Tài liệu Deploying Cisco Wide Area Application Services potx

Deploying Cisco Wide Area

Application Services,

Second Edition

Joel Christner, CCIE No. 15311

Zach Seils, CCIE No. 7861

Nancy Jin

Cisco Press

800 East 96th Street

Indianapolis, IN 46240

Deploying Cisco Wide Area Application Services,

Second Edition

Joel Christner, Zach Seils, Nancy Jin

Copyright© 2010 Cisco Systems, Inc.

Published by:

Cisco Press

800 East 96th Street

Indianapolis, IN 46240 USA

All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means,

electronic or mechanical, including photocopying, recording, or by any information storage and retrieval

system, without written permission from the publisher, except for the inclusion of brief quotations in a

review.

Printed in the United States of America

First Printing January 2010

Library of Congress Cataloging-in-Publication data is on file.

ISBN-13: 978-1-58705-912-4

ISBN-10: 1-58705-912-6

Warning and Disclaimer

This book is designed to provide information about deploying Cisco Wide Area Application Services

(WAAS). Every effort has been made to make this book as complete and as accurate as possible, but no

warranty or fitness is implied.

The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have

neither liability nor responsibility to any person or entity with respect to any loss or damages arising from

the information contained in this book or from the use of the discs or programs that may accompany it.

The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.

ii Deploying Cisco Wide Area Application Services

Trademark Acknowledgments

All terms mentioned in this book that are known to be trademarks or service marks have been appropriate￾ly capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of

a term in this book should not be regarded as affecting the validity of any trademark or service mark.

Corporate and Government Sales

The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or spe￾cial sales, which may include electronic versions and/or custom covers and content particular to your busi￾ness, training goals, marketing focus, and branding interests. For more information, please contact: U.S.

Corporate and Government Sales 1-800-382-3419 [email protected]

For sales outside the United States please contact: International Sales [email protected]

Feedback Information

At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book

is crafted with care and precision, undergoing rigorous development that involves the unique expertise of

members from the professional technical community.

Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could

improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through

email at [email protected]. Please make sure to include the book title and ISBN in your message.

We greatly appreciate your assistance.

Publisher: Paul Boger Cisco Representative: Erik Ullanderson

Associate Publisher: Dave Dusthimer Cisco Press Program Manager: Anand Sundaram

Executive Editor: Mary Beth Ray Copy Editor/Proofreader: Deadline Driven Publishing

Managing Editor: Patrick Kanouse Technical Editors: Jim French, Jeevan Sharma

Senior Development Editor: Christopher Cleveland Indexer: Angie Bess

Project Editor: Ginny Bess Munroe

Editorial Assistant: Vanessa Evans

Cover Designer: Sandra Schroeder

Book Designer: Louisa Adair

Composition: Mark Shirar

iii

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the

Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the

Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step,

Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers,

Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and

the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0812R)

Americas Headquarters

Cisco Systems, Inc.

San Jose, CA

Asia Pacific Headquarters

Cisco Systems (USA) Pte. Ltd.

Singapore

Europe Headquarters

Cisco Systems International BV

Amsterdam, The Netherlands

About the Authors

Joel Christner, CCIE No. 15311, is a distinguished engineer at StorSimple, Inc. Before

StorSimple, Joel was a technical leader in the Application Delivery Business Unit (ADBU)

at Cisco Systems, Inc., driving the long-term product strategy, system architecture, and

solution architecture for the Cisco Wide Area Application Services (WAAS) product and

the Cisco broader application delivery solution. Previously, Joel was director of product

management for Reconnex Corporation (acquired by McAfee), the industry leader in data

loss prevention (DLP) solutions. Prior to joining Reconnex, Joel was the senior manager of

technical marketing for ADBU at Cisco Systems, Inc, and a key contributor to the WAAS

product line, helping shape the system architecture, craft the product requirements, and

enable a global sales team to sell and support the product in a hyper-competitive market.

Joel is co-author of the first edition of this book and also co-author of Application

Acceleration and WAN Optimization Fundamentals (Cisco Press) with Ted Grevers, Jr,

which outlines architecture and relevance for WAN optimization and application accelera￾tion technologies in today’s dynamic IT organizations.

Zach Seils, CCIE No. 7861, is a technical leader in the Application Delivery Business

Unit (ADBU) at Cisco Systems, Inc. Zach is currently focused on developing the architec￾ture and network integration aspects of next-generation WAN optimization and applica￾tion acceleration platforms. In addition, Zach is frequently engaged with partners and

internal Cisco engineers worldwide to advise on the design, implementation, and trou￾bleshooting of Cisco WAAS. Previously, Zach was a technical leader in the Cisco

Advanced Services Data Center Networking Practice, where he served as a subject matter

expert in Application Networking Services for the largest Enterprise and Service Provider

customers at Cisco. Zach is co-author of the first edition of this book and was also a

technical reviewer of Application Acceleration and WAN Optimization Fundamentals

(Cisco Press) by Joel Christner and Ted Grevers, Jr.

Nancy Jin is a senior technical marketing engineer in the Application Delivery Business

Unit (ADBU) at Cisco Systems, Inc. where she helps develop requirements for product

features, drive sales enablement, and manage technical training development for the Cisco

WAAS product family. Before Cisco, Nancy held senior systems engineering positions

with well-known network and managed service providers, including InterNAP Network

Services, Telstra USA, Sigma Networks, and MCI Worldcom.

iv Deploying Cisco Wide Area Application Services

About the Technical Reviewers

Jim French resides in New Jersey. He has more than 15 years of experience in informa￾tion technologies. A 12-year veteran of Cisco, Jim has been in the position of distin￾guished system engineer since early 2003 and holds CCIE and CISSP certifications. Since

joining Cisco, he has focused on routing, switching, voice, video, security, storage, con￾tent networking, application delivery, and desktop virtualization. Primarily, Jim has

helped customers decrease their upfront capital investments in application infrastructure,

reduce application operational costs, speed application time to market, increase applica￾tion touch points (interactions), increase application availability, and improve application

performance. Working internally with Cisco marketing and engineering, Jim is instrumen￾tal in driving new features, acquisitions, and architectures into Cisco solutions to make

customers successful. Prior to joining Cisco, Jim received a BSEE degree from Rutgers

University College of Engineering in 1987 and later went on to obtain an MBA from

Rutgers Graduate School of Management in 1994. In his spare time, Jim enjoys spending

time with family, friends, running, racquetball, basketball, soccer, traveling, coaching

youth recreation sports, and fathering his amazing son Brian.

Jeevan Sharma, CCIE No. 11529, is a technical marketing engineer at Cisco. He works

with Application Delivery Business Unit (ADBU). Jeevan has more than 9 years of experi￾ence at Cisco and 13 years of overall Information Technology experience. Since joining

Cisco, he has held various technical roles in which he has worked extensively with Cisco

customers, partners, and system engineers worldwide on their network designs, and the

implementation and troubleshooting of Cisco products. Working with engineering and

product management at Cisco, he has been focused on systems and solutions testing, new

feature development and product enhancements to improve the quality of Cisco prod￾ucts, and solutions for customers. Prior to Cisco, Jeevan worked at CMC Limited and

HCL Technologies, where he spent time with customers on their network design and sys￾tems integration. In his spare time, Jeevan enjoys family and friends, tennis, hiking, and

traveling.

v

Dedications

This book is dedicated to my beautiful wife Christina, our family, and to our Lord and

Savior Jesus Christ; through Him all things are possible.

—Joel Christner

This book is dedicated to my love. You have opened my eyes and heart and soul to things

I never knew were possible. I am honored that you have let me in your life. I can never

thank you enough for these things. Your unfaltering love, caring heart, and beautiful

smile are what inspires me to keep going day after day. I love you.

—Zach Seils

This book is dedicated to my most supportive family. To my husband Steve, my parents,

and parents-in-law, thank you for always being there for me. To my lovely sons Max and

Leo, I love you!

—Nancy Jin

vi Deploying Cisco Wide Area Application Services

Acknowledgments

From Joel Christner: To Christina, my beautiful, loving, and patient wife—thank you. I

promise I won’t write another book for a little while. This time, I mean it. I know you’ve

heard THAT before.

I’d like to express my deepest appreciation to you, the reader, for taking the time to read

this book. Zach, Nancy, and I are honored to have been given the opportunity to earn a

spot in your personal library, and we look forward to your feedback.

To Zach and Nancy, for being such great co-authors and good friends. Your expertise and

ability to clearly articulate complex technical concepts are unmatched, and I’m thankful

to have been given the opportunity to collaborate with you. Many thanks to Jim French

and Jeevan Sharma, our technical reviewers. Your attention to detail and focus helped

keep our material accurate and concise. It was a pleasure working with you on this

book—and at Cisco.

A tremendous thank you to the production team at Cisco Press—your guidance has been

great, and Zach, Nancy, and I appreciate you keeping us on track and focused.

From Zach Seils: To my love, I could not have finished this project without your constant

encouragement. Thank you. To Rowan, Evan, and Jeeper, I love you guys more than you

will ever know.

To the technical reviewers Jim French and Jeevan Sharma, Thanks for all your hard work

to make this edition of the book a top-notch technical reference. I know that the quality

of this project increased significantly due to your contributions.

I’d like to give special thanks to my co-authors Joel and Nancy, thanks for making this

project happen and your patience throughout the writing process.

Thanks to the Cisco Press team for your patience and support throughout this project.

From Nancy Jin: My most sincere appreciation goes to Joel Christner, who introduced

me to this wonderful opportunity. It is a great honor to work with such a talented team.

Thank you, Jim French and Jeevan Sharma, for doing such great a job as the technical

reviewers. Thank you Cisco Press for working on this project with us.

vii

Contents at a Glance

Foreword xix

Introduction xx

Chapter 1 Introduction to Cisco Wide Area Application Services (WAAS) 1

Chapter 2 Cisco WAAS Architecture, Hardware, and Sizing 49

Chapter 3 Planning, Discovery, and Analysis 77

Chapter 4 Network Integration and Interception 107

Chapter 5 Branch Office Network Integration 153

Chapter 6 Data Center Network Integration 203

Chapter 7 System and Device Management 249

Chapter 8 Configuring WAN Optimization 319

Chapter 9 Configuring Application Acceleration 401

Chapter 10 Branch Office Virtualization 473

Chapter 11 Case Studies 511

Appendix A WAAS Quickstart Guide 547

Appendix B Troubleshooting Guide 569

Appendix C 4.0/4.1 CLI Mapping 595

Index 599

viii Deploying Cisco Wide Area Application Services

Contents

Foreword xix

Introduction xx

Chapter 1 Introduction to Cisco Wide Area Application Services (WAAS) 1

Understanding Application Performance Barriers 3

Layer 4 Through Layer 7 4

Latency 7

Bandwidth Inefficiencies 10

Throughput Limitations 11

Network Infrastructure 12

Bandwidth Constraints 12

Network Latency 15

Loss and Congestion 19

Introduction to Cisco WAAS 21

WAN Optimization 23

Data Redundancy Elimination 25

Persistent LZ Compression 30

Transport Flow Optimization 30

Secure Sockets Layer (SSL) Optimization 31

Application Acceleration 33

Object and Metadata Caching 36

Prepositioning 38

Read-Ahead 39

Write-Behind 40

Multiplexing 41

Other Features 42

Branch Virtualization 45

The WAAS Effect 46

Summary 48

Chapter 2 Cisco WAAS Architecture, Hardware, and Sizing 49

Cisco WAAS Product Architecture 49

Disk Encryption 50

Central Management Subsystem 51

Interface Manager 51

Monitoring Facilities and Alarms 52

Network Interception and Bypass Manager 52

ix

Application Traffic Policy Engine 53

Virtual Blades 55

Hardware Family 55

Router-Integrated Network Modules 56

NME-WAE Model 302 57

NME-WAE Model 502 57

NME-WAE Model 522 58

Appliances 58

WAVE Model 274 59

WAVE Model 474 59

WAE Model 512 60

WAVE Model 574 60

WAE Model 612 60

WAE Model 674 61

WAE Model 7341 61

WAE Model 7371 61

Licensing 61

Performance and Scalability Metrics 62

Device Memory 63

Disk Capacity 64

Number of Optimized TCP Connections 65

WAN Bandwidth and LAN Throughput 70

Number of Peers and Fan-Out 71

Number of Devices Managed 73

Replication Acceleration 74

Virtual Blades 75

Summary 76

Chapter 3 Planning, Discovery, and Analysis 77

Planning Overview 77

Planning Overview Checklist 78

Requirements Collection and Analysis 78

Site Information 80

Site Types 80

User Population 81

Physical Environment 81

Site Information Checklist 82

x Deploying Cisco Wide Area Application Services

Network Infrastructure 82

WAN Topology 82

Remote Office Topology 85

Data Center Topology 86

Traffic Flows 87

Network Infrastructure Checklist 89

Application Characteristics 90

Application Requirements Checklist 91

Application Optimizer Requirements 91

CIFS Accelerator 91

Advanced Features 92

File Services Utilization 93

File Services Requirements Checklist 93

MAPI Accelerator 94

MAPI Requirements Checklist 95

HTTP Accelerator 95

HTTP Requirements Checklist 95

NFS Accelerator 96

NFS Requirements Checklist 96

Video Accelerator 96

Video Requirements Checklist 96

SSL Accelerator 97

SSL Requirements Checklist 97

Replication Accelerator 98

Platform Requirements 98

Platform Requirements Checklist 98

Scalability Requirements 99

Scalability Requirements Checklist 99

Availability Requirements 99

Availability Checklist 100

Management Requirements 100

Cisco WAAS Central Manager and XML-API 100

SNMP Trap/Inform Routing 101

SNMP Community Strings 101

Syslog Servers 102

Management Requirements Checklist 103

xi

Security Requirements 103

Security Requirements Checklist 105

Virtualization Requirements 105

Virtualization Requirements Checklist 106

Summary 106

Chapter 4 Network Integration and Interception 107

Interface Connectivity 107

Link Aggregation Using PortChannel 111

PortChannel Configuration 112

Using the Standby Interface Feature 115

Standby Interface Configuration 116

Interception Techniques and Protocols 119

Web Cache Communication Protocol 119

WCCP Overview 120

Service Groups 120

Forwarding and Return Methods 123

Load Distribution 125

Failure Detection 126

Flow Protection 128

Graceful Shutdown 128

Scalability 129

Redirect Lists 129

Service Group Placement 130

WCCP Configuration 131

Hardware-Based Platforms 136

Policy-Based Routing 137

Inline Interception 139

Content Switching 143

Application Control Engine 144

Egress Methods 145

Directed Mode 149

Network Integration Best Practices 150

Summary 152

Chapter 5 Branch Office Network Integration 153

In-Path Deployment 153

Nonredundant Branch Office 154

Redundant Branch Office 158

xii Deploying Cisco Wide Area Application Services

Serial Inline Clustering 162

Off-Path Deployment 163

Small to Medium-Sized Nonredundant Branch Office 163

Enhanced Network Module (NME-WAE) 170

Two-Arm Deployment 171

Large Nonredundant Branch Office 174

Off-Path Redundant Topology 181

Small to Medium-Sized Redundant Branch Office 181

Large Redundant Branch Office 190

Policy-Based Routing Interception 196

Cisco IOS Firewall Integration 199

Summary 201

Chapter 6 Data Center Network Integration 203

Data Center Placement 203

Deployment Solutions 212

WCCP 212

Server Load Balancing 227

Scaling Transparent Interception 233

WCCP Scalability 233

ACE Scalability 239

Firewall Integration 240

Summary 247

Chapter 7 System and Device Management 249

System and Device Management Overview 250

Initial Setup Wizard 250

CLI 260

CM Overview 261

Centralized Management System Service 266

Device Registration and Groups 269

Device Activation 270

Device Groups 271

Provisioned Management 273

Role-Based Access Control 274

Integration with Centralized Authentication 278

Windows Authentication 280

TACACS+ Authentication 286

xiii

RADIUS Authentication 288

Device Configuration, Monitoring, and Management 289

Alarms, Monitoring, and Reporting 290

Managing Alarms 290

Monitoring Charts 291

Managing Reports 295

SNMP, Syslog, and System Logs 296

Upgrading and Downgrading Software 302

Backup and Restore of CM Database 305

Programmatic Interfaces and the XML-API 308

Vendors Supporting the XML-API 309

Data Accessible via the XML-API 310

Simple Method of Accessing XML-API Data 313

Summary 317

Chapter 8 Configuring WAN Optimization 319

Cisco WAAS WAN Optimization Capabilities 319

Transport Flow Optimization 320

Data Redundancy Elimination 322

Persistent LZ Compression 324

Automatic Discovery 324

Directed Mode 327

Configuring WAN Optimization 329

Configuring Licenses 329

Enabling and Disabling Features 331

TFO Blacklist Operation 333

Directed Mode 338

Adaptive and Static TCP Buffering 339

Replication Acceleration 345

Application Traffic Policy 347

Application Groups 348

Traffic Classifiers 352

Policy Maps 358

Negotiating Policies 365

EndPoint Mapper Classification 366

Monitoring and Reporting 370

Automatic Discovery Statistics 370

xiv Deploying Cisco Wide Area Application Services