Configuring Network Integration Features : Configuring Hardware-Assist Rules
  
Configuring Hardware-Assist Rules
You configure hardware-assist rules in the Networking: Network Services > Hardware Assist Rules page. This feature only appears on a SteelHead equipped with one or more Two-Port SR Multimode Fiber 10 Gigabit-Ethernet or Two-Port LR Single Mode Fiber 10 Gigabit-Ethernet PCI-E cards.
Hardware-assist rules can automatically bypass all UDP (User Datagram Protocol) connections. You can also configure rules for bypassing specific TCP (Transmission Control Protocol) connections. Automatically bypassing these connections decreases the work load on the local SteelHeads because the traffic is immediately sent to the kernel of the host machine or out of the other interface before the SteelHead receives it.
The maximum number of hardware-assist rules is 50.
To be safe, change hardware-assist rules only during a maintenance window, or during light traffic and with a full understanding of the implications. For details and best practices, see the Knowledge Base article http://supportkb.riverbed.com/support/index?page=content&id=S12992.
Note: For a hardware-assist rule to be applied to a specific 10G bypass card, the corresponding in-path interface must be enabled and have an IP address.
To configure hardware-assist rules
1. Choose Networking > Network Services: Hardware Assist Rules to display the Hardware Assist Rules page.
2. Under 10G NIC Hardware Assist Rules Settings, enable pass-through as follows:
•  To automatically pass through all UDP traffic, select the Enable Hardware Passthrough of All UDP Traffic check box.
•  To pass through TCP traffic based on the configured rules, select the Enable Hardware Passthrough of TCP Traffic Defined in the Rules Below check box. TCP pass-through is controlled by rules. The next step describes how to step up hardware-assist rules.
RiOS ignores all hardware-assist rules unless you select this check box. No TCP traffic is passed through.
3. Under TCP Hardware Assist Rules, complete the configuration as described in this table.
Control
Description
Add a New Rule
Displays the controls for adding a new rule.
Type
Select a rule type:
•  Accept - Accepts rules matching the Subnet A or Subnet B IP address and mask pattern for the optimized connection.
•  Pass-Through - Identifies traffic to be passed through the network unoptimized.
Insert Rule At
Determines the order in which the system evaluates the rule. Select Start, End, or a rule number from the drop-down list.
The system evaluates rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied and the system moves on to the next rule: for example, if the conditions of rule 1 don’t match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted.
In general, filter traffic that is to be unoptimized, discarded, or denied before processing rules for traffic that is to be optimized.
Subnet A
Specify an IP address and mask for the subnet that can be both source and destination together with Subnet B.
Use this format: xxx.xxx.xxx.xxx/xx
Note: You can specify all or 0.0.0.0/0 as the wildcard for all traffic.
Subnet B
Specify an IP address and mask for the subnet that can be both source and destination together with Subnet A.
Use this format: xxx.xxx.xxx.xxx/xx
Note: You can specify all or 0.0.0.0/0 as the wildcard for all traffic.
VLAN Tag ID
Optionally, specify a numeric VLAN tag identification number.
Select all to specify the rule applies to all VLANs.
Select untagged to specify the rule applies to nontagged connections.
Note: Pass-through traffic maintains any preexisting VLAN tagging between the LAN and WAN interfaces.
Note: To complete the implementation of VLAN tagging, you must set the VLAN tag IDs for the in-path interfaces that the SteelHead uses to communicate with other SteelHeads. For details about configuring the in-path interface for the SteelHead, see Configuring In-Path Rules.
Description
Optionally, include a description of the rule.
Add
Adds the new hardware-assist rule to the list. You can add up to a maximum number of 50 rules.
•  RiOS applies the same rule to both LAN and WAN interfaces.
•  Every 10G card has the same rule set.
The SteelHead refreshes the hardware-assist rules table and applies your modifications to the running configuration, which is stored in memory.
Remove Selected Rules
Select the check box next to the name and click Remove Selected Rules.
Move Selected Rules
Moves the selected rules. Click the arrow next to the desired rule position; the rule moves to the new position.