WCCP breaks Application Traffic

Answered Question
Mar 12th, 2007

Hello Friends,

I have setup a test WAAS setup. The remote site connects to the main site through a site-to-site VPN connection. Cisco 1841 router is doing WCCP redirection at the remote end without any access lists. So all the traffic is being intercepted. I have set it up as explained in the WAAS quick config guide. File services are working fine but email, http and citrix traffic is being blocked somewhere in the network. This means WAFS is working but application acceleration is not at all working.. When I disable WCCP, everything works.

What am I doing wrong here?

thanks

Ankit

I have this problem too.
0 votes

Ankit,

Per Cisco the

Minimum Recommended Versions (IOS Routing Platforms) for WCCP w/ WAAS are

M Train

12.4(10)

T Train

12.4(9)T1

You might want to try upgrading your IOS to 12.4(10) or the T train if possible. I would start there.

Found these caveats on 12.4 code

?CSCuk61396

Symptoms: WCCP service redirection may not work. In particular, packets that are rejected by a third-party vendor appliance device and are returned to the router for normal forwarding may be discarded.

Conditions: This symptom is observed on a Cisco router when NAT or Cisco IOS Firewall features are enabled on the same interfaces that have WCCP enabled.

Workaround: There is no workaround.

HTH

Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Ankit,

It sounds like you might have a routing loop. Does this DOS on application traffic affect pings as well or is it just tcp application traffic that is affected? Where are you applying redirect statements at the remote site and at the core?

Can you post a drawing of your traffic flow between client and server and configs if possible?

As a general rule i always use redirect ACLs to prevent certain traffic - TACACs for example from getting looped in HA routing scenarios. All depends on your topology though.

ankit_parikh Tue, 03/20/2007 - 18:47

Hi Michael,

My access lists are just permitting tcp traffic to and from that remote site. I can VNC to a machine on that site but my session doesn't last longer than a few seconds.

I changed my application policies to bypass email,http and vnc traffic and things started working fine. But this destroys the purpose of application acceleration, doesn't it?

Then I tried running PBR as opposed to WCCP version2 and guess what, everything worked using the same access-list I had. Which is why is said WCCP breaks application traffic.

I posted this query more than 15 days ago and no one seemed to reply. Luckily, I happened to figure out a solution and since you took the effort to reply to my post I thought I would share it with you.

thanks for your reply

Ankit

ankit_parikh Thu, 03/22/2007 - 16:51

Hi Michael,

The WAE's are sitting on a separate subnet at each site. I read the requirements for WAAS setup which mentions having a separate subnet for the WAE.

IOS version on the 1841 router:

Version 12.4(1a), RELEASE SOFTWARE (fc2)

Ankit

Correct Answer

Ankit,

Per Cisco the

Minimum Recommended Versions (IOS Routing Platforms) for WCCP w/ WAAS are

M Train

12.4(10)

T Train

12.4(9)T1

You might want to try upgrading your IOS to 12.4(10) or the T train if possible. I would start there.

Found these caveats on 12.4 code

?CSCuk61396

Symptoms: WCCP service redirection may not work. In particular, packets that are rejected by a third-party vendor appliance device and are returned to the router for normal forwarding may be discarded.

Conditions: This symptom is observed on a Cisco router when NAT or Cisco IOS Firewall features are enabled on the same interfaces that have WCCP enabled.

Workaround: There is no workaround.

HTH

Mike

Actions

This Discussion