Deploying WAASd2zmdbbm9feqrf.cloudfront.net/2011/anz/pdf/BRKAPP-2005.pdf · 2012-02-22 · – New...
Transcript of Deploying WAASd2zmdbbm9feqrf.cloudfront.net/2011/anz/pdf/BRKAPP-2005.pdf · 2012-02-22 · – New...
BRKAPP-2005
Deploying WAAS
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 2
Agenda
WAAS Overview
WAAS Installation and Configuration
Deployment into the Network
WAAS Application Optimiser (AO) Deployments
WAAS Sizing Guidelines
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 3
Case StudyPhoning Home
Extensive Preamble
Chatty
Bandwidth Intensive
Predominantly Unidirectional
Repetitive Sequences
6x Optimised
Minimal Overhead
Compressed and Accelerated
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 4
WAAS Overview
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 5
New Applications, Services
Rich Media, Video
Any-any collaboration
Virtual Desktops
Customers
/ PartnersHome Office/
Coffee Shop
Guest Users
Branch Office
xAAS - Cloud
Primary Data CentreCampus
Secondary Data Centre
Branch Office
Datacenter Transformation
Virtualization
Private/Public Clouds
Software-as-a-Service
Remote Access Evolution
Increased mobile users
„Low-footprint‟ branches
Partner access
New IT and WAN
Optimization
Requirements
WAAS OverviewDrivers and Trends
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 6
WAAS OverviewApplication Delivery Challenges
LAN Connectivity
–High bandwidth
–Low latency
–Reliability
WAN Connectivity
–Already congested
–Low bandwidth
–Latency
–Packet Loss
ServerLAN
Switch
Client
Round Trip Time ~ 0ms
LAN
Switch ServerLAN
switchClient WAN
Round Trip Time ~ Many milliseconds
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 7
WAAS OverviewCisco WAAS: WAN optimisation solution
International
Mobile User
WAAS Mobile
Software
Over VPN
Domestic
Mobile User
Branch Office
WAAS
Service
Module WAN
Internet
Branch OfficeWAAS
Express
Branch Office
WAAS
Appliance
Regional Office
WAAS
Appliance
WAAS
Mobile
Server VPN
Data Center or
Private CloudWAAS
Appliances
VPN
VMware ESXivWAAS
Appliances
Server VMs
vWAAS
WAE
Server
VMs
VMware ESXi Server
Nexus 1000v vPATH
UCS /x86 Server
FC SAN
Nexus 1000v VSM
Virtual Private
CloudNew
New
New
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 8
Data Center & Campus
Large BranchMedium BranchSmall BranchTele Worker Larger Branch to
Small Data
Center
WAVE-474 WAVE-574 WAE-674
SM-SRE-700 SM-SRE-900
890 1941/2901 29xx 39xx
WAAS
Appliances WAVE-274
WAAS ISR
Modules
WAAS
Express
vWAAS
WAE-73x1
vWAAS-750 vWAAS-6000
WAAS
Mobile WAAS Mobile
WAAS OverviewWAAS Product Offering
vWAAS-12000
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 9
ApplicationOptimizer
(AO)
TFO
Network
Data Link
Physical
Client
Application
Presentation
Session
Transport
Network
Data Link
Physical
WAAS 2ApplicationOptimizer
(AO)
TFO
Network
Data Link
Physical
WAAS 1
Host
Application
Presentation
Session
Transport
Network
Data Link
PhysicalOrigin Optimized Origin
WAN
BRKAPP-2005
14633_05_2008_c1
WAAS OverviewSession and Transport Layer Optimisation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 10
ObjectStorage
IOS Platform with Services and CLI
Cisco Linux Kernel
Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery
FlashIOS Shell
Linux
ApplicationStorage
Virtual BladesKernel Virtual Machine
ConfigurationManagement
System(CMS)
CIFSAO
TCP Proxy with Scheduler Optimizer (SO)DRE, LZ, TFO
EPMAO
MAPIAO
HTTPAO
SSLAO
RTSPAO
WindowsOn
WAAS(WOW)
ACNSOn
WAASACNS
VB
VirtualBlade
# 3
NFSAO
DREStorage
Virtual BladeStorage
EthernetNetwork
I/O
WAAS OverviewArchitecture
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 11
Time (RTT)Slow Start Congestion Avoidance
cwnd
TCP
TFO
Cisco TFO Provides Significant Throughput Improvements over Standard TCP Implementations
WAAS OverviewTFO versus regular TCP in the WAN
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 12
WAAS OverviewAdvanced Compression
Synchronized
Compression
History
DRE
LZ LZ
DRE
Data Redundancy Elimination (DRE)
Persistent LZ compression
Benefits
• Application-agnostic compression
• Up to 100:1 compression
• Session-based compression
• Up to an additional 10:1 compression
even after DRE
WAN
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 13
WAAS OverviewApplication-Specific Acceleration
Remote OfficeData Center
• Object Cache Verification
• Security and Control
• WAN Optimization • Server Safely Offloaded
• Fewer Servers Needed
• Power/Cooling Savings• LAN-like Performance
• WAN Bandwidth Savings
WAN
Application and Protocol Awareness
–Minimize chatter -> Latency Mitigation
–Safe caching
–Scheduled File preposition
Intelligent Server Offload–Caching and optimizations
Application Optimisers (AO‟s)
–CIFS, NFS, MAPI, Video, HTTP, SSL, Windows Printing.......
Licensed developed and validated with application vendors
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 14
WAN
WAAS OverviewNetwork Transparency
Packets between each network are routed as normal. WAAS auto-discovery will find WAEs in path
WAAS Network Transparency (same L3/L4 headers) allows application acceleration components to maintain compliance with existing network features
–Quality of Service (QoS), NBAR
–NetFlow, monitoring, reporting
–Security functions (ACLs, firewall policies)
B/24
C/24
D/24
E/24
A/24
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 15
WAAS OverviewAuto-Discovery – Two WAE Configuration
In-band signaling with TCP option 0x21
WAE B closest to host (A) and WAE (C) closest to host (B)
Connection optimized between WAE (B) and (C)
WAE shifts optimized TCP SEQ number by 2 billion
If a WAE that was optimizing connections fails:
–Receiving host will see segments with SEQ/ACK numbers that are out of range
–Host will reset (RST) connection
–WAAS will propagate the RST
–Host application will re-establish a new TCP connection
A B C D
A:D SYN A:D SYN(OPT) A:D SYN(OPT)
D:A SYN/ACKD:A SYN/ACK(OPT)D:A SYN/ACK
Origin ConnectionOrigin ConnectionOptimizedConnection
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 16
WAAS OverviewAuto-Discovery – Cascade WAE Configuration
WAE (B) closest to host (A)
WAE (D) closest to host (E)
Intermediate WAE (C) sees TCP option in both directions and goes into Pass Through (PT)
WAE supports 10X optimized limit for Pass Through
A:E SYNA:E SYN(OPT) A:E SYN(OPT) A:E SYN(OPT)
E:A SYN/ACKE:A SYN/ACK(OPT)E:A SYN/ACK(OPT)
E:A SYN/ACK
A:E ACKA:E ACK(OPT)
A:E ACK(OPT) A:E ACK
Origin ConnectionOrigin Connection
OptimizedConnection
A B C D E
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 17
WAAS OverviewIntermediate Firewall Support Options
Tunnel through Firewall
–Not managed by WAAS
–Renders firewall useless for stateful L3/L4 packet filtering
Permit TCP options and disable sequence number checking on firewall
–Allowing WAAS TFO Autodiscovery
–Firewall implementing stateless L3/L4 filters
WAAS Directed Mode
–Permit TCP options and UDP 4050 tunnel
–Traffic optimized by WAAS using auto-discovery but then tunneled between WAE‟s
–Firewall rendered useless for L3, L4, or L5 packet filtering and stateful inspection
Cisco firewall with WAAS awareness–Traffic transparently optimized by WAAS using auto-discovery
–Cisco firewall preserves L3/L4 stateful inspection by permitting TCP options and statefully tracking TCP sequence number shift
A B D
Origin ConnectionOrigin Connection Optimized ConnectionNo Connection Layer Security
EC
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 18
WAAS DeploymentInstallation and Configuration
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 19
Basic Configuration
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 20
WAAS DeploymentDeployment Overview
1. Initial setup is done using IOS-like Console CLI
2. License configuration is required
3. Always bring up the Central Manager (CM) first
4. Next bring up Application Accelerators
– New WAAS devices will be auto-registered to WAAS CM and become a member of the AllDevicesGroup or any other pre-configured Group within WAAS
– When creating e.g. an AccelerationGroup make sure you apply the correct application policies (e.g. set default one) and auto-membership for this group is enabled
5. Configure traffic interception (inline, WCCP etc)
– Start traffic interception on Core or Central devices
– Next add intercept to Remote Devices
6. Further configuration should be done from within the CM
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 21
WAAS InstallationSetup Script
Prompted on boot of factory default box to run setup script or execute „setup‟
Script prompts for configuration to communicate, network integrate, manage, and license the WAE
Ideal for CM and pilots or small deployments
Proactive Diagnostics
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 22
wae(config)# interface PortChannel 1
wae(config-if)#no shut
wae(config-if)#ip address 10.1.1.31 255.255.255.0
wae(config)# interface gigabitEthernet 1/0
wae(config-if)#no shutdown
wae(config-if)#channel-group 1
wae(config-if)#exit
wae(config)#interface gigabitEthernet 2/0
wae(config-if)#no shutdown
wae(config-if)#channel-group 1
WAE Interface Channeling
Interfaces can be bundled into a PortChannel for load-balancing and high availability across switch modules
Requires identical interface configuration on both physical interfaces
IP addresses are defined on the PortChannel interface
DO NOT FORGET
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 23
Standby Network Interface Card (NIC)
Must be layer 2 path between two NICs
MAC only on in-use interface
Primary preempts
No primary floats
Gratuitous ARPs on failover
G 1/0 G 2/0
wae(config)#interface Standby 1
wae(config-if)#ip address 10.1.2.100 255.255.255.0
wae(config-if)#exit
wae(config)#interface GigabitEthernet 1/0
wae(config-if)#standby 1 primary
wae(config-if)#exit
wae(config)#interface GigabitEthernet 2/0
wae(config-if)#standby 1
wae(config-if)#exit
WAE(config)#primary-interface standby 1
wae#show interface standby 1
Interface Standby 1 (2 physical interface(s)):
GigabitEthernet 1/0 (active)
GigabitEthernet 2/0 (active) (primary) (in use)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 24
Deploying WAAS Central Manager(WAAS CM)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 25
Central Management System (CMS)
CMS process runs on all WAEs
Bidirectional configuration synchronization between CM and
accelerators
Communicates over HTTPS using self signed device specific
certificates and keys
Central Manager collects health and monitoring data to every five
minutes by default
CMS provides means to backup and restore configuration
Provides means to replace a failed device with a new device
Use “show cms info” to get CMS status
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 26
Deploying WAAS CMCM Configuration
Device located in Data Center
Setup script recommended
Non-default configuration
–Device mode
–Hostname
–Primary-interface
–IP configuration
–Date/time configuration
–Configuration Management System (CMS)
CMS must be enabled to access the web GUI
Reload required (role change)
Optionally use standby interface to dual-home to two switches
device mode central-manager
hostname dc1-cm1
license add Enterprise
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address 10.1.1.31 255.255.255.0
exit
ip default-gateway 10.1.1.254
ip name-server 10.1.1.21
clock timezone AEST 10 0
ntp server ntp.foo.com
cms enable
copy run start
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 27
Deploying WAAS CMWAAS CM Dashboard: https://cm-ipaddress:8443
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 28
Deploying WAAS CMGroup Configuration Best Practices
AllDevicesGroupDNSSNMPDate/Time > NTP Server | Time ZoneLogin Access Control > SSH | MoD | Exec TimeoutAuthenticationCommon criteriaSystem Log SettingsStorage > Disk Error Handling
CoreDevicesGroupSSL Acceleration
EdgeDevicesGroupTransaction logsPrepositioningDisk encryptionFlow Agent
AccelerationGroupApplication Policies
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 29
Deploying WAAS CMWAAS Monitoring
Dashboard Aggregate Statistics
Optimisation Summary
Connection Trending
Application Acceleration (HTTP, CIFS, NFS, MAPI, Video, SSL, Print)
System-wide, Device Specific and Grouped by Location
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 30
Deploying Physical WAE
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 31
Deploying WAAS AcceleratorsDevice Mode Accelerator (default setting)
Default configuration
–Hostname
–Primary-interface
–IP configuration
–CMS enable
No reload required
CMS required to register with CM
Hostname for CM recommended to ease CM moves
Use standby to dual-home WAE to two switches in a redundant environment (N+1 redundancy)
Use EtherChannel® to achieve higher throughput and redundancy
Auto-registration option enables CM discovery through DHCP
hostname br1-wae1
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address 10.1.100.101 255.255.255.0
! Optionally configure 100 Mb Full Duplex
exit
ip default-gateway 10.1.100.254
ip name-server 10.1.1.21
! Implement DNS for CM mobility
central-manager address cm.foo.com
cms enable
copy run start
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 32
Deploying WAAS AcceleratorsCM Manage Devices
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 33
Deploying WAAS AcceleratorsDevice Group Assignment
Newly configured WAAS device is automatically added to AllDeviceGroup
Add the new device to other (e.g. Edge or Core)groups where necessary
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 34
Deploying WAAS on SREService Ready Engine (SRE)
SRE 700 SM SRE 900 SM
Processor1.86 GHz Intel Core 2 Duo
(Single Core)
1.86 GHz Intel Core 2 Duo
(Dual Core)
Maximum
Memory2 GB 4 GB
Maximum
Storage500 GB SATA HDD
2 x 500 GB SATA HDDs w/ RAID
0/1
Ports
2 Internal GE ports
1 External GE port
1 External USB port
2 Internal GE ports
1 External GE port
1 External USB port
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 35
Deploying WAAS on SREDeployment Steps
Initial SRE Configuration
–Configure IP Connectivity between ISR and SRE
Initial WAAS Installation
–Load WAAS Software on SRE (when needed)
–WAAS on SRE: min version 4.2.1
–WAAS Version 4.3.1 recommended
Initial WAAS Configuration
–Standard WAAS configuration steps
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 36
Deploying WAAS on SREObtain WAAS Software
Download WAAS software from CCO
–CCO account is needed
Extract the ZIP file and install in FTP directory
–Make sure FTP Server is reachable from ISR!
–Directory should contain following 6 files:waas-accelerator-4.2.3.7-k9.bin
waas-accelerator-4.2.3.7-k9.bin.install.sre
waas-accelerator-4.2.3.7-k9.bin.install.sre.header
waas-accelerator-4.2.3.7-k9.bin.installer
waas-accelerator-4.2.3.7-k9.bin.key
waas-accelerator-4.2.3.7-k9.bin.srebootloader
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 37
Deploying WAAS on SREInitial SRE Configuration
SRE is recognized by IOS as “Interface SM<slot>/0”
Configure IP Addresses and Gateway
Router#show run interface SM1/0
interface SM1/0
no ip address
shutdown
service-module fail-open
Router#conf t
Router(config)#interface SM1/0
Router(config)#ip address 10.42.12.254 255.255.255.0
Router(config)#service-module ip address 10.42.12.1 255.255.255.0
Router(config)#service-module ip default-gateway 10.42.12.254
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 38
Deploying WAAS on SREWAAS SW Load with Router CLI Script
CLI Script: service-module sm1/0 install url
Use the full path to the bin image
Router# service-module sm 1/0 install url (continued on next line)
ftp://username:[email protected]/waas/SRE/waas-accelerator-4.2.3.7-k9.bin
Proceed with installation? [no]: yes
Loading SRE/waas-accelerator-4.2.3.7-k9.bin.install.sre !
[OK - 1722/4096 bytes]
Welcome to the WAAS installation checking resource requirements now
Resource check complete proceeding with installation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 39
Deploying WAAS on SREInitial Configuration using CLI
Session into SRE (is reverse telnet on line 2067)
Device comes up as Accelerator with Interface IP and Default Gateway already configured
Router#service-module sm 1/0 session
Trying 10.42.12.254, 2067 ... Open
NO-HOSTNAME#sho run
! waas-accelerator-k9 version 4.2.3 (build b7 Jul 29 2010)
!
device mode application-acceleratorinterface GigabitEthernet 1/0
ip address 10.42.12.1 255.255.255.0
exit
!
ip default-gateway 10.42.12.254
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 40
Deploying WAAS on SREInitial Configuration using CLI
Configure hostname, domain-name, dns, primary-interface and central-manager address before enabling CMS and do save the configuration (or use setup script...)
NO-HOSTNAME(config)#hostname SRE700
SRE700(config)#ip domain-name waas.bnelab.cisco.com
SRE700(config)#ip name-server 10.42.40.101
SRE700(config)#primary-interface gi 1/0
SRE700(config)#central-manager address cm.waas.bnelab.cisco.com
SRE700(config)#cms enable
Registering WAAS Application Engine...
Sending device registration request to Central Manager with address
10.42.40.1
Please wait, initializing CMS tables
Successfully initialized CMS tables
Registration complete.
Please preserve running configuration using 'copy running-config startup-
config'. Otherwise management service will not be started on reload and node
will be shown 'offline' in WAAS Central Manager UI.
management services enabled
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 41
Deploying WAAS on SRESave and Check CMS
Save the config and check if CMS is running
Next step would be configuring WCCP on SRE and ISR
SRE700(config)#exit
SRE700#wr mem
SRE700#sho cms info
Device registration information :
Device Id = 4206
Device registered as = WAAS Application Engine
Current WAAS Central Manager = 10.42.40.1
Registered with WAAS Central Manager = 10.42.40.1
CMS services information :
Service cms_ce is running
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 42
Deploying Virtual WAAS (vWAAS)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 43
Deploying vWAASCloud-Ready Optimisation
Benefits DifferentiatorsKey Requirements
On-demand orchestration of WAN
optimization
Increased availability with SAN
based storage
Lower OPEX for Cloud Migration
On demand deployment with elastic scalability
Minimal network configuration
VM mobility awareness
Multi-tenant deployment
Policy based provisioning with Cisco Nexus 1000V
Rapid creation of WAN Optimisation Service
Transparent deployment w/ WCCP
Mobile
Users
Cisco vWAAS Cisco vWAAS
Private CloudPublic Cloud
WAN
Internet
WAAS Mobile
Client
WAAS Mobile Server
BranchWAAS
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 44
WAN
UCS Compute/Virtualized Servers
Nexus 2K/5K
UCS Compute/Physical servers
Cat6K/N7K
Nexus 1000V /VN-LinkvPATH
ESX/ESXi with N1000v
UCS /x86 Server
WCCPUCS /x86 Server
vWAASvWAASvWAAS
VMWare ESX/ESXi
Deploying Virtual WAASInterception at Core or Access
Core Interception w/ WCCP
- Multiple vWAAS VMs can be clustered in same WCCP cluster.
- Both physical and virtual WAE can be part of same cluster
Access Interception w/ vPath
- Interception based on port-profile policy configured in Nexus 1000v
- Bidirectional Interception - (no IN/OUT configuration)
- Pass-through traffic automatic bypass
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 45
vWAAS is provided as a Virtual Appliance in OVF File
–Prepackaged with disk, memory, CPU, NIC‟s and other VMWare related configuration
–vWAAS-750, 6000, 12000
–vCM-100N, 2000N
VMware ESX/ESXi 4.0+ hypervisor
VMware vCenter server & vSphere client 4.x
Cisco UCS or other x86 Server
-Server hardware should 64 bit CPU & be on the VMware Compatibility List (HCL)
- Ensure Intel VT is enabled in the host‟s BIOS
Nexus 1000v version 4.2(1)SV1(4) (for vPATH Interception)
Deploying Virtual WAASInstallation Prerequisites
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 46
Deploying Virtual WAASInstallation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 47
Deploying Virtual WAASInstallation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 48
Deploying Virtual WAASInstallation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 49
Deploying Virtual WAASVmware vSphere – Summary Display
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 50
Deploying Virtual WAASvWAAS Configuration steps
Configuration is the same as for a normalWAAS Device
Connect to the Console through vCenter
Use of Setup Wizard is recommended
Some differences you will notice
–Interface “virtual 1/0”
–Interception “other” (for vPATH)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 51
Deploying WAAS Express
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 52
Deploying WAAS ExpressIntroduction
An IOS-based WAN optimisation solution for the ISR G2 Platform
–Integrates WAN Optimisation functionality natively into Cisco IOS via a feature license.
–Interoperable with existing Cisco WAE appliance / module product range
–Managed by WAAS Central Manager
–Supported on ISR-G2 platforms.
–Increase available bandwidth to small/medium branch sites
WAN
Data Center
WAAS Appliances WAAS CM
WAAS ExpressBranch Office
ISR G2
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 53
Deploying WAAS ExpressRequirements
Maximum router memory is required
Minimum IOS version 15.1(2)T
WAAS Express is configured on the WAN interface
No intercept configuration like WCCP is necessary
WAAS Express uses CPL for configuration
–- Configuration via global policy-map and parameter-map
–- Default built-in policy is applied to running-config
–- Default Policy is the same as Cisco WAAS default policy(Except for non-supported features e.g. AO)
Natively interoperates with Cisco IOS® features
- Standard IP Routing - QoS - IOS Firewall
- IP ACL - Crypto VPN Technology - NAT
- Flexible Netflow
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 54
Deploying WAAS ExpressConfiguration
Simple one command configuration
End User License Agreement is displayed for Trial licenses the first time WAAS Express is enabled
Router should be configured to as HTTP secure-server
Branch Office
WAAS
Express
ISR-G2
WAN
router (config-if)# waas enable
Router#configure terminal
Router(config)#interface <wan-interface-name>
Router(config-if)#waas enable
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 55
Deploying WAAS ExpressDefault Configuration (Snippet)
parameter-map type waas waas_global
tfo optimize full
tfo auto-discovery blacklist enable
lz entropy-check
!
class-map type waas match-any CIFS
match tcp destination port 139
match tcp destination port 445
class-map type waas match-any FTP-Control
match tcp destination port 21
class-map type waas match-any FTP-Data
match tcp source port 20
…
class-map type waas match-any waas-default
match tcp any
!
policy-map type waas waas_global
class CIFS
optimize tfo dre lz application WAFS
class FTP-Control
passthrough application File-Transfer
class FTP-Data
optimize tfo dre lz application File-Transfer
.... class waas-default
optimize tfo dre lz application waas-default
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 56
Deploying WAAS AO‟s
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 57
Deploying WAAS AO’sConfiguring Licenses
License managed at device level
License name is case sensitive
Transport includes DRE/LZ/TFO
Enterprise includes NFS, HTTP, SSL, CIFS, MAPI, Print (and DRE/TFO/LZ)
Video requires Enterprise
Virtual Blade requires Enterprise
CM requires Enterprise
CLI commands–show license
–license add <license-name>
–clear license
–clear license <license-name>
#show license
License Name Status Activation Date Activated By
-------------- ----------- --------------- --------------
Transport not active
Enterprise active 03/20/2008 admin
Video not active
Virtual-Blade not active
#license add Video
#show license
License Name Status Activation Date Activated By
-------------- ----------- --------------- --------------
Transport not active
Enterprise active 03/20/2008 admin
Video active 04/01/2008 admin
Virtual-Blade not active
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 58
Deploying WAAS AO’sConfiguration
1. Go To AllDevicesGroup2. Globally enable WAAS
Accelerators3. Enable Blacklist if firewalls
upstream from core drop SYN packets with options else disable
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 59
WAN
Core WAE acts as a Trusted Intermediary Node for SSL requests by client
Private Key and Server Certificate are stored on the Core WAE device
Core WAE participates in SSL Handshake to derive “session key”
Distributes the “session key” securely in-band to the Edge WAE over the established connection between the Edge WAE and Core WAE
Send “session key”
SSL Session Core WAE to Server
- Core WAE: Server Private KeySSL Session Client to Core WAE (WAAS)
Edge WAE Core WAE
Transparent
Secure Channel
Original Data - Encrypted Optimized & Encrypted Original Data - Encrypted
SSL HandshakeSSL HandshakeClient Server
Deploying WAAS AO’sSSL Optimisation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 60
Advanced HTTP Parser
Cache HTTP Meta Data
Mitigate
Latency
Local HTTP Freshness Response
Local HTTP Redirect
Response
Local HTTP Auth-needed
Response
Send DRE Hints
Mitigate Latency
DREFlush
Stream
Improve
Performance
DRE Skip Bytes
DRESkip LZ
Modify Compression
Directive
Improve Perf.
Offload Server
Disables Server Com-
pression
Deploying WAAS AO’sHTTP Optimisation with SSL
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 61
Deploying WAAS AO’sHTTP/HTTPS AO Configuration
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 62
Deploying WAAS AO’sCentral Manager Secure Store for SSL CM‟s secure store keeps all imported host
and accelerated SSL certificates and private keys
Certificates and private keys encrypted with user pass-phrase:
–When secure store is being initialized first time (initialization)
–After CM device reloads to open secure store (opening)
CM secure store must be open to synchronize configuration between SSL capable CM and WAEs
Upon reboot, if CM detects the secure store is initialized but not open a critical alarm is raised
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 63
Deployment into the Network
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 64
WAAS Inline Deployment
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 65
WAAS Inline DeploymentSimple Transparent Inline Deployment
Simple Plug-and-Play Deployment
–Physical in-path deployment between switch and router
–Mechanical fail-to-wire upon hardware, software, or power failure
High Availability
–Two 2-port fail-to-wire groups with support for redundant network paths and asymmetric routing
–Serial in-path clustering with fail-over
Seamless Transparent Integration
–Transparency and automatic discovery
–802.1q VLAN trunking support
–Supported on all WAE appliance models
Remote
Office
WAN
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 66
WAAS Inline DeploymentNon-Redundant Branch
Router
–Crossover cable from router to engine
–Fix speed and duplex settings for Fast Ethernet connections
–Ensure the router and switch have matching speed and duplex
Switch
–Straight through cable from engine to switch
–Ensure the router and switch have matching speed and duplex
–Implement portfast for faster recovery
Engine
–One Inline NIC per WAE appliance (cannot be used with WCCP)
–Installed in-path between switch and router or firewall
–Use single pair of inline ports (1/0 or 1/1) removing RJ45 port covers
–Ports fail-to-wire upon hardware, software, or power failure
–Support for interception 802.1q trunks
–Use Gi1/0 primary interface
s1 e1 r1
1/0/LAN 1/0/WAN
1/0/WAN
1/0/LAN
1/1/WAN
1/1/LANWAN
g1/0
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 67
WAAS Inline DeploymentSerial Inline Cluster
Support for 2 Inline Cards per WAE
– Up to 4 inline groups (8 ports)
– WAE-674, WAE-7341, WAE-7371
Simplified HA deployment model
HA supported by other WAE
NEW Interception Access List
– Bypass for non-relevant traffic
Small and medium data centers
Data
Center
Branc
h
Inline
WAE
(Up to 2)
Dual
WAN LinksWAN2WAN1
Inline
Serial
Cluster
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 68
WAN
WAN
WAN
WAN
WAE-DC1WAN
WAE-DC2
WAN
WAAS Inline DeploymentRedundant Branch Topology
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 69
WAE-DC1WAN
WAE-DC2
WAN
WAN
WAN
WAN
WAN
WAAS Inline DeploymentData Centre Topology
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 70
WAAS Inline DeploymentSerial Inline Cluster Best Practices
Deploy the same platform for both devices in cluster
Apply the same bidirectional policy/interception ACL on both devices
Disable optimization between serial cluster devices
Use CM to configure and manage the Serial Inline Cluster
–Automatic peer configuration
–Verify peer optimization settings are mutually configured
–Location based reporting
Second WAE in serial inline cluster is for High Availability only.Not supported for scaling (use WCCP instead)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 71
WAAS WCCP Deployment
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 72
WAAS OverviewNetwork-Integrated Off-path Interception
WCCPv2 Interception
–Transparent network integration and automatic discovery
–Active/active clustering supports up to 32 WAEs and 32 routers with automatic load-balancing, load redistribution, fail-over, and fail-through operation
–Near-linear scalability and performance improvement when adding devices
Policy-Based Routing Interception
–Routing of flows to be optimized through a Cisco WAE as a next-hop router
–Active/passive clustering provides high availability and failover using IP SLA as a tracking mechanism
WAN
WAE
Cluster
Remote
Office
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 73
Intercept – Identify packets for WCCP processing (in or out)
Assign – Select the WAE
Redirect – Router sends the packet to the WAE
Return – WAE sends the packet back to the router
Egress – WAE may ignore WCCP negotiated return by using another return method like IP forwarding (routing) or generic GRE
C1
S1
E1
R1InterceptAssign
Redirect
Return/Egress
WAAS WCCP DeploymentWCCP Functions
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 74
ip access-list extended waas
remark WAAS WCCP Redirect List
deny tcp any any eq telnet
deny tcp any any eq 22
deny tcp any any eq 161
deny tcp any any eq 162
deny tcp any any eq 123
deny tcp any any eq bgp
deny tcp any any eq tacacs
deny tcp any any eq 2000
! Reverse Direction
deny tcp any eq telnet any
deny tcp any eq 22 any
deny tcp any eq 161 any
deny tcp any eq 162 any
deny tcp any eq 123 any
deny tcp any eq bgp any
deny tcp any eq tacacs any
deny tcp any eq 2000 any
!
! Below optional per branch in pilot
permit tcp any <<branch subnet>>
permit tcp <<branch subnet>> any
deny tcp any any
WAAS WCCP DeploymentRedirect List Permit all applications
but deny specific protocols
–Avoid redirection of management traffic with a universal ACL
–Apply bidirectional ACL to service groups 61 and 62
–Create the redirect ACL before enabling WCCP service groups 61 and 62
–Do not enable logging on WCCP redirect ACL (performance)
Optionally permit specific IP subnets during PoC
Avoid TCAM overflow on 6500
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 75
WAAS WCCP DeploymentAssignment Assignment (engine selection)
–Hash - Byte level XOR computation divided into 256 buckets (default)
–Mask - Bit level AND divided up to 128 buckets (7 bits)
Branch
–DHCP allocated addressing
–Balance hosts to multiple engines 0x1 to 0x7F (or similar)
–Balancing to a single engine (mask selection is irrelevant)
Retail Data Center
–Site /24 allocation per site
–Balance sites or engines with 0x100 to 0x7F00 (or similar)
Enterprise Data Center
–Regional/16 allocation
–Balance regions with 0x10000 to 0x7F00000xF = 0000:0000.0000:0000.0000:0000.0000:1111
0xF00 = 0000:0000.0000:0000.0000:1111.0000:00000xF0000 = 0000:0000.0000:1111.0000:0000.0000:0000
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 76
WAAS WCCP DeploymentRedirect, Return and Egress Method
Configured on WAE
Dependant on design and router hardware/software
Router WCCP Redirect (Router to WAE)
–GRE - Entire packet GRE tunneled to the engine (default)
–Layer 2 - Frame MAC address rewritten to engine MAC
WAE WCCP Return (WAE to Router)
–WCCP GRE - Packet statefully returned router (as of 4.0.13)
–WCCP Layer 2 - Frame statefully rewritten to router MAC
WAE Egress Method (WAE to Router)
–IP Forward - Engine ARPs for default gateway (default)
–WCCP negotiated - WCCP GRE or WCCP L2 return (L2 not yet supported in WAAS)
–Generic GRE - Stateful return in hardware to Catalyst 6500 Sup720/32 (as of WAAS 4.1)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 77
WAAS WCCP DeploymentPlatform Recommendations
Function Nexus 7000 Software
ISR & 7200
ASR 1000 Cat 6500 Sup720/32
7600
Cat 6500
Sup2 Cat 4500 Cat 3750
Assign Mask Only Hash or Mask Mask Only Mask Mask Mask only Mask only
Redirect L2 GRE or L2 GRE or L2 GRE or L2 L2 or GRE / L2 L2 only L2 only
Redirect List L3/L4 ACL Extended ACL Extended ACL Extended ACL Extended ACL No ACLSupport
Extended ACL (no deny)
Direction In or Out In or Out In only In In In only In only
Return L2 only GRE or L2 GRE or L2 L2 L2 L2 only L2 only
VRFs Supported Supported Planned Planned NA NA NA
IOS 4.2(6), 5.0(3) 12.1(14); 12.2(26); 12.3(13); 12.4(10); 12.1(3)T; 12.2(14)T; 12.3(14)T5; 12.4(15)T8;
ISR G2:15.0(1)M
2.4(2) 6500
12.2(18)SXF14
12.2(33)SXH4
12.2(33)SXI2a
7600
12.2(18)SXD1
12.1(27)E; 12.2(18)SXF14
12.2(50)SG1 12.2(46)SE
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 78
WAAS WCCP DeploymentWAAS Configuration
wccp router-list 1 192.168.254.2
wccp tcp-promiscuous router-list-num 1
egress-method negotiated-return intercept-method wccp
wccp version 2
Turn on WCCP
after configuration
Prevent Loop!
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 79
WAAS WCCP DeploymentRouter Configuration Router Global Configuration
Router Interface Configuration
Router(config)# ip cef
Router(config)# ip wccp 61 <optional-redirect-list acl-name>
Router(config)# ip wccp 62 <optional-redirect-list acl-name>
Router(config)# ip wccp version 2
Router(config-if)# ip wccp 61 redirect <in|out>
Router(config-if)# ip wccp 62 redirect <in|out>
Router(config-if)# ip wccp redirect exclude in
Determined by
topology
A
B
A BC
Src Balance 61 62 Dst Balance
e1 e2
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 80
dc1-rtr1#show ip wccp
Global WCCP information:
Router information:
Router Identifier: 10.1.3.254
Protocol Version: 2.0
Service Identifier: 61
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 1954820
Process: 474
Fast: 0
CEF: 1954346
Redirect access-list: -none-
............................................
Service Identifier: 62
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 581196
Process: 107
Fast: 0
CEF: 581089
Redirect access-list: -none-
............................................
dc1-wae1#show wccp routers
Router Information for Service: TCP Promiscuous 61
Routers Configured and Seeing this Engine(1)
Router Id Sent To Recv ID
10.1.3.254 10.1.2.254 0001CD80
Routers not Seeing this File Engine
-NONE-
Routers Notified of but not Configured
-NONE-
Router Information for Service: TCP Promiscuous 62
Routers Configured and Seeing this Engine(1)
Router Id Sent To Recv ID
10.1.3.254 10.1.2.254 0001CD7C
Routers not Seeing this File Engine
-NONE-
Routers Notified of but not Configured
-NONE-
dc1-wae1#show wccp gre
Transparent GRE packets received: 105587
Transparent non-GRE packets received: 0
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted: 100152
Packets sent back to router: 0
GRE packets sent to router (not bypass): 52222
Packets sent to another WAE: 0
Packets received with client IP addresses: 100152
WAAS WCCP DeploymentVerifying Operation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 81
WAAS WCCP DeploymentBranch Options
Router
ip wccp 61
ip wccp 62
interface g0
ip wccp 61 redirect in
interface s0
ip wccp 62 redirect in
WAE
wccp router-list 1 10.1.1.254
wccp tcp-promiscuous router-list-num 1
egress-method negotiated-return intercept-method wccp
wccp version 2
WANh1
h2
A/24
62g0 s0
61h1
h2
A/24
61g0 s0
Router
ip wccp 61
ip wccp 62
interface g0
ip wccp 61 redirect in
interface s0
ip wccp 62 redirect in
WAE
wccp router-list 1 10.1.1.254
wccp tcp promiscuous router-list 1 l2-redirect mask-assign
wccp tcp-promiscuous mask src-ip-mask 0xF
wccp version 2
62SiSiSiSiSiSi
WAN
SRE-700
sm1/0
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 82
WAAS WCCP DeploymentShared WAE’s within Distribution Layer WAE with Interface Standby (N+1 Redundancy)
–Registration – r1/r2 interface IP
–Assignment – Mask
–Redirect – WCCP GRE
–Return/Egress - IP Forwarding, generic GRE (6500), or WCCP GRE (ASR)
–Network
•Engines on shared subnet between r1 and r2
•Interface VLAN inter-core link with no WCCP
WAE with Single Interface or EtherChannel
–Registration – Loopback IP
–Assignment – Mask
–Redirect – WCCP GRE
–Return/Egress - IP forward or generic GRE
–Network
•Engines on dedicated subnets(no interface standby)
•Routed interface link (r1-r2) with no WCCP
r1 r2
WAN
e2 e3 e4e1
WCCP Registration
SiSiSiSiSiSi SiSiSiSiSiSi
r1 r2
WAN
e1
e2
e3
e4SiSiSiSiSiSi SiSiSiSiSiSi
61 61
62\ 62
61 61
62 62
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 83
Local WAE Redirect and Return
–Registration –r1/r2 interface IP
–Software platform (7200/ISR)
•Assignment – Hash
•Redirect - WCCP GRE
•Return/Egress – WCCP GRE or IP forward
–Hardware Plaftorm (6500/PFC3 or ASR)
•Assignment – Mask
•Redirect – WCCP GRE
•Return/Egress – Generic GRE (6500), WCCP GRE (ASR), or IP forward return
Remote WAE GRE Redirect and Return
–Registration – Remote r1/r2 loopback IP
–Assignment – Hash (7200/ISR) or mask (6500/ASR)
–Redirect - WCCP GRE
–Return/Egress - WCCP GRE (ASR/7200/ISR) or Generic GRE (6500)
r1 r2
WAN
SiSiSiSiSiSi SiSiSiSiSiSi
r1 r2
WAN
SiSiSiSiSiSi SiSiSiSiSiSi
WCCP Registration
e1 e2
e1 e2
62 62
61 61
61 61
62 62
WAAS WCCP DeploymentShared WAE’s at WAN Edge
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 84
Dual Data CentreAsymmetric Routing Condition
Condition
–Branch route summarization
–Connections sent to DC-A when application resides in DC-B
–SYN and SYN/ACK not seen by same WAE
Solutions
–Advertise summary route for each data center to eliminate asymmetric routing
–WAE in server farm distribution with WCCP or ACE
–WAE cross registers with WAN edge or distribution routers in both data centers DC-A DC-B
0.0.0.0
SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 85
Dual Data CentreAsymmetric Routing Solutions
WAE in server farm
Distribution with WCCP or vPath
WAE cross registers with WAN edge or distribution routers in both data centers
SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi
61
61 61
62
62
62
62
62 62
61 61
61
62 62
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 86
WAAS WCCP DeploymentConfiguration Best Practices Registration
–Do NOT use a virtual gateway address (HSRP, VRRP, GLBP)
–Use interface IP address if L2 adjacent to WCCP router
–Use highest loopback address if not L2 adjacent to WCCP router
–Do not configure large MTU (>1500 bytes) on WCCP client interfaces
Software Platforms
–GRE Forwarding (Default)
–Hash Assignment (Default)
–Inbound Interception
–"ip wccp redirect exclude in" on WCCP client interface (outbound interception only)
–WAAS Egress Method: IP Forwarding
Hardware Platform
–L2 Forwarding
–Mask Assignment [ Since 4.2.1 the default mask is changed to 0xF00 from 0x1741 ]
–Inbound Interception
–Do not use "ip wccp redirect exclude in”
–WAAS Egress Method: IP Forwarding, Generic GRE (Cat6k PFC-based systems only)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 87
WAAS vPath Deployment
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 88
vWAAS vPath DeploymentIntroduction to vPath
VM VM
vWAASWeb-
Server 1App
Server
VMware ESXi Server
Nexus 1000V vPath
VM VM VM
Web-Server 1
Web-Server 2
AppServer
VMware ESXi Server
Nexus 1000V vPath
NEW
vWAAS Optimized VM Non Optimized VM
vWAAS
Add New Web-
Server Virtual
Machine (VM)
Cisco UCS x86 Server Cisco UCS x86 Server
Intelligence build into Virtual Ethernet Module (VEM) of N1000V
vPath has following main functions:
Intelligent Traffic interception for vWAAS
Offload the processing of Pass-through traffic from vWAAS
ARP based health check
Maintain Flow entry table
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 89
Nexus 1000v VSM
Network Admin view
vPATH interception
vSphere client
Server Admin view
Attach Opt-port-profile
to server VMs
Port-Profile Port-group
vWAAS vPath DeploymentPort-Profile Configuration
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 90
WAAS Sizing Guidelines
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 91
WAAS Sizing GuidelinesPlatform Performance (4.3)
Capacity SRE700SRE90
0WAVE-274
WAE-474
WAE-574-3GB
WAE-574-6GB
WAE-674-4GB
WAE-674-8GB
WAE-674-
8GB+VBWAE-7341 WAE-7371
WAN Bandwidth (Mbps) 20 50 2 4 8 20 45 90 90 310 1000
Optimized TCP Connections 500 400 200 400 750 1300 2000 6000 400012000
9000/3000*
50000
12000/28000*
Optimized Throughput (Mbps) 150 250 90 90 100 150 250 350 350 800 1500
Total Disk Capacity (GB) 500 500 250 250 500 500 600 600 600 900 1500
DRE Disk Capacity (GB) 120 120 40 60 80 120 120 320 150 500 1000
CIFS Disk Capacity (GB) 120 120 120 120 120 120 120 120 120 230 230
Maximum LAN Video Streams 200 200 40 80 150 300 400 1000 600 1000 1000
Virtual Blades Supported 2 2 2 6 2 6
Total Virtual Blade Disk Capacity
30 30 60 175 120 200
Core Fan Out 35 70 100 200 200 1400 2800
CM Managed Devices 125 250 500 1000 1500 1500 2000
* SSL connections / TCP connections
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 92
WAAS Sizing GuidelinesWAAS Express Recommendations
PlatformTotal DRAM
Required
Maximum WAN
bandwidth Supported
Recommended
Number of UsersMax TCP Connections
89x 768 M 2 Mbps 1-10 75
1941 2.5 G 4 Mbps 15-20 150
2901 2.5 G 6 Mbps 15-20 150
2911 2.5 G 6 Mbps 25 200
2921 2.5 G 6 Mbps 25 200
2951 4 G 6 Mbps 25 200
3925 4 G 10 Mbps 50 500
3945 4 G 10 Mbps 50 500
WAAS Express requires maximum DRAM installed as indicated
Typical Interfaces – 3G, T1, E1, Multi T1s, Multi E1s, and Serial
Performance Testing Conducted with IOS FW, VPN (IPsec), NAT, and, QoS
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 93
Medium-DCSmall-DCBRANCH750(Opt.TCP Connection)
Virtual Cores : 2
Memory : 4 GB
Hard Disk: 250 GB
Modeled after 574
6000(Opt.TCP Connection)
Virtual Cores: 4
Memory : 8 GB
Hard Disk: 500 GB
Modeled after 674
12000(Opt.TCP Connection)
Virtual Cores: 4
Memory : 12 GB
Hard Disk: 750 GB
Modeled after 7341
vCM-Small
100(Max Devices)
Virtual Cores : 2
Memory : 2 GB
Hard Disk: 250 GB
Modeled after 274
vCM-Large
2000(Max Devices)
Virtual Cores: 4
Memory : 8 GB
Hard Disk: 600 GB
Modeled after 674
WAAS Sizing GuidelinesvWAAS
Branch/Sm
all DCMedium DC Large DC
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 94
Closure
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 95
ClosureRemember Guidelines
Remember...
–Use CM Configuration Groups
–Monitor Router/Switch CPU load after implementing WCCP
–Beware of Routing Loops with WCCP
–Follow recommended order of operations
–Fix Line-rate and Duplex on Fast Ethernet networks
–Use of Port-Fast where appropriate
–Usage of DNS and NTP is recommended
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 96
Complete Your Online Session Evaluation
Complete your session evaluation:
Directly from your mobile device by visiting www.ciscoliveaustralia.com/mobile and login by entering your badge ID (located on the front of your badge)
Visit one of the Cisco Live internet stations located throughout the venue
Open a browser on your own computer to access the Cisco Live onsite portal
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 98
Backup Slides
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 99
WAAS Mobile
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 100
Purpose Built for the Windows PC/Laptop
Designed for Mobile & Remote Users
Optimized for Diverse Challenged Networks
Complements WAAS Appliance as Complete Acceleration Solution
Industry-leading Performance Highest performance over mobile and SOHO networks
Scalable, Fault Resilient, Manageable, Interoperable
Lowest TCO
Best reliability, stability and troubleshooting tools reduce cost of support
Centralized policy based management reduces deployment and support cost
Integration with software distribution tools reduces deployment costs
3. Why It‟s Better
Web, File &
App ServersWAAS
Mobile Server
1. Client/Server Architecture 2. What It Does• Accelerates Application
Performance over ChallengedMobile or Remote Connections
• Installs on Windows Desktop
WAN
WAAS
Mobile Client
WAAS OverviewWAAS Mobile
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 101
WAAS MobileArchitecture
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 102
Application
WAAS Mobile
Acceleration Feature
Supported Windows
Client Platforms
ApplicationProtocol
Optimization
TransportOptimization
Delta CompressionPersistent Sessions
SignedSMB
Window 7 (64/32-bit)
Vista (64/32-bit)
XP
Web Browsing(HTTP)
Secure Web Browsing (HTTPS)
Windows File Shares (CIFS/SMB)
Outlook/Exchange(MAPI)
E-mail(POP3/SMTP)
File Transfer(FTP)
Other Applications
WAAS MobileAcceleration Matrix
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 103
Intranet
Remote
Access
VPN
Application
Servers
Data Center 1
Application
Servers
Data Center 2
Cisco WAAS
Mobile Client
WAAS Mobile
Server
WAAS Mobile
Server
Mobile users connect
through VPN to multiple
WAAS Mobile Servers
Small Office
Cisco WAAS
Mobile Clients
Workers in small offices
may connect to multiple
WAAS Mobile Servers
Simultaneously accelerate traffic to applications hosted in multiple data centers
WAAS MobileNetwork Setup
Internet
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 104104104
WAAS Mobile Client proxies all accelerated TCP traffic and sends it via UDP port 1182 to the WAAS Mobile Server
Accelerated
ApplicationsCIFS SMB
Other
Applications
Intercept/Redirect (TDI driver)
Acceleration Process
Intercept/Redirect (TDI driver)
Acceleration Process
TCP TCPData
UDP 1182
TCP
WAAS Mobile Client
WAAS Mobile Server
TCPControl
TCP 1182
WAAS MobileClient – Server Data Flow
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 105105105
Cisco WAAS Mobile Scalability
Scale up to handle maximum throughput of any data center
• Up to 10,000 concurrent users per Cisco WAAS Mobile server
• Multiple Cisco WAAS Mobile Servers can be aggregated into Cisco WAAS Mobile server farms for load balanced, redundant capacity
Scale out to handle multiple data centers
• Cisco WAAS Mobile server farms hosted at multiple data centers provide acceleration for any worker to any application
Scalable Cisco WAAS Mobile Manager data flow
• Manager communicates with Cisco WAAS Mobile worker servers
• Worker servers communicate with Cisco WAAS Mobile clients
• A single Cisco WAAS Mobile Manager can manage hundreds of servers and hundreds of thousands of clients
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 106106106
WAAS Mobile ManagementCentral WAAS Mobile Manager
Highly scalable
• Manage hundreds of Cisco WAAS Mobile servers or just a single server
• Manage hundreds of thousands of end users from a single user interface
Total system visibility
• View performance at system level, or drill down to a server farm, a single
server, a group of end users, or a single user
Consolidated end-user management and monitoring
• Visibility into the performance and status of accelerated traffic by application
and path for any end user from the Cisco WAAS Mobile Manager
Highly available
• Central manager not required to be operational for acceleration services to be
operational.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 107107107
Cisco WAAS Mobile Management: Manage All Clients Centrally
View all clients from the central console and filter to find the user or set of users of interest
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 108108108
Enterprise Deployment ConsiderationsHigh Availability
To provide high availability and capacity within a data center
• Multiple Cisco WAAS Mobile servers in a data center may be configured to be
members of a Cisco WAAS Mobile server farm
• Traffic load is automatically balanced across the servers in a server farm
– Initial access is random
– On subsequent access, client attempts to connect to previous server. If unable, tries
another server in the same farm
To provide high availability in the event of a data center outage
• Cisco WAAS Mobile server farms may be located at backup data centers
• When clients are unable to connect to the primary server farm, they will
automatically attempt to connect to backup server farms
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 109109109
Enterprise Deployment Considerations Manageability
Software installation
• Client profiles are packaged as executable .msi files
Software upgrades
• Automatic upgrade and downgrade
Configuration updates
• Automatic updates
Policy‐based management
• Separate configuration profiles for different user groups
• Optional Active Directory group policies
Central monitoring console
• Graphical displays of acceleration and traffic breakdown
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 110110110
Enterprise Deployment ConsiderationsArchitecture Scalability Highly scalable storage system
• Each file or data sequence is only stored once
• Single instance of a file or data sequence is shared with all users
Highly efficient memory utilization
• Uses only 2 MB of server RAM for each simultaneous active download
• 1000:1 disk to RAM ratio for search index supports deep histories
Scalable CPU utilization
• Multi‐threaded architecture makes efficient use of multi‐core CPUs
Optimized disk utilization
• Employs a dynamic disk seek algorithm that optimizes throughput under high load by
dynamically trading off acceleration gain vs disk activity to mitigate thrashing
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 111111111
Cisco WAAS Mobile Server Configurations
Cisco WAAS Mobile is deployable on bare metal server or as virtual machine
For 5-10 user evaluations:
See Appendix A of the Cisco WAAS Mobile Administration Guide for production server sizing and operating system guidelines
Minimum Configuration
CPU 1.8 GHz dual core
System Memory (RAM) 2 GB
Disk Space Available for Delta Cache 5 GB
Operating System Windows Server 2003, 2003 R2, 2008, or 2008 R2
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 112112112
Cisco WAAS Mobile and UCSIndustry‟s Most Scalable Mobile Acceleration
10,000 Concurrent Cisco WAAS Mobile Clients
Concurrent licensing supports 30,000 –40,000 end users
Unparalleled Throughput
600 Mbps LAN-side 200 Mbps WAN-side
100,000 TCP connections
Flexible Multi-Service Platform
Co-host Cisco WAAS Mobile with other applications
Cisco WAAS MobileVirtual Appliance
Evolve from hundreds to thousands of concurrent users
Cisco WAAS MobileClients
Cisco WAAS MobileServer
Cisco UCS C-200M1
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 113
Cisco WAAS Mobile Client Configurations
Supported Recommended
Minimum
CPU 750 MHz 1.5 GHz
System Memory (RAM) 512 MB 1 GB
Disk Space Available for Cache
80 MB 1 GB
Operating System Windows XP, prior to SP2
Windows XP SP2, Vista, or Windows 7
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 114
Deploying WAAS Replication-Accelerators
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 115
InstallationDevice Mode Replication-Accelerator
Only available on the WAE-7341 and WAE-7371 platforms
Requires WAAS 4.0.19
Accelerator optimized fora small number of high-throughput TCP connections
Certified for EMC SRDF/A and NetApp SnapMirror
Only negotiates optimized connections with other WAEs using the same device mode
Reboot required (role change)
device mode replication-accelerator
hostname dc1-wae1
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address 10.1.1.31 255.255.255.0
ip default-gateway 10.1.1.254
ip name-server 10.1.1.21
central-manager address cm.allcisco.com
cms enable
WAN
Backup/Replications
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 116
Video Optimisation
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 117
Deploying WAAS AO’sLive Video RTSP AO: Edge Splitting
Enable Video Accelerator
Windows Media 9 or later
Operates on RTSPT only
Stream Splitting occurs at the edge
Auto-discovery puts intermediate engines into Pass Through
ACNS/CDS origin configured with „wmt disallow-client-protocols rtspu mmsu‟ to force TCP use
Option to TCP optimize or drop unaccelerated streams
Support for Windows Media Logs
WAN
ACNS
Live Video Source
WAAS