This discussion is locked

ASK THE EXPERT - WIDE AREA APPLICATION SERVICES

Unanswered Question
Nov 30th, 2009
User Badges:
  • Gold, 750 points or more

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to learn about Cisco WAAS design, deployment, and troubleshooting with Cisco experts Zach Seils.  Zach, CCIE No. 7861, is a Technical Leader in the Application Delivery Business Unit (ADBU) at Cisco Systems, Inc.  Zach is currently focused on developing the architecture and network integration aspects of Cisco’s next generation WAN optimization and application acceleration platforms.  Zach is frequently engaged with partners and internal Cisco engineers worldwide to advise on the design, implementation, and troubleshooting of Cisco WAAS.  In addition to working closely with partners and customers, Zach collaborates with various Cisco business units on product enhancements, testing, and application services architectures. Previously Zach was a technical leader in the Cisco Advanced Services Data Center Networking Practice, where he served as a subject matter expert in Application Networking Services for Cisco’s largest Enterprise and Service Provider customers.  Zach is co-author of Deploying Cisco Wide Area Application Services (Cisco Press), and was also a technical reviewer of Application Acceleration and WAN Optimization Fundamentals (Cisco Press) by Joel Christner and Ted Grevers, Jr.  Prior to joining Cisco, Zach spent six years in various senior technical roles at a managed service provider.


Remember to use the rating system to let Zach know if you have received an adequate response.


Zach might not be able to answer each question due to the volume expected during this event.  Our moderators will post many of the unanswered questions in other discussions forums shortly after the event.  This event lasts through December 11, 2009.  Visit this forum often to view responses to your questions and the questions of other community members.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
JAMES HAYNES Tue, 12/01/2009 - 08:09
User Badges:

Hi Zach,


We have been using Cisco WAAS since 4.0.3 and are now running 4.1.5a and things have improved dramatically in both performance and stability over the various software revisions. As of 4.1.5 I don't find myself having to look at the WAAS everyday . My question is geared more toward future features. Are there any plans to allow the WAAS to intercept encrypted Citrix traffic (much like SSL) in order to optimize it? This would negate having to convince the server folks to turn off Citix encryption and compression.


Thanks,

Jim

Zach Seils Wed, 12/02/2009 - 08:28
User Badges:
  • Cisco Employee,
tenaro.gusatu.novici Wed, 12/02/2009 - 06:11
User Badges:

Hi there,


I'm going to start with basic questions here: even after consulting different documents on CCO I was unable to figure out for which type of traffic I should apply which solution. Could you give us some guidelines what solutions to use for particular traffic types. I need to convince the customer (he is network engineer and hates sales speech) that WAAS can help him optimize his WAN links and save bandwidth but he wants to know how this product is going to fulfill that task.


Thanks,

Tenaro

Zach Seils Wed, 12/02/2009 - 10:55
User Badges:
  • Cisco Employee,

Hi Tenaro,


Thanks for your post.  In general, I refer to the two primary capabilities of WAAS as WAN Optimization and Application Acceleration.  With WAN Optimization, WAAS applies a set of enhancements aimed at increasing the effective throughput of TCP-based applications by enhancing the behavior of TCP and applying network-based compression.  The WAN Optimization capabilities in WAAS are application-agnostic, in that they are applied at the TCP layer, irrespective of the upper layer application.  Other the other hand, the Application Acceleratiin features in WAAS provide a set of application-specific enhancements that are applied directly to the application layer protocols.  These enhancements are focused on latency mitigation, improved WAN bandwidth reduction, and origin server offload.  Currently WAAS provides application-specific enhancements for CIFS, MAPI, NFS, SSL, RTSP, and HTTP.


There is a good technical overview of the latest WAAS 4.1 release available here:


http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/prod_white_paper0900aecd8051d5b2.html


If you have any additional questions, please feel free to post them to this forum.


Regards,

Zach

osama1712 Wed, 12/02/2009 - 11:33
User Badges:

everyone
I have cisco Ip Phone 7911g and i use adapter not POE , when i try to reset it the LED stop working but i can see the IP of device in my network
iam beginner and i want to use it for SIP server 
any one help plz                           

Zach Seils Wed, 12/02/2009 - 11:37
User Badges:
  • Cisco Employee,

Osama,


This particular forum covers the Cisco Wide Area Application Services (WAAS) product.   I believe your post would be more appropriate for one of the Collaboration, Voice and Video forums.


Can you please repost your question there?


Thanks,
Zach

osama1712 Wed, 12/02/2009 - 12:02
User Badges:

Iam sorry and  thanks alot

tenaro.gusatu.novici Thu, 12/03/2009 - 06:15
User Badges:

Sorry,


I've made a mistake and score your reply with 4 stars (I've wanted to click on 5th one) but I don't know how to edit this


Regards,

Tenaro

Timothy Albright Mon, 12/07/2009 - 08:23
User Badges:

tenaro.gusatu.novici wrote:


Sorry,


I've made a mistake and score your reply with 4 stars (I've wanted to click on 5th one) but I don't know how to edit this


Regards,

Tenaro

Hi Tenaro,

Thanks for your participation in the Ask the Expert event.  The rating method has changed a little in the new forums.  Basically, you select the rating you want from the set of 5 stars on the left, 1 - 5.  You don't need to click each one, just click on the one you want.  We have a cheat sheet document that will give you more detail for future rating: https://supportforums.cisco.com/docs/DOC-8052.  Hope this helps.


Cheers,

Tim Albright

Cisco Support Community

balvinders Wed, 12/02/2009 - 19:04
User Badges:

Hi Zach,


1. I am trying to propose a WAAS solution to a potential customer. What are some of the criteria I should be using to confirm the type of Appliance required?

There is not much sizing information on the datasheet. I need to size the appliance based on bandwidth, users, fan-out ratio etc.. Is there any document I can refer to?



2. Can I run a single appliance (e.g. WAE-512) at my hub site as an engine and a Central Manager ?


Thanks & regards

Bob Sindhu

3D Networks

Zach Seils Thu, 12/03/2009 - 06:28
User Badges:
  • Cisco Employee,

Hi Bob,


The primary criteria used for sizing WAAS appliances are WAN Bandwidth (in Mbps), Optimized TCP Connections, and Optimized Throughput (in Mpbs).  In addition, for the Data Center (or aggregation) devices, there is the concept of fan out, which refers to the recommended number of peers a given device can actively optimized connections with.  I have a sizing guideline document that would be useful to you, but I need to pass it to you through your Cisco account team.  Can you please email me offline with your Cisco Account Manager or Systems Engineer name?


Regarding your second question, the WAAS Central Manager requires a dedicated appliance that is not involved in any user traffic optimization.


If you have any additional questions, please post them to this forum.


Thanks,

Zach

balvinders Thu, 12/03/2009 - 15:26
User Badges:

Hi Zach,


Thanks for the response. I have sent you and my Cisco Account Manager an email.


I am a bit confused with selecting either a WAE or a WAVE appliance for mid to low end sites ? If I am only interested in the WAE ,can I  opt for the WAVE appliances  e.g Instead of the WAE-512 , I choose the WAVE-574 ?



Rgds

Bob

Zach Seils Thu, 12/03/2009 - 15:45
User Badges:
  • Cisco Employee,

Hi Bob,


The primary difference between the WAE and WAVE models is the support for the Virtual Blades feature on the WAVE models.  Other than that, they both have support for the same WAN Optimization and Application Acceleration features.


Regards,

Zach

Mohamed Sobair Sat, 12/05/2009 - 07:08
User Badges:
  • Gold, 750 points or more

Hi Zach,


I have some questions on WAAS deployment and product capability,


1- Its advised to deploy WAAS to monitor all outbound traffic leaving the WAN, If its not deployed INLINE, could it be connected to aspan Port on abackbone Switch connecting also a GW router ?


2- should WAAS has access to the enterprise or ISP cache engines.


3- how much traffic that a single WAE can handle? and how many WAE Engines can be deployed per a single Centeral manager.


4- IS it recommended to deploy WAAS using Policy based routing to redirect the traffic traversing a GW router or WCCP?


5- On which Scenario you require to deploy multiple WAE engines, other than bandwdth limitation? and how could it be implemented?


6- Does WAE engines supports Active/standby Scenario or it could be deployed for loadbalancing Scenario?



Thanks in advance for your prompt reply and feedback,


Mohamed

Zach Seils Sun, 12/06/2009 - 08:46
User Badges:
  • Cisco Employee,

Hi Mohamed,


Thaks for your post.  Here are the answers to your questions:


1.  The recommended network integration methods for WAAS are inline (using the inline module) and WCCP.  Sending traffic to a WAAS device using span functionality will not work properly (WAAS would end up duplicating the traffic on the network).


2.  WAAS does not require access to existing cache devices.


3.  Each WAAS device has specific scalability characteristics based on the model number.  I would recommend that you work with your local Cisco account team on sizing your WAAS deployment.  The same holds true for the scalability of the WAAS Central Manager, with each model appliance supporting a maximum number of devices when functioning as a Central Manager.


4.  WCCP is the preferred off-path network integration method.  That being said, PBR is a valid alternative and can be used.


5.  Deploying multiple WAAS devices at a single location is required for scalability or availability reasons, or both.  How multiple devices are integrated into the network infrastructure depends on the integration method used.  Inline deployments support up to two (2) devices serially chained back-to-back.  When using WCCP, you can cluster up to 32 WAAS devices in a single cluster.


6.  The current network integration methods (inline and WCCP) support active/active clustering, where all devices in the cluster are handling traffic at any given point in time.


If you have any additional questions, please feel free to post them to this forum.


Thanks,

Zach

Mhon Baul Mon, 12/07/2009 - 02:21
User Badges:

Hi Zach,


   We have WAAS software release 4.0.17 OE 512 and currently it is not used because no one knows how to configure and implement this device. Actually Im new to the organization and found out that there is WAAS sitting over ther and not being use. Can you give me ideas and documentation on how to implement and configure this one. We have hub and spoke topology. I know I can use the WAAS to accelerate traffic from our branch to head office. Hope to hear your suggestion. Thanks in advance!


cheers,

reymon

robertsmichael Mon, 12/07/2009 - 10:07
User Badges:

Hey Zach,


Do you know when the next major release of WAAS will be available?  Are you able to share any of the new features/AO's?


Thanks.


-Mike

Zach Seils Wed, 12/09/2009 - 10:32
User Badges:
  • Cisco Employee,

Hi Mike,


Thanks for your post.  I don't have any public information I can share on this forum.  Can you please make the same request through your Cisco account team?  Feel free to Cc me on the request.


Thanks,

Zach

mrrussell Thu, 12/10/2009 - 23:49
User Badges:

Hi Zach, given this is the last day of this round of Ask the Experts I thought I'd better ask a few questions at once (sorry).


1) We are using a WCCP redirect access-list to deny client traffic on the same site as servers from being redirected to the WAAS box, in the hope this will reduce the loading on the WAE (maybe it has little effect anyway?). Despite being denied by the access list (getting matches) we still get "PT in Progress" - Is this expected behaviour in which case is it loading the WAAS box, or a bug (then we'll raise a TAC case) - (using 4.0.19).


2) We tried to put a CDROM with a 4.1.5b image (not rescue) in the CM WAAS box in order to copy it onto the CM WAE for install on the CM and distribution to other WAE's, as we don't have a suitable other system to FTP the file over. Is there a workaround (in the UNix OS) or can this be allowed in the future?


3) Any chance of getting optical interfaces (or SFP)'s in future WAAS boxes including the inline cards?


4) We are looking at trying out SSL, but have heard there maybe some restrictions when using MAPI acceleration, but not sure what?


Thanks

Mick

Zach Seils Fri, 12/11/2009 - 06:30
User Badges:
  • Cisco Employee,

Thanks for your post.  Here are the answers to your questions:


1.  Are you denying the traffic you don't wish to be redirected in both directions?  It's not abnormal to have some connections in pass-through, although it means that the traffic in your case is still making to the WAAS device (which it shouldn't if it's being denied by a redirect list).  Can you post your device configuration and the list of pass-through connections that show this behavior?


2.  It is possible to enable FTP as a service on the Central Manager.  Please see the attached document for additional information.


3.  This is definately I am pushing for, especially on the inline module front.  Do me a favor and send an email offline so we can follow up with your specific requirements.


4.  I am not aware of any issues with the SSL AO and MAPI.  Overall the SSL AO has had a very low bug count.


Thanks again for your post.  Note that although this Ask The Expert series ends today, you can also post your WAAS questions in the Application Networking forum.


Regards,

Zach

Attachment: 
mario-leitao Fri, 12/11/2009 - 04:01
User Badges:

Hi,


1 - If I need to deploy as off-path and waas is within the same subnet as the user network, how should I configure it?

2 - When should I use ip wccp redirect exclude out and ip wccp redirect exclude in ?

3 - How waas mobile works? My main concern is if the packets get proxied by waas server or not. When the packet is going to and from the application server (Ex: oracle server) is the original ip source and destination mantained or when the packets from the server going toward the client needs to replace the destination address with the waas mobile server address?

4 - Where does the Waas mobile server sits on the topology? Does it needs to be in-line or I just plug it on the swith as other computers on the data center?

Zach Seils Fri, 12/11/2009 - 08:27
User Badges:
  • Cisco Employee,

Hi Mario,


Thanks for your post.  Here are the answers to your questions:


1.  The key to this type of deployment is setting the egress method to negotiated return.  This causes the WAAS device to return the traffic to the intercepting router using WCCP GRE encapsulation.  When the intercepting router receives a WCCP GRE packet from the WAAS device, it knows not to reintercept that packet and forwards it normally (after removing the WCCP GRE header).  The exact configuration command to enable this feature in WAAS is egress-method negotiated-return intercept-method wccp.


2.  The ip wccp redirect exclude in command should be used on interfaces facing WAAS devices when outbound redirection is configured on other interfaces on the device.  Let's say you have a simple configuration where the router has three interfaces - one LAN facing, one WAN facing, and one used for the WAAS device:


!
interface FastEthernet0/0

  description ** LAN Interface **
  ip address 10.10.10.1 255.255.255.0

  duplex auto
  speed auto
!
interface FastEthernet0/1
  description ** WAAS Interface **
  ip address 11.11.11.1 255.255.255.248

  duplex auto
  speed auto
!        
interface FastEthernet1/0
  description ** WAN Interface **
  ip address 10.88.81.99 255.255.255.248
  duplex auto
  speed auto
!


You have two choices for how to apply WCCP here:


  1. Configure inbound redirection on the LAN (FastEthernet0/0) and WAN (FastEthernet1/0) interfaces.
  2. Configure WCCP inbound and outbound on the WAN (FastEthernet1/0) interface.


With option #2, you also need to configure the ip wccp redirect exclude in command on the WAAS interface (FastEthernet0/1).  Otherwise WCCP will not be able to distinguish between traffic coming from the LAN (FastEthernet0/0) and WAAS (FastEthernet0/1) interfaces.  Your final configuration for option #2 would look like this:


!

ip wccp 61

ip wccp 62

!
interface FastEthernet0/0

  description ** LAN Interface **
  ip address 10.10.10.1 255.255.255.0

  duplex auto
  speed auto
!
interface FastEthernet0/1
  description ** WAAS  Interface **
  ip address 11.11.11.1 255.255.255.248

  ip wccp redirect exclude in

  duplex  auto
  speed auto
!        
interface FastEthernet1/0
  description  ** WAN Interface **
  ip address 10.88.81.99 255.255.255.248

  ip wccp 61 redirect in

  ip wccp 62 redirec out
  duplex  auto
  speed auto
!


3.  In terms of IP addressing, WAAS Mobile behaves like a non-transparent proxy.  Traffic to and from your application servers will have the IP address of the WAAS Mobile server.


4.  Typically the WAAS Mobile server would be deployed in close proximity to the VPN termination device where the remote users are accessing the internal infrastructure.  I'd suggest you start by reviewing the WAAS Mobile Network Design Guide located here:


http://www.cisco.com/en/US/products/ps9523/products_installation_and_configuration_guides_list.html


If you have any additional questions, please feel free to post them to this forum.


Thanks,

Zach

adambalaban Fri, 12/11/2009 - 04:22
User Badges:

Hi Zach,


I also have few questions for you:


1. Are there any plans to change Licensing for Central Manager

(as I understand it needs Enterprise License, so far) ?

2. Currently WoW officially supports only 4 services: Print, ActiveD, DNS, DHCP.

Are there any plans to add more services?

Is that true, that if customer runs anything else on WoW it looses support for the whole virtual machine? (or maybe WAVE?) Or only those extra services are not supported?


3. WAAS Mobile: two questions here:

a)  I cannot find information whether WAAS Mobile client can do encryption by itself. Can it? I saw the option in client that suggest it, but no other official statement on that matter, also there is no info what kind of encryption it is (how weak/strong, is it standard-based, etc).

I only saw a statement, that the mobile client encrypts a few first (authentication) messages.

Could you comment, explain it?


b)  Documentation (Mobile Design Guide) says we have at least 2 options: to optimize round-trips or transport (optimize before or after the traffic is encrypted by some other means - like other vpn client or web plug-in). But I see no options to actually configure the mobile client in those 2 ways of optimization.

Is it possible to configure the mobile client in those 2 ways? Or is it a matter of configuration a VPN client? Can you point me to some documentation of how this can be achieved?



Thanks,

Adam.

Actions

This Discussion