WCCP and ISDN / Dialer

pthaynes · ‎05-05-2008

We have two routers running the same IOS version in our core - c7200-is-mz.123-10a.bin. One terminates a number of tunnels and the other has a number of dialer interfaces associated with an ISDN PRI. Each of our site routers has a tunnel going to the core (via an ADSL connection) and a backup ISDN interface with a dialer configured. When we are running on the primary links everything works fine. When we are running on the backup links (the ISDN) WCCP redirection seems to prevent clients from accessing services on TCP in the core (I can telnet to the core ISDN router from a PC on site, but can't access anything else). Ping always works fine - hence my suspicions about WCCP. If I disable WCCP on the core router with the ISDN links backup connections work fine.

Our remote routers use c2800nm-advsecurityk9-mz.124-11.T4.bin.

My question is - is there any issue with WCCP redirection and dialer interfaces?

Below is the relevant config for the routers that don't work (addresses, names and numbers have been sanitized.

corerouter#

ip wccp 61

ip wccp 62

interface Dialer183

description Backup DoD for remote site

bandwidth 64

ip address 192.168.1.1 255.255.255.252

ip wccp 61 redirect out

ip wccp 62 redirect in

encapsulation ppp

dialer pool 2

dialer remote-name siterouter

dialer idle-timeout 300

dialer enable-timeout 60

dialer wait-for-carrier-time 10

dialer caller 222222

dialer-group 1

snmp ifindex persist

ppp authentication chap

End

siterouter#sh run

ip wccp 61

ip wccp 62

interface Dialer1

description Backup DoD to the core via ISDN

bandwidth 64

ip address 192.168.1.2 255.255.255.252

ip wccp 62 redirect in

encapsulation ppp

dialer pool 2

dialer remote-name corerouter

dialer idle-timeout 300

dialer enable-timeout 60

dialer wait-for-carrier-time 10

dialer string 111111

dialer caller 222222

dialer-group 2

ppp authentication chap

end

Zach Seils · ‎05-06-2008

Peter,

I am not aware of any specific issues with WCCP interception on dialer interfaces.

Can you try disabling CEF on the dialer interface and see if that makes a difference?

Thanks,

Zach

pthaynes · ‎05-07-2008

Zach,

I've tried that as you suggested and it made no difference. I had seen a bug on the bugtracker about process switched packets possibly not being WCCP redirected correctly, so I have also tried ensuring that CEF was enabled, and removing compression in case that made the packets process switch.

I have also tried removing the multilink and ensuring that only one ISDN B channel is pulled up for that dialer interface. That made no difference.

I have verified that it is the router in the core that is causing the issue because I can have the remote site connect to the core via ISDN and have WAAS optimise traffic from that remote site to another remote site via the core (if I disable WCCP in the core).

Thanks,

Peter

pthaynes · ‎05-12-2008

Zach,

A little further investigation has shown that WCCP is not working properly for ANY traffic on that particular router (it is a 7204VXR with NPE225). The other router - a 7206VXR with NPE300 is working fine. Both are flagged for replacement and IOS upgrade before June 30 - so I won't dig into it any further. My only thoughts were that maybe I could use the Negotiated return egress method in case IP forwarding was the problem. I may still do that depending on how critical my project sees the backup links.

Thanks,

Peter

pthaynes · ‎05-13-2008

OK - I feel like such a fool. I looked at the network diagram and realised that Negotiated return is needed in our configuration. I'll configure that and I am sure it will all work fine.

Thanks for your help.

Peter