Ask the Expert:Understanding WAAS Platform - Page 3

ciscomoderator · ‎11-04-2011

With Michael Schueler

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn about resolving configuration problems on the WAAS platform that are not directly related to the WAAS software.

Peter Van Eynde is a customer support engineer in the Technical Assistance Center in Belgium, where he supports content technologies including Cisco Wide Area Application Services (WAAS), Cisco Application and Content Networking System (ACNS), and Cisco Content Delivery System Internet Streaming (CDS-IS). He holds CCIE certification #23042 in Security.

Michael Schueler has been a Cisco support engineer in the Cisco Technical Support Assistance team in Germany for more than 4 years. He and is an expert on content technologies including Cisco Wide Area Application Services (WAAS), Cisco Application and Content Networking System (ACNS), Cisco Content Delivery System Internet Streaming (CDS-IS), and Cisco Digital Media Suite (DMS). He holds CCIE certification #23835 in Security.

Remember to use the rating system to let Peter and Michael know if you have received an adequate response.

They might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the discussion forum shortly after the event. This event lasts through November 18, 2011. Visit this forum often to view responses to your questions and the questions of other community members.

There will also be a live webcast on this subject on Tuesday, November 15, at 2 p.m. Pacific Time and 5 p.m. Eastern Time. During the live event, Cisco subject matter expert Bhavin Yadav will be presenting on how to troubleshoot WAAS Application Optimizations (AO) effectively. He will focus more on individual AO troubleshooting and he will explain about the different ways to work around AO issues with minimum impact to the traffic.

To register for this live webcast: visit, http://www.ciscolive.com/ate/index.php?sid=203284_2

pevaneyn · ‎11-17-2011

Hello Finn,

Yes indeed if L2 was indeed used you would see a loop. We do not have enough information to know exactly what got negociated, I can only assume that the WAE was using GRE at some point, avoiding the loop...

Best regards, Peter

Patrick Moubarak · ‎11-17-2011

Hi,

show egress show L2

show ip wccp 61 detail show L2 also

I can confirm that L2 is currently being used with no routing loop.

show stats connection show hundreds of connections on 1 WAVE and none on the other

Patrick

pevaneyn · ‎11-17-2011

Hello Patrick,

This should not work at all.

Can you use 'tcpdump' on the WAE to confirm that the WAAS is sending normal IP packets back to the router. And if so: to which router?

If the router has the 'redirect in' on that interface it should indeed redirect the packet again to the WAAS device...

Best regards, Peter

Patrick Moubarak · ‎11-17-2011

Hi,

I have only 1 router so that's why I was surprised when I read routing loop.

We have 2 WAVE-274; we had one inline before then we added another one so we put them both in WCCP mode...

Patrick

finn.poulsen · ‎11-17-2011

Hi Patrick,

The term "routing loop" in this case refers to a situation, where :

1) the client sends a SYN packet to the router

2) the router WCCP redirects the SYN to the WAVE-274 (anyone)

3) The WAVE-274 sets tcpoptions X'33' (plus its own ID) in the SYN packets and forwards it back to the router (IP is spoofed here)

4) The router retrieves the incomming SYN packet, but doesn't know that is originates from the WAVE-274 and forwards it back to the WAVE due to "ip wccp 61 redirect in" on the LAN

5) the WAVE-274 gets the SYN packet, but only sees it's own ID and discards the packet, thus preventing the session setup.You should be able to see this in the syslog.txt of you WAVE-274 (find match "loop" syslog.txt)

Best Regards

Finn

Patrick Moubarak · ‎11-17-2011

Hi,

I understand your point. I have no routing loop caused by this.

I will be switching from L2 to WCCP in about 2 hours. I will keep you posted!

Thanks a lot for your input.

Patrick

Patrick Moubarak · ‎11-17-2011

Hi,

I moved to WCCP negotiated return with hash. Load balancing is working fine now!

Big thanks for your help.

Hash by source IP didn't seem to be load balancing so I changed it to be on source and destination IP to get a better load balacing

Patrick

tasoskypraios · ‎11-17-2011

Hi again,

I want to ask something more. In Acceleration -> HTTP/HTTPS Settings there are some features which are disbled by default.

Enable HTTP(S) metadatacache caching

Suppress server compression for HTTP and HTTPS

Enable DRE Hints for HTTP and HTTPS

I think that these are new features after 4.1.x, my whole implementation was started at 4.0.13 version.

Could you please give us more technical info about these. Also why all these are disabled by default?

Thank you

pevaneyn · ‎11-18-2011

Hi,

Well those features are indeed disabled by default. See

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v441/command/reference/glob_cfg.html#wp1351812

Why they are disabled by default is not clear to me, nor could I find any documentation why this would be.

If you enable those the HTTP AO will modify the requests to be able to optimize more.

Supressing server compression will mean that the data will arrive in clear text, so LZ and DRE has more chance to optimize it.

"Enable local HTTP 301 redirect messages" will mean that the Edge WAAS will reply with the 301 reply without going to the webserver again.

"Enable local HTTP 401 Authentication-required messages" will do the same, the client will then retry with an authentication offered which will then get forwarded to the server.

"Enable local HTTP 304 Not-Modified messages" will reply with a 304 if from the request and the cached content it is clear that the server would reply with the same code.

"Enable DRE Hints for HTTP and HTTPS" will allow the HTTP AO to tell the DRE subsystem which data it thinks will be interesting to cache and which make no sense. For example the variable header will not get stored, while the actual data will get stored.

Best regards, Peter

l-badilla · ‎11-18-2011

Hello everyone, just a couple of questions:

1: Are there any documentation about the connections supported in the new generation of waas modules for ISRs?

2. When we are defining which device model to use based on the connection limit supported by each box, what is the best approach to determine the connections by site, count users and multiply by an approx number of connection per user?, or is there a way to count the connections passing thorugh the routers?

Thanks,