WSA deployment strategy when deploying multiple devices in transparent mode

sadik.sener1 · ‎06-19-2017

Hi all,

I have a pair of S390. We want to deploy them in transparent mode. Our target is to redirect the web traffic using WCCP.

I found this article and read the answer already.

https://supportforums.cisco.com/discussion/11753771/wsa-redundancy-and-wccp-questions

The answer is satisfactory for me. I would like to use both boxes active, to achieve better performance.

My concern is about the load balancing and the TCP states etc. The answer on the link says : "they're all in the WCCP cluster, with the router doing the load balancing beween the detected proxies"

Can someone confirm that if this statement is still valid? If wccp handles this distribution smoothly , i'll use it. If not, i'll use the load balancer as a distribution point.

Kind regards.

Sadik

Ken Stieers · ‎06-19-2017

Yes, that's how WCCP works.

How the data gets spread is based on what you choose, mask or hash, and what hash you use.

https://notalwaysthenetwork.com/2015/02/05/deep-dive-into-load-balancing-with-wccp/

The other thing to note is you want to make sure the acl you use on the firewall has denies for the 2 WSA's. Otherwise you can end up with loops.

access-list WCCP_Redirect extended deny ip any object-group our-Internal
!WSA1

access-list WCCP_Redirect extended deny ip host 172.16.15.10 any

!WSA2

access-list WCCP_Redirect extended deny ip host 172.16.15.27 any
access-list WCCP_Redirect extended permit ip object-group our-Internal any

wccp 90 redirect-list WCCP_Redirect password *****
wccp interface inside 90 redirect in