CISCO SD-WAN vEdge Routers User Guide

CISCO SD-WAN vEdge Routers

First Published: 2020-05-15
Last Modified: 2020-08-17

Americas Headquarters
Cisco Systems, Inc.
170West Tasman Drive
San Jose, CA 95134-1706

USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE- NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.

The documentation set for this product strives to use bias-free language. For purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, the language used based on standards documentation, or language that is used by a referenced third-party product.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
© 2019–2023 Cisco Systems, Inc. All rights reserved.

Read Me First
Related References

• Release Notes
• Cisco SD-WAN Controller Compatibility Matrix and Server Recommendations

User Documentation

• Cisco SD-WAN (Cisco vEdge Devices)
• User Documentation for Cisco vEdge Devices

Communications, Services, and Additional Information

• Sign up for Cisco email newsletters and other communications at Cisco Profile Manager.
• For information on the latest technical, advanced, and remote services to increase the operational reliability of your network visit Cisco Services.
• To browse and discover secure, validated enterprise-class apps, products, solutions, and services, visit Cisco Devnet.
• To obtain general networking, training, and certification titles from Cisco Press Publishers, visit Cisco Press.
• To find warranty information for a specific product or product family, visit Cisco Warranty Finder.
• To view open and resolved bugs for a release, access the Cisco Bug Search Tool.
• To submit a service request, visit Cisco Support.

Documentation Feedback
To provide feedback about Cisco technical documentation use the feedback form available in the right pane of every online document.

What’s New in Cisco SD-WAN
Cisco is constantly enhancing the SD-WAN solution with every release and we try and keep the content in line with the latest enhancements. The following table lists new and modified features we documented in the Configuration, Command Reference, and Hardware Installation guides. For information on additional features and fixes that were committed to the Cisco SD-WAN solution, see the Resolved and Open Bugs section in the Release Notes.

What’s New in Cisco SD-WAN (vEdge) Release 20. x
TCP Optimization: Cisco vEdge Devices TCP optimization fine-tunes the processing of TCP data traffic to decrease round-trip latency and improve throughput. Optimizing TCP traffic is especially useful for improving TCP traffic performance on long-latency links, such as transcontinental links and the high-latency transport links used by VSAT satellite communications systems. TCP optimization can also improve the performance of SaaS applications.

• Configure TCP Optimization, on page 5
• Monitor TCP Optimization, on page 8

Table 1: Feature History

Supported Platforms
TCP Optimization is supported on the following platforms:

• Cisco vEdge 1000
• Cisco vEdge 2000
• Cisco ISR1100 6G

TCP Optimization is not supported on the following platforms

• Cisco vEdge 100
• Cisco vEdge 100b
• Cisco vEdge 100m
• Cisco vEdge 100mw
• Cisco vEdge 5000
• Cisco ISR1100 4G
• Cisco ISR1100 4GLTEGB
• Cisco ISR1100 4GLTENA
• Cisco ISR 1100X Series Integrated Services Routers

For more information on supported software features and protocols, see Platform Architecture and Capabilities. Note TCP optimization is not supported on DNS traffic. TCP optimization fine-tunes the processing of TCP data traffic to decrease round-trip latency and improve throughput. You can optimize TCP traffic in service-side VPNs on vEdge routers. Optimizing TCP traffic is especially useful for improving TCP traffic performance on long-latency links, such as transcontinental links and the high-latency transport links used by VSAT satellite communications systems. TCP optimization can also improve the performance of SaaS applications. With TCP optimization, a vEdge router acts as a TCP proxy between a client that is initiating a TCP flow and a server that is listening for a TCP flow, as illustrated in the following figure:

This figure shows two vEdge routers acting as proxies. vEdge-1 is the proxy for the client and is called the client proxy. vEdge-2 is the proxy for the server, called the server proxy. Without TCP optimization, the client establishes a TCP connection directly to the server. When you enable TCP optimization on the two routers, vEdge-1 terminates the TCP connection from the client and establishes a TCP connection with vEdge 2. The vEdge-2 router then establishes a TCP connection to the server. The two vEdge routers cache the TCP traffic in their buffers to ensure that the traffic from the client reaches the server without the TCP connection timing out.

It is recommended that you configure TCP optimization on both the vEdge routers, the router closer to the client, and the router closer to the server. This configuration is sometimes referred to as a dual-ended proxy. While it is possible to configure TCP optimization only on the vEdge router closer to the client, called single-ended proxy, this configuration is not recommended because the TCP optimization process is
compromised. TCP is a bidirectional protocol and operates only when connection-initiation messages (SYNs) are acknowledged by ACK messages in a timely fashion. If both the client and the server are connected to the same vEdge router, no TCP optimization is performed.

To use TCP optimization, you first enable the feature on the vEdge router. Then you define which TCP traffic to optimize.

1. To use TCP optimization on a vEdge router, you must enable it: vEdge(config-system)# tcp-optimization enabled On vEdge 1000 and vEdge 2000 routers, enabling TCP optimization carves out a separate CPU core to use for performing TCP optimization, which is a CPU-intensive process.
2. To enable TCP optimization for all TCP traffic in a VPN, include the following command when configuring service-side VPNs on a vEdge router:

For example, to enable TCP optimization in VPN 1
To display information about the TCP flows that the vEdge router is optimizing, use the show app tcp-opt active-flows command to view flows that are currently active and the show app tcp-opt expired-flows
command to view flows that were active but have expired.

Reboot the vEdge router

To enable TCP optimization for a specific flow of TCP traffic in a VPN, create a centralized data policy that includes the optimization action. Use the match conditions in the data policy to define the VPN
in which to optimize the TCP traffic and the traffic properties to match. The following example enables TCP optimization on all TCP traffic destined to port 22, which is used for SSH sessions: The TCP optimization feature is enabled based on the data policy. The data policy match needs to be created for the TCP flows in both directions. For example, if the TCP flow is from 10.20.24.17:30000 -> 10.20.25.18:5001, the data policy to enable TCP optimization must be created to match the reverse direction. That is from 10.20.25.18:5001 -> 10.20.24.17:30000.

Monitor TCP Optimization

If TCP optimization is enabled on a router, you can view information about how the optimization is affecting the processing and throughput of TCP data traffic on the router:

1. From the Cisco vManage menu, choose Monitor > Devices.
2. Cisco vManage Release 20.6.x and earlier: From the Cisco vManage menu, choose Monitor > Network.
3. Choose a vEdge router.
4. Click TCP Optimization–WAN Throughput. The right pane displays the WAN throughput, in megabits per second.

The right pane contains the following elements

• Chart Options—This includes the Filter Options drop-down and time periods.
• Click Filter to limit the data to display based on VPN, local TLOC color, destination IP address, remote TLOC color, and remote system IP address.
• Click a predefined or custom time period for which to display data.
• Average optimized throughput information in graphical format.
• WAN graph legend—Identifies non-optimized and TCP-optimized packet throughput.
• The right pane shows the hourly average throughput and the total optimized throughput, both in megabits per second.
• Click TCP Optimization–Flows in the left pane to display information about TCP-optimized traffic flows.
• The right pane contains the following elements:
• Chart Options—This includes the Filter drop-down and time periods. Click Filter to limit the data to display based on VPN, local TLOC color, destination IP address, remote TLOC color, and remote system
• IP address. Click a predefined or custom time period for which to display data.
• Average optimized throughput information in graphical format.
• Flows graph legend—Identifies traffic flows. The right pane contains the following elements:
• Set perspective—Select the flow direction.
• Search box—Includes the Search Options drop-down, for a Contains or Match string.
• Flow table that lists the flow destination, usage, and percentage of total traffic for all TCP-optimized flows. By default, the first six flows are selected.
• Check the checkbox for the flows to select and deselect flows to display. The graphical display in the right pane plots information for the selected flows.
• Click TCP Optimization–Connections in the left pane to display status information about all the tunnels over
• which the most TCP-optimized traffic is flowing. The right pane contains the following elements:

TCP Optimization Connections in Graphical Format

• Connection State boxes—Select the connection state or states to display TCP optimization information about.
• The right pane contains the following elements Filter criteria.
• Flow table that lists information about each of the tunnels, including the tunnel’s connection state.

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Download this manual  >>