•  Welcome
  •  About this guide
    • Audience
    • Types of SteelHeads
    • Document conventions
  • What’s new
•  Optimization Techniques and Design Fundamentals
  •  How SteelHeads optimize data
    • Data streamlining
    • Transport streamlining
    • Application streamlining
    • Management streamlining
  •  RiOS data store synchronization
    • RiOS data store synchronization requirements
    • RiOS data store error alarms
  • Choosing the right SteelHead model
  • Deployment modes for the SteelHead
  •  Autodiscovery protocol
    • Original autodiscovery process
    • Configuring enhanced autodiscovery
  •  Autodiscovery and firewall considerations
    • Removal of the Riverbed TCP option probe
    • Stateful firewall device in a multiple in-path environment
  • Multiple in-path discovery behavior
  •  Controlling optimization
    • In-path rules
    • Default in-path rules
    • Peering rules
    • Kickoff and automatic kickoff features
  •  Controlling optimization configuration examples
    • Configuring high-bandwidth, low-latency environment
    • Configuring pass-through transit traffic
  •  Fixed-target in-path rules
    • Configuring a fixed-target in-path rule for an in-path deployment
    • Fixed-target in-path rule for an out-of-path deployment
  • Best practices for SteelHead deployments
•  Network Integration Tools
  •  Redundancy and clustering
    • Physical in-path deployments
    • Virtual in-path deployments
    • Out-of-path deployments
  • Fail-to-wire and fail-to-block
  • Overview of link state propagation
  •  Connection forwarding
    • Configuring connection forwarding
    • Multiple-interface support within connection forwarding
    • Failure handling within connection forwarding
    • Connection-forwarding neighbor latency
  • Overview of simplified routing
•  WAN Visibility Modes
  • Overview of WAN visibility
  • Correct addressing
  •  Transparent addressing
    • Port transparency
    • Full address transparency
    • Full address transparency with forward reset
  •  Implications of transparent addressing
    • Stateful systems
    • Network design issues
    • Integration into networks using NAT
  •  Out-of-band connection
    • Overview of OOB connections and addressing modes
    • Configuring OOB connection destination transparency
    • Configuring OOB connection full transparency
  • Configuring WAN visibility modes
•  Topology
  • Introduction to the topology concept
  • Defining a network
  •  Defining a site
    • Configuring the local site
    • Configuring the default site
•  Application Definitions
  •  Applications
    • Defining an application
    • Application properties
  •  Application Flow Engine
    • Overview of the Application Flow Engine
    • AFE and Microsoft Lync 2010 and 2013
  • Creating host labels
  • Creating port labels
  • Creating domain labels
•  QoS configuration and integration
  • Overview of Riverbed QoS
  •  QoS concepts
    • Overview of QoS concepts
    • QoS rules
    • QoS classes
    • QoS profiles
  •  Configuring QoS
    • QoS configuration workflow
    • Enabling QoS
    • QoS default classes
  •  Inbound QoS
    • Introduction to inbound QoS
    • Assigning an inbound QoS profile to a site
  • LAN bypass
  • QoS for IPv6
  • QoS in virtual in-path and out-of-path deployments
  • QoS in multiple SteelHead deployments
  • QoS and multiple WAN interfaces
  •  Integrating SteelHeads into existing QoS architectures
    • WAN-side traffic characteristics and QoS
    • QoS integration techniques
    • QoS marking
  • QoS enforcement best practices
  • Upgrading to RiOS 9.0
  • Guidelines for the maximum number of QoS classes, sites, and rules
•  QoS Configuration Examples
  •  Configuring QoS using best practices
    • Example QoS scenario
    • Configuring QoS on the data center SteelHead
    • Configuring applications
    • Creating QoS profiles
    • Configuring topology
    • Enabling QoS on the SteelHead
  • Configuring QoS marking on SteelHeads
  • Configuring QoS and MX-TCP
•  Path Selection
  • Overview of path selection
  •  Path selection implementation
    • Path selection workflow
    • Example of a path selection implementation
    • Identifying traffic flow candidates
  • Configuring path selection
  •  Valid path selection deployment design examples
    • Basic multiple route path deployment
    • Complex parallel path deployment
    • Complex single in-path interface deployment
    • Serial deployment
    • Firewall path traversal deployment
  • Path selection and virtual in-path deployment
  • Design validation
  • Design considerations
•  Physical in-path deployments
  • Overview of in-path deployment
  •  Logical in-path interface
    • In-path IP address selection
    • In-path default gateway and routing
  •  Failure modes
    • Fail-to-wire mode
    • Fail-to-block mode
    • Configuring failure modes
  • Configuring link state propagation
  • EtherChannel
  •  Cabling and duplex
    • Choosing the correct cables
    • Duplex configuration
    • Troubleshooting cable and duplex issues
  •  Physical in-path deployment configuration examples
    • Configuring a basic physical in-path deployment
    • Configuring a physical in-path with dual links deployment
    • Configuring a serial cluster deployment with multiple links
  •  In-path redundancy and clustering examples
    • Primary and backup deployments
    • Serial cluster deployments
  • Configuring simplified routing
  •  Multiple WAN router deployments
    • Configuring multiple WAN router deployments without connection forwarding
    • Configuring multiple WAN router deployments with connection forwarding
  •  802.1Q trunk deployments
    • Overview of VLAN trunk
    • Configuring a SteelHead on an 802.1Q trunk link
    • Capturing network traces using tcpdump
  •  Layer-2 WAN deployments
    • Layer-2 WANs
    • Broadcast Layer-2 WANs
  •  VLAN bridging deployments
    • Overview of VLAN bridging deployment
    • VLAN bridging considerations
    • VLAN bridging variations
•  Virtual In-Path Deployments
  • Overview of virtual in-path deployment
  • Configuring an in-path, load-balanced, Layer-4 switch deployment
  • Configuring flow data exports in virtual in-path deployments
•  WCCP Virtual In-Path Deployments
  • Overview of WCCP
  •  WCCP fundamentals
    • Service groups
    • Assignment methods
    • Redirection and return methods
    • WCCP clustering and failover
    • Multiple in-path WCCP
  • Advantages and disadvantages of WCCP
  •  Configuring WCCP
    • Basic steps for configuring WCCP
    • Configuring a simple WCCP deployment
    • Adding a SteelHead to an existing WCCP deployment
    • Configuring a WCCP high availability deployment
    • Configuring a basic WCCP router
  •  Configuring additional WCCP features
    • Specifying the service group password
    • Configuring multicast groups
    • Configuring group lists to limit service group members
    • Configuring access control lists
    • Configuring load balancing in WCCP
  • Flow data in WCCP
  • Verifying and troubleshooting WCCP configurations
•  Policy-Based Routing Virtual In-Path Deployments
  •  Overview of PBR
    • PBR failover and Cisco Discovery Protocol
    • Alternate PBR failover mechanisms
  • Connecting the SteelHead in a PBR deployment
  •  Configuring PBR
    • Overview of configuring PBR
    • Configuring a SteelHead to directly connect to the router
    • Configuring a SteelHead to connect to a Layer-2 switch
    • Configuring a SteelHead to connect to a Layer-3 switch
    • Configuring a SteelHead with object tracking
    • Configuring a SteelHead with multiple PBR interfaces
    • Configuring multiple SteelHeads to connect to multiple routers
    • Configuring PBR for load balancing WAN circuits
    • Configuring local PBR for ICMP redirection in a mixed MTU environment
  • Exporting flow data and virtual in-path deployments
•  IPv6
  •  Overview of IPv6
    • RiOS RFC compliance and feature compatibility
    • IPv6 addressing
    • Traffic interception
  • In-path rules
  •  Deployment options
    • Configuring an in-path SteelHead IPv6 deployment
    • Configuring a SteelHead serial cluster IPv6 deployment
    • Configuring a connection forwarding and SteelHead IPv6 deployment
    • Configuring a virtual in-path SteelHead IPv6 deployment
    • Configuring a fixed-target rule SteelHead IPv6 deployment
  • Protocol support
  • Verification and troubleshooting
•  Packet Mode Optimization
  • Overview of packet mode optimization
  • Comparison with TCP proxy mode optimization
  • Configuring packet mode optimization
  • Design considerations
  • Best practices for packet mode optimization
•  Satellite Optimization
  •  Overview of satellite networks
    • Impact of latency
    • Impact of loss
    • Satellite transport options
  •  Overview of SCPS
    • SCPS benefits
    • Common uses for SCPS
    • SCPS and SteelHeads
  •  TCP optimization for satellite environments
    • SCPS discovery
    • Transport optimization for satellite environments
    • Configuring automatic detect TCP optimization
    • Integrating the SteelHead with existing satellite modem TCP acceleration
  • Licensing SCPS on a SteelHead
  •  Configuring satellite optimization features
    • Configuring transport optimization
    • Configuring rate pacing
    • Configuring single-ended connection rule table settings
    • Configuring single-ended rules
  •  Verification and troubleshooting
    • Analyzing connection optimization information
    • Analyzing packets for discovery probe stripping
    • Understanding the health of the satellite signal
    • Potential under performance due to short bottleneck buffer
    • Potential performance impact of loss at the start of flow
    • Variance in SCPS performance
•  VPN Routing and Forwarding
  •  NSV with VRF Select
    • Virtual routing and forwarding
    • NSV with VRF Select
    • IOS requirements
    • Prerequisites for NSV
    • Example NSV network deployment
    • Configuring NSV
  •  VRF-aware WCCP
    • VRF-aware WCCP design examples
    • VRF-aware WCCP best practices
•  Out-of-Path Deployments
  • Overview of out-of-path deployment
  • Limitations of out-of-path deployments
  • Configuring out-of-path deployments
•  Data Protection Deployments
  • Overview of data protection
  •  Planning for a data protection deployment
    • LAN-side throughput and data reduction requirements
    • Predeployment questionnaire
  •  Configuring SteelHeads for data protection
    • Adaptive data streamlining feature settings
    • CPU settings
    • Best practices for data streamlining and compression
    • MX-TCP settings
    • SteelHead WAN buffer settings
    • Router WAN buffer settings
  •  Common data protection deployments
    • Remote office, branch office backups
    • Network attached storage replication
    • Storage area network replication
  •  Designing for scalability and high availability
    • Overview of N+M architecture
    • Using MX-TCP in N+M deployments
  •  Enhanced visibility and control for SnapMirror
    • SnapMirror optimization in Cluster Data ONTAP environments
    • SnapMirror optimization in Data ONTAP 7-mode environments
  • Troubleshooting and fine-tuning
  • Third-party interoperability
•  Storage Area Network Replication
  • Overview of SAN replication
  •  Storage optimization modules
    • FCIP optimization module
    • SRDF optimization module
  • Best practices for SAN replication using TCP/IP
  •  Best practices for SAN replication using Cisco MDS FCIP
    • FCIP profiles
    • FCIP tunnels
    • Configuring a Cisco MDS FCIP deployment
    • Best practices for RiOS 5.5.3 and later with Cisco MDS FCIP configuration
•  Authentication, Security, Operations, and Monitoring
  • Overview of secure transport
  • Overview of authentication
  • Authentication features
  • Configuring SAML
  •  Configuring a RADIUS server
    • Configuring a RADIUS server with FreeRADIUS
    • Configuring RADIUS authentication in the SteelHead
    • Configuring RADIUS CHAP authentication
  •  Configuring a TACACS+ server
    • Configuring TACACS+ with Cisco Secure Access Control Servers
    • Configuring TACACS+ authentication in the SteelHead
  •  Securing SteelHeads
    • Overview of securing SteelHeads
    • Best practices for securing access to SteelHeads
    • Best practices for enabling SteelHead security features
    • Best practices for policy controls
    • Best practices for security monitoring
    • Configuring SSL certificates for web user interface
  • Changing encryption for domain replication passwords
  • REST API access
  •  Capacity planning
    • Model characteristics
    • Admission control
  • Overview of exporting flow data
  • SNMP monitoring
  • Configuring SNMPv3 authentication and privacy
•  Troubleshooting SteelHead Deployment Problems
  •  Common deployment issues
    • Duplex mismatches
    • Network asymmetry
    • Unknown (or unwanted) SteelHead appears on the current connections list
    • Outdated antivirus software
    • Packet ricochets
    • Router CPU spikes after WCCP configuration
    • Server Message Block signed sessions
    • Unavailable opportunistic locks
    • Underutilized fat pipes
  •  MTU sizing
    • MTU issues
    • Determining MTU size in deployments
    • Connection-forwarding MTU considerations
•  SteelHead and AppResponse Integration
  • Overview of SteelHead and AppResponse integration
  •  AppResponse and SteelHead deployment scenarios
    • Data center deployment
    • Cloud deployment
•  Deploying SteelHead-v in OpenStack
  • What you need
  •  Deploying SteelHead-v appliances in OpenStack
    • Deleting an OpenStack instance
  •  Using a Heat template to deploy SteelHead-v appliances
    • Heat template deployment guidelines
    • Heat template example
    • Creating an OpenStack stack from a Heat template
    • Deleting an OpenStack stack created by a Heat template
    • Creating OpenStack flavors: CLI examples
•  SteelCentral Controller for SteelHead Mobile Deployments
  •  Overview of SteelCentral Controller for SteelHead Mobile deployment
    • Basic setup for deploying Mobile Controller
    • Mobile Controller with VPN deployments
    • Mobile Controller with firewall deployments
    • Branch office and remote access deployments
  •  Multiple Mobile Controller deployments
    • Overview of multiple Mobile Controller deployments
    • Mobile Controller Concurrent User Limits
    • Configuring multiple Mobile Controllers for redundancy
    • Preparing to join Mobile Controllers in a high-availability cluster
    • Sizing considerations in a high-availability cluster
    • Endpoint license pooling
    • Communication between HA cluster members
  • Ports used with Mobile Controllers and SteelHead Mobiles
  • Interaction between Mobile Controllers and SteelHead Mobile clients
  •  Location awareness
    • Overview of location awareness
    • Branch warming
  •  SSL with SteelCentral Controller for SteelHead Mobile
    • Traditional SSL optimization
    • Advanced high-security SSL optimization
    • Configuring SteelCentral Controller for SteelHead Mobile and SSL
    • Using SteelHead Mobile with SSL proxy devices
    • Supported TLS versions with SteelHead Mobile
    • Multiple Mobile Controllers and SSL
  •  Mobile Controller best practices and other considerations
    • Deployment scenarios
    • Management best practices
    • Migration Mobile Controller hardware
    • Licensing best practices
    • Antivirus software
    • Signed SMB support
    • SSL client authentication support
    • SMC and Federal Information Processing Standard (FIPS)
    • Optimization before user log in
•  Cisco Intelligent Traffic Director and SteelHead
  • Background and introduction to Intelligent Traffic Director
  •  Intelligent Traffic Director concepts
    • Redirection scenarios
    • ITD device groups
    • The use of buckets
    • Probes
    • Access Control Lists
    • ITD service configuration parameters
  • Advantages and disadvantages of ITD
  •  Configuration of ITD deployments
    • Basic steps for configuring ITD deployments
    • Configuring a simple ITD deployment
    • Configuring an ITD high availability deployment
    • Single SteelHead with interface high availability
    • Dual SteelHeads and interfaces with high availability
  •  Additional design and configuration settings
    • Correct Addressing and Transparency modes
    • IPv4 and IPv6 deployments
  • Flow data in ITD deployments
  • Verifying and troubleshooting ITD deployments

SteelHead™ Deployment Guide

Cisco Intelligent Traffic Director and SteelHead