Documente Academic
Documente Profesional
Documente Cultură
Agenda
Packet ricochet Simplified routing (SR) description Advanced configs 802.1q trunks Asymmetric routing L2 WANs How to override SR Command summary
2
2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL
router1
R
10.0.5.5/24 10.0.0.4/24 Steelhead1 inpath0_0 10.0.0.2/24
router2
R
10.0.0.1/24 Steelhead2 inpath0_0 10.0.3.3/24
R
10.0.5.5/24 10.0.0.4/24 Steelhead1 inpath0_0 10.0.0.2/24 10.0.0.1/24
R
Steelhead2 inpath0_0 10.0.3.3/24
Router/switch has QoS marking/enforcement on ingress interface Router may throttle traffic to LAN if bounced through router Switch may alter DSCP markings if bounced through switch Firewalls may not re-transmit packets Router may have 10/half Ethernet connection
Right before sending a packet out on the wire, do the SR table lookup, and overwrite the dst MAC address if entry is found Does not affect passthrough traffic SR table per in-path interface
6
2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL
R1
R
IP 10.0.0.4/24 MAC 94C2
S1
Steelhead1 inpath0_0 10.0.0.2/24
R2
R
IP 10.0.0.1/24 MAC 65DE
S2
Steelhead2 inpath0_0 10.0.3.3/24
10.0.5.5/24
S1 configured with: in-path simplified routing all Default gateway for inpath0_0 is R1
7
2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL
R1
R
IP 10.0.0.4/24 MAC 94C2
S1
Steelhead1 inpath0_0 10.0.0.2/24
R2
R
IP 10.0.0.1/24 MAC 65DE
S2
Steelhead2 inpath0_0 10.0.3.3/24
10.0.5.5/24
10.0.3.7/24
SYN
TCP SYN received IP src Aip -> IP dst Bip MAC src R1mac -> MAC dst R2mac
S1 learns: IP Aip, MAC R1mac IP Bip, MAC R2mac
8
2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL
R1
R
IP 10.0.0.4/24 MAC 94C2
S1
Steelhead1 inpath0_0 10.0.0.2/24
R2
R
IP 10.0.0.1/24 MAC 65DE
S2
Steelhead2 inpath0_0 10.0.3.3/24
10.0.5.5/24
10.0.3.7/24
Probe response received IP src Bip -> IP dst Aip MAC src R2mac -> MAC dst R1mac
Steelhead also learns association for remote Steelhead! IP S2ip, MAC R2mac
9
2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL
R1
R
IP 10.0.0.4/24 MAC 94C2
S1
Steelhead1 inpath0_0 10.0.0.2/24
R2
R
IP 10.0.0.1/24 MAC 65DE
S2
Steelhead2 inpath0_0 10.0.3.3/24
10.0.5.5/24
10.0.3.7/24
S1s inpath0_0 SR table says: IP S2ip, MAC R2mac IP Bip, MAC R2mac IP Aip, MAC R1mac
10
2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL
S1
R2
R
S2
Steelhead2 inpath0_0 10.0.3.3/24
A is a server Suppose there are 2 VLANs representing 2 remote branch offices/subnets VLAN interfaces on R1 have different MAC addresses
To find MAC address when sending data to A, now need to know what VLAN the connection is on
11
2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL
R
10.0.5.5/24 10.0.0.4/24 Steelhead1 inpath0_0 10.0.0.2/24 10.0.0.1/24
R
Steelhead2 inpath0_0 10.0.3.3/24
Use in-path mac-match-vlan (not on by default) SR entries now contain: IP address, VLAN ID, MAC address SR table now maps: (IP address, VLAN) -> MAC address Also need in-path vlan-conn-based (not on by default) Also may need to disable probe caching on other Steelheads
12
2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL
S1
R2
R
S2
Steelhead2 inpath0_0 10.0.3.3/24
10.0.3.7/24
If a connection is made from B to A, what VLAN should Steelhead1 use for the S1 <-> A traffic? If we create the connection because of an auto-discovery probe, we can learn and use the right vlan to use for the connection in-path vlan-conn-based
Solution: disable probe caching on S2 This is obviously hard to do in a large deployment! Bug filed to improve
13
2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL
Asymmetric Routing
simplified routing all learns from both src and dst info If theres asymmetric routing, src info may be wrong Use simplified routing dest-only to only learn dst info May need to turn on Enhanced Auto Discovery to learn src info from the network
14
2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL
L2 WANs
R
10.0.5.5/24 IP 10.0.0.4/24 MAC 94C2 Steelhead1 inpath0_0 10.0.0.2/24 IP 10.0.0.1/24 MAC 65DE
R
Steelhead2 inpath0_0 10.0.3.3/24 10.0.3.7/24
If has no entry for a MAC addr, broadcasts packet on both LAN and WAN interfaces On L2 WANs, this broadcast can leak over the WAN SR table on remote Steelhead can get corrupted with invalid info
15
2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL
L2 WANs
A
R
10.0.5.5/24 IP 10.0.0.4/24 MAC 94C2 Steelhead1 inpath0_0 10.0.0.2/24 IP 10.0.0.1/24 MAC 65DE
S1
R
S2
Steelhead2 inpath0_0 10.0.3.3/24
10.0.3.7/24
B->A
Overriding SR Behavior
By default, if SR is on and a SR table match is found, in-path routing table is ignored What if you want to use static routes for certain subnets? Use in-path simplified mac-def-gw-only
17
2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL
Miscellaneous
Each Steelhead has a SR table big enough to hold info for each optimized connection Never run out of entries
18
2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL
Command Summary
Currently bug workarounds that are not enabled by default:
in-path simplified mac-def-gw-only (bug 15804) in-path mac-except-locl (bug 16389) in-path mac-match-vlan (bug 14662)
Simple L3 link:
in-path simplified routing all in-path peering auto
19
2006 RIVERBED TECHNOLOGY, INC CONFIDENTIAL