Configuring Optimization Settings

The load-balancing service requires a configured IP address on the in-path interface (displayed when running the show steelhead communication and show interceptor communication commands). If you are in VLAN segregation mode and you remove the IP address on an in-path interface, when you switch to VLAN segregation the load-balancing service will be inactive. In this case, reconfigure the IP addresses on the in-path interface and restart the service.

This section describes how the SteelHead Interceptor redirects traffic to local SteelHeads based on in-path rules, load-balancing rules, and other parameters, such as hardware-assist pass-through rules and Fair Peering:

• In-path rules—Control whether locally initiated connections are redirected. In-path rules define the action (redirect, pass, deny, or discard) that the SteelHead Interceptor takes when a TCP SYN packet arrives through the LAN interface. In-path rules are an ordered list of matching parameters and an action field. The matching parameters can be any of these:

• Load-balancing rules—Control which traffic is redirected for WAN-optimization and how it is distributed to the SteelHead clusters. Load-balancing rules define the action (pass-through or redirect) that the SteelHead Interceptor takes upon receiving a TCP SYN packet for a connection. Load-balancing redirection rules must also specify at least one SteelHead. For details, see Configuring load-balancing rules.

• Peer affinity, Fair Peering v1, or Fair Peering v2—Control how the SteelHead Interceptor selects the target SteelHead to which traffic is redirected. For details, see Enabling fair peering and pressure monitoring.

• Service rules—Service rules are used with the path selection feature. Service rules are manually configured and they are used to redirect pass-through traffic to the appropriate SteelHead in a cluster. The rules control which traffic flows are redirected for path selection and how the traffic flows are distributed to the SteelHead clusters. The SteelHead chosen then matches its path selection rules to direct traffic to the appropriate uplink. For details, see To add a new service rule on a SteelHead Interceptor.

• Hardware-assist pass-through rules—Control which traffic is passed through in the hardware on supported network bypass cards.

SteelHead Interceptor software supports hardware-assist pass-through traffic forwarding when used with certain bypass cards. This allows the administrator to statically configure all UDP traffic and selected TCP traffic (identified by subnet pairs or VLANs) to be passed through the SteelHead Interceptor at close to line-rate speeds.

The types of redirection control rules control which traffic is redirected and potentially optimized by a SteelHead. Figure: Overview of redirection packet process shows how the control rules are used when a packet arrives on the LAN or WAN interfaces of the SteelHead Interceptor.

The SteelHead Interceptor first checks whether the packets arriving on a LAN or WAN port match a hardware-assist rule. If they match, the SteelHead Interceptor bridges the packet in the hardware corresponding to the port. If not, the SteelHead Interceptor checks whether the packet belongs to a flow being redirected. This could be because the flow is going through autodiscovery, or because the flow previously went through the autodiscovery process and started optimization.

If the packet does not correspond to a redirected flow, the in-path and load-balance rules are used to determine the next action. TCP SYN packets from a LAN interface are processed with the in-path rules and either dropped or passed-through and then forwarded for further processing with the load-balance rules.