WAAS, WCCP and Dual Routers with Dual Circuits Load Balanced

CoetzerJ · ‎09-02-2008

Have a scenario where WAAS is being implemented. The challenge we face is this:

1. WAAS is being implemented at headoffice and all sites. Each site, including headoffice, have dual routers with dual links into an MPLS environment, and two WAE appliances are installed in WCCP at the head office.

2. WAE registers through WCCP with both the routers and all seems operational, ie checking wccp stats on WAE and on router.

3. The traffic on the two links, running of the seperate routers, are load balancing using routing protocol.

Concerns:

1. How will the routers determine which WAE is servicing the request? Traffic could potentially run up one link and come back down the other link, breaking the optomization.

2. Another Observation that was made that as soon as WAE is up and running and registered with the routers through WCCP. The HSRP address on the LAN side of the link is no longer accessible, you can connect to the physical interface, but not the HSRP IP Address.

Anyone have any ideas? or any guidlines on implementing WAAS in the above scenario?

Thanks for your help!

mlouis · ‎09-03-2008

We implemented a simpler solution a couple years ago and it is working well. We had two routers configured with a single link to the MPLS cloud on each device. They had 4 port esw cards installed in each router. These cards connected to a common switch where the WAE were installed. The routers were then dual homed into the distribution core. Prior to 4.0.13 with the negotiated return option, the WAE would receive a wccp redirected packet with a gre header and then return the packet to the default gateway. The redirecting router would send traffic to the wae based on a hash algorithm that it built and that was common across the cluster. All traffic from all redirecting routers would hash out to the same wae based on source/destination ip address depending on what ip wccp service was being used. The WCCP RFC provides more clarity on this, i am little fuzzy on the specifics but this is how it works. Once the wae received the packet we had to make sure it got to the servers and then was returned to the same WAE (handled by WCCP hashing again) and then we used HSRP Virtual IP as the gateway. You could do this with multiple WAE and just configure dual HSRP groups and point one wae at one router and the other wae at the other router providing failover. The one thing that we did learn was that we had to configure HSRP interface tracking on the WAN interfaces to ensure that the groups would fail over with a wan failure. This was due to the best route to the destination being learned from the core when the wan failed. Otherwise the packets could indefinately loop.

CoetzerJ · ‎09-03-2008

Hi,

After much digging and labbing I think we mastered the solution.

1. Running GLB between the LAN interfaces of the routers.

2. Running Dual Instances of HSRP on the WAE interfaces on the routers, this allows us to set the default gateway on alternate WAE's to point to different routers, ensuring we add to the loadbalancing that is happening in routing.

3. Normal wccp 61 and 62 config.

4. Redirect List to manage the management traffic to the router, cause these go into a loop for some reason.

So far so good, will have to see when we go live with the configuration what happens, but the lab testing went ok.

mlouis · ‎09-04-2008

I usually include an ACL for management traffic as you note such as telnet/tacacs/snmp/etc. None of those are optimized by WAAS anyways, there are just passthroughed the device. In addition, i like to add each site that i am planning on accelerating into the ACL as a permit to ensure that we are not redirecting traffic to the WAE that will not get autodiscovered by another WAE on the remote side.

CoetzerJ · ‎09-05-2008

Adding the sites as we roll them out to the redirect list is an awesome idea. The problem is just we cannot interface with the service provider all the time to make the changes. (big process).

Thanks for the suggestion. will keep it in mind for the next project where we manage the WAN.

mlouis · ‎09-05-2008

If you manage the WAE, you can write the ACL in the WAAS ACL on that box instead. I know there is a bypass option for file servers.