Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to learn how to configure and trouble shoot Cisco Wide Area Application Services with Mike Korenbaum and Smita Nambiar. Mike is a network consulting engineer for the Cisco Wide Area Application Services (WAAS) Planning, Design and Implementation Help Desk. He has been with Cisco for four years, three of which were spent supporting Application Networking Services products in the Cisco Technical Assistance Center. His area of expertise include product configuration, support, and design for Cisco's major application network products.
Smita is a network consulting engineer with the Cisco Wide Area Application Services (WAAS) Planning, Design and Implementation team. She has been with Cisco for more than four years, starting as a customer support engineer for the Application Networking Services team in the Cisco Technical Assistance Center. Her area of expertise include design, implementation, and troubleshooting for Cisco's major application network products.
Remember to use the rating system to let Mike and Smita know if you have received an adequate response.
They might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through July 30, 2010. Visit this forum often to view responses to your questions and the questions of other community members.
I have a scenario with two routers, two wae´s on each branch leading to some asynchronous routing issue related to the waas optimizations. What are the options I have to make this optimal without using PBR.
Since you mentioned asymetric routing, if you are using WCCP redirection at your edge configure your WCCP egress-method for negotiated return. This will have the WAE send the traffic back to the intercepting router. If your edge routers are 6500/7600's then you will need to use egress-method generic-gre because negotiated return is not supported.
Here is the configuration guide which describes both scenarios in more detail.
I would like to know more info about version 4.2.1. I heard that cisco said it was a big innovation, but do you have any comparison test for us to know how much performance gain do we get by upgrading to this version? Is this version stable for a new deployments?
The best place to start would be the release notes found here:
Review the new/changed features section and let me know if you have specific questions about any of the new features.
Yes, this would be the recommended code for all new deployments and/or proof of concepts.
HI Mike, I'm after some advise on Windows on WAAS configuration, which I have configured on a single virtual blade on a WAVE574 (with 6Gbytes).
A WAAS blade will be low cpu use as it not to be used as a Filer, mail server, Web Server (etc), just Backup Domain Controller, DHCP, DNS, Print Server etc. Is this enforced to keep the impact on WAAS Acceleration down? If yes, presumably it is not enforced with a Customers own OS installed. Perhaps it’s the dedication of a cpu (along with Disk and memory space) that keeps Virtual blade separate from the WAAS acceleration.
How do you setup services on the Win 2008 Server (as bought with the WAVE574) with only a command prompt window? Is this actually a Windows 2008 Server core installation only? If so this is not obvious from the Documentation/product notes.
Also if a Customer installs his own full Windows OS on a blade will this give them a full Windows GUI interface and thus consume more WAVE device resources disk/memory/cpu– Cisco only points you at general Microsoft Windows Server 2008 documentation for any Windows configuration.
IPconfig on the Windows OS cmd.exe window shows the IP address as 169.254.175.54/16 whereas the virtual interface attached is (in our lab setup) 192.168.1.41/24 (VNC to 192.168.1.41:1). Thus any pings do not reach external devices, so presumably Windows services are then not available on the Network, nor can any Windows updates be received, what additional configuration do I need?
In the first release of WoW the primary focus was for these services, which was why Windows 2008 Core was provided.
However, in the most recent release of WAAS 4.2 we have Microsoft SVVP certification to run Windows 2008 R2 on our virtual blade. In this release you are able to assign multiple CPU cores, and take advantage of the virtio network drivers for increased performance and throughput.
Here are the releases notes for WAAS 4.2 for your reference:
A customer can run their own copy of Windows or purchase WoW. There is no technical difference between a customer buying Windows 2008 Core or R2 from Microsoft or as a bundle from Cisco with a WAVE appliance.
The services you have called out are generally low cpu utilization services, but there is nothing stopping you from running other applications on this server (no matter if it's their own copy of Windows or WoW). We would just ask that you properly qualify these other applications in a proof of concept/ lab environment before putting this into production. You would really want to stay away from applications that have heavy disk I/O. With the advancement in the latest WAAS release CPU utilization and Network I/O should be of less of a concern, but definitely something to keep an eye on depending on the nature of the application you are looking to run.
From your description it seems you have Windows 2008 Core running as a virtual blade on your WAVE. So you are correct all configuration will need to be done via the command line.
Below is a command reference cheat sheet that's been compiled from various sources which should help you initially configure your Windows Server via command line. If you need more Windows configuration assistance than the information below I'd suggest you check the Microsoft documentation/ contact their support.
Let me know if you have any other questions or require further information/clarification.
Below is a listing of essential Windows server commands. Regrettably there is no ‘tab’ functionality as there is in IOS.
Managing Windows 2008 Server Core through RDP
cscript C:\Windows\System32\Scregedit.wsf /ar 0
Verify RDP settings
cscript C:\Windows\System32\Scregedit.wsf /ar /v
Allow RDP connections from down-level RDP client
cscript C:\Windows\System32\Scregedit.wsf /cs 0
Poke a hole in the firewall to allow RDP Management
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
Configuring Basic Network Settings
Get NIC’s Index (look at IDX column of target NIC. Use this value in following commands)
netsh interface ipv4 show interfaces
Set Static IPv4 Address
netsh interface ipv4 set address name="
Set Interface for DHCP
netsh interface ipv4 set address name="
Set Static DNS Servers (Repeat for each entry incrementing index value by one each time.
netsh interface ipv4 add dnsserver name="
Additional Configuration/useful Commands
Join Server to Domain
Enable ICMP replies through the firewall
netsh firewall set icmpsetting 8
Enable Windows Remote Shell (use WinRS from Vista to send commands)
Enable remote management of firewall from Vista Machine
netsh advfirewall set currentprofile settings remotemanagement enable
Enable remote management from any MMC snap-in through Firewall
netsh advfirewall firewall set rule group="Remote Administration" new enable=yes
Reboot Server now
Shutdown /r /t 0
Shutdown and halt server
Shutdown /s /t 0
Start Task Manager
Control Panel Time/Date settings applet
Get basic system info
Log off console or terminate RDP session
List Available Roles and Features
Install Role or Feature (use oclist to enum roles. Roles are case sensitive)
Install AD Role (must pre-create unattend text file)
Install DNS Server Role
• Minimum: 1GHz (x86 processor) or 1.4GHz (x64 processor)
• Minimum: 512MB RAM
Available Disk Space
• Minimum: 10GB
Display and Peripherals
• Super VGA (800 x 600) or higher-resolution monitor
Mike, thanks for the comprehensive reply, particularly on Windows services, as a network personlike myself struggels to getto grips with Windows environments. On the virtual blade, I'm going to set it up with the Paravirtualisation available in V4.2.1 to take advantage of the better resource sharing. This link also has tips on setting up Win 2008 server core - http://www.petri.co.il/configuring-windows-server-2008-networking-settings.htm
I have an question about the inlinecard.
If the inlinecard and ports have half duplex settings then the CMA will give me an alarm.
But if the inlinecard and the ports have diffrent speed, there is no alarm for this.
Does this mean that there is not problem to run for example LAN0 in 1000/full and WAN0 100/full ?
Regards Jan Rockstedt
The recommended settings for Inline deployments is to hard code the inlinegroup to 100/full if one or both of the devices connected to the lan and/or wan port is Fast Ethernet.
You should then also hard code the devices that connect to the lan and wan side to 100/full as well.
If everything is Gigabit Ethernet then leave all ports set to auto sense.
Hi , i want to check error bits in wan connection between cisco 2811 routers. i mean, when i type " - router # show interfaces fa0/0, i can see follow this
router #sh int s0/0/0
Serial0/0/0 is up, line protocol is up
Hardware is GT96K Serial
Description: VSAT link SCPC to PLC
Internet address is 10.56.15.5/30
MTU 1500 bytes, BW 512 Kbit, DLY 20000 usec,
reliability 255/255, txload 32/255, rxload 25/255
Encapsulation FRAME-RELAY, loopback not set
Keepalive not set
LMI DLCI 1023 LMI type is CISCO frame relay DTE
FR SVC disabled, LAPF state down
Broadcast queue 0/64, broadcasts sent/dropped 610645/0, interface broadcasts 5
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 8w2d
Input queue: 0/75/221/0 (size/max/drops/flushes); Total output drops: 109425
Queueing strategy: dual fifo
Output queue: high size/max/dropped 0/256/0
Output queue: 0/128 (size/max)
5 minute input rate 52000 bits/sec, 87 packets/sec
5 minute output rate 66000 bits/sec, 97 packets/sec
398942059 packets input, 1330482676 bytes, 8 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
647194 input errors, 647190 CRC, 138219 frame, 8783 overrun, 0 ignored, 167
410700606 packets output, 2616033213 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 output buffer failures, 0 output buffers swapped out
1230 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
you can see 647194 input errors on show messages,but it's show only every 5 minutes. i want to get error bits in every seconds & wanna make record. so how can i do? need any other software ? plz advise& reply me as soon as possible, thanks a lot.
Hi nyein chan tun,
From the output provided it seems you have a very high number of CRC errors which generally indicates a layer 1 or 2 problem (e.g. speed/ duplex mismatch or similar). However, please post your question to the correct forum so the true WAN routing and switching experts can answer.
Is there a way to easily see in the Central Manager what the historical connection count has been on a specific WAE? We're wanting to monitor to see how close we're coming to the 1500 connection limit on specific WAE 512's. Today when we're looking for that information we shell to the WAE in question and run a script that issues the "sh stat conn optimized | inc Current Active Optimized Flow" command once a minute which we later parse out. It would be helpful if the CM could give us that information but I haven't been able to find it yet.
On the CM there is no way currently to see the historical connection statistics.We can look at the active connections for each wae device under Monitor--Connection Statistics,but no historical flow information is displayed.
On the wae cli there are a few commands that will show you the current tcp connection statistics and the closed tcp connection statistics
From the wae cli enter the command sh stat connection and when you hit enter you will see the following information at the begining along with all the optimized and pass-through flow information
System Initialization Finished
DC2-WAE#sh stat conn
Current Active Optimized Flows: 0
Current Active Optimized TCP Plus Flows: 0
Current Active Optimized TCP Only Flows: 0
Current Active Optimized TCP Preposition Flows: 0
Current Active Auto-Discovery Flows: 0
Current Reserved Flows: 80
Current Active Pass-Through Flows: 0
Historical Flows: 0
Current Active Optimized Flows: Number of current active optimized TCP connections of all types.
Current Active Optimized TCP Plus Flows :Number of current active connections using DRE/LZ optimization or handled by an accelerator.
Current Active Optimized TCP Only Flows :Number of current active connections using TFO optimization only.
Current Active Optimized TCP Preposition Flows :Number of current active connections that were originated by an accelerator to acquire data in anticipation of its future use.
Current Active Auto-Discovery Flows :Number of current active connections in the auto-discovery state.
Current Reserved Flows :Number of connections reserved for the MAPI accelerator. It appears for all accelerators.
Current Active Pass-Through Flows :Number of current active pass-through connections.
Historical Flows :Number of closed TCP connections for which statistical data exists.
You could also check the sh stat conn closed command to see the closed connection statistics.
Following is the command refrence for the different sh stat conn options that we could run from the wae cli
I have a WAAS device that apparently has a hard disk problem. Could you look at the below output and give me your thoughts? Your help would be greatly appreciated.
No directory /local/local1!
Logging in with home = "/".
System is initializing. Please wait...
Please use 'show disks details' to monitor system status.
Disk based software not installed.
Some applications may not run correctly!
RIPONRD-NMWAE#sh disks detail
Physical disk information:
disk00: Not used (*)
disk01: Not present or not responding
(*) Disk drive won't be used until replaced.
Mounted file systems:
MOUNT POINT TYPE DEVICE SIZE INUSE FREE USE%
No RAID devices present.
System is initializing. Please wait...
Disk encryption feature is disabled.
As you are seeing the message
Disk based software not installed.
Some applications may not run correctly!
You will need to run the rescue(recovery) cd on this wae device and rebuild the device.
When you do this you will loose all disk information.
Following is the link on how to use the recovery cd
Following is the link to download the recovery cd iso image
You will need to login(using your cco account) to download the iso image. Depending on what wae software you will need on that device please download that particular iso image.
Make sure you follow the sequence options mentioned in the documentation while running the recovery image.
Can you please advise how do I resolve TFO overload?
sh tfo status
Configured: optimize full
Current: no optimization, TFO Overloaded
This device's ID: 00:14:5e:95:22:85
TFO is up since Thu Jul 2 08:32:51 2009
TFO is in overload state due to:
Total number of entries into overload state since start: 2
Time of last entry into overload state: Fri Jul 16 05:31:49 2010
Cisco WAAS Troubleshooting Guide for Release 4.1.3 and Later -- Troubleshooting Overload Conditions
As Jan pointed out by referencing the WAAS Troubleshooting Wiki, there is nothing you can do from a configuration standpoint to resolve a TFO overload condition.
According to the output you provided your WAE has reached its connection limit. The only way to come out of this condition is for a number of connections to be closed by the clients/servers, thereby reducing the number of concurrent optimized connections handled by this WAE. Once the WAE drops below its connection limit threshold the alarm will clear and new TCP sessions will be optimized. Note, while in a TFO overload condition all new TCP sessions will be placed in pass through (e.g. not optimized).
What device model is this and does it have a memory upgrade?
How many users/computers are at this site?
Is this an edge site or a data center site?
Also do you optimze the Cisco Default package or have you added your own classifers? only a few options there
1. Upgrade Memory
2. Get a bigger box
3. Reduce what type of traffic you are optimizing.
there a prob a few other but those are the one i can think of right now
A WAE-512 with 1GB of memory (the default), can support up to 600 concurrent optimized TCP sessions. As a general guide when sizing a WAAS appliance we assume 10 concurrent TCP sessions per user. Since you have 80 users, that puts you around 800 concurrent TCP sessions, which is why you are seeing TFO overload due to max connections.
If you device is constantly in and out of overload due to max connections I would think this edge site is undersized, and you may want think about adding a second WAE or upgrading this site to new WAE that can handle more connections.
When deciding on expanding or implementing a WAAS network I'd suggest you consult the WAAS sizing tool here:
You can implement a WAE as a secondary/warm standby CM by following the instructions outlined here:
Is there any way to avoid negative compression? When I drill down on some of my TCP connections, I see good, actually, great READ compression, but 'negative' compression on WRITEs. Can I exclude WRITE traffic somehow in the policy?
There is no way to disable just the write compression.You can disable the LZ compression entirely
If you are seeing this issue for a particular application,that has compression enabled then what you could do is have a custom policy for this application and in the Action,instead of choosing Full optimization you can try the other options
and check if this helps that application to avoid the negative write compression.
Could you also share the output for a particular tcp connection where you see good read vs write compression from both the wae's?
Also are you seeing this for particular application,then please do let us know the application name and version being used.