Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5044
Views
5
Helpful
8
Replies

Why are two service group numbers required for WCCP

Go to solution
AJAZ NAWAZ
Level 5
Level 5

‎09-06-2013 08:29 AM

Hi.

Two service group identifiers are required for WCCP redirection for TCP and second one is automatically set for UDP even if it is explicity specified?.

for example:

ip wccp 41 redirect-list ....

ip wccp 42 redirect-list ..

Is my understanding correct on this?

thank you

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Juan Leon
Cisco Employee
Cisco Employee
In response to Juan Leon

‎09-06-2013 01:11 PM

I have found that every single service you want to configure are UDP services. As far as I can see on the Silverpeak configuration guide it may use UDP or TCP ports. The WCCP configuration must match the services on both devices, the WCCP Router and the Cache Engine.

Please refer to the configuration Guide you may find at the link listed below:

http://www.silver-peak.com/sites/default/files/userdocs/network_deployments_r5-2_revk_oct2012.pdf

For further queries it would be recommended for you to get in touch with the Silverpeak TAC so they can explain if is really needed the TCP along with the UDP services to be configured on the devices.

My point of view is that you only need to configure the services to match on both sides whether you are using UDP or TCP services, in other words you need to configure the same service on the router than the services configured on the Silverpeak. As you are using 4 different protocols, you will need to configure 4 services on the Router and on the Silverpeak appliance.

Here is an example:

Router config:

cisco2811(config)# ip wccp 53 redirect-list 101

cisco2811(config)# ip wccp 54 redirect-list 101

Silverpeak config:

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Juan Leon
Cisco Employee
Cisco Employee

‎09-06-2013 11:28 AM

Hi Ajaz,

This is Juan. I have been reviewing this and the ports mentioned on your post are for UDP. The 42 says is used for ARPA (ARPA Host Name Server Protocol) or even for WINS (Windows Internet Name Service) while the 41 is used for graphics or Trojans. For the port 41 I have found this link:

http://www.speedguide.net/port.php?port=41

As far as I understand, WCCP uses services for the traffic being redirected to the cache/proxy engine and the same service numbers must be configured on the cache engine since they work as identifiers for the traffic in question.

Now depending on the appliance you are working with, it will have the default WCCP service identifier per protocol.

For example Cisco WAAS uses services 61 and 62 which are the promiscuous services for TCP.

Ironport uses service 80 for web-cache and the services 70 for HTTP and 0 for HTTPS.

At least on Cisco Routers when you configure WCCP the router will not dynamically generate any service. The administrator must always to configure which are the services they want to enable for WCCP redirection.

For example you may configure this on a Cisco Router:

ip wccp 61

ip wccp 62

ip wccp web-cache

ip wccp 70

ip wccp 0

This is the very basic configuration, I am skipping the detail where the redirection statement must be placed on the interfaces playing redirection here, this is that the interfaces where the insteresting traffic is being received must be configured with the ip wccp redirect .

This is for Cisco routers, that is why I am telling that depending on the platform you are using as WCCP router and which type of cache engine you are using the services must be configured using the same service identifier/number. At least on the WCCP routers there are no services created dynamically, the net admin must configure them. There may be cache engines that dynamically creates a service for WCCP, but that is platform dependent.

0 Helpful

Go to solution
Juan Leon
Cisco Employee
Cisco Employee

‎09-06-2013 11:33 AM

Hi, here is a configuration example for a Cisco Router and a Bluecoat proxy for the Web-cache service, please notice that the same service was configured on both devices, otherwise the redirection will not occur:

Standard HTTP Redirection Using a Security Password

A simple eight-character password is configured within the router. This password must match the password configured within the ProxySG.

Router Configuration

The following example enables standard HTTP traffic redirection on a WCCP version 2-capable Cisco router.

Router(config)# ip wccp web-cache password 29gy8c2

Router(config)# interface ethernet 0

Router(config-if)# ip wccp web-cache redirect out

Router(config-if)# end

ProxySG Configuration

To enable the standard WCCP version 2 service group within the ProxySG, the following configuration file could be loaded.

# Enable WCCP to allow WCCP protocol communication between

# the ProxySG Appliance and the home router.

wccp enable

# By default, the WCCP version 2 protocol is assumed. An

# explicit “wccp version 2" command could be specified

# here.

service-group web-cache

# Specify the address for the router.

home-router 90.0.0.90

# Network interface 0 will participate.

interface 0

password 29gy8c2

end

0 Helpful

Go to solution
Michael Korenbaum
Level 4
Level 4

‎09-06-2013 12:05 PM

Are you referring to WCCP for WAAS?

If so you are correct two service groups are defined one which hashes on source ip and the other hashes on destination ip.

The default WAAS config for WAAS would be:

wccp router-list 1 14.110.3.129

wccp tcp-promiscuous service-pair 61 62

router-list-num 1

enable

exit

!

This means you have to globally define 61 and 62 on your router and then specific which interfaces you want to redirect on and in which direction:

pdi-2821-rtp#sh run

Building configuration...

!

hostname pdi-2821-rtp

!

ip wccp 61

ip wccp 62

!

!

interface GigabitEthernet0/0.1

description Client-LAN

encapsulation dot1Q 500

ip address 14.110.3.113 255.255.255.240

ip wccp 61 redirect in

ip flow ingress

!

interface GigabitEthernet0/0.2

description WAVE-574

encapsulation dot1Q 600

ip address 14.110.3.129 255.255.255.240

ip helper-address 10.86.77.7

ip flow ingress

!

interface GigabitEthernet0/1

description WAN Link

ip address 14.110.3.62 255.255.255.252

ip wccp 62 redirect in

ip flow ingress

ip flow egress

duplex full

speed auto

Note, that WCCP services for WAAS are TCP only (see keyword tcp-promiscuous).  When WCCP services are negotiated between the router and WAAS device it signals that it's interersted in TCP packets only (all TCP packets).   Thus, UDP traffic will never be redirected to WAAS (and you would not want to since it does not optimize UDP).

You can also configure any service-pair numbers if 61/ 62 happen to be in use by another WCCP service.  For example:

wccp router-list 1 14.110.3.129

wccp tcp-promiscuous service-pair 41 42

router-list-num 1

enable

exit

!

Just then make sure you configure this service pair and redirect interfaces appropriately on your WCCP router (14.110.3.129 in this case).

0 Helpful

Go to solution
AJAZ NAWAZ
Level 5
Level 5
In response to Michael Korenbaum

‎09-06-2013 12:45 PM

hi guys

Cisco one-armed set-up with Silverpeak NX series appliance and the service IDs I would like to query are 51,52,53,54

thank for replies so far !

0 Helpful

Go to solution
Juan Leon
Cisco Employee
Cisco Employee
In response to AJAZ NAWAZ

‎09-06-2013 12:56 PM

I have been reading about Silverpeak and I see that you requiere to set up an UDP service on the appliance and on the Cisco Router, here is the link:

http://www.exclusive-networks.it/wp-content/uploads/silver-peak-NX-series.pdf

Now we need to investigate why Silverpeak needs the UDP service configured, that is why I have mentioned that the configuration is platform dependent. For example Cisco WAAS only needs TCP services 61 and 62 configured on the router and on the WAE appliance. With Bluecoat it only needs that the web-cache service to be configured on the appliance and on the WCCP router.

Let me try to find out why does Silverpeak needs a UDP service configured along with WCCP.

Go to solution
Juan Leon
Cisco Employee
Cisco Employee
In response to Juan Leon

‎09-06-2013 01:11 PM

I have found that every single service you want to configure are UDP services. As far as I can see on the Silverpeak configuration guide it may use UDP or TCP ports. The WCCP configuration must match the services on both devices, the WCCP Router and the Cache Engine.

Please refer to the configuration Guide you may find at the link listed below:

http://www.silver-peak.com/sites/default/files/userdocs/network_deployments_r5-2_revk_oct2012.pdf

For further queries it would be recommended for you to get in touch with the Silverpeak TAC so they can explain if is really needed the TCP along with the UDP services to be configured on the devices.

My point of view is that you only need to configure the services to match on both sides whether you are using UDP or TCP services, in other words you need to configure the same service on the router than the services configured on the Silverpeak. As you are using 4 different protocols, you will need to configure 4 services on the Router and on the Silverpeak appliance.

Here is an example:

Router config:

cisco2811(config)# ip wccp 53 redirect-list 101

cisco2811(config)# ip wccp 54 redirect-list 101

Silverpeak config:

0 Helpful

Go to solution
Juan Leon
Cisco Employee
Cisco Employee

‎09-06-2013 12:40 PM

Here is a table with the service numbers used by Cisco WCCP. And regarding what Mike says, WCCP with Cisco WAAS will use the service 61 and 62 to balance the traffic load based on the source (service 61) and the destination (service 62).

Here is a link where WCCP configuration is explained when using web-cache service:

http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf018_ps1835_TSD_Products_Configuration_Guide_Chapter.html

http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf018_ps1835_TSD_Products_Configuration_Guide_Chapter.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf018_ps1835_TSD_Products_Configuration_Guide_Chapter.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf018_ps1835_TSD_Products_Configuration_Guide_Chapter.html
0 Helpful

Go to solution
AJAZ NAWAZ
Level 5
Level 5
In response to Juan Leon

‎09-06-2013 03:00 PM

I think it was important that we all get an understanding around service IDs, because to be totally frank, its not that very well documented.

many thanks for your investigation and replies !

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents