Feature | SteelHead 570-SD, 770-SD, 3070-SD | SDI-2030 | SDI-130 | SDI-330 | SDI-1030 | SDI-5030 | Virtual GW | Cloud GW |
eBGP | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
iBGP | Yes | Yes | No | No | No | No | No | No |
OSPF single area | Yes | Yes | Yes | Yes | Yes | No | No | — |
OSPF multi-area ABR | Yes | Yes | No | No | No | No | No | — |
ASBR | Yes | Yes | Yes* (Underlay routing inter-working solution) | Yes* (Underlay routing inter-working solution) | Yes* (Underlay routing inter-working solution) | No | Yes* (Underlay routing inter-working solution) | No |
Route retraction | Yes | Yes | No | No | No | Yes | No | No |
Default route originate | OSPF/BGP | OSPF/BGP LAN and WAN | OSPF-only LAN | OSPF-only LAN | OSPF-only LAN | BGP only | OSPF-only LAN | No |
Overlay route injection in LAN | Yes | Yes | No | No | No | Yes | No | No |
Local subnet discovery | Yes | Yes | No | No | No | Yes | No | No |
Static routes | Yes | Yes (LAN and WAN) | Yes (3rd-party routes) | Yes (3rd-party routes) | Yes (3rd-party routes) | Yes | Yes (3rd-party routes) | Yes (3rd-party routes) |
VLAN support (LAN side) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | — |
1:1 Active-Active High Availability | Yes | Yes | No (Active-Passive HA) | No (Active-Passive HA) | No (Active-Passive HA) | No (HA cluster) | No (Active-Passive HA) | No (Active-Passive HA AWS) |
Brownfield transit for internet-only branch | Yes (As an edge device only) | Yes | Yes (As an edge device only) | Yes (As an edge device only) | Yes | Yes | Yes (As an edge device only) | Yes (As an edge device only) |
Native VLAN support | No | No | Yes | Yes | No | No | Yes | — |
SD-WAN feature | Description |
Static uplinks on the WAN | If you have static uplinks on the WAN, a default static route is not added automatically in SteelConnect. On SCM, you must manually add static routes to reach networks that aren't present on the SteelConnect overlay network in order to send packets on those WANs. For details, see the Knowledge Base article, S32693. |
WAN AutoVPN memberships | WAN AutoVPN memberships for zones are not supported on SteelHead SD 2.0 and SteelConnect 2.11 appliances. |
Redirection of UDP traffic through the virtual SteelHead | Redirection of UDP traffic through the virtual SteelHead is not supported in SteelHead SD 2.0. You will not be able to optimize UDP traffic using the SteelHead IP blade. |
Classic VPN | Classic VPN is not supported on SteelHead SD 2.0 and SteelConnect 2.11 appliances. |
Flow distribution | Flow distribution for internet traffic across similar uplinks is not supported on SteelHead SD 570-SD, 770-SD, and 3070-SD appliances |
General SD-WAN features | The following general SD-WAN features are not supported on SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-2030 appliances: •PPPoE •LTE uplinks •USB port for tethering (initial ZTP/SCM via USB tethering) •Cloudifi •Agents tab under Sites |
LAN-side settings | The following LAN-side settings are not supported on SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-2030 appliances: •Multiple physical ports in a single zone. •Spanning tree on LAN side. •Multiple physical ports in a zone. •Native VLANs. •zones Import configuration at the Site level. •xLAN option under Site configuration. |
Path preference/path selection restrictions | When WAN optimization is enabled and the application target of a traffic rule is set to SSL, SteelConnect doesn’t correctly classify SSL traffic and the traffic will not travel across the SteelHead optimized path. For details, see the Knowledge Base article, S32180. |
Traffic path rule restrictions | When the SteelHead is located out-of-path, application-based path preference rules are not honored for deployments using WAN optimization with fixed target in-path rule to the SteelHead. You have these configuration options: •Convert your deployment to an in-path or virtual in-path and adjust SteelHead SD WAN optimization in-path rules to remove the fixed target setting. •Adjust the SteelHead SD WAN optimization in-path rules to pass-through and disable WAN optimization for application types you want to have follow the path preference rules. |
Static uplinks on the WAN | If you have static uplinks on the WAN, a default static route is not added automatically in SteelConnect. On SCM, you must manually add static routes to reach networks that aren't present on the SteelConnect overlay network in order to send packets on those WANs. For details, see the Knowledge Base article, S32693. |
Source NAT on underlay traffic | Source NAT on underlay traffic is not supported on SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-203 appliances. SteelHead SD appliances do not perform source NATing on underlay traffic exiting via the Internet uplink if it is destined for a private address, regardless of the configured outbound NAT setting. This is a change from the previous behavior for SteelHead SD 1.0 appliances, if NAT was enabled for an uplink, NAT was performed for all traffic exiting via the Internet uplink. For details on configuring NAT, see the SteelConnect Manager User Guide. |
RADIUS/Authentication server under Sites configuration in SCM | RADIUS/Authentication server under Sites configuration in SCM is not supported on SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-2030 appliances. Consult with your Riverbed sales engineer or Riverbed Professional Services at http://www.riverbed.com/services/index.html. |
SteelHead feature | Feature after upgrading to SteelHead SD 2.0 |
Layer 7 optimization blades | All Layer 7 SteelHead optimization blades are supported. For example, HTTP, SSL, CIFS/SMB, MAPI, Oracle Forms, NFS, Lotus Notes, and storage replication (for example, SnapMirror) all operate normally and are unchanged. The Citrix optimization blade is supported but the ability to support the optimization of Multi-Stream ICA within the blade is no longer possible because the QoS functionality is taken care of by the service virtual machine (SVM) in SteelHead SD. You cannot optimize UDP traffic using the SteelHead IP blade as traffic is not redirected through the virtual SteelHead. |
SteelHead SaaS and the new SaaS Accelerator | SteelHead SD 2.0 supports SteelHead SaaS and the SaaS Accelerator are both supported. The SaaS Accelerator is not availble for SteelConnect 2.11 gateways. |
Web proxy | SteelHead SD supports SteelHead Web proxy. |
CIFS prepopulation | SteelHead SD supports SteelHead CIFS prepopulation. |
Active Directory integration | SteelHead SD supports SteelHead Active Directory integration. Because the virtual SteelHead instance has full control of the primary interface, it supports Active Directory integration and server-side out-of-path deployments. |
Data store synchronization | SteelHead SD supports SteelHead data store synchronization on the primary interface with an adjacent SteelHead appliance. |
Caching DNS service | SteelHead SD supports the SteelHead caching DNS service. With the caching DNS service, because the AUX port is not available to the virtual SteelHead, caching DNS is limited to the primary interface only. |
Transport performance features | SteelHead SD supports SteelHead high speed TCP and bandwidth estimation, satellite features such as SCPS, and single-ended connections. |
Management, reporting, and diagnostics | SteelHead SD supports SteelHead domain, host, and port labels, as well as in-path and peering rules. |
Secure vault | SteelHead SD supports SteelHead secure vault. The secure vault password is retained when you upgrade from SteelHead to SteelHead SD. |
Management access controls | SteelHead SD supports SteelHead management access controls including Radius and TACACS, and role-based access. |
TCP dump export | SteelHead SD supports SteelHead export of TCP dumps. |
SteelHead feature | Feature after upgrading to SteelHead SD 2.0 |
WAN-optimization only mode | WAN-optimization only mode is not supported on SteelHead SD. |
Hybrid networking services (path selection, secure transport, QoS) | Hybrid networking services (path selection, secure transport, QoS) are not supported on SteelHead SD. The network services of QoS, path selection and secure transport replaced by SteelConnect SD-WAN counterparts. Any QoS feature configuration on the original SteelHead must be converted to the new QoS in SCM. MX-TCP, because it was part of QoS, is not supported on SteelHead SD. Citrix Multistream ICA is not supported on SteelHead SD. |
Multiple in-path interfaces for WAN optimization | SteelHead SD doesn’t support multiple in-path interfaces for WAN optimization. Given that SteelHead SD is a Layer 3 gateway, multiple LAN ports and segments can be mapped to a single in-path interface. There is no longer a need for multiple in-path interfaces on an SteelHead SD appliance. After upgrading from SteelHead to SteelHead SD you must reconfigure your multiple in-path interfaces to a single in-path configuration. |
Virtual in-path or WCCP/PBR | Virtual in-path or WCCP/PBR is not supported on SteelHead SD. The concept of virtual in-path is not relevant for the WAN optimization of SteelHead SD. Thus, there is no need for WCCP or PBR. |
Simplified Routing and VLAN transparency | Simplified Routing and VLAN transparency is not supported on SteelHead SD. Because the in-path interface on the virtual SteelHead instance within SteelHead SD doesn’t sit physically in-path on the network, there is no need for Simplified Routing or VLAN transparency. |
IPSec, subnet side rules, MXTCP and link state propagation | IPSec, subnet side rules, MXTCP and link state propagation are not supported on SteelHead SD. |
Serial high availability (HA) | After upgrading, serial HA is not supported on SteelHead SD 2.0. SteelHead appliances in an HA pair must be individually shut down and upgraded separately. Active-active (1:1) HA is supported on SteelHead SD 2.0. |
NIC bypass (fail-to-wire) | Currently, NIC level bypass or fail-to-wire is not supported in SteelHead SD. If at any point the status of the virtual SteelHead instance shows a failure condition, for example a reboot or a crash, the system stops sending traffic that was destined for the virtual SteelHead. Instead, it bypasses the SteelHead thereby ensuring the traffic is not black-holed. You can compare this behavior with a physical SteelHead entering bypass mode. The traditional SteelHead bypass functionality doesn’t apply 1:1 to a SteelHead SD appliance because it is now an SD-WAN appliance that acts as a Layer 3 hop (or a custom edge router in some cases). Enabling NIC bypass mode without proper routing architecture support can lead to unintended traffic path behavior and can have security implications. |
Fail-to-block | If a SteelHead SD appliance fails, the appliance goes into fail-to-block mode. If only the SteelHead WAN optimization service fails, then traffic is passed through unoptimized and the SteelConnect SD-WAN service remains fully operational. If only the SteelConnect SD-WAN service fails, then all traffic on the gateway is blocked. |
Data store synchronization | Data store synchronization is supported only on the primary interface because the AUX interface is not available to the virtual SteelHead. (The AUX port is the dedicated port used in HA configurations; it can also be used as an additional WAN uplink.) |
RADIUS/Authentication server under Sites | RADIUS/Authentication server under Sites configuration in SCM is not supported on SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-2030 appliances. Consult with your Riverbed sales engineer or Riverbed Professional Services at http://www.riverbed.com/services/index.html. |
Redirection of UDP traffic through the virtual SteelHead | Redirection of UDP traffic through the virtual SteelHead is not supported in SteelHead SD 2.0. You cannot optimize UDP traffic using the SteelHead IP blade. |
Source NAT on underlay traffic | Source NAT on underlay traffic is not supported on SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-2030. SteelHead SD appliances do not perform source NATing on underlay traffic exiting via the Internet uplink if it is destined for a private address, regardless of the configured outbound NAT setting. This is a change from the previous behavior for SteelHead SD 1.0 appliances, if NAT was enabled for an uplink, NAT was performed for all traffic exiting via the Internet uplink. For details on configuring NAT, see the SteelConnect Manager User Guide. |
SteelHead Management Console GUI pages | These SteelHead Management Console GUI elements are not supported in SteelHead SD 2.0: •QoS reports. •Flow export settings: Export QoS and application statistics to Cascade Flow Collectors. •Subnet side rules. •WCCP settings. •Connection forwarding settings. •Failover settings. •In-Path Settings: Enabling Link State Propagation. •IPSec settings. •AUX interface setting in the Base Interfaces page. •Caching DNS: Listen on AUX interface check box. |
Riverbed component | Hardware and software requirements |
SteelHead SD appliance | The SteelHead SD 570-SD and 770-SD appliances are desktop models. The SteelHead SD 3070-SD appliance requires a 19-inch (483 mm) four-post rack. For details, see the Rack Installation Guide. |
SteelHead SD Management Console | The Management Console has been tested with all versions of Chrome, Mozilla Firefox Extended Support Release version 38, and Microsoft Internet Explorer 11. JavaScript and cookies must be enabled in your web browser. |
SteelConnect and SteelConnect Manager (SCM) | SteelHead SD requires SteelConnect 2.11. SCM supports the latest version of the Chrome browser. SCM requires a minimum screen resolution of 1280 x 720 pixels. We recommend a maximum of 1600 pixels for optimal viewing. |
SteelCentral Controller for SteelHead (SCC) | We recommend you have SCC 9.7.1 installed. |
NICs | Size (*) | Manufacturing part # | Orderable part # |
Two-Port 10-GbE Fiber SFP+ | HHHL | 410-00036-02 | NIC-1-010G-2SFPP |
Four-Port 10-GbE Fiber SFP+ | HHHL | 410-00108-01 | NIC-1-010G-4SFPP |
Ethernet standard | IEEE standard |
Ethernet Logical Link Control (LLC) | IEEE 802.2 - 1998 |
Fast Ethernet 100BASE-TX | IEEE 802.3 - 2008 |
Gigabit Ethernet over Copper 1000BASE-T (All copper interfaces are autosensing for speed and duplex.) | IEEE 802.3 - 2008 |
Gigabit Ethernet over Fiber 1000BASE-SX (LC connector) | IEEE 802.3 - 2008 |
Gigabit Ethernet over Fiber 1000BASE-LX | IEEE 802.3 - 2008 |
Gigabit Ethernet over Fiber 10GBASE-LR Single Mode | IEEE 802.3 - 2008 |
Gigabit Ethernet over 10GBASE-SR Multimode | IEEE 802.3 - 2008 |