Network services settings are under Optimization > Network Services: General Service Settings. This feature is not applicable to cloud appliances.

The network services settings allow you to configure how the appliance’s acceleration service interacts with the network. Some of these settings are specific to your deployment. You can enable in-path, out-of-path, and failover. Other settings include limits for half-open connections and the maximum connection pool size. If your appliance has multiple bypass network interface cards (NICs), you’ll have options to enable in-path support for those ports. The number of interface options depends on how many LAN and WAN port pairs are enabled on your appliance.

Enables optimization on traffic that is in the direct path of the client, server, and SteelHead.

Enables global auto kickoff. When enabled, this feature resets existing connections, forcing them to be re-created when you restart the service. The connections are then accelerated. This is useful when making changes to the appliance that you want applied to existing connections. Auto kickoff is also available in in-path rule settings.

Enables optional, virtual in-path support on all the interfaces for networks that use Layer-4 switches, PBR, WCCP, and SteelHead Interceptor. External traffic redirection is supported only on the first in-path interface. These redirection methods are available:

Enables in-path support for additional bypass cards. If your appliance has multiple two-port or four-port bypass cards, the Management Console will display options to enable in-path support for these ports. The number of available interface options depends on how many LAN and WAN port pairs are enabled on your SteelHead.

The interface names for the bypass cards combine the slot number and port pair (inpath<slot><pair>, inpath<slot><pair>). For example, a four-port bypass card in slot 0 will have interface names like inpath0_0 and inpath0_1. If the bypass card is in slot 1, the names will be inpath1_0 and inpath1_1. For installation details of additional bypass cards, refer to the Riverbed Hardware Platforms Guide.

Enables out-of-path support on a server-side SteelHead, where only a SteelHead primary interface connects to the network. The SteelHead can be placed anywhere in the LAN. In this setup, there is no redirecting device. On the client-side SteelHead, you configure fixed-target in-path rules that point to the primary IP address of the out-of-path SteelHead. This SteelHead uses its primary IP to communicate with the server. The remote SteelHead must be in physical or virtual in-path mode.

If using out-of-path with failover support, you must configure fixed-target rules for both the primary (master) and backup appliances.

This feature limits half-open connections from a client (source IP address) attempting to connect to invalid hosts or ports. It helps block activities like viruses or port scanners that make multiple invalid connection attempts at once. It doesn’t affect normal connections to valid hosts.

The appliance tracks the number of half-open connections, which are attempts to check if a server connection can be established. If the number exceeds the set limit (default is 4096), new connections from that source IP are passed through without optimization.

If a client is connecting to valid hosts at a very high rate, some connections may be unoptimized, even if they are all valid.

Specifies the maximum number of TCP connections in a connection pool. Connection pooling improves performance by reusing active connections instead of creating new ones for every request. This is especially useful for protocols like HTTP, which create many short-lived connections.

When a client requests a connection to a server it has already accessed, the connection pool manager checks for an available idle connection. If one is found, it's reused, saving time by avoiding the need for a new TCP handshake. If no connections are available and the pool size has not reached its maximum, a new connection is created and added to the pool. Once the pool reaches its limit, new requests will be queued until a connection is available or the attempt times out. The default pool size is 20. A setting of 0 disables connection pooling. To apply changes, you must restart the appliance.

You can use the Connection Pooling report to assess whether the pool size needs adjustment. If the report shows that many requests are being missed by the pool, consider increasing the pool size.

To support failover in IPv6 environments, IPv6 connection forwarding must be enabled

Configures a failover deployment on either a primary or backup SteelHead. If the primary appliance fails, the backup appliance takes over with a warm data store, allowing it to immediately deliver fully optimized performance. Both the primary and backup SteelHeads must be the same hardware model.

Allows you to select Master or Backup from the drop-down list. A master SteelHead is the primary appliance; the backup SteelHead automatically takes over traffic optimization if the primary fails.

Specifies the IP address for the peer appliance. You must specify the in-path IP address, not the primary interface IP address.