to less-used SteelHeads. The Interceptor uses the artificially reduced capacity value for that Interceptor in load-balancing calculations until the SteelHead returns to a Normal pressure value. |
Enable Pressure Monitoring | Select this option to enable the pressure monitoring feature. When enabled, this feature provides more detailed information about the health of the local SteelHeads, to enable the Interceptor to better manage and balance traffic. We recommend that you enable pressure monitoring only in conjunction with Fair Peering v2. |
Control | Description |
Add a New Load Balancing Rule | Displays the controls for adding a new rule. |
Type | Select one of these options from the drop-down list: • Redirect - Redirects locally initiated TCP connections to be optimized by a SteelHead. Typically, you configure a redirect rule for source and destination addresses and ports you want to optimize in the Riverbed system. A separate set of load-balancing rules determines the SteelHead to which the connection is to be redirected. • Passthrough - Configure rules of this type as a second-preference rule for cases in which you want to optimize when connections are available on specified targets but, in the event that targets have reached admission control capacity, you would rather pass-through traffic than tax the auto-balance pool. For example, you might use pass-through rules to handle HTTP traffic on port 80. |
Enable Email Notification | Specify this option to periodically send an email reminder to evaluate load-balance pass-through rules. Frequently, pass-through load-balance rules are created as a temporary workaround for an acute problem. These rules often end up becoming permanent because the administrator forgets to remove them. This field is active only when you specify a pass-through rule. You can’t create notifications for other types of rules. By default this option is enabled. Notifications are sent if one pass-through rule has this value enabled, even if other pass-through rules have this value disabled. Email is sent every 15 days. In addition, on the Interceptor System Settings: Email page you must also: • Select the Report Events via Email check box and specify an email address. • Select the Send Reminder of Pass-through Rules via Email. For details, see SteelHead Interceptor User Guide. |
Position | Select any of these options from the drop-down list: • Select Start to insert the rule at the start of the list. • Select End to insert the rule at end of the list. • Select a rule number. In general, list rules in this order: 1. Deny 2. Discard 3. Pass-through 4. Fixed-target 5. Auto-Discover The rule type of a matching rule determines which action the Interceptor takes on the connection. |
Local SteelHeads | Specify a comma-separated list of SteelHead IP addresses to which traffic can be redirected. If a rule matches, connections are redirected to the first SteelHead in the list that has capacity for new connections. If no rule matches, peer affinity applies. If there is no existing peer affinity, the connection is redirected to the SteelHead with the least number of current connections. Note: The target SteelHeads are called cluster SteelHeads. |
From Remote SteelHeads | Select one of these options from the drop-down list: • Any - Rule applies only when matching any SYN or SYN+ (behavior of load-balancing rule before peering was added). • Probe-only - Match any packet with a probe SYN+. • Non-probe - Match only SYN entering from the LAN side. • IP Address - Match the given IP address when a SYN+ comes from that SteelHead. |
Remote SteelHead IPs | If you specify IP Address for the From Remote SteelHeads setting, use this field to specify a comma-separated list of SteelHead IP addresses. Note: If any of the source or destination subnets is the IPv4 or All-IPv4 type, you can configure only IPv4 peer addresses. For the remaining options (All IP (IPv4 + IPv6, All IPv6, IPv6), a combination of valid IPv4 and IPv6 addresses is accepted. |
Source Subnet | Select one of these options for the source subnet: • All IP (IPv4 + IPv6) - Configures a rule to apply to all source subnets. • All IPv4 - Configures a rule to apply to all IPv4 source subnets. • All IPv6 - Configures a rule to apply to all source subnets. • IPv4 - Configures a rule to apply to the specified source subnet. Use this format for an individual subnet IPv4 address and netmask: xxx.xxx.xxx.xxx./xx • IPv6 - Configures a rule to apply to the specified source subnet. Specify an IP address using this format: eight 16-bit hexadecimal strings separated by colons, 128-bits. For example: 2001:38dc:0052:0000:0000:e9a4:00c5:6282 You don’t need to include leading zeros. For example: 2001:38dc:52:0:0:e9a4:c5:6282 You can replace consecutive zero strings with double colons (::). For example: 2001:38dc:52::e9a4:c5:6282 • Host Label - Alternatively, specify a host label for the source subnet. |
Destination Subnet | Select one of these options for the destination subnet: • All IP (IPv4 + IPv6) - Configures a rule to apply to all source subnets. • All IPv4 - Configures a rule to apply to all IPv4 source subnets. • All IPv6 - Configures a rule to apply to all source subnets. • IPv4 - Configures a rule to apply to the specified source subnet. Use this format for an individual subnet IPv4 address and netmask: xxx.xxx.xxx.xxx./xx • IPv6 - Configures a rule to apply to the specified source subnet. Specify an IP address using this format: eight 16-bit hexadecimal strings separated by colons, 128-bits. For example: 2001:38dc:0052:0000:0000:e9a4:00c5:6282 You don’t need to include leading zeros. For example: 2001:38dc:52:0:0:e9a4:c5:6282 You can replace consecutive zero strings with double colons (::). For example: 2001:38dc:52::e9a4:c5:6282 • Host Label - Alternatively, specify a host label for the source subnet. |
Port or Port Label | Specify the destination port number, port label, or All. If you order rules so that traffic that’s passed through, discarded, or denied is filtered first, All represents all remaining ports. |
VLAN Tag ID | Specify a VLAN identification number from 0 to 4094, or All to apply the rule to all VLANs, or Untagged to apply the rule to nontagged connections. Pass-through traffic maintains any preexisting VLAN tagging between the LAN and WAN interfaces. To complete the implementation of VLAN tagging, you must set the VLAN tag IDs for the in-path interfaces that the Interceptor uses to communicate with other Interceptors. For details about configuring the in-path interface for the Interceptor, see Configuring cluster in-path rules. |
Description | Describe the rule to facilitate administration. |
Add | Adds the new rule to the configuration. The new rule displays in the list at the top of the page. |
Move Selected Rules | Moves the selected rules. Click the > next to the desired rule position; the rule moves to the new position. Note: The default rule can’t be reordered and is always listed last. |
Remove Selected Rules | Select the check box next to the name and click Remove Selected Rules. Note: The default rule can’t be removed and is always listed last. |