Riverbed Deployment

Steelhead® Appliance Installation and
Configuration Guide
Steelhead® CX (xx55)
Steelhead® (xx50)
Version 8.6
April 2014
© 2014 Riverbed Technology. All rights reserved.
Riverbed®, Cloud Steelhead®, Granite™, Interceptor®, RiOS®, Steelhead®, Think Fast®, Virtual Steelhead®,
Whitewater®, Mazu®, Cascade®, Shark®, AirPcap®, BlockStream™, SkipWare®, TurboCap®, WinPcap®,
Wireshark®, TrafficScript®, FlyScript™, WWOS™, and Stingray™ are trademarks or registered trademarks of
Riverbed Technology, Inc. in the United States and other countries. Riverbed and any Riverbed product or service
name or logo used herein are trademarks of Riverbed Technology. All other trademarks used herein belong to
their respective owners. The trademarks and logos displayed herein cannot be used without the prior written
consent of Riverbed Technology or their respective owners.
Akamai® and the Akamai wave logo are registered trademarks of Akamai Technologies, Inc. SureRoute is a
service mark of Akamai. Apple and Mac are registered trademarks of Apple, Incorporated in the United States
and in other countries. Cisco is a registered trademark of Cisco Systems, Inc. and its affiliates in the United States
and in other countries. EMC, Symmetrix, and SRDF are registered trademarks of EMC Corporation and its
affiliates in the United States and in other countries. IBM, iSeries, and AS/400 are registered trademarks of IBM
Corporation and its affiliates in the United States and in other countries. Linux is a trademark of Linus Torvalds
in the United States and in other countries. Microsoft, Windows, Vista, Outlook, and Internet Explorer are
trademarks or registered trademarks of Microsoft Corporation in the United States and in other countries. Oracle
and JInitiator are trademarks or registered trademarks of Oracle Corporation in the United States and in other
countries. UNIX is a registered trademark in the United States and in other countries, exclusively licensed through
X/Open Company, Ltd. VMware, ESX, ESXi are trademarks or registered trademarks of VMware, Incorporated
in the United States and in other countries.
This product includes software developed by the University of California, Berkeley (and its contributors), EMC,
and Comtech AHA Corporation. This product is derived from the RSA Data Security, Inc. MD5 Message-Digest
Algorithm.
NetApp Manageability Software Development Kit (NM SDK), including any third-party software available for
review with such SDK which can be found at http://communities.netapp.com/docs/DOC-1152, and are included
in a NOTICES file included within the downloaded files.
For a list of open source software (including libraries) used in the development of this software along with
associated copyright and license agreements, see the Riverbed Support site at https//support.riverbed.com.
This documentation is furnished “AS IS” and is subject to change without notice and should not be construed as
a commitment by Riverbed Technology. This documentation may not be copied, modified or distributed without
the express authorization of Riverbed Technology and may be used only in connection with Riverbed products
and services. Use, duplication, reproduction, release, modification, disclosure or transfer of this documentation
is restricted in accordance with the Federal Acquisition Regulations as applied to civilian agencies and the
Defense Federal Acquisition Regulation Supplement as applied to military agencies. This documentation qualifies
as “commercial computer software documentation” and any use by the government shall be governed solely by
these terms. All other use is prohibited. Riverbed Technology assumes no responsibility or liability for any errors
or inaccuracies that may appear in this documentation.
Riverbed Technology
199 Fremont Street
San Francisco, CA 94105
Phone: 415.247.8800
Fax: 415.247.8801 Part Number
Web: http://www.riverbed.com 712-00001-19
Contents
Preface......................................................................................................................................................... 1
About This Guide ..........................................................................................................................................1
Audience ..................................................................................................................................................1
Document Conventions .........................................................................................................................2
Product Dependencies and Compatibility .................................................................................................2
Hardware and Software Dependencies...............................................................................................3
CMC Compatibility ................................................................................................................................3
Virtual Services Platform (VSP) Support ............................................................................................4
Firewall Requirements ...........................................................................................................................4
Ethernet Network Compatibility .........................................................................................................4
SNMP-Based Management Compatibility..........................................................................................5
Additional Resources ....................................................................................................................................5
Release Notes ..........................................................................................................................................5
Riverbed Documentation and the Support Knowledge Base ..........................................................6
Safety Guidelines ...........................................................................................................................................6
Contacting Riverbed......................................................................................................................................6
Internet .....................................................................................................................................................6
Technical Support ...................................................................................................................................6
Professional Services ..............................................................................................................................7
Documentation........................................................................................................................................7
Chapter 1 - Product Overview ................................................................................................................... 9

Overview of the Steelhead Appliance ........................................................................................................9
Auto-Discovery Process.......................................................................................................................11
Configuring Optimization...................................................................................................................11
Fail-to-Wire (Bypass) Mode.................................................................................................................12
Fail-to-Block (Disconnect) Mode ........................................................................................................13
New Features in Version 8.6 .......................................................................................................................14
Upgrading RiOS to v8.6 ..............................................................................................................................15
Upgrade Considerations......................................................................................................................15
Recommended Upgrade Paths ...........................................................................................................16
Upgrading the RiOS Software Version ..............................................................................................16
Steelhead Appliance Installation and Configuration Guide iii

Contents
Downgrading the RiOS Software Version.........................................................................................17
Chapter 2 - Managing Riverbed Licenses ..............................................................................................19

Riverbed Licensing Methods .....................................................................................................................19
Automatic Licensing ...................................................................................................................................20
Manual Licensing Using the Riverbed Licensing Portal........................................................................21
Retrieving Licenses Using the Riverbed Licensing Portal..............................................................21
Installing Your License Keys ......................................................................................................................22
Chapter 3 - Installing and Configuring the Steelhead Appliance.........................................................23

Choosing a Network Deployment ............................................................................................................23
Checking Your Inventory............................................................................................................................25
Preparing Your Site for Installation...........................................................................................................26
Site Requirements .................................................................................................................................26
Steelhead Appliance Ports...................................................................................................................26
Avoiding Duplex Mismatch ................................................................................................................27
Bypass Card Interface Naming Conventions ...................................................................................27
Completing the Configuration Checklist .........................................................................................28
Powering On the System ............................................................................................................................29
Securing the Power Cord on Desktop Systems................................................................................29
Configuring In-Path Steelhead Appliances .............................................................................................30
Connecting the Steelhead Appliance to Your Network ..................................................................30
Running the Configuration Wizard ...................................................................................................32
Verifying You Are Connected to the Steelhead Appliance.............................................................36
Connecting to the Management Console ..........................................................................................38
Verifying WAN Optimization .............................................................................................................39
Checking for Speed and Duplex Errors.............................................................................................39
Configuring Out-of-Path Steelhead Appliances .....................................................................................40
Connecting Out-of-Path Steelhead Appliances to Your Network.................................................40
Configuring the Server-Side Steelhead Appliance ..........................................................................40
Configuring the Client-Side Steelhead Appliance...........................................................................43
Chapter 4 - Troubleshooting....................................................................................................................47
Cables ............................................................................................................................................................47
Duplex Mismatch.........................................................................................................................................48
In-Path Steelhead Appliances Connection...............................................................................................49
Oplock Issues................................................................................................................................................49
CIFS Overlapping Open Optimization Denies Multi-User Access ......................................................50
IP Address Configuration...........................................................................................................................51
Asymmetric Routing ...................................................................................................................................52
Packet Ricochet.............................................................................................................................................52
iv Steelhead Appliance Installation and Configuration Guide

Contents
Packet Ricochet: ICMP Redirects...............................................................................................................53

Simplified Routing.......................................................................................................................................54
Auto-Discovery Failure...............................................................................................................................55
Protocol Optimization Errors.....................................................................................................................55
Server-Side Out-of-Path Connection Caveats..........................................................................................55
Specific Problems .........................................................................................................................................56
Resetting a Lost Password..........................................................................................................................57
Network Integration Checklist ..................................................................................................................58
Appendix A - Series xx55 Specifications ...............................................................................................59

CX255 Specifications ...................................................................................................................................59
Status Lights and Ports ........................................................................................................................59
Technical Specifications .......................................................................................................................61
Environmental Specifications .............................................................................................................61
CX555 and CX755 Specifications ...............................................................................................................62
CX1555 Specifications .................................................................................................................................64
Power Requirements and Consumption...........................................................................................66
CX5055 and CX7055 Specifications ...........................................................................................................67
Power Requirements and Consumption...........................................................................................69
Appendix B - Series xx50 Specifications ...............................................................................................71

150, 250, and 550 Specifications .................................................................................................................71
1050 and 2050 Specifications ......................................................................................................................74
5050 and 6050 Specifications ......................................................................................................................77
7050 Specifications .......................................................................................................................................80
Steelhead Appliance Installation and Configuration Guide v

Contents

Index ..........................................................................................................................................................85
vi Steelhead Appliance Installation and Configuration Guide

Preface
Welcome to the Steelhead Appliance Installation and Configuration Guide (Steelhead appliance, Steelhead CX
appliance). Read this preface for an overview of the information provided in this guide and for an
understanding of the documentation conventions used throughout. This preface includes the following
sections:
 “About This Guide” on page 1
 “Product Dependencies and Compatibility” on page 2
 “Additional Resources” on page 5
 “Safety Guidelines” on page 6
 “Contacting Riverbed” on page 6
About This Guide

The Steelhead Appliance Installation and Configuration Guide describes how to install and configure the
Steelhead appliance. It also describes the status lights and specifications for the system.
Audience
This guide is written for storage and network administrators familiar with administering and managing
WANs using common network protocols such as TCP, CIFS, HTTP, FTP, and NFS.
Steelhead Appliance Installation and Configuration Guide 1

Preface Product Dependencies and Compatibility
Document Conventions
This manual uses the following standard set of typographical conventions to introduce new terms, illustrate
screen displays, describe command syntax, and so forth.
Convention Meaning
italics Within text, new terms, emphasized words, and REST API URIs appear in italic typeface.
boldface Within text, CLI commands, CLI parameters, and REST API properties appear in bold
typeface.
Courier Code examples appears in Courier font:

amnesiac > enable
amnesiac # configure terminal
<> Values that you specify appear in angle brackets: interface <ipaddress>
[] Optional keywords or variables appear in brackets: ntp peer <addr> [version <number>]
{} Required keywords or variables appear in braces: {delete <filename>}
| The pipe symbol represents a choice to select one keyword or variable to the left or right of
the symbol. The keyword or variable can be either optional or required: {delete <filename> |
upload <filename>}
Product Dependencies and Compatibility

This section provides information about product dependencies and compatibility. It includes the following
information:
 “Hardware and Software Dependencies” on page 3
 “CMC Compatibility” on page 3
 “Virtual Services Platform (VSP) Support” on page 4
 “Ethernet Network Compatibility” on page 4
 “SNMP-Based Management Compatibility” on page 5
2 Steelhead Appliance Installation and Configuration Guide

Product Dependencies and Compatibility Preface
Hardware and Software Dependencies

The following table summarizes the hardware and software requirements for the Steelhead appliance.
Riverbed Component Hardware and Software Requirements
Steelhead Appliance 19-inch (483 mm) two or four-post rack.
Steelhead Management Console Any computer that supports a Web browser with a color
image display.
The Management Console has been tested with Mozilla
Firefox Extended Support Release version 24.0 and
Microsoft Internet Explorer v8.0 and v9.0.
The Central Management Console has been tested with
Mozilla Firefox Extended Support Release version 24.0,
and Microsoft Internet Explorer v8.0 and v9.0.
JavaScript and cookies must be enabled in your Web
browser.
Internet Explorer v8.0 and v9.0 must refresh reports
every 4 minutes due to performance issues. Consider
using a different browser to view reports.
CMC Compatibility
The Steelhead appliance has been tested with the following Central Management Console (CMC) versions:
Steelhead Recommended CMC Appliance CMC CMC Appliance CMC Appliance

Appliance RiOS Version v8.5.x Appliance v7.0.x v6.5.x
Version v8.0.x
Steelhead CMC appliance Parity Not Not supported Not supported

appliance v8.6 v8.6 supported
Steelhead CX
appliance v8.6
Steelhead EX
appliance v3.5
Steelhead CMC appliance Parity Not Not supported Not supported

appliance v8.5.x v8.5.x supported
Steelhead CX
appliance v8.5.x
Steelhead EX
appliance v2.5.x
Steelhead CMC appliance Parity Parity Not supported Not supported
appliance v8.0.x v8.5.x; Edge
High
Steelhead CX Availability only
appliance v8.0.x for Steelhead EX
Steelhead EX appliance v2.0 or
appliance v2.1.x later
Steelhead EX
appliance v2.0.x

Preface Product Dependencies and Compatibility
Steelhead Recommended CMC Appliance CMC CMC Appliance CMC Appliance

Appliance RiOS Version v8.5.x Appliance v7.0.x v6.5.x
Version v8.0.x
Steelhead CMC appliance Parity Parity Partial Partial support

appliance v7.0.x v8.5.x; no Edge with CMC
High appliance v6.5.3
Steelhead CX
Availability
appliance v7.0.x
Steelhead EX
appliance v1.0.x
Steelhead CMC appliance Parity Parity Parity Parity

appliance v6.5.x v8.5.x or CMC
appliance
v6.5.3*;
Steelhead
appliance v6.5.1
and later QoS
configuration
support only
Steelhead CMC appliance Monitor only Parity Parity Parity

appliance v6.1.x v8.0.x or CMC with Steelhead
appliance v6.5.3* appliance v6.0.0;
Steelhead
CMC appliance
appliance v6.0.x
v6.0.1
Steelhead unsupported
appliance v5.5.x
(v5.5.4 and later)
Virtual Services Platform (VSP) Support

VSP is not supported on the Series xx55 hardware platforms. VSP is supported only on the EX Series xx60
hardware platforms. For detailed information about the Steelhead EX systems, see the Steelhead EX
Installation and Configuration Guide.
Firewall Requirements
Riverbed recommends that you deploy the Steelhead appliance behind your firewall. The following
firewall settings are required for the Steelhead appliance:
 Ports 7800 and 7810 must be open.
 Make sure your firewall does not strip TCP options.
Ethernet Network Compatibility

The Steelhead appliance supports the following Ethernet networking standards:
 Ethernet Logical Link Control (LLC) (IEEE 802.2 - 1998)
 Fast Ethernet 100 Base-TX (IEEE 802.3 - 2008)
 Gigabit Ethernet over Copper 1000 Base-T and Fiber 1000 Base-SX (LC connector) and Fiber 1000 Base
LX (IEEE 802.3 - 2008)
 10 Gigabit Ethernet over Fiber 10GBase-LR Single Mode and 10GBase-SR Multimode (IEEE 802.3 -
2008)

Additional Resources Preface
The Steelhead appliance ports support the following connection types and speeds:
 Primary - 10/100/1000 Base-T, auto-negotiating
 Auxiliary - 10/100/1000 Base-T, auto-negotiating
 LAN - 10/100/1000 Base-TX or 1000 Base-SX or 1000 Base-LX or 10GBase-LR or 10GBase-SR,
depending on configuration
 WAN - 10/100/1000 Base-TX or 1000 Base-SX or 1000 Base-LX or 10GBase-LR or 10GBase-SR,
depending on configuration
1000 Base-SX and 1000 Base-LX interface options are not available for the Steelhead appliance 150, 250, and
550 models.
The Steelhead appliance supports VLAN Tagging (IEEE 802.3 - 2008). It does not support the ISL protocol.
All copper interfaces are auto-sensing for speed and duplex (IEEE 802.3 - 2008).
The Steelhead appliance auto-negotiates speed and duplex mode for all data rates and supports full duplex
mode and flow control (IEEE 802.3 - 2008).
The Steelhead appliance with a Gigabit Ethernet card supports jumbo frames on in-path and primary ports.
SNMP-Based Management Compatibility

The Steelhead appliance supports a proprietary Riverbed MIB accessible through SNMP. SNMP v1 (RFCs
1155, 1157, 1212, and 1215) and SNMP v2c (RFCs 1901, 2578, 2579, 2580, 3416, 3417, and 3418) are supported,
even though some MIB items can only be accessible through SNMPv2.
SNMP support allows the Steelhead appliance to be integrated into network management systems such as
Hewlett Packard OpenView Network Node Manager, BMC Patrol, and other SNMP-based network
management tools.
Additional Resources
This section describes resources that supplement the information in this guide. It contains the following
sections:
 “Release Notes” on page 5
 “Riverbed Documentation and the Support Knowledge Base” on page 6
Release Notes
The online software release notes supplement the information in this manual. The release notes are
available in the Software section of the Riverbed Support site at https://support.riverbed.com. The
following table describes the release notes.
Online File Format Purpose
<product>_<version_number> Describes the product release and identifies fixed problems, known
<build_number>.pdf problems, and work-arounds. This file also provides documentation
information not covered in the guides or that has been modified since
publication.

Preface Safety Guidelines
Examine the online release notes before you begin the installation and configuration process. They contain
important information about this release of the Steelhead appliance.
Riverbed Documentation and the Support Knowledge Base

For a complete list and the most current version of Riverbed documentation, visit the Riverbed Support
Web site located at https://support.riverbed.com.
The Riverbed Knowledge Base is a database of known issues, how-to documents, system requirements, and
common error messages. You can browse titles or search for keywords and strings.
To access the Riverbed Knowledge Base, log in to the Riverbed Support site located at https://
support.riverbed.com.
Safety Guidelines
Follow the safety precautions outlined in the Safety and Compliance Guide when installing and setting up
your equipment.
Important: Failure to follow these safety guidelines can result in injury or damage to the equipment. Mishandling of
the equipment voids all warranties. Read and follow safety guidelines and installation instructions carefully.
Many countries require the safety information to be presented in their national languages. If this
requirement applies to your country, consult the Safety and Compliance Guide. Before you install, operate, or
service the Riverbed products, you must be familiar with the safety information. Refer to the Safety and
Compliance Guide if you do not clearly understand the safety information provided in the product
documentation.
Contacting Riverbed
This section describes how to contact departments within Riverbed.
Internet
You can learn about Riverbed products through our Web site at http://www.riverbed.com.
Technical Support
If you have problems installing, using, or replacing Riverbed products, contact Riverbed Support or your
channel partner who provides support. To contact Riverbed Support, open a trouble ticket by calling 1-888-
RVBD-TAC (1-888-782-3822) in the United States and Canada or +1 415 247 7381 outside the United States.
You can also go to https://support.riverbed.com.

Contacting Riverbed Preface
Professional Services
Riverbed has a staff of professionals who can help you with installation, provisioning, network redesign,
project management, custom designs, consolidation project design, and custom coded solutions. To contact
Riverbed Professional Services, email proserve@riverbed.com or go to
http://www.riverbed.com/services-training/#Consulting_Services.
Documentation
The Riverbed Technical Publications team continually strives to improve the quality and usability of
Riverbed documentation. Riverbed appreciates any suggestions you might have about its online
documentation or printed materials. Send documentation comments to techpubs@riverbed.com.

Preface Contacting Riverbed

CHAPTER 1 Product Overview
This chapter provides an overview of common terms, new features, upgrade instructions, technical and
environmental specifications, and a description of the status lights for the system. This chapter includes the
following sections:
 “Overview of the Steelhead Appliance” on page 9
 “New Features in Version 8.6” on page 14
 “Upgrading RiOS to v8.6” on page 15
Overview of the Steelhead Appliance

The causes for slow throughput in WANs are well known: high delay (round-trip time or latency), limited
bandwidth, and chatty application protocols. Large enterprises spend a significant portion of their
information technology budgets on storage and networks, much of it spent to compensate for slow
throughput, by deploying redundant servers and storage, and the required backup equipment. Steelhead
appliances enable you to consolidate and centralize key IT resources to save money, reduce capital
expenditures, simplify key business processes, and improve productivity.
With the Steelhead appliance, you can solve a range of problems affecting WANs and application
performance, including:
 Insufficient WAN bandwidth
 Inefficient transport protocols in high-latency environments
 Inefficient application protocols in high-latency environments
The Riverbed Optimization System (RiOS) intercepts client-server connections without interfering with
normal client-server interactions, file semantics, or protocols. All client requests are passed through to the
server normally, while relevant traffic is optimized to improve performance.

Product Overview Overview of the Steelhead Appliance
The optimization techniques RiOS utilizes are:

 Data Streamlining - Steelhead appliances and Steelhead Mobile can reduce WAN bandwidth
utilization by 65% to 98% for TCP-based applications using Data Streamlining. In addition to
traditional techniques like data compression, RiOS also uses a Riverbed proprietary algorithm called
Scalable Data Referencing (SDR). SDR breaks up TCP data streams into unique data chunks that are
stored in the hard disk (RiOS data store) of the device running RiOS (a Steelhead appliance or Steelhead
Mobile host system). Each data chunk is assigned a unique integer label (reference) before it is sent to a
peer RiOS device across the WAN. When the same byte sequence is seen again in future transmissions
from clients or servers, the reference is sent across the WAN instead of the raw data chunk. The peer
RiOS device (a Steelhead appliance or Steelhead Mobile host system) uses this reference to find the
original data chunk on its RiOS data store, and reconstruct the original TCP data stream.
 Transport Streamlining - Steelhead appliances use a generic latency optimization technique called
Transport Streamlining. Transport Streamlining uses a set of standards and proprietary techniques to
optimize TCP traffic between Steelhead appliances. These techniques:
– ensure that efficient retransmission methods, such as TCP selective acknowledgements, are used.
– negotiate optimal TCP window sizes to minimize the impact of latency on throughput.
– maximize throughput across a wide range of WAN links.
 Application Streamlining - In addition to Data and Transport Streamlining optimizations, RiOS can
apply application-specific optimizations for certain application protocols: for example, CIFS, MAPI,
NFS, TDS, HTTP, Oracle Forms.
 Management Streamlining - Management Streamlining refers to the methods that Riverbed has
developed to simplify the deployment and management of RiOS devices. These methods include:
– Auto-Discovery Process - Auto-discovery enables Steelhead appliances and Steelhead Mobile to
automatically find remote Steelhead appliances, and to then optimize traffic using them. Auto-
discovery relieves you from having to manually configure large amounts of network information.
The auto-discovery process enables administrators to control and secure connections, specify
which traffic is to be optimized, and specify peers for optimization.
– Central Management Console (CMC) - The CMC enables remote Steelhead appliances to be
automatically configured and monitored. It also gives you a single view of the overall benefit and
health of the Steelhead appliance network.
– Steelhead Mobile Controller - The Mobile Controller is the management appliance you use to
track the individual health and performance of each deployed software client, and to manage
enterprise client licensing. The Mobile Controller enables you to see who is connected, view their
data reduction statistics, and perform support operations such as resetting connections, pulling
logs, and automatically generating traces for troubleshooting. You can perform all of these
management tasks without end user input.

Overview of the Steelhead Appliance Product Overview
The Steelhead appliance is typically deployed on a LAN, with communication between appliances taking
place over a private WAN or VPN. Because optimization between Steelhead appliances typically takes
place over a secure WAN, it is not necessary to configure company firewalls to support Steelhead appliance
specific ports.
Figure 1-1. Typical Deployment
For detailed information about how the Steelhead appliance works and deployment design principles, see
the Steelhead Appliance Deployment Guide.
Auto-Discovery Process
Auto-discovery enables Steelhead appliances to automatically find remote Steelhead appliances and to
optimize traffic to them. Auto-discovery relieves you of having to manually configure the Steelhead
appliances with large amounts of network information. The auto-discovery process enables you to control
and secure connections, specify which traffic is optimized, and specify how remote peers are selected for
optimization. There are two types of auto-discoveries, original and enhanced.
Enhanced auto-discovery (RiOS v4.0.x or later) automatically discovers the last Steelhead appliance in the
network path of the TCP connection. In contrast, the original auto-discovery protocol automatically
discovers the first Steelhead appliance in the path. The difference is only seen in environments where there
are three or more Steelhead appliances in the network path for connections to be optimized. Enhanced auto-
discovery works with Steelhead appliances running the original auto-discovery protocol (RiOS v4.0.x or
later).
Configuring Optimization
You configure optimization of traffic using the Management Console or the Riverbed CLI. You configure
the type of traffic a Steelhead appliance optimizes and specify the type of action it performs using:

Product Overview Overview of the Steelhead Appliance
 In-Path rules - In-path rules determine the action a Steelhead appliance takes when a connection is
initiated, usually by a client. In-path rules are used only when a connection is initiated. Because
connections are usually initiated by clients, in-path rules are configured for the initiating, or client-side
Steelhead appliance. You configure one of the following types of in-path rule actions:
– Auto Discover - Use the auto-discovery process to determine if a remote Steelhead appliance is
able to optimize the connection attempting to be created by this SYN packet.
– Fixed-Target - Skip the auto-discovery process and use a specified remote Steelhead appliance as
an optimization peer. Fixed-target rules require the input of at least one remote target Steelhead
appliance; an optional backup Steelhead appliance might also be specified.
– Fixed-Target (Packet Mode Optimization) - Skip the auto-discovery process and uses a specified
remote Steelhead appliance as an optimization peer to perform bandwidth optimization on TCPv4,
TCPv6, UDPv4, or UDPv6 connections. Packet-mode optimization rules support both physical in-
path and master/backup Steelhead appliance configurations. For details, see the Steelhead Appliance
Management Console User’s Guide.
– Pass-Through - Allow the SYN packet to pass through the Steelhead appliance. No optimization is
performed on the TCP connection initiated by this SYN packet.
– Discard - Drop the SYN packet silently.
– Deny - Drop the SYN packet and send a message back to its source.
 Peering rules - Peering rules determine how a Steelhead appliance reacts when it sees a probe query.
Peering rules are an ordered list of fields a Steelhead appliance uses to match with incoming SYN
packet fields: for example, source or destination subnet, IP address, VLAN, or TCP port, as well as the
IP address of the probing Steelhead appliance. This is especially useful in complex networks. There are
the following types of peering rule are available:
– Auto - If the receiving Steelhead appliance is not using enhanced auto-discovery, this has the same
effect as the Accept peering rule action. If enhanced auto-discovery is enabled, the Steelhead
appliance only becomes the optimization peer if it is the last Steelhead appliance in the path to the
server.
– Accept - The receiving Steelhead appliance responds to the probing Steelhead appliance and
becomes the remote-side Steelhead appliance (that is, the peer Steelhead appliance) for the
optimized connection.
– Passthrough - The receiving Steelhead appliance does not respond to the probing Steelhead
appliance, and allows the SYN+ probe packet to continue through the network.
For detailed information about in-path and peering rules and how to configure them, see the Steelhead
Appliance Management Console User’s Guide.
Fail-to-Wire (Bypass) Mode

All Steelhead appliance models and in-path network interface cards support a fail-to-wire mode. In the
event of a failure or loss of power, the Steelhead appliance goes into bypass mode and the traffic passes
through uninterrupted.
Many in-path network interface cards (NICs) also support a fail-to-block mode in which case if there is a
failure or loss of power, the Steelhead appliance LAN and WAN interfaces power down and stop bridging
traffic. The default failure mode is fail-to-wire mode.
If there is a serious problem with the Steelhead appliance or it is not powered on, it goes into bypass mode
to prevent a single point of failure. If the Steelhead appliance is in bypass mode, you are notified in the
following ways:

Overview of the Steelhead Appliance Product Overview
 The Intercept/Bypass status light on the bypass card is triggered. For detailed information about
bypass card status lights, see the appendices that follow.
 The Home page of the Management Console displays Critical in the Status bar.
 SNMP traps are sent (if you have set this option).
 The event is logged to system logs (syslog).
 Email notifications are sent (if you have set this option).
When the fault is corrected, new connections that are made receive optimization; however, connections
made during the fault are not. To force all connections to be optimized, enable the kickoff feature. Generally,
connections are short-lived and kickoff is not necessary. For detailed information about enabling the kickoff
feature, see the Steelhead Appliance Management Console User’s Guide and the Steelhead Appliance Deployment
Guide.
When the Steelhead appliance is in bypass mode the traffic passes through uninterrupted. Traffic that was
optimized might be interrupted, depending on the behavior of the application-layer protocols. When
connections are restored, they succeed, although without optimization.
In an out-of-path deployment, if the server-side Steelhead appliance fails, the first connection from the
client fails. After detecting that the Steelhead appliance is not functioning, a ping channel is setup from the
client-side Steelhead appliance to the server-side Steelhead appliance. Subsequent connections are passed
through unoptimized. When the ping succeeds, processing is restored and subsequent connections are
intercepted and optimized.
For detailed information about the ping command, see the Riverbed Command-Line Interface Reference
Manual.
Fail-to-Block (Disconnect) Mode

In fail-to-block mode, if the Steelhead appliance has an internal software failure or power loss, the Steelhead
appliance LAN and WAN interfaces power down and stop bridging traffic.
When fail-to-block is enabled, a failed Steelhead appliance blocks traffic along its path, forcing traffic to be
re-routed onto other paths (where the remaining Steelhead appliances are deployed). This is only useful if
the network has a routing or switching infrastructure that can automatically divert traffic off of the link once
the failed Steelhead appliance blocks it.
Note: You can use this with connection-forwarding, the allow-failure CLI command, and an additional Steelhead
appliance on another path to the WAN to achieve redundancy. For more information, see the Riverbed Command-Line
Interface Reference Manual.
You set fail-to-block mode in the Steelhead appliance CLI. For detailed information, see the Steelhead
Appliance Deployment Guide.

Product Overview New Features in Version 8.6
New Features in Version 8.6

This section provides an overview of the new features available in RiOS v8.6. For details, see the Steelhead
Appliance Management Console User’s Guide, the Steelhead Appliance Deployment Guide - Protocols, the Steelhead
Appliance Deployment Guide, and the Riverbed Command-Line Interface Reference Manual.
 Path Selection Enhancements - Includes support for these features:
– Multiple and single firewalled paths using GRE tunneled paths. You can now create direct
tunneled paths to steer traffic over any path that traverses a stateful firewall between the server-
side Steelhead appliance and the client-side Steelhead appliance.
– Firewalled deployments using the Application Flow Engine (AFE) to identify and steer traffic
flows.
– Symmetric and asymmetric traffic flows.
 New SharePoint Optimization Diagnostic Reporting - Provides cache hit rates and and totals for
these SharePoint extensions:
– Web Distributed Authoring and Versioning (WebDAV) – HTTP/1.1 extension. The local Steelhead
appliance proxies transactions, fetching information ahead of time to serve data locally. For
example, for directory browsing, the Steelhead appliances fetch structures of subdirectories,
caching them for faster response to the client.
– FrontPage Server Extensions (FPSE), which enable the client application to display the contents of a
Web site as a file system.
 SSL Common Name Support for the AFE - Improves SSL application classification efficiency by
allowing wildcards in SSL common name identification.
 New Current Connection Details - Provides more information on QoS classes, applications, and
outbound QoS marking for individual connections.
 Over 350 Additional Applications in the AFE - Includes significant additions to the number of
popular applications recognized by the AFE. The AFE enhancements further classify the various
Microsoft Lync workloads. Lync a multi-featured communications suite that goes across many
protocols. The AFE covers the majority of the traffic generated between Lync clients and servers.
The AFE greatly eases the process of identifying applications in Steelhead appliances. For a complete
list of recognized applications, see the Steelhead Appliance Management Console User’s Guide.
 Authentication Scaling and Load Balancing for Secure Protocol Optimization - Improves the
number of authentications per second and availability of domain authentication operations. The
improvements meet the requirements of high-load environments for encrypted MAPI and signed-SMB
traffic to load balance across multiple domain controllers. They also improve handling in
environments where the domain controllers are not local to the server-side Steelhead appliance; for
example, the domain controllers in Microsoft Office 365 data centers. For details, see the Riverbed
Command-Line Interface Reference Manual.
 MAPI and eMAPI Over IPv6 Optimization - Provides latency optimization for MAPI and eMAPI
over IPv6. Authentication is over IPv4 only. Communication to the domain controller is over IPv4
only.
 HTTP Optimization Improvements - Removes the 1 MB bypass limit for Steelhead appliances
running RiOS v8.6. The limit is still in effect for a Steelhead appliance peered with a Steelhead
appliance running RiOS v8.5.x and earlier. The HTTP cache limit is still 1 MB.
 RiOS now allows caching of HTTP Vary headers when encoding is set to None. Combine with strip
compression to improve the cache hits.

Upgrading RiOS to v8.6 Product Overview
 Added diagnostics for stream splitting.

 Improved RiOS Data Store Encryption Performance - Includes several methods to alleviate lock
contention, improving encrypted data store throughput and latency.
 New System Administrator Role - Includes permission for all other RBM roles and permission to
perform appliance administration, minimizing the need to assign an administrator role that grants full
read-write access to all areas of the appliance. For details, see the Riverbed Command-Line Interface
Reference Manual.
 SSL Transport Layer Security (TLS) Support - Enhances security on the inner and outer SSL channels
between the client-side and server-side Steelhead appliances. Support includes the TLS version 1.1
and1.2 encryption protocol. For details, see the Riverbed Command-Line Interface Reference Manual.
Upgrading RiOS to v8.6

RiOS v8.6 is backward compatible with previous RiOS versions. However, to obtain the full benefits of the
new features in RiOS v8.6, you must upgrade the client-side and server-side Steelhead appliances on any
given WAN link. After you have upgraded all appliances, all the benefits of the v8.6 features and
enhancements are available.
Upgrade Considerations
Consider the following before upgrading RiOS:
 You cannot upgrade Series xx20 hardware to RiOS v8.6.
 If you mix RiOS software versions in your network, the releases might support different optimization
features and you cannot take full advantage of the features that are not part of the older software
versions.
 RiOS v8.6 uses more data points to improve statistic reporting for many reports. The upgrade backs up
all preexisting report statistics and converts them into the new granularity, by scaling each two-hour
data points for a month to 5-minute points throughout.
 To use terminated TCP optimization after upgrading from RiOS v8.0.x to v8.6, you must change any
existing in-path rule used for packet-mode IPv4 or IPv6 optimization to a terminated optimization
rule.
 Upgrading from RiOS v8.0.x (or earlier) to v8.6 might require a configuration modification to
deployments optimizing only the server-to-client direction of a TCPv6 connection using packet-mode.
Consider a deployment running RiOS v8.0 with packet-mode optimization enabled on the client- and
server-side Steelhead appliance. The server-side Steelhead appliance is configured with server-to-
client fixed-target packet-mode rules. As a result, any traffic flowing from the server to the client for
connections that originated at the client receive packet-mode optimization.
The packet-mode rules exist only on the server-side Steelhead appliance. No other rules are configured
on the client- or server-side Steelhead appliances.
Because the client-side Steelhead appliance does not have fixed-target rules matching the client to
server traffic, it passes it through according to the default TCPv6 rule.

Product Overview Upgrading RiOS to v8.6
After upgrading the client- and server-side Steelhead appliances to RiOS v8.6 in this deployment
scenario, connections originating from the client toward the server now receive terminated TCP
optimization. This happens because RiOS 8.6 supports terminated optimization for TCPv6 and the
connections originating from the client now match the default optimization (terminated-mode) rule on
the client-side Steelhead appliance. As a result, the server-to-client traffic of these connections also
receives terminated TCP optimization.
To continue passing through the client-to-server traffic and optimizing the server-to-client traffic using
packet-mode, as before the upgrade, you need to configure a pass-through in-path rule on the client-
side Steelhead appliance.
Recommended Upgrade Paths

To find allowed upgrades between RiOS versions and recommended upgrade paths, use the Software
Upgrade tool on the Riverbed Support site at https://support.riverbed.com. The tool includes all of the
recommended intermediate RiOS versions.
Upgrading the RiOS Software Version

Follow these steps to upgrade your RiOS software. These instructions assume you are familiar with the
Steelhead appliance, the CLI, and the Management Console.
To upgrade the RiOS software version
1. Download the software image from the Riverbed Support site to a location such as your desktop.
Optionally, in RiOS v8.6, you can download a delta image directly from the Riverbed Support site to the
Steelhead appliance. The downloaded image includes only the incremental changes. The smaller file
size means a faster download and less load on the network. To download a delta image, skip to step 2.
2. Log in to the Management Console using the Administrator account (admin).
3. Choose Configure > Maintenance > Software Upgrade page and choose one of the following options:
– From URL - Type the URL that points to the software image. Use one of the following formats:
http://host/path/to/file
https://host/path/to/file
ftp://user:password@host/path/to/file
scp://user:password@host/path/to/file
– From Riverbed Support Site - Select the target release number from the drop-down list to
download a delta image directly to the appliance from the Riverbed Support site. The downloaded
image includes only the incremental changes. You do not need to download the entire image. The
system downloads and installs the new image immediately after you click Install. To download
and install the image later, schedule another date or time before you click Install.
– From Local File - Browse your file system and select the software image.
– Schedule Upgrade for Later. - Select this check box to schedule an upgrade for a later time. Type
the date and time in the Date and Time text boxes using these formats:
YYYY/MM/DD and HH:MM:SS.
4. Click Install to immediately upload and install the software upgrade on your system, unless you
schedule it for later.

Upgrading RiOS to v8.6 Product Overview
The software image can be quite large; uploading the image to the system can take a few minutes.
Downloading a delta image directly from the Riverbed Support site is faster because the downloaded
image includes only the incremental changes and is downloaded directly to the appliance.
As the upgrade progresses, status messages appear.
After the installation is complete, you are reminded to reboot the system to switch to the new version
of the software.
5. Choose Configure > Maintenance > Reboot/Shut Down and click Reboot.
The appliance can take a few minutes to reboot. This is normal behavior as the software is configuring
the recovery flash device. Do not press Ctrl-C, unplug, or otherwise shut down the system during this
first boot. There is no indication displayed during the system boot that the recovery flash device is
being configured.
After the reboot, the Home page, Software Upgrade, and Support pages of the Management Console
display the RiOS version upgrade.
Downgrading the RiOS Software Version

If you are downgrading to a previous version of the RiOS software, you must downgrade to a version of
the software that has previously run on your system.
Note: When downgrading from an image that supports four 10 GigE cards to an older image that does not, the message
Updating BIOS. Do not interrupt or reboot till the command completes appears. This message indicates
that the appropriate BIOS for your software image is being installed.

Product Overview Upgrading RiOS to v8.6

CHAPTER 2 Managing Riverbed Licenses
This chapter describes the Riverbed licensing methods and how to manage Riverbed licenses. It includes
the following sections:
 “Riverbed Licensing Methods” on page 19
 “Automatic Licensing” on page 20
 “Retrieving Licenses Using the Riverbed Licensing Portal” on page 21
 “Installing Your License Keys” on page 22
Riverbed Licensing Methods

A license is a string issued by Riverbed that embeds information that ties the license to data to prevent
tampering. After you install the license, the system saves it in the configuration database and enables the
functionality associated with the license. Riverbed employs the following licensing methods:
 Automatic Licensing - After you connect your Steelhead appliance to the network, the Steelhead
appliance automatically contacts the Riverbed Licensing Portal and downloads and installs the
licenses.
 Manual Licensing - You can manually fetch and activate licenses for Riverbed products using the
Riverbed Licensing Portal. Go to https://licensing.riverbed.com/index.htm and follow the
instructions to retrieve and activate license keys.
 Factory Licensing - You can have all your Riverbed licenses installed at the factory for a small fee.
 Token Method - You use tokens to activate Riverbed software, such as the Virtual Steelhead Mobile,
Virtual Whitewater gateway, Virtual Steelhead, and HP ProCurve. For detailed information, see the
respective installation guides for these products.

Managing Riverbed Licenses Automatic Licensing
Automatic Licensing
Automatic licensing allows the Steelhead appliance, once connected to the network, to automatically
contact the Riverbed Licensing Portal to retrieve and install license keys onto the appliance. Automatic
licensing simplifies inventory management and provides an automated mechanism of fetching licenses for
Riverbed products without having to manually activate individual appliances and licenses.
If you are behind a firewall you can retrieve licenses at the Riverbed Licensing Portal using the email option
or by downloading and XML file to the Central Management Console. For detailed information, see
“Retrieving Licenses Using the Riverbed Licensing Portal” on page 21.
Automatic licensing also works over a web proxy. For details on setting up a web proxy, see the Steelhead
Appliance Management Console User’s Guide.
Tip: If automatic licensing fails, an error message appears in the Management Console. Go to the Riverbed Licensing
Portal and follow the instructions for retrieving your licenses.
To view licenses on a new Steelhead appliance

 Connect the new Steelhead appliance to the network.
The Steelhead appliance automatically contacts the Riverbed Licensing Portal which downloads and
installs the licenses. The Management Console Licensing page displays a success message or the Alarm
Status page reports an actionable error message.
To replace expired licenses

 Purchase new downloadable licenses to replace the expired license.
At the time of the next scheduled automatic license fetch, the Steelhead appliance automatically
contacts the Riverbed License Portal and downloads the new licenses. The Management Console
Licensing page displays a success message or the Alarm Status page reports an actionable error
message. You do not need to delete the expired license. The system uses the license with the latest
expiration date.
To fetch a license on demand
1. In the Management Console choose Configure > Maintenance > Licenses to display the Licenses page.
2. Click Fetch Updates Now.

The Management Console Licensing page displays a success message or the Alarm Status page reports
an actionable error message.
Note: Only administrator users can fetch and install licenses. For detailed information on administrator and monitor
users, see the Steelhead Appliance Management Console User’s Guide.

Manual Licensing Using the Riverbed Licensing Portal Managing Riverbed Licenses
Manual Licensing Using the Riverbed Licensing Portal

You can retrieve and manage Riverbed licenses using the Riverbed Licensing Portal. Once you retrieve a
license from the Riverbed Licensing Portal, you need to install it.
Retrieving Licenses Using the Riverbed Licensing Portal

The licensing portal requires a unique product identifier to retrieve a license. Depending on the product,
the identifier can be a serial number, a license request key (activation code), or a token. The steps to retrieve
a license vary based on the product identifier. Online instructions guide you through the process.
To retrieve your licenses for an appliance using a serial number
1. Go to the License Activation page in the Riverbed Licensing Portal at https://licensing.riverbed.com/

index.htm
2. Enter your appliance serial number as your unique product identifier.

The serial number is on a label located on your appliance and it also appears in the Support tab of the
Management Console.
3. Click Next.
4. Provide the contact information for the license, including your name and email.
5. Click Submit.
The Licensing Portal displays license information for all the products purchased with the serial
number you specified.
6. Click a serial number to see license details.
7. Optionally, if you are behind a firewall, type the email address in the Email address text box and click
Email Keys to have the license keys emailed to you.
8. Optionally, if you are behind a firewall, click Download XML to download an XML file. The XML file
can be imported by the Central Management Console.
Tip: Click New Search to look for additional license records.

Managing Riverbed Licenses Installing Your License Keys
Installing Your License Keys

Because each license key is generated for a specific appliance, ensure that you install your license key on
the appropriate appliance.
To install a license using the CLI
1. Connect to the CLI of the appliance and enter configuration mode.

For details see the Riverbed Command-Line Interface Reference Manual.
2. At the system prompt, enter the following commands:

license install <the license key you retrieved from Riverbed Licensing Portal>
write memory
To install a license using the Management Console
1. Connect to the Management Console of the appliance.

For details, see the Steelhead Appliance Management Console User’s Guide.
2. Choose Configure > Maintenance > Licenses to display the Licenses Page.
3. Copy and paste the license key provided by Riverbed Licensing Portal into the text box. Separate
multiple license keys with a space, Tab, or Enter.

CHAPTER 3 Installing and Configuring the
Steelhead Appliance
This chapter describes how to install and configure the Steelhead appliance in an in-path and out-of-path
network deployment. This chapter includes the following sections:
 “Choosing a Network Deployment” on page 23
 “Checking Your Inventory” on page 25
 “Preparing Your Site for Installation” on page 26
 “Powering On the System” on page 29
 “Configuring In-Path Steelhead Appliances” on page 30
 “Configuring Out-of-Path Steelhead Appliances” on page 40
Important: Read and follow the safety guidelines described in the Safety and Compliance Guide. Failure to follow these
safety guidelines can result in damage to the equipment.
Choosing a Network Deployment

Typically, you deploy the Steelhead appliance on a LAN, with communication between appliances taking
place over a private WAN or VPN. Because optimization between Steelhead appliances typically takes place
over a secure WAN, you do not need to configure company firewalls to support Steelhead-specific ports.
Note: If there are one or more firewalls between two Steelhead appliances, ports 7800 and 7810 must be passed through
firewall devices located between the pair of Steelhead appliances. Also, SYN and SYN/ACK packets with the TCP
option 76 must be passed through firewalls for auto-discovery to function properly.
For optimal performance, you should minimize latency between Steelhead appliances and their respective
clients and servers. Steelhead appliances should be as close as possible to your network end points (client-
side Steelhead appliances should be as close to your clients as possible and server-side Steelhead appliances
should be as close to your servers as possible).

Installing and Configuring the Steelhead Appliance Choosing a Network Deployment
Ideally, Steelhead appliances optimize only traffic that is initiated or terminated at their local site. The best
and easiest way to achieve this is to deploy the Steelhead appliances where the LAN connects to the WAN,
and not where any LAN-to-LAN or WAN-to-WAN traffic can pass through (or be redirected to) the
Steelhead appliance.
For detailed information about your deployment options and best practices for deploying Steelhead
appliances, see the Steelhead Appliance Deployment Guide.
Before you begin the installation and configuration process, you must select a network deployment:
 Physical In-Path - In a physical in-path deployment, the Steelhead appliance is physically in the direct
path between clients and servers. The clients and servers continue to see client and server Internet
Protocol (IP) addresses. In-path designs are the simplest to configure and manage, and the most
common type of Steelhead appliance deployment, even for large sites.
Figure 3-1. Physical In-Path Deployment
 Virtual In-Path - In a virtual in-path deployment, a redirection mechanism (such as WCCP, PBR, or
Layer-4 switching) is used to place the Steelhead appliance virtually in the path between clients and
servers.
Figure 3-2. Virtual In-Path: WCCP Deployment

Checking Your Inventory Installing and Configuring the Steelhead Appliance
 Out-of-Path - In an out-of-path deployment, the server-side Steelhead appliance is not in the direct
path between the client and the server. In an out-of-path deployment, the Steelhead appliance acts as a
proxy. This type of deployment might be suitable for locations where physical in-path or virtual in-
path configurations are not possible.
Figure 3-3. Out-of-Path Deployment
Checking Your Inventory

Your shipping carton contains the following items:
 The Steelhead appliance
 One standard Ethernet straight-through cable
 One standard Ethernet crossover cable
 One serial null-modem cable
 One or two power cables (depending on your order)
Aside from country-specific requirements, all systems ship with the same power cable. The power
cable has a IEC 60320 C13 plug on one end (to connect to the Steelhead appliance) and a country-
specific plug that fits the wall socket for that country. If a system has two power supplies, it ships with
two suitable cables.
You must always connect the Steelhead appliance using either the cable in the accessories box or
another cable that is approved for use by the IEC in the country in which the appliance is connected.
You cannot connect a Steelhead appliance directly to multiphase outlets. You must use a rack PDU or
power strip that provides the appropriate three-prong outlet (hot/neutral/ground). For details, see the
Knowledge Base solution number 1301.
 One Phillips screwdriver
 Rails are preinstalled on the Series xx50 and xx60 platforms
 One mounting kit
 Documentation kit
If any items are damaged or missing, notify Riverbed Support at https://support.riverbed.com for
replacement or repair.

Installing and Configuring the Steelhead Appliance Preparing Your Site for Installation
Preparing Your Site for Installation

The Steelhead appliance is shipped completely assembled, with all the equipment parts in place and
securely fastened.
Site Requirements
Before you install the Steelhead appliance, make sure that your site meets the following requirements:
 It is a standard electronic environment where the ambient temperature does not exceed 40º C (104º F)
and the relative humidity does not exceed 80% (noncondensing). For detailed information, see the
appendices that follow.
 Ethernet connections are available within the standard Ethernet limit.
 There is available space on a two-post or four-post 19-inch rack. For details about installing the
Steelhead appliance to a rack, see the Rack Installation Guide or the printed instructions that were
shipped with the system.
 A clean power source is available, dedicated to computer devices and other electronic equipment.
 The rack is a standard 19-inch Telco-type mounting rack.
Note: Riverbed recommends that you use a four-post mounting rack for 2U and 3U systems.
Note: If your rack requires special mounting screws, contact your rack manufacturer.
Steelhead Appliance Ports

The following table summarizes the ports used to connect the Steelhead appliance to your network.
Port Description
Console Connects the serial cable to a terminal device. You establish a serial connection to a
terminal emulation program for console access to the configuration wizard and the
Steelhead CLI.
Primary The management interface that connects the Steelhead appliance to a LAN switch. This
(PRI) management interface enables you to connect to the Management Console and the
Steelhead CLI.
Tip: The primary and auxiliary ports cannot share the same network subnet.
Tip: The primary and in-path interfaces can share the same subnet.
Tip: You must use the primary port on the server-side for out-of-path deployments.
Auxiliary (AUX) An optional port that provides an additional management interface for a secondary
network. You cannot have the primary and auxiliary ports on the same subnet.
Tip: The auxiliary and in-path interfaces cannot share the same network subnet.
Tip: You cannot use the auxiliary port for out-of-path Steelhead appliances.

Preparing Your Site for Installation Installing and Configuring the Steelhead Appliance
Port Description
WAN Connects the WAN port of the Steelhead appliance and the WAN router using a crossover
cable.
LAN Connects the LAN port of the Steelhead appliance and the LAN switch using a straight-
through cable.
Note: If the Steelhead appliance is deployed between two switches, both the LAN and
WAN ports must be connected with straight-through cables.
Avoiding Duplex Mismatch

Before you begin the configuration process, ensure that your LAN and WAN interfaces have the same
duplex settings.
The Steelhead appliance automatically negotiates duplex settings. If one end of the link is set to auto-
negotiate and the other end of the link is not set to auto-negotiate, the duplex settings on the network device
default to half-duplex. This duplex mismatch passes traffic, but it causes late collisions and results in
degraded optimization. To achieve maximum optimization, set your network devices to 100 and full.
To avoid duplex mismatches, manually configure the duplex settings on your:
 router.
 switch.
 Steelhead appliance WAN interface.
 Steelhead appliance LAN interface.
 Steelhead appliance primary interface.
The following can be signs of a duplex mismatch:
 On the Reports > Diagnostics > System Logs page you see errors for sends, receives, CRC, and short
sends.
 You cannot connect to an attached device.
 You can connect to a device when you choose auto-negotiation, but you cannot connect to that same
device when you manually set the speed or duplex.
 Slow performance across the network.
For detailed information about checking for duplex mismatches, see Chapter 4, “Troubleshooting.”
Bypass Card Interface Naming Conventions

The interface names for the bypass cards are a combination of the slot number and the port pairs
(<slot>_<pair>, <slot>_<pair>). For example, if a four-port bypass card is located in slot 0 of your appliance,
the interface names are lan0_0, wan0_0, lan0_1, and wan0_1, respectively. Alternatively, if the bypass card
is located in slot 1 of your appliance, the interface names are lan1_0, wan1_0, lan1_1, and wan1_1,
respectively.
For detailed information about installing additional bypass cards, see the Network Interface Card Installation
Guide.

Installing and Configuring the Steelhead Appliance Preparing Your Site for Installation
Completing the Configuration Checklist

Before you begin, consult the Rack Installation Guide for detailed information about how to install your
model to a rack.
The following checklist lists the parameters you specify to complete the initial configuration of the
Steelhead appliance. Be prepared to provide values for these parameters.
Appliance Parameter Your Value
Steelhead Appliance (the Host name

Primary Interface)
IP address
Netmask
Default gateway (the WAN

gateway)
DNS IP address
Domain name for the system
Administrator password
SMTP server IP address
Events and failures notification

email address
Primary interface speed
Primary interface duplex
In-Path Deployments In-path interface IP address
In-path netmask
In-path gateway
In-path: LAN interface speed
In-path: LAN interface duplex
In-path: WAN interface speed
In-path: WAN interface duplex
Note: The Steelhead appliance automatically negotiates duplex settings. If one end of the link is set to auto-negotiate
and the other end of the link is not set to auto-negotiate, the duplex settings on the network device default to half-
duplex. This duplex mismatch passes traffic, but it causes late collisions and results in degraded optimization. To
achieve maximum optimization, set the network devices to 100 and full.

Powering On the System Installing and Configuring the Steelhead Appliance
Powering On the System

The following section describes how to connect the AC power and how to power on the system.
Caution: In European electrical environments you must ground (earth) the Green/Yellow tab on the power cord, or risk
electrical shock.
To power on the system
1. If your system has a master power switch, ensure that the system and master power switch is in the off
position on the rear of the Steelhead appliance.
2. Plug the AC power cord into the Steelhead appliance.
Note: If your model has multiple power supplies, you must plug in all the power cords or you will hear an alarm.
Figure 3-4. Connecting the AC Power
3. Plug the AC power cord into an uninterrupted AC power source.
4. Press the system power switch on. If the Steelhead appliance does not immediately power on, press the
power switch off, then press the power switch on again.
5. Check the status lights on the Steelhead appliance. For detailed information about the status lights, see
the appendices that follow.
Note: The Steelhead CX appliance (Series xx55) takes approximately 10 minutes to boot.
Securing the Power Cord on Desktop Systems

The CX255 models include a power cord retention module. You can install this to reduce the risk of
accidentally unplugging the power.
To install the power cord retention module
1. Push the retention module into the socket near the power connection.

Installing and Configuring the Steelhead Appliance Configuring In-Path Steelhead Appliances
The socket is left of the power supply.
2. Attach the retention fastener to module and tighten around the power cable.
The retention module does not prevent accidental pulls from removing the power cord, but it does provide
increased protection.
Configuring In-Path Steelhead Appliances

In a physical in-path deployment, the Steelhead appliance is physically in the direct path between clients
and servers. The clients and servers continue to see client and server IP addresses. Physical in-path
configurations are suitable for any location where the total bandwidth is within the limits of the installed
Steelhead appliance. For a detailed figure, see “Choosing a Network Deployment” on page 23.
For detailed information about in-path deployments, see the Steelhead Appliance Deployment Guide.
You use standard Ethernet straight-through and crossover cables to connect to your network in an in-path
configuration. Make sure that you use the correct cables to establish your network connections:
 Straight-through cables - Primary and LAN ports on the appliance to the LAN switch.
 Crossover cable - WAN port on the appliance to the WAN router.
Connecting the Steelhead Appliance to Your Network

You use standard Ethernet straight-through and crossover cables to connect to your network in an in-path
configuration. Make sure that you use the correct cables to establish your network connections:

Configuring In-Path Steelhead Appliances Installing and Configuring the Steelhead Appliance
 Straight-through cables - Primary and LAN ports on the appliance to the LAN switch.
 Crossover cable - WAN port on the appliance to the WAN router.
To connect to the Steelhead appliance to your network
1. Plug the straight-through cable into the primary port of the Steelhead appliance and the LAN switch.
This can be any port on your LAN switch configured to connect to a host.
Figure 3-5. Connecting the Primary Port to the LAN Switch
2. Identify the straight-through cable that connects your LAN switch to your WAN router. Unplug the end
connected to the WAN router.
Figure 3-6. Disconnecting the WAN Router
3. Plug the straight-through cable that you disconnected from the WAN router into the LAN port of the
Figure 3-7. Connecting the LAN Switch to the LAN Port

4. Using the provided crossover cable, plug the cable into the WAN port of the Steelhead appliance and
the WAN router. This must be a crossover cable.
Figure 3-8. Connecting the WAN Port to the WAN Router
Note: If you have a four-port or six-port bypass card, repeat Step 1 through Step 4. For detailed information about
installing additional bypass cards, see the Network Interface Card Installation Guide.
Running the Configuration Wizard

To access the configuration wizard and the Steelhead CLI, you establish a serial connection using a terminal
emulator program.
To run the configuration wizard
1. Plug the serial cable into the Serial/Console port and a terminal.
Figure 3-9. Connecting to the Steelhead Appliance
2. Start your terminal emulation program, such as Tera Term Pro. The terminal device must have the
following settings:
 Baud rate: 9600 bps
 Data bits: 8
 Parity: none
 Stop bits: 1
 vt100 emulation
 No flow control

If you are using the Steelhead appliance with a terminal server, the terminal server must use hardware
flow control for the port connected to the Steelhead appliance.
Riverbed recommends that you connect the console port to a device that logs output. Even though this
is not a requirement, it can help you to identify problems with the system.
3. Log in as administrator user (admin) and enter the default password (password). For example,
login as: admin
Sent username "admin"
password: password
The configuration wizard automatically starts after you have entered the login and default password.
After you have established a connection, you configure the Steelhead appliance using the
configuration wizard.
4. If you have a Central Management Console (CMC) appliance installed in your network to manage
multiple Steelhead appliances, you can use it to automatically configure them:
Do you want to auto-configure using a CMC? no
If you answer yes, you are prompted for the CMC host name or IP address. The host name or IP
address is used to contact the CMC. The default value is riverbedcmc. If you enter no, the wizard
continues.
Tip: If you mistakenly answer yes, to return to the wizard from the CLI, enter the configuration jump-start command
from configuration mode. For detailed information, see the “To restart the configuration wizard” on page 35.
5. To start the configuration wizard, enter yes at the system prompt.

Do you want to use the configuration wizard for initial configuration? yes
Press Enter to enter the default value; press ? for help; press Ctrl-B to go back to the previous step.
6. Complete the configuration wizard steps on the client-side and the server-side Steelhead appliances as
described in the following table.
Wizard Prompt Description Example
Step 1: Host name? Enter the host name for the Steelhead hostname? amnesiac
appliance.
Step 2: Use DHCP on the You are given the option to enable the Use DHCP? no
primary interface? DHCP to automatically assign an IP
address to the primary interface for
the Steelhead appliance.
Riverbed recommends that you do not
set DHCP.
The default value is no.
Step 3: Primary IP address? Enter the IP address for the Steelhead Primary IP address? 10.10.10.6
appliance.
Step 4: Netmask? Enter the netmask address. Netmask? 255.255.0.0
Step 5: Default gateway? Enter the default gateway for the Default gateway? 10.0.0.1

Step 6: Primary DNS server? Enter the primary DNS server IP Primary DNS server? 10.0.0.2
address.
Step 7: Domain name? Enter the domain name for the Domain name? example.com
network where the Steelhead
appliance is to reside.
If you set a domain name, you can
enter host names in the system
without the domain name.
Step 8: Admin password? Riverbed strongly recommends that Admin password? xxxyyy
you change the default administrator
password at this time. The password
must be a minimum of six characters.
The default administrator password is
password.
Step 9: SMTP server? Enter the name of the SMTP server. SMTP server? natoma
External DNS and external access for
SMTP traffic is required for email
notification of events and failures to
function.
Important: Make sure that you
provide a valid SMTP server to ensure
that the email notifications for events
and failures.
Step 10: Notification email Enter a valid email address to which Notification email address?
address? notification of events and failures are example@xample.com
to be sent.
Step 11: Set the primary interface Enter the speed on the primary Set the primary interface speed?
speed? interface (that is, the Steelhead [auto] auto
appliance). Make sure that this value
matches the settings on your router or
switch.
The default value is auto.
Step 12: Set the primary interface Enter the duplex mode on the primary Set the primary interface
duplex? interface. Make sure that this value duplex? [auto] auto
switch. The default value is auto.
Step 13: Would you like to Enter yes at the system prompt to Would you like to activate the
activate the in-path configure in-path support. An in-path in-path configuration? yes
configuration? configuration is a configuration in
which the Steelhead appliance is in
the direct path of the client and server.
For detailed information about in-
path configurations, see the Steelhead
Step 14: In-Path IP address? Enter the in-path IP address for the In-Path IP address? 10.11.11.6
Step 15: In-Path Netmask? Enter the in-path netmask address. In-Path Netmask? 255.255.0.0
Step 16: In-Path Default Enter the in-path default gateway (the In-Path Default Gateway?
gateway? WAN gateway). 10.11.11.16

Step 17: Set the in-path: LAN Enter the in-path, LAN interface Set the in-path: LAN interface
interface speed? speed. Make sure that this value speed? [auto] auto
switch.
Step 18: Set the in-path: LAN Enter the in-path, LAN duplex value. Set the in-path: LAN interface
interface duplex? Make sure that this value matches the duplex? [auto] auto
settings on your router or switch.
Step 19: Set the in-path: WAN Enter the in-path, WAN interface Set the in-path: WAN interface
interface speed? speed. Make sure that this value speed? [auto] auto
switch.
Step 20: Set the in-path: WAN Enter the in-path, WAN duplex speed. Set the in-path: WAN interface
interface duplex? Make sure that this value matches the duplex? [auto] auto
setting on your router or switch.
7. The system confirms your settings.

You have entered the following information:
1. Hostname: amnesiac
2. Use DHCP on primary interface: no
3. Primary IP address: 10.10.10.6
4. Netmask: 255.255.0.0
5. Default gateway: 10.0.0.1
6. Primary DNS server: 10.0.0.2
7. Domain name: example.com
8. Admin password: xxxyyy
9. SMTP server: natoma
10. Notification email address: example@example.com
11. Set the primary interface speed: auto
12. Set the primary interface duplex: auto
13. Would you like to activate the in-path configuration: yes
14. In-Path IP address: 10.11.11.6
15. In-Path Netmask: 255.255.0.0
16. In-Path Default gateway: 10.11.11.16
17. Set the in-path:LAN interface speed: auto
18. Set the in-path:LAN interface duplex: auto
19. Set the in-path:WAN interface speed: auto
20. Set the in-path:WAN interface duplex: auto
To change an answer, enter the step number to return to.
Otherwise hit <enter> to save changes and exit.
Choice:
The Steelhead appliance configuration wizard automatically saves your configuration settings.
8. To log out of the system, enter the following command at the system prompt:
amnesiac> exit
To restart the configuration wizard

 Enter the following set of commands at the system prompt:
> enable

# configure terminal
(config) # configuration jump-start
For detailed information about the CLI, see the Riverbed Command-Line Interface Reference Manual.
Verifying You Are Connected to the Steelhead Appliance

Perform the following tasks to verify that you have properly connected the Steelhead appliance.
To verify you are connected to the Steelhead appliance
1. Verify that you can connect to the CLI using one of the following devices:
 An ASCII terminal or emulator that can connect to the serial console. It must have the following
settings: 9600 baud, 8 bits, no parity, 1 stop bit, vt100, and no flow control.
 A computer with a Secure Shell (SSH) client that is connected to the Steelhead appliance primary port.
2. At the system prompt, enter the following command:

ssh admin@host.domain
or
ssh admin@ipaddress
3. You are prompted for the administrator password. This is the password you set in the configuration
wizard.
4. At the system prompt, ping from the management interface:

ping -I <primary-IP-address> <primary-default-gateway>
5. At the system prompt, ping from the in-path default gateway:

ping -I <in-path-IP-address> <in-path-default-gateway>

If you have problems connecting to the Steelhead appliance, use the following flow chart to trouble shoot
issues.
Figure 3-10. Resolving IP Connectivity

Connecting to the Management Console

After you configure the Steelhead appliance, you can check and modify your configuration settings and
view performance reports and system logs in the Management Console. You can connect to the
Management Console through any supported Web browser.
To connect to the Management Console, you must know the host, domain, and administrator password that
you assigned in the configuration wizard.
Note: Cookies and JavaScript must be enabled in your Web browser.
To connect to the Management Console
1. Specify the URL for the Management Console in the location box of your Web browser:
protocol://host.domain
– protocol is http or https. HTTPS uses the SSL protocol to ensure that a secure environment. If you
use HTTPS to connect, you are prompted to inspect and verify the SSL key.
– host is the host name you assigned to the Steelhead appliance during initial configuration. If your
DNS server maps that IP address to a name, you can specify the DNS name.
– domain is the full domain name for the Steelhead appliance.
Note: Alternatively, you can specify the IP address instead of the host and domain.
The Management Console appears, displaying the Login page.

Figure 3-11. Login Page

2. In the Username text box, type the user login: admin, monitor, a login from a RADIUS or TACACS+
database, or any local accounts created using the Role-Based Accounts feature. The default login is
admin.
Users with administrator (admin) privileges can configure and administer the Steelhead appliance.
Users with monitor (monitor) privileges can view the Steelhead appliance reports, user logs, and
change their own password. A monitor user cannot make configuration changes.
3. In the Password text box, type the password you assigned in the configuration wizard of the Steelhead
appliance. (The Steelhead appliance is shipped with the default password: password.)
4. Click Log In to display the Home page.

The Home page summarizes the current status of your system.
Verifying WAN Optimization

Perform the following tasks to verify that you have properly configured the Steelhead appliance.
To verify optimization
1. Go to the Reports > Optimization > Bandwidth Optimization in the Management Console to verify
optimization.
2. Map a remote drive on a client machine.
3. Drag and drop a 1 MB file from the client to the remote server.
Ensure that the server is located across the WAN.
4. Drag and drop the 1 MB file again.

Performance improves significantly.
Checking for Speed and Duplex Errors

If you selected auto-negotiation (auto) for your in-path and primary interfaces, you must ensure that the
Steelhead appliance negotiated the speed and duplex at the rate your devices expect. For example, ensure
settings are auto on the LAN and WAN and 100 FULL on the LAN and WAN. You can verify your speed
and duplex settings in the Configure > Networking > Inpath0_0 page and the Configure > Networking >
Base Interfaces page of the Management Console.
To check for speed and duplex errors
1. In the Management Console, go to the Reports > Diagnostics > System Logs page.
2. Check the system logs for duplex or speed errors.
3. Go to the Reports > Networking > Current Connections page.
4. Check for duplex and speed errors.

If you find errors, change the speed and duplex settings on your LAN and WAN interface in the
Configure > Networking > Inpath 0_0 page.

Installing and Configuring the Steelhead Appliance Configuring Out-of-Path Steelhead Appliances
Configuring Out-of-Path Steelhead Appliances

In an out-of-path deployment, the Steelhead appliance is not in the direct path between the client and the
server. Servers see the IP address of the server-side Steelhead appliance rather than the client-side IP
address.
An out-of-path configuration is suitable for data center locations where physical in-path or logical in-path
configurations are not possible. For a detailed figure, see “Choosing a Network Deployment” on page 23.
For detailed information about out-of-path deployments, see the Steelhead Appliance Deployment Guide.
Connecting Out-of-Path Steelhead Appliances to Your Network

You use a standard Ethernet straight-through cable to connect the primary port of the Steelhead appliance
to the LAN switch in an out-of-path configuration.
To connect an out-of-path Steelhead appliance to your network

 Plug the straight-through cable into the primary port of the Steelhead appliance and the LAN switch.
This can be any port on your LAN switch that is configured to connect to a host.
Figure 3-12. Connecting the Primary Port and LAN Switch
Configuring the Server-Side Steelhead Appliance

The configuration wizard automatically starts when you log in to the Steelhead CLI for the first time. For
detailed information about the configuration wizard and how to start it, see “To run the configuration
wizard” on page 32.
In an out-of-path configuration, the client-side Steelhead appliance is configured as an in-path device and
the server-side Steelhead appliance is configured as an out-of-path device.
To configure the server-side Steelhead appliance
1. Check the duplex and speed settings on the router and switch that connects to your Steelhead appliance.
Make sure that the settings on the router, switch, and the Steelhead appliance match. For example,
ensure that settings are auto speed and duplex on the LAN and WAN or 100 FULL on the LAN and
WAN. If the settings do not match, optimization might be degraded.
2. Connect to the CLI.

Configuring Out-of-Path Steelhead Appliances Installing and Configuring the Steelhead Appliance
3. If you have a Central Management Console appliance installed in your network to manage multiple
Steelhead appliances, you can use it to automatically configure them.
Do you want to auto-configure using a CMC? no
If you enter yes, you are prompted for the CMC host name or IP address. The host name or IP address
is used to contact the CMC. The default value is set to riverbedcmc. If you enter no, the wizard
continues.
4. To start the configuration wizard, enter yes at the system prompt.

Do you want to use the configuration wizard for initial configuration? yes
Tip: If you mistakenly answer no, to return to the wizard from the CLI, enter the configuration jump-start command
from configuration mode. For detailed information, see the “To restart the configuration wizard” on page 35.
5. Complete the configuration wizard steps on the client side and server side.
Step 1: Host name? Enter the host name for the Steelhead Hostname? amnesiac
appliance.
Step 2: Use DHCP on the You are given the option to enable the Use DHCP? no
primary interface? DHCP to automatically assign an IP
address to the primary interface for
the Steelhead appliance.
Riverbed recommends that you do not
set DHCP.
The default value is no.
Step 3: Primary IP address? Enter the IP address for the Steelhead Primary IP address? 10.10.10.6
appliance.
Step 4: Netmask? Enter the netmask address. Netmask? 255.255.0.0
Step 5: Default gateway? Enter the default gateway for the Default gateway? 10.0.0.1
Step 6: Primary DNS server? Enter the primary DNS server IP Primary DNS server? 10.0.0.2
address.
Step 7: Domain name? Enter the domain name for the Domain name? example.com
network where the Steelhead
appliance is to reside.
If you set a domain name, you can
enter host names in the system
without the domain name.
Step 8: Admin password? Riverbed strongly recommends that Admin password? xxxyyy
you change the default administrator
password at this time. The password
must be a minimum of 6 characters.
The default administrator password is
password.

Step 9: SMTP server? Enter the SMTP server. External DNS SMTP server? natoma
and external access for SMTP traffic is
required for email notification of
events and failures to function.
Important: Make sure that you
provide a valid SMTP server to ensure
that the email notifications for events
and failures.
Step 10: Notification email Enter a valid email address to receive Notification email address?
address? email notification of events and example@example.com
failures.
Step 11: Set the primary interface Enter the speed on the primary Set the primary interface speed?
speed? interface (that is, the Steelhead [auto] auto
appliance). Make sure that this value
switch.
Step 12: Set the primary interface Enter the duplex mode on the primary Set the primary interface
duplex? interface, and type a value at the duplex? [auto] auto
system prompt. Make sure that this
value matches the settings on your
router or switch. The default value is
auto.
Step 13: Would you like to Enter no at the system prompt to Would you like to activate the
activate the in-path configure in-path support. An in-path in path configuration? no
configuration? configuration is a configuration in
which the Steelhead appliance is in
the direct path of the client and server.
Step 14: Would you like to Enter yes at the system prompt to Would you like to activate the
activate the out-of-path configure out-of-path support. An out-of-path configuration? [no]
configuration? out-of-path configuration is a yes
configuration in which the Steelhead
appliance is not in the direct path of
the client and server.
The system confirms your settings:

You have entered the following information:
Step 1: Hostname? amnesiac
Step 2: Use DHCP on primary interface? no
Step 3: Primary IP address? 10.10.10.6
Step 4: Netmask? 255.255.0.0
Step 5: Default gateway? 10.0.0.1
Step 6: Primary DNS server? 10.0.0.2
Step 7: Domain name? example.com
Step 8: Admin password? xxxyyyy
Step 9: SMTP server? natoma
Step 10: Notification email address? example@example.com
Step 11: Set the primary interface speed? auto

Step 12: Set the primary interface duplex? auto

Step 13. Would you like to activate the in-path configuration: no
Step 14: Would you like to activate the out-of-path configuration? yes
To change an answer, enter the step number to return to.

Otherwise hit <enter> to save changes and exit.
The Steelhead appliance configuration wizard automatically saves your settings.
6. To log out of the system, enter the following command at the system prompt:
amnesiac> exit
For details on restarting the configuration wizard, see “To restart the configuration wizard” on page 35.
Configuring the Client-Side Steelhead Appliance

In an out-of-path configuration, you configure the client-side Steelhead appliance in the same way as in an
in-path configuration. For optimization to occur, you must define a fixed-target rule on the client-side
Steelhead appliance that points to the out-of-path, server-side Steelhead appliance. You can define fixed-
target rules using the Management Console or the CLI.
For detailed information about the Management Console, see the Steelhead Appliance Management Console
User’s Guide.
For detailed information about the CLI, see the Riverbed Command-Line Interface Reference Manual.
The following procedures describe how to configure in-path rules using the Management Console.
To configure the client-side Steelhead appliance
1. Follow the procedures for an in-path configuration.

For details, see “Configuring In-Path Steelhead Appliances” on page 30.
2. Connect to the Management Console.

For details, see “Connecting to the Management Console” on page 38.

3. Choose Configure > Optimization > In-Path Rules page.

Figure 3-13. In-Path Rules Page
4. Under In-Path Rules, click Add a New In-Path Rule to display the in-path rule configuration options.
5. For Type, select Fixed-Target from the drop-down list.
6. For Target Appliance IP Address, specify the IP address and port number for the peer Steelhead
appliance.
Use one of these formats:
XXX.XXX.XXX.XXX/XX (IPv4)
X:X:X::X/XXX (IPv6)
The IP address must be the primary Port IP address on the target Steelhead appliance. The default port
is 7810.
7. Optionally, if you have a backup, out-of-path Steelhead appliance in your system (that is, failover
support), for Backup Appliance IP Address, specify the IP address and port for the backup appliance in
the Backup IP and Port text boxes.
Use one of these formats:
XXX.XXX.XXX.XXX/XX (IPv4)
X:X:X::X/XXX (IPv6)

The default port is 7810.
8. Click Add to apply the rule to the running configuration.
9. Click Save to write your settings to memory.

For detailed information about verifying your connections and configuration settings, see “Verifying
You Are Connected to the Steelhead Appliance” on page 36 and “Verifying WAN Optimization” on
page 39.
You can now optimize WAN traffic using the Steelhead appliance.


CHAPTER 4 Troubleshooting
This chapter describes how to troubleshoot the Steelhead appliance installation. This chapter describes how
to troubleshoot the following issues:
 “Cables” on page 47
 “Duplex Mismatch” on page 48
 “In-Path Steelhead Appliances Connection” on page 49
 “Oplock Issues” on page 49
 “CIFS Overlapping Open Optimization Denies Multi-User Access” on page 50
 “IP Address Configuration” on page 51
 “Asymmetric Routing” on page 52
 “Packet Ricochet” on page 52
 “Packet Ricochet: ICMP Redirects” on page 53
 “Auto-Discovery Failure” on page 55
 “Protocol Optimization Errors” on page 55
 “Server-Side Out-of-Path Connection Caveats” on page 55
 “Specific Problems” on page 56
 “Resetting a Lost Password” on page 57
 “Network Integration Checklist” on page 58
Cables
Improper cabling prevents smooth traffic flows between the Steelhead appliance and the router or switch.

Troubleshooting Duplex Mismatch
Solution
To ensure that the traffic flows when the Steelhead appliance is optimizing traffic, and when the Steelhead
appliance transitions to bypass mode, use the appropriate crossover or straight-through cable to connect
the Steelhead appliance to a router or switch. Verify the cable selection by removing the power cable from
the appliance, and then test connectivity through it. Make sure that you have connected your cables as
follows:
 Steelhead appliance to router: crossover cable
 Steelhead appliance to switch: straight-through cable
 Steelhead appliance to Steelhead appliance: crossover cable
 Steelhead appliance to a host: crossover cable
Duplex Mismatch
The following symptoms occur due to a duplex mismatch:
 Access is not faster after configuring the Steelhead appliance.
 The interface counters display error messages. An alarm or log message about error counts appears.
 The pass-through rule is ineffective. (This is a definite indication of duplex mismatch.)
 There are many retransmissions in packet traces.
 You cannot connect to an attached device.
 You can connect with a device when you choose auto-negotiation, but you cannot connect with the
same device when you manually set the speed or duplex.
 Good performance for one direction of data flow, but poor performance in the opposite direction.
Possible Cause
 You have probably set the duplex value for your router to 100Full (fixed) and for the Steelhead
appliance to Auto.
Example
The following example shows applications that appear slower with Steelhead appliances configured in an
in-path deployment. The timed performance numbers to transfer a 20-MB file over FTP are:
 no Steelhead appliance – 3:16
 cold Steelhead appliance – 5:08
 warm Steelhead appliance – 3:46
Adding a pass-through rule for an application does not help. Slow connections appear as optimized in the
Management Console on the Current Connections report page. However, stopping the Steelhead appliance
service while leaving the system powered on and an in-path configuration returns performance to original
levels.
Solutions
To resolve the duplex mismatch error:

In-Path Steelhead Appliances Connection Troubleshooting
 Connect to the Steelhead appliance CLI and enter the flood-ping command to check the duplex
mismatch:
ping –f –I >in-path-ip> –s 1400 <clientIP>
 Change the interface speed and duplex to match.

 Ensure there is a speed and duplex match between each in-path interface and its peer network
interface. If they do not match, you might have a large number of errors on the interface when it is in
the bypass mode, because the switch and the router are not set with the same duplex settings. Also,
ensure connectivity when service is down.
If matching speed and duplex do not reduce collisions or errors, try hard-setting one end and auto-
setting the other. Try the half-duplex mode.
 If all combinations fail, as a last resort, add an intermediary hub or switch that is more compatible with
both network interfaces.
In-Path Steelhead Appliances Connection

When there are Steelhead appliances with in-path connection issues, the two sites are connected in-path and
you can ping them, but they cannot connect to each other to optimize data.
Possible Cause
The firewall is running port filtering and drops your probe packets. The firewall is filtering the IP and port
address of the source and destination (bandwidth limitation) systems.
Solutions
To resolve the Steelhead appliance connection issue:
 open port 7800 on both firewalls.
 use the port visibility mode.
 if there is no encryption, place the Steelhead appliance after the firewall.
Oplock Issues
The following symptoms occur due to opportunistic lock (oplock) issues:
 File access is not faster or tasks such as drag-and-drop are fast but applications might benefit from
acceleration.
 The Current Connections report page in the Management Console (select Reports > Networking >
Current Connections) displays slow connections as optimized.
Possible Causes
 The client is running an old anti-virus software such as McAfee v4.5, the most common type, which
competes with the application for an oplock instead of opening as read-only. The antivirus causes
multiple file opens.

Troubleshooting CIFS Overlapping Open Optimization Denies Multi-User Access
 The server has oplocks disabled.
Example
You can open a previously-accessed file in 5 seconds on PC1, but you cannot open the same file under 24
seconds on PC2. If you close the file on PC1, you can open it in 5 seconds on PC2. However, it takes you 24
seconds to open the same file on PC1.
Solutions
Windows Common Internet File System (CIFS) uses oplock to determine the level of safety the OS or the
application has in working with a file. Oplock is a lock that a client requests on a file in a remote server.
An oplock controls the consistency of optimizations such as read-ahead. Oplock levels are reduced when
you make conflicting opens to a file.
To prevent any compromise to data integrity, the Steelhead appliance only optimizes data when a client has
exclusive access to the data.
When an oplock is not available, the Steelhead appliance does not perform application-level latency
optimization but still performs Scalable Data Referencing (SDR) and data compression as well as TCP
optimization. Therefore, even without the benefits of latency optimization, Steelhead appliances still
increase WAN performance, but not as effectively as when application optimizations are available.
To resolve oplock issues:
 Upgrade your anti-virus software to the latest version.
 Use Filemon (sysinternals) to check for file access.
 Enable CIFS Overlapping Opens (by default, this function is enabled). For details, see “CIFS
Overlapping Open Optimization Denies Multi-User Access” on page 50.
 Ensure that the server has oplock enabled by verifying registry settings on Windows servers or the
Filer configuration (for NetApp or EMC servers).
 Run a network analyzer such as Riverbed Cascade Pilot, which is fully integrated with Wireshark, and
determine that the server grants oplocks when the client opens a file.
 Check whether the client is running an anti-virus software that is scanning the files over the WAN or
that the anti-virus software does not break the oplock.
CIFS Overlapping Open Optimization Denies Multi-User

Access
The CIFS overlapping open optimization issue prevents a client from accessing a file when different clients
access the file at the same time.
Solution
To resolve the CIFS overlapping open optimization issue, configure CIFS overlapping open optimization
on the client-side Steelhead appliance as follows:
1. Connect to the Steelhead Management Console. For details, see the Steelhead Appliance Management
Console User’s Guide.

IP Address Configuration Troubleshooting
2. On the client-side Steelhead appliance, choose Configure > Optimization > CIFS (SMB1) to display the
CIFS (SMB1) page.
3. Under Overlapping Open Optimization (Advanced), complete the configuration as described in the
following table.
Control Description
Enable Overlapping Open Enables overlapping opens to obtain better performance with applications that
Optimization perform multiple opens on the same file: for example, CAD applications. By
default, this setting is disabled.
Note: Enable this setting on the client-side Steelhead appliance.
With overlapping opens enabled, the Steelhead appliance optimizes data where
exclusive access is available (when locks are granted). When an oplock is not
available, the Steelhead appliance does not perform application-level latency
optimizations but still performs SDR and compression on the data as well as
TCP optimizations.
Note: If a remote user opens a file that is optimized using the overlapping
opens feature and a second user opens the same file, they might receive an error
message if the file fails to go through a v3.x.x or later Steelhead appliance or if it
does not go through a Steelhead appliance: for example, certain applications
that are sent over the LAN. If this occurs, you should disable overlapping opens
for such applications.
Use the radio buttons to set either an include list or exclude list of file types
subject to overlapping opens optimization.
Optimize only the following Specify a list of extensions you want to include in overlapping opens
extensions optimization.
Optimize all except the following Specify a list of extensions you do not want to include. For example, you should
extensions specify any file extensions that use Enable Applock Optimization.
4. Click Apply to apply your settings to the current configuration.
5. Click Save to save your settings permanently.
IP Address Configuration
If you have not configured IP addresses correctly, the Steelhead appliances cannot connect to each other or
to your network.
Solutions
To verify the IP address has been configured correctly:
 Ensure the Steelhead appliances are reachable through the IP address, by pinging their primary and in-
path interfaces.
 Ensure that the Steelhead appliances in the network can reach each other through their own interfaces.
Connect to the Steelhead appliance CLI. For details, see the Riverbed Command-Line Interface Reference
Manual. Enter the following command to ping from a specific in-path interface on a Steelhead
appliance to another in-path interface:
ping -f -I {Local-Steelhead appliance-Inpath-IP} -s 1400 {Remote-Steelhead appliance-Inpath-IP}

Troubleshooting Asymmetric Routing
 Ensure that the default gateways, both for the Steelhead appliance and for its in-path interfaces, are
correct.
 For physical or virtual in-path installations, verify that the server-side Steelhead appliance can be auto-
discovered by the client-side Steelhead appliance.
Manual. Enter the command:
tproxytrace -i inpath0_0 <example-server-IP-address>:<example-server-TCP-port>
This causes the Steelhead appliance to generate a fake TCP SYN packet, destined for the specified IP
address and TCP port, and send it to the specified in-path interface. A remote Steelhead appliance
should respond if it sees the SYN packet.
 Verify that the client-side Steelhead appliance is visible to the server-side Steelhead appliance.
Manual. Enter the command:
tproxytrace -i inpath0_0 <example-client-IP-address>: <example-client-TCP-port>
Asymmetric Routing
If there is an asymmetric routing issue, many connections fail during data transfer or they fail to start.
Possible Cause
Asymmetric routing occurs when a TCP connection takes one path to the destination and another when
returning to the source. If the Steelhead appliance sees only the LAN to WAN or only the WAN to LAN
packets, it cannot optimize the data.
Solutions
To resolve the asymmetric routing issue, do one of the following:
 Rank the following solutions from most to least preferable with respect to complexity and cost and
select one:
– configure a fixed-target rule.
– use a logical in-path configuration such as WCCP or PBR.
– use four-port or six-port Steelhead appliance.
– configure connection-forwarding with two Steelhead appliances.
 Remove the asymmetry.
Packet Ricochet
The following symptoms occur due to packet ricochet:
 Performance is less than expected
 The following log message appears:

Packet Ricochet: ICMP Redirects Troubleshooting
» [fionr taelrcreeapdt/y lnoactaltekde rnceoln/neiccotireo.n c:119426.316]

8.n7a3t._1c5h:e1c6k1: 1 SYN ==> packet 192.168.208.12:80 ==> 192.168.72.9:7801
Possible Cause
Traffic to the LAN is travelling to the WAN router on the way to the LAN.
Solutions
To resolve packet ricochet issues:
 Change the in-path gateway to the LAN router.
 Add static routes to LAN subnets through the LAN router.
 Enable in-path simplified routing.
Packet Ricochet: ICMP Redirects

The following symptoms occur due to packet ricochet Internet Control Messaging Protocol (ICMP)
redirects:
 Connections fail on first attempt, but succeed on second attempt.
 On one or both sites, the in-path interface on the Steelhead appliance is on a different network than the
local host.
 There are no in-path routes defined.
Possible Causes
 Traffic to the LAN is travelling to the WAN router on the way to the LAN, but the router drops the
packet.
 Outer connections to clients or servers are routed through the WAN interface to the WAN gateway, and
then routed through the Steelhead appliance to the next hop LAN gateway.
 The WAN router is probably dropping the SYN from the Steelhead appliance before issuing an ICMP
redirect.
Solutions
To resolve the packet ricochet ICMP redirects issue, do one of the following:
 Change the router ICMP configuration to forward the packet or turn off ICMP redirect.
 Change the in-path gateway to the LAN router.
 Add static routes to LAN subnets through the LAN router.
 Enable in-path simplified routing. For details, see “Simplified Routing” on page 54.
 Add in-path routes to local destinations to prevent the ICMP redirect and subsequent drop.

Troubleshooting Simplified Routing
Simplified Routing
Simplified routing changes the process used to select the destination Ethernet address for packets
transmitted from in-path interfaces.
Simplified routing collects the IP address for the next hop MAC address from each packet it receives to
address traffic. With simplified routing, you can use either the WAN or LAN-side device as a default
gateway. The Steelhead appliance learns the right gateway to use by watching where the switch or router
sends the traffic, and by associating the next-hop Ethernet addresses with IP addresses. Enabling simplified
routing eliminates the need to add static routes when the Steelhead appliance is in a different subnet from
the client and the server.
Without simplified routing, if a Steelhead appliance is installed in a different subnet from the client or
server, you must define one router as the default gateway and static routes for the other routers so that
traffic is not redirected back through the Steelhead appliance. In some cases, even with the static routes
defined, the Access Control List (ACL) on the default gateway can still drop traffic that should have gone
through the other router. Enabling simplified routing eliminates this issue.
Simplified routing has the following constraints:
 You cannot enable WCCP.
 The default route must exist on each Steelhead appliance in your network.
Tip: For detailed information, see the Steelhead Appliance Deployment Guide.
To enable simplified routing
1. Choose Configure > Networking > Simplified Routing to display the Simplified Routing page.
2. Under Mapping Data Collection Setting, complete the configuration as described in the following table.
Control Description
Collect Mappings From Select one of the following options from the drop-down list:
• None - Do not collect mappings.
• Destination Only - Collects destination MAC data. Use this option in
connection-forwarding deployments. This is the default setting.
• Destination and Source - Collect mappings from destination and source
MAC data. Use this option in connection-forwarding deployments.
• All - Collect mappings for destination, source, and inner MAC data. Also
collect data for connections that are un-natted (connections that are not
translated using NAT). You cannot enable this option in connection-
forwarding deployments. Riverbed recommends that you use this option to
maximize the effects of simplified routing.
3. Click Apply to save your settings to the running configuration.
4. Click Save to save your settings permanently.

Auto-Discovery Failure Troubleshooting
Auto-Discovery Failure
When auto-discovery fails, all traffic passes through with the Steelhead appliance in-path (physically or
logically).
Possible Causes
 Cisco PIX 7.x or Raptor firewalls
 Satellite
 Intrusion Detection System (IDS) or Intrusion Prevention System (IPS)
Solutions
 Create a fixed-target rule on the client-side Steelhead appliance.
 Specify the Target Appliance IP Address and its port as 7800 on the opposite Steelhead appliance
(in-path without auto-discovery).
 Configure end nodes (firewalls) to allow your probe to pass through.
 Configure the Steelhead appliance IP address as the friendly IP address for IDS or IPS.
 Cisco PIX Firewall IOS v7.0 might block the auto-discovery probe. Some firewall configurations strip
TCP options or drop packets with these options. You can keep this configuration and switch to fixed-
target rules or change the configuration on the firewall.
Protocol Optimization Errors

When there are protocol optimization errors, the Steelhead appliance does not optimize expected protocols.
Solutions
To resolve protocol optimization errors, check:
 that connections have been successfully established.
 that Steelhead appliances on the other side of a connection are turned on.
 for secure or interactive ports that are preventing protocol optimization.
 for any pass-through rules that could be causing some protocols to pass through the Steelhead
appliances unoptimized.
 that the LAN and WAN cables are not inadvertently swapped.
Server-Side Out-of-Path Connection Caveats

The following are the caveats for a server-side out-of-path (OOP) Steelhead appliance connection:
 OOP configuration does not support auto-discovery. You must create a fixed-target rule on the client-
side Steelhead appliance.

Troubleshooting Specific Problems
 You must create an OOP connection from an in-path or logical in-path Steelhead appliance and direct it
to port 7810 on the primary interface of the server-side Steelhead appliance. This setting is mandatory.
 Interception is not supported on the primary interface.
 An OOP configuration provides non-transparent optimization from the server perspective. Clients
connect to servers, but servers treat it like a server-side Steelhead appliance connection. This affects:
– log files.
– server-side ACLs.
– bi-directional applications such as rsh.
 You can use OOP configurations along with in-path or logical in-path configurations.
Specific Problems
The following section describes specific problems you might encounter in the Steelhead appliance.
Problem Solution
The show interfaces CLI command The bypass card is not properly installed; reinstall it. For details, see the
displays 4294967295 as the number Network Interface Card Installation Guide.
of errors on an interface.
The Steelhead appliance blocks If a Steelhead appliance blocks traffic when going into bypass mode, verify
traffic when going into bypass that connections to its neighboring devices are correctly configured. Ensure
mode. that the cable from the Steelhead appliance to the switch is a straight-through
cable and the cable from the Steelhead appliance to the router is a crossover
cable. Also, ensure that there are no network speed or duplex mismatches.
The Steelhead appliance does not If a Steelhead appliance does not come out of bypass mode, verify that:
come out of bypass mode when the
network connection is restored. • The in-path interface has an IP address. For example, at the system
prompt, enter the show interfaces CLI command.
• In-path interception is enabled. For example, at the system prompt, enter
the show in-path CLI command. Expected results are:
Enabled: yes
Optimizations Enabled On: inpath0_0
• The bypass service is running. For example, at the system prompt, enter
the show service CLI command. To enable the Steelhead appliance service
if it is not running, use the CLI command service enable.
• You have a valid and active SH10BASE license. Your license file should
also contain entries for SH10CIFS and SH10EXCH licenses, even if they
have not been activated. For example, at the system prompt, enter the
show licenses CLI command. For questions about licenses, contact
Riverbed Support at https://support.riverbed.com.
The Steelhead appliance fails to Ensure that:

boot.
• The power strip or the uninterruptable power supply (UPS) the Steelhead
appliance is plugged into is turned on and is functioning properly.
• The rocker switch on the back of the Steelhead appliance (Series xx20) is
turned on. (When on, the rocker switch is in the depressed, or 1 position.)

Resetting a Lost Password Troubleshooting
Resetting a Lost Password

To reset your password, you must have access to the serial console or monitor and must be able to see the
entire boot process to perform these steps:
1. Start, or reboot the appliance.
2. When prompted, press any key to continue.
3. Immediately press E. A GNU GRUB menu appears.

 For a Steelhead appliance upgraded to 4.0 from 2.0 or 3.0, the menu prompts you to select the Riverbed
Steelhead, diagnostics, or a restore/recovery image. Select Riverbed Steelhead and skip to Step 5.
 For a Steelhead appliance manufactured with 4.0 (that has not had previous versions), the menu
prompts you to select the disk image to use. Continue with Step 4.
 For software versions prior to 4.0, the menu displays root and kernel parameters. Skip to Step 6.
4. Press V or ^ to select the disk image to boot.
5. Press E.
A GRUB menu appears, with options similar to the following:
-----------------
0: root (hd0,1)
1: kernel /vmlinuz ro root=/dev/sda5 console=tty0 console=ttyS0,9600n8
-----------------
6. Press V or ^ to select the kernel boot parameters entry.
7. Press E to edit the kernel boot parameters. The CLI displays a partially completed line of text similar to
the following:
kernel /vmlinuz ro root=/dev/sda5 console=tty0 console=ttyS0,9600n8
8. The line of text contains two console= entries. Modify this line as follows:
– If you are accessing the Steelhead appliance remotely, delete
console=tty0
– If you are accessing the Steelhead appliance directly (through a keyboard and monitor connected to
the appliance), delete
console=ttyS0
– At the end of the line, type a space and append the line with
single fastboot
– You must include a space before the word single.
Tip: Use the arrow keys to access the entire command line.
9. Press Enter.

Troubleshooting Network Integration Checklist
10. Press B to continue booting.

The system starts.
11. At the command prompt, enter /sbin/resetpw.sh.

The password is blank.
12. Type reboot and press Enter to reboot the appliance.
Network Integration Checklist

Before you begin configuring the Steelhead appliance, check the following configuration settings:
 Speed and duplex.
 QoS integration.
 Multi-hop optimization.
 Packet ricochet.
 VPN: Ensure the encryption is on the WAN side of the Steelhead appliance.
 Firewall: Ensure probes are passed, especially Cisco PIX and Raptor. If inside the Steelhead appliance,
try probe caching for src IP rules; if outside, check firewall performance.
 In-path: Is it a VLAN trunk? (Configure trunking).
 Incorrectly designed load balancing implementations.
 Remove or manage asymmetry.
 Fail-to-wire or fail-to-block, you need Link State Protocol (LSP) for quicker convergence.
 WCCP or VLAN bridge: Router model and IOS revision.
 Does the network use Network Address Translation (NAT) or Port Address Translation (PAT).

APPENDIX A Series xx55 Specifications
This appendix describes the status lights, ports, and the technical and environmental specifications for the
Series xx55 systems. It includes the following sections:
 “CX255 Specifications” on page 59
 “CX555 and CX755 Specifications” on page 62
 “CX1555 Specifications” on page 64
 “CX5055 and CX7055 Specifications” on page 67
CX255 Specifications
This section describes the status lights, ports, technical and environmental specifications.
Status Lights and Ports

The following figure illustrates the status light and port locations.
Figure A-1. Front Panel

Series xx55 Specifications CX255 Specifications
Figure A-2. Back Panel
The following table summarizes the system LEDs.
LED Status
Healthy = Blue
Degraded = Yellow
System
Critical = Red
Power Off = None
System Off = No Light

Power Button LED Standby Mode = Yellow
Power On = Blue
Left LED
Link = Green
Activity = Blinks Green
Primary LED Right LED
GB = Yellow
100 MB = Green
10 MB = No Light (with link on left LED)
Left LED
Link = Green
Bypass/Disconnect = Yellow
LAN/WAN LEDs
Right LED
GB = Yellow
100 MB = Green
10 MB = No Light (with link on left LED)

CX255 Specifications Series xx55 Specifications
Technical Specifications
The following table summarizes the technical specifications for the systems.
CX255
Desktop
M-H
Power 30 W
(Typical)
VA 63.8
(max)
BTU 102 BTU
Hard Disk 320 GB
Data 50 GB
Store
Dimensions 13x8x1.73 in
(LxWxH) 330x204x44mm
Weight (without 5.5 lbs

packaging) 2.4 kg
Voltage 100-240V
Frequency 50 - 60 Hz
Single 84 W
External
PSU
100-240Vac, 50/60Hz,
2-1 A
Onboard 2
Bypass Ports/
Max # Ports
Environmental Specifications
The following table summarizes the environmental requirements for the systems.
CX255
Operating 45 dBA Sound pressure

Acoustic (Typical)
Temperature 0º - 45º C
(Operating) 32º - 113º F
Temperature -40º - 65º C

(Storage) -40º - 149º F
Relative 20% - 80%

Humidity non-condensing
Storage 5% - 95%

Series xx55 Specifications CX555 and CX755 Specifications
CX555 and CX755 Specifications


LED Status
Healthy = Blue
Degraded = Yellow
Critical = Red
System Boot = Yellow
SYSTEM
Note: When the appliance is powered down with the power connected (for
example, after running a reload halt command), the color of the system LED is
undefined and carries no significance. The color can be either red, orange, or
purple, depending on the state of the LED prior to shutdown.
HDD ACT HDD Activity = Blinks Blue

CX555 and CX755 Specifications Series xx55 Specifications
LED Status
BYP/BLK Normal = No Light

(Bypass or Block (Disconnect) Bypass or Block (Disconnect) = Orange
Mode)
Disk Connected = Blue

HDD ALARM Read/Write Activity = Blinks Blue
Failed Disk = Orange
Left LED
Link = Green
LAN-WAN LEDs Right LED
GB = Green
100-MB = Orange
10-MB = No Light
CX555
CX755 Desktop
Desktop L-M-H
M-H
Power 45 W 50 W
(Typical)
VA 62.5 66.5
(max)
BTU 145 BTU 165 BTU
2 x 250 GB 2 x 250 GB
Hard Disk H= 1 x 250 GB HDD + 1 x
160 SSD
Data 80 GB 100-160 GB
Store
Dimensions 7.1x12x1.65 in 7.1x12x1.65 in

(LxWxH) 180.3x304.8x42 mm 180.3x304.8x42 mm
Weight (without 4.7 lbs 4.7 lbs

packaging) 2.15 kg 2.15 kg
Voltage 100-127V, 200-240V 100-127V, 200-240V

Frequency
Single 100 W Single 100 W

Internal Internal
PSU
100-240Vac, 50/60Hz, 100-240Vac, 50/60Hz,
2-1 A 2-1 A
Onboard 4 4
Bypass Ports/
Max # Ports

CX555 CX755
Operating 45 dBA Sound pressure 45 dBA Sound pressure

Acoustic (Typical) (Typical)
Temperature 0º - 45º C 0º - 45º C

(Operating) 32º - 113º F 32º - 113º F
Temperature -40º - 65º C -40º - 65º C

(Storage) -40º - 149º F -40º - 149º F
Relative 20% - 80% 20% - 80%

Humidity non-condensing non-condensing
Storage 5% - 95% 5% - 95%

CX1555 Specifications


CX1555 Specifications Series xx55 Specifications
LED Status
Healthy = Blue
Degraded = Yellow
SYSTEM
Critical = Red
PRI = Primary Link and Traffic = Blinks Blue

AUX = Auxiliary
REM = Remote
LAN-WAN Link and Traffic = Blinks Blue

BYP = Bypass Bypass or Block (Disconnect) = Orange
BLK = Block (Disconnect)
Activity LED
HDDs/SSDs Read/Write Activity = Blinks Blue
Disk Fault LED
Left LED
Link = Green
Back Panel Activity = Blinks Green
PRI = Primary
AUX = Auxiliary Right LED
REM = Remote GB = Orange
100 MB = Green (REM only at 100 MB)
10 MB = No Light
Left LED
Link = Green
Right LED
Back Panel GB = Orange
LAN-WAN 100 MB = Green
10 MB = No Light
BYP/BLK
Normal = No Light
Bypass or Block (Disconnect) = Orange
CX1555 L/M CX1555 H
Form Factor 1U 1U
Hard Disk 2 x 250 GB 2 x 500 GB, 2 SSD x 160
Data Store 400 GB 320 GB SSD
Dimensions 25.4x17.2x1.71 in 25.4x17.2x1.71 in

(LxWxH) 645.4x436x43.5 mm 645.4x436x43.5 mm
Weight (without 36 lbs 4.7 lbs

packaging) 16.36 kg 2.15 kg

CX1555 L/M CX1555 H
Voltage 100-127V, 200-240V 100-127V, 200-240V

Frequency
2 x 450 W 2 x 450 W
PSU 100-127Vac/8A, 50/60Hz 100-127Vac/8A, 50/60Hz
200-240Vac/4A, 50/60Hz 200-240Vac/4A, 50/60Hz
PCI Slots 2 2
Onboard 4/12 4/12

Bypass Ports/
Max # Ports
Power Requirements and Consumption

The following table summarizes the power specifications for the systems. The systems are rated at the
following power characteristics when operating at nominal AC input voltages (120 V and 230 V).
System CX1555 CX1555
Configuration All (L/M/H) All (L/M/H)
PSU Type 2 x 450W 2 x 450W
AC Input 120V 230V
Max. Amps. 4.1 3.4
Max. Watts 220 220
Typical Watts 175 180
Max VA 225 265
Power Factor 97 92
BTU (Typical) 605 610
CX1555
Operating 61.6 dBA Sound Pressure

Acoustic (Typical)

(Operating) 50° - 104º F

Relative 20% - 80%

Storage 5% - 95%

CX5055 and CX7055 Specifications

This section describes the status lights, ports, and technical and environmental specifications.

Disks 0 and 1 are HDD. Disks 2 through 23 are SSD.
LED Status
Normal = Blue
SYSTEM
PRI = Primary Link and Traffic = Blinks Blue

AUX = Auxiliary
REM = Remote
LAN-WAN Link and Traffic = Blinks Blue

LED Status

BYP = Bypass Bypass or Block (Disconnect) = Orange
BLK = Block (Disconnect)
Activity LED
HDDs/SSDs Read/Write Activity = Blinks Blue
Disk Fault LED
Left LED
Link = Green
Back Panel Activity = Blinks Green
PRI = Primary
AUX = Auxiliary Right LED
REM = Remote GB = Orange
100 MB = Green (REM only at 100 MB)
10 MB = No Light
Left LED
Link = Green
Right LED
Back Panel GB = Orange
LAN-WAN 100 MB = Green
10 MB = No Light
BYP/BLK
Normal = No Light
Bypass or Block (Disconnect) = Orange

CX5055 L/M CX7055 L CX7055 M CX7055 H
Form Factor 2U 2U 2U 2U
2 x 500 GB HDD 2 x 500 GB HDD 2 x 500 GB HDD 2 x 500 GB HDD

Hard Disk/SSD
8 x 80GB SSDs 10 x 160 GB SSDs 15 x 160 GB SSD 16 x 300 GB SSD
Data 640 GB SSD 1.6 TB SSD 2.4 TB SSD 4.8 TB SSD

Store
Dimensions 25.4x17.2x3.43 in 25.4x17.2x3.43 in 25.4x17.2x3.43 in 25.4x17.2x3.43 in

(LxWxH) 645.4x436x87.1 mm 645.4x436x87.1 mm 645.4x436x87.1 mm 645.4x436x87.1 mm
Weight (without 52 lbs/23.6 kg 54 lbs/24.5 kg 54 lbs/24.5 kg 54 lbs/ 4.5 kg

packaging)
Voltage 100-127V, 200-240V 100-127V, 200-240V 100-127V, 200-240V 100-127V, 200-240V

Frequency
2x 2x 2x 2x
PSU 770W 770W 770W 770W

100-127Vac/8A, 50/60Hz 100-127Vac/8A, 50/60Hz 100-127Vac/8A, 50/60Hz 100-127Vac/8A, 50/60Hz
200-240Vac/4A, 50/60Hz 200-240Vac/4A, 50/60Hz 200-240Vac/4A, 50/60Hz 200-240Vac/4A, 50/60Hz
PCI Slots 4 4 4 4
Onboard 4/20 4/20 4/20 4/20

Bypass Ports/
Max # Ports
Power Requirements and Consumption

The following table summarizes the power specifications for the systems. The systems are rated at the
following power characteristics when operating at nominal AC input voltages (120 V and 230 V).
System CX5055 CX5055 CX7055 CX7055
Configuration All (M/H) All (M/H) All (L/M/H) All (L/M/H)
PSU Type 2 x 770W 2 x 770W 2 x 770W 2 x 770W
AC Input 120V 230V 120V 230V
Max. Amps. 4.9 2.5 5.3 2.8
Max. Watts 470 465 525 510
Typical Watts 375 375 420 410
Max VA 480 480 530 525
Power Factor 98 97 98 97
BTU (Typical) 1280 1275 1425 1390

CX5055 CX7055
Operating 65.5 dBa Sound Pressure 65.5 dBa Sound Pressure

Acoustic (Typical) (Typical)
Temperature 10º - 40º C 10º - 40º C

(Operating) 50° - 104º F 50° - 104º F
Temperature -40º - 65º C -40º - 65º C

(Storage) -40º - 149º F -40º - 149º F
Relative 20% - 80% 20% - 80%

Storage 5% - 95% 5% - 95%


APPENDIX B Series xx50 Specifications
This appendix describes the status lights, ports, and the technical and environmental specifications for the
Series xx50 systems. It includes the following sections:
 “150, 250, and 550 Specifications” on page 71
 “1050 and 2050 Specifications” on page 74
 “5050 and 6050 Specifications” on page 77
 “7050 Specifications” on page 80
150, 250, and 550 Specifications


Figure B-1. Front Panel

Series xx50 Specifications 150, 250, and 550 Specifications
Figure B-2. Back Panel
LED Status
Healthy = Blue
Degraded = Yellow
Critical = Red
SYSTEM
Note: When the appliance is powered down with the power connected (for
example, after running a reload halt command), the color of the system LED is
undefined and carries no significance. The color can be either red, orange, or
purple, depending on the state of the LED prior to shutdown.
HDD ACT HDD Activity = Blinks Blue

(Bypass or Block (Disconnect) Bypass or Block (Disconnect) = Orange
Mode)

HDD ALARM Read/Write Activity = Blinks Blue
Left LED
Link = Green
GB = Green
100-MB = Orange
10-MB = No Light

150, 250, and 550 Specifications Series xx50 Specifications
150 250 550

L/M/H L/M/H L/M/H
Form Factor Desktop Desktop Desktop
Power 62.5 W 62.5 W 62.5 W

(Typical) .514 A .514 A .514 A
VA 62.5 62.5 62.5

(max)
BTU 213 BTU 213 BTU 227 BTU
Hard Disk 120 GB 120 GB 160 GB
Data 40 GB 40 GB 80 GB
Store
Dimensions 7.1x12x1.65 in 7.1x12x1.65 in 7.1x12x1.65 in

(LxWxH) 180.3x304.8x42 mm 180.3x304.8x42 mm 180.3x304.8x42 mm
Weight (without 4.12 lbs/2.15 kg 4.12 lbs/2.15 kg 4.12 lbs/2.15 kg

packaging)
Voltage 100-127V, 200-240V 100-127V, 200-240V 100-127V, 200-240V

Frequency
Single 100 W Single 100 W Single 100 W

PSU Internal Internal Internal
100-240Vac, 50/60Hz, 100-240Vac, 50/60Hz, 100-240Vac, 50/60Hz,
2-1 A 2-1 A 2-1 A
Onboard 2/2 2/2 2/2

Bypass Ports/
Max # Ports
Note: Models 150, 250, and 550 do not support 64-bit VMs. The 64-bit guest VMs (such as, Windows Server 2008 R2) are
not supported on the 150, 250, and 550 because these models do not incorporate VT support.
150, 250, 550
(Operating) 32° - 113° F


Series xx50 Specifications 1050 and 2050 Specifications
150, 250, 550
Relative 20% - 80%

Storage 5% - 95%
Operating Up to 10,000 feet

Altitude
1050 and 2050 Specifications



1050 and 2050 Specifications Series xx50 Specifications
LED Status
Healthy = Blue
Degraded = Yellow
SYSTEM LEDs
Critical = Red
NETWORK STATUS LEDs (Front LAN-WAN Link = Blue

LEDs) Activity = Blinks Blue

(Bypass or Block (Disconnect) Mode) Bypass or Block (Disconnect) = Orange

HDD LEDs Read/Write Activity = Blinks Blue
Left LED
Link = Green
GB = Orange
100-MB = Green
10-MB = No Light
The following table summarizes the power supply LEDs.
LED Condition
Solid Green Healthy power supply with AC power connected.
Blinks Green Unit is halted, but the power supplies are still connected to AC power.
Solid Orange AC power is not connected to this power supply, but the unit is still powered on due to the other
power supply. Occurs when the power supply automatically shuts off due to some error condition,
such as an overheat.
Blinks Orange Indicates a power supply predictive-fail condition, such as a fan failure. The power supply may then
shut itself off, which changes the LED to solid orange. A log entry of this predictive-fail can be
viewed using the show hardware error-log all command in the Riverbed Command-Line Interface.
No LED No AC power connected.

1050 2050
L/M/H L/M/H
Form Factor 1U 1U
Power 138-151 W 197 W

(Typical) 1.24-1.35 A 1.8 A
VA 145-153 212
(max)
BTU 471-515 BTU 672 BTU
250-500 GB 1 TB
Hard Disk
1-2 Hot Swappable Disks 4 Hot Swappable Disks
Data 100-200 GB 400 GB

Store
Dimensions 25.4 x 17.2 x 1.71 in 25.4 x 17.2 x 1.71 in

(LxWxH) 645.4 x 436 x 43.5 mm 645.4 x 436 x 43.5 mm
29 lbs/13.1 kg 31.1 lbs/14.1 kg

Weight (without
packaging) H=30 lbs 13.6 kg
Voltage 100-127V, 200-240V 100-127V, 200-240V

Frequency
1+1 Redundant 1+1 Redundant

660 W 660 W
200-240Vac/4A, 50/60Hz 200-240Vac/4A, 50/60Hz
-48Vdc, 8A -48Vdc, 8A
PCI Slots 1 1
Onboard 4/8 4/8

Bypass Ports/
Max # Ports
Note: Depth does not include bezel on 1U and 3U (approximately 1 inch or 2.5 cm).

1050, 2050
Temperature 10° - 40°C

(Operating) 50° - 95°F

Relative 20% - 80%

Storage 5% - 95%

Altitude
5050 and 6050 Specifications



Figure B-6. Back Panel.
LED Status
Healthy = Blue
Degraded = Yellow
SYSTEM LEDs
Critical = Red
Link = Blue
NETWORK STATUS LEDs
Activity = Blinks Blue


Left LED
Link = Green
GB = Orange
100-MB = Green
10-MB = No Light

5050 6050
L/M/H L/M/H
Form Factor 3U 3U
Power 203-225 W 352 W

(Typical) 2.73-3.15 A 4.9 A
VA 325-335 452
(max)
BTU 693-768 BTU 1670 BTU
2-3 TB 8 TB
Hard Disk
8-12 Hot Swappable Disks 16 Hot Swappable Disks
Data 600-800 GB 3.5 TB

Store
Dimensions 25.72 x 17.0 x 5.2 in 25.72 x 17.0 x 5.2 in

(LxWxH) 653.4 x 431.6 x 131.9 mm 653.4 x 431.6 x 131.9 mm
59 lbs/26.7 kg 71 lbs/32.2 kg
Weight (without
packaging) H= 64 lbs 29 kg
Voltage 100-127V, 200-240V 100-127V, 200-240V

Frequency
1+1 Redundant 1+1 Redundant

770 W 770 W
200-240Vac/4A, 50/60Hz 200-240Vac/4A, 50/60Hz
-48Vdc, 8A -48Vdc, 8A
PCI Slots 4 4
Onboard 4/20 4/20

Bypass Ports/
Max # Ports
5050, 6050
Temperature 10° - 40°C

(Operating) 50° - 95°F


Series xx50 Specifications 7050 Specifications
5050, 6050
Relative 20% - 80%

Storage 5% - 95%

Altitude
7050 Specifications


7050 Specifications Series xx50 Specifications
Disk drive numbers 0 and 1 are HDD. Drive numbers 2-29 are SSD.
LED Status
Healthy = Blue
Degraded = Yellow
SYSTEM LEDs
Critical = Red
Link = Blue
NETWORK STATUS LEDs
Activity = Blinks Blue


Left LED
Link = Green
GB = Orange
100-MB = Green
10-MB = No Light

7050
L/M/H
Form Factor 3U
Power 425-430 W
(Typical) 4.2 A
VA 455
(max)
BTU 1455-1470 BTU
2.8-5.0 TB
Hard Disk 2x 300GB 2.5" HDD
14--28x 160GB 2.5" SSD
Data 2.2-4.4 TB
Store
Dimensions 25.72 x 17.0 x 5.2 in

(LxWxH) 653.4 x 431.6 x 131.9 mm
55 lbs/25 kg
Weight (without
packaging) M=59 lbs 25.8 kg
Voltage 100-127V, 200-240V

Frequency
1+1 Redundant
770 W
PSU 100-127Vac/8A, 50/60Hz
200-240Vac/4A, 50/60Hz
-48Vdc - -60Vdc, 12A
PCI Slots 4
Onboard 4/20
Bypass Ports/
Max # Ports
Note: Depth does not include bezel on 1U and 3U (approximately 1 inch or 2.5 cm).

7050 Specifications Series xx50 Specifications
7050
(Operating) 32° - 113° F

Relative 20% - 80%

Storage 5% - 95%

Altitude


Index
A Documentation, contacting 7
AC power, connecting 29 Duplex and speed, checking your
Appliance settings 40
installing 23, 47
powering on 29 E
Appliance ports, definitions of 26 Environmental specifications
Application Streamlining, overview of 10 1050, 2050 77
Auto-Discovery process, overview of 10 150, 250, 550 73
Auto-discovery rule, overview of 12 5050, 6050 79
Auto-discovery, enhanced, overview of 11 7050 83
Automatic licensing 19 CX1555 66
procedures 20 CX255 61
Auxiliary port, definition of 26 CX5055, CX7055 70
CX555, CX755 64
B Error 4294967295 56
Blocked traffic in bypass mode 56 Ethernet network compatibility 4
Boot failure 56
Bypass cards F
errors on 56 Factory licensing 19
interface naming convention 27 Fail-to-block mode
Bypass mode overview of 13
troubleshooting 56 Failure modes
troubleshooting for 56 fail-to-block, overview of 13
Bypass mode, definition of 12 Fixed-target rules, overview of 12
C I
Client-side appliance, configuring 43 In-Path rules, overview of 12
CMC compatibility 3 In-path, configuring 30
CMC, overview of 10 Interface naming convention 27
Configuration information, required 28
configuration jump-start command, restart- J
ing the wizard 35 JavaScript 3
Configuration wizard
restarting 35 K
Known issues 6
Configuration, verifying 39
Connecting L
LAN switch to LAN port, illustration LAN port, definition of 27
of 31 LAN switch, connecting 31
Primary port to LAN switch, illustration LEDs
of 31, 40 1050, 2050 75
WAN port to WAN router, illustration 150, 250, 550 72
of 32 5050, 6050 78
Console port, definition of 26 7050 81
CX555, CX755, status lights and ports 59 CX1555 65
CX255 60
D CX5055, CX7055 67
Data Streamlining, overview of 10
CX555, CX755 62
Deny rules, overview of 12
power supply for 1050, 2050 75
Discard rules, overview of 12

Index
License keys 150, 250, 550 71

installing 22 5050, 6050 77
Licensing 7050 80
automatic, overview 19 CX1555 64
automatic, procedures 20 CX255 59
factory, overview 19 CX5055, CX7055 67
methods 19 CX555, CX755 62
Riverbed Licensing Portal Status lights and ports
using 21 CX555, CX755 59
Riverbed Licensing Portal, overview 19 Steelhead Mobile Controller, overview
token, overview 19 of 10
Logical in-path WCCP deployment, dia-
gram of 24 T
Login page 38 Technical specifications
1050, 2050 76
M 150, 250, 550 73
Management Streamlining, overview of 10 5050, 6050 79
Manual licensing 19 7050 82
CX1555 65
O CX255 61
Online documentation 6 CX5055, CX7055 69
Online notes 5 CX555, CX755 63
Out-of-path deployment, diagram of 25 Technical support, contacting 6
Out-of-path, configuring 40 Token licensing 19
Traffic, blocked in bypass mode 56
P Transport Streamlining, overview of 10
Pass-through rules, overview of 12
Peering rules, overview of 12 V
Physical in-path deployment, diagram Virtual in-path deployments, overview
of 24 of 24
Physical in-path, overview of 24 Virtual Services Platform, support for 4
Ports
1050, 2050 74 W
150, 250, 550 71 WAN port, connecting 32
5050, 6050 77 WAN port, definition of 27
7050 80 WAN router, disconnecting 31
CX1555 64 Wizard, restarting 35
CX255 59
CX5055, CX7055 67
CX555, CX755 62
Ports, definitions of 26
Power requirements, consumption
CX1555 66
CX5055, CX7055 69
Preparing your site 26
Primary port, connecting 31
Primary port, definition of 26
Product inventory 25
Professional services, contacting 7
R
Required equipment 26
Riverbed Licensing Portal
overview 19
retrieving license keys 21
S
Safety guidelines 6
Scalable Data Referencing, overview of 10
SDR, overview of 10
SNMP compatibility 5
Speed and duplex, checking your
settings 40
Status lights
1050, 2050 74
86 Index

Riverbed Deployment

Uploaded by

Copyright:

Available Formats

Riverbed Deployment

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Riverbed Deployment

Uploaded by

Copyright:

Available Formats

Steelhead® Appliance Installation and

Chapter 1 - Product Overview ................................................................................................................... 9

Steelhead Appliance Installation and Configuration Guide iii

Downgrading the RiOS Software Version.........................................................................................17

Chapter 2 - Managing Riverbed Licenses ..............................................................................................19

Chapter 3 - Installing and Configuring the Steelhead Appliance.........................................................23

iv Steelhead Appliance Installation and Configuration Guide

Packet Ricochet: ICMP Redirects...............................................................................................................53

Appendix A - Series xx55 Specifications ...............................................................................................59

Appendix B - Series xx50 Specifications ...............................................................................................71

Steelhead Appliance Installation and Configuration Guide v

Status Lights and Ports ........................................................................................................................80

vi Steelhead Appliance Installation and Configuration Guide

About This Guide

Steelhead Appliance Installation and Configuration Guide 1

Courier Code examples appears in Courier font:

{} Required keywords or variables appear in braces: {delete <filename>}

Product Dependencies and Compatibility

2 Steelhead Appliance Installation and Configuration Guide

Hardware and Software Dependencies

Riverbed Component Hardware and Software Requirements

Steelhead Appliance 19-inch (483 mm) two or four-post rack.

Steelhead Recommended CMC Appliance CMC CMC Appliance CMC Appliance

Steelhead CMC appliance Parity Not Not supported Not supported

Steelhead CMC appliance Parity Not Not supported Not supported

Steelhead Appliance Installation and Configuration Guide 3

Steelhead Recommended CMC Appliance CMC CMC Appliance CMC Appliance

Steelhead CMC appliance Parity Parity Partial Partial support

Steelhead CMC appliance Parity Parity Parity Parity

Steelhead CMC appliance Monitor only Parity Parity Parity

Virtual Services Platform (VSP) Support

Ethernet Network Compatibility

4 Steelhead Appliance Installation and Configuration Guide

SNMP-Based Management Compatibility

Online File Format Purpose

Steelhead Appliance Installation and Configuration Guide 5

Riverbed Documentation and the Support Knowledge Base

6 Steelhead Appliance Installation and Configuration Guide

Steelhead Appliance Installation and Configuration Guide 7

8 Steelhead Appliance Installation and Configuration Guide

Overview of the Steelhead Appliance

Steelhead Appliance Installation and Configuration Guide 9

The optimization techniques RiOS utilizes are:

10 Steelhead Appliance Installation and Configuration Guide

Steelhead Appliance Installation and Configuration Guide 11

Fail-to-Wire (Bypass) Mode

12 Steelhead Appliance Installation and Configuration Guide

Fail-to-Block (Disconnect) Mode

Steelhead Appliance Installation and Configuration Guide 13

New Features in Version 8.6

14 Steelhead Appliance Installation and Configuration Guide

 Added diagnostics for stream splitting.

Upgrading RiOS to v8.6

Steelhead Appliance Installation and Configuration Guide 15

Recommended Upgrade Paths

Upgrading the RiOS Software Version

To upgrade the RiOS software version

2. Log in to the Management Console using the Administrator account (admin).

16 Steelhead Appliance Installation and Configuration Guide

Downgrading the RiOS Software Version