Troubleshooting guide
1-12
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Planning Your WAAS Network
Identifying and Resolving Interoperability Issues
• DSCP/IP precedence (TOS)—Supported under WAAS because WAAS copies the settings of
incoming packets on to the outgoing packets from WAAS back to the router. If the packets are not
colored at connection establishment time (for TCP packets), there might be a delay in propagating
the settings because WAAS does not poll these settings periodically. The packets are eventually
colored properly. When packets are not colored they are left uncolored by the WAAS software.
WAAS software does not support IPv6 QoS, MPLS QoS, ATM QoS, Frame Relay QoS, and Layer 2
(VLAN) QoS.
WAAS Support of the Cisco IOS NBAR Feature
Unlike a traditional type of classification that is specified through a policy filter that is listed in the
“WAAS Support of the Cisco IOS QoS Classification Feature” section on page 1-11, Network-Based
Application Recognition (NBAR) classification needs to consider payload. The classification keeps
track of any interceptor that modifies the payload because this modification might cause NBAR to not
be able to classify the packets. However, the WAAS software does support NBAR.
The following is an example flow of how the WAAS software supports NBAR:
1. A packet P1, which is part of a TCP stream S1, enters the router and is classified by NBAR on the
LAN interface of the router as belonging to class C1. If the classification of P1 does not involve
payload inspection (for example, only TCP/IP headers), no action needs to be taken because the
WAAS software preserves this information.
2. If P1 classification requires payload inspection, P1 needs to be marked using the TOS/DSCP bits in
the packet (as opposed to using other internal marking mechanisms).
3. P1 is then intercepted through WCCP Version 2 (still on the LAN interface, WCCP is processed after
NBAR) and is redirected to a WAE.
4. WAAS applies any optimizations on the payload and copies the DCSP bits settings from the
incoming TCP stream, S1 onto the outgoing stream, S2 (which is established between the local
WAAS appliance and the remote WAAS appliance over the WAN). Because NBAR usually needs to
see some payload before doing the classification, it is unlikely that WAAS will have the proper bit
settings at connection-establishment time. Consequently, the WAAS software uses polling to inspect
the DSCP bits on the incoming TCP stream, then copies it over to the stream from the WAAS device
back to the router.
5. When S2 reenters the router, NBAR will not classify S2 as belonging to C1 because the payload has
been changed or compressed. However, the DSCP settings have already marked these packets as
belonging to C1. Consequently, these packets will be treated properly as if they were classified
through NBAR.
As long as the flow is not identified, NBAR will continue to search for classification in the packets.
Because compressed packets will not be classified, this situation can unnecessarily burden the CPU
(doing packet inspection). Because of the potential degradation in performance and the slight
possibility of correctness issues, we strongly recommend that you use a subinterface or a separate
physical interface to connect the WAE to the router (as described in the “Using Tertiary Interfaces
or Subinterfaces to Connect WAEs to Routers” section on page 1-24). When you use a tertiary
interface or subinterface to connect the WAE to the router, both the performance and correctness
issues are addressed because each packet is processed only once.
6. For dynamic classifications, NBAR maintains a per-flow state. Once certain flows are classified,
NBAR does not continue to perform deep packet inspection anymore. However, for other flows (for
example, Citrix), NBAR does look at packets continuously because the classification may change
dynamically in a flow. Therefore, in order to support all NBAR classifications, it is not sufficient to
only poll the DSCP settings of packets incoming to WAAS once per flow; you need to poll