02-01-2011 06:56 AM - edited 03-04-2019 11:16 AM
I am configuring a WAE-7341 for standalone content engine ACNS used for webcaching only.
When I enable the l2-redirect and l2-return on the WAE I get high CPU on my Cisco 6504-E with WS-SUP32-GE-3B - WS-F6K-PFC3B. The 6500 shows the wccp status as L2 for redirection and return and webcache works but this CPU spikes to 70%.
IOS Code: s3223-adventerprisek9_wan-mz.122-33.SXH7.bin
MDF-6504#show proc cpu sorted | exc 0.00
CPU utilization for five seconds: 47%/45%; one minute: 18%; five minutes: 27%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
152 9304 5144 1808 0.71% 0.22% 0.17% 1 SSH Process
139 46322920 12113823 3823 0.47% 0.40% 0.44% 0 CDP Protocol
I don't see which process is causing this but if I remove WCCP from the interface, it drops to 1% so I know for a fact that WCCP is causing this.
If I remove the l2-redirect and l2-return on the WAE, WCCP on the 6500 registers GRE for redirection and return on the 6500 and CPU drops to 5%.
If I enable the "wccp webcache accelerated" option on the 6500, I cannot get WCCP up with or without the l2-return and l2-redirect options on the WAE, it displays:
001782: Jan 28 21:24:00.055: WCCP-EVNT:wccp_update_assignment_status: enter
001783: Jan 28 21:24:00.055: WCCP-EVNT:wccp_update_assignment_status: exit
001784: Jan 28 21:24:00.055: WCCP-EVNT:S00: Here_I_Am packet from [ip hidden] w/bad fwd method 00000001, was offered 00000002
001785: Jan 28 21:24:00.055: WCCP-EVNT:S00: Here_I_Am packet from [ip hidden] with incompatible capabilites
Can anyone advise on this issue, does this 6500 not have the hardware redirect/rewrite capability? My WAE is directly connected to the 6500 WS-X6548-GE-TX blade on the same vlan that I am doing a wccp redirect on.
interface g3/4
description WAE-7341
switchport access vlan 600
interface VLAN 600
ip wccp web-cache redirect in
Solved! Go to Solution.
02-01-2011 12:18 PM
Any method, ideally you don't place the WAE on the same incoming VLAN as the user(s).
02-01-2011 07:14 AM
ip wccp web-cache redirect in should be entered on the user facing VLAN, not on the VLAN facing the web caching engine.
Please refer to this article for Best Practices http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11-629052.html
Regards,
Edison
02-01-2011 07:31 AM
This WAE is outside the firewall.
[inside - 10.0.0.0/8]:ASA FW:[outside - vlan 600]
default route on ASA is my VLAN 600 SVI on the 6500. On this SVI I have WCCP redirect IN. The WAE is also on Vlan 600.
Please advise.
02-01-2011 09:43 AM
You are redirecting every web content back to the WAE with such design. This is causing a loop.
The design must have WCCP redirect-in on user facing VLAN and all web related flows would be redirected to your WAE.
I don't clear understand your network topology. Can you provide some diagrams?
02-01-2011 10:27 AM
Thanks for the response Edison. Attached is a quick drawing of the topology.
Traffic enters the firewall, comes in on the 6500, the 6500 redirects to webcache.
Let me know if the loop occurs in this topology.
02-01-2011 11:09 AM
You need to create an exception for the WAE so any traffic coming from this device isn't redirected in.
The link I provided has that info.
02-01-2011 11:12 AM
I see what your saying but that only applies to layer 2 redirect/return? Not for GRE ?
02-01-2011 12:18 PM
Any method, ideally you don't place the WAE on the same incoming VLAN as the user(s).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide