Upload
abdullahabdul
View
527
Download
4
Tags:
Embed Size (px)
DESCRIPTION
Riverbed Steelhead PoC Best Practices
Citation preview
Riverbed Confidential
Steelhead PoC Best Practices Bob Ashmore
Riverbed Sales Engineer
Copyright Riverbed Technology 2
May 2013
Riverbed Confidential
Prerequisites
This presentation:
● is a review of best practices for performing a basic
Steelhead Proof-of-Concept.
● assumes the engineer has taken the introductory
Steelhead SADM course or has completed the on-line
RTSA-W and RTSS-W and has some hands-on
experience.
Riverbed Confidential
Steelhead PoC steps
● Gather Requirements
● Size the Solution
● Establish Success Criteria
● Prepare for Install
● Steelhead Installation
● Health Check
● Present Results
Riverbed Confidential
Gather Network Requirements
● Obtain or develop a network diagram “a picture is worth a thousand words”
● What applications are running across the WAN?
● How many offices/locations?
● Any mobile workers?
● Need for High Availability, clustering, or redundancy?
● Print, AD, or DNS servers at branch office?
● Are they using SSL (HTTPS)?
● Are they using signed-SMB or encrypted MAPI?
Riverbed Confidential
Gather Application and Traffic
Information
Application Acceleration Consolidation Virtualization
• Slow applications? • What applications? • End users complaining? • Large file transfers? • Collaboration?
• Centralizing data?
• Consolidating servers?
• Want to remove
servers from remote
sites?
• Virtualizing servers?
• Virtualizing desktops?
• Replicating virtual
machines?
Ask questions to uncover opportunities
Disaster Recovery
• Still doing disk or tape
backup?
• How long does it take?
• How often and how
much data?
Mobile Workers
• Number of mobile
workers?
• Sales people or execs
who travel?
Network Based Back-up
• DR site?
• Using replication solution?
• How long does it take?
Always ask how many sites and their sizes.
Riverbed Confidential
Steelhead CX Appliances
are Sized to Meet Your Needs
Copyright Riverbed Technology 7
755-L 10 Mbps optimized throughput
900 optimized TCP connections
100 GB Data Store
755-M 10 Mbps optimized throughput
1500 optimized TCP
connections
100 GB Data Store
755-H 20 Mbps optimized throughput
2300 optimized TCP
connections
160 GB Data Store (SSDs)
1555-L 50 Mbps optimized throughput
3000 optimized TCP connections
400 GB Data Store
1555-M 50 Mbps optimized throughput
4500 optimized TCP connections
400 GB Data Store
1555-H 100 Mbps optimized throughput
6000 optimized TCP connections
320 GB Data Store (SSDs)
5055-M 200 Mbps optimized throughput
14,000 optimized TCP connections
640 GB Data Store (SSDs)
7055-L 622 Mbps optimized throughput
75,000 optimized TCP connections
1.6 TB Data Store (SSDs)
150-M • 1 Mbps optimized throughput
• 20 optimized TCP connections
• 40 GB Data Store
250-L 1 Mbps optimized throughput
40 optimized TCP connections
40 GB Data Store
250-M 2 Mbps optimized throughput
125 optimized TCP connections
40 GB Data Store
250-H 2 Mbps optimized throughput
200 optimized TCP connections
40 GB Data Store
555-M 6 Mbps optimized throughput
350 optimized TCP connections
80 GB Data Store
555-H 10 Mbps optimized throughput
650 optimized TCP connections
80 GB Data Store
5055-H 400 Mbps optimized throughput
25,000 optimized TCP connections
640 GB Data Store (SSDs)
Massive Scaling Interceptor 9350 40 Gbps optimized throughput
1,000,000 optimized TCP
connections
Steelhead Mobile Software Installed on end-user machine
Min1.5Ghz Celeron, 512MB RAM,
1GB HDD
Central Management
Console CMC 8150- 50 devices
Optional Component
Manages and monitors hundreds of
appliances at once
Steelhead Mobile
Controller Required for Steelhead Mobile
SMC appliance
• 40 to 4,000 concurrent users
• Cluster to scale higher
SMC-VE
• 10-100 concurrent users
Management & Reporting
Mobile Worker
7055-M 1 Gbps optimized throughput
100,000 optimized TCP
connections
2.4 TB Data Store (SSDs)
7055-H 1.5 Gbps optimized throughput
150,000 optimized TCP
connections
4.8 TB Data Store (SSDs)
Riverbed Confidential Copyright Riverbed Technology 8
Steelhead EX Appliances
are Sized to Meet Your Needs
1160-L 10 Mbps optimized throughput
900 optimized TCP connections
150 GB Data Store (SSDs)
275/275 GB Granite Block
Store/VSP
10 GB Ram for VSP
1160-M 10 Mbps optimized throughput
1500 optimized TCP connections
150 GB Data Store (SSDs)
275/275 GB Granite Block
Store/VSP
10 GB Ram for VSP
1160-H 20 Mbps optimized throughput
2300 optimized TCP connections
150 GB Data Store (SSDs)
275/275 GB Granite Block
Store/VSP
10 GB Ram for VSP
1160-VH • 50 Mbps optimized throughput
• 4000 optimized TCP connections
• 300 GB Data Store (SSDs)
• 275/275 GB Granite Block
Store/VSP
• 12 GB Ram for VSP
560-L • 4 Mbps optimized throughput
• 250 optimized TCP connections
• 40 GB Data Store (SSDs)
• 190/190 GB Block Store/VSP
Partition
• 4/9 GB Ram for VSP
560-M 6 Mbps optimized throughput
350 optimized TCP connections
70 GB Data Store (SSDs)
190/190 GB Block Store/VSP
Partition
4/9 GB Ram for VSP
560-H 10 Mbps optimized throughput
650 optimized TCP connections
70 GB Data Store (SSDs)
190/190 GB Block Store/VSP
Partition
4/9 GB Ram for VSP
1260-L 10 Mbps optimized throughput
900 optimized TCP connections
100 Gig Data Store
575 or 1230 GB Block Store/VSP
11-47 GB Ram for VSP
1260-M 10 Mbps optimized throughput
1500 optimized TCP connections
100 Gig Data Store
575 or 1230 GB Block Store/VSP
11-47 GB Ram for VSP
1260-H 20 Mbps optimized throughput
2300 optimized TCP connections
160 Gig Data Store (SSDs)
575 or 1230 GB Block Store/VSP
11-47 GB Ram for VSP
1260-VH • 50 Mbps optimized throughput
• 4000 optimized TCP connections
• 160 Gig Data Store (SSDs)
• 575 or 1230 GB Block Store/VSP
• 7-44 GB Ram for VSP
760-L 10 Mbps optimized throughput
900 optimized TCP connections
150 GB Data Store (SSDs)
190/190 GB Block Store/VSP
Partition
8 GB Ram for VSP
760-M 10 Mbps optimized throughput
1,500 optimized TCP
connections
150 GB Data Store (SSDs)
190/190 GB Block Store/VSP
Partition
8 GB Ram for VSP
760-H 20 Mbps optimized throughput
2,300 optimized TCP
connections
150 GB Data Store (SSDs)
190/190 GB Block Store/VSP
Partition
8 GB Ram for VSP
Riverbed Confidential
Size the Steelheads
• Size branch Steelheads to match WAN bandwidth
• Consider connection count ▪ # of branch users x 10 connections per user = # of connections
• Use sum of branch bandwidths and connection counts to
size the datacenter Steelhead
b/w users connections Steelhead
branch1 4Mb/s 28 280 555M
branch2 10Mb/s 130 1300 755M
data center 4+10=14Mb/s 28+130=158 280+1300=1580 755H
Riverbed Confidential
Define and Document Success
Criteria
Objective Criteria for Success Result
Improve response time of AutoCAD Open 500 MB AutoCAD file from remote office
in less than 40 seconds ???
Shorten time to complete data
backup
Reduce SnapMirror backup time from 22
hours to under 3 hours ???
Avoid bandwidth upgrade Reduce peak bandwidth usage to under
3Mbps ???
Riverbed Confidential
Pre-PoC Checklist
Before arriving make sure you:
● Confirm date for installation – Make sure all necessary stakeholders are available
• IT manager, project managers, etc.
– Make sure any necessary change window is scheduled.
● Confirm equipment will arrive before installation date
● Confirm sufficient rack-space, power, and cable-lengths
● Download recent Riverbed-recommended RiOS
version to your laptop
● Help customer complete “Pre-PoC Questionnaire”
before installation date
Riverbed Confidential
Deployment Methodologies
● Physical In-Path – The Steelhead is placed between the switch and the router/firewall,
directly in the path of traffic.
– Be aware of /30 subnets in this location. We need an IP address on
the subnet between the switch and the router/firewall for the in-path
interface.
– 95% of all Steelhead PoCs are done Physically In-path.
● Server-side Out-of-Path – Useful when customer will not allow the Steelhead to be placed
directly in the path of traffic.
– This only provides for optimization one direction.
• All of the clients must be in one location and all of the servers must be in
another location.
– Cable only the Primary interface to a port on the L2-switch
– Do not cable the in-path interfaces
– Create a Fixed-target rule on the Client-side Steelhead pointing to the
Primary port of the Server-side Steelhead. Refer to the
documentation for details
Riverbed Confidential
Physical In-Path Steelhead PoC Basic Steps
(1 of 2)
Connect serial cable (9600,8N1)
Login using admin/password
Complete jumpstart wizard # (config) configuration jumpstart
Connect laptop to Primary (Ethernet) port
If licensing errors, see subsequent slide
Configure>Maintenance>Software Upgrade Switch to “backup” version if newer than “booted” version
Upgrade to recent recommended version available at support.riverbed.com
Use serial number from Support tab in Steelhead GUI
Switch to Backup Version
Shutdown Steelhead and disconnect power
Riverbed Confidential
Physical In-Path Steelhead PoC Basic Steps
(2 of 2)
Cable Steelhead in-path interfaces before connecting power
Confirm cabling by pinging “through” Steelhead
Ensure no traffic can circumnavigate the Steelhead (no asymmetric routes)
Power on the Steelhead
Check for errors (see upcoming slides)
Riverbed Confidential
Server-side Out-of Path Steelhead PoC
Basic Steps Skip if Deploying In-Path
Connect serial cable (9600,8N1)
Login using admin/password
Complete jumpstart wizard # (config) configuration jumpstart
Connect Primary (Ethernet) port to L2 switch with straight-through cable
If licensing errors, see next slide
Configure>Maintenance>Software Upgrade Switch to Backup version if newer than Booted version
Upgrade to recent recommended version available at support.riverbed.com
Use serial number from Support tab in Steelhead GUI
Switch to Backup Version
Reboot the Steelhead
Check for errors (see upcoming slides)
Riverbed Confidential
Resolving Licensing Anomalies
Main Steelhead page says “Critical” due to Licensing and Optimization
Error
Configure>Maintenance>Licenses Click on Fetch Updates Now
If errors remain, navigate to licensing.riverbed.com Copy & paste s/n, click Next, enter your email address, click Submit
If required, CAREFULLY activate each serial number
Copy & paste license into Steelhead GUI
Riverbed Confidential
PoC Health Check
● Confirm installation is getting best possible results
Riverbed Confidential
Steelhead Health Check
Check physical layer
Check “Connected Peers”
Check “Current Connections”
Application -layer errors CIFS SMB signing
MAPI encryption
Check “Traffic Summary” Application-specific optimizations
Riverbed Confidential
Cabling types
Non-Switch Switch
Crossover cable
Straight-through cable
These rules apply on either side (LAN or WAN)
Riverbed Confidential
Speed Issues – Duplex Mismatch (Steelhead)
● Symptom: – After Steelhead installation, traffic does not speed up or inconsistent speed increase
● Troubleshooting: – Look at Reports › Networking › Interface Counters for errors
– If counters on Steelhead are low, check directly-attached network gear
– Look for alarm/log message about error counts rising
– Packet traces (tcpdump) see lots of retransmissions
● Likely problem: – Duplex mismatch between Steelhead and connected devices
● What to do: – Change the interface speed/duplex to match
– *Warning* ideally the WAN and LAN have the same duplex settings, because
otherwise they will have a duplex mismatch when we fail-to-wire
Riverbed Confidential
Interface Statistics
Reports › Networking › Interface Counters
Check LAN/WAN for errors. Must be at least 100/full
(1000 Mb/s preferred)
Riverbed Confidential
Connected Peer Steelheads
Reports>Optimization>Peers
Confirm that all Steelheads are visible
Riverbed Confidential
Current Connections
Reports › Networking › Current Connections
Check that connections are being optimized.
For detailed info, click on magnifying glass
Riverbed Confidential
Current Connections issues
What does that red triangle mean? Shows a protocol error in the current connections report
Common reasons
CIFS – SMB signing is the likely cause, possibly SMBv2
MAPI – Encrypted Outlook (on by default for Outlook 2007+)
Both can be solved by joining the server-side Steelhead to the domain
Riverbed Confidential
Join the Domain
Join Server-side Steelhead (SSH)
to a Windows domain.
– Configure > Networking > Host
Settings
• Update “Primary DNS Server” with
DNS IP address for the domain
• Update “DNS domain list” to include
the domain name
• Confirm the clock is correct
– Configure > Networking >
Windows Domain
• Select “Domain Settings”
• Join Account Type as:
– BDC for 2003 domains
– RoDC for 2008 domains
• Enter details for the domain settings
and click “Join”
Riverbed Confidential
SMB Signing and Encrypted MAPI
SMB Signing
• Configure › Optimization › CIFS (SMB1)
• Enable SMB Signing
• NTLM Transparent Mode
• Configure > Optimization > SMB2/3
• Enable SMB2 Optimizations
• NTLM Transparent Mode
Encrypted MAPI
• Configure › Optimization › MAPI
• Enable Encrypted Optimization
• NTLM Transparent Mode
Riverbed Confidential
Traffic Summary Report
Look for applications
with 0% reduction,
indicating the traffic is
pre-compressed or
encrypted
Options:
1. Find the application
server and turn off
encryption &
compression
2. Use pass-through rule
to bypass the traffic.
(no reason to waste
resources for negative
compression)
Look for 0% reduction
Riverbed Confidential
Enable other Optimizations as Needed
● Ask the customer if they have any of the following: – Citrix: Enable under Configure>Optimization>Citrix
• Then pull out ports 1494 and 2598 from the “Interactive” port label
– RDP: First turn off Encryption at the RDP server and turn off compression on
the RDP client
• Then add an auto-discovery in-path rule with “neural framing mode” set to “never”
for port 3389
– Oracle: Enable under Configure>Optimization>Oracle Forms
• Then add an auto-discovery in-path rule with “neural framing mode” set to “never”
for oracle traffic (usually port 9000) and Preoptimization Policy set to Oracle Forms
– Databases: Add an auto-discovery in-path rule with “neural framing mode” set
to “never” for the database traffic port
– SSL: Steelhead will decrypt, optimize, and re-encrypt. Certs need to copied
onto the Server-side Steelhead only.
- Refer to the “Steelhead Deployment Guide” for Details -
Riverbed Confidential
Presenting Results
● Record results in the “Result” column of the Success
Criteria Table.
● Highlight objectives that were met.
● Use Steelhead reports to support conclusions – Current Connections
– Bandwidth Optimization
– Traffic Summary
0
20
40
60
80
100
120
Before Riverbed
After Riverbed
Data Replication (minutes)
Riverbed Confidential
Bandwidth Optimization Report
• Show Overall Data
Reduction:
i.e. 88%!
• Compare WAN vs.
LAN data
© 2006 RIVERBED TECHNOLOGY, INC – CONFIDENTIAL
Riverbed Confidential
Traffic Summary Report
© 2006 RIVERBED TECHNOLOGY, INC – CONFIDENTIAL
● Shows
optimization by
application
● Don’t forget you
can adjust time
period.
Riverbed Confidential
Additional Resources
● “Pre-PoC Questionnaire”
● “Post-PoC Documentation”
● “Steelhead Deployment Guide” on Partner Center and on Support site
● “Optimizing in a Secure Windows Environment” on Partner Center and
Support site
● For documentation, code upgrades, and Knowledge Base, please visit
http://support.riverbed.com
● For licensing issues, please visit http://licensing.riverbed.com
● If you cannot resolve a problem, please contact a Riverbed Engineer or
Riverbed Support