If this is the first tunnel on a physical appliance, Silver Peak recommends that you put the local and remote appliances in System Bypass until you’ve created the tunnel(s) and tuned the policies — Route, QoS, and Optimization — for the local and remote appliances. Then, when you’re done, take the appliances out of System Bypass.
You won’t be able to put a virtual appliance into System Bypass mode.
|
1
|
 |
|
2
|
 |
|
n
|
To create a tunnel, click Add Tunnel and edit within the new row.
|
|
Auto Discover MTU Enabled
|
Allows the tunnel MTU to be discovered automatically. When selected, this overrides the MTU setting.
|
||||||||||||||||||
|
Allows the appliances to negotiate the maximum tunnel bandwidth based upon the lower of the two system bandwidths of the two appliances.
|
|||||||||||||||||||
|
FEC (Forward Error Correction)
|
Reconstructs lost packets (as reported by the remote appliance). The options are disable, enable, and auto.
|
||||||||||||||||||
|
Ratio of parity packets relative to data packets (for example, at 1:5 ratio, a parity packet is added for every 5 data packets). The selectable values include disable, auto, 1:2, 1:5, 1:10, and 1:20. A FEC Ratio of 1:2 is very aggressive and should only be utilized with great care in networks with extremely high loss (10% or greater).
|
|||||||||||||||||||
|
Maximum bandwidth for this tunnel, in kilobits per second. This must be equal to or less than the upstream bandwidth of your WAN connection.
|
|||||||||||||||||||
|
If you select ipsec, the page prompts you for any other required information.
|
|||||||||||||||||||
|
Maximum Transmission Unit. is the maximum tunnel packet size including its payload and Layer-3 header. By default, MTU is automatically discovered because Auto Discover MTU is enabled. When setting this value manually, set it to the largest value that won't result in tunnel packets being fragmented by networking equipment in the WAN.
|
|||||||||||||||||||
The modifier, – idle, can be added to any tunnel state (for example, up – active - idle). Idle means that there has been no traffic in either direction on the tunnel for five minutes, and that as a result, the periodic sending of keepalives has been reduced to once a minute.
|
|||||||||||||||||||
|
A shared, secret string of Unicode characters that is used for authentication of an IPSec connection between two parties. If you select Default, the appliance makes the key; if you select Custom (recommended), the user specifies the key.
|
||
|
IP security (IPsec) authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. The decryptor keeps track of which packets it has seen on the basis of these numbers. The default window size is 64 packets. Increase this value for networks with a lot of jitter (out-of-order packets).
|
||
|
Tunnel traffic will be transmitted in a UDP protocol packet using this destination port address. Only valid when the tunnel mode is set to UDP.
|
||
|
Whether or not to coalesce smaller packets into larger packets. Default = ON. Packet coalescing is particularly beneficial for web applications, VoIP, and interactive applications, like Citrix
|
||
|
Determines how long the appliance should hold packets while attempting to coalesce smaller packets into larger packets.
Default = 0. |
||
|
Maximum time the appliance holds an out-of-order packet when attempting to reorder. The 100ms default value should be adequate for most situations. FEC may introduce out-of-order packets if the reorder wait time is not set high enough.
|
||
|
Number of failed keep-alive messages that are allowed before the appliance brings the tunnel down. Keep-alive packets are sent once per second. Default = 30.
|
||
