View
110
Download
9
Category
Tags:
Preview:
DESCRIPTION
BRKAPP-2005
Citation preview
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Deploying Cisco WAAS Richard Schulting
WAAS CSE
rschulti@cisco.com
BRKAPP-2005
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Deploying Cisco WAAS – Agenda
• WAAS Overview
• WAAS News
• WAAS Deployment (Installation and Configuration)
‒ WAAS Central Manager
‒ WAAS Accelerator
• Application Optimizers, WAAS on SRE/UCS-E and Virtual WAAS
‒ WAAS Express
‒ WAAS Virtual Blades
• WAAS NAM VB (and others)
• Deploying WAAS Devices into the Network
‒ Inline
‒ WCCP
‒ AppNav
‒ Nexus 1000v + vPath
• WAAS Sizing Guidelines 3
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Virtualization, Cloud & BYOD create new Demands on the
Network to Deliver Applications with Higher Performance…
4
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Cisco’s Network Integrated Approach Delivers Highest
Performance for Any App, Any Device with the Lowest TCO
BYOD & VDI Cloud App Performance App Visibility
5
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Field Rumors initiated by competition…
WAAS vs. ACE: Different Results, Different Strategies
• WAAS is not ACE, developed by different Business Units inside Cisco
• Strategic decision to stop ACE development was based on sales pipeline
• WAAS is doing great, no reason to worry, WAAS is here to stay!
H1CY12 Unit Market Share- Source: Infonetics
WAAS Share In
WAN Opt
#1
ACE Share in
ADC / Load Bal.
#6
6
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
“WAAS is an essential element of Cisco’s
network-centric platform strategy, enabling key
transitions such as data center consolidation,
virtualization, cloud, virtual desktops and BYOD”
http://blogs.cisco.com/borderless/cisco-waas-setting-the-record-straight/
7
WAAS Overview
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Overview
Application Delivery Challenges
• LAN Connectivity
‒ High bandwidth
‒ No latency
‒ Reliable
• WAN Connectivity
‒ Latency
‒ Low bandwidth
‒ Congestion
‒ Packet Loss
Server LAN
Switch
Client
Round Trip Time ~ 0ms
LAN
Switch Server LAN
switch Client WAN
Round Trip Time ~ Many milliseconds
9
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Overview
Cisco WAAS: WAN Optimization Solution
Branch Office
WAAS
Service
Module
Branch Office
WAAS
Express
Branch Office
WAAS
Appliance
Regional Office
WAAS
Appliance
vWAAS
VM
FC SAN
Nexus 1000v VSM
Virtual Private
Cloud DB
VM
VMware ESXi Server
Nexus 1000v vPATH
UCS /x86 Host
APP
VM WAAS
CM’s
WAAS CM’s
Data Center or
Private Cloud
WAAS Appliances
VMware ESXi
vWAAS VMs
Server VMs
AppNav
AppNav
10
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Data Center & Campus
Large Branch
Medium Branch
Small Branch
Tele Worker
Larger Branch
to Small Data
Center
SM-SRE-7X0 SM-SRE-9X0
1941/2901 29xx 39xx
WAAS
Appliances
WAAS ISR
G2 Modules
WAAS
Express
vWAAS
vWAAS-750 vWAAS-6000
WAAS
Mobile WAAS Mobile
vWAAS-12000
WAAS Overview
Product Offerings
WAVE-294 WAVE-594 WAVE-694 WAVE-7541 WAVE-7571 WAVE-8541
880/890
vWAAS-200
UCS-E (SW) UCS-E (DW)
vWAAS-50000
11
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Application
Optimizer
(AO)
TFO
Network
Data Link
Physical
Client
Application
Presentation
Session
Transport
Network
Data Link
Physical
WAVE-2
Application
Optimizer
(AO)
TFO
Network
Data Link
Physical
WAVE-1
Server
Application
Presentation
Session
Transport
Network
Data Link
Physical Original Optimized Original
WAN
WAAS Overview
Transport and Session Layer Optimization • WAAS application policies define type of
optimization (L4 or L5)
• L4: basic optimization
L5: latency mitigation
12
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Time (RTT) Slow Start Congestion Avoidance
cwnd
TCP
TFO
TFO provides an average of 95% WAN Bandwidth compared to 75% with regular TCP
WAAS Overview
TFO versus regular TCP in the WAN (L4)
• Transport Flow Optimization
TFO is using RFC2018, RFC1323, RFC3390 and BIC-TCP
http://netsrv.csc.ncsu.edu/export/bitcp.pdf
13
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Overview
Advanced Compression (L4)
Synchronized
Compression
History
DRE
LZ LZ
DRE
Data Redundancy Elimination (DRE)
Persistent LZ compression
Benefits
• Application-agnostic compression
• Up to 100:1 compression
• Context Aware DRE
• Session-based compression
• Up to 10:1 compression
• Works even during cold DRE cache
• Disabled when DRE is >90% active
WAN
14
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Overview
Application-Specific Acceleration (L5)
Remote Office Data Center
• Object Cache Verification
• Security and Control
• WAN Optimization
• WAN Bandwidth Savings
• Server Safely Offloaded
• Fewer Servers Needed
• Power/Cooling Savings • LAN-like Performance
WAN
• Provides Latency Mitigation
• LAN-like performance
• WAAS Application Optimizers (AO’s)
– CIFS/SMBv2, NFS, MAPI/EMAPI, Citrix, Video, HTTP/HTTPS, Windows Printing
• Licensed developed and validated with Application Vendors like Microsoft and Citrix
15
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAN
WAAS Overview
Network Transparency
• Packets between each network are routed as usual.
WAAS auto-discovery will automatically find WAVE’s in-path
• WAAS Network Transparency (same L3/L4 headers) allows application acceleration components to maintain compliance with existing network features
‒ Quality of Service (QoS), NBAR
‒ NetFlow, monitoring, reporting
‒ Security functions (ACLs, firewall policies)
B/24
C/24
D/24
E/24
A/24
16
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Overview
Auto-Discovery – Two WAVE’s
• If a WAVE that was optimizing fails:
‒ Server will see segments with SEQ/ACK numbers that are out of range
‒ Host will reset (RST) connection
‒ Client application will re-establish a new TCP connection
A B C D
A:D SYN A:D SYN(OPT) A:D SYN(OPT)
D:A SYN/ACK D:A SYN/ACK(OPT)
D:A SYN/ACK(OPT)
Origin Connection Origin Connection Optimized
Connection
WAAS devices will be discovered automatically
• In-band signaling during TCP handshake with TCP option 0x21
• WAVE B closest to client (A) and WAVE (C) closest to server (C)
• Connection optimized between WAVE (B) and (C)
• WAVE shifts optimized TCP SEQ number by 2 billion (msb flipped)
17
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Overview
Auto-Discovery – Intermediate WAVE’s
• WAVE (B) closest to client (A)
• WAVE (D) closest to server (E)
• Intermediate WAVE (C) sees TCP options in both directions and goes into Pass Through (PT)
• Each WAVE supports 10X optimized limit for Pass Through. E.g. WAVE-594 with max 750 optimized connections supports 7500 connections in pass through
A:E SYN A:E SYN(OPT)
A:E SYN(OPT) A:E SYN(OPT)
E:A SYN/ACK E:A SYN/ACK(OPT)
E:A SYN/ACK(OPT) E:A SYN/ACK(OPT)
Origin Connection Origin Connection Optimized
Connection
A B C D E
Only first and last WAVE’s are being used
18
WAAS News
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS News
Cisco is #1 in WAN Op Market w/ Unit-Share
0
2,000
4,000
6,000
8,000
10,000
12,000
1Q10 2Q10 3Q10 4Q10 1Q11 2Q11 3Q11 4Q11 1Q12 2Q12
Cisco Competitor-A Competitor-B
32%
27%
5%
• Cisco is #2 in WAN Op Market w/ Revenue
20
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS News
Next Generation WAVE Appliances
• Purpose build hardware
• Optional I/O modules including Fiber and 10Gbps Ethernet
• Up to 2 Gbps optimized throughput
• Up to 8 Virtual Blades (WAVE-694)
21
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS News
Cisco WAAS Recent Awards
22
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS News WAAS 5.0 Release Highlights
New Central Manager
• iPad Ready
• Visibility without Agents
• Immersive
Secure Applications
• Encrypted Exchange
• Enhanced SSL
• ICA enhancements
SMB v2.X
• Windows Native
• SMB Signing
WAAS Express 2.0
• SSL Support
• WAN Failover
• Upstream DRE
AppNav
• Cluster Virtualization
• Scale as you grow
• Simple Management
June 2012
23
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Enhanced Citrix
• MSI Support
• QoS
• Dynamic DSCP Marking
• Improved VDI Performance
Enhanced SharePoint
• Enhanced Acceleration
• Improved User Experience
vWAAS
• VM Hypervisor 5.0
• UCS-E Half and Full Slot
Enhanced Auto-Deploy
• Automate WAAS installation
• Simplified device configuration
WAAS News WAAS 5.1 Release Highlights
Dec 2012
24
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Our Continuing Vision with WAAS:
• Deliver optimal & secure user experience at scale for any users
application using any device for the lowest TCO
N/W Integrated WAN Op
• SRE Modules
• Virtual WAAS
• WAAS Express
• Windows VB
VDI, and APM
• Citrix AO
• VDI Video Optm.
• Context Aware DRE
• New Fast Appliances
• NAM integration
Cloud and BYOD
Next Gen WAAS 5.0
• New CM
• Enhanced SSL
• EMAPI
• (Signed) SMBv2
• WAAS Express 2.0
• AppNav Modules
• UCS-E Modules
Enhancements for
• BYOD
• Cloud
• ICA
• APNM
• Video
• AppNav
• IPv6
CY12 CY11
CY10
CY13
25
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS News
IPv6 Development
• Planning under way for IPv6
not committed yet at this time
• Possibly a phased approach
‒ Phase 1 (CY13)
IPv6 Management IP Address (Central Manager)
L4 optimization for IPv6 traffic (TFO-DRE-LZ)
‒ Phase 2
Support for all AO’s
• Current WAAS versions forward all IPv6 traffic unoptimized
26
WAAS Deployment
Installation and Configuration
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Configuration Overview
1. Initial setup is done using IOS-like Console CLI
Use of Setup Script recommended
2. License configuration is required
3. Always bring up the Central Manager(s) (CM) first
– New WAAS devices will be auto-registered to WAAS CM and become a member of the
AllWaasGroup (used to be AllDeviceGroup)
– When e.g. creating an AccelerationGroup make sure you apply the correct application
policies (e.g. set default one) and auto-membership for this group is enabled
4. Next bring up all Application Accelerators
5. Configure traffic interception (inline, WCCP etc)
– Start traffic interception on Core or Central devices
– Next add interception to Remote Devices
6. Further configuration should be done from within the CM
28
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Software Version File Types
• There are MANY software images for each version of code, however there are only 2
main software downloads usually needed
‒ waas-accelerator-5.1.1.16-k9.bin – Accelerator only image ~265 MB
‒ waas-universal-5.1.1.16-k9.bin – Accelerator and CM imaging ~374 MB
Includes Help Files (CM GUI) and Kernel Dump component
• Additional files may be downloaded as needed
‒ waas-sre-installer-5.1.1.16-K9.zip – several files for bare bones SRE deployments ~300 MB
‒ NPE installer files contain No Payload Encryption which is a requirement in certain countries
‒ Rescue-cdrom.iso – Files to completely rebuild a device from scratch ~476 MB
‒ Sysimg 5.1.1.16-k9 – 32 or 64 bits File used to recover flash memory ~32 MB
‒ waas-kdump-5.1.1.16-k9.bin – Kernel Dump component that can be used with the accelerator
image for enhanced troubleshooting.
‒ waas-alarm-errorbooks – release specific alarm and error message documentation
29
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Setup Script
• Prompted on boot of factory default box to run setup script or execute ‘setup’
• Script prompts for configuration to communicate, network integrate, manage, and license the WAVE
• WAVE comes as Accelerator, Role Change to Central Manager or AppNav device requires reboot
• Optional Proactive Diagnostics before exit
30
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Central Management System (CMS) • CMS process runs on all WAVEs
• All management communication is using HTTPS
(self signed device specific certificates and keys)
• Bidirectional configuration synchronization between Central Manager(s) and
Accelerators, last change wins…
• Central Manager collects health and monitoring-data every five minutes
• CMS provides means to backup and restore configuration
• Provides means to replace a failed device with a new device
• Use “show cms info” to get CMS status
sre700#sho cms info
Device registration information :
Device ID=11506
Device registered as = WAAS Application Engine
Current WAAS Central Manager = 10.42.40.1
Registered with WAAS Central Manager = 10.42.40.1
Status = Online
Time of last config-sync = Thu Dec 29 17:56:19 2011
CMS services information :
Service cms_ce is running
31
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Central Manager Configuration
• Device located in Data Center
• Setup script recommended
• Non-default configuration
‒ Device mode
‒ Hostname
‒ Primary-interface
‒ IP configuration
‒ Date/time configuration
‒ Configuration Management System (CMS)
• CMS must be enabled to access the web GUI
• Reload required (role change)
• Optionally use standby interface to dual-home to two switches (L2 connected)
device mode central-manager
hostname dc1-cm1
license add Enterprise
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address 10.1.1.31 255.255.255.0
exit
ip default-gateway 10.1.1.254
ip name-server 10.1.1.21
clock timezone CET 1 0
ntp server ntp.foo.com
cms enable
copy run start
32
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Standby Central Manager Configuration
device mode central-manager
hostname dc1-cm1
license add Enterprise
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address 10.1.1.32 255.255.255.0
exit
ip default-gateway 10.1.1.254
ip name-server 10.1.1.21
clock timezone CET 1 0
ntp server ntp.foo.com
central-manager role standby
central-manager address 10.1.1.31
cms enable
copy run start
• Configure as regular Central Manager
• Assign CM role as standby
• Assign primary CM address as central-manager address
• Enable CMS
• Do save the configuration…
• Device needs to be reloaded (role change)
wave294-cm-2#sho cms info
### some output removed ###
Current WAAS Central Manager role = Standby
Current WAAS Central Manager = 10.1.1.31
Registered with WAAS CM = 10.1.1.31
Status = Online
Time of last config-sync = Wed Jan 9 12:35:27 2013
CMS services information :
Service cms_httpd is running
Service cms_cdm is running
33
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Standby Network Interface Card (NIC)
• L2 path needed between the two WAVE Ethernet ports
• MAC only on active (in use) interface
• Primary pre-empts
• Gratuitous ARPs on failover
Gi 1/0 Gi 2/0
WAVE(config)#interface Standby 1
WAVE(config-if)#ip address 10.1.2.100 255.255.255.0
WAVE(config-if)#exit
WAVE(config)#interface GigabitEthernet 1/0
WAVE(config-if)#standby 1 primary
WAVE(config-if)#exit
WAVE(config)#interface GigabitEthernet 2/0
WAVE(config-if)#standby 1
WAVE(config-if)#exit
WAVE(config)#primary-interface standby 1
WAVE#show interface standby 1
Interface Standby 1 (2 physical interface(s)):
GigabitEthernet 1/0 (active) (primary) (in use)
GigabitEthernet 2/0 (active)
34
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Central Manager GUI: https://cm-ip-address:8443
35
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
CM Group Configuration Best Practices
AllWaasGroup DNS DomainName SNMP NTP Server | Time Zone Login Access Control Authentication Common criteria System Log Settings Disk Error Handling
CoreDeviceGroup SSL Acceleration EMAPI Signed SMBv2
EdgeDeviceGroup Transaction logs Prepositioning Disk encryption Flow Agent
AccelerationGroup Application Policies (Optional)
36
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
CM Monitoring • Dashboard with Aggregate Statistics
• Optimization Summary
• Connection Trending
• Application Acceleration (HTTP, HTTPS, CIFS, NFS, MAPI, Citrix-ICA, Video, SSL, Print)
• System-wide, Device Specific or Grouped by Location
37
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Accelerator Configuration
• Accelerator Mode is default setting
- Hostname
- Primary-interface
- IP configuration
- CMS enable
• No reload required (no mode change)
• CMS required to register with CM
• Use of Hostname for CM recommended
• Use standby to dual-home WAVE to two switches
in a redundant environment
• Auto-registration option enables CM discovery through
DHCP with next server address = CM Address.
DHCP Provided IP Address should be locked to WAVE
• Use EtherChannel® to achieve higher throughput
and HA redundancy
hostname br1-WAVE1
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address 10.1.100.101 255.255.255.0
! Optionally configure 100 Mb Full Duplex
exit
ip default-gateway 10.1.100.254
ip name-server 10.1.1.21
! Implement DNS for CM mobility
central-manager address cm.foo.com
cms enable
copy run start
38
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
What is THE number one cause of bad performance... WARNING WARNING WARNING WARNING
Duplex mismatches will cause severe performance
issues and are even more noticeable with CIFS
This is not a WAAS issue, but WAAS makes it more
visible due to back pressure of large amounts of data
CRC-errors on switch ports are a good indication
When using FastEthernet do fix Speed and Duplex to
100Mb FD at both ends of the cable (WAVE and
Switch/Router Port). Do not trust auto sensing...
Any MDX port in crossover mode will become
disconnected when put in non-auto-sensing mode.
Do use Cross Cables where appropriate 39
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAVE(config)# interface PortChannel 1
WAVE(config-if)#no shutdown
WAVE(config-if)#ip address 10.1.1.31 255.255.255.0
WAVE(config)# interface gigabitEthernet 1/0
WAVE(config-if)#no shutdown
WAVE(config-if)#channel-group 1
WAVE(config-if)#exit
WAVE(config)#interface gigabitEthernet 2/0
WAVE(config-if)#no shutdown
WAVE(config-if)#channel-group 1
WAAS Deployment
EtherChanneling
• Interfaces can be bundled into a
PortChannel for higher throughput and HA
• Requires identical interface configuration
on both physical interfaces
• IP addres defined on PortChannel interface
• WAVE and Switch need to be configured
physically the same (speed-duplex etc) as
LACP is not supported yet in WAAS
Gi 1/0 Gi 2/0
40
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
CM Devices Menu
41
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
CM Device Groups
• Any newly configured WAAS device is automatically added to the AllWAASGroup
• Any newly configured WAAS Express device is added to the AllWaasExpressGroup
• Add new devices manually to other groups where necessary
42
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Deploying WAAS on Service Ready Engine (SRE)
• ISR-G2 generation services module
• Initial SRE Configuration
‒ Configure IP Connectivity between ISR and SRE
• Initial WAAS Installation
‒ Load WAAS Software on SRE (when needed)
‒ WAAS on SRE: min version 4.2.1
• Initial WAAS Configuration
‒ Router based configuration
‒ Standard WAAS configuration steps
• SRE Management
‒ Daily management is done using the CM
‒ No CLI to SRE is needed after initial setup
• UCS-E with vWAAS will be discussed further down this presentation
SRE 7X0/9X0
43
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Obtain WAAS SRE Software
• Download WAAS software from CCO
‒ CCO account needed
‒ Look for file named similar to “waas-sre-installer-5.1.1.16-k9.zip
• Extract the ZIP file and copy content to FTP directory
‒ Make sure FTP Server is reachable from ISR!
‒ Directory should contain following 6 files:
waas-accelerator-5.1.1.16-k9.bin
waas-accelerator-5.1.1.16-k9.bin.install.sre
waas-accelerator-5.1.1.16-k9.bin.install.sre.header
waas-accelerator-5.1.1.16-k9.bin.installer
waas-accelerator-5.1.1.16-k9.bin.key
waas-accelerator-5.1.1.16-k9.bin.srebootloader
44
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Initial SRE Configuration
• SRE is recognized by IOS as “Interface SM<slot>/0”
• Configure IP Addresses and Gateway (router side and module side)
Router#show run interface SM1/0
interface SM1/0
no ip address
shutdown
service-module fail-open
Router#conf t
Router(config)#interface SM1/0
Router(config)#ip address 10.42.12.254 255.255.255.0
Router(config)#service-module ip address 10.42.12.1 255.255.255.0
Router(config)#service-module ip default-gateway 10.42.12.254
45
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
SRE WAAS SW Load with Router CLI Script
• CLI Script: service-module sm1/0 install url <path>
• Use full path name to the bin image (include username:password@)
Router# service-module sm 1/0 install url (continued on next line)
ftp://username:password@10.42.40.100/waas/SRE/waas-accelerator-5.1.1.16-k9.bin
Proceed with installation? [no]: yes
Loading SRE/waas-accelerator-5.1.1.16.bin.install.sre !
[OK - 1722/4096 bytes]
Welcome to the WAAS installation
Checking resource requirements now
Resource check complete proceeding with installation
46
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
SRE WAAS Initial Configuration using CLI
• Session into SRE (is reverse telnet on line 2067)
• Device comes up as WAAS Accelerator with Interface IP and DGW already configured
• Once the SRE is up, you can configure it like any other appliance or vWAAS device
Router# service-module sm 1/0 session
Trying 10.42.12.254, 2067 ... Open
NO-HOSTNAME# show run
! waas-accelerator-k9 version 5.1.1 (build b16 Dec 29 2012)
!
device mode application-acceleratorinterface GigabitEthernet 1/0
ip address 10.42.12.1 255.255.255.0
exit
!
ip default-gateway 10.42.12.254
47
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
SRE WAAS Initial Configuration using CLI
• Either use WAAS setup script or CLI
• CLI: configure license, hostname, domain-name, dns, primary-interface and central-
manager address before enabling CMS and do save the configuration...
NO-HOSTNAME(config)#hostname SRE700
SRE700(config)#ip domain-name waas.amslab.cisco.com
SRE700(config)#ip name-server 10.42.40.101
SRE700(config)#primary-interface gi 1/0
SRE700(config)#central-manager address 10.42.40.1
SRE700(config)#cms enable
Registering WAAS Application Engine...
Sending device registration request to Central Manager with address 10.42.40.1
Please wait, initializing CMS tables
Successfully initialized CMS tables
Registration complete.
Please preserve running configuration using 'copy running-config startup-config'.
Otherwise management service will not be started on reload and node will be shown
'offline' in WAAS Central Manager UI.
management services enabled
48
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
SRE WAAS Initial Configuration using CLI
• Save the config and check if CMS is running
• Next step (skipped in this example) would be configuring WCCP on SRE and ISR
SRE700(config)#exit
SRE700#wr mem
SRE700#sho cms info
Device registration information :
Device Id = 4206
Device registered as = WAAS Application Engine
Current WAAS Central Manager = 10.42.40.1
Registered with WAAS Central Manager = 10.42.40.1
CMS services information :
Service cms_ce is running
49
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Ask for Dedicated WAAS on SRE Presentation
• The setup can also be performed using Cisco Configuration Professional (CCP). Due to
the limited time available for this session I haven’t included such information.
• I have prepared a special slide deck (50 slides) with all configuration options which is
availalable for you on request. Send the request to rschulti@cisco.com.
50
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
vWAAS Deployment
Overview
• Target Use Cases
‒ Private Cloud (Enterprise DC)
‒ Virtual Private Cloud
‒ Hybrid Cloud
• Deployment Methods
‒ Traditional methods such as WCCP
‒ Or Nexus 1000v w/ vPath
• Storage used by vWAAS
‒ Traditional DAS
‒ SAN based NFS, iSCSI,
or Fiber-Channel NAS
vWAAS is a virtualized WAAS offering on top of ESX/ESXi running on UCS/x86 servers
UCS /x86 Servers
vWAAS
VMWare ESX/ESXi
51
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAN
UCS Compute/ Virtualized Servers
Nexus 2K/5K
Cat6K/N7K
ESX/ESXi with N1000v
UCS /x86 Servers
WCCP
cluster
UCS /x86 Servers
vWAAS vWAAS vWAAS
VMWare ESX/ESXi
vWAAS Deployment
Using WCCP or vPath Core Interception w/ WCCP
- Multiple vWAAS VMs can be clustered in same WCCP cluster.
- Both physical and virtual WAVE can be part of same cluster
- Highly recommending AppNav on this location
Access Interception w/ vPath
- Interception based on port-profile policy configured in Nexus 1000v
- Bidirectional Interception - (no IN/OUT configuration)
- Pass-through traffic automatic bypass
Nexus 1000v VPATH
vWAAS vWAAS vWAAS
52
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
vWAAS Deployment
Packaging
• vWAAS is provided as a Virtual Appliance (OVF)
• Honor based licensing (changing soon)
• Virtual Appliance is a device preconfigured with disk, memory,
CPU, NIC’s and other VMWare related configuration settings
• Appliance based installation (OVF format)
‒ Deploy OVF template from vSphere client
‒ No device configuration
‒ Easy, fast, No mistakes
‒ Different OVF types for sizing
vWAAS-250, 750, 6000, 12000, 50000
vCM-100, 2000
• Contact your Cisco SE for a limited performance
test version of vWAAS and vCM OVFs
(scaling up to 50 connections and 10 nodes) 53
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
vWAAS Deployment
Minimum Requirements
• VMware ESX/ESXi 4.0+ hypervisor
• VMware vCenter server & vSphere client 4.x
• Cisco UCS or other x86 Server
- Server hardware should have a 64 bit CPU
and be on the VMware Compatibility List (HCL)
- Ensure Intel VT is enabled in the host’s BIOS
• Nexus 1000v version 4.2(1)SV1(4) or higher
(for vPATH Interception)
Memory constraints based on sizing type of vWAAS/vCM
vWAAS-750, 6000, 12000, 50000: 4, 8, 12, 48 GB
vCM-100, 2000: 2, 8 GB
54
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
UCS-E140S UCS-E140D(P) / UCS-E160D(P)
Processor Intel Xeon (Sandy Bridge)
E3-1105C (1 GHz)
Intel Xeon (Sandy Bridge)
E5-2428L (2 GHz) / E5-2418L (1.8 GHz)
Core 4 4 / 6
Memory 8 - 16 GB
DDR3 1333MHz
8 - 48 GB
DDR3 1333MHz
Storage
200 GB- 2 TB (2 HDD)
SATA, SAS, SED, SSD
200 GB- 3 TB (3 HDD*)
SATA, SAS, SED, SSD
RAID RAID 0 & RAID 1 RAID 0, RAID 1 & RAID 5*
Network Port
Internal: 2 GE Ports
External: 1 GE Port
Internal: 2 GE Ports
External: 2 GE Ports
PCIE Card: 4 GE or 1 10 GE FCOE
vWAAS Deployment
UCS-E series: UCS Servers for ISR G2
55
WAAS 5.1
Dec 2012
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
vWAAS Deployment
UCS-E vWAAS Requirements
• Both single and double wide slot models are supported
• With the WAAS 5.1 release, WAAS will run only on
VMware Hypervisor for UCS-E
• Plenty of room left for other Applications after vWAAS
installation
• Native WAAS on UCS-E is NOT supported
• UCS-E requires use of Vmware 5.0, earlier versions of
ESXi are not supported
• VMWare tools need to be installed for VMXNET adapter
VMware ESXi
vWAAS
ESXi 4.1
WAAS 5.1
Dec 2012
56
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
• VMXNET “Card” is highly optimized for performance in a virtual machine
• Vmware Tools must be installed as OS Vendors do not yet offer a driver for VMXNET
VMware ESXi
vWAAS
VMXNet VMXNet
vWAAS Deployment
VMXNET Adapter provides a higher performance WAAS 5.1
Dec 2012
57
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Model Maximum
Connections
RAM
(GB)
Disk
(GB)
CPUs
#
Target WAN
Throughput
Remaining
Single Wide
Remaining
Double Wide
vWAAS-200
200
2
160
1
10 Mbps
Cores: 3
Memory: 14GB
Disk: 840 GB
Cores: 5
Memory: 46 GB
Disk: 1.84 TB
vWAAS-750
750
4
250
2
50 Mbps
Cores: 2
Memory: 14GB
Disk: 750 GB
Cores: 4
Memory: 44 GB
Disk: 1.75 TB
vWAAS-6000
6000
8
500
4
200 Mbps
Cores: 0
Memory: 8 GB
Disk: 500 GB
Cores: 2
Memory: 40 GB
Disk: 1.5 TB
vWAAS Deployment
Sizing for vWAAS on UCS-E
• UCS-E modules will have significant resources left over (Cores, Memory and Disk
Space) after vWAAS deployment
WAAS 5.1
Dec 2012
58
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
vWAAS Deployment
Installation
59
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
vWAAS Deployment
Installation
60
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
vWAAS Deployment
Installation
61
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
vWAAS Deployment
VMware vSphere – Summary Display w/ vWAAS Installed
62
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
vWAAS Deployment
Configuration steps
• vWAAS configuration done like regular WAAS device
• Connect to console through vCenter
(use Control-ALT to escape from console…)
• Use of the setup wizard is recommended
‒ Either at first boot or by using “setup” cli-command
• Some differences you will notice
‒ Interface “virtual 1/0”
‒ Interception “other” (for vPath)
• Don’t forget (if not using the setup wizard...)
‒ license add...
‒ cms enable
‒ saving the configuration
63
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
vWAAS Deployment
More Information
• Due to the limited time available for this session I haven’t included specific information
for Nexus1000v and vPath configuration
• I have prepared a special slide deck (50 slides) with all information which is available for
you on request. Send the request to rschulti@cisco.com
64
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Introduction
• IOS-based WAAS solution
‒ Integrates WAAS natively into Cisco IOS via a feature license
‒ 60 days evaluation license available
‒ Increases available bandwidth to small/medium branch sites
‒ Supported on 88x, 89x, 19xx, 29xx and 39xx ISR-G2 platforms
‒ Provides DRE/LZ and TFO only
‒ No latency mitigation (AO’s)
‒ Interoperable with other WAAS products
‒ Managed by WAAS Central Manager
‒ Regular WAAS device(s) needed at central location
Data Center
WAAS Appliances WAAS CM
WAAS Express
Branch Office
ISR G2
WAN
65
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Encrypted Application Support
Optimization of Web Applications Requiring SSL/HTTPS:
• Oracle • SAP • MS SharePoint • Office 365 • SalesForce.com • Many Others…
Superior Bandwidth Optimization
Reduce Bandwidth Usage:
• Upload Compression • Redundant WAN Link support
Extended Optimization:
• MS File Services • Web Apps
Embedded Performance
Visibility
Performance Monitoring & Analytics:
• No Agents Required
• No Probes Required
Extended MIBs:
Simplified, Powerful WAN Optimization statistics
WAAS 5.0
June 2012
WAAS Deployment
Whats new in WAAS Express 2.0
66
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Minimum Requirements
• Centralized Management by CM requires WAAS version 4.4.x or higher
‒ WAAS Express 2.0 needs CM version 5.0
• Maximum router memory is required
• Router minimum IOS version 15.1(2)T
‒ IOS 15.2.3T required for WAAS Express 2.0
• WAAS Express is configured on the WAN interface
• No intercept configuration like WCCP is needed
• WAAS Express uses CPL for configuration
- Configuration via global policy-map and parameter-map
- Default built-in policy is applied to running-config
- Default Policy is the same as Cisco WAAS default policy (Except for non-supported features)
• Natively interoperates with other Cisco IOS® features
67
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Licensing
• When ordered as bundle router it comes with a pre-installed license for WAAS Express
• How to check the license
‒ Show license detail waas_express
Router#show license detail WAAS_Express
Index: 1 Feature: WAAS_Express Version: 2.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
Store Index: 1
Store Name: Primary License Storage
68
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Licensing
• A PAK will be provided when you purchase the WAAS Express license at a later date. At
the time of placing order, you can choose the PAK to be mailed to you or be
electronically mailed.
• Collect the output of show license udi command on your router.
Note the PID (Product ID) and SN (Serial number)
• Visit the Cisco License Activation Portal at www.cisco.com/go/license and enter the
PAK, Product ID, and Serial Number information, along with your contact e-mail address.
• A license file will be generated and e-mailed to you
Router#show license udi
Device# PID SN UDI
-----------------------------------------------------------------------------
*0 CISCO2911/K9 FHH122500AZ CISCO2911/K9:FHH122500AZ
69
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Licensing
• Copy the license file to router flash
• Invoke the license install command to install the license
Router#dir flash0:*.lic
Directory of flash0:/*.lic
8 -rw- 1159 Aug 11 2010 16:35:00 -07:00 FHH122500AZ_20100811190225615.lic
254164992 bytes total (138383360 bytes free)
Router#license install flash0:FHH122500AZ_20100811190225615.lic
Installing licenses from "flash0:FHH122500AZ_20100811190225615.lic"
Installing...Feature:WAAS_Express...Successful
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install
70
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Configuration
Simple one command configuration
End User License Agreement is displayed the first time WAAS Express is enabled
Default build-in WAAS policy will be applied to running config
Router should already be configured as HTTP secure-server This is however not a single command (See next 10 slides…)
Branch Office
WAAS
Express
ISR-G2
router (config-if)# waas enable
Router#configure terminal
Router(config)#interface <wan-interface-name>
Router(config-if)#waas enable
Router(config-if)#exit
Router#
WAN
71
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Registration with WAAS Central Manager
• All WAAS Express routers registering with WAAS Central Manager will be assigned to the default
AllWAASExpressGroup. This group has the auto-activation policy enabled
• On WAAS Central Manager, configure login and password credentials for any WAAS Express router. Select the
Device Group on the top. Click on AllWAASExpressGroup to edit the device group.
72
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Registration with WAAS Central Manager
• Under Admin – WAAS Express Credentials enter the Username and Password details which will is used on
the WAAS Express routers
73
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Registration with WAAS Central Manager
• WAAS Express registers with WAAS Central Manager using HTTPS over port 8443.
Once registration is successful, WAAS Central Manager polls the information from
WAAS Express router using XML PI through HTTPS (TCP Port 443).
• In order for WAAS Express to establish HTTPS with the WAAS Central Manager during
registration, it needs to first trust the self-signed certificate presented by WAAS Central
Manager. This can be done by configuring a certificate trust-point and import WAAS
Central Manager’s certificate.
• On the WAAS Central Manager console, use command show crypto certificate-detail
admin to display its self-signed certificate. The output is in PEM format. Make a copy of
the output highlighted on the next slide.
74
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Registration with WAAS Central Manager
• Copy the CM Certificate (including BEGIN and END lines)
Central_Manager#show crypto certificate-detail admin
Bag Attributes
localKeyID: 8D AB 61 85 7B 95 FC 4C 34 FD AC DC A8 F2 B1 A4 80 74 70 9B
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2000021192 (0x7735e6c8)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=San Jose, OU=CNBU, O=Cisco Systems, Inc,
#### Output suppressed ####
-----BEGIN CERTIFICATE-----
MIICgzCCAeygAwIBAgIEdzXmyDANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ0wCwYD
#### Output suppressed ####
VQQLEwRDTkJVMRswGQYDVQQKExJDaXNjbyBTeXN0ZW1zLCBJbmMxIjAgBgNVBAMT
qfvUGz9KDnEns1phPQ9o+k4B7g0/Gu0LQeJrN/jZRke4MEWChEHP+TwY9nobCvpk
JurfE6/zYJ1GRjClBEMnNvFzl6dLIwE=
-----END CERTIFICATE-----
75
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Registration with WAAS Central Manager • Create a trust-point and import the Central Managers certificate. Example below creates
a trust-point WCM_1. When asked for Enter the base 64 encoded CA certificate, paste the PEM format copied from the Central Manager
Router(config)#crypto pki trustpoint WCM_1
Router(ca-trustpoint)#revocation-check none
Router(ca-trustpoint)#enrollment terminal pem
Router(ca-trustpoint)#exit
Router(config)#crypto pki authenticate WCM_1
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
-----BEGIN CERTIFICATE-----
MIICgzCCAeygAwIBAgIEdzXmyDANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMC
#### Output suppressed ####
JurfE6/zYJ1GRjClBEMnNvFzl6dLIwE=
-----END CERTIFICATE-----
quit
% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
% Certificate successfully imported
76
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Registration with WAAS Central Manager • On the WAAS Express router, configure a trustpoint and enroll.
• It is necessary that you also configure the domain name. There is currently an issue…
Without it the HTTPS server re-generates the self-signed certificate upon reload, and
this will affect the communication with WAAS CM.
Router(config)#ip domain-name example.com
Router(config)#crypto pki trustpoint self-signed-tp
Router(ca-trustpoint)#enrollment selfsigned
Router(ca-trustpoint)#! By default, RSA key size is 512 unless specify otherwise
Router(ca-trustpoint)#! Key size of at least 1024 is recommended
Router(ca-trustpoint)#rsakeypair self-signed 1024
Router(ca-trustpoint)#exit
Router(config)#crypto pki enroll self-signed-tp
Do you want to continue generating a new Self Signed Certificate? [yes/no]: yes
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Generate Self Signed Router Certificate? [yes/no]: yes
Router Self Signed Certificate successfully created
77
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Registration with WAAS Central Manager
• Enable HTTPS server by configuring ip http secure-server. Configure authentication.
Associate the newly created persistent trust point to the HTTPS server and client. Save
the configuration.
• As this example is using local authentication, configure the same username and password
as before under WAAS Central Manager credentials.
• Enter the following command in the exec mode to register to WAAS CM: waas cm-
register https://<waas_central_manager_address>:8443/wcm/register
Router(config)#ip http secure-server
Router(config)#ip http authentication local
Router(config)#! Below is needed if there are more than one trust point in the router
Router(config)#ip http secure-trustpoint self-signed-tp
Router(config)#ip http client secure-trustpoint self-signed-tp
Router(config)#username admin privilege 15 password Cisco123 !!!EXAMPLE
Router(config)#exit
Router#wr mem
Router#waas cm-register https://172.30.0.33:8443/wcm/register
Aug 19 19:45:48.763 MDT: %WAAS-6-WAAS_CM_REGISTER_SUCCESS:
IOS-WAAS registered with Central Manager successfully
78
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Registration with WAAS Central Manager
• The WAAS Express Router should be visible within the device list of the WAAS Central
Manager. The initial state is pending until the CM has contacted the Router
79
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Registration with WAAS Central Manager
• WAAS CM will poll the WAAS Express router. When successful, the status of WAAS
Express router will change to Online.
• The registration process is complete and this WAAS Express instance has now become
fully managed by the WAAS Central Manager.
80
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS Express Registration with WAAS Central Manager
• On the WAAS Express router use the command show waas connection to view the
current list of optimized connections. The right most column, Accel, indicates the
optimization applied of the connection, T = TFO, D = DRE, and L = LZ. PROG means
connection is still being established.
Router#show waas connection
ConnID Source IP:Port Dest IP:Port PeerID Accel
26407 172.25.47.2 :24615 172.30.0.57 :110 0014.5e84.2a69 TLD
25481 172.25.47.2 :8421 172.30.0.52 :443 0014.5e84.2a69 T
26352 172.25.47.2 :12847 172.30.0.57 :110 0014.5e84.2a69 TLD
26411 172.25.47.2 :45705 172.30.0.54 :25 0014.5e84.2a69 TLD
25968 172.25.47.2 :42893 172.30.0.54 :25 0014.5e84.2a69 TLD
26198 172.25.47.2 :10585 172.30.0.52 :80 0014.5e84.2a69 TLD
26282 172.25.47.2 :53083 172.30.0.52 :80 0014.5e84.2a69 TLD
26381 172.25.47.2 :37980 172.30.0.52 :80 0014.5e84.2a69 TLD
26173 172.25.47.2 :20573 172.30.0.52 :80 0014.5e84.2a69 TLD
26361 172.25.47.2 :33939 172.30.0.54 :25 0014.5e84.2a69 TLD
26432 172.25.47.2 :20575 172.30.0.52 :80 0000.0000.0000 PROG
26412 172.25.47.2 :21599 172.30.0.52 :80 0014.5e84.2a69 TLD
26421 172.25.47.2 :54850 172.30.0.57 :110 0014.5e84.2a69 TLD
26073 172.25.47.2 :41371 172.30.0.54 :25 0014.5e84.2a69 TLD
26247 172.25.47.2 :19303 172.30.0.52 :80 0014.5e84.2a69 TLD
26331 172.25.47.2 :19306 172.30.0.52 :80 0014.5e84.2a69 TLD
81
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Usefull other CLI’s for WAAS Express
• When router CPU approaches 80% load, WAAS Express will begin backing off TCP connections
‒ To change the default CPU threshold of 80%
Router(config)#parameter-map type waas waas_global
Router(config-profile)#cpu-threshold ?
<0-100> Set the Maximum CPU threshold
• The following CLI’s can only be used when WAAS Express is disabled
‒ To remove all WAAS Express related configuration from the router
waas config remove-all
‒ To restore all default values for WAAS Express on the router
waas config restore-default
• When active connections exist WAAS Express cannot be turned off without the forced option
‒ To force WAAS Express to off
no waas enable [forced]
82
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Application Optimizers (AO) - Licenses
• Licenses managed at device level
• License name is Case Sensitive
• Transport includes DRE/LZ/TFO (deprecated)
• CM requires Enterprise
• Enterprise includes NFS, HTTP, SSL, CIFS, MAPI, ICA, Print (and DRE/TFO/LZ)
• Enterprise is required for Video and/or Virtual-Blade
• CLI commands
‒ show license
‒ license add <license-name>
‒ clear license
‒ clear license <license-name>
#show license
License Name Status Activation Date
-------------- ----------- --------------- --
Transport not active
Enterprise active 03/20/2011
Video not active
Virtual-Blade not active
#
#license add Video
#show license
License Name Status Activation Date
-------------- ----------- --------------- --
Transport not active
Enterprise active 03/20/2011
Video active 04/01/2012
Virtual-Blade not active
83
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
WAAS AO’s – Enabling Features • All Application Optimizers are on by default
• Turning off TFO will turn of all optimization...
• Specific AO’s offer Advanced Settings, defaults normally fine for most networks
84
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
HTTP AO – Optional Settings
• HTTP Proxy settings are on by default as of version 5.0
• Recommended for high latency networks
85
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
SSL AO - Overview • Central WAVE acts as a Trusted Intermediary Node for SSL requests by Client.
• Server Private Key and Certificate have securely been loaded from CM’s Secure Store into the Central WAVE.
• Central WAVE participates in SSL Handshake to derive the “Session Key”.
• Central WAVE securely sends the “session key” in-band to the Edge WAVE enabling it to terminate (decrypt/encrypt) the Client SSL session.
Send “session key”
WAN
SSL Session Central WAVE to Server SSL Session Client to Central WAVE
Edge WAVE Central WAVE
Secure Channel
Original Data - Encrypted Optimized & Encrypted Original Data - Encrypted
SSL Handshake SSL Handshake
86
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
SSL AO – CM’s Secure Store
• CM securely stores all imported host certificates and private keys encrypted
• Certificates and private keys are decrypted and made available to Central WAVE’s
‒ When secure store is being initialized first time
‒ After CM reload when secure store is opened
• CM secure store must be open to provide Keys and Certs to Central WAVE’s
• Upon reboot, if CM detects the secure store is initialized but not open a critical alarm is raised
• With WAAS 4.4.1 and later, the Secure Store can be configured to “auto open”
• Useful CLI commands:
‒ cm#cms secure-store [ init | open | change ] To initialize, open or change current pass-phrase
‒ cm#show cms secure-store To show current status of CM secure store
• 87
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
SSL AO – SSL Accelerated Services • Standard policy for SSL traffic is TFO
• Enabling Full Optimization brings TFO-DRE/LZ and HTTP AO
‒ Either run using Self Signed Certs (demo/test mode)
‒ Or create specific Server Entry with imported CA Cert and Host Cert/Key
• Certificate chaining with intermediate CA’s is supported
• Certs nearing expiration (60 days) or being expired will trigger a CM Alarm
88
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Video AO – Live Stream Splitting
• Compatible with Windows Media 9 or later
• Operates on RTSP over TCP (RTSPT) only
• Stream Splitting occurs at the edge WAVE device
• Auto-discovery puts intermediate engines into Pass Through
• ACNS/CDS origin configured with ‘wmt disallow-client-protocols
rtspu mmsu’ to force TCP use
• Option to TCP optimize or drop un-accelerated streams
• Support for Windows Media formatted Logs
WAN
ACNS
Live Video Source
WAAS
89
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Exchange Server
Active Directory Controller
(Kerberos KDC)
Core WAAS Branch WAAS
Outlook Client
WAN
Encrypted MAPI Request
Securely transfer key
to remote branch
Temporary keys allow access to
Encrypt/Read/Sign Data
Application Data:
Encrypted
Authentication:
Kerberos
Application Data:
Optimized, Encrypted
Authentication:
Kerberos
Application Data:
Encrypted
Authentication:
Kerberos
WAN-Secure
WAAS Deployment
MAPI AO (now with support for EMAPI) WAAS 5.0
June 2012
90
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deploment
MAPI-AO: How to establish trust for WAAS in AD?
• WAAS needs to be configured with a read-only identity to obtain keys to encrypt, read,
and sign data
• WAAS supports two types of Active Directory identities:
‒ Each Core WAAS device can join the Active Directory as a type “Workstation”
Active Directory automatically performs password rotation for Workstation accounts
‒ Configure a dedicated R/O User Account for WAAS on each Core WAAS device
– A single User Account can be used for all Core WAAS devices, if desired
– Multiple User Accounts can be used to support Multi-AD Domain environments
• Be aware, AD’s Kerberos is depending on time being fully in synch on all devices,
the use of NTP is highly recommended…
• Also make sure you use DNS with proper Hostname and IP Assignments
(reverse lookup) for WAAS devices which will contact the AD environment
91
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Grant WAAS
Permission
WAAS Deployment
Workflow to Enable Encrypted Exchange
Set Time, DNS and
Domain info
Join WAAS
to Domain Grant WAAS
Permission Ready!
Enter User in
WAAS CM
Ready!
Workstation Account
User Account
“Administrator” User Account
Set Time, DNS and
Domain info
Set Time, DNS and
Domain info
Ready!
Enter User in
WAAS CM
Active Directory Team Tasks:
Grant WAAS account permission to:
- “Replicate Directory Changes”
- “Replicate Directory Changes All” 92
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
EMAPI Configuration
• Configure Windows Domain Settings for CoreDeviceGroup
• Join the AD Domain
• Configure and enable EMAPI feature
93
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Citrix-AO Changes in WAAS 5.1
• Multi-stream ICA (MSI) Support
• QoS Support for ICA MSI and non-MSI Streams
• Enhanced ICA/CGP Optimization
• ICA Implemented Admission Control
WAAS 5.1
Dec 2012
94
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
• WAAS transparently interoperates with Citrix Protocols
WAAS transparently inserts itself
into the Citrix communication.
WAAS applies TCP flow
optimization to maximize
bandwidth usage and mitigate
packet loss.
WAAS delivers Citrix Aware
Redundancy Elimination that
removes redundant data from
across all end user connections.
WAAS applies inline compression
algorithm over the optimized data,
maximizing savings
Optimized Normal Normal
WAAS Deployment Understanding Citrix Handshake with WAAS
WAAS 5.1
Dec 2012
95
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment Multi-stream ICA (MSI) Splits a User into 5 Streams
MSI is disabled by default in Citrix today
• Enabling Multi-Stream ICA on WAAS automatically enables it through Citrix.
Channel Channel Channel TCP
TCP
TCP
TCP
UDP
Channel Channel Channel …
Channel Channel Channel …
Channel Channel Channel …
Channel Channel Channel …
…
• WAAS can dynamically apply DSCP markings to match Citrix Priorities.
DSCP Marking
Very High (audio)
DSCP Marking
Medium (USB Redirect)
DSCP Marking
Low (COM Port)
• WAAS automatically optimizes channels which use separate TCP connections.
WAAS 5.1
Dec 2012
96
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
QoS Support for MSI and non-MSI streams
• WAAS can be enabled to implement
Differentiated Service Code Point
(DSCP) tagging of both MSI and non-
MSI ICA and CGP traffic.
• Once enabled, WAAS will interpret the
MSI stream type for the TCP
connection and enable the appropriate
DSCP value.
• The user will be able to enable or
disable tagging MSI or non-MSI traffic
as well as to define different values for
the MSI and non-MSI traffic.
Channel Channel Channel TCP
TCP
TCP
TCP
UDP
Channel Channel Channel
Channel Channel Channel
Channel Channel Channel
Channel Channel Channel
DSCP: 0xaf41
DSCP: 0xaf21
DSCP: 0x0
Best Effort
WAAS 5.1
Dec 2012
97
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment Enhanced Compression and Stream Throughput
• WAAS 5.1 provides many enhancements for better compression, throughput
and capacity
WAAS ICA-AO with DRE Compression
ICA Connection
ICA MSG
• WAAS further accelerates performance by better processing of CGP ACKs
ICA MSG
ICA MSG
CGP ACK
WAAS 5.1
Dec 2012
98
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Virtual Blades - Overview
• WAAS Virtual Blade is a guest virtual machine running inside a WAVE on top of WAAS
• Enterprise and Virtual Blade licenses required
• Available on WAVE’s 294, 594 and 694
• Preservation of Virtual Machine state on WAAS reboot
• Dedicated disk partition and memory per VB
• Virtual Blades currently being supported (* = Fully TAC Supported)
‒ MS Windows 2003/2008) Server print and directory services. Windows Server 2008 available pre-installed (WoW VB)*
‒ Cisco Application and Content Networking System (ACNS VB)*
‒ Cisco Enterprise Content Delivery System (ECDS VB)*
‒ Cisco Network Analysis Module (NAM VB)*
‒ Customer supplied services
Cisco Linux
Kernel Virtual Machine (KVM)
VB Space
Windows On
WAAS (WOW)
ECDS Virtual Blade
NAM Virtual Blade
Virtual Blade
Storage
Ethernet Network
I/O
WAVE
99
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Interface Bridge
ECDS VB1 WoW VB2
WAAS interface Gi 2/0 no ip address
WAAS interface Gi 1/0
ip address B.1/24
LAN ip address A.2/24
Subnet A/24
Gi 1/0 Gi 2/0
interface Gi 1/0 ip address A.1/24
Interface Bridge
ECDS VB1 WoW VB2
interface Gi 2/0 channel-group 1
interface Gi 1/0 channel-group 1
LAN ip address A.3/24
interface Gi 1/0 ip address A.2/24
WAAS interface PortChannel 1
ip address A.1/24
Interface Bridge
Subnet A/24
Gi 1/0
Gi 2/0
LAN-1 LAN-2
LAN-1 LAN-2
virtual-blade X
description VB Shared Port Channel
interface 1 bridge PortChannel 1
virtual-blade X
description Dedicated VB Network
interface 1 bridge GigabitEthernet 2/0
B/24
61
80
61
80
WAAS Deployment
Virtual Blades – Interface Configuration Options
62 62 WCCP WCCP
WAVE WAVE
Dedicated WAVE Interfaces
Shared WAVE Interfaces
100
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Virtual Blades – Software Installation
• Copy the ISO image to WAVE from local DVD or using FTP
• Allocate disk, memory, network resources using WAAS CLI or WAAS CM GUI
• Run the virtual blade, booting from emulated CD
• Use VNC to continue the installation where appropriate (WOW)
‒ VNC to WAVE IP-ADDRESS:VB#
br1-wae1#pwd
/local1/vbs
br1-wae1#dir
size time of last change name
-------------- ------------------------- -----------
2634078208 Wed Jun 18 16:08:59 2008 en_windows_server_2008.iso
178952192 Sat May 4 12:35:30 2002 winboot2.0.116qd.iso
101
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Virtual Blades - Windows on WAAS Example
102
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Virtual Blades – NAM VB Integration w/ WAAS
Showing End User Response Time Report before and after enabling WAAS
Improved Reporting with WAAS NAM VB
103
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
Ask for the Dedicated NAM VB Presentation
• I have prepared a special NAM VB slide deck (60 slides) which is available to you on
request. Send the request to rschulti@cisco.com.
104
Deploying WAAS devices
into the Network
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Network Deployment
Inline • Simple Plug-and-Play Deployment
‒ Physical in-path deployment between switch and router
‒ Mechanical fail-to-wire
• High Availability
‒ Two 2-port fail-to-wire groups with support for redundant network paths and asymmetric routing
• Seamless Transparent Integration
‒ Transparency and automatic discovery
‒ 802.1q VLAN trunk support
‒ Supported on all WAVE appliance models
WAVE-INLN-GE-4T WAVE-INLN-GE-8T
WAVE-INLN-GE-4SX WAVE-10GE-2SFP
WAN
106
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Network Deployment
Serial Inline HA Cluster
• Simple High Availability for small to medium sized Data Centers
• HA supported by other local WAVE
• Not meant to be used for scaling, only HA
• Design needs 4 Inline Groups (8 ports) per WAVE
‒ Use WAVE-INLN-GE-8T
• Color coded or number-labeled cabling recommended…
• Interception ACL supported
‒ Bypass for non-relevant traffic
• Need to turn off optimization between local WAVE’s
‒ No peering between local neighbors
WAN2 WAN1
HA
WAVE-INLN-GE-4T WAVE-INLN-GE-8T
WAVE-INLN-GE-4SX WAVE-10GE-2SFP
107
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Network Deployment
Off-path Interception
• WCCPv2 Interception (recommended)
‒ Transparent network integration
‒ Part of IOS
‒ Hardware accelerated on modern IOS Routers and Switches
‒ Active/active clustering supports up to 32 WAVEs and 32 Routers with automatic load-balancing, load redistribution, fail-over and fail-through operation
‒ Automatic device capability discovery
‒ Near-linear scalability and performance improvement when adding devices
• Policy-Based Routing Interception
‒ Next hop routing
‒ Part of IOS
‒ HA only, no load balancing
‒ HA provided using IP SLA as a tracking mechanism
WAN
WCCP Cluster
108
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Network Deployment
WCCP Functions
• Intercept – Identify TCP packets on Router/Switch for WAAS processing
• Assign – Select target WAVE device
• Redirect – Router/Switch sends the flow to WAVE for optimization
• Return – WAVE sends the initial packet back to the router. For flows not able to be
optimized by the assigned WAVE, subsequent packets from same flow will not be
redirected anymore
• Egress Method – Flow forwarding mechanism back to the network after being processed
by a WAVE. Method is negotiated between WAVE and IOS device and WCCP process
may overrule configuration (HW/SW capability conflict)
WAVE(S)
Intercept
Assign
Redirect
Return/Egress Intercept takes place in
both directions for WAAS
109
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Network Deployment
WCCP - Redirect, Return and Egress Methods
• WCCP specifics are configured on WAVE
• Configuration depends on NW design and Router/Switch capabilities
• L2 setup (preferred) means L2 adjacency between Switch and WAVE
• WCCP Return to Router/Switch
‒ WCCP GRE - GRE Packet returned Router
‒ WCCP Layer 2 - Frame rewritten to Switch MAC
• WCCP Redirect to WAVE
‒ GRE - Entire packet inside GRE tunnel to WAVE (default)
‒ Layer 2 - Frame MAC address rewritten to WAVE MAC
• WAVE Egress Method
‒ IP Forward – WAVE ARPs for configured Default Gateway (default)
‒ WCCP negotiated – Flow sent back inside WCCP GRE tunnel to Router preventing
interception loop
‒ Generic GRE – Flow sent back inside preconfigured Generic GRE tunnel to Switch (specific
for HW assisted interception on Catalyst 6500) 110
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Network Deployment
WCCP - Platform OS Recommendations (Dec 2012)
WCCP Function
Nx 7000
ISR & 7200 ASR 1000 Cat 6500/7600 Sup720/32
Cat 6500 Sup2T
Cat 4500 Cat 3750
Assign Mask Hash or Mask Mask Hash or Mask Hash or Mask Mask Mask
Redirect L2 GRE or L2 L2 GRE or L2 GRE or L2 L2 only L2 only
Redirect List L3/L4 ACL Ext. ACL Ext. ACL Ext. ACL Ext. ACL No Ext. ACL (no deny)
Direction In or Out In or Out In In or Out In or Out In In
Return L2 GRE or L2 L2 Gen. GRE or L2
Gen. GRE or L2
L2 L2
VRFs Supported Supported Planned Planned Supported N/A N/A
IOS 4.2(1)
5.1(5)
12.1(14); 12.2(26); 12.3(13); 12.4(10); 12.1(3)T; 12.2(14)T; 12.3(14)T5; 12.4(15)T8;
ISR G2 15.2(3)T L2/Mask
7200
15.0(1)M
XE3.1.0S
IOS 15.0(1)S
6500
12.2(33)SXH4
12.2(33)SXI
12.2(18)SXF
15.1(1)SY
7600
12.2(18)SXF
15.1(1)SY
<Sup6
12.2(54)SG1
Sup6
15.0(2)SG
Sup7
15.1(1)SG
12.2(37)SE
This list is dynamic over time, see platform release notes for latest information
111
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Network Deployment
WCCP - Branch Configuration Example
WAN 62
g0 s0
61 61
g0 s0
62 SiSiSiSiSiSi
WAN
SRE Module
sm1/0
Router
ip wccp version 2
ip wccp 61
ip wccp 62
interface gigabit0
ip wccp 61 redirect in
interface serial0
ip wccp 62 redirect in
WAVE
wccp router-list 1 10.1.1.254
wccp tcp-promiscuous router-list-num 1
egress-method negotiated-return intercept-method wccp
Hash
Router
ip wccp version 2
ip wccp 61
ip wccp 62
interface gigabit0
ip wccp 61 redirect in
interface serial0
ip wccp 62 redirect in
WAVE
wccp router-list 1 10.1.1.254
wccp tcp promiscuous router-list 1 l2-redirect mask-assign
wccp tcp-promiscuous mask src-ip-mask 0x1
Mask
Looped Intercept Risk!
112
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Network Deployment
WCCP – DC Cluster options for Distribution Layer
• WAVE with Standby Interface ‒ Registration – r1/r2 interface IP
‒ Assignment – Mask
‒ Redirect – WCCP GRE
‒ Return/Egress - IP Forward, Generic GRE (6500) or WCCP GRE (ASR)
‒ Network - Engines on shared subnet between r1 and r2
- VLAN inter-core link with no WCCP
WCCP Registration
r1 r2
WAN
e2 e3 e4 e1
SiSiSiSiSiSi SiSiSiSiSiSi
61 61
62 62
WAVE with Single Interface or EtherChannel - Registration – Loopback IP
- Assignment – Mask
- Redirect – WCCP GRE
- Return/Egress - IP Forward or generic GRE (
- Network - Engines on dedicated subnet (no standby interface)
- Routed link (r1-r2) with no WCCP
r1 r2 e1
e2
e3
e4 SiSiSiSiSiSi SiSiSiSiSiSi
61 61
62 62
WAN
113
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Network Deployment
WCCP – Twin DC Options
• WAVE cross registers with WAN edge or
distribution routers in both data centers • WAVE in server farm
• Distribution with WCCP or vPath
SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi
61
61 61
62
62
62
62
62 62
61 61
61
62 62
114
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Network Deployment
WCCP – Configuration Best Practices • Registration
‒ Do NOT use a virtual gateway address (HSRP, VRRP, GLBP)
‒ Use interface IP address if L2 adjacent to WCCP router
‒ Use highest loopback address if not L2 adjacent to WCCP router
‒ Do not configure large MTU (>1500 bytes) on WCCP client interfaces
• Software Platforms ‒ GRE WCCP (Default)
‒ Hash Assignment (Default)
‒ Inbound Interception
‒ "ip wccp redirect exclude in" on WCCP client interface (outbound interception only)
‒ WAAS Egress Methods: IP Forwarding, Negotiated Return
• Hardware Platforms ‒ L2 WCCP
‒ Mask Assignment. Use small mask (0x1, 0x3, 0x7, 0xF etc) due to TCAM limits on certain platforms (e.g. Cat6k)
‒ Inbound Interception
‒ WAAS Egress Methods: IP Forwarding, Generic GRE (Cat6k PFC-based systems only)
115
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
VMware ESX Server 1
vWAAS1
1
1 1
VMware ESXi Server 2
2
Nexus 1000v VSM
vCenter Server
vCM
VEM: Virtual Ethernet Module
VSM: Virtual Supervisor Module
VSN: Virtual Service Node
Web-Server 1 Web-Server 3 DBServer App Server Web-Server 2 VSN
FC Array
SAN
Non Opt Port-Profile
vWAAS Port-Profile
Optimized Port-Profile
for WAAS 1
Optimized Port-Profile
for WAAS 2
1
2
vPATH
vWAAS2
Nexus 1000v VEM
Nexus 1000v VEM
VSN
WAAS Network Deployment
vPATH on Nexus 1000v
116
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
vWAAS Network Deployment
VPATH configuration example on Nexus VSM
port-profile type vethernet DC-vWAAS
vmware port-group
switchport mode access
switchport access vlan 40
no shutdown
state enabled
port-profile type vethernet server-3
vmware port-group
switchport mode access
switchport access vlan 40
vn-service ip-address 10.42.40.210 vlan 40 fail open
no shutdown
state enabled
117
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployment
vWAAS - More Information
• Due to the limited time available for this session I haven’t included much information on
Nexus1000v and vPath configuration.
• I have prepared a special slide deck (50 slides) with all information which is available for
you on request. Send the request to rschulti@cisco.com
118
WAAS AppNav Deployment
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Data Center
WAAS AppNav Deployment
AppNav Functionality
Data Center
AppNav Cluster
Interception
Lo
ad
Dis
trib
ution
Optimization
Redirection
Asymmetric Traffic and HA
Pre-5.x 5.x
Virtualization technology that pools WAN optimization resources into a cluster with
business-driven rules and elastic provisioning.
120
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS AppNav Deployment
Inpath
With AppNav
WAN
• Investment protection • Plug in AppNav IOM • Simple to configure • Flexible to deploy • Scalable • Native HA solution • Asymmetric solution
WAN
Until Today
Distribution
Scalability
HA & Asymmetry
Interception
• Less Scalable • High Availability solution • Asymmetric solution
121
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS AppNav Deployment
Pre-AppNav Off Path Deployment Challenges
Mask Value Result
00:00:03:00 00:00:00:00 WAE-1
00:00:03:00 00:00:01:00 WAE-2
00:00:03:00 00:00:02:00 WAE-3
Redirect ACL
TCA
M E
ntr
ies
CP
U/S
UP
uti
lizat
ion
• Undeterministic Branch to DC mapping
• Single WAAS overload due to skewed load balancing:
– Farm capacity not fully utilized
– Suboptimal DRE cache
• Large mask bits may cause high CPU/SUP utilization
• Mask values + new redirect ACL = more TCAM usage
• Software maintenance creates cluster imbalance, specific device startup sequence required…
WAN
Branch office1 Branch Office2 Branch Office3
122
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Deployments
OffPath
WAN
• Investment protection • Plug in AppNav IOM • Light WCCP interception • Scalable • Non-disruptive capacity expansion and reduction • Native High Availability • Native Asymetric handling
Until Today Light WCCP on Core Switch • Single ServiceGroup • Simple mask 0x01
Interception
Distribution
Scalability
HA & Asymmetry
WAN
With AppNav
• Scalable • High Availability solution • Asymetric solution
123
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS AppNav Deployment
AppNav Terminology
AppNav Controllers (ANC)
WAAS Nodes (WN)
AppNav Controller Groups (ANCG)
WAAS Node Groups (WNG)
AppNav Cluster
Service Context
Flo
w D
istr
ibu
tio
n P
olicy
Interception, redirection, load
distribution
Optimization
Scalability, high availability and
asymmetric traffic handling
124
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS AppNav Deployment
AppNav Intelligent Flow Distribution
Site A HTTP and SSL
• Site affinity:
– Using Branch WAVE ID or site IP subnet
– Reserve optimization capacity for critical sites
– Improves compression performance through DRE
• Application affinity:
– Using source/dest IP addresses and ports
– Reserve optimization capacity for applications
– Consolidates application-specific optimization options
• Site + Application (combination)
MAPI and All
Other Sites
Site A
125
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS AppNav Deployment
AppNav Elastic Provisioning of WAN Optimization Resources
Site A
• Interception/redirection/flow distribution resources can be added gracefully without disruption, as data center scales when adding applications, customers, or raw traffic volume
HTTP and SSL MAPI and All Other
Sites
Site A
• Optimization resources can be added gracefully without disruption, as farms with business driven bindings (branch, application, etc.) scale
126
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS AppNav Deployment
AppNav Cluster HA and Asymmetric Traffic Handling
• Health probes between ANCs and WNs:
– AO Health and load included in reply.
– WNs enter and exit the cluster gracefully.
• Heartbeats between ANCs synchronize cluster state
– Flow distribution tables, WN reachability, and WN load are shared
– ANCs enter and exit the cluster gracefully without impacting traffic flows
– Asymmetric traffic is distributed consistently
Site A HTTP and SSL MAPI and all
other Sites
127
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS AppNav Deployment
Aivailable AppNav Modules
• AppNav modules are available for DC WAVE devices only
‒ WAVE 694, 7541, 7571 and 8541
Available AppNav I/O Modules: 12 x 1G Copper or 12 x 1G SFP
‒ Exception is the WAVE 594 AppNav bundle with 4 x 10G interfaces
– Can only be used as AppNav Controller with WCCP
– This bundle cannot be used as a WAAS Accellerator
AppNav Module
12 x 1G Copper
128
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS AppNav Deployment
AppNav Sizing Guidelines
• Up to 1 Million Optimized TCP Connections
‒ Concurrent with 1 million Pass-through connections
• Throughput up to 12 Gbps
• Max 8 AppNav Controllers per Cluster
• Up to 32 AppNav Nodes per Cluster
129
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS AppNav Deployment
Use of AppNav Wizard is highly recommended...
• Use the WAAS setup script for basic device configuration
• Choose AppNav Controller as Device Mode
‒ Required to recognize the AppNav I/O Module
‒ Intermediate reboot is required
• WAVE with AppNav module can still participate as cluster accelerator
• After CMS registration do save configuration
• Reboot WAVE Device
• AppNav configuration using the Cluster Wizard within the WAAS CM
is Highly Recommended
‒ Too error-prone when doing conf using CLI
‒ Over 100 lines to configure...
‒ AppNav is fully manageable via the WAAS CM
130
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS AppNav Deployment
AppNav Wizard – Cluster Configuration Steps
131
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS AppNav Deployment
AppNav Wizard – Cluster Configuration Steps (continued)
132
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS AppNav Deployment
AppNav Wizard – Cluster Configuration Steps (continued)
133
WAAS Sizing Guidelines
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Sizing Guidelines
• WAAS devices are normally selected based on
‒ Number of users (count 5 – 20 connections per user)
‒ Target WAN Bandwidth
‒ Number of Video Streams (1 per user)
‒ Number of VB’s if any
‒ Router integrated device or not
• We have sized our WAAS devices based on real live assumptions about traffic patterns,
usage patterns, applications, protocols, specific platforms and storage
• Peak level performance not limited by a license. Max loading a WAAS device will cause
new connections to be put in Pass Through until load falls below the rated capacity again
• Plan for peak levels and future growth
• Ask your SE for the WAAS sizing guide and calculator
• Cisco Professional Services are also able to help when needed
135
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Sizing Guidelines
WAVE - Platform Performance (5.0)
SR
E-7
X0
-S
SR
E 7
X0
-M
SR
E-9
X0
-S
SR
E-9
X0
-M
SR
E-9
X0
-L
294
-4G
294
-8G
594
-6G
594-1
2G
694-1
6G
694-2
4G
7541
7571
8541
WAN Bandwidth (Mbps) 20 20 50 50 50 10 20 50 100 200 200 500 1000 2000
Optimized TCP Connections
200 500 200 500 1000 200 400 750 1300 2500 6000 18k 60k 150k
Optimized LAN Throughput (Mbps)
200 500 200 300 1000 100 150 250 300 450 500 1000 2000 4000
Total Disk Capacity (GB) 500 500 500 500 500 250 250 500 500 600 600 2250 3150 4200
DRE Disk Capacity (GB) 80 80 120 120 120 40 55 80 120 120 200 500 1000 2000
CIFS Disk Capacity (GB) 57 57 95 95 95 75 75 100 100 100 100 225 225 300
Maximum LAN Video Streams
40 150 40 150 300 40 80 150 300 400 1000 1000 1000 1000
Virtual Blades Supported 2 2 2 4 4 6
Total Virtual Blade Disk Capacity
60 60 175 175 180 180
Peer Fan Out 50 100 150 300 700 1400 2800
CM Managed Devices 250 250 1000 1000 2000 2000
136
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Sizing Guidelines
vWAAS - Platform Performance (5.0)
vW
AA
S-2
00
vW
AA
S-7
50
vW
AA
S-6
000
vW
AA
S-1
2000
vW
AA
S-5
0000
vC
M-1
00N
vC
M-2
000N
Number of vCPU 1 2 4 4 8 2 4
Virtaul Memory (GB) 2 4 8 12 48 2 8
Virtual Disk Datastore (GB) 160 250 500 750 1500 250 600
Target WAN Bandwidth (Mbps) 10 50 200 310 1000
Optimized TCP Connections 200 750 6000 12000 50000
Optimized LAN Throughput (Mbps) 100 250 500 1000 2000
Peer Fan-out 50 300 1400 2800
DRE Disk Capacity 50 95 320 450 1000
CIFS Disk Capacity 75 95 95 175 175
Max LAN Video Streams 40 150 1000 1000 2000
CM Managed Devices 100 2000
137
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Sizing Guidelines
WAAS Express – Platform Performance (2.0)
Required
DRAM
Maximum
WAN
Bandwidth
Maximum
LAN
Bandwidth
Recommended
Number of
Users
Max TCP
Connections DRE Capacity
88x 768 M 1,5 Mpbs 3 Mbps 1-10 75 512 M
89x 768 M 2 Mbps 4 Mbps 1-10 75 512 M
1921 512 M 512 kbps 1 Mbps 1-5 50
1941 2,5 G 4 Mbps 8 Mbps 15-20 150 2
2901 2.5 G 6 Mbps 12 Mbps 15-20 150 2
2911 2.5 G 6 Mbps 12 Mbps 25 200 2
2921 2.5 G 6 Mbps 12 Mbps 25 200 2
2951 4 G 6 Mbps 12 Mbps 25 200 2
3925 4 G 10 Mbps 20 Mbps 50 500 3
3945 4 G 10 Mbps 20 Mbps 50 500 3
138
Closure
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Recommended Reading for BRKAPP-2005 For Your Reference
140
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
WAAS Home Page on cisco.com
• For more information on specific WAAS topics or to follow WAAS developments please
visit the WAAS Home Page at: www.cisco.com/go/waas
For Your Reference
141
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Closure
Guidelines to remember
• Remember...
‒ Use CM Configuration Groups
‒ Fix Line-rate and Duplex on Fast Ethernet ports
‒ Beware of Routing Loops with WCCP
‒ Beware of Asymmetric Routing with WCCP
‒ Monitor Router/Switch CPU load after implementing WCCP
‒ Follow recommended order of operations
‒ Use of Port-Fast where appropriate
‒ Usage of DNS and NTP is recommended
‒ For in-depth deployment and design help, contact your Cisco Sales team for Advanced
Services help!!!
‒ Ask for specific deployment presentations (send me an email)
(vWAAS, WAAS on SRE, WAAS NAM VB etc.)
• Please don’t forget to complete your online session evaluation...
142
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public
Call to Action
• Visit the Cisco Campus at the World of Solutions to experience Cisco innovations in action
• Get hands-on experience attending one of the Walk-in Labs
• Schedule face to face meeting with one of Cisco’s engineers
at the Meet the Engineer center
• Discuss your project’s challenges at the Technical Solutions Clinics
143
© 2013 Cisco and/or its affiliates. All rights reserved. BRKAPP-2005 Cisco Public 144
Recommended