Showing results for 
Search instead for 
Did you mean: 


Community Manager
Community Manager

Welcome to the Cisco Networking  Professionals Ask the Expert conversation. This is an opportunity to learn about Cisco Wide Area Application Services monitoring and reporting with Michael Holloway and Joe Merrill.  Michael is an escalation support engineer in the Application  Delivery Business Unit focusing on escalations to engineering related to  the Cisco Wide Area Application Services (WAAS) product. He has worked  with Cisco WAAS since its initial development, and with the first  product beta.

Joe Merrill is an escalation support engineer in the Application Delivery Business Unit focusing on escalations to engineering related to the Cisco Wide Area Application Services (WAAS) product. He has worked with Cisco WAAS since its initial development, and with the first product beta.

Remember to use the rating system to let Michael and Joe know if you have received an adequate response.

Michael and Joe might not be able to answer each question due to the volume expected   during this event. Our moderators will post many of the unanswered   questions in other discussion forums shortly after the event. This  event  lasts through August 27, 2010. Visit this forum often to view  responses  to your questions and the questions of other community  members.

24 Replies 24


Hi Michael,

When I bring up WCCP on my WAAS device, my switch shows in increase in fragmented packets and the CPU on the switch seems high. What could cause this?


1. Do you have branches that don't have WAAS? If so, I suggest you apply ACL on your L3 switch (assuming Cat6k) to not redirect that non-WAAS branch. A scenario like this could cause fragmentation and very well increase the CPU on Cat6k as the fragmented packets will be processed in s/w.

2. What type of method are you using to return the traffic from WAE to Cat6k? If you use IP Forwarding (using Static Rotue or Default Gateway ) the traffic will return from WAE to Cat6k. If you use IP Forwarding to return the traffic then WAE will not add any additional header. So, even in a scenario like #1 the fragmentation will not happen.

Pl note that if your WAE optimizes the traffic then it will not fragment the packets even if you use WCCP-GRE or Generic GRE as your Egress-Method to return the traffic.




Hi Michael and Joe,

Much of our traffic shows up as ‘Other’ in the charts on the Central Manager.  We see OK optimization for ‘Other’ traffic, but suspect that some traffic is being optimized that should probably be pass-through.  How can we determine what traffic is being defined as ‘Other’?



You can enable transaction logging and one of  the fields is classifier matched.  You can also look a CM GUI for each WAE and under Monitoring / Optomization / Connection Statiscics there is also a Classifer field.


Enabling transaction logs will help you identify which traffic is hitting which classifiers, but may not be an optimal solution in a very busy production environment.  You can also look at the "show statistics connection" output, and identify connections with Application Name of 'Other'.  You can create a new Application that has statistics enabled, and an associated Classifier that matches some aspect of a connection currently mapped to 'Other'.  With that new policy definition in place, watch that Application's statistics to see how much traffic goes through, and whether it sees any benefit from optimizations.  You may need to talk with the file server or application management staff there to determine what application is associated with that traffic, and whether you want to optimize it.  Some traffic may see good optimization because it is text, but not get any realistic benefit from the optimizations because of its transactional nature where only a few bytes are sent back and forth at a time.



Maybe you can help me.  Since bringing another WAE into the WCCP cluster, we’ve noticed a dramatic increase in the packet incoming and outgoing rate on the interfaces.  But the number of users hasn’t changed, and they haven’t changed what network services they are using.  What would cause this?


You may be seeing the results of flow-protection.  When a new WAE is introduced to an existing WCCP cluster, the WCCP buckets are reassigned with some buckets moving from previous WAEs to the new WAE so they all have an (nearly) equal number of buckets.  In order to avoid resetting connections on flows that are optimized by one WAE but now belong to a new WAE, WAAS will flow-protect those connections.  When the router redirects an in-progress connection to a WAE that is the new owner of the bucket, that WAE will re-redirect the packet to the WAE that previously owned that bucket so that WAE can continue the optimization.

That re-redirection adds traffic to the interfaces without actually increasing the number of flows.

In order to see whether flow protection is occurring, take a look at the "show wccp flow tcp-promiscuous details" output at each of the WAEs.  Any buckets that show IN mean that this WAE is now the owner of a bucket that appears to have in-progress flows and will redirect those to another WAE.  The IP address of the previous owner of the bucket, who will be receiving those packets, is listed in the output as well.  Any buckets that show OUT indicate that the bucket moved away from this WAE (to the WAE whose IP address is also listed) and that it will receive re-redirected packets from the new owner of the bucket.

Also, the "show wccp gre" output will show the number of packets redirected to another WAE, and that number would be increasing.

As attrition of the connections occurs, with those connections naturally terminating over time, the number of flow-protected connections will decrease and ultimately flow-protection will cease on its own.  However, during this time, any Pass-through traffic that may go idle for 10 or 15 seconds may also fall into flow-protection as the WAE who owns the bucket (shows IN) forgets the reason for the pass-through decision and lumps it in with the other InProgress connections.

If flow-protection is a concern, and you are willing to risk disrupting existing flows--perhaps during a change control window--you can temporarily disable flow-protection on the WAE that now owns the bucket, and shows the IN flag.  Leave it disabled for a few minutes, then re-enable it.

To disable flow-protection:


  no wccp flow-redirect enable


To enable flow-protection again:


  wccp flow-redirect enable


I am planning to install WAAS between our HQ and a branch, I have some concerns regarding the design of the solution.

At the HQ we have Cisco WAE 674-k9 connected to 6509.

At the branch we have NME-WAE 502 module connected to 2811 router.

What is the best way to setup the WAAS componenets in this scenario?

Shall I use WCCP between the 6509 and WAE 674 in the HQ?

How can I apply the WAAS only on specific traffic types since I have only 1 router "2811" with the module on the router itself.

Thanks in advance

Mohammed Khair Khomakho CCIE Routing and Switching #26682

You would probably use WCCP at both the data center and the branch to redirect packets to the WAEs.  On the routers, you could create ACLs so that only the traffic you want to optimize is redirected to the WAEs.  But take care to keep the ACL limited and simple.  As the ACL grows it be comes more complicated, more prone to configuration errors, and more likely to fill the tables used for hardware routing on the Cisco Catalyst 6500.

Hi Joseph,

Thanks for the reponse, what I am interested in is knowing how would I apply the NME configuration on the Branch Router 2811 in this case.

How can I use WCCP between the router and the NME module that is also installed on the same router?


Mohammed Khair Khomakho CCIE Routing and Switching #26682

You can either use the internal NME interface (links through the backplane in the router), or the external NME interface cabled to an interface on the router.  You would configure WCCP as normal, using either of those two interfaces and the IP address from the corresponding interface on the NME.

Usually, your basic configuration would look something like...

On the router:

ip wccp 61

ip wccp 62

interface Integrated-Service-Engine

ip address

service-module ip address

service-module ip default-gateway


  ip wccp 62 redirect in


  ip wccp 61 redirect in

This configures the router for WCCP, and configures the Integrated-Services-Engine with the internal interfaces for the router and NME. You would then need to configure the NME.  You can either telnet to it, or from the router's CLI you can open a console session to it in order to configure it.  On the NME, configure WCCP as you normally would, with the redirect list pointing to the internal interface we configured for the router (above).

You can find examples in the documentation.  For instance:

Thanks Joseph now I got it.


Mohammed Khair Khomakho CCIE Routing and Switching #26682



My question is simple and short.

Is there any documentation available with the help of which it is understand the report of WAAS.

I'm afraid I'll need you to expand on your question a little bit.  For which report are you asking for documentation?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers