About general service settings
Network services settings are under Optimization > Network Services.
General Service Settings page
The network services settings are a group of settings that enable you to configure various aspects of how the appliance’s acceleration service interacts with the network. Some settings are deployment specific.
Here, you can enable in-path, out-of-path, failover, and packet-mode optimization support. Other settings here enable you to set connection limits on half-open connections and the maximum connection pooling size. If your appliances has multiple bypass network interface cards (NICs), you’ll see settings for enabling in-path support for these ports. The number of these interface options depends on the number of pairs of LAN and WAN ports that you have enabled on your appliance.
In-path support
Enable In-Path Support enables optimization on traffic that is in the direct path of the client, server, and SteelHead.
Reset Existing Client Connections on Start Up enables auto kickoff globally. Auto kickoff is also available in the settings for in-path rules. When enabled, this feature resets existing connections, forcing them to go through the connection creation process when you restart the service. When the connections are reestablished, they’re accelerated. Useful when you make changes to an appliance and want those changes applied to existing connections.
Enable L4/PBR/WCCP Support enables optional, virtual in-path support on all the interfaces for networks that use Layer-4 switches, PBR, WCCP, and SteelHead Interceptor. External traffic redirection is supported only on the first in-path interface. These redirection methods are available:
• Layer-4 Switch—You enable Layer-4 switch support when you have multiple SteelHeads in your network, so that you can manage large bandwidth requirements.
• Policy-Based Routing (PBR)—PBR allows you to define policies to route packets instead of relying on routing protocols. You enable PBR to redirect traffic that you want optimized by a SteelHead that is not in the direct physical path between the client and server.
• Web Cache Communication Protocol (WCCP)—If your network design requires you to use WCCP, a packet redirection mechanism directs packets to appliances that aren’t in the direct physical path to ensure that they’re accelerated.
Enable Optimizations on Interface <interface-name> enables in-path support for additional bypass cards. If you have an appliance that contains multiple two-port, four-port, or six-port bypass cards, the Management Console displays options to enable in-path support for these ports. The number of these interface options depends on the number of pairs of LAN and WAN ports that you have enabled in your SteelHead.
The interface names for the bypass cards are a combination of the slot number and the port pairs (inpath<slot>_<pair>, inpath<slot>_<pair>): for example, if a four-port bypass card is located in slot 0 of your appliance, the interface names are inpath0_0 and inpath0_1. Alternatively, if the bypass card is located in slot 1 of your appliance, the interface names are inpath1_0 and inpath1_1. For details about installing additional bypass cards, see the Network and Storage Card Installation Guide.
Out-of-path support
Enable Out-of-Path Support enables out-of-path support on a server-side SteelHead, where only a SteelHead primary interface connects to the network. The SteelHead can be connected anywhere in the LAN. There is no redirecting device in an out-of-path SteelHead deployment. You configure fixed-target in-path rules for the client-side SteelHead. The fixed-target in-path rules point to the primary IP address of the out-of-path SteelHead. The out-of-path SteelHead uses its primary IP address when communicating to the server. The remote SteelHead must be deployed either in a physical or virtual in-path mode.
If you set up an out-of-path configuration with failover support, you must set fixed-target rules that specify the master and backup appliances.
Connection limits
Half-Open Connection Limit per Source IP restricts half-opened connections on a source IP address initiating connections (that is, the client machine). Set this feature to block a source IP address that is opening multiple connections to invalid hosts or ports simultaneously (for example, a virus or a port scanner). This feature doesn’t prevent a source IP address from connecting to valid hosts at a normal rate. Thus, a source IP address could have more established connections than the limit. The default value is 4096.
The appliance counts the number of half-opened connections for a source IP address (connections that check if a server connection can be established before accepting the client connection). If the count is above the limit, new connections from the source IP address are passed through unoptimized.
If you have a client connecting to valid hosts or ports at a very high rate, some of its connections might be passed through even though all of the connections are valid.
Maximum Connection Pool Size specifies the maximum number of TCP connections in a connection pool. Connection pooling enhances network performance by reusing active connections instead of creating a new connection for every request. Connection pooling is useful for protocols that create a large number of short-lived TCP connections, such as HTTP.
To accelerate such protocols, a connection pool manager maintains a pool of idle TCP connections, up to the maximum pool size. When a client requests a new connection to a previously visited server, the pool manager checks the pool for unused connections and returns one if available. The client and the SteelHead don’t have to wait for a three-way TCP handshake to finish across the WAN. If all connections currently in the pool are busy and the maximum pool size has not been reached, the new connection is created and added to the pool. When the pool reaches its maximum size, all new connection requests are queued until a connection in the pool becomes available or the connection attempt times out. The default value is 20. A value of 0 specifies no connection pool.
You must restart the SteelHead after changing this setting.
Viewing the Connection Pooling report can help determine whether to modify the default setting. If the report indicates an unacceptably low ratio of pool hits per total connection requests, increase the pool size.
Failover support
Failover support in IPv6 environments requires that IPv6 connection forwarding is enabled.
Enable Failover Support configures a failover deployment on either a master or backup SteelHead. In the event of a failure in the master appliance, the backup appliance takes its place with a warm data store and can begin delivering fully optimized performance immediately. The master and backup SteelHeads must be the same hardware model.
The Current Appliance is field allows you to select Master or Backup from the drop-down list. A master SteelHead is the primary appliance; the backup SteelHead is the appliance that automatically optimizes traffic if the master appliance fails.
IP Address (peer in-path interface) specifies the IP address for the peer appliance. You must specify the in-path IP address, not the primary interface IP address.
Packet mode optimization
Enable Packet Mode Optimization performs packet-by-packet SDR bandwidth optimization on TCP or UDP over IPv4 or IPv6. This feature uses fixed-target packet mode optimization in-path rules to optimize bandwidth for applications over these transport protocols. Disabled by default. Requires service restart.