Deep dive SSL. Created for CUSTOMER

Similar documents
Bidirectional Forwarding Detection Routing

Configuring Bidirectional Forwarding Detection for BGP

Accelerate Your Riverbed SteelHead Deployment and Time to Value

Volume A Question No : 1 You can monitor your Steelhead appliance disk performance using which reports? (Select 2)

SteelHead SaaS User s Guide

Session Objectives. At the end of the session, the participants should: Understand advantages of BFD implementation on S9700

itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

Integrate Riverbed SteelHead. EventTracker v8.x and above

VMware Inc., NSX Edge SSL VPN-Plus

Cisco SIP Proxy Server (CSPS) Compliance Information

RELEASE NOTES Onsight Connect for ios Software Version 8.1

Airflow Options for Cisco MDS 9396S SAN Switch

SteelHead Installation and Configuration Guide. SteelHead CX (xx70), (x70), (xx55) SteelHead (xx50) Version 9.0 May 2015

APP NOTES Onsight Connect Cisco Integration. July 2016

API Reference for Cisco Enterprise Network Function Virtualization Infrastructure Software

IDeA Competition Report. Electronic Swimming Coach (ESC) for. Athletes who are Visually Impaired

SWS Option: Well Pressures. SWS Option: Stretch Correction (Corrected depth) SWS Option: MMD (Magnetic Marks Detection) ASEP Products

SteelHead Product Family

SWIM MEET MANAGER 5.0 NEW FEATURES

Product Overview. Product Description CHAPTER

Implementing BFD. BFD over Bundle. Enabling BFD Sessions on Bundle Members SUMMARY STEPS DETAILED STEPS

AN-140. Protege WX SALLIS Integration Application Note

The MQ Console and REST API

How to use Bidirectional Forwarding Detection(BFD) in NetScaler?

CONTINUITY OF SERVICE PLAN FOR THE LRIT SYSTEM

High usability and simple configuration or extensive additional functions the choice between Airlock Login or Airlock IAM is yours!

SteelHead Interceptor Appliance Installation Guide. Version 5.0 July 2015

ACI_Release_Notes.txt VERSION Fixed Tank info for ELITE in Dive section 2. Fixed USB port initializing for old DC VERSION

User Help. Fabasoft Scrum

LTE L10 Learning Services

Microsoft System Center Data

XC2 Client/Server Installation & Configuration

ONSIGHT FIREWALL CONFIGURATION GUIDE

ONSIGHT FIREWALL CONFIGURATION GUIDE

REMOTE CLIENT MANAGER HELP VERSION 1.0.2

Virtual Steelhead Appliance Installation Guide. RiOS Version November 2013

Virtual Breadboarding. John Vangelov Ford Motor Company

Ware Malcomb. Riverbed Steelhead Products Improve Collaboration and Productivity for Architecture Services Firm

Integrating Best of Breed Outage Management Systems with Mobile Data Systems. Abstract

OIL & GAS. MTS DP Committee. Workshop in Singapore Session 4 Day 2. Unwanted Thrust

exsm.cluster High Availability for TSM Server Michael Abel & Bruno Friess TSM Symposium Oxford September 2005 Hier Kundenlogo

SteelHead SD Installation Guide

The Race Director. IPICO Integration Direct Connect [IPICO INTEGRATION]

Condor Week Condor WAN scalability improvements. A needed evolution to support the CMS compute model

Meter Data Distribution User Manual

PRODUCT MANUAL. Diver-MOD

CLI Mapping Reference

LiteSpeed for SQL Server 6.5. Integration with TSM

Shearwater Cloud Desktop Release Notes

Case Study. Truestar Health: Partnering with VCON to Build a Premium Internet Health Site

Lockstep. Reference Manual. Last updated on September 23, Figure 53, LLC

Meter Data Distribution Market Trials

Operating Manual. SUPREMA Calibration. Software for Fire and Gas Warning Units. Order No.: /01. MSAsafety.com

Shearwater GF Computer

User Manual. Heads-Up Display (HUD) DiveCAN. Mechanical Button Version

Transit Signal Preemption and Priority Treatments

The Game of Yinsh (Phase II)

Dräger X-dock Frequently Asked Questions

Global Information System of Fencing Competitions (Standard SEMI 1.0) Introduction

PTP 800 SPLIT-MOUNT SOLUTION

Using MATLAB with CANoe

Data Sheet T 8389 EN. Series 3730 and 3731 Types , , , and. EXPERTplus Valve Diagnostic

MOTOROLA PTP 800 LICENSED ETHERNET MICROWAVE

Admiralty e-navigator

EasySas. The most advanced airlock electronics on the market. Recyclable product. Eco-design. Energy savings

Model-based Adaptive Acoustic Sensing and Communication in the Deep Ocean with MOOS-IvP

FHWA Resources for Pedestrian and Bicycle Professionals

[CROSS COUNTRY SCORING]

SQL LiteSpeed 3.0 Installation Guide

Surface Tracking Feature

Application Notes. SLP85xD Load Cells

SteelHead SD Installation Guide

ROLE DESCRIPTIONS BY COMPETENCY LEVEL

Residential Ultrasonic Gas Meters

Training Fees 3,400 US$ per participant for Public Training includes Materials/Handouts, tea/coffee breaks, refreshments & Buffet Lunch.

UG4: OPEN HAB. Elelabs ZigBee RPi Shield firmware version, referenced in this guide: OpenHab2 software version, referenced in this guide: v2.3.

CLUB REGISTRATION & SUPPORT / TICKETING

PLA 2.1. Release Notes PLA 2.1 (build 604) December 21, 2015

WHEN WILL YOUR MULTI-TERABYTE IMAGERY STOP REQUIRING YOU TO BUY MORE DATA STORAGE?

An Architectural Approach for Improving Availability in Web Services

Venue Operating Procedures

PRODUCT MANUAL. Diver-Mobile for Android

Drift-Chamber Gas System Controls Development for the CEBAF Large Acceptance Spectrometer

Previous Release Notes

Diver Training Options

Wind Plant Operator Data User's Guide

Things to know about our STEPS8000 products emax, minimax and freemax. legal notice

CMC Peer-to-Peer Control System Software. User s Manual Version 1.0

[CROSS COUNTRY SCORING]

Overview. The user must follow the instructions below.

Common Test Scenarios Document. Version 1.9

Edgecore ASFvOLT16 VOLTHA Adapter and Driver. Kim Kempf, Sr. Systems Architect CORD Build 2017, San Jose November 8, 2017 MT08.3.

Operational Comparison of Transit Signal Priority Strategies

Version 3.1.0: New Features/Improvements: Improved Bluetooth connection on Windows 10

Rules of Soccer Simulation League 2D

FAS-W. Features. Applications. Automatic condensation hygrometer

Understood, Inc. User Guide SCUBA Solutions Version 1.7

IMCA Competence Assessment Portfolio June 2013

Confidence comes with knowing you are Code-Ready.

2017 Census Reporting To access the SOI s Census Reporting web site go to:

Transcription:

Deep dive SSL Created for

Page 2 of 11 Contents Introduction...3 Preface...3 SteelHeads in Scope...4 Optimization Errors vs. No Errors...5 Transport errors...6 Top 10 SteelHead peers with errors...7 Top 10 servers with errors...8 Top 10 clients with errors...9 Appendix... 10 How we collect data and analyze... 10 Transport Error Codes... 10

Page 3 of 11 Introduction Preface This report takes a deep-dive into the SSL protocol optimization on SteelHeads within your estate. The report includes details of the error profiles in your network. It is not the intention of the report to give recommendations or advise on how to troubleshoot or reconfigure the SteelHead estate. The report is meant as a detailed technical health overview of the SSL protocol optimization only. Only known ports where SSL could be used, is taken into consideration. Currently we monitor port 443, 444, 7830 and 944.

RiOS version Model Site Page 4 of 11 SteelHeads in Scope This shows a list of SteelHeads that have been analyzed. Total number of monitored devices: 26 STEELHEAD-01 CX570M 9.1.3a STEELHEAD-02 1050L 9.1.3a STEELHEAD-03 CX770L 9.1.3a STEELHEAD-04 CX770H 9.1.3a STEELHEAD-05 CX770M 9.1.3a STEELHEAD-06 CX570H 9.1.3a STEELHEAD-07 CX1555L 9.1.3a STEELHEAD-08 CX555M 9.1.3a STEELHEAD-09 CX7070L 9.1.3a STEELHEAD-10 6050 9.1.2 STEELHEAD-11 CX7070L 9.1.3a STEELHEAD-12 CX570H 9.1.3a STEELHEAD-13 CX570M 9.1.3a STEELHEAD-14 CX3070H 9.1.3a STEELHEAD-15 CX570H 9.1.3a STEELHEAD-16 CX770L 9.1.3a STEELHEAD-17 CX1555M 9.1.3a STEELHEAD-18 CX755M 9.1.3a STEELHEAD-19 CX570L 9.1.3a STEELHEAD-20 CX770H 9.1.3a STEELHEAD-21 CX770L 9.1.3a STEELHEAD-22 CX755M 9.1.3a STEELHEAD-23 CX770M 9.1.3a STEELHEAD-24 CX1555M 9.1.3a STEELHEAD-25 CX770H 9.1.3a STEELHEAD-26 CX3070M 9.1.3a

Page 5 of 11 Optimization Errors vs. No Errors In this section we have analyzed how many errors were logged, comparing it to the number of sessions optimized with no errors. Please note that an error is not a session that is broken from the user perspective it's an error in the optimization. When we see optimization errors, it means the SteelHead cannot perform layer7 optimization, but is only capable of bandwidth optimization. Without Layer 7 optimization, users will experience significant performance degradation, in particular this will impact those links and sites with high latency.

Page 6 of 11 Transport errors When a transport error occurs, the SteelHead lists a reason why the event occurred. There will be many different causes, but the most common is a failed SSL handshake. The transport error code list is the official Riverbed one and is available from the Riverbed knowledge base or from the appendix to this report. This view is global, but in later sections you will be able to see what SteelHeads, servers or clients are causing the errors.

8 7 3 24 23 22 15 Peer SH Page 7 of 11 Top 10 SteelHead peers with errors When we analyze a session, data is collected to identify the server-side SteelHeads. We use this information to detect SteelHeads that have problems, helping you to identify and prioritize the SteelHeads that needs to be focused on when troubleshooting issues. Note that the IP addresses are the In-path interfaces, this means that the same SteelHead can appear one or more times depending on how many interfaces it has. 10.129.0.51 54 3 12 113130 10 6176 2876 10.0.18.51 0 0 0 36661 0 0 0 10.0.14.50 0 0 1 17566 0 0 0 10.0.1.51 0 0 1 15961 0 0 0 10.0.64.51 0 0 1 8244 0 0 0 10.0.13.51 0 0 0 6876 0 0 0 10.90.0.51 0 0 0 6640 0 0 0 10.0.9.51 0 0 0 5719 0 0 0 10.0.73.51 0 0 0 5707 0 0 0 10.20.0.51 0 0 0 4815 0 0 0

8 7 3 24 23 22 15 Server IP Page 8 of 11 Top 10 servers with errors Within this section of the report we identify the servers causing the issues. Furthermore you can use this section to prioritize between servers/locations that have higher business priority. 10.129.1.149 72 3 16 224670 1 6335 3064 10.129.1.28 0 0 0 9630 0 0 0 10.129.12.93 0 0 0 28 6 0 0 10.129.1.177 0 0 0 21 0 12 0 10.129.12.75 0 0 0 18 3 0 0 10.129.1.96 0 0 0 16 0 0 0 10.90.1.21 0 0 0 12 0 0 0 10.77.1.21 0 0 0 10 0 0 0 10.14.12.15 0 0 0 9 0 0 0 40.96.21.226 0 0 4 0 0 0 0

8 7 3 24 23 22 15 Client IP Page 9 of 11 Top 10 clients with errors Within this section of the report we identify the clients that are causing issues. You can use this section to prioritize between clients/locations that have higher business priority. 10.64.1.177 0 0 0 3337 0 0 0 10.64.1.176 0 0 0 3232 0 0 0 10.64.1.178 0 0 0 3047 0 0 0 10.18.21.51 0 0 0 1337 0 24 0 10.1.212.28 0 0 0 483 0 0 586 10.87.241.20 0 0 0 279 0 0 290 10.18.21.182 0 0 0 467 0 4 0 10.18.214.78 0 0 0 417 0 1 0 10.18.20.131 0 0 0 403 0 0 0 10.18.20.31 0 0 0 371 0 2 0

Page 10 of 11 Appendix How we collect data and analyze We collect data in several ways to provide the most comprehensive view of the SteelHeads performance, workload and efficiency. The primary method is CLI (Command Line Interface). For connection data the SteelHead is instructed to transmit the details of currently open sessions - every 15 minutes. By automatically sampling for connection data per SteelHead, 24 hours a day, 7 days a week we build up the most detailed set of statistics possible, meaning that we can provide the most robust and valid analysis of this important performance metric. Additionally both Syslog and SNMP data are used to collect complimentary data to further increase our understanding of the SteelHead environment. Transport Error Codes Transport error Error description 1 No error. Possible configuration mismatch 2 SSL server is unknown or misconfigured at the server-side steelhead 3 Protocol format used by the connection is neither SSLv3 nor TLSv1 4 SSL server requests client authentication but either Client Certificate Support is turned off on server-side Steelhead or the negotiated protocol is not TLSv1. 5 Client and server are reusing a previous session unknown to our Steelhead appliances 6 Misconfiguration of inner SSL security between client-side and server-side Steelhead appliances 7 SSL handshake between server-side Steelhead appliance and server has failed 8 SSL handshake between server-side Steelhead appliance and client has failed 9 SSL handshake between client-side and server-side Steelhead appliances has failed 10 Common name of subject in the SSL certificate presented by the backend server is different from expected 11 Couldnt export the SSL session key/context for migration from server-side Steelhead appliance to client-side Steelhead appliance 12 Couldnt import the SSL session key/context obtained from server-side Steelhead appliance at the client-side Steelhead appliance 13 Renegotiation of an SSL session established already between server-side Steelhead appliance and the server 14 Renegotiation of an SSL session established already with the client 15 Unexpected inter-steelhead control message received by the peer appliance 16 Server-side steelhead is not configured for the advanced SSL mode of operation

Page 11 of 11 Transport error Error description 17 Server-side steelhead is not configured for the traditional SSL mode of operation 18 Server-side steelhead instructed the client-side sport to bypass the connection 19 Peering trust is misconfigured on the server-side Steelhead 20 Unexpected data received from the server 21 Invalid or missing SSL license 22 No proxy certificate is configured for the server. 23 Inner channel is not secure 24 Server is already in the Discovered (bypassed, not optimizable) table on serverside Steelhead 25 SSL optimization is either disabled or not configured correctly 26 Client and Server negotiated a cipher incompatible with the Steelhead 27 SSL stream cipher and client authentication are incompatible with latency optimization 28 Server likely sent an Alert for TLS Extension in the Client Hello 29 The Server response is unexpected or unknown. e.g. anon DH-cipher type of handshake

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback