cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1079
Views
0
Helpful
8
Replies

WCCP supported on BVI??

dan.tesch
Level 1
Level 1

I am implementing a WAN optimization product and I need to get

WCCP working for it to work properly - problem is, I only h

ave  2960 switches and a PIX (6.3.5) at my datacenter so there is no support for WCCP there.

I have been racking my brain and thought that I might be able to employ a 2801 router I have available to get this going.

Does anyone know if it would work if I put the router inline as a bridge between a switch and the PIX (default g/w) and then on the BVI I configured WCCP? would I get the redirects to my WAN appliance the same as if WCCP could be run on the PIX or a L3 switch?

8 Replies 8

Richard Burts
Hall of Fame
Hall of Fame

Dan

I have not attempted to configure WCCP on a BVI so I can not speak from experience. But I have configured WCCP on other types of virtual interfaces (specifically on VLAN interfaces) and it works. So I would expect that WCCP should work on the BVI. If you do try it, please post back to the forum and let us know how it work out.

HTH

Rick

HTH

Rick

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

Instead of configuring the 2800 as a bridge, can you just configure one

interface in the same LAN segment as PIX and 2960? If you can do that, then

that interface IP can become the default gateway for your entire LAN segment

and the PIX will become default gateway for your router. So, traffic will

enter and exit out of the same interface. Now you can configure WCCP on 2800

interface.

Hope this helps.

Regards,

NT

Sure, that makes sense and I will try that - I was looking at the bridging option because I want to put something inline. I have a SAN that is (according to the manufacturer and the WAN acceleration supplier) doing some route caching so when it sees return traffic from the real gateway it uses that information and all of the replication traffic I'm trying to optimize goes out the gateway and bypasses the accelerator - thus they want me to use WCCP but I don't have access to that in this datacenter - therefore, me trying to be clever and getting a headache.

I'm reading up on proxy arp a bit, is it possible for me to utilize that or something similar so that I can have my inline router pretend to be the default gateway and perhaps mask the existence of the real gateway and the SAN will not be able to see it at all?

Hello,

While you can enable proxy-arp on the 2800, that would affect rest of your

network as well.

In your set-up, the best approach would be to make the SAN device believe

that the WAN accelerator is the default gateway. Would it be possible for

you to configure a static ARP entry on the SAN device that points default

gateway IP (PIX IP) to WAN accelerators MAC address? In this way,

irrespective of the routes learnt by the SAN device, at Layer 2, everything

will be forwarded to the WAN accelerator. On the WAN accelerator side, you

need to operate in the promiscuous mode.

Other option is to put the 2800 in the routed mode between the PIX and rest

of the network. 2800 will act as a regular router and route traffic between

your LAN and the PIX. So, in this setup, you can configure PBR and forward

all traffic originated from the SAN devices to the WAN accelerator while the

remaining traffic goes un-touched.

Hope this helps.

Regards,

NT

First, let me say thanks for the help with the Saturday afternoon brainstorming!

To the first point about the proxy-arp and other devices on the network, I don't think it matters much since the other things would be iSCSI initiators and wouldn't ever need to route outside of this subnet.

The SAN appliance is the problem here, no GUI or CLI ability to set a static ARP or route and what I originally thought would work is to simply change the default gateway of the SAN to that of the accelerator and the accelerator's gateway would be the PIX... worked at first but then stopped working. The SAN manufacturer and the accelerator support both confirm the SANs behavior of learning the original path.

I'm also considering the standard router option mentioned, the only thing is that I think I'd have a lot of work to do to change configs elsewhere for VPNs & firewall rules, etc. one additional problem is that the PIX is managed by our datacenter NOC and I have to go through a helpdesk to make changes - I don't mind fiddling with things that don't end up working when it is on my own equipment but I hate to bother other folks with my learning on the fly so I was hoping to implement something inline on my network.

Hello,

How does the WAN accelerator work? How does the SAN device cache the route?

Would it be possible for you to add a static ARP entry on the PIX with SAN

device IP pointing to WAN accelerator MAC address? This way, all return

traffic from the PIX to the SAN device will go through the WAN accelerator.

Regards,

NT

I was hoping someone would have solved a similar issue before, I guess I'm going to be labbing this up this week. If I obtain a successful configuration I'll update this thread.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco