Deploying WAAS
BRKAPP-2005
Agenda
 WAAS Overview
 WAAS Installation and Configuration
 Deployment into the Network
 WAAS Application Optimiser (AO) Deployments
 WAAS Sizing Guidelines
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
2
Case Study
Phoning Home
 Extensive Preamble
 Chatty
 Bandwidth Intensive
 Predominantly Unidirectional
 6x Optimised
 Minimal Overhead
 Compressed and Accelerated
 Repetitive Sequences
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
3
WAAS Overview
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
4
WAAS Overview
Drivers and Trends
Datacenter Transformation
New Applications, Services
Remote Access Evolution
 Virtualization
 Rich Media, Video
 Increased mobile users
 Private/Public Clouds
 Any-any collaboration
 „Low-footprint‟ branches
 Software-as-a-Service
 Virtual Desktops
 Partner access
Customers
/ Partners
Home Office/
Coffee Shop
New IT and WAN
Optimization
Requirements
xAAS - Cloud
Branch Office
Secondary Data Centre
Primary Data Centre
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Branch Office
Cisco Public
Guest
Users
Campus
5
WAAS Overview
Application Delivery Challenges
 LAN Connectivity
Round Trip Time ~ 0ms
–High bandwidth
–Low latency
Client
–Reliability
LAN
Switch
Server
 WAN Connectivity
–Already congested
Round Trip Time ~ Many milliseconds
–Low bandwidth
–Latency
Client
–Packet Loss
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
LAN
Switch
WAN
LAN
switch
Server
6
WAAS Overview
Cisco WAAS: WAN optimisation solution
Virtual Private
Cloud
New
Server
VMs
vWAAS
WAE
Nexus 1000v
WAAS
Express
Branch Office
UCS /x86 Server
FC SAN
WAAS
Service
Module
WAN
WAAS
Appliance
Branch Office
vPATH
VMware ESXi Server
Nexus 1000v VSM
Branch Office
New
Data Center or
Private Cloud
WAAS
Appliances
Internet
Server VMs
VMware ESXi
Regional Office
Presentation_ID
VPN
© 2011 Cisco and/or its affiliates. All rights reserved.
New
VPN
WAAS
Appliance
WAAS
Mobile
Server
vWAAS
Appliances
Cisco Public
Domestic
Mobile User
International
Mobile User
WAAS Mobile
Software
Over VPN
7
WAAS Overview
WAAS Product Offering
vWAAS
vWAAS-750
WAAS
Appliances
WAVE-274
WAAS ISR
Modules
890
WAAS
Mobile
WAAS Mobile
Tele Worker
Presentation_ID
WAVE-574
WAVE-474
1941/2901
Small Branch
29xx
Medium Branch
© 2011 Cisco and/or its affiliates. All rights reserved.
vWAAS-12000
WAE-674
WAE-73x1
SM-SRE-900
SM-SRE-700
WAAS
Express
vWAAS-6000
Cisco Public
39xx
Large Branch
Larger Branch to
Small Data
Center
Data Center &
Campus
8
WAAS Overview
Session and Transport Layer Optimisation
Client
Host
Application
Application
Presentation
WAAS 1
WAAS 2
Presentation
Session
Application
Optimizer
(AO)
Application
Optimizer
(AO)
Session
Transport
TFO
TFO
Transport
Network
Network
Network
Network
Data Link
Data Link
Data Link
Data Link
Physical
Origin
Physical
Optimized
Physical
Origin
Physical
WAN
BRKAPP-2005
Presentation_ID
14633_05_2008_c1
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
9
WAAS Overview
Architecture
IOS Platform with Services and CLI
CIFS
AO
MAPI
AO
HTTP
AO
RTSP
AO
NFS
AO
EPM
AO
Windows
On
WAAS
(WOW)
SSL
AO
TCP Proxy with Scheduler Optimizer (SO)
DRE, LZ, TFO
ACNS
On
WAAS
ACNS
VB
Virtual
Blade
#3
Virtual Blades
Kernel Virtual Machine
Configuration
Management
System
(CMS)
Cisco Linux Kernel
Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery
Flash
IOS Shell
Linux
Application
Storage
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Object
Storage
DRE
Storage
Cisco Public
Virtual Blade
Storage
Ethernet
Network
I/O
10
WAAS Overview
TFO versus regular TCP in the WAN
Cisco TFO Provides Significant Throughput
Improvements over Standard TCP Implementations
TFO
cwnd
TCP
Slow Start Congestion Avoidance
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Time (RTT)
Cisco Public
11
WAAS Overview
Advanced Compression
Benefits
• Application-agnostic compression
• Up to 100:1 compression
 Data Redundancy Elimination (DRE)
 Persistent LZ compression
• Session-based compression
• Up to an additional 10:1 compression
even after DRE
LZ
WAN
LZ
DRE
DRE
Synchronized
Compression
History
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
12
WAAS Overview
Application-Specific Acceleration
 Application and Protocol
Awareness
 Application Optimisers (AO‟s)
–Minimize chatter -> Latency Mitigation
–Safe caching
–Scheduled File preposition
 Intelligent Server Offload
–CIFS, NFS, MAPI, Video, HTTP, SSL,
Windows Printing.......
 Licensed developed and validated
with application vendors
–Caching and optimizations
Remote Office
Data Center
WAN
• Object Cache Verification
• Security and Control
• WAN Optimization
• LAN-like Performance
• WAN Bandwidth Savings
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
• Server Safely Offloaded
• Fewer Servers Needed
• Power/Cooling Savings
13
WAAS Overview
Network Transparency
B/24
C/24
A/24
WAN
D/24
E/24
 Packets between each network are routed as normal. WAAS autodiscovery will find WAEs in path
 WAAS Network Transparency (same L3/L4 headers) allows application
acceleration components to maintain compliance with existing network
features
– Quality of Service (QoS), NBAR
– NetFlow, monitoring, reporting
– Security functions (ACLs, firewall policies)
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
14
WAAS Overview
Auto-Discovery – Two WAE Configuration
 In-band signaling with TCP option 0x21
 If a WAE that was optimizing connections
fails:
 WAE B closest to host (A) and WAE (C)
closest to host (B)
–Receiving host will see segments with
SEQ/ACK numbers that are out of range
 Connection optimized between WAE (B)
and (C)
–Host will reset (RST) connection
 WAE shifts optimized TCP SEQ number by
–WAAS will propagate the RST
2 billion
–Host application will re-establish a new
TCP connection
A
B
A:D SYN
D:A SYN/ACK
Presentation_ID
C
A:D SYN(OPT)
D:A SYN/ACK(OPT)
Connection
© 2011 Origin
Cisco and/or
its affiliates. All rights reserved.
Optimized
Connection
Cisco Public
D
A:D SYN(OPT)
D:A SYN/ACK
Origin Connection
15
WAAS Overview
Auto-Discovery – Cascade WAE Configuration
 WAE (B) closest to host (A)
 WAE (D) closest to host (E)
 Intermediate WAE (C) sees TCP option in both directions and goes into Pass Through
(PT)
 WAE supports 10X optimized limit for Pass Through
A
B
A:E SYN
E:A SYN/ACK
A:E ACK
Presentation_ID
C
D
A:E SYN(OPT)
A:E SYN(OPT)
E:A SYN/ACK(OPT)
E:A SYN/ACK(OPT)
A:E ACK(OPT)
Origin Connection
© 2011 Cisco and/or its affiliates. All rights reserved.
A:E ACK(OPT)
Optimized
Connection
Cisco Public
E
A:E SYN(OPT)
E:A SYN/ACK
A:E ACK
Origin Connection
16
WAAS Overview
Intermediate Firewall Support Options
 Tunnel through Firewall
 WAAS Directed Mode
–Not managed by WAAS
–Permit TCP options and UDP 4050 tunnel
–Renders firewall useless for stateful L3/L4 packet
filtering
–Traffic optimized by WAAS using auto-discovery but
then tunneled between WAE‟s
–Firewall rendered useless for L3, L4, or L5 packet
filtering and stateful inspection
 Permit TCP options and disable sequence number Cisco firewall with WAAS awareness
checking on firewall
–Traffic transparently optimized by WAAS using autodiscovery
–Cisco firewall preserves L3/L4 stateful inspection by
permitting TCP options and statefully tracking TCP
sequence number shift
–Allowing WAAS TFO Autodiscovery
–Firewall implementing stateless L3/L4 filters
A
B
Optimized Connection
No
Connection
Layer Security
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Origin Connection
Presentation_ID
C
D
E
Origin Connection
17
WAAS Deployment
Installation and Configuration
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
18
Basic Configuration
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
19
WAAS Deployment
Deployment Overview
1.
Initial setup is done using IOS-like Console CLI
2.
License configuration is required
3.
Always bring up the Central Manager (CM) first
4.
Next bring up Application Accelerators
–
New WAAS devices will be auto-registered to WAAS CM and become a member of the
AllDevicesGroup or any other pre-configured Group within WAAS
–
When creating e.g. an AccelerationGroup make sure you apply the correct application policies (e.g.
set default one) and auto-membership for this group is enabled
5.
6.
Configure traffic interception (inline, WCCP etc)
–
Start traffic interception on Core or Central devices
–
Next add intercept to Remote Devices
Further configuration should be done from within the CM
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
20
WAAS Installation
Setup Script
 Prompted on boot of factory default box to run setup script or execute „setup‟
 Script prompts for configuration to communicate, network integrate,
manage, and license the WAE
 Ideal for CM and pilots or small deployments
 Proactive Diagnostics
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
21
WAE Interface Channeling
 Interfaces can be bundled into a
PortChannel for load-balancing wae(config)# interface PortChannel 1
wae(config-if)#no shut
and high availability across
wae(config-if)#ip address 10.1.1.31 255.255.255.0
switch modules
wae(config)# interface gigabitEthernet 1/0
 Requires identical interface
configuration on both
physical interfaces
 IP addresses are defined on the
PortChannel interface
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
wae(config-if)#no shutdown
DO NOT
wae(config-if)#channel-group 1
wae(config-if)#exit
wae(config)#interface gigabitEthernet 2/0
wae(config-if)#no shutdown
wae(config-if)#channel-group 1
Cisco Public
FORGET
22
Standby Network Interface Card (NIC)
 Must be layer 2 path between
two NICs
 MAC only on in-use interface
wae(config)#interface Standby 1
wae(config-if)#ip address 10.1.2.100 255.255.255.0
wae(config-if)#exit
wae(config)#interface GigabitEthernet 1/0
wae(config-if)#standby 1 primary
wae(config-if)#exit
 Primary preempts
wae(config)#interface GigabitEthernet 2/0
 No primary floats
wae(config-if)#exit
wae(config-if)#standby 1
WAE(config)#primary-interface standby 1
 Gratuitous ARPs on failover
wae#show interface standby 1
Interface Standby 1 (2 physical interface(s)):
GigabitEthernet 1/0 (active)
GigabitEthernet 2/0 (active) (primary) (in use)
G 1/0
Presentation_ID
G 2/0
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
23
Deploying WAAS Central Manager
(WAAS CM)
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
24
Central Management System (CMS)
 CMS process runs on all WAEs
 Bidirectional configuration synchronization between CM and
accelerators
 Communicates over HTTPS using self signed device specific
certificates and keys
 Central Manager collects health and monitoring data to every five
minutes by default
 CMS provides means to backup and restore configuration
 Provides means to replace a failed device with a new device
 Use “show cms info” to get CMS status
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
25
Deploying WAAS CM
CM Configuration
 Device located in Data Center
 Setup script recommended
 Non-default configuration
device mode central-manager
hostname dc1-cm1
license add Enterprise
–Device mode
primary-interface GigabitEthernet 1/0
–Hostname
interface GigabitEthernet 1/0
–Primary-interface
–IP configuration
ip address 10.1.1.31 255.255.255.0
–Date/time configuration
exit
–Configuration Management
System (CMS)
ip default-gateway 10.1.1.254
 CMS must be enabled to access the web GUI
 Reload required (role change)
 Optionally use standby interface to dual-home to
two switches
ip name-server 10.1.1.21
clock timezone AEST 10 0
ntp server ntp.foo.com
cms enable
copy run start
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
26
Deploying WAAS CM
WAAS CM Dashboard: https://cm-ipaddress:8443
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
27
Deploying WAAS CM
Group Configuration Best Practices
EdgeDevicesGroup
Transaction logs
Prepositioning
Disk encryption
Flow Agent
AllDevicesGroup
DNS
SNMP
Date/Time > NTP Server | Time Zone
Login Access Control > SSH | MoD | Exec Timeout
Authentication
Common criteria
System Log Settings
CoreDevicesGroup
Storage > Disk Error Handling
SSL Acceleration
AccelerationGroup
Application Policies
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
28
Deploying WAAS CM
WAAS Monitoring





Dashboard Aggregate Statistics
Optimisation Summary
Connection Trending
Application Acceleration (HTTP, CIFS, NFS, MAPI, Video, SSL, Print)
System-wide, Device Specific and Grouped by Location
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
29
Deploying Physical WAE
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
30
Deploying WAAS Accelerators
Device Mode Accelerator (default setting)
 Default configuration
hostname br1-wae1
–Hostname
primary-interface GigabitEthernet 1/0
–Primary-interface
interface GigabitEthernet 1/0
–IP configuration
ip address 10.1.100.101 255.255.255.0
–CMS enable




No reload required
CMS required to register with CM
Hostname for CM recommended to ease CM moves
Use standby to dual-home WAE to two switches in a
redundant environment (N+1 redundancy)
 Use EtherChannel® to achieve higher throughput
and redundancy
 Auto-registration option enables CM discovery
through DHCP
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
! Optionally configure 100 Mb Full Duplex
exit
ip default-gateway 10.1.100.254
ip name-server 10.1.1.21
! Implement DNS for CM mobility
central-manager address cm.foo.com
cms enable
copy run start
31
Deploying WAAS Accelerators
CM Manage Devices
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
32
Deploying WAAS Accelerators
Device Group Assignment
 Newly configured WAAS device is automatically
added to AllDeviceGroup
 Add the new device to other (e.g. Edge or Core)
groups where necessary
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
33
Deploying WAAS on SRE
Service Ready Engine (SRE)
SRE 700 SM
SRE 900 SM
Processor
1.86 GHz Intel Core 2 Duo
(Single Core)
1.86 GHz Intel Core 2 Duo
(Dual Core)
Maximum
Memory
2 GB
4 GB
Maximum
Storage
500 GB SATA HDD
2 x 500 GB SATA HDDs w/ RAID
0/1
Ports
Presentation_ID
 2 Internal GE ports
 1 External GE port
 1 External USB port
© 2011 Cisco and/or its affiliates. All rights reserved.
 2 Internal GE ports
 1 External GE port
 1 External USB port
Cisco Public
34
Deploying WAAS on SRE
Deployment Steps
 Initial SRE Configuration
–Configure IP Connectivity between ISR and SRE
 Initial WAAS Installation
–Load WAAS Software on SRE (when needed)
–WAAS on SRE: min version 4.2.1
–WAAS Version 4.3.1 recommended
 Initial WAAS Configuration
–Standard WAAS configuration steps
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
35
Deploying WAAS on SRE
Obtain WAAS Software
 Download WAAS software from CCO
–CCO account is needed
 Extract the ZIP file and install in FTP directory
–Make sure FTP Server is reachable from ISR!
waas-accelerator-4.2.3.7-k9.bin
waas-accelerator-4.2.3.7-k9.bin.install.sre
waas-accelerator-4.2.3.7-k9.bin.install.sre.header
waas-accelerator-4.2.3.7-k9.bin.installer
waas-accelerator-4.2.3.7-k9.bin.key
waas-accelerator-4.2.3.7-k9.bin.srebootloader
–Directory should contain following 6 files:
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
36
Deploying WAAS on SRE
Initial SRE Configuration
 SRE is recognized by IOS as “Interface SM<slot>/0”
Router#show run interface SM1/0
interface SM1/0
no ip address
shutdown
service-module fail-open
 Configure IP Addresses and Gateway
Router#conf t
Router(config)#interface SM1/0
Router(config)#ip address 10.42.12.254 255.255.255.0
Router(config)#service-module ip address 10.42.12.1 255.255.255.0
Router(config)#service-module ip default-gateway 10.42.12.254
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
37
Deploying WAAS on SRE
WAAS SW Load with Router CLI Script
 CLI Script: service-module sm1/0 install url
 Use the full path to the bin image
Router# service-module sm 1/0 install url (continued on next line)
ftp://username:password@10.42.40.100/waas/SRE/waas-accelerator-4.2.3.7-k9.bin
Proceed with installation? [no]: yes
Loading SRE/waas-accelerator-4.2.3.7-k9.bin.install.sre !
[OK - 1722/4096 bytes]
Welcome to the WAAS installation checking resource requirements now
Resource check complete proceeding with installation
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
38
Deploying WAAS on SRE
Initial Configuration using CLI
 Session into SRE (is reverse telnet on line 2067)
Router#service-module sm 1/0 session
Trying 10.42.12.254, 2067 ... Open
 Device comes up as Accelerator with Interface IP and Default
Gateway already configured
NO-HOSTNAME#sho run
! waas-accelerator-k9 version 4.2.3 (build b7 Jul 29 2010)
!
device mode application-acceleratorinterface GigabitEthernet 1/0
ip address 10.42.12.1 255.255.255.0
exit
!
ip default-gateway 10.42.12.254
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
39
Deploying WAAS on SRE
Initial Configuration using CLI
 Configure hostname, domain-name, dns, primary-interface
and central-manager address before enabling CMS and do
save the configuration (or use setup script...)
NO-HOSTNAME(config)#hostname SRE700
SRE700(config)#ip domain-name waas.bnelab.cisco.com
SRE700(config)#ip name-server 10.42.40.101
SRE700(config)#primary-interface gi 1/0
SRE700(config)#central-manager address cm.waas.bnelab.cisco.com
SRE700(config)#cms enable
Registering WAAS Application Engine...
Sending device registration request to Central Manager with address
10.42.40.1
Please wait, initializing CMS tables
Successfully initialized CMS tables
Registration complete.
Please preserve running configuration using 'copy running-config startupconfig'. Otherwise management service will not be started on reload and node
will be shown 'offline' in WAAS Central Manager UI.
management services enabled
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
40
Deploying WAAS on SRE
Save and Check CMS
 Save the config and check if CMS is running
SRE700(config)#exit
SRE700#wr mem
SRE700#sho cms info
Device registration information :
Device Id
Device registered as
Current WAAS Central Manager
Registered with WAAS Central Manager
=
=
=
=
4206
WAAS Application Engine
10.42.40.1
10.42.40.1
CMS services information :
Service cms_ce is running
 Next step would be configuring WCCP on SRE and ISR
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
41
Deploying Virtual WAAS (vWAAS)
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
42
Deploying vWAAS
Cloud-Ready Optimisation
Cisco vWAAS
Cisco vWAAS
WAN
WAAS Mobile Server
Internet
Private Cloud
Public Cloud
Mobile
Users
WAAS Mobile
Client
Key Requirements
WAAS
Benefits
Branch
Differentiators

On demand deployment with
elastic scalability
 On-demand orchestration of WAN
optimization

Policy based provisioning with
Cisco Nexus 1000V

Minimal network configuration

Rapid creation of WAN
Optimisation Service

VM mobility awareness
 Increased availability with SAN
based storage

Transparent deployment w/
WCCP

Multi-tenant deployment
Presentation_ID
 Lower OPEX for Cloud Migration
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
43
Deploying Virtual WAAS
Interception at Core or Access
vWAAS vWAAS vWAAS
WAN
-
Multiple vWAAS VMs can be clustered in
same WCCP cluster.
-
Both physical and virtual WAE can be part
of same cluster
VMWare ESX/ESXi
WCCP
UCS /x86 Server
 Access Interception w/ vPath
Cat6K/N7K
Nexus 2K/5K
Nexus 1000V /VN-Link
vPATH
UCS Compute/
Physical
servers
Presentation_ID
 Core Interception w/ WCCP
UCS Compute/
Virtualized Servers
© 2011 Cisco and/or its affiliates. All rights reserved.
-
Interception based on port-profile policy
configured in Nexus 1000v
-
Bidirectional Interception - (no IN/OUT
configuration)
-
Pass-through traffic automatic bypass
ESX/ESXi with N1000v
UCS /x86 Server
Cisco Public
44
Deploying Virtual WAAS
Installation Prerequisites
 vWAAS is provided as a Virtual Appliance in OVF File
–Prepackaged with disk, memory, CPU, NIC‟s and other VMWare related
configuration
–vWAAS-750, 6000, 12000
–vCM-100N, 2000N
 VMware ESX/ESXi 4.0+ hypervisor
 VMware vCenter server & vSphere client 4.x
 Cisco UCS or other x86 Server
-Server hardware should 64 bit CPU & be on the VMware Compatibility List
(HCL)
- Ensure Intel VT is enabled in the host‟s BIOS
 Nexus 1000v version 4.2(1)SV1(4) (for vPATH Interception)
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
45
Deploying Virtual WAAS
Installation
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
46
Deploying Virtual WAAS
Installation
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
47
Deploying Virtual WAAS
Installation
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
48
Deploying Virtual WAAS
Vmware vSphere – Summary Display
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
49
Deploying Virtual WAAS
vWAAS Configuration steps
 Configuration is the same as for a normal
WAAS Device
 Connect to the Console through vCenter
 Use of Setup Wizard is recommended
 Some differences you will notice
–Interface “virtual 1/0”
–Interception “other” (for vPATH)
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
50
Deploying WAAS Express
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
51
Deploying WAAS Express
Introduction
 An IOS-based WAN optimisation solution
for the ISR G2 Platform
–Integrates WAN Optimisation functionality
natively into Cisco IOS via a feature license.
–Interoperable with existing Cisco WAE appliance
/ module product range
–Managed by WAAS Central Manager
–Supported on ISR-G2 platforms.
–Increase available bandwidth to small/medium
branch sites
Data Center
WAAS Appliances WAAS CM
WAN
ISR G2
Branch Office
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
WAAS
Express
52
Deploying WAAS Express
Requirements
 Maximum router memory is required
 Minimum IOS version 15.1(2)T
 WAAS Express is configured on the WAN interface
 No intercept configuration like WCCP is necessary
 WAAS Express uses CPL for configuration
–- Configuration via global policy-map and parameter-map
–- Default built-in policy is applied to running-config
–- Default Policy is the same as Cisco WAAS default policy
(Except for non-supported features e.g. AO)
 Natively interoperates with Cisco IOS® features
- Standard IP Routing
- IP ACL
- Flexible Netflow
Presentation_ID
- QoS
- Crypto VPN Technology
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
- IOS Firewall
- NAT
53
Deploying WAAS Express
Configuration
ISR-G2
WAN
Branch Office
WAAS
Express
router (config-if)# waas enable
Router#configure terminal
Router(config)#interface <wan-interface-name>
Router(config-if)#waas enable
 Simple one command configuration
 End User License Agreement is displayed for Trial licenses the first time WAAS
Express is enabled
 Router should be configured to as HTTP secure-server
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
54
Deploying WAAS Express
Default Configuration (Snippet)
parameter-map type waas waas_global
tfo optimize full
tfo auto-discovery blacklist enable
lz entropy-check
!
class-map type waas match-any CIFS
match tcp destination port 139
match tcp destination port 445
class-map type waas match-any FTP-Control
match tcp destination port 21
class-map type waas match-any FTP-Data
match tcp source port 20
…
class-map type waas match-any waas-default
match tcp any
!
policy-map type waas waas_global
class CIFS
optimize tfo dre lz application WAFS
class FTP-Control
passthrough application File-Transfer
class FTP-Data
optimize tfo dre lz application File-Transfer
....
class waas-default
optimize tfo dre lz application waas-default
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
55
Deploying WAAS AO‟s
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
56
Deploying WAAS AO’s
Configuring Licenses








License managed at device level
License name is case sensitive
Transport includes DRE/LZ/TFO
Enterprise includes NFS, HTTP, SSL, CIFS,
MAPI, Print (and DRE/TFO/LZ)
Video requires Enterprise
Virtual Blade requires Enterprise
CM requires Enterprise
CLI commands
#show license
License Name
Status
--------------
----------- --------------- --------------
Activation Date Activated By
Transport
not active
Enterprise
active
Video
not active
Virtual-Blade
not active
03/20/2008
admin
#license add Video
#show license
License Name
Status
--------------
----------- --------------- --------------
Activation Date Activated By
Transport
not active
Enterprise
active
03/20/2008
admin
Video
active
04/01/2008
admin
Virtual-Blade
not active
–show license
–license add <license-name>
–clear license
–clear license <license-name>
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
57
Deploying WAAS AO’s
Configuration
1.
2.
3.
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Go To AllDevicesGroup
Globally enable WAAS
Accelerators
Enable Blacklist if firewalls
upstream from core drop
SYN packets with options
else disable
58
Deploying WAAS AO’s
SSL Optimisation
 Core WAE acts as a Trusted Intermediary Node for SSL requests by client
 Private Key and Server Certificate are stored on the Core WAE device
 Core WAE participates in SSL Handshake to derive “session key”
 Distributes the “session key” securely in-band to the Edge WAE over the established
connection between the Edge WAE and Core WAE
Edge WAE
Client
Send “session key”
Core WAE
Transparent
Secure Channel
SSL Handshake
SSL Handshake
Server
WAN
Original Data - Encrypted
Optimized & Encrypted
SSL Session Client to Core WAE (WAAS)
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Original Data - Encrypted
SSL Session Core WAE to Server
- Core WAE: Server Private Key
59
Deploying WAAS AO’s
HTTP Optimisation with SSL
Advanced HTTP Parser
Cache HTTP Meta Data
Mitigate
Latency
Local HTTP
Freshness
Response
Presentation_ID
Local HTTP
Redirect
Response
Send DRE Hints
Mitigate
Latency
Local HTTP
Auth-needed
Response
© 2011 Cisco and/or its affiliates. All rights reserved.
Modify
Compression
Directive
DRE
Flush
Stream
Cisco Public
Improve
Performance
DRE Skip
Bytes
DRE
Skip
LZ
Improve Perf.
Offload
Server
Disables
Server
Compression
60
Deploying WAAS AO’s
HTTP/HTTPS AO Configuration
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
61
Deploying WAAS AO’s
Central Manager Secure Store for SSL
 CM‟s secure store keeps all imported host
and accelerated SSL certificates and
private keys
 Certificates and private keys encrypted
with user pass-phrase:
–When secure store is being initialized first time
(initialization)
–After CM device reloads to open secure store
(opening)
 CM secure store must be open to synchronize
configuration between SSL capable CM and
WAEs
 Upon reboot, if CM detects the secure store
is initialized but not open a critical alarm
is raised
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
62
Deployment into the Network
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
63
WAAS Inline Deployment
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
64
WAAS Inline Deployment
Simple Transparent Inline Deployment
 Simple Plug-and-Play Deployment
–Physical in-path deployment between switch and router
Remote
Office
–Mechanical fail-to-wire upon hardware, software, or
power failure
 High Availability
–Two 2-port fail-to-wire groups with support for redundant
network paths and asymmetric routing
–Serial in-path clustering with fail-over
 Seamless Transparent Integration
–Transparency and automatic discovery
–802.1q VLAN trunking support
–Supported on all WAE appliance models
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
WAN
65
WAAS Inline Deployment
Non-Redundant Branch
g1/0
s1
1/0/LAN
e1
r1
WAN
1/0/WAN
 Router
 Engine
–Crossover cable from router to engine
–Fix speed and duplex settings for Fast
Ethernet connections
–Ensure the router and switch have
matching speed and duplex
 Switch
–Straight through cable from engine to
switch
–Ensure the router and switch have
matching speed and duplex
–Implement portfast for faster recovery
Presentation_ID
1/1/WAN
1/1/LAN
1/0/WAN
1/0/LAN
© 2011 Cisco and/or its affiliates. All rights reserved.
–One Inline NIC per WAE appliance (cannot be
used with WCCP)
–Installed in-path between switch and router or
firewall
–Use single pair of inline ports (1/0 or 1/1)
removing RJ45 port covers
–Ports fail-to-wire upon hardware, software, or
power failure
–Support for interception 802.1q trunks
–Use Gi1/0 primary interface
Cisco Public
66
WAAS Inline Deployment
Serial Inline Cluster
Branc
h
 Support for 2 Inline Cards per WAE
– Up to 4 inline groups (8 ports)
– WAE-674, WAE-7341, WAE-7371
 Simplified HA deployment model
 HA supported by other WAE
 NEW Interception Access List
Inline
WAE
(Up to 2)
WAN1
WAN2
Dual
WAN Links
Inline
Serial
Cluster
– Bypass for non-relevant traffic
 Small and medium data centers
Data
Center
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
67
WAAS Inline Deployment
Redundant Branch Topology
WAN
WAN
WAN
WAE-DC2
WAE-DC1
WAN
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
68
WAAS Inline Deployment
Data Centre Topology
WAN
WAN
WAN
WAE-DC1
WAE-DC2
WAN
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
69
WAAS Inline Deployment
Serial Inline Cluster Best Practices
 Deploy the same platform for both devices in cluster
 Apply the same bidirectional policy/interception ACL on both devices
 Disable optimization between serial cluster devices
 Use CM to configure and manage the Serial Inline Cluster
–Automatic peer configuration
–Verify peer optimization settings are mutually configured
–Location based reporting
 Second WAE in serial inline cluster is for High Availability only.
Not supported for scaling (use WCCP instead)
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
70
WAAS WCCP Deployment
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
71
WAAS Overview
Network-Integrated Off-path Interception
 WCCPv2 Interception
–Transparent network integration and automatic
discovery
Remote
Office
–Active/active clustering supports up to 32 WAEs and
32 routers with automatic load-balancing, load
redistribution, fail-over, and fail-through operation
WAE
Cluster
–Near-linear scalability and performance improvement
when adding devices
 Policy-Based Routing Interception
–Routing of flows to be optimized through a Cisco WAE
as a next-hop router
–Active/passive clustering provides high availability and
failover using IP SLA as a tracking mechanism
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
WAN
72
WAAS WCCP Deployment
WCCP Functions
Intercept
R1
Assign
C1
Redirect
S1
E1
Return/Egress
 Intercept – Identify packets for WCCP processing (in or out)
 Assign – Select the WAE
 Redirect – Router sends the packet to the WAE
 Return – WAE sends the packet back to the router
 Egress – WAE may ignore WCCP negotiated return by using another
return method like IP forwarding (routing) or generic GRE
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
73
WAAS WCCP Deployment
Redirect List
 Permit all applications
but deny specific protocols
ip access-list extended waas
remark WAAS WCCP Redirect List
deny tcp any any eq telnet
deny tcp any any eq 22
deny tcp any any eq 161
deny tcp any any eq 162
deny tcp any any eq 123
deny tcp any any eq bgp
deny tcp any any eq tacacs
deny tcp any any eq 2000
! Reverse Direction
deny tcp any eq telnet any
deny tcp any eq 22 any
deny tcp any eq 161 any
deny tcp any eq 162 any
deny tcp any eq 123 any
deny tcp any eq bgp any
deny tcp any eq tacacs any
deny tcp any eq 2000 any
!
! Below optional per branch in pilot
permit tcp any <<branch subnet>>
permit tcp <<branch subnet>> any
deny tcp any any
–Avoid redirection of management
traffic with a universal ACL
–Apply bidirectional ACL to service
groups 61 and 62
–Create the redirect ACL before
enabling WCCP service groups 61
and 62
–Do not enable logging on WCCP
redirect ACL (performance)
 Optionally permit specific IP
subnets during PoC
 Avoid TCAM overflow on 6500
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
74
WAAS WCCP Deployment
Assignment
 Assignment (engine selection)
–Hash - Byte level XOR computation divided into 256 buckets (default)
–Mask - Bit level AND divided up to 128 buckets (7 bits)
 Branch
–DHCP allocated addressing
–Balance hosts to multiple engines 0x1 to 0x7F (or similar)
–Balancing to a single engine (mask selection is irrelevant)
 Retail Data Center
–Site /24 allocation per site
–Balance sites or engines with 0x100 to 0x7F00 (or similar)
 Enterprise Data Center
–Regional/16 allocation
–Balance regions with 0x10000 to 0x7F0000
0xF = 0000:0000.0000:0000.0000:0000.0000:1111
0xF00 = 0000:0000.0000:0000.0000:1111.0000:0000
0xF0000 = 0000:0000.0000:1111.0000:0000.0000:0000
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
75
WAAS WCCP Deployment
Redirect, Return and Egress Method
 Configured on WAE
 Dependant on design and router hardware/software
 Router WCCP Redirect (Router to WAE)
–GRE - Entire packet GRE tunneled to the engine (default)
–Layer 2 - Frame MAC address rewritten to engine MAC
 WAE WCCP Return (WAE to Router)
–WCCP GRE - Packet statefully returned router (as of 4.0.13)
–WCCP Layer 2 - Frame statefully rewritten to router MAC
 WAE Egress Method (WAE to Router)
–IP Forward - Engine ARPs for default gateway (default)
–WCCP negotiated - WCCP GRE or WCCP L2 return (L2 not yet supported in WAAS)
–Generic GRE - Stateful return in hardware to Catalyst 6500 Sup720/32 (as of WAAS 4.1)
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
76
WAAS WCCP Deployment
Platform Recommendations
Function
Nexus 7000
Software
ASR 1000
Cat 6500
Sup720/32
ISR & 7200
Cat 6500
Sup2
Cat 4500
Cat 3750
7600
Assign
Mask Only
Hash or Mask
Mask Only
Mask
Mask
Mask only
Mask only
Redirect
L2
GRE or L2
GRE or L2
GRE or L2
L2 or GRE / L2
L2 only
L2 only
Redirect List
L3/L4 ACL
Extended ACL
Extended ACL
Extended ACL
Extended ACL
No ACL
Support
Extended ACL (no
deny)
Direction
In or Out
In or Out
In only
In
In
In only
In only
Return
L2 only
GRE or L2
GRE or L2
L2
L2
L2 only
L2 only
VRFs
Supported
Supported
Planned
Planned
NA
NA
NA
IOS
4.2(6), 5.0(3)
12.1(14); 12.2(26);
12.3(13); 12.4(10);
12.1(3)T; 12.2(14)T;
12.3(14)T5;
12.4(15)T8;
2.4(2)
6500
12.1(27)E;
12.2(18)SXF14
12.2(50)SG1
12.2(46)SE
12.2(18)SXF14
12.2(33)SXH4
12.2(33)SXI2a
7600
ISR G2:
15.0(1)M
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
12.2(18)SXD1
Cisco Public
77
WAAS WCCP Deployment
WAAS Configuration
Prevent Loop!
Turn on WCCP
after configuration
Presentation_ID
wccp router-list 1 192.168.254.2
wccp tcp-promiscuous router-list-num 1
egress-method negotiated-return intercept-method wccp
wccp version 2
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
78
WAAS WCCP Deployment
Router Configuration
 Router Global Configuration
Router(config)# ip cef
Router(config)# ip wccp 61 <optional-redirect-list acl-name>
Router(config)# ip wccp 62 <optional-redirect-list acl-name>
Router(config)# ip wccp version 2
 Router Interface Configuration
Router(config-if)# ip wccp 61 redirect <in|out>
Determined by
topology
Router(config-if)# ip wccp 62 redirect <in|out>
Router(config-if)# ip wccp redirect exclude in
Src Balance 61
A
62 Dst Balance
A
B
C
e1
e2
B
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
79
WAAS WCCP Deployment
Verifying Operation
dc1-rtr1#show ip wccp
Global WCCP information:
Router information:
Router Identifier:
Protocol Version:
10.1.3.254
2.0
Service Identifier: 61
Number of Cache Engines:
1
Number of routers:
1
Total Packets Redirected:
1954820
Process:
474
Fast:
0
CEF:
1954346
Redirect access-list:
-none............................................
Service Identifier: 62
Number of Cache Engines:
1
Number of routers:
1
Total Packets Redirected:
581196
Process:
107
Fast:
0
CEF:
581089
Redirect access-list:
-none............................................
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
dc1-wae1#show wccp routers
Router Information for Service: TCP Promiscuous 61
Routers Configured and Seeing this Engine(1)
Router Id
Sent To
Recv ID
10.1.3.254
10.1.2.254
0001CD80
Routers not Seeing this File Engine
-NONERouters Notified of but not Configured
-NONE-
Router Information for Service: TCP Promiscuous 62
Routers Configured and Seeing this Engine(1)
Router Id
Sent To
Recv ID
10.1.3.254
10.1.2.254
0001CD7C
Routers not Seeing this File Engine
-NONERouters Notified of but not Configured
-NONEdc1-wae1#show wccp gre
Transparent GRE packets received:
Transparent non-GRE packets received:
Transparent non-GRE non-WCCP packets received:
Total packets accepted:
Packets sent back to router:
GRE packets sent to router (not bypass):
Packets sent to another WAE:
Packets received with client IP addresses:
Cisco Public
105587
0
0
100152
0
52222
0
100152
80
WAAS WCCP Deployment
Branch Options
A/24
A/24
h1
g0
s0
62
61
WAN
h1
61
g0
s0
Si
62
WAN
sm1/0
h2
h2
SRE-700
Router
ip wccp 61
ip wccp 62
interface g0
ip wccp 61 redirect in
interface s0
ip wccp 62 redirect in
Router
ip wccp 61
ip wccp 62
interface g0
ip wccp 61 redirect in
interface s0
ip wccp 62 redirect in
WAE
wccp router-list 1 10.1.1.254
wccp tcp-promiscuous router-list-num 1
egress-method negotiated-return intercept-method
wccp
wccp version 2
WAE
wccp router-list 1 10.1.1.254
wccp tcp promiscuous router-list 1 l2-redirect
mask-assign
wccp tcp-promiscuous mask src-ip-mask 0xF
wccp version 2
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
81
WAAS WCCP Deployment
Shared WAE’s within Distribution Layer
 WAE with Interface Standby (N+1 Redundancy)
–Registration – r1/r2 interface IP
–Assignment – Mask
–Redirect – WCCP GRE
–Return/Egress - IP Forwarding, generic GRE (6500), or WCCP
GRE (ASR)
–Network
•Engines on shared subnet between r1 and r2
•Interface VLAN inter-core link with no WCCP
WAN
e1
e2
e3
e4
61
r1
61
Si
Si
62\
r2
62
 WAE with Single Interface or EtherChannel
–Registration – Loopback IP
–Assignment – Mask
–Redirect – WCCP GRE
–Return/Egress - IP forward or generic GRE
–Network
•Engines on dedicated subnets
(no interface standby)
•Routed interface link (r1-r2) with no WCCP
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
WAN
e1
e2
r1
61
61
Si
Si
62
62
r2
WCCP Registration
e3
e4
82
WAAS WCCP Deployment
Shared WAE’s at WAN Edge
WAN
e1
e2
 Local WAE Redirect and Return
–Registration –r1/r2 interface IP
–Software platform (7200/ISR)
•Assignment – Hash
•Redirect - WCCP GRE
•Return/Egress – WCCP GRE or IP forward
–Hardware Plaftorm (6500/PFC3 or ASR)
•Assignment – Mask
•Redirect – WCCP GRE
•Return/Egress – Generic GRE (6500), WCCP GRE
(ASR), or IP forward return
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
61
62
62
Si
Si
61
r1
 Remote WAE GRE Redirect and Return
–Registration – Remote r1/r2 loopback IP
–Assignment – Hash (7200/ISR) or mask (6500/ASR)
–Redirect - WCCP GRE
–Return/Egress - WCCP GRE (ASR/7200/ISR) or Generic
GRE (6500)
61
r1
WAN
61
62
62
Si
Si
r2
r2
e1
e2
WCCP Registration
83
Dual Data Centre
Asymmetric Routing Condition
 Condition
–Branch route summarization
–Connections sent to DC-A when application
resides in DC-B
–SYN and SYN/ACK not seen by same WAE
0.0.0.0
 Solutions
–Advertise summary route for each data center
to eliminate asymmetric routing
Si
Si
Si
Si
–WAE in server farm distribution with WCCP or
ACE
–WAE cross registers with WAN edge or
distribution routers in both data centers
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
DC-A
DC-B
84
Dual Data Centre
Asymmetric Routing Solutions
61
62
Si
Si
61
62
62
Si
Si
61
61
62
62
 WAE in server farm
 Distribution with WCCP or vPath
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Si
62
61
61
62
62
Si
Si
Si
 WAE cross registers with WAN
edge or distribution routers in both
data centers
Cisco Public
85
WAAS WCCP Deployment
Configuration Best Practices
 Registration
–Do NOT use a virtual gateway address (HSRP, VRRP, GLBP)
–Use interface IP address if L2 adjacent to WCCP router
–Use highest loopback address if not L2 adjacent to WCCP router
–Do not configure large MTU (>1500 bytes) on WCCP client interfaces
 Software Platforms
–GRE Forwarding (Default)
–Hash Assignment (Default)
–Inbound Interception
–"ip wccp redirect exclude in" on WCCP client interface (outbound interception only)
–WAAS Egress Method: IP Forwarding
 Hardware Platform
–L2 Forwarding
–Mask Assignment [ Since 4.2.1 the default mask is changed to 0xF00 from 0x1741 ]
–Inbound Interception
–Do not use "ip wccp redirect exclude in”
–WAAS Egress Method: IP Forwarding, Generic GRE (Cat6k PFC-based systems only)
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
86
WAAS vPath Deployment
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
87
vWAAS vPath Deployment
Introduction to vPath
 Intelligence build into Virtual Ethernet Module (VEM) of N1000V
 vPath has following main functions:
 Intelligent Traffic interception for vWAAS
 Offload the processing of Pass-through traffic from vWAAS
 ARP based health check
 Maintain Flow entry table
Cisco UCS x86 Server
vWAAS
Cisco UCS x86 Server
WebServer 1
App
Server
VM
VM
vPath
Nexus 1000V
VMware ESXi Server
WebvWAAS Server 1
Add New WebServer Virtual
Machine (VM)
vWAAS Optimized VM
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
VM
WebApp
Server 2 Server
VM
VM
NEW
vPath
Nexus 1000V
VMware ESXi Server
Non Optimized VM
Cisco Public
88
vWAAS vPath Deployment
Port-Profile Configuration
Port-Profile
Port-group
Network Admin view
vPATH interception
Nexus 1000v VSM
Server Admin view
vSphere client
Presentation_ID
Attach Opt-port-profile
to server VMs
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
89
WAAS Sizing Guidelines
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
90
WAAS Sizing Guidelines
Platform Performance (4.3)
Capacity
SRE700
SRE90
0
WAVE
-274
WAE474
WAE574-3GB
WAE574-6GB
WAE674-4GB
WAE674-8GB
WAE6748GB+VB
WAE-7341
WAE-7371
WAN Bandwidth (Mbps)
20
50
2
4
8
20
45
90
90
310
1000
Optimized TCP Connections
500
400
200
400
750
1300
2000
6000
4000
Optimized Throughput (Mbps)
150
250
90
90
100
150
250
350
Total Disk Capacity (GB)
500
500
250
250
500
500
600
DRE Disk Capacity (GB)
120
120
40
60
80
120
CIFS Disk Capacity (GB)
120
120
120
120
120
Maximum LAN Video Streams
200
200
40
80
Virtual Blades Supported
2
Total Virtual Blade Disk
Capacity
30
12000
50000
9000/3000*
12000/28000*
350
800
1500
600
600
900
1500
120
320
150
500
1000
120
120
120
120
230
230
150
300
400
1000
600
1000
1000
2
2
6
2
6
30
60
175
120
200
35
70
100
200
200
1400
2800
500
1000
1500
1500
2000
Core Fan Out
CM Managed Devices
125
250
* SSL connections / TCP connections
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
91
WAAS Sizing Guidelines
WAAS Express Recommendations
Total DRAM
Required
Maximum WAN
bandwidth Supported
Recommended
Number of Users
Max TCP Connections
89x
768 M
2 Mbps
1-10
75
1941
2.5 G
4 Mbps
15-20
150
2901
2.5 G
6 Mbps
15-20
150
2911
2.5 G
6 Mbps
25
200
2921
2.5 G
6 Mbps
25
200
2951
4G
6 Mbps
25
200
3925
4G
10 Mbps
50
500
3945
4G
10 Mbps
50
500
Platform
 WAAS Express requires maximum DRAM installed as indicated
 Typical Interfaces – 3G, T1, E1, Multi T1s, Multi E1s, and Serial
 Performance Testing Conducted with IOS FW, VPN (IPsec), NAT, and, QoS
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
92
WAAS Sizing Guidelines
vWAAS
Branch/Sm
all DC
BRANCH
750
Medium DC
Small-DC
6000
Large DC
Medium-DC
12000
vCM-Small
vCM-Large
100
2000
(Max Devices)
(Max Devices)
(Opt.TCP Connection)
(Opt.TCP Connection)
(Opt.TCP Connection)
Virtual Cores : 2
Memory :
4 GB
Hard Disk: 250 GB
Virtual Cores: 4
Memory :
8 GB
Hard Disk: 500 GB
Virtual Cores: 4
Memory :
12 GB
Hard Disk: 750 GB
Virtual Cores : 2
Memory :
2 GB
Hard Disk: 250 GB
Virtual Cores: 4
Memory :
8 GB
Hard Disk: 600 GB
Modeled after 574
Modeled after 674
Modeled after 7341
Modeled after 274
Modeled after 674
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
93
Closure
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
94
Closure
Remember Guidelines
 Remember...
–Use CM Configuration Groups
–Monitor Router/Switch CPU load after implementing WCCP
–Beware of Routing Loops with WCCP
–Follow recommended order of operations
–Fix Line-rate and Duplex on Fast Ethernet networks
–Use of Port-Fast where appropriate
–Usage of DNS and NTP is recommended
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
95
Complete Your Online Session Evaluation
Complete your session evaluation:
 Directly from your mobile device by visiting
www.ciscoliveaustralia.com/mobile and login
by entering your badge ID (located on the
front of your badge)
 Visit one of the Cisco Live internet stations
located throughout the venue
 Open a browser on your own computer to
access the Cisco Live onsite portal
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
96
Backup Slides
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
98
WAAS Mobile
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
99
WAAS Overview
WAAS Mobile
1. Client/Server Architecture
2. What It Does
• Accelerates Application
Performance over Challenged
Mobile or Remote Connections
WAN
WAAS
Mobile Client
WAAS
Mobile Server
Web, File &
App Servers
• Installs on Windows Desktop
3. Why It‟s Better
 Designed for Mobile & Remote Users
Purpose Built for the
Windows PC/Laptop
 Optimized for Diverse Challenged Networks
Industry-leading Performance
 Highest performance over mobile and SOHO networks
 Complements WAAS Appliance as Complete Acceleration Solution
 Scalable, Fault Resilient, Manageable, Interoperable
 Best reliability, stability and troubleshooting tools reduce cost of support
Lowest TCO
 Centralized policy based management reduces deployment and support cost
 Integration with software distribution tools reduces deployment costs
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
100
WAAS Mobile
Architecture
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
101
WAAS Mobile
Acceleration Matrix
WAAS Mobile
Acceleration Feature
Application
Application
Protocol
Optimization
Transport
Optimization
Delta Compression
Supported Windows
Client Platforms
Persistent
Sessions
Signed
SMB
Window 7
(64/32-bit)
Vista (64/
32-bit)
XP
Web Browsing
(HTTP)
Secure Web Browsing
(HTTPS)
Windows File Shares
(CIFS/SMB)
Outlook/Exchange
(MAPI)
E-mail
(POP3/SMTP)
File Transfer
(FTP)
Other Applications
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
102
WAAS Mobile
Network Setup
Data Center 1
Data Center 2
WAAS Mobile
Server
WAAS Mobile
Server
Intranet
Application
Servers
Remote
Access
VPN
Application
Servers
Small Office
Internet
Mobile users connect
through VPN to multiple
WAAS Mobile Servers
Cisco WAAS
Mobile Client
Cisco WAAS
Mobile Clients
Workers in small offices
may connect to multiple
WAAS Mobile Servers
Simultaneously
accelerate traffic to applications
hosted in multiple data centers
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Presentation_ID
103
WAAS Mobile
Client – Server Data Flow
WAAS Mobile Client
Accelerated
Applications
CIFS SMB
Other
Applications
WAAS Mobile Server
TCP
Intercept/Redirect (TDI driver)
Control
Intercept/Redirect (TDI driver)
TCP
Acceleration Process
TCP 1182
Data
TCP
Acceleration Process
TCP
UDP 1182
 WAAS Mobile Client proxies all accelerated TCP traffic and
sends it via UDP port 1182 to the WAAS Mobile Server
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
104
Cisco WAAS Mobile Scalability
 Scale up to handle maximum throughput of any data center
• Up to 10,000 concurrent users per Cisco WAAS Mobile server
• Multiple Cisco WAAS Mobile Servers can be aggregated into Cisco
WAAS Mobile server farms for load balanced, redundant capacity
 Scale out to handle multiple data centers
• Cisco WAAS Mobile server farms hosted at multiple data centers provide
acceleration for any worker to any application
 Scalable Cisco WAAS Mobile Manager data flow
• Manager communicates with Cisco WAAS Mobile worker servers
• Worker servers communicate with Cisco WAAS Mobile clients
• A single Cisco WAAS Mobile Manager can manage hundreds of servers
and hundreds of thousands of clients
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
105
WAAS Mobile Management
Central WAAS Mobile Manager
 Highly scalable
• Manage hundreds of Cisco WAAS Mobile servers or just a single server
• Manage hundreds of thousands of end users from a single user interface
 Total system visibility
• View performance at system level, or drill down to a server farm, a single
server, a group of end users, or a single user
 Consolidated end-user management and monitoring
• Visibility into the performance and status of accelerated traffic by application
and path for any end user from the Cisco WAAS Mobile Manager
 Highly available
• Central manager not required to be operational for acceleration services to be
operational.
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
106
Cisco WAAS Mobile Management:
Manage All Clients Centrally
 View all clients from the central console and filter to
find the user or set of users of interest
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
107
Enterprise Deployment Considerations
High Availability
 To provide high availability and capacity within a data center
• Multiple Cisco WAAS Mobile servers in a data center may be configured to be
members of a Cisco WAAS Mobile server farm
• Traffic load is automatically balanced across the servers in a server farm
– Initial access is random
– On subsequent access, client attempts to connect to previous server. If unable, tries
another server in the same farm
 To provide high availability in the event of a data center outage
• Cisco WAAS Mobile server farms may be located at backup data centers
• When clients are unable to connect to the primary server farm, they will
automatically attempt to connect to backup server farms
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
108
Enterprise Deployment Considerations
Manageability
 Software installation
• Client profiles are packaged as executable .msi files
 Software upgrades
• Automatic upgrade and downgrade
 Configuration updates
• Automatic updates
 Policy‐based management
• Separate configuration profiles for different user groups
• Optional Active Directory group policies
 Central monitoring console
• Graphical displays of acceleration and traffic breakdown
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
109
Enterprise Deployment Considerations
Architecture Scalability
 Highly scalable storage system
• Each file or data sequence is only stored once
• Single instance of a file or data sequence is shared with all users
 Highly efficient memory utilization
• Uses only 2 MB of server RAM for each simultaneous active download
• 1000:1 disk to RAM ratio for search index supports deep histories
 Scalable CPU utilization
• Multi‐threaded architecture makes efficient use of multi‐core CPUs
 Optimized disk utilization
• Employs a dynamic disk seek algorithm that optimizes throughput under high load by
dynamically trading off acceleration gain vs disk activity to mitigate thrashing
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
110
Cisco WAAS Mobile
Server Configurations
 Cisco WAAS Mobile is deployable on bare metal server
or as virtual machine
 For 5-10 user evaluations:
Minimum Configuration
CPU
1.8 GHz dual core
System Memory (RAM)
2 GB
Disk Space Available for Delta Cache
5 GB
Operating System
Windows Server 2003, 2003 R2, 2008, or 2008 R2
 See Appendix A of the Cisco WAAS Mobile
Administration Guide for production server sizing and
operating system guidelines
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
111
Cisco WAAS Mobile and UCS
Industry‟s Most Scalable Mobile Acceleration
10,000 Concurrent
Cisco WAAS Mobile Clients
Cisco WAAS Mobile
Virtual Appliance
Concurrent licensing supports 30,000 –
40,000 end users
Cisco WAAS Mobile
Server
Unparalleled Throughput
Cisco UCS C-200M1
600 Mbps LAN-side
200 Mbps WAN-side
100,000 TCP connections
Evolve from hundreds to
thousands of concurrent users
Flexible Multi-Service
Platform
Co-host Cisco WAAS Mobile
with other applications
Cisco WAAS Mobile
Clients
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
112
Cisco WAAS Mobile
Client Configurations
Supported
Recommended
Minimum
750 MHz
1.5 GHz
System Memory (RAM)
512 MB
1 GB
Disk Space Available for
Cache
80 MB
1 GB
Windows XP, prior to
SP2
Windows XP SP2, Vista,
or Windows 7
CPU
Operating System
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
113
Deploying WAAS ReplicationAccelerators
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
114
Installation
Device Mode Replication-Accelerator
 Only available on the WAE-7341 and WAE7371 platforms
 Requires WAAS 4.0.19
 Accelerator optimized for
a small number of high-throughput TCP
connections
 Certified for EMC SRDF/A and NetApp
SnapMirror
 Only negotiates optimized connections with
other WAEs using the same device mode
 Reboot required (role change)
device mode replication-accelerator
hostname dc1-wae1
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address 10.1.1.31 255.255.255.0
ip default-gateway 10.1.1.254
ip name-server 10.1.1.21
central-manager address cm.allcisco.com
cms enable
Backup/Replications
WAN
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
115
Video Optimisation
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
116
Deploying WAAS AO’s
Live Video RTSP AO: Edge Splitting

Enable Video Accelerator

Windows Media 9 or later

Operates on RTSPT only

Stream Splitting occurs at the edge

Auto-discovery puts intermediate engines into
Pass Through

ACNS/CDS origin configured with „wmt disallowclient-protocols rtspu mmsu‟ to force TCP use

Option to TCP optimize or drop unaccelerated streams

Support for Windows Media Logs
WAN
WAAS
ACNS
Presentation_ID
© 2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Live Video Source
117