Single WAE \ WCCP \ Dual Routers - Slow Accelerated Traffic

terry-nolan · ‎05-17-2011

Our standard WAE design was to have dual WAE's at sites with dual Routers.

The WAE's are either 674's or 574's and the routers are Cisco ISR's all works well.

Several new sites have coome online but these sites now only have a single WAE devcie and two WAN routers. Some users at

The issue I have now is that some "Accelerated" sessions via the WAE devices are reported by users as being very slow. When those sessions are removed from WAAS policy and set to pass through the user reports normal access again.

On looking at the problem I have possibly identified that the lack of the command;

ip wccp redirect exclude in on the router interface

But this command was never applied to the exisiting design, though potentialy under normal conditiaon where both routers and both WAE's are working it's never been a problem.

From Cisco;

In any scenario where egress redirection is used, the command above MUST be issued on the router interface adjacent to the WAE. This command, "ip wccp redirect exclude in", ensures that packets received on the interface are not redirected again. This prevents an optimized packet from being rerouted directly back to the WAE. Instead, with this command applied, the router would simply see the packet coming in and forward it normally (WCCP would be bypassed for packets received on that interface).

The WAE's are NOT L2 connected to the Routers so the following config is applied,

rtr no 1

ip wccp 61 redirect-list WAAS

ip wccp 62 redirect-list WAAS

ip cef

interface GigabitEthernet0/0

description *** Data LAN

ip address x.y.7.6 255.255.255.192

ip wccp 61 redirect in

ip wccp 62 redirect out

rtr no 2

ip wccp 61 redirect-list WAAS

ip wccp 62 redirect-list WAAS

ip cef

interface GigabitEthernet0/0

description *** Data LAN

ip address x.y.7.1 255.255.255.192

ip wccp 61 redirect in

ip wccp 62 redirect out

WAE Config

primary-interface Standby 1

!

interface Standby 1

ip address x.y.7.65 255.255.255.192

!

interface GigabitEthernet 1/0

standby 1 primary

exit

interface GigabitEthernet 2/0

standby 1

exit

wccp router-list 1 x.y.7.1 x.y.7.6

wccp tcp-promiscuous router-list-num 1

wccp version 2

!

Option 2 below is used. But all sites have DUAL Routers. Note Redirect Exclude is NOT configured.

Thanks in advance for any support offered.

Fabrizio Pedracini · ‎05-17-2011

Hi Terry,

unless I misunderstood your setup, I'd say you don't need the "ip wccp redirect exclude in" command.

What do you mean by "sessions removed from WAE policy" ? Are you configuring static bypass on the WAE or are you excluding specific traffic with the WCCP redirect list ?

- check if the slowness affects all the redirected traffic or just particular sources/destinations/applications

- make sure that the WCCP redirect ACL matches both directions of the connections

- check the redirect / return method that is being negotiated

- make sure both routers are seeing the WAE via WCCP

- check for "routing loop" in the WAE syslog.txt to understand if the WAE is receiving some traffic twice

- Are the affected connections showing up in the "show stat connection" output on the WAE ? If so, are they optimized or PT ?

Based on your findinds you might need to take traffic captures on the WAE (possibly edge and core) and sysreport to further investigate. If you get to this point I'd suggest to open a TAC service request.

hope this helps,

Fabrizio

terry-nolan · ‎05-18-2011

Thanks for your post, details below.

What do you mean by "sessions removed from WAE policy" ? Are you configuring static bypass on the WAE or are you excluding specific traffic with the WCCP redirect list ?

I am defining certain traffic as Passtrough via a ststic bypass on the WAE’s

- check if the slowness affects all the redirected traffic or just particular sources/destinations/applications

Recent testing has identified it just seems to affect a certain share, which I am investigating as this share has some kind of "Archive" solution in place.

- make sure that the WCCP redirect ACL matches both directions of the connections

It does

- check the redirect / return method that is being negotiated

All OK

- make sure both routers are seeing the WAE via WCCP

Yes they are

- check for "routing loop" in the WAE syslog.txt to understand if the WAE is receiving some traffic twice

Investigating and will post reply.

Are the affected connections showing up in the "show stat connection" output on the WAE ? If so, are they optimized or PT ?

They show as fully optimized when configured for the CIFS AO, but revert to PT when the static WAE policy is altered.

terry-nolan · ‎05-18-2011

Have now checked the syslog.txt file on the WAE's with issues, no routing loops detected.

Terry

Fabrizio Pedracini · ‎05-18-2011

Hi Terry,

ok so redirection seems to be working fine and the problem is limited to one specific share. Sounds like a problem with CIFS_AO.

To confirm that you can create a classifier to identify the affected traffic and apply a TFO-only policy, having CIFS_AO deactivated for this specific traffic (you could also globally turn off CIFS_AO, but that would affect all the CIFS sessions, even the ones that are working fine).

If the connection will be fast with TFO-only optimization it means CIFS_AO is having problems handling this share.

Fabrizio