Packet Ricochet in Network
Posted On Jul 18, 2008 at at 4:02 PM by DophiRiverbed Steelhead Appliance provides a simple implementation in an in-path mode. However, many people might neglect to configure routing on a Steelhead appliance because it is a transparent device between a router and core switch. Therefore, packets can pass through the Steelhead appliance twice causing packet ricochet. This could potentially lead to broken QoS models, firewalls blocking packets, and a performance decrease.
There are two methods to avoid packet ricochet in a network. First of them is configuring routing on a in-path interface. Personally, I would not recommend this way because Steelhead appliance only has static route function and it might be complex in a large network topology to add many static routes. But, this can provide an exact routing table for Steelhead to determined which next hop it should send packets to.Second one is using simplified routing. Simplified routing collects the IP address for the next hop MAC address from each packet it receives to use in addressing traffic and building a routing table. This also eliminates the need to add static routes when the Steelhead appliance is in a different subnet from clients and servers.
Enabling Simplified Routing:
- GUI: Configure > Networking > Simplified Routing
- CLI:
SH200 (config) # in-path simplified routing ?
none all options are disabled
all collect mappings from dest/source MAC data and data from un-natted connections
dest-only collect mappings from destination MAC data
dest-source collect mappings from dest and source MAC data
There are four modes of simplified routing:
- None. Do not collect mappings.
- Destination Only. Collects destination MAC data. This option can be used in connection forwarding deployments.
- Destination and Source. Collect mappings from destination and source MAC data. This option can be used in connection forwarding deployments.
- All. Collect mappings for destination and source MAC data. Also collect data for connections that are un-natted. This option can not be disabled in connection forwarding deployments. This option can maximize the effects of simplified routing.