Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
9366
Views
5
Helpful
7
Comments

WCCP and WAAS Configuration for Catalyst 6500 and Nexus 7000

Sandeep Singh
Level 7
Level 7

‎02-27-2013 10:08 AM - edited ‎08-29-2017 05:16 AM

 

 

Introduction

The WAAS system consists of a set of devices called wide area application engines (WAEs) that work together to optimize TCP traffic over your network. When client and server applications attempt to communicate with each other, the network intercepts and redirects this traffic to the WAEs so that they can act on behalf of the client application and the destination server. You use the WAAS Central Manager GUI to centrally configure and monitor the WAEs and optimization policies in your network. You can also use the WAAS Central Manager GUI to create new optimization policy rules so that the WAAS system can optimize custom applications and less common applications. This document shows example of how to configure Catalyst 6500 and Nexus 7000 with Cisco WAAS.

 

 

 

Configure Catalyst 6500 with WAAS

 

 

6500:

 

access-list 1 permit host <wae1_ip>

access-list 1 permit host <wae2_ip>

!

ip access-list extended WAASRedirList

remark

permit tcp host 10.189.240.44 eq www any

permit tcp any host 10.189.240.44 eq www

remark

!

Interface tunnel1

Ip address 10.255.255.253 255.255.255.255

Tunnel source loopback2

Tunnel mode gre multipoint

!

ip wccp 61 redirect-list WAASRedirList group-list 1

ip wccp 62 redirect-list WAASRedirList group-list 1

!

int <WAN_interfaces>

ip wccp 61 redirect in

!

int <LAN_interfaces>

ip wccp 62 redirect in

 

 

WAAS:

 

wccp router-list 1 <6500_1_loopback> <6500_2_loopback>

wccp tcp-promiscuous service-pair 61 62 mask src-ip-mask 0xf00 dst-ip-mask 0x0

wccp tcp-promiscuous service-pair 61 62 failure-detection 30

wccp tcp-promiscuous service-pair 61 62 router-list-num 1 mask-assign

egress-method generic-gre intercept-method wccp

wccp version 2

 

 

 

Configure Nexus 7000 with WAAS

 

 

N7000:

 

ip access list WCCP-redirect

permit ip 10.0.0.0/24 any

permit ip any 10.0.0.0/24

deny ip any any

!

ip access list wae

permit ip 10.87.100.164/32 any

!

feature wccp

!

ip wccp 61 redirect-list WCCP-redirect service-list wae mode closed

ip wccp 62 redirect-list WCCP-redirect service-list wae mode closed

 

WAAS:

 

wccp router-list 1 <Nexus_1_IP> <Nexus_2_IP>

wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign l2-return

wccp version 2

 

 

Verify

 

Use command "show ip wccp " to check if the configuration is working or not. You can also use command "more system:running-config" in the IOS.

 

 

Related Information

 

WCCP best practices for Cisco WAAS

GRE Redirection in WCCP Creates new tunnel interfaces

Comments
Felix Arrieta
Cisco Employee
Cisco Employee
‎02-27-2013 05:44 PM

nice thanks for sharing.. do you know what is the difference between mode open and close on the nexus?  I understand the default is open so why is it close for WCCP services 61 and 62 ?

thanks,

Felix

Sandeep Singh
Level 7
Level 7
‎02-27-2013 09:21 PM

Close mode on Nexus uses a service list to identify an access list (wae in our example) that defines packets that match the service. Open mode will match all traffic. This can be configured as per requirement.

Felix Arrieta
Cisco Employee
Cisco Employee
‎03-05-2013 10:58 AM

Got it! Thanks!

pevaneyn
Cisco Employee
Cisco Employee
‎08-27-2013 04:59 AM

Hmm. The Nexus configuration is actually wrong.

The "service-list wae mode closed" piece means:

if there is no WCCP client to which we redirect traffic, then all traffic matching the wae ACL will be dropped.

This not a replacement for the group-list argumnt on the cat6k.

expertadvisor20151
Level 1
Level 1
‎01-21-2015 05:54 PM

Cisco has a new solution called ITD:

http://blogs.cisco.com/datacenter/itd-load-balancing-traffic-steering-clustering-using-nexus-5k6k7k

 

ITD (Intelligent Traffic Director) is a hardware based multi-Tbps Layer 4 load-balancing, traffic steering, redirection, and clustering solution on Nexus 5K/6K/7K series of switches. It supports IP-stickiness, resiliency, NAT (EFT), VIP, health monitoring, sophisticated failure handling policies, N+M redundancy, IPv4, IPv6, VRF, weighted load-balancing, bi-directional flow-coherency, and IPSLA probes including DNS. There is no service module or external appliance needed. ITD is much superior than legacy solutions like PBR, WCCP, ECMP, etc.

 

Jayaratnam Vinthan
Level 1
Level 1
‎09-02-2015 11:01 PM

Nice, Thanks for Sharing

 

simsontj
Community Member
‎02-23-2016 04:50 PM

"if there is no WCCP client to which we redirect traffic, then all traffic matching the wae ACL will be dropped."...

This is confusing....the wae ACL matches what seems to be the address of the WAE. I wouldn't expect much traffic to match that if any.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card