I have a question regarding the use of WCCP interception in a collapsed core design. We have a 6509 which has multiple different WAN provider connections uplinked to it on SVI/routed ports. "Ip wccp 62 redirect in" is used on all the uplinks to the different WAN provider and "Ip wccp 61 redirect in" is used on the server vlan interfaces. How does the WCCP interception work when:
1. Traffic comes in one WAN provider uplink and exist another WAN provider uplink both having a "ip wccp 62 redirect in" statement on the uplinks? This is transit traffic that doesn't hit the server segment. Does WCCP know not to send this traffic to the WAAS based on both interfaces have the "ip wccp 62 redirect in" or maybe based on a CEF lookup? Or will an ACL need to be used to prevent inspection of transit traffic?
2. Traffic comes in one WAN provider uplink with "ip wccp 62 redirect in" and it sent to an interface that doesn't have any redirection configured. i.e. the traffic flow doesn't have a pair of "ip wccp 62 redirect in" and "ip wccp 61 redirect in" in the path. Does this cause the traffic in one direction to be inspected but not the other direction?
when you configure "redirect in" on an interface, traffic "Coming IN" on this interface will get redirected to WAE.
For 1: where traffic comes in on WAN interface which has "ip wccp 62 redirect in" and exits another WAN link which
has "ip wccp 62 redirect in"
In this case when traffic comes in on first WAN interface it will get redirected to WAE. The WAE will then sent it
back to its Default Gateway (IP forwarding). The Router will then route it out through second WAN interface
If you don't want this traffic to be redirected to WAE, you can then configure WCCP Redirect list based on access-list
to permit only traffic destined to server segment
For 2: This will cause traffic only coming in on interface which has "ip wccp 62 redirect in" to be redirected to WAE.
wccp service 61 does redirection based on Source IP whereas service 62 does redirection based on Destination IP
When traffic comes in on WAN interface which has "ip wccp 62 redirect in" , it will redirect to WAE based on Destination
address. The WAE will then sent it back to its Default Gateway (IP forwarding). The router routes it to Destination.
The response from this Destination comes in on interface which doesn't have "ip wccp redirect" statement, so it won't
get redirected to WAE.
A point to remember, traffic through WAE needs to be Symmetrical which means it needs to see both Request and Response
for it to Optimize traffic
Attached document provides detail explaination on wccp.
Hope this helps,