WAAS Deployement : Inline Vs Off-path

Similar Messages

• WAAS - Can I mix & match inline and off path installations?

  Hi - I'm designing a WAAS solution which requires that I deploy the Data centre WAE inline (the core switch is a 3750 which doesn't support WCCP). I plan on using NME modules on the branch sites. Is this mix and matching of deployments permitted or will I run into problems.
  Many Thanks :)
  Dom

  Dom,
  Absolutely, you can mix and match. As a matter of fact, a lot of implementations are the opposite with inline at the edge and WCCP at the core. You should have no trouble with this at all.
  BTW, the 3750 DOES support WCCP v2 at line rate (i.e. in hardware) with newer versions of IOS if you want to try it. It requires L2 adjacency to the WAEs and the WAEs need to be configured w/L2 redirect/L2 return and mask assign. The 3750 needs to have redirect in on the interfaces and a routing SDM template configured.
  Hope that helps,
  Dan

• WAAS Off-Path DEPLOYMENT

  Hi all
  If we have regonal site connected to H.O using main WAN link and on connected to branches on another router. can we use one WAAS box to optimize both traffic to H.Q on router 1 and traffic coming from branch on router 2 using WCCP ( by connecting first WAAS Physcal port to router 1 and the second port to router 2)
  Thanks,

  Thanks Zach for your reply,
  Sorry i didn't mention that in regional office we have two routers one is connecting remoter branches and second one connected to H.Q, so in this case we will use one WAE physical port to be connected to router connected to Branch and the second physical port to be connected to the second router ?
  Thanks,

• WAAS 7574 Inline

  Hi,
  We are testing a Cisco WAVE 7574 with the WAVE-INLN-GE-4SX  inline card.
  Setup is as follows:
  SWITCH LAYER2  ------>WAVE 7574 ----> LAYER2 WAN -----> WAVE 7574 --->SWITCH LAYER 2
  The switch connections are trunk connections with vlan tagged on it and the layer 2 WAN supports VLANs.
  Without WAAS ok.
  I have added one vlan  to test with the WAAS setup, ping goes through, ok , so WAN link is up.
  Now, when I add another vlan (2 vlans )and pass production traffic on the other vlan, nothing goes through, not even bypass. My MAC address at all on the switch port connected to the WAAS, no arp replies, just blanking.
  WAAS config  is all vlans interception with vlan id checking.
  My question
  1. The WAVE-INLN-GE-4SX  does not have indication which sx port  is LAN and WAN. Is there a specific way to connect? and is this causing the problem. but ping is going through.
  2. What's the purpose of the vlan id checking? I am ot sure to understand what it does and could this cause the problem
  The documentation are pretty vague and I thought that inline is straight forward.
  WAAS config:
  interface InlineGroup 1/0
   inline vlan all
   exit
  interface InlineGroup 1/1
   inline vlan all
   exit
  Switch
  description **** TEMP CONNECTION TO WAAS ON MW ****
   switchport trunk allowed vlan 3,9
   switchport mode trunk
   load-interval 30
   media-type sfp
   no cdp enable
   spanning-tree portfast trunk
  end
  I would be gratful f you could help.

  Hello Ashley,
  I'll need to do a little more research on your first question before I can provide you with a solid answer; however, in reference to your second question vlan id checking is very important for ensuring that your layer 2 traffic reaches the correct destination. In VTP (vlan trunking protocol) 802.1q vlan ids are added to the frames when sent through trunking ports so that the receiving switch knows what vlan to send the traffic to. (Also keep in mind that if you are trying to talk between different vlans layer 3 connectivity must be enabled. A trunk is solely used to talk to the same vlan on different switches. To go between vlans the traffic will now need to be routed.) Once it makes it to the right vlan it can then be forwarded to the right port. There is a special scenario in 802.1q when the frame does not have a vlan id and that is when the frame is sent from the native vlan.
  By default  vlan 1 is the native vlan, but this can be changed in configurations. The native vlan does not attach a vlan id to the frames sent from it. The native vlan must be the same on both the sending and receiving switch ports. If it is not your switch will drop the frames as it will not know how to forward the traffic.
  Also in your posted verification I saw the command spanning-tree portfast trunk. Portfast is usually a command saved for access ports and not trunks. Special servers with multiple NICs will support that feature however. Do you know if your Wave 7574 supports a portfast trunk connection?
  Finally can you provide me some verification outputs for both the vlans and the ports that the traffic is moving across?

• WAAS WAE Inline Vlans

  Switch with trunk to router, whith the wae inline between them I cannot get between vlans, from the wan side I can get to all resource, Any ideas what to configure or look at

  Are you trying to only intercept one VLAN or all the VLANs? You can configure this on the inline card's interface or in the CM GUI under the Interception section for that device.
  Dan

• Using WAVE-7371-K9 with inline and WCCP Interception together

  Hi guys,
     I have an WAVE-7371-K9 with WAE-INLN-4CG.
     Is there any way to use both modes inline (in-path) and WCCPv2 Interception at the same time in this appliance ?
     I think you can use just one mode (in-path or off-path), but I wanna confirm that
     Thanks in Advanced
     My Best Regards,
     Andre Lomonaco

  hi lomonaco
  yes ahsan, is Right, you can use only one interception method, Either WCCP or INLINE, But For INLINE Feature you need Inline Card which got Supported in Your Device.
  Also There is NO Need To have Same Interception Method to be used if you are Using Waas Devices in Two or more Branches.
  Thanks
  A.Dixit

• Cisco WAAS-Global policy for VMware Vsphere and/or 3par replication

  So, this is somewhat annoying that VMware Site Recovery Manager 5.0 does not seem to get much replication acceleration, mostly it is just Pass Through.  I have read a couple of Cisco marketing powerpoints that say WAAS will accelerate VMware.  But there are no Policies to that effect or configuration assistance.  So, vmware has a hundred or so connections in passthrough, all using port 44046, this web site here:
  http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1009562
  Shows that this is the port used for Ongoing replication, and port 31031 is used for the initial replication.  So, I have two 674-8gb with inline cards.  One in main office, one at DR office, both running 5.0.1.  The Lan ports on each side point to the LAN and the WAN interfaces on each end point to each other.  I have a layer 2 - 90Mbps link between the two locations, so "show cdp neighbor" shows the WAN interface connected.
  My question is, is there a policy I should create for this data to be accelerated and stop being "PT Asymmetric"?
  Second question, very similar to the first, 3par replication.  Same as above, but 3par uses port 5785 and the traffic shows up as "PT In Progress", there are only 6 or so connections in this state, but all are on this port 5785.
  If I pull up the pretty graphs on the CM for this device, it shows a well distributed graph, but if I click the check box for "include Pass-Through" it turns all blue and says 100% of traffic is "other-traffic"  Since 99% of what goes between these two WAAS devices is VMware site recovery manager 5.0 and 3par replication, I would really like to find a fix for this.

  ANSWER *******  SOLUTION  *******  ANSWER
  I created 2 - Optimization Policy Rules for "WAAS-GLOBAL"
  par3-rcopy, destination ports - 5785, 3491-3492, Application - Replication, TFO with DRE Adaptive and LZ
  VMware-Replication, destination ports - 44046, 31031, Application - Replication, TFO with DRE Adaptive and LZ
  Then I rebooted both WAAS devices and shut off the link for 20 minutes.  When I brought the link back online.  100% of data was accelerated, and 99% of the data was classified as "Replication" data.  I now get between 60% and 90% acceleration on this "Replication" traffic.  The final 1% is other data, remote desktop, ssl, citrix, sql, web...
  Lessons learned:  The 3par and VMware keep TCP connections open forever, and once the traffic in that session is classified as something, "other traffic" or "Pass Through" it does not change until you reset the connection.  So, if you make any changes, you have to shutdown the link, and clear all TCP connections from the WAAS devices, then it will go to a different optimization rule. 
  Final thoughts:  I am not completely sure that the Optimization policy rule "TFO with DRE Adaptive and LZ" is the BEST possible rule to use for this traffic.  If anyone has a better configuration for this traffic, I would really appreciate your input.

• Closing path now loses bezier handle

  Using Photoshop CC 14.1.2 I notice that I no longer see the vector control handle when I close a path. I hope this is a bug, and not an intended UI change. Visualizing the control wing is an important feature for accuracy etc. Please restore.
  While on the subject of lost functionality, in earlier PS versions when a fill layer was created, the alpha mask was active by default. This allowed for immediate alteration of the mask. Now the default is to have the fill active, which makes less sense as the fill is mostly intended to not be edited directly. Sounds like a quible, but in a fast production setting, this adds an unnecessary step, which did not exist in an earlier iteration.
  Also, many generations ago, (in a distant century) there was a "turn off path" button -which could be given a keyboard shortcut via actions. Could never understand why this disappeared. Now, turning off a pth requires that the pen tool be selected & hit ESC or to click into a blank area in the path pallette -which may not exist when many paths have been created. I see there is now a keyboard shortcut for this, but it is buried in the key commands list. So much easier to have that little button (and custom key option) Again, is a busy prodcution workflow, this is a speedbump.
  Thanks (from a V1 beta tester)

  Use the Ctrl/Cmd key to spring load the Selection tool after closing the path, and there are the handles.   Or Ctrl/Cmd click the first point to see its handles before closing.  I'm not trying to be funny, but it is what it is, and for the time being at least, we have to get on with stuff.  I nearly always find changes to be an improvement after that initial frustration of having to change how I work.  Heck, I had a right strop when the Crop tool changed with CS6, but I'd hate to go back to the old way now.

• Starting with Cisco WAAS

  Hi,
  I am starting whit Cisco WAAS solutions, and I would like configure a WAE in the branch office, a WAE in the data center in the main office and one WAAS Central Manager. I would like configure the WAEs as Inline Interception. My first doubt is about the addressing of the WAE in the branch office and the WAE in the main office. What IP address should I configure in the WAEs (based in the pictures)?
  Actual Topology:
  WAAS topology.

  Hi,
  You can use any routable IP address for branch and DC WAE, only requirement is routable, means they should have reachabillity to CM

• Using AAA for WAAS

  We are trying to integrate WAAS with Cisco ACS server for having AAA functionality. Authentication works fine provided we create the user and map respective roles locally in the WAAS CM. Otherwise user is not allowed to login to the home page itself.
  We need to know whether it is possible to use the authorization from ACS without creating the user & roles locally in WAAS.
  Because it is added work to create all the users in WAAS also.
  Please clarify.
  Regards,
  Guru

  Let me see what I can do, it's a process. Basically, you can create the group on the WAE like you typically would, then assign the permissions to the group.
  Now, once complete, go to your TACACS server, under TACACS services there should a tab for advanced configuration options. Then, once you show that, show customized TACACS attributes, check that off.
  Then, define a group in TACACS and in put the custom WAAS Group attributes: Check off Shell (exec)
  Check off custom attributes - put the following string in -- waas_rbac_groups=<>
  Submit/Restart
  Then either define a new user or assign a user to the new group created.
  Test, should work fine.

• WAAS and Citrix ICA

  I am looking to accelerate compressed and encrypted ICA traffic.  Can WAAS handle this?
  If WAAS turns off compression and handles it itself, will that mean LAN traffic will be uncompressed on the server end and client end?
  thanks,
  gb

  WAAS versions greater than 5.0 all handle Citrix ICA with no configuration necessary, it is simply plug and play.
  WAAS does not turn off compression, it removes the Citrix compression and uses its own compression that is better on your WAN, then puts the Citrix compression back on at the other end.  The client sees the packet exactly as it was sent from the Citrix server, with Citrix compression.  WAAS is transparent to your users.  My WAAS system is currently claiming a 27% reduction in bandwidth for Citrix.  Other acceleration is much more impressive, like file copying (CIFS), web traffic, replication traffic, and SQL, all of which consistently show 70%-95% reduction in bandwidth.  All of which are also plug and play with WAAS.

• WAAS Mobile 3.4 - Cannot Uninstall

  One user has a windows 7 laptop and the uninstall process errors out.  Have tried uninstalling from both the programs and from the icon for program uninstall.
  Any suggestions?
  We upgraded to 3.5 too - and the auto upgrade won't work either - a message came up that we have to manually uninstall the client first.

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman","serif";}
  1 - How is this performed? 
  A driver on the WAAS Mobile Server initiates TCP connections to the application and content server using the user’s source IP.
  2 - Does the waas mobile needs to be inline?
  We do not recommend deploying WAAS Mobile inline. When the source IP transparency option is selected, the WAAS Mobile server should be deployed in conjunction with a Layer 4 switch such as a Cisco ACE with mac-sticky capability that redirects traffic back to the WAAS Mobile server.  The Layer 4 switch could be inline.
  3 - Does it send the packets with the source ip on the header or use another option on the header? 
  Yes, the user’s source IP is in the header.
  4 - How is the mobile server located on the topology? See response above.
  5 - How can we add redundancy if the waas mobile is inline? Multiple WAAS Mobile servers may be deployed using ACE server load balancing to provide redundancy.
  6 - Can the waas mobile server use the fail-to-wire feature?  WAAS Mobile servers are not recommended to be deployed inline.

• WAAS in VRF\MPLS Environment

  Hi,
  I need to deploy waas  WAE7371 in VRF/MPLS environment. I have 2 sites, each one have 6500 router as  a CE\PE with multiple vrf. the wan interface is mpls enabled.
  i need to deploy the WAE-7371 in only one VRF, let say VRF  netapp which is bounded to interface vlan x. i will create another L3 interface vlan with defferent subnet and bound it to vrf netapp (for the WAE).
  because  wccp protocol is not vrf\mpls aware, can i configure IP wccp 61  redirect in & IP wccp 62 redirect out on the interface vlan x  and get the same results?
  attached diagram for the deployment.
  thanks,

  Avi,
  Outbound redirection is not recommended on the Catalyst 6500 platform, since a portion of the processing occurs in software.
  Is it possible to deploy the WAEs physically inline (requires the inline module) between the L2 switches and CE/PE switches?
  Regards,
  Zach

• WAAS doesn't optimize, it stops traffic instead

  Hi,
  I installed WAAS in inline mode, the inline card was in shutdown state, when I apply the no shutdown command in central site we lost communication to the other sites. Originally we tried to implement WCCP (topology3) since we have two MPLS links and we need them both to be optimized but when we aplly wccp commands on the routers we also lost communication, that's why we decide to make a test with inline (topology inline).
  I'm attaching routers and waas configuraction for WCCP that we removed when we made the inline test.
  Any ideas why this is happening?
  The WAAS version is 4.1.5c

  Hi Smita,
  In one of the links (replication) there is no fragmentation
  EDGE-PLANTA-GDL-REP#sh statistics ip
  IP statistics
  Total packets in                 = 2479
  with invalid header             = 0
  with invalid address            = 0
  forwarded                       = 0
  unknown protocol                = 0
  discarded                       = 0
  delivered                       = 2479
  Total packets out                = 2378
  dropped                         = 0
  dropped (no route)              = 0
  Fragments dropped after timeout  = 0
  Reassemblies required            = 0
  Packets reassembled              = 0
  Packets reassemble failed        = 0
  Fragments received               = 0
  Fragments failed                 = 0
  Fragments created                = 0
  but in the other I got this
  EDGE-PLANTA-GDL#sh statistics ip
  IP statistics
  Total packets in                 = 35287583
  with invalid header             = 0
  with invalid address            = 0
  forwarded                       = 2
  unknown protocol                = 0
  discarded                       = 0
  delivered                       = 17578526
  Total packets out                = 35697204
  dropped                         = 0
  dropped (no route)              = 2
  Fragments dropped after timeout  = 0
  Reassemblies required            = 484592
  Packets reassembled              = 242296
  Packets reassemble failed        = 0
  Fragments received               = 242287
  Fragments failed                 = 0
  Fragments created                = 484574
  doing the ping test I didn't see any increment in the counters. I checked the duplex and speed and forced to full and 100 in all devices routers, switches and WAEs.
  This is a production deployment. I'll make other test in the replication link in about 20 min (starting at 12:45 pm Mexico time), we will send a backup of 20 Gb aprox. so if you want to make the webex sesion would be helpful

• WAE Edge is showing offline

  Hi All
  I have a design where all my WAE are inline in the path of traffic .
  One of my WAE Edge shows on the CM as offline and after half an hour it comes online , again it went offline after 1 hour and so on.
  What might be the issue and when its offline I can not even remotely telnet to the management intrerface of WAE but its keep on by passing the traffic.
  Any body face the same issue , the problem with hardware or any suggestion.
  Regards

  Hi
  Very interesting finding
  1- Branch WAE Edge status on CM GUI is offline.
  2- Unable to telnet Branch WAE Edge remotely.
  BUT
  1- Able to telnet Branch WAE Edge from the local netwrok.
  2- When I telnet and check the cms info of Branch WAE Edge its showing 'inline'.
  3- Branch WAE Edge is intercepting the traffic and optimizing and accelerating the traffic.
  Any body can shed light on this issue why I am getting status off line on WAAS CM for this Branch WAE Edge.
  Regards