Embed Size (px)
Citation preview
WAAS Express Deployment Guide 1 Introduction............................................................................................................................1 2 Hardware and Software Requirements ...............................................................................1 3 WAAS Express Sizing Guidelines........................................................................................1 4 WAAS Express License Installation ....................................................................................2 5 Enable WAAS Express ..........................................................................................................3 6 Enable WAAS Express to be monitored by WAAS Central Manager ...............................5 7 Validating the Connection Optimization ...........................................................................13 8 View the Optimization Statistics on WAAS Central Manager .........................................17 9 WAAS Express Use Cases and Solution Integration .......................................................17 10 References ...........................................................................................................................17
WAAS Express Deployment Guide
1 | P a g e
1 Introduction
Cisco WAAS Express extends the Cisco WAAS product portfolio, with a small-footprint, cost-effective IOS-based software solution integrated into the ISR G2 to offer bandwidth optimization and application acceleration capabilities. Cisco WAAS Express increases remote user productivity, reduces WAN bandwidth costs, and offers investment protection by interoperating with existing Cisco WAAS infrastructure. Cisco WAAS Express is unique in providing network transparency, improving deployment flexibility with on-demand service enablement, and integrating with native IOS-based services such as security, Netflow, and QoS. Cisco WAAS Express is fully interoperable with WAAS on SM-SRE modules, WAAS appliances and can be managed by a common WAAS Central Manager. This document describes the necessary steps to enable WAAS Express feature on the branch router and to register WAAS Express router to be managed by WAAS Central Manager. For simplicity, this document assumes a basic private WAN using Serial link on the WAAS Express router. For specific WAAS appliance deployment configuration s (inline, redirect – PBR or WCCP), please consult WAAS appliance configuration guide in the reference section.
2 Hardware and Software Requirements • WAAS appliance running WAAS software 4.2.1 or later • WAAS Central Manager running WAAS software 4.3 or later • WAAS Express
o ISR-G2 (1941, 29xx, 39xx) with maximum DRAM o WAAS Express feature license file o IOS version 15.1(2)T2 or later
3 WAAS Express Sizing Guidelines A number of factors are taken into consideration to provide recommended sizing guidelines, such as number of users, number of TCP connections, WAN link capacity, traffic profile and compression ratio. The recommended sizing assumes each user generates ~10 TCP connections. Typical user behaviors assumed that all TCP connections are not active transferring the same data all the time, thereby produce the data redundancy that is around 2-4x. The recommended sizing also assumes that Firewall, VPN, NAT, and QoS are configured.
WAAS Express Deployment Guide
2 | P a g e
Platform Recommended Number
of Users TCP Connections Maximum WAN
Bandwidth Supported 1941 15-20 150 4 Mbps 2901 15-20 150 6 Mbps 2911 25 200 6 Mbps 2921 25 200 6 Mbps 2951 25 200 6 Mbps 3925 50 500 10 Mbps 3945 50 500 10 Mbps
4 WAAS Express License Installation For WAAS Express router bundle, WAAS Express license is pre-installed from the factory. This step only applies if WAAS Express license is purchased as an add-on or upgrade.
4.1 Checking for WAAS Express license file You can use the command show license detail WAAS_Express to view the current license. If the router already has WAAS Express license installed, the output looks similar to below. If your router already has license installed, you can skip to step 4 – Enable WAAS Express. Router#show license detail WAAS_Express Index: 1 Feature: WAAS_Express Version: 1.0 License Type: Permanent License State: Active, Not in Use License Count: Non-Counted License Priority: Medium Store Index: 6 Store Name: Primary License Storage
4.2 How to Obtain License File A PAK will be provided after you purchase the WAAS Express license. At time of placing order, you can choose the PAK to be mailed to you or electronically mailed. Collect the output of show license udi command. Note the PID (Product ID) and SN (Serial number). Router#show license udi Device# PID SN UDI ----------------------------------------------------------------------------- *0 CISCO2911/K9 FHH122500AZ CISCO2911/K9:FHH122500AZ
Visit the Cisco License Activation Portal (http://www.cisco.com/go/license) and enter the PAK, Product ID, and Serial Number information, along with your contact e-mail address. A license file will be generated and e-mail to you.
4.3 Install WAAS Express License Once you have the license file, you need to install the license on the router by first copy the license file to the router. In the example below, the license file FHH122500AZ_20100811190225615.lic is stored on the router flash. Then, invoke the license install command to install the license. Note the message 1/1 licenses were successfully installed indicates that WAAS Express license is now installed. Issue the
WAAS Express Deployment Guide
3 | P a g e
show license detail WAAS_Express command displays that the license is currently active but is not in used. Router#dir flash0:*.lic Directory of flash0:/*.lic Directory of flash0:/ 8 -rw- 1159 Aug 11 2010 16:35:00 -07:00 FHH122500AZ_20100811190225615.lic 254164992 bytes total (138383360 bytes free) Router#license install flash0:FHH122500AZ_20100811190225615.lic Installing licenses from "flash0:FHH122500AZ_20100811190225615.lic" Installing...Feature:WAAS_Express...Successful:Not Supported 1/1 licenses were successfully installed 0/1 licenses were existing licenses 0/1 licenses were failed to install Router#show license detail WAAS_Express Index: 1 Feature: WAAS_Express Version: 1.0 License Type: Permanent License State: Active, Not in Use License Count: Non-Counted License Priority: Medium Store Index: 6 Store Name: Primary License Storage
5 Enable WAAS Express WAAS Express is designed to be enabled with just a single configuration command. The first step is to configure the necessary addresses and routing configuration on the network. WAAS Express must be applied on the designated WAN interfaces. Under interface configuration mode, configure waas enable will enable the feature. Example below uses Serial0/2/0 as WAN interface. Router(config)#interface Serial0/2/0 Router(config-if)#waas enable Router(config-if)# Aug 10 22:02:19.920 MDT: %WAAS-6-WAAS_ENABLED: WAAS is enabled on interface Serial0/2/0
Note: If using sub-interface or logical-interface, i.e. Serial0/2/0.1, Dialer1, Tunnel1, etc, configure waas enable under the sub-interface or logical-interface.
If the memory requirement is met and license is valid, the command will be accepted and a log message is generated to indicate the WAAS Express is enabled. Enter the command on other backup WAN interfaces that require WAAS Express to be enabled. WAAS Express utilizes Cisco C3PL similar to those used by features like QoS and Zoned-based Firewall. The first time the WAAS Express is enabled, the default policy-map, class-maps, and parameter-map will be generated. The default policy-map and parameter-maps are named waas_global. The WAAS Express related policy-map, class-map, and parameter-map are of type waas. Use the command show waas status to show the interfaces that have WAAS Express turned on, along with license type, maximum number of flows supported by the platform, total active and optimized connections. Router#show waas status
WAAS Express Deployment Guide
4 | P a g e
WAAS Enabled Interface Policy Map Serial0/2/0 waas_global WAAS Feature License License Type: Permanent Maximum Flows : 200 Total Active connections : 0 Total optimized connections : 0
Now, the show license detail WAAS_Express shows that the license is in used. Router#show license detail WAAS_Express Index: 1 Feature: WAAS_Express Version: 1.0 License Type: Permanent License State: Active, In Use Lock type: Node locked Vendor info: <UDI><PID>CISCO881W-GN-A-K9</PID><SN>FTX1239Y0FE</SN></UDI> License Addition: Exclusive License Generation version: 0x8100000 License Count: Non-Counted License Priority: Medium Store Index: 2 Store Name: Primary License Storage
WAAS Express Deployment Guide
5 | P a g e
6 Enable WAAS Express to be monitored by WAAS Central Manager
6.1 Configure WAAS Express Credentials on WAAS Central Manager
WAAS Central Manager has a default device group called AllWAASExpressGroup. By default, all WAAS
Express routers registering with WAAS Central Manager will be assigned to this default group. This
default group also has auto-activation policy.
On WAAS Central Manager, configure login and password credentials for WAAS Express router. This can
be done by editing the device group AllWAASExpressGroup. From the main WAAS Central Manager
page, select Manage Device Group on the left. Click on AllWAASExpresGroup to edit the device group.
WAAS Express Deployment Guide
6 | P a g e
Click on the Admin button on the bottom left corner of the Edit Device Group page.
WAAS Express Deployment Guide
7 | P a g e
Enter the username and password that are the same as what will be configured on WAAS Express router. In the example below, both username and password are waasexpress.
6.2 Install Trusted Certificate to authenticate WAAS Central Manager WAAS Express registers with WAAS Central Manager using HTTPS over port 8443. Once registration is successful, WAAS Central Manager polls the information from WAAS Express router using XML PI through HTTPS server running the WAAS Express router (port 443). In order for WAAS Express to establish HTTPS with the WAAS Central Manager during registration, it needs to first trust the self-signed certificate presented by WAAS Central Manager. This can be done by configuring certificate trust-point and import WAAS Central Manager’s certificate. On the WAAS Central Manager console, use command show crypto certificate-detail admin to display its self-signed certificate. The output is in PEM format. Make a copy of the output highlighted in red below. Central_Manager#show crypto certificate-detail admin Bag Attributes localKeyID: 8D AB 61 85 7B 95 FC 4C 34 FD AC DC A8 F2 B1 A4 80 74 70 9B Certificate: Data: Version: 3 (0x2) Serial Number: 2000021192 (0x7735e6c8) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=California, L=San Jose, OU=CNBU, O=Cisco Systems, Inc, CN=Central_Manager Validity Not Before: Nov 13 06:56:02 2009 GMT Not After : Nov 12 06:56:02 2014 GMT Subject: C=US, ST=California, L=San Jose, OU=CNBU, O=Cisco Systems, Inc,
WAAS Express Deployment Guide
8 | P a g e
CN=Central_Manager Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b4:5e:3a:77:52:5a:5d:d3:35:36:fa:2a:98:c7: e5:cb:19:18:b4:30:9d:50:49:55:7e:99:18:0b:67: c2:53:6f:01:12:9f:b0:e3:20:1a:c4:3f:e5:dd:6a: 34:7a:79:02:40:5e:77:e4:cb:f4:71:2a:64:d0:76: 05:1b:c0:48:6e:25:ae:fe:4e:23:b4:a4:f8:aa:1d: 39:e5:ac:3a:6a:81:aa:cd:c7:83:52:19:01:90:e7: 7d:99:37:6c:6b:67:7b:5f:e4:e3:46:18:20:ce:a2: 5f:d2:a1:6e:c4:20:2f:63:61:44:e9:c4:ac:05:2c: ee:62:2d:ba:56:f5:d4:44:97 Exponent: 65537 (0x10001) Signature Algorithm: sha1WithRSAEncryption 97:94:c6:57:c6:f0:dc:2f:5b:33:b7:80:ed:61:a9:4f:e8:0c: b6:ca:41:53:24:25:07:5c:d7:c3:22:ca:6c:92:7e:dd:f4:44: 5a:e1:0a:e5:03:c9:24:e8:c7:5d:ad:19:6a:59:d4:9d:64:20: 61:a8:35:a9:fb:d4:1b:3f:4a:0e:71:27:b3:5a:61:3d:0f:68: fa:4e:01:ee:0d:3f:1a:ed:0b:41:e2:6b:37:f8:d9:46:47:b8: 30:45:82:84:41:cf:f9:3c:18:f6:7a:1b:0a:fa:64:26:ea:df: 13:af:f3:60:9d:46:46:30:a5:04:43:27:36:f1:73:97:a7:4b: 23:01 -----BEGIN CERTIFICATE----- MIICgzCCAeygAwIBAgIEdzXmyDANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMC VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ0wCwYD VQQLEwRDTkJVMRswGQYDVQQKExJDaXNjbyBTeXN0ZW1zLCBJbmMxIjAgBgNVBAMT GXJvdzUtNy13YWU1MTJiLnN0Z2lvcy5uZXQwHhcNMDkxMTEzMDY1NjAyWhcNMTQx MTEyMDY1NjAyWjCBhTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx ETAPBgNVBAcTCFNhbiBKb3NlMQ0wCwYDVQQLEwRDTkJVMRswGQYDVQQKExJDaXNj byBTeXN0ZW1zLCBJbmMxIjAgBgNVBAMTGXJvdzUtNy13YWU1MTJiLnN0Z2lvcy5u ZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALReOndSWl3TNTb6KpjH5csZ GLQwnVBJVX6ZGAtnwlNvARKfsOMgGsQ/5d1qNHp5AkBed+TL9HEqZNB2BRvASG4l rv5OI7Sk+KodOeWsOmqBqs3Hg1IZAZDnfZk3bGtne1/k40YYIM6iX9KhbsQgL2Nh ROnErAUs7mItulb11ESXAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAl5TGV8bw3C9b M7eA7WGpT+gMtspBUyQlB1zXwyLKbJJ+3fREWuEK5QPJJOjHXa0ZalnUnWQgYag1 qfvUGz9KDnEns1phPQ9o+k4B7g0/Gu0LQeJrN/jZRke4MEWChEHP+TwY9nobCvpk JurfE6/zYJ1GRjClBEMnNvFzl6dLIwE= -----END CERTIFICATE-----
Create a trust-point and import the WAAS Central Manager certificate. Example below creates a trust-point WCM_1. When asked for Enter the base 64 encoded CA certificate, paste the PEM format copied from the WAAS Central Manager output above. Router(config)#crypto pki trustpoint WCM_1 Router(ca-trustpoint)#revocation-check none Router(ca-trustpoint)#enrollment terminal pem Router(ca-trustpoint)#exit Router(config)#crypto pki authenticate WCM_1 Enter the base 64 encoded CA certificate. End with a blank line or the word "quit" on a line by itself -----BEGIN CERTIFICATE----- MIICgzCCAeygAwIBAgIEdzXmyDANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMC VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ0wCwYD VQQLEwRDTkJVMRswGQYDVQQKExJDaXNjbyBTeXN0ZW1zLCBJbmMxIjAgBgNVBAMT GXJvdzUtNy13YWU1MTJiLnN0Z2lvcy5uZXQwHhcNMDkxMTEzMDY1NjAyWhcNMTQx MTEyMDY1NjAyWjCBhTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx ETAPBgNVBAcTCFNhbiBKb3NlMQ0wCwYDVQQLEwRDTkJVMRswGQYDVQQKExJDaXNj byBTeXN0ZW1zLCBJbmMxIjAgBgNVBAMTGXJvdzUtNy13YWU1MTJiLnN0Z2lvcy5u ZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALReOndSWl3TNTb6KpjH5csZ GLQwnVBJVX6ZGAtnwlNvARKfsOMgGsQ/5d1qNHp5AkBed+TL9HEqZNB2BRvASG4l
WAAS Express Deployment Guide
9 | P a g e
rv5OI7Sk+KodOeWsOmqBqs3Hg1IZAZDnfZk3bGtne1/k40YYIM6iX9KhbsQgL2Nh ROnErAUs7mItulb11ESXAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAl5TGV8bw3C9b M7eA7WGpT+gMtspBUyQlB1zXwyLKbJJ+3fREWuEK5QPJJOjHXa0ZalnUnWQgYag1 qfvUGz9KDnEns1phPQ9o+k4B7g0/Gu0LQeJrN/jZRke4MEWChEHP+TwY9nobCvpk JurfE6/zYJ1GRjClBEMnNvFzl6dLIwE= -----END CERTIFICATE----- Certificate has the following attributes: Fingerprint MD5: 2EA6FF8F 38ABC32F 25168396 1A587F17 Fingerprint SHA1: 8DAB6185 7B95FC4C 34FDACDC A8F2B1A4 8074709B % Do you accept this certificate? [yes/no]: yes Trustpoint CA certificate accepted. % Certificate successfully imported
Make sure that WAAS Central Manager can reach the WAAS Express router IP address. If the WAAS Express address that is reachable by WAAS Central Manager is not the WAN interface, add the additional configuration to specify the source address of the HTTPS request which is used for registration to WAAS Central Manager. Below example specifies that the IP address of Loopback1000 interface is reachable by WAAS Central Manager. Router(config)#ip http client source-interface Loopback1000
6.3 Configure Persistent Trust Point and Enable HTTPS Server on WAAS Express
On the WAAS Express router, configure a persistent trust point and enroll. This example uses persistent self-signed trust point. This step is necessary even if you already have a self-signed trust-point that is auto-generated if HTTPS is enabled previously. Auto-generated self-signed trust point will be named similar to the following, TP-self-signed-xxxxxxxxxx. For more information on persistent self-signed trust point, please see reference section at the end of the document. If you already have a persistent trust point or a trusted certificate generated by CA, you can skip this step. Note: If you decide to use self-signed trust point, it is necessary that you also configure the domain name. There is currently an issue with HTTPS re-generate the self-signed certificate upon reload, and this will affect the communication with WAAS CM. Router(config)#! Configuring domain-name. This step is necessary to avoid the issue Router(config)#! With HTTPS server re-generate the certificate upon reload Router(config)#ip domain-name example.com Router(config)#crypto pki trustpoint self-signed-tp Router(ca-trustpoint)#enrollment selfsigned Router(ca-trustpoint)#! By default, RSA key size is 512 unless specify otherwise Router(ca-trustpoint)#! Key size of at least 1024 is recommended Router(ca-trustpoint)#rsakeypair self-signed 1024 Router(ca-trustpoint)#exit Router(config)#crypto pki enroll self-signed-tp The router has already generated a Self Signed Certificate for trustpoint TP-self-signed-1113751518. If you continue the existing trustpoint and Self Signed Certificate will be deleted. Do you want to continue generating a new Self Signed Certificate? [yes/no]: yes *Aug 30 15:25:31.450: %SSH-5-ENABLED: SSH 1.99 has been enabled *Aug 30 15:25:31.450: %CRYPTO-6-AUTOGEN: Generated new 1024 bit key pair % Include the router serial number in the subject name? [yes/no]: no % Include an IP address in the subject name? [no]: no Generate Self Signed Router Certificate? [yes/no]: yes
WAAS Express Deployment Guide
10 | P a g e
Router Self Signed Certificate successfully created
6.4 Enable HTTP Server and Associate the Persistent Trust Point On the WAAS Express router, enable HTTPS server by configuring ip http secure-server. Configure authentication. Note that the example below has local authentication but it is recommended that AAA server is used in deployment. Associate the newly created persistent trust point to the HTTPS server and client. Router(config)#ip http secure-server Router(config)#ip http authentication local Router(config)#! Below is needed if there are more than one trust point in the router Router(config)#ip http secure-trustpoint self-signed-tp Router(config)#ip http client secure-trustpoint self-signed-tp
Since this example use local authentication, configure the same username and password as in the WAAS Central Manager credentials. Router(config)#username waasexpress privilege 15 password waasexpress
Save the configuration before proceed.
WAAS Express Deployment Guide
11 | P a g e
6.5 Register the WAAS Express Router with WAAS Central Manager From the WAAS Express router, enter the following command in the exec mode, waas cm-register https://<waas_central_manager_address>:8443/wcm/register Router#waas cm-register https://172.30.0.33:8443/wcm/register Aug 19 19:45:48.763 MDT: %WAAS-6-WAAS_CM_REGISTER_SUCCESS: IOS-WAAS registered with Central Manager successfully
The log message indicates that the registration is successful. Now, the WAAS Express router device should show in the device list of the WAAS Central Manager. The initial state is pending.
WAAS Express Deployment Guide
12 | P a g e
At this point, WAAS Central Manager will attempt to poll WAAS Express router by connecting to HTTPS server on WAAS Express router. If the operation is successful, the status of WAAS Express router will change to active. The registration process is completed and WAAS Express router can now be managed by the WAAS Central Manager.
6.6 Other Deployment Considerations
6.6.1 Restrict Access to HTTPS Server HTTPS server with authentication is required on the WAAS Express router to communicate with WAAS Central Manager. This means anyone who knows the credentials used by WAAS Central Manager can connect to the router through HTTPS and take control of the router since user credential used by WAAS Central Manager is configured with privilege level 15. It is recommended that the HTTPS access is restricted. This can be done by using access-class configuration below. Router(config)#access-list 99 remark -- WAAS Central Manager IP -- Router(config)#access-list 99 permit <WAAS_Central_Manager_IP> Router(config)#ip http access-class 99
6.6.2 Use AAA Server for HTTPS Server Authentication and Authorization For managing large number of WAAS Express routers, it is recommended that AAA server is used for authentication and authorization and a separate login should be created for WAAS Express routers. Router(config)#aaa new-model Router(config)#aaa group server radius my_acs Router(config-sg-radius)#server-private <server_address> auth-port 1645 acct-port 1646 key <aaa_key>
WAAS Express Deployment Guide
13 | P a g e
Router(config-sg-radius)#ip radius source-interface Loopback1000 Router(config-sg-radius)#exit Router(config)#aaa authentication login http-login group my_acs Router(config)#aaa authorization exec http-author group my_acs Router(config)#ip http authentication aaa login-authentication http-login Router(config)#ip http authentication aaa exec-authorization http-author
7 Validating the Connection Optimization Now, traffic passed between WAAS Express router and WAAS appliance is subjected to the optimization per the default policy. Use command show waas connection to view the current list of optimized connections. The right most column, Accel, indicates the optimization applied of the connection, T = TFO, D = DRE, and L = LZ. PROG means connection is still being established. Router#show waas connection ConnID Source IP:Port Dest IP:Port PeerID Accel 26317 172.25.47.2 :62018 172.30.0.52 :80 0014.5e84.2a69 TLD 26294 172.25.47.2 :21829 172.30.0.52 :80 0014.5e84.2a69 TLD 26407 172.25.47.2 :24615 172.30.0.57 :110 0014.5e84.2a69 TLD 25481 172.25.47.2 :8421 172.30.0.52 :443 0014.5e84.2a69 T 26352 172.25.47.2 :12847 172.30.0.57 :110 0014.5e84.2a69 TLD 26411 172.25.47.2 :45705 172.30.0.54 :25 0014.5e84.2a69 TLD 25968 172.25.47.2 :42893 172.30.0.54 :25 0014.5e84.2a69 TLD 26198 172.25.47.2 :10585 172.30.0.52 :80 0014.5e84.2a69 TLD 26282 172.25.47.2 :53083 172.30.0.52 :80 0014.5e84.2a69 TLD 26381 172.25.47.2 :37980 172.30.0.52 :80 0014.5e84.2a69 TLD 26173 172.25.47.2 :20573 172.30.0.52 :80 0014.5e84.2a69 TLD 26361 172.25.47.2 :33939 172.30.0.54 :25 0014.5e84.2a69 TLD 26432 172.25.47.2 :20575 172.30.0.52 :80 0000.0000.0000 PROG 26412 172.25.47.2 :21599 172.30.0.52 :80 0014.5e84.2a69 TLD 26421 172.25.47.2 :54850 172.30.0.57 :110 0014.5e84.2a69 TLD 26073 172.25.47.2 :41371 172.30.0.54 :25 0014.5e84.2a69 TLD 26247 172.25.47.2 :19303 172.30.0.52 :80 0014.5e84.2a69 TLD 26331 172.25.47.2 :19306 172.30.0.52 :80 0014.5e84.2a69 TLD 26306 172.25.47.2 :32874 172.30.0.52 :80 0014.5e84.2a69 TLD 25387 172.30.4.171 :27122 172.25.47.3 :80 0014.5e84.2a69 TLD 26406 172.25.47.2 :59466 172.30.0.57 :110 0014.5e84.2a69 TLD
From the list of the connections displayed by show waas connection, the left column ConnID is the connection ID which can be used to display more information about the connection using show waas connection conn-id <connection id> detail. This output also provides the Application Name for the connection, which is Web in this example, and Classifier Name for the connection, which is HTTP. Router#show waas connection conn-id 26317 d connection ID: 26317 Peer Id: 0014.5e84.2a69 Connection Type: External Start Time: 22:16:44 MDT Aug 10 2010 Source IP Address: 172.25.47.2 Source Port Number: 62018 Destination IP Address: 172.30.0.52 Destination Port Number: 80 Application Name: Web Classifier Name: HTTP Peer Policy: TFO, LZ, DRE Configured Policy: TFO, LZ, DRE Negotiated Policy: TFO, LZ, DRE Accelerators: TFO ONLY Bytes Read Orig: 638
WAAS Express Deployment Guide
14 | P a g e
Bytes Written Orig: 305668 Bytes Read Opt: 75780 Bytes Written Opt: 816 Auto-discovery information: Orig-St E Term-St EO TFO information: TFO Frames Read: 12 TFO Frames Written: 6 LZ section Encode stats Bytes in 0 Bytes out 0 Bypass bytes 696 Compression gain 0% Avg Latency in Cef 9 usec Avg Latency in Proc 5 usec Decode stats Bytes in 75660 Bytes out 314639 Bypass bytes 0 Compression gain 75% Avg Latency in Cef 218 usec Avg Latency in Proc 84 usec DRE section Encode stats Bytes in 0 Bytes out 0 Bypass bytes 638 Compression gain 0% Avg latency 0 usec Decode stats Bytes in 255745 Bytes out 305668 Bypass bytes 0 Compression gain 16% Avg latency 462 usec Connection Status: WAN-LAN Status: Pending Data Read : 0 WAN frame completion pending (58894) Last read notification (1348) received 1768 ms ago Last write attempted 9844 ms ago Last window notification received 9844 ms ago Last attempted len : 2367 Last error : 0 Last bytes accepted: 2367 LAN-WAN Status: Pending Data Read : 0 Last read notification (107) received 11020 ms ago Last write attempted 10024 ms ago Last window notification received 23860 ms ago Last attempted len : 15 Last error : 0 Last bytes accepted: 15
From the Application Name and Classifier information, the command show waas statistics application app-name <application name> and show waas statistics class class-name <classifier> provide per application and per classifier statistics respectively.
WAAS Express Deployment Guide
15 | P a g e
Router#show waas statistics application app-name Web Application: Web TCP Data Volumes Connection Type Inbound Outbound Opt TCP Plus 833211856 208318494 Orig TCP Plus 1466327910 4070674982 Opt TCP Only 0 0 Orig TCP Only 0 0 Internal Client 0 0 Internal Server 0 0 TCP Connection Counts Connection Type Active Completed Opt TCP Plus 93 6573 Opt TCP Only 0 0 Internal Client 0 0 Internal Server 0 0 Pass Through Connection Counts Connection Type Completed PT Asymmetric 0 PT Capabilities 0 PT Intermediate 0 PT_Other 0 Connection Reset: 0
Router#show waas statistics class class-name HTTP Class HTTP TCP Data Volumes Connection Type Inbound Outbound Opt TCP Plus 835810463 208627785 Orig TCP Plus 1468510940 4083651837 Opt TCP Only 0 0 Orig TCP Only 0 0 Internal Client 0 0 Internal Server 0 0 TCP Connection Counts Connection Type Active Completed Opt TCP Plus 91 6596 Opt TCP Only 0 0 Internal Client 0 0 Internal Server 0 0 Pass Through Connection Counts Connection Type Completed PT Asymmetric 0 PT Capabilities 0 PT Intermediate 0 PT_Other 0 Connection Reset: 0
You can also display global optimization statistics using show waas statistics global command. The command displays traffic volume, number of optimized TCP connections, and the number of pass-through connections. Router#show waas statistics global TCP Data Volumes Connection Type Inbound Outbound Opt TCP Plus 1054261958 1197119478 Orig TCP Plus 3201731649 7981436893 Opt TCP Only 179907036 430639
WAAS Express Deployment Guide
16 | P a g e
Orig TCP Only 430639 179907036 Internal Client 0 0 Internal Server 0 0 TCP Connection Counts Connection Type Active Completed Opt TCP Plus 143 27145 Opt TCP Only 10 294 Internal Client 0 0 Internal Server 0 0 Pass Through Connection Counts Connection Type Completed PT Asymmetric 0 PT Capabilities 0 PT Intermediate 0 PT_Other 459 Connection Reset: 634
To see more break-down statistics of different pass-through connections, use command show waas statistics pass-through. Router#show waas statistics pass-through Pass Through Statistics: Overall: 578 No Peer: 59 Rejected due to Capabilities: 20 Rejected due to Resources: 0 Interface Application config: 496 Interface Global config: 0 Assymmetric setup: 0 Peer sync was in progress: 0 IOS WAAS is intermediate router: 0 Internal error: 0 Other end is in black list: 0 AD version mismatch: 0 Incompatable AO: 0 Connection limit exceeded: 0 AOIM peertable full: 0 Others: 3
WAAS Express Deployment Guide
17 | P a g e
8 View the Optimization Statistics on WAAS Central Manager
WAAS Central Manager can also display several optimization statistics by periodically poll WAAS Express router. This can be seen by viewing the device portal page on the WAAS Central Manager.
9 WAAS Express Use Cases and Solution Integration The following use cases are supported by WAAS Express. For detailed information on specific WAAS Express deployment scenarios, please consult WAAS Express design guides in the reference section. • Private WAN – Primary and Backup • Public WAN with VPN, Zone-based Firewall, NAT, and QoS • Medium to Large voice enabled branches with DMVPN • CVO • 3G WAN branches • Retail branches
10 References
WAAS Express Deployment Guide
18 | P a g e
As seen in this document, both CLI and WAAS Central Manager can be used to manage the WAAS Express router. WAAS Express provides a single command approach to enable the feature. Please refer to documents below for more information. • WAAS Express Product Page (http://wwwin-dev.cisco.com/artg/products/waas/) • WAAS Express FAQ (http://wwwin-dev.cisco.com/artg/products/waas/prodlit/FAQ-C67-611645-
00_WAAS-Expressv3-8-20-v3.pdf) • Cisco Software License Activation Portal (http://www.cisco.com/go/license) • WAAS appliance configuration guide: Configuring Traffic Interception
(http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v421/configuration/guide/traffic.html#wp1041400)
• Persistent self-signed certificates (http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtpsscer.html)
• WAAS Express CVO and Retail CVD (TBD) • WAAS Express medium branch CVD (TBD) • WAAS Express large branch CVD (TBD)
