ASK THE EXPERTS : Setting up and troubleshooting WAAS with WCCP

ciscomoderator · ‎06-20-2011

With

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn how to setup and troubleshoot Web Cache Communication Protocol Version (WCCP) redirection to Cisco Wide Areas Application Services (WAAS) devices with Cisco Expert Nicolas Fournier. Nicolas has worked in the Cisco Technical Assistance Center for six years where he is responsible for supporting full-time content technologies and focuses in the areas of Cisco Wide Area Application Services (WAAS) and TCP acceleration. He is a graduate of the Universite catholique de Louvain and holds CCIE #19944 Security certification.

Remember to use the rating system to let Nicolas know if you have received an adequate response.

Nicolas might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the shortly after the event. This event lasts through July 1st, 2011. Visit this forum often to view responses to your questions and the questions of other community members.

rattle143 · ‎06-21-2011

Hi Nocolas

I have WAAS modules installed on 3 sites and a CM to manage these. i see many pass-thru traffic in the WAAS and i want to see what are these traffic. can i see it any way ?

asharmav · ‎06-21-2011

Hi Sandy Pan,

"Show stat conn" , should list the connection , pass through connections will be identified as PT, check for these port numbers. Also do a "show run | " . This will give you if the pass through ports have been configured or waas. If these ports are not configured then you need to configure them under the classifier. Also by default some applications are passthough by default. You can see the classifiers to see which off these applications are already configured in passthrough mode.

Regards

Abijith

Nicolas Fournier · ‎06-21-2011

Hi Sandy,

I'm not aware of any way to see it from the Central Manager directly but you can easily see this from the CLI of your WAAS devices by issuing the following command:

show statistics pass-through

Taken from the config guide, here is an explanation of each entry you will find there:

Connection type	Description
Overall	Total number of connections passed through.
No Peer	The connection is pass-through due to no peer WAE being found during TFO auto-discovery.
Rjct Capabilities	The connection is pass-through due to auto discovery finding that the peer WAE does not have the required capabilities.
Rjct Resources	The connection is pass-through due to auto discovery finding that the peer WAE does not have the required resources.
Rjct No License	Number of connections passed through due to no license.
App Config	Number of connections passed through due to policy configuration.
Global Config	Number of connections passed through due to optimization being disabled globally.
Asymmetric	Number of connections passed through due to asymmetric routing in the network (could be an interception problem).
In Progress	Number of connections passed through due to connections seen by the WAE mid-stream.
Intermediate	Number of connections passed through because the WAE was in between two other WAEs.
Internal Error	Number of connections passed through due to miscellaneous internal errors such as memory allocation failures, and so on.
App Override	Number of connections passed through because an application accelerator requested the connection to be passed through.
Server Black List	Number of connections passed through due to the server IP being present in the black list.
AD Version Mismatch	Number of connections passed through due to auto discovery version incompatibility.
AD AO Incompatible	Number of connections passed through due application accelerator versions being incompatible.
AD AOIM Progress	Number of connections passed through due to ongoing peer negotiations.
DM Version Mismatch	Number of connections passed through because directed mode, though enabled locally, is not supported by the peer device.
Peer Override	Number of connections passed through due to an upstream serial peer handling optimization and telling this WAE not to optimize the connection.
Bad AD Options	Number of connections passed through due to invalid auto discovery options.
Non-optimizing Peer	Number of connections passed through because the only peer found is configured as a non-optimizing serial peer.
Interception ACL	Number of connections passed through due to an interception ACL denying them.

If you want to see which hosts are generating this traffic you can also use the following command:

show statistics connection pass-through

It will give you the list of all pass-through connections going through your device.

You can also filter this output using the following options:

WAE#show statistics connection pass-through ?

client-ip Display passthrough connection statistics for client ip address

client-port Display passthrough connection statistics for client port number

peer-id Display passthrough connection statistics for peer idenitifier

server-ip Display passthrough connection statistics for server-ip

server-port Display passthrough connection statistics for server port number

| Output Modifiers

WAE#

I hope this is the info you were looking for but please let me know if there is anything else you would like to know.

Regards,

Nicolas

Jan Rockstedt · ‎06-22-2011

Hi,

We have two datacenters with the same LAN, with two line's "load sharing" with BGP and two WAE's, running:

Interception Method:	WCCP TCP Promiscuous
Egress Method:	WCCP Negotiated Return

Somethimes we get "asymmetric asymmetric routing is seen in the device" when we run the diagnostic tests for the WCCP and sometimes it's ok.

Where should we start to look?

Jan Rockstedt

Nicolas Fournier · ‎06-22-2011

Hi Jan,

I believe the diagnostic tool is having a look at the output of the show statistics connection pass-through command for Asymmetric sessions.

If you issue the command right after a failed diagnostic, you should see some of those and hopefully, it will help you identify the traffic which is bypassing your WAE's.

Nicolas

Jan Rockstedt · ‎06-22-2011

Hi Nicolas,

Thank for you reply.

Is there any special connection type for this issue?

As I have alot of passthrou, for diffrent reasons.

Jan

Nicolas Fournier · ‎06-22-2011

Hi Jan,

It should be triggered by PT Asym Client or PT Asym Server connections.

If you want to have a look at the list of all the different pass-through states you can see there and their explanation, you can have a look at this link: http://www.cisco.com/en/US/partner/docs/app_ntwk_services/waas/waas/v421/command/reference/execmds.html#wp3113061

Nicolas

Jan Rockstedt · ‎06-27-2011

Hi Nicolas,

We have problem to see the traffic in our provider IDS system and from the netflow from our two provider core router's.

As we are using Redirect and Return Method: WCCP GRE and not beeing able to use WWCP L2 we are cannot see the GRE traffic from our provider two router's.

My solution was to send an netflow from the two WAE also to our provider IDS system on the WAN side, but we can't do that as the WAE have limit configuration possibilities on port and UDP for the flow.

Can you recommend any solution for this?

Regards Jan Rockstedt

Nicolas Fournier · ‎06-27-2011

Hi Jan,

Neflow support on the WAE is meant for sending the data to a NAM so unfortunately, there isn't much tweaking you can do with it.

Could you let me know why you cannot use the reporting values of the router when WAAS is used with GRE return and negotiated return?

You might be missing the destination interface of the flow because of CSCsl30451 but AFAIK you should still see the flows when they originally hit the router.

Regards,

Nicolas

Jan Rockstedt · ‎06-27-2011

Hi Nicolas,

So maybe it have something to do with CSCsl30451.

If i do an trafic report from the IDS system on the hole subnet I can see alot of trafik on the WAE using GRE, it is on the top hosts.
If do on the specific host I can also see the trafic on that host, but I need to know as an first step, the trafic as an overview on the subnet.

Could it be the CSCsl30451?

Jan

Nicolas Fournier · ‎06-27-2011

Hi Jan,

Which version is running on your provider router?

Could you check if the version he is running is affected by "CSCsm35350 WCCP GRE return breaks IPsec traffic AND/OR creates phantom packet count"?

You can have a look at the bug description from the following link:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm35350

Nicolas

Jan Rockstedt · ‎06-27-2011

Hi Nicolas,

Cisco IOS Software, 3800 Software (C3845-SPSERVICESK9-M), Version 12.4(15)T10, RELEASE SOFTWARE (fc3)

Jan

Nicolas Fournier · ‎06-27-2011

Hi Jan,

Then you are not facing CSCsm35350 since it is fixed in this version.

I did some researches on your issue and found two other possible candidates that might explain what you see:

If you are using Flexible Netflow:

CSCsl76763 FNF is double accounting WCCP GRE return packets

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsl76763

If you are using Traditional Netflow:

CSCti86131 2811 WAN usage reporting incorrect with WAAS

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCti86131

Regards,

Nicolas

davidmershon · ‎06-30-2011

are network environment is planning to implement IPv6, we are using wccpv2 which at present does not support, will wccpv3 be coming out soon and will it support IPv6 and will it support Active and Passive FTP modes?