10-12-2011 09:33 AM
10-12-2011 01:29 PM
in WXOS, the default SAP application is defined as follows:
config application add name "SAP" type default config application rule add name "SAP" src-port 3200,3300-3388,3390-3399,3600-3699 dst-port 1024-65535 config application rule add name "SAP" src-port 1024-65535 dst-port 3200,3300-3388,3390-3399,3600-3699 config acceleration active-flow-pipelining application add "SAP" config reduction network-sequence-mirroring application add "SAP"
SAP GUI (either thick client or HTTP) needs to have compression disabled to fully benefit from WXOS compression/acceleration.
Please contact the SAP support (if the traffic you are seeing is indeed SAP) for an advice how to disable SAP compression (must be done either in thick client or SAP server in case of HTTP).
10-12-2011 10:02 PM
10-12-2011 11:11 PM
Can you please check the source and the destination ip address shown for the SAP application in the Flow Diagnostics?
Please confirm if the source and the destination ip address falls under the Local/Remote routes of the WXC.
Please check for the same flow in both the WXC devices and see if its getting compressed under the Application Defintion name "SAP".
Once you confirm the ip address, you can check those clients whether they are really generating the SAP application traffic or not.
As you say, there is no SAP traffic , try giving the application definition precedence as the least value for the SAP traffic, so that it will avoid any wrong match of the Application Defintion.
Please confirm these.
Advanced JTAC Engineer - WX/MFC
10-13-2011 03:20 AM
10-13-2011 03:41 AM
10-13-2011 05:28 AM
Are you seeing the same flows in the Spoke WXC as well? Flow i mean, same source ip, source port , destination ip , destination port?
Can you please share (paste) the Application definition for the SAP application. I feel the Application Definition configuration might be wrong.
As i said earlier, try configuring the SAP application definition with least precedence and see if you are still seeing the same issue.
Advanced JTAC Engineer - WX/MFC
10-13-2011 06:00 AM
10-13-2011 09:40 AM
Let me jump in here and explain this one.
Basically the L4 traffic definition for SAp uses port numbers, ANYTIME we see ANY FLOW using the defined port numbers we will classify that flow as SAP or what ever application matched that port. With application definitions that use emphenical ports (ports over 1024) there always exist the possibility that a flow will be mis-clarified as these ports are not reserved and are available to be used by ANY application..Its just that some application have defined themselves as using these particular ports to listen on but this is L4 to be 100% sure when a flow uses a port over 1024 you would require some sort of DPI/IDP to look at the application signature to understand what it is..Just like saying I have an app running on port 80...Oh then its http...maybe it could be twitter/facebook/even telnet.... you get the picture now I hope.
If you used some L3 app def (IP based not port based) in your network then some of these mis clarification could be fixed....however I'd say if the app traffic is so small I'd maybe just ignore this traffic mis-clarification.
10-13-2011 09:59 AM
10-13-2011 11:16 AM
If the compression for the 'not real SAP' is say <5% compression you could elect to remove the application definition from compression. Or I'd look at the flows to see if you can find the host that is serving this data....create a new application def maybe using the IP address of this server, place this new app above SAP in app def list by having a higher precedence for the new app and monitor this app....also find out what this app actually is....it may have application level compression in use (not encryption) as this would cause the application to get zero compression and you said it was low not zero.
10-17-2011 04:16 AM