Configuring Cisco WAAS with Akamai Connect

This chapter describes how to configure Cisco WAAS with Akamai Connect, to create an integrated solution that combines WAN optimization and intelligent object caching to accelerate HTTP/S applications, video, and content.

note.gif

Noteblank.gif Throughout this chapter, the term Cisco WAAS device is used to refer collectively to the Cisco Wide Area Application Services (Cisco WAAS) Central Managers and Cisco Wide Area Application Engines (WAEs) in your network. The term WAE refers to WAE and Cisco Wide Area Virtualization Engine (WAVE) appliances, and Cisco Virtual WAAS (vWAAS) instances.


This chapter contains the following sections:

About Cisco WAAS with Akamai Connect

Akamai Connect is the HTTP/S object cache component added to Cisco WAAS, integrated into the existing WAAS software stack and leveraged via the HTTP Application Optimizer.

  • Cisco WAAS with Akamai Connect helps to reduce latency for HTTP/S traffic for business and web applications, and can improve performance for many applications, including Point of Sale (POS), HD video, digital signage, and in-store order processing.
  • Cisco WAAS with Akamai Connect provides significant and measurable WAN data offload, and is compatible with existing WAAS functions such as DRE (deduplication), LZ (compression), TFO (Transport Flow Optimization), and SSL acceleration (secure/encrypted) for first and second pass acceleration.

Akamai Connected Cache is a component of Akamai Connect, which allows the cache engine to cache content that is delivered by an edge server on the Akamai Intelligent Platform.

The following list highlights some of the benefits offered by Cisco WAAS with Akamai Connect:

  • Intelligent transparent object caching.
  • Seamless integration of Akamai Connect into Cisco WAAS software and configuration, using either the Cisco WAAS Central Manager or Cisco WAAS CLI.
  • Integration with Akamai’s Edge Grid Network, which provides low-latency Content Delivery Network transfers via Akamai Connected Cache.
  • Significant and measurable WAN data offload.
  • Cache prepositioning (warming) for websites that you specify.
  • Hostname rules for cache control of specific websites or domains.
  • First-pass and second-pass acceleration, with Akamai Connect working with Cisco WAAS middle-mile capabilities, including DRE, LZ, TFO, and SSL acceleration.
  • Dual-sided or single-sided deployment.

Components of Cisco WAAS with Akamai Connect

Table provides overviews of Cisco WAAS with Akamai Connect components, links to further information, and links to Akamai Connect configuration procedures.

Component
Description and Further Information

Deployment options

 

Akamai Connect license

The Akamai Connect license for Cisco WAAS is an advanced license available for all supported Cisco with Akamai Connect devices. The Akamai Connect license for Cisco WAAS is aligned with the number of optimized connections in each supported Cisco WAAS device.

For more information, see Activating the Akamai Connect License.

Supported Cisco WAAS platforms

For Cisco WAAS Version 5.4.1 and later, Cisco with Akamai Connect supports WAAS and vWAAS devices up to 6,000 connections.

For Cisco WAAS Versions later than Cisco WAAS Version 5.4.1, Cisco with Akamai Connect supports WAAS and vWAAS devices beyond 6,000 connections.

For more information, see Supported Platforms for Cisco WAAS with Akamai Connect.

Transparent cache and caching policies

The Transparent cache, Akamai’s high-performance HTTP object cache, provides the ability to locally cache HTTP-based content for LAN-like performance, regardless of whether the web application was served from the private corporate cloud or the public Internet. This content includes on-demand and live HTTP video streams to deliver fast, high-quality, high-definition video experiences in the branch, all while offloading the enterprise network.

There are four caching policies (modes):

  • Basic: Caches only objects marked explicitly as cacheable.
  • Standard (default): Caches objects marked as cacheable, as well as objects that do not have caching directives, that include a last-modified date.
  • Advanced: Further extends the duration for which the objects without specific age limits are cached, thus allowing an aggressive amount of caching in appropriate situations, and to cache all object types for longer times, when there is no explicit expiration time.
  • Bypass: Turns off caching for a specific configured site or sites.

For more information, see Setting Transparent Caching Policies.

For configuration information, see the Enabling Akamai Connect procedure, Setting a Transparent Caching Policy for All Sites and Setting a Transparent Caching Policy for a Specific Site.

Akamai Connected Cache

Akamai’s proprietary caching rules in connection with the edge servers of the Akamai Intelligent Platform lets you cache and deliver content inside the branch office that might otherwise be deemed noncacheable. This content could be an enterprise’s own web content or any content that is delivered by the Akamai Intelligent Platform, which is up to thirty percent of all web traffic.

For more information, see the Enabling Akamai Connect procedure, Enabling Akamai Connected Cache.

Over the Top (OTT) caching

Over-The-Top (OTT) caching is used for streamed content, particularly video content. OTT caching caches HTTP content served from dynamic URLs and content marked as noncacheable, such as YouTube videos. Akamai achieves this by using metadata logic to determine a unique cache key per video, which allows dynamic URLs to be cached.

For more information, see Enabling Over the Top (OTT) caching.

Cisco Cloud Web Security (CWS)

Cisco Cloud Web Security (CWS) provides content scanning of HTTP and HTTP/S traffic, and provides malware protection service to web traffic. CWS enforces content filtering by enabling force IMS for every cached object, for both single-sided and dual-sided deployment.

For more information, see Enabling Cisco Cloud Web Security (Cisco CWS).

Cisco WAAS connections to the Akamai network

There are three ways for Cisco WAAS devices to connect to the Akamai network:

  • No HTTP proxy
  • Use Cisco WAAS Central Manager as HTTP proxy
  • Use an external HTTP proxy

For more information, see Configuring Cisco WAAS Connections to the Akamai Network.

Cache prepositioning

Cache prepositioning, also known as cache warming, allows you to specify a policy to prefetch and cache content at a specified time. Cache prepositioning allows you to take advantage of idle time on the WAN to transfer large or frequently accessed files to selected Cisco WAAS devices, so that users can benefit from cache-level performance even during first-time access of these files.

For more information, see Configuring Akamai Connect Cache Prepositioning.

Cisco support for Microsoft Update

Cisco support for Microsoft Windows Update enables the Akamai cache engine to support Windows Update in two ways: to download and cache full objects even when ranges within objects that not in cache are requested, and future range requests on the objects can be served out of cache.

For more information, see Cisco Support for Microsoft Windows Update.

Deployment Options for Cisco WAAS with Akamai Connect

This section contains the following topics:

About Deployment Options for Cisco WAAS with Akamai Connect

You can deploy Cisco WAAS with Akamai Connect as a dual-sided or single-sided deployment:

  • Dual-sided deployment of Cisco WAAS with Akamai Connect, shown in Figure 13-1, provides the following benefits for HTTP and HTTPS traffic:

blank.gif Transparent caching of customer-owned, Intranet web resources.

blank.gif Caching in branch only.

blank.gif Includes prepositioning (for non-SSL content).

Figure 13-1 Cisco WAAS with Akamai Connect Dual-Sided Deployment

392020.eps
  • Single-sided deployment of Cisco WAAS with Akamai Connect, shown in Figure 13-2, provides the following benefits for HTTP and HTTPS traffic:

blank.gif Generic web resources that utilize proxy-specific HTTP cache-control headers.

blank.gif Caching in branch only.

blank.gif Includes prepositioning (for non-SSL content).

note.gif

Noteblank.gif For Transparent caching in Standard mode, single-sided deployment of Cisco WAAS with Akamai Connect is enabled by default.


Figure 13-2 Cisco WAAS with Akamai Connect Single-Sided Deployment

392021.eps

Operating Guidelines for Cisco WAAS with Akamai Connect

Consider the following operating guidelines for Cisco WAAS with Akamai Connect:

  • There is no separate cache for HTTPS content. However, data is stored differently for the same site if both HTTP and HTTPS are accessing. (The way the sites are stored in the cache is based on the URL, and this will change between HTTP and HTTPS.)
  • You cannot view the contents of the cache, and cannot pin content to make it remain in the cache, for example, for prepositioned content.
  • The Akamai cache engine has no explicit integration with Cisco AppNav. The Cisco AppNav status is based on the Cisco HTTP application accelerator.

Supported Platforms for Cisco WAAS with Akamai Connect

This section contains the following topics:

Supported Cisco Platforms Up to 6,000 Connections

The flow of allocated resources to the Akamai cache engine is controlled by the Cisco WAAS Central Manager, but the overall resource pool and the amount of resources that can be allocated to the Akamai cache engine is controlled by the following:

  • the hardware platform
  • the number of supported connections and users that the router is designed to service

Table 13-1 shows Cisco WAAS with Akamai Connect supported platforms up to 6,000 connections, for Cisco WAAS Version 5.4.1 and later.

For information on Cisco WAAS with Akamai Connect supported platforms beyond 6,000 connections, see Supported Cisco Platforms Beyond 6,000 Connections.

Table 13-1 Cisco WAAS with Akamai Connect Supported Platforms up to 6,000 Connections

Cisco WAAS Appliance
Cisco SRE Service Module (Cisco SRE SM)
Cisco vWAAS
Cisco ISR-WAAS

N/A

N/A

vWAAS-150

ISR-G2 and ISR-G3

WAVE-294

SM-700

vWAAS-200

ISR-WAAS-750
(ISR-4451, SR-4431, ISR-4351, ISR-4331, ISR-4321)

WAVE-594

SM-900

vWAAS-750

ISR-WAAS-1300
(ISR-4451, ISR-4431)

WAVE-694

SM-710

vWAAS-1300

ISR-WAAS-2500
(ISR-4451)

N/A

SM-910

vWAAS-2500

N/A

N/A

N/A

vWAAS-6000

N/A

note.gif

Noteblank.gif If you are upgrading from a version earlier than Cisco vWAAS in Cisco WAAS Version 5.4.x, you will need a third disk and possibly more memory added. For more information, see the “Cisco vWAAS with Akamai Connect” chapter in the Cisco Virtual Wide Area Application Services Configuration Guide.


Supported Cisco Platforms Beyond 6,000 Connections

This section contains the following topics:

About Supported Cisco Platforms Beyond 6,000 Connections

The flow of allocated resources to the Akamai cache engine is controlled by the Cisco WAAS Central Manager, but the overall resource pool and the amount of resources that can be allocated to the Akamai cache engine is controlled by the hardware platform and the number of supported connections and users that the router is designed to service.

For Cisco WAAS Version 6.2.1 and later, the following list shows the Cisco WAAS with Akamai Connect supported platforms for scaling beyond 6,000 connections:

  • Cisco WAVE-7541
  • Cisco WAVE-7571
  • Cisco WAVE-8541
  • Cisco vWAAS-12000
  • Cisco vWAAS-50000

For Cisco WAAS with Akamai Connect for Cisco WAAS Version 5.4.1 and earlier, see Supported Cisco Platforms Up to 6,000 Connections.

Operating Guidelines for Supported Cisco Platforms Beyond 6,000 Connections

This section contains the following topics:

Supported Cisco WAVE Models Beyond 6,000 Connections

  • Table 13-2 shows the supported Cisco WAVE models with Akamai Connect beyond 6,000 connections, as well as the total HTTP object cache connections, memory required for the cache engine, and cache engine cache disk.

Table 13-2 Cisco WAAS with Akamai Connect Requirements for HTTP Object Cache

Cisco WAVE Model
Total HTTP Object Cache Connections
Cache Engine Cache Disk

WAVE-7541

18 K

708 GB

WAVE-7571

45 K

839 GB

WAVE-8541

112 K

675 GB

  • The Akamai cache engine connection-handling capacity is determined by the upper limit of memory that is given to the Akamai cache engine at startup. The Akamai cache engine will allocate memory as needed up to the upper limit. In case of overload, the connection will be optimized by HTTP-AO, without a caching benefit.
caut.gif

Caution blank.gif When a Cisco WAVE model used for Akamai Connect beyond 6,000 connections is assigned to a device group in the Cisco WAAS Central Manager after Akamai Connect is already enabled, you must manually reload the Cisco WAVE device. Akamai Connect will remain in shutdown state until the reload is performed.

Supported Cisco vWAAS Models Beyond 6,000 Connections

  • Table 13-3 shows supported Cisco vWAAS models with Akamai Connect beyond 6,000 connections, as well as the total HTTP object cache connections, cache engine cache disk, and additional resources that may be needed.

Table 13-3 Cisco vWAAS with Akamai Connect Requirements for Beyond 6,000 Connections

Cisco vWAAS Model
Total HTTP Object Cache Connections
Cache Engine Cache Disk
Additional Resource
to be Added

vWAAS-12000

12 K

750 GB

6GB RAM, 750 GB disk

vWAAS-50000

50 K

850 GB

850 GB disk

  • For Cisco vWAAS-12000 and Cisco vWAAS-50000:

blank.gif HTTP object cache will scale up to the platform TFO limit. To achieve this, you must augment the platform resources (CPU, RAM, and disk) during provisioning.

blank.gif For Cisco vWAAS-12000 and Cisco vWAAS-50000, you must allocate Akamai cache engine cache disk resources. Cache disk requirements are shown in Table 13-3 .

blank.gif For Cisco vWAAS-12000, you must allocate at least 6 GB of additional RAM.

blank.gif For Cisco vWAAS in Cisco WAAS Version 6.1.1 and later, Cisco vWAAS-150 on Cisco ISR-WAAS is supported for Akamai Connect.

blank.gif For Cisco vWAAS in Cisco WAAS Version 6.2.1 and later, Cisco vWAAS-150 is also supported for RHEL KVM and Microsoft Hyper-V.

blank.gif For vWAAS in Cisco WAAS versions earlier than 6.x, Akamai Connect beyond 6,000 connections is not supported for Cisco vWAAS on RHEL KVM or KVM on CentOS.

Configuring HTTP Object Cache

This section contains the following topics:

Configuring HTTP Object Cache in Cisco Devices with Akamai Connect

Before You Begin

  • HTTP object cache is used to enable the Akamai cache engine for a Cisco device, for Cisco WAAS Version 6.2.1 and later.
  • Enabling HTTP object cache for Cisco WAVE-7541, Cisco WAVE-7571 or Cisco WAVE-8541 includes configuring the device profile feature, repartitioning the Cisco WAVE data disk, and if needed, upgrading your Cisco WAAS system to Cisco WAAS Version 6.2.1 or later.

To configure HTTP object cache in Cisco WAVE or Cisco vWAAS device follow these steps.


Step 1blank.gif If needed, upgrade the Cisco WAAS Central Manager and Cisco WAE devices to Cisco WAAS Version 6.2.1 or later.

    • For complete upgrade instructions, including critical prerequisites before upgrading to Cisco WAAS Version 6.2.1 or later, see the Release Note for Cisco Wide Area Application Services for your Cisco WAAS version.
    • To configure HTTP object cache on Cisco vWAAS-12000 or Cisco vWAAS-50000, and to avoid object and DRE caching being lost due to execution of the disk delete-data-partitions command, you must downgrade from WAAS Version 6.2.x to WAAS Version 5.x, and then upgrade to WAAS Version 6.2.x. For more information, see.

Step 2blank.gif To enable HTTP object cache on the Cisco WAVE device, run the accelerator http object-cache enable global configuration command.

A message is displayed to restart the system, with two prerequisite procedures:

    • Run the disk delete-data-partitions command.
    • Enable Device Profile.

You must provide approval for each of these procedures.

Step 3blank.gif Run the disk delete-data-partitions command.

  • To accommodate the larger-scale connections available for Cisco WAAS Version 6.2.1 and later with Akamai Connect, the single partition for the RAID5-based disk subsystem is split into multiple partitions.
note.gif

Noteblank.gif The disk delete-data-partitions command deletes all data partitions on all logical drives, including CONTENT, PRINTSPOOL, and SYSFS partitions. These partitions include all DRE and SMB object cache files, SYSFS and print spool files. New partitions are created at system restart.


Step 4blank.gif Enable Device Profile: After the upgrade is complete, Device Profile is initially disabled.

Considering the following operating guidelines for Device Profile:

    • For Cisco WAAS Version 6.2.1 and later, Device Profile enables the device mode as branch, which tunes the resource allocation for various Cisco WAAS services as a branch traffic scenario and branch services.
    • For Cisco WAVE-7541 and Cisco WAVE-8541, the Device Profile is automatically set or unset when you enable or disable HTTP object cache.
    • For Cisco WAVE-7571, the Device Profile feature requires you to reboot the system to change the Device Profile feature status.

To enable Device Profile from the Cisco WAAS Central Manager:

a.blank.gif Choose Device > device-name > Configure > Caching > Device Profile.

The Device Profile window is displayed.

b.blank.gif To enable Device Profile, check the Branch check box.

note.gif

Noteblank.gif The Device Profile feature is enabled at the individual device level; it is not enabled for an entire device group.


c.blank.gif Click Submit.

To enable Device Profile from the Cisco WAAS CLI:

    • To configure the device to function as branch device, to configure resource pre-allocation resources for various WAAS services to be branch traffic scenario and branch services, run the device mode application-accelerator profile branch global configuration command.

Step 5blank.gif Restart the system.

When you restart the system using the Cisco WAAS Central Manager, the HTTP object cache is enabled on the device.

Step 6blank.gif Enable Akamai Connect.

    • For WAVE models 7541 and 8541, the Device Profile feature is automatically set/unset when you enable/disable HTTP OC. For WAVE-7571, the Device Profile setting requires you to reboot to change the Device Profile feature status.

Downgrading and Upgrading a Cisco vWAAS Device with Additional Akamai Cache Disk Removed and Reinstalled

To configure HTTP object cache in Cisco vWAAS-12000 or Cisco vWAAS-50000 with the additional Akamai Connect cache disk removed and then reinstalled, follow these steps:


Step 1blank.gif For the Cisco vWAAS device in Cisco WAAS Version 6.2.x with Akamai Connect enabled:

a.blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, and then choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with the Cache Settings tab displayed ().

b.blank.gif To disable Akamai Connect, uncheck the Enable Akamai Connect check box.

c.blank.gif Power down the Cisco vWAAS device.

Step 2blank.gif Remove the additional Akamai Cache disk.

Step 3blank.gif Power on the Cisco vWAAS device.

Step 4blank.gif Downgrade from Cisco WAAS Version 6.2.x to Cisco WAAS Version 5.x.

Step 5blank.gif Upgrade the Cisco WAAS Central Manager and Cisco WAE devices to Cisco WAAS Version 6.2.x.

Step 6blank.gif After the upgrade is complete, power off the device.

Step 7blank.gif Reinstall the additional Akamai Cache disk.

Step 8blank.gif Power on the Cisco vWAAS device.

Step 9blank.gif Enable Akamai Connect.

a.blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with the Cache Settings tab displayed.

b.blank.gif To enable Akamai Connect, check the Enable Akamai Connect check box.

c.blank.gif Click Submit.

Step 10blank.gif Enable HTTP object cache from the Cisco WAAS Central Manager or from the Cisco WAAS CLI.

Consider the following guidelines for enabling HTTP object cache:

Step 11blank.gif Power down the Cisco vWAAS device and add the necessary resources to the Cisco vWAAS device.

Step 12blank.gif Power up the Cisco vWAAS VM.

HTTP object cache is enabled on the Cisco vWAAS device.


 

Downgrading and Upgrading a Cisco vWAAS Device with Additional Akamai Cache Disk Remaining In Place

To configure HTTP object cache in Cisco vWAAS-12000 or Cisco vWAAS-50000 with the additional Akamai Connect cache disk remaining in place, follow these steps:


Step 1blank.gif Upgrade the Cisco WAAS Central Manager and Cisco WAE devices to Cisco WAAS Version 6.2.1 or later.

Step 2blank.gif Disable Akamai Connect.

a.blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, and then choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with the Cache Settings tab displayed.

b.blank.gif To disable Akamai Connect, uncheck the Enable Akamai Connect check box.

c.blank.gif Power down the Cisco vWAAS device.

Step 3blank.gif Downgrade from Cisco WAAS Version 6.2.x to Cisco WAAS Version 5.x.

Step 4blank.gif Upgrade the Cisco WAAS Central Manager and Cisco WAE devices to Cisco WAAS Version 6.2.x.

Step 5blank.gif Run the disk delete-data-partitions EXEC command and restart the system.

    • From the Cisco WAAS CLI, a message is displayed to run the disk delete-data-partitions EXEC command and restart the system.
    • The Cisco WAAS Central Manager does not display this message.

After the upgrade, you must run the disk delete-data-partitions command to enable Akamai Connect.

note.gif

Noteblank.gif The disk delete-data-partitions command deletes all data partitions on all logical drives, including CONTENT, PRINTSPOOL, and SYSFS partitions. These partitions include all DRE and SMB object cache files, SYSFS and print spool files. New partitions are created at system restart.


Step 6blank.gif Enable Akamai Connect.

a.blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with the Cache Settings tab displayed ().

b.blank.gif To enable Akamai Connect, check the Enable Akamai Connect check box.

c.blank.gif Click Submit.


 

Workflow for Enabling Akamai Connect

Table shows the workflow for enabling Akamai Connect

Table 13-4

Task
Description and Links to Procedures

1.blank.gif Receive and activate the Akamai Connect license.

blank.gif Prerequisites for Activating the Akamai License

blank.gif Activating the Akamai Connect License File

blank.gif Deregistering and Reregistering a Cisco WAAS Device

blank.gif Replacing an Inactive or Expired Akamai Connect License

2.blank.gif Enable Akamai Connect.

blank.gif Confirming Akamai Connect Configuration Prerequisites

blank.gif Turning on the Akamai Cache Engine and Enabling Akamai Connect

3.blank.gif Enable Akamai Connected Cache.

blank.gif Operating Guidelines for Akamai Connected Cache

blank.gif Procedure for Enabling Akamai Connected Cache

4.blank.gif Enable Over the Top (OTT) caching.

blank.gif Procedure for Enabling OTT Caching

5.blank.gif Set transparent caching policies.

blank.gif Transparent Caching and Caching Modes

blank.gif Setting a Transparent Caching Policy for All Sites

blank.gif Setting a Transparent Caching Policy for a Specific Site

6.blank.gif Enable Cisco Cloud Web Security (CWS).

7.blank.gif Configure Cisco WAAS connections to the Akamai network.

blank.gif About Cisco WAAS Connections to the Akamai Network

blank.gif Configuring No HTTP Proxy

blank.gif Configuring Cisco WAAS Central Manager as HTTP Proxy

blank.gif Configuring External HTTP Proxy

8.blank.gif Configure Server Address Validation.

9.blank.gif Configure Akamai Connect cache prepositioning.

blank.gif Configuring a Cache Preposition Task

blank.gif Viewing Cache Prepositioning Task Status

blank.gif Copying Cache Prepositioning Tasks

10.blank.gif Configure Akamai Connect HTTP/S preposition proxy.

blank.gif About HTTP/S Preposition Proxy for Akamai Connect

blank.gif Configuring Global Proxy Host and Port for Preposition Tasks

blank.gif Modifying Proxy Settings for an Individual Preposition Task

blank.gif Removing Proxy Settings for an Individual Preposition Task

Activating the Akamai Connect License

This section contains the following topics:

About the Akamai Connect License

The Akamai Connect license for Cisco WAAS is an advanced license available for all supported Cisco with Akamai Connect devices. The Akamai Connect license for Cisco WAAS is aligned with the number of optimized connections in each supported Cisco WAAS device.

Prerequisites for Activating the Akamai License

This section contains the following topics:

Confirming the Akamai License Customer ID Information

Before you upload a new license, collect the following information:

  • The new license activation file that is going to be uploaded
  • A customer ID snapshot from the Cisco WAAS Central Manager Akamai Diagnostics: Choose Home > Monitor > Troubleshoot > Akamai Diagnostics > Akamai Connect License > Details.
  • To capture the hostname and Akamai ID, copy the list of some devices, as either a snapshot or an Excel spreadsheet: Choose Home > Monitor > Troubleshoot > Akamai Diagnostics > Akamai Connect License > Details > Test.
  • Open a service request with this information so that Cisco TAC can assist you further. For further information on contacting TAC, see the Cisco Support and Downloads page, Contacts/Support Cases section.

Confirming Cisco WAAS Configuration Parameters for Akamai Connect

Complete the following prerequisites before you enable Akamai Connect on Cisco WAAS and activate the Akamai Connect License file:

Activating the Akamai Connect License File

To receive and activate the Akamai Connect activation file, follow these steps:


Step 1blank.gif Enable Akamai Connect, as described in Workflow for Enabling Akamai Connect.

If this is the first time you are enabling Akamai Connect, you are prompted to provide the activation file for licensing.

Step 2blank.gif If you have not done so, purchase an Akamai Connect license from your Cisco account representative or reseller. The following actions are generated by this purchase:

    • The account representative or reseller enters the order into the Cisco Commerce Workspace (CCW) system. The order must specify an email address for eDelivery of the Activation file.
    • CCW contacts the Akamai Luna Portal to request a license or licenses for the number and type of Akamai licenses entered.
    • Akamai generates and sends the license(s) to the CCW system in the form of a single activation file.
    • The CCW system sends an email, with the activation file attached, to the email address specified in the order. The order of priority for selecting the email address in a CCW order is::

blank.gif Priority1: eDelivery email address

blank.gif Priority2: end customer email address

blank.gif Priority3: shipping contact email address

note.gif

Noteblank.gif If you do not provide an email address in your order, you will not receive an activation file.


Step 3blank.gif To upload the Akamai Connect License file, choose Home > Admin > Licenses > Akamai Connect.

The Upload Akamai Connect License file window is displayed.

Step 4blank.gif Use to the Browse button to highlight and select the activation file, and click Upload.

    • The authentication data in the activation file is transmitted to the Akamai Luna portal.
    • After the device message is sent to the Akamai Luna portal, the Akamai Luna portal sends the Entitlement Code to the Cisco WAAS Central Manager and the Akamai Management Gateway (AMG). The Cisco WAAS Central Manager sends the Entitlement Code to Cisco WAAS, and the AMG rolls out the Entitlement Code to the edge servers on the Akamai Grid Network.

Each of these steps happens automatically, but each takes some time to complete.

    • The Entitlement Code is maintained on the Akamai Luna portal, on the AMG, and on the Cisco WAAS device. Cisco WAAS connects to the AMG using a proxy/DNS server that can resolve the address amg.terra.akamai.com.

Step 5blank.gif The activation process begins.

The Status of Devices with Akamai Connect Feature Configured table listing displays the following types of status for one, some, or all devices. Table 13-5 shows the states that the Akamai Device Status, Operational Status, and Connectivity to Akamai indicators proceed through.

Table 13-5 Status Indicator States for Device, Operational and Connectivity Status

Status Category
First Status
Second Status
Third Status
Fourth Status

Akamai Device Status

ActivationInProgress

ActivationInProgress

Active

Active

Operational Status

Disconnected

Connected

Connected

Connected

Connectivity to Akamai

Activating

Activating

Activated

Connected

note.gif

Noteblank.gif The activation process for WAAS devices may take between 15-60 minutes to complete, and for this time period, the Connectivity to Akamai status displays as Activating. During this time, device(s) may not be able to communicate with the Akamai Network, because they are not recognized by the AMG until the activation process is complete, and the Connectivity to Akamai status displays as Connected.


Step 6blank.gif For the final steps in the registration process:

    • Akamai Luna sends the Akamai Connected Cache credentials to the AMG and to the Akamai edge servers on the Akamai Grid network. The AMG forwards the Akamai Connected Cache credentials on to Cisco WAAS.
    • With the Akamai Connected Cache credentials on both Cisco WAAS and the Akamai edge servers, the Akamai Connected Cache is enabled, and caching requests can be served by the Akamai edge servers. This authenticated connection can then service requests for Akamai Connected Cache and OTT caching from the Akamai Grid network Akamai edge servers.
    • The registration of each Cisco WAE begins. The Cisco WAAS Central Manager provides information to the Akamai Luna Portal for each Cisco WAAS device that will be running Akamai Connect.
note.gif

Noteblank.gif The Connected Operational Status can take several minutes to complete. Rollout of the activation to the Akamai edge servers can take up to 45 minutes to complete. A device may take from a few minutes to up to two hours to show an Active Activation Status, depending on when the request was made, traffic conditions, and other variables.


Step 7blank.gif Each Cisco WAE that has been sent the entitlement code will try to make an SSL connection to the AMG using amg.terra.akamai.com. The Akamai Luna Portal will push out the Akamai Connected Cache credentials to the AMG and to the Akamai Grid Network (to the Akamai edge servers).

    • The AMG will push the Akamai Connected Cache credentials out to each of the Cisco WAEs that are configured for Akamai Connected Cache. If OTT is enabled, the OTT metadata needed to help cache YouTube objects is also processed at this time.
    • The Akamai Connected Cache credentials are sent by the Cisco WAE cache engine when going to the origin server. If the Cisco WAE cache engine has valid credentials according to the Akamai edge server, the Akamai edge server then provides objects to the Cisco WAE cache engine that are not normally cacheable to other devices.

Step 8blank.gif The Cisco WAE cache engine will request new credentials daily and will be good for two days. The connections are always established from the Cisco WAE or Cisco WAAS Central Manager over TCP 443 to the AMG.

    • For security, firewalls are usually deployed by performing statefull inspection on traffic from within the company to the outside. They are also configured to block unknown traffic from the outside to the inside.

Because connection should not initiate from AMG to any Cisco WAAS Central Manager or Cisco WAE at any time, there should not be an issue. If there is, then a hole will need to be made to allow the Cisco WAAS Central Manager or Cisco WAE to communicate with any device on port 443.

    • The Devices listing on the All Devices window includes a column titled Akamai Connect, which shows the status of each device: Active, Not Supported, Connected, or Disconnected.

Step 9blank.gif As needed, configure HTTP proxy or external HTTP proxy, described in Configuring Cisco WAAS Connections to the Akamai Network.


 

Deregistering and Reregistering a Cisco WAAS Device

This section provides an overview of how to deregister and reregister a Cisco WAAS device. For more information, see Changing Device Mode in the chapter “Planning Your Cisco WAAS Network” .

  • To change the device mode of a Cisco WAAS device that is already registered with a Cisco WAAS Central Manager, you must perform the following tasks:

1.blank.gif Deregister the Cisco WAAS device from the Cisco WAAS Central Manager.

2.blank.gif Change the device mode of the Cisco WAAS device.

3.blank.gif Reload the Cisco WAAS device.

4.blank.gif Re-enable CMS services for the Cisco WAAS device.

  • When you deregister a Cisco WAAS device from the Cisco WAAS Central Manager:

blank.gif The Cisco WAAS Central Manager triggers the removal of the device record on the Akamai side, thereby invalidating the entitlement key used by the Cisco WAE cache engine to talk to AMG devices.

blank.gif On the Cisco WAAS side, the Cisco WAE cache engine will continue to operate in Transparent caching mode.

  • When you reregister a Cisco WAAS device with the Cisco WAAS Central Manager, one of two things happen:

blank.gif The Cisco WAAS Central Manager auto-assigns the Cisco WAAS device to device groups (that are so marked). If any of these device groups have Akamai Connect and HTTP cache settings, the Cisco WAAS Central Manager will trigger registration with Akamai.

blank.gif If no device group is configured with Akamai Connect and HTTP cache settings, the registration is done individually.

blank.gif After the Cisco WAAS device is registered, it will get a new entitlement key.

Replacing an Inactive or Expired Akamai Connect License

If your Akamai Connect license has become inactive or has expired, follow these steps to replace your license:


Step 1blank.gif When a license is inactive or expired, a notification is displayed in one of these Cisco WAAS Central Manager windows:

    • At the Home > Admin > Akamai Connect window:
      Akamai Connect License is Inactive. Please remove current license and import valid license.
    • At the Home > Monitor > Troubleshoot > Akamai Diagnostics window:
      Akamai Connect License is Inactive. Please remove existing license and import new one using Akamai License page.

Step 2blank.gif Remove the inactive or expired license.

Step 3blank.gif To upload a new license file, choose Home > Admin > Licenses > Akamai Connect.

Step 4blank.gif The Akamai Connect window is displayed.

Step 5blank.gif Click Choose File and browse to the new license file, and then click Upload.

If you try to import an expired license, you will see the message:
Unable to communicate to Akamai server (Error: License is inactive or expired). See Central Manager log file for detailed error information.

Step 6blank.gif To obtain a new license, contact your Cisco account representative or reseller.


 

Enabling Akamai Connect

This section contains the following topics:

Confirming Akamai Connect Configuration Prerequisites

Before you enable Akamai Connect, confirm that your Cisco WAAS configuration has the following Akamai Connect prerequisites:

  • Cisco WAAS Version: The Cisco WAAS Central Manager and Cisco WAAS appliances are running at Cisco WAAS Version 5.4.1 or later.
  • NTP Service: A verified Network Time Protocol (NTP) service that is within 30 seconds of the NTP standard server (NTP.org). For how to configure the NTP server, see Configuring an NTP Server in the chapter “Configuring Other System Settings” .
  • DNS Server: A working public Domain Name System (DNS) server configured on the WAAS devices and the WAAS Central Manager. For how to configure the DNS server, see Configuring the DNS Server in the chapter “Configuring Network Settings” .
  • Akamai Luna system and Akamai Management Gateway: The ability for the Cisco WAAS Central Manager to reach Akamai’s Luna system via HTTPS on port 443. (The custom hostname is in your activation file.)

The ability for Cisco WAAS devices to make a connection to the Akamai Management Gateway (AMG) to get the authentication key. The Cisco WAAS device configured for Akamai Connect needs the correct network connectivity to access the AMG every day to get correct credentials and updated metadata. Cisco WAAS will make an HTTPS connection on port 443 to the AMG to get this information.

note.gif

Noteblank.gif The Akamai Connected Cache feature will stop functioning if Cisco WAAS loses communication with the AMG for more than 48 hours.


If the Cisco WAAS devices cannot go directly to the Internet, you can configure them to use the Cisco WAAS Central Manager as a proxy (see).

Turning on the Akamai Cache Engine and Enabling Akamai Connect


Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with the Cache Settings tab displayed.

note.gif

Noteblank.gif If you are configuring the Akamai Connect feature for a device group, the device group should have only devices that support Akamai Connect. For more information, see Supported Platforms for Cisco WAAS with Akamai Connect.


Step 2blank.gif To turn on the Akamai cache engine, check the Enable Akamai Connect check box.

The End-User License Agreement - Akamai Connect dialog box appears.

Step 3blank.gif Click Accept.

    • When you create settings for the first time, either at the device or the group level, the Akamai Connect upload file drop-down list is displayed. Choose the Akamai Connect license file and click Submit. For a description of the full registration procedure, see.
    • If you have not yet purchased an Akamai Connect license, see.

Step 4blank.gif From the Choose File drop-down box, choose your Akamai Connect license file.

Step 5blank.gif Click Submit or proceed to Enabling Akamai Connected Cache.


 

Enabling Akamai Connected Cache

This section contains the following topics:

About Akamai Connected Cache

Akamai’s proprietary caching rules in connection with the edge servers of the Akamai Intelligent Platform lets you cache and deliver content inside the branch office that might otherwise be deemed noncacheable. This content could be an enterprise’s own web content, content that is served by the worldwide Akamai Content Delivery Network (Akamai CDN), or any content that is delivered by the Akamai Intelligent Platform, which is up to 30 percent of all web traffic.

Figure 13-3 shows a deployment of Akamai Connected Cache.

Figure 13-3 Akamai Connected Cache

392022.eps

 

Akamai Connected Cache includes the following features:

  • Akamai Connected Cache is automatically enabled in Cisco WAAS when you enable Akamai Connect. You then specify the sites to be accelerated.
  • Object caching is done on the client-side Cisco WAAS device only.
  • Prepositioning can be leveraged to cache HTTP websites delivered via the Akamai Intelligent Platform.
  • The Cisco WAAS/Akamai cache engine determines which sites can be “Akamaized” by Akamai Connected Cache from the HTTP headers in the first reply. The cache engine and the Akamai edge server then exchange credentials and agree that Akamai Connected Cache can occur. This is done again via HTTP headers in HTTP request and responses.
  • During the enabling and registration of HTTP object cache, each Cisco WAE cache engine contacts the Akamai network to obtain credentials.

After registration is complete, and Akamai Connected Cache is turned on, DNS requests are routed through the Akamai DNS system, and content is served up from an edge server to the Cisco WAAS router whenever it is possible.

  • The Akamai edge server provides additional headers to allow the WAAS/Akamai cache engine to cache the objects for the objects it handles. The cache engine forwards this back to the corresponding client. The headers passed between the cache engine and the client are similar to what the client or enterprise proxy server would see if the Cisco WAE was not in the path.

Operating Guidelines for Akamai Connected Cache

For Akamai Connected Cache to function properly, you must have the following parameters configured:

blank.gif Access to public DNS server: for more information, see Configuring the DNS Server in the chapter Configuring Network Settings .

blank.gif NTP services: for more information, see Configuring Date and Time Settings in the chapter “Configuring Other System Settings” .

Procedure for Enabling Akamai Connected Cache

To enable Akamai Connected Cache, follow these steps:


Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with the Cache Settings tab displayed.

Step 2blank.gif At the Edit Settings pane, check the Akamai Connected Cache check box. The default is enabled.

Consider the following configuration guidelines for Akamai Connected Cache:

    • When Akamai Connected Cache is enabled, it is enabled for all suitable Akamaized content.
    • You can apply Akamai Connected Cache to a specified device, or to all registered devices:

blank.gif To apply Akamai Connected Cache to all registered Cisco WAAS devices, configure Akamai Connected Cache at the device group level.

blank.gif To apply Akamai Connected Cache to a specific registered Cisco WAAS device, configure Akamai Connected Cache at the device level.

    • After you enable Akamai Connected Cache, you can perform the following tasks:

blank.gif Set a caching policy for all sites.

blank.gif Set an individual caching policy for specific sites.

blank.gif Enable Over the Top (OTT) caching ().

blank.gif Configure cache prepositioning.

Step 3blank.gif Click Submit or proceed to Enabling Over the Top (OTT) caching.


 

Enabling Over the Top (OTT) caching

This section contains the following topics:

About OTT Caching

Over-The-Top (OTT) caching is used for streamed content, particularly video content. OTT caching caches HTTP content served from dynamic URLs and content marked as noncacheable, such as YouTube videos. Akamai achieves this by using metadata logic to determine a unique cache key per video, which allows dynamic URLs to be cached. Figure 13-4 shows an example of OTT caching.

Figure 13-4 Example of OTT Caching

392023.eps

 

note.gif

Noteblank.gif OTT caching is disabled by default. You can enable OTT caching after you enable Akamai Connected Cache. For more information, see.


Sites that support OTT caching include the following:

  • Apple
  • Google
  • Lynda
  • Microsoft Updates
  • Office 365
  • Pearson
  • Salesforce
  • Schoology
  • Vimeo
  • Youku
  • YouTube

Because YouTube is delivered via HTTPS, you must follow the same process as you do for Softwae as a Service (SaaS) optimization. The domains that must be matched are *.youtube.com, *.ytimg.com, *.googlevideo.com, and *.ggpht.com. For more information, see Configuring SSL Acceleration for SaaS Applications in the chapter “Configuring Application Acceleration” .

Procedure for Enabling OTT Caching

Before You Begin

Confirm that Akamai Connected Cache is enabled. For more information, see Enabling Akamai Connected Cache.

To enable OTT caching, follow these steps:


Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with the Cache Settings tab displayed.

Step 2blank.gif At the Edit Settings pane, check the Over the Top Cache check box.

note.gif

Noteblank.gif You must enable Akamai Connected Cache before you enable OTT caching. For more information, see Enabling Akamai Connected Cache.


Step 3blank.gif Click Submit or proceed to tasks for setting caching policies: Setting a Transparent Caching Policy for All Sites or Setting a Transparent Caching Policy for a Specific Site.


 

Setting Transparent Caching Policies

This section contains the following topics:

Transparent Caching and Caching Modes

This section contains the following topics:

About Transparent Caching and HTTP Object Cache

Transparent cache is Akamai’s high-performance HTTP object cache, which provides the ability to locally cache HTTP-based content for LAN-like performance, whether the web application was served from the private corporate cloud or from the public Internet. This content includes on-demand and live HTTP video streams, to deliver fast, high-quality, high-definition video in the branch, while offloading the enterprise network. Akamai Connect supports the latest generation of streaming protocols including Apple HTTP Live Streaming (HLS), Adobe HTTP Dynamic Streaming (HDS), and Microsoft HTTP Smooth Streaming (HSS). Akamai’s HTTP object cache also supports the caching of Apple software updates such as iOS and OS X, and Microsoft Windows Update, further offloading the enterprise network.

Transparent caching delivers content from an origin server to the client without any modification. Transparent caching sends a request from a client to a server along with the associated authentication. No changes are made by proxy servers to either the headers or the returned packets along the way, although there are some headers that mark proxy actions that can be altered without the meaning of the cache control headers being altered.

note.gif

Noteblank.gif When accessing transparent caching via HTTPS, the default caching mode is Basic mode. This ensures that no sensitive content is accidentally cached (in Basic mode, only content that you explicitly mark is cached). If you want content cached in a different mode with HTTPS, create a host rule that matches the HTTPS server location. For more information on creating a host rule, see Setting a Transparent Caching Policy for All Sites and Setting a Transparent Caching Policy for a Specific Site.


Transparent caching modes are used to set caching policies. For more information, see.

Transparent Caching Modes

There are four types of Transparent caching policies:

Basic Transparent Caching Mode

Basic mode is the lowest level of caching, where it strictly complies with the client caching directives in the HTTP header, caching only objects marked explicitly as cacheable. Caching is only in the branch or local router, and content can be cached from the Internet regardless of the location of the original source.

Standard Transparent Caching Mode (Default)

Standard (default) caching mode expands the breadth of caching objects by including objects marked as cacheable, objects that do not have caching directives, and with a last-modified date. For example, with Standard caching, the object will be cached for 10 percent of the current age of the response and then updated.

caut.gif

Caution A correctly configured website will work with Standard mode, but login pages, cookie setting pages, or dynamic content not properly marked as cacheable may break. We recommend that you test the website; this is particularly important for a newly-created website or one that does not have many users.

Advanced Transparent Caching Mode

Advanced caching mode further extends the duration for which the objects without specific age limits are cached, thus allowing an aggressive amount of caching in appropriate situations, and to cache all object types for longer times, when there is no explicit expiration time. Advanced mode is best suited for media-rich Intranet sites.

If cache-control or expire headers are not present and Last Modified Time appears, the cache engine performs a heuristic based on the Last Modified Time and stores objects for 20 percent of their apparent age, up to a maximum of one day.

For certain media file types, listed in Table 13-6 , Advanced Mode will cache these for a full day if the media type is not specified as uncacheable or the media type has no obvious age in the request. For all other media types, the system caches the object for a minimum of one hour to a maximum of seven days - regardless of whether the Last Modified Time is present.

Table 13-6 Advanced Mode: Media Types That May be Cached for a Full Day

Advanced Mode: Media types that may be cached for a full day
(if not specified as uncacheable or has no obvious age in the request)

3g2

3gp

aac

aif

aiff

asf

asx

au

avi

bin

bmp

cab

carb

cct

cdf

class

css

dcr

doc

docx

dtd

dv

dvd

dvr

dvr-ms

exe

flv

gcf

gff

gif

grv

hdml

hqx

ico

ini

jpeg

jpg

js

m1v

m4a

midi

mov

mp3

mp4

mpeg

mpg

mpv

nv

pct

pdf

png

ppc

ppt

pptx

pws

qt

swa

swf

tif

txt

vbs

w32

wav

wbmp

wma

wml

wmlc

wmls

wmlsc

wmv

xsd

xsl

xls

xlsx

zip

 

 

caut.gif

Caution A correctly configured website will work in Advanced mode, but Advanced mode may break the presentation of certain web pages if there are even minor caching misconfigurations. We recommend that you test the performance of this caching mode for your applications before you bring the cache engine into production. When testing, pay particular attention to dynamic URLs and to content that requires authentication to be presented to a client.

Bypass Transparent Caching Mode

Bypass mode turns off caching for a configured site or sites. When Bypass mode is set for a particular hostname, the caching for the site’s hostname specified in a rule is suppressed.

Bypass mode is useful when you want to turn off Akamai Connected Cache or OTT caching for a site or for a part of a site. For example, if you have servers of the type images#.bar.com, you can configure a bypass rule so that only images2.bar.com is excluded from caching. All other images#.bar.com servers will continue to be cached under the existing rules.

Order of Preference for Caching Modes

When there are multiple caching mode policies in use, the cache engine applies an order of precedence to implement these. A rule that is higher in the order of precedence is run first, and any other rules that are applied to that domain or digital property is ignored. The order of precedence is:

1.blank.gif Transparent caching rules

2.blank.gif OTT/Akamai Connected Cache

3.blank.gif Default Transparent policy

For example, if test.com is an Akamai Connected Cache property, but an Advanced mode cache rule is set for this site, then Advanced mode will take precedence and Akamai Connected Cache will be skipped.

note.gif

Noteblank.gif When cache prepositioning is turned on, it has the same priority as any other caching type.


note.gif

Noteblank.gif Akamai Connect determines cache type based on most exact hostname match followed by cache priorities. www.host.com is more exact than *.host.com. In this scenario, if a lower-priority cache, such as Akamai Connected Cache (Order of Precedence #2), has a more exact match than a higher priority cache, such as transparent (Order of Precedence #1), the caching will occur with the more exact match and lower-priority cache.


Setting a Transparent Caching Policy for All Sites

To set a transparent caching policy for all sites, follow these steps:


Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with the Cache Settings tab displayed.

Step 2blank.gif At the Advanced Cache Settings pane, from the Default Transparent Caching Policy drop-down list, choose one of the following caching policies as a default transparent caching policy for all sites:

    • Basic: Caches only objects marked explicitly as cacheable.
    • Standard (default): Caches objects marked as cacheable, as well as objects that do not have caching directives or a last-modified date.
    • Advanced: Further extends the duration for which the objects without specific age limits are cached, thus allowing an aggressive amount of caching in appropriate situations, and to cache all object types for longer times, when there is no explicit expiration time.
    • Bypass: Turns off caching for a specific configured site or sites.

Considering the following about caching polices:

    • Checking the Akamai Connected Cache check box () starts active caching with the default Standard caching policy. To use the Akamai cache engine with a Basic, Advanced, or Bypass caching policy, you must specify that caching policy with the Default Transparent Caching Policy drop-down list.
    • To set a caching policy for a specific site, see Setting a Transparent Caching Policy for a Specific Site.
    • For more information about caching policies, see.

Step 3blank.gif Click Submit or proceed to Setting a Transparent Caching Policy for a Specific Site.


 

Setting a Transparent Caching Policy for a Specific Site

To set a transparent caching policy for a specific site, follow these steps:


Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with the Cache Settings tab displayed.

Step 2blank.gif At the Advanced Cache Settings pane, from the Default Transparent Caching Policy drop-down list, choose Bypass.

Choosing Bypass turns off caching, so that you can set a specific caching policy for the site.

Step 3blank.gif To add a site to contain a specific caching policy, at the Site Specific Transparent Caching Policy table listing, click Add Hostname/IP.

The Site Caching Policy Task dialog box appears.

Step 4blank.gif In the Site Caching Policy Task dialog box, in the Hostname/IP field, specify the hostname of the site to be configured.

Consider the following guidelines for creating a hostname:

    • The hostname can be a specific server, or a domain name that contains a wildcard, such as *.cisco.com.
    • You can configure up to 512 hostnames for each site-specific caching policy.
    • At the Transparent Caching Policy drop-down list, select the cache policy for this site: Basic, Standard, Advanced, or Bypass.
    • Consider the following guidelines for setting a site-specific cache policy:

blank.gif +The policy you set for a specific site takes precedence over the default caching policy set for all sites.

blank.gif If you configure Bypass mode as the site-specific transparent caching policy, you must specify a complete server name or a complete domain name (a Fully Qualified Domain Name [FQDN]). If you use a wildcard to specify sites for Bypass mode, the sites will still be optimized via Akamai Cache.

Step 5blank.gif Click OK.

The new hostname/IP is added as a line item to the Site Specific Transparent Caching Policy table.

  • To edit an existing site, highlight the site listing and click Edit.
  • To delete an existing site, highlight the site listing and click Delete.

Step 6blank.gif Click Submit or proceed to Enabling Cisco Cloud Web Security (Cisco CWS).


 

Enabling Cisco Cloud Web Security (Cisco CWS)

This section contains the following topics:

About Cisco CWS

Cisco Cloud Web Security (CWS) provides content scanning of HTTP and HTTP/S traffic, and provides malware protection service to web traffic. CWS enforces content filtering by enabling force IMS for every cached object, for both single-sided and dual-sided deployment.

CWS servers scan web traffic content and either allow or block the traffic based on configured policies. Servers use credentials to identify and authenticate users and redirect the traffic for content scanning. Traffic is transparently proxyed by Cisco routers to cloud-based CWS servers, where the web traffic is scanned and, if deemed acceptable, is provided to the origin server. All traffic coming back is through the CWS server.

Cisco CWS Operating Guidelines

Note the following guidelines for Cisco CWS:

  • Cisco CWS version interoperability:

blank.gif For Cisco WAAS Version 6.2.1 and later, the CWS feature enforces content filtering by enabling force IMS for every cached object, for both single-sided and dual-sided deployment.

blank.gif For Cisco WAAS Versions earlier than 6.2.1, content filtering is enforced on single-sided deployments.

  • CWS can be used only when one Cisco WAAS device is present in the path.
  • If preposition is enabled, the traffic flow may be redirected to a CWS server, follow these recommendations:

blank.gif (Preferred choice): Configure a white list on the Cisco ISR or the Cisco CWS server to bypass the Cisco WAE IP address.

blank.gif On the Cisco CWS server, configure a user or group that the Cisco WAE will fall into for authentication and allow it access to all sites on which the preposition is occurring.

Procedure for Enabling Cisco CWS

To enable Cisco CWS, follow these steps:


Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with the Cache Settings tab displayed.

Step 2blank.gif At the Advanced Cache Settings pane, to enable Cisco CWS:

  • To enable CWS user policy enforcement for content access with Direct Internet Access (DIA), check the Force IMS DIA check box.
  • To apply CWS user policy enforcement for content access with all flows, check the Force IMS Always check box.

Step 3blank.gif Click Submit or proceed to Configuring Cisco WAAS Connections to the Akamai Network.


 

Configuring Cisco WAAS Connections to the Akamai Network

This section contains the following topics:

About Cisco WAAS Connections to the Akamai Network

This section provides an overview of the three ways for Cisco WAAS devices to connect to the Akamai network.

  • Use no HTTP proxy.
  • Use the Cisco WAAS Central Manager as HTTP proxy.
  • Use an external HTTP proxy.

When using Akamai Connect, the WAAS Central Manager and WAAS device(s) must be able to communicate with the Akamai Network: with the Akamai Luna API servers to provision entries for WAAS devices, and with the Akamai AMG devices for Akamai Connected Cache and OTT features.

However, when using Akamai Connect, some Cisco WAAS deployments may disallow outgoing connections to the Internet for the Cisco WAAS Central Manager or Cisco WAAS device(s). For these deployments, the Cisco WAAS device(s) may use an HTTP proxy to contact the Akamai Network.

note.gif

Noteblank.gif HTTP proxy must support HTTP CONNECT for tunneling HTTPS connections.


Table 13-7 shows the available connection configurations.

Table 13-7 Connection Configurations for Cisco WAAS to Akamai Network

Connection Configuration
Configuration Connections
Cisco WAAS Central Manager to Luna API Servers
Cisco WAAS HTTP Cache Engine to Akamai AMG

No HTTP proxy use

Direct/ Direct

Direct

Direct

Cisco WAAS Central Manager as HTTP proxy

Direct/
Cisco WAAS Central Manager as proxy

Direct

Cisco WAAS Central Manager as HTTP proxy

External HTTP proxy

Direct/
External HTTP proxy

Direct

External HTTP proxy

External HTTP proxy

External HTTP proxy/ Direct

External HTTP proxy

Direct

External HTTP proxy

External HTTP proxy/
External HTTP proxy

External HTTP proxy

External HTTP proxy

The following considerations apply to all HTTP proxy deployments:

  • You configure HTTP proxy from the Cisco WAAS Central Manager; there are no CLI commands for HTTP proxy. Configuring HTTP proxy settings does not require restart of the WAAS Central Manager.
  • HTTP Proxy must support HTTP Connect method for tunneling HTTPS connections.
  • Configuring the HTTP proxy setting does not require restart of the Cisco WAAS Central Manager.
note.gif

Noteblank.gif Cisco WAAS v5.5.1 does not support HTTP proxy user authentication. It is recommended that you restrict access to proxy using IP address ACLs.


Configuring No HTTP Proxy

To configure a direct connection from the Cisco WAAS Central Manager and Cisco WAAS devices to the Akamai network, follow these steps:


Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with the Cache Settings tab displayed.

4.blank.gif At the Advanced Cache Settings pane, confirm that the Use HTTP proxy for connections to Akamai network check box is unchecked.

5.blank.gif Click Submit.


 

Configuring Cisco WAAS Central Manager as HTTP Proxy

This section contains the following topics:

Operating Guidelines for Cisco WAAS Central Manager as HTTP Proxy

Note the following considerations when using the Cisco WAAS Central Manager as a proxy to the Akamai network:

    • When using Akamai Connected Cache, each Cisco WAAS cache engine device is communicating with the Akamai network. Some Cisco WAAS deployments may disallow WAE devices to establish outgoing connections to the Internet (i.e., private networks). In this case, the WAE device may use the Cisco WAAS Central Manager device(s) as proxy for all connections to the Akamai network.
    • You may still have to allow a hole for the Cisco WAAS Central Manager to make communications on TCP port 443 outbound.
    • There is no option for the Cisco WAAS Central Manager to use a proxy device to get to the Internet.
    • All connections are made from the Cisco WAAS cache engine device or Cisco WAAS Central Manager out to the Akamai network; never from the Akamai network to the Cisco WAAS cache engine device or Cisco WAAS Central Manager.
    • You configure this feature from the Cisco WAAS Central Manager only, not the CLI.

Procedure for Configuring Cisco WAAS Central Manager as HTTP Proxy

To configure the Cisco WAAS Central Manager as HTTP Proxy, follow these steps:


Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with the Cache Settings tab displayed.

Step 2blank.gif At the Advanced Cache Settings pane, check the Use HTTP proxy for connections to Akamai network check box.

Step 3blank.gif At the HTTP Proxy: drop-down list, choose Central Manager as HTTP Proxy.

Step 4blank.gif Click Submit.


 

Configuring External HTTP Proxy

This section contains the following topics:

About External HTTP Proxy

When using Akamai Connect, some Cisco WAAS deployments may disallow outgoing connections to the Internet for the Cisco WAAS Central Manager or Cisco WAAS device(s). For these deployments, the Cisco WAAS device(s) may use an HTTP proxy to contact the Akamai Network.

Configuring External HTTP Proxy for a Device or Device Group

To configure External HTTP Proxy for a device or device group, follow these steps:


Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with the Cache Settings tab displayed.

Step 2blank.gif Check the Use HTTP proxy for connections to Akamai network check box.

Step 3blank.gif At the Advanced Cache Settings pane, from the HTTP Proxy: drop-down list, select External HTTP Proxy.

Step 4blank.gif Specify a Proxy Host and a Proxy Port:

    • Proxy Host field: Enter a hostname or IP address.
    • Proxy Port field: Enter a value between 1 to 65535.
note.gif

Noteblank.gif If the Cisco WAAS Central Manager is already using an external HTTP proxy, there is no option displayed to use the Cisco WAAS Central Manager as proxy; these fields will display the currently configured HTTP proxy.


Step 5blank.gif Click Submit.


 

Configuring External HTTP Proxy for All Devices

To configure External HTTP Proxy for all devices, follow these steps:


Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Global > External HTTP Proxy.

The following message is displayed:

Some deployments may disallow direct connections from Central Manager to Internet hosts. This would
affect WAAS features such as Akamai Connect, where Central Manager needs to communicate with
Akamai servers. For such deployments WAAS Central Manager may use an external HTTP proxy to contact
Internet. HTTP proxy must support HTTP CONNECT method for tunneling HTTPS connections.

Step 2blank.gif Specify a Proxy Host and a Proxy Port:

    • Proxy Host field: Enter a hostname or IP address.
    • Proxy Port field: Enter a value between 1 to 65535.
note.gif

Noteblank.gif If the Cisco WAAS Central Manager is already using an external HTTP proxy, there is no option displayed to use the Cisco WAAS Central Manager as proxy; these fields will display the currently configured HTTP proxy.


6.blank.gif Click Submit.


 

Configuring Server Address Validation

This section contains the following topics:

About Server Address Validation

Server Address Validation prevents malicious content from infecting the Akamai Connect cache, by performing Domain Name Service (DNS) lookups on the name in the HTTP host header, comparing the lookup result with that connection’s forward IP address, and, if there is a mismatch, the transaction is allowed to pass through the cache, but no content is allowed to be cached.

Server Address Validation is available for Cisco WAAS Version 6.4.1 and later.

Example:

  • The server IP address to which a DNS name resolves might be an IP address of a server that contains malicious content, rather than that of an expected and trusted server.
  • The resulting response would get cached, and the Akamai cache would then contain malicious content.
  • After the cache is “poisoned” with this malicious content, other clients accessing the same content would also get served with this malicious data.

To prevent such situations, the server address validation feature:

  • Performs DNS lookups on the name in the HTTP host header.

A valid Domain Name System (DNS) configuration is required for Server Address Validation to work properly. For more information, see Configuring the DNS Server in the chapter “Configuring Network Settings” .

  • Compares the lookup result with that connection’s forward IP address.
  • If there is a mismatch, the transaction is allowed to pass through the cache, however—no content is allowed to be cached.
note.gif

Noteblank.gif The Cisco Cloud Web Security (CWS) feature also performs traffic scanning and malware protection for the Akamai Connect cache. For more information on CWS, see Enabling Cisco Cloud Web Security (Cisco CWS).


Alarms Used with Server Address Validation

Table 13-8 shows the alarms used with Server Address Validation.

Table 13-8 Alarms Used with Akamai Connect Cache Server IP Address Validation

Alarm Name
Reason Alarm is Raised
User Action

DNS Lookup Failed

  • Too frequently, address checks have been unable to look up hostnames.
  • Verify that the DNS configured in WAAS is able to do host lookup.

Forward Proxy Detected Warning

  • Address checks are enabled, but a forward proxy that is re-looking up hostnames has been detected.
  • Do one of the following:

blank.gif Disable address checks.

blank.gif Disable the forward proxy from re-looking up hostnames.

blank.gif Disable address checks for the forward proxies’ IP addresses.

blank.gif Add forward proxies’ IP addresses to the whitelist.

Address Check Failures Warning

  • Server address validation has found that too many address mismatches, the IP address returned by DNS lookup does not contain the address used by the client, are occurring.
  • Use the show hosts command to list and verify the name servers and their corresponding IP addresses, and to list the hostnames, their corresponding IP addresses, and their corresponding aliases (if applicable).

Procedure for Configuring Server Address Validation

This section describes how to use the WAAS Central Manager to enable or disable Server Address Validation, and to add, edit, or delete bypass server addresses into or from a whitelist.

Before You Begin

Before you configure Server Address Validation, consider these guidelines:

Interposer-SSL is in disabled state. Enable Interposer-SSL for HTTP Object Cache Server Validation feature to
use SNI extension. Peformance for HTTPS connections, when this feature is enabled, might get affected in the absence of SNI.

For more information, see Enabling and Disabling Global Optimization Features in the chapter “Configuring Application Acceleration” .

  • To configure Server Address Validation with the CLI, use the accelerator http object-cache validate-address enable and accelerator http object-cache validate-address bypass global configuration commands. For more information, see the Cisco Wide Area Application Services Command Reference.

Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with the Cache Settings tab displayed.

Step 2blank.gif At the Server Address Validation pane (Figure 13-5), check the Enable server address validation check box. The default is disabled.

Figure 13-5 Server Address Validation Panel

355417.jpg

Note the following operating guidelines about enabling or disabling Server Address Validation:

    • If Server Address Validation is enabled or disabled at the device group level, the option is enabled or disabled to all devices in the device group.
    • If you have enabled or disabled Server Address Validation from the CLI, it will be reflected in the WAAS Central Manager within two data feed cycles.

Step 3blank.gif To create a server address whitelist:

a.blank.gif At the Bypass Server Address table listing taskbar, click Add Server IP Address.

The Bypass Server dialog box appears.

b.blank.gif In the Bypass Server IP field, specify the server IP address.

c.blank.gif In the Netmask field, specify the netmask.

d.blank.gif Click OK.

The new server IP address and netmask are added to the Bypass Server Address table listing.

  • You can configure up to 50 server IP addresses per whitelist.
  • To edit an existing bypass server address, highlight the bypass server address and click Edit.
  • To delete an existing bypass server address, highlight the bypass server address and click Delete.
note.gif

Noteblank.gif A server address whitelist that you have created is stored on the data server until you delete it. The server IP address whitelist is not automatically deleted if you disable Server Address Validation.



 

Configuring Akamai Connect Cache Prepositioning

This section contains the following topics:

About Akamai Connect Cache Prepositioning

Cache prepositioning, also known as cache warming, allows you to specify a policy to prefetch and cache content at a specified time. Cache prepositioning allows you to take advantage of idle time on the WAN to transfer large or frequently accessed files to selected Cisco WAAS devices, so that users can benefit from cache-level performance even during first-time access of these files.

Cache prepositioning fetches content based on:

  • Predefined schedule
  • URL and link depth level
  • Excluded content types

Cache prepositioning runs at the same priority as other caching types, for example, Akamai Connected Cache or OTT.

For Cisco WAAS Version 6.2.1 and later with Akamai Connect, cache prepositioning for Akamai Connect also provides the following cache prepositioning features:

  • Processing of manifest files for the video streaming protocols HLS (HTTP Live Streaming) and HDS (HTTP Dynamic Streaming).
  • Prepositioning of JNLP (Java Network Launch Protocol) files, which contain URL reference for Java Web Start.

Operating Guidelines for Akamai Connect Cache Prepositioning

Consider the following operating guidelines for cache prepositioning for Akamai Connect:

  • When a scheduled fetch operation begins or is complete, it is added to the Cache Preposition Status table.
  • In order for HTTP/S content to be prepositioned, you must define an SSL accelerated service; otherwise, any HTTP requests encountered in the job will fail, although the preposition task will continue and any objects available via HTTP will be retrieved.

For more information on how to define an SSL accelerated service, see Configuring SSL Acceleration in the chapter “Configuring Application Acceleration” .

Configuring a Cache Preposition Task

Before You Begin

Table shows the dialog boxes, available from the Cache Prepositioning tab, used to configure a preposition task.

Table 13-9 Overview of Dialog Boxes Used to Configure Cache Preposition Tasks

Dialog Box
Description

Cache Prepositioning Task

Specify the preposition task name, base URLs for prepositioning, include/exclude types, download rate, recursion depth, and task duration.

Cache Prepositioning Task, Advanced Settings

Specify the recursion delay time and recursion domains.

Cache Prepositioning Schedule

Specify the schedule name for the preposition task, frequency of the task (such as daily or monthly), and start time.

To configure a cache preposition task, follow these steps:


Step 1blank.gif From Devices or Device Groups, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with two tabs: Cache Settings and Cache Prepositioning.

Step 2blank.gif Choose the Cache Prepositioning tab.

At this tab, you can add, edit, or delete cache prepositioning tasks, as well as monitor cache preposition task status.

Step 3blank.gif (Optional) To enable DRE for preposition connections, check the Preposition with DRE check box. The default is disabled, to prevent negative impact to the DRE byte cache for data that will be stored at the object level.

Step 4blank.gif At the Cache Prepositioning table listing, click Add Cache Preposition Task.

The Cache Prepositioning Task dialog box opens.

Step 5blank.gif In the Name field, enter the name of the preposition task.

    • Preposition task name is an alphanumeric identifier up to 47 characters. Special characters like ‘,/,\,{,},(,),?,”,<,>,[,],&,*,” are not allowed.
    • You can configure up to 10 URLs per task.
    • You can configure up to 10 schedules per task.
    • You can configure up to 50 tasks per device or device group.

Step 6blank.gif In the URLs field, enter the base URLs for prepositioning.

    • The maximum length for the URL is 900 characters. Characters that are not allowed in the URL are space, double quotes (“). ASCII characters are allowed in the range of ASCII 33 through ASCII 125.
    • Use a space to separate multiple URLs.
    • You can configure up to 10 URLs per task.

Step 7blank.gif In the Exclude Types field, enter the object types to exclude from caching, such as.jsp or.asp, each separated by a comma.

The list of object name patterns to be excluded has a total pattern field limit of 47 characters.

Step 8blank.gif In the Download Rate field, enter the maximum download rate, in KBps. Select any value between 0 to 10,000,000 KBps.

    • The default is 20 KBps.
    • A selection of 0 indicates unlimited, or no enforced rate limiting.

Step 9blank.gif To enable recursion for this cache preposition task, check the Recursive Task check box. To have recursion disabled for this cache preposition task, leave the Recursive Task check box unchecked. The default is unchecked.

Step 10blank.gif If you have checked the Recursive Task check box, from the Recursion Depth drop-down list, choose the depth of the link level at which content is retrieved: 1, 2, 3, 5, 8, 13, or 21. You can also enter a custom value from 1 to 1000. The default recursion depth value is 1.

The Recursion Depth drop-down list is active only if you check the Recursive Task check box.

note.gif

Noteblank.gif A greater number of specified levels of links means a greater amount of data stored in the cache, sometimes exponentially more. If the amount of requested prefetched data becomes larger than the cache, the newly requested data will flush all previously stored data, and may slow down other operations that attempt to use the cache.


Step 11blank.gif To enable this cache preposition task, check the Enable Task check box. The task must specify at least one URL (specified in the URLs field) and one schedule, specified in the next step.

Step 12blank.gif At the Cache Prepositioning Schedule table listing, click Add Schedule.

The Cache Prepositioning Schedule dialog box appears.

a.blank.gif In the Schedule Name field, enter the name of the schedule of this cache preposition task, up to 256 alphanumeric characters. The schedule name allows you to provide your own representation of a schedule. For example, you can name a schedule that occurs every Monday, Wednesday, and Friday at 10:30 a.m. as Weekly MWF 10:30AM or as Every Week - Mon-Wed-Fri at 10:30AM.

b.blank.gif From the Frequency drop-down list, choose the specified time for prepositioning: yearly, daily, weekly, or monthly days.

For example, if you choose you choose monthly days, a calendar with check boxes opens for you to check one, some, or all the days in a month for this schedule.

c.blank.gif From the Start Time (HH:MM) drop-down lists, choose the hour and minute at which this cache prepositioning task should start.

d.blank.gif Click OK.

Step 13blank.gif At the Advanced Settings section of the Cache Prepositioning Task dialog box, you can specify recursion delay time and recursion hostnames.

a.blank.gif In the Recursion Delay Time field, enter the delay time, in seconds, between requests during recursive download. This simulates user wait time. Recursive delay time is necessary because some servers use the lack of time between requests to detect and restrict web crawlers.

  • Enter a value between 0 to 600 seconds. The default is 2 seconds.
  • A value of zero provides the best performance when there are no web crawler restrictions.

Step 14blank.gif In the Recursion Domains field, enter the list of server domain suffixes for which recursive web crawling is permitted. If this list is empty, then web crawling is only permitted within the same domain as the specified URL.

You can configure up to ten servers:

  • The server name is up to 255 alphanumeric characters.
  • Server names are separated by comma or space.

Step 15blank.gif Click OK.

Step 16blank.gif In the Cache Prepositioning Schedule dialog box, click OK.

Step 17blank.gif In the Cache Prepositioning Task dialog box, click OK.

Step 18blank.gif Click Submit.

The new cache prepositioning task is added as a line item in the Cache Prepositioning table listing.


 

Viewing Cache Prepositioning Task Status

The Cache Prepositioning pane provides two tables to show the status of a cache prepositioning task.

  • To view the status of a cache preposition task you have configured, highlight and select the task from the first table, the Cache Preposition table listing.
  • The second table, the Cache Prepositioning Status table listing, displays information on the selected task.

blank.gif For an individual device, the cache prepositioning status table shows the selected task status for the current device.

blank.gif For a device group, the cache prepositioning status table shows the status of the selected cache preposition task, for all devices under that device group.

Table shows the information displayed for the selected cache preposition task.

Table Column
Description

Device Name

The name of the selected device.

Start Time

The date, hour, and minute for the task schedule to start.

End Time

The date, hour, and minute for the task schedule to end.

Byte Count

The total number of bytes in cache during the most recent preposition task run.

Object Count

The total count of objects in cache during the most recent preposition task run.

Refresh Bytes

The number of bytes refreshed in cache during the most recent preposition task run.

Refresh Count

The count of objects refreshed in cache during the most recent preposition task run.

Store Bytes

The number of unmodified bytes for objects found in cache during the most recent task run.

Store Count

The count of unmodified objects found in cache during the most recent task run.

Uncacheable Bytes

The number of bytes of uncacheable objects encountered during the most recent task run.

Uncacheable Count

The count of uncacheable objects encountered during the most recent task run.

Status

The status of the task, such as Scheduled, Complete, or Error.

Error

If the task status is Error, an error message describing the task status is displayed.

Copying Cache Prepositioning Tasks

You can copy cache prepositioning tasks that have a device or device group enabled with Akamai Connect. Use the following methods to copy cache prepositioning tasks:

  • Device to device
  • Device to device group
  • Device group to device
  • Device group to device group

To copy a cache preposition task, follow these steps:


Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with two tabs: Cache Settings and Cache Prepositioning.

Step 2blank.gif Choose the Cache Prepositioning tab.

Step 3blank.gif At the Cache Prepositioning pane, click Copy Tasks.

The Cache Prepositioning Task dialog box opens.

Step 4blank.gif From the From drop-down list, choose a device or device group as the source.

Step 5blank.gif From the To drop-down list, choose a device or device group as the destination.

note.gif

Noteblank.gif If you try to copy a task with the same name between device and device groups, the following error message is displayed: One or more preposition tasks with the same name already exists in the destination device/DG.


Step 6blank.gif At the Existing Cache Prepositioning Tasks table listing, select one, some or all of the cache preposition tasks to be copied.

Step 7blank.gif Click OK.

The selected cache prepositioning tasks are copied from the specified source to the specified destination.


 

Configuring HTTP/S Preposition Proxy for Akamai Connect

This section contains the following topics:

About HTTP/S Preposition Proxy for Akamai Connect

For Cisco WAAS Version 6.2.1 and later, you can preposition external content in the case of a deployment with proxy. Consider the following when configuring HTTP/S preposition proxy for Akamai Connect:

  • IPv4 proxy is supported for HTTP/S prepositioning.
  • The HTTP preposition proxy feature is a feature independent of the Cisco WAAS Central Manager and external HTTP proxy features described in the sections Configuring Cisco WAAS Central Manager as HTTP Proxy and Configuring External HTTP Proxy.
  • Specific IP address-based proxy configuration is supported for HTTP/S preposition proxy. File-based and auto-detected configurations are not supported for HTTP/S preposition proxy.

Configuring Global Proxy Host and Port for Preposition Tasks

To configure global proxy host and port for preposition tasks, follow these steps.


Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with two tabs: Cache Settings and Cache Prepositioning.

Step 2blank.gif Choose the Cache Prepositioning tab.

Step 3blank.gif In the Proxy Host field, enter the hostname or IP address for the proxy host.

Step 4blank.gif In the Proxy Port field, enter the port number. Valid port numbers are 0 to 65535.

Step 5blank.gif Click Submit.

Step 6blank.gif Create a preposition task, as described in Configuring a Cache Preposition Task.

Step 7blank.gif In the Cache Prepositioning Task dialog box, check the Enable Proxy check box.

Step 8blank.gif Schedule the task, as described in Step 12 of Configuring a Cache Preposition Task.

Step 9blank.gif Click Submit.


 

Modifying Proxy Settings for an Individual Preposition Task

To modify proxy settings for an individual preposition task, follow these steps.


Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with two tabs: Cache Settings and Cache Prepositioning.

Step 2blank.gif Choose the Cache Prepositioning tab.

Step 3blank.gif Select a cache prepositioning task that you have configured as proxy.

Step 4blank.gif Modify the particular setting or settings.

Step 5blank.gif Check the Enable Task check box.

Step 6blank.gif Check the Enable Proxy check box.

Step 7blank.gif In the Cache Prepositioning Schedule dialog box, select parameters to reschedule the task.

Step 8blank.gif Click OK.

Step 9blank.gif In the Cache Prepositioning Task dialog box, click OK.

Step 10blank.gif Click Submit.


 

Removing Proxy Settings for an Individual Preposition Task

To remove proxy settings for an individual preposition task, follow these steps.


Step 1blank.gif From the Cisco WAAS Central Manager menu, from either the Device Groups or Devices tab, choose Configure > Caching > Akamai Connect.

The Akamai Connect window appears, with two tabs: Cache Settings and Cache Prepositioning.

Step 2blank.gif Choose the Cache Prepositioning tab.

Step 3blank.gif Select a cache prepositioning task that you have configured as proxy.

Step 4blank.gif Check the Enable Task check box.

Step 5blank.gif Uncheck the Enable Proxy check box.

Step 6blank.gif In the Cache Prepositioning Schedule dialog box, select parameters to reschedule the task.

Step 7blank.gif Click OK.

Step 8blank.gif In the Cache Prepositioning Task dialog box, click OK.

Step 9blank.gif Click Submit.


 

Cisco Support for Microsoft Windows Update

Cisco support for Microsoft Windows Update enables caching of objects used in Windows OS and application updates. Cisco support for Microsoft Windows Update is enabled by default, and enabled only for specific sites.

This section contains the following topics:

About Cisco WAAS Support for Microsoft Windows Update

The Microsoft operating system and application updates are managed by update clients such as Microsoft Update. Microsoft Update downloads the updates via HTTP, often in combination with BITS (Background Intelligent Transfer Service) to help facilitate the downloads. Clients use HTTP range request to fetch updates.

The objects that comprise the updates, such as.cab files, are typically cacheable, so that HTTP object cache is a significant benefit for this process.

For example, for Microsoft Windows 7 and Microsoft 8 OS updates, via direct Internet or WSUS (Windows Server Update Services), versions 2012 and 2012R2, more than 98% of the update files, such as.cab,.exe, and.psf files, are served from cache on subsequent updates. Cisco support for Microsoft Windows Update reduces the volume of WAN offload bytes and reduces response time for subsequent Microsoft Windows updates.

Viewing Statistics for Cisco Support for Microsoft Windows Update

There are two ways to view data generated by Cisco support for Microsoft Windows Update:

blank.gif rm-w (range miss, wait): The main transaction, a cache miss, which waited for the sub-transaction to fetch the needed bytes.

blank.gif rm-f (range miss, full): The sub-transaction, a cache write of the entire document.

Example 1

Example 1 contains two log lines, the main transaction and sub-transaction, when a range is requested on an object that is not in cache:

ws8-rt-kb2863725-x64_dd8522e527483cd69bf61d98ee849a2406b97172.psf - -
08/28/2015 12:22:29.663 (fl=27520) 300 13.164 0.000 446 - - 34912 172.25.30.4
 
191.234.4.50 2905 h - - rm-w 206 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/secu/2013/07/windows8-rt-kb2863725- x64_dd8522e527483cd69bf61d98ee849a2406b97172.psf - -
 
08/28/2015 12:24:31.448 (fl=27520) 300 134.949 0.000 355 344 3591542 568 172.25.30.4 191.234.4.50 2f25 m-s - - rm-f 200 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/secu/2013/07/windows8-rt-kb2863725-x64_dd8522e527483cd69bf61d98ee849a2406b97172.psf - -

 

Example 2:

Example 2 shows a cache hit when a range is requested on an object that is either completely in cache, or in the process of being downloaded. If it is in the process of being downloaded, then the main transaction has latched onto a sub-transaction like the one shown in Example 1.

08/28/2015 03:34:36.906 (fl=26032) 300 0.000 50.373 346 - - 13169 172.25.30.4 8.254.217.62 2905 h - - - 206 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/secu/2013/07/windows8-\ rt-kb2863725-x64_dd8522e527483cd69bf61d98ee849a2406b97172.psf - -
 

Cisco Support for Microsoft Windows Update and Akamai Cache Engine

Cisco support for Microsoft Windows Update enables Akamai cache engine to support Windows Update caching in two ways:

  • Download and cache full objects even when ranges within objects that not in cache are requested.
  • Future range requests on the objects can be served out of cache.

There is a limit, set by OTT metadata during the Akamai Connect registration process, from the start of the object—the number of bytes or the percent of file length—where the download functionality is triggered. A request of a size above the set limit does not initiate a full object download, and the request is forwarded to the origin as is.

caut.gif

Caution blank.gif Cisco Support for Microsoft Windows update is enabled by default, and enabled only for specific sites. The enabled sites are updated via OTT metadata.

If you want to disable Cisco Support for Microsoft Windows Update, you must disable OTT caching. To do this, uncheck the Over the Top Cache check box. However, note that unchecking the Over the Top Cache check box disables all OTT functionality, both global and custom OTT configurations.

For more information on the Akamai Connect registration process, see Activating the Akamai Connect License.

Cisco WAAS CLI Commands Used with Akamai Connect

This section contains the following topics:

For detailed Cisco WAAS CLI command information, see the Cisco Wide Area Application Services Command Reference.

Cisco WAAS Global Configuration Commands Used with Akamai Connect

Table 13-10 highlights Cisco WAAS global configuration commands used with Akamai Connect.

Table 13-10 Cisco WAAS Global Configuration Commands Used with Akamai Connect

Command Mode

Global Configuration

(config) accelerator http object-cache connected enable

Enables the Akamai Connected Cache to cache content that is delivered by an Edge server on the Akamai Intelligent Platform. Object caching is done on the client side Cisco WAAS device only.

note.gif

Noteblank.gif You must enable and register Akamai Connect from the Cisco WAAS Central Manager before you run the accelerator http object-cache connected enable global configuration command. Otherwise, running this command will invalidate the Akamai Connect End-User License Agreement.


(config) accelerator http object-cache cws-check enable

Enables Cisco Cloud Web Security feature.

(config) accelerator http object-cache enable

Turns on the Akamai cache engine for the Cisco WAAS device.

(config) accelerator http object-cache ott enable

Enables Over the Top (OTT) caching.

(config) accelerator http object-cache transparent enable

Enables the Akamai HTTP object cache (the Akamai cache engine) in Basic mode.

note.gif

Noteblank.gif When using the CLI to enable the HTTP object cache (the Akamai cache engine), the default caching mode is Basic. When using the Cisco WAAS Central Manager to enable HTTP object cache, the default caching mode is Standard.


(config) accelerator http object-cache transparent advanced

Enables the Akamai HTTP object cache (the Akamai cache engine) in Advanced mode.

(config) accelerator http object-cache transparent basic

Enables the Akamai HTTP object cache (the Akamai cache engine) in Basic mode.

(config) accelerator http object-cache transparent bypass

Enables the Akamai HTTP object cache (the Akamai cache engine) in Bypass mode.

(config) accelerator http object-cache transparent enable

Enables the Akamai HTTP object cache (the Akamai cache engine) in Basic mode.

(config) accelerator http object-cache transparent standard

Enables the Akamai HTTP object cache (the Akamai cache engine) in Standard mode.

(config) accelerator http object-cache validate-address bypass

Adds bypass server IP addresses to a whitelist for Server Address Validation.

(config) accelerator http object-cache validate-address bypass

Validates the IP server address configuration.

(config) device mode application-accelerator profile branch

For use with Cisco WAVE devices, to enable the device to function as a branch device, to configure resource pre-allocation resources for various Cisco WAAS services to be branch traffic scenario and branch services.

(config) http-object cache validate address enable

You can also user the user-agent useragent-name global configuration command

to configure the user agent string page 40 PDF

Cisco WAAS Preposition Configuration Commands Used with Akamai Connect

Table 13-11 highlights the Cisco WAAS preposition configuration commands used with Akamai Connect.

Table 13-11 Cisco WAAS Preposition Configuration Commands Used with Akamai Connect

Command Mode
Command
Description

Preposition Configuration

(config-preposition) accelerator http preposition dre enable

Enables Data Redundancy Elimination (DRE) for preposition connections.

(config-preposition) accelerator http preposition task task-name

Configure a preposition task for one or more sites.

Cisco WAAS EXEC Commands Used with Akamai Connect

Table 13-12 highlights the Cisco WAAS EXEC commands used with Akamai Connect.

Table 13-12 Cisco WAAS EXEC Used with Akamai Connect

Command Mode
Command
Description

EXEC

clear cache http-object-cache invalidate

Clears the HTTP object cache.

clear statistics accelerator http object-cache

Clears HTTP object cache statistics from a Cisco WAAS device.

debug accelerator http object-cache

Enables object cache debugging.

debug cms {router-config | stats}

Monitor and record CMS debugging for router configuration and statistics, from the Cisco WAAS Central Manager.

disk delete-data-partitions

Deletes all data partitions on all logical drives. Data partitions include the CONTENT, PRINTSPOOL, and GUEST partitions. These partitions include all DRE cache files and print spool files.

show accelerator http object-cache

Displays HTTP object cache configuration and status information for a Cisco WAAS device.

show hosts

  • Lists and verifies the name servers and their corresponding IP addresses, and lists the hostnames, their corresponding IP addresses, and their corresponding aliases (if applicable).

show statistics accelerator http preposition

Displays preposition task information for a Cisco WAAS device.

show statistics accelerator http object-cache

Displays object cache statistics for a Cisco WAAS device.