The WCCP VRF Support feature enhances the existing WCCPv2 protocol by  implementing support for virtual routing and forwarding (VRF).

The WCCP VRF Support feature allows service groups to be configured on a per VRF basis in addition to those defined globally.

Along with the service identifier, the VRF of WCCP protocol packets  arriving at the router is used to associate cache-engines with a  configured service group.

The interface on which redirection is applied, the interface which is  connected to cache engine, and the interface on which the packet would  have left if it had not been redirected must be in the same VRF.

In Cisco IOS Release 12.2(33)SRE, this feature is supported only on Cisco 7200 NPE-G2 and Cisco 7304-NPE-G100 routers.

Configuring WCCP

1.  enable

2.   configure terminal

3.  ip wccp version {1 | 2}

4.  ip wccp [vrf vrf-name] {web-cache | service-number} [group-address group-address] [redirect-list access-list] [group-list access-list] [password password [0| 7]]

5.  interface type number

6.   ip wccp [vrf vrf-name] {web-cache | service-number} redirect {out | in}

7.   exit

8.   interface type number

9.  ip wccp redirect exclude in

Tunnel Interfaces

In IOS versions where WCCP is VRF aware, such as 15.0M and 15.1T, the use of GRE redirection will result in some new tunnel interfaces appearing.  On the ASR platform these tunnel interfaces are also present from IOS XE release 2.5 onwards (although VRF support within WCCP on the ASR platform is not present until IOS XE release 3.1).

Examples of the new tunnel interfaces are shown below:

Router#show ip wccp summary 
WCCP version 2 enabled, 3 services

Service     Clients   Routers   Assign      Redirect   Bypass     
-------     -------   -------   ------      --------   ------     
Default routing table (Router Id: 30.1.1.80):
web-cache   1         1         HASH        GRE        GRE        
61          1         1         HASH        GRE        GRE        
62          1         1         HASH        GRE        GRE        

Router#show ip interface brief | include Tun
Tunnel0                172.16.0.1      YES unset  up                    up      
Tunnel1                172.16.0.1      YES unset  up                    up      
Tunnel2                172.16.0.1      YES unset  up                    up      
Tunnel3                172.16.0.1      YES unset  up                    up      
Router#

The tunnels are created automatically to process outgoing GRE encapsulated traffic for WCCP.  They appear when a cache engine  connects and requests GRE redirection.  They're not created directly by WCCP, but indirectly via a tunnel API.  WCCP has no  direct knowledge of these tunnel interfaces, but knows enough to cause packets to be redirected to them.  This results in the  appropriate encapsulation being applied, after which the packet is then sent to the cache engine.  Note that these interfaces  are not used in connection with incoming WCCP GRE return packets.

There is one tunnel created per service group that is using GRE redirection, plus one additional tunnel to provide an IP  address to allow the other tunnel group interfaces to be unnumbered but still enabled for IPv4.  Some information about the  tunnels is shown with the command show tunnel groups wccp, although this is unlikely to be useful to the end-user other than  to confirm the connection between the tunnels and WCCP.

Router#show tunnel groups wccp              
 WCCP : service group 0 in "Default", ver v2, assgnmnt: hash-table 
   intf: Tunnel0, locally sourced
 WCCP : service group 317 in "Default", ver v2, assgnmnt: hash-table 
   intf: Tunnel3, locally sourced
 WCCP : service group 318 in "Default", ver v2, assgnmnt: hash-table 
   intf: Tunnel2, locally sourced
Router#show tunnel interface t0
Tunnel0
   Mode:multi-GRE/IP, Destination UNKNOWN, Source 30.1.1.80
   Application ID 2: WCCP : service group 0 in "Default", ver v2, assgnmnt: hash-table 
   Linestate - current up
   Internal linestate - current up, evaluated up
Router#show tunnel interface t1
Tunnel1
   Mode:multi-GRE/IP, Destination UNKNOWN, Source 172.16.0.1
   Application ID 2: unspecified
   Linestate - current up
   Internal linestate - current up, evaluated up
Router#show tunnel interface t2
Tunnel2
   Mode:multi-GRE/IP, Destination UNKNOWN, Source 30.1.1.80
   Application ID 2: WCCP : service group 318 in "Default", ver v2, assgnmnt: hash-table 
   Linestate - current up
   Internal linestate - current up, evaluated up
Router#show tunnel interface t3
Tunnel3
   Mode:multi-GRE/IP, Destination UNKNOWN, Source 30.1.1.80
   Application ID 2: WCCP : service group 317 in "Default", ver v2, assgnmnt: hash-table 
   Linestate - current up
   Internal linestate - current up, evaluated up
Router#

Note that service group number shown above is the internal tunnel representation of the WCCP service group number.  Group 0 is  the web-cache service, but for dynamic services subtract 256 to convert to the WCCP service group number.  For interfaces used  for redirection, the source address shown is the WCCP router ID.

Information relating to the connected cache engines and encapsulation, including software packet counters, can be seen with  the command "show adjacency <tunnel-interface> ...":

Router#show adjacency t0               
Protocol Interface                 Address
IP       Tunnel0                   30.1.1.82(3)
Router#show adjacency t0 encapsulation 
Protocol Interface                 Address
IP       Tunnel0                   30.1.1.82(3)
  Encap length 28
  4500000000000000FF2F7D2B1E010150
  1E0101520000883E00000000
  Provider: TUNNEL
  Protocol header count in macstring: 3
    HDR 0: ipv4
       dst: static, 30.1.1.82
       src: static, 30.1.1.80
      prot: static, 47
       ttl: static, 255
        df: static, cleared
      per packet fields: tos ident tl chksm
    HDR 1: gre
      prot: static, 0x883E
      per packet fields: none
    HDR 2: wccpv2
       dyn: static, cleared
      sgID: static, 0
      per packet fields: alt altB priB
Router#show adjacency t0 detail 
Protocol Interface                 Address
IP       Tunnel0                   30.1.1.82(3)
                                   connectionid 1
                                   0 packets, 0 bytes
                                   epoch 0
                                   sourced in sev-epoch 1
                                   Encap length 28
                                   4500000000000000FF2F7D2B1E010150
                                   1E0101520000883E00000000
                                   Tun endpt
                                   Next chain element:
                                    IP adj out of Ethernet0/0, addr 30.1.1.82
Router#show adjacency t0 internal
Protocol Interface                 Address
IP       Tunnel0                   30.1.1.82(3)
                                   connectionid 1
                                   0 packets, 0 bytes
                                   epoch 0
                                   sourced in sev-epoch 1
                                   Encap length 28
                                   4500000000000000FF2F7D2B1E010150
                                   1E0101520000883E00000000
                                   Tun endpt
                                   Next chain element:
                                    IP adj out of Ethernet0/0, addr 30.1.1.82
                                    parent oce 0x4BC76A8
                                    frame originated locally (Null0)
                                   L3 mtu 17856
                                   Flags (0x2808C4)
                                   Fixup enabled (0x40000000)
                                         GRE WCCP redirection
                                   HWIDB/IDB pointers 0x55A13E0/0x35F5A80
                                   IP redirect disabled
                                   Switching vector: IPv4 midchain adj oce
                                   IP Tunnel stack to 30.1.1.82 in Default (0x0)
                                    nh tracking enabled: 30.1.1.82/32
                                    IP adj out of Ethernet0/0, addr 30.1.1.82
                                   Adjacency pointer 0x4BC74D8
                                   Next-hop 30.1.1.82
Router#