This discussion is locked

ASK THE EXPERTS : Setting up and troubleshooting WAAS with WCCP

Unanswered Question
Jun 20th, 2011

Read the bio

With

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn how to setup and troubleshoot Web Cache Communication Protocol Version (WCCP) redirection to Cisco Wide Areas Application Services (WAAS) devices with Cisco Expert Nicolas Fournier. Nicolas has worked in the Cisco Technical Assistance Center for six years where he is responsible for supporting full-time content technologies and focuses in the areas of Cisco Wide Area Application Services (WAAS) and TCP acceleration. He is a graduate of the Universite catholique de Louvain and holds CCIE #19944 Security certification.

Remember to use the rating system to let Nicolas know if you have received an adequate response.

Nicolas might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the shortly after the event. This event lasts through July 1st, 2011. Visit this forum often to view responses to your questions and the questions of other community members.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (3 ratings)
rattle143 Tue, 06/21/2011 - 04:53

Hi Nocolas

I have WAAS modules installed on 3 sites and a CM to manage these. i see many pass-thru traffic in the WAAS and i want to see what are these traffic. can i see it any way ?

asharmav Tue, 06/21/2011 - 05:15

Hi Sandy Pan,

"Show stat conn" , should list the connection , pass through connections will be identified as PT, check for these port numbers. Also do a "show run | " . This will give you if the pass through ports have been configured or waas. If these ports are not configured then you need to configure them under the classifier. Also by default some applications are passthough by default. You can see the classifiers to see which off these applications are already configured in passthrough mode.

Regards

Abijith

nfournie Tue, 06/21/2011 - 05:38

Hi Sandy,

I'm not aware of any way to see it from the Central Manager directly but you can easily see this from the CLI of your WAAS devices by issuing the following command:

show statistics pass-through

Taken from the config guide, here is an explanation of each entry you will find there:

Connection typeDescription
Overall

Total number of connections passed through.

No Peer

The connection is pass-through due to no peer WAE being found during TFO auto-discovery.

Rjct Capabilities

The connection is pass-through due to auto discovery finding that the peer WAE does not have the required capabilities.

Rjct Resources

The connection is pass-through due to auto discovery finding that the peer WAE does not have the required resources.

Rjct No License

Number of connections passed through due to no license.

App Config

Number of connections passed through due to policy configuration.

Global Config

Number of connections passed through due to optimization being disabled globally.

Asymmetric

Number of connections passed through due to asymmetric routing in the network (could be an interception problem).

In Progress

Number of connections passed through due to connections seen by the WAE mid-stream.

Intermediate

Number of connections passed through because the WAE was in between two other WAEs.

Internal Error

Number of connections passed through due to miscellaneous internal errors such as memory allocation failures, and so on.

App Override

Number of connections passed through because an application accelerator requested the connection to be passed through.

Server Black List

Number of connections passed through due to the server IP being present in the black list.

AD Version Mismatch

Number of connections passed through due to auto discovery version incompatibility.

AD AO Incompatible

Number of connections passed through due application accelerator versions being incompatible.

AD AOIM Progress

Number of connections passed through due to ongoing peer negotiations.

DM Version Mismatch

Number of connections passed through because directed mode, though enabled locally, is not supported by the peer device.

Peer Override

Number of connections passed through due to an  upstream serial peer handling optimization and telling this WAE not to  optimize the connection.

Bad AD Options

Number of connections passed through due to invalid auto discovery options.

Non-optimizing Peer

Number of connections passed through because the only peer found is configured as a non-optimizing serial peer.

Interception ACL

Number of connections passed through due to an interception ACL denying them.

If you want to see which hosts are generating this traffic you can also use the following command:

show statistics connection pass-through

It will give you the list of all pass-through connections going through your device.

You can also filter this output using the following options:

WAE#show statistics connection pass-through ?

  client-ip    Display passthrough connection statistics for client ip address

  client-port  Display passthrough connection statistics for client port number

  peer-id      Display passthrough connection statistics for peer idenitifier

  server-ip    Display passthrough connection statistics for server-ip

  server-port  Display passthrough connection statistics for server port number

  |            Output Modifiers

          

WAE#

I hope this is the info you were looking for but please let me know if there is anything else you would like to know.

Regards,

Nicolas

Jan Rockstedt Wed, 06/22/2011 - 02:41

Hi,

We have two datacenters with the same LAN, with two line's "load sharing" with BGP and two WAE's, running:

Interception Method:WCCP TCP Promiscuous
Egress Method:WCCP Negotiated Return


Somethimes we get "asymmetric asymmetric routing is seen in the device" when we run the diagnostic tests for the WCCP and sometimes it's ok.

Where should we start to look?

Jan Rockstedt

nfournie Wed, 06/22/2011 - 03:07

Hi Jan,

I believe the diagnostic tool is having a look at the output of the show statistics connection pass-through command for Asymmetric sessions.

If you issue the command right after a failed diagnostic, you should see some of those and hopefully, it will help you identify the traffic which is bypassing your WAE's.

Nicolas

Jan Rockstedt Wed, 06/22/2011 - 03:43

Hi Nicolas,

Thank for you reply.

Is there any special connection type for this issue?

As I have alot of passthrou, for diffrent reasons.

Jan

Jan Rockstedt Mon, 06/27/2011 - 02:38

Hi Nicolas,

We have problem to see the traffic in our provider IDS system and from the netflow from our two provider core router's.

As we are using Redirect and Return Method: WCCP GRE and not beeing able to use WWCP L2 we are cannot see the GRE traffic from our provider two router's.

My solution was to send an netflow from the two WAE also to our provider IDS system on the WAN side, but we can't do that as the WAE have limit configuration possibilities on port and UDP for the flow.

Can you recommend any solution for this?

Regards Jan Rockstedt

nfournie Mon, 06/27/2011 - 05:52

Hi Jan,

Neflow support on the WAE is meant for sending the data to a NAM so unfortunately, there isn't much tweaking you can do with it.

Could you let me know why you cannot use the reporting values of the router when WAAS is used with GRE return and negotiated return?

You might be missing the destination interface of the flow because of CSCsl30451 but AFAIK you should still see the flows when they originally hit the router.

Regards,

Nicolas

Jan Rockstedt Mon, 06/27/2011 - 06:05

Hi Nicolas,

So maybe it have something to do with CSCsl30451.

If i do an trafic report from the IDS system on the hole subnet I can see alot of trafik on the WAE using GRE, it is on the top hosts.
If do on the specific host I can also see the trafic on that host, but I need to know as an first step, the trafic as an overview on the subnet.

Could it be the CSCsl30451?

Jan

Jan Rockstedt Mon, 06/27/2011 - 07:03

Hi Nicolas,

Cisco IOS Software, 3800 Software (C3845-SPSERVICESK9-M), Version 12.4(15)T10, RELEASE SOFTWARE (fc3)

Jan

nfournie Mon, 06/27/2011 - 07:24

Hi Jan,

Then you are not facing CSCsm35350 since it is fixed in this version.

I did some researches on your issue and found two other possible candidates that might explain what you see:

If you are using Flexible Netflow:

CSCsl76763 FNF is double accounting WCCP GRE return packets

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsl76763

If you are using Traditional Netflow:

CSCti86131 2811 WAN usage reporting incorrect with WAAS

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCti86131

Regards,

Nicolas

davidmershon Thu, 06/30/2011 - 10:55

are network environment is planning to implement IPv6, we are using wccpv2 which at present does not support, will wccpv3 be coming out soon and will it support IPv6 and will it support Active and Passive FTP modes?

nfournie Thu, 06/30/2011 - 11:29

Hi David,

WCCP IPV6 support will be added in IOS 15.2(3)T which unfortunately doesn't have a committed date yet.

Regarding FTP support, are you asking if WCCP will become application aware and will be able to redirect the FTP data connection after redirecting the control channel only? If that is the case, I'm afraid the answer will be no as the other features that should be added with IPV6 should be configurable router-id as well as variable timers.

Regards,

Nicolas

Zubair.Sayed_2 Fri, 07/01/2011 - 02:19

Hi Nicolas.

We have a few WAAS devices in our environment and we currently optimize http/https traffic. We are looking at the possibility of optimizing Video on our WAN.

If this is not the right place to discuss this where can I find more information about this subject?

Regards

Zubair

nfournie Fri, 07/01/2011 - 03:00

Hi Zubair,

The WAAS Video Accelerator was designed to perform what you want to achieve if you are using RTSP over TCP.

You'll need to get the Video license to be able to use it but once it is done, you can enable the accelerator and you should start getting benefit from the Video AO as soon as it is optimized.

Here is how it needs to be configured:

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v441/configuration/guide/policy.html#wp1067346

and here is an example of how it can be integrated with a DMS system for instance:

http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/white_paper_C11-499858.html

Regards,

Nicolas

Actions

Login or Register to take actions

This Discussion

Posted June 20, 2011 at 9:03 AM
Stats:
Replies:17 Avg. Rating:
Views:6447 Votes:0
Shares:0

Related Content

Discussions Leaderboard