Bhavin Yadav is a technical support engineer in the San Jose campus focusing on Technical Assistance Center (TAC) cases raised by customers for the Cisco WAAS solution and Web Cache Communication Protocol (WCCP) deployments. Yadav has five years of experience with WAN optimization products, which include Cisco WAAS as well as solutions from Riverbed and Blue Coat. He holds a bachelor's degree in computer science and CCNA certification.
The following experts were helping Bhavin to answer few of the questions asked during the session: Peter Van Eynde and Michael Schueler. Peter and Michael are support engineers and have vast knowledge in WAAS related topics.
You can download the slides of the presentation in PDF format here. The related Ask The Expert sessions is available here. The Complete Recording of this live Webcast can be accessed here.
Q. If WAE is hung what can be done to recover it?
A. There are multiple things that can be done here. First thing is to connect a console cable before you do anything, because most of times console output can give you some information. If you can't access WAE by any means then the only option is to turn it off and then back on. When the device boots up it will put the existing sessions in pass through mode and will optimize new connections passing through it as per policy)
Q. If WAE keeps reloading what can be done?
A. Connect the console cable and log the console output. Observe at which point WAE keeps reloading, may be a disk failure, or maybe a corrupt image, or maybe because of abnormal shut down of the unit. This will help to narrow down at which point it is reloading. One way to recover is to boot the device using the recovery disk. The recovery process is documented in configuration guide under the section maintaining your WAAS system. There are some 7 options to boot the unit using the recovery disk. One thing to note here is that if you are using recovery disk then you are going to loose your configuration and/or DRE partitions. 2
Q. How to troubleshoot if a particular application traffic is in pass through mode?
A. There are multiple reasons why the traffic may be in pass through mode. It may be because of asymmetric routing, or it may be because of policy or classifier, or may be the traffic is not being redirected through WCCP. In case of asymmetric routing enter the command "sh stat connection | in " on both side waas, initiate a connection, and look at the output of command. If you see a connection entry on one device but not on another then the traffic is not passing through other device. If you see connection entries on both sides but after some 30 seconds under detail connection, PT_asymmetric does not changes to PT_passthrough, you have asymmetric routing. If the session is in pass through because of policy, then check outut of command "sh stat connection | in " and it should show PT_policy passthrough.
Q. During production hours, what is the safest way to bypass traffic?
A. There are multiple ways we can bypass the traffic. Creating policies is the safest way, because it is not going to affect any existing traffic going through the waas. It will only affect the new session traffic for which the policy has been created. Turning off redirection completely or turning off application optimizer (AO) like CIFS or HTTP, will affect the traffic going through that AO at that time.
Q. Why we cant register to the HSRP addresses?
A. The reason that this is not a good idea is because an HSRP address is a virtual addresses, and it may flip between the routers depending on demand.
Q. Any WAAS design guide for sites with dual homed environment?
A. The WAAS configuration guide, chapter 2, talks about planning your waas network. It gives detail idea if you have many routers or WAAS devices at your site.
Q. How much can system report generation affect the WAAS in production?
A. System report generation affect the WAAS performance depending on the situation. For example if the CPU is running high or if there is a memory issue, waas may crash or create a core file. Generating system report is not recommended on a heavily loaded box. Although system report is essential for troubleshooting, since WAAS does not keeps history of issues once they disappear, and it is required in a lot of cases.
Q. Are WCCP debugs safe to run on production box?
A. WCCP debugs are safe to run, most of the time, since there are like 1 message every 10 or 15 seconds per WAE device. This is not heavy traffic that can affect the router or the WAAS device; however if router or WAAS is hitting 100% cpu it is not recommended to turn on WCCP debug.
Q. Is it possible to setup a WAE environment where one site is WCCP and other is inline?
A. Yes, it is possible to have WCCP running on one site and inline running on another, since these are just methods of redirecting traffic. As long as traffic passes through the WAAS on both sides, not making asymmetric routing, this will be fine
Q. How to monitor the health of WAE device using SNMP?
A. Enable SNMP alerts on WAAS directly. The configuration guide, under the section configuring SNMP monitoring, has all the options. You can download all the MIB's that you need for SNMP configuration and use these on SNMP server to understand the alerts.
Q. What are the different egress methods on WAE and is there any best practice on this?
A. Different egress methods on WAE are GRE, L2, hash, mask, etc. In case if you have single vlan subnet you can define any of these methods on WAAS itself. Remember that all WCCP related stuff is controlled by WAAS and the router is just accepting teh packets from WAAS and working on them.
Q. When is encrypted MAPI going to be supported?
A. Encrypted MAPI is there is product roadmap; although Cisco sales engineer or account manager will be in better position to give some deadline for this feature.
Q. On a large WAE network is it better to roll out software update via central manager or to save the update on WAE devices manually?
A. It is very important to define a proper deployment method if you have like 50 or more WAE over remote locations. It is good to use central manager to deploy and manager large WAE networks. You can define an update job in the central manager where you can specify that if you only want to download the image or you want to download and upgrade the image. So you can define a job to send the image to device at midnight and you can specify to just install the image but not to reboot the device. The device can be reloaded during a maintenance window or during off business hours.
Hi, i have a scenario where in legacy 7K network we have multiple production servers running in vlan 1. In ACI, we cant create EPG with encapsulation vlan 1. Do we have a workaround how to move the workload from N7K to ACI without the need to re-id the vl...
I'm thinking of using Vxlan for my new data center configuration.The question is are the vxlan evpn equipment rolls fixed?For example leaf = N9300spine = N9500As far as I know, you can use it as a spine if you have the ibgp-rr function.I think it will be ...
Hello Guys! I have an issue with a server connected to an orphan port in the secondary vpc member in domain 2 (check the diagram that I have attached). The server in VLAN 10 has its default gateway in an upstream device and cannot ping to the default...
With Nexus 9K, specifically N93180YC-FX, running v9.3(6), is OSPF "prefix-suppression" still not supported? Looking for a confirmation. I did check the Cisco feature navigator (https://cfnng.cisco.com/) but it is outdated for NX-OS... I did...
Hi all,[Edit: I've just figured out that attributesnapshot.alwaysAllowNative=TRUE. as referred to in the release notes really SHOULD be attribute snapshot.alwaysAllowNative=TRUE- which makes much more sense, but I still have questions]I'm h...