Product Overview
This chapter provides an overview of common terms, new features, upgrade instructions, technical and environmental specifications, and a description of the status lights for the system. This chapter includes these sections:
Prerequisites
This section provides information about product dependencies and compatibility.
Hardware and software dependencies
This table summarizes the hardware and software requirements for the SteelHead.
Riverbed component | Hardware and software requirements |
SteelHead | 19-inch (483 mm) two-post or four-post rack. |
SteelHead Management Console | Any computer that supports a Web browser with a color image display. The Management Console has been tested with all versions of Chrome, Mozilla Firefox Extended Support Release version 38, and Microsoft Internet Explorer 11. The SteelCentral Controller for SteelHead has been tested with Mozilla Firefox Extended Support Release version 38, and Microsoft Internet Explorer 11. JavaScript and cookies must be enabled in your Web browser. |
SCC compatibility
To manage SteelHead 9.6.1 appliances, you need to use SCC 9.6.1. Earlier versions of the SCC do not support 9.6.1 SteelHeads. For details about SCC compatibility across versions, see the SteelCentral Controller for SteelHead Installation Guide.
Virtual Services Platform (VSP) support
VSP is not supported on the Series xx55 hardware platforms. VSP is supported only on the EX Series xx60 hardware platforms. For detailed information about the SteelHead EX systems, see the SteelHead EX Installation and Configuration Guide.
Firewall requirements
We recommend that you deploy the SteelHead behind your firewall. These firewall settings are required for the SteelHead:
• Ports 7800 and 7810 must be open.
• Make sure your firewall doesn’t strip TCP options.
Secure transport requires communication on the management plane, control plane, and data plane. Consider the following port usage:
• The management plane requires communication between the SteelHead and the SCC on TCP port 9443 and TCP port 22.
• The control plane between the SteelHead acting as the controller and the SteelHeads acting as group members is over TCP port 9443.
• Encryption service flows over ESP (IP protocol 50). Or, if the network is public, over UDP port 4500.
Ethernet network compatibility
The SteelHead supports these Ethernet networking standards. A SteelHead with a Gigabit Ethernet card supports jumbo frames on in-path and primary ports.
Ethernet standard | IEEE standard |
Ethernet Logical Link Control (LLC) | IEEE 802.2 - 1998 |
Fast Ethernet 100BASE-TX | IEEE 802.3 - 2008 |
Gigabit Ethernet over Copper 1000BASE-T (All copper interfaces are autosensing for speed and duplex.) | IEEE 802.3 - 2008 |
Gigabit Ethernet over Fiber 1000BASE-SX (LC connector) | IEEE 802.3 - 2008 |
Gigabit Ethernet over Fiber 1000BASE-LX | IEEE 802.3 - 2008 |
Gigabit Ethernet over Fiber 10GBASE-LR Single Mode | IEEE 802.3 - 2008 |
Gigabit Ethernet over 10GBASE-SR Multimode | IEEE 802.3 - 2008 |
The SteelHead ports support these connection types and speeds:
Port | Speed |
Primary (PRI) | 10/100/1000BASE-T, autonegotiating |
Auxiliary (AUX) | 10/100/1000BASE-T, autonegotiating |
LAN | 10/100/1000BASE-T, 1000BASE-SX, 1000BASE-LX, 10GBASE-LR, 10GBASE-SR (depending on configuration) |
WAN | 10/100/1000BASE-T, 1000BASE-SX, 1000BASE-LX, 10GBASE-LR, 10GBASE-SR (depending on configuration) |
The SteelHead supports VLAN Tagging (IEEE 802.3 - 2008). It doesn’t support the ISL protocol.
The SteelHead autonegotiates speed and duplex mode for all data rates and supports full duplex mode and flow control (IEEE 802.3 - 2008).
SNMP-Based management compatibility
This product supports a proprietary Riverbed MIB accessible through SNMP. SNMPv1 (RFCs 1155, 1157, 1212, and 1215), SNMPv2c (RFCs 1901, 2578, 2579, 2580, 3416, 3417, and 3418), and SNMPv3 are supported, although some MIB items might only be accessible through SNMPv2 and SNMPv3.
SNMP support enables the product to be integrated into network management systems such as Hewlett-Packard OpenView Network Node Manager, BMC Patrol, and other SNMP-based network management tools.
Overview of the SteelHead
The causes for slow throughput in WANs are well known: high delay (round-trip time or latency), limited bandwidth, and chatty application protocols. Large enterprises spend a significant portion of their information technology budgets on storage and networks, much of it spent to compensate for slow throughput, by deploying redundant servers and storage, and the required backup equipment. SteelHeads enable you to consolidate and centralize key IT resources to save money, reduce capital expenditures, simplify key business processes, and improve productivity.
With the SteelHead, you can solve a range of problems affecting WANs and application performance, including:
• Insufficient WAN bandwidth
• Inefficient transport protocols in high-latency environments
• Inefficient application protocols in high-latency environments
The Riverbed Optimization System (RiOS) intercepts client-server connections without interfering with normal client-server interactions, file semantics, or protocols. All client requests are passed through to the server normally, while relevant traffic is optimized to improve performance.
RiOS uses these optimization techniques:
• Data streamlining - SteelHeads and SteelHead Mobile can reduce WAN bandwidth utilization by 65% to 98% for TCP-based applications using data streamlining. In addition to traditional techniques like data compression, RiOS also uses a Riverbed proprietary algorithm called scalable data referencing (SDR). SDR breaks up TCP data streams into unique data chunks that are stored in the hard disk (RiOS data store) of the device running RiOS (a SteelHead or SteelHead Mobile host system). Each data chunk is assigned a unique integer label (reference) before it’s sent to a peer RiOS device across the WAN. When the same byte sequence is seen again in future transmissions from clients or servers, the reference is sent across the WAN instead of the raw data chunk. The peer RiOS device (a SteelHead or SteelHead Mobile host system) uses this reference to find the original data chunk on its RiOS data store, and reconstruct the original TCP data stream.
• Transport streamlining - SteelHeads use a generic latency optimization technique called transport streamlining. Transport streamlining uses a set of standards and proprietary techniques to optimize TCP traffic between SteelHeads. These techniques:
– ensure that efficient retransmission methods, such as TCP selective acknowledgements, are used.
– negotiate optimal TCP window sizes to minimize the impact of latency on throughput.
– maximize throughput across a wide range of WAN links.
• Application streamlining - In addition to data and transport streamlining optimizations, RiOS supports a rich set of application protocols that includes but is not limited to Microsoft Exchange, CIFS, SMB, SharePoint, HTTP/HTTPS, Lotus Notes, FCIP, SRDF, and SnapMirror.
• Path selection for hybrid networking - These solutions maximize multiple WAN services based on business needs, service quality, and costs. Path selection redirects specific traffic or applications through one of three alternate paths determined by destination availability in cascading order. The path selection technology deterministically redirects select traffic and application flows through alternate networks based on service metrics, such as path availability, application priority, and policies you create.
– Traffic classification - The SteelHead application flow engine, which covers more than 1,300 individual applications and processes, uses information to understand where data is coming from, which application sent it, and what function that application is trying to accomplish. The application flow engine utilizes a variety of techniques, often in combination, such as port-based classification, application signature matching, protocol dissection, behavioral classification, and others. Path selection classifies traffic using the full assortment of packet rules including IP addresses, 5-tuple, differentiated services code point (DSCP), TCP, user datagram protocol (UDP) port numbers, and so on. In this way, operators can instruct SteelHead solutions to precisely associate applications to networks based on their nature, performance requirements, and business criticality.
– Packet forwarding - After the SteelHead has selected the right path, the next step is for it to steer traffic to the newly selected path. This operation is transparent to the client, server, and any networking devices such as routers or switches. RiOS forwards packets either directly using distinct SteelHead physical interfaces, or indirectly using (MAC) address rewriting. When these forwarding methods aren’t possible; for example, with virtual in-path deployments or where the SteelHead solution is not in the same Layer-2 domain, RiOS uses DSCP marking with upstream policy-based routing.
– Availability monitoring - The SteelHead monitors end-to-end path availability and quality. You define the endpoint IP address for every path, and the SteelHead sends an Internet control message protocol (ICMP) ping every two seconds. To validate availability, each path can have a different remote host.
– Failover management - If three consecutive pings are missed, the system considers the path to be unavailable, and selects the backup path. Every application has a default and a prioritized set of backup paths. Should the default path be unavailable, the higher-priority backup is instantly used (and then the lower one if needed). Operators can block certain types of applications when the primary path becomes unavailable, with a goal of reserving the remaining available bandwidth for more critical applications. As soon as the default path becomes available, traffic is routed back to it.
• Management streamlining - Management streamlining refers to the methods that Riverbed has developed to simplify the deployment and management of RiOS devices. These methods include:
– Autodiscovery process, which enables SteelHeads and SteelHead Mobile to automatically find remote SteelHeads, and to then optimize traffic using them. Enhanced autodiscovery automatically discovers the last SteelHead in the network path of the TCP connection. Autodiscovery relieves you from having to manually configure large amounts of network information. The autodiscovery process enables administrators to control and secure connections, specify which traffic is to be optimized, and specify peers for optimization.
– SteelCentral Controller for SteelHead (SCC), which automatically configures and monitors remote SteelHeads. It also gives you a single view of the overall benefit and health of the SteelHead network. SteelCentral Controller for SteelHead’s central management console dramatically improves the management and usability of control capabilities. The SCC features an intuitive interface and management plane based on high-level abstractions such as applications, sites, uplinks, or networks that match the way you view your IT environment. With SCC, you can implement new, more efficient configuration and change management workflows that make hybrid-networking capabilities truly usable at scale.
– SteelCentral Controller for SteelHead Mobile (SCCM), which tracks the individual health and performance of each deployed software client, and manages enterprise client licensing. The SCCM enables you to see who is connected, view their data reduction statistics, and perform support operations such as resetting connections, pulling logs, and automatically generating traces for troubleshooting. You can perform all of these management tasks without end user input.
For detailed information about how the SteelHead works and deployment design principles, see the SteelHead Deployment Guide.
Configuring optimization
You configure optimization of traffic using the Management Console or the Riverbed CLI. You configure the type of traffic a SteelHead optimizes and specify the type of action it performs using:
• In-Path rules - In-path rules determine the action a SteelHead takes when a connection is initiated, usually by a client. In-path rules are used only when a connection is initiated. Because connections are usually initiated by clients, in-path rules are configured for the initiating, or client-side SteelHead. You configure one of these types of in-path rule actions:
– Auto discover - Use the autodiscovery process to determine if a remote SteelHead is able to optimize the connection attempting to be created by this SYN packet.
– Fixed-target - Skip the autodiscovery process and use a specified remote SteelHead as an optimization peer. Fixed-target rules require the input of at least one remote target SteelHead; an optional backup SteelHead might also be specified.
– Fixed-target (packet mode optimization) - Skip the autodiscovery process and use a specified remote SteelHead as an optimization peer to perform bandwidth optimization on TCPv4, TCPv6, UDPv4, or UDPv6 connections. Packet-mode optimization rules support both physical in-path and master/backup SteelHead configurations. For details, see the SteelHead Management Console User’s Guide.
– Pass-through - Allow the SYN packet to pass through the SteelHead. No optimization is performed on the TCP connection initiated by this SYN packet.
– Discard - Drop the SYN packet silently.
– Deny - Drop the SYN packet and send a message back to its source.
• Peering rules - Peering rules determine how a SteelHead reacts when it sees a probe query. Peering rules are an ordered list of fields a SteelHead uses to match with incoming SYN packet fields. For example, source or destination subnet, IP address, VLAN, or TCP port, as well as the IP address of the probing SteelHead. This is especially useful in complex networks. These types of peering rule are available:
– Auto - If the receiving SteelHead is not using enhanced autodiscovery, this has the same effect as the Accept peering rule action. If enhanced autodiscovery is enabled, the SteelHead only becomes the optimization peer if it’s the last SteelHead in the path to the server.
– Accept - The receiving SteelHead responds to the probing SteelHead and becomes the remote-side SteelHead (that is, the peer SteelHead) for the optimized connection.
– Passthrough - The receiving SteelHead doesn’t respond to the probing SteelHead, and allows the SYN+ probe packet to continue through the network.
For detailed information about in-path and peering rules and how to configure them, see the SteelHead Management Console User’s Guide.
Fail-to-wire (bypass) mode
All SteelHead models and in-path network interface cards support a fail-to-wire mode. In the event of a failure or loss of power, the SteelHead goes into bypass mode and the traffic passes through uninterrupted.
Many in-path network interface cards (NICs) also support a fail-to-block mode in which case if there’s a failure or loss of power, the SteelHead LAN and WAN interfaces power down and stop bridging traffic. The default failure mode is fail-to-wire mode.
If there’s a serious problem with the SteelHead or it’s not powered on, it goes into bypass mode to prevent a single point of failure. If the SteelHead is in bypass mode, you are notified in these ways:
• The Intercept/Bypass status light on the bypass card is triggered. For detailed information about bypass card status lights, see the appendices that follow.
• The Dashboard of the Management Console displays the Critical health icon next to the appliance name.
• SNMP traps are sent (if you have set this option).
• The event is logged to system logs (syslog).
• Email notifications are sent (if you have set this option).
When the fault is corrected, new connections receive optimization; however, connections made during the fault aren’t optimized. To force all connections to be optimized, enable the kickoff feature. Generally, connections are short-lived and kickoff is not necessary. For detailed information about enabling the kickoff feature, see the SteelHead Management Console User’s Guide and the SteelHead Deployment Guide.
When the SteelHead is in bypass mode the traffic passes through uninterrupted. Traffic that was optimized might be interrupted, depending on the behavior of the application-layer protocols. When connections are restored, they succeed, although without optimization.
In an out-of-path deployment, if the server-side SteelHead fails, the first connection from the client fails. After detecting that the SteelHead is not functioning, a ping channel is setup from the client-side SteelHead to the server-side SteelHead. Subsequent connections are passed through unoptimized. When the ping succeeds, processing is restored and subsequent connections are intercepted and optimized.
For detailed information about the ping command, see the Riverbed Command-Line Interface Reference Manual.
Fail-to-block (disconnect) mode
In fail-to-block mode, if the SteelHead has an internal software failure or power loss, the SteelHead LAN and WAN interfaces power down and stop bridging traffic.
When fail-to-block is enabled, a failed SteelHead blocks traffic along its path, forcing traffic to be rerouted onto other paths (where the remaining SteelHeads are deployed). This is only useful if the network has a routing or switching infrastructure that can automatically divert traffic off of the link once the failed SteelHead blocks it.
Note: You can use this with connection-forwarding, the allow-failure CLI command, and an additional SteelHead on another path to the WAN to achieve redundancy. For more information, see the Riverbed Command-Line Interface Reference Manual.
You set fail-to-block mode in the SteelHead CLI. For detailed information, see the SteelHead Deployment Guide.
New features in version 9.6.1
Version 9.6.1 of SteelHead-v provides this enhancement:
• Perpetual licenses for VCX10 through VCX90 models.
Version 9.6 introduced a new licensing framework where customers receive a customer key, which is used across purchases. Licenses are tied to the customer key and are provided for model performance tier, WAN optimization, and optional add-on features. In addition, a support identification code is provided for included or purchased support services.
In version 9.6.1 perpetual licenses are available. Perpetual licenses support using the virtual appliance in disconnected mode, where an internet connection is not required. The customer applies their customer key and feature licenses to the virtual appliance by using the CLI or GUI. Some feature licenses require a challenge-response process in order to be activated. When a challenge-response is required, the customer, using the CLI or GUI, requests a challenge. The customer then enters the generated challenge on the Riverbed Support site at
https:// support.riverbed.com/content/support/licensing.html to generate a response. The customer applies the generated response to the appliance to complete the activation process.
For more information, see the SteelHead (Virtual Edition) Installation Guide.
New features in version 9.6.0-GX1
This release includes support for the SteelHead GX10000, a new SteelHead appliance. See
SteelHead GX10000 Appliance Specifications for physical specifications for this product.
New features in version 9.6.0-SD1
These new features are available in RiOS 9.6.0-SD1:
SteelHead SD web proxy support
This release supports configuration of the web proxy feature for SteelHead SD models.
SteelHead SD appliance compatibility with SteelConnect Virtual Gateways
SteelHead SD appliances (SteelHead-v appliances running SteelOS software) are compatible with SteelConnect virtual gateways. The following SteelHead SD models are compatible:
• 570-SD
• 770-SD
• 3070-SD
For information about this feature, see the SteelConnect Manager User Guide.
New features in version 9.6.1
These new features are available in RiOS 9.6.1.
New SteelHead-v models
The VCX10, VCX-20, VCX-30, VCX-40, VCX-50, VCC-60, VCX-70, VCX-80, and VCX-90 SteelHead-v models are new for RiOS 9.6. These new performance tier-based models replace the VCX xx55 models and have the following new features:
• New licensing format - A common licensing framework based on a customer key is introduced for these models, which replaces token-based licensing. Licenses are tied to the customer key instead of the SteelHead-v appliance, which allows the licenses to be used across appliances.
For more information about this format, including upgrade and downgrade procedures, see the SteelHead (Virtual Edition) Installation Guide.
• Web proxy support - The Optimization > Network Services: In-Path Rules page allows configuration of the web proxy feature for these new SteelHead-v appliances.
To change the web proxy cache size, use the web-proxy cache size <cache-size-in-gb> command. This command is available for the new SteelHead-v models only.
• VCX flexible management disk size - A reduced management disk size accommodates customer premises equipment (CPE).
• Upgrade/downgrade flexibility - System configuration is retained when upgrading or downgrading between the new SteelHead-v models, and upgrades or downgrades are possible between any of the new models.
• VCX provisioning - You can provision a virtual machine (VM) with a configuration that can be applied to more than one SteelHead-v.
• ESXi 6.0 support - SteelHead-v appliances can now run on VMware ESXi version 6.0.
• 1Gbps VCX over KVM - High performance, 1Gbps WAN optimization throughput models for KVM and Hyper-v hypervisors.
• FIPS and SCPS support - Support for Federal Information Processing Standards (FIPS) and Space Communications Protocol Specifications (SCPS) is added and does not require a separate license.
For more information about these models, see the SteelHead (Virtual Edition) Installation Guide.
New SteelHead-c licenses
The following SteelHead-c licenses are new with this software release:
• CCX-SUB-PERF-TIER1
• CCX-SUB-PERF-TIER2
• CCX-SUB-PERF-TIER3
You add these licenses from the Riverbed Cloud Portal. For more information, see the SteelHead Cloud Services User’s Guide.
SteelHead-c for AWS Marketplace
A region-free Amazon Machine Image (AMI) for the SteelHead (in the cloud) (SteelHead-c) has been added to the Amazon Web Services (AWS) marketplace. This product has the following benefits:
• You can instantiate the SteelHead-c instance directly from the AWS marketplace.
• You update the SteelHead-c image directly from the SteelHead Management Console. You accomplish this task by downloading the image from the Riverbed Support site and then using the SteelHead Management Console to select the downloaded image and install it.
• You can use a license from the Riverbed Cloud Portal to activate the SteelHead-c for AWS Marketplace. This feature is known as Bring Your Own License (BYOL).
For more information, see the SteelHead (Virtual Edition) Installation Guide.
Load balancing for multiple SteelHead interfaces in an Interceptor cluster
This feature allows traffic to be carried across all in-path connections between a SteelHead appliance and Interceptors to facilitate load balancing. Previous cluster deployments could only use one of the SteelHead-Interceptor in-path connections, with the remaining connections used as backups.
You enable this feature on the Interceptor. For more information, see the SteelHead Interceptor User’s Guide.
IPv6 compatibility
IPv6 connection forwarding - IPv6 addresses are now supported for connection forwarding. A check box is added to the Networking > Network Integration: Connection Forwarding page in the SteelHead Management Console that allows IPv6 addresses to be specified for connection-forwarding neighbors. For more information, see the SteelHead Management Console User’s Guide.
Reporting updates
Easy TCP dump - For SteelHead-Interceptor deployments, a new feature in the Reports > Diagnostics: TCP Dumps page allows you to capture TCP dumps based on the location of the Interceptor (either client side or server side).
In-path and load-balancing rule counters - A new report in the SteelHead Management Console, In-Path Rule Statistics, shows statistics for in-path rules, such as how many hits the rules are getting, the last time in-path rules were hit, and who created the rules. For more information, see the SteelHead Management Console User’s Guide.
Email enhancement
Email reminders for pass-through in-path rules - New check boxes in the Administration > System Settings: Email page and Optimization > Network Services: In-Path Rules page allow emails to be sent when pass-through in-path rules are configured. Email reminders are sent every 15 days by default. For more information, see the SteelHead Management Console User’s Guide.
Applications
SMB2 lease sharing - The ability to allow a client to share the same lease key for the same file on separate connections, known as lease sharing, is supported when using Windows Server Message Block (SMB) 2.1 or later.
Additional security support
Additional changes were made to enhance SteelHead security features:
• No NTLM fallback for MAPI and signed/encrypted SMB optimization - End-to-end Kerberos can be configured as a configuration option without falling back to Windows NT LAN Manager (NTLM) delegation mode. To enable this feature, enter the protocol mapi encrypted ntlm-bypass enable command. For more information, see the Riverbed Command-Line Interface Reference Manual.
This feature applies to Remote Procedure Call (RPC) over HTTP and RPC over HTTP (Outlook Anywhere). It does not apply to MAPI over HTTP, which is authenticated at the HTTP layer.
• Support temporary password when user is created - A check box has been added to the Administration > Security: Password Policy page to support a temporary password.
• Safety accounts - Administrator users can create safety accounts so that users with Administrator-level roles can login to the SteelHead, even if remote authentication servers are unreachable. A safety account increases security and conforms to DISA requirements.
For more information about these changes, see the SteelHead Management Console User’s Guide.
TLS-related feature support
RiOS 9.6 supports the following Transport Layer Security (TLS)-related features:
• Bandwidth optimization support for HTTP/2 - Data reduction for Transport Layer Security (TLS)-encrypted HTTP/2 traffic is supported, which includes support for the Application-Layer Protocol Negotiation (ALPN) TLS extension.
• TLS extended master secret extension support - Support for the TLS extended master secret extension is added.
Upgrading RiOS to 9.6.1
RiOS 9.6.1 is backward compatible with previous RiOS versions. However, to obtain the full benefits of the new features in RiOS 9.6.1, you must upgrade the client-side and server-side SteelHeads on any given WAN link. After you have upgraded all appliances, all the benefits of the 9.6.1 features and enhancements are available.
User permissions
Upgrading from RiOS 8.6 to 9.0 and later requires additional user permissions for path selection and QoS. For example, a user with QoS read/write permission in a previous version will no longer have permission to configure a QoS rule. In RiOS 9.0 and later, a user needs read/write permission for network settings in addition to read/write permission for QoS.
This table summarizes the changes to the user permission requirements for RiOS 9.0 and later.
Management console page | To configure this feature or change this section | Required read permission | Required read/write permission |
Networking > Topology: Sites & Networks | Networks | Network Settings Read-Only | Network Settings Read/Write |
Sites | Network Settings Read-Only QoS Read-Only Path Selection Read-Only | Network Settings Read/Write QoS Read/Write Path Selection Read/Write |
Networking > App Definitions: Applications | Applications | Network Settings Read-Only | Network Settings Read/Write |
Networking > Network Services: Quality of Service | Enable QoS | QoS Read-Only | QoS Read/Write |
Manage QoS Per Interface | Network Settings Read-Only | Network Settings Read/Write |
QoS Profile | QoS Read-Only | QoS Read/Write |
QoS Remote Site Info | Network Settings Read-Only QoS Read-Only | — |
Networking > Network Services: QoS Profile Details | Profile Name | QoS Read-Only | QoS Read/Write |
QoS Classes | QoS Read-Only | QoS Read/Write |
QoS Rules | QoS Read-Only | Network Settings Read/Write QoS Read/Write |
Path Selection | Enable Path Selection | Network Settings Read-Only | Network Settings Read/Write |
Path Selection Rules | Network Settings Read-Only Path Selection Read-Only | Network Settings Read/Write Path Selection Read/Write |
Uplink Status | Network Settings Read-Only Path Selection Read-Only Reports Read/Write | — |
Outbound QoS Report | | QoS Read-Only | QoS Read/Write |
Inbound QoS Report | | QoS Read-Only | QoS Read/Write |
Host Labels | | Network Settings Read-Only or Path Selection Read-Only | Network Settings Read/Write or QoS Read/Write |
Port Labels | | Network Settings Read-Only or QoS Read-Only | Network Settings Read/Write or QoS Read/Write |
Upgrade considerations
Consider the following before upgrading RiOS:
• You can’t upgrade the SteelHead CX 555 or CX 755 to RiOS version 9.5 or later.
• You can’t upgrade Series x50 or xx50 hardware to RiOS version 9.2 or later.
• If you mix RiOS software versions in your network, the releases might support different optimization features and you can’t take full advantage of the features that aren’t part of the older software versions.
Recommended upgrade paths
To find allowed upgrades between RiOS versions and recommended upgrade paths, use the Software Upgrade tool on the Riverbed Support site at
https://support.riverbed.com. The tool includes all of the recommended intermediate RiOS versions.
Upgrading the RiOS software version
Follow these steps to upgrade your RiOS software. These instructions assume you are familiar with the SteelHead, the CLI, and the Management Console.
To upgrade the RiOS software version
1. Download the software image from the Riverbed Support site to a location such as your desktop. Optionally, in RiOS version 9.2 and later, you can download a delta image directly from the Riverbed Support site to the SteelHead. The downloaded image includes only the incremental changes. The smaller file size means a faster download and less load on the network. To download a delta image, skip to step 2.
2. Log in to the Management Console using the Administrator account (admin).
3. Choose Administration > Maintenance: Software Upgrade page and choose one of these options:
– From URL - Type the URL that points to the software image. Use one of these formats:
http://host/path/to/file
https://host/path/to/file
ftp://user:password@host/path/to/file
scp://user:password@host/path/to/file
– From Riverbed Support Site - Select the target release number from the drop-down list to download a delta image directly to the appliance from the Riverbed Support site. The downloaded image includes only the incremental changes. You don’t need to download the entire image. The system downloads and installs the new image immediately after you click Install. To download and install the image later, schedule another date or time before you click Install.
– From Local File - Browse your file system and select the software image.
– Schedule Upgrade for Later. - Select this check box to schedule an upgrade for a later time. Type the date and time in the Date and Time text boxes using these formats:
YYYY/MM/DD and HH:MM:SS.
4. Click Install to immediately upload and install the software upgrade on your system, unless you schedule it for later.
The software image can be quite large; uploading the image to the system can take a few minutes. Downloading a delta image directly from the Riverbed Support site is faster because the downloaded image includes only the incremental changes and is downloaded directly to the appliance.
As the upgrade progresses, status messages appear.
After the installation is complete, you are reminded to reboot the system to switch to the new version of the software.
5. Choose Administration > Maintenance: Reboot/Shutdown and click Reboot.
The appliance can take a few minutes to reboot. This is normal behavior as the software is configuring the recovery flash device. Don’t press Ctrl-C, unplug, or otherwise shut down the system during this first boot. There’s no indication displayed during the system boot that the recovery flash device is being configured.
After the reboot, the Dashboard, Software Upgrade, and Help pages of the Management Console display the RiOS version upgrade.
Downgrading the RiOS software version
If you are downgrading to a previous version of the RiOS software, you must downgrade to a version of the software that has previously run on your system.
Note: When downgrading from an image that supports four 10 GigE cards to an older image that doesn’t, the message Updating BIOS. Do not interrupt or reboot till the command completes appears. This message indicates that the appropriate BIOS for your software image is being installed.