Cisco | Wide Area Application Engine 612 | Advanced Troubleshooting Cisco Wide Area Application Services

Troubleshooting Cisco Wide Area Application
Services
Session ID-3006
Agenda
 WAE Overview
 Diagnostic Reports
 Physical Components
 Platform
 Transport Optimizations
 Application Acceleration
 Packet Capture Debugs
 Summary
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
2
WAE Overview
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
> WAE Overview
Diagnostic Reports
Physical Components
Platform
Transport Optimizations
Application Acceleration
Packet Capture Debugs
Summary
Cisco Public
3
Wide Area Application Engine (WAE)
Wide Area Application Services Version 4.1
IOS Platform with Services and CLI
CIFS
AO
MAPI
AO
HTTP
AO
SSL
AO
Video
AO
NFS
AO
EPM
WoW
TCP Proxy with Scheduler Optimizer (SO)
DRE, LZ, TFO
Virtual Virtual
Blade Blade
#2
#3
Configuration
Management
System
(CMS)
Virtual Blades
Cisco Linux Kernel
Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery
Flash
IOS Shell
Linux
Presentation_ID
Application
Storage
Object
Storage
© 2010 Cisco and/or its affiliates. All rights reserved.
DRE
Storage
Cisco Public
Virtual Blade
Storage
/vbspace
Ethernet
Network
I/O
4
Diagnostic Reports
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
WAE Overview
> Diagnostic Reports
Physical Components
Platform
Transport Optimizations
Application Acceleration
Packet Capture Debugs
Summary
Cisco Public
5
Self Diagnostic Tool
A Good Place to Start…
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
6
Self Diagnostic Tool
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
7
Self Diagnostic CLI - Report Files
POD3-674-EDGE#test self-diagnostic all
running test `basic'
running test `connectivity'
running test `interfaces'
running test `tfo'
running test `wccp'
running test `inline'
running test `system'
running test `wafs'
running test `application-security'
Local copy of last diagnostic report
-----------------------------------------------------------Diagnostic Report performed on 5/12/2010 6:7:8
<snip>
Test WARN [system]
WARN HAS_ALARM
1 Critical Alarms are raised in the device.
Please find the list below.
1.
Unable to generate and/or retrieve SSL managed store encryption key fro
Action:
Critical/major alarms are raised. Check device alarms using 'show alarms d.
Test NONE [wafs]
NONE Skipping test because Wafs is not enabled
Test PASS [application-security]
POD3-674-EDGE#dir diag*
size
time of last change
-------------- ------------------------970 Wed May 12 06:07:08 2010
1225 Wed May 12 06:07:08 2010
POD3-674-EDGE#
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
name
----------/local1/diagnostic_report.txt
/local1/diagnostic_report.xml
Cisco Public
8
WAAS System Report
 WAAS system report (sysreport)
Compressed archive
Relevant support and system health information
 The sysreport includes the following:
Command output
Logs
etc.
Configurations
State Information
 The sysreport can be generated from the WAE
Manager GUI or CLI:
dcn-wave274-1#copy sysreport <disk | ftp | tftp> ...
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
9
Physical Components
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
WAE Overview
Diagnostic Reports
> Physical Components
Platform
Transport Optimizations
Application Acceleration
Packet Capture Debugs
Summary
Cisco Public
10
Wide Area Application Engine (WAE)
Wide Area Application Services Version 4.1
IOS Platform with Services and CLI
CIFS
AO
MAPI
AO
HTTP
AO
SSL
AO
Video
AO
NFS
AO
EPM
WoW
TCP Proxy with Scheduler Optimizer (SO)
DRE, LZ, TFO
Virtual Virtual
Blade Blade
#2
#3
Configuration
Management
System
(CMS)
Virtual Blades
Cisco Linux Kernel
Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery
Flash
IOS Shell
Linux
Presentation_ID
Application
Storage
Object
Storage
© 2010 Cisco and/or its affiliates. All rights reserved.
DRE
Storage
Cisco Public
Virtual Blade
Storage
/vbspace
Ethernet
Network
I/O
11
Disk Health and Status
Online
Defunct
Missing
<null>
Rebuilding
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
12
Failed Disk Replacement
 Disk failures are automatically detected by the
system
Failed disks are automatically removed from service
Not present or not responding (Shutdown)
 Administrator can also shutdown disk for scheduled
replacement:
WAE7326(config)# disk disk-name disk01 shutdown
Device maybe busy while going offline ... please wait!
mdadm: set /dev/sdb1 faulty in /dev/md0
mdadm: set /dev/sdb2 faulty in /dev/md1
< snip >
WAE7326(config)#
RAID-1
WAE674# disk disk-name disk01 replace
Controllers found: 1
RAID-5
Command completed successfully.
WAE674#
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
13
Disk Partitions
POD3-674-EDGE#show disk detail
RAID Physical disk information:
disk00: Online
disk01: Online
disk02: Online
3LM3TB1C
3LM3RRBS
3LM3TARN
286102 MB
286102 MB
286102 MB
RAID Logical drive information:
raid-disk:
RAID-5 Okay
Enabled
(read-cache) Enabled (write-back)
Mounted file systems:
MOUNT POINT
TYPE
/swstore
internal
/state
internal
/local/local1
SYSFS
/vbspace
GUEST
/sw
internal
.../local1/spool PRINTSPOOL
/obj1
CONTENT
/dre1
CONTENT
/ackq1
internal
/plz1
internal
DEVICE
/dev/sda2
/dev/sda3
/dev/sda6
/dev/data1/vbsp
/dev/sda1
/dev/data1/spool
/dev/data1/obj
/dev/data1/dre
/dev/data1/ackq
/dev/data1/plz
SIZE
991MB
7935MB
22318MB
254926MB
991MB
991MB
121015MB
119031MB
1189MB
2379MB
INUSE
550MB
196MB
339MB
128MB
790MB
32MB
155MB
418MB
0MB
1MB
FREE USE%
441MB 55%
7739MB
2%
21979MB
1%
254798MB
0%
201MB 79%
959MB
3%
120860MB
0%
118613MB
0%
1189MB
0%
2378MB
0%
Disk encryption feature is disabled.
Disk object cache extend is disabled.
POD3-674-EDGE#
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
14
Important Directories and Log Files
 The following directories are used by Cisco WAAS
for log files
/local1 – Root directory for all log files
/local1/logs – Service log files (aka “admin” logs)
/local1/errorlog – Service log files (aka “debug” logs)
/local1/core_dir – Process core dump files
 File system navigation commands
cd
dir
find-pattern
Presentation_ID
pwd
type
type-tail <filename> <lines> [| | follow]
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
15
Ethernet Interface Errors
WAE7341# show int gi 1/0
Type:Ethernet
Ethernet address:00:14:5E:AC:2D:79
Internet address:10.88.80.135
Broadcast address:10.88.80.255
Netmask:255.255.255.128
Maximum Transfer Unit Size:1500
Verify Interface
Metric:1
for Errors
Packets Received: 160661
Input Errors: 0
Input Packets Dropped: 0
Input Packets Overruns: 0
Input Packets Frames: 0
Packet Sent: 122371
Output Errors: 0
Output Packets Dropped: 0
Output Packets Overruns: 0
Output Packets Carrier: 0
Output Queue Length:1000
Collisions: 0
Interrupts:16
Flags:UP BROADCAST RUNNING MULTICAST
Link State: Interface is up,line protocol up
Mode: autoselect, full-duplex, 1000baseTX
WAE7341#
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Statistics
16
Ethernet Interface Speed / Duplex
WAE7341# show int gi 1/0
Type:Ethernet
Ethernet address:00:14:5E:AC:2D:79
Internet address:10.88.80.135
Broadcast address:10.88.80.255
Netmask:255.255.255.128
Maximum Transfer Unit Size:1500
Metric:1
Packets Received: 160661
Input Errors: 0
Input Packets Dropped: 0
Input Packets Overruns: 0
Input Packets Frames: 0
Verify Interface
Packet Sent: 122371
Output Errors: 0
and Duplex
Output Packets Dropped: 0
Output Packets Overruns: 0
Output Packets Carrier: 0
Output Queue Length:1000
Collisions: 0
Interrupts:16
Flags:UP BROADCAST RUNNING MULTICAST
Link State: Interface is up,line protocol up
Mode: autoselect, full-duplex, 1000baseTX
WAE7341#
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
State, Speed
17
CPU Utilization (Historical)
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
18
CPU Utilization (Real Time)
POD3-674-EDGE#show processes cpu
CPU utilization:
CPU name
User
cpu:
0.06%
cpu0:
0.05%
cpu1:
0.08%
cpu2:
0.05%
cpu3:
0.08%
Average:
N/A
Peak:
N/A
Nice
1.51%
1.51%
1.45%
1.46%
1.64%
N/A
N/A
System
0.46%
0.42%
0.51%
0.40%
0.51%
N/A
N/A
Idle
97.90%
97.95%
97.89%
98.03%
97.71%
N/A
N/A
IOwait
0.05%
0.05%
0.05%
0.05%
0.05%
N/A
N/A
IRQ
0.00%
0.00%
0.00%
0.00%
0.00%
-
softIRQ
0.01%
0.03%
0.01%
0.01%
0.01%
-
Steal
0.00%
0.00%
0.00%
0.00%
0.00%
N/A
N/A
Overall current CPU utilization (100 - (Idle + IOwait))% : 2.05%
User
Nice
System
Idle
IOwait
IRQ
softIRQ
Steal
Average
--More--
Presentation_ID
-
Percent
Percent
Percent
Percent
Percent
Percent
Percent
Percent
Average
of CPU time that the system spent in user mode.
of CPU time that the system spent on low priority tasks.
of CPU time that the system spent in system mode.
of CPU time when the system is idle.
of CPU time when the system is waiting for I/O to complete.
of CPU time when the system is servicing interrupts.
of CPU time when the system is servicing softirqs.
of CPU time that the system spent on involuntary wait.
CPU utilization since reboot.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
19
CPU Utilization (Real Time)
POD3-674-EDGE#show processes cpu
CPU utilization:
CPU name
User
cpu:
0.06%
cpu0:
0.05%
cpu1:
0.08%
cpu2:
0.05%
cpu3:
0.08%
Average:
N/A
Peak:
N/A
Nice
1.51%
1.51%
1.45%
1.46%
1.64%
N/A
N/A
System
0.46%
0.42%
0.51%
0.40%
0.51%
N/A
N/A
Idle
97.90%
97.95%
97.89%
98.03%
97.71%
N/A
N/A
IOwait
0.05%
0.05%
0.05%
0.05%
0.05%
N/A
N/A
IRQ
0.00%
0.00%
0.00%
0.00%
0.00%
-
softIRQ
0.01%
0.03%
0.01%
0.01%
0.01%
-
Steal
0.00%
0.00%
0.00%
0.00%
0.00%
N/A
N/A
Overall current CPU utilization (100 - (Idle + IOwait))% : 2.05%
User
Nice
System
Idle
IOwait
IRQ
softIRQ
Steal
Average
--More--
Presentation_ID
-
Percent
Percent
Percent
Percent
Percent
Percent
Percent
Percent
Average
of CPU time that the system spent in user mode.
of CPU time that the system spent on low priority tasks.
of CPU time that the system spent in system mode.
of CPU time when the system is idle.
of CPU time when the system is waiting for I/O to complete.
of CPU time when the system is servicing interrupts.
of CPU time when the system is servicing softirqs.
of CPU time that the system spent on involuntary wait.
CPU utilization since reboot.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
20
Unix Top Command
WAE-674#top
top - 01:00:17 up 3 min, 2 users, load average: 2.31, 0.89, 0.34
Tasks: 336 total,
4 running, 332 sleeping,
0 stopped,
0 zombie
Cpu(s): 0.5% us, 9.1% sy, 90.1% ni, 0.0% id, 0.0% wa, 0.0% hi, 0.3% si
Mem:
1938516k total, 1629396k used,
309120k free,
13628k buffers
Swap: 1938296k total,
0k used, 1938296k free, 1139008k cached
PID
9312
9313
9189
9383
9647
9629
9659
9100
962
8877
9030
9291
1787
1799
USER
admin
admin
admin
admin
admin
admin
admin
admin
admin
admin
admin
admin
admin
admin
PR NI
30 10
30 10
30 10
30 10
30 10
30 10
30 10
30 10
39 19
30 10
30 10
30 10
10 -10
30 10
VIRT
431m
431m
338m
431m
431m
431m
431m
338m
0
681m
298m
431m
4800
3204
RES SHR S
119m 21m R
119m 21m R
58m 19m S
119m 21m S
119m 21m R
119m 21m S
119m 21m S
58m 19m S
0
0 S
200m 4876 S
43m 13m S
119m 21m S
968 656 S
1544 664 S
%CPU
30.5
28.5
18.2
14.3
11.9
5.6
5.6
5.0
0.7
0.7
0.7
0.7
0.3
0.3
%MEM
TIME+ COMMAND
6.3
0:06.14 java
6.3
0:06.53
java
us:%CPU
time spent
in user space
3.1
0:01.74
java
sy:%CPU time spent in kernel space.
6.3
0:00.47
java
ni:%CPU
time spent
on low priority processes.
6.3
0:00.36
java
id:%CPU time spent idle.
6.3
0:00.17
java
wa:%CPU
time spent
in wait (on disk).
6.3
0:00.17
java
hi:%CPU time spent handling hardware interrupts.
3.1
0:01.10
java
si:%CPU
time spent
handling software interrupts
0.0
0:00.73 kipmi0
10.6
0:00.21 so_dre
2.3
0:01.18 java
6.3
0:00.12 java
- Running
0.0 R0:00.30
nodehealthmgr
0.1 S0:00.86
dataserver
- Sleeping
D - Uninterruptible sleep
T - Traced
Z - Zombie
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
21
WAE Overview
Diagnostic Reports
Physical Components
> Platform
Transport Optimizations
Application Acceleration
Packet Capture Debugs
Summary
Platform
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
22
Wide Area Application Engine (WAE)
Wide Area Application Services Version 4.1
IOS Platform with Services and CLI
CIFS
AO
MAPI
AO
HTTP
AO
SSL
AO
Video
AO
NFS
AO
EPM
WoW
TCP Proxy with Scheduler Optimizer (SO)
DRE, LZ, TFO
Virtual Virtual
Blade Blade
#2
#3
Configuration
Management
System
(CMS)
Virtual Blades
Cisco Linux Kernel
Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery
Flash
IOS Shell
Linux
Presentation_ID
Application
Storage
Object
Storage
© 2010 Cisco and/or its affiliates. All rights reserved.
DRE
Storage
Cisco Public
Virtual Blade
Storage
/vbspace
Ethernet
Network
I/O
23
WCCPv2 Verification
 Verification on Router and on WAE
 WCCP section is complemented by
BRKAPP-2021 - Deploying and Troubleshooting WCCP
 Verify topology and Configuration
Intercepting routers and WAEs on the same subnet?
Use of IP addresses of LAN interfaces in router-list?
Platform and SW version supports WCCP forwarding in
HW?
Redirection Loops?
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
25
WCCPv2 Interception Verification
 show ip wccp [detail] provides WCCP inventory
Number of routers and WAEs or seach service group,
packets re-directed in software, forwarding and return
method
 L2 Forwarding and GRE Forwarding
 Hash assignment
On software IOS routers only
Verify hash allotment
 Mask assignment
On L3 switches and some IOS versions
Mask is configurable
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
26
WCCPv2 Interception
Verification (IOS)
Router# show ip wccp
Global WCCP information:
Router information:
Router Identifier:
Protocol Version:
Client = WAE
10.88.81.242
2.0
Service Identifier: 61
Number of Service Group Clients:
Number of Service Group Routers:
Total Packets s/w Redirected:
Process:
CEF:
Service mode:
Service access-list:
Total Packets Dropped Closed:
Redirect access-list:
Total Packets Denied Redirect:
Total Packets Unassigned:
Group access-list:
Total Messages Denied to Group:
Total Authentication failures:
Total Bypassed Packets Received:
--More-Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
1
1
68755
2
68753
Open
-none0
-none0
0
-none0
0
0
27
WCCPv2 Interception
Verification (IOS)
Router# show ip wccp
Global WCCP information:
Router information:
Router Identifier:
Protocol Version:
10.88.81.242
2.0
Service Identifier: 61
Number of Service Group Clients:
1
Number of Service Group Routers:
1
Total Packets s/w Redirected:
68755
Process:
2
CEF:
68753
Service mode:
Open
Service access-list:
-noneTotal Packets Dropped Closed:
0
Redirect access-list:
-noneVerify
That
Counters Are
Total Packets Denied Redirect:
0
Total Packets Unassigned:
0
Incrementing
on SoftwareGroup access-list:
-noneBased Platforms
(e.g. ISR)
Total Messages Denied to Group:
0
Total Authentication failures:
0
Total Bypassed Packets Received:
0
--More-Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
28
WCCPv2 Interception
Verification (IOS)
Si
Router# show ip wccp
Global WCCP information:
Router information:
Router Identifier:
Protocol Version:
10.88.81.242
2.0
Service Identifier: 61
Number of Service Group Clients:
1
Number of Service Group Routers:
1
Total Packets s/w Redirected:
102
Process:
1
CEF:
101
Service mode:
Open
Service access-list:
-noneTotal Packets Dropped Closed:
0
Redirect access-list:
-noneVerify
That
Counters Are Not
Total Packets Denied Redirect:
0
Total Packets Unassigned:
0
Incrementing
on HardwareGroup access-list:
-noneBased Platforms
(e.g. Cat6k)
Total Messages Denied to Group:
0
Total Authentication failures:
0
Total Bypassed Packets Received:
0
--More-Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
29
WCCPv2 Interception
Verification (IOS)
Router# show ip wccp
Global WCCP information:
Router information:
Router Identifier:
Protocol Version:
10.88.81.242
2.0
Service Identifier: 61
Number of Service Group Clients:
Number of Service Group Routers:
Total Packets s/w Redirected:
Process:
CEF:
Service mode:
Service access-list:
Total Packets Dropped Closed:
Redirect access-list:
Total Packets Denied Redirect:
Total Packets Unassigned:
Group access-list:
Total Messages Denied to Group:
Total Authentication failures:
Total Bypassed Packets Received:
--More-Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Counter
Will Increment for
1
Packets
That Match
1
68755 Group but Do Not
Service
2
Match
68753Redirect-List
Cisco Public
Open
-none0
-none0
0
-none0
0
0
30
WCCPv2 Interception
Verification (IOS)
Router# show ip wccp
Global WCCP information:
Router information:
Router Identifier:
Protocol Version:
10.88.81.242
2.0
Service Identifier: 61
Number of Service Group Clients:
1
Number of Service Group Routers:
1
Total Packets s/w Redirected:
68755
Process:
Increments2 for Every Packet
CEF:
68753
Received
with
Service mode:
Open Incorrect Service
Service access-list:
-noneGroup Password
Total Packets Dropped Closed:
0
Redirect access-list:
-noneTotal Packets Denied Redirect:
0
Total Packets Unassigned:
0
Group access-list:
-noneTotal Messages Denied to Group:
0
Total Authentication failures:
0
Total Bypassed Packets Received:
0
--More-Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
31
Interception Verification (IOS) - SW
Verify WAE State in Service Group
Router# show ip wccp 61 detail
WCCP Client information:
WCCP Client ID:
Protocol Version:
State:
Redirection:
Packet Return:
Assignment:
Initial Hash Info:
Assigned Hash Info:
Hash Allotment:
Packets s/w Redirected:
Connect Time:
Bypassed Packets
Process:
CEF:
Errors:
10.88.81.242
2.0
Usable
GRE
GRE
HASH
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
256 (100.00%)
68755
3w6d
2
68753
0
% of Hash Buckets Assigned
Current Time in the Service Group
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
32
Interception Verification (IOS) - SW
 Hidden IOS command shows target WAE for src/dst IP address and port
combination
show ip wccp <service> hash <dst-ip> <src-ip> <dst-port> <src-port>
Router# show ip wccp 61 hash 0.0.0.0 10.88.81.10 0 0
WCCP hash information for:
Primary Hash:
Src IP: 10.88.81.10
Bucket:
9
WCCP Client: 10.88.81.12
Router#
Target WAE
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
33
Si
Interception Verification (IOS) - HW
Cat6k# sh ip wccp 61 det
WCCP Client information:
WCCP Client ID:
Protocol Version:
State:
Redirection:
Packet Return:
Packets Redirected:
Connect Time:
Assignment:
10.88.80.135
2.0
Usable
L2
GRE
0
1d18h
MASK
Mask SrcAddr
DstAddr
SrcPort DstPort
---- ------------------- ------0000: 0x00000f00 0x00000000 0x0000 0x0000
Value
----0000:
0001:
0002:
0003:
Presentation_ID
SrcAddr
------0x00000000
0x00000001
0x00000040
0x00000041
DstAddr
------0x00000000
0x00000000
0x00000000
0x00000000
SrcPort
------0x0000
0x0000
0x0000
0x0000
© 2010 Cisco and/or its affiliates. All rights reserved.
DstPort CE-IP
------- ----Service
group(10.88.80.135)
mask
0x0000
0x0A585087
0x0000 0x0A585087 (10.88.80.135)
0x0000 0x0A585087 (10.88.80.135)
0x0000 0x0A585087 (10.88.80.135)
Cisco Public
34
Si
Interception Verification (IOS) - HW
 Catalyst 6500 / 7600 platforms are capable of WCCP in both software and
hardware forwarding paths
 Inspecting TCAM programming shows whether WCCP is handled in
software or hardware
Cat6k# show tcam interface Vlan900 acl in ip
* Global Defaults not shared
‘Punt’ entries caused by:
• Hash Assignment
• Outbound Redirection
• Redirect Exclude In
• Unknown WAE MAC
Entries from Bank 0
Entries from Bank 1
permit
punt
tcp host 10.88.80.135 any
ip any any (8 matches)
Cat6k#
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
35
Si
Interception Verification (IOS) - HW
Cat6k# sh tcam int vlan 900 acl in ip
* Global Defaults not shared
‘policy-route’ entries = full
hardware redirection
Entries from Bank 0
Entries from Bank 1
permit
policy-route
policy-route
policy-route
policy-route
policy-route
policy-route
policy-route
policy-route
policy-route
policy-route
policy-route
policy-route
policy-route
Presentation_ID
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
host 10.88.80.135 any
any 0.0.0.0 255.255.232.190 (60 matches)
any 0.0.0.1 255.255.232.190 (8 matches)
any 0.0.0.64 255.255.232.190 (16 matches)
any 0.0.0.65 255.255.232.190 (19 matches)
any 0.0.1.0 255.255.232.190
any 0.0.1.1 255.255.232.190
any 0.0.1.64 255.255.232.190
any 0.0.1.65 255.255.232.190
any 0.0.2.0 255.255.232.190
any 0.0.2.1 255.255.232.190
any 0.0.2.64 255.255.232.190
any 0.0.2.65 255.255.232.190 (75 matches)
any 0.0.3.0 255.255.232.190 (222195 matches)
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
36
Si
Interception Verification (IOS) - HW
Cat6k# configure terminal
Enter configuration commands, one per line.
Cat6k(config)# service internal
Cat6k(config)# end
Cat6k#
Cat6k# show ip wccp 61 internal
Internal WCCP client information
Index:
WCCP Client ID:
Protocol Version:
State:
Connect Time:
Redirection:
MAC:
Packet Return:
L2 Address Changes:
Assignment:
Redirect Assignments:
Received:
Invalid:
Duplicate:
< snip >
Cat6k#
Presentation_ID
End with CNTL/Z.
(1):
0
10.88.80.135
2.0
0007 (AUV )
00:00:05
L2
0000.0000.0000
GRE
0
MASK
HIA from WAE must enter
same interface that WAE
MAC is known through
0
0
0
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
37
WCCPv2 Interception Verification (WAE)
WAE-612# show wccp services
Services configured on this File Engine
TCP Promiscuous 61
Verify
TCP Promiscuous 62
WCCP Is Configured
and Enabled
WAE-612# show wccp status
WCCP version 2 is enabled and currently active
WAE-612# show wccp routers
Router Information for Service: TCP Promiscuous 61
Routers Seeing this Wide Area Engine(1)
Router Id
Sent To
Recv ID
AssKeyIP
AssKeyCN
44.77.22.3
10.88.80.129
00090C46
10.88.80.133
1
Routers not Seeing this Wide Area Engine
-NONERouters Notified of from other WAE's
-NONEMulticast Addresses Configured
Verify Bi-Directional
-NONE-
MemberCN
5
Communication with WCCPEnabled Routers
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
38
show wccp gre
WAE-612# show wccp gre
Transparent GRE packets received:
5531561
Transparent non-GRE packets received:
0
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted:
5051
Invalid packets received:
0
Packets received with invalid service:
0
Packets received on a disabled service:
0
Packets received too small:
0
Packets dropped due to zero TTL:
0 Either of These
Packets dropped due to bad buckets:
0 Counters Should Be
Packets dropped due to no redirect address:
0
Packets dropped due to loopback redirect:
0 Incrementing If WCCP
Pass-through pkts dropped on assignment update:0 Redirection Is Working
Connections bypassed due to load:
0
Packets sent back to router:
0
GRE packets sent to router (not bypass)
0
Packets sent to another WAE:
0
GRE fragments redirected:
0
GRE encapsulated fragments received:
0
Packets failed encapsulated reassembly:
0
Packets failed GRE encapsulation:
0
--More-Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
39
show wccp gre
WAE-612# show wccp gre
Transparent GRE packets received:
0
Transparent non-GRE packets received:
234624
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted:
72511
Invalid packets received:
0
Packets received with invalid service:
0
Packets received on a disabled service:
0
Packets received too small:
0
Packets dropped due to zero TTL:
0 For Packets
Packets dropped due to bad buckets:
0 Redirected Using
Packets dropped due to no redirect address:
0
Packets dropped due to loopback redirect:
0 WCCP L2-Redirect
Pass-through pkts dropped on assignment update:0 Forwarding Method
Connections bypassed due to load:
0
Packets sent back to router:
0
GRE packets sent to router (not bypass)
0
Packets sent to another WAE:
0
GRE fragments redirected:
0
GRE encapsulated fragments received:
0
Packets failed encapsulated reassembly:
0
Packets failed GRE encapsulation:
0
--More-Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
40
show wccp gre
WAE-612# show wccp gre
Transparent GRE packets received:
0
Transparent non-GRE packets received:
0
Transparent non-GRE non-WCCP packets received: 102764
Total packets accepted:
98723
Invalid packets received:
0
Packets received with invalid service:
0
Packets received on a disabled service:
0
Packets received too small:
0
Packets dropped due to zero TTL:
0 For Packets L2
Packets dropped due to bad buckets:
0 Redirected Using NonPackets dropped due to no redirect address:
0
Packets dropped due to loopback redirect:
0 WCCP (L4, PBR, Etc.)
Pass-through pkts dropped on assignment update:0 Interception Method
Connections bypassed due to load:
0
Packets sent back to router:
0
GRE packets sent to router (not bypass)
0
Packets sent to another WAE:
0
GRE fragments redirected:
0
GRE encapsulated fragments received:
0
Packets failed encapsulated reassembly:
0
Packets failed GRE encapsulation:
0
--More-Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
41
show wccp gre
WAE-612# show wccp gre
Transparent GRE packets received:
753110
Transparent non-GRE packets received:
0
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted:
505123
Invalid packets received:
0
Packets received with invalid service:
0
Packets received on a disabled service:
0
Packets received too small:
0
Packets dropped due to zero TTL:
0 Packets Accepted for
Packets dropped due to bad buckets:
0 Optimization (I.E.
Packets dropped due to no redirect address:
0
Packets dropped due to loopback redirect:
0 Auto-Discovery Found
Pass-through pkts dropped on assignment update:0 Peer WAE)
Connections bypassed due to load:
0
Packets sent back to router:
0
GRE packets sent to router (not bypass)
0
Packets sent to another WAE:
0
GRE fragments redirected:
0
GRE encapsulated fragments received:
0
Packets failed encapsulated reassembly:
0
Packets failed GRE encapsulation:
0
--More-Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
42
show wccp gre
WAE-612# show wccp gre
Transparent GRE packets received:
345678
Transparent non-GRE packets received:
0
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted:
5051
Invalid packets received:
0
Packets received with invalid service:
0
Packets received on a disabled service:
0 Only Includes Packets
Packets received too small:
0 Handled Using WCCP
Packets dropped due to zero TTL:
0
Packets dropped due to bad buckets:
0 Return Egress Method
Packets dropped due to no redirect address:
0
Packets dropped due to loopback redirect:
0
Pass-through pkts dropped on assignment update:0
Connections bypassed due to load:
0
Packets sent back to router:
0
GRE packets sent to router (not bypass)
234514
Packets sent to another WAE:
0
GRE fragments redirected:
0
GRE encapsulated fragments received:
0
Packets failed encapsulated reassembly:
0
Packets failed GRE encapsulation:
0
--More-Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
43
show wccp gre
WAE-612# show wccp gre
Transparent GRE packets received:
23534
Transparent non-GRE packets received:
0
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted:
5051
Invalid packets received:
0
Packets received with invalid service:
0
Packets received on a disabled service:
0 Packets Forwarded
Packets received too small:
0 Directly Between
Packets dropped due to zero TTL:
0
WAE’s Due to WCCP
Packets dropped due to bad buckets:
0
Packets dropped due to no redirect address:
0 Flow Protection
Packets dropped due to loopback redirect:
0
Pass-through pkts dropped on assignment update:0
Connections bypassed due to load:
0
Packets sent back to router:
0
GRE packets sent to router (not bypass)
0
Packets sent to another WAE:
1444
GRE fragments redirected:
0
GRE encapsulated fragments received:
0
Packets failed encapsulated reassembly:
0
Packets failed GRE encapsulation:
0
--More-Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
44
Egress Method Mismatch
 Only WCCP GRE Return is supported as a
‘negotiated-return’ egress method
WAE raises minor alarm if negotiated return method is L2
 Generic GRE egress method only supports WCCP
GRE as the intercept-method
WAE raises minor alarm if negotiated intercept method is
L2
 Alarm cleared when mismatch is resolved by
altering the egress method and/or WCCP
configuration
 Verify configured and used egress method with sh
egress-method CLI command
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
45
Egress Method
WAE674# show egress-methods
Intercept method : WCCP
TCP Promiscuous 61 :
WCCP negotiated return method : WCCP GRE
Destination
----------any
Egress Method
Configured
---------------------WCCP Negotiated Return
Egress Method
Used
------------WCCP GRE
TCP Promiscuous 62 :
WCCP negotiated return method : WCCP GRE
Destination
----------any
Egress Method
Configured
---------------------WCCP Negotiated Return
Egress Method
Used
------------WCCP GRE
IP Forwarding,
WCCP GRE, or
Generic GRE
< snip >
WAE674#
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
46
Egress Method – Mismatch
WAE612# sh egress-methods
Intercept method : WCCP
TCP Promiscuous 61 :
WCCP negotiated return method : WCCP GRE
Egress Method
Egress Method
Destination
Configured
Used
----------- ---------------------- ------------any
Generic GRE
IP Forwarding
WARNING: WCCP has negotiated WCCP L2 as the intercept method for
which generic GRE is not supported as an egress method
in this release. This device uses IP forwarding as the
egress method instead of the configured generic GRE
egress method.
TCP Promiscuous 62 :
WCCP negotiated return method : WCCP GRE
Egress Method
Egress Method
Destination
Configured
Used
----------- ---------------------- ------------any
Generic GRE
IP Forwarding
WARNING: WCCP has negotiated WCCP L2 as the intercept method for
which generic GRE is not supported as an egress method
in this release. This device uses IP forwarding as the
egress method instead of the configured generic GRE
egress method.
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
47
Inline Interception
WAE-612# show interface inlineGroup 1/0
Interface is in intercept operating mode.
Standard NIC mode is off.
Disable bypass mode is off.
VLAN IDs configured for inline interception: All
Watchdog timer is enabled.
Timer frequency: 1600 ms.
Autoreset frequency 500 ms.
The watchdog timer will expire in 1452 ms.
WAE-612#
Intercept Operating
Mode or Bypass
Operating Mode
Check vlan(s)
 Intercept operating mode – Packet are passed
to WAAS for (potential) optimization
 Bypass operating mode – Mechanical bypass
between ports in InlineGroup during failure or admin
shutdown
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
48
show interface inlinePort
WAE-612# show interface inlinePort 1/0/wan
Device name
: eth4. Bypass master interface.
Packets Received
: 54231
Use ‘sh int inlinep’ to Determine
Packets Intercepted: 0
Device Name for Any InlinePort
Packets Bridged
: 54231
The Device Name Is Needed for
Packets Forwarded : 0
Packet Captures
Packets Dropped
: 0
Packets Received on native
: 0
Active flows for this interface : 0
...
WAE-612# show interface inlinePort 1/0/lan
Device name
: eth5. Bypass slave interface.
Packets Received
: 334602
Packets Intercepted: 0
Traffic intercepted on the inlinePort
Packets Bridged
: 334599
interface should be seen as
Packets Forwarded : 0
incrementing – i.e. being inspected
Packets Dropped
: 3
Packets Received on native
: 0
Traffic bridged is non tcp or not
Active flows for this interface : 0
being inspected
...
WAE-612#
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
49
Auto Discovery - Refresher
 Client’s SYN forwarded by WAE1 with Auto Discovery Options
 SYN forwarded again by WAE2 with Auto Discovery Options
 SYN/ACK processed by WAE2, Auto Discovery Options added
 SYN/ACK processed by WAE1, to determine Auto Discovery
success, SYN/ACK sent to Client and ACK with options sent to
WAE2
 ACK with options processed by WAE2 to determine Auto Discovery
WCCPv2
WCCPv2
success, ACK sent to
server.
or PBR
or PBR
WAN
WAE1
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
WAE2
Cisco Public
50
Automatic Discovery Verification
WAE
Client
WAE
Server
Client:Server
TCP SYN
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
51
Automatic Discovery Verification
WAE
Client
Client:Server
TCP SYN
Presentation_ID
WAE
Server
Client:Server
TCP SYN+OPT
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
52
Automatic Discovery Verification
Client
WAE
WAE
Server
Client:Server
TCP SYN+OPT
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
53
Automatic Discovery Verification
Client
WAE
WAE
Server:Client
TCP SYN+ACK+OPT
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Server
Server:Client
TCP SYN+ACK
54
Auto-Discovery Statistics
WAE-674# show stat auto-discovery
...
Auto discovery failure:
No peer or asymmetric route:
Insufficient option space:
Invalid connection state:
Missing Ack conf:
Intermediate device:
...
Auto discovery success TO:
Internal server:
External server:
Auto discovery success FOR:
Internal client:
Could not
External client:
Auto discovery success SYN retransmission:
Zero retransmit:
One retransmit:
Two+ retransmit:
Auto discovery Miscellaneous:
RST received:
SYNs found with our device id:
SYN retransmit count resets:
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
0
0
0
0
0
40
0
2902WAE
find a peer
0
2902
0
0
0
0
0
55
Auto-Discovery Statistics
WAE-674# show stat auto-discovery
...
Auto discovery failure:
No peer or asymmetric route:
Insufficient option space:
Invalid connection state:
Missing Ack conf:
Intermediate device:
...
Auto discovery success TO:
Internal server:
External server:
Auto discovery success FOR:
Internal client:
External client:
Auto discovery success SYN retransmission:
Zero retransmit:
One retransmit:
Two+ retransmit:
Auto discovery Miscellaneous:
RST received:
SYNs found with our device id:
SYN retransmit count resets:
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
0
0
0
0
0
40
0
2902
0
Not enough space in TCP
Options header
for AD
2902
option 0
0
0
0
0
56
Auto-Discovery Statistics
WAE-674# show stat auto-discovery
...
Auto discovery failure:
No peer or asymmetric route:
Insufficient option space:
Invalid connection state:
Missing Ack conf:
Intermediate device:
...
Auto discovery success TO:
Internal server:
External server:
Auto discovery success FOR:
Internal client:
External client:
Auto discovery success SYN retransmission:
Zero retransmit:
One retransmit:
Two+ retransmit:
Auto discovery Miscellaneous:
RST received:
SYNs found with our device id:
SYN retransmit count resets:
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
0
0
0
0
0
40
0
2902
0
The WAE is not closest to
the server
or client
2902
0
0
0
0
0
57
Auto-Discovery Statistics
WAE-674# show stat auto-discovery
...
Auto discovery failure:
No peer or asymmetric route:
0
Insufficient option space:
0
Invalid connection state:
0
Missing Ack conf:
0
Intermediate device:
0
...
Auto discovery success TO:
Packet received
with our
Internal server:
40
External server:
TCP option0- indicates a
Auto discovery success FOR:
redirection2902
loop
Internal client:
External client:
0
Auto discovery success SYN retransmission:
Zero retransmit:
2902
One retransmit:
0
Two+ retransmit:
0
Auto discovery Miscellaneous:
RST received:
0
SYNs found with our device id:
0
SYN retransmit count resets:
0
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
own
58
Redirection Problems
 During normal operation, there are 3 different
connection segments for an optimized flow
WAN
 In the event of an interception failure, packets from
an original connection could be received on the
optimized segment by a peer WAE
X
WAN
?
%WAAS-SYS-3-900000:src=10.56.46.183:4386
dst=10.56.46.164:445 Unoptimised packet received on
optimized socket: seq=2796284443 end_seq=279628444
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
60
Transport Optimizations
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
WAE Overview
Diagnostic Reports
Physical Components
Platform
> Transport Optimizations
Application Acceleration
Packet Capture Debugs
Summary
Cisco Public
61
Wide Area Application Engine (WAE)
IOS Platform with Services and CLI
CIFS
AO
MAPI
AO
HTTP
AO
SSL
AO
Video
AO
NFS
AO
EPM
WoW
TCP Proxy with Scheduler Optimizer (SO)
DRE, LZ, TFO
Virtual Virtual
Blade Blade
#2
#3
Configuration
Management
System
(CMS)
Virtual Blades
Cisco Linux Kernel
Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery
Flash
IOS Shell
Linux
Presentation_ID
Application
Storage
Object
Storage
© 2010 Cisco and/or its affiliates. All rights reserved.
DRE
Storage
Cisco Public
Virtual Blade
Storage
/vbspace
Ethernet
Network
I/O
62
Verify Global TFO Status
WAE674# show statistics tfo
Total number of connections
: 108
No. of active connections
: 1
No. of pending (to be accepted) connections
: 0
No. of bypass connections
: 1
No. of normal closed conns
: 96
No. of reset connections
: 11
Socket write failure
: 4
Socket read failure
: 0
Total
number
of
TCP
optimized
WAN socket close while waiting to write
: 1
connections
AO socket close while waiting
to write
: 0
WAN socket error close while waiting to read
: 0
AO socket error close while waiting
to number
read
1
Total
of :TCP
connections
DRE decode failure
: 0
that were optimized
DRE encode failure
: 0 since the last
Connection init failure
: 0
TFO statistics reset.
WAN socket unexpected close while waiting to read : 5
Exceeded maximum number of supported connections : 0
Buffer allocation or manipulation failed
: 0
Peer received reset from end host
: 0
Overload
Indicator
DRE connection state out of sync
: 0
Memory allocation failed for buffer heads
: 0
Unoptimized packet received on optimized side
: 0
<snip>
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
63
Pass Through Statistics
POD3-674-EDGE# show statistics pass-through
Outbound
---------------------PT Client:
Bytes
5161
Packets
58
PT Server:
Bytes
156109
Packets
2191
PT In Progress:
Bytes
25962337
Packets
197369
Overall
No Peer
Rjct Capabilities
Rjct Resources
Rjct No License
App Config
Global Config
Asymmetric
In Progress
Intermediate
Internal Error
App Override
Server Black List
AD Version Mismatch
AD AO Incompatible
AD AOIM Progress
DM Version Mismatch
Peer Override
Bad AD Options
Non-optimizing Peer
Interception ACL
Presentation_ID
Active
---------------------1
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
© 2010 Cisco and/or its affiliates. All rights reserved.
Active and historical passthrough connection counts
Completed
---------------------13180
730
0
0
0
0
0
11
12439
0
0
0
0
0
0
0
0
0
0
0
0
Cisco Public
64
CM Connection Statistics
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
65
CM Connection Detail View
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
66
CM Connection Statistics
Client
WAE
CompressionRatio =
Presentation_ID
OptimizedReadBytes + OptimizedWriteBytes
OriginalReadBytes + OriginalWriteBytes
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
67
Connection Statistics
POD3-674-EDGE# show statistics connection
Current Active Optimized Flows:
Current Active Optimized TCP Plus Flows:
Current Active Optimized TCP Only Flows:
Current Active Optimized TCP Preposition Flows:
Current Active Auto-Discovery Flows:
Current Reserved Flows:
Current Active Pass-Through Flows:
Historical Flows:
3
2
0
0
0
15
5
11
D:DRE,L:LZ,T:TCP Optimization RR:Total Reduction Ratio
A:AOIM,C:CIFS,E:EPM,G:GENERIC,H:HTTP,M:MAPI,N:NFS,S:SSL,V:VIDEO
ConnID
4
11
13
Source IP:Port
22.1.34.100:16104
22.1.32.100:1231
22.1.32.100:1556
Local IP:Port
192.168.1.2:11821
192.168.1.2:54907
--More--
Presentation_ID
Dest IP:Port
PeerID Accel
22.1.31.10:50139 00:1a:64:c2:2b:9c TDL
22.1.34.100:445 00:1a:64:c2:2b:9c TCDL
22.1.34.100:80 00:1a:64:c2:2b:9c THDL
Remote IP:Port
22.1.33.21:443
22.1.33.20:443
© 2010 Cisco and/or its affiliates. All rights reserved.
Peer ID
N/A
N/A
Cisco Public
RR
00.0%
66.0%
96.1%
ConnType
PT In Progress
PT In Progress
68
Detailed Connection Statistics
POD3-674-EDGE# show
statistics connection conn-id 13
Connection Id:
13
Peer Id:
Connection Type:
Start Time:
Source IP Address:
Source Port Number:
Destination IP Address:
Destination Port Number:
Application Name:
Classifier Name:
Map Name:
Directed Mode:
Preposition Flow:
Policy Details:
Configured:
Derived:
Peer:
Negotiated:
Applied:
Accelerator Details:
Configured:
Derived:
Applied:
Hist:
Bytes Read:
Bytes Written:
00:1a:64:c2:2b:9c
EXTERNAL CLIENT
Wed May 12 10:39:11 2010
22.1.32.100
1556
22.1.34.100
80
Web
HTTP
basic
FALSE
FALSE
Application & classifier
Configured and negotiated
policies
TCP_OPTIMIZE
TCP_OPTIMIZE
TCP_OPTIMIZE
TCP_OPTIMIZE
TCP_OPTIMIZE
HTTP
HTTP
HTTP
None
+
+
+
+
+
DRE
DRE
DRE
DRE
DRE
+
+
+
+
+
LZ
LZ
LZ
LZ
LZ
AO Applied
Bytes read and written
on optimized and nonoptimized sockets
Original
Optimized
-------------------- -------------------902
210275
2293934
1000
Total Reduction Ratio: 90.793%
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
69
Detailed Connection Statistics
<continued>
DRE : 13
Conn-ID: 13 22.1.32.100:1555 -- 22.1.34.100:80 Peer No: 0 Status: Active
-----------------------------------------------------------------------------Open at 05/12/2010 10:39:11, Still active
Encode:
Overall: msg:
5, in:
1422 B, out:
642 B, ratio: 54.85%
DRE: msg:
0, in:
0 B, out:
0 B, ratio:
0.00%
DRE Bypass: msg:
5, in:
1422 B
LZ: msg:
3, in:
1478 B, out:
620 B, ratio: 58.05%
LZ Bypass: msg:
2, in:
0 B
Avg latency:
0.094 ms
Delayed msg:
0
Encode th-put:
2948 KB/s
Message size distribution:
0-1K=0% 1K-5K=0% 5K-15K=0% 15K-25K=0% 25K-40K=0% >40K=0%
Decode:
Overall: msg:
53, in:
133 KB, out:
2257 KB, ratio: 94.11%
DRE: msg:
52, in:
147 KB, out:
2256 KB, ratio: 93.48%
DRE Bypass: msg:
5, in:
924 B
LZ: msg:
6, in:
5772 B, out: 21085 B, ratio: 72.63%
LZ Bypass: msg:
47, in:
127 KB
Avg latency:
0.641 ms
Decode th-put: 66404 KB/s
Message size distribution:
0-1K=2% 1K-5K=0% 5K-15K=4% 15K-25K=13% 25K-40K=29% >40K=50%
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
70
Encode and Decode – LZ and DRE
Decode
Presentation_ID
Encode
© 2010 Cisco and/or its affiliates. All rights reserved.
Encode
Cisco Public
Decode
71
Insufficient Cache Overload Condition
WAE674# show statistics dre
Cache:
Status: Usable, Oldest Data (age): 7h
Total usable disk size: 143487 MB, Used: 0.05%
Hash table RAM size:
573 MB, Used: 0.00%
Connections:
Total (cumulative): 1883
Encode:
Overall: msg:
317866, in:
DRE: msg:
164965, in:
DRE Bypass: msg:
306256, in:
LZ: msg:
164434, in:
LZ Bypass: msg:
153432, in:
Avg latency:
0.056 ms
Encode th-put:
2570 KB/s
Message size distribution:
0-1K=97% 1K-5K=2% 5K-15K=0%
Decode:
Overall: msg:
471556, in:
DRE: msg:
166395, in:
DRE Bypass: msg:
306171, in:
LZ: msg:
13916, in:
LZ Bypass: msg:
457640, in:
..
Presentation_ID
Active: 6
45651 KB, out: 45651 KB, ratio: 89.22%
44237 KB, out: 44237 KB, ratio: 83.32%
1413 KB
9108 KB, out:
9108 KB, ratio: 63.96%
Combine
cache usage and age with the
0 B
Delayed statistics
msg:
encode
for327
compression to
assess adequacy of cache size
15K-25K=0%
63895
63150
916
1632
62263
© 2010 Cisco and/or its affiliates. All rights reserved.
25K-40K=0%
KB, out:
KB, out:
KB
KB, out:
KB
Cisco Public
>40K=0%
63895 KB, ratio:
63150 KB, ratio:
95.94%
95.98%
1632 KB, ratio:
58.29%
72
Peer Fan-out Overload Condition
• The number of degraded peers means peers in excess of fan out
limits for the device.
• These peers cannot add new data into DRE cache, they can only
read from and use existing chunks in cache.
• This shows how many peers are in that state, max historically
and current.
WAE7326# show statistics peer dre
Current
Current
Current
Maximum
Maximum
Maximum
number
number
number
number
number
number
of
of
of
of
of
of
connected peers:
active peers:
degrade peers:
connected peers:
active peers:
degraded peers:
20
13
0
32
32
0
< snip >
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
73
TFO Overload Condition
WAE-674# show statistics tfo detail
Total number of connections
No. of active connections
No. of pending (to be accepted) connections
..
: 31
: 1
: 0
Optimized connections
Policy Engine Statistics
------------------------Session timeouts: 0, Total timeouts: 0
Last keepalive received 00.9 Secs ago
Last registration occurred 16:53:06.9 Hours:Mins:Secs ago
Hits:
3327, Update Released:
Active Connections:
1, Completed Connections:
Drops:
0
Rejected Connection Counts Due To: (Total: 0)
Not Registered
:
0, Keepalive Timeout
No License
:
0, Load Level
Connection Limit
:
0, Rate Limit
Minimum TFO
:
0, Resource Manager
Global Config
:
0, Server-Side
DM Deny
:
0, No DM Accept
Active Connections
2556
772
:
:
:
:
:
:
0
0
0
0
0
0
Connection Limit
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
74
AO Overload Condition
WAE-674# show statistics accelerator http detail
Optimized connections
..
Total Handled Connections:
Total Optimized Connections:
Total Connections Handed-off with Compression Policies Unchanged:
Total Dropped Connections:
Current Active Connections:
Current Pending Connections:
Maximum Active Connections:
Total Time Saved (ms):
..
16
16
0
0
0
0
4
123
Active Connections
Policy Engine Statistics
------------------------Session timeouts: 0, Total timeouts: 0
Last keepalive received 00.0 Secs ago
Last registration occurred 17:19:05.2 Hours:Mins:Secs ago
Hits:
18, Update Released:
Active Connections:
0, Completed Connections:
Drops:
0
Rejected Connection Counts Due To: (Total: 0)
Not Registered
:
0, Keepalive Timeout
No License
:
0, Load Level
Connection Limit
:
0, Rate Limit
Minimum TFO
:
0, Resource Manager
Global Config
:
0, Server-Side
DM Deny
:
0, No DM Accept
2
16
:
:
:
:
:
:
0
0
0
0
0
0
Connection Limit
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
75
Transaction Logs
 Every transaction generates log
 Multiple transaction attributes recorded
TCP connection start time
TCP connection end time
Optimization done (AO, DRE, LZ, TFO, or PT)
Flow identification information (L3/L4/L5)
Bytes
Origin received/sent
Optimized received/sent
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
76
Transaction Logs – CM
 Enable transaction
logging on WAEs
 Written to
/local1/logs/tfo/
 Archive log schedule
 The archive filenames
use this format:
tfo_log_IPADDRESS_YY
YYMMDD_HHMMSS.txt
 Export log schedule
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
77
TFO Transaction Logs
WAE# cd logs/tfo
WAE#
WAE# ls
ftp_export.status
tfo_log_22.1.43.10_20090508_190000.txt
tfo_log_22.1.43.10_20090508_200000.txt
tfo_log_22.1.43.10_20090508_210000.txt
working.log
WAE#
WAE# type-tail working.log
Location of logs
The archive files and
the current log files
Log entries (fields delimited by “:”)
Fri May 8 21:08:19 2009 :22.1.43.10 :42029 :22.1.43.20 :443 :BP :NO_PEER :
(TFO) (TFO) (None) :<None> :(None) (None) :<None> :<None>
Fri May 8 21:08:34 2009 :22.1.41.10 :13113 :22.1.43.20 :443 :BP :ASYMMETRIC :
(TFO) (None) (TFO) :<None> :(None) (None) :<None> :<None>
..
<date and time>:<src IP>:<src port>:<dst IP>:<port>:BP:<pass-through reason>::
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
78
Sawmill Transaction Log Analysis
 Sawmill understands WAAS transaction logs
 Syslog or FTP/SFTP transfer
 Extensive reports
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
79
Application Acceleration
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
WAE Overview
Diagnostic Reports
Physical Components
Platform
Transport Optimizations
> Application Acceleration
Packet Capture Debugs
Summary
Cisco Public
80
Wide Area Application Engine (WAE)
IOS Platform with Services and CLI
CIFS
AO
MAPI
AO
HTTP
AO
SSL
AO
Video
AO
NFS
AO
EPM
WoW
TCP Proxy with Scheduler Optimizer (SO)
DRE, LZ, TFO
Virtual Virtual
Blade Blade
#2
#3
Configuration
Management
System
(CMS)
Virtual Blades
Cisco Linux Kernel
Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery
Flash
IOS Shell
Linux
Presentation_ID
Application
Storage
Object
Storage
© 2010 Cisco and/or its affiliates. All rights reserved.
DRE
Storage
Cisco Public
Virtual Blade
Storage
/vbspace
Ethernet
Network
I/O
81
Accelerator Status
 Displays the configuration and operational state of each
accelerator
POD3-674-EDGE# show accelerator
Accelerator
----------cifs
epm
http
mapi
nfs
ssl
video
wafs-core
wafs-edge
Licensed
-------Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
POD3-674-EDGE#
License Name
-------------Transport
Enterprise
Video
Virtual-Blade
Presentation_ID
Config State
-----------Enabled
Enabled
Enabled
Enabled
Disabled
Disabled
Enabled
Disabled
Disabled
show license
Status
Activation Date
----------- --------------not active
active
04/07/2010
active
05/13/2010
active
04/07/2010
© 2010 Cisco and/or its affiliates. All rights reserved.
Operational State
----------------Running
Running
Running
Running
Shutdown
Shutdown
Running
Shutdown
Shutdown
Activated By
-------------admin
admin
admin
Cisco Public
83
Accelerator Status
POD3-674-EDGE# show accelerator
Accelerator
Licensed
-----------------cifs
Yes
cifs
Config State
-----------Enabled
CIFS:
Policy Engine Config Item
------------------------State
Default Action
Connection Limit
Effective Limit
Keepalive timeout
POD3-674-EDGE# show accelerator
Accelerator
Licensed
-----------------mapi
Yes
Operational State
----------------Running
Value
----Registered
Use Policy
2000
1985
5.0 seconds
mapi
Config State
-----------Enabled
MAPI:
Accelerator Config Item
----------------------Read optimization
Write optimization
Reserved pool size max percent
Operational State
----------------Running
Mode
---User
User
User
Policy Engine Config Item
Value
----------------------------State
Registered
Default Action
Use Policy
Connection Limit
2000
Effective Limit
1985
Keepalive
timeout
5.0
seconds
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Value
-----enabled
enabled
15%
84
Global AO Statistics
show statistics accelerator <ao>
 Common statistics for all accelerators
WAE# show statistics accelerator http
HTTP:
Global Statistics
----------------Time Accelerator was started:
Mon Jun 22 02:25:53 2009
Time Statistics were Last Reset/Cleared:
Mon Jun 22 02:25:53 2009
Total Handled Connections:
52
Total Optimized Connections:
52
Total Connections Handed-off with Compression Policies Unchanged: 0
Total Dropped Connections:
0
Current Active Connections:
0
Current Pending Connections:
0
Maximum Active Connections:
30
Total Time Saved (ms):
312
Current Active Connections Free For Fast Connection Use:
0
Total Connections Handed-off:
0
Total Connections Handed-off with Compression Policies Disabled:
0
Total Connections Handed-off to SSL:
0
Total Connection Hand-off Failures:
0
Total Fast Connection Successes:
5
<snip>
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
85
CIFS Acceleration
 Verify CIFS is properly configured
POD3-674-EDGE# show run | include CIFS
name WAFS classifier CIFS action optimize full accelerate cifs
POD3-674-EDGE#show run | begin CIFS
...skipping
classifier CIFS
match dst port eq 139
match dst port eq 445
exit
 Verify established connections
POD3-674-EDGE# show statistics connection optimized cifs
<snip>
D:DRE,L:LZ,T:TCP Optimization RR:Total Reduction Ratio
A:AOIM,C:CIFS,E:EPM,G:GENERIC,H:HTTP,M:MAPI,N:NFS,S:SSL,V:VIDEO
ConnID
15
Presentation_ID
Source IP:Port
22.1.32.100:3142
© 2010 Cisco and/or its affiliates. All rights reserved.
Dest IP:Port
PeerID Accel RR
22.1.34.100:445 00:1a:64:c2:2b:9c TCDL 81.2%
Cisco Public
86
EPM / MAPI Acceleration
WAE674# show policy-engine application dynamic
Dynamic Match Freelist Information:
Allocated: 32768 In Use: 1 Max In Use: 10 Allocations: 4957
Dynamic Match Type/Count Information:
None
0
Clean-Up
0
Host->Host
0
Host->Local
0
Local->Host
0
Local->Any
0
Any->Host
1
Any->Local
0
Any->Any
0
1 entry per server
Individual Dynamic Match Information:
Number:
1
Src: ANY:ANY
Type: Any->Host (6) User Id: EPM (3)
Dst: 10.56.44.245:1248
Map Name: uuida4f1db00-ca47-1067-b31f-00dd010662da
Flags: TIME_LMT REPLACE FLOW_CNT
Seconds: 1200 Remaining: - NA - DM Index: 32766
Hits: 1
Presentation_ID
Flows: 2
Cookie: 0x00000000
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
MAPI UUID
Hit and Conn count
87
MAPI Acceleration
WAE674# show statistics accelerator mapi
..
Current Active Connections:
17
Session Versions
Current Pending Connections:
0
..
Total Secured Connections:
0
..
Current 2003 Accelerated Sessions:
9
Current 2007 Accelerated Sessions:
8
Current 2010 Accelerated Sessions:
0
Lower than 2000 Sessions:
0
..
..
Potential Escaped
Reserved Connections Pool Statistics
Connections
-----------------------------------Current In-Use Connections:
17
Current Reserved (Unused) Connections:
46
Average In-Use Connections in Last One Hour
14.30
Average Reserved (Unused) Connections in Last One Hour
45.73
Average In-Use Connections in Last 5min
13.26
Average Reserved (Unused) Connections in Last 5min
45.26
Configured Maximum Reserved (Unused) Connections:
900
Rejected Interesting Connections Due To No Reservation:
0
Rejected Interesting Connections Due To Unavailable Peer:
0
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
88
HTTP Acceleration
 Check connections statistics
WAE674# show statistics connection optimized http detail
< snip >
HTTP : 30
Time Statistics were Last Reset/Cleared:
Total Bytes Read:
Total Bytes Written:
Total Bytes Buffered:
Total Internal Bytes Read:
Total Internal Bytes Written:
Bit Flags for I/O state:
Internal object pointer:
Fast connections:
Thu May 13 03:54:48 2010
794
8660
794
8660
0
0
8
8
1040
138630904
0
Positive value = latency mitigation
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
89
HTTP Acceleration
 Check accelerator statistics
WAE674# show statistics accelerator http
<snip>
Maximum Active Connections:
4
Total Time Saved (ms):
123
Current Active Connections Free For Fast Connection Use:
0
Total Connections Handed-off:
0
Total Connections Handed-off with Compression Policies Disabled:
0
Total Connections Handed-off to SSL:
0
Suppress
Server
Encoding
Total Connection Hand-off Failures:
0
Total Fast Connection Successes:
2
..
Total Time Saved by Fast Connection Use (ms):
123
..
Total Server Compression Suppression:
20
..
34
Total Hints Sent to DRE Layer to Flush Data:
Total Hints Sent to DRE Layer to Skip LZ:
0
Total Hints Sent to DRE Layer to Skip Header Information:
20
POD3-674-EDGE#
Total Number of DRE hints for the 3 types
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
90
SSL Acceleration
WAE-674# show crypto certificates
Accelerated service
Certificate Only Store:
----------------------<EMPTY>
Managed Store:
-------------File: any-ssl.p12
Format: PKCS12
EEC: Subject: emailAddress=bubba@davis.com/C=US/ST=California/L=San Jose/OU=W
AAS/O=Cisco Systems/CN=*.domain.com
Issuer: emailAddress=bubba@davis.com/C=US/ST=California/L=San Jose/OU=WA
AS/O=Cisco Systems/CN=*.domain.com
-------------------------------------------------------------------------------Local Store:
-----------Machine Self signed Certificate
------------------------------Format: PKCS12
Subject: C=US/ST=California/L=San Jose/OU=CNBU/O=Cisco Systems, Inc/CN=dc1-wae1.
allcisco.com/emailAddress=tac@cisco.com
Issuer: C=US/ST=California/L=San Jose/OU=CNBU/O=Cisco Systems, Inc/CN=dc1-wae1.a
llcisco.com/emailAddress=tac@cisco.com
Management Service Certificate
-----------------------------Format: PKCS12
EEC:Subject: C=US/ST=California/L=San Jose/OU=CNBU/O=Cisco Systems, Inc/CN=dc1-w
ae1.allcisco.com/emailAddress=tac@cisco.com
Issuer: C=US/ST=California/L=San Jose/OU=CNBU/O=Cisco Systems, Inc/CN=dc1-wa
e1.allcisco.com/emailAddress=tac@cisco.com
The WAAS Self Signed Certificate is being used as the Management Service Certificate
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
91
SSL Acceleration
WAE-674# show crypto certificates
Certificate Only Store:
----------------------<EMPTY>
Managed Store:
-------------File: any-ssl.p12
Format: PKCS12
EEC: Subject: emailAddress=bubba@davis.com/C=US/ST=California/L=San Jose/OU=W
AAS/O=Cisco Systems/CN=*.domain.com
Issuer: emailAddress=bubba@davis.com/C=US/ST=California/L=San Jose/OU=WA
AS/O=Cisco Systems/CN=*.domain.com
-------------------------------------------------------------------------------Local Store:
-----------Machine Self signed Certificate
------------------------------Format: PKCS12
Subject: C=US/ST=California/L=San Jose/OU=CNBU/O=Cisco Systems, Inc/CN=dc1-wae1.
allcisco.com/emailAddress=tac@cisco.com
Issuer: C=US/ST=California/L=San Jose/OU=CNBU/O=Cisco Systems, Inc/CN=dc1-wae1.a
llcisco.com/emailAddress=tac@cisco.com
Peering service
Management Service Certificate
-----------------------------Format: PKCS12
EEC:Subject: C=US/ST=California/L=San Jose/OU=CNBU/O=Cisco Systems, Inc/CN=dc1-w
ae1.allcisco.com/emailAddress=tac@cisco.com
Issuer: C=US/ST=California/L=San Jose/OU=CNBU/O=Cisco Systems, Inc/CN=dc1-wa
e1.allcisco.com/emailAddress=tac@cisco.com
The WAAS Self Signed Certificate is being used as the Management Service Certificate
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
92
SSL Acceleration
WAE-674# show crypto certificates
Certificate Only Store:
----------------------<EMPTY>
Managed Store:
-------------File: any-ssl.p12
Format: PKCS12
EEC: Subject: emailAddress=bubba@davis.com/C=US/ST=California/L=San Jose/OU=W
AAS/O=Cisco Systems/CN=*.domain.com
Issuer: emailAddress=bubba@davis.com/C=US/ST=California/L=San Jose/OU=WA
AS/O=Cisco Systems/CN=*.domain.com
-------------------------------------------------------------------------------Local Store:
-----------Machine Self signed Certificate
------------------------------Format: PKCS12
Subject: C=US/ST=California/L=San Jose/OU=CNBU/O=Cisco Systems, Inc/CN=dc1-wae1.
allcisco.com/emailAddress=tac@cisco.com
Issuer: C=US/ST=California/L=San Jose/OU=CNBU/O=Cisco Systems, Inc/CN=dc1-wae1.a
llcisco.com/emailAddress=tac@cisco.com
Management service
Management Service Certificate
-----------------------------Format: PKCS12
EEC:Subject: C=US/ST=California/L=San Jose/OU=CNBU/O=Cisco Systems, Inc/CN=dc1-w
ae1.allcisco.com/emailAddress=tac@cisco.com
Issuer: C=US/ST=California/L=San Jose/OU=CNBU/O=Cisco Systems, Inc/CN=dc1-wa
e1.allcisco.com/emailAddress=tac@cisco.com
The WAAS Self Signed Certificate is being used as the Management Service Certificate
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
93
SSL Accelerator
 Unlike other AOs, SSL does not use an ‘accelerate’ policy map entry
 Dynamic policy entries are created when SSL acceleration services
are brought ‘inservice’
WAE674# show run | begin crypto
Only configured on serverside (i.e. Core) WAEs
...skipping
crypto ssl services global-settings
version all
exit
!
crypto ssl services accelerated-service wx1.getthere.net
description Cisco Travel Network
version all
server-cert-key wx1.p12
server-ip 151.193.164.6 port 443
inservice
exit
crypto ssl services accelerated-service wwwin-tools.cisco.com
version all
server-cert-key wwwin-tools.p12
server-ip 171.70.150.5 port 443
inservice
exit
!
< snip >
WAE674#
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
94
SSL Accelerator
WAE-674# show policy-engine application dynamic
Dynamically created policy
for SSL traffic
<skip>
Individual Dynamic Match Information:
Number:
1
Type: Any->Host (6) User Id: SSL (4)
Src: ANY:ANY Dst: 2.53.4.3:443
Map Name: basic
Flags: SSL
Seconds: 0 Remaining: - NA - DM Index: 32765
Hits: 0 Flows: - NA - Cookie: 0x40000001
DM Ref Index: - NA - DM Ref Cnt: 0
Number:
2
Type: Any->Any (8) User Id: SSL (4)
Src: ANY:ANY Dst: ANY:443
Map Name: basic
Flags: REPLACE SSL
Seconds: 0 Remaining: - NA - DM Index: 32767
Hits: 2156 Flows: - NA - Cookie: 0x2FFFFFFF
DM Ref Index: - NA - DM Ref Cnt: 0
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Cookie Types:
server–ip: 0x8xxxxxxx
server-name : 0x4xxxxxxx
server-domain : 0x2fffffff
(special cookie which
indicates rDNS lookup is
required)
server-ip any : 0x1xxxxxxx
95
SSL Acceleration
 Check accelerator statistics
WAE674# show statistics accelerator ssl
< snip >
Number of SSLv3 negotiated on LAN:
Number of TLSv1 negotiated on LAN:
Number of SSLv3 negotiated on WAN:
Number of TLSv1 negotiated on WAN:
Number of SSLv3 negotiated on peer:
Number of TLSv1 negotiated on peer:
Total renegotiations requested by server:
Total SSL renegotiations attempted:
Total number of failed renegotiations:
Flows dropped due to renegotiation timeout:
POD3-674-EDGE# show statistic accelerator ssl | include Failed
Total Failed Handshakes:
Total Failed Certificate Verifications:
Failed certificate verifications due to invalid certificates:
Failed Certificate Verifications based on OCSP Check:
Failed Certificate Verifications (non OCSP):
Total Failed Certificate Verifications due to Other Errors:
Total Failed OCSP Requests:
Total Failed OCSP Requests due to Other Errors:
Total Failed OCSP Requests due to Connection Errors:
Total Failed OCSP Requests due to Connection Timeouts:
Total Failed OCSP Requests due to Insufficient Resources:
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
39
1237
39
1237
0
1276
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
96
SSL Acceleration
WAE674-EDGE# show statistics connection
<snip>
D:DRE,L:LZ,T:TCP Optimization,
A:AOIM,C:CIFS,E:EPM,G:GENERIC,H:HTTP,M:MAPI,N:NFS,S:SSL,V:VIDEO
ConnID
198
199
201
Source IP:Port
22.1.32.100:1939
22.1.32.100:1940
22.1.32.100:2046
Dest IP:Port
22.1.34.100:80
22.1.34.100:80
22.1.34.100:443
PeerID
00:1a:64:c2:2b:9c
00:1a:64:c2:2b:9c
00:1a:64:c2:2b:9c
Accel
THDL
THDL
TSDL
RR
67.8%
83.1%
79.3%
Accel
RR
WAE674-CORE# show statistics connection
<snip>
D:DRE,L:LZ,T:TCP Optimization,
A:AOIM,C:CIFS,E:EPM,G:GENERIC,H:HTTP,M:MAPI,N:NFS,S:SSL,V:VIDEO
ConnID
34
36
39
Source IP:Port
22.1.32.100:1939
22.1.32.100:1940
22.1.32.100:2046
Presentation_ID
Dest IP:Port
PeerID
22.1.34.100:80
22.1.34.100:80
22.1.34.100:443
© 2010 Cisco and/or its affiliates. All rights reserved.
00:1a:64:c3:08:2c
00:1a:64:c3:08:2c
00:1a:64:c3:08:2c
Cisco Public
THDL
THDL
TSDL
67.8%
83.1%
79.3%
97
Video Acceleration
WAE-674# show statistics accelerator video
Time elapsed since "clear statistics": 1days 0hr 50min 30sec
Video Connections
Summary connection statistics
==================================================================
Connections handled
num
%
-----------------------------------------------------------------Total handled
3330
100.00
Windows-media live accelerated
3329
99.97
Un-accelerated pipethru
1
0.03
Un-accelerated dropped due to config
0
0.00
Error dropped connections
0
0.00
Windows-media active sessions
current
peak
-----------------------------------------------------------------Outgoing (client) sessions
10
10
Incoming (server) sessions
1
10
Windows-media byte savings
==================================================================
% Bytes saved
Incoming(server) bytes
Outgoing(client) bytes
56.01
2.07 GB
4.71 GB
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
98
Video Acceleration
WAE-674# show statistics accelerator video
Time elapsed since "clear statistics": 1days 0hr 50min 30sec
Video Connections
==================================================================
Connections handled
num
%
-----------------------------------------------------------------Total handled
3330
100.00
Current
and
maximum
Windows-media live accelerated
3329
99.97
Un-accelerated pipethru
stream1 splitting0.03
activity
Un-accelerated dropped due to config
0
0.00
Error dropped connections
0
0.00
Windows-media active sessions
current
peak
-----------------------------------------------------------------Outgoing (client) sessions
10
10
Incoming (server) sessions
1
10
Windows-media byte savings
==================================================================
% Bytes saved
Incoming(server) bytes
Outgoing(client) bytes
56.01
2.07 GB
4.71 GB
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
99
Video Acceleration
 Detailed accelerator statistics provider unaccelerated and
error details
WAE-674# show statistics accelerator video detail
< snip >
Unaccelerated Connections
num
%
-----------------------------------------------------------------Total Unaccelerated
1
100.00
Unsupported player
0
0.00
Unsupported transport
0
0.00
Unsupported protocol
0
0.00
Windows-media VoD
1
100.00
Max stream bitrate overload
0
0.00
Max aggregate bitrate overload
0
0.00
Max concurrent sessions overload
0
0.00
Other
0
0.00
Error dropped connections
num
%
RTSP header in response missing
-----------------------------------------------------------------Total errors
0
0.00
wms-stream-type=“broadcast”
Client timeouts
0
0.00
cache control
header
Server timeouts
0
0.00
Client stream errors
0
0.00
Server stream errors
0
0.00
Other errors
0
0.00
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
x-
100
Packet Capture Debugs
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
WAE Overview
Diagnostic Reports
Physical Components
Platform
Transport Optimizations
Application Acceleration
> Packet Capture Debugs
Summary
Cisco Public
101
Packet Capture Debugs
 Packets can be captured on all WAAS interfaces
using one of the following CLI tools:
tethereal
tcpdump
 The Problem?
A packet capture taken on the WAE will contain packets
of all TCP segments
 How can you differentiate between original and
optimized connections?
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
102
Multiple TCP Segments
header
src
dst
header
src
dst
IP
Client
Server
IP
Client
Server
eth
Client
Router
eth
Router
header
src
dst
Server
Client
61 in
62 in
Client
exclude in
header
src
dst
IP
Server
Client
IP
eth
Router
Client
eth
header
src
dst
header
src
dst
IP
Client
Server
IP
Server
Client
eth
Router
WAE
eth
Router
WAE
Router
WAE
header
src
dst
header
src
dst
IP
Server
Client
IP
Client
Server
eth
WAE
Router
eth
WAE
Router
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
103
Displaying Optimized Segments
header
src
dst
header
src
dst
IP
Client
Server
IP
Client
Server
eth
Client
Router
eth
Router
header
src
dst
IP
Server
Client
61 in
62 in
Client
exclude in
eth
Router
header
src
dst
IP
Server
Client
eth
Router
WAE
WAE
Wireshark Display Filter:
tcp && ip.src == <ServerIP> && eth.dst == <WAE MAC addr>
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
104
Displaying Original Segments
header
src
dst
header
src
dst
IP
Client
Server
IP
Client
Server
eth
Client
Router
eth
Router
61 in
62 in
Client
header
src
dst
IP
Server
Client
eth
Router
Client
header
src
dst
IP
Client
Server
eth
Router
WAE
header
src
dst
IP
Server
Client
eth
WAE
Router
exclude in
WAE
Wireshark Display Filter:
tcp && ip.src == <ServerIP> && eth.src == <WAE MAC addr>
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
105
Summary
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
WAE Overview
Diagnostic Reports
Physical Components
Platform
Transport Optimizations
Application Acceleration
Packet Capture Debugs
> Summary
Cisco Public
106
Summary
 WAAS self diagnostic tool
 Validate configuration on interception device and
WAE
 WCCPv2 statistics on the WAE and router
 Automatic discovery counters to verify traffic flow
 Connection statistics provides granular details
 TFO transaction logs provide a history
 AO specific statistics
 Packet traces
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
107
BRKAPP-3006
Recommended Reading
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
108
RECOMMENDED READING
Enter to Win
a 12 Book Library
of Your Choice
from Cisco Press
Visit the Cisco Store
in the World of Solutions
Enter Session ID code
BRKAPP-3006
Check the Recommended Reading brochure for suggested products available
at the Cisco Store.
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
109
Questions ?
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
110
Complete Your Online
Session Evaluation
 Give us your feedback and you
could win fabulous prizes.
Winners announced daily.
 Receive 20 Cisco Preferred
Access points for each session
evaluation you complete.
 Complete your session
evaluation online now (open a
browser through our wireless
network to access our portal)
or visit one of the Internet
stations throughout the
Convention Center.
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved.
Don’t forget to activate your
Cisco Live and Networkers Virtual
account for access to all session
materials, communities, and on-demand
and live activities throughout the year.
Activate your account at any internet
station or visit www.ciscolivevirtual.com.
Cisco Public
111
Download PDF