VLAN Tracking on Steelhead

    In some cases, Steelhead should be deployed on a link with VLAN tags and perform acceleration. By default, Steelhead uses source MAC address to track VLAN ID. But this might not work properly because of  the behaviors of some routers or topology.  In order to accelerate traffic properly, some functions can be used to maintain correct VLAN information on both client and server side Steelhead.

 

1. Enable VLAN tag ID on Inpath interface: The VLAN ID is used when the Steelhead appliance generates traffic sent to its peer on the other side of the WAN in Correct Addressing mode.

amnesiac (config) # in-path interface inpath0_0 vlan 4

 

2. Enable Simplified Routing:  Simplified routing  keeps track of the IP, VLAN ID, and MAC address for each connection.  When deploy Steelhead appliances on VLAN trunks, enabling simplified routing is necessary.

amnesiac (config) # in-path simplified routing all

 

3. Enable VLAN Tracking by Connections: When the router uses the same MAC address for multiple VLANs, the Steelhead can use the wrong VLAN ID to tag the traffic dut to the default tracking behavior. In this situation, we need to track the VLAN ID by connection instead of MAC address.

amnesiac (config) # in-path vlan-conn-based

 

4. Bound VLAN tacking to MAC address: In some cases, asymmetry within a network occurs when traffic flowing in the direction of the client to the
server is different than the traffic flowing from the server back to the client. Due to this situation, Steelhead needs to track the VLAN ID and IP address bound to the MAC address. With this function, Steelhead uses VLAN IDs in simplified routing table lookups.

amnesiac (config) # in-path mac-match-vlan

 

5.  Disable probe-caching:  When probe-caching is disabled, the SYN packet of every connection has the probe-request attached to it. This enforces Steelhead to learn the correct VLAN ID information on every new connections. This can be done on either client or server side.

Server Side:

amnesiac (config) # no in-path peer-probe-cach

Client Side:

amnesiac (config) # no in-path probe-caching enable

 

6. Disable FTP and MAPI data probing: This is optional and depends on the environment.  Steelhead doesn’t initial probes for FTP and MAPI data connection by default if FTP-control and MAPI initialization are optimized.  To ensure Steelhead track correct VLAN tags, we can enable probe for both of them.

amnesiac (config) # in-path probe-ftp-data
amnesiac (config) # in-path probe-mapi-data

 

    On the step one, the VLAN ID is only used in correct addressing mode. For example, the VLAN ID assigned on step one is 4 and that means Steelhead sets VLAN ID to 4 when it generates traffic to communicate with peers. The original VLAN ID from switch is not visible on a router leading to WAN. If we need the VLAN IDs to be kept between Steelhead appliances, we can configure in-path rules in full address transparency mode.

Correct Addressing: The 802.1Q tag is set to 4 because VLAN ID is assigned to 4 on the in-path interface.

ca-1

Full Transparency: The 802.1Q tag and client’s IP address is preserved for communication.

ft-1

Posted in Labels: , , |