brkapp-2005
TRANSCRIPT
![Page 1: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/1.jpg)
BRKAPP-2005
Deploying Wide Area Application Services
![Page 2: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/2.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 2
Agenda
WAAS Overview
WAE Installation
WAE Deployment
WAAS Central Manager Configuration
WAAS Application Optimizer (AO) DeploymentsCIFS Software Distribution
HTTPS Webex Web Conferencing
WAAS Virtual Blade Deployments
WAAS Sizing Guidelines
WAAS Mobile Overview and Deployment
![Page 3: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/3.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 3
WAAS Overview
![Page 4: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/4.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 4
Wide Area Application Engine
ObjectStorage
Wide Area Application Services (WAAS) Version 4.2
IOS Platform with Services and CLI
Cisco Linux Kernel
Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery
FlashIOS Shell
Linux
ApplicationStorage
Virtual BladesKernel Virtual Machine
ConfigurationManagement
System(CMS)
CIFSAO
TCP Proxy with Scheduler Optimizer (SO)DRE, LZ, TFO
EPMAO
MAPIAO
HTTPAO
SSLAO
RTSPAO
WindowsOn
WAAS(WOW)
ACNS*On
WAASACNS
VB
VirtualBlade
# 3
NFSAO
DREStorage
Virtual BladeStorage
EthernetNetwork
I/O
*Application and Content Networking Software 5.5.13
![Page 5: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/5.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 5
List Price w Enterprise License
Location & Size*Data
Center & Campus
Branch up to 400
users*
Branch: Up to 150
users*
Branch: Up to 50 users*
Branch: Up to 20 users*
Branch Office & Mobile User Platforms
Data Center & Campus Platforms
SRE-700
SRE-900
WAVE-274
WAVE-474
WAVE-574
WAE-674WAE-7341
WAE-7371
Mobile User
(Branch of 1)
WAAS Mobile
•Indicative sizing only. Please refer to WAAS sizing guidelines to size specific to customer requirements.
$135K$59K$22K$12.5K$10K$6.5K
WAN Op + Video Platform
WAN Op + Video + WAAS Virtual Blade Platform
New
New
WAAS Product Line Overview
![Page 6: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/6.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 6
ApplicationOptimizer
(AO)
TFO
Network
Data Link
Physical
WAAS OverviewSession and Transport Layer Optimization
Host A
Application
Presentation
Session
Transport
Network
Data Link
Physical
WAE 2ApplicationOptimizer
(AO)
TFO
Network
Data Link
Physical
WAE 1
Host B
Application
Presentation
Session
Transport
Network
Data Link
PhysicalOrigin Optimized Origin
WAN
BRKAPP-200514633_05_2008_c1
![Page 7: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/7.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 7
WAAS OverviewDRE and LZ Manage Bandwidth Utilization
Data Redundancy Elimination (DRE) provides advanced compression to eliminate redundancy from network flows regardless of application
LZ compression provides generic compression for all traffic
FILE.DOC
DRE CACHE DRE CACHE
FILE.DOC
WAN
LZ LZ
Origin ConnectionOrigin Connection
OptimizedConnection
Encode DecodeWindow Scaling
Large Initial WindowsCongestion Mgmt
Improved RetransmitPacket Aggregation
![Page 8: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/8.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 8
WAAS OverviewApplication Optimizations
Read Ahead
Asynchronous Write
Local Acknowledgement
Data Redundancy Elimination (DRE)
DRE Hinting
LZ Compression
TCP Flow Optimization
Object Caching
Object Prepositioning
Object Meta Data Caching
Encryption/Decryption
Video Stream Splitting
Outlook Address Book (OAB)
UUID Dynamic Classification
![Page 9: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/9.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 9
WAAS Application Optimizer (AO)Feature Summary
AO Read Ahead
Async Write
Local Ack
DRE/
Hint
LZ
TFO Object Cache
Object Pre-
Position
Meta Data
Cache
Other Lic
Req’d
CIFS Y Y Y Y/Y Y Y Y Y Y - Ent
NFS Y Y Y Y/Y Y Y N N Y - Ent
HTTP N N Y Y/Y Y Y N N Y Conn Reuse
Ent
MAPI Y Y Y Y/Y Y Y N N N OAB Object
Ent
PRT N Y Y Y/Y Y Y N N Y - Ent
RTSP N N Y N/N N Y N N N Split Video
EPM N N N N/N N Y N N N Classify Ent
SSL N N N Y/N Y Y N N N Encrypt/Decrypt
Ent
![Page 10: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/10.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 10
WAAS OverviewAuto-Discovery—Two WAEs
Expanded for AOs
TCP option 0x21 provides in-band signaling
WAE B closest to host (A) and WAE (C) closest to host (B)
Connection optimized between WAE (B) and (C)
WAEs shift optimized TCP SEQ number 2 billion
If a WAE that was optimizing connections fails:
Receiving host will see segments with SEQ/ACK numbers that are out of range
Host will reset (RST) connection
WAAS will propagate the RST
Host application will re-establish a new TCP connection
A B C D
A:D SYNA:D SYN(OPT) A:D SYN(OPT)
D:A SYN/ACKD:A SYN/ACK(OPT)
D:A SYN/ACK
Origin ConnectionOrigin ConnectionOptimizedConnection
![Page 11: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/11.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 11
WAAS OverviewAuto-Discovery—Three or More WAEs
WAE (B) closest to host (A) WAE (D) closest to host (E) Intermediate WAE (C) sees TCP option mark in
both directions and goes into Pass Through (PT) WAE supports 10X optimized limit for Pass Through
A:E SYNA:E SYN(OPT)
A:E SYN(OPT)A:E SYN(OPT)
E:A SYN/ACKE:A SYN/ACK(OPT)
E:A SYN/ACK(OPT)E:A SYN/ACK
A:E ACKA:E ACK(OPT)
A:E ACK(OPT)A:E ACK
Origin ConnectionOrigin Connection
OptimizedConnection
A B C D E
![Page 12: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/12.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 12
WAAS OverviewAuto-Discovery—One WAE
WAE (B) is closest to host (A) and host (C)
No TCP option mark is seen in either direction
WAE B goes into Pass Through (PT)
WAE supports 10X optimized limit for Pass Through
A:C TCP SYNA:C SYN(OPT)
C:A SYN ACKC:A SYN ACK
Origin ConnectionOrigin Connection
CA B
![Page 13: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/13.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 13
WAE Installation
![Page 14: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/14.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 14
WAAS InstallationSetup Script
Prompted on boot of factory default box to run setup script or execute ‘setup’
Script prompts for configuration to communicate, network integrate, manage, and license the WAE
Ideal for pilots and small deployments
Recommend script to setup Central ManagerDevice Mode Central-Manager
Recommend configuration template to stage accelerators for large deployments
device mode application-accelerator
central-manager address 10.1.1.31
primary-interface GigabitEthernet 1/0
cms enable
wccp version 2
wccp router-list 1 10.1.4.254
wccp tcp-promiscuous router-list 1
interface GigabitEthernet 1/0
ip address 10.1.4.100 255.255.255.0
autosense
exit
ip default-gateway 10.1.4.254
ip name-server 167.206.245.130
ip domain-name allcisco.com
hostname br1-wae1
ntp server 10.1.1.254
clock timezone US/Eastern -5 0
license add ...
![Page 15: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/15.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 15
Integrated WAAS/ISR Configuration with Setup Wizard
Single-screen configuration for WAAS and ISR IOSWCCP auto-configuration
Proactive diagnostic NEW in WAAS 4.2
![Page 16: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/16.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 16
InstallationDevice Mode Replication Accelerator
Requires WAAS 4.0.19 or Later 4.0.X
Accelerator optimized for a small number of high-throughput TCP connections
EMC SRDF/A and NetApp SnapMirror
Available on the WAE-7341 and WAE-7371 platforms
Only negotiates optimized connections with other WAEs in the same mode
device mode replication-accelerator
hostname dc1-wae1
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address 10.1.1.31 255.255.255.0
exit
ip default-gateway 10.1.1.254
ip name-server 10.1.1.21
central-manager address cm.allcisco.com
cms enable
![Page 17: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/17.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 17
wae(config)# interface PortChannel 1
wae(config-if)#no shut
wae(config-if)#ip address 10.1.1.31 255.255.255.0
wae(config)# interface gigabitEthernet 1/0
wae(config-if)#no shutdown
wae(config-if)#channel-group 1
wae(config-if)#exit
wae(config)#interface gigabitEthernet 2/0
wae(config-if)#no shut
wae(config-if)#channel-group 1
InstallationWAE Interface Channeling
Interfaces can be bundled into a PortChannel for load-balancing and high availability across switch modules
Requires identical interface configuration on both physical interfaces
IP addresses are defined on the PortChannel interface
![Page 18: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/18.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 18
InstallationStandby Network Interface Card (NIC)
Must be layer 2 path between two NICs
MAC only on in use interface
Primary preempts
No primary floats
Gratuitous ARPs on failover
Virtual Blade not supported
G 1/0 G 2/0
wae(config)#interface Standby 1
wae(config-if)#ip address 10.1.2.100 255.255.255.0
wae(config-if)#exit
wae(config)#interface GigabitEthernet 1/0
wae(config-if)#standby 1 primary
wae(config-if)#exit
wae(config)#interface GigabitEthernet 2/0
wae(config-if)#standby 1
wae(config-if)#exit
WAE(config)#primary-interface standby 1
wae#show interface standby 1
Interface Standby 1 (2 physical interface(s)):
GigabitEthernet 1/0 (active)
GigabitEthernet 2/0 (active) (primary) (in use)
![Page 19: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/19.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 19
WAAS Central Manager Configuration
![Page 20: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/20.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 20
Central Management System (CMS) Overview
CMS process runs on all WAEs
Provides bidirectional configuration synchronization between CM and accelerators
Communicates over HTTPS using self signed device specific certificates and keys
Central Manager collects health and monitoring data to every five minutes by default
CMS provides means to backup and restore configuration
Provides means to replace a failed device with a new device
Use “show cms info” to get CMS status
ConfigurationGroups
Ability to hide/filter pages
Roles based access control
ReportSystem
Device/Location
Flow
Session
MonitorAlarm
Emergency and critical syslog
![Page 21: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/21.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 21
Central ManagerLogin
1. https://cm-ip:8443/
2. Accept certificate
3. Username: admin
4. Password: default
5. Initialize and/or open secure store
![Page 22: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/22.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 22
Central ManagerGroup Configuration Best Practices
AllDevicesGroupNetwork > DNS
SNMPDate/Time > NTP Server | Time Zone
Login Access Control > SSH | MoD | Exec TimeoutAuthentication
Common criteriaSystem Log Settings
Storage > Disk Error HandlingCoreDevicesGroupSSL Acceleration
EdgeDevicesGroupTransaction logsPrepositioningDisk encryption
Flow Agent
![Page 23: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/23.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 23
Central ManagerGroup/Device Configuration Strategy
Use groups to the greatest extent possibleA device can belong to multiple device groups
Device configuration is more specific than group configuration
Multiple group configuration conflict is resolved by most recent configuration
Hide configuration pages that should not be used in a group
Create and enforce device group naming policyAll lower case with dashes for spaces
all-device-group
timezone-us-eastern
No spaces with capital for start of wordAllDeviceGroup
TimezoneUSEastern
![Page 24: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/24.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 24
Central ManagerAdding a New Core Device
1. Install WAE
2. Configure hostname, IP, primary interface, CM IP, and CMS enable
3. Assign device to AllCoresGroup (WAE is auto-activated and auto-assigned to the AllDevicesGroup)
4. Configure WCCP
hostname dc1-wae2
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address 192.168.200.202 255.255.255.0
exit
ip default-gateway 192.168.200.254
central-manager address 192.168.200.204
cms enable
license add Enterprise
![Page 25: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/25.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 25
Central ManagerWAAS Monitoring
Dashboard Aggregate Statistics
Device flow monitoring
Device CPU and Disk
Acceleration (HTTP, CIFS, NFS, MAPI, Video, SSL)
System-wide, Device Specific and Grouped by Location
![Page 26: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/26.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 26
Central Manager3rd Party WAAS Monitoring
Router Netflow to NAM, NetQos, Fluke or other 3rd party for reporting of all network traffic
WAAS flow logs to Sawmill for WAAS historical optimized flow level reporting
WAAS flow agent to Cisco Network Analysis Module (NAM) and NetQoS for application latency
NetQoS or Fluke for WAAS CM API reporting
WAN
Data CenterEnd-user Site with Optimization
FlowAgent Data Feed
Netflow
NetQoSSawmill
FTP Export
NAM Fluke
WAAS CM API
WAE WAE WAE-CM
![Page 27: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/27.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 27
Central ManagerRoles and Domains
1. Admin > AAA > Domains - Create domains based on groups
2. Admin > AAA > Role - Create role based on user’s allowed actions hiding unspecified configuration screens
3. Admin > AAA > User - Create user and associate roles and domains
2
1
![Page 28: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/28.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 28
Central ManagerAssigning Roles and Domains to Users
3
![Page 29: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/29.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 29
WAE Inline Deployment
![Page 30: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/30.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 30
InlineNon-Redundant Branch Deployment
RouterCrossover cable from router to engineEnsure the router bandwidth and duplex match the switch
SwitchStraight through cable from engine to switchEnsure the switch bandwidth and duplex match the router Implement switch port fast for faster failover recovery
EngineOne InLine NIC per WAE appliance (cannot be used with WCCP)Installed in-path between switch and router or firewallUse single pair of inline ports (1/0 or 1/1) removing RJ45 port coversPorts fail-to-wire upon hardware, software, or power failureSupport for interception 802.1q trunksUse GigabitEthernet 1/0 primary interface
s1 e1 r1
1/0/LAN 1/0/WAN
1/0/WAN1/0/LAN
1/1/WAN1/1/LANWAN
g 1/0
![Page 31: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/31.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 31
Interception with Serial Inline Cluster
Dual inline cards supported in WAAS 4.2.1Supports up to 4 inline groups
Supported on WAE-674, WAE-7341, WAE-7371
Interception Access list allows bypass of non-relevant traffic
Easy approach implementing Large Branch and Small/Medium Data Centers
HA is provided by 2nd WAE
Simplifies PoCs
![Page 32: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/32.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 32
Serial Inline Cluster Topologies - Branch
WAN
WAN
WAN
WAN
WAE-DC1WAN WAE-DC2
WAN
![Page 33: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/33.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 33
Serial Inline Cluster Topologies - DC
WAE-DC1WAN WAE-DC2
WAN
WAN
WAN
WAN
WAN
![Page 34: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/34.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 34
Branch Core
Serial Inline Cluster – Branch Failure or No WAE
WAE-BR
WAE-DC2 WAE-DC1
SYN
SYN+ACK
PT Non-optimizing Peer
SYN+OPT
1 2
3
45SYN+A
CKPT No Peer
6SYN+A
CK
SYN+ACK
Disable Peer Optimization prevents DC WAEs to become peer with each other
WAN
WAE-DC2 is a non-optimizing peer !
DC WAEsform peers with each
other
![Page 35: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/35.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 35
Configuring Non-Optimizing Peers
![Page 36: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/36.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 36
Verify Peer Settings
Green check mark indicates correct
configuration
![Page 37: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/37.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 37
wae(config)#interface InlineGroup 1/0 ?
autosense Interface autosense
bandwidth Interface bandwidth
encapsulation Set encapsulation type for an interface
exit Exit from this submode
failover Modify failover parameters
full-duplex Interface fullduplex
half-duplex Interface halfduplex
inline VLAN's to intercept
ip Interface Internet Protocol Config commands
no Negate a command or set its defaults
shutdown Put the inline interface in passthrough mode
wae#show interface inlinegroup 1/0
Interface is in intercept operating mode.
Standard NIC mode is off.
Disable bypass mode is off.
VLAN IDs configured for inline interception: All
Watchdog timer is enabled.
Timer frequency: 1600 ms.
Autoreset frequency 500 ms.
The watchdog timer will expire in 1195 ms.
InlineConfiguration
Ensure Consistent Bandwidth and Duplex Settings on Router and Switch Side Interfaces
Pass Through All Traffic(Fail to Wire)
Optionally Assign IP Address
![Page 38: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/38.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 38
Br1-wae1#show interface inlineport 1/0/LAN
Device name : eth5. Bypass slave interface.
Packets Received : 968932
Packets Intercepted: 781189
Packets Bridged : 187743
Packets Forwarded : 785048
Packets Dropped : 0
Packets Received on native : 0
Active flows for this interface :0
Ethernet Driver Status
-------------------------
Type:Ethernet
Ethernet address:00:E0:ED:04:BA:23
Maximum Transfer Unit Size:1500
Metric:1
Packets Received: 968932
Input Errors: 0
Input Packets Dropped: 0
Input Packets Overruns: 0
Input Packets Frames: 0
Packet Sent: 1254163
Output Errors: 0
Output Packets Dropped: 0
Output Packets Overruns: 0
Output Packets Carrier: 0
Output Queue Length:100
Collisions: 0
Base address:0x30c0
Flags:UP BROADCAST RUNNING MULTICAST
Mode: autoselect, full-duplex, 100baseTX
InlineStatus
Received Is Total PacketsIntercepted Is All TCP PacketsBridged Are Non-TCP PacketsForwarded Are Sent from Inline Interface
UP indicates administratively upRunning indicates link up
Recommend auto-negotiation
![Page 39: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/39.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 39
Serial Inline Cluster Best Practices
Deploy the same platform for both devices in cluster
Disable optimization between serial cluster devices
Apply the same policy/interception ACL on both devices
Configure interception ACL for both direction
Use CM to configure and manage serial inline cluster Automatic peer configuration
Verify peer optimization settings are mutually configured
Location based reporting
Second WAE in serial inline cluster is for HA, not supported for scaling/load balancing
![Page 40: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/40.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 40
WAE WCCP Deployment
![Page 41: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/41.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 41
WCCP Deployment - BRKAPP-2021
Deploying and Troubleshooting Web Cache Communication Protocol (WCCP) for WAN Acceleration, Security and Content Delivery
Highly recommend attending for in-depth information on deploying WCCP for redirection in the branch and DC
![Page 42: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/42.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 42
WCCPAssignment, Redirect, and Return Assignment (engine selection)
Hash - Byte level XOR computation divided into 256 buckets (default)Mask - Bit level AND divided up to 128 buckets (7 bits)
Router WCCP Redirect (router to WAE)GRE - Entire packet GRE tunneled to the engine (default)Layer 2 - Frame MAC address rewritten to engine MAC
WAE WCCP Return (WAE to router)WCCP GRE - Packet statefully returned router (as of 4.0.13)WCCP Layer 2 - Frame statefully rewritten to router MAC (Not yet supported in WAAS)
WAE Egress MethodIP Forward - Engine ARPs for default gateway (default)WCCP negotiated - WCCP GRE or WCCP L2 return (not yet supported in WAAS)Generic GRE - Statefully return in hardware to Catalyst 6500 Sup720/32 (as of WAAS 4.1)
A
B
A B
C
Src Balance 61 62 Dst Balance
e1 e2
r1
r2
![Page 43: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/43.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 43
WCCPCentral Manager Configuration
wccp router-list 1 192.168.254.2
wccp tcp-promiscuous router-list-num 1
wccp version 2
egress-method negotiated-return intercept-method wccp
![Page 44: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/44.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 44
WCCPCommon and Specific Configuration
WAE common configurationwae(config)#wccp router-list N <ip-address-list>
wae(config)#wccp version 2
Router common configurationrtr(config)#ip wccp 61 <redirect-list acl-name>
rtr(config)#ip wccp 62 <redirect-list acl-name>
Specific configuration depends onRouter – In or Out
Switch – In only
Topology
WCCP configurations vary forAssignment (WAAS default is hash)
Redirect (WAAS default is WCCP GRE)
Return (WAAS default is IP forward)
![Page 45: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/45.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 45
Planning and DesignPlatform Recommendations
Function Nexus 7000 Software
ISR & 7200
ASR 1000 Cat 6500 Sup720/32
7600
Cat 6500
Sup2 Cat 4500 Cat 3750
Assign Mask Only Hash or Mask
Mask Only Mask Mask Mask only Mask only
Redirect L2 GRE or L2 GRE or L2 GRE or L2 L2 or GRE / L2 L2 only L2 only
Redirect List L3/L4 ACL Extended ACL
Extended ACL
Extended ACL Extended ACL No Redirect List Support
Extended ACL (no deny)
Direction In or Out In or Out In only In In In only In only
Return L2 only GRE or L2 GRE or L2 L2 L2 L2 only L2 only
VRFs Supported Supported Planned Planned NA NA NA
IOS 4.2(1) 12.1(14); 12.2(26); 12.3(13); 12.4(10); 12.1(3)T; 12.2(14)T; 12.3(14)T5; 12.4(15)T8;15.0(1)M
2.4(2) 6500
12.2(18)SXF14
12.2(33)SXH4
12.2(33)SXI2a
7600
12.2(18)SXD1
12.1(27)E; 12.2(18)SXF14
12.2(50)SG1
12.2(46)SE
![Page 46: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/46.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 46
ip access-list extended waasremark WAAS WCCP Redirect Listdeny tcp any any eq telnetdeny tcp any any eq 22deny tcp any any eq 161deny tcp any any eq 162deny tcp any any eq 123deny tcp any any eq bgpdeny tcp any any eq tacacsdeny tcp any any eq 2000deny tcp any any eq 2443deny tcp any any eq 5060deny tcp any any eq 1718deny tcp any any eq 1719deny tcp any any eq 1720deny tcp any any eq 8443deny tcp any eq telnet anydeny tcp any eq 22 anydeny tcp any eq 161 anydeny tcp any eq 162 anydeny tcp any eq 123 anydeny tcp any eq bgp anydeny tcp any eq tacacs anydeny tcp any eq 2000 anydeny tcp any eq 2443 anydeny tcp any eq 5060 anydeny tcp any eq 1718 anydeny tcp any eq 1719 anydeny tcp any eq 1720 anydeny tcp any eq 8443 any! Below optional per branch in pilotpermit tcp any <<branch subnet>>permit tcp <<branch subnet>> anydeny tcp any any
WCCPRedirect List
Permit all applications but deny specific
Avoid redirection of management traffic with a universal ACL
Apply bidirectional ACL to service groups 61 and 62
Create the redirect ACL before enabling WCCP service groups 61 and 62
Do not enable logging on WCCP redirect ACL
Permit specific applications only
![Page 47: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/47.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 47
Router Configurationinterface loopback0ip address 192.168.254.2 255.255.255.0
! ------ If WAE L2 Adjacentinterface GigabitEthernet0/0Description WAE Subnetip address 192.168.201.254 255.255.255.0
! ------ Point to Multipointinterface Tunnel1ip address 192.168.250.254 255.255.255.0no ip redirectstunnel source Loopback0tunnel mode gre multipoint
! ------ Point to Pointinterface Tunnel1ip unnumbered Loopback0no ip redirectstunnel source Loopback0tunnel destination 192.168.201.201
WAE Configuration! ------ WAE Configuration (Not L2 Adjacent)wccp router-list 1 192.168.254.2wccp tcp promiscuous router-list 1 mask-assign
wccp tcp-promiscuous mask src-ip-mask 0xF00wccp version 2
! ------ WAE Configuration (L2 Adjacent)wccp router-list 1 192.168.201.254wccp tcp promiscuous router-list 1 mask-
assignwccp tcp-promiscuous mask src-ip-mask 0xF00wccp version 2
interface GigabitEthernet 1/0ip address 192.168.201.201 255.255.255.0
exit
WCCPCatalyst 6500 Local Path Affinity with Generic GRE Return
Point to Multipoint GREUse local interface VLAN IP tunnel source for local WAE
Use loopback interface IP tunnel source for non-local WAE
Point to Point GRENeed unique IP address per peer for hardware acceleration on 6500
![Page 48: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/48.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 48
wae#show egress methodsIntercept method : WCCP
TCP Promiscuous 61 :WCCP negotiated return method : WCCP GRE
Egress Method Egress MethodDestination Configured Used ----------- ---------------------- -------------any Generic GRE Generic GRE
TCP Promiscuous 62 :WCCP negotiated return method : WCCP GRE
Egress Method Egress MethodDestination Configured Used ----------- ---------------------- -------------any Generic GRE Generic GRE
Intercept method : Generic L2Egress Method Egress Method
Destination Configured Used ----------- ---------------------- -------------any not configurable IP Forwarding
dc1-wae1#show statistics generic-greTunnel Destination: 192.168.254.2Tunnel Peer Status: UpTunnel Reference Count: 24Packets dropped due to failed encapsulation: 0Packets dropped due to no route found: 0Packets sent: 10422Packets sent to tunnel interface that is down: 0Packets fragmented: 0
WCCP WAAS Egress Methods
Destination is Same as Tunnel Source
Number of WAEs Plus Number of
Connections
![Page 49: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/49.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 49
dc1-rtr1#show ip wccpGlobal WCCP information:
Router information:Router Identifier: 10.1.3.254Protocol Version: 2.0
Service Identifier: 61Number of Cache Engines: 1Number of routers: 1Total Packets Redirected: 1954820Process: 474Fast: 0CEF: 1954346Redirect access-list: -none-Total Packets Denied Redirect: 0Total Packets Unassigned: 24Group access-list: -none-Total Messages Denied to Group: 0Total Authentication failures: 0Total Bypassed Packets Received: 4
Service Identifier: 62Number of Cache Engines: 1Number of routers: 1Total Packets Redirected: 581196Process: 107Fast: 0CEF: 581089Redirect access-list: -none-Total Packets Denied Redirect: 0Total Packets Unassigned: 17Group access-list: -none-Total Messages Denied to Group: 0Total Authentication failures: 0Total Bypassed Packets Received: 5
dc1-wae1#show wccp routers
Router Information for Service: TCP Promiscuous 61Routers Configured and Seeing this Engine(1)
Router Id Sent To Recv ID10.1.3.254 10.1.2.254 0001CD80
Routers not Seeing this File Engine-NONE-
Routers Notified of but not Configured-NONE-
Multicast Addresses Configured-NONE-
Router Information for Service: TCP Promiscuous 62Routers Configured and Seeing this Engine(1)
Router Id Sent To Recv ID10.1.3.254 10.1.2.254 0001CD7C
Routers not Seeing this File Engine-NONE-
Routers Notified of but not Configured-NONE-
Multicast Addresses Configured-NONE-
dc1-wae1#show wccp greTransparent GRE packets received: 105587Transparent non-GRE packets received: 0Transparent non-GRE non-WCCP packets received: 0Total packets accepted: 100152Packets sent back to router: 0GRE packets sent to router (not bypass): 52222Packets sent to another WAE: 0Packets received with client IP addresses: 100152
WCCPVerify WCCP Operation on Router and WAE
![Page 50: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/50.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 50
WCCPBranch with Software or Hardware Router
Routerip wccp 61ip wccp 62interface s0ip wccp 61 redirect outip wccp 62 redirect in
interface g1WAEwccp router-list 1 10.1.1.254wccp tcp-promiscuous router-list-num 1wccp version 2egress-method negotiated-return intercept-
method wccp
IPNetwork
h1
h2
e1
A/24
B/24
62
g0 s0
h3 s1
61
g1
IPNetwork
h1
h2
e1A/24
B/24
61
61
g0 s0
Routerip wccp 61 redirect-list local-subnetsip wccp 62ip extended access-list local-subnetsdeny tcp any A/24deny tcp any B/24permit tcp any any
interface g0ip wccp 61 redirect in
interface s0ip wccp 62 redirect in
WAEwccp router-list 1 10.1.1.254wccp tcp promiscuous router-list 1 l2-
redirect mask-assignwccp tcp-promiscuous mask src-ip-mask 0xFwccp version 2
h3 s1
g1
62SiSiSiSiSiSi
![Page 51: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/51.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 51
r1
r2
WCCPGRE Return Network Path Affinity
Redirect WCCP GRECatalyst 6500 Sup720 and ASR process in hardware7200/ISR in software
Egress/ReturnWCCP GRE
ASR in hardware7200/ISR in software
Generic GRECatalyst 6500/PFC3
Data Center ConnectionBranch Connection Optimized WAN Connection
A
B
A B A BC
D
Src Balance 61 Src Balance 6162 Dst Balance 62 Dst Balance
r3
r4
![Page 52: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/52.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 52
Multiple WANs Symmetric RoutingShared WAEs on WAN Distribution/Core
WAE with Interface Standby (N+1 Redundancy)Registration – r1/r2 interface IP
Assignment – Mask
Redirect/Egress – WCCP GREReturn/Egress - IP Forwarding, generic GRE (6500), or WCCP GRE (ASR)
Network
Engines on shared subnet between r1 and r2Interface VLAN inter-core link with no WCCP
WAE with Etherchannel (N:N Redundancy)Registration – Loopback IPAssignment – Mask
Redirect – WCCP GRE
Return/Egress - IP forward or generic GRENetwork
Engines on dedicated subnets (no interface standby)
Routed interface link (r1-r2) with no WCCP
r1 r2
WAN
e2 e3 e4e1
WCCP Registration
SiSiSiSiSiSi SiSiSiSiSiSi
r1 r2
WAN
e1
e2
e3
e4SiSiSiSiSiSi SiSiSiSiSiSi
61 61
62 62
61 61
62 62
![Page 53: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/53.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 53
Multiple WANs Symmetric RoutingShared WAEs on WAN Edge
Local WAE Redirect and ReturnRegistration –r1/r2 interface IP
Software router (7200/ISR)
Assignment – Hash
Redirect - WCCP GRE
Return/Egress – WCCP GRE or IP forward
Hardware router (6500/PFC3 or ASR)
Assignment – Mask
Redirect – WCCP GRE
Return/Egress – generic GRE (6500), WCCP GRE (ASR), or IP forward return
Network
Enable routing on engine subnet (no passive interface)
MHSRP to alternate WAE default gateway (e1 to r1 and e2 to r2)
Optional standby interface for router high availability
Remote WAE GRE Redirect and ReturnRegistration – Remote r1/r2 loopback IP
Assignment – Hash (7200/ISR) or mask (6500/ASR)
Redirect - WCCP GRE
Return/Egress - WCCP GRE (ASR/7200/ISR) or Generic GRE (6500)
Network
r1 r2
WAN
SiSiSiSiSiSi SiSiSiSiSiSi
r1 r2
WAN
SiSiSiSiSiSi SiSiSiSiSiSi
WCCP Registration
e1 e2
e1 e2
62 62
61 61
61 61
62 62
![Page 54: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/54.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 54
Dual Data CenterAsymmetric Routing Condition
ConditionBranch route summarization
Connections sent to DC-A when application resides in DC-B
SYN and SYN/ACK not seen by same WAE
SolutionsAdvertise summary route for each data center to eliminate asymmetric routing
WAE in server farm distribution with WCCP or ACE
WAE cross registers with WAN edge or distribution routers in both data centers DC-A DC-B
0.0.0.0
SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi
![Page 55: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/55.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 55
Dual Data CenterAsymmetric Routing Solutions
WAE in server farm distribution with WCCP or ACE
WAE cross registers with WAN edge or distribution routers in both data centers
SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi
61
61 61
62
62
62
62
62 62
61 61
61
62 62
![Page 56: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/56.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 56
Server
Farm 2
Server
Farm 1
Dual Data Center Asymmetric Routing WAN Distribution Catalyst 6500 WCCP
Registration – r3/r4/r5/r6 loopback IP
Assignment - Mask
Redirect - WCCP GRE
Return/Egress - IP forwarding or generic GRE
NetworkEngines (e1, e2, e3, e4,...) attached to WAN distributionInterfaces from WAN (r1 and r2) have WCCP 61 inInterfaces from Server Farms (r7,r8,r9,r10) have WCCP 62 inNo WCCP on inter-switchlinks between r3, r4, r5, and r6
e1 e2
r1r3
r2
WAN#1
WAN#2
r4
r5 r6
r7
r8
r9
r10
e3 e4
SiSiSiSiSiSi
SiSiSiSiSiSi SiSiSiSiSiSi
SiSiSiSiSiSi
WCCP Registration
62
61
62
62
61
62
62 62
61 61
![Page 57: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/57.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 57
WCCPChoosing the Right Mask
BranchDHCP allocated addressing
Balance hosts to multiple engines 0xF to 0x7F (or similar)
Balancing to a single engine (mask selection is irrelevant)
Retail Data CenterSite /24 allocation per site
Balance sites or engines with 0xF00 to 0x7F00 (or similar)
Enterprise Data CenterRegional/16 allocation
Balance regions with 0xF0000 to 0x7F0000 (or similar)
0xF = 0000:0000.0000:0000.0000:0000.0000:11110xF00 = 0000:0000.0000:0000.0000:1111.0000:0000
0xF0000 = 0000:0000.0000:1111.0000:0000.0000:0000
![Page 58: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/58.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 58
WCCP DirectionUse 61 from client
Use 62 from server
Branch/24 subnet
10.0.X.0/24
DHCP allocation
2 WAE per branch
0x3 WCCP mask
Data Center4 WAEs in core cluster
0x700 WCCP mask (0000:0111.0000:0000)
Each core peers with only two branches
WCCPEnterprise Mask Assignment Example
0.0/24:0000
#10001
#21011
10.0.3.7 (:0111)
10.0.3.4 (:0100)
10.0.3.6 (:0110)
10.0.3.5 (:0101)
WAE #1:0000:0001
1.0/24:0001
2.0/24:0010 3.0/24
:0011
4.0/24:0100 5.0/24
:0101
6.0/24:0110 7.0/24
:0111
WAE #2:0010:0011
WAE #3:0100:0101
WAE #4:0110:0111
62
61
![Page 59: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/59.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 59
WCCPConfiguration Best Practices
RegistrationDo NOT use a virtual gateway address (HSRP, VRRP, GLBP)
Use interface IP address if L2 adjacent to WCCP router
Use highest loopback address if not L2 adjacent to WCCP routerDo not configure large MTU (>1500 bytes) on WCCP client interfaces
AssignmentUse mask assignment for all hardware routers (6500, 7600, ASR)Do NOT use the default mask
Use hash assignment software routers (7200, ISR)
RedirectWCCP GRE redirect for 6500/PFC3, 7600, ASR, ISR, 7200
L2 redirect for Catalyst 6500, 4500, 3750, 3560
Redirect list should be basic extended ACL with no port ranges, DSCP matches, etc.
ReturnIP forward return by default
WCCP GRE return on ISR/7200 (consider performance) and ASRGeneric GRE return on Catalyst 6500 and 7600 if asymmetric routed data center
For GRE return, implement static /32 route to WCCP router id or GRE loopback for optimal return
![Page 60: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/60.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 60
WCCPOperational Best Practices
Router initial configurationCreate WCCP redirect ACLConfigure global IP WCCP # redirect-list…
Configure interfaces
Router configuration changesGlobal service group configuration changes – Unregister all affected WCCP clients with no WCCP version 2, remove interface config, remove/change global config, apply new global config, apply new interface config, re-register WCCP clients
Interface configuration changes – Leave WAE WCCP clients registered
Redirect-list changes – Leave WAE WCCP clients registered
WAE Moves, Adds and ChangesAdd – Configure egress-method, WCCP router-list, WCCP TCP-promiscuous, WCCP version 2
Moves/Changes – No WCCP version 2, follow add procedure
![Page 61: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/61.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 61
WAAS AO Deployments
![Page 62: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/62.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 62
WAAS AO DeploymentsLicensing
Managed at a device level
Transport includes DRE/LZ/TFO
Enterprise includes NFS, HTTP, SSL, WAFS/CIFS, MAPI, Print, and DRE/TFO/LZ
Video requires enterprise
Virtual blade requires enterprise
CLI commandsshow license
license add <license-name>
clear license
clear license <license-name>
#show license
License Name Status Activation Date Activated By
-------------- ----------- --------------- --------------
Transport not active
Enterprise active 03/20/2008 admin
Video not active
Virtual-Blade not active
#license add Video
#show license
License Name Status Activation Date Activated By
-------------- ----------- --------------- --------------
Transport not active
Enterprise active 03/20/2008 admin
Video active 04/01/2008 admin
Virtual-Blade not active
#clear license Enterprise
The License Management system policy validation failed.
Video license is configured to include Enterprise license.
Please, clear Video license first.
#clear license Video
#clear license Enterprise
#show license
License Name Status Activation Date Activated By
-------------- ----------- --------------- --------------
Transport not active
Enterprise not active
Video not active
Virtual Blade not active
![Page 63: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/63.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 63
WAAS AO Deployments Configuration
1. Go To AllDevicesGroup2. Globally enable WAAS
Accelerators3. Enable Blacklist if firewalls
upstream from core drop SYN packets with options else disable
![Page 64: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/64.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 64
WAAS CIFS Software DistributionMy WAN > Prepositioning
1. Create a read-only account on the software distribution server (do not use administrator)
2. Identify file server by name or IP address
3. Identify core location to browse files
4. Configure read-only account in WAAS
5. Identify portion of file cache to use for prepositioning
6. Select minimum and maximum file size as appropriate
7. Set job duration
8. Select Type
![Page 65: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/65.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 65
WAAS CIFS Software DistributionMy WAN > Prepositioning > Content Settings
1. Chose the share and directory using browse
2. Implement any specific file name features
![Page 66: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/66.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 66
WAAS CIFS Software DistributionMy WAN > Prepositioning > Assign Edge Groups
Assign AllEdgesGroup
![Page 67: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/67.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 67
WAAS CIFS Software DistributionMy WAN > Prepositioning > Schedule
Chose Start Time considering the job duration
Set schedule which is commonly daily or weekly for software distribution
![Page 68: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/68.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 68
WAAS CIFS Software DistributionMy WAN > Prepositioning > Status
View Progress and completion until next job
If files don’t change, then no need to re-run job
![Page 69: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/69.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 69
Single Screen HTTP AO Configuration
![Page 70: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/70.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 70
WAAS AO DeploymentCentral Manager Secure Store for SSL
CM’s secure store keeps all imported host and accelerated SSL certificates and private keys
Certificates and private keys are encrypted with user pass-phrase:
When secure store is being initialized first time (initialization)
After CM device reloads to open secure store (opening)
CM secure store must be open to synchronize configuration between SSL capable CM and WAEs
Upon reboot, if CM detects the secure store is initialized but not open a critical alarm is raised
CLI commands are available:cm#cms secure-store [init|open|change]
To initialize, open or change current pass-phrase
cm#show cms secure-storeTo show current status of CM secure store
![Page 71: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/71.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 71
WAAS AO DeploymentKey Management
Accelerated serviceSSL services traffic to accelerate
Consists of two SSL sessions
Client to core
Core to server
Peering serviceSend accelerated service session keys from core to edge
Management serviceSync config to/from CM and WAE
WAE secure store encryption key from CM
Encryption key encrypts server private keys on core WAE
CM admin serviceConfigure WAEs using CM
Upload certificates and private keys to CM
Server
Core WAE
WAN1WAN1Client
Edge WAE
Edge WAN Router
Core WAN Router
Common Name = hr.analog.com
WAE to WAEPeering Service
Central ManagerAdmin Browser
CM to Edge WAEManagement Service
CM to Core WAEManagement Service
CM AdministrationAdmin Service
Client to ServerAccelerated Service
SSL Service – TCP connection carrying SSL traffic on a well known TCP Port (e.g. 443)
Client to Core SSL Session Core to Server SSL Session
SSL Data
TCP Session
SSL Sessions
![Page 72: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/72.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 72
WAAS AO DeploymentWebex SSL Acceleration Example
BRANCH OFFICE
BRANCH OFFICE
BRANCH OFFICE
REGIONAL HUB
REGIONAL HUB
ServersServers
Servers
DB
Recording
Collaboration Bridge
Collaboration Bridge
Meeting Zone
Multi-Media Platform
Multi-Media Platform
Web Zone
Internet
InternetWAN
ASR 1000
ASR 1000
WAN
Meeting Traffic,VoIP, Video
CB
MMP
CB
MMP
SSL
SSL
ASR-1000 WebEx Nodes (SPA Blades)
SSL
ASR-1000 WebEx Nodes optimize Internet DeliveryOnly 1 stream per site45-90% Bandwidth SavingsEliminates WAN UpgradesOffloads Firewall/Proxies due to reduced trafficFully transparent solution
WAAS
WebEx SaaS Cloud
WAAS 4.2 optimizes WebEx Delivery to the Branch DRE and LZ compressionImproved user responseUp to 80% Bandwidth ReductionDelay WAN UpgradesFully transparent solution
WAAS Optimizations can also be delivered for other SaaS traffic in the enterprise
![Page 73: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/73.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 73
Three-Step HTTPS Optimization Configuration1 of 3 – Provide Server Addresses
![Page 74: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/74.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 74
Three-Step HTTPS Optimization Configuration2 of 3 – Provide Certificate
![Page 75: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/75.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 75
Three-Step HTTPS Optimization Configuration3 of 3 – Enable Accelerated Service
![Page 76: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/76.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 76
WAAS AO DeploymentsWebex Acceleration
Networkers WAAS presentation delivered Via Webex
BRKAPP-2005 presentation bytes reduced 58% by WAAS HTTPS
![Page 77: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/77.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 77
WAAS RTSP AO DeploymentEdge Splitting
Enable Video Accelerator
Windows Media 9 or later
Operates on RTSPT only
Splitting occurs on the edge
Auto-discovery puts intermediate engines into Pass Through
ACNS/CDS origin configured with ‘wmt disallow-client-protocols rtspu mmsu’ to force TCP use
Option to TCP optimize or drop unaccelerated streams
Support for Windows Media 9 logs
WAN
![Page 78: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/78.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 78
WAASIntermediate Firewall Support
Configured endpoint tunnel through firewallNot support by WAAS
Permit tunnel through firewall
Renders firewall useless for stateful L3/L4 packet filtering
Does not scale administratively
Permit TCP options with automated UDP 4050 tunnel (WAAS Directed Mode)
Traffic optimized by WAAS using auto-discovery but then tunneled between WAEs
Firewall rendered useless for L3, L4, or L5 packet filtering and stateful inspection
Permit TCP options and disable sequence number checking on firewall
WAAS auto-discovery and transparency works
Firewall implements stateless L3/L4 packet filters
Cisco firewall with WAAS awarenessTraffic transparently optimized by WAAS using auto-discovery
Cisco firewall preserves L3/L4 stateful inspection by permitting TCP options and statefully tracking TCP sequence number shift
A B D
Origin ConnectionOrigin ConnectionOptimized Connection
No Connection Layer Security
EC
![Page 79: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/79.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 79
WAAS Directed Mode (DM)Non-Cisco Firewall Support
Obeys existing router and FW ACLs during TCP handshake
Maintains TCP Transparency on LAN
Auto-Discovery as in transparent WAAS mode (TCP options must pass)
No change in available optimizations
Integrated with WAAS and NetQoS Monitoring
FW configuration to permit UDP:4050
Allows UDP State Inspection
With DM ON, WAE will not be transparent
DM mode is OFF by default Configuration
wae(config)#directed-mode enable ?port Directed mode UDP port
A B D
Origin ConnectionOrigin Connection Optimized Connection
EC
UDP:4050
![Page 80: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/80.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 80
WAASUpstream Firewall and Blacklist
1. Upstream firewall drops packets with TCP option
2. WAAS D sends SYN with TCP option which is dropped by firewall E
3. WAAS D re-sends SYN with TCP option but it is dropped
4. WAAS puts server in Blacklist for default 60 minutes
5. WAAS D forwards SYN without TCP option
6. WAAS re-tries sending SYN with TCP option to server after 60 minutes
A B D
Origin ConnectionOrigin Connection Optimized Connection
E FC
TCP Option RemovedFrom SYN
![Page 81: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/81.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 81
WAAS Replication AcceleratorDeployment
Data center high bandwidth medium latency link acceleration
SnapMirror and SRDF/A over IP
DRE cache size equals platform memory
7341/7371 use 9GB/18GB
7341/7371 have fanout of 4/9
DRE cache is still persistent across the reboots
TFO tuned for high throughput and few connections
Replication AcceleratorDevice mode (CLI only)
Requires reload
DRE cache cleared
DRE aggregation disabled
LZ compression level set to 1
“tfo perf-poc” enabled
Default policy changed as applicable with the new device mode
Connection from/to Replication Accelerator to/from Application Accelerator are put to pass-through
![Page 82: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/82.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 82
WAAS Virtual Blade Deployments
![Page 83: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/83.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 83
WAAS Virtual BladeOverview A Virtual Blade is a guest virtual machine of the
WAAS host
WAAS presentsFirmware—BIOS and possible extensions
Hardware—one or more CPUs, memory, host bridge, VGA, one or two NICs, disk controller, disk, CD drive, serial port, PXE Boot, etc.
Preservation of Virtual Machine state on WAAS reboot
Virtual Blade supportWindows on WAAS (WoW) – Windows 2003/2008 Server print and directory services (2008 available pre-installed), MS SVVP for Windows 2008
Application and Content Networking System (ACNS VB)Windows Services (SCCM and 3rd party Services like Altiris)
Enterprise and Virtual Blade licenses required
Cisco Linux
Kernel Virtual Machine
WindowsOn
WAAS(WOW)
ACNSVirtualBlade(ACNS
VB)
VirtualBlade
# N
VirtualBlade
Storage
EthernetNetwork
I/O
![Page 84: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/84.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 84
Interface Bridge
WAAS Virtual BladeDedicated VB Interface or Shared Port Channel
ACNS VB1 WoW VB2
WAASinterface g 2/0
no ip addr
WAASinterface g 1/0
ip address B.1/24
LANip address A.2/24
IPNetwork
e1
A/2462s0
61g 1/0 g 2/0
interface g 1/0ip address A.1/24
Interface Bridge
ACNS VB1 WoW VB2
interface g 2/0channel-group 1
interface g 1/0channel-group 1
LANip address A.3/24
interface g 1/0ip address A.2/24
WAASinterface PortChannel 1
ip address A.1/24
h1
Interface Bridge
IPNetwork
e1
A/2462g0
g 1/0
g 2/0
h1
g1
s0
LAN-1 LAN-2
LAN-1 LAN-2
virtual-blade X
description VB Shared Port Channel
interface 1 bridge PortChannel 1
virtual-blade X
description Dedicated VB Network
interface 1 bridge GigabitEthernet 2/0
B/24
61
80
g061
80
![Page 85: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/85.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 85
WAAS Virtual BladeACNS and WAAS WCCP Channel Configuration
ROUTERip wccp 61 redirect-list WAASip wccp 62 redirect-list WAASip wccp 80!ip extended access-list WAASdeny tcp any any eq 554deny tcp any eq 554 anypermit tcp any any
!interface s0ip wccp 62 redirect in
!interface g0ip address A.254 255.255.255.0ip wccp 80 redirect inip wccp 61 redirect in
WAAS WAEinterface PortChannel 1ip address A.1 255.255.255.0
wccp router-list 1 A.254wccp tcp-promiscuous router-list 1wccp version 2
ACNS Virtual Bladeinterface GigabitEthernet 1/0ip address A.2 255.255.255.0
exitwccp router-list 1 A.254wccp rtsp router-list-num 1wccp version 2
IPNetwork
e1
A/2462g0 s061
g 1/0 g 2/0
h180
![Page 86: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/86.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 86
WAAS Virtual BladeACNS and WAAS WCCP Channel Configuration
ROUTERip wccp 61 redirect-list WAASip wccp 62 redirect-list WAASip wccp 80!ip extended access-list WAASdeny tcp any any eq 554deny tcp any eq 554 anypermit tcp any any
!interface s0ip wccp 62 redirect in
!interface g0ip address A.254 255.255.255.0ip wccp 80 redirect inip wccp 61 redirect in
!interface g1ip address B.254 255.255.255.0
WAAS WAEinterface GigabitEthernet 1/0ip address B.1 255.255.255.0
exitinterface GigabitEthernet 2/0no ip address
exitwccp router-list 1 A.254wccp tcp-promiscuous router-list 1wccp version 2ACNS Virtual Bladeinterface GigabitEthernet 2/0ip address A.1 255.255.255.0
exitwccp router-list 1 A.254wccp rtsp router-list-num 1wccp version 2
IPNetwork
e1
A/2462g061
g 1/0
g 2/0
h1
g1
s0
B/24
80
![Page 87: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/87.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 87
WAAS Virtual BladeOS Installation
Copy an ISO CD or DVD image to the system (copy FTP disk…)
Allocate disk, memory, network resources
Run the virtual blade, booting from CD
Use VNC to guide the installation
Stop the virtual blade, and restart it booting from disk
br1-wae1#pwd/local1/vbsbr1-wae1#dir
size time of last change name-------------- ------------------------- -----------
593117184 Wed Jun 18 17:54:01 2008 en_windows_server_2003.iso2634078208 Wed Jun 18 16:08:59 2008 en_windows_server_2008.iso277676032 Tue Dec 9 17:20:43 2008 ACNS-5.5.12.40-K9.iso178952192 Sat May 4 12:35:30 2002 winboot2.0.116qd.iso
![Page 88: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/88.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 88
WAAS Virtual BladeACNS VB Configuration
virtual-blade 1config:description ACNS VBdevice cpu qemu32device nic e1000device disk IDEdevice keyboard en-usmemory 1024disk 80 80interface 1 bridge PortChannel 1no boot fd-imageboot cd-image disk /local1/vbs/ACNS-5.5.X.isoboot from diskno vncautostart
state:
running
serial console session active
vnc server disabled
current cd /local1/vbs/ACNS-5.5.X.iso
current floppy [not inserted]
![Page 89: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/89.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 89
WAAS Virtual BladeWindows on WAAS (WoW)
config:description WoW - 2008 Serverdevice cpu qemu64device nic rtl8139device disk IDEdevice keyboard en-usmemory 1024disk 30interface 1 bridge G 1/0 mac-address 00::19no boot fd-imageboot cd-image disk /local1/vbs/win2008.isoboot from cd-romautostart
state:
running
serial console session inactive
vnc server active
vnc client connected
current cd /local1/vbs/win2008.iso
current floppy [not inserted]
![Page 90: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/90.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 90
Configuring Virtual Blade using Central ManagerUsing Two CPUs for Single VB
![Page 91: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/91.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 91
WAAS Virtual BladeActions
br1-wave1#virtual-blade 1 ?
cd Change virtual blade cd
kill-save-state Delete the virtual-blade saved state
save Save memory state of virtual blade
session Open telnet connection to remote host/port
start Start the virtual blade
stop Stop the virtual blade
![Page 92: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/92.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 92
WAAS Virtual BladeVideo/Keyboard/Mouse and Console
An emulated video card display is visible with VNC
VNC connect to emulated video card via WAE-IP:# where # is the VB number
Once the VB OS is installed, a remote desktop connection may be set up using the IP address inside the Virtual Blade
An emulated serial port is accessible from the WAAS CLI
br1-wave1#virtual-blade 1 sessionSession already in usebr1-wave1#virtual-blade 1 session clearbr1-wave1#virtual-blade 1 sessionTrying 127.0.0.1...Connected to localhost.Escape character is '^]'.
Cisco Content Engine Console
Username: adminPassword:
NO-HOSTNAME#
![Page 93: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/93.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 93
WAAS Sizing Guidelines
![Page 94: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/94.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 94
Cisco WAAS 4.2.1Sizing Considerations
Connection capacityConcurrent TCP connectionsEstimate 10 TCP connections per clientVerify C:\>netstat -a | find "ESTABLISHED“Connections Per Second (CPS)
Video streams
NetworkWAN bandwidthLAN bandwidth
Core fan out peering
StorageDRE days historyVirtual BladeCIFS object storage
Virtual blade memory, disk, and CPU capacity
![Page 95: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/95.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 95
Cisco WAE FamilyWAAS 4.2.1 Performance
Capacity SRE-700
SRE- 900
WAE-274
WAE-474
WAE-574-3GB
WAE-574-6GB
WAE-674-4GB
WAE-674-8GB
WAE-674-
8GB+VB
WAE-7341 WAE-7371
WAN Bandwidth (Mbps) 20 50 2 4 8 20 45 90 90 310 1000
Optimized TCP Connections 500 400 200 400 750 1300 2000 6000 4000
12000
9000/3000*
50000
12000/28000*
Optimized Throughput (Mbps) 150 250 90 90 100 150 250 350 350 800 1500
Total Disk Capacity (GB) 500 500 250 250 500 500 600 600 600 900 1500
DRE Disk Capacity (GB) 120 120 40 60 80 120 120 320 150 500 1000
CIFS Disk Capacity (GB) 120 120 120 120 120 120 120 120 120 230 230
Maximum LAN Video Streams 200 200 40 80 150 300 400 1000 600 1000 1000
Virtual Blades Supported 2 2 2 6 2 6
Total Virtual Blade Disk Capacity 30 30 60 175 120 200
Core Fan Out 35 70 100 200 200 1400 2800
CM Managed Devices 125 250 500 1000 1500 1500 2000
* SSL connections / TCP connectionsNote: These are guidelines for sizing based on certain assumptions. Enabling multiple features will have an impact on scalability.
![Page 96: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/96.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 96
WAAS Mobile Overview and Deployment
![Page 97: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/97.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 97
Data Redundancy EliminationReduces amount of data transmitted
Handles any size fileSingle instance, bi-directional delta byte caching
Transport Flow OptimizationMaximizes link throughput
Dynamically adjusts to network conditionsOptimizes performance over lossy and/or high latency networks
CIFS/SMB file share HTTPMS Exchange HTTPS
Application Protocol OptimizationMitigates network latency
Cisco WAAS Mobile Acceleration Technologies
![Page 98: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/98.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 98
Cisco WAAS Mobile Networking:Deployment Topology
Intranet
Internet
Remote Access
VPN
App Servers &Storage
Data Center
App Servers&
Storage
Data Center
Cisco WAAS Mobile Client
Cisco WAAS Mobile Server
Cisco WAAS MobileServer
Mobile users connect through VPN aggregation point to multiple
Cisco WAAS Mobile Servers
Small Office
Cisco WAAS Mobile Clients
Workers in small offices may connect to multiple
Cisco WAAS Mobile Servers
Simultaneously accelerate traffic to applications hosted in multiple data centers
![Page 99: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/99.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 999999
Cisco WAAS Mobile Networking:Client-Server Data Flow
Cisco WAAS Mobile client proxies all accelerated TCP traffic and sends it via UDP port 1182 to the Cisco WAAS Mobile Server
Accelerated Applications CIFS SMB Other
Applications
Intercept/Redirect (TDI driver)
Acceleration Process
Intercept/Redirect (TDI driver)
Acceleration Process
TCP TCPData
UDP 1182
TCP
Cisco WAAS Mobile Client
Cisco WAAS Mobile Server
Other Application
Servers
Application Servers
File Servers
TCP
TCPControl
TCP 1182
![Page 100: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/100.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 100100100
Cisco WAAS Mobile Scalability
Scale up to handle maximum throughput of any data center• Up to 10,000 concurrent users per Cisco WAAS Mobile server
• Multiple Cisco WAAS Mobile Servers can be aggregated into Cisco WAAS Mobile server farms for load balanced, redundant capacity
Scale out to handle multiple data centers• Cisco WAAS Mobile server farms hosted at multiple data centers provide
acceleration for any worker to any application
Scalable Cisco WAAS Mobile Manager data flow• Manager communicates with Cisco WAAS Mobile worker servers
• Worker servers communicate with Cisco WAAS Mobile clients
• A single Cisco WAAS Mobile Manager can manage hundreds of servers and hundreds of thousands of clients
![Page 101: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/101.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 101101101
WAAS Mobile ManagementCentral Manager
Highly scalable• Manage hundreds of Cisco WAAS Mobile servers or just a single server
• Manage hundreds of thousands of end users from a single user interface
Total system visibility• View performance at system level, or drill down to a server farm, a single
server, a group of end users, or a single user
Consolidated end-user management and monitoring• Visibility into the performance and status of accelerated traffic by
application and path for any end user from the Cisco WAAS Mobile Manager
Highly available• Central manager not required to be operational for acceleration services
to be operational.
![Page 102: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/102.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 102102102
Cisco WAAS Mobile Management: Manage All Clients Centrally
View all clients from the central console and filter to find the user or set of users of interest
![Page 103: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/103.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 103103103
Enterprise Deployment ConsiderationsHigh Availability
To provide high availability and capacity within a data center
• Multiple Cisco WAAS Mobile servers in a data center may be configured to be members of a Cisco WAAS Mobile server farm
• Traffic load is automatically balanced across the servers in a server farm
– Initial access is random
– On subsequent access, client attempts to connect to previous server. If unable, tries another server in the same farm
To provide high availability in the event of a data center outage
• Cisco WAAS Mobile server farms may be located at backup data centers
• When clients are unable to connect to the primary server farm, they will automatically attempt to connect to backup server farms
![Page 104: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/104.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 104104104
Enterprise Deployment Considerations Manageability
Software installation• Client profiles are packaged as executable .msi files
Software upgrades• Automatic upgrade and downgrade
Configuration updates• Automatic updates
Policy‐based management• Separate configuration profiles for different user groups
• Optional Active Directory group policies
Central monitoring console• Graphical displays of acceleration and traffic breakdown
![Page 105: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/105.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 105105105
Enterprise Deployment ConsiderationsArchitecture Scalability
Highly scalable storage system
• Each file or data sequence is only stored once
• Single instance of a file or data sequence is shared with all users
Highly efficient memory utilization
• Uses only 2 MB of server RAM for each simultaneous active download
• 1000:1 disk to RAM ratio for search index supports deep histories
Scalable CPU utilization
• Multi‐threaded architecture makes efficient use of multi‐core CPUs
Optimized disk utilization
• Employs a dynamic disk seek algorithm that optimizes throughput under high load by dynamically trading off acceleration gain vs disk activity to mitigate thrashing
![Page 106: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/106.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 106106106
Cisco WAAS Mobile Server Configurations
Cisco WAAS Mobile is deployable on bare metal server or as virtual machine
For 5-10 user evaluations:
See Appendix A of the Cisco WAAS Mobile Administration Guide for production server sizing and operating system guidelines
Minimum Configuration
CPU 1.8 GHz dual core
System Memory (RAM) 2 GB
Disk Space Available for Delta Cache
5 GB
Operating System Windows Server 2003, 2003 R2, 2008, or 2008 R2
![Page 107: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/107.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 107107107
Cisco WAAS Mobile and UCSIndustry’s Most Scalable Mobile Acceleration
10,000 Concurrent Cisco WAAS Mobile Clients
Concurrent licensing supports 30,000 –40,000 end users
Unparalleled Throughput
600 Mbps LAN-side 200 Mbps WAN-side
100,000 TCP connections
Flexible Multi-Service Platform
Co-host Cisco WAAS Mobile with other applications
Cisco WAAS MobileVirtual Appliance
Evolve from hundreds to thousands of concurrent users
Cisco WAAS MobileClients
Cisco WAAS MobileServer
Cisco UCS C-200M1
![Page 108: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/108.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 108
Cisco WAAS Mobile Client Configurations
Supported Recommended Minimum
CPU 750 MHz 1.5 GHz
System Memory (RAM) 512 MB 1 GB
Disk Space Available for Cache
80 MB 1 GB
Operating System Windows XP, prior to SP2
Windows XP SP2, Vista, or Windows 7
![Page 109: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/109.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 109
Review
WAAS Overview
WAE Installation
WAAS Central Manager Configuration
WAE DeploymentInline
Web Cache Control Protocol (WCCP)
WAAS Application Optimizer (AO) Deployments
WAAS Virtual Blade Deployments
WAAS Sizing Guidelines
WAAS Mobile Overview and Deployment
![Page 110: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/110.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 110
Recommended Reading
Continue your Cisco Live learning experience with further reading from Cisco Press
Check the Recommended Reading flyer for suggested books
Available onsite at the Cisco Company Store
![Page 111: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/111.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 111
Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily.
Receive 20 Cisco Preferred Access points for each session evaluation you complete.
Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live and Networkers Virtual account for access to all session materials, communities, and on-demand and live activities throughout the year. Activate your account at any internet station or visit www.ciscolivevirtual.com.
![Page 112: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/112.jpg)
![Page 113: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/113.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 113
Backup Slides
![Page 114: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/114.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 114
Storage > Disk Error Handling
Network > DNS
SNMP
Date/Time > NTP Server | Time Zone
Security > Login Access Control > SSH | MoD | Exec-Timeout
Authentication
Common criteria
System Log Settings
Application Policies (no video)
Central ManagerCommon AllDevicesGroup Configuration
![Page 115: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/115.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 115
Central ManagerAllDevicesGroup Hidden Features
Troubleshoot (device specific)
Interception (device specific)
TCP Buffer Settings
Legacy File and Print Services
Disk Encryption (edge only)
Network—Port Channel, Directed Mode, IP Routers (device specific)
Transaction logs (edge only)
![Page 116: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/116.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 116
Central ManagerAllEdgesGroup Configured & Hidden Features
![Page 117: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/117.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 117
Central ManagerAllCoresGroup Configured & Hidden Features
![Page 118: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/118.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 118
WCCPRegistration and Clustering
Engine (WCCP Client) Router (WCCP Server)
Register Registers service groups (61/62)
“Here I Am” - 10 sec interval
Accepts registration
“I See You” with 3X hold down
Cluster Lead elected by lowest IP
Lead creates distribution assignment and instructs all routers
Router reflects state of all engines
All routers identically redirect based on lead engine instruction
A B
e1 e2
r1
r2
![Page 119: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/119.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 119
WCCPWAAS Redirect, Return, and Egress Configuration
WCCP GRE Redirect WCCP L2 Redirect
IP Forward Return / Egress
7200,ISR,ASR,6500
wccp tcp-promiscuous router-list 1
7200,ISR,ASR,6500,3750,3560,4500
wccp tcp-promiscuous router-list 1 l2-redirect mask-assign
wccp tcp-promiscuous mask src-ip-mask < 0xF | 0xF00 | 0xF0000 >
WCCP GRE Return / Egress
7200,ISR,ASR
egress-method negotiated-return intercept-method wccp
wccp tcp-promiscuous router-list 1
Not supported
WCCP L2 Return
Not supported Not supported
Native GRE Return / Egress
egress-method generic-gre intercept-method WCCP
7200,ISR
wccp tcp-promiscuous router-list 1
6500,ASR
wccp tcp-promiscuous router-list 1 mask-assign
wccp tcp-promiscuous mask src-ip-mask < 0xF | 0xF00 | 0xF0000 >
Not supported (minor alarm)
“wccp router-list ”and
“wccp version 2” not shown
![Page 120: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/120.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 120
WCCPRedundant L2 Branch
Registration – r1/r2 interface IP
Assignment – Hash
Redirect - WCCP GRE
Return/Egress - IP forward or GRE return
NetworkPassive interface routing on all host subnets
Route on WAE subnet (no passive interface)mHSRP routing e1 to rtr1 and e2 to r2 to create outbound WAN load balancing
Registration – r1/r2 interface IP
Assignment – Hash
Redirect – WCCP GRE
Return/Egress - GRE return
NetworkPassive interface routing on host and engine subnets if no inter-router link
Route on inter-router subnet (no passive interface)Preserves Gateway Load Balancing Protocol (GLBP) outbound
r1
r2
sw1
sw2
h1
h2
h3
h4
e1 e2 WAN
r1
r2
sw1
sw2
62
61
62
61
WAN
h1
e1
e2
h2
62
61
62
61
![Page 121: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/121.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 121
WCCPRedundant L3 Switch Branch
Registration – sw1/sw2 interface IP
Assignment – Mask
Redirect - WCCP L2 redirect
Return/Egress – IP forwarding
NetworkPassive interface routing on all host subnets
Route on WAE subnet (no passive interface)
Preserves upstream WAN load balancing using CEF equal cost paths
Commonly Cisco Catalyst 3560, 3750, 4500, or 6500
r1
r2
sw1h1
h2
e1 e2
sw1
sw2SiSiSiSiSiSi
SiSiSiSiSiSi
WAN
6261
6261
![Page 122: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/122.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 122
Software router (7200/ISR)Registration – r1/r2 loopback IP
Assignment – Hash
Redirect - WCCP GRE
Return/Egress - WCCP GRE
Hardware router (6500/ASR)Registration – r1/r2 loopback IP
Assignment – Mask
Redirect - WCCP GRE Redirect
Return/Egress - generic GRE (6500) or WCCP GRE (ASR)
ServerFarm 2
ServerFarm 1
Dual Data Center Asymmetric RoutingWAN Edge WCCP with GRE Path Affinity
r3
WAN#1
WAN#2
r4
r5 r6
r7
r8
r9
r10
SiSiSiSiSiSi
SiSiSiSiSiSi SiSiSiSiSiSi
SiSiSiSiSiSi
r1 r2
61 61
62 62
61 61
WCCP Registration
e1
e2
e3
e462 62
![Page 123: BRKAPP-2005](https://reader037.vdocuments.site/reader037/viewer/2022103120/55cf9aa5550346d033a2b906/html5/thumbnails/123.jpg)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 123
Inter-switch routed (N:N HA)Register – r7/r8/r9/r10 Loopback IPAssignment – MaskRedirect - WCCP GRE RedirectReturn/Egress - generic GRE (6500) or IP forwardNetwork – WAE Etherchannel
Inter-switch VLAN (N+1 HA)Register – r7/r8/r9/r10 interface IPAssignment – MaskRedirect - WCCP L2 RedirectReturn/Egress – IP forwardNetwork – WAE Standby Interface
ServerFarm 2
ServerFarm 1
Dual Data Center Asymmetric RoutingServer Farm WCCP
r3
WAN#1
WAN#2
r4
r5 r6
r7
r8
r9
r10
SiSiSiSiSiSi
SiSiSiSiSiSi SiSiSiSiSiSi
SiSiSiSiSiSi
r1 r2
62 62
61 61
WCCP Registration
e1
e2
e3
e4
61
61
61
6162
62 62
62