Cisco Lean Retail Architecture—Oracle Store Inventory Management Application Deployment Guide
Available Languages
Table Of Contents
Cisco Lean Retail Architecture—Oracle Store Inventory Management Application Deployment Guide
Solution Technical Architecture
Oracle Store Inventory Management Technology Stack
Advantages of the Architecture
Oracle SIM Technical Architecture Overview
Cisco's Lean Retail Network Architecture
Integrated Network Services Layer
Connected Retail Reference Architecture
Application Networking Services Technology Overview
Wide Area Application Services
Oracle Store Inventory Management
Connected Retail Store Designs
Appendix A—Test Environment Diagrams
Appendix B—Testing Results DATA
Data Center WAE (Headend) "WAE-DC1"
Small Store WAE Appliance "WAESM-1"
Medium Store Router Configuration for the WAE Network Module
Medium Store WAE Network Module
Cisco Lean Retail Architecture—Oracle Store Inventory Management Application Deployment Guide
February 9, 2009
Contents
Solution Overview
This document provides best practices to enhance the Oracle Store Inventory Management application within a Cisco Lean Retail environment. It introduces key concepts and options regarding the application deployment and detailed designs strategies available to multiple store footprints and data center leveraging Cisco application and networking technologies.
Solution Description
Cisco's Lean Retail Oracle Store Inventory Management solution provides best practices and implementation guidance that optimizes Oracle's SIM application availability, performance, scalability, and security while lowering application ownership costs. Cisco's Lean Retail architecture provides accelerated application performance and improved access to information. Data center-based applications and hosted managed services can have their performance accelerated to LAN-like speeds. Oracle Store Inventory Management is a strategic business application developed to assist enterprise class retailers in addressing in-store supply/inventory challenges. Cisco's Lean Retail architecture includes:
•
Application and collaboration services
•
•
A key Lean Retail integrated network service is Cisco's Application Networking Service (ANS). This service includes the Cisco Application Control Engine (ACE) and Wide Area Application Services (WAAS) product families. It provides data center, retail store, and remote end-user application optimization services. This service addresses the following Oracle SIM deployment challenges:
•
•
•
The value of Cisco's Lean Retail is accomplished through five key benefits:
•
•
•
•
•
Deploying new applications and capabilities quickly and effectively are key IT metrics that improve an organization's business agility. Cisco's Lean Retail enables more applications to be deployed centrally, cutting down dramatically on the time and cost of deployment. Deploying centrally also reduces the costs of opening new stores and of integrating acquisitions. While many retailers will choose to deploy some applications in the stores, the Lean Retail architecture improves the capabilities of a central deployment model. To learn more about the Cisco Lean Retail, refer to the following URL:
http://www.cisco.com/web/strategy/retail/lean-retail.html
Figure 1 Virtualization of Application Optimization Services
The application optimization services of this solution reside both in the data center and the stores to offer end-to-end value, from store users, all the way through to the database and information storage.
•
Cisco ACE and WAAS reside in the data center and are arranged to provide virtualized application optimization services for Oracle deployments as well as other enterprise applications. Because of their unique location, these solutions can take intelligent action on the end-user traffic before it is routed to the Oracle application servers, including load balancing, server health monitoring, and security access control.
While some of these functions could be provided natively by the Oracle application or third-party server-based solutions, Cisco networking provides these services cost-effectively, freeing up server processing and memory needs to focus on business logic computation.
•
Cisco WAAS also resides in the store (WAAS appliance and WAAS mobile) and is arranged to provide application acceleration services for all application users in that location in addition to server consolidation. Together with the data center WAAS deployment, the two offer a WAN optimization service through the use of intelligent caching, compression, and protocol optimization.
When the Oracle application servers respond to end-user requests, the response is compressed and then most efficiently passed across the WAN, with minimal bandwidth usage and maximum speed. Commonly used information is cached both at the Cisco WAAS solution in the store as well as in the Cisco ACE/WAAS solution in the data center, which reduces the burden on the servers and the WAN.
Process Flow
Figure 2 Process Flow
Objective
The objectives of the Lean Retail Oracle Store Inventory Management solution testing are to:
•
•
•
•
Cisco and Oracle cooperated in all phases of the Cisco Lean Retail Architecture—Oracle Retail Store Inventory Management testing and validation project, including lab setup at Cisco offices, solution functional and performance testing, and in writing this deployment guide. Cisco and Oracle jointly validate that the lab setup and this joint solution testing represents best efforts in creating a realistic customer deployment and accurate documentation of such deployment.
Scope
Cisco data center and store architectures are established enterprise designs that deliver highly available and robust network infrastructures. This document describes the deployment of the Oracle Store Inventory Management application in a Cisco data center, while leveraging services available in multiple store footprints. This end-to-end solution design employs many integrated network services, including load balancing, security, and application optimization.
•
•
•
Solution Technical Architecture
Figure 3 shows the Lean Retail Oracle SIM architecture.
Figure 3
Lean Retail Oracle SIM Architecture
Oracle Store Inventory Management Technology Stack
Oracle SIM has an N-tier architecture consisting of a client-tier, a server-tier, and a data-tier. The client-tier contains a PC client (a Java desktop application) and handheld devices. The server-tier contains the SIM server (deployed as a J2EE application inside the Oracle Application Server) and the Wavelink server (a standalone server for the handheld devices). The data-tier consists of an Oracle 10g database and an LDAP directory.
Advantages of the Architecture
Oracle SIM's robust distributed computing platform enables enhanced performance and allows for scalability. The N-tier architecture of SIM allows for the encapsulation of business logic, shielding the client from the complexity of the backend system. Any given tier need not be concerned with the internal functional tasks of any other tier. The following is a summary of the advantages that accompany SIM's use of an N-tier architectural design:
•
•
•
•
•
•
•
•
Oracle SIM Technical Architecture Overview
This section provides a high-level overview of Oracle SIM's technical architecture. Figure 4 illustrate the major parts of the typical three-tiered SIM implementation.
Figure 4 Oracle SIM's Technical Architecture
Client Tier
SIM can be deployed on a wide variety of clients, including a desktop computer, a handheld wireless device, and so on. The GUI is responsible for presenting data to the user and for receiving data directly from the user through the "frontend". The presentation-tier only interacts with the middle application-tier (as opposed to the database-tier). To optimize performance, the SIM PC frontend facilitates robust client-side processing. The PC side of SIM is built upon a fat client architecture, which was developed using Swing, a toolkit for creating rich graphical user interfaces (GUIs) in Java applications. The fat Java client is downloaded to each store PC via a browser URL. The handheld communication infrastructure piece, known as the Oracle Retail Wireless Foundation Server, enables the handheld devices to communicate with the SIM server. The handheld devices "talk" to the Oracle Retail Wireless Foundation Server, which in turn makes calls as a client to the SIM server.
Middle Tier
By providing the link between the SIM client and the database, the middle application-tier handles virtually all of the business logic processing that occurs within SIM's multi-tiered architecture. The middle-tier is comprised of services, most of which are related to business functionality. For example, an item service gets items, and so on. Within SIM, business objects are beans (that is, Java classes that have one or more attributes and corresponding set/get methods) that represent a functional entity. Most business objects have very few operations; in other words, business objects can be thought of as data containers, which by themselves have almost no business functionality.
Although the PC client and the handheld client use the middle-tier's functionality differently, the middle-tier is the same for both clients. For example, the handheld device, used `on the fly', performs frequent commits to the database, while the PC performs more infrequent commits. The application is flexible in that it accommodates the different styles of client-driven processing. The middle-tier is designed to operate in a `stateless' manner, meaning it receives whatever instruction it needs to access the database from the client and does not retain any information between client calls. Further, SIM has failover abilities; if a specific middle-tier server fails, processing can roll over to another SIM server for continued processing. If the workload warrants, SIM can be vertically scaled by adding additional application servers. Because SIM servers are running on multiple application servers in a stateless system, work can be seamlessly distributed among the servers. The result of this feature is that SIM clients do not need to know that additional application servers have been added to help with the workload. SIM application servers can contain multiple containers, each of which is related to a unique Java Virtual Machine (JVM). Each container corresponds to a specific SIM instance. Introducing multiple instances of a container allows SIM retailers to more effectively distribute the processing among several containers and thereby horizontally scale the platform. As the request load for a service increases, additional instances of the service are automatically created to handle the increased workload.
The middle-tier consists of the following core components, which allow it to make efficient and reliable calls to the SIM database:
•
•
•
Note
The Oracle Application Architecture (see Figure 5) uses the N-tier model by distributing application services across nodes in the server farm.
Figure 5 Oracle Application Architecture
SIM uses the logical separation of tiers as desktop, application, and database. It is important to remember that each tier can consist of one or more physical hosts to provide the enterprise with the required performance or application availability.
Data Access Objects (DAO)
DAOs are classes that contain the logic necessary to find and maintain data persistence. They are used by services when database interaction is required.
Java Database Connectivity (JDBC)
DAOs communicate with the database via the industry standard Java database connectivity (JDBC) protocol. In order for the SIM client to retrieve the desired data from the database, a JDBC connection must exist between the middle-tier and the database. JDBC facilitates the communication between a Java application and a relational database. In essence, JDBC is a set of application programming interfaces APIs that offer a database-independent means of extracting and/or inserting data to or from a database. To perform those insertions and extractions, SQL code also resides in this tier facilitating create, read, update, and delete actions.
Data Tier
Note
Distributed Topology
One of SIM's most significant advantages is its flexible distributed topology. SIM offers complete location transparency because the location of data and/or services is based upon the retailer's business requirements, not upon technical limitations. SIM's client server communication is an EJB call (which uses RMI). Because the server does not have to be in the same store as the in-store clients, the clients log onto the server `over the wire'. SIM's client code makes use of helper and framework classes that contain the logic to look up remote references to EJBs on the server and make calls to them. These helper and framework contain no business logic but contain only enough code to communicate with the server. For example, if a helper class is called by the client to perform the method `update shipment', the helper class appears to have that capability, though in reality it only behaves as a passage to the EJB remote reference, which is looked up from the server. The EJB remote reference communicates across the network with the server to complete the business-logic driven processing. The server performs the actual `update shipment' business logic and returns any return values or errors to the client. Connectivity between the SIM client and the middle-tier is achieved via the Java Naming and Directory Interface (JNDI), which the SIM client accesses with the necessary IP address and port. JNDI contains the means for the client to look up services available on the application server.
Cisco's Lean Retail Network Architecture
Cisco's Lean Retail Store Inventory Management solution was developed and tested using Cisco's Connected Retail Framework. This model depicts the relationships between applications such as Oracles SIM application and the network infrastructure. Figure 6 represents the solution framework.
Figure 6 Connected Retail Framework
The solution framework is divided into three functional layers:
•
•
•
Application Layer
Business and collaboration applications connect users and business processes to the infrastructure. The application layer (see Figure 7) of the framework includes the business and collaboration applications from Oracle and Cisco.
Figure 7 Application Layer
Oracle SIM Application
Oracle Retail Store Inventory Management is part of Oracle Retail's In-Store Operations solution group. Oracle Retail Store Inventory Management allows store personnel to quickly and easily perform an array of in-store operations to receive merchandise, manage physical inventories, conduct stock counts, order stock, or transfer stock.
Oracle Retail Store Inventory Management enables retailers to streamline in-store activities, improve merchandise management and productivity, reduce labor costs, support remote store processes, and manage true store-level profit and loss.
•
•
•
•
Integrated Network Services Layer
Within the Connected Retail Framework, the Integrated Network Services layer (see Figure 8) is where filtering, caching, and protocol optimization interact with applications or application middleware services to optimize the performance from the network to the end-user. Process control is simplified by using common infrastructure services such as collaboration, security, and identity. These are key advantages that aid in operational reporting and security policy enforcements. Fewer services that are shared across more intelligent devices increases the operational efficiency of the whole system.
Figure 8 Integrated Network Services Layer
•
•
•
•
•
Note
The Integrated Network Services layer provides services that are distributed across the infrastructure or Network Systems layer.
Network Systems Layer
The Network Systems layer (see Figure 9) is where the infrastructure resides. Connected Retail references architectures were used as a contextual backdrop to test the interoperability of the features and functionality of integration between Oracle's SIM application and the Cisco Lean Retail Services. The Lean Retail reference architectures serve as the foundation of the Network Systems Layer. These architectures exhibit best practices for retail networks and provide the robust foundation for higher-level services and applications. Each of these architectures contain additional products and features beyond what is necessary for the Lean Retail Oracle SIM solution (e.g., wireless products, kiosks and application acceleration), but are depicted because they are common in most enterprise networks.
Figure 9 Network Systems Layer
For more information about Connected Retail, see the following URL:
http://www.cisco.com/web/strategy/retail/irn.html.
Connected Retail Reference Architecture
The following reference architectures depict Cisco's recommended retail store formats that range from small to large stores as well as the central data center. These architectures depict a platform that is adequately robust to support traditional retail applications such as point of sale, as well as integrated security, voice, video, wireless and data. These reference architectures are built out in Cisco's lab for testing of the Oracle SIM application. For specific design information, see Appendix A—Test Environment Diagrams.
Data Center
The data center network design is based on a proven layered approach, which has been tested and improved over the past several years in some of the largest data center implementations in the world. The layered approach is the basic foundation of the data center design that seeks to improve scalability, performance, flexibility, resiliency, and maintenance. Figure 10 shows the basic layered design.
Figure 10 Data Center Architecture
The layers of the data center design are the core, aggregation, and access layers. These layers are referred to throughout this guide and are briefly described as follows:
•
•
•
Note
Small Store
The small store reference architecture (Figure 11) is a powerful platform for running an enterprise retail business that requires simplicity and a compact form factor. This combination appeals to many different retail formats that can include the following:
•
•
•
•
•
This network architecture is widely used, and consolidates many services into fewer infrastructure components. The small store also supports a variety of retail business application models because an integrated Ethernet switch supports high-speed LAN services.
Figure 11 Small Store Network Design
Primary Requirements
Primary requirements are as follows:
•
•
•
•
Advantages
Advantages are as follows:
•
•
•
•
Limitations
Limitations are as follows:
•
•
Medium Store
The medium retail store reference architecture (Figure 12) is designed for enterprise retailers who require network resilience and increased levels of application availability over the small store architecture and its simple, single-threaded approach. As more mission-critical applications and services converge onto the IP infrastructure, network uptime and application availability are more important. The dual-router and dual-LAN switch design of the medium store supports these requirements. Each of the ISR routers can run Cisco IOS security services and other store communication services simultaneously. Each of the ISR routers is connected to a dedicated WAN connection. Hot-Standby Routing Protocol (HSRP) is used to ensure network resilience in the event that the network connection fails.
The access layer of the network offers enhanced levels of flexibility and more access ports compared to the small store. The distributed Cisco Catalyst switches can support a combination of larger physical buildings or a larger number of endpoints than the small store.
Figure 12 Medium Store Network Design
Primary Design Requirements
Primary design requirements are as follows:
•
•
•
Advantages
•
•
•
•
Limitations
The limitation is of this architecture is that there is no distribution layer between core layer (the ISR) and the access layer switches.
Large Store
The large retail store reference architecture (Figure 13) adapts the Cisco campus network architecture recommendations to a large retail store environment. Network traffic can be segmented (logically and physically) to meet business requirements. The distribution layer of the large store architecture improves LAN performance while offering enhanced physical media connections. A larger number of endpoints can be added to the network to meet business requirements. This type of architecture is widely used by large-format retailers globally. Dual routers and distribution layer media flexibility improves network serviceability because the network is highly available and scales to support the large retail store requirements. Routine maintenance and upgrades can be scheduled and performed more frequently, or during normal business hours, through this parallel path design.
Figure 13 Large Store Network Design
Primary Design Requirements
Primary design requirements are as follows:
•
•
•
•
•
Advantages
•
•
•
•
Limitations
The limitation of this architecture is the higher associated cost because of network resilience based on highly available design.
Application Networking Services Technology Overview
This section provides an overview of the significant Cisco products and technologies leveraged within the Lean Retail Architecture to enhance Oracle SIM. The following products are addressed:
•
•
•
Application Control Engine
The Cisco Application Control Engine Module for Cisco Catalyst 6500 Series Switches is a member of the Cisco family of Data Center 3.0 solutions, and a critical component of Cisco ACE product family. Cisco ACE module represents state of the art in next-generation application switches that helps:
•
•
•
•
The Cisco ACE Module achieves these goals through a broad set of intelligent Layer-4 load balancing and Layer-7 content switching technologies integrated with leading acceleration and security capabilities. A key design element of the module is its ability to use virtualized architecture and role-based administration, which enable IT to provision and deliver a broad range of multiple applications from a single module, bringing increased scalability for to the data center.
To maximize application availability, the module uses best-in-class application-switching algorithms and highly available system software and hardware. It provides industry-leading scalability and throughput for managing application traffic, up to 16Gbps in a single module and 64Gbps with four modules in a single Catalyst 6500 switch chassis. This is upgradeable through software licenses or new module additions, thus providing IT with long-term investment protection and scalability.
The Cisco ACE Module greatly improves server efficiency through both highly flexible application traffic management and offloading CPU-intensive tasks such as SSL encryption/decryption processing and TCP session management.
Overview
ACE provides a highly available and scalable data center solution for the Oracle SIM application environment. Currently, the ACE is available as an appliance or integrated service module in the Catalyst 6500 platform. The testing of the SIM application in this solution was restricted to the ACE service module in the Catalyst 6500. ACE features and benefits include the following:
•
•
•
•
•
•
Additional Integrated Service Options
This document addresses the integration of network services with the Oracle SIM application. Server load-balancing and security are fundamental services that may be leveraged by data center applications. In addition, this document details the integration of network-based application optimization services in the data center and store. However, these are not the only integrated network services available for the enterprise. The following network services are also accessible as service modules or appliances:
•
•
•
•
•
•
ACE Virtualization
Virtualization is a prevalent trend in the enterprise today. From virtual application containers to virtual machines, the ability to optimize the use of physical resources and provide logical isolation is gaining momentum. The advancement of virtualization technologies includes the enterprise network and the intelligent services it offers.
The ACE supports device partitioning where a single physical device may provide multiple logical devices. This virtualization functionality allows system administrators to assign a single virtual ACE device to a business unit or applications, such as Oracle SIM, to achieve application performance goals or service-level agreements (SLAs). The flexibility of virtualization allows the system administrator to deploy network-based services according to the individual business requirements of the customer and technical requirements of the application. Service isolation is achieved without purchasing another dedicated appliance that consumes more space and power in the data center.
Figure 14 shows the use of virtualized network services afforded via the ACE and Cisco Firewall Services Module (FWSM). In Figure 14, a Catalyst 6500, housing a single ACE and FWSM, supports the business processes of five independent business functions. The system administrator determines the requirements of the application and assigns the appropriate network services as virtual contexts. Each context contains its own set of policies, interfaces, resources, and administrators. The ACE and FWSMs allow routed, one-arm, and transparent contexts to co-exist on a single physical platform.
Figure 14 Service Chaining via Virtualized Network Services
Note
TCP Reuse
TCP reuse allows the ACE to recycle TCP connections to the server farm, essentially reducing the load on the application servers. Servers use RAM to open and maintain connections to clients. RAM is a finite resource that directly impacts server performance. The ACE module allows persistent TCP connections to the application server and reclaims them for use by multiple clients.
Note
HTTP Header Insertion
The ACE HTTP header insertion feature allows a system administrator to insert a generic string value or to capture the following request specific values:
•
•
•
•
HTTP header insertion is especially useful when TCP reuse or the source address of the request may be determined via NAT. HTTP header insertion allows service logs to reflect the original source IP address of the request. Figure 15 shows the insertion of an HTTP header under the name "X-forwarder", reflecting the source IP address of the request.
Figure 15 HTTP Header Insertion Example
Session Persistence
Session persistence is the ability to forward client requests to the same server for the duration of a session. Oracle recommends HTTP session persistence for their E-Business Suite environment via the following:
•
•
ACE supports each of these methods, but given the presence of proxy services in the enterprise, Cisco recommends using the cookie sticky method to guarantee load distribution across the server farm. HTTP Header Insertion ExampleHeader Insertion Example shows the ACEOptimized cookie inserted into the client E-Business request.
In addition, ACE supports the replication of sticky information between devices and their respective virtual contexts. This provides a highly available solution that maintains the integrity of each session.
MAC Sticky
The ACE is capable of reverse path forwarding (RPF) based on the source MAC address on a VLAN interface of the request. This feature allows for transparency at Layer 3 and provides deterministic traffic flows at Layer 2 through the ACE. Cisco Wide Area Application Services (WAAS) devices deployed as a server farm under the ACE take advantage of this feature, guaranteeing that the same WAE device consistently manages each TCP session.
Note
Transparent Interception
Load balancers typically perform a NAT function to conceal the real server IP addresses residing in the retail data center, which means that the virtual IP address (VIP) is transformed and the request is forwarded to a real server. In addition to supporting this functionality, the ACE allows the system administrator to disable NAT for particular server farms, which is a desirable behavior for both firewall load balancing deployments and WAAS server farms.
Note
Allowed Server Connections
Retail data centers typically perform due diligence on all deployed server and network devices, determining the performance capabilities to create a more deterministic, robust, and scalable application environment. The ACE allows the system administrator to establish the maximum number of active connections values on a per-server basis and/or globally to the server farm. This functionality protects the end device, whether it is an application server or network application optimization device such as the WAE.
Health Monitoring
The ACE device is capable of tracking the state of a server and determining its eligibility for processing connections in the server farm. The ACE uses a simple pass/fail verdict but has many recovery and failures configurations, including probe intervals, timeouts, and expected results. Each of these features contributes to an intelligent load balancing decision by the ACE context.
Following are the predefined probe types currently available on the ACE module:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Note that the potential probe possibilities available via scripting make the ACE an even more flexible and powerful application-aware device. In terms of scalability, the ACE module can support 1000 open probe sockets simultaneously.
Wide Area Application Services
Cisco Wide Area Application Services (WAAS) provides appliance/software-based performance optimizations for TCP-based traffic. WAAS is targeted at improving the performance of TCP-based applications across the WAN, while reducing the amount of repetitive data that traverses the WAN. A Wide Area Application Engine running WAAS is required on both sides of a WAN link to perform optimization. Each WAE device forms one or more peer relationships with other WAE devices in the flow path.
To appreciate how WAAS provides WAN and application optimization benefits to the enterprise, consider the basic types of centralized application messages that are transmitted between stores. For simplicity, two basic types are identified:
•
•
WAAS uses the technologies described in the following subsections to provide a number of features, including application acceleration, file caching, print service, and DHCP to benefit both types of applications. For more information, refer to the following URL:
Advanced Compression using DRE and Lempel-Ziv Compression
Data Redundancy Elimination (DRE) is an advanced form of network compression that allows Cisco WAAS to maintain an application-independent history of previously-seen data from TCP byte streams. Lempel-Ziv (LZ) compression uses a standard compression algorithm for lossless storage. The combination of using DRE and LZ reduces the number of redundant packets that traverse the WAN, thereby conserving WAN bandwidth, improving application transaction performance, and significantly reducing the time for repeated bulk transfers of the same application.
Transport File Optimizations
Cisco WAAS Transport File Optimizations (TFO) employs a robust TCP proxy to safely optimize TCP at the WAE device by applying TCP-compliant optimizations to shield the clients and servers from poor TCP behavior because of WAN conditions. Cisco WAAS TFO improves throughput and reliability for clients and servers in WAN environments through increases in the TCP window sizing and scaling enhancements as well as implementing congestion management and recovery techniques to ensure that the maximum throughput is restored if there is packet loss.
Common Internet File System Caching Services
Common Internet File System (CIFS), used by Microsoft applications, is inherently a highly chatty transactional application protocol where it is not uncommon to find several hundred transaction messages traversing the WAN just to open a remote file. WAAS provides a CIFS adapter that can inspect and to some extent predict what follow-up CIFS messages are expected. By doing this, the local WAE caches these messages and sends them locally, significantly reducing the number of CIFS messages traversing the WAN.
Print Services
WAAS provides native SMB-based Microsoft print servers locally on the WAE device. Along with CIFS optimizations, this allows for store server consolidation at the data center. Having full-featured local print services means less traffic transiting the WAN. Without WAAS print services, print jobs are sent from a store client to the centralized server(s) across the WAN, then back to the store printer(s), thus transiting the WAN twice for a single job. WAAS eliminates the need for either WAN trip.
Note
Lean Retail Oracle SIM Packet Flow
Figure 16 Oracle SIM Packet Flow
The following sequence describes the handshake between a client and the server farm and the data transfer phase:
Step 1
Step 2
a.
b.
Step 3
Step 4
The following steps are for reverse traffic flow:
Step 5
Step 6
Step 7
Step 8
WAAS Mobile Product Overview
Cisco WAAS Mobile provides significant application acceleration and bandwidth savings to telecommuters, mobile users, and home-office users accessing corporate HTTP applications, e-mail, and file servers. By default, Cisco WAAS Mobile proxies a range of applications including most web browsers, email clients, Windows Explorer for file shares, ftp clients, and thin clients like Citrix and Microsoft Remote Desktop Client (RDC). In addition, any generic application using TCP connections to content servers can be added via its process name. This list of accelerated applications is determined by comparing the name of the process running on the end-user's machine to a preconfigured list of "Accelerated Processes". TCP connections not in this list will be bypassed.
The Cisco WAAS Mobile Persistent Sessions feature maintains acceleration sessions even when web connectivity is lost or when a mobile client switches to a different network such as from Wi-Fi to cellular. When connectivity is restored, the current session is sustained to create a seamless access experience regardless of the changes in the underlying network structure. Downloads and uploads are resumed without loss of data, and no additional log-ins are required.
Persistent Sessions insulates the end-user from problems with RF coverage in wireless networks as well as from problems in poor quality dial-up access. It allows the acceleration system to support advanced wireless network features such as automated Wi-Fi/cellular switchover or hand-offs when roaming through different cellular networks.
The WAAS Mobile product is typically installed in a DMZ and used to support mobile workers, telecommuters, and SOHO workers, but has also been used by retailers internally to accelerate employee access to applications from smaller store footprints that may not justify the cost of an appliance-based solution.
Design and Implementation
Design Goals
The enterprise retail network is a platform constructed to support a extensive range of business functions; more specifically, applications. The traditional perception of the network relegates its role to one of data transport, providing a reliable fabric for the enterprise. In addition to transport, the ubiquitous nature of the enterprise network fabric allows the introduction of intelligent network services to support business applications. This evolution of the network as an enterprise service platform is natural and supports the Oracle application objectives: high availability, security, optimization, scalability, and manageability.
The Cisco Lean Retail data center architecture is a holistic approach that allows the network and the applications it supports to work together. The primary goals of this design are to increase the performance, availability, scalability, and manageability of enterprise applications in the data center, while simultaneously providing a secure environment. In addition, this design reduces the complexity and implementation time of enterprise applications in the data center using virtualization technologies and network design best practices.
Specific solution objectives were:
•
•
•
•
The remainder of this document focuses on each of these objectives and detail specific deployments of an Oracle SIM application using the services of the Cisco Lean Retail data center infrastructure and Connected Retail store designs.
Design Considerations
This solution required several design considerations to achieve the goals list above.
PCI is a major concern for retailers. Several configurations were enabled to support this security standard:
•
•
•
•
•
•
Security devices (ASAs) implemented in the WAN aggregation layer were used to terminate encryption tunnels and filter traffic for security and compliance concerns such as PCI, HIPAA, etc. These security devices must be configured to inspect WAAS traffic due to the optimization and manipulation performed by the WAAS protocol.
At the store level, routers running firewall feature sets will need to be configured using zone-based firewall methods. Zone-based firewalls possess the capability to inspect WAAS traffic. The use of zone-based firewalls was not tested in this solution validation.
The Cisco WAAS Mobile product tunnels all client traffic through TCP and UDP port 1182 to the WAAS mobile server. Security devices and QoS must account for this traffic as all client traffic will appear to be sourced from the WAAS mobile server. This may affect IP-based security policies for store user traffic.
WAAS Application Profiling
WAAS has default profiles for many known applications and their corresponding TCP ports. Oracle SIM is not currently one of those default profiles. A new profile must be created to optimize Oracle SIM. Creating an application profile for Oracle SIM has overlapping ports with the well known application "Napster" on port 7777. Either the Oracle implementation must be altered from the standard port of 7777 to some other high port, or the default profile of Napster must be modified to remove the TCP port 7777. In this implementation, Napster was modified to remove the port 7777 from its profile. This overlap of port 7777 should also be considered when implementing QoS. Many retailers may force Napster to be blocked or put as low prioritization within their application priority scheme. This would have a negative impact on a default Oracle SIM installation. For more information, see:
http://protocolinfo.org/wiki/Napster
Hardware-based load balancing of Oracle applications is typically used for high availability and scalability. The Oracle High Availability Guide identifies several methods, including using DNS, to direct client traffic to an appropriate application server. This DNS method was used in testing to redirect traffic sent to the Oracle SIM application servers to instead use the ACE VIP address created for the Oracle SIM solution.
When using DNS redirection, the Java client application is still tied to the application server host name. When starting a new session, it was noted that the client will be downloaded from each application server that the user is dynamically assigned to for that session, until all application servers in the server load balancing pool have been downloaded and cached in the local PC Java cache. As the client application Java components are all the same on each of the application servers, WAAS is able to supply these files in an accelerated manner from the DRE cache.
Another method to avoid the need to download the Java client for each host server would be to point the JNDI url in the JNLP file to the load-balancer host name of the VIP address. This method was not tested, as it would require a reinstall of the Oracle SIM application and changing that setting in the ant.install.properties file.
Traffic acceleration occurs when the application data traverses through the WAE. The redirection of traffic can be achieved through several methods. This design used WCCP v2 because it was the most scalable and resilient of the protocol choices available.
Application acceleration requires the implementation of a wide area engine (WAE) at each end of the wide area network (WAN) that connects the store to the data center. The Lean Retail reference design places a firewall behind the WAN aggregation router (see Figure 17) in the data center for filtering and VPN termination. This affects the placement of the WAEs given that they should be placed outside of the encrypted tunnel path to optimize the tunnel traffic. This design positioned the WAE appliances at the service aggregation layer, allowing the optimization of encrypted traffic between stores and the data center.
Design Implementation
This section focuses on the use of the Cisco Wide Area Application Engine (WAE) in conjunction with the Cisco Application Control Engine (ACE) in the retail enterprise network. These designs specifically address a multi-tier deployment of the Oracle SIM application in the Cisco data center infrastructure architecture. The designs provide centralized load balancing, security, and optimization services for the Oracle application.
Figure 17 Lean Network Architecture
Oracle Store Inventory Management
The Oracle SIM application was installed on two separate Oracle application servers which enabled independent testing of Cisco's hardware-based ACE load balancer. Each application server and the Oracle RDBMS database server were built ontop of Oracle's Enterprise Linux operating system (OEL). Oracle SIM and OEL were obtained from Oracle's E-Delivery website, and also include all available documentation: http://www.oracle.com/technology/software/index.html
The Oracle ORDBMS database was installed using default values as specified in the implementation guide. The creation of the SIM database tables were modified such that their maximum size was set to UNLIMITED to accommodate the import of the standard reference database content used for application testing.
CREATE TABLESPACE RETEK_INDEX DATAFILE'/opt/oracle/oradata/$ORACLE_SID/retek_index01.dbf' SIZE 500M AUTOEXTEND ON NEXT 100M MAXSIZE UNLIMITEDEXTENT MANAGEMENT LOCALSEGMENT SPACE MANAGEMENT AUTO;The Oracle Application servers were built using the basic installation type with Integrated Web Server, J2EE Server, and Process Management. These application servers were built individually and not clustered together as this implementation was to use a hardware load balancer in place of clustering, to provide high availability and per-client session load balancing. High availability was achieved using an active-active topology with Oracle HTTP Server and OC4J in the same Oracle home.
Load Balancing
Active-active topologies use a load balancer to direct requests to one of the Oracle Application Server instances in the topology. In other words, the Oracle Application Server instances are fronted by the load balancer. You configure the load balancer with virtual server names for HTTP and HTTPS traffic. Clients use the virtual server names in their requests. The load balancer directs requests to an available Oracle Application Server instance where the Oracle SIM client is the downloaded from. The architecture SIM currently uses allows the JNLP request to be load balanced, but then once that file is retrieved from a server, all communication from the client to the server is directly to the application server the JNLP was downloaded from. Refer to the Oracle Application Server High Availability Guide at the following URL for additional information:
http://www.oracle.com/technology/products/ias/hi_av/904ha.pdf
This implementation also tested the ability of Cisco ACE to load balance returning clients by session so that they were no longer tied to the JNLP server that the client is downloaded from. These tests were successful and significantly improve the availability on SIM during server maintenance and unexpected failure of a server.
The Oracle SIM application was installed on each of the application servers following the steps specified in the installation guide. SIM needed to be installed as standalone oc4j implementations instead of clustered instances. This was achieved by modifying the ant.install.properties file and changing the deployer uri as follows:
input.deployer.uri = deployer:oc4j:opmn://OracleSIM01.cisco-irn.com:6003/sim-oc4j-instanceFor this deployment of Oracle SIM, authentication for users of the application used database authentication instead of the more common LDAP authentication which is configured during the default installation. Changing the method of authentication was achieved as follows:
Modify the following file:<SIM_INSTANCE>/sim-home/files/prod/config/dao.cfgChange the following line:EMPLOYEE_DAO=oracle.retail.sim.shared.dataaccess.sim.ldap.dao.EmployeeLdapDAOTo the following:EMPLOYEE_DAO=oracle.retail.sim.shared.dataaccess.artsoracle.dao.EmployeeOracleDaoAnd change the following line:STORE_AUTHORIZATION_INFO_DAO=oracle.retail.sim.shared.dataaccess.sim.ldap.dao.StoreAuthori zationInfoRSSLdapDaoTo this:STORE_AUTHORIZATION_INFO_DAO=oracle.retail.sim.shared.dataaccess.artsoracle.dao.StoreAutho rizationInfoOracleDaoAfter completion of these edits, the SIM oc4j instance was restarted.
This version of Oracle SIM did not include a configurable option in the management interface for enabling and disabling compression between the SIM client and the SIM server. This compression is built-in and normally enabled at all times. The testing methodology included tests that needed to be performed with compression set to OFF, so a script was developed to modify several class files enabling the capability of turning compression ON and OFF as needed.
The client PC's tested used Internet Explorer 6 SP1 and included Java JRE 6.0. From each client PC, the following URL was opened in the Internet Explorer browser to launch the SIM client: http://oraclesim01.cisco-irn.com:7777/sim-client/launch?template=sim_jnlp_template.vm.
Before SIM is opened, J2SE Runtime Environment 5.0 Update 15 is automatically downloaded from the Oracle Application server and installed on the client. After the client is downloaded, it is cached in the Java Web Start cache, which is different than IE's temporary space. Thereafter, it is only downloaded if a patch is applied to the client code on the server, and only changed resources are downloaded. Patches are typically sent out every few months. If the Java Web Start cache on the client PC is manually cleared, the full client must be downloaded again. For testing, the Java cache was cleared to initiate new client downloads by deleting the entire folder: "C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0"
As the SIM client is stored in the individual user's Java cache profile, each new user that logs in to the client PC will need to download or update the client before use.
ACE
The ACE module is a load balancer that is capable of creating virtual contexts within the confines of the single module. From the Admin context, an Oracle context is created. This allows the administrators of the Oracle SIM application to have a virtual load balancer created that is used specifically for the administration and performance enhancement of Oracle SIM.
The ACE modules were implemented in the service aggregation layer of the data center (RDIST-1 and RDIST-2). This is consistent with the underlying philosophy of the Data Center C 2.5 Design Guide that places services like load balancing in an aggregated area between the access and core layers.
Cisco ACE was installed using Application Control Engine Module Getting Started Guide, which can be found at the following URL:
The load balancer was configured to use "round robin" method for distributing load. Predictor is round robin by default and does not show up in the running configuration under the serverfarm host section.
!serverfarm host ORACLEprobe PINGprobe SIMrserver oracle1inservicerserver oracle2inservice!Several probes were used for server farm health monitoring. Ping was used to verify that the application server was functional. An HTTP probe was used to verify that the Oracle SIM application was functioning.
Configuration within the Oracle Context of custom HTTP probe:
probe http SIMport 7777interval 5faildetect 2request method get url /sim-ws/simWebServiceexpect status 200 200The Oracle application requires that the client maintains its session with the same application server within the server farm. The ACE load balancer is configured to "stick" the client to the application server for the entire session of that user until the application is closed. To enable sticky functionality, a resource class was defined in the admin context. The source IP sticky functionality for all IP addresses was configured and assigned in the Oracle context.
Configuration and assignment of resource in Admin context:
resource-class Goldlimit-resource all minimum 0.00 maximum unlimitedlimit-resource conc-connections minimum 10.00 maximum unlimitedlimit-resource sticky minimum 10.00 maximum unlimitedcontext oracledescription Oracle SIMallocate-interface vlan 46allocate-interface vlan 146member GoldConfiguration and assignment of source IP sticky in Oracle context:
sticky ip-netmask 255.255.255.255 address source src-ip-stickytimeout 10serverfarm ORACLEpolicy-map type loadbalance first-match VIP-POLICY-11class class-defaultsticky-serverfarm src-ip-stickypolicy-map multi-match LB-VIPclass VIP-HTTP-11loadbalance vip inserviceloadbalance policy VIP-POLICY-11loadbalance vip icmp-replyThe Oracle SIM client periodically sends keepalive packets to the Oracle SIM server while logged in and the client is open and running. These keepalives are sent every 90 seconds. This continuous communication helps to maintain state and synchronization through the load balancer which maintains client source IP sticky connectivity through 10 minutes of inactivity as specified by the timeout command.
WAAS
This design required a WAE for each of these functions: Central Manager, headend, in the data center, and per store. The Central Manager must have a minimum configuration of:
•
•
Headend and Store WAEs
In order to use the Central Manager for management and scaled configuration, initial configuration must be performed via the CLI interface of the headend WAE and the store side WAEs. These settings are as follows:
•
•
•
These initial configurations allow the use of the Central Manager for all subsequent configurations of the WAAS devices. Through the use of the device group capability, the common settings for all the devices were assigned (e.g., NTP, Disk Encryption, authentication, and SNMP).
Redirection of Oracle SIM Traffic To WAEs
WAEs
The WAEs were configured to retrieve WCCP redirection of the Oracle SIM traffic from the Cisco routers by using the Central Manager.
!Specifies the data center router (RDIST-1) as source of WCCP trafficwccp router-list 1 192.168.62.161wccp tcp-promiscuous router-list-num 1wccp version 2!Routers
The data center routers at the service aggregation layer (RDIST1 and RDIST2) and the store routers were configured to redirect Oracle SIM traffic to the local WAE using WCCP v2. The following configurations demonstrate how the data center routers were configured.
Global Configuration:
!Enable WCCP services- WCCP version 2 is defaultip wccp 61ip wccp 62ip wccp version 2!Interface Configuration:
interface Loopback62ip address 192.168.62.161 255.255.255.255!!WCCP was implemented on the interfaces that Oracle SIM traffic flows through.interface Vlan102description Uplink to RCORE-2ip address 192.168.10.18 255.255.255.252ip wccp 61 redirect in!!interface Vlan46description ORACLE SIM NETWORKip address 192.168.46.3 255.255.255.0ip wccp 62 redirect in!In the medium store, a network module was used (NME-WAE). The IP address of the WAE is assigned via the router NME (Integrated Service Engine) interface as follows:
!interface Integrated-Service-Engine1/0ip address 10.10.46.41 255.255.255.252service-module ip address 10.10.46.42 255.255.255.252service-module ip default-gateway 10.10.46.41no keepalive!For more information regarding WCCP, refer to the following URL:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf018.html
WAAS Oracle Application Profile
WAAS devices come with a large amount of application profiles built into the application. The Oracle SIM application is not a default application that is characterized within this portfolio. There are two ramifications of this that must be configured within the WAEs:
1.
2.
Creation of Oracle SIM profile was achieved by creating an application profile, an application classifier and an application action. The following screenshots depict how to create an Oracle SIM application profile with the Central Manager that is pushed out to the headend and store WAEs (see Figure 18, Figure 19, and Figure 20).
Figure 18 New Application Policy
Figure 19 New Classifier for Oracle SIM TCP Ports
Figure 20 Application Oracle SIM Listed in the Application Policy Group
After this profile has been pushed to the enterprise WAEs, the following configurations are found within the WAEs:
!Oracle SIM application profile now appears at the end of the list of default application policies.policy-engine applicationname Authentication... default policies excerpted for brevityname OracleSIM!!Oracle SIM classifier now appears using the standard Oracle SIM TCP portsclassifier OracleSIMClassifiermatch dst port range 12401 12500match dst port eq 7777match dst port eq 6003! Oracle SIM now appears and is configured for full optimizationmap basicname OracleSIM classifier OracleSIMClassifier action optimize fullOracle SIM was configured for full optimization, which includes TFO, DRE, and LZ compression.
Napster
Under the Napster application profile, the Napster classifier was modified to remove TCP port 7777. This resolves the conflict that was introduced when creating the Oracle Store Inventory Management classifier.
WAAS Mobile Design Installation
The Cisco WAAS Mobile server was installed on a Windows 2003 server with Service Pack 1 installed, IIS services and Windows .NET v2.0 as specified in the installation guide (see Figure 21).
Figure 21 WAAS Mobile SIM Distribution
After completing installation and licensing, a new Client Distribution was created. This new client distribution was labeled as OracleSIM_V2 (see Figure 22).
Figure 22 WAAS Mobile SIM Distribution
To enable acceleration and caching for the Oracle SIM client application, a new process needed to be added to the Proxied Process List. The Oracle SIM client is a Java application, so the process name that is used is javaw.exe. This new process was defined and the auto reset connection option was set to Yes as shown in Figure 23.
Figure 23 WAAS Mobile SIM Distribution
After the client distribution options have been assigned, it was then downloaded onto a client PC in the small store and installed. Once installed and enabled, all traffic from the defined processes is sent to the WAAS Mobile server using UDP port 1182. The mobile server then fully proxies the connection to the Oracle SIM application servers on behalf of the client.
The WAAS Mobile client application (see Figure 24) provides basic statistical information including; RAW Bytes and Compressed Bytes sent and received, and Events.
Figure 24 WAAS Mobile SIM Client
Cisco WAAS Mobile instructions for use and installation of this product are detailed in the following documents: Cisco WAAS Mobile Integration Guide, Cisco WAAS Mobile System Administration Guide, and Cisco WAAS Mobile Client Software User Guide. More information on WAAS Mobile can be found at the following URL: http://www.cisco.com/en/US/products/ps9523/index.html.
Connected Retail Store Designs
Several different store footprints were tested in this solution. Each store connected back to the central data center.
Lean Retail Oracle Store Inventory Solution Environment
Table 2 details the application environment leveraged during testing, identifying the hardware, and software components of the test bed.
Testing
The Oracle SIM application was tested using a standard script which Oracle uses in QA testing of the product. Testing included a subset of the script, and tests were performed across each architecture in as consistent a manner as possible.
These test points describe typical Oracle SIM usage in a production environment:
•
•
•
•
Figure 25 through Figure 28 show each of the application client screens.
Figure 25 SIM Client Download
Figure 26 SIM Client Login
Figure 27 SIM Client Menu
Figure 28 SIM Client Warehouse Delivery List
Testing was performed with a combination of Cisco WAAS ON and OFF, with Oracle Compression ON and OFF, and with Cisco ACE enabled and performing load balancing for sessions. Only a small amount of additional traffic was running in the background on the network such as SNMP and Syslog events. All data captured was restricted to the Oracle SIM traffic flow.
Detailed testing results are available in Appendix B—Testing Results DATA.
Each of the following figures represents the testing results data for the small, medium, and large stores. Each data point represents a complete store user transaction which includes client startup, client login, perform a warehouse delivery of X number of skews, logout and close the Oracle SIM application.
Figure 29 and Figure 30 show the results obtained in the small store. Figure 29 depicts the transaction times in seconds and Figure 30 depicts the transaction data in bytes.
Figure 29 Small Store Transaction Time—128kbps
Figure 30 Small Store Transaction Bytes —128kbps
Figure 31 and Figure 32 show the results obtained in the medium store. Figure 31 depicts the transaction times in seconds and Figure 32 depicts the transaction data in bytes.
Figure 31 Medium Store Transaction Time—512Kbps
Figure 32 Medium Store Transaction Bytes—512Kbps
Figure 33 and Figure 34 show the results obtained in the large store. Figure 33 depicts the transaction times in seconds and Figure 34 depicts the transaction data in bytes.
Figure 33 Large Store Transaction Time—1544Kbps
Figure 34 Large Store Transaction Bytes —1544Kbps
Summary and Conclusions
The Cisco Lean Retail Oracle Store Inventory Management solution demonstrates several benefits and considerations when deploying the Oracle SIM application within the Cisco Lean Retail environment.
The discovery of the overlapping port usage of the Oracle SIM client download and Napster could have caused erratic application performance issues in Oracles existing customer deployments. Security and QoS policies regularly block and restrict traffic using this port, negatively affecting the performance of Oracle SIM. Current and future retail deployments need to account for the overlap of this TCP port.
The Cisco WAAS Mobile was effective in its ability to compress and optimize Oracle SIM traffic. This is a cost effective method of optimizing retail store applications where the deployment of a WAAS appliance or a WAAS network module is not practical.
The Oracle SIM testing was performed from a retail clerk's perspective that included login, receive shipment, and logout. Performance improvement was found in several areas:
•
•
•
•
•
•
•
The functional interoperability testing of Oracle's Store Inventory Management application within Cisco's small, medium, and large Lean Retail reference architectures was successful. This solution's validation enables retailers to confidently progress to a pilot testing stage for technology deployment and avoids additional costly testing.
Appendix A—Test Environment Diagrams
Figure 35 Data Center
Figure 36 Small Store
Figure 37 Medium Store
Figure 38 Large Store
Appendix B—Testing Results DATA
The following three test scenarios were performed as appropriate in each of the deployment types:
•
•
•
Table 3 through Table 5 are the recorded testing results. These results were compiled to create Figure 39 through Figure 47.
Table 3 Baseline Oracle SIM test results
Table 4 Comparison Test Results with WAAS
Table 5 Comparison Test Results with WAAS and ACE
Each of the following twelve figures (Figure 39 through Figure 47) represent the testing results data for the small, medium, and large stores. Each data point represents a complete store user transaction which includes client startup, client login, perform a warehouse delivery of X number of skews, logout, and close the Oracle SIM application.
Figure 39 Small Store Local Client Transaction Time, ACE Off —128Kbps
Figure 40 Small Store Local Client Transaction Bytes, ACE Off—128Kbps
Figure 41 Small Store Windows RDP Transaction Time, ACE Off —128Kbps
Figure 42 Small Store Windows RDP Transaction Bytes, ACE Off —128Kbps
Figure 43 Small Store Local Client Transaction Time, ACE On—128Kbps
Figure 44 Small Store Local Client Transaction Bytes, ACE On—128Kbps
Figure 45 Small Store Transaction Time—128kbps
Figure 46 Small Store Transaction Bytes —128kbps
Figure 47 Medium Store Transaction Time—512Kbps
Figure 48 Medium Store Transaction Bytes—512Kbps
Figure 49 Large Store Transaction Time—1544Kbps
Figure 50 Large Store Transaction Bytes —1544Kbps
Appendix C—Configurations
Data Center Configurations
ACE Configurations
ACE Admin Context
ACE1-Slot4/Admin# sh runGenerating configuration....login timeout 60hostname ACE1-Slot4boot system image:c6ace-t1k9-mz.3.0.0_A1_6_3a.binresource-class Goldlimit-resource all minimum 0.00 maximum unlimitedlimit-resource conc-connections minimum 10.00 maximum unlimitedlimit-resource sticky minimum 10.00 maximum unlimitedaccess-list ANYONE line 10 extended permit ip any anyaccess-list ANYONE line 20 extended permit icmp any anyclass-map type management match-any REMOTE-ACCESSdescription remote access traffic match rule10 match protocol telnet any20 match protocol ssh any30 match protocol icmp any31 match protocol https any32 match protocol snmp anypolicy-map type management first-match REMOTE-MGTclass REMOTE-ACCESSpermitinterface vlan 20ip address 192.168.2.3 255.255.255.0service-policy input REMOTE-MGTno shutdownip route 0.0.0.0 0.0.0.0 192.168.2.1context oracledescription Oracle SIMallocate-interface vlan 46allocate-interface vlan 146member Goldusername admin password 5 $1$faXJEFBj$TJR1Nx7sLPTi5BZ97v08c/ role Admin domaindefault-domainusername www password 5 $1$UZIiwUk7$QMVYN1JASaycabrHkhGcS/ role Admin domain default-domainACE SIM Context
ACE1-Slot4/oracle# sh runGenerating configuration....access-list ANYONE line 10 extended permit ip any anyaccess-list ANYONE line 20 extended permit icmp any anyprobe icmp PINGinterval 2probe http SIMport 7777interval 5faildetect 2request method get url /sim-ws/simWebServiceexpect status 200 200rserver host oracle1ip address 192.168.46.101inservicerserver host oracle2ip address 192.168.46.102inserviceserverfarm host ORACLEprobe PINGprobe SIMrserver oracle1inservicerserver oracle2inservicesticky ip-netmask 255.255.255.255 address source src-ip-stickytimeout 10serverfarm ORACLEclass-map type management match-any REMOTE-ACCESSdescription remote access traffic match rule10 match protocol telnet any20 match protocol ssh any30 match protocol icmp any31 match protocol https any32 match protocol snmp anyclass-map match-all VIP-HTTP-112 match virtual-address 192.168.46.100 anypolicy-map type management first-match REMOTE-MGTclass REMOTE-ACCESSpermitpolicy-map type loadbalance first-match VIP-POLICY-11class class-defaultsticky-serverfarm src-ip-stickypolicy-map multi-match LB-VIPclass VIP-HTTP-11loadbalance vip inserviceloadbalance policy VIP-POLICY-11loadbalance vip icmp-replyinterface vlan 46bridge-group 1access-group input ANYONEservice-policy input REMOTE-MGTservice-policy input LB-VIPno shutdowninterface vlan 146bridge-group 1access-group input ANYONEno shutdowninterface bvi 1ip address 192.168.46.10 255.255.255.0no shutdownip route 0.0.0.0 0.0.0.0 192.168.46.1WAE Configuration
Central Manager "WAE-DC4"
WAEDC-4#sh run! WAAS version 4.0.19 (build b14 Jun 13 2008)!device mode central-manager!hostname WAEDC-4!clock timezone PST8PDT -7 0!ip domain-name cisco-irn.com!primary-interface GigabitEthernet 1/0!interface GigabitEthernet 1/0ip address 192.168.48.10 255.255.255.0exitinterface GigabitEthernet 2/0shutdownexit!ip default-gateway 192.168.48.1!! ip path-mtu-discovery is disabled in WAAS by default!ip name-server 192.168.42.130!ntp server 192.168.62.162ntp server 192.168.62.161ntp server 192.168.0.1!username admin password 1 bVmDmMMmZAPjYusername admin privilege 15username admin print-admin-password 1 29D5C31BFF3D8D25AAD3B435B51404EE 7D891AB402CAF2E89CCDD33ED54333AC!authentication login local enable primaryauthentication configuration local enable primary!cms enable!! End of WAAS configurationWAEDC-4#Data Center WAE (Headend) "WAE-DC1"
WAEDC-1#sh run! WAAS version 4.0.19 (build b14 Jun 13 2008)!device mode application-accelerator!hostname WAEDC-1!clock timezone PST8PDT -7 0!ip domain-name cisco-irn.com!primary-interface GigabitEthernet 1/0!interface GigabitEthernet 1/0ip address 192.168.49.10 255.255.255.0exitinterface GigabitEthernet 2/0shutdownexit!interface InlineGroup 1/0inline vlan allshutdownexitinterface InlineGroup 1/1inline vlan allshutdownexit!ip default-gateway 192.168.49.1!no auto-register enable!! ip path-mtu-discovery is disabled in WAAS by default!ip name-server 192.168.42.130!logging facility sysloglogging host 192.168.42.134logging console enable!ntp server 192.168.62.162ntp server 192.168.62.161ntp server 192.168.0.1!wccp router-list 1 192.168.62.161wccp tcp-promiscuous router-list-num 1wccp version 2!egress-method negotiated-return intercept-method wccp!username admin password 1 bVmDmMMmZAPjYusername admin privilege 15username admin print-admin-password 1 29D5C31BFF3D8D25AAD3B435B51404EE 7D891AB402CAF2E89CCDD33ED54333AC!snmp-server contact Christian Janoffsnmp-server location Croms Mountainsnmp-server enable traps configsnmp-server enable traps content-engine disk-readsnmp-server enable traps content-engine disk-writesnmp-server enable traps content-engine disk-failsnmp-server enable traps content-engine overload-bypasssnmp-server enable traps content-engine transaction-logsnmp-server enable traps alarm raise-criticalsnmp-server enable traps alarm clear-criticalsnmp-server enable traps alarm raise-majorsnmp-server enable traps alarm clear-majorsnmp-server enable traps alarm raise-minorsnmp-server enable traps alarm clear-minorsnmp-server enable traps entitysnmp-server enable traps snmp authenticationsnmp-server enable traps snmp cold-startsnmp-server enable traps eventsnmp-server host 192.168.42.134 retaillab v3 privsnmp-server community ciscoprivate rwsnmp-server community ciscopublic!tacacs key ****tacacs host 192.168.42.131 primary!windows-domain netbios-name "WAEDC-1"!authentication login local enable secondaryauthentication login tacacs enable primaryauthentication configuration local enable secondaryauthentication configuration tacacs enable primaryauthentication fail-over server-unreachable!no telnet enable!no sshd version 1sshd enable!flow monitor tcpstat-v1 host 192.168.50.10flow monitor tcpstat-v1 enable!tfo tcp optimized-send-buffer 2048tfo tcp optimized-receive-buffer 2048!policy-engine application... policy engine configuration excerpted for brevityname OracleSIM... classifiers excerpted for brevityclassifier OracleSIMClassifiermatch dst port range 12401 12500match dst port eq 7777match dst port eq 6003exitmap basicname OracleSIM classifier OracleSIMClassifier action optimize full...configuration excerpted for brevity!central-manager address 192.168.48.10cms enable!!disk encrypt enable!banner motd message "WARNING: \n **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO INC.****\n **** AUTHORIZED USERS ONLY! ****\n\nANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT \nTO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY\nTO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHER \nREPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT\nFURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHER \nCRIMINALCONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW \nENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. \n\nUNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.\n"banner login message "WARNING:\nTHIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!"banner exec message "WARNING:\n **** THIS SYSTEM IS PRIVATE PROPERTY FOR THEUSE OF CISCO INC.****\n **** AUTHORIZED USERS ONLY! ****\n\nANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT \nTO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY\nTO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHER \nREPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT\nFURTHERNOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHER \nCRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW \nENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. \n\nUNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS."banner enable!! End of WAAS configurationWAEDC-1#Small Store Configurations
Small Store WAE Appliance "WAESM-1"
WAESM-1#sh run! WAAS version 4.0.19 (build b14 Jun 13 2008)!device mode application-accelerator!hostname WAESM-1!clock timezone PST8PDT -7 0!ip domain-name cisco-irn.com!primary-interface GigabitEthernet 1/0!interface GigabitEthernet 1/0ip address 10.10.24.100 255.255.255.0exitinterface GigabitEthernet 2/0shutdownexit!interface InlineGroup 1/0inline vlan allshutdownexitinterface InlineGroup 1/1inline vlan allshutdownexit!ip default-gateway 10.10.24.1!no auto-register enable!! ip path-mtu-discovery is disabled in WAAS by default!ip name-server 192.168.42.130!logging facility sysloglogging host 192.168.42.134logging console enable!ntp server 192.168.42.130!wccp router-list 1 10.10.24.1wccp tcp-promiscuous router-list-num 1wccp version 2!egress-method negotiated-return intercept-method wccp!username admin password 1 bVmDmMMmZAPjYusername admin privilege 15username admin print-admin-password 1 29D5C31BFF3D8D25AAD3B435B51404EE 7D891AB402CAF2E89CCDD33ED54333AC!snmp-server contact Christian Janoffsnmp-server location Croms Mountain!tacacs key ****tacacs host 192.168.42.131 primary!windows-domain netbios-name "WAESM-1"!authentication login local enable secondaryauthentication login tacacs enable primaryauthentication configuration local enable secondaryauthentication configuration tacacs enable primaryauthentication fail-over server-unreachable!no telnet enable!no sshd version 1sshd enable!flow monitor tcpstat-v1 host 192.168.50.10flow monitor tcpstat-v1 enable!tfo tcp optimized-send-buffer 512tfo tcp optimized-receive-buffer 512!policy-engine application... policy engine configuration excerpted for brevityname OracleSIM... classifiers excerpted for brevityclassifier OracleSIMClassifiermatch dst port range 12401 12500match dst port eq 7777match dst port eq 6003exitmap basicname OracleSIM classifier OracleSIMClassifier action optimize full...configuration excerpted for brevity!central-manager address 192.168.48.10cms enable!disk encrypt enable!banner motd message "WARNING: \n **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO INC.****\n **** AUTHORIZED USERS ONLY! ****\n\nANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT \nTO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY\nTO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHER \nREPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT\nFURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHER \nCRIMINALCONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW \nENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. \n\nUNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.\n"banner login message "WARNING:\nTHIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!"banner exec message "WARNING:\n **** THIS SYSTEM IS PRIVATE PROPERTY FOR THEUSE OF CISCO INC.****\n **** AUTHORIZED USERS ONLY! ****\n\nANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT \nTO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY\nTO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHER \nREPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT\nFURTHERNOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHER \nCRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW \nENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. \n\nUNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS."banner enable!! End of WAAS configurationWAESM-1#Medium Store Configurations
Medium Store Router Configuration for the WAE Network Module
!interface Integrated-Service-Engine1/0ip address 10.10.46.41 255.255.255.252service-module ip address 10.10.46.42 255.255.255.252service-module ip default-gateway 10.10.46.41no keepalive!Medium Store WAE Network Module
WAEMED-1#sh run! WAAS version 4.0.19 (build b14 Jun 13 2008)!device mode application-accelerator!hostname WAEMED-1!clock timezone PST8PDT -7 0!ip domain-name cisco-irn.com!primary-interface GigabitEthernet 1/0!interface GigabitEthernet 1/0ip address 10.10.46.42 255.255.255.252no autosensebandwidth 1000full-duplexexitinterface GigabitEthernet 2/0shutdownexit!ip default-gateway 10.10.46.41!no auto-register enable!! ip path-mtu-discovery is disabled in WAAS by default!ip name-server 192.168.42.130!logging facility sysloglogging host 192.168.42.134logging console enable!ntp server 192.168.62.162ntp server 192.168.62.161ntp server 192.168.0.1!wccp router-list 1 10.10.46.41wccp tcp-promiscuous router-list-num 1wccp version 2!egress-method negotiated-return intercept-method wccp!username admin password 1 bVmDmMMmZAPjYusername admin privilege 15username admin print-admin-password 1 29D5C31BFF3D8D25AAD3B435B51404EE 7D891AB402CAF2E89CCDD33ED54333AC!snmp-server contact Christian Janoffsnmp-server location Croms Mountainsnmp-server enable traps configsnmp-server enable traps content-engine disk-readsnmp-server enable traps content-engine disk-writesnmp-server enable traps content-engine disk-failsnmp-server enable traps content-engine overload-bypasssnmp-server enable traps content-engine transaction-logsnmp-server enable traps alarm raise-criticalsnmp-server enable traps alarm clear-criticalsnmp-server enable traps alarm raise-majorsnmp-server enable traps alarm clear-majorsnmp-server enable traps alarm raise-minorsnmp-server enable traps alarm clear-minorsnmp-server enable traps entitysnmp-server enable traps snmp authenticationsnmp-server enable traps snmp cold-startsnmp-server enable traps eventsnmp-server host 192.168.42.134 retaillab v3 privsnmp-server community ciscoprivate rwsnmp-server community ciscopublic!tacacs key ****tacacs host 192.168.42.131 primary!windows-domain netbios-name "WAEMED-1"!authentication login local enable secondaryauthentication login tacacs enable primaryauthentication configuration local enable secondaryauthentication configuration tacacs enable primaryauthentication fail-over server-unreachable!no telnet enable!no sshd version 1sshd enable!flow monitor tcpstat-v1 host 192.168.50.10flow monitor tcpstat-v1 enable!policy-engine application... policy engine configuration excerpted for brevityname OracleSIM... classifiers excerpted for brevityclassifier OracleSIMClassifiermatch dst port range 12401 12500match dst port eq 7777match dst port eq 6003exitmap basicname OracleSIM classifier OracleSIMClassifier action optimize full...configuration excerpted for brevity!central-manager address 192.168.48.10cms enable!disk encrypt enable!banner motd message "WARNING: \n **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO INC.****\n **** AUTHORIZED USERS ONLY! ****\n\nANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT \nTO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY\nTO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHER \nREPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT\nFURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHER \nCRIMINALCONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW \nENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. \n\nUNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.\n"banner login message "WARNING:\nTHIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!"banner exec message "WARNING:\n **** THIS SYSTEM IS PRIVATE PROPERTY FOR THEUSE OF CISCO INC.****\n **** AUTHORIZED USERS ONLY! ****\n\nANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT \nTO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY\nTO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHER \nREPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT\nFURTHERNOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHER \nCRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW \nENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. \n\nUNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS."banner enable!! End of WAAS configurationWAEMED-1#Large Store Configurations
Large Store WAE Appliance
WAELRG-1#sh run! WAAS version 4.0.19 (build b14 Jun 13 2008)!device mode application-accelerator!hostname WAELRG-1!clock timezone PST8PDT -7 0!ip domain-name cisco-irn.com!primary-interface GigabitEthernet 1/0!interface GigabitEthernet 1/0ip address 10.10.56.100 255.255.255.0exitinterface GigabitEthernet 2/0shutdownexit!interface InlineGroup 1/0inline vlan allshutdownexitinterface InlineGroup 1/1inline vlan allshutdownexit!ip default-gateway 10.10.56.1!no auto-register enable!! ip path-mtu-discovery is disabled in WAAS by default!ip name-server 192.168.42.130!logging facility sysloglogging host 192.168.42.134logging console enable!ntp server 192.168.62.162ntp server 192.168.0.1ntp server 192.168.62.161!wccp router-list 1 10.10.62.1wccp tcp-promiscuous router-list-num 1wccp version 2!egress-method negotiated-return intercept-method wccp!username admin password 1 bVmDmMMmZAPjYusername admin privilege 15username admin print-admin-password 1 29D5C31BFF3D8D25AAD3B435B51404EE 7D891AB402CAF2E89CCDD33ED54333AC!snmp-server contact Christian Janoffsnmp-server location Croms Mountainsnmp-server enable traps configsnmp-server enable traps content-engine disk-readsnmp-server enable traps content-engine disk-writesnmp-server enable traps content-engine disk-failsnmp-server enable traps content-engine overload-bypasssnmp-server enable traps content-engine transaction-logsnmp-server enable traps alarm raise-criticalsnmp-server enable traps alarm clear-criticalsnmp-server enable traps alarm raise-majorsnmp-server enable traps alarm clear-majorsnmp-server enable traps alarm raise-minorsnmp-server enable traps alarm clear-minorsnmp-server enable traps entitysnmp-server enable traps snmp authenticationsnmp-server enable traps snmp cold-startsnmp-server enable traps eventsnmp-server host 192.168.42.134 retaillab v3 privsnmp-server community ciscoprivate rwsnmp-server community ciscopublic!tacacs key ****tacacs host 192.168.42.131 primary!windows-domain netbios-name "WAELRG-1"!authentication login local enable secondaryauthentication login tacacs enable primaryauthentication configuration local enable secondaryauthentication configuration tacacs enable primaryauthentication fail-over server-unreachable!no telnet enable!no sshd version 1sshd enable!flow monitor tcpstat-v1 host 192.168.50.10flow monitor tcpstat-v1 enable!tfo tcp optimized-send-buffer 512tfo tcp optimized-receive-buffer 512!policy-engine application... policy engine configuration excerpted for brevityname OracleSIM... classifiers excerpted for brevityclassifier OracleSIMClassifiermatch dst port range 12401 12500match dst port eq 7777match dst port eq 6003exitmap basicname OracleSIM classifier OracleSIMClassifier action optimize full...configuration excerpted for brevity!central-manager address 192.168.48.10cms enable!!disk encrypt enable!banner motd message "WARNING: \n **** THIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF CISCO INC.****\n **** AUTHORIZED USERS ONLY! ****\n\nANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT \nTO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY\nTO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHER \nREPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT\nFURTHER NOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHER \nCRIMINALCONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW \nENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. \n\nUNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS.\n"banner login message "WARNING:\nTHIS SYSTEM IS PRIVATE PROPERTY FOR THE USE OF AUTHORIZED USERS ONLY!"banner exec message "WARNING:\n **** THIS SYSTEM IS PRIVATE PROPERTY FOR THEUSE OF CISCO INC.****\n **** AUTHORIZED USERS ONLY! ****\n\nANY USE OF THIS COMPUTER NETWORK SYSTEM SHALL BE DEEMED TO BE EXPRESS CONSENT \nTO MONITORING OF SUCH USE AND TO SUCH ADDITIONAL MONITORING AS MAY BE NECESSARY\nTO IDENTIFY ANY UNAUTHORIZED USER. THE SYSTEM ADMINISTRATOR OR OTHER \nREPRESENTATIVES OF THE SYSTEM OWNER MAY MONITOR SYSTEM USE AT ANY TIME WITHOUT\nFURTHERNOTICE OR CONSENT. UNAUTHORIZED USE OF THIS SYSTEM AND ANY OTHER \nCRIMINAL CONDUCT REVEALED BY SUCH USE IS SUBJECT TO DISCLOSURE TO LAW \nENFORCEMENT OFFICIALS AND PROSECUTION TO THE FULL EXTENT OF THE LAW. \n\nUNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,CIVIL AND CRIMINAL LAWS."banner enable!! End of WAAS configurationWAELRG-1#Appendix D—References
•
Appendix E—Troubleshooting
Troubleshooting Configuration
WAE Commands
The following show commands can help troubleshoot issues with the Cisco WAE configuration:
•
WCCP version 2 is enabled and currently active•
Services configured on this File EngineTCP Promiscuous 61TCP Promiscuous 62•
Router Information for Service: TCP Promiscuous 61Routers Configured and Seeing this File Engine(1)Router Id Sent To Recv ID13.1.15.3 13.1.12.1 00040E89Routers not Seeing this File Engine-NONE-Routers Notified of but not Configured-NONE-Multicast Addresses Configured-NONE-Router Information for Service: TCP Promiscuous 62Routers Configured and Seeing this File Engine(1)Router Id Sent To Recv ID13.1.15.3 13.1.12.1 00040E78Routers not Seeing this File Engine-NONE-Routers Notified of but not Configured-NONE-Multicast Addresses Configured-NONE-•
Optimized Connection ListPolicy summary order: Our's, Peer's, Negotiated, AppliedF: Full optimization, D: DRE only, L: LZ Compression, T: TCP OptimizationLocal-IP:Port Remote-IP:Port ConId PeerId Policy13.1.11.3:49520 13.1.40.41:80 43357 00:14:5e:ac:3a:47 F,F,F,F13.1.11.2:9146 13.1.40.41:80 55532 00:14:5e:ac:3a:47 F,F,F,FPass-Through ConnectionsLocal-IP:Port Remote-IP:Port Conn Type13.1.42.54:445 13.1.11.2:5401 PT In Progress13.1.12.2:42708 13.1.50.6:7878 Internal Client13.1.41.58:139 172.28.210.61:5425 PT In Progress13.1.40.53:445 13.1.11.2:5491 PT In Progress•
Cache:Status: Usable, Oldest Data (age): 33dTotal usable disk size: 118876 MB, Used: 24.19%Hash table RAM size: 475 MB, Used: 18.00%Connections: Total (cumulative): 41038 Active: 2Encode:Overall: msg: 4058742, in: 606 MB, out: 189 MB, ratio: 68.76%DRE: msg: 4037944, in: 602 MB, out: 484 MB, ratio: 19.56%DRE Bypass: msg: 20798, in: 3791 KBLZ: msg: 1469108, in: 431 MB, out: 131 MB, ratio: 69.40%LZ Bypass: msg: 2589634, in: 58894 KBAvg latency: 0.180 msMessage size distribution:0-1K=99% 1K-5K=0% 5K-15K=0% 15K-25K=0% 25K-40K=0% >40K=0%Decode:Overall: msg: 5114308, in: 13123 MB, out: 15909 MB, ratio: 17.51%DRE: msg: 5086542, in: 13342 MB, out: 15908 MB, ratio: 16.13%DRE Bypass: msg: 27766, in: 505 KBLZ: msg: 4490694, in: 11386 MB, out: 11605 MB, ratio: 1.89%LZ Bypass: msg: 623614, in: 1737 MBAvg latency: 0.244 msMessage size distribution:0-1K=20% 1K-5K=74% 5K-15K=3% 15K-25K=0% 25K-40K=0% >40K=0%Router Commands
The following show commands can help troubleshoot issues with the configuration:
•
Global WCCP information:Router information:Router Identifier: 13.1.15.3Protocol Version: 2.0Service Identifier: 61Number of Service Group Clients: 1Number of Service Group Routers: 1Total Packets s/w Redirected: 60434039Process: 435Fast: 0CEF: 60433604Redirect access-list: -none-Total Packets Denied Redirect: 0Total Packets Unassigned: 414Group access-list: -none-Total Messages Denied to Group: 0Total Authentication failures: 9Total Bypassed Packets Received: 0•
WCCP Client information:WCCP Client ID: 13.1.12.2Protocol Version: 2.0State: UsableInitial Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAssigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFHash Allotment: 256 (100.00%)Packets s/w Redirected: 15107709Connect Time: 4d05hBypassed PacketsProcess: 0Fast: 0CEF: 0Errors: 0•
WCCP interface configuration details:Vlan300Output services: 1Static: NoneDynamic: 062Input services: 1Static: NoneDynamic: 061Mcast services: 0Exclude In: FALSEVlan301Output services: 0Input services: 0Mcast services: 0Exclude In: TRUE•
WCCP Routers Informed of:13.1.15.3WCCP Clients Visible:13.1.12.2WCCP Clients NOT Visible:-none-Appendix F—Glossary
Cisco Application Control Engine (ACE)
The Cisco Application Control Engine is a module within the Catalyst 6500 Series switch that allows applications resources to be distributed and managed via logical groups within a given physical platform. The ACE also provides high levels of Layer 4-7 performance (16 Gpbs and 345,000 connections per second) to optimize application performance and provide scalability. For more information on the ACE service module see the following URL:
Cisco Firewall Services Module (FWSM)
The Cisco Firewall Services Module (FWSM) is a high-speed, integrated firewall module for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers, and provides the fastest firewall data rates in the industry: 5-Gbps throughput, 100,000 CPS, and 1M concurrent connections. Up to four FWSMs can be installed in a single chassis, providing scalability to 20 Gbps per chassis. For more information on the FWSM service module, see the following URL:
http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/index.html
Cisco Wide Area Application Engine (WAE)
The Cisco Wide Area Application Engine (WAE) platforms are a portfolio of powerful, scalable network appliances that host WAN optimization and application acceleration solutions that enable store server consolidation, performance improvements for centralized applications, and provide remote users with LAN-like access to applications, storage, and content across the WAN.
Cisco WAAS Central Manager
Cisco WAAS is centrally managed by a scalable, secure, and simple function called the Cisco WAAS Central Manager that runs on Cisco WAE appliances. The central manager can be configured for high availability by deploying a pair of Cisco WAEs as central managers; configuration and monitoring data is automatically shared by the two central manager WAEs. The central manager provides a centralized mechanism for configuring features and reporting, and can manage a topology containing thousands of Cisco WAE nodes.
Cisco Validated Design
The Cisco Validated Design Program consists of systems and solutions designed, tested, and documented to facilitate faster, more reliable, and more predictable customer deployments. For more information visit www.cisco.com/go/validateddesigns.
ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, "DESIGNS") IN THIS MANUAL ARE PRESENTED "AS IS," WITH ALL FAULTS. CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR THEIR APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY DEPENDING ON FACTORS NOT TESTED BY CISCO.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0807R)
1 Gartner: Server consolidation can save money 12/2005.
Feedback