Managing Your Network : Managing Appliances : Managing Appliance Pages : Managing In-Path Interface Settings
  
Managing In-Path Interface Settings
You can edit in-path interface settings in the Editing Appliance Configuration: <hostname>, In-Path Interfaces page.
You configure in-path interfaces for deployments where the SCC is in the direct path (the same subnet) as the client and the server in your network. You also set the in-path gateway (WAN router).
In the Riverbed system, appliances have a unique in-path interface for each pair of LAN/WAN ports. For each appliance, the SCC detects LAN/WAN pairs, including those added through bypass cards, and identifies them according to slot (for example, inpath0_0, inpath0_1, inpath1_0, inpath1_1, and so on).
For management interfaces, use the main routing table. For detailed information about the main routing table, see Managing Base Interfaces.
This page applies to SteelHead, SteelHead EX, and Interceptor.
To configure in-path interfaces
1. Choose Manage > Topology: Appliances to display the Appliances page.
2. Select the name of the appliance you want to edit to expand the page and display the Appliance tabs.
3. Select the Appliance Pages tab to display the Appliance Configuration Pages list.
4. Under Appliance Configuration Pages, click In-Path Interfaces to display the Editing Appliance Configuration: <hostname>, In-Path Interfaces page.
Figure: Displaying the In-Path Interfaces Page
5. To enable link state propagation, under In-Path Settings, complete the configuration as described in this table.
Control
Description
Enable Link State Propagation
Enables this control to shorten the recovery time of a link failure in physical in-path deployments. Link state propagation (LSP) communicates link status between the devices connected to the SteelHead. When you enable this LSP, RiOS monitors the link state of each SteelHead LAN-WAN pair.
If either physical port loses link status, the corresponding interface disconnects, blocking the link. This control allows a link failure to quickly propagate through a chain of devices. If the link recovers, the SteelHead restores the corresponding interface automatically.
LSP is enabled by default.
Note: You cannot reach a MIP interface when LSP is also enabled and the corresponding in-path interface fails.
•  SteelHead (in the cloud) models do not support LSP.
•  SteelHead (virtual edition) appliances running RiOS 8.0.3 with ESXi 5.0 and later using a Riverbed NIC card support LSP.
These SteelHead (virtual edition) appliance configurations do not support LSP:
•  SteelHead-v models running ESX/ESXi 4.0 or 4.1
•  SteelHead-v models running Microsoft Hyper-V
•  SteelHead-v models running RiOS 8.0.2 and earlier
6. Select the interface that you want to edit to expand the page.
Figure: Configuring In-Path Interfaces
7. Complete the configuration as described in this table.
Control
Description
IPv4 Address
Specify an IP address. This IP address is the in-path main interface.
IPv4 Subnet Mask
Specify the subnet mask.
In-Path Gateway IP
Specify the IP address for the in-path gateway. If you have a router (or a Layer-3 switch) on the LAN side of your network, specify this device as the in-path gateway.
Note: If there is a routed network on the LAN-side of the in-path appliance, the router that is the default gateway for the appliance must not have the ACL configured to drop packets from the remote hosts as its source. The in-path appliance uses IP masquerading to appear as the remote server.
Specify IPv6 Address Manually
Select this check box to assign an IPv6 address. IPv6 addresses are disabled by default. You can only assign one IPv6 address per in-path interface.
Note: The primary and in-path interfaces can share the same subnet. The primary and auxiliary interfaces cannot share the same network subnet.
IPv6 Address
Specify a global or site-local IPv6 address. This IP address is the in-path main interface. You cannot use a DHCP server to assign an IPv6 address automatically.
IPv6 Prefix
Specify the prefix. The prefix length is 0 to 128 bits, separated from the address by a forward slash (/). In this example, 60 is the prefix:
2001:38dc:52::e9a4:c5:6282/60
IPv6 Gateway
Specify the IPv6 address for the in-path gateway. You can use a link local address. If you have a router (or a Layer-3 switch) on the LAN side of your network, specify this device as the in-path gateway.
Note: If there is a routed network on the LAN-side of the in-path appliance, the router that is the default gateway for the appliance must not have the ACL configured to drop packets from the remote hosts as its source. The in-path appliance uses IP masquerading to appear as the remote server.
LAN Speed and Duplex
WAN Speed and Duplex
•  Speed - Select Auto, 1000, 100, or 10 from the drop-down list. The default value is Auto.
•  Duplex - Select Auto, Full, or Half from the drop-down list. The default value is Auto.
If your network routers or switches do not automatically negotiate the speed and duplex, be sure to set them on the device manually.
The speed and duplex must match (LAN and WAN) in an in-path configuration. To avoid a speed and duplex mismatch, configure your LAN external pair to match the WAN external pair.
Note: Speed and duplex mismatches can easily occur in a network. For example, if one end of the link is set at half duplex or full duplex and the other end of the link is configured to autonegotiate (auto), the link defaults to half duplex, regardless of the duplex setting on the nonautonegotiated end. This duplex mismatch passes traffic, but it causes interface errors and results in degraded optimization.
These guidelines can help you avoid speed and duplex mismatches when configuring the SteelHead:
•  Routers are often configured with fixed speed and duplex settings. Check your router configuration and set it to match the SteelHead WAN and LAN settings. Make sure that your switch has the correct setting.
•  After you finish configuring the SteelHead, check for speed and duplex error messages (cyclic redundancy check (CRC) or frame errors) in the System Log page of the Management Console.
•  If there is a serious problem with the SteelHead and it goes into bypass mode (that is, it automatically continues to pass traffic through your network), a speed and duplex mismatch might occur when you reboot the SteelHead. To avoid a speed and duplex mismatch, configure your LAN external pair to match the WAN external pair.
MTU
Specify the MTU value. The MTU is the largest physical packet size, measured in bytes, that a network can send. Applies to optimized traffic only. The default value is 1500.
VLAN Tag ID
Specify the VLAN tag that the appliance uses to communicate with other SteelHeads in your network. The VLAN Tag ID might be the same value or a different value than the VLAN tag used on the client. A zero (0) value specifies nontagged (or native VLAN) and is the correct setting if there are no VLANs present.
As an example, if the in-path interface is 192.168.1.1 in VLAN 200, you would specify tag 200.
When the SteelHead communicates with a client or a server, it uses the same VLAN tag as the client or the server. If the SteelHead cannot determine which VLAN the client or server is in, it does not use the VLAN tag (assuming that there is no router between the SteelHead and the client or server).
You must also define in-path rules to apply to your VLANs.
8. Under Management Interface <hostname>, modify the configuration as described in this table..
Control
Description
Enable Appliance Management on This Interface
Enables a secondary MIP interface that you can reach through the physical in-path LAN and WAN interfaces. Configuring a secondary MIP interface allows management of SteelHeads from a private network while maintaining a logical separation of network traffic.
Note: If LSP or fail-to-block is enabled, a message reminds you to disable the feature before enabling the MIP interface.
IPv4 Address
Specify the IP address for the MIP interface.
IPv4 Subnet Mask
Specify the subnet mask.
VLAN Tag ID
Specifies a numeric VLAN Tag ID.
When you specify the VLAN Tag ID for the MIP interface, all packets originating from the SteelHead from the MIP interface are tagged with that identification number. The VLAN Tag ID might be the same value or a different value than the in-path interface VLAN tag ID. The MIP interface could be untagged and the in-path interface could be tagged and vice versa. A zero (0) value specifies nontagged (or native VLAN) and is the correct setting if there are no VLANs present.
For example, if the MIP interface is 192.168.1.1 in VLAN 200, you would specify tag 200.