Bhavin Yadav is a technical support engineer in the San Jose campus focusing on Technical Assistance Center (TAC) cases raised by customers for the Cisco WAAS solution and Web Cache Communication Protocol (WCCP) deployments. Yadav has five years of experience with WAN optimization products, which include Cisco WAAS as well as solutions from Riverbed and Blue Coat. He holds a bachelor's degree in computer science and CCNA certification.
The following experts were helping Bhavin to answer few of the questions asked during the session: Peter Van Eynde and Michael Schueler. Peter and Michael are support engineers and have vast knowledge in WAAS related topics.
Q. If WAE is hung what can be done to recover it?
A. There are multiple things that can be done here. First thing is to connect a console cable before you do anything, because most of times console output can give you some information. If you can't access WAE by any means then the only option is to turn it off and then back on. When the device boots up it will put the existing sessions in pass through mode and will optimize new connections passing through it as per policy)
Q. If WAE keeps reloading what can be done?
A. Connect the console cable and log the console output. Observe at which point WAE keeps reloading, may be a disk failure, or maybe a corrupt image, or maybe because of abnormal shut down of the unit. This will help to narrow down at which point it is reloading. One way to recover is to boot the device using the recovery disk. The recovery process is documented in configuration guide under the section maintaining your WAAS system. There are some 7 options to boot the unit using the recovery disk. One thing to note here is that if you are using recovery disk then you are going to loose your configuration and/or DRE partitions. 2
Q. How to troubleshoot if a particular application traffic is in pass through mode?
A. There are multiple reasons why the traffic may be in pass through mode. It may be because of asymmetric routing, or it may be because of policy or classifier, or may be the traffic is not being redirected through WCCP. In case of asymmetric routing enter the command "sh stat connection | in " on both side waas, initiate a connection, and look at the output of command. If you see a connection entry on one device but not on another then the traffic is not passing through other device. If you see connection entries on both sides but after some 30 seconds under detail connection, PT_asymmetric does not changes to PT_passthrough, you have asymmetric routing. If the session is in pass through because of policy, then check outut of command "sh stat connection | in " and it should show PT_policy passthrough.
Q. During production hours, what is the safest way to bypass traffic?
A. There are multiple ways we can bypass the traffic. Creating policies is the safest way, because it is not going to affect any existing traffic going through the waas. It will only affect the new session traffic for which the policy has been created. Turning off redirection completely or turning off application optimizer (AO) like CIFS or HTTP, will affect the traffic going through that AO at that time.
Q. Why we cant register to the HSRP addresses?
A. The reason that this is not a good idea is because an HSRP address is a virtual addresses, and it may flip between the routers depending on demand.
Q. Any WAAS design guide for sites with dual homed environment?
A. The WAAS configuration guide, chapter 2, talks about planning your waas network. It gives detail idea if you have many routers or WAAS devices at your site.
Q. How much can system report generation affect the WAAS in production?
A. System report generation affect the WAAS performance depending on the situation. For example if the CPU is running high or if there is a memory issue, waas may crash or create a core file. Generating system report is not recommended on a heavily loaded box. Although system report is essential for troubleshooting, since WAAS does not keeps history of issues once they disappear, and it is required in a lot of cases.
Q. Are WCCP debugs safe to run on production box?
A. WCCP debugs are safe to run, most of the time, since there are like 1 message every 10 or 15 seconds per WAE device. This is not heavy traffic that can affect the router or the WAAS device; however if router or WAAS is hitting 100% cpu it is not recommended to turn on WCCP debug.
Q. Is it possible to setup a WAE environment where one site is WCCP and other is inline?
A. Yes, it is possible to have WCCP running on one site and inline running on another, since these are just methods of redirecting traffic. As long as traffic passes through the WAAS on both sides, not making asymmetric routing, this will be fine
Q. How to monitor the health of WAE device using SNMP?
A. Enable SNMP alerts on WAAS directly. The configuration guide, under the section configuring SNMP monitoring, has all the options. You can download all the MIB's that you need for SNMP configuration and use these on SNMP server to understand the alerts.
Q. What are the different egress methods on WAE and is there any best practice on this?
A. Different egress methods on WAE are GRE, L2, hash, mask, etc. In case if you have single vlan subnet you can define any of these methods on WAAS itself. Remember that all WCCP related stuff is controlled by WAAS and the router is just accepting teh packets from WAAS and working on them.
Q. When is encrypted MAPI going to be supported?
A. Encrypted MAPI is there is product roadmap; although Cisco sales engineer or account manager will be in better position to give some deadline for this feature.
Q. On a large WAE network is it better to roll out software update via central manager or to save the update on WAE devices manually?
A. It is very important to define a proper deployment method if you have like 50 or more WAE over remote locations. It is good to use central manager to deploy and manager large WAE networks. You can define an update job in the central manager where you can specify that if you only want to download the image or you want to download and upgrade the image. So you can define a job to send the image to device at midnight and you can specify to just install the image but not to reboot the device. The device can be reloaded during a maintenance window or during off business hours.