Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WAAS DISCOVERS NO PEER

Hello,

I have two waas boxe, one in the data centre as teh core and the other as the edge. They both register with the central manager and they both see traffic but everything is passthrough as no policies are applied. They are in the same device group so that is not the problem. The issue is the two devices dont peer with each other. What could be the problem as the configs on the waes are standard and have been used successfully before in pervious deployments. Could it be one of the boxes have a problem and how can i check?

15 REPLIES
Cisco Employee

Re: WAAS DISCOVERS NO PEER

Have you verified that both WAEs are seeing traffic? Do you see all the connections in both under "sh tfo con sum"? If so, what are the PT reasons they list?

Thanks,

Dan

New Member

Re: WAAS DISCOVERS NO PEER

Hi Dan,

Yes.Both WAEs see traffic. The reasons listed are PT in progress and PT no peer. As a result there are not blue boxes on the topology page.

Cisco Employee

Re: WAAS DISCOVERS NO PEER

Do both WAEs see the same traffic in the connection lists?

How are you intercepting? Can you share your topology?

kmr
New Member

Re: WAAS DISCOVERS NO PEER

I am having the same issue after upgrading to 4.1.1. I opened a TAC case over an hour ago but have not received a return call.

Can you detail what commands in CLI to use to provide the information you are requesting?

UPDATE: sh auto-discovery list

E: Established, S: Syn, A: Ack, F: Fin, R: Reset

s: sent, r: received, O: Options, P: Passthrough

Src-IP:Port Dst-IP:Port Orig-St Term-St

Edge WAE is not performing auto-discovery? Core WAE is performing auto-discovery.

Cisco Employee

Re: WAAS DISCOVERS NO PEER

The commands in 4.1 have changed to more reflect parity across the show commands and other new feature commands.

Have you got what you needed from the TAC?

Dan

kmr
New Member

Re: WAAS DISCOVERS NO PEER

TAC was able to point me in the right direction.

Cisco Employee

Re: WAAS DISCOVERS NO PEER

Great. Good luck with your deployment.

Dan

New Member

Re: WAAS DISCOVERS NO PEER

What did TAC have you do? I'm having the same problem.

kmr
New Member

Re: WAAS DISCOVERS NO PEER

For me, changes were made to routing. Multiple routes existed for the redirected traffic, it was not being intercepted properly and peer discovery was not occuring properly.

New Member

Re: WAAS DISCOVERS NO PEER

I am having the same issue. How did you find the multiple routes and what were they to? Where there multiple routes from the edge to the core or core to edge? I am going to the client tommorow hopefully thats it.

New Member

Re: WAAS DISCOVERS NO PEER

I was able to resolve my issue by changing the access list for the WCCP. I guess this is something to do with the changes when going to transperent mode. Previously I had an access list with a permit on the core to the edge networks, and at the edge I had an access list with a permit from the edge to the core networks. After the change to the transparent I had to put a permit on both sides.

So before I had an access list similar to this:

access-list 120 permit ip 192.168.1.0 0.0.255.255 192.168.2.0 0.0.255.255

access-list 120 deny ip any any

Now I have something like:

access-list 120 permit ip 192.168.1.0 0.0.255.255 192.168.2.0 0.0.255.255

access-list 120 permit ip 192.168.2.0 0.0.255.255 192.168.1.0 0.0.255.255

access-list 120 deny ip any any

A quick way to test this is just to change the WCCP to not use an access list by using the commands:

ip wccp 61

ip wccp 62

Obviously this doesn't apply if you are using WAAS inline.

New Member

Re: WAAS DISCOVERS NO PEER

we have this on the edge, where 10.32.1.0/25 is the lan side of the remote

access-list 100 permit ip 10.32.1.0 0.0.0.127 any

access-list 100 permit ip any 10.32.1.0 0.0.0.127

and this on the core so it should be good.

access-list 100 permit ip 10.32.1.0 0.0.0.127 any

access-list 100 permit ip any 10.32.1.0 0.0.0.127

However i do agree on taking the acl off to see if that it.

New Member

Re: WAAS DISCOVERS NO PEER

Just a FYI that we had rebooted both the cores one at a time and that seems to have fixed it. Weird.

New Member

Re: WAAS DISCOVERS NO PEER

yes they see the same traffic in the connection lists. Please see

below

CORE

10.12.14.7:445 10.12.20.14:4955 PT No Peer

10.12.20.69:3049 10.2.50.103:80 PT No Peer

10.12.29.158:4427 10.12.14.73:1144 PT In Progress

10.12.14.11:8080 10.12.20.62:1855 PT Server Blackli

10.12.14.14:1199 10.12.20.89:3620 PT No Peer

10.12.20.62:1785 10.12.14.7:445 PT In Progress

10.12.29.21:1256 10.2.50.97:80 PT In Progress

10.12.29.33:2248 10.12.14.6:135 PT App Cfg

10.12.29.83:4882 10.2.50.97:80 PT No Peer

10.12.14.9:1142 10.12.29.33:2241 PT In Progress

10.12.14.4:1025 10.12.20.62:1758 PT In Progress

10.12.14.14:1199 10.12.29.28:2361 PT No Peer

10.12.20.33:3448 10.12.14.3:1202 PT In Progress

10.12.20.66:4486 10.12.14.6:135 PT In Progress

10.2.50.97:80 10.12.29.83:4882 PT No Peer

10.12.14.7:445 10.12.20.90:3666 PT In Progress

10.12.29.220:2749 10.12.1.179:1433 PT In Progress

10.12.20.78:3915 10.12.14.14:80 PT No Peer

10.12.20.14:4891 10.12.14.9:1142 PT In Progress

10.12.29.25:4487 10.12.14.14:80 PT No Peer

10.2.50.97:80 10.12.29.85:4612 PT In Progress

10.12.29.56:4305 10.12.14.6:1025 PT In Progress

EDGE

10.12.20.113:3178 10.2.50.103:80 PT No Peer

10.12.14.14:1199 10.12.20.89:3620 PT No Peer

10.12.14.14:1199 10.12.20.32:1489 PT In Progress

10.12.20.62:1887 10.12.14.11:8080 PT In Progress

10.12.14.11:8080 10.12.20.62:1887 PT In Progress

10.12.20.54:1849 10.12.14.3:1202 PT In Progress

10.12.14.14:1199 10.12.20.188:3845 PT In Progress

10.12.14.236:80 10.12.20.78:3918 PT No Peer

10.12.14.4:1025 10.12.20.69:3025 PT In Progress

10.15.1.3:1154 10.12.20.35:50478 PT No Peer

10.12.14.9:1142 10.12.20.75:2770 PT In Progress

10.12.20.75:2773 10.12.14.9:1035 PT No Peer

10.12.14.7:445 10.12.20.63:1492 PT No Peer

10.12.20.75:2767 10.12.14.9:1142 PT No Peer

10.9.1.13:1390 10.12.20.13:2597 PT In Progress

10.12.14.14:1199 10.12.20.69:3055 PT In Progress

10.12.20.78:3915 10.12.14.14:80 PT No Peer

10.2.50.119:8085 10.12.20.62:1903 PT No Peer

10.12.14.9:1142 10.12.20.75:2771 PT In Progress

10.12.20.75:2680 10.9.1.13:1390 PT In Progress

10.12.20.14:4891 10.12.14.9:1142 PT No Peer

10.9.1.13:1390 10.12.20.75:2680 PT In Progress

10.12.14.11:8080 10.12.20.62:1904 PT Server Blacklist

10.12.20.78:3918 10.12.14.236:80 PT No Peer

The core wae is in a separate subnet hanging off the WAN aggregation

router and intercepting traffic using wccp

The edge wae is using wccp egress method to intercept traffic at the remote site

i am running version 4.0.17 and i dont have the command sh auto-discovery list

is there a way out here?

Cisco Employee

Re: WAAS DISCOVERS NO PEER

Do you have any firewalls in between the edges and cores? The fact that your connections are not seeing any peers and some blacklisting may show that something is blocking autodiscovery, possibly due to the TCP options during the syn/syn-ack.

Another thing to look at is if you are intercepting on all of your WAN egress points? Possibly some asynchronise routes where you are not doing interception? Doing traceroutes from the client and server side will assist in tracking something like that down.

The command in 4.0 is "sh tfo auto-discovery list". Another good on is to do "edge-fe1#sh tfo auto-discovery blacklist" to see if you are getting a lot of hits on connections that are getting dumped by firewalls or other deep packet inspection technology.

Dan

1513
Views
0
Helpful
15
Replies
CreatePlease login to create content