Configuring hardware-assist rules
You configure hardware-assist rules under Networking > Network Services > Hardware Assist Rules. This feature only appears on an appliance equipped with one or more Two-Port SR Multimode Fiber 10 Gigabit-Ethernet or Two-Port LR Single Mode Fiber 10 Gigabit-Ethernet PCI-E cards.
Hardware-assist rules can automatically bypass all User Datagram Protocol (UDP) connections. You can also configure rules for bypassing specific Transmission Control Protocol (TCP) connections. Automatically bypassing these connections decreases the work load on the local appliances because the traffic is immediately sent to the kernel of the host machine or out of the other interface before the appliance receives it.
The maximum number of hardware-assist rules is 50.
For a hardware-assist rule to be applied to a specific 10G bypass card, the corresponding in-path interface must be enabled and have an IP address.
Under 10G NIC Hardware Assist Rules Settings, enable pass-through as follows:
• To automatically pass through all UDP traffic, select the Enable Hardware Passthrough of All UDP Traffic check box.
• To pass through TCP traffic based on the configured rules, select the Enable Hardware Passthrough of TCP Traffic Defined in the Rules Below check box. TCP pass-through is controlled by rules. The next step describes how to step up hardware-assist rules.
RiOS ignores all hardware-assist rules unless you select this check box. No TCP traffic is passed through.
Under TCP Hardware Assist Rules, these configuration options are available:
Add a New Rule
Displays the controls for adding a new rule.
Type
Specifies a rule type:
• Accept accepts rules matching the Subnet A or Subnet B IP address and mask pattern for the optimized connection.
• Pass-Through identifies traffic to be passed through the network unoptimized.
Insert Rule At
Determines the order in which the system evaluates the rule. Select Start, End, or a rule number from the drop-down list.
The system evaluates rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied and the system moves on to the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted.
In general, filter traffic that is to be unoptimized, discarded, or denied before processing rules for traffic that is to be optimized.
Subnet A
Specifies an IP address and mask for the subnet that can be both source and destination together with Subnet B.
Use this format: xxx.xxx.xxx.xxx/xx
You can specify all or 0.0.0.0/0 as the wildcard for all traffic.
Subnet B
Specifies an IP address and mask for the subnet that can be both source and destination together with Subnet A.
Use this format: xxx.xxx.xxx.xxx/xx
You can specify all or 0.0.0.0/0 as the wildcard for all traffic.
VLAN Tag ID
Specifies a numeric VLAN tag identification number.
Select all to specify the rule applies to all VLANs.
Select untagged to specify the rule applies to nontagged connections.
Pass-through traffic maintains any preexisting VLAN tagging between the LAN and WAN interfaces.
To complete the implementation of VLAN tagging, you must set the VLAN tag IDs for the in-path interfaces that the appliance uses to communicate with other RiOS appliances. For details about configuring the in-path interface for the appliance, see “Configuring in-path rules” on page 76.
Description
Includes an optional description of the rule.
Add
Adds the new hardware-assist rule to the list. You can add up to a maximum number of 50 rules.
• RiOS applies the same rule to both LAN and WAN interfaces.
• Every 10G card has the same rule set.
The appliance refreshes the hardware-assist rules table and applies your modifications to the running configuration, which is stored in memory.