I need to confirm whether or not the following Riverbed Steelhead configuration is valid and I don't currently have access to the Riverbed support portal.
I have a client-side Virtual Steelhead running on ESXi 5.0. It is configured in a virtual in-path mode and I'm trying to use policy based routing (PBR) to direct traffic to it for optimization.
The in-path interface on the Steelhead is located in the same subnet as my client workstations (192.168.13.0/24), having the same default gateway as those PC's (192.168.13.1).
I have a static route set up on my default gateway (a Sonicwall TZ210) to forward any traffic from a single test host (192.168.13.140) going to my data center (192.168.0.0/24) to use the Steelhead as the gateway.
However it appears I've got a routing loop since the traffic reaches the Steelhead, which passes it directly back to the Sonicwall, back to the Steelhead and so on.
I suspect that I will never get this to work, and instead need to configure the Steelhead in a separate VLAN with it's own default gateway, however I'm not able to do so since my switching won't support tagging the VLANs.
Is this 'single subnet' scenario somehow possible?
Is the traffic coming from the Steelhead getting optimized properly? If so, what mode is it in? If you are using Full Transparency mode, then the Sonicwall will match against the PBR rules and forward it back to the Steelhead. I think if you switch to Correct Addressing mode, and make sure the Sonicwall doesn't PBR traffic coming from the Steelhead, you can probably get this to work.
If that doesn't work, you can still VLAN even without a switch that will do the tagging for you. You just have to make the Sonicwall and the Riverbed do the tagging appropriately (even a $30 unmanaged netgear switch will pass tagged traffic).