Brkapp 2005

Deploying Cisco Wide Area Application Services (WAAS)
BRKAPP-2005
BRKAPP-2005
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Agenda
!! WAAS Overview !! WAAS Installation and Configuration !! Deployment into the Network !! WAAS Application Optimizer (AO) Deployments !! WAAS Sizing Guidelines
BRKAPP-2005
Cisco Public
Case Study
Phoning Home
!! Extensive Preamble !! Chatty !! Bandwidth Intensive !! Predominantly Unidirectional !! Repetitive Sequences
!!6x Optimized
!! Minimal Overhead !! Compressed and Accelerated
BRKAPP-2005
Cisco Public
WAAS Overview
BRKAPP-2005
Cisco Public
WAAS Overview
Drivers and Trends
Datacenter Transformation !! Virtualization !! Private/Public Clouds !! Software-as-a-Service New Applications, Services !! Rich Media, Video !! Any-any collaboration !! Virtual Desktops Remote Access Evolution !! Increased mobile users !! Low-footprint branches !! Partner access
Customers / Partners
Home Office/ Coffee Shop
xAAS - Cloud
New IT and WAN Optimization Requirements

Branch Office
Secondary Data Centre Branch Office
Primary Data Centre

BRKAPP-2005 2011 Cisco and/or its affiliates. All rights reserved.
Guest Users Cisco Public
Campus
WAAS Overview
Application Delivery Challenges !! LAN Connectivity
High bandwidth Low latency Reliability
Round Trip Time ~ 0ms
!! WAN Connectivity
Already congested Low bandwidth Latency Packet Loss
Client
Client
LAN Switch
Server
Round Trip Time ~ Many milliseconds
LAN Switch
WAN
LAN switch
Server
BRKAPP-2005
Cisco Public
WAAS Overview
Cisco WAAS: WAN Optimization Solution
New
Virtual Private Cloud
vWAAS WAE
Server VMs
New
Nexus 1000v
vPATH
Branch Office
WAAS Express
VMware ESXi Server
Nexus 1000v VSM WAAS Service Module
UCS /x86 Server FC SAN
Branch Office
WAN
Data Center or Private Cloud
WAAS Appliances
Branch Office
WAAS Appliance
Internet
Server VMs
VMware ESXi
vWAAS Appliances
New
WAAS Appliance WAAS Mobile Server VPN

2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
VPN
Domestic Mobile User International Mobile User
Regional Office
BRKAPP-2005
WAAS Mobile Software Over VPN 7
WAAS Overview
WAAS Product Offering
vWAAS
vWAAS-750 vWAAS-6000 vWAAS-12000
WAAS Appliances WAAS ISR Modules WAAS Express WAAS Mobile
WAVE-274
WAVE-474
WAVE-574
WAE-674
WAE-73x1
SM-SRE-700
SM-SRE-900
890
1941/2901
29xx
39xx
WAAS Mobile
Tele Worker Small Branch Medium Branch Large Branch Larger Branch to Small Data Center Data Center & Campus
BRKAPP-2005
Cisco Public
WAAS Overview
Session and Transport Layer Optimization
Client
Application Presentation Session Transport Network Data Link
Host
Application
WAAS 1
Application Optimizer (AO)
WAAS 2
Application Optimizer (AO)
Presentation Session Transport Network Data Link
TFO Network Data Link
TFO Network Data Link
Origin
Physical Physical
Optimized
Physical
Origin
Physical
WAN
BRKAPP-2005 BRKAPP-2005 14633_05_2008_c1
Cisco Public
WAAS Overview
Architecture
IOS Platform with Services and CLI
CIFS AO
MAPI AO
HTTP AO
RTSP AO
NFS AO
EPM AO
SSL AO
Windows On WAAS (WOW)
ACNS On WAAS ACNS VB
Virtual Blade #3
Configuration Management System (CMS)
TCP Proxy with Scheduler Optimizer (SO) DRE, LZ, TFO
Virtual Blades Kernel Virtual Machine
Cisco Linux Kernel Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery
Flash IOS Shell Linux
Application Storage
Object Storage
DRE Storage
Virtual Blade Storage
Ethernet Network I/O
BRKAPP-2005
Cisco Public
10
WAAS Overview
TFO vs. Regular TCP in the WAN
Cisco TFO Provides Significant Throughput Improvements over Standard TCP Implementations
7,16%
TFO
TCP
)*+,%)-./-% 0+12$3-"+1%45+"6.17$%
!"#$%&'!!(%
BRKAPP-2005
Cisco Public
11
WAAS Overview
Advanced Compression
"! Data Redundancy Elimination (DRE) "! Persistent LZ compression Benefits ! Application-agnostic compression ! Up to 100:1 compression ! Session-based compression ! Up to an additional 10:1 compression even after DRE
LZ
WAN!
LZ
DRE Synchronized Compression History
DRE
BRKAPP-2005
Cisco Public
12
WAAS Overview
Application-Specific Acceleration !! Application and Protocol Awareness
Minimize chatter -> Latency Mitigation Safe caching Scheduled File preposition
!! Application Optimizers (AOs)

!CIFS, NFS, MAPI, Video, HTTP, SSL, Windows Printing.......
!! Licensed developed and validated with application vendors
!! Intelligent Server Offload

Caching and optimizations
Remote Office Data Center
WAN!
! Object Cache Verification ! Security and Control ! WAN Optimization ! LAN-like Performance ! WAN Bandwidth Savings
BRKAPP-2005 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
! Server Safely Offloaded ! Fewer Servers Needed ! Power/Cooling Savings
13
WAAS Overview
Network Transparency
B/24 C/24 A/24
WAN
D/24 E/24
!! Packets between each network are routed as normal. WAAS autodiscovery will find WAEs in path !! WAAS Network Transparency (same L3/L4 headers) allows application acceleration components to maintain compliance with existing network features
Quality of Service (QoS), NBAR NetFlow, monitoring, reporting Security functions (ACLs, firewall policies)
BRKAPP-2005
Cisco Public
14
WAAS Overview
Auto-DiscoveryTwo WAE Configuration
!! In-band signaling with TCP option 0x21 !! WAE B closest to host (A) and WAE (C) closest to host (B) !! Connection optimized between WAE (B) and (C) !! WAE shifts optimized TCP SEQ number by 2 billion !! If a WAE that was optimizing connections fails: A B C D Receiving host will see segments with SEQ/ACK numbers that are out of range Host will reset (RST) connection WAAS will propagate the RST Host application will re-establish a new TCP connection
A:D SYN
A:D SYN(OPT)
A:D SYN(OPT) D:A SYN/ACK
D:A SYN/ACK Origin Connection

BRKAPP-2005
D:A SYN/ACK(OPT) Optimized Connection

Cisco Public
Origin Connection 15
WAAS Overview
Auto-DiscoveryCascade WAE Configuration
!! WAE (B) closest to host (A) !! WAE (D) closest to host (E) !! Intermediate WAE (C) sees TCP option in both directions and goes into Pass Through (PT) !! WAE supports 10X optimized limit for Pass Through
A:E SYN
A:E SYN(OPT)
A:E SYN(OPT)
A:E SYN(OPT) E:A SYN/ACK
E:A SYN/ACK(OPT) E:A SYN/ACK A:E ACK A:E ACK(OPT)
E:A SYN/ACK(OPT)
A:E ACK(OPT) Optimized Connection

Cisco Public
A:E ACK
Origin Connection
BRKAPP-2005
WAAS Overview
Intermediate Firewall Support Options
!! Tunnel through Firewall
Not managed by WAAS Renders firewall useless for stateful L3/L4 packet filtering
!! WAAS Directed Mode

Permit TCP options and UDP 4050 tunnel Traffic optimized by WAAS using auto-discovery but then tunneled between WAEs Firewall rendered useless for L3, L4, or L5 packet filtering and stateful inspection
!! Permit TCP options and disable sequence number checking on firewall

Allowing WAAS TFO Autodiscovery Firewall implementing stateless L3/L4 filters
!! Cisco firewall with WAAS awareness

Traffic transparently optimized by WAAS using autodiscovery Cisco firewall preserves L3/L4 stateful inspection by permitting TCP options and statefully tracking TCP sequence number shift
Origin Connection
BRKAPP-2005
Optimized Connection No Connection Layer Security

Cisco Public
WAAS Deployment Installation and Configuration
BRKAPP-2005
Cisco Public
Basic Configuration
BRKAPP-2005
Cisco Public
WAAS Deployment
Deployment Overview
1.! Initial setup is done using IOS-like Console CLI 2.! License configuration is required 3.! Always bring up the Central Manager (CM) first 4.! Next bring up Application Accelerators
! New WAAS devices will be auto-registered to WAAS CM and become a member of the AllDevicesGroup or any other preconfigured Group within WAAS ! When creating e.g. an AccelerationGroup make sure you apply the correct application policies (e.g. set default one) and automembership for this group is enabled
5.! Configure traffic interception (inline, WCCP etc)

! Start traffic interception on Core or Central devices ! Next add intercept to Remote Devices
6.! Further configuration should be done from within the CM
BRKAPP-2005
Cisco Public
20
WAAS Installation
Setup Script
!! Prompted on boot of factory default box to run setup script or execute setup !! Script prompts for configuration to communicate, network integrate, manage, and license the WAE !! Ideal for CM and pilots or small deployments !! Proactive Diagnostics
BRKAPP-2005
Cisco Public
21
WAE Interface Channeling

!! Interfaces can be bundled into a PortChannel for loadbalancing and high availability across switch modules !! Requires identical interface configuration on both physical interfaces !! IP addresses are defined on the PortChannel interface
wae(config)# interface PortChannel 1 wae(config-if)#no shut wae(config-if)#ip address 10.1.1.31 255.255.255.0 wae(config)# interface gigabitEthernet 1/0 wae(config-if)#no shutdown wae(config-if)#channel-group 1 DO NOT wae(config-if)#exit wae(config)#interface gigabitEthernet 2/0 wae(config-if)#no shutdown wae(config-if)#channel-group 1
FORGET
BRKAPP-2005
Cisco Public
22
Standby Network Interface Card (NIC)

!! Must be layer 2 path between two NICs !! MAC only on in-use interface !! Primary preempts !! No primary floats !! Gratuitous ARPs on failover
wae(config)#interface Standby 1 wae(config-if)#ip address 10.1.2.100 255.255.255.0 wae(config-if)#exit wae(config)#interface GigabitEthernet 1/0 wae(config-if)#standby 1 primary wae(config-if)#exit wae(config)#interface GigabitEthernet 2/0 wae(config-if)#standby 1 wae(config-if)#exit WAE(config)#primary-interface standby 1 wae#show interface standby 1 Interface Standby 1 (2 physical interface(s)): GigabitEthernet 1/0 (active) GigabitEthernet 2/0 (active) (primary) (in use)
G 1/0
G 2/0
BRKAPP-2005
Cisco Public
23
Deploying WAAS Central Manager (WAAS CM)
BRKAPP-2005
Cisco Public
Central Management System (CMS)

!! CMS process runs on all WAEs !! Bidirectional configuration synchronization between CM and accelerators !! Communicates over HTTPS using self signed device specific certificates and keys !! Central Manager collects health and monitoring data to every five minutes by default !! CMS provides means to backup and restore configuration !! Provides means to replace a failed device with a new device !! Use show cms info to get CMS status
BRKAPP-2005
Cisco Public
25
Deploying WAAS CM
CM Configuration
!! Device located in Data Center !! Setup script recommended !! Non-default configuration
! ! ! ! ! ! Device mode Hostname Primary-interface IP configuration Date/time configuration Configuration Management System (CMS)
device mode central-manager hostname dc1-cm1 license add Enterprise primary-interface GigabitEthernet 1/0 interface GigabitEthernet 1/0 ip address 10.1.1.31 255.255.255.0 exit ip default-gateway 10.1.1.254 ip name-server 10.1.1.21 clock timezone AEST 10 0 ntp server ntp.foo.com cms enable copy run start
!! CMS must be enabled to access the web GUI !! Reload required (role change) !! Optionally use standby interface to dual-home to two switches
26
Deploying WAAS CM
WAAS CM Dashboard: https://cm-ipaddress:8443
BRKAPP-2005
Cisco Public
27
Deploying WAAS CM
Group Configuration Best Practices
EdgeDevicesGroup Transaction logs Prepositioning Disk encryption Flow Agent
AllDevicesGroup DNS SNMP Date/Time > NTP Server | Time Zone Login Access Control > SSH | MoD | Exec Timeout Authentication Common criteria System Log Settings Storage > Disk Error Handling CoreDevicesGroup SSL Acceleration
AccelerationGroup Application Policies
BRKAPP-2005
Cisco Public
28
Deploying WAAS CM
WAAS Monitoring
!! !! !! !! !!
Dashboard Aggregate Statistics Optimisation Summary Connection Trending Application Acceleration (HTTP, CIFS, NFS, MAPI, Video, SSL, Print) System-wide, Device Specific and Grouped by Location
BRKAPP-2005
Cisco Public
29
Deploying Physical WAE
BRKAPP-2005
Cisco Public
Deploying WAAS Accelerators

Device Mode Accelerator (Default Setting)
!! Default configuration
Hostname Primary-interface IP configuration CMS enable
hostname br1-wae1 primary-interface GigabitEthernet 1/0 interface GigabitEthernet 1/0 ip address 10.1.100.101 255.255.255.0 ! Optionally configure 100 Mb Full Duplex exit ip default-gateway 10.1.100.254 ip name-server 10.1.1.21 ! Implement DNS for CM mobility central-manager address cm.foo.com cms enable copy run start
!! No reload required !! CMS required to register with CM !! Hostname for CM recommended to ease CM moves !! Use standby to dual-home WAE to two switches in a redundant environment (N+1 redundancy) !! Use EtherChannel to achieve higher throughput and redundancy !! Auto-registration option enables CM discovery through DHCP
BRKAPP-2005
Cisco Public
31

CM Manage Devices
BRKAPP-2005
Cisco Public
32

Device Group Assignment
!! Newly configured WAAS device is automatically added to AllDeviceGroup !! Add the new device to other (e.g. Edge or Core) groups where necessary
33
Deploying WAAS on SRE

Service Ready Engine (SRE)
SRE 700 SM SRE 900 SM
Processor Maximum Memory Maximum Storage Ports

BRKAPP-2005
1.86 GHz Intel Core 2 Duo 1.86 GHz Intel Core 2 Duo (Single Core) (Dual Core) 2 GB 500 GB SATA HDD !! 2 Internal GE ports !! 1 External GE port !! 1 External USB port
4 GB 2 x 500 GB SATA HDDs w/ RAID 0/1 !! 2 Internal GE ports !! 1 External GE port !! 1 External USB port
34

Deployment Steps
!! Initial SRE Configuration
Configure IP Connectivity between ISR and SRE
!! Initial WAAS Installation

Load WAAS Software on SRE (when needed)
WAAS on SRE: min version 4.2.1 WAAS Version 4.3.1 recommended
!! Initial WAAS Configuration

Standard WAAS configuration steps
BRKAPP-2005
Cisco Public
35

Obtain WAAS Software !! Download WAAS software from CCO
CCO account is needed
!! Extract the ZIP file and install in FTP directory

Make sure FTP Server is reachable from ISR! Directory should contain following 6 files:
waas-accelerator-4.2.3.7-k9.bin waas-accelerator-4.2.3.7-k9.bin.install.sre waas-accelerator-4.2.3.7-k9.bin.install.sre.header waas-accelerator-4.2.3.7-k9.bin.installer waas-accelerator-4.2.3.7-k9.bin.key waas-accelerator-4.2.3.7-k9.bin.srebootloader
BRKAPP-2005
Cisco Public
36

Initial SRE Configuration !! SRE is recognized by IOS as Interface SM<slot>/0
Router#show run interface SM1/0 interface SM1/0 no ip address shutdown service-module fail-open
!! Configure IP Addresses and Gateway

Router#conf t Router(config)#interface SM1/0 Router(config)#ip address 10.42.12.254 255.255.255.0 Router(config)#service-module ip address 10.42.12.1 255.255.255.0 Router(config)#service-module ip default-gateway 10.42.12.254
BRKAPP-2005
Cisco Public
37

WAAS SW Load with Router CLI Script
!! CLI Script: service-module sm1/0 install url !! Use the full path to the bin image
Router# service-module sm 1/0 install url (continued on next line) ftp://username:password@10.42.40.100/waas/SRE/waas-accelerator-4.2.3.7-k9.bin
Proceed with installation? [no]: yes Loading SRE/waas-accelerator-4.2.3.7-k9.bin.install.sre ! [OK - 1722/4096 bytes] Welcome to the WAAS installation checking resource requirements now Resource check complete proceeding with installation
BRKAPP-2005
Cisco Public
38

Initial Configuration Using CLI
!! Session into SRE (is reverse telnet on line 2067)
Router#service-module sm 1/0 session Trying 10.42.12.254, 2067 ... Open
!! Device comes up as Accelerator with Interface IP and Default Gateway already configured
NO-HOSTNAME#sho run ! waas-accelerator-k9 version 4.2.3 (build b7 Jul 29 2010) ! device mode application-acceleratorinterface GigabitEthernet 1/0 ip address 10.42.12.1 255.255.255.0 exit ! ip default-gateway 10.42.12.254
BRKAPP-2005
Cisco Public
39

Initial Configuration Using CLI
!! Configure hostname, domain-name, dns, primary-interface and central-manager address before enabling CMS and do save the configuration (or use setup script...)
NO-HOSTNAME(config)#hostname SRE700 SRE700(config)#ip domain-name waas.bnelab.cisco.com SRE700(config)#ip name-server 10.42.40.101 SRE700(config)#primary-interface gi 1/0 SRE700(config)#central-manager address cm.waas.bnelab.cisco.com SRE700(config)#cms enable Registering WAAS Application Engine... Sending device registration request to Central Manager with address 10.42.40.1 Please wait, initializing CMS tables Successfully initialized CMS tables Registration complete. Please preserve running configuration using 'copy running-config startupconfig'. Otherwise management service will not be started on reload and node will be shown 'offline' in WAAS Central Manager UI. management services enabled
BRKAPP-2005
Cisco Public
40

Save and Check CMS !! Save the config and check if CMS is running
SRE700(config)#exit SRE700#wr mem SRE700#sho cms info Device registration information : Device Id Device registered as Current WAAS Central Manager Registered with WAAS Central Manager CMS services information : Service cms_ce is running
= = = =
4206 WAAS Application Engine 10.42.40.1 10.42.40.1
!! Next step would be configuring WCCP on SRE and ISR
BRKAPP-2005
Cisco Public
41
Deploying Virtual WAAS (vWAAS)
BRKAPP-2005
Cisco Public
Deploying vWAAS
Cloud-Ready Optimization
Cisco vWAAS Cisco vWAAS
WAN
WAAS Mobile Server
Internet
Public Cloud
Mobile Users
WAAS Mobile Client
Private Cloud
WAAS
Branch Differentiators
Key Requirements
"! "! "! "! On demand deployment with elastic scalability Minimal network configuration VM mobility awareness Multi-tenant deployment
Benefits
"! On-demand orchestration of WAN optimization "! Increased availability with SAN based storage "! Lower OPEX for Cloud Migration "! "! "!
Policy based provisioning with Cisco Nexus 1000V Rapid creation of WAN Optimisation Service Transparent deployment w/ WCCP
BRKAPP-2005
Cisco Public
43
Deploying Virtual WAAS

Interception at Core or Access
!! Core Interception w/ WCCP
vWAAS vWAAS vWAAS
-! Multiple vWAAS VMs can be clustered in same WCCP cluster. -! Both physical and virtual WAE can be part of same cluster
WAN
VMWare ESX/ESXi
UCS /x86 Server
WCCP Cat6K/N7K
!! Access Interception w/ vPath

-! Interception based on port-profile policy configured in Nexus 1000v -! Bidirectional Interception - (no IN/OUT configuration) -! Pass-through traffic automatic bypass
Nexus 2K/5K
Nexus 1000V /VN-Link vPATH
UCS Compute/ Physical servers

BRKAPP-2005
UCS Compute/ Virtualized Servers

! ! ! !
ESX/ESXi with N1000v
UCS /x86 Server

Cisco Public
44

Installation Prerequisites
!! vWAAS is provided as a Virtual Appliance in OVF File
Prepackaged with disk, memory, CPU, NICs and other VMWare related configuration vWAAS-750, 6000, 12000 vCM-100N, 2000N
!! VMware ESX/ESXi 4.0+ hypervisor !! VMware vCenter server & vSphere client 4.x !! Cisco UCS or other x86 Server
-!Server hardware should 64 bit CPU & be on the VMware Compatibility List (HCL) -! Ensure Intel VT is enabled in the hosts BIOS
!! Nexus 1000v version 4.2(1)SV1(4) (for vPATH Interception)

45

Installation
BRKAPP-2005
Cisco Public
46

Installation
BRKAPP-2005
Cisco Public
47

Installation
BRKAPP-2005
Cisco Public
48

Vmware vSphereSummary Display
BRKAPP-2005
Cisco Public
49

vWAAS Configuration Steps !! Configuration is the same as for a normal WAAS Device !! Connect to the Console through vCenter !! Use of Setup Wizard is recommended !! Some differences you will notice
Interface virtual 1/0 Interception other (for vPATH)
BRKAPP-2005
Cisco Public
50
Deploying WAAS Express
BRKAPP-2005
Cisco Public

Introduction
!! An IOS-based WAN optimisation solution for the ISR G2 Platform
Integrates WAN Optimisation functionality natively into Cisco IOS via a feature license. Interoperable with existing Cisco WAE appliance / module product range Managed by WAAS Central Manager Supported on ISR-G2 platforms. Increase available bandwidth to small/medium branch sites
Data Center
WAAS Appliances WAAS CM
WAN
ISR G2
Branch Office
WAAS Express
BRKAPP-2005
Cisco Public
52

Requirements
!! Maximum router memory is required !! Minimum IOS version 15.1(2)T !! WAAS Express is configured on the WAN interface !! No intercept configuration like WCCP is necessary !! WAAS Express uses CPL for configuration
- Configuration via global policy-map and parameter-map - Default built-in policy is applied to running-config - Default Policy is the same as Cisco WAAS default policy (Except for non-supported features e.g. AO)
!! Natively interoperates with Cisco IOS features

- Standard IP Routing - QoS Firewall - IP ACL - Crypto VPN Technology - NAT - Flexible Netflow
- IOS
53

Configuration
ISR-G2 WAN WAAS Express Branch Office
router (config-if)# waas enable
Router#configure terminal Router(config)#interface <wan-interface-name> Router(config-if)#waas enable
!! Simple one command configuration !! End User License Agreement is displayed for Trial licenses the first time WAAS Express is enabled !! Router should be configured to as HTTP secure-server
BRKAPP-2005
Cisco Public
54

Default Configuration (Snippet)
parameter-map type waas waas_global tfo optimize full tfo auto-discovery blacklist enable lz entropy-check ! class-map type waas match-any CIFS match tcp destination port 139 match tcp destination port 445 class-map type waas match-any FTP-Control match tcp destination port 21 class-map type waas match-any FTP-Data match tcp source port 20 class-map type waas match-any waas-default match tcp any ! policy-map type waas waas_global class CIFS optimize tfo dre lz application WAFS class FTP-Control passthrough application File-Transfer class FTP-Data optimize tfo dre lz application File-Transfer .... class waas-default optimize tfo dre lz application waas-default
BRKAPP-2005
Cisco Public
55
Deploying WAAS AOs
BRKAPP-2005
Cisco Public
Deploying WAAS AOs

Configuring Licenses
!! License managed at device level !! License name is case sensitive !! Transport includes DRE/LZ/TFO !! Enterprise includes NFS, HTTP, SSL, CIFS, MAPI, Print (and DRE/TFO/LZ) !! Video requires Enterprise !! Virtual Blade requires Enterprise !! CM requires Enterprise !! CLI commands
show license license add <license-name> clear license clear license <license-name>
#show license License Name By
Status
Activation Date Activated
-------------- ----------- ---------------------------Transport Enterprise Video Virtual-Blade #show license License Name By Status Activation Date Activated not active active not active not active 03/20/2008 admin
#license add Video
-------------- ----------- ---------------------------Transport Enterprise Video Virtual-Blade not active active active not active 03/20/2008 04/01/2008 admin admin
57
Deploying WAAS AOs

Configuration
1." 2." 3."
Go To AllDevicesGroup Globally enable WAAS Accelerators Enable Blacklist if firewalls upstream from core drop SYN packets with options else disable
BRKAPP-2005
Cisco Public
58
Deploying WAAS AOs

SSL Optimization
!! Core WAE acts as a Trusted Intermediary Node for SSL requests by client !! Private Key and Server Certificate are stored on the Core WAE device !! Core WAE participates in SSL Handshake to derive session key !! Distributes the session key securely in-band to the Edge WAE over the established connection between the Edge WAE and Core WAE
Edge WAE
Send session key
Core WAE
Transparent Secure Channel
Client
SSL Handshake
SSL Handshake
Server
WAN
Original Data - Encrypted Optimized & Encrypted Original Data - Encrypted
SSL Session Client to Core WAE (WAAS)

SSL Session Core WAE to Server - Core WAE: Server Private Key
59
Deploying WAAS AOs

HTTP Optimization with SSL Advanced HTTP Parser
Cache HTTP Meta Data
Send DRE Hints
Modify Compression Directive
Mitigate Latency
Mitigate Latency
Improve Performance
Improve Perf. Offload Server
Local HTTP Freshness Response
Local HTTP Redirect Response
Local HTTP Authneeded Response
DRE Flush Stream
DRE Skip Bytes
DRE Skip LZ
Disables Server Compression
BRKAPP-2005
Cisco Public
60
Deploying WAAS AOs

HTTP/HTTPS AO Configuration
BRKAPP-2005
Cisco Public
61
Deploying WAAS AOs

Central Manager Secure Store for SSL
!! CMs secure store keeps all imported host and accelerated SSL certificates and private keys !! Certificates and private keys encrypted with user pass-phrase:
When secure store is being initialized first time (initialization) After CM device reloads to open secure store (opening)
!! CM secure store must be open to synchronize configuration between SSL capable CM and WAEs !! Upon reboot, if CM detects the secure store is initialized but not open a critical alarm is raised
BRKAPP-2005
Cisco Public
62
Deployment into the Network
BRKAPP-2005
Cisco Public
WAAS Inline Deployment
BRKAPP-2005
Cisco Public

Simple Transparent Inline Deployment
!! Simple Plug-and-Play Deployment
Physical in-path deployment between switch and router Mechanical fail-to-wire upon hardware, software, or power failure
Remote Office
!! High Availability
Two 2-port fail-to-wire groups with support for redundant network paths and asymmetric routing Serial in-path clustering with fail-over
!! Seamless Transparent Integration

Transparency and automatic discovery 802.1q VLAN trunking support Supported on all WAE appliance models
WAN
BRKAPP-2005
Cisco Public
65

Non-Redundant Branch
g1/0 s1 e1 r1
WAN
1/0/LAN 1/0/WAN
1/1/WAN 1/1/LAN 1/0/WAN 1/0/LAN
!! Router
Crossover cable from router to engine Fix speed and duplex settings for Fast Ethernet connections Ensure the router and switch have matching speed and duplex
!! Engine
One Inline NIC per WAE appliance (cannot be used with WCCP) Installed in-path between switch and router or firewall Use single pair of inline ports (1/0 or 1/1) removing RJ45 port covers Ports fail-to-wire upon hardware, software, or power failure Support for interception 802.1q trunks Use Gi1/0 primary interface
!! Switch
Straight through cable from engine to switch Ensure the router and switch have matching speed and duplex Implement portfast for faster recovery
BRKAPP-2005
Cisco Public
66

Serial Inline Cluster
!!Support for 2 Inline Cards per WAE
! Up to 4 inline groups (8 ports) ! WAE-674, WAE-7341, WAE-7371
Branch
Inline WAE (Up to 2)
!!Simplified HA deployment model !!HA supported by other WAE !!NEW Interception Access List
! Bypass for non-relevant traffic
WAN1
WAN2
Dual WAN Links
!!Small and medium data centers
Inline Serial Cluster
Data Center
BRKAPP-2005
Cisco Public
67

Redundant Branch Topology
WAN
WAN
WAN
WAE-DC1
WAE-DC2
WAN
BRKAPP-2005
Cisco Public
68

Data Centre Topology
WAN
WAN
WAN
WAE-DC1
WAE-DC2
WAN
BRKAPP-2005
Cisco Public
69

Serial Inline Cluster Best Practices
!! Deploy the same platform for both devices in cluster !! Apply the same bidirectional policy/interception ACL on both devices !! Disable optimization between serial cluster devices !! Use CM to configure and manage the Serial Inline Cluster
Automatic peer configuration Verify peer optimization settings are mutually configured Location based reporting
!! Second WAE in serial inline cluster is for High Availability only. Not supported for scaling (use WCCP instead)
BRKAPP-2005
Cisco Public
70
WAAS WCCP Deployment
BRKAPP-2005
Cisco Public
WAAS Overview
Network-Integrated Off-Path Interception
!! WCCPv2 Interception
Transparent network integration and automatic discovery Active/active clustering supports up to 32 WAEs and 32 routers with automatic load-balancing, load redistribution, fail-over, and fail-through operation Near-linear scalability and performance improvement when adding devices
Remote Office
WAE Cluster
!! Policy-Based Routing Interception

Routing of flows to be optimized through a Cisco WAE as a next-hop router Active/passive clustering provides high availability and failover using IP SLA as a tracking mechanism
WAN
BRKAPP-2005
Cisco Public
72

WCCP Functions
Intercept
R1
Assign
C1
Redirect
E1
S1
Return/Egress
!! Intercept Identify packets for WCCP processing (in or out) !! Assign Select the WAE !! Redirect Router sends the packet to the WAE !! Return WAE sends the packet back to the router !! Egress WAE may ignore WCCP negotiated return by using another return method like IP forwarding (routing) or generic GRE
BRKAPP-2005
Cisco Public
73

Redirect List
!! Permit all applications but deny specific protocols
Avoid redirection of management traffic with a universal ACL Apply bidirectional ACL to service groups 61 and 62 Create the redirect ACL before enabling WCCP service groups 61 and 62 Do not enable logging on WCCP redirect ACL (performance)
ip access-list extended waas remark WAAS WCCP Redirect List deny tcp any any eq telnet deny tcp any any eq 22 deny tcp any any eq 161 deny tcp any any eq 162 deny tcp any any eq 123 deny tcp any any eq bgp deny tcp any any eq tacacs deny tcp any any eq 2000 ! Reverse Direction deny tcp any eq telnet any deny tcp any eq 22 any deny tcp any eq 161 any deny tcp any eq 162 any deny tcp any eq 123 any deny tcp any eq bgp any deny tcp any eq tacacs any deny tcp any eq 2000 any ! ! Below optional per branch in pilot permit tcp any <<branch subnet>> permit tcp <<branch subnet>> any deny tcp any any
!! Optionally permit specific IP subnets during PoC !! Avoid TCAM overflow on 6500
BRKAPP-2005
Cisco Public
74

Assignment
!! Assignment (engine selection)
Hash - Byte level XOR computation divided into 256 buckets (default) Mask - Bit level AND divided up to 128 buckets (7 bits)
!! Branch
DHCP allocated addressing Balance hosts to multiple engines 0x1 to 0x7F (or similar) Balancing to a single engine (mask selection is irrelevant)
!! Retail Data Center

Site /24 allocation per site Balance sites or engines with 0x100 to 0x7F00 (or similar)
!! Enterprise Data Center

Regional/16 allocation Balance regions with 0x10000 to 0x7F0000
0xF = 0000:0000.0000:0000.0000:0000.0000:1111 0xF00 = 0000:0000.0000:0000.0000:1111.0000:0000 0xF0000 = 0000:0000.0000:1111.0000:0000.0000:0000

75

Redirect, Return and Egress Method
!! Configured on WAE !! Dependant on design and router hardware/software !! Router WCCP Redirect (Router to WAE)
GRE - Entire packet GRE tunneled to the engine (default) Layer 2 - Frame MAC address rewritten to engine MAC
!! WAE WCCP Return (WAE to Router)

WCCP GRE - Packet statefully returned router (as of 4.0.13) WCCP Layer 2 - Frame statefully rewritten to router MAC
!! WAE Egress Method (WAE to Router)

IP Forward - Engine ARPs for default gateway (default) WCCP negotiated - WCCP GRE or WCCP L2 return (L2 not yet supported in WAAS) Generic GRE - Stateful return in hardware to Catalyst 6500 Sup720/32 (as of WAAS 4.1)
BRKAPP-2005
Cisco Public
76

Platform Recommendations
Function Nexus 7000 Software ISR & 7200
Hash or Mask GRE or L2 Extended ACL In or Out GRE or L2 Supported 12.1(14); 12.2 (26); 12.3(13); 12.4(10); 12.1 (3)T; 12.2(14) T; 12.3(14)T5; 12.4(15)T8; Mask Only GRE or L2 Extended ACL In only GRE or L2 Planned 2.4(2)
ASR 1000
Cat 6500 Sup720/32 7600
Cat 6500 Sup2

Mask L2 or GRE / L2 Extended ACL In L2 NA 12.1(27)E; 12.2 (18)SXF14
Cat 4500
Mask only L2 only No ACL Support In only L2 only NA 12.2(50)SG1
Cat 3750
Mask only L2 only Extended ACL (no deny) In only L2 only NA 12.2(46)SE
Assign Redirect Redirect List Direction Return VRFs IOS
Mask Only L2 L3/L4 ACL In or Out L2 only Supported! 4.2(6), 5.0 (3)!
Mask GRE or L2 Extended ACL In L2 Planned! 6500 12.2(18)SXF14 12.2(33)SXH4 12.2(33)SXI2a 7600
ISR G2: 15.0(1)M
12.2(18)SXD1!
BRKAPP-2005
Cisco Public
77

WAAS Configuration
Prevent Loop! Turn on WCCP after configuration

BRKAPP-2005
wccp router-list 1 192.168.254.2 wccp tcp-promiscuous router-list-num 1 egress-method negotiated-return interceptmethod wccp wccp version 2
78

Router Configuration
!! Router Global Configuration
Router(config)# ip cef Router(config)# ip wccp 61 <optional-redirect-list acl-name> Router(config)# ip wccp 62 <optional-redirect-list acl-name> Router(config)# ip wccp version 2
!! Router Interface Configuration

Router(config-if)# ip wccp 61 redirect <in|out> Router(config-if)# ip wccp 62 redirect <in|out> Router(config-if)# ip wccp redirect exclude in
Determined by topology
Src Balance 61
62 Dst Balance
A
e1
B C
e2
B
79

Verifying Operation
dc1-rtr1#show ip wccp Global WCCP information: Router information: Router Identifier: Protocol Version: 10.1.3.254 2.0 dc1-wae1#show wccp routers Router Information for Service: TCP Promiscuous 61 Routers Configured and Seeing this Engine(1) Router Id Sent To Recv ID 10.1.3.254 10.1.2.254 0001CD80 Routers not Seeing this File Engine -NONERouters Notified of but not Configured -NONERouter Information for Service: TCP Promiscuous 62 Routers Configured and Seeing this Engine(1) Router Id Sent To Recv ID 10.1.3.254 10.1.2.254 0001CD7C Routers not Seeing this File Engine -NONERouters Notified of but not Configured -NONEdc1-wae1#show wccp gre Transparent GRE packets received: Transparent non-GRE packets received: Transparent non-GRE non-WCCP packets received: Total packets accepted: Packets sent back to router: GRE packets sent to router (not bypass): Packets sent to another WAE: Packets received with client IP addresses:
Service Identifier: 61 Number of Cache Engines: 1 Number of routers: 1 Total Packets Redirected: 1954820 Process: 474 Fast: 0 CEF: 1954346 Redirect access-list: -none............................................ Service Identifier: 62 Number of Cache Engines: 1 Number of routers: 1 Total Packets Redirected: 581196 Process: 107 Fast: 0 CEF: 581089 Redirect access-list: -none............................................
105587 0 0 100152 0 52222 0 100152
BRKAPP-2005
Cisco Public
80

Branch Options
A/24 h1 61 h2 g0 s0 62 h1 A/24 g0 61
Si
s0 62 sm1/0
WAN
h2
WAN
SRE-700
Router ip wccp 61 ip wccp 62 interface g0 ip wccp 61 redirect in interface s0 ip wccp 62 redirect in WAE wccp router-list 1 10.1.1.254 wccp tcp-promiscuous router-list-num 1 egress-method negotiated-return intercept-method wccp wccp version 2
Router ip wccp 61 ip wccp 62 interface g0 ip wccp 61 redirect in interface s0 ip wccp 62 redirect in WAE wccp router-list 1 10.1.1.254 wccp tcp promiscuous router-list 1 l2-redirect mask-assign wccp tcp-promiscuous mask src-ip-mask 0xF wccp version 2
BRKAPP-2005
Cisco Public
81

Shared WAEs Within Distribution Layer
!! WAE with Interface Standby (N+1 Redundancy)
Registration r1/r2 interface IP Assignment Mask Redirect WCCP GRE Return/Egress - IP Forwarding, generic GRE (6500), or WCCP GRE (ASR) Network Engines on shared subnet between r1 and r2 Interface VLAN inter-core link with no WCCP e1 61 r1
Si
WAN e2 e3 e4 61
Si
r2
62\
62
!! WAE with Single Interface or EtherChannel

Registration Loopback IP Assignment Mask Redirect WCCP GRE Return/Egress - IP forward or generic GRE Network Engines on dedicated subnets (no interface standby) Routed interface link (r1-r2) with no WCCP e1 e2 62 62 r1
WAN
61
Si
61
Si
r2
e3 e4
BRKAPP-2005
Cisco Public
WCCP Registration
82

Shared WAEs at WAN Edge
!! Local WAE Redirect and Return
Registration r1/r2 interface IP Software platform (7200/ISR) Assignment Hash Redirect - WCCP GRE Return/Egress WCCP GRE or IP forward Hardware Plaftorm (6500/PFC3 or ASR) Assignment Mask Redirect WCCP GRE Return/Egress Generic GRE (6500), WCCP GRE (ASR), or IP forward return
61 r1 WAN e1 e2 61 r2
62
62
Si
Si
!! Remote WAE GRE Redirect and Return

Registration Remote r1/r2 loopback IP Assignment Hash (7200/ISR) or mask (6500/ASR) Redirect - WCCP GRE Return/Egress - WCCP GRE (ASR/7200/ISR) or Generic GRE (6500)
WAN
61 r1
61 r2
62
e1
Si
62
e2
Si
WCCP Registration
83
Dual Data Center

Asymmetric Routing Condition
!! Condition
Branch route summarization Connections sent to DC-A when application resides in DC-B
/16
SYN and SYN/ACK not seen by same WAE
DC-B
!! Solutions
Advertise summary route for each data center to eliminate asymmetric routing WAE in server farm distribution with WCCP or ACE WAE cross registers with WAN edge or distribution routers in both data centers
Si
DC-A
/16
0.0.0.0
Si
Si
Si
DC-A
DC-B
84
Dual Data Centre

Asymmetric Routing Solutions
61
61
62
62
62 61
62 61
62
Si Si Si Si Si Si
62
Si Si
61
61
62
62
!! WAE in server farm !! Distribution with WCCP or vPath
!! WAE cross registers with WAN edge or distribution routers in both data centers
Cisco Public
BRKAPP-2005
85

Configuration Best Practices
!! Registration
Do NOT use a virtual gateway address (HSRP, VRRP, GLBP) Use interface IP address if L2 adjacent to WCCP router Use highest loopback address if not L2 adjacent to WCCP router Do not configure large MTU (>1500 bytes) on WCCP client interfaces
!! Software Platforms
GRE Forwarding (Default) Hash Assignment (Default) Inbound Interception "ip wccp redirect exclude in" on WCCP client interface (outbound interception only) WAAS Egress Method: IP Forwarding
!! Hardware Platform
L2 Forwarding Mask Assignment [ Since 4.2.1 the default mask is changed to 0xF00 from 0x1741 ] Inbound Interception Do not use "ip wccp redirect exclude in WAAS Egress Method: IP Forwarding, Generic GRE (Cat6k PFC-based systems only)
BRKAPP-2005
Cisco Public
86
WAAS vPath Deployment
BRKAPP-2005
Cisco Public
vWAAS vPath Deployment

Introduction to vPath
!! Intelligence build into Virtual Ethernet Module (VEM) of N1000V !! vPath has following main functions: !! Intelligent Traffic interception for vWAAS !! Offload the processing of Pass-through traffic from vWAAS !! ARP based health check !! Maintain Flow entry table
Cisco UCS x86 Server
Cisco UCS x86 Server
vWAAS
WebServer 1
App Server
WebvWAAS Server 1
WebApp Server 2 Server
VM
VM
Add New WebServer Virtual Machine (VM)
VM
VM
NEW
VM
Nexus 1000V
vPath
Nexus 1000V
vPath
VMware ESXi Server

vWAAS Optimized VM
BRKAPP-2005 2011 Cisco and/or its affiliates. All rights reserved.
VMware ESXi Server

Non Optimized VM
Cisco Public
88
vWAAS vPath Deployment

Port-Profile Configuration
Port-Profile
Network Admin view
Port-group
vPATH interception
Nexus 1000v VSM
Server Admin view
vSphere client
Attach Opt-port-profile to server VMs
BRKAPP-2005
Cisco Public
89
WAAS Sizing Guidelines
BRKAPP-2005
Cisco Public

Platform Performance (4.3)
Capacity SRE 700 SRE 900 WAVE -274 WAE474 WAE5743GB WAE5746GB WAE674-4G B WAE6748GB WAE6748GB +VB WAE-7341 WAE-7371
WAN Bandwidth (Mbps) Optimized TCP Connections Optimized Throughput (Mbps) Total Disk Capacity (GB) DRE Disk Capacity (GB) CIFS Disk Capacity (GB) Maximum LAN Video Streams Virtual Blades Supported Total Virtual Blade Disk Capacity Core Fan Out CM Managed Devices
BRKAPP-2005
20
50
20
45
90
90
310 12000 9000/3000* 800 900 500 230 1000
1000 50000 12000/28000* 1500 1500 1000 230 1000
500
400
200
400
750
1300
2000
6000
4000
150 500 120 120 200
250 500 120 120 200
90 250 40 120 40 2 30
90 250 60 120 80 2 30
100 500 80 120 150 2 60 35
150 500 120 120 300 6 175 70 1000

Cisco Public
250 600 120 120 400 2 120 100 1500
350 600 320 120 1000
350 600 150 120 600 6 200
200 1500
200 2000
1400
2800
125
250
500
* SSL connections / TCP connections
91

WAAS Express Recommendations
Platform
89x 1941 2901 2911 2921 2951 3925 3945
Total DRAM Required

768 M 2.5 G 2.5 G 2.5 G 2.5 G 4G 4G 4G
Maximum WAN bandwidth Supported

2 Mbps 4 Mbps 6 Mbps 6 Mbps 6 Mbps 6 Mbps 10 Mbps 10 Mbps
Recommended Number of Users

1-10 15-20 15-20 25 25 25 50 50
Max TCP Connections

75 150 150 200 200 200 500 500
!! WAAS Express requires maximum DRAM installed as indicated

!! Typical Interfaces 3G, T1, E1, Multi T1s, Multi E1s, and Serial !! Performance Testing Conducted with IOS FW, VPN (IPsec), NAT, and, QoS
92

vWAAS
Branch/ Small DC
BRANCH 750
(Opt.TCP Connection) Virtual Cores : 2 Memory : 4 GB Hard Disk: 250 GB Modeled after 574
Medium DC
Small-DC 6000
(Opt.TCP Connection) Virtual Cores: 4 Memory : 8 GB Hard Disk: 500 GB Modeled after 674
Large DC
Medium-DC
12000
(Opt.TCP Connection) Virtual Cores: 4 Memory : 12 GB Hard Disk: 750 GB Modeled after 7341
vCM-Small
100
(Max Devices) Virtual Cores : 2 Memory : 2 GB Hard Disk: 250 GB Modeled after 274
vCM-Large
2000
(Max Devices) Virtual Cores: 4 Memory : 8 GB Hard Disk: 600 GB Modeled after 674
BRKAPP-2005
Cisco Public
93
Closure
BRKAPP-2005
Cisco Public
Closure
Remember Guidelines !! Remember...
Use CM Configuration Groups Monitor Router/Switch CPU load after implementing WCCP Beware of Routing Loops with WCCP Follow recommended order of operations Fix Line-rate and Duplex on Fast Ethernet networks Use of Port-Fast where appropriate Usage of DNS and NTP is recommended
BRKAPP-2005
Cisco Public
95
Complete Your Online Session Evaluation

!! Receive 25 Cisco Preferred Access points for each session evaluation you complete. !! Give us your feedback and you could win fabulous prizes. Points are calculated on a daily basis. Winners will be notified by email after July 22nd. !! Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center. !! Dont forget to activate your Cisco Live and Networkers Virtual account for access to all session materials, communities, and on-demand and live activities throughout the year. Activate your account at any internet station or visit www.ciscolivevirtual.com.
BRKAPP-2005
Cisco Public
96
Visit the Cisco Store for Related Titles http://theciscostores.com
BRKAPP-2005
Cisco Public
97
BRKAPP-2005
Cisco Public
98
Thank you.
BRKAPP-2005
Cisco Public
99
Backup Slides
BRKAPP-2005
Cisco Public
WAAS Mobile
BRKAPP-2005
Cisco Public
WAAS Overview
WAAS Mobile 1. Client/Server Architecture
WAN
2. What It Does
! Accelerates Application Performance over Challenged Mobile or Remote Connections
WAAS Mobile Client
WAAS Mobile Server
Web, File & App Servers
! Installs on Windows Desktop
3. Why Its Better

!! Designed for Mobile & Remote Users
Purpose Built for the Windows PC/Laptop Industry-leading Performance Lowest TCO
!! Optimized for Diverse Challenged Networks !! Complements WAAS Appliance as Complete Acceleration Solution !! Highest performance over mobile and SOHO networks !! Scalable, Fault Resilient, Manageable, Interoperable !! Best reliability, stability and troubleshooting tools reduce cost of support !! Centralized policy based management reduces deployment and support cost !! Integration with software distribution tools reduces deployment costs
BRKAPP-2005
Cisco Public
102
WAAS Mobile
Architecture
BRKAPP-2005
Cisco Public
103
WAAS Mobile
Acceleration Matrix
Application WAAS Mobile Acceleration Feature
"##$%&'()*! 1,'*2#),-! 34$-'! +4,2%2-4*-! +,)-)&)$! .#(/%0'()*! 5)/#,422%)*! 6422%)*2! .#(/%0'()*! 6%7*48! 69:!
Supported Windows Client Platforms

;%*8)<!=!! >?@ABCDE%-F! G%2-'!>?@A! BCDE%-F! H+!
;4E!:,)<2%*7! >I11+F! 64&J,4!;4E! :,)<2%*7!>I11+6F! ;%*8)<2!K%$4!6L',42! >5MK6A69:F! .J-$))NAOP&L'*74! >9"+MF! OD/'%$! >+.+BA691+F! K%$4!1,'*2Q4,! >K1+F! .-L4,!"##$%&'()*2!
BRKAPP-2005
Cisco Public
104
WAAS Mobile
Network Setup
Data Center 1
WAAS Mobile Server
Data Center 2
WAAS Mobile Server
Intranet Application Servers Remote Access VPN Application Servers
Internet
Small Office
Cisco WAAS Mobile Clients
Mobile users connect through VPN to multiple WAAS Mobile Servers
Cisco WAAS Mobile Client
Workers in small offices may connect to multiple WAAS Mobile Servers
Simultaneously Accelerate Traffic to Applications Hosted in Multiple Data Centers

105
WAAS Mobile
Client Server Data Flow
WAAS Mobile Client

Accelerated Applications CIFS SMB Other Applications
WAAS Mobile Server

TCP Intercept/Redirect (TDI driver) TCP Acceleration Process Control TCP 1182 Data UDP 1182 Acceleration Process Intercept/Redirect (TDI driver) TCP TCP
!! WAAS Mobile Client proxies all accelerated TCP traffic and sends it via UDP port 1182 to the WAAS Mobile Server
106
Cisco WAAS Mobile Scalability

!! Scale up to handle maximum throughput of any data center
!Up to 10,000 concurrent users per Cisco WAAS Mobile server !Multiple Cisco WAAS Mobile Servers can be aggregated into Cisco WAAS Mobile server farms for load balanced, redundant capacity
!! Scale out to handle multiple data centers

!Cisco WAAS Mobile server farms hosted at multiple data centers provide acceleration for any worker to any application
!! Scalable Cisco WAAS Mobile Manager data flow

!Manager communicates with Cisco WAAS Mobile worker servers !Worker servers communicate with Cisco WAAS Mobile clients !A single Cisco WAAS Mobile Manager can manage hundreds of servers and hundreds of thousands of clients
BRKAPP-2005
Cisco Public
107
WAAS Mobile Management

Central WAAS Mobile Manager
!! Highly scalable
!Manage hundreds of Cisco WAAS Mobile servers or just a single server !Manage hundreds of thousands of end users from a single user interface
!! Total system visibility

!View performance at system level, or drill down to a server farm, a single server, a group of end users, or a single user
!! Consolidated end-user management and monitoring

!Visibility into the performance and status of accelerated traffic by application and path for any end user from the Cisco WAAS Mobile Manager
!! Highly available
!Central manager not required to be operational for acceleration services to be operational.
BRKAPP-2005
Cisco Public
108
Cisco WAAS Mobile Management:

Manage All Clients Centrally !! View all clients from the central console and filter to find the user or set of users of interest
BRKAPP-2005
Cisco Public
109
Enterprise Deployment Considerations

High Availability
!! To provide high availability and capacity within a data center
!Multiple Cisco WAAS Mobile servers in a data center may be configured to be members of a Cisco WAAS Mobile server farm !Traffic load is automatically balanced across the servers in a server farm
!Initial access is random !On subsequent access, client attempts to connect to previous server. If unable, tries another server in the same farm
!! To provide high availability in the event of a data center outage

!Cisco WAAS Mobile server farms may be located at backup data centers !When clients are unable to connect to the primary server farm, they will automatically attempt to connect to backup server farms
BRKAPP-2005
Cisco Public
110

Manageability
!! Software installation
!Client profiles are packaged as executable .msi files
!! Software upgrades
!Automatic upgrade and downgrade
!! Configuration updates
!Automatic updates
!! Policy based management

!Separate configuration profiles for different user groups !Optional Active Directory group policies
!! Central monitoring console

!Graphical displays of acceleration and traffic breakdown
BRKAPP-2005
Cisco Public
111

Architecture Scalability
!! Highly scalable storage system
! Each file or data sequence is only stored once ! Single instance of a file or data sequence is shared with all users
!! Highly efficient memory utilization

! Uses only 2 MB of server RAM for each simultaneous active download ! 1000:1 disk to RAM ratio for search index supports deep histories
!! Scalable CPU utilization

! Multi threaded architecture makes efficient use of multi core CPUs
!! Optimized disk utilization

! Employs a dynamic disk seek algorithm that optimizes throughput under high load by dynamically trading off acceleration gain vs disk activity to mitigate thrashing
BRKAPP-2005
Cisco Public
112
Cisco WAAS Mobile

Server Configurations
!! Cisco WAAS Mobile is deployable on bare metal server or as virtual machine !! For 5-10 user evaluations:
Minimum Configuration
CPU System Memory (RAM) Disk Space Available for Delta Cache Operating System
1.8 GHz dual core 2 GB 5 GB Windows Server 2003, 2003 R2, 2008, or 2008 R2
!! See Appendix A of the Cisco WAAS Mobile Administration Guide for production server sizing and operating system guidelines
113
Cisco WAAS Mobile and UCS

!! Industrys Most Scalable Mobile Acceleration
Cisco WAAS Mobile Virtual Appliance
Evolve from hundreds to thousands of concurrent users
Cisco WAAS Mobile Server
Cisco UCS C-200M1
Unparalleled Throughput
600 Mbps LAN-side 200 Mbps WAN-side 100,000 TCP connections
Flexible Multi-Service Platform

Co-host Cisco WAAS Mobile with other applications
Cisco WAAS Mobile Clients

114
Cisco WAAS Mobile

Client Configurations
Supported CPU System Memory (RAM) Disk Space Available for Cache Operating System 750 MHz 512 MB 80 MB Windows XP, prior to SP2
Recommended Minimum 1.5 GHz 1 GB 1 GB Windows XP SP2, Vista, or Windows 7
BRKAPP-2005
Cisco Public
115
Video Optimization
BRKAPP-2005
Cisco Public
Deploying WAAS AOs

Live Video RTSP AO: Edge Splitting
!! Enable Video Accelerator !! Windows Media 9 or later !! Operates on RTSPT only !! Stream Splitting occurs at the edge !! Auto-discovery puts intermediate engines into Pass Through !! ACNS/CDS origin configured with wmt disallowclient-protocols rtspu mmsu to force TCP use !! Option to TCP optimize or drop unaccelerated streams !! Support for Windows Media Logs
WAAS
WAN
ACNS
Live Video Source

117

Brkapp 2005

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Brkapp 2005

Uploaded by

Copyright:

Available Formats

Deploying Cisco Wide Area Application Services (WAAS)

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

!! Extensive Preamble !! Chatty !! Bandwidth Intensive !! Predominantly Unidirectional !! Repetitive Sequences

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

Home Office/ Coffee Shop

New IT and WAN Optimization Requirements

Secondary Data Centre Branch Office

Primary Data Centre

Guest Users Cisco Public

Round Trip Time ~ Many milliseconds

2011 Cisco and/or its affiliates. All rights reserved.

Virtual Private Cloud

VMware ESXi Server

Nexus 1000v VSM WAAS Service Module

UCS /x86 Server FC SAN

Data Center or Private Cloud

WAAS Appliance WAAS Mobile Server VPN

Domestic Mobile User International Mobile User

WAAS Mobile Software Over VPN 7

WAAS Appliances WAAS ISR Modules WAAS Express WAAS Mobile

2011 Cisco and/or its affiliates. All rights reserved.

Presentation Session Transport Network Data Link

TFO Network Data Link

TFO Network Data Link

BRKAPP-2005 BRKAPP-2005 14633_05_2008_c1

2011 Cisco and/or its affiliates. All rights reserved.

IOS Platform with Services and CLI

Windows On WAAS (WOW)

ACNS On WAAS ACNS VB

Configuration Management System (CMS)

TCP Proxy with Scheduler Optimizer (SO) DRE, LZ, TFO

Virtual Blades Kernel Virtual Machine

Flash IOS Shell Linux

Virtual Blade Storage

Ethernet Network I/O

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

DRE Synchronized Compression History

2011 Cisco and/or its affiliates. All rights reserved.

!! Application Optimizers (AOs)

!! Licensed developed and validated with application vendors

!! Intelligent Server Offload

! Server Safely Offloaded ! Fewer Servers Needed ! Power/Cooling Savings

2011 Cisco and/or its affiliates. All rights reserved.

A:D SYN(OPT) D:A SYN/ACK

D:A SYN/ACK Origin Connection

D:A SYN/ACK(OPT) Optimized Connection

2011 Cisco and/or its affiliates. All rights reserved.

A:E SYN(OPT) E:A SYN/ACK

E:A SYN/ACK(OPT) E:A SYN/ACK A:E ACK A:E ACK(OPT)

A:E ACK(OPT) Optimized Connection

2011 Cisco and/or its affiliates. All rights reserved.

!! WAAS Directed Mode

!! Permit TCP options and disable sequence number checking on firewall

!! Cisco firewall with WAAS awareness

Optimized Connection No Connection Layer Security

2011 Cisco and/or its affiliates. All rights reserved.

WAAS Deployment Installation and Configuration

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.