Waas Express Deployment Guide

8/3/2019 Waas Express Deployment Guide

1/19

WAAS Express Deployment Guide1 Introduction............................................................................................................................ 12 Hardware and Software Requirements ............................................................................... 13 WAAS Express Sizing Guidelines........................................................................................ 14 WAAS Express License Installation .................................................................................... 25 Enable WAAS Express .......................................................................................................... 36 Enable WAAS Express to be monitored by WAAS Central Manager ............................... 57 Validating the Connection Optimization ........................................................................... 138 View the Optimization Statistics on WAAS Central Manager ......................................... 179 WAAS Express Use Cases and Solution Integration ....................................................... 1710 References ........................................................................................................................... 17


2/19

WAAS Express Deployment Guide

1 | P a g e

1 Introduction

Cisco WAAS Express extends the Cisco WAAS product portfolio, with a small-footprint, cost-effectiveIOS-based software solution integrated into the ISR G2 to offer bandwidth optimization and application

acceleration capabilities. Cisco WAAS Express increases remote user productivity, reduces WANbandwidth costs, and offers investment protection by interoperating with existing Cisco WAASinfrastructure. Cisco WAAS Express is unique in providing network transparency, improving deploymentflexibility with on-demand service enablement, and integrating with native IOS-based services such assecurity, Netflow, and QoS.

Cisco WAAS Express is fully interoperable with WAAS on SM-SRE modules, WAAS appliances and canbe managed by a common WAAS Central Manager.

This document describes the necessary steps to enable WAAS Express feature on the branch router andto register WAAS Express router to be managed by WAAS Central Manager. For simplicity, this documentassumes a basic private WAN using Serial link on the WAAS Express router. For specific WAASappliance deployment configuration s (inline, redirect PBR or WCCP), please consult WAAS appliance

configuration guide in the reference section.

2 Hardware and Software Requirements

WAAS appliance running WAAS software 4.2.1 or later

WAAS Central Manager running WAAS software 4.3 or later

WAAS Expresso ISR-G2 (1941, 29xx, 39xx) with maximum DRAMo WAAS Express feature license fileo IOS version 15.1(2)T2 or later

3 WAAS Express Sizing GuidelinesA number of factors are taken into consideration to provide recommended sizing guidelines, such asnumber of users, number of TCP connections, WAN link capacity, traffic profile and compression ratio.The recommended sizing assumes each user generates ~10 TCP connections. Typical user behaviorsassumed that all TCP connections are not active transferring the same data all the time, thereby producethe data redundancy that is around 2-4x. The recommended sizing also assumes that Firewall, VPN, NAT,and QoS are configured.


3/19


2 | P a g e

Platform Recommended Numberof Users

TCP Connections Maximum WANBandwidth Supported

1941 15-20 150 4 Mbps2901 15-20 150 6 Mbps

2911 25 200 6 Mbps2921 25 200 6 Mbps2951 25 200 6 Mbps3925 50 500 10 Mbps3945 50 500 10 Mbps

4 WAAS Express License Installation

For WAAS Express router bundle, WAAS Express license is pre-installed from the factory. This step onlyapplies if WAAS Express license is purchased as an add-on or upgrade.

4.1 Checking for WAAS Express license file

You can use the command show license detail WAAS_Express to view the current license. If the routeralready has WAAS Express license installed, the output looks similar to below. If your router already haslicense installed, you can skip to step 4 Enable WAAS Express.

Router#show license detail WAAS_ExpressIndex: 1 Feature: WAAS_Express Version: 1.0

License Type: Permanent

License State:Active, Not in UseLicense Count: Non-CountedLicense Priority: MediumStore Index: 6Store Name: Primary License Storage

4.2 How to Obtain License File

A PAK will be provided after you purchase the WAAS Express license. At time of placing order, you canchoose the PAK to be mailed to you or electronically mailed. Collect the output of show license udicommand. Note the PID (Product ID) and SN (Serial number).

Router#show license udiDevice# PID SN UDI-----------------------------------------------------------------------------*0 CISCO2911/K9 FHH122500AZ CISCO2911/K9:FHH122500AZ

Visit the Cisco License Activation Portal (http://www.cisco.com/go/license) and enter the PAK, Product ID,

and Serial Number information, along with your contact e-mail address. A license file will be generatedand e-mail to you.

4.3 Install WAAS Express License

Once you have the license file, you need to install the license on the router by first copy the license file tothe router. In the example below, the license file FHH122500AZ_20100811190225615.lic is stored on therouter flash. Then, invoke the license install command to install the license. Note the message 1/1licenses were successfully installed indicates that WAAS Express license is now installed. Issue the
http://www.cisco.com/go/licensehttp://www.cisco.com/go/license


4/19


3 | P a g e

show license detail WAAS_Express command displays that the license is currently active but is not inused.

Router#dir flash0:*.licDirectory of flash0:/*.lic

Directory of flash0:/

8 -rw- 1159 Aug 11 2010 16:35:00 -07:00FHH122500AZ_20100811190225615.lic254164992 bytes total (138383360 bytes free)Router#license install flash0:FHH122500AZ_20100811190225615.licInstalling licenses from "flash0:FHH122500AZ_20100811190225615.lic"Installing...Feature:WAAS_Express...Successful:Not Supported

1/1 licenses were successfully installed0/1 licenses were existing licenses0/1 licenses were failed to install



License State:Active, Not in UseLicense Count: Non-CountedLicense Priority: MediumStore Index: 6Store Name: Primary License Storage

5 Enable WAAS Express

WAAS Express is designed to be enabled with just a single configuration command. The first step is toconfigure the necessary addresses and routing configuration on the network. WAAS Express must beapplied on the designated WAN interfaces. Under interface configuration mode, configure waas enablewill enable the feature. Example below uses Serial0/2/0 as WAN interface.

Router(config)#interface Serial0/2/0Router(config-if)#waas enableRouter(config-if)#

Aug 10 22:02:19.920 MDT: %WAAS-6-WAAS_ENABLED: WAAS is enabled on interfaceSerial0/2/0

Note: If using sub-interface or logical-interface, i.e. Serial0/2/0.1, Dialer1, Tunnel1, etc, configure waasenable under the sub-interface or logical-interface.

If the memory requirement is met and license is valid, the command will be accepted and a log messageis generated to indicate the WAAS Express is enabled. Enter the command on other backup WANinterfaces that require WAAS Express to be enabled.

WAAS Express utilizes Cisco C3PL similar to those used by features like QoS and Zoned-based Firewall.The first time the WAAS Express is enabled, the default policy-map, class-maps, and parameter-map willbe generated. The default policy-map and parameter-maps are named waas_global. The WAAS Expressrelated policy-map, class-map, and parameter-map are of type waas.

Use the command show waas status to show the interfaces that have WAAS Express turned on, alongwith license type, maximum number of flows supported by the platform, total active and optimizedconnections.

Router#show waas status


5/19


4 | P a g e

WAAS Enabled Interface Policy MapSerial0/2/0 waas_global

WAAS Feature LicenseLicense Type: Permanent

Maximum Flows : 200Total Active connections : 0Total optimized connections : 0

Now, the show license detail WAAS_Express shows that the license is in used.



License State:Active, In UseLock type: Node lockedVendor info: CISCO881W-GN-A-K9FTX1239Y0FELicense Addition: ExclusiveLicense Generation version: 0x8100000License Count: Non-Counted

License Priority: MediumStore Index: 2Store Name: Primary License Storage


6/19


5 | P a g e

6 Enable WAAS Express to be monitored by WAAS CentralManager

6.1 Configure WAAS Express Credentials on WAAS Central Manager

WAAS Central Manager has a default device group called AllWAASExpressGroup. By default, all WAAS

Express routers registering with WAAS Central Manager will be assigned to this default group. This

default group also has auto-activation policy.

On WAAS Central Manager, configure login and password credentials for WAAS Express router. This can

be done by editing the device group AllWAASExpressGroup. From the main WAAS Central Manager

page, select Manage Device Group on the left. Click on AllWAASExpresGroup to edit the device group.


7/19


6 | P a g e

Click on the Admin button on the bottom left corner of the Edit Device Grouppage.


8/19


7 | P a g e

Enter the username and password that are the same as what will be configured on WAAS Express router.In the example below, both username and password are waasexpress.

6.2 Install Trusted Certificate to authenticate WAAS Central Manager

WAAS Express registers with WAAS Central Manager using HTTPS over port 8443. Once registration issuccessful, WAAS Central Manager polls the information from WAAS Express router using XML PIthrough HTTPS server running the WAAS Express router (port 443).

In order for WAAS Express to establish HTTPS with the WAAS Central Manager during registration, itneeds to first trust the self-signed certificate presented by WAAS Central Manager. This can be done byconfiguring certificate trust-point and import WAAS Central Managers certificate.

On the WAAS Central Manager console, use command show crypto certificate-detail admin to displayits self-signed certificate. The output is in PEM format. Make a copy of the output highlighted in red below.

Central_Manager#show crypto certificate-detail adminBag Attributes

localKeyID: 8D AB 61 85 7B 95 FC 4C 34 FD AC DC A8 F2 B1 A4 80 74 70 9B

Certificate:Data:

Version: 3 (0x2)Serial Number: 2000021192 (0x7735e6c8)Signature Algorithm: sha1WithRSAEncryptionIssuer: C=US, ST=California, L=San Jose, OU=CNBU, O=Cisco Systems, Inc,

CN=Central_ManagerValidity

Not Before: Nov 13 06:56:02 2009 GMTNot After : Nov 12 06:56:02 2014 GMT

Subject: C=US, ST=California, L=San Jose, OU=CNBU, O=Cisco Systems, Inc,


9/19


8 | P a g e

CN=Central_ManagerSubject Public Key Info:

Public Key Algorithm: rsaEncryptionRSA Public Key: (1024 bit)

Modulus (1024 bit):00:b4:5e:3a:77:52:5a:5d:d3:35:36:fa:2a:98:c7:

e5:cb:19:18:b4:30:9d:50:49:55:7e:99:18:0b:67:c2:53:6f:01:12:9f:b0:e3:20:1a:c4:3f:e5:dd:6a:34:7a:79:02:40:5e:77:e4:cb:f4:71:2a:64:d0:76:05:1b:c0:48:6e:25:ae:fe:4e:23:b4:a4:f8:aa:1d:39:e5:ac:3a:6a:81:aa:cd:c7:83:52:19:01:90:e7:7d:99:37:6c:6b:67:7b:5f:e4:e3:46:18:20:ce:a2:5f:d2:a1:6e:c4:20:2f:63:61:44:e9:c4:ac:05:2c:ee:62:2d:ba:56:f5:d4:44:97

Exponent: 65537 (0x10001)Signature Algorithm: sha1WithRSAEncryption

97:94:c6:57:c6:f0:dc:2f:5b:33:b7:80:ed:61:a9:4f:e8:0c:b6:ca:41:53:24:25:07:5c:d7:c3:22:ca:6c:92:7e:dd:f4:44:5a:e1:0a:e5:03:c9:24:e8:c7:5d:ad:19:6a:59:d4:9d:64:20:61:a8:35:a9:fb:d4:1b:3f:4a:0e:71:27:b3:5a:61:3d:0f:68:fa:4e:01:ee:0d:3f:1a:ed:0b:41:e2:6b:37:f8:d9:46:47:b8:30:45:82:84:41:cf:f9:3c:18:f6:7a:1b:0a:fa:64:26:ea:df:

13:af:f3:60:9d:46:46:30:a5:04:43:27:36:f1:73:97:a7:4b:23:01

-----BEGIN CERTIFICATE-----MIICgzCCAeygAwIBAgIEdzXmyDANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ0wCwYDVQQLEwRDTkJVMRswGQYDVQQKExJDaXNjbyBTeXN0ZW1zLCBJbmMxIjAgBgNVBAMTGXJvdzUtNy13YWU1MTJiLnN0Z2lvcy5uZXQwHhcNMDkxMTEzMDY1NjAyWhcNMTQxMTEyMDY1NjAyWjCBhTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ0wCwYDVQQLEwRDTkJVMRswGQYDVQQKExJDaXNjbyBTeXN0ZW1zLCBJbmMxIjAgBgNVBAMTGXJvdzUtNy13YWU1MTJiLnN0Z2lvcy5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALReOndSWl3TNTb6KpjH5csZGLQwnVBJVX6ZGAtnwlNvARKfsOMgGsQ/5d1qNHp5AkBed+TL9HEqZNB2BRvASG4lrv5OI7Sk+KodOeWsOmqBqs3Hg1IZAZDnfZk3bGtne1/k40YYIM6iX9KhbsQgL2NhROnErAUs7mItulb11ESXAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAl5TGV8bw3C9bM7eA7WGpT+gMtspBUyQlB1zXwyLKbJJ+3fREWuEK5QPJJOjHXa0ZalnUnWQgYag1qfvUGz9KDnEns1phPQ9o+k4B7g0/Gu0LQeJrN/jZRke4MEWChEHP+TwY9nobCvpk

JurfE6/zYJ1GRjClBEMnNvFzl6dLIwE=-----END CERTIFICATE-----

Create a trust-point and import the WAAS Central Manager certificate. Example below creates a trust-point WCM_1. When asked for Enter the base 64 encoded CA certificate, paste the PEM format copiedfrom the WAAS Central Manager output above.

Router(config)#crypto pki trustpoint WCM_1Router(ca-trustpoint)#revocation-check noneRouter(ca-trustpoint)#enrollment terminal pemRouter(ca-trustpoint)#exitRouter(config)#crypto pki authenticate WCM_1

Enter the base 64 encoded CA certificate.End with a blank line or the word "quit" on a line by itself

-----BEGIN CERTIFICATE-----MIICgzCCAeygAwIBAgIEdzXmyDANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ0wCwYDVQQLEwRDTkJVMRswGQYDVQQKExJDaXNjbyBTeXN0ZW1zLCBJbmMxIjAgBgNVBAMTGXJvdzUtNy13YWU1MTJiLnN0Z2lvcy5uZXQwHhcNMDkxMTEzMDY1NjAyWhcNMTQxMTEyMDY1NjAyWjCBhTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMQ0wCwYDVQQLEwRDTkJVMRswGQYDVQQKExJDaXNjbyBTeXN0ZW1zLCBJbmMxIjAgBgNVBAMTGXJvdzUtNy13YWU1MTJiLnN0Z2lvcy5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALReOndSWl3TNTb6KpjH5csZGLQwnVBJVX6ZGAtnwlNvARKfsOMgGsQ/5d1qNHp5AkBed+TL9HEqZNB2BRvASG4l


10/19


9 | P a g e

rv5OI7Sk+KodOeWsOmqBqs3Hg1IZAZDnfZk3bGtne1/k40YYIM6iX9KhbsQgL2NhROnErAUs7mItulb11ESXAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAl5TGV8bw3C9bM7eA7WGpT+gMtspBUyQlB1zXwyLKbJJ+3fREWuEK5QPJJOjHXa0ZalnUnWQgYag1qfvUGz9KDnEns1phPQ9o+k4B7g0/Gu0LQeJrN/jZRke4MEWChEHP+TwY9nobCvpkJurfE6/zYJ1GRjClBEMnNvFzl6dLIwE=-----END CERTIFICATE-----

Certificate has the following attributes:Fingerprint MD5: 2EA6FF8F 38ABC32F 25168396 1A587F17

Fingerprint SHA1: 8DAB6185 7B95FC4C 34FDACDC A8F2B1A4 8074709B

% Do you accept this certificate? [yes/no]: yesTrustpoint CA certificate accepted.% Certificate successfully imported

Make sure that WAAS Central Manager can reach the WAAS Express router IP address. If the WAASExpress address that is reachable by WAAS Central Manager is not the WAN interface, add the additionalconfiguration to specify the source address of the HTTPS request which is used for registration to WAASCentral Manager. Below example specifies that the IP address of Loopback1000 interface is reachable byWAAS Central Manager.

Router(config)#ip http client source-interface Loopback1000

6.3 Configure Persistent Trust Point and Enable HTTPS Server on WAASExpress

On the WAAS Express router, configure a persistent trust point and enroll. This example uses persistentself-signed trust point. This step is necessary even if you already have a self-signed trust-point that isauto-generated if HTTPS is enabled previously. Auto-generated self-signed trust point will be namedsimilar to the following, TP-self-signed-xxxxxxxxxx. For more information on persistent self-signed trustpoint, please see reference section at the end of the document. If you already have a persistent trust pointor a trusted certificate generated by CA, you can skip this step.

Note: If you decide to use self-signed trust point, it is necessary that you also configure the domain name.There is currently an issue with HTTPS re-generate the self-signed certificate upon reload, and this willaffect the communication with WAAS CM.

Router(config)#! Configuring domain-name. This step is necessary to avoid the issueRouter(config)#! With HTTPS server re-generate the certificate upon reloadRouter(config)#ip domain-name example.comRouter(config)#crypto pki trustpoint self-signed-tpRouter(ca-trustpoint)#enrollment selfsignedRouter(ca-trustpoint)#! By default, RSA key size is 512 unless specify otherwiseRouter(ca-trustpoint)#! Key size of at least 1024 is recommendedRouter(ca-trustpoint)#rsakeypair self-signed 1024Router(ca-trustpoint)#exit

Router(config)#crypto pki enroll self-signed-tpThe router has already generated a Self Signed Certificate for

trustpoint TP-self-signed-1113751518.If you continue the existing trustpoint and Self Signed Certificatewill be deleted.

Do you want to continue generating a new Self Signed Certificate? [yes/no]: yes*Aug 30 15:25:31.450: %SSH-5-ENABLED: SSH 1.99 has been enabled*Aug 30 15:25:31.450: %CRYPTO-6-AUTOGEN: Generated new 1024 bit key pair% Include the router serial number in the subject name? [yes/no]: no% Include an IP address in the subject name? [no]: noGenerate Self Signed Router Certificate? [yes/no]: yes


11/19


10 | P a g e

Router Self Signed Certificate successfully created

6.4 Enable HTTP Server and Associate the Persistent Trust Point

On the WAAS Express router, enable HTTPS server by configuring ip http secure-server. Configure

authentication. Note that the example below has local authentication but it is recommended that AAAserver is used in deployment. Associate the newly created persistent trust point to the HTTPS server andclient.

Router(config)#ip http secure-serverRouter(config)#ip http authentication localRouter(config)#! Below is needed if there are more than one trust point in the routerRouter(config)#ip http secure-trustpoint self-signed-tpRouter(config)#ip http client secure-trustpoint self-signed-tp

Since this example use local authentication, configure the same username and password as in the WAASCentral Manager credentials.

Router(config)#username waasexpress privilege 15 password waasexpress

Save the configuration before proceed.


12/19


11 | P a g e

6.5 Register the WAAS Express Router with WAAS Central Manager

From the WAAS Express router, enter the following command in the exec mode, waas cm-registerhttps://:8443/wcm/register

Router#waas cm-register https://172.30.0.33:8443/wcm/registerAug 19 19:45:48.763 MDT: %WAAS-6-WAAS_CM_REGISTER_SUCCESS: IOS-WAAS registered withCentral Manager successfully

The log message indicates that the registration is successful. Now, the WAAS Express router deviceshould show in the device list of the WAAS Central Manager. The initial state is pending.


13/19


12 | P a g e

At this point, WAAS Central Manager will attempt to poll WAAS Express router by connecting to HTTPSserver on WAAS Express router. If the operation is successful, the status of WAAS Express router willchange to active. The registration process is completed and WAAS Express router can now be managedby the WAAS Central Manager.

6.6 Other Deployment Considerations

6.6.1 Restrict Access to HTTPS Server

HTTPS server with authentication is required on the WAAS Express router to communicate with WAASCentral Manager. This means anyone who knows the credentials used by WAAS Central Manager canconnect to the router through HTTPS and take control of the router since user credential used by WAASCentral Manager is configured with privilege level 15. It is recommended that the HTTPS access isrestricted. This can be done by using access-class configuration below.

Router(config)#access-list 99 remark -- WAAS Central Manager IP --Router(config)#access-list 99 permit Router(config)#ip http access-class 99

6.6.2 Use AAA Server for HTTPS Server Authentication and Authorization

For managing large number of WAAS Express routers, it is recommended that AAA server is used forauthentication and authorization and a separate login should be created for WAAS Express routers.

Router(config)#aaa new-modelRouter(config)#aaa group server radius my_acsRouter(config-sg-radius)#server-private auth-port 1645 acct-port 1646key


14/19


13 | P a g e

Router(config-sg-radius)#ip radius source-interface Loopback1000Router(config-sg-radius)#exitRouter(config)#aaa authentication login http-login group my_acsRouter(config)#aaa authorization exec http-author group my_acsRouter(config)#ip http authentication aaa login-authentication http-loginRouter(config)#ip http authentication aaa exec-authorization http-author

7 Validating the Connection OptimizationNow, traffic passed between WAAS Express router and WAAS appliance is subjected to the optimizationper the default policy. Use command show waas connection to view the current list of optimizedconnections. The right most column, Accel, indicates the optimization applied of the connection, T = TFO,D = DRE, and L = LZ. PROGmeans connection is still being established.

Router#show waas connectionConnID Source IP:Port Dest IP:Port PeerID Accel

26317 172.25.47.2 :62018 172.30.0.52 :80 0014.5e84.2a69 TLD26294 172.25.47.2 :21829 172.30.0.52 :80 0014.5e84.2a69 TLD26407 172.25.47.2 :24615 172.30.0.57 :110 0014.5e84.2a69 TLD25481 172.25.47.2 :8421 172.30.0.52 :443 0014.5e84.2a69 T26352 172.25.47.2 :12847 172.30.0.57 :110 0014.5e84.2a69 TLD26411 172.25.47.2 :45705 172.30.0.54 :25 0014.5e84.2a69 TLD25968 172.25.47.2 :42893 172.30.0.54 :25 0014.5e84.2a69 TLD26198 172.25.47.2 :10585 172.30.0.52 :80 0014.5e84.2a69 TLD26282 172.25.47.2 :53083 172.30.0.52 :80 0014.5e84.2a69 TLD26381 172.25.47.2 :37980 172.30.0.52 :80 0014.5e84.2a69 TLD26173 172.25.47.2 :20573 172.30.0.52 :80 0014.5e84.2a69 TLD26361 172.25.47.2 :33939 172.30.0.54 :25 0014.5e84.2a69 TLD26432 172.25.47.2 :20575 172.30.0.52 :80 0000.0000.0000 PROG26412 172.25.47.2 :21599 172.30.0.52 :80 0014.5e84.2a69 TLD26421 172.25.47.2 :54850 172.30.0.57 :110 0014.5e84.2a69 TLD26073 172.25.47.2 :41371 172.30.0.54 :25 0014.5e84.2a69 TLD26247 172.25.47.2 :19303 172.30.0.52 :80 0014.5e84.2a69 TLD26331 172.25.47.2 :19306 172.30.0.52 :80 0014.5e84.2a69 TLD26306 172.25.47.2 :32874 172.30.0.52 :80 0014.5e84.2a69 TLD25387 172.30.4.171 :27122 172.25.47.3 :80 0014.5e84.2a69 TLD26406 172.25.47.2 :59466 172.30.0.57 :110 0014.5e84.2a69 TLD

From the list of the connections displayed by show waas connection, the left column ConnIDis theconnection ID which can be used to display more information about the connection using show waasconnection conn-id detail. This output also provides the Application Name for theconnection, which is Webin this example, and Classifier Name for the connection, which is HTTP.

Router#show waas connection conn-id 26317 d

connection ID: 26317Peer Id: 0014.5e84.2a69Connection Type: ExternalStart Time: 22:16:44 MDT Aug 10 2010

Source IP Address: 172.25.47.2Source Port Number: 62018Destination IP Address: 172.30.0.52Destination Port Number: 80

Application Name: Web

Classifier Name: HTTPPeer Policy: TFO, LZ, DREConfigured Policy: TFO, LZ, DRENegotiated Policy: TFO, LZ, DREAccelerators: TFO ONLYBytes Read Orig: 638


15/19


14 | P a g e

Bytes Written Orig: 305668Bytes Read Opt: 75780Bytes Written Opt: 816Auto-discovery information:

Orig-St ETerm-St EO

TFO information:TFO Frames Read: 12TFO Frames Written: 6

LZ section

Encode statsBytes in 0Bytes out 0Bypass bytes 696Compression gain 0%Avg Latency in Cef 9 usecAvg Latency in Proc 5 usec

Decode statsBytes in 75660Bytes out 314639

Bypass bytes 0Compression gain 75%Avg Latency in Cef 218 usecAvg Latency in Proc 84 usec

DRE section

Encode statsBytes in 0Bytes out 0Bypass bytes 638Compression gain 0%Avg latency 0 usec

Decode statsBytes in 255745Bytes out 305668

Bypass bytes 0Compression gain 16%Avg latency 462 usec

Connection Status:WAN-LAN Status:

Pending Data Read : 0WAN frame completion pending (58894)Last read notification (1348) received 1768 ms agoLast write attempted 9844 ms agoLast window notification received 9844 ms agoLast attempted len : 2367Last error : 0Last bytes accepted: 2367

LAN-WAN Status:Pending Data Read : 0Last read notification (107) received 11020 ms ago

Last write attempted 10024 ms agoLast window notification received 23860 ms agoLast attempted len : 15Last error : 0Last bytes accepted: 15

From the Application Name and Classifier information, the command show waas statistics applicationapp-name and show waas statistics class class-name provide perapplication and per classifier statistics respectively.


16/19


15 | P a g e

Router#show waas statistics application app-name WebApplication: WebTCP Data VolumesConnection Type Inbound OutboundOpt TCP Plus 833211856 208318494

Orig TCP Plus 1466327910 4070674982Opt TCP Only 0 0Orig TCP Only 0 0Internal Client 0 0Internal Server 0 0

TCP Connection CountsConnection Type Active CompletedOpt TCP Plus 93 6573Opt TCP Only 0 0Internal Client 0 0Internal Server 0 0

Pass Through Connection CountsConnection Type CompletedPT Asymmetric 0

PT Capabilities 0PT Intermediate 0PT_Other 0Connection Reset: 0

Router#show waas statistics class class-name HTTPClass HTTPTCP Data VolumesConnection Type Inbound OutboundOpt TCP Plus 835810463 208627785Orig TCP Plus 1468510940 4083651837Opt TCP Only 0 0Orig TCP Only 0 0Internal Client 0 0Internal Server 0 0

TCP Connection CountsConnection Type Active CompletedOpt TCP Plus 91 6596Opt TCP Only 0 0Internal Client 0 0Internal Server 0 0

Pass Through Connection CountsConnection Type CompletedPT Asymmetric 0PT Capabilities 0PT Intermediate 0PT_Other 0Connection Reset: 0

You can also display global optimization statistics using show waas statistics global command. Thecommand displays traffic volume, number of optimized TCP connections, and the number of pass-throughconnections.

Router#show waas statistics globalTCP Data VolumesConnection Type Inbound OutboundOpt TCP Plus 1054261958 1197119478Orig TCP Plus 3201731649 7981436893Opt TCP Only 179907036 430639


17/19


16 | P a g e

Orig TCP Only 430639 179907036Internal Client 0 0Internal Server 0 0

TCP Connection CountsConnection Type Active Completed

Opt TCP Plus 143 27145Opt TCP Only 10 294Internal Client 0 0Internal Server 0 0

Pass Through Connection CountsConnection Type CompletedPT Asymmetric 0PT Capabilities 0PT Intermediate 0PT_Other 459Connection Reset: 634

To see more break-down statistics of different pass-through connections, use command show waasstatistics pass-through.

Router#show waas statistics pass-throughPass Through Statistics:Overall: 578No Peer: 59Rejected due to Capabilities: 20Rejected due to Resources: 0Interface Application config: 496Interface Global config: 0Assymmetric setup: 0Peer sync was in progress: 0IOS WAAS is intermediate router: 0Internal error: 0Other end is in black list: 0AD version mismatch: 0Incompatable AO: 0

Connection limit exceeded: 0AOIM peertable full: 0Others: 3


18/19


17 | P a g e

8 View the Optimization Statistics on WAAS Central

Manager

WAAS Central Manager can also display several optimization statistics by periodically poll WAAS Expressrouter. This can be seen by viewing the device portal page on the WAAS Central Manager.

9 WAAS Express Use Cases and Solution Integration

The following use cases are supported by WAAS Express. For detailed information on specific WAASExpress deployment scenarios, please consult WAAS Express design guides in the reference section.

Private WAN Primary and Backup

Public WAN with VPN, Zone-based Firewall, NAT, and QoS

Medium to Large voice enabled branches with DMVPN CVO

3G WAN branches

Retail branches

10 References


19/19


18 | P a g e

As seen in this document, both CLI and WAAS Central Manager can be used to manage the WAASExpress router. WAAS Express provides a single command approach to enable the feature. Please referto documents below for more information.

WAAS Express Product Page (http://wwwin-dev.cisco.com/artg/products/waas/)

WAAS Express FAQ (http://wwwin-dev.cisco.com/artg/products/waas/prodlit/FAQ-C67-611645-

00_WAAS-Expressv3-8-20-v3.pdf) Cisco Software License Activation Portal (http://www.cisco.com/go/license)

WAAS appliance configuration guide: Configuring Traffic Interception(http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v421/configuration/guide/traffic.html#wp1041400)

Persistent self-signed certificates(http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtpsscer.html)

WAAS Express CVO and Retail CVD (TBD)

WAAS Express medium branch CVD (TBD)

WAAS Express large branch CVD (TBD)
http://wwwin-dev.cisco.com/artg/products/waas/http://wwwin-dev.cisco.com/artg/products/waas/prodlit/FAQ-C67-611645-00_WAAS-Expressv3-8-20-v3.pdfhttp://wwwin-dev.cisco.com/artg/products/waas/prodlit/FAQ-C67-611645-00_WAAS-Expressv3-8-20-v3.pdfhttp://www.cisco.com/go/licensehttp://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v421/configuration/guide/traffic.htmlhttp://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v421/configuration/guide/traffic.htmlhttp://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtpsscer.htmlhttp://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtpsscer.htmlhttp://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v421/configuration/guide/traffic.htmlhttp://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v421/configuration/guide/traffic.htmlhttp://www.cisco.com/go/licensehttp://wwwin-dev.cisco.com/artg/products/waas/prodlit/FAQ-C67-611645-00_WAAS-Expressv3-8-20-v3.pdfhttp://wwwin-dev.cisco.com/artg/products/waas/prodlit/FAQ-C67-611645-00_WAAS-Expressv3-8-20-v3.pdfhttp://wwwin-dev.cisco.com/artg/products/waas/

Waas Express Deployment Guide

Documents

Transcript of Waas Express Deployment Guide