Defining Networks
You define networks in the Sites & Networks page. On the Sites & Networks page you enable a specific network to be securable, that is, to encrypt traffic for secure transport. You can only define secure networks on the SCC; you cannot define secure networks on the SteelHead.
Networks represent the WAN clouds that sites and site types use to communicate to each other using Primary MPLS, VSAT, or the Internet. Essentially, a network connects two uplinks between two sites.
Networks are very important for path selection and secure transport. A secure network is specifically used for the secure transport. The SCC creates two nonsecure networks: MPLS and Internet. You can create additional secure and nonsecured networks or rename the precreated networks based on your topology requirements.
For secure transport, you must specify that a network is securable to ensure that the network is part of the secure transport group. A secure transport group is a set of SteelHeads that share the same cryptographic keys and have connectivity to each other. Any member of the secure transport group can create a tunnel to any other member of the same group instantaneously, without delay. The traffic does not incur any added latency waiting for the tunnels to establish. For detailed information about configuring secure transport, see
Managing Secure Transport.
You can specify a secure transport concentrator if you do not want to overload your SteelHead in the demilitarized zone (DMZ) so that you can perform secure transport or if you want to off load secure transport to be done for Internet-bound traffic only. For detailed information, see
To configure a secure transport concentrator.
Traffic Aware Backoff Probing
With RiOS 9.2 and SCC 9.2 or later, SteelHeads with path selection enabled automatically perform Traffic Aware Backoff Probing. SteelHeads gradually reduce probing frequency to remote sites that have no traffic, from the default rate of every 2 seconds down to the default Max Backoff interval of every 1800 seconds. You configure the Max Backoff Interval when you define a network on the SCC.
You can change the Max Backoff Interval using the SCC to whatever value is best suited for your network environment.
On the SteelHead, you can view the back-off probe setting using the show path-selection debug networks CLI command.
For detailed information about improving hybrid scaling probing techniques using the Max Backoff Interval in Networks, see
Hybrid Network Path Selection Probing Techniques.
To define a network
1. Choose Manage > Topology: Sites & Networks to display the Sites & Networks page.
The predefined networks appear: MPLS and Internet. You can edit or delete these networks. The SCC does not automatically link default uplinks to these networks.
2. Click + Add a Network to display the New Network pop-up window.
Figure: Adding a Network
3. Complete the configuration as described in this table.
Control | Description |
Network Name | Specify the network name, for example, AT&T or MPLS. The network name must be unique and cannot contain spaces or special characters. |
Securable using Secure Transport | Specify whether this network is securable using secure transport. To enable secure transport, you must specify that a network is securable to ensure that the network is part of the secure transport group. A member of the secure transport group can create a secure path to any other member of the same group instantaneously, without delay. Select public if you want to use UDP encapsulation on the secure traffic using the port number defined for the in-path interface. The secure transport service enables group encryption for path selection deployments. RiOS adds all appliances having a secured uplink to a secure transport group. You can secure traffic flowing between any two appliances in the secure transport group by directing it to a secured uplink using path selection service rules. Secure transport uses UDP to encapsulate traffic on a public network. |
Public Network | Specify if the network represents the Internet. |
Max Backoff Interval | Specify the maximum time, in seconds, that the system backs off probing to sites in case there is no traffic. The default value is 1800 seconds. Uplinks to a remote site are probed at the uplink Timeout default rate of 2 seconds only if there is traffic at the site or if there is path failover, otherwise probing is backed off using the Max Backoff Interval. For the initial configuration push, the probes occur at the default rate of 1800 seconds. After that, the probes occur according to the values you have set for the Max Backoff Interval and the uplink’s Timeout field. |
4. Click Save to save your settings.
To define a secure network
1. Choose Manage > Topology: Sites & Networks to display the Sites & Networks page.
2. Click + Add a Network to display the New Network pop-up window.
Figure: Adding a Networks
3. Specify a network name, select Securable using Secure Transport to ensure that the network is part of the secure transport group, and click Save.
4. Under Sites, select the site you want to associate with the secure network and click Edit Site to display the Edit a Site pop-up window.
5. To associate a new site click + Add a Site to display the Edit a Site pop-up window and specify the site name, type, and region.
6. Under Uplinks, click
+ Add a New Uplink and select the secured network from the Network drop-down list. Define the remaining parameters for the uplink. For details, see
Defining Uplinks.
Figure: Associating the Secure Network to an Uplink
7. Click Save to save your settings.
To edit network settings
1. Choose Manage > Topology: Sites & Networks to display the Sites & Networks page.
2. Click the > next to the network name that you want to edit to expand the page.
Figure: Editing a Network
3. Complete the configuration as described in this table.
Control | Description |
Network Name | Specify the network name, for example, AT&T or MPLS. The network name must be unique and cannot contain spaces or special characters. |
Securable using Secure Transport | Specify whether this network is securable using secure transport. To enable secure transport, you must specify that a network is securable to ensure that the network is part of the secure transport group. A member of the secure transport group can create a secure path to any other member of the same group instantaneously, without delay. Select public if you want to use UDP encapsulation on the secure traffic using the port number defined for the in-path interface. The secure transport service enables group encryption for path selection deployments. RiOS adds all appliances having a secured uplink to a secure transport group. You can secure traffic flowing between any two appliances in the secure transport group by directing it to a secured uplink using path selection service rules. Secure transport uses UDP to encapsulate traffic on a public network. |
Public Network | Specify if the network represents the Internet. |
Max Backoff Interval | Specify the maximum time, in seconds, that the system backs off probing to sites in case there is no traffic. The default value is 1800 seconds. Uplinks to a remote site are probed at the uplink Timeout default rate of 2 seconds only if there is traffic at the site or if there is path failover, otherwise probing is backed off using the Max Backoff Interval. For the initial configuration push, the probes occur at the default rate of 1800 seconds. After that, the probes occur according to the values you have set for the Max Backoff Interval and the uplink’s Timeout field. |
Apply/Revert | Applies or reverts your settings. |
4. Click Save to save your settings.