Re: Generic GRE not working (ver 4.1.3.55)

vpetracca · ‎07-01-2009

Hi everybody.

I'm testing in Lab a configuration for one customer.

It's a basic environment with :

DATA CENTER (wccp)

1 WAEs 7341 and 1 Cat6506 routers

BRANCH (inline)

1 WAE 574.

Optimization works with l2-redirect and gre return in DATA CENTER !!

It does not work with egress-method generic-gre inteception-method wccp.

This is the problem that i can see with " show wccp gre" on the 7341..

" Packets received on a disabled service: 667790".

I read some manuals but...

I don't understand .. The service 61 and 62 works !!

So any idea ?

Thanks a lot to everybody

Vittorio

drolemc · ‎07-07-2009

Make sure you have service 62 configured on the router as well as 61. You need both for the WAE service to be enabled.

To enable that service

ip wccp 61

ip wccp 62

Redirect all TCP traffic received on this interface to a Cisco WAE device that is registered in service groups 61 and 62.

For WCCP intercept method service groups 61 and 62, egress method configured is negotiated return. The actual method used is WCCP GRE.

dstolt · ‎07-07-2009

Try gre-redirect, not L2. I don't believe that L2 is compatible with GRE-Egress (negotiated or generic).

Hope that helps,

Dan

vpetracca · ‎07-07-2009

Hi everybody !!

I'm sure that the configuration is ok !!

It works with L2-redirect and no egress-method ( ip forwarding default):

wccp router-list 1 5.5.5.51

wccp tcp-promiscuous mask src-ip-mask 0x0 dst-ip-mask 0xf00

wccp tcp-promiscuous router-list-num 1 password **** l2-redirect mask-assign

wccp version 2

It does not work with :

wccp router-list 1 5.5.5.51

wccp tcp-promiscuous mask src-ip-mask 0x0 dst-ip-mask 0xf00

wccp tcp-promiscuous router-list-num 1 password **** mask-assign

wccp version 2

!

egress-method generic-gre intercept-method wccp

!

The tunnel on the router was created as Conf Guide says :

interface Tunnel1

ip address 12.12.12.1 255.255.255.0

no ip redirects

ip wccp redirect exclude in

tunnel source Vlan500

tunnel mode gre multipoint

Any idea ??

g-hopkinson · ‎07-08-2009

Hi,

generic gre return and l2 redirect is not a supported configuration, generic gre return should be used with gre forwarding, and solution is used for asymetric routing issues.

Hope that helps.

vpetracca · ‎07-08-2009

So ...

If i use these commands..

--------------------------------

wccp router-list 1 5.5.5.51

wccp tcp-promiscuous mask src-ip-mask 0x0 dst-ip-mask 0xf00

wccp tcp-promiscuous router-list-num 1 password **** mask-assign

wccp version 2

!

egress-method generic-gre intercept-method wccp

----------------------------

the return is generic-gre and the forwarding method is what ?

How can i set "gre-forwarding" ?

Thanks a lot

Vittorio

dstolt · ‎07-09-2009

Vittorio,

Default for WCCP is GRE redirect, so your line...

wccp tcp-promiscuous router-list-num 1 password **** mask-assign

Give you GRE-redirect, and not L2.

When you do the following on the WAE "#show egress-methods" what kind of output do you get?

Dan

vpetracca · ‎07-09-2009

Hy and thanks to be interested.

That's the output you ask :

-------------------------------

WAE-DC-01#sh egress-methods

Intercept method : WCCP

TCP Promiscuous 61 :

WCCP negotiated return method : WCCP GRE

Egress Method Egress Method

Destination Configured Used

----------- ---------------------- -------------

any Generic GRE Generic GRE

TCP Promiscuous 62 :

WCCP negotiated return method : WCCP GRE

Egress Method Egress Method

Destination Configured Used

----------- ---------------------- -------------

any Generic GRE Generic GRE

Intercept method : Generic L2

Egress Method Egress Method

Destination Configured Used

----------- ---------------------- -------------

any not configurable IP Forwarding

-------------------------

And here there is another useful :

-----------------------------

WAE-DC-01#sh wccp gre

Transparent GRE packets received: 52082

Transparent non-GRE packets received: 0

Transparent non-GRE non-WCCP packets received: 0

Total packets accepted: 0

Invalid packets received: 0

Packets received with invalid service: 0

Packets received on a disabled service: 50118

Packets received too small: 1964

Packets dropped due to zero TTL: 0

Packets dropped due to bad buckets: 0

Packets dropped due to no redirect address: 0

Packets dropped due to loopback redirect: 0

Pass-through pkts dropped on assignment update:0

Connections bypassed due to load: 0

Packets sent back to router: 50118

GRE packets sent to router (not bypass): 0

Packets sent to another WAE: 0

GRE fragments redirected: 28770

GRE encapsulated fragments received: 0

Packets failed encapsulated reassembly: 0

Packets failed GRE encapsulation: 0

Packets dropped due to invalid fwd method: 0

Packets dropped due to insufficient memory: 0

Packets bypassed, no pending connection: 0

Packets due to clean wccp shutdown: 0

Packets bypassed due to bypass-list lookup: 0

Conditionally Accepted connections: 0

Conditionally Bypassed connections: 0

L2 Bypass packets destined for loopback: 0

Packets w/WCCP GRE received too small: 0

Packets dropped due to received on loopback: 0

Packets dropped due to IP access-list deny: 0

Packets fragmented for bypass: 28770

Packets fragmented for egress: 0

Packet pullups needed: 57543

Packets dropped due to no route found: 0

--------------------------------

Any new idea ?

Thanks

Vittorio

nchidamb · ‎07-21-2009

Hi Vittorio,

Couple of questions for you.

1. You have 'exclude-in' under tunnel interface on the router. Any reason why? Since this tunnel interface is dedicated for WAE you don't need to put 'exclude' statement. I suggest you remove it.

2. Under tunnel interface you are sourcing it from Vlan500. Is Vlan 500 sitting on the same subnet as WAE? Is that reachable by WAEs? In other words, the Vlan 500 interface is UP?

thanks

Nat

vpetracca · ‎07-21-2009

Hi Nat !!

Here there are the answers :

1) I've tried also without "exclude-in" .

There was "exclude-in" on the tunnel just because i've copied it from an example...then i've removed it.

2) The vlan500 is UP !!! Sure !!

Thanks a lot

Vittorio

PS: any others questions or idea ?

nchidamb · ‎07-21-2009

Hi Vittorio,

May be I'm missing something. If you do 'show stat conn ' when you are doing CIFS file transfer, or FTP, or some type of HTTP etc are you seeing the connections getting optimized when GGRE is enabled?

Instead of looking at 'show stat gre' did you look at 'show stat generic-gre'? If so, can you paste those two output (show stat conn, and 'show stat generic-gre')

thanks

Nat

vpetracca · ‎07-21-2009

Hi Nat.

The lab is gone. We had to install the WAEs to customer site ( not using generic Gre).

So I cannot give any other output.

Anyway I remember....

The "show stat generic-gre" said that the tunnel was up !!

And the problem is this:

Using generic-gre any connection ( ftp , cifs etc.. etc.. ) were not optimized because the autodiscover did not work. So any connection were not optimized.

Removing generic-gre with the same environment all the connections were optimized....

Bye and have a good day.

Vittorio

nchidamb · ‎07-22-2009

Hi Vittorio,

I am sorry to hear that the lab is not available anymore. We have implemented GGRE in many customer places in order to take advantages of preserving Network Path Affinity and h/w processing on cat6k / 76xx with Sup32 & Sup 720. I have tested personally in my lab as well. Anyway, if you happen to set it up again pl use the following config

On Cat6k / 76xx

---------------

Interface vlan2

ip address 2.8.10.1 255.255.255.240

no ip redirects

!

Interface Tunnel1

ip address 192.168.5.1 255.255.255.0

tunnel source vlan2

no ip redirects

tunnel mode gre multipoint

On WAE

======

wccp router-list 1 2.8.10.1

wccp tcp-promiscuous router-list 1

wccp version 2

egress-method generic-gre intercept method wccp

-----------------------------------

The WAE should be running 4.1.x and we prefer to run 12.2(18)SXF13 or above on Cat6k / 76xx.

thanks

Nat

vpetracca · ‎07-22-2009

Thanks a lot Nat...

I'll hope i will be able to try the configuration you wrote.

But it is the same i've tested in Lab...

Anyway if i will have time at customer site ( and the customer will give me the time to test it...) i'll try it.

Only one curiosity on this output I saved in lab :

--------------------------------

WAE-DC-01#sh wccp gre

Transparent GRE packets received: 52082

Transparent non-GRE packets received: 0

Transparent non-GRE non-WCCP packets received: 0

Total packets accepted: 0

Invalid packets received: 0

Packets received with invalid service: 0

Packets received on a disabled service: 50118

Packets received too small: 1964

Packets dropped due to zero TTL: 0

Packets dropped due to bad buckets: 0

Packets dropped due to no redirect address: 0

Packets dropped due to loopback redirect: 0

Pass-through pkts dropped on assignment update:0

Connections bypassed due to load: 0

Packets sent back to router: 50118

GRE packets sent to router (not bypass): 0

Packets sent to another WAE: 0

GRE fragments redirected: 28770

GRE encapsulated fragments received: 0

Packets failed encapsulated reassembly: 0

Packets failed GRE encapsulation: 0

Packets dropped due to invalid fwd method: 0

Packets dropped due to insufficient memory: 0

Packets bypassed, no pending connection: 0

Packets due to clean wccp shutdown: 0

Packets bypassed due to bypass-list lookup: 0

Conditionally Accepted connections: 0

Conditionally Bypassed connections: 0

L2 Bypass packets destined for loopback: 0

Packets w/WCCP GRE received too small: 0

Packets dropped due to received on loopback: 0

Packets dropped due to IP access-list deny: 0

Packets fragmented for bypass: 28770

Packets fragmented for egress: 0

Packet pullups needed: 57543

Packets dropped due to no route found: 0

-------------------------------

Do you have more informations than I can find on Cisco Web site and on all Waas documentation ?

I think the key to solve my problem is here !!

Have a good evening !

Vittorio