ā12-26-2009 05:48 AM
Hi Experts,
We deployed WAAS in our network as described in the attached diagram, each datacentre WAE's have wccp neighbourship with adjacent DC router only .
It was working fine with single tunnel to datacentre and almost all traffics were optimizing properly.
But after we broughtup both links to dataceter , we found that all packets were not optimizing properly and suspect its due to the asymmetric routing form the branch offices .
I tried some options as per the below cisco document,
registered all the 4 datacentre WAE's with both datacntre routers and configured egress method as negotiated return. But after that normal http and application traffic are not at all going to branch but at the same time I have the IP reachability (ping)
could you please help us to find a solution for this asymmetric issue ?
Rgdsā12-28-2009 05:57 AM
It seems like there are several things to check/verify:
Have you verified you have asymetric routing occuring?
Does a traceroute from the data center towards the remote not follow the same path as from the remote to the data center?
If so, do the remote sites not know about specific netblocks within each data center?
What are the WAAS units reporting?
What is the output of a command like 'show stat conn' show? Do you see connections in progress or partial?
-chris
ā12-28-2009 07:15 AM
Hi Chris ,
Thanks for the reply ,
Answer is 'Yes' for the first three questions. we can see almost half of the connections are in PT In progress with no peer . we are using 7341 as the WAE's in Datacenter and NME's in Branches
Rgds
Aslam
ā12-28-2009 09:12 AM
Did this issue just start happening? In other words did it ever work?
I haven't worked with the NM-WAEs yet, so I'm not sure what anomolies can occur out at the remotes.
Since you said you see the WAEs registered in WCCP, the next thing I'd likely check would the the WCCP Access-Lists in the data centers. Are they properly calling the TCP source and destination addresses for the interception?
-chris
ā12-28-2009 10:44 AM
Hi Chris,
It works fine with single tunnel to datacenter and we could see almost all the traffics are optimizing properly.
The problem happened only when we brought up both links (tunnels) to datacenter.
Since it works perfectly with single tunnel, that means the access-lists and interception methods are correct.
Now we are looking for a solution to overcome this asymmetric routing issue.
rgds
Aslam
ā12-28-2009 03:20 PM
Aslam,
On data center WAE, do u have both the wccp routers listed in the config? Generally it would be physical interface,loopback interface of local router and loopback interface of remote wccp router in remote data center. If it is not like that then please configure it. Could u provide configs of data center WAE and wccp router?
cheers,
DS
ā12-29-2009 01:53 AM
ā12-30-2009 09:46 AM
Aslam,
Is there a particular reason for configuring a separate wccp router list for the physical interface of immediate wccp routers?
wccp router-list 1 172.16.251.238 172.16.251.239
wccp router-list 8 172.16.159.33
Why ip address 172.16.159.33 not mentioned in wccp router-list 1?
There seems to be no visibility for the WAE to your physical interface but both the loopback ip's are visible. Would u be able to mention the physical interface IP in the same router-list 1.
Cheers,
Dev
ā12-30-2009 10:07 AM
Aslam,
Could you please also send a diagram of your network. I see that you are using DMVPN's to connect your WAN sites. What is the connection between the data centers, I need to understand the physical layout. Also can u run the following command on WAE and send the output:
find match āRouting Loopā syslog.txt
show tfo filtering
Also mention "ip wccp redirect exclude in" on interfaces connected to WAE's in data centers
Can u also paste the output of show wccp gre command from WAE?
Regards,
DS
ā12-28-2009 10:48 PM
Hmm, i have
We have also different tunnels pointing to our datacenter, both of them are optimized.
Our scenario works fine.
So we need to figure out the differences, and maybe this will bring us to a solution.
First of all, have you tried to configure service group 61 and 62 on the same interface?
I've configured it as followed:
interface Tunnel2
description DE-US GRE over MPLS to XXXXXXXXX
bandwidth 3000
ip address 10.10.209.9 255.255.255.252
ip accounting output-packets
ip mtu 1400
ip wccp 61 redirect out
ip wccp 62 redirect in
ip route-cache flow
load-interval 30
keepalive 10 3
cdp enable
tunnel source GigabitEthernet0/0
tunnel destination xxxxxxxxxxx
service-policy output Tunnel_QOS_Policy_OUT
I could imagine that there is something wrong if packets will be redirected in different wccp groups.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: