I need help in designing the below.
I have 2 links, terminated on 2 routers and connected to core swicthes as shown in the diagram. i have a task to implement Riverbed, so that traffic from few VLAN's should go thru it. Also the return traffic to these VLAN's again should pass Riverbed. For this i am planning to use PBR to match source and destination and apply to those VLAN's on the core switches and Router A & B for the incoming traffic. Rest of the traffic should bypass Riverbed.
Currently ISP1 is the primary and ISP2 is the backup link. My core swicthes will have routes pointing to Router A as long the ISP-1 is up.
How and where can i place the Riverbed device so that irrespective of the link is being used, traffic from and to these VLAN's should go thru Riverbed always?
I have attached the Visio for reference. FYI, my core switches are running HSRP and Core -1 is active. Riverbed has only 3 ports (management, inpath and outpath).
Riverbeds have a WAN and LAN port on them. Your lan port on the router needs to connect to the Riverbed wan port and the lan port on the Riverbed needs to connect to the network. You can do this with a switch in between if needed, but that's the only way the Riverbed can cache your traffic. From your diagram, I can't tell if you are wanting to use the Riverbed for both links or if you're just concerned with the one. I've attached a diagram to show you one way of designing this, although it's not a great design.
This design obviously has drawbacks. One would be the vlan piece that you're speaking of and this configuration would definitely complicate things. The other thing would be the single points of failure and you would possibly lose the ability to fail to wire if needed (although, I'm not sure that would be an issue).
You may be better off just putting the Riverbed on your primary link and not trying to throw other equipment into the mix, or get another Riverbed.
*** Please rate all useful posts ***
i want the Riverbed to use the ISP1 if it is UP, else ISP1. In either case the traffic to and from those particular set of VLAN's should go thru Riverbed. thats what i am looking at.
What model Riverbed do you have that has only a single inpath interface?
You need to take several things into account when designing a network to be used with WAN Op: How many concurrent tcp sessions, how much data is passing and what the bandwidth is on your links. If you have a Steelhead with only a single inpath interface, it's probably either very old or meant for a very small office. Keep in mind the sizing of the device or you might be disappointed in the results. What Steelhead model is on the other end (s)?
There are 3 basic methods that you can use for WAN Optimization devices, inline, WCCP and PBR. Inline is pretty self explanatory and the easiest method of deployment. You just put it in the path of your traffic and let it go. Failure of the device causes the traffic to just pass-through immediately.
WCCP uses it's protocol so that Cisco switches or routers can communicate with cache devices, including Steelheads. This is a pretty effective method but the failure time is 30 seconds; meaning if the Riverbed fails, traffic will be black-holed toward the Steelhead until it's removed from the WCCP group.
PBR lets you define the traffic that goes to the Steelhead with ACLs and route-maps. It's my least favorite due to the management of it. Also, you need to make sure to use SLAs and tracking to make sure you don't black-hole in the event of a failure.
Depending on what your network devices are, WCCP might work for you. PBR might also work. Either way, just stick the Steelhead WAN port to interface on one of the core switches. You'll have to configure WCCP and PBR on all the SVIs on both switches that source traffic that you want optimized. You'll also need to configure it on the connections to the routers to get the return traffic.
I would suggest getting another interface card in the Steelhead if your model can support it and just putting it inline. It's a much easier deployment and much easier for troubleshooting.
Agree with Robert, your model riverbed plays in effect here. I have a steelhead 2050 and I have two inpath interfaces. One for each MPLS provider. I have never been impressed with the WCCP on the riverbeds. I always use my ASA for WCCP.
I completely forgot that the RB supports WCCP. We have everything inline. +5.
*** Please rate all useful posts ***
can the Riverbed inside and outside interface sit in 2 different subnets? if so, does the attached design works?
on the core switches, will create VLAN-10 and the RB inside interface will be assigned IP in vlan10. Configure routemaps with the next hop as RB outside IP.
RB outside IP will sit in Vlan 20. RB will be configured with a static route with next hop as VLAN 20 standby IP.
On the Routers, create HSRP with RouterA as active and RouterB as standby. Using IP SLA on router A will track the next hop. if th next hop is down, Router B will become active forcing all traffic thru it.
let me know if it works.
You can't do this with Riverbed devices. The inpath interfaces get a single IP address, and that's basically used for the Riverbeds to talk to each other. You don't assign an IP address to a physical interface.
What model is that Riverbed? Can it expand with another bypass card? Then you can just put it inline.
If you look at my ealier post, it outlines the ways you can integrate this device. If you can't get the extra bypass card, you can do something like this.
Nope, Check that, you are correct, I was thinking the primary interface, but thats management only.
I also think I was thinking that I have two in_path modules and each on is on a different subnet as they each lead to a different MPLS router.