Hi Joe,I've been looking for

TCAM · ‎01-08-2015

Hi -

WAASs and Routers are on same subnet, WCCP L2.

Currently, i have dual WAAS using router's hsrp ip address as the default-gateway, everything works ok;

R1-physical-ip-address = 20.20.20.2
R2-physical-ip-address = 20.20.20.3
R1-R2-Hsrp-ip-address = 20.20.20.1

WAAS #1 & WAAS #2 config:
wccp router-list 1 20.20.20.2 20.20.20.3
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign
!
ip default-gateway 20.20.20.1

Question, can i configure WAAS #1 to use Router #1 & WAAS #2 to use Router #2 to redirect traffic? Basically, i wanted both routers doing wccp redirection instead of "active" and "standby" if it is possible. Will i run into asymmetric routing issue? How to make sure the return traffic will go back to the same WAAS as it goes out in this scenario?

For example:

WAAS #1
wccp router-list 1 20.20.20.2 20.20.20.3
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign
!
ip default-gateway 20.20.20.2

WAAS #2
wccp router-list 1 20.20.20.2 20.20.20.3
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign
!
ip default-gateway 20.20.20.3

Or should i create 2 hsrp group on router # 1 & 2, then pointing waas #1 default-gateway to hsrp group #1 and wass #2 default-gateway to hsrp group #2, which provides redundancy if one of the router fails, but then again, will i run into asymmetric routing issue in this scenario as well? Is it possible? What is the best practice running "dual waas dual router in wccp L2" ?

Issue that i try to resolve is that to avoid traffic comes in router #2 (active hsrp) for redirection but then needs to route back out to router # 1 to WAN, if that make sense.

Many thanks

finn.poulsen · ‎01-09-2015

Hi Joe,

Please consult this document :

https://supportforums.cisco.com/document/86471/wccp-best-practices-cisco-waas

Here you can find this :

"For topologies, where Path Affinity needs to be maintained between the WCCP router/switch and WAAS, use WCCP GRE Return or Generic GRE as the WAAS Egress Method. "

What is mean by Patch Affinity here is that when traffic from the LAN is redirected from one of the routers, return traffic from the WAAS will definitely hit the router where it came from.

Don't quite know whether this is what you want to achieve ?

But even without WAAS, if your traffic from the LAN hits Router#2 and has to go out to the WAN through Router #1 - you'll might end up with some kind of asymmetry.

Best Regards

Finn Poulsen

dany.datacraft · ‎01-12-2015

Hi Joe,

In version 5.3 onwards, even with L2-redirect, WAAS will return the traffic to redirecting router. I.e. the traffic path will be like:

Client -> R1 -> WAAS Cluster -> R1 -> WAN -> [Snip]

[Snip] -> WAN -> R1 -> WAAS Cluster -> R1 -> Client

If i understand your question correctly, you're trying to load balance the traffic going through the routers. In which case the answer should not depend on WAAS (although it can be done). On the LAN, you might want to consider GLBP instead of HSRP, and on the WAN (return traffic) you may want to use a dynamic routing protocol that allows load balancing.

BR,

dany

TCAM · ‎01-12-2015

Thankd Dany, yes, your understanding is corrected, i am trying to load balance traffic going through 2 wan routers and am worrying about asymmetric traffic.

For your comment regarding "In version 5.3 onwards, even with L2-redirect, WAAS will return the traffic to redirecting router. ". do you have a Cisco link that I can look into more?

Currenlty, my WAAS runs 5.3.3 OS

Many thanks.

dany.datacraft · ‎01-12-2015

Hi Joe,

I've been looking for it myself, but could not find a definitive document describing this behavior. We have this information from a Cisco PDI Consultant Dan Laden and we tested this in our Lab. In fact I just clarified that this behavior started in 5.0, not 5.3.

BR,

Dany

TCAM · ‎01-12-2015

Thanks Dany. Let me open a trouble ticket and clarify with Cisco TAC. Thanks for the information. it is helpful to know that. Many thanks.

TCAM · ‎01-14-2015

Hey Dany - just curious, did you ever implement this undocumented "new" feature in production? as we all know everything works in lab but when it goes to field then......you know what i mean.

I have created a TAC ticket with Cisco, awaiting for their comments.

Thanks

dany.datacraft · ‎01-14-2015

Hi Joe,

Yes we do. It's running in one of our client's environment live since Dec 2014. We are using 5.4.1a.

Best regards,

Dany

TCAM · ‎02-28-2015

Run below configs in lab, I saw asymmetric routing. What is the best approach to resolve this?

WAAS OS = 5.3.3

Router = Cisco Nexus 7K, OS 6.1.1

WAAS #1 connects to Cisco Nexus 7K-1 M1 card

WAAS #2 connects to Cisco Nexus 7K-2 M1 card

WAAS Config Example:
WAAS #1
wccp router-list 1 <Router #1> <Router #2>
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign
ip default-gateway <Router #1>
!
WAAS #2
wccp router-list 1 <Router #1> <Router #2>
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign!
ip default-gateway <Router #2>

WAAS #1 uses Router #1 as the default-gateway

WAAS #2 uses Router #2 as the default-gateway

finn.poulsen · ‎03-02-2015

Hi Joe,

In order to send return traffic towards the default gateway, which I believe is what you're trying to achieve, you'll need to configure "IP-forwarding" as the egress method.

Check these links :

http://www.cisco.com/c/en/us/products/collateral/routers/wide-area-application-services-waas-software/prod_white_paper0900aecd806d976a.html

http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v551/reference/cmdr/wccp.html#29254

It is correct that there has been a change from vers 5.0 onwards, before the default was IP-forwarding, from 5.0 the default is L2.

Best regards

Finn Poulsen

TCAM · ‎03-02-2015

Thanks Finn.

I am using WCCP L2 as redirect method and L2 as Egress method.

Per below link, "IP-Forwarding' does not ensure packets are returned to the intercepting router.

http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v501/configuration/guide/cnfg/traffic.html#wp1106308

For devices with a WAAS version earlier than 5.0, the default egress method is IP forwarding. The IP forwarding egress method does not allow you to place WAEs on the same VLAN or subnet as the clients and servers, and it does not ensure that packets are returned to the intercepting router.

finn.poulsen · ‎03-02-2015

Hi Joe,

You wrote the following :

"The IP forwarding egress method does not allow you to place WAEs on the same VLAN or subnet as the clients and servers"

This is correct, but please be aware that neither does the L2 return method !!

If you need to place the WAEs on the same subnet as the clients (or servers), you'll need to use GRE Return !

But this is not supported on your Nexus 7K platforms, check this link :

http://www.cisco.com/c/en/us/products/collateral/routers/wide-area-application-services-waas-software/white_paper_c11-608042.html

Best regards

Finn Poulsen

TCAM · ‎03-02-2015

Thanks Finn.

WAAS and Client/Server are on different subnets;

WAAS and N7K are on the same subnet in L2 mode.

Thanks

Dual WAAS Dual Router running WCCP L2 question