BRKAPP-2005

BRKAPP-2005
Deploying Wide Area Application Services

2010 Cisco and/or its affiliates. All rights reserved. Cisco Public Presentation_ID
2
Agenda
WAAS Overview
WAE Installation
WAE Deployment
WAAS Central Manager Configuration
WAAS Application Optimizer (AO) Deployments
CIFS Software Distribution
HTTPS Webex Web Conferencing
WAAS Virtual Blade Deployments
WAAS Sizing Guidelines
WAAS Mobile Overview and Deployment
3
WAAS Overview
4
Wide Area Application Engine
Object
Storage
Wide Area Application Services (WAAS) Version 4.2
IOS Platform with Services and CLI
Cisco Linux Kernel
Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery
Flash
IOS Shell
Linux
Application
Storage
Virtual Blades
Kernel Virtual Machine
Configuration
Management
System
(CMS)
CIFS
AO
TCP Proxy with Scheduler Optimizer (SO)
DRE, LZ, TFO
EPM
AO
MAPI
AO
HTTP
AO
SSL
AO
RTSP
AO
Windows
On
WAAS
(WOW)
ACNS*
On
WAAS
ACNS
VB
Virtual
Blade
# 3
NFS
AO
DRE
Storage
Virtual Blade
Storage
Ethernet
Network
I/O
*Application and Content Networking Software 5.5.13
5
List Price w Enterprise License
Location & Size*
Data
Center &
Campus
Branch
up to 400
users*
Branch:
Up to 150
users*
Branch:
Up to 50
users*
Branch:
Up to 20
users*
Branch Office
& Mobile User Platforms
Data Center & Campus Platforms
SRE-700
SRE-900
WAVE-274
WAVE-474
WAVE-574
WAE-674
WAE-7341
WAE-7371
Mobile
User
(Branch
of 1)
WAAS
Mobile
Indicative sizing only. Please refer to WAAS sizing guidelines to size specific to customer
requirements.
$135K
$59K $22K $12.5K $10K $6.5K
WAN Op + Video
Platform
WAN Op + Video + WAAS
Virtual Blade Platform
New
New
WAAS Product Line Overview
6
Application
Optimizer
(AO)
TFO
Network
Data Link
Physical
WAAS Overview
Session and Transport Layer Optimization
Host A
Application
Presentation
Session
Transport
Network
Data Link
Physical
WAE 2
Application
Optimizer
(AO)
TFO
Network
Data Link
Physical
WAE 1
Host B
Application
Presentation
Session
Transport
Network
Data Link
Physical
Origin Optimized Origin
WAN
BRKAPP-2005
14633_05_2008_c1
7
WAAS Overview
DRE and LZ Manage Bandwidth Utilization
Data Redundancy Elimination (DRE) provides
advanced compression to eliminate redundancy
from network flows regardless of application
LZ compression provides generic compression
for all traffic
FILE.DOC
DRE CACHE DRE CACHE
FILE.DOC
WAN
LZ LZ
Origin Connection Origin Connection
Optimized
Connection
Encode Decode
Window Scaling
Large Initial Windows
Congestion Mgmt
Improved Retransmit
Packet Aggregation
8
WAAS Overview
Application Optimizations
Read Ahead
Asynchronous Write
Local Acknowledgement
Data Redundancy Elimination
(DRE)
DRE Hinting
LZ Compression
TCP Flow Optimization
Object Caching
Object Prepositioning
Object Meta Data Caching
Encryption/Decryption
Video Stream Splitting
Outlook Address Book (OAB)
UUID Dynamic Classification
9
WAAS Application Optimizer (AO)
Feature Summary
AO Read
Ahead
Async
Write
Local
Ack
DRE
/
Hint
L
Z
TFO Object
Cache
Object
Pre-
Position
Meta
Data
Cache
Other Lic
Reqd
CIFS Y Y Y Y/Y Y Y Y Y Y - Ent
NFS Y Y Y Y/Y Y Y N N Y - Ent
HTTP N N Y Y/Y Y Y N N Y
Conn
Reuse
Ent
MAPI Y Y Y Y/Y Y Y N N N
OAB
Object
Ent
PRT N Y Y Y/Y Y Y N N Y - Ent
RTSP N N Y N/N N Y N N N Split Video
EPM N N N N/N N Y N N N
Classify
Ent
SSL N N N Y/N Y Y N N N
Encrypt/
Decrypt
Ent
10
WAAS Overview
Auto-DiscoveryTwo WAEs
Expanded for AOs
TCP option 0x21 provides in-band
signaling
WAE B closest to host (A) and WAE
(C) closest to host (B)
Connection optimized between WAE
(B) and (C)
WAEs shift optimized TCP SEQ
number 2 billion
If a WAE that was optimizing
connections fails:
Receiving host will see segments
with SEQ/ACK numbers that are
out of range
Host will reset (RST) connection
WAAS will propagate the RST
Host application will re-establish a
new TCP connection
A B C D
A:D SYN
A:D SYN(OPT) A:D SYN(OPT)
D:A SYN/ACK
D:A SYN/ACK(OPT)
D:A SYN/ACK
Optimized
Connection
11
WAAS Overview
Auto-DiscoveryThree or More WAEs
WAE (B) closest to host (A)
WAE (D) closest to host (E)
Intermediate WAE (C) sees TCP option mark in
both directions and goes into Pass Through (PT)
WAE supports 10X optimized limit for Pass Through
A:E SYN
A:E SYN(OPT)
A:E SYN(OPT)
A:E SYN(OPT)
E:A SYN/ACK
E:A SYN/ACK(OPT)
E:A SYN/ACK(OPT)
E:A SYN/ACK
A:E ACK
A:E ACK(OPT)
A:E ACK(OPT)
A:E ACK
Optimized
Connection
A B C D E
12
WAAS Overview
Auto-DiscoveryOne WAE
WAE (B) is closest to host (A) and host (C)
No TCP option mark is seen in either direction
WAE B goes into Pass Through (PT)
WAE supports 10X optimized limit for Pass Through
A:C TCP SYN
A:C SYN(OPT)
C:A SYN ACK
C:A SYN ACK
C A B
13
WAE Installation
14
WAAS Installation
Setup Script
Prompted on boot of
factory default box to run
setup script or execute setup
Script prompts for
configuration to
communicate, network
integrate, manage, and
license the WAE
Ideal for pilots and small
deployments
Recommend script to setup
Central Manager
Device Mode Central-Manager
Recommend configuration
template to stage accelerators
for large deployments
device mode application-accelerator
central-manager address 10.1.1.31
primary-interface GigabitEthernet 1/0
cms enable
wccp version 2
wccp router-list 1 10.1.4.254
wccp tcp-promiscuous router-list 1
interface GigabitEthernet 1/0
ip address 10.1.4.100 255.255.255.0
autosense
exit
ip default-gateway 10.1.4.254
ip name-server 167.206.245.130
ip domain-name allcisco.com
hostname br1-wae1
ntp server 10.1.1.254
clock timezone US/Eastern -5 0
license add ...
15
Integrated WAAS/ISR Configuration
with Setup Wizard
Single-screen configuration for WAAS and ISR IOS
WCCP auto-configuration
Proactive diagnostic
NEW in WAAS 4.2
16
Installation
Device Mode Replication Accelerator
Requires WAAS 4.0.19 or Later 4.0.X
Accelerator optimized for a small
number of high-throughput TCP
connections
EMC SRDF/A and NetApp
SnapMirror
Available on the WAE-7341 and
WAE-7371 platforms
Only negotiates optimized
connections with other WAEs in the
same mode
device mode replication-accelerator
hostname dc1-wae1
ip address 10.1.1.31 255.255.255.0
exit
ip name-server 10.1.1.21
central-manager address cm.allcisco.com
cms enable
17
wae(config)# interface PortChannel 1
wae(config-if)#no shut
wae(config-if)#ip address 10.1.1.31 255.255.255.0
wae(config)# interface gigabitEthernet 1/0
wae(config-if)#no shutdown
wae(config-if)#channel-group 1
wae(config-if)#exit
wae(config)#interface gigabitEthernet 2/0
wae(config-if)#no shut
wae(config-if)#channel-group 1
Installation
WAE Interface Channeling
Interfaces can be bundled into a PortChannel for load-
balancing and high availability across switch modules
Requires identical interface configuration on both
physical interfaces
IP addresses are defined on the PortChannel interface
18
Installation
Standby Network Interface Card (NIC)
Must be layer 2
path between
two NICs
MAC only on in use
interface
Primary preempts
No primary floats
Gratuitous ARPs on
failover
Virtual Blade not
supported
G 1/0 G 2/0
wae(config)#interface Standby 1
wae(config-if)#ip address 10.1.2.100 255.255.255.0
wae(config-if)#exit
wae(config)#interface GigabitEthernet 1/0
wae(config-if)#standby 1 primary
wae(config-if)#exit
wae(config)#interface GigabitEthernet 2/0
wae(config-if)#standby 1
wae(config-if)#exit
WAE(config)#primary-interface standby 1
wae#show interface standby 1
Interface Standby 1 (2 physical interface(s)):
GigabitEthernet 1/0 (active)
GigabitEthernet 2/0 (active) (primary) (in use)
19
20
Central Management System (CMS)
Overview
CMS process runs on all WAEs
Provides bidirectional configuration
synchronization between CM and
accelerators
Communicates over HTTPS using self
signed device specific certificates and
keys
Central Manager collects health and
monitoring data to every five minutes
by default
CMS provides means to backup and
restore configuration
Provides means to replace a failed
device with a
new device
Use show cms info to get
CMS status
Configuration
Groups
Ability to hide/filter pages
Roles based access control
Report
System
Device/Location
Flow
Session
Monitor
Alarm
Emergency and critical syslog
21
Central Manager
Login
1. https://cm-ip:8443/
2. Accept certificate
3. Username: admin
4. Password: default
5. Initialize and/or open secure store
22
Central Manager
Group Configuration Best Practices
AllDevicesGroup
Network > DNS
SNMP
Date/Time > NTP Server | Time Zone
Login Access Control > SSH | MoD | Exec Timeout
Authentication
Common criteria
System Log Settings
Storage > Disk Error Handling
CoreDevicesGroup
SSL Acceleration
EdgeDevicesGroup
Transaction logs
Prepositioning
Disk encryption
Flow Agent
23
Central Manager
Group/Device Configuration Strategy
Use groups to the greatest extent possible
A device can belong to multiple device groups
Device configuration is more specific than group
configuration
Multiple group configuration conflict is resolved by most
recent configuration
Hide configuration pages that should not be used in a group
Create and enforce device group naming policy
All lower case with dashes for spaces
all-device-group
timezone-us-eastern
No spaces with capital for start of word
AllDeviceGroup
TimezoneUSEastern
24
Central Manager
Adding a New Core Device
1. Install WAE
2. Configure hostname, IP, primary
interface, CM IP, and CMS
enable
3. Assign device to AllCoresGroup
(WAE is auto-activated and auto-
assigned to the AllDevicesGroup)
4. Configure WCCP
hostname dc1-wae2
ip address 192.168.200.202 255.255.255.0
exit
central-manager address 192.168.200.204
cms enable
license add Enterprise
25
Central Manager
WAAS Monitoring
Dashboard Aggregate Statistics
Device flow monitoring
Device CPU and Disk
Acceleration (HTTP, CIFS, NFS, MAPI, Video, SSL)
System-wide, Device Specific and Grouped by Location
26
Central Manager
3
rd
Party WAAS Monitoring
Router Netflow to NAM, NetQos, Fluke or other
3rd party for reporting of all network traffic
WAAS flow logs to Sawmill for WAAS historical
optimized flow level reporting
WAAS flow agent to Cisco Network Analysis
Module (NAM) and NetQoS for application latency
NetQoS or Fluke for WAAS CM API reporting
WAN
Data Center
End-user Site with Optimization
FlowAgent Data Feed
Netflow
NetQoS Sawmill
FTP Export
NAM Fluke
WAAS CM API
WAE
WAE
WAE-CM
27
Central Manager
Roles and Domains
1. Admin > AAA > Domains - Create
domains based on groups
2. Admin > AAA > Role - Create role
based on users allowed actions
hiding unspecified configuration
screens
3. Admin > AAA > User - Create user
and associate roles and domains
2
1
28
Central Manager
Assigning Roles and Domains to Users
3
29
WAE Inline Deployment
30
Inline
Non-Redundant Branch Deployment
Router
Crossover cable from router to
engine
Ensure the router bandwidth and
duplex match the switch
Switch
Straight through cable from engine
to switch
Ensure the switch bandwidth and
duplex match the router
Implement switch port fast for faster
failover recovery
Engine
One InLine NIC per WAE appliance
(cannot be used with WCCP)
Installed in-path between switch
and router or firewall
Use single pair of inline ports (1/0 or
1/1) removing RJ 45 port covers
Ports fail-to-wire upon hardware,
software, or power failure
Support for interception 802.1q
trunks
Use GigabitEthernet 1/0 primary
interface
s1
e1 r1
1/0/LAN 1/0/WAN
1/0/WAN
1/0/LAN
1/1/WAN
1/1/LAN
WAN
g 1/0
31
Interception with Serial Inline Cluster
Dual inline cards supported in WAAS 4.2.1
Supports up to 4 inline groups
Supported on WAE-674, WAE-7341, WAE-7371
Interception Access list allows bypass of non-relevant traffic
Easy approach implementing
Large Branch and Small/Medium Data Centers
HA is provided by 2
nd
WAE
Simplifies PoCs
32
Serial Inline Cluster Topologies - Branch
WAN
WAN
WAN
WAN
WAE-DC1
WAN
WAE-DC2
WAN
33
Serial Inline Cluster Topologies - DC
WAE-DC1
WAN
WAE-DC2
WAN
WAN
WAN
WAN
WAN
34
Branch
Core
Serial Inline Cluster Branch Failure or
No WAE
WAE-BR
WAE-DC2 WAE-DC1
SYN
SYN+A
CK
PT Non-optimizing Peer
SYN+OP
T
1
2
3
4 5
SYN+A
CK
PT No Peer
6
SYN+A
CK
SYN+A
CK
Disable Peer Optimization prevents DC
WAEs to become peer with each other
WAN
WAE-DC2 is a non-
optimizing peer !
DC WAEs
form peers
with each
other
35
Configuring Non-Optimizing Peers
36
Verify Peer Settings
Green check mark
indicates correct
configuration
37
wae(config)#interface InlineGroup 1/0 ?
autosense Interface autosense
bandwidth Interface bandwidth
encapsulation Set encapsulation type for an interface
exit Exit from this submode
failover Modify failover parameters
full-duplex Interface fullduplex
half-duplex Interface halfduplex
inline VLAN's to intercept
ip Interface Internet Protocol Config commands
no Negate a command or set its defaults
shutdown Put the inline interface in passthrough mode
wae#show interface inlinegroup 1/0
Interface is in intercept operating mode.
Standard NIC mode is off.
Disable bypass mode is off.
VLAN IDs configured for inline interception: All
Watchdog timer is enabled.
Timer frequency: 1600 ms.
Autoreset frequency 500 ms.
The watchdog timer will expire in 1195 ms.
Inline
Configuration
Ensure Consistent
Bandwidth and Duplex
Settings on Router and
Switch Side Interfaces
Pass Through All
Traffic
(Fail to Wire)
Optionally Assign
IP Address
38
Br1-wae1#show interface inlineport 1/0/LAN
Device name : eth5. Bypass slave
interface.
Packets Received : 968932
Packets Intercepted: 781189
Packets Bridged : 187743
Packets Forwarded : 785048
Packets Dropped : 0
Packets Received on native : 0
Active flows for this interface :0
Ethernet Driver Status
-------------------------
Type:Ethernet
Ethernet address:00:E0:ED:04:BA:23
Maximum Transfer Unit Size:1500
Metric:1
Packets Received: 968932
Input Errors: 0
Input Packets Dropped: 0
Input Packets Overruns: 0
Input Packets Frames: 0
Packet Sent: 1254163
Output Errors: 0
Output Packets Dropped: 0
Output Packets Overruns: 0
Output Packets Carrier: 0
Output Queue Length:100
Collisions: 0
Base address:0x30c0
Flags:UP BROADCAST RUNNING MULTICAST
Mode: autoselect, full-duplex, 100baseTX
Inline
Status
Received Is Total Packets
Intercepted Is All TCP Packets
Bridged Are Non-TCP Packets
Forwarded Are Sent from Inline Interface
UP indicates administratively up
Running indicates link up
Recommend auto-negotiation
39
Serial Inline Cluster Best Practices
Deploy the same platform for both devices in cluster
Disable optimization between serial cluster devices
Apply the same policy/interception ACL on both devices
Configure interception ACL for both direction
Use CM to configure and manage serial inline cluster
Automatic peer configuration
Verify peer optimization settings are mutually configured
Location based reporting
Second WAE in serial inline cluster is for HA, not supported
for scaling/load balancing
40
WAE WCCP Deployment
41
WCCP Deployment - BRKAPP-2021
Deploying and Troubleshooting Web Cache
Communication Protocol (WCCP) for WAN
Acceleration, Security and Content Delivery
Highly recommend attending for in-depth
information on deploying WCCP for redirection in
the branch and DC
42
WCCP
Assignment, Redirect, and Return
Assignment (engine selection)
Hash - Byte level XOR computation divided into 256 buckets (default)
Mask - Bit level AND divided up to 128 buckets (7 bits)
Router WCCP Redirect (router to WAE)
GRE - Entire packet GRE tunneled to the engine (default)
Layer 2 - Frame MAC address rewritten to engine MAC
WAE WCCP Return (WAE to router)
WCCP GRE - Packet statefully returned router (as of 4.0.13)
WCCP Layer 2 - Frame statefully rewritten to router MAC (Not yet supported in WAAS)
WAE Egress Method
IP Forward - Engine ARPs for default gateway (default)
WCCP negotiated - WCCP GRE or WCCP L2 return (not yet supported in WAAS)
Generic GRE - Statefully return in hardware to Catalyst 6500 Sup720/32 (as of WAAS 4.1)
A
B
A B
C
Src Balance 61 62 Dst Balance
e1 e2
r1
r2
43
WCCP
Central Manager Configuration
wccp tcp-promiscuous router-list-num 1
wccp version 2
egress-method negotiated-return intercept-method wccp
44
WCCP
Common and Specific Configuration
WAE common configuration
wae(config)#wccp router-list N <ip-address-list>
wae(config)#wccp version 2
Router common configuration
rtr(config)#ip wccp 61 <redirect-list acl-name>
rtr(config)#ip wccp 62 <redirect-list acl-name>
Specific configuration depends on
Router In or Out
Switch In only
Topology
WCCP configurations vary for
Assignment (WAAS default is hash)
Redirect (WAAS default is WCCP GRE)
Return (WAAS default is IP forward)
45
Planning and Design
Platform Recommendations
Function Nexus 7000 Software
ISR & 7200
ASR 1000 Cat 6500
Sup720/32
7600
Cat 6500
Sup2 Cat 4500 Cat 3750
Assign Mask Only Hash or
Mask
Mask Only Mask Mask Mask only Mask only
Redirect L2 GRE or L2 GRE or L2 GRE or L2 L2 or GRE / L2 L2 only L2 only
Redirect List L3/L4 ACL Extended
ACL
Extended
ACL
Extended ACL Extended ACL No
Redirect
List
Support
Extended
ACL (no
deny)
Direction In or Out In or Out In only In In In only In only
Return L2 only GRE or L2 GRE or L2 L2 L2 L2 only L2 only
VRFs Supported Supported Planned Planned NA NA NA
IOS 4.2(1) 12.1(14);
12.2(26);
12.3(13);
12.4(10);
12.1(3)T;
12.2(14)T;
12.3(14)T5;
12.4(15)T8;1
5.0(1)M
2.4(2) 6500
12.2(18)SXF14
12.2(33)SXH4
12.2(33)SXI2a
7600
12.2(18)SXD1
12.1(27)E;
12.2(18)SXF14
12.2(50)SG
1
12.2(46)SE
46
ip access-list extended waas
remark WAAS WCCP Redirect List
deny tcp any any eq telnet
deny tcp any any eq 22
deny tcp any any eq bgp
deny tcp any any eq tacacs
deny tcp any eq telnet any
deny tcp any eq 22 any
deny tcp any eq bgp any
deny tcp any eq tacacs any
! Below optional per branch in pilot
permit tcp any <<branch subnet>>
permit tcp <<branch subnet>> any
deny tcp any any
WCCP
Redirect List
Permit all applications but
deny specific
Avoid redirection of
management traffic with a
universal ACL
Apply bidirectional ACL to
service groups 61 and 62
Create the redirect ACL before
enabling WCCP service groups
61 and 62
Do not enable logging on
WCCP redirect ACL
Permit specific applications
only
47
Router Configuration
interface loopback0
ip address 192.168.254.2 255.255.255.0
! ------ If WAE L2 Adjacent
interface GigabitEthernet0/0
Description WAE Subnet
ip address 192.168.201.254 255.255.255.0
! ------ Point to Multipoint
interface Tunnel1
ip address 192.168.250.254 255.255.255.0
no ip redirects
tunnel source Loopback0
tunnel mode gre multipoint
! ------ Point to Point
interface Tunnel1
ip unnumbered Loopback0
no ip redirects
tunnel source Loopback0
tunnel destination 192.168.201.201
WAE Configuration
! ------ WAE Configuration (Not L2 Adjacent)
wccp tcp promiscuous router-list 1 mask-
assign
wccp tcp-promiscuous mask src-ip-mask 0xF00
wccp version 2
! ------ WAE Configuration (L2 Adjacent)
wccp tcp promiscuous router-list 1 mask-
assign
wccp tcp-promiscuous mask src-ip-mask 0xF00
wccp version 2
ip address 192.168.201.201 255.255.255.0
exit
WCCP
Catalyst 6500 Local Path Affinity with Generic GRE Return
Point to Multipoint GRE
Use local interface VLAN IP tunnel source for
local WAE
Use loopback interface IP tunnel source for
non-local WAE
Point to Point GRE
Need unique IP address per peer for
hardware acceleration on 6500
48
wae#show egress methods
Intercept method : WCCP
TCP Promiscuous 61 :
WCCP negotiated return method : WCCP GRE
Egress Method Egress Method
Destination Configured Used
----------- ---------------------- -------------
any Generic GRE Generic GRE
TCP Promiscuous 62 :
WCCP negotiated return method : WCCP GRE
----------- ---------------------- -------------
any Generic GRE Generic GRE
Intercept method : Generic L2
----------- ---------------------- -------------
any not configurable IP Forwarding
dc1-wae1#show statistics generic-gre
Tunnel Destination: 192.168.254.2
Tunnel Peer Status: Up
Tunnel Reference Count: 24
Packets dropped due to failed encapsulation: 0
Packets dropped due to no route found: 0
Packets sent: 10422
Packets sent to tunnel interface that is down: 0
Packets fragmented: 0
WCCP
WAAS Egress Methods
Destination is Same
as Tunnel Source
Number of WAEs
Plus Number of
Connections
49
dc1-rtr1#show ip wccp
Global WCCP information:
Router information:
Router Identifier: 10.1.3.254
Protocol Version: 2.0
Service Identifier: 61
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 1954820
Process: 474
Fast: 0
CEF: 1954346
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 24
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 4
Service Identifier: 62
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 581196
Process: 107
Fast: 0
CEF: 581089
Redirect access-list: -none-
Total Packets Denied Redirect: 0
Total Packets Unassigned: 17
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 5
dc1-wae1#show wccp routers
Router Information for Service: TCP Promiscuous 61
Routers Configured and Seeing this Engine(1)
Router Id Sent To Recv ID
10.1.3.254 10.1.2.254 0001CD80
Routers not Seeing this File Engine
-NONE-
Routers Notified of but not Configured
-NONE-
Multicast Addresses Configured
-NONE-
Router Information for Service: TCP Promiscuous 62
Routers Configured and Seeing this Engine(1)
Router Id Sent To Recv ID
10.1.3.254 10.1.2.254 0001CD7C
Routers not Seeing this File Engine
-NONE-
Routers Notified of but not Configured
-NONE-
Multicast Addresses Configured
-NONE-
dc1-wae1#show wccp gre
Transparent GRE packets received: 105587
Transparent non-GRE packets received: 0
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted: 100152
Packets sent back to router: 0
GRE packets sent to router (not bypass): 52222
Packets sent to another WAE: 0
Packets received with client IP addresses: 100152
WCCP
Verify WCCP Operation on Router and WAE
50
WCCP
Branch with Software or Hardware Router
Router
ip wccp 61
ip wccp 62
interface s0
ip wccp 61 redirect out
ip wccp 62 redirect in
interface g1
WAE
wccp tcp-promiscuous router-list-num 1
wccp version 2
egress-method negotiated-return intercept-
method wccp
IP
Network
h1
h2
e1
A/24
B/24
62
g0 s0
h3 s1
61
g1
IP
Network
h1
h2
e1 A/24
B/24
61
6
1
g0 s0
Router
ip wccp 61 redirect-list local-subnets
ip wccp 62
ip extended access-list local-subnets
deny tcp any A/24
deny tcp any B/24
permit tcp any any
interface g0
interface s0
WAE
wccp tcp promiscuous router-list 1 l2-
redirect mask-assign
wccp tcp-promiscuous mask src-ip-mask 0xF
wccp version 2
h3 s1
g1
62
Si Si Si Si Si Si
51
r1
r2
WCCP
GRE Return Network Path Affinity
Redirect WCCP GRE
Catalyst 6500 Sup720 and ASR process in hardware
7200/ISR in software
Egress/Return
WCCP GRE
ASR in hardware
7200/ISR in software
Generic GRE
Catalyst 6500/PFC3
Data Center Connection Branch Connection Optimized WAN Connection
A
B
A B A B
C
D
Src Balance 61 Src Balance 61 62 Dst Balance 62 Dst Balance
r3
r4
52
Multiple WANs Symmetric Routing
Shared WAEs on WAN Distribution/Core
WAE with Interface Standby (N+1 Redundancy)
Registration r1/r2 interface IP
Assignment Mask
Redirect/Egress WCCP GRE
Return/Egress - IP Forwarding, generic GRE (6500), or
WCCP GRE (ASR)
Network
Engines on shared subnet between r1 and r2
Interface VLAN inter-core link with no WCCP
WAE with Etherchannel (N:N Redundancy)
Registration Loopback IP
Assignment Mask
Redirect WCCP GRE
Return/Egress - IP forward or generic GRE
Network
Engines on dedicated subnets (no interface
standby)
Routed interface link (r1-r2) with no WCCP
r1 r2
WAN
e2 e3 e4 e1
WCCP Registration
Si Si Si Si Si Si Si Si Si Si Si Si
r1 r2
WAN
e1
e2
e3
e4
61 61
62 62
61 61
62 62
53
Multiple WANs Symmetric Routing
Shared WAEs on WAN Edge
Local WAE Redirect and Return
Software router (7200/ISR)
Assignment Hash
Redirect - WCCP GRE
Return/Egress WCCP GRE or IP forward
Hardware router (6500/PFC3 or ASR)
Assignment Mask
Redirect WCCP GRE
Return/Egress generic GRE (6500), WCCP GRE
(ASR), or IP forward return
Network
Enable routing on engine subnet (no passive interface)
MHSRP to alternate WAE default gateway (e1 to r1 and
e2 to r2)
Optional standby interface for router high availability
Remote WAE GRE Redirect and Return
Registration Remote r1/r2 loopback IP
Assignment Hash (7200/ISR) or mask (6500/ASR)
Redirect - WCCP GRE
Return/Egress - WCCP GRE (ASR/7200/ISR) or Generic GRE
(6500)
Network

r1 r2
WAN
r1 r2
WAN
WCCP Registration
e1 e2
e1 e2
62 62
61 61
61 61
62 62
54
Dual Data Center
Asymmetric Routing Condition
Condition
Branch route summarization
Connections sent to DC-A when
application resides in DC-B
SYN and SYN/ACK not seen by same
WAE
Solutions
Advertise summary route for each data
center to eliminate asymmetric routing
WAE in server farm distribution with
WCCP or ACE
WAE cross registers with WAN edge or
distribution routers in both data centers
DC-A DC-B
0.0.0.0
Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si
55
Dual Data Center
Asymmetric Routing Solutions
WAE in server farm
distribution with WCCP or ACE
WAE cross registers with WAN
edge or distribution routers in
both data centers
Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si Si
61
61 61
62
62
62
62
62 62
61 61
61
62 62
56
Server
Farm 2
Server
Farm 1
Dual Data Center Asymmetric Routing
WAN Distribution Catalyst 6500 WCCP
Registration r3/r4/r5/r6 loopback
IP
Assignment - Mask
Redirect - WCCP GRE
Return/Egress - IP forwarding or
generic GRE
Network
Engines (e1, e2, e3, e4,...)
attached to WAN distribution
Interfaces from WAN
(r1 and r2) have WCCP 61 in
Interfaces from Server
Farms (r7,r8,r9,r10) have
WCCP 62 in
No WCCP on inter-switch
links between r3, r4, r5, and r6
e1 e2
r1
r3
r2
WAN
#1
WAN
#2
r4
r5 r6
r7
r8
r9
r10
e3 e4
Si Si Si Si Si Si
Si Si Si Si Si Si
WCCP Registration
62
61
62
62
61
62
62 62
61 61
57
WCCP
Choosing the Right Mask
Branch
DHCP allocated addressing
Balance hosts to multiple engines 0xF to 0x7F (or similar)
Balancing to a single engine (mask selection is irrelevant)
Retail Data Center
Site /24 allocation per site
Balance sites or engines with 0xF00 to 0x7F00 (or similar)
Enterprise Data Center
Regional/16 allocation
Balance regions with 0xF0000 to 0x7F0000 (or similar)
0xF = 0000:0000.0000:0000.0000:0000.0000:1111
0xF00 = 0000:0000.0000:0000.0000:1111.0000:0000
0xF0000 = 0000:0000.0000:1111.0000:0000.0000:0000
58
WCCP Direction
Use 61 from client
Use 62 from server
Branch
/24 subnet
10.0.X.0/24
DHCP
allocation
2 WAE per branch
0x3 WCCP mask
Data Center
4 WAEs in core cluster
0x700 WCCP mask
(0000:0111.0000:0000)
Each core peers with
only two branches
WCCP
Enterprise Mask Assignment Example
0.0/24
:0000
#1
00
01
#2
10
11
10.0.3.7 (:0111)
10.0.3.4 (:0100)
10.0.3.6 (:0110)
10.0.3.5 (:0101)
WAE #1
:0000
:0001
1.0/24
:0001
2.0/24
:0010
3.0/24
:0011
4.0/24
:0100
5.0/24
:0101
6.0/24
:0110
7.0/24
:0111
WAE #2
:0010
:0011
WAE #3
:0100
:0101
WAE #4
:0110
:0111
62
61
59
WCCP
Configuration Best Practices
Registration
Do NOT use a virtual gateway address (HSRP, VRRP, GLBP)
Use interface IP address if L2 adjacent to WCCP router
Use highest loopback address if not L2 adjacent to WCCP router
Do not configure large MTU (>1500 bytes) on WCCP client interfaces
Assignment
Use mask assignment for all hardware routers (6500, 7600, ASR)
Do NOT use the default mask
Use hash assignment software routers (7200, ISR)
Redirect
WCCP GRE redirect for 6500/PFC3, 7600, ASR, ISR, 7200
L2 redirect for Catalyst 6500, 4500, 3750, 3560
Redirect list should be basic extended ACL with no port ranges, DSCP matches, etc.
Return
IP forward return by default
WCCP GRE return on ISR/7200 (consider performance) and ASR
Generic GRE return on Catalyst 6500 and 7600 if asymmetric routed data center
For GRE return, implement static /32 route to WCCP router id or GRE loopback for
optimal return
60
WCCP
Operational Best Practices
Router initial configuration
Create WCCP redirect ACL
Configure global IP WCCP #redirect-list
Configure interfaces
Router configuration changes
Global service group configuration changes Unregister all
affected WCCP clients with no WCCP version 2, remove interface
config, remove/change global config, apply new global config,
apply new interface config, re-register WCCP clients
Interface configuration changes Leave WAE WCCP clients
registered
Redirect-list changes Leave WAE WCCP clients registered
WAE Moves, Adds and Changes
Add Configure egress-method, WCCP router-list, WCCP TCP-
promiscuous, WCCP version 2
Moves/Changes No WCCP version 2, follow add procedure
61
WAAS AO Deployments
62
WAAS AO Deployments
Licensing
Managed at a
device level
Transport includes
DRE/LZ/TFO
Enterprise includes NFS,
HTTP, SSL, WAFS/CIFS, MAPI,
Print, and DRE/TFO/LZ
Video requires enterprise
Virtual blade requires
enterprise
CLI commands
show license
license add <license-name>
clear license
clear license <license-name>
#show license
License Name Status Activation Date Activated By
-------------- ----------- --------------- --------------
Transport not active
Enterprise active 03/20/2008 admin
Video not active
Virtual-Blade not active
#license add Video
#show license
-------------- ----------- --------------- --------------
Enterprise active 03/20/2008 admin
Video active 04/01/2008 admin
Virtual-Blade not active
#clear license Enterprise
The License Management system policy validation failed.
Video license is configured to include Enterprise license.
Please, clear Video license first.
#clear license Video
#clear license Enterprise
#show license
-------------- ----------- --------------- --------------
Enterprise not active
Video not active
Virtual Blade not active
63
WAAS AO Deployments
Configuration
1. Go To AllDevicesGroup
2. Globally enable WAAS
Accelerators
3. Enable Blacklist if firewalls
upstream from core drop
SYN packets with options
else disable
64
WAAS CIFS Software Distribution
My WAN > Prepositioning
1. Create a read-only account on the
software distribution server (do not
use administrator)
2. Identify file server by name or IP
address
3. Identify core location to browse files
4. Configure read-only account in
WAAS
5. Identify portion of file cache to use for
prepositioning
6. Select minimum and maximum file
size as appropriate
7. Set job duration
8. Select Type
65
My WAN > Prepositioning > Content Settings
1. Chose the share and directory using browse
2. Implement any specific file name features
66
My WAN > Prepositioning > Assign Edge Groups
Assign AllEdgesGroup
67
My WAN > Prepositioning > Schedule
Chose Start Time considering the job duration
Set schedule which is commonly daily or weekly for
software distribution
68
My WAN > Prepositioning > Status
View Progress and completion until next job
If files dont change, then no need to re-run job
69
Single Screen HTTP AO Configuration
70
WAAS AO Deployment
Central Manager Secure Store for SSL
CMs secure store keeps all imported host
and accelerated SSL certificates and
private keys
Certificates and private keys are encrypted
with user pass-phrase:
When secure store is being initialized first time
(initialization)
After CM device reloads to open secure store
(opening)
CM secure store must be open to
synchronize configuration between SSL
capable CM and WAEs
Upon reboot, if CM detects the secure store
is initialized but not open a critical alarm
is raised
CLI commands are available:
cm#cms secure-store [init|open|change]
To initialize, open or change current pass-
phrase
cm#show cms secure-store
To show current status of CM secure store
71
WAAS AO Deployment
Key Management
Accelerated service
SSL services traffic to accelerate
Consists of two SSL sessions
Client to core
Core to server
Peering service
Send accelerated service session
keys from core to edge
Management service
Sync config to/from CM
and WAE
WAE secure store encryption
key from CM
Encryption key encrypts server
private keys on core WAE
CM admin service
Configure WAEs using CM
Upload certificates and private keys to CM
Server
Core WAE
WAN1 WAN1
Client
Edge WAE
Edge WAN
Router
Core WAN
Router
Common Name =
hr.analog.com
WAE to WAE
Peering Service
Central Manager
Admin Browser
CM to Edge WAE
Management Service
CM to Core WAE
Management Service
CM Administration
Admin Service
Client to Server
Accelerated Service
SSL Service TCP connection carrying SSL
traffic on a well known TCP Port (e.g. 443)
Client to Core SSL Session Core to Server SSL
Session
SSL Data
TCP Session
SSL Sessions
72
WAAS AO Deployment
Webex SSL Acceleration Example
BRANCH OFFICE
BRANCH OFFICE
BRANCH OFFICE
REGIONAL HUB
REGIONAL HUB
Servers
Servers
Servers
DB
Recording
Collaboration Bridge
Collaboration Bridge
Meeting Zone
Multi-Media Platform
Multi-Media Platform
Web Zone
Internet
Internet
WAN
ASR 1000
ASR 1000
WAN
Meeting Traffic,
VoIP, Video
CB
MMP
CB
MMP
SSL
SSL
ASR-1000
WebEx Nodes
(SPA Blades)
SSL
ASR-1000 WebEx Nodes
optimize Internet
Delivery
Only 1 stream per site
45-90% Bandwidth Savings
Eliminates WAN Upgrades
Offloads Firewall/Proxies
due to reduced traffic
Fully transparent solution
WAAS
WebEx SaaS Cloud
WAAS 4.2 optimizes
WebEx Delivery to the
Branch
DRE and LZ compression
Improved user response
Up to 80% Bandwidth
Reduction
Delay WAN Upgrades
Fully transparent solution
WAAS Optimizations can
also be delivered for other
SaaS traffic in the
enterprise
73
Three-Step HTTPS Optimization Configuration
1 of 3 Provide Server Addresses
74
2 of 3 Provide Certificate
75
3 of 3 Enable Accelerated Service
76
WAAS AO Deployments
Webex Acceleration
Networkers WAAS presentation delivered Via Webex
BRKAPP-2005 presentation bytes reduced 58% by WAAS HTTPS
77
WAAS RTSP AO Deployment
Edge Splitting
Enable Video Accelerator
Windows Media 9 or later
Operates on RTSPT only
Splitting occurs on the edge
Auto-discovery puts intermediate engines into
Pass Through
ACNS/CDS origin configured with wmt disallow-
client-protocols rtspu mmsu to force TCP use
Option to TCP optimize or drop unaccelerated streams
Support for Windows Media 9 logs
WAN
78
WAAS
Intermediate Firewall Support
Configured endpoint tunnel through firewall
Not support by WAAS
Permit tunnel through firewall
Renders firewall useless for stateful L3/L4
packet filtering
Does not scale administratively
Permit TCP options with automated UDP
4050 tunnel (WAAS Directed Mode)
Traffic optimized by WAAS using auto-discovery
but then tunneled between WAEs
Firewall rendered useless for L3, L4, or L5
packet filtering and stateful inspection
Permit TCP options and disable sequence
number checking on firewall
WAAS auto-discovery and transparency works
Firewall implements stateless L3/L4 packet
filters
Cisco firewall with WAAS awareness
Traffic transparently optimized by WAAS using
auto-discovery
Cisco firewall preserves L3/L4 stateful
inspection by permitting TCP options and
statefully tracking TCP sequence number shift
A B D
Optimized Connection
No Connection Layer Security
E C
79
WAAS Directed Mode (DM)
Non-Cisco Firewall Support
Obeys existing router and FW ACLs during
TCP handshake
Maintains TCP Transparency on LAN
Auto-Discovery as in transparent
WAAS mode (TCP options must pass)
No change in available optimizations
Integrated with WAAS and NetQoS
Monitoring
FW configuration to permit UDP:4050
Allows UDP State Inspection
With DM ON, WAE will not be
transparent
DM mode is OFF by default
Configuration
wae(config)#directed-mode enable ?
port Directed mode UDP port
A B D
Origin Connection Origin Connection Optimized Connection
E C
UDP:4050
80
WAAS
Upstream Firewall and Blacklist
1. Upstream firewall drops packets with
TCP option
2. WAAS D sends SYN with TCP option
which is dropped by firewall E
3. WAAS D re-sends SYN with TCP
option but it is dropped
4. WAAS puts server in Blacklist for
default 60 minutes
5. WAAS D forwards SYN without TCP
option
6. WAAS re-tries sending SYN with TCP
option to server after 60 minutes
A B D
Origin Connection Origin Connection Optimized Connection
E F C
TCP Option
Removed
From SYN
81
WAAS Replication Accelerator
Deployment
Data center high bandwidth
medium latency link
acceleration
SnapMirror and SRDF/A
over IP
DRE cache size equals
platform memory
7341/7371 use 9GB/18GB
7341/7371 have fanout of 4/9
DRE cache is still persistent
across the reboots
TFO tuned for high throughput
and few connections
Replication Accelerator
Device mode (CLI only)
Requires reload
DRE cache cleared
DRE aggregation disabled
LZ compression level set to 1
tfo perf-poc enabled
Default policy changed as
applicable with the new
device mode
Connection from/to Replication
Accelerator to/from Application
Accelerator are put to
pass-through
82
83
WAAS Virtual Blade
Overview
A Virtual Blade is a guest virtual machine of the
WAAS host
WAAS presents
FirmwareBIOS and possible extensions
Hardwareone or more CPUs, memory, host
bridge, VGA, one or two NICs, disk controller, disk,
CD drive, serial port, PXE Boot, etc.
Preservation of Virtual Machine state on WAAS
reboot
Virtual Blade support
Windows on WAAS (WoW) Windows 2003/2008
Server print and directory services (2008 available
pre-installed), MS SVVP for Windows 2008
Application and Content Networking System
(ACNS VB)
Windows Services (SCCM and 3
rd
party Services
like Altiris)
Enterprise and Virtual Blade licenses required
Cisco Linux
Kernel Virtual Machine
Windows
On
WAAS
(WOW)
ACNS
Virtual
Blade
(ACNS
VB)
Virtual
Blade
# N
Virtual
Blade
Storage
Ethernet
Network
I/O
84
Interface Bridge
WAAS Virtual Blade
Dedicated VB Interface or Shared Port Channel
ACNS VB1 WoW VB2
WAAS
interface g 2/0
no ip addr
WAAS
interface g 1/0
ip address B.1/24
LAN
ip address A.2/24
IP
Network
e1
A/24
62
s0
61
g 1/0
g 2/0
interface g 1/0
ip address A.1/24
Interface Bridge
ACNS VB1 WoW VB2
interface g 2/0
channel-group 1
interface g 1/0
channel-group 1
LAN
ip address A.3/24
interface g 1/0
ip address A.2/24
WAAS
interface PortChannel 1
ip address A.1/24
h1
Interface Bridge
IP
Network
e1
A/24
62
g0
g 1/0
g 2/0
h1
g1
s0
LAN-1 LAN-2
LAN-1 LAN-2
virtual-blade X
description VB Shared Port Channel
interface 1 bridge PortChannel 1
virtual-blade X
description Dedicated VB Network
interface 1 bridge GigabitEthernet 2/0
B/24
61
80
g0
61
80
85
WAAS Virtual Blade
ACNS and WAAS WCCP Channel Configuration
ROUTER
ip wccp 61 redirect-list WAAS
ip wccp 80
!
ip extended access-list WAAS
permit tcp any any
!
interface s0
!
interface g0
ip address A.254 255.255.255.0
WAAS WAE
interface PortChannel 1
ip address A.1 255.255.255.0
wccp router-list 1 A.254
wccp version 2
ACNS Virtual Blade
ip address A.2 255.255.255.0
exit
wccp rtsp router-list-num 1
wccp version 2
IP
Network
e1
A/24
62
g0
s0
61
g 1/0
g 2/0
h1
80
86
WAAS Virtual Blade
ACNS and WAAS WCCP Channel Configuration
ROUTER
ip wccp 80
!
ip extended access-list WAAS
permit tcp any any
!
interface s0
!
interface g0
ip address A.254 255.255.255.0
!
interface g1
ip address B.254 255.255.255.0
WAAS WAE
ip address B.1 255.255.255.0
exit
no ip address
exit
wccp version 2
ACNS Virtual Blade
ip address A.1 255.255.255.0
exit
wccp rtsp router-list-num 1
wccp version 2
IP
Network
e1
A/24
62
g0
61
g 1/0
g 2/0
h1
g1
s0
B/24
80
87
WAAS Virtual Blade
OS Installation
Copy an ISO CD or DVD image to the system (copy FTP
disk)
Allocate disk, memory, network resources
Run the virtual blade, booting from CD
Use VNC to guide the installation
Stop the virtual blade, and restart it booting from disk
br1-wae1#pwd
/local1/vbs
br1-wae1#dir
size time of last change name
-------------- ------------------------- -----------
593117184 Wed Jun 18 17:54:01 2008 en_windows_server_2003.iso
2634078208 Wed Jun 18 16:08:59 2008 en_windows_server_2008.iso
277676032 Tue Dec 9 17:20:43 2008 ACNS-5.5.12.40-K9.iso
178952192 Sat May 4 12:35:30 2002 winboot2.0.116qd.iso
88
WAAS Virtual Blade
ACNS VB Configuration
virtual-blade 1
config:
description ACNS VB
device cpu qemu32
device nic e1000
device disk IDE
device keyboard en-us
memory 1024
disk 80 80
interface 1 bridge PortChannel 1
no boot fd-image
boot cd-image disk /local1/vbs/ACNS-5.5.X.iso
boot from disk
no vnc
autostart
state:
running
serial console session active
vnc server disabled
current cd /local1/vbs/ACNS-5.5.X.iso
current floppy [not inserted]
89
WAAS Virtual Blade
Windows on WAAS (WoW)
config:
description WoW - 2008 Server
device cpu qemu64
device nic rtl8139
device disk IDE
device keyboard en-us
memory 1024
disk 30
interface 1 bridge G 1/0 mac-address 00::19
no boot fd-image
boot cd-image disk /local1/vbs/win2008.iso
boot from cd-rom
autostart
state:
running
serial console session inactive
vnc server active
vnc client connected
current cd /local1/vbs/win2008.iso
current floppy [not inserted]
90
Configuring Virtual Blade using Central Manager
Using Two CPUs for Single VB
91
WAAS Virtual Blade
Actions
br1-wave1#virtual-blade 1 ?
cd Change virtual blade cd
kill-save-state Delete the virtual-blade saved state
save Save memory state of virtual blade
session Open telnet connection to remote host/port
start Start the virtual blade
stop Stop the virtual blade
92
WAAS Virtual Blade
Video/Keyboard/Mouse and Console
An emulated video card display is visible with VNC
VNC connect to emulated video card via WAE-IP:#where #is the
VB number
Once the VB OS is installed, a remote desktop connection may be
set up using the IP address inside the Virtual Blade
An emulated serial port is accessible from the WAAS CLI
br1-wave1#virtual-blade 1 session
Session already in use
br1-wave1#virtual-blade 1 session clear
br1-wave1#virtual-blade 1 session
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Cisco Content Engine Console
Username: admin
Password:
NO-HOSTNAME#
93
94
Cisco WAAS 4.2.1
Sizing Considerations
Connection capacity
Concurrent TCP connections
Estimate 10 TCP connections per client
Verify C:\>netstat -a | find "ESTABLISHED
Connections Per Second (CPS)
Video streams
Network
WAN bandwidth
LAN bandwidth
Core fan out peering
Storage
DRE days history
Virtual Blade
CIFS object storage
Virtual blade memory, disk, and CPU capacity
95
Cisco WAE Family
WAAS 4.2.1 Performance
Capacity
SRE-
700
SRE
- 900
WAE
-274
WAE-
474
WAE-
574-
3GB
WAE-
574-
6GB
WAE-
674-
4GB
WAE-
674-
8GB
WAE-
674-
8GB+
VB
WAE-7341 WAE-7371
WAN Bandwidth (Mbps) 20 50 2 4 8 20 45 90 90 310 1000
Optimized TCP
Connections
500 400 200 400 750 1300 2000 6000 4000
12000
9000/3000*
50000
12000/28000*
Optimized Throughput
(Mbps)
150 250 90 90 100 150 250 350 350 800 1500
Total Disk Capacity (GB) 500 500 250 250 500 500 600 600 600 900 1500
DRE Disk Capacity (GB) 120 120 40 60 80 120 120 320 150 500 1000
CIFS Disk Capacity (GB) 120 120 120 120 120 120 120 120 120 230 230
Maximum LAN Video
Streams
200 200 40 80 150 300 400 1000 600 1000 1000
Virtual Blades Supported 2 2 2 6 2 6
Total Virtual Blade Disk
Capacity
30 30 60 175 120 200
Core Fan Out 35 70 100 200 200 1400 2800
CM Managed Devices 125 250 500 1000 1500 1500 2000
* SSL connections / TCP connections
Note: These are guidelines for sizing based on certain assumptions. Enabling multiple features will have an impact on scalabi lity.
96
WAAS Mobile Overview and
Deployment
97
Data Redundancy Elimination
Reduces amount of data transmitted
Handles any size file
Single instance, bi-directional delta byte caching
Transport Flow Optimization
Maximizes link throughput
Dynamically adjusts to network conditions
Optimizes performance over lossy and/or high latency networks
CIFS/SMB file share HTTP
MS Exchange HTTPS
Application Protocol Optimization
Mitigates network latency
Cisco WAAS Mobile
Acceleration Technologies
98
Cisco WAAS Mobile Networking:
Deployment Topology
Intranet
Internet
Remote
Access
VPN
App Servers &
Storage
Data Center
App Servers
&
Storage
Data Center
Cisco WAAS
Mobile Client
Cisco
WAAS
Mobile
Server
Cisco
WAAS
Mobile
Server
Mobile users
connect through
VPN aggregation
point to multiple
Cisco WAAS Mobile
Servers
Small Office
Cisco
WAAS
Mobile
Clients
Workers in small offices
may connect to multiple
Cisco WAAS Mobile
Servers
Simultaneously accelerate traffic to applications hosted in multiple data centers
99 99 99
Cisco WAAS Mobile Networking:
Client-Server Data Flow
Cisco WAAS Mobile client proxies all accelerated
TCP traffic and sends it via UDP port 1182 to the
Cisco WAAS Mobile Server
Accelerated
Applications
CIFS SMB
Other
Applications
Intercept/Redirect (TDI driver)
Acceleration Process
Intercept/Redirect (TDI driver)
Acceleration Process
TCP TCP
Data
UDP 1182
TCP
Cisco WAAS Mobile Client
Cisco WAAS Mobile Server
Other
Application
Servers
Application
Servers
File Servers
TCP
TCP
Control
TCP 1182
100 100 100
Cisco WAAS Mobile Scalability
Scale up to handle maximum throughput of any data center
Up to 10,000 concurrent users per Cisco WAAS Mobile server
Multiple Cisco WAAS Mobile Servers can be aggregated into Cisco
WAAS Mobile server farms for load balanced, redundant capacity
Scale out to handle multiple data centers
Cisco WAAS Mobile server farms hosted at multiple data centers provide
acceleration for any worker to any application
Scalable Cisco WAAS Mobile Manager data flow
Manager communicates with Cisco WAAS Mobile worker servers
Worker servers communicate with Cisco WAAS Mobile clients
A single Cisco WAAS Mobile Manager can manage hundreds of servers
and hundreds of thousands of clients
101 101 101
WAAS Mobile Management
Central Manager
Highly scalable
Manage hundreds of Cisco WAAS Mobile servers or just a single server
Manage hundreds of thousands of end users from a single user interface
Total system visibility
View performance at system level, or drill down to a server farm, a single
server, a group of end users, or a single user
Consolidated end-user management and monitoring
Visibility into the performance and status of accelerated traffic by
application and path for any end user from the Cisco WAAS Mobile
Manager
Highly available
Central manager not required to be operational for acceleration services
to be operational.
102 102 102
Cisco WAAS Mobile Management:
Manage All Clients Centrally
View all clients from the central console and filter to
find the user or set of users of interest
103 103 103
Enterprise Deployment Considerations
High Availability
To provide high availability and capacity within a data center
Multiple Cisco WAAS Mobile servers in a data center may be configured to be
members of a Cisco WAAS Mobile server farm
Traffic load is automatically balanced across the servers in a server farm
Initial access is random
On subsequent access, client attempts to connect to previous server. If unable, tries
another server in the same farm
To provide high availability in the event of a data center outage
Cisco WAAS Mobile server farms may be located at backup data centers
When clients are unable to connect to the primary server farm, they will
automatically attempt to connect to backup server farms
104 104 104
Manageability
Software installation
Client profiles are packaged as executable .msi files
Software upgrades
Automatic upgrade and downgrade
Configuration updates
Automatic updates
Policy-based management
Separate configuration profiles for different user groups
Optional Active Directory group policies
Central monitoring console
Graphical displays of acceleration and traffic breakdown
105 105 105
Architecture Scalability
Highly scalable storage system
Each file or data sequence is only stored once
Single instance of a file or data sequence is shared with all users
Highly efficient memory utilization
Uses only 2 MB of server RAM for each simultaneous active download
1000:1 disk to RAM ratio for search index supports deep histories
Scalable CPU utilization
Multi-threaded architecture makes efficient use of multi-core CPUs
Optimized disk utilization
Employs a dynamic disk seek algorithm that optimizes throughput under
high load by dynamically trading off acceleration gain vs disk activity to
mitigate thrashing
106 106 106
Cisco WAAS Mobile
Server Configurations
Cisco WAAS Mobile is deployable on bare metal server
or as virtual machine
For 5-10 user evaluations:
See Appendix A of the Cisco WAAS Mobile
Administration Guide for production server sizing and
operating system guidelines
Minimum Configuration
CPU 1.8 GHz dual core
System Memory (RAM) 2 GB
Disk Space Available for Delta
Cache
5 GB
Operating System Windows Server 2003, 2003 R2, 2008, or 2008 R2
107 107 107
Cisco WAAS Mobile and UCS
Industrys Most Scalable Mobile Acceleration
10,000 Concurrent
Cisco WAAS Mobile Clients
Concurrent licensing supports 30,000
40,000 end users
Unparalleled Throughput
600 Mbps LAN-side
200 Mbps WAN-side
100,000 TCP connections
Flexible Multi-Service
Platform
Co-host Cisco WAAS Mobile
with other applications
Cisco WAAS Mobile
Virtual Appliance
Evolve from hundreds to
thousands of concurrent users
Cisco WAAS Mobile
Clients
Cisco WAAS Mobile
Server
Cisco UCS C-200M1
108
Cisco WAAS Mobile
Client Configurations
Supported Recommended
Minimum
CPU 750 MHz 1.5 GHz
System Memory (RAM) 512 MB 1 GB
Disk Space Available for
Cache
80 MB 1 GB
Operating System Windows XP, prior to
SP2
Windows XP SP2, Vista,
or Windows 7

109
Review
WAAS Overview
WAE Installation
WAE Deployment
Inline
Web Cache Control Protocol (WCCP)
WAAS Application Optimizer (AO) Deployments
WAAS Mobile Overview and Deployment
110
Recommended Reading
Continue your Cisco Live learning experience with further reading from
Cisco Press
Check the Recommended Reading flyer for suggested books
Available onsite at the Cisco Company Store
111
Complete Your Online
Session Evaluation
Give us your feedback and you
could win fabulous prizes.
Winners announced daily.
Receive 20 Cisco Preferred
Access points for each session
evaluation you complete.
Complete your session
evaluation online now (open a
browser through our wireless
network to access our portal)
or visit one of the Internet
stations throughout the
Convention Center.
Dont forget to activate your
Cisco Live and Networkers Virtual
account for access to all session
materials, communities, and on-demand
and live activities throughout the year.
Activate your account at any internet
station or visit www.ciscolivevirtual.com.
113
Backup Slides
114
Storage > Disk Error Handling
Network > DNS
SNMP
Date/Time > NTP Server | Time Zone
Security > Login Access Control >
SSH | MoD | Exec-Timeout
Authentication
Common criteria
System Log Settings
Application Policies (no video)
Central Manager
Common AllDevicesGroup Configuration
115
Central Manager
AllDevicesGroup Hidden Features
Troubleshoot (device specific)
Interception (device specific)
TCP Buffer Settings
Legacy File and Print Services
Disk Encryption (edge only)
NetworkPort Channel, Directed Mode, IP
Routers (device specific)
Transaction logs (edge only)
116
Central Manager
AllEdgesGroup Configured & Hidden Features
117
Central Manager
AllCoresGroup Configured & Hidden Features
118
WCCP
Registration and Clustering
Engine (WCCP Client) Router (WCCP Server)
Register Registers service groups (61/62)
Here I Am - 10 sec interval
Accepts registration
I See You with 3X hold down
Cluster
Lead elected by lowest IP
Lead creates distribution
assignment and instructs all
routers
Router reflects state of all engines
All routers identically redirect based
on lead engine instruction
A B
e1 e2
r1
r2
119
WCCP
WAAS Redirect, Return, and Egress Configuration
WCCP GRE Redirect WCCP L2 Redirect
IP
Forward
Return /
Egress
7200,ISR,ASR,6500
7200,ISR,ASR,6500,3750,3560,4500
l2-redirect mask-assign
wccp tcp-promiscuous mask src-ip-
mask < 0xF | 0xF00 | 0xF0000 >
WCCP
GRE
Return /
Egress
7200,ISR,ASR
egress-method negotiated-return
intercept-method wccp
Not supported
WCCP L2
Return
Not supported Not supported
Native
GRE
Return /
Egress
egress-method generic-gre
intercept-method WCCP
7200,ISR
6500,ASR
mask-assign
wccp tcp-promiscuous mask src-ip-
mask < 0xF | 0xF00 | 0xF0000 >
Not supported (minor alarm)
wccp router-list
and
wccp version 2 not shown
120
WCCP
Redundant L2 Branch
Assignment Hash
Redirect - WCCP GRE
Return/Egress - IP forward or GRE
return
Network
Passive interface routing on all host
subnets
Route on WAE subnet (no passive
interface)
mHSRP routing e1 to rtr1 and e2 to r2 to
create outbound WAN load balancing
Assignment Hash
Redirect WCCP GRE
Return/Egress - GRE return
Network
Passive interface routing on host and
engine subnets if no inter-router link
Route on inter-router subnet (no passive
interface)
Preserves Gateway Load Balancing
Protocol (GLBP) outbound
r1
r2
sw1
sw2
h1
h2
h3
h4
e1 e2
WAN
r1
r2
sw1
sw2
62
61
62
61
WAN
h1
e1
e2
h2
62
61
62
61
121
WCCP
Redundant L3 Switch Branch
Registration sw1/sw2 interface IP
Assignment Mask
Redirect - WCCP L2 redirect
Return/Egress IP forwarding
Network
Passive interface routing on all host subnets
Route on WAE subnet (no passive interface)
Preserves upstream WAN load balancing using CEF equal cost paths
Commonly Cisco Catalyst 3560, 3750, 4500, or 6500
r1
r2
sw1
h1
h2
e1 e2
sw1
sw2
Si Si Si Si Si Si
Si Si Si Si Si Si
WAN
62 61
62
61
122
Software router (7200/ISR)
Registration r1/r2 loopback IP
Assignment Hash
Redirect - WCCP GRE
Return/Egress - WCCP GRE
Hardware router (6500/ASR)
Registration r1/r2 loopback IP
Assignment Mask
Redirect - WCCP GRE Redirect
Return/Egress - generic GRE
(6500) or WCCP GRE (ASR)
Server
Farm 2
Server
Farm 1
WAN Edge WCCP with GRE Path Affinity
r3
WAN
#1
WAN
#2
r4
r5 r6
r7
r8
r9
r10
Si Si Si Si Si Si
Si Si Si Si Si Si
r1 r2
61 61
62 62
61 61
WCCP Registration
e1
e2
e3
e4
62 62
123
Inter-switch routed (N:N HA)
Register r7/r8/r9/r10 Loopback
IP
Assignment Mask
Redirect - WCCP GRE Redirect
Return/Egress - generic GRE
(6500) or IP forward
Network WAE Etherchannel
Inter-switch VLAN (N+1 HA)
Register r7/r8/r9/r10 interface
IP
Assignment Mask
Redirect - WCCP L2 Redirect
Return/Egress IP forward
Network WAE Standby
Interface
Server
Farm 2
Server
Farm 1
Server Farm WCCP
r3
WAN
#1
WAN
#2
r4
r5 r6
r7
r8
r9
r10
Si Si Si Si Si Si
Si Si Si Si Si Si
r1 r2
62 62
61 61
WCCP Registration
e1
e2
e3
e4
61
61
61
61 62
62 62
62

Sprache

Willkommen bei Scribd!

BRKAPP-2005

Hochgeladen von

Dokumentinformationen

Datum des Uploads

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Beschreibung:

Copyright:

Verfügbare Formate

BRKAPP-2005

Hochgeladen von

Beschreibung:

Copyright:

Verfügbare Formate

Verwandte Titel

BRKAPP-2005

Deploying Wide Area Application Services

Verwandte Interessen

Dokumente ähnlich wie BRKAPP-2005

Beliebt in Standards

Verwandte Titel

Bewerten

Teilen