The Steelhead appliance needs to know its hostname, DNS domain name(s), DNS server(s) and NTP server(s).
The hostname is used to create a self-signed SSL certificate for HTTPS access to GUI of the Steelhead appliance, displayed in the list of the Connected Appliances overview on other Steelhead appliances, used in the SSL certificate for Secure Peering, used during the joining of the Steelhead appliance to an Active Directory domain and used on the login page of the GUI and on the CMC in the appliances list.
The domain names, DNS servers and NTP servers will be important when the Steelhead appliance performs CIFS Pre-population and signed CIFS and encrypted MAPI latency optimization as this involves integration into the Active Directory infrastructure.
Using valid NTP servers is a good practice even without Active Directory integration, as it makes sure that the logging and statistics match with other Steelhead appliances. By default the devices are configured with the NTP server of Riverbed and NTP servers from the pool.ntp.org project. If the Steelhead appliances cannot communicate towards to the public Internet, make sure that they use the internal NTP servers of your network.
The physical management network interfaces of the Steelhead appliance are the primary and the auxiliary network interfaces. As a general habit, you should access the Steelhead appliances via the IP address defined on the primary interface.
The primary interface needs an IP address, subnet mask and default gateway. The auxiliary interface should only be needed to be configured if Data Store Synchronization is enabled or if a separate private network management network is used.
Both the primary interface and the auxiliary interface share the same routing table and it is not possible to use addresses from the same IP subnet on the two interfaces.
When the Steelhead appliance is initiating traffic, for example to send out SNMP traps or when it is downloading software, it uses the IP address of the primary interface as the source IP address.
To force management packets out via the auxiliary interface, the destination IP subnet should have a gateway IP address defined on the auxiliary interface IP subnet:
The in-path interfaces behave partly like a network bridge and partly like a router:
All traffic not going to be optimized is bridged through from the LAN port to the WAN port and vice versa without changing it, not even decreasing the TTL in the header of the IP packet.
All traffic to be optimized will follow the routing configuration and routing decisions as defined on the in-path interface and learned via Simplified Routing.
Each active in-path interface needs an unique IP address, subnet mask and default gateway. Optionally it can have a VLAN tag ID configured on which the IP subnet is defined. Explicit routing entries can be defined for the traffic terminating on or initiated from the in-path interface.
The routing table of each in-path interface is separate and each in-path interface can have an IP address in subnets on the others IP subnets.
Simplified Routing is a feature which can be used to overcome the administrative overhead of having to configure all the IP subnets behind the LAN switch or LAN router or the multiple gateways on the WAN side.
By default, the routing table on an in-path interface has only the default gateway. This works fine if the IP subnet defined on the in-path interface is the same IP subnet as all the hosts behind the Steelhead appliance. If however there are multiple IP subnets behind the Steelhead appliance, either because the IP subnet is defined on the WAN router or because the IP subnet is defined on the LAN router, then all traffic for those subnets will be send to the default gateway before being send to the right IP subnet, traveling via the WAN interface back through the Steelhead appliance before it reaches the LAN router it had to end up in the beginning.
This is further explained in the IP Routing Related Issues section in the Operation Related Chapter.
All interfaces can have either auto-negotiation defined or have a fixed speed and duplex setting defined. These days, general interoperability is not a reason to use a fixed speed and duplex anymore and auto-negotiation should be used everywhere unless not possible. This is especially important for gigabit speed interfaces, which is explained in a later section.
Keep in mind that when a fixed speed and duplex setting is used that the LAN and the WAN interface and the devices connected to them should all be at the same speed and duplex settings.
If the interface speed and duplex settings of the LAN and WAN interfaces are different, no Ethernet link will be established if the Steelhead appliance is rebooted or turned off and all networks behind the Steelhead appliance will be unreachable.
10 Mbps Ethernet and 100 Mbps Fast Ethernet network cards can be configured to a fixed speed and duplex settings which bypasses the negotiation phase of setting up of the Ethernet link between the devices.
There is no such feature as a fixed speed and duplex settings for the 1000 Mbps gigabit and faster NICs, the 802.3ab specification[SOURCE IEEE 802.3ab] stated that auto-negotiation is a requirement.
During the negotiation phase, each network card advertises the speeds it is capable of. With these "fixed speed" gigabit configurations, it will only advertise the 1000 Mbps speed and not the 100 Mbps and 10 Mbps speeds, thus forcing the device on the other side to accept the 1000 Mbps speed.
Riverbed uses license keys to determine which feature-sets are available on the Steelhead appliances in your network. The following licenses are the most common feature sets:
Three license keys are included by default with every Steelhead appliance: The BASE, the CIFS and the MAPI licenses. Without these three licenses the Steelhead appliance won't be able to perform its basic optimization services.
The SSL license allows optimization of SSL encrypted traffic and SSL tunneling for the secure inner channel feature. It can be obtained for without charge from Riverbed for Steelhead appliances installed in countries without USA export restrictions against them.
The RSP license, which can be used to enable the RSP virtualization system.
Model base and configuration upgrade licenses. With the development of the xx50 series models, the upgrade from a certain model to a higher capacity configuration can be done via a license key without the need for a hardware swap.
Licenses are only valid for the Steelhead appliance with the serial number they are ordered for. When a Steelhead appliance needs to be replaced via an RMA, replacement licenses will be submitted during the RMA process.
The list of license keys for a Steelhead appliance can be found on the Riverbed Support website under the assets list.