•  Welcome
  • About Riverbed acceleration products
  • About document conventions
  • About documentation and release notes
  • Contacting Riverbed
•  About Acceleration Techniques and Design Fundamentals
  •  About SteelHead data acceleration
    • Data streamlining
    • Transport streamlining
    • Application streamlining
    • Management streamlining
  •  About data store synchronization
    • Data store synchronization requirements
    • Data store error alarms
  • Choosing the right SteelHead model
  • About deployment modes
  •  About the autodiscovery protocol
    • About the autodiscovery process
  •  About autodiscovery and firewall considerations
    • Removal of the Riverbed TCP option probe
    • Stateful firewall device in a multiple in-path environment
  • About multiple in-path discovery behavior
  •  Controlling acceleration
    • In-path rules
    • Default in-path rules
    • Peering rules
    • Kickoff and automatic kickoff features
  •  About controlling acceleration example configurations
    • Configuring high-bandwidth, low-latency environment
    • Configuring pass-through transit traffic
  •  About fixed-target in-path rules
    • Configuring a fixed-target in-path rule for an in-path deployment
    • Fixed-target in-path rule for an out-of-path deployment
  • Best practices for SteelHead deployments
•  About Network Integration Tools
  • About redundancy and clustering
  • About physical in-path deployments
  • About virtual in-path deployments
  • About out-of-path deployments
  • About fail-to-wire and fail-to-block
  • About link state propagation
  •  About connection forwarding
    • Configuring connection forwarding
    • Multiple-interface support within connection forwarding
    • Failure handling within connection forwarding
    • Connection-forwarding neighbor latency
  • About simplified routing
•  About WAN Visibility Modes
  • About WAN visibility
  • About correct addressing
  •  About transparent addressing
    • Port transparency
    • Full address transparency
    • Configuring VLANs and full address transparency
    • Full address transparency with forward reset
  •  About transparent addressing issues
    • Stateful systems
    • Network design issues
    • Integration into networks using NAT
  •  About OOB connections and addressing modes
    • Configuring OOB connection destination transparency
    • Configuring OOB connection full transparency
  • Configuring WAN visibility modes
•  About Networking Topologies
  • About defining a network
  •  About defining a site
    • Configuring the local site
    • Configuring the default site
•  About Application Definitions
  •  About applications
    • Defining an application
    • Application properties
  •  About the application Flow Engine
    • AFE and Microsoft Lync 2010 and 2013
  • Creating host labels
  • Creating port labels
  • Creating domain labels
•  About QoS Configuration and Integration
  • About QoS configuration
  •  About QoS rules
    • Configuring a QoS rule
  •  About QoS classes
    • Class hierarchy
    • QoS class latency priorities
    • QoS queue types
    • QoS queue depth
    • MX-TCP
  •  About QoS profiles
    • Configuring a QoS profile
    • Assigning QoS profiles to a site
  •  Configuring QoS
    • Enabling QoS
    • QoS default classes
  •  About inbound QoS
    • Assigning an inbound QoS profile to a site
  • About LAN bypass
  • About QoS for IPv6
  • About QoS in virtual in-path and out-of-path deployments
  • About QoS in multiple SteelHead deployments
  • About QoS and multiple WAN interfaces
  •  Integrating SteelHeads into existing QoS architectures
    • WAN-side traffic characteristics and QoS
    • QoS integration techniques
    • QoS marking
  • Best practices for QoS enforcement
  • About the maximum number of QoS classes, sites, and rules
•  QoS Configuration Examples
  •  Configuring QoS using best practices
    • Example QoS scenario
    • Configuring QoS on the data center SteelHead
    • Configuring applications
    • Creating QoS profiles
    • Configuring the topology
    • Enabling QoS on the SteelHead
  • Configuring QoS marking on SteelHeads
  • Configuring QoS and MX-TCP
•  About Path Selection
  •  About path selection implementation
    • Path selection workflow
    • Example of a path selection implementation
    • Identifying traffic flow candidates
  • Configuring path selection
  •  Valid path selection deployment design examples
    • Basic multiple route path deployment
    • Complex parallel path deployment
    • Complex single in-path interface deployment
    • Serial deployment
    • Firewall path traversal deployment
  • About path selection and virtual in-path deployment
  • About design validation
  • About design considerations
•  About Physical In-Path Deployments
  •  About the logical in-path interface
    • In-path IP address selection
    • In-path default gateway and routing
  •  About failure modes
    • Fail-to-wire mode
    • Fail-to-block mode
    • Configuring failure modes
  • Configuring link state propagation
  • About EtherChannel
  •  About cabling and duplex mismatches
    • Choosing the correct cables
    • Duplex configuration
    • Troubleshooting cable and duplex issues
  •  About physical in-path deployment configuration examples
    • Configuring a basic physical in-path deployment
    • Configuring a physical in-path with dual links deployment
    • Configuring a serial cluster deployment with multiple links
  •  About in-path redundancy and clustering examples
    • Primary and backup deployments
    • Serial cluster deployments
  • Configuring simplified routing
  •  About multiple WAN router deployments
    • Configuring multiple WAN router deployments without connection forwarding
    • Configuring multiple WAN router deployments with connection forwarding
  •  About 802.1Q trunk deployments
    • Overview of VLAN trunk
    • Configuring a SteelHead on an 802.1Q trunk link
    • Capturing network traces using tcpdump
  •  About Layer-2 WAN deployments
    • Layer-2 WANs
    • Broadcast Layer-2 WANs
  •  About VLAN bridging deployments
    • VLAN bridging considerations
    • VLAN bridging variations
•  About Virtual In-Path Deployments
  • Overview of a virtual in-path deployment
  • Configuring an in-path, load-balanced, Layer-4 switch deployment
  • Configuring flow data exports in virtual in-path deployments
•  About WCCP Virtual In-Path Deployments
  • About WCCP
  •  About WCCP fundamentals
    • Service groups
    • WCCP assignment methods
    • WCCP redirection and return methods
    • WCCP clustering and failover
    • Multiple in-path WCCP
  • About WCCP advantages and disadvantages
  •  Configuring WCCP
    • Basic steps for configuring WCCP
    • Configuring a simple WCCP deployment
    • Adding a SteelHead to an existing WCCP deployment
    • Configuring a WCCP high-availability deployment
    • Configuring a basic WCCP router
  •  Configuring additional WCCP features
    • Specifying the service group password
    • Configuring multicast groups
    • Configuring group lists to limit service group members
    • Configuring access control lists
    • Configuring load balancing in WCCP
  • About flow data in WCCP
  • Verifying and troubleshooting WCCP configurations
•  About Policy-Based Routing Virtual In-Path Deployments
  •  About PBR
    • PBR failover and Cisco Discovery Protocol
    • Alternate PBR failover mechanisms
  • Connecting the SteelHead in a PBR deployment
  •  Configuring PBR
    • Configuring a SteelHead to directly connect to the router
    • Configuring a SteelHead to connect to a Layer-2 switch
    • Configuring a SteelHead to connect to a Layer-3 switch
    • Configuring a SteelHead with object tracking
    • Configuring a SteelHead with multiple PBR interfaces
    • Configuring multiple SteelHeads to connect to multiple routers
    • Configuring PBR for load balancing WAN circuits
    • Configuring local PBR for ICMP redirection in a mixed MTU environment
  • Exporting flow data and virtual in-path deployments
•  About IPv6 Deployments
  • About RFC compliance and feature compatibility
  • About traffic interception
  • About in-path rules
  •  About deployment options
    • Configuring an in-path SteelHead IPv6 deployment
    • Configuring a SteelHead serial cluster IPv6 deployment
    • Configuring a connection forwarding and SteelHead IPv6 deployment
    • Configuring a virtual in-path SteelHead IPv6 deployment
    • Configuring a fixed-target rule SteelHead IPv6 deployment
  • About supported protocols
  • Verification and troubleshooting
•  About Packet Mode Acceleration
  • About TCP proxy mode acceleration
  • Configuring packet mode acceleration
  • About design considerations
  • Best practices for packet mode acceleration
•  About Satellite Acceleration
  • About latency impacts
  • About packet-loss impacts
  • About satellite transport options
  •  About SCPS
    • About SCPS and SteelHeads
  • About TCP acceleration for satellite environments
  • About SCPS discovery
  • About transport acceleration for satellite environments
  • About bandwidth estimation
  •  About configuring error recovery
    • Configuring satellite transmission error recovery
  • About SCPS per connection
  • About SCPS error tolerance
  • About rate pacing
  •  About SCPS single-ended rules
    • SCPS compression
  • Configuring automatic detect TCP acceleration
  • Integrating the SteelHead with existing satellite modem TCP acceleration
  • Licensing SCPS on a SteelHead
  • Configuring transport acceleration
  • Configuring rate pacing
  • Configuring single-ended connection rule table settings
  • Configuring single-ended rules
  • Analyzing connection acceleration information
  • Viewing connection details
  • Viewing connection details using CLI
  • Analyzing packets for discovery probe stripping
  • About the health of satellite signals
  • About short-bottleneck buffer impacts
  • About loss at start of flow impacts
  • About variances in SCPS performance
•  About VPN Routing and Forwarding
  • About virtual routing and forwarding
  •  About NSV with VRF Select
    • Prerequisites for NSV
    • Example NSV network deployment
  • Basic steps for configuring NSV
  • Configuring the data center router
  • Configuring the PBR route map
  • Decoupling VRF from the subinterface to implement NSV
  •  About static routes
    • Defining static routes
    • Monitoring SteelHead availability
    • Configuring the branch office router
    • Configuring the data center SteelHead
    • Configuring the branch office SteelHead
  • About VRF-aware WCCP
  •  About VRF-aware WCCP design examples
    • XYZ Data Services design study (Nexus 7000/NX-OS Example)
    • IJK Enterprise design study (ASR 1000/IOS-XE example)
    • ABC Retail design study (ISR/IOS Example)
  • About VRF-aware WCCP best practices
•  About Out-of-Path Deployments
  • About out-of-path limitations
  • Configuring out-of-path deployments
•  About Data Protection Deployments
  • About LAN-side requirements
  • Configuring a nightly full database backup
  • Configuring a daily file server replication
  • Configuring a very large nightly incremental backup
  • Predeployment questionnaire
  • Configuring SteelHeads for data protection
  • About adaptive data streamlining settings
  •  About CPU settings
    • Compression level
    • Adaptive compression
    • Multicore balancing
  • About best practices for data streamlining and compression
  • About MX-TCP settings
  • About SteelHead WAN buffer settings
  • About router WAN buffer settings
  •  About remote and branch office backups
    • Network attached storage replication
    • Storage area network replication
  •  Designing for scalability and high availability
    • Using MX-TCP in N+M deployments
    • Interceptor and N+M active and backup deployment
    • Interceptor and pass-through connection blocking rules
  •  About enhanced visibility and control for SnapMirror
    • SnapMirror acceleration in Cluster Data ONTAP environments
    • SnapMirror acceleration in Data ONTAP 7-mode environments
  • Troubleshooting and fine-tuning
  • About third-party interoperability
•  About Authentication, Security, Operations, and Monitoring
  • About authentication features
  • About SAML
  • Configuring a RADIUS server with FreeRADIUS
  • Configuring RADIUS authentication in the SteelHead
  • Configuring RADIUS CHAP authentication
  • Configuring TACACS+ with Cisco Identity Services Engine
  • Configuring TACACS+ authentication in the SteelHead
  •  About securing SteelHeads
    • Best practices for securing access to SteelHeads
    • Best practices for enabling SteelHead security features
    • Best practices for policy controls
    • Best practices for security monitoring
    • Configuring SSL certificates for web user interface
  • Changing encryption for domain replication passwords
  • About REST API access
  •  About capacity planning
    • TCP connections
    • WAN capacity limits
    • RiOS data store size
    • Disk performance
  •  About admission control
    • Connection limits
    • Memory limits
  • About exporting flow data
  • About SNMP monitoring
  • Configuring SNMPv3 authentication and privacy
•  Troubleshooting SteelHead Deployment Problems
  •  Duplex mismatches
    • Solution: Manually set matching speed and duplex
    • Solution: Use an intermediary switch
  •  Network asymmetry
    • Solution: Use connection forwarding
    • Solution: Use virtual in-path deployment
    • Solution: Deploy a four-port SteelHead
  • Rogue SteelHead appears on current connections list
  •  Outdated antivirus software
    • Solution: Upgrade antivirus software
  •  Packet ricochets
    • Solution: Add in-path routes
    • Solution: Use simplified routing
  •  Router CPU spikes after WCCP configuration
    • Solution: Use mask assignment instead of hash assignment
    • Solution: Check internetwork operating system compatibility
    • Solution: Use inbound redirection
    • Solution: Use inbound redirection with fixed-target rules
    • Solution: Use inbound redirection with fixed-target rules and redirect list
    • Solution: Base redirection on ports rather than ACLs
    • Solution: Use PBR
  • Server Message Block signed sessions
  •  Unavailable opportunistic locks
    • Solution: None needed
  •  Underutilized fat pipes
    • Solution: Enable high-speed TCP
  • MTU sizing
  • MTU issues
  • Determining MTU size in deployments
  • Connection-forwarding MTU considerations
•  Deploying SteelHead-v in OpenStack
  • Prerequisites and deployment guidelines
  • Deploying SteelHead-v appliances in an OpenStack environment
  •  Using a Heat template to deploy SteelHead-v appliances
    • Heat template deployment guidelines
    • Heat template example
    • Creating an OpenStack stack from a Heat template
    • Deleting an OpenStack stack created by a Heat template
    • Creating OpenStack flavors: CLI examples
•  About Client Accelerator Deployments
  • About Client Accelerator basic deployments
  • About Client Accelerator with VPN deployments
  • About Client Accelerator with firewall deployments
  • About Branch office and remote access deployments
  • About multiple Client Accelerator Controller deployments
  •  Configuring Client Accelerator Controllers for redundancy
    • Preparing to join Client Accelerators in a high-availability cluster
    • Sizing considerations in a high-availability cluster
  •  About endpoint license pooling
    • General process for pooled license distribution
    • License thresholds
    • Pooled license counts during cluster member failure
  • About communication between HA cluster members
  • About ports used with Client Accelerator
  • About interaction between Client Accelerator Controllers and managed endpoints
  • About location awareness
  •  About branch warming
    • Branch warming and Client Accelerator licenses
    • Branch warming and enhanced autodiscovery
  •  About SSL with Client Accelerator
    • Traditional SSL optimization
    • Advanced high-security SSL optimization
  • Configuring Client Accelerator and SSL
  • Using Client Accelerator with SSL proxy devices
  • About Supported TLS versions with Client Accelerator
  • About Multiple Client Accelerators and SSL
  •  Client Accelerator best practices and other considerations
    • Deployment scenarios
    • Management best practices
    • Do not use branch warming if you always want the client to accelerate.
    • Licensing best practices
    • Antivirus software
    • Signed SMB support
    • SSL client authentication support
    • Federal Information Processing Standard (FIPS)
    • Acceleration before user log in
•  About Cisco Intelligent Traffic Director and SteelHead
  • About redirection scenarios
  • About ITD device groups
  • About the use of buckets
  • About probes
  • About access control lists
  •  About ITD service configuration parameters
    • Device group
    • Network interface(s) for ingress traffic
    • Failaction behavior
    • Load-balance method
    • Access-list setting
  • About ITD advantages and disadvantages
  •  Configuration of ITD deployments
    • Basic steps for configuring ITD deployments
    • Configuring a simple ITD deployment
    • SteelHead configuration
    • Nexus configuration
  • Configuring an ITD high-availability deployment
  •  Single SteelHead with interface high availability
    • SteelHead configuration
    • Nexus configuration
  •  Dual SteelHeads and interfaces with high availability
    • SteelHead configuration
    • Nexus configuration
  •  About additional design and configuration settings
    • Correct Addressing and Transparency modes
    • IPv4 and IPv6 deployments
  • About flow data in ITD deployments
  • Verifying and troubleshooting ITD deployments

SteelHead™ Deployment Guide

About Cisco Intelligent Traffic Director and SteelHead