Overview

To optimize traffic, Silver Peak appliances send traffic to one another via tunnels. A tunnel connects a pair of appliances.

n	At each appliance, a tunnel is terminated/originated at a data-plane L3 (Layer 3) interface. An L3 interface is an interface that has an IP address assigned to it.

n

A data-plane interface is an interface that carries user data, as opposed to management data. So mgmt0 is not a data-plane interface. On a dual-home router-mode (DHRM) appliance, for example, wan0 and lan0 are data-plane L3 interfaces. On a bridge-mode appliance, lan0 and wan0 are not L3 interfaces, but bvi0 is. VLANs are also data-plane L3 interfaces.

n	IP addresses of a tunnel's endpoints determine the source and destination IP addresses that go into the tunnel packets. These IP addresses, in turn, determine how tunnel packets are routed from one appliance to the other.

n	By default, the route map’s default (last) entry, has the SET action, [auto optimized]:

•

When subnet sharing is enabled (that is, Use shared subnet information is selected), then the first packet sent triggers a lookup in the subnet table and assigns the tunnel and IP address. Because appliances communicate to learn about each others subnets, a tunnel must exist before subnet sharing can proceed.

•

When subnet sharing is disabled (that is, Use shared subnet information is not selected) or subnet sharing is enabled but no subnet is found in the subnet table, then the initial TCP-based or IP-based handshaking triggers tunnel creation (which you can then save) and determines the path. However, this requires the appropriate outbound and inbound redirection to already be in place.

For more information about when to set up redirection, see “Route Policy.”

n	You can create a tunnel in any one of three ways:

•	If you enable Auto Tunnel (on the Configuration - System page) on both appliances, then the initial TCP-based or IP-based handshaking creates the tunnel. This requires the appropriate outbound and inbound redirection to be in place.

•	If the auto-tunnel feature is disabled, then you must do one of the following. Either:

•	You can let the Initial Configuration Wizard manually create the tunnel to the remote appliance.

•	You can create a tunnel manually on the Configuration - Tunnels page.

How Policies Affect Tunnel Traffic

The Route Policy’s MATCH criteria and SET actions determine if a flow is directed to a tunnel. If so:

n	The appliance encapsulates the flow’s packets, according to the tunnel configuration. The default is UDP. The other options are GRE or IPsec.

n	The tunnel may be shaped to a specified maximum bandwidth to avoid overrunning downstream bottlenecks.

•	Maximum bandwidth is configured on the Configuration - Tunnels page

•	The QoS Policy assigns a traffic class. Traffic classes are defined in the Shaper.

•	The QoS Policy honors or changes the DSCP markings to request appropriate per-packet treatment by the network.

n	The Optimization Policy applies optimization, compression, and acceleration techniques to enhance application performance.

Tunnel Characteristics

Each Silver Peak tunnel:

n	Is bidirectional (or consists of a pair of unidirectional tunnels). The tunnel does not become operational until connectivity is established in both directions.

n	Is specified by a source IP address and destination IP address, owned by the two terminating Silver Peak appliances.

n	Can have the terminating appliances automatically negotiate for maximum bandwidth. Or, you can set it manually.

n	By default, uses the User Datagram Protocol (UDP) protocol to interconnect Silver Peak appliances.

n	Runs a keepalive protocol so that a tunnel failure can be detected rapidly and appropriate recovery actions initiated.

Parallel Tunnels

Silver Peak appliances that have multiple data-plane L3 interfaces can support parallel tunnels. As a result, tunnels with different source endpoints can reside on the same appliance.

Parallel tunnels are useful for providing redundancy and for load balancing. The deployments that can be used for this are:

•	Standard 4-port bridge

•	Dual-homed router mode (DHRM)

•	Appliances with VLANs

w	To take advantage of parallel tunnels you must:

1	Configure “standard” 4-port bridge or DHRM (or VLANs).

2	Manually create parallel tunnels from the Appliance Manager.

3	Manually create route policies that use the parallel tunnels.

For information about deploying in standard 4-port bridge and DHRM modes, see the Silver Peak Appliances Network Deployment Guide.

Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com.