This discussion is locked

ASK THE EXPERTS - CISCO WIDE AREA APPLICATION SERVICES

Unanswered Question
Jul 16th, 2010

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to learn how to configure and trouble shoot Cisco Wide Area Application Services with Mike Korenbaum and Smita Nambiar. Mike is a network consulting engineer for the Cisco Wide Area Application Services (WAAS) Planning, Design and Implementation Help Desk. He has been with Cisco for four years, three of which were spent supporting Application Networking Services products in the Cisco Technical Assistance Center. His area of expertise include product configuration, support, and design for Cisco's major application network products.

Smita is a network consulting engineer with the Cisco Wide Area Application Services (WAAS) Planning, Design and Implementation team.  She has been with Cisco for more than four years, starting as a customer support engineer for the Application Networking Services team in the Cisco Technical Assistance Center. Her area of expertise include design, implementation, and troubleshooting for Cisco's major application network products.

Remember to use the rating system to let Mike and Smita know if you have received an adequate response.

They might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through July 30, 2010. Visit this forum often to view responses to your questions and the questions of other community members.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
mario-leitao Mon, 07/19/2010 - 06:22

I have a scenario with two routers, two wae´s on each branch leading to some asynchronous routing issue related to the waas optimizations. What are the options I have to make this optimal without using PBR.

Michael Korenbaum Mon, 07/19/2010 - 06:42

Since you mentioned asymetric routing, if you are using WCCP redirection at your edge configure your WCCP egress-method for negotiated return.  This will have the WAE send the traffic back to the intercepting router.  If your edge routers are 6500/7600's then you will need to use egress-method generic-gre because negotiated return is not supported.

Here is the configuration guide which describes both scenarios in more detail.

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v411/configuration/guide/traffic.html#wp1106308

Cheers,

Mike Korenbaum

mario-leitao Mon, 07/19/2010 - 06:52

Hi Mike,

   I would like to know more info about version 4.2.1. I heard that cisco said it was a big innovation, but do you have any comparison test for us to know how much performance gain do we get by upgrading to this version? Is this version stable for a new deployments?

mrrussell Tue, 07/20/2010 - 06:57

HI Mike, I'm after some advise on Windows on WAAS configuration, which I have configured on a single virtual blade on a WAVE574 (with 6Gbytes).

A WAAS blade will be low cpu use as it not to be used as a Filer, mail server, Web Server (etc), just Backup Domain Controller, DHCP, DNS, Print Server etc. Is this enforced to keep the impact on WAAS Acceleration down? If yes, presumably it is not enforced with a Customers own OS installed. Perhaps it’s the dedication of a cpu (along with Disk and memory space) that keeps Virtual blade separate from the WAAS acceleration.

How do you setup services on the Win 2008 Server (as bought with the WAVE574) with only a command prompt window? Is this actually a Windows 2008 Server core installation only? If so this is not obvious from the Documentation/product notes.

Also if a Customer installs his own full Windows OS on a blade will this give them a full Windows GUI interface and thus consume more WAVE device resources disk/memory/cpu– Cisco only points you at general Microsoft Windows Server 2008 documentation for any Windows configuration.

IPconfig on the Windows OS cmd.exe window shows the IP address as 169.254.175.54/16 whereas the virtual interface attached is (in our lab setup) 192.168.1.41/24 (VNC to 192.168.1.41:1). Thus any pings do not reach external devices, so presumably Windows services are then not available on the Network, nor can any Windows updates be received, what additional configuration do I need?

Many Thanks

Mick

Michael Korenbaum Tue, 07/20/2010 - 07:28

Hi,

In the first release of WoW the primary focus was for these services, which was why Windows 2008 Core was provided.

However, in the most recent release of WAAS 4.2 we have Microsoft SVVP certification to run Windows 2008 R2 on our virtual blade.  In this release you are able to assign multiple CPU cores, and take advantage of the virtio network drivers for increased performance and throughput.

Here are the releases notes for WAAS 4.2 for your reference:

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v421/release/notes/ws421xrn.html#wp90802

A customer can run their own copy of Windows or purchase WoW.  There is no technical difference between a customer buying Windows 2008 Core or R2 from Microsoft or as a bundle from Cisco with a WAVE appliance.

The services you have called out are generally low cpu utilization services, but there is nothing stopping you from running other applications on this server (no matter if it's their own copy of Windows or WoW).  We would just ask that you properly qualify these other applications in a proof of concept/ lab environment before putting this into production.  You would really want to stay away from applications that have heavy disk I/O.  With the advancement in the latest WAAS release CPU utilization and Network I/O should be of less of a concern, but definitely something to keep an eye on depending on the nature of the application you are looking to run.

From your description it seems you have Windows 2008 Core running as a virtual blade on your WAVE.  So you are correct all configuration will need to be done via the command line.

Below is a command reference cheat sheet that's been compiled from various sources which should help you initially configure your Windows Server via command line.  If you need more Windows configuration assistance than the information below I'd suggest you check the Microsoft documentation/ contact their support.

Let me know if you have any other questions or require further information/clarification.

Cheers,

Mike

Windows Server 2008 Command Reference Kick Start

Below is a listing of essential Windows server commands. Regrettably there is no ‘tab’ functionality as there is in IOS.

Managing Windows 2008 Server Core through RDP

Enable RDP

cscript C:\Windows\System32\Scregedit.wsf /ar 0

Verify RDP settings

cscript C:\Windows\System32\Scregedit.wsf /ar /v

Allow RDP connections from down-level RDP client

cscript C:\Windows\System32\Scregedit.wsf /cs 0

Poke a hole in the firewall to allow RDP Management

netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes

Configuring Basic Network Settings

Get NIC’s Index (look at IDX column of target NIC. Use this value in following commands)

netsh interface ipv4 show interfaces

Set Static IPv4 Address

netsh interface ipv4 set address name="" source=static address= mask= gateway=

Set Interface for DHCP

netsh interface ipv4 set address name="" source=DHCP

Set Static DNS Servers (Repeat for each entry incrementing index value by one each time.

netsh interface ipv4 add dnsserver name="" address= index=1

Additional Configuration/useful Commands

Rename Server

netdom renamecomputer /NewName:

Join Server to Domain

netdom join /domain: /userd: /passwordd:*

Enable ICMP replies through the firewall

netsh firewall set icmpsetting 8

Enable Windows Remote Shell (use WinRS from Vista to send commands)

WinRM quickconfig

Enable remote management of firewall from Vista Machine

netsh advfirewall set currentprofile settings remotemanagement enable

Enable remote management from any MMC snap-in through Firewall

netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

Reboot Server now

Shutdown /r /t 0

Shutdown and halt server

Shutdown /s /t 0

Start Task Manager

Taskmgr

Control Panel Time/Date settings applet

Control timedate.cpl

Get basic system info

Systeminfo

Log off console or terminate RDP session

Logoff

List Available Roles and Features

Oclist

Install Role or Feature (use oclist to enum roles. Roles are case sensitive)

Ocsetup

Install AD Role (must pre-create unattend text file)

dcpromo /unattend:

Install DNS Server Role

ocsetup DNS-Server-Core-Role

Appendix B: Links for Additional Information on Windows Server

Active Directory Domain Interoperability

http://www.serverwatch.com/tutorials/article.php/3728211

http://www.serverwatch.com/tutorials/article.php/3734071

Active Directory Primer

http://www.enterprisenetworkingplanet.com/netsysm/article.php/2221041

How to Install Server 2008

http://www.petri.co.il/how-to-install-windows-server-2008-step-by-step.htm

Sizing a Windows Server 2008 Machine

Component

Requirement

Processor

• Minimum: 1GHz (x86   processor) or 1.4GHz (x64 processor)
• Recommended: 2GHz or faster
Note: An Intel Itanium 2 processor is required for Windows Server 2008 for   Itanium-based Systems

Memory

• Minimum: 512MB RAM
• Recommended: 2GB RAM or greater
• Maximum (32-bit systems): 4GB (Standard) or 64GB (Enterprise and   Datacenter)
• Maximum (64-bit systems): 32GB (Standard) or 2TB (Enterprise, Datacenter   and Itanium-based Systems)

Available Disk Space

• Minimum: 10GB
• Recommended: 40GB or greater
Note: Computers with more than 16GB of RAM will require more disk space for   paging, hibernation, and dump files

Drive

DVD-ROM drive

Display and   Peripherals

• Super VGA (800 x   600) or higher-resolution monitor
• Keyboard
• Microsoft Mouse or compatible pointing device

mrrussell Wed, 07/21/2010 - 00:42

Mike, thanks for the comprehensive reply, particularly on Windows services, as a network personlike myself struggels to getto grips with Windows environments. On the virtual blade, I'm going to set it up with the Paravirtualisation available in V4.2.1 to take advantage of the better resource sharing. This link also has tips on setting up Win 2008 server core - http://www.petri.co.il/configuring-windows-server-2008-networking-settings.htm

Thanks

Mick

Jan Rockstedt Wed, 07/21/2010 - 02:07

Hi,

I have an question about the inlinecard.

If the inlinecard and ports have half duplex settings then the CMA will give me an alarm.

But if the inlinecard and the ports have diffrent speed, there is no alarm for this.

Does this mean that there is not problem to run for example LAN0 in 1000/full and WAN0 100/full ?

Regards Jan Rockstedt

Michael Korenbaum Wed, 07/21/2010 - 05:52

Hi Jan,

The recommended settings for Inline deployments is to hard code the inlinegroup to 100/full if one or both of the devices connected to the lan and/or wan port is Fast Ethernet.

You should then also hard code the devices that connect to the lan and wan side to 100/full as well.

If everything is Gigabit Ethernet then leave all ports set to auto sense.

Cheers,

Mike

nyeinchantun Fri, 07/23/2010 - 00:37

Hi , i want to check error bits in wan connection between cisco 2811 routers. i mean, when i type " - router # show interfaces fa0/0, i can see follow this

router #sh int s0/0/0
Serial0/0/0 is up, line protocol is up
  Hardware is GT96K Serial
  Description: VSAT link SCPC to PLC
  Internet address is 10.56.15.5/30
  MTU 1500 bytes, BW 512 Kbit, DLY 20000 usec,
     reliability 255/255, txload 32/255, rxload 25/255
  Encapsulation FRAME-RELAY, loopback not set
  Keepalive not set
  LMI DLCI 1023  LMI type is CISCO  frame relay DTE
  FR SVC disabled, LAPF state down
  Broadcast queue 0/64, broadcasts sent/dropped 610645/0, interface broadcasts 5
26819
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 8w2d
  Input queue: 0/75/221/0 (size/max/drops/flushes); Total output drops: 109425
  Queueing strategy: dual fifo
  Output queue: high size/max/dropped 0/256/0
  Output queue: 0/128 (size/max)
  5 minute input rate 52000 bits/sec, 87 packets/sec
  5 minute output rate 66000 bits/sec, 97 packets/sec
     398942059 packets input, 1330482676 bytes, 8 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     647194 input errors, 647190 CRC, 138219 frame, 8783 overrun, 0 ignored, 167
296 abort
     410700606 packets output, 2616033213 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 output buffer failures, 0 output buffers swapped out
     1230 carrier transitions
     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

router #

you can see 647194 input errors on show messages,but it's show only every 5 minutes. i want to get error bits in every seconds & wanna make record. so how can i do? need any other software ? plz advise& reply me as soon as possible, thanks a lot.

Michael Korenbaum Fri, 07/23/2010 - 05:32

Hi nyein chan tun,

I believe you have posted your query to the wrong forum.  This forum is for questions specific to WAAS configuration and troubleshooting.  I would suggest you post your question the WAN routing and switching forum here:

https://supportforums.cisco.com/community/netpro/network-infrastructure/routing

From the output provided it seems you have a very high number of CRC errors which generally indicates a layer 1 or 2 problem (e.g. speed/ duplex mismatch or similar).   However, please post your question to the correct forum so the true WAN routing and switching experts can answer.

Regards,

Mike

dt59083 Mon, 07/26/2010 - 06:45

Is there a way to easily see in the Central Manager what the historical connection count has been on a specific WAE?  We're wanting to monitor to see how close we're coming to the 1500 connection limit on specific WAE 512's.  Today when we're looking for that information we shell to the WAE in question and run a script that issues the "sh stat conn optimized | inc Current Active Optimized Flow" command once a minute which we later parse out.  It would be helpful if the CM could give us that information but I haven't been able to find it yet.

smnambia Mon, 07/26/2010 - 08:41

On the CM there is no way currently to see the historical connection statistics.We can look at the active connections for each wae device under Monitor--Connection Statistics,but no historical flow information is displayed.

On the wae cli there are a few commands that will show you the current tcp connection statistics and the closed tcp connection statistics

From the wae cli enter the command sh stat connection and when you hit enter you will see the following information at the begining along with all the optimized and pass-through flow information

System Initialization Finished

.
DC2-WAE#sh stat conn

Current Active Optimized Flows:                      0
   Current Active Optimized TCP Plus Flows:          0
   Current Active Optimized TCP Only Flows:          0
   Current Active Optimized TCP Preposition Flows:   0
Current Active Auto-Discovery Flows:                 0
Current Reserved Flows:                              80
Current Active Pass-Through Flows:                   0
Historical Flows:                                    0

Current Active Optimized Flows: Number of current active optimized TCP connections of all types.

Current Active Optimized TCP Plus Flows :Number of current active connections using DRE/LZ optimization or handled by an accelerator.

Current Active Optimized TCP Only Flows :Number of current active connections using TFO optimization only.

Current Active Optimized TCP Preposition Flows :Number of current active connections that were originated by an accelerator to acquire data in anticipation of its future use.

Current Active Auto-Discovery Flows :Number of current active connections in the auto-discovery state.

Current Reserved Flows :Number of connections reserved for the MAPI accelerator. It appears for all accelerators.

Current Active Pass-Through Flows :Number of current active pass-through connections.

Historical Flows :Number of closed TCP connections for which statistical data exists.


You could also check the sh stat conn closed command to see the closed connection statistics.

Following is the command refrence for the different sh stat conn options that we could run from the wae cli

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v421/command/reference/execmds.html#wp1689190

Thanks

-Smita

andrew.andy316 Mon, 07/26/2010 - 08:43

Hey Guys,

I have a WAAS device that apparently has a hard disk problem. Could you look at the below output and give me your thoughts? Your help would be greatly appreciated.

No directory /local/local1!
Logging in with home = "/".
System is initializing. Please wait...
Please use 'show disks details' to monitor system status.
Disk based software not installed.
Some applications may not run correctly!


RIPONRD-NMWAE#sh disks detail

Physical disk information:
  disk00: Not used  (*)
  disk01: Not present or not responding

(*) Disk drive won't be used until replaced.

Mounted file systems:
MOUNT POINT      TYPE       DEVICE                SIZE     INUSE      FREE USE%

No RAID devices present.

System is initializing. Please wait...
Disk encryption feature is disabled.
RIPONRD-NMWAE#

smnambia Mon, 07/26/2010 - 09:00

As you are seeing the message

Disk based software not installed.
Some applications may not run correctly!

You will need to run the rescue(recovery) cd on this wae device and rebuild the device.

When you do this you will loose all disk information.

Following is the link on how to use the recovery cd

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v421/configuration/guide/maint.html#wp1173532

Following is the link to download the recovery cd iso image

http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=4.1.7&mdfid=280484571&sftType=Wide+Area+Application+Services+%28WAAS%29+Software&optPlat=&nodecount=10&edesignator=null&modelName=Cisco+Wide+Area+Application+Services+%28WAAS%29+Software&treeMdfId=268437639&modifmdfid=null&imname=&treeName=Application+Networking+Services&hybrid=null&imst=null

You will need to login(using your cco account) to download the iso image. Depending on what wae software you will need on that device please download that particular iso image.

Make sure you follow the sequence options mentioned in the documentation while running the recovery image.

Thanks

-Smita

andrew.andy316 Mon, 07/26/2010 - 09:08

Thanks Smita, will try that and get back to you.

pokwan Tue, 07/27/2010 - 19:05

Hi,

Can you please advise how do I resolve TFO overload?

Thanks.

PF

sh tfo status
  Optimization Status:
     Configured: optimize full
     Current: no optimization, TFO Overloaded

  This device's ID:  00:14:5e:95:22:85

  TFO is up since Thu Jul  2 08:32:51 2009

  TFO is in overload state due to:
              Max connections
  Total number of entries into overload state since start: 2
  Time of last entry into overload state:                  Fri Jul 16 05:31:49 2010

Michael Korenbaum Wed, 07/28/2010 - 07:47

Hi,

As Jan pointed out by referencing the WAAS Troubleshooting Wiki, there is nothing you can do from a configuration standpoint to resolve a TFO overload condition. 

According to the output you provided your WAE has reached its connection limit.  The only way to come out of this condition is for a number of connections to be closed by the clients/servers, thereby reducing the number of concurrent optimized connections handled by this WAE.  Once the WAE drops below its connection limit threshold the alarm will clear and new TCP sessions will be optimized.  Note, while in a TFO overload condition all new TCP sessions will be placed in pass through (e.g. not optimized).

What device model is this and does it have a memory upgrade?

How many users/computers are at this site?

Is this an edge site or a data center site?

Cheers,

Mike

wrobbin Wed, 07/28/2010 - 07:56

Also do you optimze the Cisco Default package or have you added your own classifers? only a few options there

1. Upgrade Memory

2. Get a bigger box

3. Reduce what type of traffic you are optimizing.

there a prob a few other but those are the one i can think of right now

pokwan Thu, 07/29/2010 - 17:16

Hi,

Thanks.

We optimize CISCO default package.

PF

pokwan Thu, 07/29/2010 - 17:12

Mike,

Thanks.

The model is WAE-512-K9, no memory upgrade

There is about 80 users.

It is an edge device

Thanks.

PF

Michael Korenbaum Thu, 07/29/2010 - 17:21

PF,

A WAE-512 with 1GB of memory (the default), can support up to 600 concurrent optimized TCP sessions.  As a general guide when sizing a WAAS appliance we assume 10 concurrent TCP sessions per user.  Since you have 80 users, that puts you around 800 concurrent TCP sessions, which is why you are seeing TFO overload due to max connections.

If you device is constantly in and out of overload due to max connections I would think this edge site is undersized, and you may want think about adding a second WAE or upgrading this site to new WAE that can handle more connections.

When deciding on expanding or implementing a WAAS network I'd suggest you consult the WAAS sizing tool here:

http://tools.cisco.com/WAAS/sizing/

Cheers,

Mike

pokwan Thu, 07/29/2010 - 17:46

Mike,

Thanks very much for your help. It is much appreciated.

PF

wrobbin Wed, 07/28/2010 - 07:53

How would I implement a Secondary Central Manager in to an already existing WAAS infrastructure?

ddianis Wed, 07/28/2010 - 09:04

Is there any way to avoid negative compression?  When I drill down on some of my TCP connections, I see good, actually, great READ compression, but 'negative' compression on WRITEs.  Can I exclude WRITE traffic somehow in the policy?

smnambia Wed, 07/28/2010 - 10:13

There is no way to disable just the write compression.You can disable the LZ compression entirely

If you are seeing this issue for a particular application,that has compression enabled then what you could do is have a custom policy for this  application and in the Action,instead of choosing Full optimization you can try the other options

TFO only

or

TFO+DRE

or

TFO+LZ

and check if this helps that application to avoid the negative write compression.

Could you also share the output for a particular tcp connection where you see good read vs write compression from both the wae's?

Also are you seeing this for particular application,then please do let us know the application name and version being used.

Thanks

-Smita

ddianis Wed, 07/28/2010 - 11:37

The application is from EMC, its a data replication application called SRDFA.

This is from the source WAE.  The Read optimization is really good, the Write seems very strange.

~~~~~~~~~

Traffic Statistics Original Optimized
Read : 25 GB 62 MB
Write : 281 MB 2 GB
Total : 25 GB 2 GB
Percentage Compression: -
Effective Capacity:

smnambia Wed, 07/28/2010 - 13:45

Are you presently using the wae devices in the Replication Accelerator (RA) mode?

Do you see the same read,write optimization even on the peer wae?

It would be nice if you could send me the read, write output from both the wae's for a particular tcp connection to check.

EMC SRDFA-IP(1748 port) works best when WAAS is used in Replication Accelerator(RA) Mode. We do have a default policy for fully optimizing this traffic in RA mode.

Following is the link to RA mode deployment guide

http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns377/deployment_guide_c07-490578.html

Thanks

-Smita

Actions

Login or Register to take actions

This Discussion

Posted July 16, 2010 at 1:21 PM
Stats:
Replies:31 Avg. Rating:5
Views:7400 Votes:0
Shares:0

Related Content

Discussions Leaderboard