Solved: Re: Policy Definition help (WAFS trouble)

scott.hammond · ‎12-27-2010

Found that we are running an app for which the CIFS policy is causing a problem. If I disable the policy on the edge the problem goes away.

So I built a policy on the edge to PT all the traffic destined to a particular server on 445. Then a built a policy on the core to PT all traffic from that server on 445.

The policy position is number 1 on edge and core.

Traffic Summary shows some PT on that application from the edge perspective and none from the core monitor. The connection statistics for both edge and core show connections open and being optimized, although I am starting to see some connections that are "PT App Cfg"

Users are still complaining about application failure. Am I just not being patient enough?

Amir Asfandyarov · ‎12-28-2010

Yes, when using CIFS AO you should use server as destination on both ends when creating classifiers .

Regards, Amir

View solution in original post

Bhavin Yadav · ‎12-30-2010

Hi Scott,

Thanks for the update. I agree with you that the high level information is missing on some of the Topics but the good news is - we (Cisco) are going to address this pretty soon. Please standby for few days to weeks. We will be posting few things to help you define the HIGH level information in such cases.

Can you please mark this Answered so that other people can look at this thread for resolution in future?

Thanks again.

View solution in original post

Amir Asfandyarov · ‎12-28-2010

Hello Scott,

Can you provide some additional details:

- what SW version are you using?

- can you get the output of the "show stat connection pass-through" and "show stat conn opt cifs" with the connections you've mentioned

- are you sure you don't have any, say, legacy clients that use NBT as transport (port 139)?

As you get "PT App Cfg", still the first thing to check is if your traffic is hitting your policy statements.

Regards, Amir

scott.hammond · ‎12-28-2010

everything is on 4.3.1.6

First off it helps if I get the right server IP on the edge. (had it right on the core and wrong on the edge!!!)

Its too early yet for any users of that application to be in so I will have to keep you posted.

I think I might have had my directions wrong on the policy:

I had server as the destination on the edge and the source in the core policy, but now that I think about it the client will be initiating the connection so the edge and core both should have the server as the destination in the policy yes?

Amir Asfandyarov · ‎12-28-2010

Yes, when using CIFS AO you should use server as destination on both ends when creating classifiers .

Regards, Amir

Bhavin Yadav · ‎12-28-2010

Hi Scott,

Here is what you probably want to do to address this:

1. You do not hacve to create policy on core and edge WAEs. Creating policy on one side is enough to pass thru the conenction.

2. You can use server ip on client WAE to create a policy. Please create two reverse conditions under classifier - one as source ip and another one as destination ip. Please use server ip here.

3. Once this policy is applied, hit submit button and close all connections from client to server.

4. Reopen the session from client to server and it should show you - PT APP CFG which means Passthru due to Policy config.

Please note that policy you will define above will pass thru all traffic to that server on all ports.

If the issue continues, it may not be WAAS.

scott.hammond · ‎12-29-2010

with the policy on edge and core with the server as the destination IP all that traffic is being passed through and we havent had a single error.

Just for clarification, because I have yet to find a good white paper on policy definitions in regards to edge/core placement, you are saying one side is enough for pass through but I still need both sides for a connection that I intend to optimize?

(there are some other connections that are passing through now I would like to optimize by defining a new policy)

Bhavin Yadav · ‎12-29-2010

Hi Scott,

Having a pass thru policy on one end is enough to bypass the traffic in WAAS. You do not need policies on both ends (both WAEs). Just put in reverse condition on edge site which should cover up for everything. You can also add port 445 in the condition to narrow down further.

Are you trying to create optimization policy OR pass thru for the traffix that is having issue?

To create a policy, please go thru this document link:

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v431/configuration/guide/policy.html#wp1133454

Regards.

scott.hammond · ‎12-30-2010

Got it.

yeah I read that config guide, thats how I got this far. It just didnt really speak to policy placement and direction, you know- the high level information that cisco tends to omit expecting you to just somehow magically know.

I think I am good for now, Thanks everybody!

Bhavin Yadav · ‎12-30-2010

Hi Scott,

Thanks for the update. I agree with you that the high level information is missing on some of the Topics but the good news is - we (Cisco) are going to address this pretty soon. Please standby for few days to weeks. We will be posting few things to help you define the HIGH level information in such cases.

Can you please mark this Answered so that other people can look at this thread for resolution in future?

Thanks again.