Table Of Contents
Cisco Wide Area Application Services vWAAS Installation and Configuration Guide
April 30, 2013
This document describes how to install and configure virtual WAAS (vWAAS) on a VMware virtual machine (VM). The vWAAS software is a virtual form of WAN optimization that supports a virtual private cloud, and on- demand provisioning and teardown, reducing the branch office and data center footprint.
This document includes the following sections:
The vWAAS software supports WAN optimization in a cloud environment where physical WAE devices cannot usually be deployed. It also follows the VMware ESXi standard as the preferred platform to deploy data center applications and services.
Virtualization provides various benefits like elasticity, ease of maintenance, and a reduction of branch office and data center footprint. Virtual WAN optimization is the solution to virtual private cloud deployments that require on-demand provisioning and teardown. (See Figure 1.)
Figure 1 vWAAS—Virtual Private Cloud
vWAAS can be deployed at the traditional WAN-edge, in both the branch office and data center. It can also be deployed close to the server when vPATH interception is used.
This section includes the requirements for vWAAS:
–Cisco UCS or other x86 server including:
—64-bit CPU hardware from the VMware compatibility list (HCL).
—Intel VT (virtualization technology) enabled in the BIOS.
–Cisco ISR G2 with an UCS E-Series server module.
–Cisco UCS or other x86 server—VMware ESX/ESXi 4.0+ hypervisor.
–Cisco ISR G2— VMware ESX/ESXi 5.0.1 hypervisor (custom image).
Refer to the "Installing the Operating System or Hypervisor" chapter of the Getting Started guide for Cisco UCS E-Series Servers for download instructions
–WAAS ESXi support matrix for WAAS versions 5.1 and 5.2:
•VMware vCenter server and vSphere client version 4.x management software.
•For virtual WAAS models that have a disk size greater than 256 GB, a datastore block size greater than 1 MB is required.
The following VMFS (Virtual Machine File System) limitations apply:
•ESXi server datastore memory and disk space per model:
•For the vWAAS datastore, you can use either SAN storage or local storage on the ESXi server. NAS storage should only be used in nonproduction scenarios (for test purposes, for example).
•The OVA file for the specific virtual WAAS model (all models are available with WAAS version 4.3.1 and later, except as noted):
vWAAS Model Filename
•An ESXi server that has access to either a Central Manager or a virtual Central Manager (models vCM-100N or vCM-2000N) before installing vWAAS. A vCM does not require a Central Manager.
•Nexus 1000v version 4.2(1)SV1(4) for vPATH interception.
Note On the UCS E-Series Server Module running vWAAS, downgrading to a version earlier than 5.1.1 is not supported. On other vWAAS devices you cannot downgrade to a version earlier than 4.3.1.
Installing the vWAAS VM
You must first install the vWAAS VM on the VMware server using vSphere before configuring vWAAS. To install the vWAAS VM, follow these steps:
Step 1 From the vSphere Client, choose File > Deploy OVF Template. (See Figure 2.)
Figure 2 vWAAS—Deploy OVF Template
The Source window appears.
Step 2 Click Browse.
The Open window appears.
Step 3 Navigate to the location of the vWAAS OVA file and click Open.
Step 4 Click Next to accept the selected OVA file.
The Name and Location window appears.
Step 5 Enter a name for the vWAAS VM, choose the appropriate data center, and then click Next. (See Figure 3.)
Figure 3 vWAAS—Name and Data Center Location
The Cluster window appears (if a cluster is configured), or the Resource Pool window appears (if a resource pool is configured). Otherwise, the Datastore window appears (in this case, skip to Step 7).
Step 6 If configured, choose a cluster for the vWAAS VM or, if configured, choose the resource pool and then click Next.
The Datastore window appears.
Step 7 Choose a datastore to host the virtual machine and click Next. (See Figure 4.)
Figure 4 vWAAS—Datastore
Note The datastore must be formatted with a block size greater than 1 MB to support file sizes larger than 256 GB.
The Disk Format window appears.
Step 8 Choose Thick provisioned format disk format and click Next. (See Figure 5.)
Figure 5 vWAAS—Disk Format
Note You must choose Thick provisioned format for vWAAS deployment.
The Network Mapping window appears.
Step 9 Choose the network mapping provided by ESXi and click Next. You have the option to change this later if necessary. (See Figure 6.)
Figure 6 vWAAS—Network Mapping
The Ready to Complete window appears.
Step 10 Click Finish to complete the installation.
The status window appears while the OVA file is being deployed. (See Figure 7.)
Figure 7 vWAAS—Status Window
Step 11 When the deployment is finished, the Deployment Completed Successfully window appears. (See Figure 8.)
Figure 8 vWAAS—Completed
Step 12 You are ready to start the VM. Highlight the vWAAS VM and click Power on Virtual Machine.
Step 13 After vWAAS finishes booting, click the Console tab to view boot up messages. (See Figure 9.)
Figure 9 vWAAS—Console
For vWAAS configuration information, see the "Configuring vWAAS" section.
Once the vWAAS VM has been installed, you must configure the following vWAAS settings:
•IP address and netmask
•Default gateway and primary interface
•Central Manager address
•Interception (WCCP or other)
To configure vWAAS for network connectivity, follow these steps:
Step 1 In the vSphere Client, choose the Console tab and log in to the vWAAS console.
The username is admin, and password is default.
Step 2 Configure the IP address and netmask using the interface virtual command:VWAAS(config)# interface virtual 1/0VWAAS(config-if)# ip address 188.8.131.52 255.255.255.0VWAAS(config-if)# exit
Step 3 Configure the default gateway and primary interface using the ip command:VWAAS(config)# ip default-gateway 184.108.40.206
Note If you are using both virtual 1/0 and virtual 2/0 interfaces, you must associate the IP default gateway with the interface that is being used for vPATH interception. To route traffic through another virtual interface (generally management traffic to the Central Manager), you must configure a static route.
VWAAS(config)# ip primary-interface virtual 1/0
Note If you are using a separate virtual interface for management traffic, you must set the management virtual interface as the primary interface.
Ping the IP addresses of the default gateway and Central Manager to verify they can be reached before continuing to the next step.
Step 4 Add the Enterprise license using the license command:VWAAS# license add Enterprise
Step 5 Add the Central Manager address using the central-manager command:VWAAS(config)# central-manager address 220.127.116.11
Step 6 Enable CMS to register with the Central Manager using the cms command:VWAAS(config)# cms enable
Note vWAAS registration with the Central Manager is mandatory before traffic can be optimized.
Step 7 Configure either WCCP or vPATH interception for traffic redirection to vWAAS. WCCP uses a WCCP-enabled router or Layer 3 switch, while vPATH redirects traffic from within the Nexus 1000v virtual switch. For vPATH interception, see the "vPATH Interception" section.
Note You must configure WCCP-GRE redirection method for vWAAS running on a Cisco ISR G2 server when using slot 0 on the router that is configured as IP unnumbered. WCCP L2 is not supported.
Refer to the Wide Area Application Services Configuration Guide to enable and configure WCCP interception.
Refer to the Wide Area Application Services Command Reference for more information on specific commands.
When vWAAS is deployed as a network service in the virtual data center, server traffic is intercepted in the Nexus 1000v virtual switch using vPATH interception and redirected to vWAAS for WAN optimization.
This section includes the following topics:
vPATH interception is configured on the port profile of the VM server in both directions to redirect the VM server packets to vWAAS. vWAAS receives the vPATH intercepted packet, performs WAN optimization, and returns the response packet to the VEM.
The vWAAS egress traffic received by the VEM is forwarded without further vPATH interception. (See Figure 10.)
Figure 10 vPATH Interception Overview
A special VLAN called the Nexus 1000v service VLAN is used for packets intercepted by vPATH and packets returned by vWAAS.
The Nexus 1000v switch uses the ARP mechanism in the service VLAN to check the status of vWAAS. If the switch does not receive any ARP replies from vWAAS during the timeout interval (18 to 24 seconds), the vWAAS is declared unreachable and it is removed from the service path. This behavior is known as fail-open mode, specified in the VN service configuration.
The key benefits of vPATH interception are the following:
•No need to define the direction of interception (in or out)—vPATH maintains a flow entry table for each TCP flow that is used to intercept and redirect traffic.
•Automatic bypass of pass-through traffic—vWAAS automatically sends offload to vPATH for pass-though traffic.
•Policy-based configuration—Policies defined in the Nexus 1000v VSM are propagated to VMware vCenter and applied to the specified virtual machine.
•VM mobility awareness—If a virtual machine is moved, vPATH continues to intercept and redirect traffic without requiring any network changes.
•Fault-tolerant persistent performance—vWAAS DRE cache can be deployed in SAN. VMware HA creates a new VM upon failure of the vWAAS using the same DRE cache storage.
The following requirements apply to the Nexus 1000V to support vPATH interception:
•Nexus 1000V 4.2(1)SV1(4) software version
•ESX/ESXi 4.0 Update 1 or later
•Virtual supervisor module (VSM) installed and configured
•Port profiles created (including vWAAS network profile, service-VLAN, which is mandatory)
•Virtual ethernet modules (VEM) installed
•Default network interface adapter for vWAAS with WAAS 5.1.1 and above is VMXNET3. For vWAAS with WAAS 5.2.1 and above, either VMXNET3 or E1000 can be used as the network interface adapter.
vPATH interception method is used in the Nexus 1000v switch for vWAAS deployment in the data center.
Note VPATH 2.0 is supported on WAAS version 5.2 with the Nexus 1000v switch versions 1.52 and 2.1. If you are running a WAAS version earlier than 5.2 and upgrade to the Nexus 1000v version 1.52 or later, you must upgrade to WAAS version 5.2
Internet traffic destined to the server is intercepted by the Nexus 1000v virtual switch (residing in the ESX host) and redirected to vWAAS for WAN optimization. vWAAS can run either in the same ESX host or in another ESX host which is L2 adjacent.
Similarly, the traffic from the server is also intercepted by Nexus 1000v switch and redirected to vWAAS for WAN optimization. (See Figure 11.)
Figure 11 vWAAS—vPATH Interception
To configure vPATH interception in the Nexus 1000v for vWAAS, you must configure port and VN service profiles, in addition to enabling vPATH:
–Create a port profile for vWAAS (WAAS VLAN)
–Attach the vWAAS port profile to the vWAAS VM
•Enable vPATH using the interception-method vn-service vpath global configuration command in vWAAS
•Configure vPATH interception on the port profile of the server to be optimized
Refer to the Cisco Wide Area Application Services Command Reference for more information on the vn-service global configuration command.
Displaying Version Information
To display vWAAS version information, enter the following commands:VWAAS# show versionCisco Wide Area Application Services Software (WAAS)Copyright (c) 1999-2012 by Cisco Systems, Inc.Cisco Wide Area Application Services (universal-k9) Software Release 5.1.1 (build b15Dec 17 2012)Version: oe294-18.104.22.168Compiled 02:35:03 Dec 17 2012 by masterDevice Id: 50:3d:e5:9c:8f:a5System was restarted on Mon Dec 17 19:32:34 2012.System restart reason: called via cli.The system has been up for 5 hours, 59 minutes, 45 seconds.VWAAS# show hardwareCisco Wide Area Application Services Software (WAAS)Copyright (c) 1999-2012 by Cisco Systems, Inc.Cisco Wide Area Application Services (universal-k9) Software Release 5.1.1 (build b15Dec 17 2012)Version: oe294-22.214.171.124Compiled 02:35:03 Dec 17 2012 by masterDevice Id: 50:3d:e5:9c:8f:a5System was restarted on Mon Dec 17 19:32:34 2012.System restart reason: called via cli.The system has been up for 6 hours, 40 seconds.CPU 0 is GenuineIntel Intel(R) Pentium(R) CPU G6950 @ 2.80GHz (rev 37)running at 2792MHz.CPU 1 is GenuineIntel Intel(R) Pentium(R) CPU G6950 @ 2.80GHz (rev 37)running at 2792MHz.Total 1 CPU, 2 CPU Cores, and 2 CPU Threads.4096 Mbytes of Physical memory.3968 MBytes of flash memory14 GigabitEthernet interfaces1 Console interface with RJ45 and mini-USB connectors1 external USB interfaceCavium Nitrox XL NPX (CN1620) Crypto Accelerator [ OK ]Quack Chip Echo Test: PASSWAVE-294-K9BIOS Information:Vendor :American Megatrends Inc.Version :A33C116ARel. Date :04/28/2011System Power Restore : Power OnMainboard info:Model : OE294Serial Number : FCH1524V01QDetailed Memory Device (DIMM) configurationSize Locator Position Serial Number2048 MB CHANNELA_DIMM1 CHANNELA 58048EDE2048 MB CHANNELB_DIMM1 CHANNELB 570489DEList of all disk drives:Physical disk information:disk00: Present 9XE005EF (h00 c00 i00 l00 - Int DAS-SATA)238472MB(232.9GB)Mounted file systems:MOUNT POINT TYPE DEVICE SIZE INUSE FREE USE%/swstore internal /dev/sda2 1983MB 944MB 1039MB 47%/state internal /dev/sda3 5951MB 489MB 5462MB 8%/local/local1 SYSFS /dev/sda6 11903MB 3477MB 8426MB 29%/sw internal /dev/sda1 1983MB 945MB 1038MB 47%/state/likewise/swinternal /dev/sda1 1983MB 945MB 1038MB 47%/state/likewise/local/local1internal /dev/sda6 11903MB 3477MB 8426MB 29%/local/local1/spoolPRINTSPOOL /dev/data1/spool 991MB 32MB 959MB 3%/obj1 CONTENT /dev/data1/obj 101177MB 139MB 101038MB 0%/dre1 CONTENT /dev/data1/dre 39677MB 39078MB 599MB 98%/ackq1 internal /dev/data1/ackq 1189MB 0MB 1189MB 0%/plz1 internal /dev/data1/plz 2379MB 1MB 2378MB 0%No RAID devices present.Disk encryption feature is disabled.Primary Power Supply Unit (Installed)PCI express link speed : 5.0 GT/s (Optimal)PCI express link width : Gen 2 (x8) (Optimal)Total number of system fans is 5
Under rare conditions, the vWAAS VM may boot into diskless mode if other VMs on the host VM server do not release control of system resources or the physical disks become unresponsive. The vWAAS device raises a disk_failure critical alarm for disk01 and the show disk details EXEC command shows disk01 as Not used until replaced.
To recover from this failure, follow these steps:
Step 1 Reenable the disk.vwaas# configvwaas(config)# no disk disk-name disk00 shutdown forcevwaas(config)# exit
Step 2 Reload vWAAS.vwaas# reload
For additional information on the Cisco WAAS software, see the following documentation:
•Cisco Wide Area Application Services Online Help
•Cisco Nexus 1000V Software Installation Guide, Release 4.2(1) SV1(4)
•Cisco Nexus 1000V Getting Started Guide, Release 4.2(1) SV1(4)
•Cisco Nexus 1000V and VMware Compatibility Information, Release 4.2(1) SV1(4)
•Cisco Virtual Security Gateway Firewall Policy Configuration Guide, Release 4.2(1)VSG1(1)
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2010-2013 Cisco Systems, Inc. All rights reserved.