How can I do for WSA works in high availability, I mean when one of them stops working for any reason to have another WSA to lift services or entry mode failover???
High availability with the WSA can be achieved by the various deployment methods.
1. PAC files can contain entries directing clients to multiple WSA's based upon various network factors or machine characeteristics.
2. WCCP protocol includes load sharing across multiple WSA
3. Manually configuring clients to different WSA
4. Automatic configuration scripts to point users to specific WSA's based upon subnets, etc
5. Load Balancers that redirect clients to a VIP that points to multiple WSA
6. Layer 4 redirection that can distribute load across multiple devices.
It is not possible to create a VIP for multiple WSA without using an external device like a load balancer to create the VIP and distribute the load. There are no built in load balancing mechanisms on the WSA. WCCP will balance the load across a number of devices but that doesn't involve using a VIP.
1. No dependency on WSA to achieve active/active. WCCP takes care of redirecting traffic between multiple units.
2. Distribution while not guaranteed to be equally distributed generally will be close to equal distribution. The distribution is done either by hash or mask of the client IP address but in general it will be close enough to equal.
3. capacity handling capability is not tied to wccp, wccp will load balance clients irrelevant of what size WSA you have which means you don't want to have 2 - S680's and 1 S380 in a WSA pool as currently WSA does not support weighted wccp so in this case it would split the traffic evenly across 3 devices which may cause performance issues on the S380
4. Your question sounds like you are looking for guidance on sizing the appropriate WSA for traffic. We size based on traffic pattern not number of users. I would recommend you contact your partner or Cisco engineer for more details about sizing.
Thanks a lot for your answer. But I still have some doubts which requires your expertise.
1) The dependency i meant here is towards how to achieve active/active. For example, is it must use WCCP v1 or v2 compliant routers or switches, brand of the routers or switches, need external load balancer, all WCCP client (WSA) must use same model or what?
2) Assuming that the customer will deploy in transparent mode using WCCP running HA and the load distribution not guaranteed but close enough to equally between multiple WSAs. What is the difference if the customer have 10K or 14K number of users? Can I propose S380 for 10K and S680 for 14K? Or just propose S680 is better? If I understand correctly, S380 and S680 can support maximum 6K and 12K users respectively.
Why I mentioned S380 for 10K is because if the load is equally distributed between two WSA, WSA1 will handle 5K and another one handle 5K. While for 14K can propose S680, because if the load is equally distributed, 7K handled by WSA1 and another 7K handled by WSA2.
I really need to clearly know how the licensing works and how much user license i need to quote to the customer.
Much appreciated for your help!
1. No, no dependency other than a complete implementation of WCCPv2. So if its some router other than Cisco, and its really doing WCCPv2, it should work (TEST it before you sell it though...) Based on the questions that pop up in this forum, most run in on their ASA, but there are many that use various switching platforms too.
You can WCCP to what ever WSA's you want. S170/S370/S100V/S680, but be prepared to chase performance questions if you load a S170 and S680 and expect them to handle the load 50/50.
2. call your local Cisco engineer for load questions. 50k users that barely use the web vs. 100 users that live on it are VERY different... its NOT user count, its web load...
For licensing questions call your local Cisco rep, but in general, its licensed per user... you can spin up as many WSAs as you want...
Since this thread is two years old, we have introduced a high availability VIP but it is designed to be used with explicit traffic redirection, PAC file etc not wccp.