WAAS — 串列內聯群集故障排除
章節:串列內聯群集故障排除
本文描述如何排除串列內聯群集故障。
指南目錄
主要文章
瞭解WAAS架構和流量
WAAS初步故障排除
故障排除最佳化
應用加速故障排除
排除CIFS AO故障
排除HTTP AO故障
排除EPM AO故障
排除MAPI AO故障
排除NFS AO故障
排除SSL AO故障
影片AO故障排除
通用AO故障排除
過載故障排除
WCCP故障排除
AppNav故障排除
磁碟和硬體故障排除
串列內聯群集故障排除
vWAAS故障排除
WAAS Express故障排除
排除NAM整合故障
主要文章
瞭解WAAS架構和流量
WAAS初步故障排除
故障排除最佳化
應用加速故障排除
排除CIFS AO故障
排除HTTP AO故障
排除EPM AO故障
排除MAPI AO故障
排除NFS AO故障
排除SSL AO故障
影片AO故障排除
通用AO故障排除
過載故障排除
WCCP故障排除
AppNav故障排除
磁碟和硬體故障排除
串列內聯群集故障排除
vWAAS故障排除
WAAS Express故障排除
排除NAM整合故障
目錄
附註:WAAS 4.2.1版引入了非最佳化對等體與攔截ACL之間的串列內聯集群。本節不適用於較早的WAAS版本。
檢查串列對等裝置之間的連線
要檢視哪些裝置連線到內聯介面,請使用show cdp neighbors命令,如下所示:
WAE#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
BBSw-R32-R62 Inline 1/1/lan 154 S I WS-C3750G-Gig 3/0/17
BBSw-R32-R62 Inline 1/0/lan 154 S I WS-C3750G-Gig 2/0/18
BBSw-R32-R62 Gig 1/0 126 S I WS-C3750G-Gig 2/0/22
PLT-32-08-7301 Inline 1/1/wan 148 R 7301 Gig 0/2
PLT-32-08-7301 Inline 1/0/wan 147 R 7301 Gig 0/1
WAE-32-08-7341 Inline 1/1/wan 145 T H OE7341 Inline 1/1/w
WAE-32-08-7341 Inline 1/0/wan 145 T H OE7341 Inline 1/0/w
如果串列對等點被一台或多台交換機分隔,則對等點不會顯示在上面的輸出中。
驗證串列對等裝置是否配置正確
要驗證串列對等體是否配置正確,請使用show peer optimization命令,如下所示:
WAE#show peer optimization
Configured Non-optimizing Peers:
Peer Device Id: 00:1a:64:c2:40:8c
對兩個對等體運行此命令,並確保每台裝置在另一個裝置上正確顯示。
使用show device-id命令檢查裝置ID,如下所示:
WAE#show device-id System Device ID is: 00:21:5e:57:e9:d4
驗證串列內聯群集是否正常運行
給定以下拓撲示例:
BR-WAE-----------WAN----------- DC-WAE2 — DC-WAE1
或
BR-WAE1 — BR-WAE2-----------WAN----------- DC-WAE2 — DC-WAE1
通常,最外部的WAE(即BR-WAE和DC-WAE1)或BR-WAE1和DC-WAE1)之間應進行最佳化。要確保這一點,請使用show statistics connection命令檢驗連線上的裝置ID。BR-WAE上的PeerID應指示它正在使用DC-WAE1進行最佳化,而DC-WAE1上的PeerID應指示它正在使用BR-WAE進行最佳化。
BR-WAE#show statistics connection Current Active Optimized Flows: 7552 Current Active Optimized TCP Plus Flows: 7563 Current Active Optimized TCP Only Flows: 0 Current Active Optimized TCP Preposition Flows: 0 Current Active Auto-Discovery Flows: 12891 Current Reserved Flows: 100 Current Active Pass-Through Flows: 3053 Historical Flows: 429 D:DRE,L:LZ,T:TCP Optimization RR:Total Reduction Ratio A:AOIM,C:CIFS,E:EPM,G:GENERIC,H:HTTP,M:MAPI,N:NFS,S:SSL,V:VIDEO ConnID Source IP:Port Dest IP:Port PeerID Accel RR 786432 190.190.3.175:19268 155.155.7.208:80 00:21:5e:52:25:5c THDL 00.0% 786435 190.190.5.115:19283 155.155.0.144:80 00:21:5e:52:25:5c THDL 86.0% 786438 199.199.3.0:58436 155.155.9.15:443 00:21:5e:52:25:5c TSDL 00.0% 786440 190.190.2.231:19312 155.155.0.112:80 00:21:5e:52:25:5c THDL 86.0%
上述輸出中的PeerID應與DC-WAE1匹配。
DC-WAE2上的所有連線都應處於「PT Intermediate」狀態。
如果DC-WAE1發生故障或進入過載狀態,則應在BR-WAE1和DC-WAE2之間最佳化新連線。您可以在DC-WAE2上使用show statistics connection optimized命令進行驗證。應在DC-WAE2上看到已最佳化的連線,並將對等ID BR-WAE1作為對等裝置。
如果BR-WAE1發生故障或進入過載狀態,則DC-WAE2和DC-WAE1之間不應進行最佳化。所有連線都應在DC-WAE1上處於「PT Non-optimizing Peer」狀態,在DC-WAE2上處於「PT No Peer」狀態。下面是預期的show statistics connection命令輸出的示例:
DC-WAE1# sh stat conn Current Active Optimized Flows: 0 Current Active Optimized TCP Plus Flows: 0 Current Active Optimized TCP Only Flows: 0 Current Active Optimized TCP Preposition Flows: 0 Current Active Auto-Discovery Flows: 0 Current Reserved Flows: 100 Current Active Pass-Through Flows: 1 Historical Flows: 1 Local IP:Port Remote IP:Port Peer ID ConnType 2.74.2.162:37116 2.74.2.18:80 00:21:5e:27:ae:14 PT Non-optimizing Peer 2.74.2.18:80 2.74.2.162:37116 00:21:5e:27:ae:14 PT Non-optimizing Peer
DC-WAE2# sh stat conn Current Active Optimized Flows: 0 Current Active Optimized TCP Plus Flows: 0 Current Active Optimized TCP Only Flows: 0 Current Active Optimized TCP Preposition Flows: 0 Current Active Auto-Discovery Flows: 0 Current Reserved Flows: 100 Current Active Pass-Through Flows: 1 Historical Flows: 1 Local IP:Port Remote IP:Port Peer ID ConnType 2.74.2.162:37116 2.74.2.18:80 N/A PT No Peer 2.74.2.18:80 2.74.2.162:37116 N/A PT No Peer
您也可以使用Central Manager Connection Statistics報告(Device > Monitor > Optimization > Connections Statistics)在表中顯示裝置連線統計資訊,如圖1所示。對等ID由裝置名稱指示。
- 圖1. Central Manager裝置連線統計資訊報告
檢測串列對等配置不匹配
必須配置串列對等點,以便將每個對等點指定為非最佳化對等點。如果裝置A配置為B的對等裝置,但B未配置為A的對等裝置,則說明不匹配。要發現不匹配,可以使用Central Manager My WAN > Configure > Peer Settings頁,該頁報告所有串列對等裝置的狀態,如圖2所示。所有正確配置的串列對等裝置在相互配對列中都有一個綠色複選標籤。沒有綠色複選標籤的任何裝置都錯誤地配置了串列對等裝置,而串列對等裝置未配置該裝置作為其串列對等裝置。
- 圖2. Central Manager對等體設定
要檢測串列對等配置不匹配,還可以查詢系統日誌消息,如下所示:
%WAAS-SYS-4-900000: AD: Serial Mode configuration mismatch with peer_id=00:21:5e:27:a8:80
此錯誤表示兩台對等裝置上的串列對等配置不對稱。
排除MAPI加速故障
一般MAPI AO故障排除在故障排除應用加速文章的「MAPI加速器」一節中介紹。
串列內聯群集上的MAPI加速可能出現以下問題:
- 與Exchange伺服器的Outlook連線已斷開連線並恢復
- 與Exchange伺服器的Outlook連線已斷開,並且保持該連線
- Outlook在建立與Exchange伺服器的連線時遇到問題
- Outlook與Exchange伺服器的連線未通過WAAS進行最佳化(它處於傳遞狀態或未執行MAPI AO最佳化)
- 由於DC WAE中的EPM策略超時,MAPI轉義了連線
檢查EPM和MAPI動態策略
使用show policy-engine application dynamic命令檢查EPM和MAPI動態策略,如下所示:
WAE34#show policy-engine application dynamic
Dynamic Match Freelist Information:
Allocated: 32768 In Use: 3 Max In Use: 4 Allocations: 14
Dynamic Match Type/Count Information:
None 0
Clean-Up 0
Host->Host 0
Host->Local 0
Local->Host 0
Local->Any 0
Any->Host 3
Any->Local 0
Any->Any 0
Individual Dynamic Match Information:
Number: 1 Type: Any->Host (6) User Id: EPM (3) <------ EPM Policy
Src: ANY:ANY Dst: 10.56.45.68:1067
Map Name: uuid1544f5e0-613c-11d1-93df-00c04fd7bd09
Flags: TIME_LMT REPLACE FLOW_CNT
Seconds: 1200 Remaining: 8 DM Index: 32765
Hits: 1 Flows: 0 Cookie: 0x00000000
DM Ref Index: -None- DM Ref Cnt: 0
Number: 2 Type: Any->Host (6) User Id: EPM (3) <------ EPM Policy
Src: ANY:ANY Dst: 10.56.45.68:1025
Map Name: uuidf5cc5a18-4264-101a-8c59-08002b2f8426
Flags: TIME_LMT REPLACE FLOW_CNT
Seconds: 1200 Remaining: 10 DM Index: 32766
Hits: 1 Flows: 0 Cookie: 0x00000000
DM Ref Index: -None- DM Ref Cnt: 0
Number: 3 Type: Any->Host (6) User Id: EPM (3)
Src: ANY:ANY Dst: 10.56.45.68:1163
Map Name: uuida4f1db00-ca47-1067-b31f-00dd010662da
Flags: TIME_LMT REPLACE FLOW_CNT
Seconds: 1200 Remaining: 509 DM Index: 32767
Hits: 5 Flows: 0 Cookie: 0x00000000
DM Ref Index: -None- DM Ref Cnt: 0
WAE33#show policy-engine application dynamic Dynamic Match Freelist Information: Allocated: 32768 In Use: 2 Max In Use: 5 Allocations: 12 Dynamic Match Type/Count Information: None 0 Clean-Up 0 Host->Host 1 Host->Local 0 Local->Host 0 Local->Any 0 Any->Host 1 Any->Local 0 Any->Any 0 Individual Dynamic Match Information: Number: 1 Type: Host->Host (2) User Id: MAPI (5) <------ MAPI Policy Src: 10.56.45.246:ANY Dst: 10.56.45.68:1163 Map Name: uuida4f1db00-ca47-1067-b31f-00dd010662da Flags: REPLACE FLOW_CNT RSRVD_POOL REF_SRC_ANY_DM Seconds: 0 Remaining: - NA - DM Index: 32764 Hits: 12 Flows: 5 Cookie: 0x00000000 DM Ref Index: 32767 DM Ref Cnt: 0 Number: 2 Type: Any->Host (6) User Id: EPM (3) Src: ANY:ANY Dst: 10.56.45.68:1163 Map Name: uuida4f1db00-ca47-1067-b31f-00dd010662da Flags: TIME_LMT REPLACE FLOW_CNT Seconds: 1200 Remaining: - NA - DM Index: 32767 Hits: 2 Flows: 0 Cookie: 0x00000000 DM Ref Index: -None- DM Ref Cnt: 1
檢查過濾和自動發現統計資訊
檢查以下命令的輸出,檢視相關的MAPI計數器是否遞增。
WAE#show stat auto-discovery
Auto discovery structure:
Allocation Failure: 0
Allocation Success: 12886550
Deallocations: 12872245
Timed Out: 1065677
.
.
.
Auto discovery Miscellaneous:
RST received: 87134
SYNs found with our device id: 0
SYN retransmit count resets: 0
SYN-ACK sequence number resets (syncookies): 0
SYN-ACKs found with our device id: 0
SYN-ACKs found with mirrored options: 0
Connections taken over for MAPI optimization: 0 <----- MAPI & Serial Inline cluster statistic
WAE#show stat filtering Number of filtering tuples: 44892 Number of filtering tuple collisions: 402 Packets dropped due to filtering tuple collisions: 3 Number of transparent packets locally delivered: 287133100 Number of transparent packets dropped: 0 Packets dropped due to ttl expiry: 0 Packets dropped due to bad route: 589 Syn packets dropped with our own id in the options: 0 In ternal client syn packets dropped: 0 Syn packets received and dropped on estab. conn: 1 Syn-Ack packets received and dropped on estab. conn: 22016 Syn packets dropped due to peer connection alive: 0 Syn-Ack packets dropped due to peer connection alive: 4 Packets recvd on in progress conn. and not handled: 0 Packets dropped due to peer connection alive: 1806742 Packets dropped due to invalid TCP flags: 0 Packets dropped by FB packet input notifier: 0 Packets dropped by FB packet output notifier: 0 Number of errors by FB tuple create notifier: 0 Number of errors by FB tuple delete notifier: 0 Dropped WCCP GRE packets due to invalid WCCP service: 0 Dropped WCCP L2 packets due to invalid WCCP service: 0 Number of deleted tuple refresh events: 0 Number of times valid tuples found on refresh list: 0 SYN packets sent with non-opt option due to MAPI: 0 <----- MAPI & Serial Inline Cluster statistic Internal Server conn. not optimized due to Serial Peer: 0 Duplicate packets to synq dropped: 8
啟用調試日誌記錄
如果檢視動態策略以及過濾和自動發現統計資訊沒有幫助,則啟用調試日誌記錄,以便技術支援工程師對串列內聯群集中MAPI加速連線的情況進行故障排除。
通過運行以下命令啟用調試:
WAE#debug policy-engine connection WAE#debug auto-discovery connection WAE#debug filtering connection WAE#debug connection acl
與往常一樣,需要啟用磁碟日誌記錄,並且必須將磁碟的日誌記錄級別設定為調試。
附註:調試日誌記錄是CPU密集型,可以生成大量輸出。在生產環境中慎重而謹慎地使用它。
偵聽訪問清單故障排除
本節介紹如何解決與攔截ACL相關的以下問題:
- 連線未最佳化
- 未按預期繞過連線
連線未最佳化
如果連線未按預期進行最佳化,可能是由於以下原因。
1.介面可能已關閉。如果是內嵌介面,所有流量都會在硬體中繞過。使用以下命令檢查介面狀態:
WAE#show interface inlinegroup 1/0 Interface is in intercept operating mode. <------ Interface must be in intercepting mode Standard NIC mode is off.
2.如果介面已啟動,請檢查連線的狀態,如果連線處於傳遞狀態,請使用以下命令檢查原因:
WAE#show stat connection pass-through Current Active Optimized Flows: 9004 Current Active Optimized TCP Plus Flows: 9008 Current Active Optimized TCP Only Flows: 0 Current Active Optimized TCP Preposition Flows: 0 Current Active Auto-Discovery Flows: 10294 Current Reserved Flows: 100 Current Active Pass-Through Flows: 2994 Historical Flows: 443 Local IP:Port Remote IP:Port Peer ID ConnType 155.155.14.9:21 199.199.1.200:28624 N/A PT App Cfg 155.155.13.92:21 199.199.1.147:26564 N/A PT App Cfg <----- Pass-through reason
3.如果原因顯示為「PT攔截ACL」,則是由於攔截ACL拒絕SYN封包。
您可以檢視以下輸出來深入檢視ACL,以檢視符合的條件:
WAE#show ip access-list
Space available:
49 access lists
499 access list conditions
Standard IP access list test
1 permit any (1296 matches)
(implicit deny any: 0 matches)
total invocations: 1296
Interface access list references:
None Configured
Application access list references:
INTERCEPTION Standard test
Any IP Protocol
未按預期跳過連線
如果沒有按照預期繞過連線,請確保攔截ACL配置使用以下命令生效:
WAE#show ip access-list
Space available:
49 access lists
499 access list conditions
Standard IP access list test
1 permit any (1296 matches)
(implicit deny any: 0 matches)
total invocations: 1296
Interface access list references:
None Configured
Application access list references:
INTERCEPTION Standard test
Any IP Protocol
從上述輸出中檢查命中計數,看它們是否按預期遞增。
啟用調試日誌記錄
如果使用上述命令後一切正常,但仍然存在問題,請啟用以下調試日誌記錄,並在所關注的SYN資料包上查詢策略引擎決策。
WAE#debug policy-engine connection
與往常一樣,需要啟用磁碟日誌記錄,並且必須將磁碟的日誌記錄級別設定為調試。
附註:調試日誌記錄是CPU密集型,可以生成大量輸出。在生產環境中慎重而謹慎地使用它。
意見