You are on page 1of 12

A Riverbed Technology White Paper

Partner Technical White Paper Deploying Riverbed Steelheal Appliances with Mazu Profiler

Partner Technical White Paper


Deploying Riverbed Steelhead Appliances with Mazu Profiler

2008 Riverbed Technology,Inc. All rights reserved.

Partner Technical White Paper Deploying Riverbed Steelheal Appliances with Mazu Profiler

TABLE OF CONTENTS
Partner Technical White Paper............................................................................................................................................................................. 1 Deploying Riverbed Steelhead Appliances with Mazu Profiler......................................................................................................................... 1 1. Introduction........................................................................................................................................................................................................ 3 2. Configuring Steelhead Appliances for Netflow.............................................................................................................................................. 4 I. Netflow and Steelhead Appliances................................................................................................................................................................... 4 II. Enabling Netflow on Riverbed Steelhead Appliances..................................................................................................................................... 4 III. Steelhead Appliance Deployment Scenarios................................................................................................................................................. 6 1. In-path....................................................................................................................................................................................................... 6 2. Virtual in-path............................................................................................................................................................................................ 6 3. Out of path................................................................................................................................................................................................. 7 3. Configuring Mazu Profiler................................................................................................................................................................................. 7 I. Configuring the WAN Interface Speed of the Steelhead Interface Exporting Netflow Data............................................................................. 7 II. Link-Based Reporting for the Data Center in a Fan-In Model......................................................................................................................... 8 4. Deployment Scenarios.................................................................................................................................................................................... 10 I. Point-to-Point Links........................................................................................................................................................................................ 10 II. Hub-and-Spoke............................................................................................................................................................................................. 10 Branch Office............................................................................................................................................................................................... 10 Central Site.................................................................................................................................................................................................. 10 III. MPLS............................................................................................................................................................................................................ 11 5. Additional Mazu Profiler Capabilities............................................................................................................................................................. 11 I. Application Fingerprinting............................................................................................................................................................................... 11 II. User Identity................................................................................................................................................................................................... 11 III. Logical Path Association.............................................................................................................................................................................. 12 IV. Integrations and Extensible API................................................................................................................................................................... 12 6. Summary.......................................................................................................................................................................................................... 12

2008 Riverbed Technology,Inc. All rights reserved.

Partner Technical White Paper Deploying Riverbed Steelheal Appliances with Mazu Profiler

1. Introduction
The Riverbed Steelhead appliance provides significant advantage to companies who want to optimize the performance of applications over the wide area network (WAN). There is an associated cost, however, as visibility into the WAN is reduced. As a result, troubleshooting and performance analysis can be more difficult. Mazu Profiler helps companies overcome this obstacle by providing a real-time view of the network and associated host conversations both locally and across the optimized WAN infrastructure. All of the benefits that Mazu Profiler delivers including real-time and historical reporting, automatic and custom behavioral analytics, and custom dashboards are available to support the optimized network infrastructure. As a result, organizations can: Better understand their network for planning purposes Be alerted to meaningful changes in network, application, user, and host behavior Quickly identify root cause and troubleshoot these Maintain information for audit purposes This best practices document describes how to deploy Riverbed Steelhead appliances in conjunction with Mazu Profiler. This document is written for network administrators who are familiar with the Netflow functionality of the two products. This document provides a high level overview of the operation of the Riverhead Steelhead and Mazu Profiler appliances and is not intended to be a step by step guide or a replacement of the products respective documentation. Readers should refer to individual product documentation for more details.

2. Configuring Steelhead Appliances for Netflow


I. Netflow and Steelhead Appliances
Steelhead appliances support Netflow version 5 and collect only ingress traffic (traffic coming in from the LAN and WAN interface). Egress traffic from both the WAN or LAN interface is not reported via Netflow.

2008 Riverbed Technology,Inc. All rights reserved.

Partner Technical White Paper Deploying Riverbed Steelheal Appliances with Mazu Profiler

1.

To measure data going from client to server, create a query using the LAN interface on the client-side Steelhead appliance (LAN-0) and the WAN interface on the server-side Steelhead appliance (WAN-1). The LAN interface on the client-side Steelhead appliance (LAN-1) exports the raw, pre-optimized traffic and the WAN interface of the server-side Steelhead appliance (WAN-1) exports the optimized traffic from client to server. To measure data going from server to client, look at the LAN interface on the server-side Steelhead appliance (LAN-1) and the WAN interface on the client-side Steelhead appliance (WAN0). The LAN interface on the server-side Steelhead appliance (LAN-1) exports the raw, pre-optimized traffic and the WAN interface of the client-side Steelhead appliance (wan0) exports the optimized traffic data from server to client.

2.

II. Enabling Netflow on Riverbed Steelhead Appliances


Netflow support is enabled and configured in the Advanced Networking Netflow Export page. Netflow enables the export of network statistics that provide information about network hosts, protocols and ports, peak usage times, and traffic routing. Netflow updates the flow record with information pertaining to each packet traversing the specified network interface. This data is then sent to a Netflow collector such as the Mazu Profiler or Mazu Regional Gateway. The Mazu flow collector default is port 2003 which can be changed; that process is described later in this document. To enable Netflow on the Riverbed Steelhead appliance: 1. 2. 3. Click the Setup tab to display the Setup menu. Click Advanced Networking to expand the Advanced Networking menu. Click Netflow to display the Advanced Networking Netflow Export page.

2008 Riverbed Technology,Inc. All rights reserved.

Partner Technical White Paper Deploying Riverbed Steelheal Appliances with Mazu Profiler

Select to enable Netflow

Select to add as many other interfaces as desired to export to this collector

1. As shown above, select Enable Netflow Export. 2. As shown above, select Additional Interfaces to add as many interfaces as desired for this Netflow exporter. 3. Complete the Add New Entry box for all of the desired interfaces using the following steps shown below:

2008 Riverbed Technology,Inc. All rights reserved.

Partner Technical White Paper Deploying Riverbed Steelheal Appliances with Mazu Profiler

Field Description:

4.

Log in to the Steelhead appliance via SSH and run the following hidden command to set the Netflow active timeout from the default of 30 minutes to 60 seconds: ip flow-setting active_to "60"

III. Steelhead Appliance Deployment Scenarios


1. In-path In this configuration, the Steelhead appliances are physically placed in path of the client and server and see all traffic. Enable Netflow and use the primary/auxiliary interface to export the data to the Mazu Profiler. Select All to export all traffic received by the Steelhead appliance to Mazu Profiler ensuring all optimized and non-optimized traffic is exported. 2. Virtual in-path In a virtual in-path deployment, the Steelhead appliances are placed physically out of path but virtually in the path between the clients and servers. In a virtual in-path deployment, clients and servers continue to see the real client and server IP addresses. This deployment differs from a physical in-path deployment in that a packet redirection mechanism is used to direct packets to the Steelhead appliance. Redirection mechanisms include: Policy Based Routing (PBR) and WCCP. In this configuration, enable Netflow on the primary/auxiliary interface and export only the optimized data from the Steelhead and use the router to export the pass-through data. In this configuration, the Steelhead appliances do not have sufficient information to determine the flow direction of pass through traffic. Therefore, it is necessary to enable Netflow export on the router to capture the pass-through traffic. Additionally, run the following command on the Steelhead appliance that is running virtually in-path: ip flow-export destination <ip address> <port> interface wan0_0 fakeindex on This will enable the Steelhead appliance to determine the flow of optimized traffic on the WAN interface in a virtual in-path set up. To get information only on the un-optimized traffic, create a report using a host subnet (or host address) with the Steelhead client IP address.

2008 Riverbed Technology,Inc. All rights reserved.

Partner Technical White Paper Deploying Riverbed Steelheal Appliances with Mazu Profiler

3. Out of path An out-of-path deployment is a network configuration in which the Steelhead appliance is not in the direct physical path between the client and the server. In an out-of-path deployment, the Steelhead appliance acts as a proxy. An out-of-path configuration is suitable for data center locations where physical in-path or virtual in-path configurations are not possible. In this configuration, enable Netflow on the primary/auxiliary interface and export only the optimized data from the Steelhead appliance. Similar to the virtual in-path deployment, configure the router to export the pass-through data as the Steelhead appliance will only see optimized data in this configuration. Steelhead appliances are unable to determine the flow of the optimized data in this configuration and are therefore unable to split traffic based on the source (e.g. LAN or WAN).

3. Configuring Mazu Profiler


I. Configuring the WAN Interface Speed of the Steelhead Interface Exporting Netflow Data
Mazu Profiler uses SNMP to collect information about the Netflow exporter (i.e. the Steelhead appliance). It collects the speed of the interface exporting the Netflow data. Within this deployment scenario, it is the Steelhead that exports the Netflow data and not the outbound router interfaces. Thus the interface speed information received by Mazu Profiler refers to the connectivity between the Steelhead appliance and the router and not the outbound WAN link (e.g. Frame Relay sub interfaces). This would typically mean that Mazu Profiler will report the outbound interface to be a 100Mbps or a 1 Gbps link instead of a T1, T3 or DS3 link. To enable link utilization in the reporting and custom analytics, the proper interface speed must be set in the Mazu Profiler UI. 1. 2. Open the Mazu Profiler web interface. Click the System Information then the Devices/Interfaces link on the navigation bar on the left side of the screen.

3.

Select Interfaces (List) from the table.

4.

Identify the interface speed to change and enter the change in the Speed Override column.

2008 Riverbed Technology,Inc. All rights reserved.

Partner Technical White Paper Deploying Riverbed Steelheal Appliances with Mazu Profiler

5.

Make all of the necessary changes and then click the Apply button on the bottom right side of the page.

II. Link-Based Reporting for the Data Center in a Fan-In Model


In the fan-in model, Netflow data exported by the WAN interface of the Steelhead appliance at the data center represents all incoming flows. All of the sites connecting to the Steelhead appliance are aggregated and not differentiated. Mazu Profiler allows the operator to easily distinguish a remote site by specifying the link information. This distinction should be used for both the reporting and the analytics engine to establish policy surrounding individual site connectivity.

Using the model described above, the operator is able to distinguish per-site information by reporting on the link instead of an interface. This can be accomplished in many ways; however, the most simple is to create a query specifying the Data Center LAN-0 interface and the Remote Site LAN-1 interface (in this example) for reporting on the link traffic. The traffic can be viewed in a variety of ways, including the following:

2008 Riverbed Technology,Inc. All rights reserved.

Partner Technical White Paper Deploying Riverbed Steelheal Appliances with Mazu Profiler

More information about the specific Report by categories can be found in the Mazu Profiler Users Guide or the Mazu Profiler online help. Mazu refers to application based on an actual layer 7 fingerprint of the packet payload. ports or services refer to the Layer 3/4 information provided by Netflow. The category labeled Application-ports will include the Layer 3/4 information (protocol/ports) as well as an application tag noting the packet payload determined through a deep packet inspection by the Mazu Application Sensor. More information on the Mazu Application Sensor is included below for reference. Mazu Profiler also incorporates a logical grouping of hosts into multiple views referred to as Host Groups. The Host Groups provide a macro view of the network allowing operational personnel to quickly distinguish important context in the report. Below is a report generated from the abovementioned query.

4. Deployment Scenarios
This section discusses several typical deployment scenarios with the Steelhead appliances and the associated relation to Netflow reporting. In general, any site that has WAN links coming in from different sites will use Host Grouping by Site for visibility of individual links.

2008 Riverbed Technology,Inc. All rights reserved.

Partner Technical White Paper Deploying Riverbed Steelheal Appliances with Mazu Profiler

I. Point-to-Point Links
In this deployment scenario, there is a single dedicated link between two Steelhead-appliance-enabled sites. The two Steelhead appliances involved are dedicated to this link alone. Besides enabling the interfaces for exporting Netflow on the Steelhead appliance, one will also need to set the interface for the WAN interface on each Steelhead appliance. This would also hold true for a bonded WAN connection between two sites.

II. Hub-and-Spoke
In this deployment scenario, each branch site communicates with a central site through a dedicated link. Any communication between the branch office sites also goes via the central site. Branch Office Enable the interfaces for Netflow export on the Steelhead appliance. In addition one will also need to set the interface speed for the WAN interface on each Steelhead appliance. Central Site The central site or hub site deploys a fan-in model. Enable the interfaces for Netflow export on the Steelhead appliance. Configure the WAN interface speed to match the aggregate speed of the WAN link. If individual site-level visibility is required for each site, Host Grouping will have to be created for each branch office site as explained in Section 2 (III).

III. MPLS
In this deployment, if visibility is needed per subnet then Mazu recommends using Host Grouping, which is needed to identify subnet level conversations in the MPLS cloud. You will then need to enable Netflow on the Steelhead appliance interfaces for the WAN interface on each Steelhead appliance. You must also configure the WAN link speed for each WAN interface.

5. Additional Mazu Profiler Capabilities


I. Application Fingerprinting
Mazu Profilers application fingerprinting identifies the application traversing the flow by inspecting the packet payload and comparing the payload to an extensive list of known applications. This allows operators to quickly understand the application traversing a given flow, for example Skype using tcp/80 or users going to Gmail. Other management tools identify applications using the protocol and port association. New applications using non-standard ephemeral ports and tunneling over known ports make it difficult for network operators to accurately identify which applications are running. The application fingerprinting capability is enabled by the Mazu Application Sensor which resides passively on the network, inspecting traffic SPANd or mirrored to the device. Unlike traditional packet inspection devices, the Mazu Application Sensor tags a given flow with the application detail, thus requiring fewer appliances to provide coverage across the enterprise.

2008 Riverbed Technology,Inc. All rights reserved.

10

Partner Technical White Paper Deploying Riverbed Steelheal Appliances with Mazu Profiler

II. User Identity


Mazu Profiler integrates with identity management solutions. This enables the operator to quickly identify a user who is consuming the network bandwidth or disrupting other users. The user identity feature is available for real-time and historical reporting as well as through the custom analytics engine.

III. Logical Path Association


Using SNMP integration, Mazu Profiler records the logical path that a flow takes across the network. This makes it possible to determine whether the primary or redundant path was traversed by a particular flow.

IV. Integrations and Extensible API


Mazu Profiler provides out-of-the-box integrations with more than 40 popular enterprise technologies to increase the value of your existing infrastructure investments. These integrations help you quickly identify and triage new events regardless of how they are generated (Mazu Profiler or other tools). Additionally, they reduce training requirements as the information provided by Mazu Profiler in available from within tools already familiar to the network operators. The extensible API also provides the ability for custom integrations with homegrown tools.

6. Summary
The emergence of WAN optimization devices like Riverbed Steelhead appliances has brought new challenges and contradicts some fundamental assumptions made in Netflow. Our joint testing, however, has proven that the Mazu Profiler and Riverbed Steelhead products work together to not only maintain current levels of visibility but also to provide customers with additional valuable insight into their optimized network.

2008 Riverbed Technology,Inc. All rights reserved.

11

Partner Technical White Paper Deploying Riverbed Steelheal Appliances with Mazu Profiler

Riverbed Technology, Inc. 199 Fremont Street San Francisco, CA 94105 Tel: (415) 247-8800 www.riverbed.com

Riverbed Technology Ltd. No 1, The Courtyard, Eastern Road Bracknell, Berkshire RG12 2XB United Kingdom Tel: +44 1344 354910

Riverbed Technology Pte. Ltd. 391A Orchard Road #22-06/10 Ngee Ann City Tower A Singapore 238873 Tel: +65 6508-7400

Riverbed Technology K.K. Shiba-Koen Plaza Building 9F 3-6-9, Shiba, Minato-ku Tokyo, Japan 105-0014 Tel: +81 3 5419 1990

2008 Riverbed Technology,Inc. All rights reserved. Riverbed Technology,Riverbed, Steelhead and the Riverbed logo are trademarks or registered trademarks of Riverbed Technology,Inc. Portions of Riverbeds products are protected under Riverbed patents, as well as patents pending. WP-UHC011808

2008 Riverbed Technology,Inc. All rights reserved.

12