Configuring WAN Optimization
This topic describes how to enable WAN optimization for SteelHead SD 2.0. It includes these sections:
For detailed information on installing and configuring SteelHead SD, see the SteelHead SD Installation Guide.
These instructions assume you have created an organization, site, and LAN zone for the SteelHead SD appliance. For details, see the SteelConnect Manager User Guide and the SteelHead SD User Guide.
Overview
When you enable WAN optimization for SteelHead SD, you perform the initial configuration within SCM. You must also configure settings on the virtual SteelHead instance itself, using the SteelHead Management Console, the CLI, or the SteelCentral Controller for SteelHead (SCC).
When enabling WAN optimization, keep these guidelines in mind:
•To enable WAN optimization, the location where the SteelHead SD is installed must have at least one LAN zone. The in-path IP address in the virtual SteelHead instance must match the address in SCM.
•The LAN port must be configured as a single-zone uplink for the SteelHead WAN optimization service. If you do not enable the LAN port, SteelConnect won’t see either the SteelHead WAN optimization service or the clients on the LAN side of the network.
•The default gateway in the virtual SteelHead instance must be the IP address for the LAN zone in SCM.
•If the LAN port of the SteelHead SD appliance is on a VLAN trunk, make sure to configure the VLAN ID on the virtual SteelHead in-path interface.
•Depending on the in-path rules you have defined, the virtual SteelHead instance optimizes any traffic received from SteelConnect via the LAN interface.
•When WAN optimization is enabled in SCM, there is a momentary interruption to service as the SteelConnect is reconfigured with its SteelHead LAN and WAN interfaces.
When WAN optimization is enabled, a virtual SteelHead instance is automatically provisioned by the system. The primary port on the SteelHead SD appliance is connected directly to the primary interface of the virtual SteelHead instance.
The virtual SteelHead instance is configured with a single in-path interface pair (LAN/WAN). Unlike physical SteelHead appliances or their virtual equivalents that exist outside of an SD-WAN service-chained deployment, the number of in-path interfaces is irrelevant. For consistency and compatibility, the in-path interface pair is configured as LAN0_0 and WAN0_0.
Assigning the in-path IP address and default gateway in SCM
The first step is to assign an in-path IP address within the LAN zone for the site. You choose an IP address for the LAN zone in which the SteelHead SD is installed. You will use this IP address to configure the in-path interface and default gateway on the virtual SteelHead instance.
These instructions assume that you have configured the primary and LAN ports on the SteelHead SD appliance in SCM:
•The LAN port is configured as a single-zone uplink for the SteelHead WAN optimization service. By default, the LAN port is disabled on SteelHead SD appliances unless it is explicitly enabled. If you don't enable the LAN port, SteelConnect won’t see either the SteelHead WAN optimization service or the clients on the LAN side of the network.
•The primary port is configured as SteelHead Primary mode for the SteelHead SD appliance.
If the LAN port attached to the SteelHead SD appliance is in a VLAN trunk, the virtual SteelHead instance must be given an IP address from one of the zones that is part of the trunk, and the virtual SteelHead in-path IP address must also be configured with the corresponding VLAN ID.
For details on configuring the primary and LAN ports, see the SteelHead SD Installation Guide.
To assign the in-path IP address and the default gateway in SCM
1. In SCM, choose Network Design > Zones.
2. Select the zone with the SteelHead SD appliance to expand the pane. The IP tab is displayed.
3. Under IPv4 Network, specify the LAN zone subnet. Write down this IP address. You will use this address when you configure the inpath0_0 interface for WAN optimization on the virtual SteelHead instance.
Assigning the IP address for the in-path IP address and default gateway
For example, if the network IP address is 172.16.20.0/24, you can assign any IP address from 172.16.20.1 to 172.16.20.254 for the SteelHead in-path interface.
4. Under IPv4 Gateway, specify the default gateway. Write down this IP address. You will use this address when you configure the default gateway for WAN optimization on the virtual SteelHead instance.
Enabling WAN Optimization in SCM
You enable WAN optimization in SCM in the Appliances page under the Services tab. You also specify the virtual SteelHead instance in-path IP address. The in-path IP address must be within the LAN zone subnet that you have defined.
The WAN optimization service is disabled by default. When disabled, the WAN optimization service will not participate in any WAN optimization functionality. If disabled, any configuration related to WAN optimization service on this appliance will not be applied.
Only zones that are attached to a physical port can be used to configure the SteelHead SD IP address. Choose Appliances > Port to attach a zone to a port.
To enable WAN optimization
1. Choose Appliances > Overview.
2. Select the SteelHead SD appliance to expand the page.
3. Select the Services tab.
Enabling WAN optimization in SCM
4. Under WAN Optimization Service, fill out these required session attributes:
•WAN Optimization Service - Click Enabled to enable the WAN optimization service for the selected SteelHead SD appliance. When disabled, the WAN optimization service will not participate in any WAN optimization functionality. If disabled, any configuration related to WAN optimization service on this appliance will not be applied.
•SteelHead Zone - Select the zone to which this SteelHead SD appliance belongs. Only zones that are attached to a physical port can be used to configure the SteelHead SD IP address. Choose Appliances > Port to attach a zone to a port.
•SteelHead Inpath IP Address - Specify the SteelHead in-path IP address. The IP address must be within the LAN zone subnet. This value tells SCM what in-path IP address you are using for the virtual SteelHead instance.
5. Click Submit.
After the WAN optimization service has been enabled within SCM, the SteelHead SD triggers the orchestration and provisioning of the virtual SteelHead instance. This action causes a momentary interruption to operations within SteelConnect because it is reconfigured with the SteelHead LAN and WAN interfaces.
As the virtual SteelHead instance boots within SteelHead SD, its primary interface tries to obtain an IP address via DHCP. It is important to ensure the SteelHead SD primary port is attached to a network where a DHCP service is available.
Identifying the primary IP address of the SteelHead
You use the primary IP address to connect to the virtual SteelHead instance. You can identify the primary IP address of the SteelHead in one of the following ways:
•When SteelConnect acts as the DHCP server - You can set the SteelConnect virtual gateway to act as a DHCP server and identify the primary IP address for the SteelHead in SCM. To view the SteelHead primary IP address in SCM, choose Appliances > Overview and select the SteelHead SD appliance. The primary IP address is listed under the IPs tab. For details on configuring SteelConnect to act as a DHCP server, see the SteelHead SD Installation Guide.
•When the SCC is used to manage SteelHeads - If you are using the SCC to manage the WAN optimization service, you can obtain the primary IP address for each appliance in your network. SCC automatically registers all SteelHeads it detects in your network and provides the primary IP address for each in the Appliances page. For details on connecting to SCC, see the SteelCentral Controller for SteelHead User Guide.
•When an external server acts as the DHCP server - You can obtain the MAC address from the appliance and search for the primary IP address on the DHCP server console. You can find the MAC address on the appliance label or you can view it in SCM. To view the MAC address in SCM, choose Ports and select the primary port for the appliance. The MAC address is listed under the Info-Mode tab.
After you have discovered the primary IP address that has been leased to the virtual SteelHead instance, you simply log in to the management console user interface and complete the configuration of the virtual SteelHead instance.
Enabling WAN optimization on the virtual SteelHead instance
To enable WAN optimization for SteelHead SD, you must configure the inpath0_0 interface and default gateway for each appliance in your network using the SCC or the SteelHead Management Console.
Configuring the in-path interface and default gateway
These instructions describe how to configure the in-path interface and default gateway using the SteelHead Management Console.
In the SCC, choose Manage: Appliances > Appliance Pages > In-Path Interfaces to modify the inpath0_0 interface and default gateway. You can push the policy to the selected appliance.
To configure the in-path interface and the default gateway in the SteelHead
1. Using the Primary IP address you obtained from SCM, SCC, or the DHCP server, enter it in the location box of your web browser using HTTPS. The login page for the SteelHead Management Console is displayed.
2. Specify the default user login (admin) and password (password).
3. Click Sign In to display the Dashboard.
4. Choose Networks > Networking: In-Path Interfaces.
In-Path Interfaces page
5. Select the interface to expand the page.
Configuring the in-path interface
7. Type the subnet mask address. The subnet mask on the in-path must match the subnet mask on the zone (typically /24, but it can be whatever you specified in the zone settings).
9. If the LAN port is part of a VLAN trunk, enter the correct VLAN ID for the in-path.
10. Click Apply.
11. You can refine your in-path WAN optimization settings using the SteelHead Management Console. For details, see the SteelHead User’s Guide.
Troubleshooting
The virtual SteelHead instance is accessible for management and diagnostics via primary and in-path interface.
You cannot ping the in-path interface for the virtual SteelHead instance.
You can ping the primary interface for virtual SteelHead instance.
TCP dumps can be taken to verify and examine traffic flows on following interfaces:
–In-path interface of virtual SteelHead instance
–Knet interfaces of the service virtual machine.
To gather and verify information, check these SteelHead reports:
•Current Connections
•In-path Rule Counters
•Throughput