Question about WCCP in branch: L3 3750 switch behind WAN router

Unanswered Question
Sep 8th, 2009

I have a branch site where a Layer 3 3750 switch is behind the WAN router. The 3750 has all the VLAN interfaces and runs OSPF with the WAN router. So my question is: when configure WCCP, should I configure it on the 3750 switch or the WAN router?

The problem with configuring WCCP on the WAN router is the link between switch and router is not a trunk. So I'm not sure if router sub-interface method can be applied here.

If configuring on the 3750 switch, does the WAE Vlan still need to be seperated from all other user Vlans? Can I use "redirect exclude in"? I know you can't use it on 6500 switches.

Thanks a lot

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mrjohnso Tue, 09/08/2009 - 08:53

It sounds like you are saying that the VLANs are all routed on the 3750 switch, and you have a point-to-point L3 link between the switch and the WAN router, is that correct? If so, there is no problem with configuring WCCP redirection on the link. However there could be a problem becomes due to the fact that you will send the redirected traffic back over that link (assuming you do not have the WAE attached to the WAN router on a different interface).

Your options are: 1) Change the switch/router link to a trunk -- probably don't want to do this. 2) Add an additional link between the switch and router only used by the WAE subnet. Might not be possible to add another interface on the router. 3) Use WCCP GRE redirect and return -- configure "egress-method negotiated-return intercept-method wccp" on the WAE. This will keep the optimized traffic from being re-intercepted at the router.

Regarding "redirect exclude in," I believe the problem with using this on a Cat 6500 is that it forces software based switching rather than hardware switching. The 3750 is a software-based platform, so using the command would not be a problem. However, if you use the GRE option above, you do not need this command.

Hope this helps.

gwhuang5398 Wed, 09/09/2009 - 07:40

Hi, thanks a lot for the help. Your assumptions are correct: the 3750 does routing for Vlans, and the link between it and the WAN router is a point-to-point layer 3 link, not a trunk, as in Cisco documentations.

If I go with "use WCCP GRE redirect and return", should I configure WCCP on the 3750 or thr WAN router? Seems 3750 is a better place to do it.

Do you by any chance have a sample config? I also have bigger site using Layer 3 6509 switch behind WAN router.

Thanks again.

mrjohnso Wed, 09/09/2009 - 07:58

Sorry, I should have mentioned with my recommendation that WCCP redirection would be configured on the WAN router. This would be standard WCCP configuration:

ip wccp 61

ip wccp 62

int

ip wccp 62 redirect in

int

ip wccp 61 redirect in

* You can swap 61 and 62 if you need or decide to do so.

The WAE would be connected to the 3750 switch, and configuration is also standard. You only needing the following additional line:

egress-method negotiated-return intercept-method wccp

I'm sure there are different opinions, but I generally prefer to put redirection at the WAN edge. It should limit the number of interception points. If you put redirection on the core switches, you may have to intercept on quite a few VLAN interfaces. Also, you will probably end up redirecting a lot of traffic that is not actually being sent to the WAN.

When using my recommended setup, you need to understand that this will add CPU utilization to the WAN router, and it will add additional traffic to the link between the switch and router. You need to evaluate those 2 things to be sure you don't overload the router when you enable WCCP redirection.

gwhuang5398 Wed, 09/09/2009 - 18:44

Since WAE connects to the L3 3750, the WAE Vlan interface (WAE's default gateway) would be also on the 3750. Is that correct?

My question is, traffic returned from WAE will use the same L3 link from 3750 to WAN router as any traffic that is to be redirected by the router. Router has no differentiation between the two types of traffic. Would this create a redirection and return loop?

Thanks a lot

mrjohnso Thu, 09/10/2009 - 05:02

You are correct, the WAE VLAN interface will be on the 3750. You are also correct that the WAE return traffic will use the same L3 link from the switch to the router. This *could* be a problem. However, using GRE/negotiated return from the WAE will keep the traffic from being reintercepted. We are running this exact setup in a few very large sites and have no problem with it.

gwhuang5398 Thu, 09/10/2009 - 19:18

Thanks bunch. I'll need to upgrade IOS on the routers (2800 and 3800) to meet requirements for WCCP. I do not need to check WCCP compability on the switch IOS versions in this case. Is that correct?

Thanks again

mrjohnso Fri, 09/11/2009 - 05:29

Correct, you do not need WCCP compatability on the switch.

Actions

This Discussion