Riverbed SteelHead 570-SD Installation and operation manual
SteelHead™
SD In-Field Upgrade Guide
Models 570-SD, 770-SD, 3070-SD, SDI-2030
Version SteelHead SD 2.0, SteelConnect 2.11
August 2018
Part Number
712-00312-01
Riverbed Technology
680 Folsom Street
San Francisco, CA 94107
www.riverbed.com
© 2018 Riverbed Technology, Inc. All rights reserved.
Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed. All other trademarks used
herein belong to their respective owners. The trademarks and logos displayed herein cannot be used without the prior written
consent of Riverbed or their respective owners.
Akamai® and the Akamai wave logo are registered trademarks of Akamai Technologies, Inc. SureRoute is a service mark of
Akamai. Apple and Mac are registered trademarks of Apple, Incorporated in the United States and in other countries. Cisco
is a registered trademark of Cisco Systems, Inc. and its affiliates in the United States and in other countries. EMC, Symmetrix,
and SRDF are registered trademarks of EMC Corporation and its affiliates in the United States and in other countries. IBM,
iSeries, and AS/400 are registered trademarks of IBM Corporation and its affiliates in the United States and in other
countries. Juniper Networks and Junos are registered trademarks of Juniper Networks, Incorporated in the United States and
other countries. Linux is a trademark of Linus Torvalds in the United States and in other countries. Microsoft, Windows, Vista,
Outlook, and Internet Explorer are trademarks or registered trademarks of Microsoft Corporation in the United States and in
other countries. Oracle and JInitiator are trademarks or registered trademarks of Oracle Corporation in the United States and
in other countries. UNIX is a registered trademark in the United States and in other countries, exclusively licensed through X/
Open Company, Ltd. VMware, ESX, ESXi are trademarks or registered trademarks of VMware, Inc. in the United States and in
other countries.
This product includes Windows Azure Linux Agent developed by the Microsoft Corporation (http://www.microsoft.com/).
Copyright 2016 Microsoft Corporation.
This product includes software developed by the University of California, Berkeley (and its contributors), EMC, and Comtech
AHA Corporation. This product is derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm.
The SteelHead Mobile Controller (virtual edition) includes VMware Tools. Portions Copyright © 1998-2016 VMware, Inc. All
Rights Reserved.
NetApp Manageability Software Development Kit (NM SDK), including any third-party software available for review with such
SDK which can be found at http://communities.netapp.com/docs/DOC-1152, and are included in a NOTICES file included
within the downloaded files.
For a list of open source software (including libraries) used in the development of this software along with associated
copyright and license agreements, see the Riverbed Support site at https//support.riverbed.com.
This documentation is furnished “AS IS” and is subject to change without notice and should not be construed as a
commitment by Riverbed. This documentation may not be copied, modified or distributed without the express authorization
of Riverbed and may be used only in connection with Riverbed products and services. Use, duplication, reproduction, release,
modification, disclosure or transfer of this documentation is restricted in accordance with the Federal Acquisition
Regulations as applied to civilian agencies and the Defense Federal Acquisition Regulation Supplement as applied to military
agencies. This documentation qualifies as “commercial computer software documentation” and any use by the government
shall be governed solely by these terms. All other use is prohibited. Riverbed assumes no responsibility or liability for any
errors or inaccuracies that may appear in this documentation.
SteelHead SD In-Field Upgrade Guide 3
Contents
Welcome .............................................................................................................................................. 7
Document conventions............................................................................................................7
Safety guidelines..................................................................................................................... 8
Documentation and release notes ........................................................................................... 8
Contacting Riverbed ................................................................................................................ 8
1 - SteelHead SD Overview ................................................................................................................ 11
Introducing SteelHead SD ..................................................................................................... 11
SteelHead SD software architecture ..................................................................................... 13
SteelHead SD port mapping between the VMs and physical ports................................... 13
Transforming your SteelHead network................................................................................... 14
SteelHead features unchanged after upgrading to SteelHead SD .......................................... 15
SteelHead features changed after upgrading to SteelHead SD.............................................. 16
Interface behavior before and after upgrading ...................................................................... 19
SteelHead SD and SteelConnect feature compatibility by model........................................... 20
Hardware and software requirements ................................................................................... 22
Firewall requirements ..................................................................................................... 22
Ethernet network compatibility....................................................................................... 23
SNMP-based management compatibility ........................................................................ 23
NIC support ........................................................................................................................... 23
Before you begin.................................................................................................................... 24
2 - In-Field Upgrade Workflow........................................................................................................... 25
Workflow for performing an in-field upgrade ......................................................................... 25
3 - SteelHead SD Licensing ............................................................................................................... 27
SteelConnect SD-WAN service licensing ............................................................................... 27
SteelHead WAN optimization service licensing...................................................................... 30
4SteelHead SD In-Field Upgrade Guide
Contents
4 - Upgrading the SteelHead Appliance Memory ............................................................................... 31
Upgrading the appliance memory .......................................................................................... 31
Prerequisites and requirements ...................................................................................... 31
Adding DIMMs to the SteelHead CX570 appliance ................................................................. 32
Adding a DIMM to the SteelHead CX770 appliance ................................................................ 34
Adding a DIMM to the SteelHead CX3070 appliance .............................................................. 37
Troubleshooting..................................................................................................................... 40
5 - Adding and Registering Appliances in SCM .................................................................................. 41
Overview................................................................................................................................ 41
DHCP versus static IP ...................................................................................................... 41
Logging in to SCM.................................................................................................................. 42
Defining an organization........................................................................................................43
Adding sites .......................................................................................................................... 43
Adding zones......................................................................................................................... 44
Adding shadow appliances .................................................................................................... 45
Registering SteelHead SD appliances ................................................................................... 45
Recabling the appliance ........................................................................................................ 47
SteelHead SD port definitions ......................................................................................... 47
Recabling the appliance .................................................................................................. 48
6 - Upgrading the SteelHead Software .............................................................................................. 51
Requirements and prerequisite tasks prior to upgrading ....................................................... 51
DHCP versus static IP ............................................................................................................ 53
Network design prerequisites................................................................................................ 54
Backing up your SteelHead configuration .............................................................................. 55
Upgrading software using the SCC ........................................................................................ 56
Restoring Service Cloud Accelerator registration and application settings...................... 60
Upgrading software using the SteelHead Management Console............................................ 60
Preconfiguring the SteelHead if you are using a static IP address ................................... 61
Installing the image using the SteelHead Management Console ..................................... 65
What’s next ........................................................................................................................... 67
Troubleshooting..................................................................................................................... 68
Insufficient memory or unsupported model..................................................................... 68
Firmware upgrade error................................................................................................... 68
Downgrade check............................................................................................................ 68
Image download or installation failure ............................................................................ 68
SteelHead SD installer failure ......................................................................................... 68
Can’t generate config error.............................................................................................. 68
DNS error ........................................................................................................................ 69
SteelHead SD In-Field Upgrade Guide
5
Contents
Upgrade failed................................................................................................................. 69
If the appliance doesn’t come online ............................................................................... 69
License server errors....................................................................................................... 69
The certificate from license server doesn’t match the private key ................................... 69
Cannot log in after converting the appliances.................................................................. 70
A - SteelHead SD Technical Specifications........................................................................................ 71
SteelHead SD 570-SD and 770-SD appliance specifications ................................................. 71
Status lights and ports.................................................................................................... 71
Technical specifications .................................................................................................. 72
Environmental specifications.......................................................................................... 73
SteelHead SD 3070-SD appliance specifications .................................................................. 73
Status lights and ports.................................................................................................... 74
Technical specifications .................................................................................................. 76
Power requirements and consumption............................................................................ 77
Environmental specifications.......................................................................................... 77
B - SteelHead SD Port Mappings ....................................................................................................... 79
Port mapping between the VMs and physical ports ............................................................... 79
SteelHead SD 570-SD and 770-SD appliances ...................................................................... 80
Physical ports ................................................................................................................. 80
CVM ports .......................................................................................................................80
Physical port to flows port mapping ................................................................................ 80
Service chain virtual machines........................................................................................ 80
vSwitch mapped VM ports............................................................................................... 80
Bridged VM ports for internal communication ................................................................. 81
SteelHead SD 3070-SD appliance ......................................................................................... 81
Physical ports ................................................................................................................. 81
CVM ports .......................................................................................................................82
Physical port to flows port mapping ................................................................................ 82
SVM ports .......................................................................................................................82
RVM ports .......................................................................................................................82
vSH ports ........................................................................................................................ 82
C - SteelConnect Connection Ports ................................................................................................... 83
Ports for UDP, TCP, and ICMP connections.............................................................................. 83
Outbound connections .................................................................................................... 83
Inbound/outbound connections ...................................................................................... 84
Tunneled SSH client connections .................................................................................... 84
Notes .................................................................................................................................... 84
6SteelHead SD In-Field Upgrade Guide
Contents
SteelHead SD In-Field Upgrade Guide 7
Welcome
Welcome to the SteelHead SD In-Field Upgrade Guide.This guide describes how to upgrade a SteelHead
CX570, CX770, or CX3070 appliance to a SteelHead SD 570-SD, 770-SD, or 3070-SD appliance.
Before you begin, make sure you familiarize yourself with the:
SteelHead SD Installation Guide
SteelHead SD User Guide
SteelConnect Manager User Guide
This guide is written for storage and network administrators who are familiar with administering and
managing WANs.
This guide includes information relevant to these products and product features:
Riverbed SteelHead SD (SteelHead SD)
Riverbed SteelHead (SteelHead)
Riverbed SteelConnect (SteelConnect)
SteelConnect Manager (SCM)
Steel Operating System (SteelOS)
Riverbed Optimization System (RiOS)
Riverbed command-line interface (CLI)
Document conventions
This guide uses the following standard set of typographical conventions.
Convention Meaning
italics Within text, new terms and emphasized words appear in italic typeface.
boldface Within text, CLI commands, CLI parameters, and REST API properties appear in bold typeface.
Courier Code examples appear in Courier font:
amnesiac > enable
amnesiac # configure terminal
< > Values that you specify appear in angle brackets: interface <ip-address>
[ ] Optional keywords or variables appear in brackets: ntp peer <ip-address> [version <number>]
8SteelHead SD In-Field Upgrade Guide
Welcome Safety guidelines
Safety guidelines
Follow the safety precautions outlined in the Safety and Compliance Guide when installing and setting
up your equipment.
Important: Failure to follow these safety guidelines can result in injury or damage to the equipment. Mishandling
of the equipment voids all warranties. Read and follow safety guidelines and installation instructions carefully.
Many countries require the safety information to be presented in their national languages. If this
requirement applies to your country, consult the Safety and Compliance Guide. Before you install,
operate,or service the Riverbed products,you must be familiar with the safety information.Refer to the
Safety and Compliance Guide if you don’t clearly understand the safety information provided in the
product documentation.
Documentation and release notes
The most current version of all Riverbed documentation can be found on the Riverbed Support site at
https://support.riverbed.com.
See the Riverbed Knowledge Base for any known issues, how-to documents, system requirements,and
common error messages. You can browse titles or search for keywords and strings. To access the
Riverbed Knowledge Base, log in to the Riverbed Support site at https://support.riverbed.com.
Each software release includes release notes. The release notes list new features, known issues, and
fixed problems. To obtain the most current version of the release notes, go to the Software and
Documentation section of the Riverbed Support site at https://support.riverbed.com.
Examine the release notes before you begin the installation and configuration process.
Contacting Riverbed
This section describes how to contact departments within Riverbed.
Technical support - Problems installing, using, or replacing Riverbed products? Contact Riverbed
Support or your channel partner who provides support. To contact Riverbed Support, open a
trouble ticket by calling 1-888-RVBD-TAC (1-888-782-3822) in the United States and Canada or +1
415-247-7381 outside the United States. You can also go to https://support.riverbed.com.
{ } Elements that are part of a required choice appear in braces: {<interface-name> | ascii
<string> | hex <string>}
| The pipe symbol separates alternative, mutually exclusive elements of a choice. The pipe
symbol is used in conjunction with braces or brackets; the braces or brackets group the
choices and identify them as required or optional: {delete <filename> | upload <filename>}
Convention Meaning
SteelHead SD In-Field Upgrade Guide
9
Contacting Riverbed Welcome
Professional services - Need help with planning a migration or implementing a custom design
solution? Contact Riverbed Professional Services. Email proserve@riverbed.com or go to https://
www.riverbed.com/services/index.htm.
Documentation - Have suggestions about Riverbed’s online documentation or printed materials?
Send comments to techpubs@riverbed.com.
10 SteelHead SD In-Field Upgrade Guide
Welcome Contacting Riverbed
SteelHead SD In-Field Upgrade Guide 11
1
SteelHead SD Overview
This chapter provides an overview of the SteelHead SD architecture, interface behavior, feature
changes and compatibility, and hardware and software requirements. It includes these sections:
“Introducing SteelHead SD” on page 11
“SteelHead SD software architecture” on page 13
“Transforming your SteelHead network” on page 14
“SteelHead features unchanged after upgrading to SteelHead SD” on page 15
“SteelHead features changed after upgrading to SteelHead SD” on page 16
“Interface behavior before and after upgrading” on page 19
“SteelHead SD and SteelConnect feature compatibility by model” on page 20
“Hardware and software requirements” on page 22
“NIC support” on page 23
“Before you begin” on page 24
This guide describes how to perform an in-field upgrade on a SteelHead CX570, CX770, or CX3070
appliance to a SteelHead SD 570-SD, 770-SD, or 3070-SD appliance. It doesn’t provide detailed
information about configuring and managing SD-WAN or WAN optimization features. For details, see
the SteelConnect Manager User Guide, SteelHead SD User Guide, and SteelHead User Guide.
Introducing SteelHead SD
SteelHead SD combines SD-WAN and cloud networking capabilities (powered by SteelConnect) with
Riverbed WAN optimization (powered by RiOS) into a single appliance. SteelHead SD seamlessly
integrates advanced SD-WAN functionality with industry-leading WAN optimization, security, and
visibility services all in one streamlined appliance.SteelHead SD WAN optimization reduces bandwidth
utilization and accelerates application delivery and performance, while providing SteelConnect
integration in the SteelOS environment.
SteelHead SD provides you with the ability to quickly provision branch sites and deploy applications
remotely. At the same time, applications are optimized to ensure performance and reduce latency with
zero touch provisioning.
12 SteelHead SD In-Field Upgrade Guide
SteelHead SD Overview Introducing SteelHead SD
Typically, SteelHead SD appliances and the SteelConnect SDI-2030 gateway are located in the branch
office in conjunction with SteelConnect SDI-5030 gateways at the data center. The SteelConnect SDI-
2030 gateway can also be deployed inline as a 1-Gbps data center gateway with active-active HA. The
SteelConnect SDI-2030 gateway can also serve as a very large branch office box with high throughput
requirements. The SteelConnect SDI-2030 gateway doesn’t support WAN optimization capabilities.
SteelHead SD 2.0 advanced routing and high availability (HA) features are supported on the SteelHead
SD 570-SD, 770-SD, and 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the
branch. For details, see the SteelHead SD User Guide and the SteelConnect Manager User Guide.
Figure 1-1. SteelHead SD deployment
SteelHead SD supports these configurations:
SD-WAN and WAN optimization - In this configuration, WAN optimization runs as a service on top
of SD-WAN. The SteelCentral Controller for SteelHead (SCC) or the SteelHead Management
Console handles management and configuration of the WAN optimization features. Also,
SteelHead CLI-based management is supported for WAN optimization settings. You connect to the
Management Console via the primary port, which also uses DHCP to acquire its IP address. For
details on configuring WAN optimization features, see the SteelCentral Controller for SteelHead
User Guide and the SteelHead User Guide.
SD-WAN only - In this configuration, WAN optimization isn’t required. SCM handles the
management and configuration of SD-WAN features. SCM connectivity requires one of the WAN
ports that are used as uplink ports. Only the SD-WAN service can be enabled or disabled via SCM.
The SD-WAN service upgrades are managed via SCM. SCM pushes the new software version
according to the schedule that you set up. For details on configuring SD-WAN features, see the
SteelConnect Manager User Guide and the SteelHead SD User Guide.
SteelHead SD In-Field Upgrade Guide
13
SteelHead SD software architecture SteelHead SD Overview
SteelHead SD software architecture
SteelHead SD is based on the SteelOS infrastructure. It separates the control and data planes with
internal virtual machine (VM) chaining, which provides management-plane autorecovery.
Figure 1-2. SteelHead SD software architecture
SteelHead SD provides a flexible service platform, consisting of:
Routing virtual machine (RVM) - The RVM is the control plane for all the underlay routing. All
configuration from SCM (protocol, interface route maps, and policies) form the Routing Information
Base (RIB) and the Forwarding Information Base (FIB) which is sent to the RVM. After the final FIB
is formed, it is sent to the service core in the service virtual machine (SVM). SteelHead SD provides
a clear separation between the data plane and the control plane.
Service virtual machine (SVM) - The SVM is the core data plane of the appliance that provides
service chained network functions.These VMs include services such as QoS shaping, QoS marking,
traffic filtering, path selection, encryption, application identification, and so forth. This
architecture allows for extensible plug-and-play services that can be enabled, disabled, or reused
in the packet flow chain, which in turn provides faster recovery and minimal disruption. For
SteelHead SD, each packet goes through its own set of service functions (LAN ingress, LAN egress,
WAN ingress, WAN egress).
Virtual SteelHead (vSH) - The vSH manages WAN optimization services. WAN optimization is
service chained into the data path and requires subscription-based licensing. Only one in-path
interface is defined on SCM. This single in-path interface represents the vSH that is service
chained into the SVM. It doesn’t matter what zone you put the vSH in; any packets coming into any
zone are sent to the vSH. Because the vSH is separated from the routing plane, it provides WAN
optimization functionality for VLANs.
Controller virtual machine (CVM) - The CVM controls and orchestrates the entire system. It’s
basically the control plane for SD-WAN and routing functions. It obtains all the configuration
information from the SVM and RVM. The CVM manages appliance start up, licenses, initial
configuration, and interface addressing.
SteelHead SD port mapping between the VMs and physical ports
The SVM and RVM connect to all ports on the SteelHead SD appliance except for the primary port. The
primary port is connected directly to the vSH.The CVM is connected to the auxiliary (AUX) port and the
WAN uplinks only. All the data and control packets are handled by the SVM and RVM.
14 SteelHead SD In-Field Upgrade Guide
SteelHead SD Overview Transforming your SteelHead network
The SteelHead SD AUX, LAN (LAN0_0, LAN0_1 or on the CX3070 LAN3_0, LAN3_1), and WAN (WAN0_0,
WAN0_1 or on the CX3070 WAN3_0,WAN3_1) ports are connected to the SVM and RVM. Basically, there
is a Layer 3 edge router on all of these ports.
The AUX and WAN ports are configured as uplinks on SCM. The AUX port can be used as an additional
WAN uplink. The AUX port is also the dedicated port for SteelHead SD high-availability deployments.
Figure 1-3. Port mapping between VMs and physical ports
Transforming your SteelHead network
Although SteelHead and SteelHead SD share the same hardware, they run different software and serve
very different purposes.
To illustrate these differences, examine this table.
An in-field upgrade of the SteelHead CX appliance is much more than a simple upgrade; it requires a
transformation of the SteelHead appliance from a Layer 2 WAN optimization device to a Layer 3 edge
router.
SteelHead CX3070 SteelHead SD 3070-SD
Software RiOS SteelOS
Network device type Layer 2 Layer 3
Purpose WAN optimization SD-WAN and, optionally, WAN optimization
Icon
SteelHead SD In-Field Upgrade Guide
15
SteelHead features unchanged after upgrading to SteelHead SD SteelHead SD Overview
Before you begin the upgrade process, it is important to determine what kind of network topology you
have and how it will change when you convert to SteelHead SD. The conversion process requires that
you transform your network where the SteelHead SD appliance acts as an SD-WAN device using Layer
3 networking protocols and that also performs WAN optimization.
Figure 1-4. Transforming a SteelHead deployment
It is imperative that you plan your network architecture and deployment. You will have to rearchitect the
network WAN, Layer 3 hops with the gateway, WAN uplinks,SD-WAN features, SCM cloud management,
and high availability (HA).
We recommend that you contact Riverbed sales engineering before you begin the in-field upgrade
process so that they can assist you with designing and deploying your SD-WAN network.
SteelHead features unchanged after upgrading to SteelHead SD
The majority of SteelHead features remain unchanged when you upgrade to SteelHead SD.
SteelHead feature Feature after upgrading to SteelHead SD
Layer 7 optimization blades All Layer 7 SteelHead optimization blades are supported. For example, HTTP,
SSL, CIFS/SMB, MAPI, Oracle Forms, NFS, Lotus Notes, and storage
replication (for example, SnapMirror) all operate normally and are
unchanged.
The Citrix optimization blade is supported but the ability to support the
optimization of Multi-Stream ICA within the blade is no longer possible
because the QoS functionality is taken care of by the service virtual machine
(SVM) in SteelHead SD.
You cannot optimize UDP traffic using the SteelHead IP blade as traffic is not
redirected through the virtual SteelHead.
SteelHead SaaS and the new
SaaS Accelerator
SteelHead SD 2.0 supports SteelHead SaaS and the SaaS Accelerator. The
SaaS Accelerator is not available on SteelConnect 2.11 gateways.
Web proxy SteelHead SD supports SteelHead Web proxy.
CIFS prepopulation SteelHead SD supports SteelHead CIFS prepopulation.
Active Directory integration SteelHead SD supports SteelHead Active Directory integration. Because the
virtual SteelHead instance has full control of the primary interface, it
supports Active Directory integration and server-side out-of-path
deployments.
Data store synchronization SteelHead SD supports SteelHead data store synchronization on the primary
interface with an adjacent SteelHead appliance.
16 SteelHead SD In-Field Upgrade Guide
SteelHead SD Overview SteelHead features changed after upgrading to SteelHead SD
SteelHead features changed after upgrading to SteelHead SD
This table summarizes the features that have changed after converting to SteelHead SD.
Caching DNS service SteelHead SD supports the SteelHead caching DNS service. With the
caching DNS service, because the AUX port isn’t available to the virtual
SteelHead, caching DNS is limited to the primary interface only.
Transport performance features SteelHead SD supports SteelHead high speed TCP and bandwidth
estimation, satellite features such as SCPS, and single-ended connections.
Management, reporting, and
diagnostics
SteelHead SD supports SteelHead domain, host, and port labels, as well as
in-path and peering rules.
Secure vault SteelHead SD supports SteelHead secure vault. The secure vault password
is retained when you upgrade from SteelHead to SteelHead SD.
Management access controls SteelHead SD supports SteelHead management access controls including
Radius and TACACS, and role-based access.
TCP dump export SteelHead SD supports SteelHead export of TCP dumps.
SteelHead feature Feature after upgrading to SteelHead SD
WAN-optimization only mode WAN-optimization only mode is not supported on SteelHead SD.
Hybrid networking services
(path selection, secure
transport, QoS)
Hybrid networking services (path selection, secure transport, QoS) are not
supported on SteelHead SD. The network services of QoS,path selection and
secure transport replaced by SteelConnect SD-WAN counterparts.
Any QoS feature configuration on the original SteelHead must be converted
to the new QoS in SCM.
MX-TCP, because it was part of QoS, is not supported on SteelHead SD.
Citrix Multistream ICA is not supported on SteelHead SD.
Multiple in-path interfaces for
WAN optimization
SteelHead SD does not support multiple in-path interfaces for WAN
optimization. Given that SteelHead SD is a Layer 3 gateway, multiple LAN
ports and segments can be mapped to a single in-path interface. There is no
longer a need for multiple in-path interfaces on an SteelHead SD appliance.
After upgrading from SteelHead to SteelHead SD you must reconfigure your
multiple in-path interfaces to a single in-path configuration.
Virtual in-path or WCCP/PBR Virtual in-path or WCCP/PBR is not supported on SteelHead SD. The concept
of virtual in-path is not relevant for the WAN optimization of SteelHead SD.
Thus, there is no need for WCCP or PBR.
Simplified Routing and VLAN
transparency
Simplified Routing and VLAN transparency is not supported on SteelHead
SD. Because the in-path interface on the virtual SteelHead instance within
SteelHead SD doesn’t sit physically in-path on the network, there is no need
for Simplified Routing or VLAN transparency.
IPSec, subnet side rules, MXTCP
and link state propagation
IPSec, subnet side rules, MXTCP and link state propagation are not
supported on SteelHead SD.
SteelHead feature Feature after upgrading to SteelHead SD
SteelHead SD In-Field Upgrade Guide
17
SteelHead features changed after upgrading to SteelHead SD SteelHead SD Overview
Serial high availability (HA) After upgrading, serial HA is not supported on SteelHead SD 2.0. SteelHead
appliances in an HA pair must be individually shut down and upgraded
separately.
Active-active (1:1) HA is supported on SteelHead SD 2.0.
NIC bypass (fail-to-wire) Currently, NIC level bypass or fail-to-wire is not supported in SteelHead SD.
If at any point the status of the virtual SteelHead instance shows a failure
condition, for example a reboot or a crash, the system stops sending traffic
that was destined for the virtual SteelHead. Instead, it bypasses the
SteelHead thereby ensuring the traffic is not black-holed. You can compare
this behavior with a physical SteelHead entering bypass mode.
The traditional SteelHead bypass functionality doesn’t apply 1:1 to a
SteelHead SD appliance because it is now an SD-WAN appliance that acts as
a Layer 3 hop (or a custom edge router in some cases). Enabling NIC bypass
mode without proper routing architecture support can lead to unintended
traffic path behavior and can have security implications.
Fail-to-block If a SteelHead SD appliance fails, the appliance goes into fail-to-block mode.
If only the SteelHead WAN optimization service fails, then traffic is passed
through unoptimized and the SteelConnect SD-WAN service remains fully
operational.
If only the SteelConnect SD-WAN service fails, then all traffic on the gateway
is blocked.
Data store synchronization Data store synchronization is supported only on the primary interface
because the AUX interface isn’t available to the virtual SteelHead. (The AUX
port is the dedicated port used in HA configurations; it can also be used as
an additional WAN uplink.)
RADIUS/Authentication server
under Sites
RADIUS/Authentication server under Sites configuration in SCM is not
supported on SteelHead SD 570-SD, 770-SD, 3070-SD, and SDI-2030
appliances.
Consult with your Riverbed sales engineer or Riverbed Professional Services
at http://www.riverbed.com/services/index.html.
Redirection of UDP traffic
through the virtual SteelHead
Redirection of UDP traffic through the virtual SteelHead is not supported in
SteelHead SD 2.0. You cannot optimize UDP traffic using the SteelHead IP
blade.
SteelHead feature Feature after upgrading to SteelHead SD
18 SteelHead SD In-Field Upgrade Guide
SteelHead SD Overview SteelHead features changed after upgrading to SteelHead SD
Source NAT on underlay traffic Source NAT on underlay traffic is not supported on SteelHead SD 570-SD,
770-SD, 3070-SD, and SDI-2030.
SteelHead SD appliances do not perform source NATing on underlay traffic
exiting via the Internet uplink if it is destined for a private address,
regardless of the configured outbound NAT setting. This is a change from the
previous behavior for SteelHead SD 1.0 appliances, if NAT was enabled for an
uplink, NAT was performed for all traffic exiting via the Internet uplink. For
details on configuring NAT, see the SteelConnect Manager User Guide.
SteelHead Management
Console GUI pages
These SteelHead Management Console GUI elements are not supported in
SteelHead SD 2.0:
QoS reports.
Flow export settings: Export QoS and application statistics to Cascade
Flow Collectors.
Subnet side rules.
WCCP settings.
Connection forwarding settings.
Failover settings.
In-Path Settings: Enabling Link State Propagation.
IPSec settings.
AUX interface setting in the Base Interfaces page.
Caching DNS: Listen on AUX interface check box.
SteelHead feature Feature after upgrading to SteelHead SD
SteelHead SD In-Field Upgrade Guide
19
Interface behavior before and after upgrading SteelHead SD Overview
Interface behavior before and after upgrading
Interface attribute Before upgrade (SteelHead) After upgrade (SteelHead SD)
Appliance management SteelHead Management Console SCM
Primary port interface
SteelHead management via
the SCC or SteelHead
Management Console.
DHCP or statically configured.
The virtual SteelHead instance within the
SteelHead SD does not have control of the
physical network ports except for the Primary
interface.
The primary port is used for management of
the virtual SteelHead on SteelHead SD using
the SCC or SteelHead Management Console.
DHCP or statically configured using the
SteelHead SD Management Console.The
primary IP address can be acquired using
DHCP from the SteelConnect DHCP service.
You must cable the primary back to a LAN port
using a switch.
In a deployments where data store
synchronization is used between two adjacent
SteelHead appliances, the primary interface
must be used for the data synchronization of
traffic.
Auxiliary (AUX) port
interface
Backup management port. The AUX port can be used as an additional WAN
uplink on SteelHead SD. The AUX port is also the
dedicated port for SteelHead SD HA
deployments.
The AUX port is not available for data store
synchronization between two adjacent
SteelHead appliances, the primary interface
must be used for the synchronization traffic.
In-path management Management through the SCC or
SteelHead Management
Console.
Management of the vSH through the in-path
management interface must be reconfigured.
In-path interface Typically one or two SteelHead
in-path interfaces are
configured (for example, internet
and MPLS) over physical LAN
and WAN pairs.
The inpath0_0 interface must be reconfigured
after upgrade.
SCC hosting Typically, in the data center and
used to manage remote
SteelHeads using MPLS paths.
The virtual SteelHead on SteelHead SD will
continue to be managed via SCC over MPLS path.
Internet connectivity
options
Local breakout or through MPLS
from headquarters site.
Internet breakout options must be configured
appropriately in SCM.
Baseboard
ManagementController
(BMC)
Available to remotely power the
appliance off and on.
For SteelHead SD 2.0, this port is unavailable.
20 SteelHead SD In-Field Upgrade Guide
SteelHead SD Overview SteelHead SD and SteelConnect feature compatibility by model
SteelHead SD and SteelConnect feature compatibility by model
Feature SteelHead
570-SD,
770-SD,
3070-SD
SDI-
2030
SDI-130 SDI-330 SDI-1030 SDI-
5030
Virtual GW Cloud GW
eBGP Yes Yes Yes Yes Yes Yes Yes No
iBGP Yes Yes No No No No No No
OSPF
single area
Yes Yes Yes Yes Yes No No —
OSPF
multi-area
ABR
Yes Yes No No No No No —
ASBR Yes Yes Yes*
(Underlay
routing
inter-
working
solution)
Yes*
(Underlay
routing
inter-
working
solution)
Yes*
(Underlay
routing
inter-
working
solution)
No Yes*
(Underlay
routing
inter-
working
solution)
No
Route
retraction
Yes Yes No No No Yes No No
Default
route
originate
OSPF/BGP OSPF
/BGP
LAN
and
WAN
OSPF-only
LAN
OSPF-only
LAN
OSPF-only
LAN
BGP
only
OSPF-only
LAN
No
Overlay
route
injection in
LAN
Yes Yes No No No Yes No No
Local
subnet
discovery
Yes Yes No No No Yes No No
Static
routes
Yes Yes
(LAN
and
WAN)
Yes (3rd-
party
routes)
Yes (3rd-
party
routes)
Yes (3rd-
party
routes)
Yes Yes (3rd-
party
routes)
Yes (3rd-
party
routes)
VLAN
support
(LAN side)
Yes Yes Yes Yes Yes Yes Yes —
1:1 Active-
Active High
Availability
Yes Yes No (Active-
Passive
HA)
No
(Active-
Passive
HA)
No
(Active-
Passive
HA)
No (HA
cluster)
No
(Active-
Passive
HA)
No
(Active-
Passive
HA AWS)
Other manuals for SteelHead 570-SD
2
This manual suits for next models
3
Table of contents
Other Riverbed Network Hardware manuals
Riverbed
Riverbed SteelHead 80 Series Operating manual
Riverbed
Riverbed SteelHead CX 80 Series Operator's manual
Riverbed
Riverbed SteelHead CX xx70 Series Operating manual
Riverbed
Riverbed Steelhead CX Series User manual
Riverbed
Riverbed SteelHead SD Series User manual
Riverbed
Riverbed SteelFusion Edge 2100 Operator's manual
Riverbed
Riverbed SteelHead 570-SD User manual
Riverbed
Riverbed Steelhead Series User manual
Riverbed
Riverbed SteelCentral NetExpress User manual
Riverbed
Riverbed SteelHead 570-SD User manual
