Contents
Cisco's Wide-Area Application Services (WAAS) Express feature is a key component of the Cisco WAAS product portfolio. WAAS Express is a cost-effective, IOS-based, WAN optimization solution that increases the amount of available bandwidth for small-to-mid-size branch offices and remote locations, while accelerating TCP-based applications that operate in a WAN environment.
WAAS Express uses the capabilities of IOS software and provides a small-footprint, cost-effective solution that transparently integrates into the Integrated Services Routers (ISRs) Generation 2 (G2). WAAS Express extends the WAN optimization solution to the entire ISR G2. WAAS Express is fully interoperable with WAAS on Service Module-Service Ready Engine (SM-SRE) modules and with WAAS appliances and can be managed by a common WAAS Central Manager (WCM).
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
WAAS Express requires a Wide-Area Application Virtualization Engine (WAVE) as a peer device, running WAAS Version 4.4.3c.9 or higher, at the data center. WAAS Express requires no additional hardware, assuming that the maximum memory is installed on the device. WAAS Express uses the device's CPU and memory for optimization. The data center component consists of a Cisco WAAS data center appliance and a WAAS Central Manager to manage WAAS Express-enabled devices.
You must have a valid license for WAAS Express. WAAS Express includes an evaluation license for 60 days. WAAS Express switches to one of the following modes based on the available memory on the device:
Note |
The maximum and default memory depend on the device. |
The number of connections that can be optimized on a platform running WAAS Express depend on the mode enabled. For example, on a particular platform, WAAS Express can optimize 200 connections in the WAAS_Standard mode, but can optimize only up to 50 connections in the WAAS_Trial_Limited mode; if there are more than 50 concurrent connections in WAAS_Trial_Limited mode, they will be passed through and not optimized.
The amount of Data Redundancy Elimination (DRE) cache also depends on the mode being operated.
The Wide-Area Application Services (WAAS) Express software optimizes TCP traffic flows across a WAN. WAAS Express integrates with native services such as security, NetFlow, and quality of service (QoS). WAAS Express provides the following benefits:
WAAS Express is supported on Cisco ISR G2 devices (Cisco 800, Cisco 890, Cisco 1905, Cisco 1921, Cisco 1941, Cisco 2901, Cisco 2911, Cisco 2921, Cisco 2951, Cisco 3925, and Cisco 3945 Series routers) only. These devices must have the maximum Dynamic random-access memory (DRAM) installed because WAAS Express stores Data Redundancy Elimination (DRE) cache in DRAM. For more information about DRE, see the "Compression" section. WAAS Express supports WAN speeds in the range from 1.5 to 10 Mbps.
WAAS Express switches to one of the following modes based on the available memory on the device: WAAS_Standard, WAAS_Trial_Limited, or WAAS_Disabled. The table below lists the default memory and maximum memory that can be installed on each of the devices that supports WAAS Express.
The Cisco WAN optimization system consists of ISR G2 devices running the WAAS Express software feature and WAVEs that work together to optimize TCP traffic in your network. When client and server applications attempt to communicate with each other, the network intercepts the traffic and acts on behalf of the client application and the destination server. WAAS Express and Wide-Area Application Virtualization Engines (WAVE) examine the traffic and use built-in application policies to determine whether the traffic in the network can be optimized.
Any application that uses TCP as its underlying transport can benefit from WAAS Express. However, a lot depends on the redundant elements in the application's transactions and the WAN bandwidth condition. The more the redundancy, the more the application is benefitted by WAAS Express. Typical applications that benefit from WAAS Express include HTTP, FTP, and mail applications.
WAAS Express uses the following TCP optimization techniques to overcome the most common challenges associated with transporting traffic over a WAN:
Two devices using WAAS Express can optimize network traffic between themselves, but without any DRE.
When a WAAS Express device is moved from one device group to another device group on the WAAS Central Manager (WCM), the policy definitions under the new device group do not function. When a device is unassigned from a device group, the device gets the policies from the backup policy set from the previously assigned group.
Perform the following steps on WCM when you move a device between device groups. You can either perform only the first step or perform from step 2 through step 4 to move a device between device groups.
WAAS Express offers the following benefits:
The following steps describe how a Wide-Area Application Services (WAAS) Express-enabled network optimizes connections between a branch office client and the destination server:
WAAS Express does not optimize traffic in the following scenarios:
Note |
If unoptimized traffic reaches a WAVE, the WAVE forwards the traffic in pass-through mode without affecting the performance of the application by using the passed-through connection. |
WAAS Express uses the transport flow optimization (TFO) features described in the following sections to optimize the traffic intercepted by WAAS devices. TFO protects the communicating clients and servers from negative WAN conditions such as bandwidth constraints, packet loss, congestion, and retransmission.
Windows scaling allows the receiver of a TCP packet to advertise that its TCP receive window can exceed 64 KB. The receive window size determines the amount of space available on the receiver for unacknowledged data. Windows scaling allows TCP endpoints to take advantage of the bandwidth available in your network and not be limited to the default window size specified in the TCP header.
Note |
WAAS Express limits the maximum receive window size to 64 KB on the WAN side and to 32 KB on the LAN side. |
RFC 1323 describes TCP extensions for high performance.
Selective Acknowledgement (SACK) is an efficient packet loss recovery and retransmission feature that allows clients to recover from packet losses more quickly than the default recovery mechanism used by TCP.
By default, TCP uses a cumulative acknowledgment scheme that forces the sender either to wait for a round trip to learn if any packets were not received by the recipient or to unnecessarily retransmit segments that may have been correctly received.
SACK allows the receiver to inform the sender about all segments received, so the sender needs to retransmit only the segments that are lost.
RFC 2018 describes TCP SACK options.
Binary Increase Congestion (BIC) TCP is a congestion management protocol that enables a network to recover quickly from packet loss events.
When a network loses a packet, BIC TCP reduces the receiver's window size and sets that reduced size as the new value for the minimum window size value. BIC TCP then sets the maximum window size value to the size of the window that existed just before the packet loss occurred. Because packet loss occurred at the maximum window size, the network can transfer traffic without dropping packets with sizes between the minimum and maximum window size values.
If BIC TCP does not register packet loss at the updated maximum window size, then this window size becomes the new minimum. If packet loss does occur, the updated window size becomes the new maximum. This process continues until BIC TCP determines the new optimum minimum and maximum window size values.
WAAS Express uses two compression technologies to help reduce the size of data transmitted over a WAN: DRE and Lempel-Ziv (LZ).
These compression technologies reduce the size of transmitted data by removing redundant information before sending the shortened data stream over WAN. By reducing the amount of transferred data, WAAS compression can reduce network utilization and application response times.
When WAAS Express uses compression to optimize TCP traffic, it replaces repeated data in the stream with a much shorter reference and then sends the shortened data stream across the WAN. The receiving WAAS Express device uses its local redundancy library to reconstruct the data stream before passing it to the destination client or server.
Lempel-Ziv (LZ) is a standards-based compression that can minimize the amount of bandwidth consumed by a TCP flow. LZ compression operates on smaller data streams and keeps limited compression history.
Traffic between two WAAS Express devices is optimized using TFO and LZ.
LZ compression can be used in conjunction with DRE or independently.
The Data Redundancy Elimination (DRE) compression scheme is based on a shared cache architecture, where each device involved in compression and decompression shares the same redundancy library.
DRE operates on significantly large data streams (typically tens to hundreds of bytes or more) and maintains a much larger compression history. Large chunks of redundant data are common in file system operations when files are incrementally changed from one version to another or when certain elements such as file headers and logos are common to many files.
In WAAS Express, DRE is performed completely in device memory; thus maximum DRAM is required in every platform.
Note |
DRE optimization is not supported for connections between WAAS Express devices. In such cases, traffic is optimized using TFO and LZ. |
WAAS Express compresses upload traffic (with some limitations) by using the DRE algorithm. WAAS Express decompresses the download traffic that is compressed using DRE.
With WAAS Express Phase 2, DRE compression is also supported in the upload direction. You can enable or disable the upload DRE operations for troubleshooting purposes.
Upload DRE is useful in the download-edit-upload scenario, where a user in a branch office downloads a file from the data center, modifies the file, and uploads the modified document back to the data center. If the modifications are small and localized, the upload of the modified file can benefit from the unmodified contents stored in the DRE cache. The compression in the upload direction is performed based on the cache entries that were added in the download direction.
The autodiscovery feature of WAAS Express enables WAVEs and WAAS Express devices to automatically locate peer WAVEs on a network by adding TCP options on control packets. After discovering a peer device automatically, the WAVEs terminate and separate the LAN-to-WAN TCP connections and add a buffering layer to resolve the differing speeds or WAAS Express proxies the connection on the device in different segments to achieve optimization benefits. After a WAVE establishes a connection with a peer WAVE, the two devices can establish an optimized link for TCP traffic or pass the non-TCP traffic as unoptimized.
The autodiscovery of peer WAAS devices is achieved using TCP options. These TCP options are recognized and understood only by WAAS devices and are ignored by non-WAAS devices.
A server is blacklisted by WAAS Express if the server is not able to receive TCP packets with options because these TCP packets are being blocked by network devices such as firewalls. WAAS Express learns not to send TCP packets with options to these blacklisted servers.
In addition to the TCP optimization features that enhance the flow of traffic over a WAN, WAAS Express provides selected application acceleration benefits. WAAS Express reduces the response time of remote applications. Even though TFO optimizes traffic over a WAN, protocol messages between branch office clients and remote servers can cause slow application response time. To resolve this issue, WAAS Express helps to respond to messages locally so that the client need not wait for a response from the remote server.
For an accelerator to operate, you must enable the accelerator on both the WAAS Express device and the peer WAVE at either end of a WAN link. CIFS-Express is a single-sided accelerator; it works when it is enabled only on the WAAS Express device. Each WAAS Express-enabled device uses application policies to match specific types of traffic to an application and to determine whether that application traffic should be optimized and accelerated. For more information, see the "WAAS Application Policies" section.
All WAAS Express accelerators, except SSL-Express accelerator, are mutually exclusive. This means that only one accelerator is applied to a specific flow. The only two accelerators that can act in conjunction are SSL-Express and HTTP-Express accelerators. TFO, along with DRE and LZ, forms a transport optimization (TO) module.
For a particular flow, the following optimizations are possible:
CIFS-Express accelerator allows a WAAS Express-enabled device to reply to client requests by using locally cached data instead of retrieving this data from remote file and application servers.
In a typical Common Internet File System (CIFS) application accelerator scenario, a client sends a large number of synchronous requests that require the client to wait for a response before sending the next request. Compressing data over the WAN is not sufficient for an acceptable response time. For example, when you open a 5 MB Word document, about 700 CIFS requests (550 read requests plus 150 other requests) are produced. If all these requests are sent over a 100 ms round trip WAN, the response time is at least 70 seconds (700 x 0.1 seconds). WAAS CIFS-Express accelerator minimizes the synchronous effect of the CIFS protocol, which reduces application response time.
CIFS-Express accelerator requires about 10 MB of memory as a global entity (across all platforms) and about 130 KB for each supported flow. Other accelerators, such as HTTP-Express accelerator, that are mutually exclusive with CIFS-Express accelerator use the same 130 KB per flow.
CIFS-Express accelerator supports the following:
CIFS-Express accelerator operates only on flows where WAAS Express is configured on an edge device; CIFS-Express accelerator is not applied to a connection if the WAAS Express device acts as a core device for a CIFS-Express session.
You can enable CIFS-Express accelerator by using the enable command in WAAS CIFS configuration mode and disable it by using the no form of the command. Enter the WAAS CIFS configuration mode by using the accelerator cifs-express command in parameter map configuration mode. In addition to the global CIFS-Express accelerator configuration, you can configure traffic streams, classified by the Cisco Common Classification Policy Language policy map, that will go through CIFS-Express acceleration. This can be achieved by updating the class map configuration in WAAS Express by using the optimize tfo command.
CIFS works on TCP ports 139 and 445. Both the ports are subject to optimization when synchronization messages (SYNs), with one of these values on the destination port, arrive on the LAN side.
The subsequent sections describe CIFS-Express acceleration that require minimum memory and CPU resources.
The read ahead feature of the CIFS-Express accelerator allows WAAS Express to read a file ahead of user requests when an application is conducting a sequential file read. The maximum read request in CIFS is limited to 64 KB. Most applications, including Microsoft Office and Windows Explorer, do not pipeline read requests.
The async write feature of CIFS-Express accelerator facilitates efficient write operations. The maximum write request in CIFS is 64 KB.
The mechanism followed by CIFS-Express accelerator to write asynchronously is described below.
Whenever a write request arrives, the accelerator forwards the request to the server and provides a local success reply to the client.
Because the primary reason for write request failures is a lack of disk space or quota, async write optimization is disabled when the available space drops below 20 MB. This value can be configured.
The negative caching feature of CIFS-Express accelerator allows WAAS Express to store information about missing files to reduce round-trips across the WAN.
While browsing directories (remote or local) in a Windows operating system before Windows 7, Windows Explorer continuously asks for mostly nonexistent files and metadata, such as icons, thumbnails, and author information. This metadata is stored in "alternate data streams," and therefore, the negative caching is also referred to as the alternate data streaming negative caching.
The accelerator caches negative response for 3 seconds (this can be configured) and provides local responses if possible. The reason for the relatively short, default 3 seconds interval is to decrease the probability of issues that might be caused when alternate data streams are created by another desktop during the same period.
WAAS Express optimizes web-based applications by using the HTTP-Express accelerator. This accelerator express enables a fast connection setup and eliminates round trips associated with the connection setup. HTTP-Express accelerator also helps to minimize the impact of latency or limited bandwidth.
HTTP-Express accelerator operates only on flows where WAAS Express is configured on an edge device. WAAS Express applies HTTP-Express acceleration only if the connections originate from the branch; the connections originating from the data center are not optimized.
You can enable HTTP-Express accelerator by using the enable command in WAAS HTTP configuration mode and disable the accelerator by using the no form of the command. Enter the WAAS HTTP configuration mode by using the accelerator http-express command in parameter map configuration mode. In addition to the global HTTP-Express accelerator configuration, you can configure traffic streams, classified by the Cisco Common Classification Policy Language policy map, that will go through HTTP-Express acceleration. This can be achieved by updating the class map configuration in WAAS Express using the optimize tfo command.
By default, when the HTTP-Express accelerator is enabled, it is applied for ports 80, 8080, 8000, 8001, and 3128, which are classified as HTTP under the default application policy configuration.
HTTP metadata caching enables the client side WAVE to respond locally to certain types of HTTP requests by caching the metadata information found in the HTTP response headers. A metadata cache is used to store attributes of an object, but not the actual object. Expiration time (time beyond which an object cannot be cached), file name, and file size are some examples of metadata.
Metadata cache is used to eliminate unnecessary round trips to the server over the WAN by locally servicing conditional requests at the branch WAAS Express when possible (thereby reducing the latency experienced by the client).
Metadata cache serves the following types of HTTP responses from the local cache of the edge WAAS Express device:
HTTP metadata cache is used to cache all metadata entries necessary for the above listed responses. The table below lists the header information stored in metadata cache:
Table 1 | HTTP Information Stored in Metadata Cache |
Header | Description |
Etag |
The entity tag associated with this entity. It is represented as a string. |
Expires |
The date and time at which this entity will no longer be valid and will need to be fetched again from the original source. It is expressed in absolute time and is used for HTTP1.0+ compatibility. It is represented as a string. |
Max-age |
The amount of time for which the entry will still be valid. It is expressed in seconds, starting at the time the server created it. This is the HTTP1.1 accepted expiration time. |
Last-Modified |
The last date and time when this entity changed. It is expressed in absolute time as a string. |
If the responses from the server contain any cache-control directives that do not allow caching, HTTP-Express accelerator does not cache any content from these responses. The cache-control attributes include:
The DRE module operates on chunks of data and helps to avoid transferring redundant information on the WAN, irrespective of the Layer 7 protocol.
HTTP-Express accelerator can pass DRE hints to the DRE module at any point during a session. The hints are provided to the DRE module based on payload, resulting in better compression and improved overall DRE efficiency. Since HTTP-Express accelerator parses the Layer 7 content, the accelerator can provide the following useful hints to the DRE module:
When the response from the server is already compressed, such as in the form of a jpeg or gzip file, HTTP-Express accelerator can instruct the DRE module to not apply LZ compression again. This can save some CPU cycles on WAAS Express.
Multiple HTTP requests that request for the same file can have different headers even if the file being transferred is the same. To improve DRE compression in these cases, HTTP-Express accelerator can instruct DRE to skip the header bytes.
Servers commonly serve web pages with minimal variations to different clients. Such pages, when compressed by the server, can vary considerably even when the uncompressed files are very similar. This reduces the effectiveness of DRE.
This problem can be solved by suppressing the server side encoding and allowing the core side WAAS device to apply LZ compression on the data after using DRE. If the client side WAAS Express removes any Accept-Encoding header from HTTP requests before sending them to the server, the server will not compress the data it sends. WAAS Express uses this mechanism to provide better compression on HTTP response from the server and also frees the server from the additional computation required to compress responses.
WAAS Express optimizes Secure Sockets Layer (SSL) web-based applications by applying SSL-Express acceleration along with generic optimization and compression techniques (TFO/DRE/LZ). By adding the capability to encrypt and decrypt SSL traffic, SSL-Express accelerator provides the benefits of DRE, LZ, and TFO to the SSL traffic between the client and the server. If SSL-Express accelerator is not enabled, the WAAS Express DRE optimizations are not effective on SSL-encrypted traffic. SSL-Express accelerator enables WAAS Express to decrypt data and apply optimizations while maintaining the security of the connection.
Note |
SSL-Express accelerator is applicable only if LZ and DRE optimizations are successfully negotiated and applied to the connection; otherwise, only TFO is applied to the connection. |
SSL and TLS protocols encrypt TCP segments by using various symmetric cryptographic algorithms, such as Advanced Encryption Standard (AES) and Data Encryption Standard (DES). SSL-Express accelerator supports SSL Version 3.0 and TLS Version 1.0. If a client attempts to initiate an SSL session with a higher version, the core device will attempt to downgrade the session to a lower supported version.
SSL-Express accelerator operates only on flows where WAAS Express is configured on an edge device; SSL-Express accelerator is not applied to a connection if the WAAS Express device acts as a core device for an SSL session. In addition, WAAS Express applies SSL-Express acceleration only if the connections originate from the branch; the connections originating from the data center are not optimized.
You can enable SSL-Express accelerator by using the enable command in WAAS SSL configuration mode and disable the accelerator by using the no form of the command. Enter the WAAS SSL configuration mode by using the accelerator ssl-express command in parameter map configuration mode. You can create a cipher list, specify the version of the SSL protocol, and associate the accelerator with a valid trustpoint label to configure SSL-Express accelerator. Default values are used if these parameters are not configured. You can also configure peering service to control the secure communications established by SSL-Express accelerator between WAAS Express devices while optimizing SSL connections.
When an SSL connection is optimized by SSL-Express accelerator, WAAS Express generates an empty SSL fragment and sends it to a client as the first encrypted message. This behavior can impact interoperability with older versions of the client applications such as Internet Explorer 6. You can disable the generation and sending of this empty SSL fragment using the no empty-ssl-fragment-insertion command in WAAS SSL configuration mode.
An SSL session comprises the following phases: SSL handshake, SSL rehandshake, SSL data transfer, and SSL shutdown or alerts. Since SSL is an end-to-end security protocol, decryption of data by any device in between the end hosts is not possible without the knowledge of the private key of the server. The session keys derived by the core device are sent to the edge device over the WAN-to-WAN SSL session set up between the WAAS devices.
There are two modes of operation: one where the server's private key and certificate are installed on the WAAS core device, and the other where the WAAS core device uses its own private key and certificate during the SSL handshake. The limitation of the second mode of operation is that the client browser displays a warning message stating that the server certificate received is not that of the server that the client is trying to reach. After the WAAS core device has knowledge of the private keys, it can derive the necessary SSL session keys and pass them on to the WAAS edge device. After this point, any data received over the SSL session at the edge device can be decrypted, compressed, reencrypted, and sent to the WAAS core device. At the WAAS core device again, the received message can be decrypted, uncompressed, and the original data can be sent encrypted to the server.
SSL-Express accelerator leverages the public key infrastructure (PKI) on the WAAS Express device. PKI provides comprehensive certificate management (required for the WAN-to-WAN session), including the management of self-signed and certificate authority (CA) certificates, and certificate verification and certificate revocation checks using the Simple Certificate Enrollment Protocol (SCEP).
Note |
SSL-Express accelerator uses buffers from the public buffer pools for encrypt and decrypt operations. Ensure that you tune the public pool for minimal impact due to trims, misses, and failures. |
After the SSL handshake is complete, SSL-Express accelerator examines the application data in the LAN-to-WAN connection to determine whether HTTP is being used. If HTTP is being used and HTTP-Express accelerator is enabled, HTTP acceleration is applied.
Cipher lists are sets of cipher suites that you can assign to an SSL-Express accelerator configuration. A cipher suite is an SSL encryption method that includes the key exchange algorithm, the encryption algorithm, and the secure hash algorithm.
SSL-Express accelerator supports the following cipher suites for WAN-to-WAN peering sessions:
WAAS Express and WAVE can interoperate only when common cipher suites are used. If the WAAS Express device does not support the cipher suite that is negotiated for the client-to-server connection, WAAS Express resets the connection. The cipher suite supported by a WAAS Express device for a client-to-server session depends on the capability of the crypto engine available on the device.
SSL-Express accelerator supports the following cipher suites for client-to-server sessions:
The WAAS Express software includes over 150 default application policies that help WAAS Express to classify and optimize some of the most common types of traffic in a network.
The table below lists the default applications and classifiers that WAAS Express either optimizes or passes through based on the policies that are provided with the system.
The WAAS Express software supports the following optimization actions based on the type of traffic it encounters:
We recommend that you review the default policies and modify them as appropriate before you create a new application policy. Often, modifying an existing policy is easier than creating a new one.
When reviewing the table below, note the following:
Table 2 | Default Traffic Policies |
Classifier |
WAAS Express Action |
Destination Ports |
---|---|---|
Authentication |
||
Apple-SASL |
Passthrough |
3659 |
auth | Passthrough | 113 |
Kerberos |
Passthrough |
88, 888, 2053 |
kerberos-adm | Passthrough | 749 |
klogin | Passthrough | 543 |
kpasswd | Passthrough | 464 |
kshell | Passthrough | 544 |
TACACS |
Passthrough |
49 |
tell | Passthrough | 754 |
Backup (monitored) |
||
Amanda |
TFO |
10080 |
BackupExpress |
TFO |
6123 |
CommVault |
TFO |
8400-8403 |
connected |
TFO |
16384 |
IBM-TSM |
TFO+LZ+DRE |
1500-1502 |
Legato-NetWorker |
TFO |
7937, 7938, 7939 |
Legato-RepliStor |
TFO |
7144, 7145 |
Veritas-BackupExec |
TFO |
1125, 3527, 6101, 6102, 6106 |
Veritas-NetBackup |
TFO |
13720, 13721, 13782, 13785 |
Call Management |
||
Cisco-CallManager |
Passthrough |
2443, 2748 |
cisco-q931-backhaul | Passthrough | 2428 |
cisco-sccp | Passthrough | 2000-2002 |
h323hostcall | Passthrough | 1720 |
h323hostcallsc | Passthrough | 1300 |
mgcp-callagent | Passthrough | 2727 |
mgcp-gateway | Passthrough | 2427 |
sip |
Passthrough | 5060 |
sip-tls |
Passthrough | 5060 |
VoIP-Control |
Passthrough |
1718, 1719,11000-11999 |
Computer-Aided Design (CAD) |
||
PDMWorks |
TFO+LZ+DRE |
30000, 40000 |
Conferencing |
||
cuseeme |
Passthrough |
7640, 7642, 7648, 7649 |
ezMeeting |
Passthrough |
10101-10103, 26260, 26261 |
MS-NetMeeting |
Passthrough |
522, 1503, 1731 |
proshare |
Passthrough |
5713-5717 |
PSOM-MTLS | Passthrough | 8057 |
VocalTec |
Passthrough |
1490, 6670, 22555, 25793 |
Console |
||
cmd |
Passthrough |
514 |
exec | Passthrough |
512 |
login | Passthrough | 513 |
sshell | Passthrough |
614 |
Telnet |
Passthrough |
23, 107 |
Telnets |
Passthrough |
992 |
Content Management (monitored) |
||
dmdocbroker |
TFO+LZ+DRE |
1489 |
Filenet |
TFO+LZ+DRE |
32768-32774 |
Directory Services (monitored) |
||
LDAP |
TFO+LZ+DRE |
389, 8404 |
ldaps | Passthrough |
636 |
msft-gc | TFO+LZ+DRE |
3268 |
msft-gc-ssl | Passthrough |
3269 |
E-mail and Messaging |
||
ccmail | TFO+LZ+DRE |
3264 |
groupwise | TFO+LZ+DRE |
1677, 2800, 3800, 7100, 7101, 7180, 7181, 7205, 9850 |
imap | TFO +LZ+DRE |
143 |
imap3 | TFO+LZ+DRE |
220 |
imaps | TFO | 993 |
iso-tsap | TFO+LZ+DRE | 102 |
lotusnote | TFO+LZ+DRE | 1352 |
MDaemon |
TFO+LZ+DRE |
3000, 3001 |
NNTP |
TFO+LZ+DRE |
119 |
nntps |
TFO |
563 |
openmail |
TFO+LZ+DRE |
5755, 5757, 5766, 5767, 5768, 5729 |
pcmail-srv |
TFO+LZ+DRE |
158 |
pop3 | TFO+LZ+DRE | 110 |
pop3s | TFO+LZ+DRE | 995 |
QMTP |
TFO+LZ+DRE |
209 |
smtp |
TFO+LZ+DRE |
25 |
smtps | TFO | 465 |
Enterprise Applications (monitored) |
||
MS-GROOVE | TFO | 2492 |
SAP |
TFO+LZ+DRE |
3200-3204, 3206-3219, 3221-3224, 3226-3259, 3261-3263, 3265-3267, 3270-3282, 3284-3305, 3307-3351, 3353-3388, 3390-3399, 3600-3658, 3662-3699 |
Siebel |
TFO+LZ+DRE |
2320, 2321, 8448 |
File System (monitored) |
||
afpovertcp | TFO+LZ+DRE | 548 |
afs3 |
TFO+LZ+DRE |
7000-7009 |
ncp |
TFO+LZ+DRE |
524 |
NFS |
TFO+LZ+DRE |
2049 |
sunrpc |
Passthrough |
111 |
File Transfer (monitored) |
||
BFTP |
TFO+LZ+DRE |
152 |
ftp | Passthrough | 21 |
ftps-data1 |
TFO+LZ+DRE |
20 (source port) |
FTPS2 |
Passthrough |
989 (source port) |
ftps |
TFO |
990 |
sftp |
TFO+LZ+DRE |
115 |
TFTP |
TFO+LZ+DRE |
69 |
TFTPS |
TFO |
3713 |
Instant Messaging |
||
AOL |
Passthrough |
5190-5193 |
Apple-iChat |
Passthrough |
5297, 5298 |
ircs |
Passthrough |
994 |
ircu |
Passthrough |
531, 6660-6665, 6667-6669 |
msnp | Passthrough | 1863, 6891-6900 |
sametime | Passthrough | 1533 |
talk |
Passthrough |
517 |
xmpp-client |
Passthrough |
5222 |
xmpp-server |
Passthrough |
5269 |
Yahoo-Messenger |
Passthrough |
5000, 5001, 5050, 5100 |
Name Services |
||
DNS |
Passthrough |
53 |
isns |
Passthrough |
3205 |
nameserver | Passthrough | 42 |
netbios | Passthrough | 137 |
svrloc |
Passthrough |
427 |
WINS |
Passthrough |
1512 |
Other (monitored) |
||
Basic-TCP-services |
Passthrough |
1-19 |
BGP |
Passthrough |
179 |
corba-iiop-ssl | Passthrough | 684 |
epmap | TFO | 135 |
msmq |
TFO+LZ+DRE |
1801, 2101, 2103, 2105 |
NTP |
Passthrough |
123 |
Other-Secure |
Passthrough |
261, 448 |
ssc-agent |
TFO+LZ+DRE |
2847, 2848, 2967, 2968, 38037, 38292 |
Peer-to-peer (P2P) (monitored) |
||
BitTorrent |
Passthrough |
6881-6889, 6969 |
eDonkey |
Passthrough |
4661, 4662 |
Gnutella |
Passthrough |
5634, 6346-6349, 6355 |
Grouper |
Passthrough |
8038 |
HotLine |
Passthrough |
5500-5503 |
Kazaa |
Passthrough |
1214 |
Laplink-ShareDirect |
Passthrough |
2705 |
Napster |
Passthrough |
6666, 6677, 6688, 6700, 7777, 8875 |
Qnext |
Passthrough |
44, 5555 |
SoulSeek |
Passthrough |
2234, 5534 |
WASTE |
Passthrough |
1337 |
WinMX |
Passthrough |
6699 |
Printing (monitored) |
||
hp-pdl-datastr |
TFO+LZ+DRE |
9100 |
IPP |
TFO+LZ+DRE |
631 |
printer | TFO+LZ+DRE | 515 |
print-srv | TFO+LZ+DRE | 170 |
xprint-server |
TFO+LZ+DRE |
8100 |
Remote Desktop (monitored) |
||
Altiris-CarbonCopy |
Passthrough |
1680 |
citrixadmin |
TFO+LZ+DRE |
2513 |
citrixima | TFO+LZ+DRE | 2512 |
citriximaclient | TFO+LZ+DRE | 2598 |
ControlIT |
TFO |
799 |
Danware-NetOp |
TFO |
6502 |
ica |
TFO+LZ+DRE |
1494 |
laplink |
TFO+LZ+DRE |
1547 |
Laplink-surfup-HTTPS |
TFO |
1184 |
ms-wbt-server |
TFO |
3389 |
net-assistant | Passthrough | 3283 |
netrjs-3 |
TFO |
73 |
pcanywheredata |
TFO |
5631, 5632, 65301 |
radmin-port |
TFO |
4899 |
Remote-Anything |
TFO |
3999, 4000 |
timbuktu | TFO | 407 |
timbuktu-srv | TFO | 1417-1420 |
Vmware-VMConsole |
TFO |
902 |
VNC |
TFO |
5800-5809, 5900-5909 |
x11 |
TFO |
6000-6063 |
Replication (monitored) |
||
Double-Take |
TFO+LZ+DRE |
1100, 1105 |
EMC-Celerra-Replicator |
TFO+LZ+DRE |
8888 |
ms-content-repl-srv |
TFO |
507, 560 |
netapp-snapmirror |
TFO+LZ+DRE |
10565-10569 |
pcsync-http | TFO+LZ+DRE | 8444 |
pcsync-https | TFO | 8443 |
rrac |
TFO |
5678 |
Rsync |
TFO+LZ+DRE |
873 |
Secure Sockets Layer (SSL) (monitored) |
||
HTTPS |
TFO |
443 |
Secure Shell (SSH) |
||
SSH |
TFO |
22 |
Storage (monitored) |
||
EMC-SRDFA-IP |
TFO+LZ+DRE |
1748 |
FCIP |
TFO+LZ+DRE |
3225 |
iFCP |
TFO+LZ+DRE |
3420 |
iSCSI |
TFO+LZ+DRE |
3260 |
Streaming (monitored) |
||
Liquid-Audio |
TFO+LZ+DRE |
18888 |
ms-streaming |
TFO+LZ+DRE |
1755 |
RTSP |
TFO+LZ+DRE |
554, 8554 |
Structured Query Language (SQL) (monitored) |
||
gds_db |
TFO+LZ+DRE |
3050 |
IBM-DB2 |
TFO+LZ+DRE |
523 |
intersys-cache |
TFO+LZ+DRE |
1972 |
ms-olap4 | TFO | 2383 |
ms-sql-m | TFO+LZ+DRE | 1434 |
ms-sql-s | TFO+LZ+DRE | 1433 |
MySQL |
TFO+LZ+DRE |
3306 |
Oracle |
TFO+LZ+DRE |
66 |
orasrv | TFO+LZ+DRE | 1521, 1525 |
Pervasive-SQL |
TFO+LZ+DRE |
1583 |
PostgreSQL |
TFO+LZ+DRE |
5432 |
sqlexec | TFO+LZ+DRE | 9088, 9089 |
sql-net | TFO+LZ+DRE | 150 |
sqlserv |
TFO+LZ+DRE |
118 |
sqlsrv |
TFO+LZ+DRE |
156 |
ssql | TFO+LZ+DRE | 3352 |
sybase-sqlany |
TFO+LZ+DRE |
1498, 2439, 2638, 3968 |
UniSQL |
TFO+LZ+DRE |
1978, 1979 |
Systems Management (monitored) |
||
BMC-Patrol |
Passthrough |
6161, 6162, 6767, 6768, 8160, 8161, 10128 |
eTrust-policy-Compliance | TFO | 1267 |
flowmonitor | TFO+LZ | 7878 |
HP-OpenView |
Passthrough |
7426-7431, 7501, 7510 |
LANDesk |
TFO+LZ+DRE |
9535, 9593-9595 |
NetIQ |
Passthrough |
2220, 2735, 10113-10116 |
Netopia-netOctopus |
Passthrough |
1917, 1921 |
netviewdm | Passthrough |
729-731 |
novadigm | TFO+LZ+DRE | 3460, 3461, 3464 |
novell-zen | TFO+LZ+DRE | 1761-1763, 2037, 2544, 8039 |
objcall | TFO+LZ+DRE | 94, 627, 1965, 1580, 1581 |
WBEM |
Passthrough |
5987-5990 |
Version Management (monitored) |
||
Clearcase |
TFO+LZ+DRE |
371 |
cvspserver |
TFO+LZ+DRE |
2401 |
VPN |
||
CIFS |
TFO+LZ+DRE |
139, 445 |
HTTP |
TFO+LZ+DRE+HTTP-Express accelerator |
80, 3128, 8000, 8080, 8088 |
HTTPS |
TFO+LZ+DRE+SSL-Express accelerator |
443 |
L2TP |
TFO |
1701 |
OpenVPN |
TFO |
1194 |
PPTP |
TFO |
1723 |
WAAS Express Phase 2 extends support for active/active and active/standby configurations on multiple WAN links.
IP Cisco Express Forwarding can efficiently use multiple parallel links without additional hardware multiplexers. The load balancing functionality on a device distributes packets across multiple links based on Layer 3 routing information. The load balancing functionality is inherent to the forwarding mechanism of a device. Some of the load balancing features supported by Cisco software include:
Both per-destination and per-packet load balancing require the ip cef command to be configured.
Note |
WAAS Express does not support interoperability with a per-packet load balancing configuration or any other configuration that results in sending packets from one flow to be sent to a different WAN link. |
WAAS Express supports backup interface configuration. During switch over between active and standby interfaces, you will need to re-establish a session.
Simple Network Management Protocol (SNMP) is an interoperable, application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language that is used for monitoring and managing devices in a network.
SNMP allows for monitoring of WAAS Express. WAAS Express supports only SNMPv2c for SNMP traps; WAAS Express SNMP notification will fail if the correct SNMP version is not used.
Use the tfo optimize command to configure the type of compression required. The remaining steps in this task are optional.
Note |
You can configure WAAS Express by using the default class and policy maps. Alternatively, you can first define the class and policy maps and then configure WAAS Express. |
Perform these tasks to define class and policy maps if you do not want to use the default class and policy maps that are created when WAAS Express is enabled:
The table in the "WAAS Application Policies" section lists the predefined applications and classifiers that WAAS will either optimize or pass through based on the policies that are provided with the system. We recommend that you review the default policies and modify them as appropriate before you create a new application policy. Often, modifying an existing policy is easier than creating a new one.
Perform this task to define a new policy (class map). Class maps help to classify traffic into groups based on a protocol, application, or other criterion. After defining a class map, associate it with a policy map. See the "Associating Class Maps with Policy Maps" task. Policy maps help to give a singular treatment to the created class maps.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
||
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
||
Step 3
|
class-map type waas [match-any] class-map-name
Example: Device(config)# class-map type waas waas_global |
Defines a class map of the type waas and enters QoS class-map configuration mode. |
||
Step 4
|
match tcp {any | destination | source} {ip ip-address [inverse mask] | port start-port-number1 [end-port-number2]}
Example: Device(config-cmap)# match tcp destination port 7000 7009 |
Matches traffic based on the specified criteria.
|
||
Step 5
|
exit
Example: Device(config-cmap)# exit |
Exits QoS class-map configuration mode. |
The following example shows how to match traffic that has the destination TCP port number between 7000 and 7009:
Device(config)# class-map type waas waas_global Device(config-cmap)# match tcp destination port 7000 7009 Device(config-cmap)# exit Device(config)# class-map type waas waas_global Device(config-cmap)# match tcp destination ip 209.165.200.225 0.0.0.31 port 80 80 Device(config-cmap)# match tcp destination ip 209.165.200.225 0.0.0.31 port 8080 8080
In this example, traffic is matched if either one of the following conditions is true:
Before enabling WAAS Express on a device, perform this task to associate a class map with a policy map.
Note |
Any changes to the policy configuration (global policy map and class maps of the type waas) are persistent. For instance, if you modify the policy configuration, disable WAAS Express on interfaces, and re-enable WAAS Express, the policy configuration changes will still be visible. |
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
||
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
||
Step 3
|
policy-map type waas policy-name
Example: Device(config)# policy-map type waas waas_global |
Defines a policy map of the type waas and enters QoS policy-map configuration mode. |
||
Step 4
|
sequence-interval number
Example: Device(config-pmap)# sequence-interval 100 |
Assigns sequential numbers to class maps at the specified interval. |
||
Step 5
|
class class-map-name
Example: Device(config-pmap)# class waas_global |
Specifies the class on which optimization must be performed and enters QoS policy-map class configuration mode. |
||
Step 6
|
optimize tfo {dre | lz} application application-name accelerate {cifs-express | http-express }
Example: Device(config-pmap-c)# optimize tfo dre application web accelerate http-express |
Applies WAN optimization for the matching traffic. |
||
Step 7
|
passthrough application application-name
Example: Device(config-pmap-c)# passthrough application web |
Passes through matched traffic and does not apply WAN optimization to the matching traffic.
|
||
Step 8
|
end
Example: Device(config-pmap-c)# end |
Exits QoS policy-map class configuration mode and returns to privileged EXEC mode. |
||
Step 9
|
show policy-map type waas
Example: Device# show policy-map type waas |
(Optional) Displays the policy-map information. |
The following example shows how to create a new policy with actions and application tagging:
Device(config)# policy-map type waas waas_global Device(config-pmap)# class AFS Device(config-pmap-c)# optimize tfo lz application Web Device(config-pmap-c)# exit Device(config-pmap)# class Http Device(config-pmap-c)# optimize tfo lz application Filesystem Device(config-pmap-c)# exit Device(config-pmap)# class class-default Device(config-pmap-c)# exit Device(config-pmap)# exit
The following output from the show policy-map type waas command shows the policy map created in the previous example:
Device# show policy-map type waas
Policy Map type waas waas_global
Class AFS
optimize dre lz application Web
Class Http
optimize lz application Filesystem
Class class-default
The waas enable command must be explicitly applied on each WAN interface. You can enable WAAS Express by using either the default class and policy maps created automatically or the class and policy maps that you define.
The global policy map governs the behavior of optimization on a WAN interface. All traffic exiting or entering a WAN interface is screened for optimization as per the global policy map. WAAS Express supports flows that travel over multiple WAN interfaces, entering one interface and exiting another. Traffic on other interfaces is not optimized by WAAS Express.
Perform this task to enable WAAS Express on a WAN interface.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
interface interface-type/number
Example: Device(config)# interface GigabitEthernet0/0 |
Specifies an interface for configuration and enters interface configuration mode |
Step 4
|
waas enable
Example: Device(config-if)# waas enable |
Enables WAAS Express on the WAN interface. |
Step 5
|
exit
Example: Device(config-if)# exit |
Exits interface configuration mode. |
To troubleshoot the WAAS Express configuration, use the following commands:
The no waas enable command does not remove the WAAS Express configuration. This command neither affects the existing execute flows that are already optimized by WAAS Express on an interface, nor it removes the default maps from the WAAS device. To remove the WAAS Express configuration and disable WAAS Express, use the no waas enable remove-config command. To terminate the optimization flows and disable WAAS Express, use the no waas enable forced command.
Use the waas config remove-all command to remove default maps from the device. Use the waas config restore-default command to replace the policy configuration you defined with the default policy configuration.
Note |
You can use the waas config remove-all and waas config restore-default commands only if WAAS Express is disabled. |
Upload DRE is enabled by default. Upload DRE is a CPU-intensive operation. If you perceive that the benefits provided by upload DRE is not worth the CPU utilization, you can disable upload DRE. Perform this task to disable upload DRE.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
||
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
||
Step 3
|
parameter-map type waas parameter-map-name
Example: Device(config)# parameter-map type waas waas_global |
Configures a parameter map of the type waas and enters parameter map configuration mode.
|
||
Step 4
|
no dre upload
Example: Device(config-profile)# no dre upload |
Disables the upload DRE operation. |
||
Step 5
|
exit
Example: Device(config-profile)# exit |
Exits parameter map configuration mode. |
Note |
You can configure the global CIFS-Express accelerator parameters while CIFS-Express accelerator is disabled. |
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
||
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
||
Step 3
|
parameter-map type waas parameter-map-name
Example: Device(config)# parameter-map type waas waas_global |
Configures a parameter map of the type waas and enters parameter map configuration mode.
|
||
Step 4
|
accelerator cifs-express
Example: Device(config-profile)# accelerator cifs-express |
Enters WAAS CIFS configuration mode and allows the configuration of CIFS-Express accelerator parameters. |
||
Step 5
|
enable
Example: Device(config-waas-cifs)# enable |
Enables CIFS-Express accelerator. |
||
Step 6
|
read-ahead enable
Example: Device(config-waas-cifs)# read-ahead enable |
(Optional) Enables the read ahead feature. |
||
Step 7
|
read-ahead size value
Example: Device(config-waas-cifs)# read-ahead size 200 |
(Optional) Configures the amount of data to read ahead per file. |
||
Step 8
|
async-write enable
Example: Device(config-waas-cifs)# async-write enable |
(Optional) Enables async write operation. |
||
Step 9
|
async-write quota-threshold value
Example: Device(config-waas-cifs)# async-write quota-threshold 100 |
(Optional) Configures the quota threshold for async write to perform the optimization. |
||
Step 10
|
ads-negative-cache enable
Example: Device(config-waas-cifs)# ads-negative-cache enable |
(Optional) Enables negative caching for alternate data streams. |
||
Step 11
|
ads-negative-cache timeout seconds
Example: Device(config-waas-cifs)# ads-negative-cache timeout 10 |
(Optional) Configures the timeout value for negative caching entries. |
||
Step 12
|
end
Example: Device(config-waas-cifs)# end |
Exits WAAS CIFS configuration mode and returns to privileged EXEC mode. |
||
Step 13
|
show waas accelerator cifs-express
Example: Device# show waas accelerator cifs-express |
(Optional) Displays the status and configuration of all CIFS-Express accelerator parameters. |
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
||
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
||
Step 3
|
parameter-map type waas parameter-map-name
Example: Device(config)# parameter-map type waas waas_global |
Configures a parameter map of the type waas and enters parameter map configuration mode.
|
||
Step 4
|
accelerator http-express
Example: Device(config-profile)# accelerator http-express |
Enters WAAS HTTP configuration mode and allows the configuration of HTTP-Express accelerator parameters. |
||
Step 5
|
enable
Example: Device(config-waas-http)# enable |
Enables HTTP-Express accelerator. |
||
Step 6
|
dre-hints enable
Example: Device(config-waas-http)# dre-hints enable |
(Optional) Enables HTTP-Express accelerator to pass DRE hints to the DRE module. |
||
Step 7
|
suppress-server-encoding enable
Example: Device(config-waas-http)# suppress-server-encoding enable |
(Optional) Suppresses server side encoding. |
||
Step 8
|
end
Example: Device(config-waas-http)# end |
Exits WAAS HTTP configuration mode and returns to privileged EXEC mode. |
||
Step 9
|
show waas accelerator http-express
Example: Device# show waas accelerator http-express |
(Optional) Displays the status and configuration of all HTTP-Express accelerator parameters. |
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
||
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
||
Step 3
|
parameter-map type waas parameter-map-name
Example: Device(config)# parameter-map type waas waas_global |
Configures a parameter map of the type waas and enters parameter map configuration mode.
|
||
Step 4
|
accelerator http-express
Example: Device(config-profile)# accelerator http-express |
Enters WAAS HTTP configuration mode and allows the configuration of HTTP-Express accelerator parameters. |
||
Step 5
|
enable
Example: Device(config-waas-http)# enable |
Enables HTTP-Express accelerator. |
||
Step 6
|
metadatacache enable
Example: Device(config-waas-http)# metadatacache enable |
(Optional) Enables HTTP metadata caching. |
||
Step 7
|
metadatacache https enable
Example: Device(config-waas-http)# metadatacache https enable |
(Optional) Enables HTTPS metadata caching. |
||
Step 8
|
metadatacache max-age seconds
Example: Device(config-waas-http)# metadatacache max-age 1000 |
(Optional) Configures the maximum time, in seconds, to retain cache entries in the metadata cache table. |
||
Step 9
|
metadatacache min-age num
Example: Device(config-waas-http)# metadatacache min-age 1000 |
(Optional) Configures the minimum time, in seconds, to retain cache entries in the metadata cache table. |
||
Step 10
|
metadatacache filter-extension ext1, ext2,...
Example: Device(config-waas-http)# metadatacache filter-extension html,css,jpg |
(Optional) Configures the metadata cache to store only the file extensions specified in the list. |
||
Step 11
|
metadatacache request-ignore-no-cache enable
Example: Device(config-waas-http)# metadatacache request-ignore-no-cache enable |
(Optional) Configures the metadata cache to ignore cache-control on requests. |
||
Step 12
|
metadatacache response-ignore-no-cache enable
Example: Device(config-waas-http)# metadatacache response-ignore-no-cache enable |
(Optional) Configures the metadata cache to ignore cache-control on response. |
||
Step 13
|
metadatacache redirect-response enable
Example: Device(config-waas-http)# metadatacache redirect-response enable |
(Optional) Enables the HTTP URL redirect feature. |
||
Step 14
|
metadatacache unauthorized-response enable
Example: Device(config-waas-http)# metadatacache unauthorized-response enable |
(Optional) Enables the HTTP authentication-redirect feature. |
||
Step 15
|
metadatacache conditional-response enable
Example: Device(config-waas-http)# metadatacache conditional-response enable |
(Optional) Enables responses for the HTTP conditional requests feature. |
||
Step 16
|
end
Example: Device(config-waas-http)# end |
Exits WAAS HTTP configuration mode and returns to privileged EXEC mode. |
||
Step 17
|
show waas cache http-express metadatacache all
Example: Device# show waas cache http-express metadatacache all |
(Optional) Displays HTTP-Express accelerator metadata cache entries. |
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
||
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
||
Step 3
|
parameter-map type waas parameter-map-name
Example: Device(config)# parameter-map type waas waas_global |
Configures a parameter map of the type waas and enters parameter map configuration mode.
|
||
Step 4
|
accelerator ssl-express
Example: Device(config-profile)# accelerator ssl-express |
Enters WAAS SSL configuration mode and allows the configuration of SSL-Express accelerator parameters. |
||
Step 5
|
enable
Example: Device(config-waas-ssl)# enable |
Enables SSL-Express accelerator. |
||
Step 6
|
no empty-ssl-fragment-insertion
Example: Device(config-waas-ssl)# no empty-ssl-fragment-insertion |
(Optional) Disables the sending of an empty SSL fragment as the first encrypted message sent to the client.
|
||
Step 7
|
waas-ssl-trustpoint label
Example: Device(config-waas-ssl)# waas-ssl-trustpoint ssl-tp |
Associates the specified trustpoint with SSL-Express accelerator. |
||
Step 8
|
cipher-list list-name
Example: Device(config-waas-ssl)# cipher-list clist |
Creates a cipher list for a WAAS-to-WAAS session and enters cipher list configuration mode. |
||
Step 9
|
cipher cipher-suite
Example: Device(config-waas-cipher-list)# cipher rsa-with-3des-ede-cbc-sha |
Adds the specified cipher suite to a cipher list. | ||
Step 10
|
exit
Example: Device(config-waas-cipher-list)# exit |
Exits cipher list configuration mode and returns to WAAS SSL configuration mode. | ||
Step 11
|
services host-service peering
Example: Device(config-waas-ssl)# services host-service peering |
Configures host peering service and enters SSL peering service configuration mode. | ||
Step 12
|
peer-ssl-version ssl-tls-version
Example: Device(config-waas-ssl-peering)# peer-ssl-version ssl3 |
Configures the SSL version to be used for WAAS-to-WAAS sessions. |
||
Step 13
|
peer-cipherlist list-name
Example: Device(config-waas-ssl-peering)# peer-cipherlist clist |
Configures the cipher list to be used for WAAS-to-WAAS sessions. |
||
Step 14
|
peer-cert-verify enable
Example: Device(config-waas-ssl-peering)# peer-cert-verify enable |
Enables the verification of the peer certificate. |
||
Step 15
|
end
Example: Device(config-waas-ssl-peering)# end |
Exits SSL peering service configuration mode and returns to privileged EXEC mode. |
||
Step 16
|
show waas statistics accelerator ssl-express ciphers
Example: Device# show waas statistics accelerator ssl-express ciphers |
(Optional) Displays statistics about the cipher suites being used for different SSL sessions. |
WAAS Express supports only SNMPv2c for SNMP traps. WAAS Express SNMP notification will fail if the correct SNMP version is not used.
Command or Action | Purpose | |
---|---|---|
Step 1
|
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2
|
configure terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3
|
snmp-server enable traps waas [cpu-throttle-off] [cpu-throttle-on] [license-deleted] [license-expired] [license-revoked] [peer-overload] [tfo-conn-overload]
Example: Device(config)# snmp-server enable traps waas peer-overload |
Enables SNMP traps for WAAS Express. |
Step 4
|
snmp-server community community-string [ro | rw]
Example: Device(config)# snmp-server community public ro |
Sets up the community access string to permit access to SNMP. |
Step 5
|
snmp-server source-interface [traps | informs] interface
Example: Device(config)# snmp-server source-interface traps gigabitethernet5/3 |
Specifies the interface from which an SNMP trap originates the notifications or traps. |
Step 6
|
snmp-server host {hostname | ip-address} [vrf vrf-name | informs | traps | version {1 | 2c | 3} [auth | noauth | priv]] community-string [udp-port port [notification-type]]
Example: Device(config)# snmp-server host 10.1.1.1 version 2c public waas |
Specifies the recipient of an SNMP notification. |
Step 7
|
exit
Example: Device(config)# exit |
Exits global configuration mode and returns to privileged EXEC mode. |
Step 8
|
show snmp mib
Example: Device# show snmp mib |
(Optional) Displays a list of MIB module instance identifiers (OIDs) registered on your device. |
The following example shows how to create a policy map. The insert-before keyword will insert the class policy being created before the specified class. The class-default keyword helps to match unclassified packets.
Device(config)# policy-map type waas waas_global Device(config-pmap)# class AFS Device(config-pmap-c)# optimize tfo lz application Filesystem Device(config-pmap-c)# exit Device(config-pmap)# class Http insert-before AFS Device(config-pmap-c)# optimize tfo lz application Web Device(config-pmap-c)# exit Device(config-pmap)# class class-default Device(config-pmap-c)# exit Device(config-pmap)# exit
The following output from the show policy-map type waas command shows the policy map created in the previous example:
Device# show policy-map type waas
Policy Map type waas waas_global
Class Http
optimize dre lz application Web
Class AFS
optimize lz application Filesystem
Class class-default
The following example shows how to create a policy map with sequence numbers:
Device(config)# policy-map type waas waas_global Device(config-pmap)# sequence-interval 10 Device(config-pmap)# class AFS Device(config-pmap-c)# optimize tfo lz application Web Device(config-pmap-c)# exit Device(config-pmap)# class Http Device(config-pmap-c)# optimize tfo lz application Filesystem Device(config-pmap-c)# exit Device(config-pmap)# class class-default Device(config-pmap-c)# exit Device(config-pmap)# exit
The following output from the show policy-map type waas command shows the policy map created in the previous example:
Device# show policy-map type waas
Policy Map type waas waas_global
sequence-interval 10
10 Class AFS
optimize dre lz application Web
20 Class Http
optimize lz application Filesystem
30 Class class-default
Device(config)# class-map type waas match-any http Device(config-cmap)# match tcp destination port 80 80 Device(config-cmap)# match tcp destination port 8080 8082 Device(config-cmap)# exit Device(config)# class-map type waas waas_global Device(config-cmap)# match tcp destination port 5190 5193 Device(config-cmap)# exit Device(config)# class-map type waas match-any bittorrent Device(config-cmap)# match tcp destination port 6969 Device(config-cmap)# match tcp destination port 6881 6889 Device(config-cmap)# exit Device(config)# policy-map type waas waas_global Device(config-pmap)# class http Device(config-pmap-c)# optimize tfo lz application web-traffic Device(config-pmap-c)# exit Device(config-pmap)# class aol Device(config-pmap-c)# optimize tfo lz application IM Device(config-pmap-c)# exit Device(config-pmap)# class bittorrent Device(config-pmap-c)# optimize tfo lz application p2p Device(config-pmap-c)# exit Device(config-pmap)# exit Device(config)# interface E0 Device(config-if)# description WAN Connection Device(config-if)# waas enable Device(config-if)# exit
The following example shows how to enable CIFS-Express accelerator and configure read ahead, async write, and negative caching features:
Device(config)# parameter-map type waas waas_global Device(config-profile)# accelerator cifs-express Device(config-waas-cifs)# enable Device(config-waas-cifs)# read-ahead size 100 Device(config-waas-cifs)# async-write quota-threshold 500 Device(config-waas-cifs)# ads-negative-cache timeout 15 Device(config-waas-cifs)# end
The following example shows how to enable HTTP-Express accelerator, enable server encoding suppression, and configure various metadata caching parameters:
Device(config)# parameter-map type waas waas_global Device(config-profile)# accelerator http-express Device(config-waas-http)# enable Device(config-waas-http)# suppress-server-encoding enable Device(config-waas-http)# metadatacache enable Device(config-waas-http)# metadatacache max-age 10000 Device(config-waas-http)# metadatacache min-age 100 Device(config-waas-http)# metadatacache redirect-response enable Device(config-waas-http)# metadatacache unauthorized-response enable Device(config-waas-http)# metadatacache conditional-response enable Device(config-waas-http)# end
The following example shows how to enable SSL-Express accelerator, associate it with a trustpoint, create a cipher list, and configure peering services.
Device(config)# parameter-map type waas waas_global Device(config-profile)# accelerator ssl-express Device(config-waas-ssl)# enable Device(config-waas-ssl)# waas-ssl-trustpoint ssl-trust Device(config-waas-ssl)# cipher-list clist Device(config-waas-cipher-list)# cipher rsa-with-des-cbc-sha Device(config-waas-cipher-list)# exit Device(config-waas-ssl)# services host-service peering Device(config-waas-ssl-peering)# peer-ssl-version ssl3 Device(config-waas-ssl-peering)# peer-cipherlist clist Device(config-waas-ssl-peering)# peer-cert-verify enable Device(config-waas-ssl-peering)# exit Device(config-waas-ssl)# end
Description |
Link |
---|---|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 3 | Feature Information for WAAS Express |
Feature Name |
Releases |
Feature Information |
---|---|---|
WAAS Express |
15.1(2)T |
Cisco's WAAS Express is a key component of the Cisco WAAS product portfolio. WAAS Express is a cost-effective, IOS-based, WAN optimization solution that increases the amount of available bandwidth for small-to-mid-size branch offices and remote locations. The following commands were introduced or modified: class-map type waas, clear waas, cpu-threshold, debug waas, lz entropy-check, match tcp, optimize, parameter-map type waas, passthrough, policy-map type waas, sequence-interval, show waas alarms, show waas auto-discovery, show waas connection, show waas statistics aoim, show waas statistics application, show waas statistics auto-discovery, show waas statistics class, show waas statistics dre, show waas statistics global, show waas statistics lz, show waas statistics pass-through, show waas statistics peer waas, show waas status, show waas token, tfo auto-discovery, tfo optimize, waas cm-register url, waas config, waas enable, and waas export. |
WAAS Express Phase 2 | 15.2(3)T | WAAS Express Phase 2 extends the feature set of Cisco's WAAS Express to include feature interoperability and application acceleration capabilities. It introduces the following application accelerators: CIFS-Express accelerator, HTTP-Express accelerator, and SSL-Express accelerator. WAAS Express Phase 2 also provides multiple WAN link support and support for upload DRE. The following commands were introduced or modified: accelerator, ads-negative-cache, async-write, cipher, cipher-list, clear waas, debug waas, debug waas accelerator cifs-express, debug waas accelerator http-express, debug waas accelerator ssl-express, dre-hints enable, dre upload, metadatacache, optimize tfo, peer-cert-verify enable, peer-cipherlist, peer-ssl-version, read-ahead, services host-service peering, show waas accelerator, show waas alarms, show waas cache http-express metadatacache, show waas connection, show waas statistics accelerator, show waas statistics dre, show waas statistics errors, show waas statistics global, show waas status, snmp-server enable traps waas, suppress-server-encoding enable, and waas-ssl-trustpoint |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.