WAAS — 串行内联集群故障排除

下载选项

  • PDF     (258.7 KB)
    在各种设备上使用 Adobe Reader 查看
  • ePub     (262.9 KB)
    在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上使用各种应用查看
  • Mobi (Kindle)     (209.7 KB)
    在 Kindle 设备上查看或在多个设备上使用 Kindle 应用查看
已更新: 2019 年 3 月 6 日
文档 ID:1551882474402793

非歧视性语言

此产品的文档集力求使用非歧视性语言。在本文档集中,非歧视性语言是指不隐含针对年龄、残障、性别、种族身份、族群身份、性取向、社会经济地位和交叉性的歧视的语言。由于产品软件的用户界面中使用的硬编码语言、基于 RFP 文档使用的语言或引用的第三方产品使用的语言,文档中可能无法确保完全使用非歧视性语言。 深入了解思科如何使用包容性语言。

关于此翻译

思科采用人工翻译与机器翻译相结合的方式将此文档翻译成不同语言,希望全球的用户都能通过各自的语言得到支持性的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 Cisco Systems, Inc. 对于翻译的准确性不承担任何责任,并建议您总是参考英文原始文档(已提供链接)。

章节:串行内联集群故障排除

本文介绍如何排除串行内联集群故障。

指南内容

主要文章
了解WAAS架构和流量
初步WAAS故障排除
故障排除优化
应用加速故障排除
排除CIFS AO故障
排除HTTP AO故障
排除EPM AO故障
排除MAPI AO故障
排除NFS AO故障
SSL AO故障排除
视频AO故障排除
排除通用AO故障
排除过载情况故障
排除WCCP故障
AppNav故障排除
排除磁盘和硬件故障
串行内联集群故障排除
vWAAS故障排除
排除WAAS Express故障
排除NAM集成故障

目录

NOTE:WAAS版本4.2.1中引入了非优化对等体和侦听ACL之间的串行内联集群。本节不适用于早期的WAAS版本。

检查串行对等体之间的连接

要查看哪些设备连接到内联接口,请使用show cdp neighbors命令,如下所示: 

WAE#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                 S - Switch, H - Host, I - IGMP, r - Repeater
Device ID        Local Intrfce    Holdtme    Capability  Platform  Port ID
BBSw-R32-R62     Inline 1/1/lan   154             S I    WS-C3750G-Gig 3/0/17
BBSw-R32-R62     Inline 1/0/lan   154             S I    WS-C3750G-Gig 2/0/18
BBSw-R32-R62     Gig 1/0          126             S I    WS-C3750G-Gig 2/0/22
PLT-32-08-7301   Inline 1/1/wan   148              R     7301      Gig 0/2
PLT-32-08-7301   Inline 1/0/wan   147              R     7301      Gig 0/1
WAE-32-08-7341   Inline 1/1/wan   145             T H    OE7341    Inline 1/1/w
WAE-32-08-7341   Inline 1/0/wan   145             T H    OE7341    Inline 1/0/w

如果串行对等体由一台或多台交换机分隔,则上述输出中不会显示对等体。

验证串行对等体配置正确

要验证串行对等体是否配置正确,请使用show peer optimization命令,如下所示: 

WAE#show peer optimization
Configured Non-optimizing Peers:
        Peer Device Id: 00:1a:64:c2:40:8c

在两个对等体上运行此命令,并确保每台设备在另一台上正确显示。

使用show device-id命令检查设备ID,如下所示: 

WAE#show device-id
System Device ID is: 00:21:5e:57:e9:d4

验证串行内联集群是否运行正常

给定以下拓扑示例:

BR-WAE —WAN — DC-WAE2 — DC-WAE1

BR-WAE1 — BR-WAE2 —WAN— DC-WAE2 — DC-WAE1

通常,应在最外层的WAE(即BR-WAE和DC-WAE1)或BR-WAE1和DC-WAE1之间进行优化。要确保这一点,请使用show statistics connection命令验证连接上的设备ID。BR-WAE上的PeerID应表示它正在使用DC-WAE1进行优化,而DC-WAE1上的PeerID应表示它正在使用BR-WAE进行优化。 

BR-WAE#show statistics connection

Current Active Optimized Flows:                      7552
  Current Active Optimized TCP Plus Flows:          7563
  Current Active Optimized TCP Only Flows:          0
  Current Active Optimized TCP Preposition Flows:   0
Current Active Auto-Discovery Flows:                 12891
Current Reserved Flows:                              100
Current Active Pass-Through Flows:                   3053
Historical Flows:                                    429


D:DRE,L:LZ,T:TCP Optimization RR:Total Reduction Ratio
A:AOIM,C:CIFS,E:EPM,G:GENERIC,H:HTTP,M:MAPI,N:NFS,S:SSL,V:VIDEO

ConnID        Source IP:Port          Dest IP:Port            PeerID Accel RR
786432   190.190.3.175:19268      155.155.7.208:80 00:21:5e:52:25:5c THDL  00.0%
786435   190.190.5.115:19283      155.155.0.144:80 00:21:5e:52:25:5c THDL  86.0%
786438     199.199.3.0:58436      155.155.9.15:443 00:21:5e:52:25:5c TSDL  00.0%
786440   190.190.2.231:19312      155.155.0.112:80 00:21:5e:52:25:5c THDL  86.0%

上述输出中的PeerID应与DC-WAE1的PeerID匹配。

DC-WAE2上的所有连接都应处于“PT Intermediate”状态。

如果DC-WAE1发生故障或过载,应在BR-WAE1和DC-WAE2之间优化新连接。您可以在DC-WAE2上使用show statistics connection optimized 命令来验证这一点。在DC-WAE2上,应使用BR的对等ID查看优化连接 — WAE1作为对等设备。

如果BR-WAE1发生故障或过载,则DC-WAE2和DC-WAE1之间不应存在优化。所有连接在DC-WAE1上应处于“PT非优化对等体”状态,在DC-WAE2上应处于“PT无对等体”状态。以下是预期的show statistics connection命令输出示例: 

DC-WAE1# sh stat conn

Current Active Optimized Flows:                      0
   Current Active Optimized TCP Plus Flows:          0
   Current Active Optimized TCP Only Flows:          0
   Current Active Optimized TCP Preposition Flows:   0
Current Active Auto-Discovery Flows:                 0
Current Reserved Flows:                              100
Current Active Pass-Through Flows:                   1
Historical Flows:                                    1


Local IP:Port         Remote IP:Port        Peer ID           ConnType
2.74.2.162:37116      2.74.2.18:80          00:21:5e:27:ae:14 PT Non-optimizing Peer
2.74.2.18:80          2.74.2.162:37116      00:21:5e:27:ae:14 PT Non-optimizing Peer



DC-WAE2# sh stat conn

Current Active Optimized Flows:                      0
   Current Active Optimized TCP Plus Flows:          0
   Current Active Optimized TCP Only Flows:          0
   Current Active Optimized TCP Preposition Flows:   0
Current Active Auto-Discovery Flows:                 0
Current Reserved Flows:                              100
Current Active Pass-Through Flows:                   1
Historical Flows:                                    1


Local IP:Port         Remote IP:Port        Peer ID           ConnType
2.74.2.162:37116      2.74.2.18:80          N/A               PT No Peer
2.74.2.18:80          2.74.2.162:37116      N/A               PT No Peer

您还可以使用Central Manager Connection Statistics报告(Device > Monitor > Optimization > Connections Statistics)在表中显示设备连接统计信息,如图1所示。对等体ID由设备名称指示。

图1.中央管理器设备连接统计报告
waast-deviceconnstats.png

检测串行对等配置不匹配

必须配置串行对等体,以便将每个对等体指定为彼此的非优化对等体。如果设备A配置为B的对等体,但B未配置为A的对等体,则表示不匹配。要发现不匹配,可以使用Central Manager My WAN > Configure > Peer Settings页,该页报告所有串行对等体的状态,如图2所示。所有正确配置的串行对等体在Mutual Pair列中都有绿色勾选号。没有绿色复选标记的任何设备都错误地配置了串行对等体,而串行对等体没有将设备配置为其串行对等体。

图2.中央管理器对等体设置
waast-peersettings.png

要检测串行对等体配置不匹配,您还可以查找系统日志消息,例如: 

%WAAS-SYS-4-900000: AD: Serial Mode configuration mismatch with peer_id=00:21:5e:27:a8:80

此错误表示两个对等设备上的串行对等配置不对称。

排除MAPI加速故障

一般MAPI AO故障排除在故障排除应用加速文章的“MAPI加速器”一节中介绍。

在串行内联群集上,MAPI加速可能会出现以下问题:

  • Outlook与Exchange服务器的连接已断开并恢复
  • Outlook与Exchange服务器的连接已断开,并保持连接
  • Outlook在建立与Exchange服务器的连接时遇到问题
  • WAAS未优化与Exchange服务器的Outlook连接(它处于传递状态或未完成MAPI AO优化)
  • 由于DC WAE中的EPM策略超时,MAPI转义连接

检查EPM和MAPI动态策略

使用show policy-engine application dynamic命令检查EPM和MAPI动态策略,如下所示: 

WAE34#show policy-engine application dynamic
Dynamic Match Freelist Information:
  Allocated: 32768  In Use: 3  Max In Use: 4  Allocations: 14

Dynamic Match Type/Count Information:
  None                    0
  Clean-Up                0
  Host->Host              0
  Host->Local             0
  Local->Host             0
  Local->Any              0
  Any->Host               3
  Any->Local              0
  Any->Any                0

Individual Dynamic Match Information:
  Number:     1   Type: Any->Host (6)  User Id: EPM (3)      <------ EPM Policy
    Src: ANY:ANY  Dst: 10.56.45.68:1067
    Map Name: uuid1544f5e0-613c-11d1-93df-00c04fd7bd09
    Flags: TIME_LMT REPLACE FLOW_CNT 
    Seconds: 1200  Remaining: 8  DM Index: 32765
    Hits: 1  Flows: 0  Cookie: 0x00000000
    DM Ref Index: -None-  DM Ref Cnt: 0

  Number:     2   Type: Any->Host (6)  User Id: EPM (3)      <------ EPM Policy
    Src: ANY:ANY  Dst: 10.56.45.68:1025
    Map Name: uuidf5cc5a18-4264-101a-8c59-08002b2f8426
    Flags: TIME_LMT REPLACE FLOW_CNT 
    Seconds: 1200  Remaining: 10  DM Index: 32766
    Hits: 1  Flows: 0  Cookie: 0x00000000
    DM Ref Index: -None-  DM Ref Cnt: 0

   Number:     3   Type: Any->Host (6)  User Id: EPM (3)
    Src: ANY:ANY  Dst: 10.56.45.68:1163
    Map Name: uuida4f1db00-ca47-1067-b31f-00dd010662da
    Flags: TIME_LMT REPLACE FLOW_CNT 
    Seconds: 1200  Remaining: 509  DM Index: 32767
    Hits: 5  Flows: 0  Cookie: 0x00000000
    DM Ref Index: -None-  DM Ref Cnt: 0

WAE33#show policy-engine application dynamic
Dynamic Match Freelist Information:
 Allocated: 32768  In Use: 2  Max In Use: 5  Allocations: 12

Dynamic Match Type/Count Information:
  None                    0
  Clean-Up                0
  Host->Host              1
  Host->Local             0
  Local->Host             0
  Local->Any              0
  Any->Host               1
  Any->Local              0
  Any->Any                0

Individual Dynamic Match Information:
 Number:     1   Type: Host->Host (2)  User Id: MAPI (5)       <------ MAPI Policy
   Src: 10.56.45.246:ANY  Dst: 10.56.45.68:1163
   Map Name: uuida4f1db00-ca47-1067-b31f-00dd010662da
   Flags: REPLACE FLOW_CNT RSRVD_POOL REF_SRC_ANY_DM 
   Seconds: 0  Remaining: - NA -  DM Index: 32764
   Hits: 12  Flows: 5  Cookie: 0x00000000
   DM Ref Index: 32767  DM Ref Cnt: 0

 Number:     2   Type: Any->Host (6)  User Id: EPM (3)
   Src: ANY:ANY  Dst: 10.56.45.68:1163
   Map Name: uuida4f1db00-ca47-1067-b31f-00dd010662da
   Flags: TIME_LMT REPLACE FLOW_CNT 
   Seconds: 1200  Remaining: - NA -  DM Index: 32767
   Hits: 2  Flows: 0  Cookie: 0x00000000
   DM Ref Index: -None-  DM Ref Cnt: 1

检查过滤和自动发现统计信息

检查以下命令的输出,查看相关MAPI计数器是否递增。 

WAE#show stat auto-discovery
Auto discovery structure:
      Allocation Failure:                            0
      Allocation Success:                            12886550
      Deallocations:                                 12872245
      Timed Out:                                     1065677
.
.
.
Auto discovery Miscellaneous:
      RST received:                                  87134
      SYNs found with our device id:                 0
      SYN retransmit count resets:                   0
      SYN-ACK sequence number resets (syncookies):   0
      SYN-ACKs found with our device id:             0
      SYN-ACKs found with mirrored options:          0
      Connections taken over for MAPI optimization:  0     <----- MAPI & Serial Inline cluster statistic

WAE#show stat filtering
Number of filtering tuples:                             44892
Number of filtering tuple collisions:                   402
Packets dropped due to filtering tuple collisions:      3
Number of transparent packets locally delivered:        287133100
Number of transparent packets dropped:                  0
Packets dropped due to ttl expiry:                      0
Packets dropped due to bad route:                       589
Syn packets dropped with our own id in the options:     0
In ternal client syn packets dropped:                    0
Syn packets received and dropped on estab. conn:        1
Syn-Ack packets received and dropped on estab. conn:    22016
Syn packets dropped due to peer connection alive:       0
Syn-Ack packets dropped due to peer connection alive:   4
Packets recvd on in progress conn. and not handled:     0
Packets dropped due to peer connection alive:           1806742
Packets dropped due to invalid TCP flags:               0
Packets dropped by FB packet input notifier:            0
Packets dropped by FB packet output notifier:           0
Number of errors by FB tuple create notifier:           0
Number of errors by FB tuple delete notifier:           0
Dropped WCCP GRE packets due to invalid WCCP service:   0
Dropped WCCP L2 packets due to invalid WCCP service:    0
Number of deleted tuple refresh events:                 0
Number of times valid tuples found on refresh list:     0
SYN packets sent with non-opt option due to MAPI:       0    <----- MAPI & Serial Inline Cluster statistic
Internal Server conn. not optimized due to Serial Peer: 0
Duplicate packets to synq dropped:                      8

启用调试日志记录

如果查看动态策略和过滤和自动发现统计信息无济于事,则启用调试日志记录,以便技术支持工程师可以排除串行内联集群中MAPI加速连接发生的故障。

通过运行以下命令启用调试: 

WAE#debug policy-engine connection
WAE#debug auto-discovery connection
WAE#debug filtering connection
WAE#debug connection acl

与以往一样,需要启用磁盘日志记录,并且必须将磁盘的日志记录级别设置为调试。

NOTE:调试日志记录占用大量CPU资源,并且可以生成大量输出。在生产环境中谨慎、谨慎地使用它。

拦截访问列表故障排除

本节介绍如何排除与拦截ACL相关的以下问题:

  • 连接未优化
  • 连接未按预期绕过

连接未优化

如果连接未按预期优化,则可能是由于以下原因。

1.接口可能已关闭。如果它是内联接口,则所有流量都将在硬件中绕过。使用以下命令检查接口状态: 

WAE#show interface inlinegroup 1/0
Interface is in intercept operating mode.       <------ Interface must be in intercepting mode
Standard NIC mode is off.

2.如果接口为up状态,请检查连接状态,如果连接处于直通状态,请使用以下命令检查原因: 

WAE#show stat connection pass-through
Current Active Optimized Flows:                      9004
   Current Active Optimized TCP Plus Flows:          9008
   Current Active Optimized TCP Only Flows:          0
   Current Active Optimized TCP Preposition Flows:   0
Current Active Auto-Discovery Flows:                 10294
Current Reserved Flows:                              100
Current Active Pass-Through Flows:                   2994
Historical Flows:                                    443
Local IP:Port         Remote IP:Port        Peer ID           ConnType
155.155.14.9:21       199.199.1.200:28624   N/A               PT App Cfg
155.155.13.92:21      199.199.1.147:26564   N/A               PT App Cfg   <----- Pass-through reason

3.如果原因显示为“PT拦截ACL”,则原因是拦截ACL拒绝SYN数据包。

您可以查看以下输出,深入查看ACL,查看匹配的条件: 

WAE#show ip access-list
Space available:
   49 access lists
  499 access list conditions
Standard IP access list test
  1 permit any (1296 matches)
    (implicit deny any: 0 matches)
  total invocations: 1296
Interface access list references:
 None Configured
 Application access list references:
  INTERCEPTION                    Standard        test
    Any IP Protocol

连接未按照预期绕过

如果连接未按预期绕过,请确保侦听ACL配置使用以下命令生效: 

WAE#show ip access-list
Space available:
   49 access lists
  499 access list conditions
Standard IP access list test
  1 permit any (1296 matches)
    (implicit deny any: 0 matches)
  total invocations: 1296
Interface access list references:
 None Configured
 Application access list references:
  INTERCEPTION                    Standard        test
    Any IP Protocol

检查上述输出的命中计数,查看其是否按预期递增。

启用调试日志记录

如果使用上述命令显示一切正确,但仍然存在问题,请启用以下调试日志记录并查找有关SYN数据包的策略引擎决策。 

 WAE#debug policy-engine connection

与以往一样,需要启用磁盘日志记录,并且必须将磁盘的日志记录级别设置为调试。

NOTE:调试日志记录占用大量CPU资源,并且可以生成大量输出。在生产环境中谨慎、谨慎地使用它。

此文档是否有帮助?

Feedback反馈

联系我们

本文档适用于以下产品