Control | Description |
Enable Fair Peering v2 (Standard mode only) | Select this option to enable the Fair Peering v2 feature across all load-balancing rules. The Fair Peering v2 feature ensures that no local SteelHead exceeds a dynamically determined maximum number of remote peers. By default, the Interceptor selects the target SteelHead on the basis of peer affinity (based on which candidate SteelHead has been used to optimize connections to or from the remote site in the past). If you enable fair peering v2, this global setting overrides any traditional fair peering enabled on a per-rule basis. |
Enable Pressure Monitoring | Select this option to enable the pressure monitoring feature. When enabled, this feature provides more detailed information about the health of the local SteelHeads, to enable the Interceptor to better manage and balance traffic. Riverbed recommends that you enable pressure monitoring only in conjunction with fair peering v2. |
Enable Capacity Adjustment | If pressure monitoring is enabled, select this option to enable the capacity adjustment feature. When enabled, this feature reduces the number of new connections sent to local SteelHeads for which the Interceptor determines a High pressure value. For a local SteelHead with a High pressure value, this feature artificially and temporarily reduces the capacity of the SteelHead for Interceptor load-balancing calculations. As a result of using a downward-adjusted capacity for a particular SteelHead, the Interceptor moves existing paired peers from that SteelHead to less-used SteelHeads. The Interceptor uses the artificially reduced capacity value for that Interceptor in load-balancing calculations until the SteelHead returns to a Normal pressure value. |
Enable Permanent Capacity Adjustment | If capacity adjustment is enabled, select this option to cause capacity reduction—once triggered for a local SteelHead that reaches a High pressure value—to be permanent. To disable permanent capacity adjustment of a SteelHead, you must issue a service restart on the Interceptor. |
Control | Description |
Add a New Load Balancing Rule | Displays the controls for adding a new rule. |
Type | Select one of these options from the drop-down list: • Redirect - Redirects locally initiated TCP connections to be optimized by a SteelHead. Typically, you configure a redirect rule for source and destination addresses and ports you want to optimize in the Riverbed system. A separate set of load-balancing rules determines the SteelHead to which the connection is to be redirected. • Pass Through - Configure rules of this type as a second-preference rule for cases in which you want to optimize when connections are available on specified targets but, in the event that targets have reached admission control capacity, you would rather pass-through traffic than tax the auto-balance pool. For example, you might use pass-through rules to handle HTTP traffic on port 80. |
Position | Select any of these options from the drop-down list: • Select Start to insert the rule at the start of the list. • Select End to inserts the rule at end of the list. • Select a rule number. In general, list rules in this order: 1. Deny 2. Discard 3. Pass-through 4. Fixed-target 5. Auto-Discover The rule type of a matching rule determines which action the Interceptor takes on the connection. |
Local SteelHeads | Specify a comma-separated list of SteelHead IP addresses to which traffic can be redirected. If a rule matches, connections are redirected to the first SteelHead in the list that has capacity for new connections. If no rule matches, peer affinity applies. If there is no existing peer affinity, the connection is redirected to the SteelHead with the least number of current connections. Note: The target SteelHeads are called cluster SteelHeads. |
From Remote SteelHeads | Select one of these options from the drop-down list: • Any - Rule applies only when matching any SYN or SYN+ (behavior of load-balancing rule before peering was added). • Probe-only - Match any packet with a probe SYN+. • Non-probe - Match only SYN entering from the LAN side. • IP Address - Match the given IP address when a SYN+ comes from that SteelHead. |
Remote SteelHead IPs | If you specify IP Address for the From Remote SteelHeads setting, use this field to specify a comma-separated list of SteelHead IP addresses. |
Source Subnet | Specify the IP address for the source network. Use this format: XXX.XXX.XXX.XXX/XX To configure a rule to apply to all source subnets, specify All. |
Destination Subnet | Specify the IP address for the destination network. Use this format: XXX.XXX.XXX.XXX/XX To configure a rule to apply to all destination subnets, specify All. |
Port or Port Label | Specify the destination port number, port label, or All. If you order rules so that traffic that is passed through, discarded, or denied is filtered first, All represents all remaining ports. |
VLAN Tag ID | Specify a VLAN identification number from 0 to 4094, or All to apply the rule to all VLANs, or Untagged to apply the rule to nontagged connections. Pass-through traffic maintains any preexisting VLAN tagging between the LAN and WAN interfaces. To complete the implementation of VLAN tagging, you must set the VLAN tag IDs for the in-path interfaces that the Interceptor uses to communicate with other Interceptors. For details about configuring the in-path interface for the Interceptor, see Configuring Cluster In-Path Rules. |
Description | Describe the rule to facilitate administration. |
Add | Adds the new rule to the configuration. The new rule displays in the list at the top of the page. |
Move Selected Rules | Moves the selected rules. Click the > next to the desired rule position; the rule moves to the new position. Note: The default rule cannot be reordered and is always listed last. |
Remove Selected Rules | Select the check box next to the name and click Remove Selected Rules. Note: The default rule cannot be removed and is always listed last. |