04-27-2010 04:15 AM
This may well be more of a 'sizing' qtn more than anything else.
Yesterday I enabled wccp redirection on a collapsed distribution/core 3750 stack, in a branch office with 150users. The WAE is 612 model.
As soon as the redirection config was applied, I observed the network slowdown significantly and received a CPU event alert from NMS, reporting CPU on 3750 stack was exceeding the set threshold (65%). Putting the threshold to one side, the cli was terribly slow and so I immediately removed redirection from relevant interfaces. This bought the netwok back to normal in terms of performance.
Is this a sizing issue or perhaps misconfiguration, or something else...?
WAE:
EDGE-WAE-01#show ver
Cisco Wide Area Application Services Software (WAAS)
Copyright (c) 1999-2009 by Cisco Systems, Inc.
Cisco Wide Area Application Services Software Release 4.1.3 (build b55 Apr 18 2009)
Version: oe612-4.1.3.55
Compiled 00:13:45 Apr 18 2009 by cnbuild
System was restarted on Tue Apr 27 04:30:10 2010.
The system has been up for 6 hours, 21 minutes, 0 seconds.
EDGE-WAE-01#show inv
PID: WAE-612-K9 VID: 0 SN: KQLLZBL
EDGE-WAE-01#sh ver
Cisco Wide Area Application Services Software (WAAS)
Copyright (c) 1999-2009 by Cisco Systems, Inc.
Cisco Wide Area Application Services Software Release 4.1.3 (build b55 Apr 18 2009)
Version: oe612-4.1.3.55
Compiled 00:13:45 Apr 18 2009 by cnbuild
System was restarted on Tue Apr 27 04:30:10 2010.
The system has been up for 6 hours, 31 minutes, 8 seconds.
EDGE-WAE-01# show run | inc wccp
wccp router-list 1 10.10.50.1
wccp tcp-promiscuous router-list-num 1 l2-redirect
wccp version 2
!
egress-method negotiated-return intercept-method wccp
!
---------------------------------------------------------------------------------------
3750:
edge-cre-01#show sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
!
cisco WS-C3750G-24TS-1U (PowerPC405) processor (revision F0) with 131072K bytes of memory.
512K bytes of flash-simulated non-volatile configuration memory.
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 28 WS-C3750G-24TS-1U 12.2(50)SE3 C3750-IPSERVICESK9-M
2 28 WS-C3750G-24TS-1U 12.2(50)SE3 C3750-IPSERVICESK9-M
Switch 02
---------------
Switch Uptime : 3 days, 4 hours, 39 minutes
Configuration register is 0xF
edge-cre-01# show run | inc wccp
ip wccp 61 redirect-list TN-WAAS-OUT
ip wccp 62 redirect-list TN-WAAS-IN
!
edge-cre-01#show run | begin ip access-list standard TN-WAAS-OUT
ip access-list standard TN-WAAS-OUT
permit 10.10.10.0 0.0.1.255
permit 10.10.25.0 0.0.0.255
!
ip access-list extended TN-WAAS-IN
permit tcp 10.20.0.0 0.1.255.255 10.10.10.0 0.0.1.255
permit tcp 10.20.0.0 0.1.255.255 10.10.25.0 0.0.0.255
permit tcp 10.128.16.0 0.0.0.255 10.10.10.0 0.0.1.255
Solved! Go to Solution.
04-28-2010 11:54 AM
Below is a list of best practices to follow when doing wccp redirection on hardware based platforms like the 3750. I have found this in the link below.
http://www.cisco.com/web/services/news/ts_newsletter/tech/chalktalk/archives/200806.html
The following best practices should be followed for implementing WCCP on a hardware-based platform:
Your configuration of "egress-method negotiated-return intercept-method wccp" will call for a WCCP GRE tunnel to be created from the 3750 to the WAE. All traffic will then be software redirected based on this line of configuration.
"Set negotiated-return as the egress method. With this specification, the Cisco WAE will use GRE to return redirected traffic to the intercepting router. Note: In this case, WCCP negotiated WCCP GRE as the return method."
I would stick to the best practices that Zach has outlined in the link at the beginning of this post. It is a very well written article on WCCP redirection.
Regards
04-27-2010 08:16 AM
I did not see the relevant configuration on the interfaces and which direction you are redirecting. Remember that you should have L2-redirect and mask-assign configured on the WAE. Plus you should only configure redirect in on your interfaces as a redirect out will cause all redirection to happen in software.
One more thing, you do not need the egress method of negotiated return on a L2 redirection. My 6509 L2 redirection is as follows.
wccp router-list 1 10.x.x.x 10.x.x.x
wccp tcp-promiscuous mask src-ip-mask 0xf00 dst-ip-mask 0x0
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign l2-return
wccp version 2
Hope this helps.
04-27-2010 08:45 AM
hey cfolkserts
Couple of things i should've perhaps mentioned.
1. The C3750 platform does not support redirect out (only in), but I didn't know that 'out' redirection is done in sw.
2. The 'l2-redirect mask-assign' command is only relevant when there is more than one wae, isnt it?. I have one currently
3. I was wondering about specifying the egress-method redirection. I'll try out your config and let you know. I need to know
what those command are doing though so i'm going to rtfm
thanks
Ajaz
04-28-2010 11:54 AM
Below is a list of best practices to follow when doing wccp redirection on hardware based platforms like the 3750. I have found this in the link below.
http://www.cisco.com/web/services/news/ts_newsletter/tech/chalktalk/archives/200806.html
The following best practices should be followed for implementing WCCP on a hardware-based platform:
Your configuration of "egress-method negotiated-return intercept-method wccp" will call for a WCCP GRE tunnel to be created from the 3750 to the WAE. All traffic will then be software redirected based on this line of configuration.
"Set negotiated-return as the egress method. With this specification, the Cisco WAE will use GRE to return redirected traffic to the intercepting router. Note: In this case, WCCP negotiated WCCP GRE as the return method."
I would stick to the best practices that Zach has outlined in the link at the beginning of this post. It is a very well written article on WCCP redirection.
Regards
05-04-2010 02:24 AM
Hi cfolkets,
ok.. so now I understand that the 3750 performs wccp redirection in the hardware, which means inbound redirection only.
so... does this mean to say that this platform has sw limitations which prevent redirection in the other direction i.e.outbound?
when compared with ISR router platform for instance, I find this a bit strange since 3750 is considered a powerful and feature rich piece of kit.
thanks
Ajaz
08-11-2011 01:05 AM
Hi All,
Our customer will depoy a IronPort for 2500 users, but they intend to connect IronPort to a 3750-X and use WCCP to redirect traffic.
I concern that the 3750-X should be overloaded.
Could you please give me a solution?
Thanks & regards,
Quan
08-11-2011 10:36 AM
Hi Quan,
As mentioend above, WCCP in 3750, by default, uses L2 / Mask redirection for forwarding traffic. Unless you specifically try to use GRE, there should not be any load on 3750 from WCCP perspective. However, you may want to check for other resources that wil be used by 3750.
Best practices and Limitations on 3750 for WCCP redirection:
These WCCP features are not supported in this software release:
•Packet redirection on an outbound interface that is configured by using the ip wccp redirect out interface configuration command. This command is not supported.
•The GRE forwarding method for packet redirection is not supported.
•The hash assignment method for load balancing is not supported.
•There is no SNMP support for WCCP.
Hope this helps.
Regards.
PS: Please mark this as Answered, if this answers your question.
08-15-2011 07:33 PM
Dear Bhavin Yadav!
I have one question. I want config WCCP in the 2 interfaces of the 3750 switch. I don't know the 3750 switch has support it ?. You can answer me.
Thanks!
08-16-2011 12:04 PM
Hi,
This link should give you good idea on whether your 3750 has WCCP support or not.
http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/white_paper_c11-608042.html
Further, WCCP is supported only on the templates that support PBR: access, routing, and dual IPv4/v6 routing.
Please make sure your 3750 is using one of the above template. CLI command on 3750 to find out what template you are using: show sdm prefer
Regards.
PS: Please mark this as Answered, if this answers your question.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide