WAAS Application Traffic Mix

Unanswered Question
Feb 26th, 2008

On one of my core WAAS boxes I have noticed that the "Other Traffic" makes up a much higher proportion than it does on the rest of my WAAS devices. Is there an easy way to determine which conversations make up the "Other Traffic" so I can make sure the traffic is genuine (and not some sort of virus or other anomoly)? When I go to the command line of the WAAS device and run a show statistics tfo application it also shows a heap of traffic under the "Other" application type.

Thanks in advance,

Peter

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
dstolt Wed, 02/27/2008 - 04:22

First, make sure all your WAEs are using the same classifiers, I usually recommend that you restore the default policies and classifiers in your All Device Group so all the devices share the same policies. You have to do this manually, otherwise local policies may be mismatched.

Other traffic is usually the results of traffic in the "catch-all" classifier at the bottom of your list. One of the ways to determine what this traffic is made up of is to run "sh tfo conn sum" and look at your destination ports on optimized connections. If you have applications that are using ports that are not covered in your defaults classifiers, then you can create them in your all device groups and push them down to all your WAEs.

One of the traffic types that is a easy target is exchange traffic (if you use it). Since exchange traffic is on dynamic ports, you can create a Email classifier based on destination IP addresses of your Exchange servers, that will move it from your "other" bucket into email.

Hope that helps,

Dan

pthaynes Wed, 02/27/2008 - 15:00

Dan,

Thanks for the reply. I have verified that all the devices share the same classifiers and active policies. I had assumed that the Exchange traffic would have been mapped based on the End point mapper. I was already looking at the output from show tfo connection summary and was just hoping there might an easy way to see what was getting classified into each traffic type per connection. I guess I'll drag it into a spreadsheet and use some formulas to figure out which conversations are classified under which traffic type.

Thanks for your help.

Peter

Actions

This Discussion