Solved: WAAS - WCCP L2-redirection in WS-C6509-E

p.maciasc · ‎09-29-2008

Hi,

I have a costumer with three offices, one is the data center. The other two offices get information from the data center and between them.

Each one of these remotes offices go through two different SP to the data center, and each one is received in his own router. The core of the data center is a switch WS-C6509-E (IOS s72033-entservicesk9_wan-vz.122-18.SXF7.bin).

Because there are two different SP in the data center, the traffic redirection must be done in the switch c6500. I think that the following configuration is the correct one:

ip wccp version 2

ip wccp 61 redirect-list 101

ip wccp 62 redirect-list 101

!

interface Vlan1

description *** WAN routers and users ***

ip address 10.0.16.1 255.255.240.0

ip wccp 62 redirect out

ip wccp 61 redirect in

!

interface Vlan 200

description *** WAEs ***

ip address 10.34.114.65 255.255.255.252

ip wccp redirect exclude in

!

interface Vlan201

description *** Servers and Users 1 ***

ip address 10.15.240.1 255.255.240.0

ip wccp 61 redirect in

!

interface Vlan202

description *** Servers and Users 2 ***

ip address 10.16.128.1 255.255.240.0

ip wccp 61 redirect in

!

But now I read about the problems using GRE redirection in the switch c6500. I read too that the best way to do this is using L2-redirection, but I don't have any idea of how to do this. I am using the WAAS version 4.1.1.

Can anybody help me with explaining me the way to configure that?

dstolt · ‎10-02-2008

Pablo,

It's a direct relationship with how much traffic is being redirected on a software based platforms. Workarounds would be looking at the services running on the router, hardware upgrades or moving WCCP to a different platform.

Hope that helps,

Dan

View solution in original post

dstolt · ‎09-29-2008

Pablo,

I would consider the following 2 options looking at your diagram...

1. Use WCCP on your 7200VXRs to simplify the interception and only intercept and optimize traffic on the WAN. If needed, you can use negotiated return to send the traffic back to the router it originates from.

2. Using wccp on the 6500, consider the following...

a. Recommend using at least SXF13 or later for WCCP/WAAS

b. Use the following commands on the WAE, L2-redirect, mask-assign. However you can use GRE/mask with a SUP32/720.

c. On the 6500, you should only use redirect-in and not use redirect exclude to keep the redirection in hardware. Redirect-out and "exclude in" kicks the first packet of every flow to be switched in software impacting the CPU.

d. Change VLAN1 to "wccp 62 redirect in", you are doing 61 in on the other "LAN" interfaces, you need to put 62 in the opposite direction to intercept both ways.

e. Use your redirect-list to exclude local and non-WAAS site traffic (you may be doing this already)

Hope that helps,

Dan

p.maciasc · ‎09-29-2008

Dan,

I think that the best option for this network is number one, use WCCP on the two 7206VXRs, and redirect the traffic to a single WAE in the same subnet of the hosts.

But now, I don't understand the implications of use the command â€œegress-method negotiated-return intercept-method wccpâ€. What else should I consider or configure (in the router or in the WAE) to make this interception works?

I think that the configuration on the routers and in the WAE should be something like this:

--- Router 1

ip wccp version 2

ip wccp 61 redirect-list 101

ip wccp 62 redirect-list 101

!

interface Serial3/3:1

ip address 10.34.113.213 255.255.255.252

ip wccp 61 redirect in

ip wccp 62 redirect in

!

interface GigabitEthernet0/1

ip address 10.0.16.2 255.255.240.0

ip wccp redirect exclude in

!

--- Router 2

ip wccp version 2

ip wccp 61 redirect-list 101

ip wccp 62 redirect-list 101

!

interface Serial3/3:1

ip address 10.134.143.217 255.255.255.252

ip wccp 61 redirect in

ip wccp 62 redirect in

!

interface GigabitEthernet0/1

ip address 10.0.16.3 255.255.240.0

ip wccp redirect exclude in

!

--- WAE

interface GigabitEthernet 1/0

ip address 10.0.16.4 255.255.255.0

exit

!

egress-method negotiated-return intercept-method wccp

wccp router-list 1 10.0.16.2 10.0.16.3

wccp tcp-promiscuous router-list-num 1

Thanks and Regards,

Pablo

dstolt · ‎09-30-2008

Pablo,

You have to use the wccp intercepts in opposite directions. So "61 redirect in" on the WAN and "62 redirect in" on the LAN, or 61 in on the WAN and 62 out on the WAN. When using "egress-method negotiated-return intercept-method wccp" you don't need the "redirect exclude in" statements as the WAE will return traffic via GRE which won't be intercepted.

The only statement you are missing on the WAE is "wccp ver 2"

Make sure redirect-list 101 is bidirectional (allows to and from your remote subnets).

Implications are that it will add addtional CPU load to your router as it's using GRE to send and receive the traffic from the WAE(s). Definitely keep an eye on your routers CPU to ensure that it's not heavily impacted.

Hope that helps,

Dan

p.maciasc · ‎10-01-2008

Dan,

Thanks, now all is clear and working.

In case that the router's CPU utilization increases there's workaround?? or what else could I do in order to avoid it??

Again, Thanks

Pablo

dstolt · ‎10-02-2008

Pablo,

It's a direct relationship with how much traffic is being redirected on a software based platforms. Workarounds would be looking at the services running on the router, hardware upgrades or moving WCCP to a different platform.

Hope that helps,

Dan