Managing Your Network : Managing Interceptor clusters : Configuring cluster load-balancing rules
  
Configuring cluster load-balancing rules
You configure load-balancing rules for your cluster using the Clusters Page tab.
Any changes made to the cluster configuration pages modify all the Interceptors after a cluster push.
Load-balancing rules define the characteristics by which traffic is selected for load-balancing and the availability of a LAN-side SteelHead for such traffic.
Overview of load-balancing rules
Your load-balancing rules must account for these conditions:
•  Traffic over all subnets and ports that have been selected for redirection
•  All SteelHeads you have configured as targets of redirect rules or reserved for the automatic load-balancing rule:
–  If a cluster SteelHead is specified as a target for a rule, it is reserved for traffic that matches that rule and isn’t available to the pool used for automatic load balancing.
–  If a cluster SteelHead isn’t specified as a target for a rule, it is available for automatic load balancing.
•  Second-preference cases in which you would rather pass through traffic than tax the automatic load-balancing pool.
•  IPv4 and IPv6 addresses are supported for load-balancing rules.
For detailed information, see the SteelHead Interceptor User Guide.
To configure cluster load balancing rules
1. Choose Manage > Appliances: Clusters to display the Clusters page.
2. Click the cluster name to expand the page and display the cluster tabs.
3. Select the Cluster Pages tab to expand the page.
4. Select Load Balancing Rules to display the Editing Cluster: <cluster name>, Load Balancing Rules page.
Tip: You can select the cluster name and page to edit at the top of the Editing Cluster: <cluster name>, Inpath Rules (Interceptor) page at the top of the page.
5. Complete the configuration as described in this table.
Control
Description
Enable Capacity Adjustment
If pressure monitoring is enabled, select this option to enable the capacity adjustment feature.
When enabled, this feature reduces the number of new connections sent to local SteelHeads for which the Interceptor determines a High pressure value. For a local SteelHead with a High pressure value, this feature artificially and temporarily reduces the capacity of the SteelHead for Interceptor load-balancing calculations. As a result of using a downward-adjusted capacity for a particular SteelHead, the Interceptor moves existing paired peers from that SteelHead to less-used SteelHeads.
The Interceptor uses the artificially reduced capacity value for that Interceptor in load-balancing calculations until the SteelHead returns to a Normal pressure value.
Enable Pressure Monitoring
Select this option to enable the pressure monitoring feature.
When enabled, this feature provides more detailed information about the health of the local SteelHeads, to enable the Interceptor to better manage and balance traffic.
We recommend that you enable pressure monitoring only in conjunction with Fair Peering v2.
Enable Capacity Adjustment
If pressure monitoring is enabled, select this option to enable the capacity adjustment feature.
When enabled, this feature reduces the number of new connections sent to local SteelHeads for which the Interceptor determines a High pressure value. For a local SteelHead with a High pressure value, this feature artificially and temporarily reduces the capacity of the SteelHead for Interceptor load-balancing calculations. As a result of using a downward-adjusted capacity for a particular SteelHead, the Interceptor moves existing paired peers from that SteelHead to less-used SteelHeads.
The Interceptor uses the artificially reduced capacity value for that Interceptor in load-balancing calculations until the SteelHead returns to a Normal pressure value.
Enable Pressure Monitoring
Select this option to enable the pressure monitoring feature.
When enabled, this feature provides more detailed information about the health of the local SteelHeads, to enable the Interceptor to better manage and balance traffic.
We recommend that you enable pressure monitoring only in conjunction with Fair Peering v2.
6. Click Apply to apply your settings to the running configuration.
7. Under Load Balance Rules, click + Add a New Load Balancing Rule to expand the page.
8. Complete the configuration as described in this table.
Control
Description
Add a New Load Balancing Rule
Displays the controls for adding a new rule.
Type
Select one of these options from the drop-down list:
•  Redirect - Redirects locally initiated TCP connections to be optimized by a SteelHead. Typically, you configure a redirect rule for source and destination addresses and ports you want to optimize in the Riverbed system. A separate set of load-balancing rules determines the SteelHead to which the connection is to be redirected.
•  Passthrough - Configure rules of this type as a second-preference rule for cases in which you want to optimize when connections are available on specified targets but, in the event that targets have reached admission control capacity, you would rather pass-through traffic than tax the auto-balance pool. For example, you might use pass-through rules to handle HTTP traffic on port 80.
Enable Email Notification
Specify this option to periodically send an email reminder to evaluate load-balance pass-through rules. Frequently, pass-through load-balance rules are created as a temporary workaround for an acute problem. These rules often end up becoming permanent because the administrator forgets to remove them.
This field is active only when you specify a pass-through rule. You can’t create notifications for other types of rules.
By default this option is enabled. Notifications are sent if one pass-through rule has this value enabled, even if other pass-through rules have this value disabled.
Email is sent every 15 days.
In addition, on the Interceptor System Settings: Email page you must also:
•  Select the Report Events via Email check box and specify an email address.
•  Select the Send Reminder of Pass-through Rules via Email.
For details, see SteelHead Interceptor User Guide.
Position
Select any of these options from the drop-down list:
•  Select Start to insert the rule at the start of the list.
•  Select End to insert the rule at end of the list.
•  Select a rule number.
In general, list rules in this order:
1. Deny 2. Discard 3. Pass-through 4. Fixed-target 5. Auto-Discover
The rule type of a matching rule determines which action the Interceptor takes on the connection.
Local SteelHeads
Specify a comma-separated list of SteelHead IP addresses to which traffic can be redirected. If a rule matches, connections are redirected to the first SteelHead in the list that has capacity for new connections. If no rule matches, peer affinity applies. If there is no existing peer affinity, the connection is redirected to the SteelHead with the least number of current connections.
Note: The target SteelHeads are called cluster SteelHeads.
From Remote SteelHeads
Select one of these options from the drop-down list:
•  Any - Rule applies only when matching any SYN or SYN+ (behavior of load-balancing rule before peering was added).
•  Probe-only - Match any packet with a probe SYN+.
•  Non-probe - Match only SYN entering from the LAN side.
•  IP Address - Match the given IP address when a SYN+ comes from that SteelHead.
Remote SteelHead IPs
If you specify IP Address for the From Remote SteelHeads setting, use this field to specify a comma-separated list of SteelHead IP addresses.
Note: If any of the source or destination subnets is the IPv4 or All-IPv4 type, you can configure only IPv4 peer addresses. For the remaining options (All IP (IPv4 + IPv6, All IPv6, IPv6), a combination of valid IPv4 and IPv6 addresses is accepted.
Source Subnet
Select one of these options for the source subnet:
•  All IP (IPv4 + IPv6) - Configures a rule to apply to all source subnets.
•  All IPv4 - Configures a rule to apply to all IPv4 source subnets.
•  All IPv6 - Configures a rule to apply to all source subnets.
•  IPv4 - Configures a rule to apply to the specified source subnet. Use this format for an individual subnet IPv4 address and netmask: xxx.xxx.xxx.xxx./xx
•  IPv6 - Configures a rule to apply to the specified source subnet. Specify an IP address using this format: eight 16-bit hexadecimal strings separated by colons, 128-bits. For example:
2001:38dc:0052:0000:0000:e9a4:00c5:6282
You don’t need to include leading zeros. For example:
2001:38dc:52:0:0:e9a4:c5:6282
You can replace consecutive zero strings with double colons (::). For example:
2001:38dc:52::e9a4:c5:6282
•  Host Label - Alternatively, specify a host label for the source subnet.
Destination Subnet
Select one of these options for the destination subnet:
•  All IP (IPv4 + IPv6) - Configures a rule to apply to all source subnets.
•  All IPv4 - Configures a rule to apply to all IPv4 source subnets.
•  All IPv6 - Configures a rule to apply to all source subnets.
•  IPv4 - Configures a rule to apply to the specified source subnet. Use this format for an individual subnet IPv4 address and netmask: xxx.xxx.xxx.xxx./xx
•  IPv6 - Configures a rule to apply to the specified source subnet. Specify an IP address using this format: eight 16-bit hexadecimal strings separated by colons, 128-bits. For example:
2001:38dc:0052:0000:0000:e9a4:00c5:6282
You don’t need to include leading zeros. For example:
2001:38dc:52:0:0:e9a4:c5:6282
You can replace consecutive zero strings with double colons (::). For example:
2001:38dc:52::e9a4:c5:6282
•  Host Label - Alternatively, specify a host label for the source subnet.
Port or Port Label
Specify the destination port number, port label, or All.
If you order rules so that traffic that’s passed through, discarded, or denied is filtered first, All represents all remaining ports.
VLAN Tag ID
Specify a VLAN identification number from 0 to 4094, or All to apply the rule to all VLANs, or Untagged to apply the rule to nontagged connections.
Pass-through traffic maintains any preexisting VLAN tagging between the LAN and WAN interfaces.
To complete the implementation of VLAN tagging, you must set the VLAN tag IDs for the in-path interfaces that the Interceptor uses to communicate with other Interceptors.
For details about configuring the in-path interface for the Interceptor, see Configuring cluster in-path rules.
Description
Describe the rule to facilitate administration.
Add
Adds the new rule to the configuration. The new rule displays in the list at the top of the page.
Move Selected Rules
Moves the selected rules. Click the > next to the desired rule position; the rule moves to the new position.
Note: The default rule can’t be reordered and is always listed last.
Remove Selected Rules
Select the check box next to the name and click Remove Selected Rules.
Note: The default rule can’t be removed and is always listed last.