Configuring Hardware Assist rules

About Network Integration Features : Configuring Hardware Assist rules

Settings for hardware-assist rules (HAP) are under Networking: Network Services > Hardware Assist Rules. Hardware-assist rules can automatically bypass all UDP (User Datagram Protocol) connections. You can also configure rules for bypassing specific TCP (Transmission Control Protocol) connections. Automatically bypassing these connections decreases the work load on the local SteelHeads because the traffic is immediately sent to the kernel of the host machine or out of the other interface before the SteelHead receives it. To configure hardware assist rules using the Riverbed CLI, see the Riverbed Command-Line Interface Reference Manual.

This feature only appears on SteelHeads equipped with compatible NICs.

SteelHeads equipped with one or more of the following NICs can use HAP rules:

• Two-Port LR4 Fiber 40 Gigabit-Ethernet PCI-E

• Two-Port SR4 Fiber 40 Gigabit-Ethernet PCI-E

• Four-Port SR Multimode Fiber 10 Gigabit-Ethernet PCI-E

• Two-Port LR Single Mode Fiber 10 Gigabit-Ethernet PCI-E

• Two-Port SR Multimode Fiber 10 Gigabit-Ethernet PCI-E

Two-Port LR Single Mode Fiber 10 Gigabit-Ethernet PCI-E and the Two-Port SR Multimode Fiber 10 Gigabit-Ethernet PCI-E cards only support IPv4 rules.

With IPv4 traffic, a maximum of 240 HAP rules can be configured.

To be safe, change hardware-assist rules only during a maintenance window, or during light traffic and with a full understanding of the implications. For details, go to Knowledge Base article S12992.

Under Hardware Assist Rules Settings, enable pass-through as follows:

• To automatically pass through all UDP traffic, select the Enable Hardware Passthrough of All UDP Traffic check box.

• To pass through TCP traffic based on the configured rules, select the Enable Hardware Passthrough of TCP Traffic Defined in the Rules Below check box. TCP pass-through is controlled by rules. The next step describes how to step up hardware-assist rules.

RiOS ignores all hardware-assist rules unless you select this check box. No TCP traffic is passed through.

Under TCP Hardware Assist Rules, these options are available to complete the configuration:

Add a New Rule

Displays the controls for adding a new rule.

Type

Selects a rule type:

• Accept accepts rules matching the Subnet A or Subnet B IP address and mask pattern for the optimized connection.

• Pass-Through identifies traffic to be passed through the network unoptimized.

Insert Rule At

Determines the order in which the system evaluates the rule. Select Start, End, or a rule number from the drop-down list.

The system evaluates rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied and the system moves on to the next rule: for example, if the conditions of rule 1 don’t match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted.

In general, filter traffic that is to be unoptimized, discarded, or denied before processing rules for traffic that is to be optimized.

Type

Specifies Accept or Pass-through.

Position

Specifies a position for the rule, Start, a specific number, or End.

Subnet A

Specifies an IP address and mask for the subnet that can be both source and destination together with Subnet B.

• All IPv4 passes through all IPv4 traffic.

• IPv4 specifies an IPv4 address and mask for the subnet that can be both source and destination together with Subnet B. Use this format: xxx.xxx.xxx.xxx/xx

Subnet B

Specifies an IP address and mask for the subnet that can be both source and destination together with Subnet A.

• All IPv4 passes through all IPv4 traffic.

• IPv4 specifies an IPv4 address and mask for the subnet that can be both source and destination together with Subnet B. Use this format: xxx.xxx.xxx.xxx/xx

VLAN Tag ID

Specifies a numeric VLAN tag identification number.

Select all to specify the rule applies to all VLANs.

Select untagged to specify the rule applies to nontagged connections.

Pass-through traffic maintains any preexisting VLAN tagging between the LAN and WAN interfaces.

To complete the implementation of VLAN tagging, you must set the VLAN tag IDs for the in-path interfaces that the SteelHead uses to communicate with other SteelHeads. For details about configuring the in-path interface for the SteelHead, see About in-path rule settings.

Description

Optionally includes a description of the rule.

Add

Adds the new hardware-assist rule to the list. You can add up to a maximum number of 50 rules.

• RiOS applies the same rule to both LAN and WAN interfaces.

• Every 10G card has the same rule set.

The SteelHead refreshes the hardware-assist rules table and applies your modifications to the running configuration, which is stored in memory.