cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1744
Views
0
Helpful
13
Replies
Highlighted

WAAS: Multiple VRF Environment

Ok, here the problem I´m having:

Nexus 7000 (nx-os 5.2) connected to my WAEs and configured for only one of the VRFs.

I want to add another one from the VRFs already configured on the Nexus to the WAAS (4.3).

Is this possible? Does anyone have some experience with something similar?

Thanks

P.S.

13 REPLIES 13
Highlighted
Enthusiast

Whereas WCCP is VRF-Aware, the WAE appliance is not.  You will need a WAE device for each VRF as needed.

Thank You,

Dan Laden

Cisco PDI Data Center

Want to know more about how PDI can assist you?

http://www.youtube.com/watch?v=3OAJrkMfN3c

http://www.cisco.com/go/pdihelpdesk

UC Virtualization Supported Hardware

Highlighted

Hi Dan,

I do not agree 100% with you :

It is correct that WCCP has been made VRF-Aware in recent releases (and of course if the hardware supports it) !

But one could argue that as long as there are no overlapping IP-addresses btw. the two different VRFs, the WAAS device doesn't care - it will just cache parts of the string patterns if it is relevant and serve the content from the DRE cache ... and do it's other kind of magic (LZ, TFO, AO) to the packets.

So it is correct that the WAAS isen't VRF aware, but it doesn't have to be.

It's the same as several VLANs are trunked in through an inline card and they belong to different VRFs.

I'm pretty sure that this will work if you don't mix up with the WCCP redirection and return.

I'm also certain that this is supported acconding to the last part of this chapter :

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v441/configuration/guide/traffic.html#wp1041518

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v511/configuration/guide/traffic.html#wp1041518

Best Regards

Finn Poulsen

Highlighted

Virtualization Support for WCCPv2

http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/unicast/configuration/guide/wccp.html

"WCCP redirection occurs within a VRF. You must configure the WCCP cache engine so that the forward and return traffic to and from the cache engine occurs from interfaces that are a part of the same VRF."

One may be able to other technologies to work around this limitation.  You touched on inline, you may also look at vPath/vWaas in virtualized environments.

Thank You,

Dan Laden

Cisco PDI Data Center

Want to know more about how PDI can assist you?

http://www.youtube.com/watch?v=4BebSCuxcQU&list=PL88EB353557455BD7

http://www.cisco.com/go/pdihelpdesk

Highlighted
Participant

What if you create a separate VRF for the WAE, and configure VRF leaking to inject the routes?


Sent from Cisco Technical Support Android App

Highlighted

I will have to concede i do not have expert knowledge of VRF.  I  will have to allow someone else to step in to discuss VRF route leaks interacting with WAAS.

If we can get the WCCP redirected packet to the WAE and the return packet back into the proper VRF, it may work.  Docs state its not supported, one may have an issue getting support from TAC on this config.

Thank You,

Dan Laden

Cisco PDI Data Center

Want to know more about how PDI can assist you?

http://www.youtube.com/watch?v=4BebSCuxcQU&list=PL88EB353557455BD7

http://www.cisco.com/go/pdihelpdesk

Highlighted
Participant

Okay but please share us the result, I wonder if my idea works in this case. :)


Sent from Cisco Technical Support Android App

Highlighted

hi Andras, everyone,

I think this can help: http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/white_paper_C11-560131.pdf

look at the sample configuration for route leaking.

"With the static route defined, the VRF routes can be injected into the global routing table. The loopback address,

which is used as the router ID for WCCP, is then announced to the VRF instance at the location where the Cisco

WAE is connected. The Cisco WAE can then establish a WCCP session with the router, and the address of the Cisco

WAE is announced to the global routing table"

never tried that config myself so let me know how it goes if you ever deploy it!

cheers

Felix,

Highlighted

Hi Felix,

Can we do this same with SRE, on the same router?

Highlighted

hi Marcin,

yes you can, " If a Cisco WAAS NME-WAE network module or Cisco WAE appliance is used at a branch location and the service provider cannot strip off the labels, WCCP can be used with a route-leaking option as long as there are no

overlapping IP addresses "

same source as link above:http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/white_paper_C11-560131.pdf

good luck,

Felix

Highlighted

Hi Felix,

I have VRF-lite in the same router and WAE (SRE CARD). is this the same case?

Marcin

Highlighted

Hello Martin,

Overlapped IP addresses are allowed in different VPNs when using VRF-lite and the Cisco document I share clearly mention that the workaround (route-leaking) can do the job if there are non-overlapping addresses... still I'm not  the best guy to answer this. Please address these questions to your Cisco partner or cisco account manager.

Regards,

Felix

Highlighted

Hi Felix,

I don't have overlaping addresses . But when I leak routes between all vrf's  , they will be useless from my point of view.

Official info from local Cisco is thet MultiVRF won't work in that kind environment.

Marcin

Highlighted

Hi,

Ideally yes when you leak routes the purpose of VRF is defeated. However if you cannot dedicate a WAE per VRF and want to use the same WAE for all VRFs then you got to perform route leaks to allow the communication between the WAE and the Router IDs in different VRFs or into Global depending on whether the WAE is in a separate VRF or in Global.

Again it has to be made sure that there are no-overlapping IP Address across VRFs.

Kiran