Managing Your Network : Managing Interceptor Clusters : Configuring Cluster Load Balancing Rules
  
Configuring Cluster Load Balancing Rules
You configure load-balancing rules for your cluster using the Clusters Page tab.
Any changes made to the cluster configuration pages modify all the Interceptors after a cluster push.
Load-balancing rules define the characteristics by which traffic is selected for load balancing and the availability of a LAN-side SteelHead for such traffic.
Overview of Load-Balancing Rules
Your load-balancing rules must account for these conditions:
•  Traffic over all subnets and ports that have been selected for redirection
•  All SteelHeads you have configured as targets of redirect rules or reserved for the automatic load-balancing rule:
–  If a cluster SteelHead is specified as a target for a rule, it is reserved for traffic that matches that rule and is not available to the pool used for automatic load balancing.
–  If a cluster SteelHead is not specified as a target for a rule, it is available for automatic load balancing.
•  Second-preference cases in which you would rather pass through traffic than tax the auto-load balancing pool.
For detailed information, see the SteelHead Interceptor User’s Guide.
To configure cluster load-balancing rules
1. Choose Manage > Appliances: Clusters to display the Clusters page.
2. Click the cluster name to expand the page and display the cluster tabs.
3. Select the Cluster Pages tab to expand the page.
4. Select Load Balancing Rules to display the Editing Cluster: <cluster name>, Load Balancing Rules page.
Figure: Enable Load-Balancing
Tip: You can select the cluster name and page to edit at the top of the Editing Cluster: <cluster name>, Inpath Rules (Interceptor) page at the top of the page.
5. Complete the configuration as described in this table.
Control
Description
Enable Fair Peering v2
(Standard mode only)
Select this option to enable the Fair Peering v2 feature across all load-balancing rules. The Fair Peering v2 feature ensures that no local SteelHead exceeds a dynamically determined maximum number of remote peers.
By default, the Interceptor selects the target SteelHead on the basis of peer affinity (based on which candidate SteelHead has been used to optimize connections to or from the remote site in the past).
If you enable fair peering v2, this global setting overrides any traditional fair peering enabled on a per-rule basis.
Enable Pressure Monitoring
Select this option to enable the pressure monitoring feature.
When enabled, this feature provides more detailed information about the health of the local SteelHeads, to enable the Interceptor to better manage and balance traffic.
Riverbed recommends that you enable pressure monitoring only in conjunction with fair peering v2.
Enable Capacity Adjustment
If pressure monitoring is enabled, select this option to enable the capacity adjustment feature.
When enabled, this feature reduces the number of new connections sent to local SteelHeads for which the Interceptor determines a High pressure value. For a local SteelHead with a High pressure value, this feature artificially and temporarily reduces the capacity of the SteelHead for Interceptor load-balancing calculations. As a result of using a downward-adjusted capacity for a particular SteelHead, the Interceptor moves existing paired peers from that SteelHead to less-used SteelHeads.
The Interceptor uses the artificially reduced capacity value for that Interceptor in load-balancing calculations until the SteelHead returns to a Normal pressure value.
Enable Permanent Capacity Adjustment
If capacity adjustment is enabled, select this option to cause capacity reduction—once triggered for a local SteelHead that reaches a High pressure value—to be permanent.
To disable permanent capacity adjustment of a SteelHead, you must issue a service restart on the Interceptor.
6. Click Apply to apply your settings to the running configuration.
7. Under Load Balance Rules, click + Add a New Load Balancing Rule to expand the page.
Figure: Configuring Load Balance Rules
8. Complete the configuration as described in this table.
Control
Description
Add a New Load Balancing Rule
Displays the controls for adding a new rule.
Type
Select one of these options from the drop-down list:
•  Redirect - Redirects locally initiated TCP connections to be optimized by a SteelHead. Typically, you configure a redirect rule for source and destination addresses and ports you want to optimize in the Riverbed system. A separate set of load-balancing rules determines the SteelHead to which the connection is to be redirected.
•  Pass Through - Configure rules of this type as a second-preference rule for cases in which you want to optimize when connections are available on specified targets but, in the event that targets have reached admission control capacity, you would rather pass-through traffic than tax the auto-balance pool. For example, you might use pass-through rules to handle HTTP traffic on port 80.
Position
Select any of these options from the drop-down list:
•  Select Start to insert the rule at the start of the list.
•  Select End to inserts the rule at end of the list.
•  Select a rule number.
In general, list rules in this order:
1. Deny 2. Discard 3. Pass-through 4. Fixed-target 5. Auto-Discover
The rule type of a matching rule determines which action the Interceptor takes on the connection.
Local SteelHeads
Specify a comma-separated list of SteelHead IP addresses to which traffic can be redirected. If a rule matches, connections are redirected to the first SteelHead in the list that has capacity for new connections. If no rule matches, peer affinity applies. If there is no existing peer affinity, the connection is redirected to the SteelHead with the least number of current connections.
Note: The target SteelHeads are called cluster SteelHeads.
From Remote SteelHeads
Select one of these options from the drop-down list:
•  Any - Rule applies only when matching any SYN or SYN+ (behavior of load-balancing rule before peering was added).
•  Probe-only - Match any packet with a probe SYN+.
•  Non-probe - Match only SYN entering from the LAN side.
•  IP Address - Match the given IP address when a SYN+ comes from that SteelHead.
Remote SteelHead IPs
If you specify IP Address for the From Remote SteelHeads setting, use this field to specify a comma-separated list of SteelHead IP addresses.
Source Subnet
Specify the IP address for the source network. Use this format: XXX.XXX.XXX.XXX/XX
To configure a rule to apply to all source subnets, specify All.
Destination Subnet
Specify the IP address for the destination network. Use this format: XXX.XXX.XXX.XXX/XX
To configure a rule to apply to all destination subnets, specify All.
Port or Port Label
Specify the destination port number, port label, or All.
If you order rules so that traffic that is passed through, discarded, or denied is filtered first, All represents all remaining ports.
VLAN Tag ID
Specify a VLAN identification number from 0 to 4094, or All to apply the rule to all VLANs, or Untagged to apply the rule to nontagged connections.
Pass-through traffic maintains any preexisting VLAN tagging between the LAN and WAN interfaces.
To complete the implementation of VLAN tagging, you must set the VLAN tag IDs for the in-path interfaces that the Interceptor uses to communicate with other Interceptors.
For details about configuring the in-path interface for the Interceptor, see Configuring Cluster In-Path Rules.
Description
Describe the rule to facilitate administration.
Add
Adds the new rule to the configuration. The new rule displays in the list at the top of the page.
Move Selected Rules
Moves the selected rules. Click the > next to the desired rule position; the rule moves to the new position.
Note: The default rule cannot be reordered and is always listed last.
Remove Selected Rules
Select the check box next to the name and click Remove Selected Rules.
Note: The default rule cannot be removed and is always listed last.