RCSP Study Guide - In-path Rules

Different Types and Their Function

• Pass Through.
Pass through rules identify traffic that is passed through the network unoptimized. For example, you may define pass through rules to exclude subnets from optimization. Traffic is also passed through when the Steelhead appliance is in bypass mode.(Passthrough might occur because of in-path rules, because the connection was established before the Steelhead appliance was put in place, or before the Steelhead service was
enabled.)

• Fixed-Target.
Fixed-target rules specify out-of-path Steelhead appliances near the target server that you want to optimize. Determine which servers you want the Steelhead appliance to optimize (and, optionally which ports), and add rules to specify the network of servers, ports, port labels, and out-of-path Steelhead appliances to use. Fixed-target rules can also be used for in-path deployments for Steelhead appliances not using EAD.

• Auto Discover.
Auto-discovery is the process by which the Steelhead appliance automatically intercepts and optimizes traffic on all IP addresses and ports. By default, autodiscovery is applied to all IP addresses and the ports which are not secure, interactive, or default Riverbed ports. Defining in-path rules modifies this default setting.

• Discard.
Packets for the connection that match the rule are dropped silently. The Steelhead appliance filters out traffic that matches the discard rules. This process is similar to how routers and firewalls drop disallowed packets; the connection-initiating device has no knowledge of the fact that its packets were dropped until the connection times out.

• Deny.
When packets for connections match the deny rule, the Steelhead appliance actively tries to reset the connection. With deny rules, the Steelhead appliance actively tries to reset the TCP connection being attempted. Using an active reset process rather than a silent discard allows the connection initiator to know that its connection is disallowed.

Comments

Popular posts from this blog

L2TPv3 Enables Layer 2 Services for IP Networks

TCP/IP 明確擁塞通知 (ECN)

Q-in-Q(Dot1Q Tunnel) Sample Configuration