10-07-2008 09:56 AM
I have two 6500s (6509-1 and 6509-2)and two WAE-674 devices. I am trying to configure these devices in a redundant way. However the WAEs form wccp relation only with the 6509-2.
6509-2#sh ip wccp 61 detail
WCCP Cache-Engine information:
Web Cache ID: 172.27.249.65
Protocol Version: 2.0
State: Usable
Redirection: GRE
Packet Return: GRE
Assignment: HASH
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
00000000000000000000000000000000
Hash Allotment: 128 (50.00%)
Packets Redirected: 0
Connect Time: 00:36:19
Web Cache ID: 172.27.249.66
Protocol Version: 2.0
State: Usable
Redirection: GRE
Packet Return: GRE
Assignment: HASH
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: 00000000000000000000000000000000
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 128 (50.00%)
Packets Redirected: 0
Connect Time: 00:36:18
however on the 6509-1
6509-1#sh ip wccp 61 detail
WCCP Cache-Engine information:
Web Cache ID: 172.27.249.66
Protocol Version: 2.0
State: NOT Usable
Redirection: L2
Packet Return: L2
Packets Redirected: 0
Connect Time: 01:17:18
Assignment: MASK
Web Cache ID: 172.27.249.65
Protocol Version: 2.0
State: NOT Usable
Redirection: L2
Packet Return: L2
Packets Redirected: 0
Connect Time: 00:00:15
Assignment: MASK
Redirection (L2 on 6509-1 and GRE on the 6509-2) methods are shown differently on the 6500 switches.
However the configurations on the WAE side is same:
HOAE1674#sh run
<outputs omitted>
primary-interface Standby 1
!
!
interface Standby 1
ip address 172.27.249.65 255.255.255.240
exit
!
interface GigabitEthernet 1/0
standby 1 priority 250
exit
interface GigabitEthernet 2/0
standby 1
exit
!
!
!
ip default-gateway 172.27.249.78
!
<outputs omitted>
!
wccp router-list 1 224.10.10.10
wccp tcp-promiscuous router-list-num 1
wccp version 2
And the 6500 configurations:
6509-2#sh run int vlan 311
interface Vlan311
description WAAS-Normal
ip address 172.27.249.77 255.255.255.240
ip wccp 61 group-listen
ip wccp 62 group-listen
ip pim dense-mode
standby 211 ip 172.27.249.78
6509-2#sh run | i redire
ip wccp 61 group-address 224.10.10.10 redirect-list 101
ip wccp 62 group-address 224.10.10.10 redirect-list 102
I know that L2-redirection and masking advised on the 6500s, however when I configure, 6500 sh ip wccp output shows that GRE masking is used.
The WAE devices are connected directly to the 6509-2, I suspected a multicast issue, to test I shutdown the 6509-2 vlan interface but no help
The version on the 6500s are same (12.2SXF8), as I know that 12.2SXF14 is suggested. However a software upgrade requires a lot of change management procedures. I want to be sure that I did not make a configuration mistake.
Solved! Go to Solution.
10-08-2008 05:50 AM
I don't see L2-return on your original configs, but you are correct L2-return isn't needed for 6500.
With the bad buckets increasing, check out CSCsh98343. It's present in SXF6-10 and results from an ACL conflicting with your redirect list and dropping the traffic. You can try the workaround in the DDTS which will be to create a separate ACL for each service and reverse the direction you are intercepting traffic (61 on the LAN and 62 on the WAN). However, before doing that, I would still consider SXF14+ if you are going to make an IOS jump for WCCP features.
Dan
10-07-2008 10:56 AM
I would change your wae configs to the following...
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign
That will configure your WAEs to use mask and L2. Maybe try and make sure that works with unicast and then try to get multicast up and running.
Also, on your IOS, be aware of CSCsi05906 since you are using Standby Interfaces on your WAEs. I would strongly consider SXF14 or 15.
Let me know if that works.
Thanks,
Dan
10-08-2008 04:46 AM
Thanks Dan, Matthew
After I remove l2-return, wccp seems to be ok:
HOAE1674#sh run | i wccp
wccp router-list 1 224.10.10.10
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign
wccp version 2
6509-1#sh ip wccp 61
Global WCCP information:
Router information:
Router Identifier: 192.168.2.253
Protocol Version: 2.0
Service Identifier: 61
Number of Cache Engines: 2
Number of routers: 2
Total Packets Redirected: 0
Redirect access-list: 101
Total Packets Denied Redirect: 13843
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
6509-1#sh ip wccp 61 de
WCCP Cache-Engine information:
Web Cache ID: 172.27.249.66
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: GRE
Packets Redirected: 0
Connect Time: 01:32:23
Assignment: MASK
Mask SrcAddr DstAddr SrcPort DstPort
---- ------- ------- ------- -------
0000: 0x00001741 0x00000000 0x0000 0x0000
Value SrcAddr DstAddr SrcPort DstPort CE-IP
----- ------- ------- ------- ------- -----
0032: 0x00001000 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)
0033: 0x00001001 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)
0034: 0x00001040 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)
0035: 0x00001041 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)
0036: 0x00001100 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)
0037: 0x00001101 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)
0038: 0x00001140 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)
Now I am trying to redirect packets over the these appliances.
However TCP connections could not be established between redireced subnets. I can sniff that packet is forwarded to the WAAS but it did not send a respond. I saw that bad bucket error are incrementing when I try new connections.
HOAE1674#sh wccp gre | i buckets
Packets dropped due to bad buckets: 516
regards,
Bulent
10-08-2008 05:50 AM
I don't see L2-return on your original configs, but you are correct L2-return isn't needed for 6500.
With the bad buckets increasing, check out CSCsh98343. It's present in SXF6-10 and results from an ACL conflicting with your redirect list and dropping the traffic. You can try the workaround in the DDTS which will be to create a separate ACL for each service and reverse the direction you are intercepting traffic (61 on the LAN and 62 on the WAN). However, before doing that, I would still consider SXF14+ if you are going to make an IOS jump for WCCP features.
Dan
10-09-2008 05:15 AM
Thanks Dan,
Somehow bad buckets are not increasing anymore (I have removed and reconfigured wccp definitions on the WAE), it seems to be working fine. I will upgrade the 6500 asap.
Bulent
01-15-2009 09:31 AM
I am a bit confused on this response. Why does the 6500 not need l2-return? I can't seem to find any supporting documentation. When I configure mine like this, WCCP seems to set up fine but when I look at WCCP on the 6500 it shows the return method as GRE. All of the docs say that traffic returned as GRE is not processed in hardware. So I need L2 return but as soon as I configure that on the WAE it breaks the WCCP connection between the WAE and the 6500.
Tyler
10-08-2008 12:36 AM
on the wae device you may want to add
wccp router-list <6509-1-ip> <6509-2-ip>
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: