Policy Pages Reference : Optimization Policy Settings : Peering Rules
  
Peering Rules
You configure peering rules for the selected optimization policy in the Peering Rules page.
Peering rules are an ordered list of fields an appliance uses to match with incoming SYN packet fields (for example, source or destination subnet, IP address, VLAN, or TCP port) as well as the IP address of the probing appliance. Only the first matching rule is applied. This is especially useful in complex networks. For detailed information about peering rules, see the SteelHead Management Console User’s Guide for SteelHead CX.
Automatic peering is disabled by default. For detailed information about enhanced autodiscovery and automatic peering, see the SteelHead Management Console User’s Guide for SteelHead CX.
Settings
Complete the configuration as described in this table.
Control
Description
Enable Enhanced Auto-Discovery
Enables enhanced autodiscovery. With enhanced autodiscovery, the SteelHead automatically finds the furthest SteelHead along the connection path of the TCP connection, and optimization occurs there: for example, in a deployment with four SteelHeads (A, B, C, D), where D represents the appliance that is furthest from A, the SteelHead automatically finds D. This feature simplifies configuration and makes your deployment more scalable.
By default, enhanced autodiscovery peering is enabled. Without enhanced autodiscovery, the SteelHead uses regular autodiscovery. With regular autodiscovery, the SteelHead finds the first remote SteelHead along the connection path of the TCP connection, and optimization occurs there: for example, if you had a deployment with four SteelHeads (A, B, C, D), where D represents the appliance that is furthest from A, the SteelHead automatically finds B, then C, and finally D, and optimization takes place in each.
IPv6 connections using enhanced autodiscovery use an inner IPv4 channel to the peer SteelHead over a TCP connection. Your network configuration must support IPv4 for use with the inner channels between SteelCentral Controller for SteelHead Mobile.
For detailed information about deployments that require enhanced autodiscovery peering, see the SteelHead Deployment Guide.
Enable Extended Peer Table
Enables support for up to 20,000 peers on high-end server-side SteelHeads (models 5050, 5520, 6020, 6050, 6120, 7050, CX models 5055 and 7055) to accommodate large SteelHead client deployments. The RiOS data store maintains the peers in groups of 1,024 in the global peer table.
Riverbed recommends enabling the extended peer table if you have more than 4,000 peers.
By default, this option is disabled and it is unavailable on SteelHead models that do not support it.
Note: Before enabling this feature you must have a thorough understanding of performance and scaling issues. When deciding whether to use extended peer table support, you should compare it with a serial cluster deployment. For details on serial clusters, see the SteelHead Deployment Guide.
After enabling this option, you must clear the RiOS data store and stop and restart the service.
Apply
Applies your settings.
Add Peering Rules
Complete the configuration as described in this table.
Control
Description
Add a New Peering Rule
Displays the controls for adding a new peering rule.
Rule Type
Determines which action the SteelHead takes on the connection. Select one of these rule types from the drop-down list:
•  Auto - Allows built-in functionality to determine the response for peering requests (performs the best peering possible). If the receiving SteelHead is not using automatic autodiscovery, this has the same effect as the Accept peering rule action. If automatic autodiscovery is enabled, the SteelHead only becomes the optimization peer if it is the last SteelHead in the path to the server.
•  Accept - Accepts peering requests that match the source-destination-port pattern. The receiving SteelHead responds to the probing SteelHead and becomes the remote-side SteelHead (that is, the peer SteelHead) for the optimized connection.
•  Passthrough - Allows pass-through peering requests that match the source and destination port pattern. The receiving SteelHead does not respond to the probing SteelHead, and allows the SYN+probe packet to continue through the network.
Insert Rule At
Determines the order in which the system evaluates the rule. Select Start, End, or a rule number from the drop-down list.
The system evaluates rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied and the system moves on to the next rule: for example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted.
The Rule Type of a matching rule determines which action the SteelHead takes on the connection.
Source Subnet
Specify an IP address and mask for the traffic source, or you can specify All-IP as the wildcard for all IPv4 and IPv6 traffic.
Use these formats:
xxxxxx.xxx.xxx/xx (IPv4)
x:x:x::x/xxx (IPv6)
Destination Subnet
Specify an IP address and mask pattern for the traffic destination, or you can specify All-IP as the wildcard for all IPv4 and IPv6 traffic.
Use these formats:
xxx.xxx.xxx.xxx/xx (IPv4)
x:x:x::x/xxx (IPv6)
Port - Specify the destination port number, port label, or all.
Peer IP Address
Specify the in-path IP address of the probing SteelHead. If more than one in-path interface is present on the probing SteelHead, apply multiple peering rules, one for each in-path interface.
The peer client-side SteelHead IP address is IPv4 only.
SSL Capability
Enables an SSL capability flag, which specifies criteria for matching an incoming connection with one of the rules in the peering rules table. This flag is typically set on a server-side SteelHead.
Select one of these options from the drop-down list to determine how to process attempts to create secure SSL connections:
•  No Check - The peering rule does not determine whether the server SteelHead is present for the particular destination IP address and port combination.
•  Capable - The peering rule determines that the connection is SSL-capable if the destination port is 443 (irrespective of the destination port value on the rule), and the destination IP and port do not appear on the bypassed servers list. The SteelHead accepts the condition and, assuming all other proper configurations and that the peering rule is the best match for the incoming connection, optimizes SSL.
•  Incapable - The peering rule determines that the connection is SSL-incapable if the destination IP and port appear in the bypassed servers list. The service adds a server to the bypassed servers list when there is no SSL certificate for the server or for any other SSL handshake failure. The SteelHead passes the connection through unoptimized without affecting connection counts.
Riverbed recommends that you use in-path rules to optimize SSL connections on non-443 destination port configurations.
Cloud Acceleration
After you subscribe to a SaaS platform and enable it, ensure that cloud acceleration is ready and enabled. When cloud acceleration is enabled, connections to the subscribed SaaS platform are optimized by the SteelHead SaaS. You do not need to add an in-path rule unless you want to optimize specific users and exclude others. Select one of these choices from the drop-down list:
•  Auto - If the in-path rule matches, the connection is optimized by the SteelHead SaaS connection.
•  Pass Through - If the in-path rule matches, the connection is not optimized by the SteelHead SaaS, but it follows the other rule parameters so that the connection might be optimized by this SteelHead with other SteelHeads in the network, or it might be passed through.
Domain labels and cloud acceleration are mutually exclusive.
SteelHead SaaS does not support host labels.
Description
Specify a description to help you identify the peering relationship.
Add
Adds a peering rule to the list.
The Management Console redisplays the Peering Rules table and applies your modifications to the running configuration, which is stored in memory.
Remove Selected Rules
Select the check box next to the name and click Remove Selected Rules.
Move Selected Rules
Select the check box next to the rule and click Move Selected Rules. Click the arrow next to the desired rule position; the rule moves to the new position.