4 Replies Latest reply: Aug 23, 2016 10:28 AM by Josefina Mendez RSS

SaaS PoC not optimizing (O365 + Microsoft Dynamics)

Josefina Mendez

Hello, I'm installing an Office365 + Microsoft Dynamics PoC in a client, so far I've done everything as the "book" says but I still cant see any optimization.


UPDATE

My topology is as follows: We moved the Steelhead after the FW because the NAT was giving us too much trouble(because of the way it was configured, separed IPs for VLAN steelhead, VLAN users)

 

LAN---SW--------Firewall (HSRP)----Client Steelhead ---Internet---Cloud Portal---Office365, Microsoft Dynamics.

             |_____Firewall (HSRP)____|

 

The Steelhead is properly registered in the Cloud Portal.
The certificates where created and installed in the clients (CA cloud hosted), the proxy certificates for each aplication are activated. (see attached)

 

Here you can see some logs:

SH-D #

SH-D # show service cloud-accel

  Enabled:                      Yes

  Status:                       Connected

  Service Ready:                Yes

  Reason:                       Data retrieved successfully from Portal. (Fri Sep  2 19:04:13 2016)

  Last Contact:                 Fri Sep  2 19:04:13 2016

  Portal:                       cloudportal.riverbed.com:443 (HTTPS)

  Redirection:                  Enabled

    Port:                       9545

    State:                      Active

    Spill-over Policy:          Disabled

    Redirect RiOS PT Policy:    Enabled

    Interfaces:

      inpath0_0:                Enabled

      inpath0_1:                Enabled

      primary:                  Enabled

SH-D #

SH-D # show service cloud-accel access

  ESH URL:              https://cloudportal.riverbed.com/api/akam/esh/v1/22b6941621a0366c50dee5c13224dac9/

  Refresh period:       1200 seconds

  Portal cert checking: Enabled

  Customer ESH ID:      401527 (1469634647)

  Entitlement Code:     JZB7rEh1W4jxq2FWDZqAS80wQqti5UlU (1465948265)

  Akamai Customer ID:   477173 (1472851892)

  SaaS data version:    9666a6c1501057f08e44428b8da383cfdf6d18d6

  Cert uploaded:        Yes

SH-Derco #

 

I see this log, but I couldn't find it anywhere:

Sep 2 17:31:40 SH-D rscored[11861]: [ocd.nwutils.NOTICE] Refreshing resolver cache

Sep 2 17:31:40 SH-D rscored[11861]: [ocd.auth_helper.WARNING] Error in message from riverbedcmc for server riverbedcmc failed due to HTTPSConnectionPool(host='riverbedcmc', port=443): Max retries exceeded with url: /api/cmc.auth/1.0/certificate (Caused by <class 'socket.gaierror'>: [Errno -2] Name or service not known)

Sep 2 17:31:40 SH-D rscored[11861]: [ocd.auth_helper.WARNING] Creating a server connection to riverbedcmc failed due to HTTPSConnectionPool(host='riverbedcmc', port=443): Max retries exceeded with url: /api/cmc.auth/1.0/certificate (Caused by <class 'socket.gaierror'>: [Errno -2] Name or service not known)

 

 

But so far we don't see any connection optimizing, and I see the message in every fail connection:

Passthrought Reason: No Steelhead on path to server

 

I need to solve this and make it work ASAP.

In case this is only a problem of asymetric routing, how can I solve it? should I change the topology?
HELP please

 

 

thanks!!!!

  • Re: SaaS PoC not optimizing (O365 + Microsoft Dynamics)
    Sofiene HAOUCHINE

    Hi Josefina,

     

    You need to Enable Cloud Acceleration trough Cloud Accelerator. Missing from your picture SteelHead Registrado al cloud portal.

     

    Sha

    • Re: SaaS PoC not optimizing (O365 + Microsoft Dynamics)
      Josefina Mendez

      Sorry It seems I mixed the pictures, I have too many by now.22-8-optmization cloud portal.png

      • Re: SaaS PoC not optimizing (O365 + Microsoft Dynamics)
        Sofiene HAOUCHINE

        Hi Josefina,

         

        Are you able to verify that your default gateway is correct for the in-path interface. The SteelHead applicance needs IP connectivity and ACP uses the in-path interface to reach the Akamai network

         

        Sha

        • Re: SaaS PoC not optimizing (O365 + Microsoft Dynamics)
          Josefina Mendez

          Hi Sofiene,

          The inpath GW is the HSRP IP of the firewalls.


          One of the first troubles we got had to do with this, and yesterday we managed to fix the FW rules solving the DNS and  connectivity issues.

           

          This is one of the messages we got:

          Aug 22 17:03:50 SH-D acp[28042]: [acp.ERR]: DNS Lookup Timed Out or Failed. Returning SYN packet via TUN device

          Aug 22 17:03:50 SH-D acp[28042]: [acp.ERR]: DNS Lookup Timed Out or Failed. Returning SYN packet via TUN device

          Aug 22 17:03:50 SH-D acp[28042]: [acp.ERR]: DNS lookup for a438.srip1.akasrip.net.00000000.323DF584.477174.3.cn.akasripcn.net failed.

          Aug 22 17:03:50 SH-D acp[28042]: [acp.ERR]: DNS lookup for a438.srip1.akasrip.net.00000000.C2F5F584.477174.3.cn.akasripcn.net failed.

           

          Now we don't have this issue any more:

          SH-D # ping -I inpath0_1 a438.srip1.akasrip.net.00000000.56B8704A.477174.3.cn.akasripcn.net

          PING a438.srip1.akasrip.net.00000000.56B8704A.477174.3.cn.akasripcn. (184.87.141.54) from 10.40.0.50 : 56(84) bytes of data.

          From 10.40.0.1: icmp_seq=1 Redirect Network(New nexthop: 10.40.0.11)

          64 bytes from a184-87-141-54.deploy.static.akamaitechnologies.com (184.87.141.54): icmp_seq=1 ttl=58 time=3114 ms

          64 bytes from a184-87-141-54.deploy.static.akamaitechnologies.com (184.87.141.54): icmp_seq=2 ttl=58 time=2.00 ms

          64 bytes from a184-87-141-54.deploy.static.akamaitechnologies.com (184.87.141.54): icmp_seq=3 ttl=58 time=2.01 ms

          64 bytes from a184-87-141-54.deploy.static.akamaitechnologies.com (184.87.141.54): icmp_seq=4 ttl=58 time=1.87 ms

          ^C

          --- a438.srip1.akasrip.net.00000000.56B8704A.477174.3.cn.akasripcn. ping statistics ---

          4 packets transmitted, 4 received, 0% packet loss, time 5671ms

          rtt min/avg/max/mdev = 1.873/780.059/3114.347/1347.701 ms

           

          SH-D # ping -I inpath0_0 a438.srip1.akasrip.net.00000000.56B8704A.477174.3.cn.akasripcn.net

          PING a438.srip1.akasrip.net.00000000.56B8704A.477174.3.cn.akasripcn. (184.87.141.54) from 10.40.0.15 : 56(84) bytes of data.

          64 bytes from a184-87-141-54.deploy.static.akamaitechnologies.com (184.87.141.54): icmp_seq=1 ttl=58 time=1.80 ms

          64 bytes from a184-87-141-54.deploy.static.akamaitechnologies.com (184.87.141.54): icmp_seq=2 ttl=58 time=1.76 ms

          64 bytes from a184-87-141-54.deploy.static.akamaitechnologies.com (184.87.141.54): icmp_seq=3 ttl=58 time=1.71 ms

          64 bytes from a184-87-141-54.deploy.static.akamaitechnologies.com (184.87.141.54): icmp_seq=4 ttl=58 time=1.76 ms

          ^C

          --- a438.srip1.akasrip.net.00000000.56B8704A.477174.3.cn.akasripcn. ping statistics ---

          4 packets transmitted, 4 received, 0% packet loss, time 3479ms

          rtt min/avg/max/mdev = 1.718/1.763/1.801/0.029 ms

           

          SH-D # ping -I primary a438.srip1.akasrip.net.00000000.56B8704A.477174.3.cn.akasripcn.net

          PING a438.srip1.akasrip.net.00000000.56B8704A.477174.3.cn.akasripcn. (184.87.141.54) from 10.40.0.16 : 56(84) bytes of data.

          From 10.40.0.1: icmp_seq=1 Redirect Network(New nexthop: 10.40.0.11)

          64 bytes from a184-87-141-54.deploy.static.akamaitechnologies.com (184.87.141.54): icmp_seq=1 ttl=58 time=2.42 ms

          64 bytes from a184-87-141-54.deploy.static.akamaitechnologies.com (184.87.141.54): icmp_seq=2 ttl=58 time=2.23 ms

          64 bytes from a184-87-141-54.deploy.static.akamaitechnologies.com (184.87.141.54): icmp_seq=3 ttl=58 time=1.98 ms

          64 bytes from a184-87-141-54.deploy.static.akamaitechnologies.com (184.87.141.54): icmp_seq=4 ttl=58 time=2.36 ms

          ^C

          --- a438.srip1.akasrip.net.00000000.56B8704A.477174.3.cn.akasripcn. ping statistics ---

          4 packets transmitted, 4 received, 0% packet loss, time 3938ms

          rtt min/avg/max/mdev = 1.985/2.251/2.422/0.174 ms

          SH-Derco #

           

          Regards,