Скачать презентацию BRKAPP-2005 13700_05_2006_c 1 2007 Cisco Systems Inc Скачать презентацию BRKAPP-2005 13700_05_2006_c 1 2007 Cisco Systems Inc

f59bc0bc1791896d205097ec9d8e8b1e.ppt

  • Количество слайдов: 113

BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1 BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1

Deploying Cisco Wide Area Application Services (WAAS) BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Deploying Cisco Wide Area Application Services (WAAS) BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2

Associated Sessions § BRKAPP-1004: Introduction to Cisco Wide Area Application Services (WAAS) § BRKAPP-3006: Associated Sessions § BRKAPP-1004: Introduction to Cisco Wide Area Application Services (WAAS) § BRKAPP-3006: Troubleshooting Cisco Wide Area Application Services (WAAS) BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3

Application Networking Business-Ready Enterprise SFA Sales Force Automation CRM ERP ERM Customer Enterprise Relationship Application Networking Business-Ready Enterprise SFA Sales Force Automation CRM ERP ERM Customer Enterprise Relationship Requirements Resource Management Planning Management SCM Supply Chain Management Communications Order Processing Productivity Vertical Application Networking Services Application Delivery and Application-Oriented Networking Transport Infrastructure Eth, FC, IB, WAN, MAN Server OS, Hardware Storage Infrastructure SAN, NAS, DAS Optimizing Application Performance with Existing Server, Storage, and Network Infrastructure BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4

Application Optimization Infrastructure Network Classification Application Scalability Application Networking § § § Quality of Application Optimization Infrastructure Network Classification Application Scalability Application Networking § § § Quality of service Network-based app recognition Queuing, policing, shaping Visibility, monitoring, control Server load-balancing Site selection SSL termination and offload Video delivery Message transformation Protocol transformation Message-based security Application visibility WAN Application Acceleration WAN Acceleration Application Optimization § § § Latency mitigation Application data cache Meta data cache Local services BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Data redundancy elimination Window scaling LZ compression Adaptive congestion avoidance Cisco Confidential Delta encoding Flash. Forward optimization Application security Server offload 5

Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Network Deployments § Central Manager Configuration § Application Testing and Tuning § Sizing Guidelines § Operations BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6

WAAS Overview Session and Transport Layer Optimization Host A Host B Application Presentation WAE WAAS Overview Session and Transport Layer Optimization Host A Host B Application Presentation WAE 1 WAE 2 Presentation Session Transport Network Data Link Physical Origin Physical Optimized Physical Origin Physical WAN BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7

WAAS Overview Wide Area Application Engine (WAE) WAAS Platform with Services and Cisco IOS WAAS Overview Wide Area Application Engine (WAE) WAAS Platform with Services and Cisco IOS CLI CIFS Adapter Endpoint Port Mapper (EPM) Adapter TCP Proxy (DRE/LZ/TFO) Data Redundancy Elimination Compression TCP Flow Optimization Configuration Management System (CMS) Windows Print Server Cisco Linux Flash Cisco IOS Shell Linux BRKAPP-2005 13700_05_2006_c 1 Application Storage © 2007 Cisco Systems, Inc. All rights reserved. Cache Storage Cisco Confidential 8

WAAS Overview DRE and LZ Manage Bandwidth Utilization § Data Redundancy Elimination (DRE) provides WAAS Overview DRE and LZ Manage Bandwidth Utilization § Data Redundancy Elimination (DRE) provides advanced compression to eliminate redundancy from network flows regardless of application § LZ compression provides generic compression for all traffic (even traffic with redundancy removed) Origin Connection WAN Optimized Connection FILE. DOC DRE CACHE LZ Encode BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential LZ Decode 9

WAAS Overview TFO Improves Transport Performance § TFO overcomes TCP and WAN bottlenecks § WAAS Overview TFO Improves Transport Performance § TFO overcomes TCP and WAN bottlenecks § Shields nodes connections from WAN conditions Clients experience fast acknowledgement Minimize perceived packet loss Eliminate need to use inefficient congestion handling WAN LAN TCP Behavior BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Window Scaling Large Initial Windows Congestion Mgmt Improved Retransmit Packet Aggregation Cisco Confidential LAN TCP Behavior 10

WAAS Overview Auto-Discovery—TCP SYN § When the client sends a TCP-SYN packet, WAE 1 WAAS Overview Auto-Discovery—TCP SYN § When the client sends a TCP-SYN packet, WAE 1 will apply TCP options to identify itself and specify the optimizations that it would like to apply § The modified TCP-SYN packet is then forwarded to the server, and intercepted on the other side In. Line, WCCPv 2 or PBR A In. Line, WCCPv 2 or PBR B WAN A: B TCP SYN (marked) WAE 1 BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. I would like to accelerate this connection! Here are my details Cisco Confidential WAE 2 11

WAAS Overview Auto-Discovery—TCP SYN (Cont. ) § Once WAE 2 receives the TCP-SYN packet WAAS Overview Auto-Discovery—TCP SYN (Cont. ) § Once WAE 2 receives the TCP-SYN packet with the options marked, it then knows WAE 1’s details and desire to optimize this connection § The TCP-SYN packet is then forwarded to the server A In. Line, WCCPv 2 or PBR B In. Line, WCCPv 2 or PBR WAN A: B TCP SYN (marked) WAE 1 BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential WAE 2 Now I know about WAE 1 and which optimizations are desired. 12

WAAS Overview Auto-Discovery—TCP SYN-ACK § When the server responds with the TCP SYN-ACK, WAE WAAS Overview Auto-Discovery—TCP SYN-ACK § When the server responds with the TCP SYN-ACK, WAE 2 then marks TCP options to acknowledge optimization and to identify itself to WAE 1 § The marked TCP SYN-ACK packet is then forwarded towards the client and intercepted on the other side A In. Line, WCCPv 2 or PBR B In. Line, WCCPv 2 or PBR WAN B: A TCP SYN/ACK (marked) WAE 1 BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential WAE 2 Acknowledge acceleration! Here are my details. 13

WAAS Overview Auto-Discovery—TCP SYN-ACK (Cont. ) § When WAE 1 receives the TCP SYN-ACK WAAS Overview Auto-Discovery—TCP SYN-ACK (Cont. ) § When WAE 1 receives the TCP SYN-ACK with the optimization confirmation and details about WAE 2, the defined policy (or negotiated optimizations) can then be acknowledged § The TCP SYN-ACK packet is then forwarded to the client In. Line, WCCPv 2 or PBR A In. Line, WCCPv 2 or PBR B WAN B: A TCP SYN/ACK WAE 1 BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. ACCELERATION CONFIRMED! Cisco Confidential WAE 2 14

WAAS Overview Auto-Discovery—TCP ACK § After the SYN-ACK is received, the TCP proxy is WAAS Overview Auto-Discovery—TCP ACK § After the SYN-ACK is received, the TCP proxy is initiated for the connection, and WAE 1 sends a TCP ACK to WAE 2 to acknowledge optimizations § WAE 2 can then send a TCP ACK to Server B § Client A sends a TCP ACK to WAE 1 In. Line, WCCPv 2 or PBR A B In. Line, WCCPv 2 or PBR WAN A: B TCP ACK WAE 1 BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential A: B TCP ACK WAE 2 ACCELERATION CONFIRMED! 15

WAAS Overview Auto-Discovery—Summary § WAE B closest to host A & WAE C closest WAAS Overview Auto-Discovery—Summary § WAE B closest to host A & WAE C closest to host B § Connection optimized between WAE B & C A B C D A: D SYN(OPT) D: A SYN/ACK(OPT) D: A SYN/ACK A: D ACK BRKAPP-2005 13700_05_2006_c 1 A: D ACK Origin Connection © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Optimized Connection Origin Connection 16

WAAS Overview Auto-Discovery—Three or More WAEs § WAE B closest to host A; WAE WAAS Overview Auto-Discovery—Three or More WAEs § WAE B closest to host A; WAE D closest to host E § Intermediate WAE C sees TCP option mark in both directions and goes into pass through (PT) A B C D E A: E SYN(OPT) E: A SYN/ACK(OPT) E: A SYN/ACK A: E ACK(OPT) A: E ACK BRKAPP-2005 13700_05_2006_c 1 Optimized Connection Origin Connection © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Origin Connection 17

WAAS Overview Auto-Discovery—One WAE § WAE B is closest to host A and host WAAS Overview Auto-Discovery—One WAE § WAE B is closest to host A and host See § No TCP option mark is seen in either direction § WAE B goes into Pass Through (PT) A B C A: C TCP SYN A: C SYN(OPT) C: A SYN ACK A: C ACK Origin Connection BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Origin Connection 18

WAAS Overview Auto-Discovery and WAE Failure § WAEs will shift TCP SEQ numbers of WAAS Overview Auto-Discovery and WAE Failure § WAEs will shift TCP SEQ numbers of optimized connections by 2 billion § If a WAE that was optimizing connections fails: Receiving host will see segments with SEQ/ACK numbers that are out of range Host will reset (RST) connection WAAS will propagate the RST § The client or server application can then re-establish a new TCP connection, which will go through the auto-discovery process again BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19

WAAS Overview Application Adapters Mitigate Session Latency § Application and protocol awareness Cache and WAAS Overview Application Adapters Mitigate Session Latency § Application and protocol awareness Cache and Protocol Proxy Eliminate unnecessary chatter and transfer Pre-populate edge cache as necessary ~90% msgs 10% actual storage Enable disconnected operations § Intelligent protocol proxy Transparent or non-transparent Improves application response time WAN Optimization DRE/TFO/LZ Provide origin server offload § WAASv 4 application adapters CIFS (Windows File Services) Origin Server 100% of capacity Windows printing BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20

WAAS Overview CIFS Server Auto-Discovey servers clients (2) discover (1) SYN WAN core (5) WAAS Overview CIFS Server Auto-Discovey servers clients (2) discover (1) SYN WAN core (5) SYN-ACK servers edge (4) accept or pass-through (2) discover (3) connect 3 WS core BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21

Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Network Deployments § Central Manager Configuration § Application Testing and Tuning § Sizing Guidelines § Operations BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22

Installation Central Manager (CM) § Place in the data center server farm (not on Installation Central Manager (CM) § Place in the data center server farm (not on an accelerator subnet) device mode central-manager § Non-default configuration (optionally use setup script) primary-interface Gigabit. Ethernet 1/0 Device mode hostname dc 1 -cm 1 interface Gigabit. Ethernet 1/0 Hostname ip address 10. 1. 1. 31 255. 0 Primary-interface exit IP configuration ip default-gateway 10. 1. 1. 254 Date/Time configuration ip name-server 10. 1. 1. 21 Configuration Management System (CMS) clock timezone US/Eastern -4 0 § CMS must be enabled to access the web GUI ntp server 10. 1. 1. 254 cms enable § Optionally use standby interface to dual -home to two switches BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23

Installation Accelerator § Non-default configuration hostname br 1 -wae 1 primary-interface Gigabit. Ethernet 1/0 Installation Accelerator § Non-default configuration hostname br 1 -wae 1 primary-interface Gigabit. Ethernet 1/0 Device mode Hostname interface Gigabit. Ethernet 1/0 Primary-interface IP configuration ip address 10. 1. 100. 101 255. 0 CMS enable exit § CMS required to register with CM § Use name for CM to ease CM moves § Use standby to dual-home WAE to two switches in a redundant environment (N+1 redundancy vs. 1: 1 redundancy) § Use Ether. Channel® to achieve higher throughput and redundancy ip default-gateway 10. 1. 100. 254 ip name-server 10. 1. 1. 21 ! Implement DNS for CM mobility central-manager address cm. allcisco. com cms enable § Autoregistration enables CM discovery through DHCP option request BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24

Installation WAE Interface Configuration wae(config)#interface Gigabit. Ethernet 1/0 wae(config-if)#ip address 10. 10. 10 255. Installation WAE Interface Configuration wae(config)#interface Gigabit. Ethernet 1/0 wae(config-if)#ip address 10. 10. 10 255. 0 wae(config-if)#bandwidth 1000 Interface Gigabit. Ethernet 2/0 must enable autosense when speed is 1000 Mbps. Setting interface mode. . . wae(config-if)#no shutdown Gigabit Is Autosense wae(config)#interface gigabit. Ethernet 2/0 wae(config-if)#bandwidth 100 wae(config-if)#full-duplex wae(config-if)#no shutdown The interface was up. wae(config-if)#exit Do not use “speed” like the router wae(config)# WAAS & ACNS use “bandwidth” command No shut is default § Configuring a WAE interface IP address, subnet mask, speed, duplex, and operational state BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25

Installation WAE Interface Channeling wae(config)# interface Port. Channel 1 wae(config-if)#no shut wae(config-if)#ip address 10. Installation WAE Interface Channeling wae(config)# interface Port. Channel 1 wae(config-if)#no shut wae(config-if)#ip address 10. 1. 1. 31 255. 0 wae(config)# interface gigabit. Ethernet 1/0 wae(config-if)#no shutdown wae(config-if)#channel-group 1 wae(config-if)#exit wae(config)#interface gigabit. Ethernet 2/0 wae(config-if)#no shut wae(config-if)#channel-group 1 § Interfaces can be bundled into a Port. Channel for load-balancing and high availability across switch modules § Requires identical interface configuration on both physical interfaces § IP addresses are defined on the Port. Channel interface BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26

Installation Standby Network Interface Card (NIC) Teaming § Must be layer 2 path between Installation Standby Network Interface Card (NIC) Teaming § Must be layer 2 path between two NICs § Higher priority selects initial primary interface § Default priority is 100 § Preempt is not supported G 1/0 BRKAPP-2005 13700_05_2006_c 1 G 2/0 wae(config)#primary-interface Standby 1 wae(config)#interface Standby 1 wae(config-if)#ip address 10. 1. 2. 100 255. 0 wae(config-if)#exit wae(config)#interface Gigabit. Ethernet 1/0 wae(config-if)#standby 1 priority 105 wae(config-if)#exit wae(config)#interface Gigabit. Ethernet 2/0 wae(config-if)#standby 1 wae(config-if)#exit dc 1 -wae 1#show standby Standby Group: 1 IP address: 10. 1. 2. 100, netmask: 255. 0 Member interfaces: Gigabit. Ethernet 1/0 priority: 105 Gigabit. Ethernet 2/0 priority: 100 Active interface: Gigabit. Ethernet 1/0 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27

Installation Viewing Interface Statistics wae#sh int gigabit. Ethernet 1/0 Type: Ethernet address: 00: 11: Installation Viewing Interface Statistics wae#sh int gigabit. Ethernet 1/0 Type: Ethernet address: 00: 11: 25: AA: 2 B: 1 A Internet address: 10. 10. 10 Broadcast address: 10. 10. 255 Netmask: 255. 0 Maximum Transfer Unit Size: 1500 Metric: 1 Packets Received: 26603 Input Errors: 0 Input Packets Dropped: 0 Input Packets Overruns: 0 Input Packets Frames: 0 Packet Sent: 18662 Output Errors: 0 Output Packets Dropped: 0 Output Packets Overruns: 0 Output Packets Carrier: 0 Output Queue Length: 1000 Collisions: 0 Base address: 0 x 2000 Flags: UP BROADCAST RUNNING MULTICAST Mode: full-duplex, 100 base. TX BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Layer 2 and Layer 3 Addresses Network Mask MTU Ethernet Collisions Operational State Duplex Speed 28

Installation Viewing Port. Channel Statistics wae#sh int port. Channel 1 Interface Port. Channel 1 Installation Viewing Port. Channel Statistics wae#sh int port. Channel 1 Interface Port. Channel 1 (1 physical interface(s)): Physical Interfaces Gigabit. Ethernet 2/0 (active) Interface State ----------Type: Ethernet address: 00: 11: 25: AA: 2 B: 1 B Layer 2 and Layer 3 Addresses Internet address: 10. 10. 10 Network Mask Broadcast address: 10. 10. 255 MTU Netmask: 255. 0 Maximum Transfer Unit Size: 1500 Metric: 1 Packets Received: 0 Input Errors: 0 Input Packets Dropped: 0 Input Packets Overruns: 0 Input Packets Frames: 0 Packet Sent: 0 Output Errors: 0 Output Packets Dropped: 0 Output Packets Overruns: 0 Output Packets Carrier: 0 Output Queue Length: 0 Collisions: 0 Flags: UP BROADCAST RUNNING MASTER MULTICAST BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29

Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Network Deployments § Central Manager Configuration § Application Testing and Tuning § Sizing Guidelines § Operations BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30

WCCP Overview § Introduced by Cisco in 1997 § WCCP Version 2 integrated into WCCP Overview § Introduced by Cisco in 1997 § WCCP Version 2 integrated into Cisco IOS 12. 0(3)T § Transparently redirects UDP/TCP packets § Supports flows being returned to original traffic path (bypass) § Supports up to 32 routers and 32 caches per “service” § Enforces connection sticky by source or destination address or port § Flow protection if changes occur in the cluster § MD 5 authentication to secure engine registration § Egress and ingress interface intercept BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31

WCCP Roles and Functions § Engine (WCCP client) § Engine assignment Registers services 61/62 WCCP Roles and Functions § Engine (WCCP client) § Engine assignment Registers services 61/62 with “Here I Am” if application is operational Hash (software) method Transmits “Here I Am” every 10 seconds Reassigns engine failure Lead engine instructs routers on protocol/port, assignment, forwarding, and return methods Mask (hardware) method § Forward to engine methods L 2 MAC rewrite § Router (WCCP server) Accepts service group 61/62 registration Acks “Here I Am” with “I See You” L 3 WCCP GRE forward § Return to network methods Waits 30 (3 x 10) seconds before declaring engine failed IP forwarding – host routing Announce engines to other engines WCCP L 2 return WCCP GRE return Lead engine determined by lowest IP address Redirects traffic to engine Registration Announces WAE on Specific Service Group, Provides Availability Notification, Requests interesting Traffic BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32

WCCP Interception and Assignment § Identify traffic Ingress redirection (preferred) Egress redirection § WAE WCCP Interception and Assignment § Identify traffic Ingress redirection (preferred) Egress redirection § WAE failure results in redistribution of load to remaining WAEs in 30 sec § If no remaining WAE’s service group is taken offline and packets are not redirected Fast. Ethernet 0/0 ip wccp 61 redirect in BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential § WAAS WCCP load balances based on a source or destination IP address § WAE registers two service groups Service group 61—All TCP traffic, load-balance on src-IP Service group 62—All TCP traffic, load-balance on dst-IP Serial 0 ip wccp 62 redirect in 33

WCCP Forwarding and Return § Redirection from router to WAE GRE—Entire packet GRE tunneled WCCP Forwarding and Return § Redirection from router to WAE GRE—Entire packet GRE tunneled to the engine Layer 2—Frame MAC address rewritten to engine MAC § Return from WAE to router GRE—Entire packet GRE tunneled to the router Layer 2—Frame MAC address rewritten to router MAC IP Forward—Engine issues ARP for default gateway Interception Monitors for Traffic that Matches Any Configured Service Groups and Forward Using GRE or L 2 Redirect BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Engine Returns Traffic to Network via WCCP GRE, WCCP L 2, or IP Forward 34

WCCP Platform Recommendations Software Routers Hardware Accelerated Switches § Cisco 7200, 7300, 7400, 7500 WCCP Platform Recommendations Software Routers Hardware Accelerated Switches § Cisco 7200, 7300, 7400, 7500 family routers § Use mask assignment only GRE forwarding only § Cisco Catalyst® 4500 and 4948 family switches L 2 only Hash assignment only no redirect-list § Cisco Integrated Services Routers 1800, 2800, 3800 GRE forwarding only Inbound only § Cisco Catalyst 3750 family switches L 2 only Hash assignment only Inbound only § Cisco Catalyst 6500 and 7600 Sup 720 GRE and L 2 forwarding in hardware GRE return in software L 2 return in hardware Sup 2 GRE forwarding in software L 2 forwarding in hardware GRE return in software BRKAPP-2005 13700_05_2006_c 1 L 2 return in hardware © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35

WCCP Configuration Steps § To configure WCCPv 2, the WAE configuration involves: Enabling WCCP WCCP Configuration Steps § To configure WCCPv 2, the WAE configuration involves: Enabling WCCP version 2 Defining the list of routers to register against Registering with the routers as a TCP promiscuous device § The router configuration involves: Enabling CEF (optional) Enabling WCCP version 2 Specifying the service groups to support Configuring redirection on the appropriate interfaces BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36

WCCP Common Configuration Topologies 1 2 LAN WAN 3 4 LAN 1. 2. 3. WCCP Common Configuration Topologies 1 2 LAN WAN 3 4 LAN 1. 2. 3. 4. WAN LAN WAN Common one-arm configuration WAN router is transit to another site Local servers on separate branch subnet WAE on host subnet using GRE return in WAAS 4. 0. 13 61/out 62/out 61/in 62/in Redirect Exclude BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37

WCCP Configuration—WAE Enables WCCP Version 2 Is Required to Support the TCP Promiscuous Service WCCP Configuration—WAE Enables WCCP Version 2 Is Required to Support the TCP Promiscuous Service Groups WAE# config t WAE(config)# wccp version 2 WAE(config)# wccp router-list 1 1. 1 WAE(config)# wccp tcp-promiscuous router-list 1 Specifies that the WAE Should Register as a TCP Promiscuous Device with Each of the Routers Listed in Router List Number “ 1” TCP Promiscuous Represents WCCPv 2 Service Groups 61 and 62 BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Defines a Router List with Unique Identifier of “ 1”, Defining the IP Addresses of Each of the Routers that Are Referenced by the List. Up to Four Routers Can Be Specified Here. Must Be Reachable via the WAE Optimization Interface 38

WCCP Configuration—Router Global Enables Cisco Express Forwarding (CEF) Recommended that CEF Be Enabled on WCCP Configuration—Router Global Enables Cisco Express Forwarding (CEF) Recommended that CEF Be Enabled on Any Router Where WCCPv 2 Is Configured 2811# config term 2811(config)# ip cef 2811(config)# ip wccp version 2 2811(config)# ip wccp 61 redirect-list waas 2811(config)# ip wccp 62 redirect-list waas Enables Support for Service Group 61 and 62, Which Are the Service Group Numbers Used by TCP Promiscuous on the Cisco WAE 61—All TCP Traffic, Balanced by src-ip 62—All TCP Traffic, Balanced by dst-IP Optional Redirect List BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Enables WCCP Version 2 Is Required for Support of TCP Promiscuous Service Groups Used by Cisco WAAS 39

WCCP Configuration—Router Global (Cont. ) Specifies that Inbound Redirection for Service Group 61 Be WCCP Configuration—Router Global (Cont. ) Specifies that Inbound Redirection for Service Group 61 Be Applied to the User Access VLAN 2811(config)# interface Fast. Ethernet 0/0. 10 2811(config-if)# ip wccp 61 redirect in 2811(config-if)# interface Serial 0 2811(config-if)# ip wccp 62 redirect in Specifies that Inbound Redirection for Service Group 62 Be Applied to the WAN Interface BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40

WCCP Configuration—Router Global (Cont. ) § “Inbound” redirection is recommended § When “Outbound” redirection WCCP Configuration—Router Global (Cont. ) § “Inbound” redirection is recommended § When “Outbound” redirection is required and WAE is one arm, exclude in must be applied to the WAE router interface § Exclude in ensures WAE sourced optimized traffic is not redirected back to the WAE 2811(config-if)# interface Fast. Ethernet 0/0. 11 2811(config-if)# ip wccp redirect exclude in Configured on Router WAE Interface Specifies that Any Packets Received on this Interface Not Be Candidates for Redirection When Leaving Another Interface BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41

WCCP Redirect Lists for Pilots and Management Traffic ip access-list extended waas remark WAAS WCCP Redirect Lists for Pilots and Management Traffic ip access-list extended waas remark WAAS WCCP Pilot Redirect List remark WAAS WCCP Mgmt Redirect List permit tcp any 10. 1. 3. 0 0. 0. 0. 255 deny tcp any eq telnet deny tcp any eq 22 deny tcp any eq 161 deny tcp any eq 162 deny tcp any eq bgp deny tcp any eq telnet any deny tcp any eq 22 any deny tcp any eq 161 any deny tcp any eq 162 any deny tcp any eq bgp any permit tcp 10. 1. 3. 0 0. 0. 0. 255 any Single ACL may include interesting traffic in both directions. Implicit deny excludes all other traffic from redirection. Avoid redirection of management traffic to the WAE with a global bidirectional deny ACL with permitany remaining traffic. Ensure that the WAAS IP access-list Is created before configuring the global IP WCCP 61 and 62 BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential permit tcp any 42

WCCP Verify WCCP Operation on Router and WAE dc 1 -rtr 1#show ip wccp WCCP Verify WCCP Operation on Router and WAE dc 1 -rtr 1#show ip wccp Global WCCP information: Router Identifier: 10. 1. 3. 254 Protocol Version: dc 1 -wae 1#show wccp routers 2. 0 Service Identifier: 61 Number of Cache Engines: Number of routers: Total Packets Redirected: Process: Fast: CEF: Redirect access-list: Total Packets Denied Redirect: Total Packets Unassigned: Group access-list: Total Messages Denied to Group: Total Authentication failures: Total Bypassed Packets Received: 1 1 1954820 474 0 1954346 -none 0 24 -none 0 0 4 Service Identifier: 62 Number of Cache Engines: Number of routers: Total Packets Redirected: Process: Fast: CEF: Redirect access-list: Total Packets Denied Redirect: Total Packets Unassigned: Group access-list: Total Messages Denied to Group: Total Authentication failures: Total Bypassed Packets Received: 1 1 581196 107 0 581089 -none 0 17 -none 0 0 Policy 5 BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Router Information for Service: TCP Promiscuous 61 Routers Configured and Seeing this Engine(1) Router Id Sent To Recv ID 10. 1. 3. 254 10. 1. 2. 254 0001 CD 80 Routers not Seeing this File Engine -NONERouters Notified of but not Configured -NONEMulticast Addresses Configured -NONERouter Information for Service: TCP Promiscuous 62 Routers Configured and Seeing this Engine(1) Router Id Sent To Recv ID 10. 1. 3. 254 10. 1. 2. 254 0001 CD 7 C Routers not Seeing this File Engine -NONERouters Notified of but not Configured -NONEMulticast Addresses Configured -NONEdc 1 -wae 1#show wccp gre Transparent GRE packets received: Transparent non-GRE non-WCCP packets received: Total packets accepted: Packets sent back to router: WCCP GRE Forwarded GRE packets sent to router (not bypass): Packets sent to another WCCP L 2 Forwarded WAE: Packets received with client IP Based Routed or ACE Forwarded addresses: 105587 0 0 100152 0 52222 0 100152 43

WCCP Egress Methods wae(config)#egress-method ? ip-forwarding IP forwarding egress method (default) negotiated-return WCCP negotiated WCCP Egress Methods wae(config)#egress-method ? ip-forwarding IP forwarding egress method (default) negotiated-return WCCP negotiated return egress method dc 1 -wae 1(config)#egress-method negotiated-return intercept-method wccp Negotiated Return wae#show egress-methods Intercept method : WCCP TCP Promiscuous 61 : WCCP negotiated return method : WCCP GRE Destination -----any Egress Method Configured -----------WCCP Negotiated Return Method Egress Method Used ------WCCP GRE TCP Promiscuous 62 : WCCP negotiated return method : WCCP GRE Destination -----any Egress Method Configured -----------WCCP Negotiated Return Egress Method Used ------WCCP GRE Use Negotiated GRE return if WAE is placed on host subnet BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44

WCCP General Recommendations § General Deploy across edge or distribution in preference to core WCCP General Recommendations § General Deploy across edge or distribution in preference to core Use WCCP passwords to avoid denial-of-service attack § Engine Do not register engine with router virtual IP address (HSRP/VRRP) Disable slow-start “no wccp slow-start enable” on engine § Router Enable CEF Use WCCP redirect lists for trials to limit client/server groups Prefer ingress-based WCCP over egress-based § L 3 Switch Use hardware forwarding when available Use ingress-based WCCP only Use mask assignment with small mask for few engines and large mask for many engines (maximum 7 bits for 128 buckets across maximum 32 engines) BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45

Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Network Deployments § Central Manager Configuration § Application Testing and Tuning § Sizing Guidelines § Operations BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 46

Branch Network Deployments Non-Redundant Branch § Inline WAN § On Host Subnet § Network Branch Network Deployments Non-Redundant Branch § Inline WAN § On Host Subnet § Network Module WAN § Off-Router Deployment WAN BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 47

Branch Network Deployments Non-Redundant Branch In. Line g 1/0 s 1 1/0/LAN e 1 Branch Network Deployments Non-Redundant Branch In. Line g 1/0 s 1 1/0/LAN e 1 r 1 WAN 1/0/WAN 1/1/LAN 1/0/WAN 1/0/LAN § Engine One In. Line NIC per WAE appliance (cannot be used with WCCP) Installed in-path between switch and router or firewall Use single pair of inline ports (1/0 or 1/1) removing RJ 45 port covers Remove RJ 45 port covers prior to plugging in cable Ports fail-to-wire upon hardware, software, or power failure Support for interception 802. 1 q trunks Ensure that WAN and LAN bandwidth and duplex are identically configured Requires Gigabit. Ethernet 1/0 for primary interface § Router Crossover cable from router to engine § Switch Straight through cable from engine to switch Implement switch port fast for faster failover recovery BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 48

Branch Network Deployments Branch In. Line Configuration wae(config)#interface Inline. Group 1/0 failover inline shutdown Branch Network Deployments Branch In. Line Configuration wae(config)#interface Inline. Group 1/0 failover inline shutdown Modify failover timeout parameters Enable/Disable interception Put in passthrough mode wae(config)#interface Inline. Port [1/0/LAN | 1/0/WAN] autosense bandwidth full-duplex half-duplex Interface autosense bandwidth fullduplex halfduplex Apply Consistent Bandwidth and Duplex Settings on Router and Switch Side Interfaces wae#show interface inlinegroup 1/0 Interface is in intercept operating mode. Standard NIC mode is off. Disable bypass mode is off. VLAN IDs configured for inline interception: All Watchdog timer is enabled. Timer frequency: 1600 ms. Autoreset frequency 500 ms. The watchdog timer will expire in 1195 ms. BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 49

Branch Network Deployments Branch In. Line Status Br 1 -wae 1#show interface inlineport 1/0/LAN Branch Network Deployments Branch In. Line Status Br 1 -wae 1#show interface inlineport 1/0/LAN Device name : eth 5. Bypass slave interface. Packets Received : 968932 Packets Intercepted: 781189 Packets Bridged : 187743 Packets Forwarded : 785048 Packets Dropped : 0 Packets Received on native : 0 Active flows for this interface : 0 Received Is Total Packets Intercepted Is All TCP Packets Bridged Are Non-TCP Packets Forwarded Are Sent from Inline Interface Ethernet Driver Status ------------Type: Ethernet address: 00: ED: 04: BA: 23 Maximum Transfer Unit Size: 1500 Metric: 1 Packets Received: 968932 Input Errors: 0 Input Packets Dropped: 0 Input Packets Overruns: 0 Input Packets Frames: 0 Packet Sent: 1254163 Output Errors: 0 Output Packets Dropped: 0 Output Packets Overruns: 0 Output Packets Carrier: 0 Output Queue Length: 100 Collisions: 0 Base address: 0 x 30 c 0 Flags: UP BROADCAST RUNNING MULTICAST Mode: autoselect, full-duplex, 100 base. TX BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 50

Branch Network Deployments Non-Redundant Host Subnet Deployment h 1 rtr 1 h 2 sw Branch Network Deployments Non-Redundant Host Subnet Deployment h 1 rtr 1 h 2 sw 1 IP Network Host Subnet Primary and optimization interface Optional Etherchannel Default GW is host GW e 1 § Engine Requires WCCP with WAAS 4. 0. 13 or later GRE forwarding with stateful negotiated WCCP GRE return Primary interface used for management and optimizations Default gateway is same as hosts Port. Channel supported IP forward return for router offload Local hosts (WAAS 4. 0. 13) Specified hosts (Future) § Router/Switch Requires WCCP GRE capable router (no Catalyst 3750 or 4500) BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 51

Branch Network Deployments WAE on Host Subnet h 1 rtr 1 h 2 sw Branch Network Deployments WAE on Host Subnet h 1 rtr 1 h 2 sw 1 IP Network e 1 ip wccp 61 redirect-list WAAS wccp router-list 1 10. 1. 2. 254 ip wccp 62 redirect-list WAAS wccp tcp-promiscuous router-listnum 1 interface Gigabit. Ethernet 0/1 wccp version 2 description Origin LAN egress-method negotiated-return intercept-method wccp ip wccp 61 redirect in interface Serial 0/0 description Optimized WAN ip wccp 62 redirect in Define Egress Method Based on Intercept Method (WAAS 4. 0. 13) BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 52

Branch Network Deployments Network Module rtr 1 h 1 IP Network sw 1 h Branch Network Deployments Network Module rtr 1 h 1 IP Network sw 1 h 2 e 1 Internal g 1/0 service module g 1/0 internal 1. 1. 1. 2 NME 1/0 integratedserviceengine 1/0 1. 1 RTR service module external g 2/0 10. 1. 1. 1 external g 2/0 router g 0/0 Router Configuration Commands ip wccp 61 redirect-list waas ip wccp 62 redirect-list waas interface integrated-service-engine 1/0 Router Service Module Commands description Origin LAN ip address 1. 1 255. 0 ip wccp 61 redirect in service-module IP address 1. 1. 1. 2 255. 0 service-module external ip address 10. 1. 1. 1 255. 0 service-module ip default-gateway 1. 1 interface Serial 0/0 description Optimized WAN ip wccp 62 redirect in show interfaces integrated-services-engine 1/0 BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. service-module integrated-service-engine 1/0 show service-module Integrated-Service. Engine 1/0 NME WAE Configuration WAE(config)#wccp router-list 1 1. 1 WAE(config)#wccp tcp-promiscuous router-listnum 1 WAE(config)#wccp version 2 Use external interface for Direct host return Cisco Confidential 53

Branch Network Deployments Non-Redundant Off-Router One-Arm Deployment rtr 1 h 1 IP Network sw Branch Network Deployments Non-Redundant Off-Router One-Arm Deployment rtr 1 h 1 IP Network sw 1 h 2 e 1 § Engine Primary interface Optional Port. Channel Default GW is router WAE Interface Subnet must be routable WCCP or PBR Single Interface or Port. Channel for higher performance and availability WAE primary interface is routable WAE default gateway is dedicated router interface or sub-interface § Router Prefer inbound redirection Use “ip wccp redirect exclude in” on WAE interface if WCCP redirect out is configured any where on router § Switch Trunk to router if necessary BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 54

Branch Network Deployments Non-Redundant Off-Router One-Arm Deployment rtr 1 h 1 IP Network sw Branch Network Deployments Non-Redundant Off-Router One-Arm Deployment rtr 1 h 1 IP Network sw 1 h 2 e 1 Router Configuration Commands WAE Configuration Commands ip wccp 61 redirect-list WAAS wccp router-list 1 10. 1. 2. 254 wccp tcp-promiscuous router-list-num 1 wccp version 2 ip wccp 62 redirect-list WAAS ! interface Gigabit. Ethernet 0/0 description Origin Host LAN ip wccp 61 redirect in interface Gigabit. Ethernet 0/1 description WAE LAN ip wccp redirect exclude in* interface Serial 0/0 description Optimized WAN ip wccp 62 redirect in * Required if WCCP redirect out BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 55

Branch Network Deployments Non-Redundant Off-Router Two-Arm Deployment rtr 1 h 1 IP Network sw Branch Network Deployments Non-Redundant Off-Router Two-Arm Deployment rtr 1 h 1 IP Network sw 1 h 2 e 1 Origing traffic returned direct to host No Default-Gateway g 2/0 g 1/0 WAE optimized subnet Routable primary interface Optimization Interface Default GW § Engine Offload low end router WCCP or PBR Primary interface used for management and optimizations Secondary interface on user VLAN to bypass router to hosts WAE default gateway is dedicated WAE router interface Port. Channel not supported in this configuration § Router Prefer inbound redirection § Switch Trunk to router if necessary Engine BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 56

Branch Network Deployments Redundant Branch WAN 1 WAN 2 § Inline multi-homed Bridged square Branch Network Deployments Redundant Branch WAN 1 WAN 2 § Inline multi-homed Bridged square WAN Dual homed § NM multi-homed WAN § WCCP multi-homed BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 57

Branch Network Deployments Redundant In. Line Branch 1/0/WAN 1/0/LAN 1/0/WAN e 1 WAN 1 Branch Network Deployments Redundant In. Line Branch 1/0/WAN 1/0/LAN 1/0/WAN e 1 WAN 1 g 1/0 r 2 g 1/0 e 2 1/1/LAN WAN 2 1/1/WAN 1/1/LAN § WAE installed in-path between switch and router § Use both pairs of inline ports (1/0 and 1/1) § Ports fail-to-wire upon hardware, software, or power failure § Support for 802. 1 q trunks § Support single NIC on all WAE appliances § Cannot be used with WCCP § Requires Gigabit. Ethernet 1/0 for primary interface § Crossover cable from router to engine § Crossover cable from engine to engine § Straight through cable from engine to switch BRKAPP-2005 13700_05_2006_c 1 1/1/WAN 1/1/LAN 1/0/WAN 1/0/LAN © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential § Automatic failover and load sharing via WAAS Auto Discovery e 1 fills to capacity then goes into Pass Through (PT) e 2 fills to capacity then goes to Pass Through (PT) § Ensure that WAN and LAN bandwidth and duplex are identically configured § Implement spanning tree port fast 58

Branch Network Deployments Redundant L 2 Branch Off WAN Router One-Arm h 1 sw Branch Network Deployments Redundant L 2 Branch Off WAN Router One-Arm h 1 sw 1 rtr 1 h 2 e 1 e 2 IP Network h 3 h 4 sw 2 rtr 2 § WCCP for two or more WAEs § Passive interface routing on all host subnets § Route on WAE subnet (no passive interface) § If no stateful WCCP GRE return then lose upstream WAN balancing § WCCP 61 redirect in on host interfaces § WCCP 62 redirect in on WAN interfaces BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 59

Branch Network Deployments Redundant L 3 Branch Off LAN Router One-Arm rtr 3 h Branch Network Deployments Redundant L 3 Branch Off LAN Router One-Arm rtr 3 h 1 sw 1 e 1 rtr 1 IP Network e 2 h 2 rtr 4 § § § § § rtr 2 WCCP for two or more WAEs L 3 LAN switch commonly Cisco Catalyst 3750, 4500, or 6500 Use WCCP L 2 forwarding and mask assignment Maintains upstream WAN load balancing using CEF equal cost path load balancing Passive interface routing on all host subnets Route on WAE subnet (no passive interface) WCCP 61 redirect in on host interfaces WCCP 62 redirect in on LAN switch WAN side interfaces No support for host subnet until stateful WCCP L 2 return feature support BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 60

Data Center Network Deployment General Recommendations § Engines Do not implement disk encryption (available Data Center Network Deployment General Recommendations § Engines Do not implement disk encryption (available in WAAS 4. 0. 13) Place Engines in WAN or serverfarm edge or distribution WCCP, ACE load balancing, or In. Line Use standby NIC teaming for availability Use Etherchannel for performance Place Core Engines close to servers (< 25 msec away) § Data center WAE core upstream firewalls Allow all TCP from branch clients and WAE Additionally allow WAE core IP address to/from any TCP 20, 21, 135, 137, 139, 443, 445 and UDP 53 Allow CM to all WAEs on TCP 443 BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 61

Data Center Network Deployment Dual MPLS Clouds with Symmetric Routing § Create engine subnet Data Center Network Deployment Dual MPLS Clouds with Symmetric Routing § Create engine subnet on WAN edge between MPLS routers § Enable routing on engine subnet (no passive interface) MPLS #1 MPLS #2 § Implement MHSRP on engine subnet with primary on r 1 & r 2 and r 3 & r 4 § Register engines to gateway interface IP or loopback IP (not HSRP IP) e 1 e 3 § WAN edge software router e 2 e 4 Use stateful WCCP GRE return Configure engine host route to router loopback to optimize return traffic r 1 r 2 r 3 r 4 § WAN edge Catalyst L 3 switch Use IP forwarding return e 1 default route to r 1 HSRP primary e 2 default route to r 2 HSRP primary BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 62

Data Center Network Deployment Multiple WANs (MPLS, Frame, Leased Line) § Dedicated One Arm—Pair Data Center Network Deployment Multiple WANs (MPLS, Frame, Leased Line) § Dedicated One Arm—Pair of dedicated WAEs per WAN edge router Inline—Pair of dedicated WAEs in series with primary interface on host side subnet MPLS #1 § Shared Frame Relay Leased Line Create engine subnet on WAN edge between WAN edge routers e 1 Enable routing on engine subnet (no passive interface) Implement MHSRP on engine subnet with primary on r 1, r 2, and r 3 Register engines to gateway interface or loopback IP e 1 e 2 WAN edge software router r 1 e 2 r 3 e 4 Use stateful WCCP GRE return Configure engine host route to router loopback to optimize return traffic WAN edge Catalyst L 3 swtich Use IP forwarding return E 1 default route to r 1 HSRP primary E 2 default route to r 2 HSRP primary BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 63

Data Center Network Deployment Dual Data Center Asymmetric Routing § Asymmetric routing due to Data Center Network Deployment Dual Data Center Asymmetric Routing § Asymmetric routing due to branch default routes § Summarize each data center address space /16 DC -A/1 6 -B DC § Advertise data center summarized route to branches 0. 0 § Eliminate asymmetric routing § Optimizes traffic flow § Retains load balancing by application location § Optimizes use of core DRE cache DC-A BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential DC-B 64

Data Center Network Deployment Dual Data Center Asymmetric Routing § WAE in server farm Data Center Network Deployment Dual Data Center Asymmetric Routing § WAE in server farm distribution with WCCP or ACE § Similar to firewall load balancing BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential § WAE cross registers with WAN edge or distribution routers in both data centers 65

Data Center Network Deployment Dual Data Center Asymmetric Routing Design A § Branch subnet Data Center Network Deployment Dual Data Center Asymmetric Routing Design A § Branch subnet A § High speed routing between data centers § WAE 1 and WAE 2 GRE WCCP register to both R 1 and R 2 e 0: IP WCCP 62 redirect in s 0 WAE 1 R 2 s 0 e 1 e 0 WAE 2 s 0: IP WCCP 61 redirect in § WAN link from R 2 fails Packets WCCP directed from R 1 to WAE 2 will return via core and get re-intercepted by WCCP on R 1 e 0 H 1 H 2 Recommend WCCP GRE return or create native GRE tunnel between R 1 and R 2 DC-A DC-B § Telnet to WAE 1 loopback from subnet A takes path A>R 1: s 0>WAE 2>R 1: e 0>WAE 2(loop detected) Recommend WCCP GRE return or create native GRE tunnel between R 1 and R 2 Implement WCCP redirect-list that denies all management traffic to the router. BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 66

Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Network Deployments § Central Manager Configuration § Application Testing and Tuning § Sizing Guidelines § Operations BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 67

Central Management System (CMS) Overview § CMS process runs on all WAEs § Provides Central Management System (CMS) Overview § CMS process runs on all WAEs § Provides bidirectional configuration synchronization between CM and accelerators § Communicates over HTTPS using self signed device specific certificates and keys § Central Manager collects health and monitoring data to every five minutes by default § CMS provides means to backup and restore configuration § Provides means to replace a failed device with a new device § Use “show cms info” to get CMS status BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 68

Central Manager Login § https: //cm-ip: 8443/ § Accept certificate § Username: admin § Central Manager Login § https: //cm-ip: 8443/ § Accept certificate § Username: admin § Password: default BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 69

Central Manager Create Data Center Locations § Manually create core dc 1, dc 2, Central Manager Create Data Center Locations § Manually create core dc 1, dc 2, etc. locations for sites that will have more than one WAE § Select appropriate core location for newly activated core WAEs § Manually activate core WAEs and select appropriate data center location BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 70

Central Manager Single WAE per Branch Activation § Select activate all from the Devices Central Manager Single WAE per Branch Activation § Select activate all from the Devices > Devices menu § Select Create a new location for each inactive WAE § Assign core parent location for all edges § Device status transitions Inactive, Pending, Online BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 71

Central Manager Configuration Strategy § Use Device Groups to the greatest extent possible A Central Manager Configuration Strategy § Use Device Groups to the greatest extent possible A device can belong to multiple device groups Device configuration is more specific than group configuration Multiple group configuration conflict is resolved by most recent configuration Hide configuration pages that should not be used in a group § Create and enforce device group naming policy All lower case with dashes for spaces all-device-group timezone-us-eastern No spaces with capital for start of word All. Device. Group BRKAPP-2005 13700_05_2006_c 1 Timezone. USEastern © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 72

Central Manager All. Device. Group Hide Configuration Pages § File § Acceleration > TCP Central Manager All. Device. Group Hide Configuration Pages § File § Acceleration > TCP Settings § Print § Storage > Disk encryption § General Settings Port channel IP routes Misc > Date/Time > Time Zone § Interception BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 73

Central Manager System Configuration Session Timeout § Global management parameters are set under System Central Manager System Configuration Session Timeout § Global management parameters are set under System > Configuration § Default Central Manager session timeout is 10 minutes by default § Other properties should generally not be changed BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 74

Central Manager Time Zone Configuration § Use groups to scale timezone configuration if there Central Manager Time Zone Configuration § Use groups to scale timezone configuration if there are multiple devices per Time Zone § Group name should be “timezone--zone” timezone-us-eastern timezone-us-pacific § Hide all configuration pages except Misc > Date/Time > Time Zone Assign Devices BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 75

Central Manager File Services Core § Create core cluster configuration group (wafs-core-cluster) § Enable Central Manager File Services Core § Create core cluster configuration group (wafs-core-cluster) § Enable core at device level § Assign core device to core cluster § Verify core cluster members BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 76

Central Manager File Services Edge Group—Speed and Latency § Categorize branch links based on Central Manager File Services Edge Group—Speed and Latency § Categorize branch links based on speed and latency Speed—Low (T 1), medium (DS-3), high (OC-3) Latency—Low (<50 msec), medium (50– 100 msec), high (100+ msec) § Create WAFS edge groups based on link speed and latency Speed—Low, medium, high (ls, ms, hs) Latency—Low, medium, high (ll, ml, hl) § Hide all configuration pages except File Services Edge, Acceleration TCP Settings, and Assign Devices § wafs-edge group configuration Devices > Enable Devices > File Services > Edge Devices > Acceleration > TCP Settings Services > File > Connectivity Directive Optional disk encryption BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 77

Central Manager Enabling Edge File Services Using a Group § Enable edge in wafs-edge-ls-ml Central Manager Enabling Edge File Services Using a Group § Enable edge in wafs-edge-ls-ml group § Assign devices in low speed medium latency branches to the wafs-edge-ls-ml group § Reload WAE after activating file services edge BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 78

Central Manager Launch Device Manager § After reloading the WAE edge § Verify that Central Manager Launch Device Manager § After reloading the WAE edge § Verify that the file services edge is running in the device GUI § Verify that the file edge is running with show tfo accelerators in the CLI br 1 -wae 1#show tfo accelerators Name: TFO State: Registered, Handling Level: 100% Keepalive timeout: 3. 0 seconds, Session timeouts: 0, Total timeouts: 0 Last keepalive received 00. 9 Secs ago Last registration occurred 01: 10: 16. 9 Hours: Mins: Secs ago Name: EPM State: Not Registered, Handling Level: 100% Keepalive timeout: 5. 0 seconds, Session timeouts: 0, Total timeouts: 0 Last keepalive received 01: 10: 26. 1 Hours: Mins: Secs ago Last registration occurred 01: 10: 28. 1 Hours: Mins: Secs ago BRKAPP-2005 13700_05_2006_c 1 Name: CIFS State: Registered, Handling Level: 100% Keepalive timeout: 4. 0 seconds, Session timeouts: 1, Total timeouts: 1 Last keepalive received 00. 9 Secs ago Last registration occurred 01: 03: 43. 6 Hours: Mins: Secs ago © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 79

Central Manager Creating a Connectivity Directive Using Groups § File server auto-discovery eliminates the Central Manager Creating a Connectivity Directive Using Groups § File server auto-discovery eliminates the need to configure individual File Servers § Create a Connectivity Directive with a name to match the File Services edge group (i. e. wafs-edge-ls-ml) § Assign appropriate Edge Group (i. e. wafs-edge-ls-ml) BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 80

Central Manager WAFS Edge—WAN Utilization § Assign the appropriate WAN characteristics for directive (i. Central Manager WAFS Edge—WAN Utilization § Assign the appropriate WAN characteristics for directive (i. e. low speed and medium latency) § Repeat for each File Services edge group link type (i. e. ls-ll, ls-ml, ls-hl, ms-ll, ms-ml, ms-hl, hs-ll, hs-ml, hs-hl) per core cluster BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 81

Central Manager EPM Classification § Endpoint Port Mapper (EPM) identifies Microsoft applications by UUID Central Manager EPM Classification § Endpoint Port Mapper (EPM) identifies Microsoft applications by UUID § EPM does not support asymmetric flows § Disable EPM by default unless certain there are not asymmetric flows BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 82

Central Manager All. Device. Group>Application>Policies>Definition § Apply defaults and hit submit for Central Manager Central Manager All. Device. Group>Application>Policies>Definition § Apply defaults and hit submit for Central Manager to take over policies from local devices BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 83

Central Manager Finding Policies § To find a policy, click in list window and Central Manager Finding Policies § To find a policy, click in list window and hit ctrl-F BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 84

Central Manager Adding or Modifying a Policy § Edit classifier § Create new match Central Manager Adding or Modifying a Policy § Edit classifier § Create new match condition § Identify destination port BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 85

Central Manager All. Device. Group > General Settings § Configuration pages exposed (not hidden) Central Manager All. Device. Group > General Settings § Configuration pages exposed (not hidden) in All. Device. Group § Device Group Home shows pages configured § Typical items configured in All. Device. Group are shown § General Settings are typically a role of the network administrator BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 86

Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Network Deployments § Central Manager Configuration § Application Testing and Tuning § Sizing Guidelines § Operations BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 87

Application Testing and Tuning Identifying File Services With No CIFS Accleration br 1 -wae Application Testing and Tuning Identifying File Services With No CIFS Accleration br 1 -wae 1#show statistics dre connection server-port 139 Conn Id 22 15 Peer No 0 0 Client-ip: port 10. 1. 3. 100: 1045 10. 1. 3. 100: 1248 Server-ip: port 10. 1. 1. 24: 139 Encode-in/ Decode-in Status (A-Active) (C-Closed) 44 KB/ 668 KB C(11 h) 52 KB/ 64 KB C(11 h) § WAFS Edge > Logs Verify that the edge is connected to the core Verify CIFS auto-discovery success (<3 msec from edge to file server or >25 msec core to file server) Verify digital signatures are not enabled on file server § WAE CLI—Verify TCP port 139 and 445 is not seen by the WAE using ‘show statistics DRE connection server-port <139|445> BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 88

Application Testing and Tuning Monitoring File Services on Edge WAE § Go to Devices Application Testing and Tuning Monitoring File Services on Edge WAE § Go to Devices > Home > Device GUI § Verify Connected core cluster and bytes transferred § Verify CIFS bytes read and written § Verify current cache disk usage § WAAS 4. 0. 13 Central Manager Devices > Monitoring > WAFS BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 89

Application Testing and Tuning TCP Optimization and Advanced Compression WAN LAN-Like Throughput Bandwidth Savings Application Testing and Tuning TCP Optimization and Advanced Compression WAN LAN-Like Throughput Bandwidth Savings Fewer Roundtrips LAN Throughput WAN Throughput 2. 5 Mbps 40 Mbps 2 Mbps Throughput 3 Mbps 50 Mbps Throughput 60 Mbps 30 Mbps 20 Mbps 10 Mbps Throughput 01: 20 01: 21 01: 22 01: 23 01: 24 01: 25 01: 26 1. 5 Mbps 1 Mbps. 5 Mbps Throughput 01: 20 01: 21 01: 22 01: 23 01: 24 01: 25 01: 26 Optimization Enabled BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 91

Application Testing and Tuning Special Case Expectations § Encryption Session—TCP Flow Optimization Only Object—DRE Application Testing and Tuning Special Case Expectations § Encryption Session—TCP Flow Optimization Only Object—DRE and TCP Flow Optimization (No LZ compression on first pass) § Compression Session—TCP Flow Optimization Only Object—DRE and TCP Flow Optimization (No LZ compression on first pass) § CIFS and Web Authentication, Authorization, and Revalidation Small objects—Requires latency sensitive authorization and validation per object. Recommend creating larger packaged files. Web Security domains—Remove benign objects from authentication domain Web If-Modified-Since—Mitigate Web IMS with ACE/AVS Flash. Forward § High Bandwidth Delay Product (BDP) links May require increase in WAAS WAE TFO TCP settings Can use edge device groups to adjust (i. e. high speed high latency or hs-hl group) BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 92

Application Testing and Tuning Configuring TCP for High BDP Networks WAE TFO TCP settings Application Testing and Tuning Configuring TCP for High BDP Networks WAE TFO TCP settings may be adjusted on the WAE in high-BDP environments § Optimized side refers to the buffers facing the WAN connection § Original side refers to the buffers facing the LAN connection (users and servers) § Recommended minimum BDP = (Link RTT * Bit Rate)/8 § Apply group (i. e. high speed high latency WAFS-edge-hs-hl) BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 93

Application Testing and Tuning § Cisco Tools WAN Simulators Nistnet (routed) – ISO installs Application Testing and Tuning § Cisco Tools WAN Simulators Nistnet (routed) – ISO installs to hard drive WAN Bridge (bridged) – Runs from CD WAFS Benchmark Tool TCP Replay http: //www. cisco. com/cgi-bin/tablebuild. pl/fe_util § Microsoft Exchange Server 2003 Load Simulator § Windows Media Load Simulator BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 94

Application Testing and Tuning Clearing Caches and Statistics § DRE § Clear file services Application Testing and Tuning Clearing Caches and Statistics § DRE § Clear file services cache dc 1 -wae 1#clear cache dre Go to edge device GUI TFO application needs to be restarted (all existing connections will be reset, alarms may be raised and system may reboot if required). Stop WAFS edge under Control > Components Go to Utilities > WAFS Cache Cleanup and submit Run Restart WAFS Edge Do you want to Continue? [yes/no]yes Restarting processes. Clearing DRE cache Clearing DRE statistics Done. No reboot was required. § Statistics and counters dc 1 -wae 1#clear statistics all BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 95

Application Testing and Tuning TCP Replay A R 1 R 2 B WAN WAE Application Testing and Tuning TCP Replay A R 1 R 2 B WAN WAE 1 § Install winpcap on host A and B § Acquire application pcap trace Filter single conversation (client to server) SYN to FIN § Install tcpreplay on test client A and server B in windows directory § Copy pcap file to A and B tcpreplay windows directory § WAAS WAE 2 § Server (B) tcpreplay -r -i app 1. pcap –l original-server -ip -r original-client-ip § Client (A) tcpreplay -r -i app 1. pcap -l original-clientip -r original-server-ip -h test-server-ip § WAAS Show statistics Clear cache DRE Clear statistics all BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 96

Application Testing and Tuning WAFS Benchmark Tool § Close Microsoft Office § Files in Application Testing and Tuning WAFS Benchmark Tool § Close Microsoft Office § Files in ‘WAFS benchmark’ directory § Select file share § Clear caches DRE WAFS file § Run cache miss benchmark § Run cache hit benchmark § Run native WAN benchmark § Save results to file BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 97

Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Network Deployments § Central Manager Configuration § Application Testing and Tuning § Sizing Guidelines § Operations BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 98

Cisco WAAS Router Modules § Provides the lowest Cap. Ex and Op. Ex; integrates Cisco WAAS Router Modules § Provides the lowest Cap. Ex and Op. Ex; integrates within the ISR; addresses 80 percent of remote branch offices § Single processor system, can be clustered with WCCPv 2, PBR, and is supported in ISR models 2811, 2821, 2851, 3825, and 3845 § Model NME-WAE-302 NME-WAE Router-Integrated Network Module for the Cisco Integrated Services Router 512 MB of RAM, 80 GB of disk Up to 4 Mbps WAN connections and up to 250 optimized TCP connections § Model NME-WAE-502 1 GB of RAM, 120 GB of disk Up to 4 Mbps WAN connections and up to 500 optimized TCP connections § Model NME-WAE-522 Cisco Integrated Services Router (ISR) Series BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2 GB of RAM, 160 GB of disk Up to 8 Mbps WAN connections and up to 800 optimized TCP connections 99

Cisco WAAS Appliance Family § WAE-512 Appliance Single processor system with 250 GB of Cisco WAAS Appliance Family § WAE-512 Appliance Single processor system with 250 GB of RAID -1 protected SATA 2 disk capacity and optional disk encryption WAE-512 Appliance 1 GB memory configuration supports 8 Mbps WAN connections and 750 optimized TCP connections 2 GB memory configuration supports 20 Mbps WAN connections and 1500 optimized TCP connections § WAE-612 Appliance Dual-core processor system with 300 GB of RAID-1 protected and hot-swappable SATA 2 disk capacity and optional disk encryption WAE-612 Appliance 2 GB memory configuration supports 45 Mbps WAN connections and 2000 optimized TCP connections 4 GB memory configuration supports 90 Mbps WAN connections and 6000 optimized TCP connections BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 100

Cisco WAAS Data Center Appliances § WAE-7326 Appliance: Dual-core processor w/ 4 GB of Cisco WAAS Data Center Appliances § WAE-7326 Appliance: Dual-core processor w/ 4 GB of RAM Up to 155 Mbps WAN connections and 7500 optimized TCP connections WAE-7326 Enterprise Data Center Appliance 900 GB RAID-1 protected and hot-swappable SCSI disk capacity with optional disk encryption § WAE-7341 Appliance: Quad-core processor, 8 GB of RAM Up to 310 Mbps WAN connections and 12000 optimized TCP connections WAE-7341 Enterprise Data Center Appliance Up to 900 GB RAID-5 protected and hotswappable SAS disk capacity with optional disk encryption § WAE-7371 Appliance: Dual Quad-core processors, 24 GB of RAM WAE-7371 Enterprise Data Center Appliance BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential Up to 1 Gbps WAN connections and 50000 optimized TCP connections Up to 1. 5 TB RAID-5 protected and hot-swappable 101

Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Agenda § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Network Deployments § Central Manager Configuration § Application Testing and Tuning § Sizing Guidelines § Operations BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 102

Operations Roles Based Access Control § System > AAA § Create domain “all-domain” using Operations Roles Based Access Control § System > AAA § Create domain “all-domain” using All. Device. Group § Create role based on user’s allowed actions hiding specific configuration screens § Create user and associate roles and domains BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 103

Operations WAAS Software Upgrade § Establish an FTP server (available on CM) inetd enable Operations WAAS Software Upgrade § Establish an FTP server (available on CM) inetd enable FTP § Create software files directory on FTP server mkdir software-files § FTP to server and put image in software-files directory ftp cd software-files bin hash put WAAS-4. 0. 12 -b 6 -K 9. bin § Verify file put dc 1 -cm 1#cd software-files dc 1 -cm 1#dir size -------249340423 BRKAPP-2005 13700_05_2006_c 1 time of last change name ------------- Sat May WAAS-4. 0. 12 -b 6 -K 9. bin © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5 21: 01: 40 2007 104

Operations Identify Location of Software File § Identify FTP URL to CM § Use Operations Identify Location of Software File § Identify FTP URL to CM § Use CM username and password § Identify software version and validate software file settings BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 105

Operations Upgrading Software with Device Group § § § Select software file under All. Operations Upgrading Software with Device Group § § § Select software file under All. Device. Group and Submit Check software distribution and install status in the Devices > Devices list Wait for all devices to acquire and install the image Reboot devices using the All. Device. Group or timezone groups Upgrade Central Manager after all accelerators have been upgraded BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 106

Operations Back-up CM Configuration dc 1 -cm 1#cms database backup Creating database backup file Operations Back-up CM Configuration dc 1 -cm 1#cms database backup Creating database backup file cms-db-05 -09 -2007 -01 -16. dump Backup file local 1/cms-db-05 -09 -2007 -01 -16. dump is ready. Please use `copy' commands to move the backup file to a remote host. dc 1 -cm 1#copy disk ftp 10. 1. 1. 24 /array 1/cisco cms-db-05 -09 -2007 -01 -16. dump cms-db-05 -09 -2007 -01 -16. dump Enter username for remote ftp server: dad Enter password for remote ftp server: Initiating FTP upload. . . Sending: STOR cms-db-05 -09 -2007 -01 -16. dump Opening BINARY mode data connection for cms-db-05 -09 -2007 -0116. dump Transfer complete. Sent 47389 bytes BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 107

Operations Back-Up Accelerator Configuration dc 1 -cm 1(config)#no cms enable management services stopped dc Operations Back-Up Accelerator Configuration dc 1 -cm 1(config)#no cms enable management services stopped dc 1 -cm 1(config)#exit dc 1 -cm 1#cms database delete Are you sure you want to remove database files [no]? yes Removing database files. . . Database files successfully deleted CMS services are not currently running. Please create CMS database tables using 'cms database create' cli command then start CMS services using 'cms enable‘ command. dc 1 -cm 1#cms database restore cms-db-05 -09 -2007 -01 -16. dump Database restore can restore all the CLIs to the state when backup was taken. Press 1 if you want all CLIs to be restored. Press 2 if you want all CLIs except network configurations to be restored. Press 3 to not restore any CLIs. Please enter your choice : [2] Please enable the cms process using the command 'cms enable' to complete the CMS database restore procedure. Preserving restored identity and certificate/key pair Database files and node identity information successfully restored from file `cms-db-05 -09 -2007 -0116. dump‘ dc 1 -cm 1#conf dc 1 -cm 1(config)#cms enable Please preserve running configuration using 'copy running-config startup-config' Otherwise management service will not be started on reload and node will be show 'offline' in WAAS Central Manager UI. management services enabled dc 1 -cm 1(config)#end dc 1 -cm 1#wr me BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 108

Operations Comprehensive Reporting § Device Dashboard Configurable list of reports to display on a Operations Comprehensive Reporting § Device Dashboard Configurable list of reports to display on a device or device-group homepage § Traffic Statistics Optimized vs pass-through traffic mix including pass-through reason Application traffic mix over period of time (hr/day/wk/mo/custom) § Per-Connection Statistics Connection monitoring shows near real-time view of optimized connections and details § Compression Statistics Bandwidth savings per application over time (hr/day/wk/mo/custom) § Acceleration Statistics Examine accelerated connections, open files, cached resources, cache hit ratio, and average throughput BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 109

Review § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Review § WAAS Overview § WAE Installation § Web Cache Control Protocol (WCCP) § Network Deployments § Central Manager Configuration § Application Testing and Tuning § Sizing Guidelines § Operations BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 110

Q and A BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Q and A BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 111

Recommended Reading § Continue your Networkers at Cisco Live learning experience with further reading Recommended Reading § Continue your Networkers at Cisco Live learning experience with further reading from Cisco Press § Check the Recommended Reading flyer for suggested books Available Onsite at the Cisco Company Store BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 112

Complete Your Online Session Evaluation § Win fabulous prizes; give us your feedback § Complete Your Online Session Evaluation § Win fabulous prizes; give us your feedback § Receive ten Passport Points for each session evaluation you complete § Go to the Internet stations located throughout the Convention Center to complete your session evaluation § Winners will be announced daily at the Internet stations BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 113

BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 114 BRKAPP-2005 13700_05_2006_c 1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 114