DeployingSteelheadsWithProfilers.pdf

7/28/2019 DeployingSteelheadsWithProfilers.pdf

1/12

Partner TechnicalWhite Paper Deploying Riverbed Steelheal Appliances with Mazu Profiler

2008 Riverbed Technology,Inc. All rights reserved. 1

Partner Technical White Paper

Deploying Riverbed Steelhead Applianceswith Mazu Profiler

A Riverbed TechnologyWhite Paper


2/12


TABLE OF CONTENTS

Partner Technical White Paper............................................................................................................................................................................. 1

Deploying Riverbed Steelhead Appliances with Mazu Profiler......................................................................................................................... 1

1. Introduction........................................................................................................................................................................................................ 3

2. Configuring Steelhead Appliances for Netflow.............................................................................................................................................. 4I. Netflow and Steelhead Appliances................................................................................................................................................................... 4

II. Enabling Netflow on Riverbed Steelhead Appliances..................................................................................................................................... 4

III. Steelhead Appliance Deployment Scenarios................................................................................................................................................. 6

1. In-path....................................................................................................................................................................................................... 62. Virtual in-path............................................................................................................................................................................................ 63. Out of path................................................................................................................................................................................................. 7

3. Configuring Mazu Profiler................................................................................................................................................................................. 7

I. Configuring the WAN Interface Speed of the Steelhead Interface Exporting Netflow Data............................................................................. 7

II. Link-Based Reporting for the Data Center in a Fan-In Model......................................................................................................................... 8

4. Deployment Scenarios.................................................................................................................................................................................... 10

I. Point-to-Point Links........................................................................................................................................................................................ 10

II. Hub-and-Spoke............................................................................................................................................................................................. 10Branch Office............................................................................................................................................................................................... 10Central Site.................................................................................................................................................................................................. 10

III. MPLS............................................................................................................................................................................................................ 11

5. Additional Mazu Profiler Capabilities............................................................................................................................................................. 11

I. Application Fingerprinting............................................................................................................................................................................... 11

II. User Identity................................................................................................................................................................................................... 11

III. Logical Path Association.............................................................................................................................................................................. 12

IV. Integrations and Extensible API........................................................................ ........................................................ ................................... 12

6. Summary.......................................................................................................................................................................................................... 12



3/12


1. IntroductionThe Riverbed Steelhead appliance provides significant advantage to companies who want to optimize the performance ofapplications over the wide area network (WAN). There is an associated cost, however, as visibility into the WAN is reduced. As aresult, troubleshooting and performance analysis can be more difficult. Mazu Profiler helps companies overcome this obstacleby providing a real-time view of the network and associated host conversations both locally and across the optimized WANinfrastructure.

All of the benefits that Mazu Profiler delivers including real-time and historical reporting, automatic and custom behavioralanalytics, and custom dashboards are available to support the optimized network infrastructure. As a result, organizations can:

Better understand their network for planning purposes

Be alerted to meaningful changes in network, application, user, and host behavior

Quickly identify root cause and troubleshoot these

Maintain information for audit purposes

This best practices document describes how to deploy Riverbed Steelhead appliances in conjunction with Mazu Profiler. Thisdocument is written for network administrators who are familiar with the Netflow functionality of the two products.

This document provides a high level overview of the operation of the Riverhead Steelhead and Mazu Profiler appliances and isnot intended to be a step by step guide or a replacement of the products respective documentation. Readers should refer toindividual product documentation for more details.

2. Configuring Steelhead Appliances for Netflow

I. Netflow and Steelhead Appliances

Steelhead appliances support Netflow version 5 and collect only ingress traffic (traffic coming in from the LAN and WANinterface). Egress traffic from both the WAN or LAN interface is not reported via Netflow.



4/12


1. To measure data going from client to server, create a query using the LAN interface on the client-side Steelheadappliance (LAN-0) and the WAN interface on the server-side Steelhead appliance (WAN-1). The LAN interface on theclient-side Steelhead appliance (LAN-1) exports the raw, pre-optimized traffic and the WAN interface of the server-sideSteelhead appliance (WAN-1) exports the optimized traffic from client to server.

2. To measure data going from server to client, look at the LAN interface on the server-side Steelhead appliance (LAN-1)and the WAN interface on the client-side Steelhead appliance (WAN0). The LAN interface on the server-sideSteelhead appliance (LAN-1) exports the raw, pre-optimized traffic and the WAN interface of the client-side Steelheadappliance (wan0) exports the optimized traffic data from server to client.

II. Enabling Netflow on Riverbed Steelhead Appliances

Netflow support is enabled and configured in the Advanced Networking Netflow Exportpage. Netflow enables the export ofnetwork statistics that provide information about network hosts, protocols and ports, peak usage times, and traffic routing.Netflow updates the flow record with information pertaining to each packet traversing the specified network interface. This data isthen sent to a Netflow collector such as the Mazu Profiler or Mazu Regional Gateway. The Mazu flow collector default is port2003 which can be changed; that process is described later in this document. To enable Netflow on the Riverbed Steelheadappliance:

1. Click the Setup tab to display the Setup menu.

2. Click Advanced Networkingto expand the Advanced Networking menu.

3. Click Netflowto display the Advanced Networking Netflow Export page.



5/12


1. As shown above, select Enable Netflow Export.

2. As shown above, select Additional Interfaces to add as many interfaces as desired for this Netflow exporter.

3. Complete the Add New Entrybox for all of the desired interfaces using the following steps shown below:


Select to add as many other

interfaces as desired to exportto this collector

Select to enable Netflow


6/12


Field Description:

4. Log in to the Steelhead appliance via SSH and run the following hidden command to set the Netflow active timeoutfrom the default of 30 minutes to 60 seconds:

ip flow-setting active_to "60"

III. Steelhead Appliance Deployment Scenarios

1. In-path

In this configuration, the Steelhead appliances are physically placed in path of the client and server and see all traffic. EnableNetflow and use the primary/auxiliary interface to export the data to the Mazu Profiler. Select Allto export all traffic received bythe Steelhead appliance to Mazu Profiler ensuring all optimized and non-optimized traffic is exported.

2. Virtual in-path

In a virtual in-path deployment, the Steelhead appliances are placed physically out of path but virtually in the path between theclients and servers. In a virtual in-path deployment, clients and servers continue to see the real client and server IP addresses.This deployment differs from a physical in-path deployment in that a packet redirection mechanism is used to direct packets to

the Steelhead appliance. Redirection mechanisms include: Policy Based Routing (PBR) and WCCP.In this configuration, enableNetflow on the primary/auxiliary interface and export only the optimized data from the Steelhead and use the router to export thepass-through data. In this configuration, the Steelhead appliances do not have sufficient information to determine the flowdirection of pass through traffic. Therefore, it is necessary to enable Netflow export on the router to capture the pass-throughtraffic. Additionally, run the following command on the Steelhead appliance that is running virtually in-path:

ip flow-export destination interface wan0_0 fakeindex on

This will enable the Steelhead appliance to determine the flow of optimized traffic on the WAN interface in a virtual in-path set up.To get information only on the un-optimized traffic, create a report using a host subnet (or host address) with the Steelhead clientIP address.



7/12


3. Out of path

An out-of-path deployment is a network configuration in which the Steelhead appliance is not in the direct physical path betweenthe client and the server. In an out-of-path deployment, the Steelhead appliance acts as a proxy. An out-of-path configuration issuitable for data center locations where physical in-path or virtual in-path configurations are not possible. In this configuration,enable Netflow on the primary/auxiliary interface and export only the optimized data from the Steelhead appliance. Similar to thevirtual in-path deployment, configure the router to export the pass-through data as the Steelhead appliance will only seeoptimized data in this configuration. Steelhead appliances are unable to determine the flow of the optimized data in thisconfiguration and are therefore unable to split traffic based on the source (e.g. LAN or WAN).

3. Configuring Mazu Profiler

I. Configuring the WAN Interface Speed of the Steelhead Interface Exporting Netflow Data

Mazu Profiler uses SNMP to collect information about the Netflow exporter (i.e. the Steelhead appliance). It collects the speed ofthe interface exporting the Netflow data. Within this deployment scenario, it is the Steelhead that exports the Netflow data andnot the outbound router interfaces. Thus the interface speed information received by Mazu Profiler refers to the connectivitybetween the Steelhead appliance and the router and not the outbound WAN link (e.g. Frame Relay sub interfaces). This wouldtypically mean that Mazu Profiler will report the outbound interface to be a 100Mbps or a 1 Gbps link instead of a T1, T3 or DS3link. To enable link utilization in the reporting and custom analytics, the proper interface speed must be set in the Mazu ProfilerUI.

1. Open the Mazu Profiler web interface.

2. Click the System Information then the Devices/Interfaces link on the navigation bar on the left side of the screen.

3. Select Interfaces (List) from the table.

4. Identify the interface speed to change and enter the change in the Speed Override column.



8/12


5. Make all of the necessary changes and then click the Applybutton on the bottom right side of the page.

II. Link-Based Reporting for the Data Center in a Fan-In ModelIn the fan-in model, Netflow data exported by the WAN interface of the Steelhead appliance at the data center represents allincoming flows. All of the sites connecting to the Steelhead appliance are aggregated and not differentiated. Mazu Profiler allowsthe operator to easily distinguish a remote site by specifying the link information. This distinction should be used for both thereporting and the analytics engine to establish policy surrounding individual site connectivity.

Using the model described above, the operator is able to distinguish per-site information by reporting on the link instead of aninterface. This can be accomplished in many ways; however, the most simple is to create a query specifying the Data CenterLAN-0 interface and the Remote Site LAN-1 interface (in this example) for reporting on the link traffic. The traffic can be viewedin a variety of ways, including the following:



9/12


More information about the specific Report by categories can be found in the Mazu Profiler Users Guide or the Mazu Profileronline help. Mazu refers to application based on an actual layer 7 fingerprint of the packet payload. ports or services refer to theLayer 3/4 information provided by Netflow. The category labeled Application-ports will include the Layer 3/4 information(protocol/ports) as well as an application tag noting the packet payload determined through a deep packet inspection by theMazu Application Sensor. More information on the Mazu Application Sensor is included below for reference. Mazu Profiler alsoincorporates a logical grouping of hosts into multiple views referred to as Host Groups. The Host Groups provide a macro view ofthe network allowing operational personnel to quickly distinguish important context in the report. Below is a report generated fromthe abovementioned query.

4. Deployment ScenariosThis section discusses several typical deployment scenarios with the Steelhead appliances and the associated relation toNetflow reporting. In general, any site that has WAN links coming in from different sites will use Host Grouping by Site forvisibility of individual links.



10/12


I. Point-to-Point Links

In this deployment scenario, there is a single dedicated link between two Steelhead-appliance-enabled sites. The two Steelheadappliances involved are dedicated to this link alone. Besides enabling the interfaces for exporting Netflow on the Steelheadappliance, one will also need to set the interface for the WAN interface on each Steelhead appliance. This would also hold truefor a bonded WAN connection between two sites.

II. Hub-and-Spoke

In this deployment scenario, each branch site communicates with a central site through a dedicated link. Any communicationbetween the branch office sites also goes via the central site.

Branch Office

Enable the interfaces for Netflow export on the Steelhead appliance. In addition one will also need to set the interface speed forthe WAN interface on each Steelhead appliance.

Central Site

The central site or hub site deploys a fan-in model. Enable the interfaces for Netflow export on the Steelhead appliance.Configure the WAN interface speed to match the aggregate speed of the WAN link. If individual site-level visibility is required foreach site, Host Grouping will have to be created for each branch office site as explained in Section 2 (III).

III. MPLS

In this deployment, if visibility is needed per subnet then Mazu recommends using Host Grouping, which is needed to identifysubnet level conversations in the MPLS cloud. You will then need to enable Netflow on the Steelhead appliance interfaces for theWAN interface on each Steelhead appliance. You must also configure the WAN link speed for each WAN interface.

5. Additional Mazu Profiler Capabilities

I. Application Fingerprinting

Mazu Profilers application fingerprinting identifies the application traversing the flow by inspecting the packet payload andcomparing the payload to an extensive list of known applications. This allows operators to quickly understand the applicationtraversing a given flow, for example Skype using tcp/80 or users going to Gmail. Other management tools identify applicationsusing the protocol and port association. New applications using non-standard ephemeral ports and tunneling over known ports

make it difficult for network operators to accurately identify which applications are running.

The application fingerprinting capability is enabled by the Mazu Application Sensor which resides passively on the network,inspecting traffic SPANd or mirrored to the device. Unlike traditional packet inspection devices, the Mazu Application Sensortags a given flow with the application detail, thus requiring fewer appliances to provide coverage across the enterprise.



11/12


II. User Identity

Mazu Profiler integrates with identity management solutions. This enables the operator to quickly identify a user who is

consuming the network bandwidth or disrupting other users. The user identity feature is available for real-time and historicalreporting as well as through the custom analytics engine.

III. Logical Path Association

Using SNMP integration, Mazu Profiler records the logical path that a flow takes across the network. This makes it possible todetermine whether the primary or redundant path was traversed by a particular flow.

IV. Integrations and Extensible API

Mazu Profiler provides out-of-the-box integrations with more than 40 popular enterprise technologies to increase the value ofyour existing infrastructure investments. These integrations help you quickly identify and triage new events regardless of howthey are generated (Mazu Profiler or other tools). Additionally, they reduce training requirements as the information provided by

Mazu Profiler in available from within tools already familiar to the network operators. The extensible API also provides the abilityfor custom integrations with homegrown tools.

6. SummaryThe emergence of WAN optimization devices like Riverbed Steelhead appliances has brought new challenges andcontradicts some fundamental assumptions made in Netflow. Our joint testing, however, has proven that the Mazu Profiler andRiverbed Steelhead products work together to not only maintain current levels of visibility but also to provide customers withadditional valuable insight into their optimized network.



12/12


Riverbed Technology,Inc.199 Fremont StreetSan Francisco, CA 94105Tel: (415) 247-8800www.riverbed.com

Riverbed Technology Ltd.No 1, The Courtyard, Eastern RoadBracknell, Berkshire RG12 2XBUnited KingdomTel: +44 1344 354910

Riverbed Technology Pte. Ltd.391A Orchard Road #22-06/10Ngee Ann City Tower ASingapore 238873Tel: +65 6508-7400

Riverbed Technology K.K.Shiba-Koen Plaza Building 9F3-6-9, Shiba, Minato-kuTokyo,Japan 105-0014Tel:+81 3 5419 1990

2008 Riverbed Technology,Inc. All rights reserved. Riverbed Technology,Riverbed, Steelhead and the Riverbed logo are trademarks or registered trademarks of RiverbedTechnology,Inc. Portions of Riverbeds products are protected under Riverbed patents, as well as patents pending. WP-UHC011808

2008 Ri b d T h l I All i ht d 12
http://www.riverbed.com/http://www.riverbed.com/

Documents

DeployingSteelheadsWithProfilers.pdf