Control | Description |
Enable QoS Shaping and Enforcement | Enables QoS classification to control the prioritization of different types of network traffic and to ensure that the SteelHead gives certain network traffic (for example, Voice over IP) higher priority than other network traffic. Traffic is not classified until at least one WAN interface is enabled. To disable QoS, clear this check box and restart the optimization service. |
WAN Bandwidth (kbps) | Specify the interface bandwidth link rate in kilobits per second. The link rate is the bottleneck WAN bandwidth, not the interface speed out of the WAN interface into the router or switch. As an example, if your SteelHead connects to a router with a 100-Mbps link, do not specify this value—specify the actual WAN bandwidth (for example, T1 or T3). Important: Different WAN interfaces can have different WAN bandwidths; you must enter the bandwidth link rate correctly for QoS to function properly. |
Enable QoS on <interface> | Specify a WAN interface <X-Y> to enable. |
Enable Local WAN Oversubscription | Optionally, select to allow the sum of remote site bandwidths to exceed the WAN uplink speed. Bandwidth oversubscription shares the bandwidth fairly when the network includes remote site bandwidths that collectively exceed the available bandwidth of the local WAN uplink interface speed. The link sharing provides bandwidth guarantees when some of the sites are partially or fully inactive. As an example, your data center uplink can be 45 Mbps with three remote office sites each with 20 Mbps uplinks. When disabled, you can only allocate bandwidth for the remote sites such that the total bandwidth does not exceed the bandwidth of any of the interfaces on that QoS is enabled. Note: Enabling this option can degrade latency guarantees when the remote sites are fully active. |
Enable QoS Marking | Identify traffic using marking values. You can mark traffic using header parameters, such as VLAN, DSCP, and protocols. In RiOS 7.0, you can also use Layer-7 protocol information through AppFlow Engine (AFE) inspection to apply DSCP marking values to traffic flows. In RiOS 7.0 and later, the DSCP or IP TOS marking only has local significance. This means you can set the DSCP or IP TOS values on the server-side appliance to values different to those set on the client-side appliance. |
Global DSCP | Specify a DSCP value from 0 to 63, or No Setting. If your existing network provides multiple classes of service based on DSCP values, and you are integrating a SteelHead into your environment, you can use the Global DCSP feature to prevent dropped packets and other undesired effects. |
Control | Description |
Add Site | Displays the controls to define a remote site. |
Name | Specify the site name. The site name can contain spaces. |
Position | Select Start, End, or the rule number from the drop-down list. Appliances evaluate rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. The default site, that is tied to the Medium Office policy, cannot be removed and is always listed last. |
Subnet | Specify a maximum of five destination subnets that represent individual sites. You cannot edit the subnet for the default site. |
Remote Link Bandwidth | Specify the maximum WAN bandwidth in kilobits per second. |
Service Policy | Optionally, select a service policy from the drop-down list. The default policy is Large Office. |
Service Class | Specify a service class for the application from the drop-down list (highest priority to lowest): • Realtime - Specifies real-time traffic class. Give this value to your highest priority traffic: for example, VoIP or video conferences. • Interactive - Specifies an interactive traffic class: for example, Citrix, RDP, Telnet, and SSH. • Business Critical - Specifies the high priority traffic class: for example, Thick Client Applications, ERPs, and CRMs. • Normal Priority - Specifies a normal priority traffic class: for example, Internet browsing, file sharing, and email. • Low Priority - Specifies a low priority traffic class: for example, FTP, backup, replication, other high-throughput data transfers, and recreational applications such as audio file sharing. • Best Effort - Specifies the lowest priority. These are minimum service class guarantees; if better service is available, it is provided: for example, if a class is specified as low priority and the higher priority classes are not active, then the low priority class receives the highest possible available priority for the current traffic conditions. This parameter controls the priority of the class relative to the other classes. The service class describes only the delay sensitivity of a class, not how much bandwidth it is allocated, nor how important the traffic is compared to other classes. Typically you configure low priority for high-throughput, non-packet delay sensitive applications like FTP, backup, and replication. |
DSCP | Specify a DSCP value from 0 to 63, Reflect, or Inherit from Service Class for site traffic that does not match any application. |
Path | Specify the default paths for site traffic that does not match any application. |
Relay traffic from the interface normally | Specify to send traffic unmodified out of the WAN side of whichever in-path it came in on. This is the default setting. |
Drop traffic | Specify to drop packets in case of failure of all three (primary, secondary, tertiary) paths. Select this option when you do not want the traffic to pass on any of the uplinks specified in the rule, not just the primary. |
Add | Adds the site to the list. The SCC redisplays the Sites table and applies your modifications to the running configuration, that is stored in memory. This button is dimmed and unavailable until you enter the WAN bandwidth. |
Remove Site | Select the check box next to the name and click Remove Site. |
Move Site | Moves the selected sites. Click the > next to the desired rule position; the site moves to the new position. |
Control | Description |
Add a Site | Displays the controls to define a remote site. |
Name | Specify the name. |
Description | Specify a description. |
For Traffic with the following characteristics: | |
Local Subnet or Host Label | Specify an IP address and mask for the traffic source, or you can specify all or 0.0.0.0/0 as the wildcard for all traffic. Use this format: xxx.xxx.xxx.xxx/xx. —or— Specify a host label. |
Port or Port Label | Optionally, specify all source ports, a single source port value or a port range of port1-port2, where port1 must be less than port2. The default setting is all ports. —or— Specify a port label. |
Remote Subnet or Host Label | Specify an IP address and mask pattern for the traffic destination, or you can specify all or 0.0.0.0/0 as the wildcard for all traffic. Use this format: xxx.xxx.xxx.xxx/xx. —or— Specify a host label. |
Protocol | Select All, TCP, UDP GRE, ICMP, IPSec AH, IPSec ESP, or a protocol number from the drop-down list. The default setting is All. |
VLAN Tag ID | Optionally, specify a VLAN tag as follows: • Specify a numeric VLAN tag identification number from 0 to 4094. • Specify all to specify the rule applies to all VLANs. • Specify none to specify the rule applies to untagged connections. RiOS supports VLAN v802.1Q. To configure VLAN tagging, configure transport rules to apply to all VLANs or to a specific VLAN. By default, rules apply to all VLAN values unless you specify a particular VLAN ID. Pass-through traffic maintains any preexisting VLAN tagging between the LAN and WAN interfaces. |
DSCP | Optionally, specify a DSCP value from 0 to 63, or all to use all DSCP values. |
Traffic Type | Select Optimized, Passthrough, or All from the drop-down list. The default setting is All. |
Application | Select an application from the drop-down list of global applications. To narrow the search, type the first characters in the application name. You can define and add any applications that do not appear in the list. Selecting HTTP expands the control to include the Domain Name and Relative Path controls. Enter the domain name and relative path. The relative path is the part of the URL that follows the domain name. To facilitate configuration, you can use wildcards in the name and relative path controls; for example, *.akamaitechnologies.com Will match: Anything.akamaitechnologies.com Examples: a.akamaitechnologies.com a.b.akamaitechnologies.com a.b.c.akamaitechnologies.com a.b.c.d.akamaitechnologies.com Using more than one wildcard; for example, *.*.akamaitechnologies.com Will match: Anything.Anything.akamaitechnologies.com Note that you must include the second “.” Examples: a.b.akamaitechnologies.com a.b.c.akamaitechnologies.com a.b.c.d.akamaitechnologies.com But not: a.akamaitechnologies.com Selecting SSL expands the control to allow classification of pass-through SSL traffic matching the TLS/SSL server common name. In the Common Name control, specify the common name of a certificate. To facilitate configuration, you can use wildcards in the name; for example, *.nbttech.com. If you have three origin servers using different certificates such as webmail.nbttech.com, internal.nbttech.com, and marketingweb.nbttech.com, on the server-side SteelHeads, all three server configurations can use the same certificate name *.nbttech.com. You cannot classify SSL optimized traffic using the Common Name control. Instead, you can create a QoS HTTP rule to match the domain and server name. |
Apply these QoS Settings: | |
Service Class | The service class indicates how delay-sensitive a traffic class is to the QoS scheduler. Select a service class for the application from the drop-down list (highest priority to lowest): • Realtime - Specifies real-time traffic class. Give this value to your highest priority traffic: for example, VoIP or video conferences. • Interactive - Specifies an interactive traffic class: for example, Citrix, RDP, Telnet, and SSH. • Business Critical - Specifies the high priority traffic class: for example, Thick Client Applications, ERPs, and CRMs. • Normal Priority - Specifies a normal priority traffic class: for example, Internet browsing, file sharing, and email. • Low Priority - Specifies a low priority traffic class: for example, FTP, backup, replication, other high-throughput data transfers, and recreational applications such as audio file sharing. • Best Effort - Specifies the lowest priority. These are minimum service class guarantees; if better service is available, it is provided: for example, if a class is specified as low priority and the higher priority classes are not active, then the low priority class receives the highest possible available priority for the current traffic conditions. This parameter controls the priority of the class relative to the other classes. The service class describes only the delay sensitivity of a class, not how much bandwidth it is allocated, nor how important the traffic is compared to other classes. Typically you configure low priority for high-throughput, non-packet delay sensitive applications like FTP, backup, and replication. |
DSCP | Optionally, specify a DSCP value from 0 to 63, Inherit from Service Class, or Reflect. |
Apply these Path Selections: | |
Path 1, Path 2, Path 3 | Specify the path preference order (only one path will be used). |
If paths are configured and all down: | |
Relay traffic from the interface normally | Specify to send traffic unmodified out of the WAN side of whichever in-path it came in on. This is the default setting. |
Drop traffic | Specify to drop packets in case of failure of all three (primary, secondary, tertiary) paths. Select this option when you do not want the traffic to pass on any of the uplinks specified in the rule, not just the primary. |
Add | Adds a site. |
Control | Description |
Add Service Policy | Displays the controls to add a service policy. |
Name | Specify the policy name: for example, New York Office. |
Realtime | Specify the percentage to allocate for the guaranteed and maximum bandwidth. The guaranteed bandwidth is the percentage of the bandwidth that is guaranteed to be allocated to the applications in the traffic class. A lower value indicates that the traffic in the class is more likely to be delayed. The maximum bandwidth is the maximum percentage of the bandwidth that can be allocated to the applications in the traffic class. |
Interactive | Specify the percentage to allocate for the guaranteed and maximum bandwidth. |
Business-Critical | Specify the percentage to allocate for the guaranteed and maximum bandwidth. |
Normal | Specify the percentage to allocate for the guaranteed and maximum bandwidth. |
Low-Priority | This is the default service policy; specify the percentage to allocate for the guaranteed and maximum bandwidth. |
Best Effort | Specify the percentage to allocate for the guaranteed and maximum bandwidth. |
Add | Adds the service policy to the list. The SCC redisplays the Policies table and applies your modifications to the running configuration, that is stored in memory. |
Remove Service Policy | Select the check box next to the name and click Remove Service Policy. |