Release Note for Cisco Wide Area Application Services Software Version 6.4.1x
Cisco Software Version 6.4.1c New and Changed Features
Cisco Software Version 6.4.1b New and Changed Features
Cisco Software Version 6.4.1a New and Changed Features
Cisco Software Version 6.4.1 New and Changed Features
Cisco Software Version 6.4.1x Filenames
No Payload Encryption Image Files
Cisco WAAS Appliance System Firmware Update
RAID Controller Firmware Update
Hardware, Client, and Web Browser Support
Cisco WAAS Version Interoperability
Cisco WAAS and vWAAS Interoperability
ISR-WAAS Models and Supported ISR Platforms
vWAAS Models: CPUs, Memory and Disk Storage
vWAAS Resizing for WAAS Version 6.4.1a and Later
Guidelines for Using Cisco vWAAS with Cisco WAAS
Cisco WAAS, ISR and IOS-XE Interoperability
Cisco WAAS, ISR and IOS-XE Interoperability.
Operating Guidelines for Cisco WAAS, ISR and IOS-XE Interoperability
Cisco AppNav and AppNav-XE Interoperability
Cisco WAAS, ASR/CSR and IOS-XE Interoperability
Cisco WAAS Express Interoperability
Traffic Interception Interoperability
General Traffic Interception Interoperability
WCCP Interception Interoperability
WAAS Application Accelerators Interoperability with Third-Party Load Balancers
Cipher Support for SSL Acceleration
Upgrading from a Release Version to Version 6.4.1x
Guidelines for Upgrading from a Release Version to Version 6.4.1x
Upgrade Paths and Considerations for Version 6.4.1x
Upgrade Paths for WAAS Version 6.4.1x
Upgrading from Cisco WAAS Version 5.x and Later to Version 6.4.1x
Upgrading from Cisco WAAS Version 4.2.x to Version 6.4.1x
Workflow: Upgrading from a Release Version to Version 6.4.1x
Upgrade Part 1: Create a Backup of the Primary WAAS CM Database
Prerequisite for Primary WAAS CM Database Backup
Creating a Primary WAAS CM Database Backup
Upgrade Part 2: Upgrade the Standby WAAS CM
Upgrade Part 3: Upgrade the Primary WAAS CM
Upgrade Part 4: Upgrade the Branch WAE Devices
Upgrade Part 5: Pre-Upgrade Task for the Data Center WAAS Software
Upgrade Part 6: Upgrade Each Data Center WAE
Upgrade Part 7: WCCP and Migration Processes
Upgrade Part 8: Post-Upgrade Tasks
Migrating a WAAS CM from an Unsupported to a Supported Platform
Migrating a Physical Appliance Being Used as a WAAS CM to a vCM
Ensuring a Successful RAID Pair Rebuild
Downgrading from Version 6.4.1x to a Previous Version
Downgrading the WAAS System from Version 6.4.1x to a Previous Version
Downgrade Component and Data Considerations
Downgrading the WAAS CM from Version 6.4.1x to a Previous Version
WAAS CM Downgrade Path Considerations
WAAS CM Downgrade Procedure Considerations
Procedure for Downgrading the WAAS CM to a Previous Version
Cisco WAE and WAVE Appliance Boot Process
CIFS Support of FAT32 File Servers
Using the HTTP Accelerator with the Cisco ASR 1000 Series Router and WCCP
Software Version 6.4.1x Resolved and Open Caveats and Command Changes
Cisco Software Version 6.4.1c Resolved Caveats
Cisco Software Version 6.4.1c Open Caveats
Cisco Software Version 6.4.1b Resolved Caveats
Cisco Software Version 6.4.1b Open Caveats
Cisco Software Version 6.4.1a Resolved Caveats
Cisco Software Version 6.4.1a Open Caveats
Cisco Software Version 6.4.1 Resolved Caveats
Cisco Software Version 6.4.1 Open Caveats
Cisco Software Version 6.4.1x Command Changes
Obtaining Documentation and Submitting a Service Request
Note The most current Cisco documentation for released products is available on Cisco.com.
This Release Note applies to the following software versions for the Cisco Wide Area Application Services (WAAS) software:
For information on Cisco WAAS features and commands, see the Cisco WAAS documentation located at http://www.cisco.com/en/US/products/ps6870/tsd_products_support_series_home.html.
This Release Note contains the following sections:
The following sections describe the new and changed features in Software Version 6.4.1x:
Cisco WAAS Software Version 6.4.1c includes the following new features and changes:
Cisco WAAS Software Version 6.4.1b includes the following new features and changes:
In addition to TLS v1.0, the WAAS Central Manager can establish an SSL connection with TLS v1.1 and TLS v1.2 protocol to a Cisco IOS Router (AppNav-XE) for HTTP/S communication.
Cisco WAAS Software Version 6.4.1a includes the following new features and changes:
Cisco WAAS Software Version 6.4.1 includes the following vWAAS new and changed features:
Note Unified OVA for vWAAS hypervisors requires VMWare vCenter to deploy Unified OVA files. Deployment of Unified OVA files does not work using vSphere client.
For a listing of hypervisor-wise NPE and non-NPE OVA files for vWAAS or vCM, see the Cisco Wide Area Application Services (WAAS) Download Software Page and select the WAAS software version used with your vWAAS instance.
Cisco WAAS Software Version 6.4.1 includes the following WAAS new and changed features:
Note AppNav Controller functionality was re-introduced to WAAS with WAAS Version 6.4.1. However, configuration of the AppNav Controller function and WAAS node function on the same device is not supported.
For more information on AppNav, see the “Configuring AppNav” chapter of the Cisco Wide Area Application Services Configuration Guide.
– cisco_x509_verify_release.py
– waas-universal-6.4.1.36-k9.bin
– waas-universal-6.4.1.36-k9.bin.signature
– waas-universal-6.4.1.36-k9.bin_README
Details of the verification process are provided in the waas-universal-6.4.1.36-k9.bin_README file. After extracting the TAR file, follow the instruction provided in waas-universal-6.4.1.36-k9.bin_README to verify the image authenticity before loading the image on to the device.
Cisco WAAS Software Version 6.4.1 includes the following discontinued features:
For a list of CLI commands added to or changed for WAAS Version 6.4.1x, see Cisco Software Version 6.4.1x Command Changes.
This section describes the Cisco WAAS Software Version 6.4.1x software image files for use on Cisco WAAS appliances and modules and contains the following topics:
Cisco WAAS Software Version 6.4.1x includes the following standard primary software image files for use on Cisco WAAS appliances and modules:
The following additional files are also included:
Cisco WAAS Software Version 6.4.1x includes No Payload Encryption (NPE) primary software image files that have the disk encryption feature disabled. These images are suitable for use in countries where disk encryption is not permitted. NPE primary software image files include the following:
The following additional files are also included:
On Cisco Wide Area Application Engine (WAE) and Cisco Wide Area Application Virtualization Engine (WAVE) appliances, we recommend that you update the following three types of system firmware to the latest version to best support new Cisco WAAS features.
The latest BIOS is required for AppNav operation with a Cisco AppNav Controller Interface Module in WAVE-594/694/7541/7571/8541 models. WAVE-294 models may also need a BIOS update.
WAVE-594/694/7541/7571/8541 appliances shipped from the factory with Cisco WAAS Version 5.0.1 or later have the correct BIOS installed. WAVE-294 appliances shipped from the factory with Cisco WAAS Version 5.1.1 or later have the correct BIOS installed.
For the specific BIOS version required for WAVE-594/694 models, WAVE-7541/7571/8541 models, and WAVE-294 models, please see the Cisco Wide Area Application Service (WAAS) Firmware download page ( registered customers only).
If you install a Cisco AppNav Controller Interface Module in a device that requires a BIOS update, the bios_support_seiom major alarm is raised, “I/O module may not get the best I/O performance with the installed version of the system BIOS firmware.”
To determine if a device has the correct BIOS version, use the show hardware command. The last three characters of the Version value, for example, “20a,” show the BIOS version installed on the device.
If a BIOS firmware update is needed, you can download it from cisco.com at the Cisco Wide Area Application Service (WAAS) Firmware download page ( registered customers only). The firmware binary image for WAVE-294/594/694/7541/7571/8541 appliances is named waas-bios-installer-20a-19a-13a-k9.bin.
You can use the following command to update the BIOS from the image file that is available through FTP on your network:
copy ftp install ip-address remotefiledir waas-bios-installer-20a-19a-13a-k9.bin
Use the appropriate BIOS installer file for your appliance model.
The complete update process can take several minutes and the device may appear unresponsive but do not interrupt the process or power cycle the device. After the update is complete, you must reload the device.
After the device reboots, you can verify the firmware version by using the show hardware command.
IPMI over LAN requires that you install a specific BMC firmware version on the device. The minimum supported BMC firmware versions are as follows:
Cisco WAAS appliances shipped from the factory with Cisco WAAS Version 4.4.5 or later have the correct firmware installed. If you are updating a device that was shipped with an earlier version of Cisco WAAS software, you must update the BMC firmware, unless it was updated previously.
To determine if you are running the correct firmware version, use the show bmc info command. The following example displays the latest BMC firmware version installed on the device (49a here):
If a BMC firmware update is needed, you can download it from the Cisco Wide Area Application Service (WAAS) Firmware download page ( registered customers only). For example, if the firmware binary image is named waas-bmc-installer-49a-49a-27a-k9.bin, you can use the following command to update the firmware from the image file that is available through FTP on your network:
copy ftp install ip-address remotefiledir waas-bmc-installer-49a-49a-27a-k9.bin
The update process automatically checks the health status of the BMC firmware. If the system detects that the BMC firmware is corrupted, BMC is recovered during the BMC firmware update procedure. The complete update process can take several minutes. If the device appears unresponsive, do not interrupt the process or power cycle the device. After the update is complete, you must reload the device.
After the device reboots, you can verify the firmware version by using the show bmc info command.
BMC recovery and BMC firmware update restores the factory defaults on the BMC and all the current IPMI over LAN configurations are erased.
If the BMC firmware gets corrupted, a critical alarm is raised.
We recommend that you upgrade to the latest RAID-5 controller firmware for your hardware platform, which can be found on the Cisco Wide Area Application Service (WAAS) Firmware download page ( registered customers only). The firmware differs depending on your hardware platform:
The firmware binary image is named waas-raid-fw-installer-12.12.0-0060-k9.bin. Instructions on how to apply the firmware update are posted on cisco.com together with the firmware in the file named M2_0060_FIRMWARE.pdf, which you can see when you mouse over the firmware file.
This section contains the following topics:
The Cisco WAAS software operates on these hardware platforms:
You must deploy the Cisco WAAS Central Manager on a dedicated device.
The Cisco WAAS Central Manager GUI requires Internet Explorer Version 11, Windows Version 7 or later, Firefox Version 4 or later, Chrome Version 10 or later, or Safari version 5.x (only on Apple OS X) and the Adobe Flash Player browser plug-in.
Note For best results for Windows-based systems with WAAS, we recommend using FireFox as your browser.
Note A known issue in Chrome Version 44.0 may prevent some WAAS Central Manager pages—including Device Listing, Reports, Software Update pages—from loading properly. In all other Chrome versions, earlier and later than Chrome Version 44.0, all WAAS Central Manager pages work as expected.
Consider the following guidelines when operating a Cisco WAAS network that mixes Software Version 6.4.1x devices with devices running earlier software versions:
Table 1 ISR-WAAS Models: CPUs, Memory, Disk Storage and Supported ISR Platforms
Operating Guidelines for ISR-WAAS:
– For ISR-WAAS-200 in ISR-4321 with IOS-XE 16.x, 4 GB of memory is mandatory.
– For ISR-WAAS-200 in ISR-4321 with IOX-XE 3.x, 3 GB of memory is recommended; 4 GB of memory is optional.
vWAAS for WAAS Version 6.4.1a requires additional resources, so we highly recommend that you resize CPU and memory resources, as shown in Table 3. Resizing vWAAS on the recommended platforms enables vWAAS to scale to optimized TCP connections for the associated device, and to reduce CPU and RAM utilization.
Note ISR-WAAS and vCM are not resized for vWAAS for WAAS Version 6.4.1a.
Note For optimum performance, we recommend you use the SSD disk with the UCS models listed in Table 3.
Table 3 Resized vWAAS CPU and Memory Specifications for WAAS Version 6.4.1a and Later
Note When selecting the format in the vSphere Client for the virtual machine’s disks for vWAAS with VMware vSphere ESXi, you must choose the Thick Provision Eager Zeroed disk format for vWAAS deployment; this is the format recommended with vWAAS deployment for a clean installation.
– Upgrade to the latest UCS-E firmware (Version 3.1.2), available on the Cisco Download Software Page for UCS E-Series Software, UCS E160S M3 Software.
– Verify that you have installed the critical Windows Server updates, available on the Microsoft Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update Rollup page. You can also obtain the standalone update package through the Microsoft Download Center by searching for KB2887595.
Note When upgrading vWAAS, do not upgrade more than five vWAAS nodes at the same time on a single UCS box. Upgrading more than five vWAAS nodes at the same time may cause the vWAAS devices to go offline and diskless mode.
If needed, change the SCSI controller type to VMware Paravirtual by following these steps:
b. From the VMware vCenter, navigate to vSphere Client > Edit Settings > Hardware.
d. From the Change Type drop-down list, verify that the SCSI Controller Type is set to VMware Paravirtual. If this is not the case, choose VMware Paravirtual.
f. Power up the vWAAS, with WAAS Version 6.1.x or later.
For more information on setting the SCSI Controller Type and on the vWAAS VM installation procedure, see the Cisco Virtual Wide Area Application Services Installation and Configuration Guide.
Note For a vCM-100 model used with the RHEL KVM or KVM on CentOS hypervisor, with the default memory size of 2 GB:
When you upgrade to WAAS Version 6.4.1x from an earlier version, or downgrade from WAAS Version 6.4.1x to an earlier version, and use either the restore factory-default command or the restore factory-default preserve basic-config command, the vCM-100 may not come up due to GUID Partition Table (GPT) boot order errors.
CAUTION: The restore factory-default command erases user-specified configuration information stored in the flash image, including the starting configuration of the device, and also removes data from the disk, user-defined partitions, and the entire Central Manager database.
To resolve this situation, follow these steps:
1. Power down the vWAAS using the virsh destroy vmname command or the virt manager.
2. Power up the vWAAS using the virsh start vmname command or the virt manager.
This upgrade/downgrade scenario does not occur for vCM-100 models whose memory size is upgraded to 4 GB.
Note If the vWAAS device is downgraded in the following scenarios:
—from vWAAS for WAAS Version 6.4.1a to WAAS Version 6.2.3x, or
—from vWAAS for WAAS Version 6.x to 5.x
the WAAS alarm filesystem_size_mismatch is displayed; it indicates that the partition was not created as expected. To clear the alarm, use the disk delete-data-partitions command to re-create the DRE partitions.
After you format the Cisco 4000 Series ISR-router bootflash, you must reload the router to ensure a successful activation of ISR-WAAS. If you do not reload the ISR router after formatting the bootflash, you will be unable to activate ISR-WAAS. For more information on formatting the Cisco 4000 Series ISR router bootflash, see the Configuration Guide for Integrated AppNav/AppNav-XE and ISR-WAAS on Cisco 4000 Series ISRs.
You must complete a new OVA deployment of WAAS version 6.2.3c or 6.4.1 for this configuration to work successfully. This configuration will not automatically work after an upgrade to WAAS Version 6.2.3c or 6.4.1 from WAAS Version 5.x or 6.x.
To ensure a successful WAAS installation of ISR-WAAS and Snort on an ISR router, you must install ISR-WAAS before you install Snort. If you do not follow this installation order, ISR-WAAS will not install and a disk error will be displayed.
When you configure ISR-WAAS with EZConfig—VirtualPortGroup31, the WAAS service/router interface, is automatically created, and you can then add or modify specific parameters for it.
Note Do not add Virtual Routing and Forwarding (VRF) to VirtualPortGroup31. VRF will cause VirtualPortGroup31 to lose its IP address and will disable AppNav. To re-establish these, you must uninstall and reinstall ISR-WAAS without VRF.
For more information on VirtualPortGroup31, see the Configuration Guide for Integrated AppNav/AppNav-XE and ISR-WAAS on Cisco 4000 Series ISRs.
Consider the following guidelines when deploying the Cisco AppNav solution, for AppNav and AppNav-XE.
Note AppNav Controller functionality was re-introduced to WAAS with WAAS Version 6.4.1. However, configuration of the AppNav Controller function and WAAS node function on the same device is not supported.
Note WAAS Version 6.4.1 and later supports AppNav IOM. However, prior versions of 6.x do not support AppNav IOM.
– All Cisco ASRs (Aggregation Services Routers) in an AppNav Controller Group need to be the same model, with the same ESP (Embedded Services Processor) rate (in Gbps). For example, in an AppNav Controller Group, you cannot have one ASR-1006 40-Gbps ESP and one ASR-1006 100-Gbps ESP.
– The same principle is true for using the CSR (Cloud Services Router) 1000V Series or the ISR (Integrated Services Router) 4000 series. For example, you cannot have an ISR-4451 and an ISR-4321 in the same AppNav-XE cluster.
Note Although an IOS router can have a dot (“.”) in the hostname, this special character is not allowed in a WAAS device hostname. If you try to import an AppNav-XE device that has a dot in the hostname, the import will fail and the following error message is displayed: Registration failed for the device devicename ConstraintException; Invalid AppNav-XE name: X.X since name includes invalid character ‘.’.
Consider the following guideline when using Cisco WAAS Express devices in your Cisco WAAS network:
Note When Cisco WAAS Express is used on the Cisco Integrated Services Router Generation 2 (ISR G2) with the Cisco VPN Internal Service Module (VPN-ISM) or with Group Encrypted Transport (GETVPN) enabled, the WAAS Express does not optimize FTP data.
To ensure that FTP data is optimized when WAAS Express is used with the Cisco ISR G2, use the ISR G2's IOS crypto map software.
Note If you are upgrading the WAAS Express devices to IOS 15.3(3)M image, as part of the AppX/K9 (Application Experience) license support in WAAS Express IOS 15.3(3)M images, you need to upgrade the WAAS Central Manager to WAAS v5.3.1 or later, or else the devices will go offline.
Note As listed in “Software Version 5.1.1 Open Caveats,” CSCug16298, “WAAS-X to WAAS 5.1.1 connections will be reset when using HTTP acceleration.” We recommend that you do not use HTTP Application Optimizer (AO) between Cisco WAAS and Cisco WAAS Express unless you are running Cisco IOS Release 15.3(1)T or later.
Table 6 lists the Cisco WAAS, WAAS Express and IOS Interoperability
Table 6 Cisco WAAS, WAAS Express and IOS Interoperability
Note 39xxE series routers do not support WAAS Express.
Cisco WAAS uses the following traffic interception methods: Web Cache Communications Protocol (WCCP), WCCP Version 2, AppNav, Inline, Policy-Based Routing (PBR) and ITD (advanced version of PBR). For WAAS Version 5.5.1 and earlier, WAAS supports WCCP, AppNav, and vPATH.
Consider the following guidelines when configuring traffic interception for Cisco WAAS.
– port 80—Communicates with the distribution point. Configure for pass-through traffic.
– port 443—Communicates with the distribution point. Configure for pass-through traffic.
– port 445—Used for software package distribution data transfer. Configure for traffic optimization.
Without these configurations you may see the error message “PXE error code 80070056.”
For more information on traffic interception methods, see the “Configuring Traffic Interception” chapter of the Cisco Wide Area Application Services Configuration Guide.
Central Managers running Version 6.4.1x can manage WAEs running software Versions 5.x and later. However, we recommend that all WAEs in a given WCCP service group be running the same version.
Note All WAEs in a WCCP service group must have the same mask.
To upgrade the WAEs in your WCCP service group, follow these steps:
Step 1 You must disable WCCP redirection on the Cisco IOS router first. To remove the global WCCP configuration, use the following no ip wccp global configuration commands:
Step 2 Perform the Cisco WAAS software upgrade on all WAEs using the Cisco WAAS Central Manager GUI.
Step 3 Verify that all WAEs have been upgraded in the Devices pane of the Central Manager GUI. Choose Devices to view the software version of each WAE.
Step 4 If mask assignment is used for WCCP, ensure that all WAEs in the service group are using the same WCCP mask value.
Step 5 Reenable WCCP redirection on the Cisco IOS routers. To enable WCCP redirection, use the ip wccp global configuration commands:
Cisco WAAS Version 5.1 and later do not support Windows domain login authentication using the NTLM protocol. Therefore, upgrading from a Cisco WAAS Version earlier than Version 5.1 with the device configured with Windows domain login authentication using the NTLM protocol is blocked. You must change the Windows domain authentication configuration to use the Kerberos protocol before proceeding with the upgrade.
Follow these steps to change from NTLM to Kerberos Windows domain login authentication:
Step 1 Unconfigure Windows domain login authentication. You can do this from the Central manager in the Configure > Security > AAA > Authentication Methods window.
Step 2 Change the Windows domain configuration setting to use the Kerberos protocol. You can do this from Central manager in the Configure > Security > Windows Domain > Domain Settings window. For more information, see “Configuring Windows Domain Server Authentication Settings” in the “Configuring Administrative Login Authentication, Authorization, and Accounting” chapter of the Cisco Wide Area Application Services Configuration Guide.
Step 3 Perform the Windows domain join again from the Central manager in the Configure > Security > Windows Domain > Domain Settings window.
Step 4 Configure Windows domain login authentication from the Central manager in the Configure > Security > AAA > Authentication Methods window.
Note If you are upgrading the Central Manager itself from the GUI and the Windows domain login authentication on the Central Manager is configured to use the NTLM protocol, the upgrade fails with the following error logged in the device log:
Error code107: The software update failed due to unknown reason. Please contact Cisco TAC.
To view the device log for the Central Manager, choose the Central Manager device and then choose Admin > Logs > Device Logs. If you see this error, follow the steps above to change the Central Manager device Windows domain login authentication from NTLM to Kerberos.
If you upgrade the Central Manager itself from the CLI and the upgrade fails due to NTLM being configured, you will get an appropriate error message. Once the Central Manager is upgraded to Version 5.1, it can detect and display the reason for any upgrade failures for other devices.
Note Cisco WAAS Version 5.1 and later do not support the Kerberos protocol running with a nonstandard port (other than port 88). Upgrading from a Cisco WAAS Version earlier than 5.1 with the device configured with the Kerberos protocol on a nonstandard port is blocked. You must change the Kerberos server on your network to listen on port 88 and change the Kerberos configuration on the device to use port 88. You can do this from the Central manager in the Configure > Security > Windows Domain > Domain Settings window.
If you are trying to upgrade your device from the CLI and the upgrade fails due to NTLM configuration, then the kerberos_validation.sh script is installed on your device. This script can be used to verify that your network supports the Kerberos protocol before changing from NTLM to Kerberos. This script is not available if you are using the Central Manager to upgrade the device.
To run the script, follow these steps:
Step 1 (Optional) Run the Kerberos validation script command with the -help option to display the usage:
CM# script execute kerberos validation.sh -help
Step 2 Run the Kerberos validation script to verify that your network supports the Kerberos protocol before migrating from NTLM to Kerberos:
Step 3 Change the device Windows domain login authentication from NTLM to Kerberos and upgrade your device, as described in the first procedure in this section.
Citrix ICA versions 7.x (XenApp and XenDesktop) contain changes affecting the optimization efficiency of WAAS compared to that achieved with Citrix ICA versions 6.x. To maximize the effectiveness of WAAS, the Citrix administrator should configure the following:
A load balancer is used to balance network and application traffic across a set of servers, The resulting evenly-distributed traffic improves the response rate of network traffic, increases the availability of applications, and minimizes the risk of a single server becoming overloaded.
Step 4 Table 7 shows the interoperability between WAAS application accelerators and the F5 load balancer. For more information about WAAS load balancing, see the sections “About Traffic Interception Methods” and “Configuring Policy-Based Routing” the Cisco Wide Area Application Services Configuration Guide, and see the Server Load-Balancing Guide vA5(1.0), Cisco ACE Application Control Engine.
Table 7 WAAS Application Accelerators Interoperability with Load Balancers
No new cipher support is available for SSL Acceleration (Legacy SSL Acceleration) other than those listed in “Configuring SSL Management Services” of the Cisco Wide Area Application Services Configuration Guide. For additional ciphers supported, please see the supported cipher list for SMART-SSL Acceleration.
This section contains the following topics:
– Upgrade Part 1: Create a Backup of the Primary WAAS CM Database
– Upgrade Part 2: Upgrade the Standby WAAS CM
– Upgrade Part 3: Upgrade the Primary WAAS CM
– Upgrade Part 4: Upgrade the Branch WAE Devices
– Upgrade Part 5: Pre-Upgrade Task for the Data Center WAAS Software
– Upgrade Part 6: Upgrade Each Data Center WAE
– Upgrade Part 7: WCCP and Migration Processes
– Upgrade Part 8: Post-Upgrade Tasks
For additional upgrade information and detailed procedures, see the Cisco Wide Area Application Services Upgrade Guide.
Consider these guidelines to upgrade from a release version to WAAS Version 6.4.1x:
Note When you perform a software upgrade via the WAAS Central Manager, there is only a limited system check to verify the support of the target WAAS version. To ensure that you have a successful WAAS upgrade, use Table 8, “Upgrade Paths to WAAS Version 6.4.1x,”to verify that the target version is supported for your system.
Upgrading to WAAS Version 6.4.1x is supported from WAAS Version 4.2.x and later. Table 8 shows the upgrade path for each of these versions.
Note When you perform a software upgrade via the WAAS Central Manager, there is only a limited system check to verify the support of the target WAAS version. To ensure that you have a successful WAAS upgrade, use Table 8, to verify that the target version is supported for your system.
Cisco WAAS Version 5.1 and later do not support NTLM Windows domain authentication or use of a nonstandard port (other than port 88) for Kerberos authentication.
Cisco WAAS Version 5.2 and later restrict the characters used in usernames to letters, numbers, period, hyphen, underscore, and @ sign, and a username must start with a letter or number.
Any username not meeting these guidelines is prevented from logging in. Prior to upgrading the Central Manager to Version 5.2 or later, we recommend that you change any such usernames to valid usernames to allow login.
For local users—Change usernames in the Central Manager Admin > AAA > Users page.
For remotely authenticated users—Change usernames on the remote authentication server.
Note Prior to upgrading the Central Manager to Version 5.2 or later, we strongly encourage you to change any usernames that use restricted characters; however if you must maintain existing usernames unchanged, please contact Cisco TAC.
Cisco WAAS Version 5.3 and later restricts the use of characters in the name and description field to alphanumeric characters, periods (.), hyphens (-), underscores (), and blank spaces when you create custom reports. When you upgrade from Cisco WAAS Version 4.x and you have custom reports that have special characters in the name or description field, Cisco WAAS automatically removes the special characters from the report name and description, and logs the modification in the Centralized Management System (CMS) logs.
– Upgrading from the WAAS Central Manager: If you initiate and complete the upgrade from the WAAS Central Manager without increasing resources for vWAAS, alarms (CPU & RAM) to indicate insufficient resource allocation will be displayed on the WAAS Central Manager after the upgrade process is completed. No alarms are displayed at the beginning of the upgrade process.
– Upgrading from the WAAS CLI: If you initiate an upgrade to WAAS 6.4.1 with the CLI, a warning on insufficient resources is displayed at the start of the upgrade process.
If you upgrade to WAAS Version 6.4.1x, or downgrade from WAAS Version 6.4.1x to an earlier version, and use a vCM-100 model with the following parameters, the vCM-100 may not come up due to GUID Partition Table (GPT) boot order errors.
Note The restore factory-default command erases user-specified configuration information stored in the flash image, including the starting configuration of the device, and also removes data from the disk, user-defined partitions, and the entire Central Manager database.
To resolve this situation, follow these steps:
1. Power down the vWAAS using the virsh destroy vmname command or the virt manager.
2. Power up the vWAAS using the virsh start vmname command or the virt manager.
This upgrade/downgrade scenario does not occur for vCM-100 models whose memory size is upgraded to 4 GB.
When you upgrade from Cisco WAAS Version 4.x, you must reconfigure the custom EPM policy for a device or device group. You must first restore the default policy setting by selecting the Restore default Optimization Policies link for the device group in the Modifying Device Group window and then reconfigure your custom policy rules for the device. For more information on upgrade paths, see Table 8.
To upgrade from a Release Version to Version 6.4.1x, complete the tasks listed in Table 9.
Table 9 Workflow: Upgrading from a Release Version to Version 6.4.1x
|
|
Note the following different CMS database backup scenarios, depending on the size of /sw and /swstore:
Before upgrading to WAAS Version 6.4.1x, follow these steps to create a backup of the WAAS CM database:
Step 1 Use Telnet or SSH to access the primary WAAS CM IP address.
Step 2 Create the database backup, using the cms database backup command:
Step 3 The cms database backup command displays the following information:
creating backup file with label ‘backup’
backup file local1/filename filedate.dump is ready. use ‘copy’ command to move the backup file to a remote host.
Step 4 Copy the backup database file to a remote location, using the copy disk command:
waas-cm# copy disk ftp hostname ip-address remotefiledir remotefilename localfilename
Step 5 Verify that the backup file was copied correctly by verifying file size and time stamp.
Follow these steps to upgrade the standby WAAS CM, if present in your WAAS system.
Step 1 Use Telnet or SSH to access the standby WAAS CM IP address:
Step 2 Copy the new software image to the standby WAAS CM with the WAAS CLI copy ftp command.
The following example shows the file in the root directory. Provide the correct path on your WAAS system, if different from the root directoy path.
wae# copy ftp install ftpserver / waas-image.bin
Step 3 Reload the standby WAAS CM, using the reload command
Step 4 Verify that the new image is loaded correctly, using the show version command.
Step 5 To confirm connectivity, ping the primary WAAS CM and branch WAE devices.
Step 6 Wait at least five minutes.
Step 7 To ensure that the database has been synchronized, confirm the database last synchronization time, using the show cms info command.
Step 8 From the primary WAAS CM, confirm that the status indicator for the standby WAAS CM is online and green.
Perform the following tasks before you upgrade the primary WAAS CM:
Follow these steps to upgrade the primary WAAS CM.
Step 1 Use Telnet or SSH to access the primary WAAS CM IP address:
Step 2 Copy the new software image to the primary WAAS CM, either from the WAAS CM or the CLI.
a. In the Standby WAAS CM, navigate to Admin > Versioning > Software Update.
b. From the Software Files listing, select the new software version.
The following example shows the file in the root directory. Provide the correct path on your WAAS system, if different from the root directoy path.
wae# copy ftp install ftpserver / waas-image.bin
Step 3 Copy the new Version 6.4.1x software image to the primary WAAS CM, using the copy ftp command:
wae# copy ftp install ftpserver / waas-image.bin
Note This example shows the file in the root directory. Provide the correct path on your WAAS system, if different from the root directory path.
Step 4 Reload the primary WAAS CM, using the reload command
Step 5 Verify that the new Version 6.4.1x image is loaded correctly, using the show version command.
Step 6 To confirm connectivity, ping the standby WAAS CM (if present in your WAAS system) and branch WAE devices.
Step 7 Confirm that the CMS services are running, using the show cms info command.
Step 8 Choose Devices > All Devices and verify that all WAE devices are online.
Step 9 Choose Device Groups > AllWAASGroups > Assign Devices and verify that each WAE device is listed with a green check mark.
Before you upgrade the branch WAE devices, verify that you have completed the following tasks:
Follow these steps to upgrade the branch WAE devices.
Step 1 Access the primary WAAS CM GUI:
Step 2 Verify that all WAE devices are online (displaying green).
Step 3 Resolve any alarm conditions that may exist.
Step 4 Copy the new software image to the branch WAE, either from the WAAS CM or the CLI.
a. In the branch WAE, navigate to Admin > Versioning > Software Update.
b. From the Software Files listing, select the new software version.
a. Use the copy ftp command. You can use either Universal or Accelerator-only images.
The following example shows the file in the root directory. Provide the correct path on your WAAS system, if different from the root directoy path.
wae# copy ftp install ftpserver / waas-image.bin
Step 5 Reload the WAE using the reload command.
Step 6 Verify that the new Version 6.4.1x software image has installed correctly, using the show version command.
Step 7 Verify that the correct licenses are installed, using the show license command.
Step 8 If you have purchased an Enterprise license and have enabled it, proceed to Step 10.
If you have purchased an Enterprise license and have not yet enabled it, perform the following tasks:
a. Clear the Enterprise license, using the clear license transport command.
b. Add the Enterprise license, using the license add enterprise command.
Step 9 Save the changed configuration, using the copy running-config startup-config command.
Step 10 From the primary WAAS CM, choose Devices > branchWAE, to verify that the WAE device is online and has a green status.
Step 11 Verify the following WAE device functionalities:
a. If you are using WCCP for traffic interception, verify that WCCP is working properly, using the show running -config wccp command.
b. (Optional) Confirm that flows are being optimized, using the show statistics connection command.
c. Confirm that the Enterprise license is enabled, using the show license command.
If you have purchased the Enterprise license and it is enabled, proceed to Step 12.
If you have purchased an Enterprise license and have not yet enabled it, perform the following tasks:
1. Clear the Transport license, using the clear license transport command.
2. Add the Enterprise license, using the license add enterprise command.
3. Save the changed configuration, using the copy running-config startup-config command.
Step 12 The branch WAE devices within the active WAAS network are now upgraded to the current WAAS Version 6.4.1x.
Follow these steps to upgrade the data center WAAS software.
Step 1 Access the primary WAAS CM GUI:
Step 2 Verify that all WAE devices are online (displaying green).
Step 3 Resolve any alarm conditions that may exist.
Step 4 Upgrade each data center WAE (Upgrade Part 6: Upgrade Each Data Center WAE).
Note For deployments using WCCP as the traffic interception method, each data center WAE is automatically removed from the interception path. If your deployment does not use WCCP, use one of the following methods to remove each data center WAE from the interception path during the upgrade process:
For an inline deployment, use the interface InlineGroup slot/grpnumber shutdown global configuration command to bypass traffic on the active inline groups.
For a deployment using serial inline cluster, shut down the interfaces on the intermediate WAE in the cluster, then shut down the interfaces on the optimizing WAE in the cluster.
Follow these steps to upgrade each data center WAE.
Step 1 Use the following sequence of commands to disable WCCP on the WAE and allow a graceful termination of existing TCP flows that are optimized by WAAS:
a. Disable WCCP with the no wccp tcp-promiscuous service-pair serviceID serviceID global configuration command.
b. Wait until the countdown expires, or use CTL-C to skip the countdown.
c. Verify that WCCP is disabled, using the show wccp status command.
d. Save the changed configuration, using the copy running-config startup-config command.
Step 2 (Optional) Disable WCCP on the intercepting router or switch, using the no ip wccp global configuration command.
Note We recommend this step only if the Cisco IOS release on the router or switch has not been scrubbed for WCCP issues for your specific platform.
Step 3 (Optional) Verify that WCCP is disabled, using the show ip wccp command, if you have used Step 2.
Step 4 Upgrade the data center WAE software:
Step 5 Copy the new software image to the data center WAE, either from the WAAS CM or the CLI.
a. In the data center WAE, navigate to Admin > Versioning > Software Update.
b. From the Software Files listing, select the new software version.
a. Use the copy ftp command. You can use either Universal or Accelerator-only images.
The following example shows the file in the root directory. Provide the correct path on your WAAS system, if different from the root directoy path.
wae# copy ftp install ftpserver / waas-image.bin
Step 6 Reload the WAE using the reload command.
Step 7 Verify that the new Version 6.4.1x software image has installed correctly, using the show version command.
Step 8 Verify that WCCP is disabled, using the show wccp status command.
Step 9 Save the changed configuration, using the copy running-config startup-config command.
Step 10 From the primary WAAS CM, choose Devices > branchWAE, to verify that the WAE device is online and has a green status.
Step 11 (Optional) Enable WCCP on all intercepting routers or switches in the list, if you have used Step 2.
a. Telnet to each core router or switch.
b. Enable WCCP, using the ip wccp 61 redirect-list acl-name command and the ip wccp 62 redirect-list acl-name command.
Step 12 Verify the following WAE device functionalities:
a. Enable WCCP, using the wccp tcp-promiscuous service-pair serviceID serviceID global configuration command. If you are using WCCP single-service, use the wccp tcp-promiscuous serviceID global configuration command.
b. Verify that redirecting router IDs are seen, using the show wccp routers command.
c. Verify that all WAEs in the cluster are seen, using the show wccp clients command.
d. Verify that the packet count to the WAE is increasing and no loops are detected, using the show wccp statistics command.
e. Verify that the buckets assigned for Service Group 61 match those of Service Group 62, and are assigned to the WAE, using the show wccp flows tcp-promiscuous detail command.
f. Verify that flows are being optmized, using the show statistics connection command.
g. If you are using WCCP for traffic interception, verify that WCCP is working properly, using the show running -config wccp command.
Step 13 Each data center WAE within the active WAAS network is now upgraded to the current WAAS Version 6.4.1x.
For information on the sets of tasks to enable and reconfigure WCCP, and information on configuring accelerators, switches and routers for migration, see the Cisco Wide Area Application Services Upgrade Guide.
Perform the following tasks after you have completed the upgrade to WAAS Version 6.4.1x:
If you have a Cisco WAAS Central Manager that is running on a hardware platform that is unsupported in Version 6.1 and later (such as a WAE-274/474/574/674/7341/7371), you are not allowed to upgrade the device to Version 6.1 or later. You must migrate the WAAS CM to a supported platform by following the procedure in this section, which preserves all of the WAAS CM configuration and database information.
Follow these steps to migrate a primary WAAS CM from an unsupported platform to a platform that is supported for WAAS Version 6.4.1x:
Step 1 From the primary Central Manager CLI, create a database backup by using the cms database backup EXEC command. Move the backup file to a separate device by using the copy disk ftp command.
Step 2 Display and write down the IP address and netmask of the Central Manager.
Step 3 Shut down all the interfaces on the primary Central Manager.
Step 4 Replace the existing Central Manager device with a new hardware platform that can support Cisco WAAS Version 6.1. Ensure that the new Central Manager device is running the same software version as the old Central Manager.
Step 5 Configure the new Central Manager with the same IP address and netmask as the old Central Manager. You can do this in the setup utility or by using the interface global configuration command.
Step 6 Copy the backup file created in Step 1 from the FTP server to the new Central Manager.
Step 7 Restore the database backup on the new Central Manager by using the cms database restore command. Use option 1 to restore all CLI configurations.
Step 8 Enable the CMS service.
Step 9 Verify that the Central Manager GUI is accessible and all Cisco WAAS devices are shown in an online state in the Devices window.
Step 10 (Optional) If you have a standby Central Manager that is running on unsupported hardware and is registered to the primary Central Manager, deregister the standby Central Manager.
Step 11 Upgrade the primary Central Manager to Cisco WAAS Version 6.4.1x. You can use the Central Manager Software Update window or the copy ftp install command.
Step 12 Verify that the Central Manager GUI is accessible and all Cisco WAAS devices are shown in an online state in the Devices window.
Step 13 (Optional) Register a new standby Central Manager that is running Cisco WAAS Version 5.1.x or later.
Wait for the device to reload, change the Central Manager role to standby, and register the standby Central Manager to the primary Central Manager.
Follow these steps to migrate a physical appliance being used as a primary WAAS CM to a vCM:
Step 1 Introduce vCM as the Standby Central Manager by registering it to the Primary Central Manager.
Step 2 Configure both device and device-group settings through Primary CM and ensure that devices are getting updates. Wait for two to three data feed poll rate so that the Standby CM gets configuration sync from the Primary CM.
Step 3 Ensure that the Primary CM and Standby CM updates are working.
Step 4 Switch over CM roles so that vCM works as Primary CM. For more information, see the “Converting a Standby Central Manager to a Primary Central Manager” section of the Cisco Wide Area Application Services Configuration Guide.
RAID pairs rebuild on the next reboot after you use the restore factory-default command, replace or add a hard disk drive, delete disk partitions, or reinstall Cisco WAAS from the booted recovery CD-ROM.
To view the status of the drives and check if the RAID pairs are in “NORMAL OPERATION” or in “REBUILDING” status, use the show disk details command in EXEC mode. When you see that RAID is rebuilding, you must let it complete that rebuild process. This rebuild process may take several hours.
If you do not wait for the RAID pairs to complete the rebuild process before you reboot the device, you may see the following symptoms that could indicate a problem:
If you encounter any of these symptoms, reboot the WAE device and wait until the RAID rebuild finishes normally.
This section contains the following topics:
– You cannot downgrade a WAAS device on ENCS to a version earlier than WAAS Version 6.4.1.
If you try to downgrade a WAAS device on ENCS to a version earlier than WAAS Version 6.4.1, the WAAS Central Manager displays the following warning message:
Device Group has unsupported devices ENCS-DeviceName to the selected version. The image installation will not be applied on such devices.
Do you still want to proceed with the downgrade?
– The Central Manager supports upgrade and downgrade of all applicable device types in a device group.
For example, if you are downgrading a device group that has a physical WAE, a virtual WAE, and an ENCS platform to a version earlier than WAAS Version 6.4.1, the Central Manager will initiate the downgrade process only for the physical and virtual WAEs, but not for the ENCS platform.
– If you have a standby Central Manager, it must be registered to the primary Central Manager before the downgrade.
– Prior to downgrading the WAAS CM to a version up to 5.2.1, you must remove Backup WNG from the AppNav-XE cluster and verify that the WAAS CM and AppNav-XE device are in sync.
– Before downgrading to a version earlier than 4.4.1, we recommend that you change the following WCCP parameters, if they have been changed from their default values:
——Change service IDs back to their default values of 61 and 62.
——Change the failure detection timeout back to the default value of 30 seconds.
Note Only these WCCP default values are supported in versions prior to 4.4.1; any other values are lost after the downgrade. If a WAE is registered to a Central Manager, it is configured with the default service IDs of 61 and 62 after it is downgraded and comes back online.
– If the WAAS CM is downgraded to a version up to 5.2.1 and if the AppNav-XE cluster has more than 32 WAAS nodes: prior to downgrade, we recommend that you reduce the number of WAAS nodes to a maximum of 32 WAAS nodes.
– When downgrading Cisco WAAS devices, first downgrade application accelerator WAEs, then the standby Central Manager (if you have one), and lastly the primary Central Manager.
1. Deregister the device from the WAAS CM.
2. Change the device mode to application-accelerator.
4. Re-register the device (or, alternatively, you can reregister the device before downgrading).
If you do not deregister the device before downgrading, the device goes offline and the device mode is not set correctly. In that case, use the cms deregister force EXEC command to deregister the device and then reregister it by using the cms enable global configuration command.
Note All Cisco WAAS nodes in an AppNav deployment must be running Cisco WAAS version 5.0 or later.
To downgrade the Cisco WAAS Central Manager (not required for WAE devices), follow these steps:
Step 1 (Optional) From the Central Manager CLI, create a database backup by using the cms database backup EXEC command. Move the backup file to a separate device by using the copy disk ftp command.
Step 2 Install the downgrade Cisco WAAS software image by using the copy ftp install EXEC command.
Note After downgrading a WAAS CM, you must clear your browser cache, close the browser, and restart the browser before reconnecting to the Central Manager.
Note Downgrading the database may trigger full updates for registered devices. In the WAAS CM GUI, ensure that all previously operational devices come online.
To monitor the boot process on Cisco WAE and WAVE appliances, connect to the serial console port on the appliance as directed in the Hardware Installation Guide for the respective Cisco WAE and WAVE appliance.
Cisco WAE and WAVE appliances may have video connectors that should not be used in a normal operation. The video output is for troubleshooting purposes only during BIOS boot and stops displaying output as soon as the serial port becomes active.
This section includes operating considerations that apply to Cisco WAAS Software Version 6.4.1x:
In the Cisco WAAS Central Manager, we recommend running system wide reports in device groups of 250 devices or less, or scheduling these reports at different time intervals, so multiple system wide reports are not running simultaneously and do not reach the limit of the HTTP object cache.
Making policy changes to large numbers of Cisco WAAS Express devices from the Central Manager may take longer than making policy changes to Cisco WAAS devices.
When you create a device group in WAAS Version 6.4.1xx, the Configure > Acceleration > DSCP Marking page is automatically configured for the group, with the default DSCP marking value of copy.
Autoregistration is designed to operate on the first network interface and will not work if this interface is part of a port-channel or standby. Do not enable the auto-register global configuration command when the interface is configured as part of a port-channel or standby group.
The CIFS accelerator does not support file servers that use the FAT32 file system. You can use the policy rules to exclude from acceleration any file servers that use the FAT32 file system.
When using the Cisco ASR 1000 Series router and WCCP to redirect traffic to a WAE that is using WCCP GRE return as the egress method and the HTTP accelerator is enabled, there may be an issue with HTTP slowness due to the way the ASR router handles proxied HTTP connections (see CSCtj41045). To work around this issue, on the ASR router, create a web cache service in the same VRF as that of the 61/62 service by using the following command: ip wccp [vrf vrf-name ] web-cache
If you use the Central Manager to disable WCCP on a Cisco WAAS device, the Central Manager immediately shuts down WCCP and closes any existing connections, ignoring the setting configured by the wccp shutdown max-wait global configuration command (however, it warns you). If you want to gracefully shut down WCCP connections, use the no enable WCCP configuration command on the Cisco WAAS device.
If you change the device mode to or from Central Manager mode, the DRE cache is erased.
If you are using TACACS+ authentication, we recommend that you do not assign any roles to the default user ID, which has no roles assigned by default. If you assign any roles to the default user, external users that are authenticated by TACACS+ and who do not have the waas_rbac_groups attribute defined in TACACS+ (meaning they are not assigned to any group) can gain access to all the roles that are assigned to the default user.
If you use Internet Explorer to access the Central Manager GUI Version 4.3.1 or later and Internet Explorer has personal certificates installed, the browser prompts you to choose a certificate from the list of those installed in the personal certificate store. The certificate request occurs to support Cisco WAAS Express registration and is ignored by Internet Explorer if no personal certificates are installed. Click OK or Cancel in the certificate dialog to continue to the Central Manager login page. To avoid this prompt, remove the installed personal certificates or use a different browser.
If a Central Manager is managing Cisco WAAS devices that have different versions, it is possible that a feature could have different default settings in those different versions. If you use the Central Manager to apply the default setting for a feature to mixed devices in a device group, the default for the Central Manager version is applied to all devices in the group.
This section contains the resolved caveats, open caveats, and command changes in Software Version 6.4.1x, fixed and known and contains the following topics:
The following caveats, impacting earlier software versions of WAAS, were resolved in Software Version 6.4.1c.
The following caveats are open in Software Version 6.4.1c. Note that there might be additional open caveats from previous releases that are applicable to this release, unless they are specifically listed as resolved.
The following caveats, impacting earlier software versions of WAAS, were resolved in Software Version 6.4.1b.
The following caveats are open in Software Version 6.4.1b. Note that there might be additional open caveats from previous releases that are applicable to this release, unless they are specifically listed as resolved.
The following caveats, impacting earlier software versions of WAAS, were resolved in Software Version 6.4.1a.
The following caveats are open in Software Version 6.4.1a. Note that there might be additional open caveats from previous releases that are applicable to this release, unless they are specifically listed as resolved.
The following caveats were resolved in Software Version 6.4.1.
The following caveats are open in Software Version 6.4.1.
This section lists the modified commands in Cisco WAAS Software Version 6.4.1x.
Table 10 lists the commands and options that have been added or changed in Cisco WAAS Software Version 6.4.1x.
If you have upgraded to Cisco WAAS Version 6.4.1x and are using the WSDL2Java tool to generate client stubs that enforce strict binding, earlier version client code (prior to 4.3.1) may return unexpected exceptions due to new elements added in the response structures in 4.3.1 and later releases. The observed symptom is an exception related to an unexpected subelement because of the new element (for example, a deviceName element) in the XML response.
To work around this problem, we recommend that you patch the WSDL2Java tool library to silently consume exceptions if new elements are found in XML responses and then regenerate the client stubs. This approach avoids future problems if the API is enhanced with new elements over time.
You must modify the ADBBeanTemplate.xsl file in the axis2-adb-codegen- version.jar file.
To apply the patch, follow these steps:
Step 1 List the files in the axis2-adb-codegen- version.jar file:
Step 2 Change the ADBBeanTemplate.xsl file by commenting out the following exceptions so that the generated code consumes the exceptions:
Step 3 Re-create the jar file and place it in the CLASSPATH. Delete the old jar file from the CLASSPATH.
Step 4 Use the WDL2Java tool to execute the client code using the modified jar.
Note IOS-XE 3.14 should not be used for ISR-WAAS.
In addition to this document, the WAAS documentation set includes the following publications:
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.