Tunnels Template

Use this template to assign and manage tunnel properties.

n	Tunnel templates can be applied to any appliances (with or without tunnels). However, only existing tunnels can accept the template settings. To enable an appliance to apply these same settings to future tunnels, select Make these the Defaults for New Tunnels.

n	Applying tunnel templates does not create new tunnels. To create tunnels, use the Tunnel Builder tab.

n	To view, edit, and delete tunnels, use the Tunnels tab.

Definitions (alphabetically)

n	Admin State brings the tunnel Up or Down.

n	Auto Discover MTU Enabled allows an appliance to determine the best MTU to use.

n	Auto Max BW Enabled allows the appliances to auto-negotiate the maximum tunnel bandwidth.

n	Coalescing Enabled allows the appliance to coalesce smaller packets into larger packets.

n	Coalescing Wait (ms) is the number of milliseconds that the appliance should hold packets while attempting to coalesce smaller packets into larger ones.

n	DSCP determines which DSCP marking the keep-alive messages should use.

n	Fastfail Thresholds – When multiple tunnels are carrying data between two appliances, this feature determines how quickly to disqualify a tunnel from carrying data.

•	Fastfail Enabled – This option is triggered when a tunnel's keepalive signal doesn't receive a reply. The options are disable, enable, and continuous. If the disqualified tunnel subsequently receives a keepalive reply, its recovery is instantaneous.

•	If set to disable, keepalives are sent every second, and 30 seconds elapse before failover. In that time, all transmitted data is lost.

•	If set to enable, keepalives are sent every second, and a missed reply increases the rate at which keepalives are sent from 1 per second to 10 per second. Failover occurs after 1 second.

•	When set to continuous, keepalives are continuously sent at 10 per second. Therefore, failover occurs after one tenth of a second.

•	Thresholds for Latency, Loss, or Jitter are checked once every second.

•	Receiving 3 successive measurements in a row that exceed the threshold puts the tunnel into a brownout situation and flows will attempt to fail over to another tunnel within the next 100mS.

•	Receiving 3 successive measurements in a row that drop below the threshold will drop the tunnel out of brownout.

n	FEC (Forward Error Correction) can be set to enable, disable, and auto.

n	FEC Ratio is an option when FEC is set to auto, that specifies the maximum ratio. The options are 1:2, 1:5, 1:10, or 1:20.

n	IPSec Anti-replay window provides protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. The decryptor keeps track of which packets it has seen on the basis of these numbers. The default window size is 64 packets.

n	IPSec Preshared Key is a shared, secret string of Unicode characters that is used for authentication of an IPSec connection between two parties.

n	Mode determines whether the tunnel is udp, gre, or ipsec. If used, IPSec must be enabled at both ends of the tunnel.

n	MTU (bytes) (Maximum Transmission Unit) is the largest possible unit of data that can be sent on a given physical medium. For example, the default MTU of Ethernet is 1500 bytes. Silver Peak provides support for MTUs up to 9000 bytes.

n	Reorder Wait (ms) is the number of milliseconds to allow for out-of-order packets to reorder. The default value is 100 ms.

n	Retry Count is the number of failed keep-alive messages that are allowed before the appliance brings the tunnel down.

n	UDP destination port is used in UDP mode. Accept the default value unless the port is blocked by a firewall.

n	UDP flows is the number of flows over which to distribute tunnel data. Accept the default.

Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com.