Problem WAAS when active WCCP

Unanswered Question
Dec 29th, 2008

Hello everybody,

I have a problem, when i active wccp in the router that face to WAN. after 2 hours the link of router become slow in the applications outlook, applications over citrix, file sharing, etc these servers are in other site.

wait your help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ebreniz Fri, 01/02/2009 - 09:53

WCCP Multiple Configurations causes high CPU

For further information please follow the bug CSCeh13292.

ropethic Sat, 01/03/2009 - 11:28

What router platform and IOS version. Also is outbound or inbound or inbound redirection being used?

Please refer to the attached platform / IOS recommendations as wel las configuration guidelines.

Alvaro Perez Unzueta Sat, 01/03/2009 - 13:34

Hello ropethic,

thank you for your response the show version is the follow:

Border-Router#sh ver

Cisco IOS Software, 3800 Software (C3845-ENTSERVICESK9-M), Version 12.4(15)T7, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2008 by Cisco Systems, Inc.

Compiled Thu 14-Aug-08 00:14 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

Border-Router uptime is 2 days, 23 hours, 25 minutes

System returned to ROM by power-on

System restarted at 07:58:28 GMT Fri Dec 26 2008

System image file is "flash:c3845-entservicesk9-mz.124-15.T7.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

[email protected].

Cisco 3845 (revision 1.0) with 217088K/45056K bytes of memory.

Processor board ID FTX1105A3XA

3 Gigabit Ethernet interfaces

66 Serial interfaces

1 terminal line

2 Channelized E1/PRI ports

1 cisco Integrated Service Engine(s)

Cisco WLAN Controller 5.1.151.0 in slot 4

DRAM configuration is 64 bits wide with parity enabled.

479K bytes of NVRAM.

62720K bytes of ATA System CompactFlash (Read/Write)

Configuration register is 0x2102

and the output is:

Border-Router#sh ip wccp

Global WCCP information:

Router information:

Router Identifier: 172.25.0.1

Protocol Version: 2.0

Service Identifier: 61

Number of Service Group Clients: 1

Number of Service Group Routers: 1

Total Packets s/w Redirected: 195742

Process: 195742

Fast: 0

CEF: 0

Service mode: Open

Service access-list: -none-

Total Packets Dropped Closed: 0

Redirect access-list: 130

Total Packets Denied Redirect: 1414569

Total Packets Unassigned: 0

Group access-list: -none-

Total Messages Denied to Group: 0

Total Authentication failures: 0

Total Bypassed Packets Received: 0

Service Identifier: 62

Number of Service Group Clients: 1

Number of Service Group Routers: 1

Total Packets s/w Redirected: 322630

Process: 88491

Fast: 59707

CEF: 174432

Service mode: Open

Service access-list: -none-

Total Packets Dropped Closed: 0

Redirect access-list: 140

Total Packets Denied Redirect: 1613449

Total Packets Unassigned: 0

Group access-list: -none-

Total Messages Denied to Group: 0

Total Authentication failures: 0

Total Bypassed Packets Received: 0

Alvaro Perez Unzueta Sat, 01/03/2009 - 13:56

Hello ropethic,

other output:

Border-Router#sh access-lists 130

Extended IP access list 130

10 permit ip 172.29.0.0 0.0.255.255 172.22.0.0 0.0.255.255 (195742 matches)

20 permit tcp any any eq 1720

Router-Border#sh access-lists 140

Extended IP access list 140

10 permit tcp any eq 1720 any (10 matches)

20 permit ip 172.22.0.0 0.0.255.255 172.29.0.0 0.0.255.255 (528770 matches)

30 permit tcp any any eq 1720 (357 matches)

Part of the configuration is:

Border-Router#sh run

Building configuration...

!

version 12.4

!

hostname Border-Router

!

ip wccp 61 redirect-list 130

ip wccp 62 redirect-list 140

ip cef

!

!

interface Loopback0

ip address 172.25.0.1 255.255.252.0

no ip route-cache cef

no ip route-cache

!

interface GigabitEthernet0/0

description Lan

bandwidth 100000

no ip address

ip accounting access-violations

no ip route-cache cef

ip route-cache flow

no ip mroute-cache

duplex full

speed auto

media-type sfp

negotiation auto

!

interface GigabitEthernet0/0.10

description LAN

encapsulation dot1Q 1 native

ip address 172.23.207.10 255.255.255.252 secondary

ip address 192.168.31.250 255.255.255.0 secondary

ip address 172.29.202.250 255.255.0.0

ip helper-address 172.21.200.11

ip flow ingress

ip flow egress

ip policy route-map DATOS

ip wccp 61 redirect in

ip wccp 62 redirect out

!

interface GigabitEthernet0/0.300

encapsulation dot1Q 300

ip address 192.168.20.1 255.255.255.0

ip wccp redirect exclude in

!

interface Serial1/0

description WAN

bandwidth 2048

ip address 10.144.193.142 255.255.255.252

ip accounting output-packets

ip accounting precedence output

ip load-sharing per-packet

ip nbar protocol-discovery

encapsulation ppp

ip route-cache flow

no ip mroute-cache

load-interval 30

serial restart-delay 0

!

interface Serial1/2

description WAN

bandwidth 2048

ip address 10.144.193.130 255.255.255.252

ip accounting output-packets

ip accounting precedence output

ip load-sharing per-packet

ip nbar protocol-discovery

encapsulation ppp

ip route-cache flow

no ip mroute-cache

load-interval 30

serial restart-delay 0

!

interface Serial1/3

description WAN

bandwidth 2048

ip address 10.144.193.138 255.255.255.252

ip accounting output-packets

ip accounting precedence output

ip load-sharing per-packet

ip nbar protocol-discovery

encapsulation ppp

no ip route-cache cef

ip route-cache flow

no ip mroute-cache

load-interval 30

serial restart-delay 0

!

interface Integrated-Service-Engine4/0

ip address 15.0.0.1 255.255.255.0

no keepalive

!

interface Integrated-Service-Engine4/0.17

encapsulation dot1Q 17

ip address 16.0.0.1 255.255.255.0

ip policy route-map WInvitados

!

interface Integrated-Service-Engine4/0.121

encapsulation dot1Q 121

ip address 172.25.52.1 255.255.252.0

!

access-list 130 permit ip 172.29.0.0 0.0.255.255 172.22.0.0 0.0.255.255

access-list 130 permit tcp any any eq 1720

access-list 140 permit tcp any eq 1720 any

access-list 140 permit ip 172.22.0.0 0.0.255.255 172.29.0.0 0.0.255.255

access-list 140 permit tcp any any eq 1720

!

dstolt Mon, 01/05/2009 - 06:52

Hello,

In looking at your wccp service output and the interface configs, I see a significant amount of Process and Fast switched wccp traffic. You want this all in CEF if possible to keep your CPU from jumping.

Try removing the "no ip route-cache cef" from your physical interface (Gig 0/0) and see if that puts the traffic back in CEF for WCCP and improves your traffic speed. I believe that applies the the sub-interfaces as well with will affect your WCCP traffic.

I hope that helps, let the forum know if it does.

Thanks,

Dan

Actions

This Discussion