Configuring subnet side rules
You configure subnet side rules in the Networking > Network Services: Subnet Side Rules page.
Subnet side rules are used in a virtual in-path deployment to support Flow Export, to support a client-side SteelHead with Riverbed Services Platform (RSP) enabled, or to exempt certain subnets from QoS enforcement or path selection.
Subnet side rules let you configure subnets as LAN-side subnets or WAN-side subnets for a virtual in-path SteelHead. The subnet side rules determine whether traffic originated from the LAN-side or the WAN-side of the SteelHead based on the source subnet. You must configure subnets on each SteelHead in a virtual in-path configuration when RSP is enabled, as the subnets for each will likely be unique.
With subnet side rules in place:
• LAN-bound traffic that traverses the WAN interface of the SteelHead is exempt from QoS enforcement. For details, see
Bypassing LAN traffic.
• client-side SteelHeads configured for virtual in-path deployment and RSP enabled can optimize traffic from client-side connections. Otherwise, the appliance does not optimize traffic from client-side connections. In virtual in-path configurations, all traffic flows in and out of one physical interface, and the default subnet side rule causes all traffic to appear to originate from the WAN side of the device.
• flow export collectors such as NetFlow analyze nonoptimized or passed through traffic correctly. Otherwise, the SteelHead can’t discern whether the traffic is traveling from the LAN to the WAN or in the opposite direction. Without subnet side rules, the SteelHead can over-report traffic in a particular direction or for a particular interface.
The Fake index feature is necessary for correct optimized traffic reporting. The fake index feature is enabled by default if you enable the Flow Export option on the Networking > Network Services: Flow Statistics page For details, see the SteelHead Deployment Guide.
To add subnet side rules
1. Choose Networking > Network Services: Subnet Side Rules to display the Subnet Side Rules page.
Subnet Side Rules page
2. Complete the configuration as described in this table.
Control | Description |
Add a Subnet Side Rule | Displays the controls to create a subnet side rule. |
Insert Rule At | Select Start, End, or a rule number from the drop-down list. SteelHeads evaluate rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule don’t match, the system consults the next rule. For example, if the conditions of rule 1 don’t match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. |
Subnet | Specify the subnet. The subnet can be either an IPv4 or an IPv6 address. Use the following format: <ip address>/<subnet mask> xxx.xxx.xxx.xxx/xx (IPv4) x:x:x:x/xxx (IPv6) |
Subnet is on the LAN side of this appliance | In virtual in-path configurations, all traffic is flowing in and out of one physical interface. Select to specify that the subnet is on the LAN side of the device. |
Subnet is on the WAN side of this appliance | In virtual in-path configurations, all traffic is flowing in and out of one physical interface. Select to specify that the subnet is on the WAN side of the device. |
Add | Adds the rule to the subnet map table. The Management Console redisplays the subnet map table and applies your changes to the running configuration, which is stored in memory. |
Remove Subnet Rules | Select the check box next to the name and click Remove Subnet Rules. |
Move Subnet Rules | Moves the selected rules. Click the arrow next to the desired rule position; the rule moves to the new position. |
You can’t delete the default rule that optimizes all remaining WAN side traffic that has not been selected by another rule. This rule is always listed last.
Related topics