The first thing that happens is that the WAEs add a TCP option (0x21) to the TCP Syn/Syn-ack during the session setup for WAE autodiscovery. These options are sent to both the client and the server to attempt to discover WAEs further up the line.
Once the WAEs discover each other, there is a seq number jump (as you referred) of 2 billion. This is only between the WAEs after they have negotiated optimization. Between the WAEs and the hosts (client and server), the seq number stays normal, this is to prevent optimized traffic from getting to a host if there is a WAE outage. The host received a huge jump in seq number and resets the connection preventing data issues with compressed payloads, etc.
Firewalls usually don't like unknown TCP options and seq number jumps, so firewalls can cause issues if they are between the WAEs attempting to optimization. Cisco Firewalls have options in the software to detect and allow WAAS optimizations so if you are using Cisco firewalls with newer code versions, you can integrate them with WAAS in your environment.
Is there a way to manually configure what the âinspect waasâ does on newer releases? I'm running ASA 7.0(8) because stability is a must. Would it be possible to apply a tcp-map allowing tcp options and disabling sequence number randomization? Am I missing something?
match access-list WAE-TCPopt
match access-list VoIP-RTP
tcp-options range 6 7 allow
tcp-options range 9 255 allow
inspect h323 h225
inspect h323 ras
set connection random-sequence-number disable
set connection advanced-options WAE
access-list VoIP-RTP line 1 extended permit udp any range 16384 32767 any range 16384 32767
access-list WAE-TCPopt extended permit ip 10.0.0.0 255.0.0.0 any
access-list WAE-TCPopt extended permit ip 172.16.0.0 255.240.0.0 any
access-list WAE-TCPopt extended permit ip 192.168.0.0 255.255.0.0 any
access-list WAE-TCPopt extended permit ip any 10.0.0.0 255.0.0.0
access-list WAE-TCPopt extended permit ip any 172.16.0.0 255.240.0.0
access-list WAE-TCPopt extended permit ip any 192.168.0.0 255.255.0.0
We couldn't solve it with 7.0(8). We did some sniffing, policies to permit TCP options and disabled SEC number randomization. We didn't want though to use legacy mode on WAAS. Finally we upgraded to 7.2(4) which was a TAC recommendation because they couldn't fix it either. As far as I'm concern, it cannot be done with 7.0(8).
The unmanaged mode is also known as Network only switching, which is introduced in Brazos release. It adds the flexibility for customer to use only network automation for service appliance.
If a device is configured a...
Usually, we can access ESXi Shell by pressing Alt+F1 from ESXi DCUI (Direct Console User Interface).
But on HyperFlex system, it just shows black window.
This is expected behavior because HyperFlex redirects ESXi Shell output to SoL...
Configuring an Export Policy Using the GUI
This procedure explains how to configure an Export policy using the APIC GUI. Follow these steps to trigger a backup of your data:
On the menu bar, choose Admi...