A short addendum to this post as it causes some confusion for customers:
You don't have to configure a redirection ACL.
Some reasons to exclude traffic from WCCP redirection are:
- you know some networks are not behind a WAE, so you can exclude them
- you know some server is doing bad things and want to exclude it from acceleration, for example DC -> DC traffic is signed, so WAAS cannot accelerate it.
- you want to reduce the latency on some very sensitive traffic that cannot get WAAS accelerated
- you want to reduce the amount of redirected traffic on a software platform to reduce the general CPU/traffic load
Take into account that the WAAS will only ask to redirect TCP IPv4 traffic, so there is no need to exclude UDP for example.
Please note that on hardware platforms (Catalyst 3750, Catalyst 4500, Catalyst 6500, ASR 1000 or Nexus 7000) the redirection is often accelerated in hardware, so 'free', and the limitation to watch is the amount of TCAM space. Having a complex redirection ACL will eat up that TCAM space very fast so is actually worse.
Of course if you are redirecting too much traffic and this is causing overload on the attached WAAS devices you should consider having a redirection ACL.
Also always check the WCCP platform support white paper for platform specific limitations.
So in short: it depends , many customers take the easy route and don't have one, removing one more component to maintain and check.
Peter
