The Configuration: Links page is where your WAN and LAN links are defined. Defining links enables the Appliance’s reporting and traffic shaping.
Link Definition Tab
This tab is the entry point for defining and modifying links. New links are defined by clicking the Create button. Existing links are modified by clicking the Edit button. Both these actions take you to a similar form that allows you to specify link-definition rules.
Figure 1. Link Definition tab
The order in which the links are shown on this is significant. When deciding which link a packet belongs to, the Appliance tests the links in order, and the first matching link is selected. This means that overlapping definitions are allowed, and the last definition in the link can match all traffic, serving as a default link.
The Order buttons can move a link up or down the list.
The Expand All button will show the expanded form of the display, summarizing the link definitions instead of displaying only the names of the link.
The Edit Link and Create Link Forms
A link definition has a set of send/receive bandwidth limits and a list of rules that define which traffic belongs to the link. Within a rule, the fields are all ANDed together, so all specified values have to match. All fields default to Any, a wildcard entry that matches all traffic. When a field consists of a list, such as a list of IP subnets, these are ORed together: that is, if any element matches, then the list as a whole is considered to be a match.
Figure 2. Edit Link form
Figure 3. Create Link form
Links can be based on the Ethernet adapter associated with the traffic, the source and destination IP addresses, VLAN tag, WCCP service group (for WCCP-GRE only), and the source and destination Ethernet MAC address. A simple inline deployment might identify only the LAN-side and WAN-side accelerated bridge ports (apA.1 and apA.2), while a complex datacenter deployment might need to use most of the features provided on the form to disambiguate traffic.
Defining a link in terms of its IP addresses is possible except when redundant links are used. Since a given packet may go over either link in an active-standby or active-active dual-link deployment, some other method must be used to determine which link the packet is using. If dual bridges are used, then the traffic for one link can go over apA and the other over apB, and the links can be defined in terms of adapters. If the two links are served by different routers, the MAC addresses of the routers can be used to tell the traffic apart. When all else fails, WCCP-GRE can be used, and the router can use a different service group for each WAN link, allowing the CloudBridge unit to tell the link traffic apart in by service group.
- Adapter--This specifies a list of adapters (Ethernet ports). When links can be identified by ethernet adapter, this simplifies configuration.
- Src IP--The Source IP rules are considered for packets entering the unit (packets exiting the unit are ignored). On these packets, the rules in the Src IP field are compared against the Source Address field in the IP header. The rule specifies a list of IP addresses or subnets. Negative matches, such as “Exclude 10.0.0.1” are also supported.
- Dst IP--The Destination IP rules are considered for packets exiting the unit (packets entering the unit are ignored). On these packets, the rules in the Dst IP field are compared against the Destination Address field in the IP header. The rule specifies a list of IP addresses or subnets. Negative matches, such as “Exclude 10.0.0.1” are also supported.
- VLAN--The VLAN rules are applied to the VLAN headers of packets entering or exiting the unit.
- WCCP Service Group--The WCCP Service Group rules are applied to GRE-encapsulated WCCP packets entering or leaving the unit. (This does not work with L2 WCCP.)
The traffic classifier uses the Src IP
and Dest IP
fields in a specialized way (the same applies to Src MAC
and Dst MAC
- The Src field is only examined on packets entering the appliance.
- The Dst is only examined on packets exiting the appliance.
This convention allows the direction of packet travel to be implicitly considered as part of the definition. The same concepts applies to the Src MAC and Dst MAC rules.
This tab allows you to select between hardboost and softboost modes. If hardboost is selected, the hardboost bandwidth limit must be set. This number represents the speed at which the acceleration engine will attempt to send and receive data and must be no faster than the WAN link on which the hardboost partner is reached.
Figure 4. Hardboost/Softboost tab
When softboost is selected, these bandwidth limits are not in effect and are not shown.
Traffic Shaping Tab
This tab shows all the service-class traffic-shaping policies sorted by link, making it easier to do per-link policy selection.
Figure 5. Traffic Shaping tab