WCCP Multicast with 6500

Answered Question
Oct 7th, 2008

I have two 6500s (6509-1 and 6509-2)and two WAE-674 devices. I am trying to configure these devices in a redundant way. However the WAEs form wccp relation only with the 6509-2.

6509-2#sh ip wccp 61 detail

WCCP Cache-Engine information:

Web Cache ID: 172.27.249.65

Protocol Version: 2.0

State: Usable

Redirection: GRE

Packet Return: GRE

Assignment: HASH

Initial Hash Info: 00000000000000000000000000000000

00000000000000000000000000000000

Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

00000000000000000000000000000000

Hash Allotment: 128 (50.00%)

Packets Redirected: 0

Connect Time: 00:36:19

Web Cache ID: 172.27.249.66

Protocol Version: 2.0

State: Usable

Redirection: GRE

Packet Return: GRE

Assignment: HASH

Initial Hash Info: 00000000000000000000000000000000

00000000000000000000000000000000

Assigned Hash Info: 00000000000000000000000000000000

FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Hash Allotment: 128 (50.00%)

Packets Redirected: 0

Connect Time: 00:36:18

however on the 6509-1

6509-1#sh ip wccp 61 detail

WCCP Cache-Engine information:

Web Cache ID: 172.27.249.66

Protocol Version: 2.0

State: NOT Usable

Redirection: L2

Packet Return: L2

Packets Redirected: 0

Connect Time: 01:17:18

Assignment: MASK

Web Cache ID: 172.27.249.65

Protocol Version: 2.0

State: NOT Usable

Redirection: L2

Packet Return: L2

Packets Redirected: 0

Connect Time: 00:00:15

Assignment: MASK

Redirection (L2 on 6509-1 and GRE on the 6509-2) methods are shown differently on the 6500 switches.

However the configurations on the WAE side is same:

HOAE1674#sh run

<outputs omitted>

primary-interface Standby 1

!

!

interface Standby 1

ip address 172.27.249.65 255.255.255.240

exit

!

interface GigabitEthernet 1/0

standby 1 priority 250

exit

interface GigabitEthernet 2/0

standby 1

exit

!

!

!

ip default-gateway 172.27.249.78

!

<outputs omitted>

!

wccp router-list 1 224.10.10.10

wccp tcp-promiscuous router-list-num 1

wccp version 2

And the 6500 configurations:

6509-2#sh run int vlan 311

interface Vlan311

description WAAS-Normal

ip address 172.27.249.77 255.255.255.240

ip wccp 61 group-listen

ip wccp 62 group-listen

ip pim dense-mode

standby 211 ip 172.27.249.78

6509-2#sh run | i redire

ip wccp 61 group-address 224.10.10.10 redirect-list 101

ip wccp 62 group-address 224.10.10.10 redirect-list 102

I know that L2-redirection and masking advised on the 6500s, however when I configure, 6500 sh ip wccp output shows that GRE masking is used.

The WAE devices are connected directly to the 6509-2, I suspected a multicast issue, to test I shutdown the 6509-2 vlan interface but no help

The version on the 6500s are same (12.2SXF8), as I know that 12.2SXF14 is suggested. However a software upgrade requires a lot of change management procedures. I want to be sure that I did not make a configuration mistake.

Correct Answer by dstolt about 8 years 4 months ago

I don't see L2-return on your original configs, but you are correct L2-return isn't needed for 6500.

With the bad buckets increasing, check out CSCsh98343. It's present in SXF6-10 and results from an ACL conflicting with your redirect list and dropping the traffic. You can try the workaround in the DDTS which will be to create a separate ACL for each service and reverse the direction you are intercepting traffic (61 on the LAN and 62 on the WAN). However, before doing that, I would still consider SXF14+ if you are going to make an IOS jump for WCCP features.

Dan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
dstolt Tue, 10/07/2008 - 10:56

I would change your wae configs to the following...

wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign

That will configure your WAEs to use mask and L2. Maybe try and make sure that works with unicast and then try to get multicast up and running.

Also, on your IOS, be aware of CSCsi05906 since you are using Standby Interfaces on your WAEs. I would strongly consider SXF14 or 15.

Let me know if that works.

Thanks,

Dan

b.sahin Wed, 10/08/2008 - 04:46

Thanks Dan, Matthew

After I remove l2-return, wccp seems to be ok:

HOAE1674#sh run | i wccp

wccp router-list 1 224.10.10.10

wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign

wccp version 2

6509-1#sh ip wccp 61

Global WCCP information:

Router information:

Router Identifier: 192.168.2.253

Protocol Version: 2.0

Service Identifier: 61

Number of Cache Engines: 2

Number of routers: 2

Total Packets Redirected: 0

Redirect access-list: 101

Total Packets Denied Redirect: 13843

Total Packets Unassigned: 0

Group access-list: -none-

Total Messages Denied to Group: 0

Total Authentication failures: 0

6509-1#sh ip wccp 61 de

WCCP Cache-Engine information:

Web Cache ID: 172.27.249.66

Protocol Version: 2.0

State: Usable

Redirection: L2

Packet Return: GRE

Packets Redirected: 0

Connect Time: 01:32:23

Assignment: MASK

Mask SrcAddr DstAddr SrcPort DstPort

---- ------- ------- ------- -------

0000: 0x00001741 0x00000000 0x0000 0x0000

Value SrcAddr DstAddr SrcPort DstPort CE-IP

----- ------- ------- ------- ------- -----

0032: 0x00001000 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)

0033: 0x00001001 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)

0034: 0x00001040 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)

0035: 0x00001041 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)

0036: 0x00001100 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)

0037: 0x00001101 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)

0038: 0x00001140 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)

Now I am trying to redirect packets over the these appliances.

However TCP connections could not be established between redireced subnets. I can sniff that packet is forwarded to the WAAS but it did not send a respond. I saw that bad bucket error are incrementing when I try new connections.

HOAE1674#sh wccp gre | i buckets

Packets dropped due to bad buckets: 516

regards,

Bulent

Correct Answer
dstolt Wed, 10/08/2008 - 05:50

I don't see L2-return on your original configs, but you are correct L2-return isn't needed for 6500.

With the bad buckets increasing, check out CSCsh98343. It's present in SXF6-10 and results from an ACL conflicting with your redirect list and dropping the traffic. You can try the workaround in the DDTS which will be to create a separate ACL for each service and reverse the direction you are intercepting traffic (61 on the LAN and 62 on the WAN). However, before doing that, I would still consider SXF14+ if you are going to make an IOS jump for WCCP features.

Dan

b.sahin Thu, 10/09/2008 - 05:15

Thanks Dan,

Somehow bad buckets are not increasing anymore (I have removed and reconfigured wccp definitions on the WAE), it seems to be working fine. I will upgrade the 6500 asap.

Bulent

TYLER WEST Thu, 01/15/2009 - 09:31

I am a bit confused on this response. Why does the 6500 not need l2-return? I can't seem to find any supporting documentation. When I configure mine like this, WCCP seems to set up fine but when I look at WCCP on the 6500 it shows the return method as GRE. All of the docs say that traffic returned as GRE is not processed in hardware. So I need L2 return but as soon as I configure that on the WAE it breaks the WCCP connection between the WAE and the 6500.

Tyler

matthewevenden Wed, 10/08/2008 - 00:36

on the wae device you may want to add

wccp router-list <6509-1-ip> <6509-2-ip>

wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign

Actions

This Discussion