Professional Documents
Culture Documents
SADM6 - 5 eLabExercises v02
SADM6 - 5 eLabExercises v02
eLab Overview................................................................................................................................................................ 2
Group # __................................................................................................................................................................... 2
Pre-Exercise: Using the Riverbed Training eLab............................................................................................................3
Using & Managing Your eLab Pod............................................................................................................................... 5
Exercise 1: In-path Deployment...................................................................................................................................... 8
Exercise 2: Measure Performance (In-Path).................................................................................................................18
Exercise 3: Perform a Tcpdump to Look for Probes......................................................................................................21
Exercise 4: Out-of-Path Deployment............................................................................................................................. 24
Exercise 5: Measure Performance (Out-of-Path)..........................................................................................................27
Exercise 6: NetFlow....................................................................................................................................................... 29
Exercise 7: Configure Logical In-Path Network (Physically Out-of-Path)......................................................................32
Exercise 7A: WCCP Redirection of All Traffic & LAN/WAN Auto-discovery...............................................................41
(Optional) Exercise 7B: WCCP Redirect Lists, WAN-side Fixed-target Rules, & LAN-only Redirection....................46
(Optional) Exercise 7C: WCCP Adding Dynamic (User-configurable) Service Groups, WAN-side Fixed-target Rules,
& LAN-only Redirection................................................................................................................................................. 50
Exercise 8: Upgrade...................................................................................................................................................... 52
Exercise 9: RSP Installation & Configuration................................................................................................................54
Exercise 10: HS-TCP.................................................................................................................................................... 64
Exercise 11: Agentless Prepopulation...........................................................................................................................68
(Optional) Exercise 11a: RCU 2.x.................................................................................................................................. 70
Exercise 12: Quality of Service..................................................................................................................................... 75
Appendix A Topology Diagrams.................................................................................................................................. 85
Group # __
Requirements
Before logging into the eLab, you will need:
4. An Internet connection that allows https access over port 443.
5. Web browser, such as Internet Explorer or Firefox.
6. Java Runtime Environment (1.4 or greater).
If you are unsure if you meet these requirements, please ask your lab instructor.
Tips
7. Work with a partner.
8. Read the entire exercise before starting.
9. Experiment with different options.
10. Please listen to any additional instructions from your lab instructor.
11. Replace all instances of X with your group number.
2. Type the user name and password provided by the instructor and click Sign In.
3. Accept the security question (if necessary) by clicking on Allow.
4. Once you are logged in, a list of devices in your eLab pod displays as well as the variety
of connection methods for them.
5. Connect to the eLab Management Center by clicking the eLab Management Center link
6. Log into the eLab Management Center (user name and password are case sensitive):
1. User name = groupX, where X is your group number (for example, group4)
2. Password = password
The eLab Management Center interface displays.
Steelhead link .
14. To access the WAN simulator:
1. Can only be configured using a console connection and can be accessed using the
Serial console to WAN Simulator link, which automatically launches the terminal
client.
In the eLab Management Center, there are three main tasks:
15. The Lab Selection screen of the eLab Management Center automatically reconfigures
the underlying network to support the topology illustrated by the diagrams appropriate to
the lab scenario.
16. The Power Control page lets you reset the power on several core pod devices and lets
you watch the boot processes on a console session or force reboots.
17. The Terminal Control page lets you clear active or stuck line sessions.
2. To highlight the Terminal Control functionality of the eLab Management Center, assume
that your lab partner opened a terminal session to the network simulator and was unable to
close the session properly. If this happens, nothing will appear on the screen in the console
window if the simulator console session is re-launched.
To clear the line and make the console session accessible, in the eLab Management Center,
click the Terminal Control link and then click the Clear Connection link associated with
the WAN Simulator.
5. You will be presented with an RDP session showing a standard Microsoft Windows logon.
Until you have configured your lab topology enter administrator for the user name and
password for the password. Select TRAINING in the Log on to drop-down menu and click
OK.
NOTE: After your topology is configured you will enter either userXa or userXb for the
user name and password for the password.
6. Once you have logged into your group PC, the remote PC window fills your screen. You can
use the window control buttons at the top of the screen to minimize it or reduce the window
size so that you can continue to use the eLab Gateway and the eLab Management Center.
END OF PRE-EXERCISE
3. Enter the login name admin and password password. The configuration wizard starts and
the auto-configure prompt appears.
- NOTE: If you do not see the configuration wizard, you can reset the system back to
factory defaults by typing the CLI command reset factory reload in
configuration mode (en, then con t).
- NOTE: To launch the configuration wizard, enter configuration mode and type
configuration jumpstart or con j for short.
6. Enter y and press Enter. Answer the questions in the wizard to configure your Steelhead
according to the Topology 1 diagram, replacing your group number for the X as in the
example below. Your interaction should be similar to the following:
Step 1: Hostname? [amnesiac] shXbranch (or shXdc for DC)
Step 2: Use DHCP on primary interface? [yes] no
Step 3: Primary IP address? 10.1.x.30 (10.1.41.2x for DC)
Step 4: Netmask? [0.0.0.0] 255.255.255.224 (255.255.255.0 in the DC)
Step 5: Default gateway? 10.1.x.25 (10.1.41.x for DC)
Step 6: Primary DNS server?
Step 7: Domain name?
Step 8: Admin password?
Step 9: SMTP server? []
Step 10: Notification email address?
Step 11: Set the primary interface speed? [auto]
Step 12: Set the primary interface duplex? [auto]
Step 13: Would you like to activate the in-path configuration? [no] yes
Step 14: In-Path IP address? 10.1.x.20 (or 10.1.41.1x for DC)
Step 15: In-Path Netmask? [0.0.0.0] 255.255.255.224 (255.255.255.0 in the DC)
Step 16: In-Path Default gateway? 10.1.x.25 (10.1.41.x for DC)
Step 17: Set the in-path:LAN interface speed? [auto]
Step 18: Set the in-path:LAN interface duplex? [auto]
Step 19: Set the in-path:WAN interface speed? [auto]
Step 20: Set the in-path:WAN interface duplex? [auto]
c. Enter configuration mode and configure the AUX interface with the desired IP address as
shown in your topology diagram (192.168.99.2##). Please read the topology diagram
closely.
shxbranch # con t
shxbranch (config)# interface aux ip address 192.168.99.2## /24
10. Repeat the steps to configure the data center Steelhead using the appropriate IP address
shown in the topology diagram.
11. Verify access to the Management Console of each Steelhead using either the Branch
Steelhead or Server Steelhead links in the Web Bookmarks section at the top of the page.
This connects you to the Steelheads using the AUX interfaces that you configured. You can
log into each device using the admin user name and password for the password.
3. NTP is enabled. In most cases, you will want to use NTP but since this lab is closed off to
the Internet, and there is no local NTP server, we will need to turn off NTP.
shxdc (config)# ntp disable
4. Verify:
shxdc (config)# show ntp (notice that it is disabled)
5. Now configure the clock to your local time zone so that you can view the current time on
your RDP sessions. You MUST configure your system to this time for future lab
functionality.
shxdc (config)# clock timezone America North United_States Pacific
shxdc (config)# clock set yyyy/mm/dd hh:mm:ss
4. Click the icon on the menu bar. Notice that your active configuration date
changes and the Save icon on the menu bar is no longer highlighted.
5. Log out of the Management Console and then log back in as your new student user.
6. Verify your account in the right-hand side of the header.
7. Click on the studentX link in the upper right hand corner and verify the permission
settings.
Task 12: Verify network connectivity with the Health Check report
1. Navigate to the Reports > Diagnostics > Health Check page.
2. Select the Gateway Test and Cable Swap Test by clicking in the checkbox and then click
the Run Selected button. Observe the results in the Status column. Since we are using an
eLab the Cable Swap test may have an undetermined status.
3. Click the VIEW TEST OUTPUT box for the Cable Swap Test and view the results.
4. Do the same for the server-side and call it backup-server. Remember to change the active
configuration back to initial.
5. Optionally, click on your backup configuration to view the configuration. Do you have
permission? Since you are still logged in as the student user and not admin you will not have
the required permissions to view the configuration. Log out and relog back in as admin to
view the configuration.
END OF EXERCISE 1
If you have finished early, feel free to practice familiarizing yourself with the Management
Console. However, please do not make any additional changes to the configuration.
b. From the administrative CLI of the data center Steelhead (Serial console to Server
Steelhead) enter the following command in enable mode:
shxdc # no service enable
Terminating optimization service.......
2. A Windows share called share is available on the Shared Server workstation. Map a
network drive on the PCx workstation to the share on the Shared Server workstation.
a. Open a terminal services session from either PCxA or PCxB
- Login: userXa or userXb
- Password: password
- Domain: TRAINING
b. Right-click on My Computer.
c. Select Map Network Drive.
d. In the Folder field, enter the IP address and folder name as in the following example.
- \\10.1.41.70\share
3. On the PCx workstation, time how long it takes to drag-and-drop a file from the mapped
network drive to the desktop.
NOTE: You may find various types of files in the dataset folder on the shared server. For
example, there are case files in the ppt folder.
1. Unoptimized transfer time: ________
4. Disconnect the mapped drive on PCx once you have completed your baseline test by clicking
Tools Disconnect Network Drive, select the drive to disconnect, and click OK.
5. Enable Steelhead optimization.
a. From Management Console of the branch office Steelhead:
- Navigate to Configure > Maintenance > Services.
- Click the Start button.
b. From the administrative CLI of the data center Steelhead enter the following command:
shxdc # service enable
Relaunching optimization service.
6. Wait 20 seconds, and then follow these steps to confirm that the Steelhead software has fully
started.
a. From Management Console of the branch office Steelhead, navigate to Home.
- You should see a status of to the right of the menus at the top of the screen.
b. From administrative CLI of the data center Steelhead enter the following command:
shxdc # show info
2. You should see Status: Healthy.
7. Re-establish your connection to the network share (now optimized) by mapping the drive as
described in step 2.
8. Confirm that the Steelheads are optimizing the CIFS connection.
a. From the Management Console of the branch office Steelhead, navigate to the Reports >
Networking > Current Connections page.
END OF EXERCISE 2
Optional
If you have enough time, do the above again but via the CLI.
In the event the GUI is not available, it is best practice to know how to collect traces via the CLI.
END OF EXERCISE 3
3. With out-of-path connectivity, you should NOT have to re-configure the network simulator.
Verify your Topology 2 design. If your WAN simulator configuration is NOT identical to
Topology 2, configure it.
4. You can verify the above configuration by attempting to ping your in-path interface IP
address (10.1.41.1x). Then ping your Primary IP address (10.1.41.2x). You will notice the in-
path IP address (10.1.41.1x) no longer pings while the Primary IP is still pingable.
5. Verify that simplified routing is turned off on both Steelheads.
a. Navigate to Configure > Networking > Simplified Routing.
b. Confirm or change the Collect Mappings From field is set to None.
The last step to having a functional out-of-path deployment is to add a fixed-target rule to your
branch office Steelhead. The order of the rules is very important.
7. For the benefit of doing a side-by-side comparison of optimized versus unoptimized traffic,
add a rule so any traffic destined to the shared servers secondary IP address (10.1.41.71)
should pass through the Steelhead.
a. On the branch office Steelhead, navigate to Configure > Optimization > In-Path Rules.
b. Click on Add a New In-Path Rule.
c. Add a Pass Through rule to the end of the list for traffic from all source addresses
(0.0.0.0/0) destined to the unoptimized host address for the server (10.1.41.71/32).
END OF EXERCISE 4
b. From the administrative CLI of the data center Steelhead enter the following command:
shxdc # restart clean
Terminating optimization service.....
Relaunching optimization service.
b. Map a network drive on each workstation PC to a share on the shared server via the
unoptimized network path.
- Map to UNC pathname \\10.1.41.71\unshare.
c. In the Management Console and CLI, confirm that you see Optimized connections to
10.1.41.70 and Passthrough connections to 10.1.41.71. Make sure to change the
Connections of Type field to All.
- Note that you will not see passthrough connections on your data center Steelhead.
Why do you think this is?
d. Compare several file operations on the client PCs.
e. Confirm that a drag-and-drop performed by one client warms up the Steelheads,
making operations with the same files faster for the other client.
f. On the group workstation, time how long it takes to complete repeated drag-and-drop file
transfers between each network drive and the desktop.
3. Measure performance of web operations.
END OF EXERCISE 5
2. Move the cursor over the All Protocols menu in the nTop management interface and choose
Traffic. This window shows a list of hosts as well as the amount of data sent and amount of
each traffic type. It also shows if NetFlow packets are sent from the Steelhead to the
collector.
3. From the data center Steelhead, navigate to Configure > Networking > Flow Export.
4. Enable NetFlow export by clicking the Enable Flow Export checkbox and then clicking the
Apply button.
As the data center Steelhead runs in server-side out-of-path, the only interface with relevant
traffic to capture on that side is its Primary interface. As such, this interface will be both the
export interface, as well as the capture interface.
5. The NetFlow Collector has been configured to listen on the shared server IP address on port
2055. Add a new Flow Collector entry set to capture all traffic on the data center Steelheads
Primary interface and export it to the Primary interface to the server on port 2055 as shown
here.
10. Once you see your data flows, explore some of the other NetFlow information available
through nTop.
END OF EXERCISE 6
3. With logical in-path connectivity, re-configure the WAN simulator to bridge mode. You may
want to refer to the tasks you accomplished in the previous lab, but this time use the settings
from the Topology 3 network diagram.
NOTE: Once you configure your WAN simulator in bridge mode you will only be able to ping
the routers 10.1.x.85 interface on the data center side until the Steelhead and PCxB are
reconfigured. You can access your server Steelhead via its serial console connection.
As mentioned in the Lab Overview by your instructor, you will be working with a partner. One
partner will be the Client (PCxA) and the other will become the Server (PCxB). The logical
connectivity and IP addressing scheme used in all the WCCP labs in this manual are shown in the
above diagram. It is important to note however, that this diagram does not represent the physical
connectivity or even all the hardware used in the labs. When considering the flow of packets
throughout the network, the above diagram should serve as a reference point for all devices
involved in the layer 3 forwarding process.
For connectivity to the router, each group is assigned a set of sub-interfaces on the router. The
sub-interfaces are logical interfaces, and are able to forward packets as shown in the diagram
shown above through the use of VLANs (virtual LANs) and trunking (the ability to carry
multiple VLANs on a single link, this is also known as tagging).
While performing your configuration on the shared router, it is important to only modify the sub-
interfaces belonging to your group. The proctor of the lab has performed the basic configuration
of the lab switch and lab router (including IP addressing) allowing you to focus on the core
topics covered in the lab.
A Compound Lab Diagram is provided on the next page to more thoroughly detail the packet
flow.
b. Navigate to the Start Settings Network Connections (also available through the
Control Panel), and right-click to disable the Primary Lan interface.
c. Once the Primary Lan interface has been disabled, enable the Secondary Lan interface.
Enable Disable
2. Verify your success by typing the ipconfig command from a command prompt, you should
see something similar to the following:
3. Note all cabling and wiring have already been done for you in this virtual setting. By clicking
on the topology setup, all appropriate VLANs have been provisioned.
a. Recall that the Router is shared by all lab groups.
b. Both the Lab Router and Lab Switch have been pre-configured to allow for basic IP
connectivity and routing across the pod, and for telnet access from your eLab Main Page.
4. You should have already configured the WAN simulator to bridged mode. If you havent
done this already, please do so now.
3. Enter login admin and password password. The configuration wizard starts and the auto-
configure prompt appears.
Note: If you do not see the configuration wizard, can you reset the system back to factory by
typing reset factory reload from enable mode.
Riverbed Steelhead configuration wizard.
Do you want to auto-configure using a CMC?
5. Enter y and press Enter. Answer the questions in the wizard to configure your branch office
Steelhead according to the Topology 1 diagram, using your group number for the boxes as in
the example below. Your interaction should be similar to the following:
Step 1: Hostname? [amnesiac] shxbranch (or shxdc for DC)
Step 2: Use DHCP on primary interface? [yes] no
Step 3: Primary IP address? 10.1.x.30 (10.1.x.90 for DC)
Step 4: Netmask? [0.0.0.0] 255.255.255.224
Step 5: Default gateway? 10.1.x.25 (10.1.x.85 for DC)
Step 6: Primary DNS server?
Step 7: Domain name?
Step 8: Admin password?
Step 9: SMTP server? []
Step 10: Notification email address?
Step 11: Set the primary interface speed? [auto]
Step 12: Set the primary interface duplex? [auto]
Step 13: Would you like to activate the in-path configuration? [no] y
Step 14: In-Path IP address? 10.1.x.20 (10.1.x.80 for DC)
Step 15: In-Path Netmask? [0.0.0.0] 255.255.255.224
Step 16: In-Path Default gateway? 10.1.x.25 (10.1.x.85 for DC)
Step 17: Set the in-path:LAN interface speed? [auto]
Step 18: Set the in-path:LAN interface duplex? [auto]
Step 19: Set the in-path:WAN interface speed? [auto]
Step 20: Set the in-path:WAN interface duplex? [auto]
9. Access the Management Console of each Steelhead using the Branch Steelhead or Server
Steelhead links in the eLab Gateway to confirm connectivity. This connects you to the
Steelheads using the AUX interfaces that you configured.
3. Configure the clock to your local time zone so that you can view the current time on your
RDP sessions. You MUST configure your system to this time for future lab functionality.
shxdc (config)# clock timezone America North United_States Pacific
shxdc (config)# clock set yyyy/mm/dd hh:mm:ss
5. Repeat the setting of the clock for the branch office Steelhead.
2. From this mode, you can type show run. Look to see if your interfaces are configured as
in these examples. Remember that the xs below represent your Group number.
HINT: You can press the space bar when you see --More-- to proceed to the next page
of configuration if you do not see your interfaces.
# This is for the client-side connecting to the server-side
interface FastEthernet0/1.2x
encapsulation dot1Q 22x
ip address 10.1.x.25 255.255.255.224
3. Should you need to configure either of your interfaces, enter into configuration terminal
mode by issuing the config t command. You should see configuration terminal
prompt: R2(config)#.
4. From the config mode prompt (shown as R2(config)#), configure your interface per
the server-side or client-side example above.
5. Once you configure your interface, type Ctrl+Z or exit until you see the R2# prompt.
6. Verify your configuration by typing show run at the prompt.
7. In addition, you can enter the show ip route command, which should display router
and subinterface information similar to this example:
8. With the router, PCs, and Steelheads correctly configured you will be able to ping all
interfaces on both sides of your network with the exception of the data center Steelheads
in-path interface. Make sure you can ping all applicable interfaces in the diagram from
both directions: client-side to server-side, and server-side to client-side.
Why arent you able to ping the data center Steelheads in-path interface?
When you are successfully able to ping all these interfaces, then you are ready to proceed with
the next exercise. If you are unable to successfully ping these interfaces then review your
physical connectivity and configuration. Make sure you verify the proper interfaces are active on
the client and/or server, WAN simulator is in bridge mode, and the router is properly configured.
Do NOT proceed until you have end-to-end connectivity.
END OF EXERCISE 7
Instructions
1. Configure the branch office Steelhead using a physical in-path configuration as shown in
the above diagram.
2. Configure the data center Steelhead to be virtually in-path (physically out-of-path) using
the information in the above diagram.
1. Physically, only the wan0_0 interface is required to be plugged in. Internally it is still
bridged to the logical inpath0_0 interface that has the layer 3 (IP) information.
2. The basic configuration for virtual in-path is almost identical to a physical in-path
configuration with the addition of checking Enable L4/PBR/WCCP/Interceptor
Support in the Configure > Optimization > General Service Settings menu.
3. Click the Add New Service Group tab and enter the necessary parameters as shown
in the example below, using your own group number instead of an X wherever
applicable (there is no password; leave the other parameters with their default values).
interface FastEthernet0/1.22x
encapsulation dot1Q 2x
ip address 10.1.x.85 255.255.255.224
7. Enable WCCP redirection for the traffic coming into the data center from the branch
office for your interface.
R2(config)#interface FastEthernet0/1.2x
R2(config-subif)#ip wccp 9x redirect in
R2(config-subif)#exit
R2(config)#interface FastEthernet0/1.22x
R2(config-subif)#ip wccp 9x redirect in
Service Identifier: 9x
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 0
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
9. Verify that the entire configuration works and that traffic is properly being optimized by
mapping a drive from the client PC to the server. When mapping the drive to the server
(PCxB) use the format PCxB/userXa (or userXb). In the Current Connections report
on the Steelhead you should see the connection from the client to the server being
optimized.
Note: On both PCs, there are shared drives under the c:\class directory. By default there
should be /share and /unshare.
10. Re-run the commands in step 8, and be sure to look for the total number of packets
redirected:
R2#show ip wccp 9x
Service Identifier: 9x
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 258
11. Finally, we want to verify that all traffic is being redirected for optimization. For this
purpose, you will require another TCP-based service (that is not passed through using one
of the default rules) such as FTP, HTTP, and/or CIFS. You should have 3CDeamon
installed on both your systems. Run 3CDeamon on the Shared Server. Connect from
PCxA or PCxB to the Shared Server via FTP. While the connection should be successful,
viewing the connections in the Steelhead should reveal that it is passed through. (Use
anonymous for the username and 1234 for the password.) Also, make sure you place
1. Note: There are files on the FTP server, please select any large file to pull down.
The above is just an example.
END OF EXERCISE 7A
Instructions
Note: This exercise will require you to have an FTP daemon running on PCxA or PCxB. If there
is not one installed on either PC, please ask the proctor for the location of 3CDaemon to install.
1. Ensure your Steelhead configurations match those in Steps 1 through 4 in Exercise 7.
2. Before creating a fixed-target rule telling our Steelheads to redirect traffic, we need to
make sure we only apply the Fixed-Target rule to traffic that will match our redirect lists.
To do this, we will create a port label, specifying the same ports that we will list in our
redirect list (ports 139 and 445). Since the data center Steelhead will only receive traffic
6. Create an access-list for use in our redirect list (again, be sure to replace the X with your
group number).
R2(config)#access-list 10x permit tcp any any eq 445
R2(config)#access-list 10x permit tcp any any eq 139
R2(config)#access-list 10x permit tcp any eq 445 any
R2(config)#access-list 10x permit tcp any eq 139 any
7. Add a redirect list to your service group, specifying the access-list you created in the
previous step as a parameter.
R2(config)#ip wccp 9x redirect-list 10x
8. Verify that you have properly configured the redirect list using the WCCP show
command.
R2#show ip wccp 9x
Global WCCP information:
Router information:
Router Identifier: 10.1.-.-
Protocol Version: 2.0
Service Identifier: 9x
Number of Cache Engines: 1
Redirect access-list: 10x
9. Once you have configured your redirect list, check to see if the correct packets are being
redirected. The ports selected (445 and 139) are those used by the CIFS protocol. Try
establishing a share from the client to the server, and check either Steelhead to see if the
connection is being optimized.
10. Finally, we want to verify that traffic that should not be redirected is not being optimized.
For this purpose, you will require another TCP-based service (that is not passed through
using one of the default rules) such as FTP. Once you have installed the FTP daemon on
the Shared Server, try to FTP to it from the client. While the connection should be
successful, viewing the connections in the Steelhead should reveal that it is passed
through. (Use anonymous for the username and 1234 for the password.) Also, make sure
you place something in the directory of the FTP server so you can pull it down.
1. From your client PC command prompt:
C:\>ftp 10.1.x.70
Connected to 10.1.x.70
220 3Com 3CDaemon FTP Server Version 2.0
User (10.1.x.10:(none)): anonymous
331 User name ok, need password
Password:
230 User logged in
ftp> ls
200 PORT command successful.
150 File status OK ; about to open data connection
.
..
case1.ppt
226 Closing data connection
ftp: 180 bytes received in 0.00Seconds 1800.00Kbytes/sec.
ftp>
1. Note: There are files on the FTP server, please select any large file to pull down.
The above is just an example.
END OF EXERCISE 7B
Instructions
1. This lab assumes the same basic configuration as performed in the previous lab, however
we will need to remove the redirect list that we added on the router (this command will
disable WCCP for now):
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#no ip wccp 9x
The WCCP service is now disabled but remains configured on at least one
interface.
R2(config)#
2. Next, we need to configure the data center Steelhead to inform the router of which TCP
ports the router should forward to it.
4. Once WCCP is re-enabled, run through the WCCP show commands and verify that the
Steelhead and router are properly communicating.
5. Finally, on the client PC, map to a folder residing on the server and verify that the
connection is being optimized.
END OF EXERCISE 7C
3. Click on Install.
4. To boot the Steelhead into the new software, navigate to Configuration >
Maintenance > Reboot/Shutdown or just click on the Reboot/Shutdown tab and
click the Reboot button.
1. Note that your configuration is preserved when upgrading from an older version
to a newer version.
6. On your data center Steelhead, install the image using the Steelhead administrative CLI.
1. Check if the image is in the FTP directory of the central server. If it is not, place it
there.
2. Fetch the image from the FTP server to the data center Steelhead. The [image.img]
name shown in the example below may be different from the image you are
upgrading to. Use the exact image name as seen in the FTP directory.
shxdc # image fetch ftp://10.1.41.70/[image.img]
4. Observe the current boot configuration. Below is an example. Your boot partitions
may be different.
Partition 2:
rbt_sh 6.5.0 #84_25 2011-02-29 09:55:37 x86_64 root@brno:svn://svn/mgmt
/branches/canary_84_fix_branch
5. Notice that you cant install into the booted image partition.
shxdc # image install image_rbt_sh_6_5_0_n84_25_x86_64.img 1
% Cannot install to same partition just booted from.
8. Confirm that the Steelhead will boot to the set partition. Below is an example.
shxdc # show boot
Installed images:
Partition 1:
rbt_sh 6.5.0 #84_25 2011-02-29 09:55:37 x86_64 root@brno:svn://svn/mgmt
/branches/canary_84_fix_branch
Partition 2:
rbt_sh 6.5.0 #84_25 2011-02-29 09:55:37 x86_64 root@brno:svn://svn/mgmt
/branches/canary_84_fix_branch
END OF EXERCISE 8
3. Verify that you have a mapped drive to the optimized Shared Server.
4. The files we will be using will be in the class software folder. The two files we need are:
1. The RSP image in the rspimage folder.
2. The pfSense RSP package in the rsppackage folder.
3. Download these files to your group PC.
5. Log into the branch office Steelhead via the browser and verify or install an RSP license.
If there is not a valid RSP license installed please contact your instructor. Or, in the CLI:
license install <license text>.
2. If the RSP software is already installed (RSP Installed: Yes) please skip to the next Task.
3. Select Local File from the Install RSP From drop-down list.
4. Click the Browse button and select the RSP image that was obtained from the instructor.
Note: The file below is just an example. We may update the file version as needed. Look
for the file on the shared server under share. Your instructor will place the latest copy. It
should have rsp in the file name.
5. Click the Install button. Next to the install button you should see the installation status. It
will take some time to transfer the RSP image onto the Steelhead. After the transfer, RiOS
will install the RSP image this will take a few minutes.
6. Start the RSP service by clicking the Start button. RSP state will change from
initializing to running. This will take about 30 seconds.
2. If the pfSense package is already installed you may either select the package and click
Remove Selected Packages or skip the next step. Select Add a Package.
3. Select From Local File and Browse to locate pfSense-X.X_RSP.pkg. The file should
have been copied in step 1. Below is just an example. The file names change so verify
that you are installing the proper file.
4. Click the Add Package button. You will see the status next to the Packages section
header.
5. Click the Install button. This process can take 5 minutes to complete.
6. Verify that the slot was installed and that Slot 1 information has been updated for your
package.
Note the not-effective state. This should clear when the slot is enabled in the next step.
6. Now Enable Slot for Slot 1 (pfSense) under the Configure > Branch Services > RSP
Slots menu.
1. Expand the details for the slot named pfSense.
2. Click the Enable button in the Slot Operations tab.
3. Verify that the slot pfSense is enabled.
7. Verify that the interface states are clear in Configure > Branch Services > RSP Data
Flow.
10. Access http://192.168.1.1 with account admin and password pfsense to start the
configuration for your network.
13. Navigate to Services DHCP server and change the range of IP addresses it uses. Also
specify the Gateway as 10.1.x.25. Below is just an example.
Task 6: Use pfSense to block traffic to .71 network access from the LAN port
1. From the web interface of pfSense, navigate to Firewall: Rules.
2. Click on the LAN tab.
3. Click on the upper right most + icon to add a new rule.
END OF EXERCISE 9
Activity Procedure
Task 1: Configure HS-TCP on your branch office and data center Steelheads
1. On the branch office Steelhead, navigate to Configure > Optimization > Transport
Settings.
2. Select Enable HighSpeed TCP. This is only a screenshot; the BDP must still be done.
3. Configure the BDP. Verify the calculation using your WAN simulator parameters as
indicated in the introduction.
Activity Verification
Verify you still have a pass-through rule for .71. If you dont have one, make sure to place an in-
path rule as pass-through for 10.1.41.71 before you proceed.
1. Measure performance of web operations. Make sure to grab sizable files or entire
directories. This test could take time to accomplish.
1. On each client PC, clear your web browser cache. In Internet Explorer, this is done
by clicking Tools > Internet Options > General, and then clicking the Delete Files
button.
4. From the Management Console and CLI, confirm that you see both optimized and
unoptimized connections.
5. Via the optimized network path, upload a file that you had downloaded during one of
the previous tests.
7. You may need to use the lcd command to change your local directory to where
the files are saved. Example: ftp> lcd "\Documents and
Settings\Administrator\Desktop"
8. Transfer in binary mode, and enable hash marks to provide a visual of how
quickly the file is transferring. For example:
ftp> bin
200 Type set to I.
ftp> hash
Hash mark printing On ftp: (2048 bytes/hash mark) .
ftp> put <filename>
200 PORT command successful.
150 Opening BINARY mode data connection for '<file>'.
##########
. . .
9. Because the Steelheads are warmed from your previous tests, you should receive
warm speed performance despite the fact that this is the first time the file has
ever been transferred using the FTP protocol.
6. From both client PCs, perform additional put and get operations to upload and
download files.
END OF EXERCISE 10
2. Once you have added the share, it should look similar to the screen below.
5. Click back on the share name to see the synch progress. For example:
END OF EXERCISE 11
Enable Disable
3. Verify your success by typing the ipconfig command from a command prompt, you should
view the following:
6. Enter y and press Enter. Answer the questions in the wizard to configure your Steelhead
according to the Topology 4 diagram, using your group number for the boxes as in the
example below. Your interaction should be similar to the following:
Step 1: Hostname? [amnesiac] shxbranch (or shxdc for DC)
Step 2: Use DHCP on primary interface? [no]
Step 3: Primary IP address? [169.254.169.254] 10.1.x.30 (10.1.x.90 for DC)
Step 4: Netmask? [255.255.0.0] 255.255.255.224
Step 5: Default gateway? 10.1.x.25 (10.1.x.85 for DC)
Step 6: Primary DNS server?
Step 7: Domain name?
Step 8: Admin password?
Step 9: SMTP server:
Step 10: Notification email address:
Step 11: Set the primary interface speed? [auto]
Step 12: Set the primary interface duplex? [auto]
Step 13: Would you like to activate the in-path configuration? [no] y
Step 14: In-Path IP address? 10.1.x.20 (10.1.x.80 for DC)
Step 15: In-Path Netmask? [0.0.0.0] 255.255.255.224
Step 16: In-Path Default gateway? [10.1.x.25] (10.1.x.85 for DC)
Step 17: Set the in-path:LAN interface speed? [auto]
d. Repeat the steps to configure the data center Steelhead using the appropriate IP address
shown in the topology diagram.
e. Access the Management Console to each Steelhead using the Branch Steelhead or
Server Steelhead links in the eLab Gateway. This connects you to the Steelheads using
the AUX interfaces that you configured. You can log into each device using the admin
user name and password for the password.
10. Remain in the Serial console to Server Steelhead.
3. Now configure the clock to your local time zone so that you can view the current time on
your RDP sessions. You MUST configure your system to this time for future lab
functionality.
shxdc (config)# clock timezone America North United_States Pacific
shxdc (config)# clock set yyyy/mm/dd hh:mm:ss
Task 7: Prepopulate the contents of a folder on the Shared Server to the branch office
Steelhead and test performance
1. Clear the data stores of both your Steelhead appliances and make sure the service is Healthy
on both.
2. On the Shared Server, become acquainted with the many available RCU options.
C:\> rcu
. . .
- In the Management Console of your branch office Steelhead, you should see a
connection to port 8777 on the Shared Server.
- This operation could occur off-hours as a Windows Scheduled Task, allowing the
contents of very large folders to be prepopulated nightly for the maximum
performance of branch office users.
4. From the client PC, create a mapped drive to the share on the Shared Server.
5. On the client PC, copy one of the files in the share to the desktop. You should expect to see
warm performance despite the fact that this is the first time you are accessing the data via
CIFS since the Steelhead data stores were cleaned.
6. Perform a mirror operation from the client PC to the Shared Server.
a. On the Shared Server, create a folder that will be used as a backup destination for files
(such as c:\backup).
b. Within a command prompt, cd to the backup folder and run the RCU in server mode.
c:\> cd \backup
c:\backup>rcu /server
c. On the client PC, find a folder that contains data to be backed up (such as c:\temp).
d. Within a command prompt, run RCU in mirror mode.
c:\> rcu /mirror c:\temp 10.1.x.70 tempbackup
- In the Management Console of your branch office Steelhead, you should see a
connection to port 8777 on the Shared Server.
- On your Shared Server, within the c:\backup folder, you should see a sub-folder
called tempbackup that begins to fill with data.
- A customer that has retained some servers in a branch office could use RCU in this
way to perform a nightly mirror to a server in the data center that could then be
backed up to tape.
7. Perform a monitored mirror operation from the client PC to the Shared Server.
a. On the client PC, within a Command Prompt, run RCU in monitored mirror mode.
c:\> rcu /monitor /mirror c:\temp 10.1.x.70 tempbackup
b. Copy a file into c:\temp and confirm that it is automatically mirrored to the remote side.
Verify the file is there on the server.
Enable Disable
3. Verify your success by typing the ipconfig command from a command prompt, you should
see the following as an example:
4. Note all cabling and wiring have already been done for you in this virtual setting. By clicking
on the topology setup, all appropriate VLANs have been provisioned.
a. Note that the Router is shared by all lab groups.
b. Both the Lab Router and Lab Switch have been pre-configured to allow for basic IP
connectivity and routing for basic access from your eLab Main Page.
5. Ensure that the WAN simulator is in routing mode and set the IP addressing for its interfaces
Net1 and Net2 as identified in the Topology 4 diagram.
6. Enter y and press Enter. Answer the questions in the wizard to configure your Steelhead
according to the Topology 1 diagram, using your group number for the boxes as in the
example below. Your interaction should be similar to the following:
Step 1: Hostname? [amnesiac] shxbranch (or shxdc for DC)
Step 2: Use DHCP on primary interface? [no]
Step 3: Primary IP address? [169.254.169.254] 10.1.x.30 (x.90 for DC)
Step 4: Netmask? [255.255.0.0] 255.255.255.224 (/27 in the DC)
Step 5: Default gateway? 10.1.x.25 (or 10.1.x.85 for DC)
Step 6: Primary DNS server?
Step 7: Domain name?
Step 8: Admin password?
Step 9: SMTP server:
Step 10: Notification email address:
Step 11: Set the primary interface speed? [auto]
Step 12: Set the primary interface duplex? [auto]
Step 13: Would you like to activate the in-path configuration? [no] y
Step 14: In-Path IP address? 10.1.x.20 (or 10.1.x.80 /27 for DC)
Step 15: In-Path Netmask? [0.0.0.0] 255.255.255.224 (/27 in the DC)
Step 16: In-Path Default gateway? [10.1.x.25] (or 10.1.x.85 for DC)
Step 17: Set the in-path:LAN interface speed? [auto]
Step 18: Set the in-path:LAN interface duplex? [auto]
Step 19: Set the in-path:WAN interface speed? [auto]
Step 20: Set the in-path:WAN interface duplex? [auto]
d. Repeat the steps to configure the data center Steelhead using the appropriate IP address
shown in the topology diagram.
3. Now configure the clock to your local time zone so that you can view the current time on
your RDP sessions.
shxdc (config)# clock timezone America North United_States Pacific
shxdc (config)# clock set yyyy/mm/dd hh:mm:ss
a. Click the Run IPerf! button to have this window start listening on UDP
port 5001.
b. Select the second Jperf window (do not close the previous window!) on PCxB and
configure it similar to the previous window, but with Listen Port 6001 (UDP, Server, Port
6001).
c. Click the Run IPerf! button for this second window to start listening on UDP port 6001
3. Configure PCxA so that it will create traffic for our simulated flood and voice traffic
(UDP ports 5001 & 6001, respectively). Begin with setting the parameters on the first JPerf
window to match the settings on the following screenshot, making sure to adjust the IP
address for your pod environment.
a. Click the Run IPerf! button. This begins to saturate the line by sending traffic from the
Client PC to the Server PC at 500k/s (as configured in the previous step).
b. Configure the other JPerf window on each branch PC similar to the previous window, but
this time to simulate the stream with two voice calls (Client, Server Address: 10.1.x.70,
Port 6001, Transmit: 20 seconds, UDP, UDP Bandwidth: 80kb/s).
c. Click the Run IPerf! button to start sending the traffic that will simulate the two voice
calls.
4. After 20 seconds, click the Stop button on PCxB for the window configured to serve on port
6001.
Notice the graphs on the system. You will see the Jitter and the Kbits (BW) on the Server
listening side JPerf. We will use this utility to verify our QoS configuration.
Task 9: Reconfigure your JPerf with the new settings and view base transfer with no QoS
and compare this with QoS
1. Configure the other JPerf window to simulate a stream with two voice calls. This can be done
by matching the settings in your second window to those on the following screenshot. (6
streams, 20 seconds of transmit, port 6001, and 80 KBytes)
6. Restart clean on both Steelheads. Note: This command will kill your FTP so you will have to
reestablish your FTP connection.
7. Start your ftp session of the same file which should transfer cold.
8. Execute JPerf with 6 streams again.
END OF EXERCISE 12