cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

WCCP and WAAS Configuration for Catalyst 6500 and Nexus 7000

7790
Views
5
Helpful
7
Comments

 

 

Introduction

The WAAS system consists of a set of devices called wide area application engines (WAEs) that work together to optimize TCP traffic over your network. When client and server applications attempt to communicate with each other, the network intercepts and redirects this traffic to the WAEs so that they can act on behalf of the client application and the destination server. You use the WAAS Central Manager GUI to centrally configure and monitor the WAEs and optimization policies in your network. You can also use the WAAS Central Manager GUI to create new optimization policy rules so that the WAAS system can optimize custom applications and less common applications. This document shows example of how to configure Catalyst 6500 and Nexus 7000 with Cisco WAAS.

 

 

 

Configure Catalyst 6500 with WAAS

 

 

6500:

 

access-list 1 permit host <wae1_ip>

access-list 1 permit host <wae2_ip>

!

ip access-list extended WAASRedirList

remark

permit tcp host 10.189.240.44 eq www any

permit tcp any host 10.189.240.44 eq www

remark

!

Interface tunnel1

Ip address 10.255.255.253 255.255.255.255

Tunnel source loopback2

Tunnel mode gre multipoint

!

ip wccp 61 redirect-list WAASRedirList group-list 1

ip wccp 62 redirect-list WAASRedirList group-list 1

!

int <WAN_interfaces>

ip wccp 61 redirect in

!

int <LAN_interfaces>

ip wccp 62 redirect in

 

 

WAAS:

 

wccp router-list 1 <6500_1_loopback> <6500_2_loopback>

wccp tcp-promiscuous service-pair 61 62 mask src-ip-mask 0xf00 dst-ip-mask 0x0

wccp tcp-promiscuous service-pair 61 62 failure-detection 30

wccp tcp-promiscuous service-pair 61 62 router-list-num 1 mask-assign

egress-method generic-gre intercept-method wccp

wccp version 2

 

 

 

Configure Nexus 7000 with WAAS

 

 

N7000:

 

ip access list WCCP-redirect

permit ip 10.0.0.0/24 any

permit ip any 10.0.0.0/24

deny ip any any

!

ip access list wae

permit ip 10.87.100.164/32 any

!

feature wccp

!

ip wccp 61 redirect-list WCCP-redirect service-list wae mode closed

ip wccp 62 redirect-list WCCP-redirect service-list wae mode closed

 

WAAS:

 

wccp router-list 1 <Nexus_1_IP> <Nexus_2_IP>

wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign l2-return

wccp version 2

 

 

Verify

 

Use command "show ip wccp " to check if the configuration is working or not. You can also use command "more system:running-config" in the IOS.

 

 

Related Information

 

WCCP best practices for Cisco WAAS

GRE Redirection in WCCP Creates new tunnel interfaces

Comments
Felix Arrieta
Cisco Employee

nice thanks for sharing.. do you know what is the difference between mode open and close on the nexus?  I understand the default is open so why is it close for WCCP services 61 and 62 ?

thanks,

Felix

Sandeep Singh
Rising star

Close mode on Nexus uses a service list to identify an access list (wae in our example) that defines packets that match the service. Open mode will match all traffic. This can be configured as per requirement.

Felix Arrieta
Cisco Employee

Got it! Thanks!

pevaneyn
Cisco Employee

Hmm. The Nexus configuration is actually wrong.

The "service-list wae mode closed" piece means:

if there is no WCCP client to which we redirect traffic, then all traffic matching the wae ACL will be dropped.

This not a replacement for the group-list argumnt on the cat6k.

Cisco has a new solution called ITD:

http://blogs.cisco.com/datacenter/itd-load-balancing-traffic-steering-clustering-using-nexus-5k6k7k

 

ITD (Intelligent Traffic Director) is a hardware based multi-Tbps Layer 4 load-balancing, traffic steering, redirection, and clustering solution on Nexus 5K/6K/7K series of switches. It supports IP-stickiness, resiliency, NAT (EFT), VIP, health monitoring, sophisticated failure handling policies, N+M redundancy, IPv4, IPv6, VRF, weighted load-balancing, bi-directional flow-coherency, and IPSLA probes including DNS. There is no service module or external appliance needed. ITD is much superior than legacy solutions like PBR, WCCP, ECMP, etc.

 

Nice, Thanks for Sharing

 

simsontj
Community Member

"if there is no WCCP client to which we redirect traffic, then all traffic matching the wae ACL will be dropped."...

This is confusing....the wae ACL matches what seems to be the address of the WAE. I wouldn't expect much traffic to match that if any.

Content for Community-Ad
This widget could not be displayed.