cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5581
Views
0
Helpful
3
Replies

WAAS WCCP interception on 6509

Patrick Murphy
Level 1
Level 1

Hi:

I have a question regarding the use of WCCP interception in a collapsed core design.  We have a 6509 which has multiple different WAN provider connections uplinked to it on SVI/routed ports.   "Ip wccp 62 redirect in" is used on all the uplinks to the different WAN provider and "Ip wccp 61 redirect in" is used on the server vlan interfaces.  How does the WCCP interception work when:

1. Traffic comes in one WAN provider uplink and exist another WAN provider uplink both having a "ip wccp 62 redirect in" statement on the uplinks?  This is transit traffic that doesn't hit the server segment. Does WCCP know not to send this traffic to the WAAS based on both interfaces have the "ip wccp 62 redirect in" or maybe based on a CEF lookup?  Or will an ACL need to be used to prevent inspection of transit traffic?

2. Traffic comes in one WAN provider uplink with "ip wccp 62 redirect in" and it sent to an interface that doesn't have any redirection configured.  i.e. the traffic flow doesn't have a pair of "ip wccp 62 redirect in" and "ip wccp 61 redirect in" in the path.  Does this cause the traffic in one direction to be inspected but not the other direction?

Thanks,

Patrick

1 Accepted Solution

Accepted Solutions

rvavale
Cisco Employee
Cisco Employee

Hi Patrick,

when you configure "redirect in" on an interface, traffic "Coming IN" on this interface will get redirected to WAE.

For 1: where traffic comes in on WAN interface which has "ip wccp 62 redirect in" and exits another WAN link which
has "ip wccp 62 redirect in"

In this case when traffic comes in on first WAN interface it will get redirected to WAE. The WAE will then sent it
back to its Default Gateway (IP forwarding). The Router will then route it out through second WAN interface

If you don't want this traffic to be redirected to WAE, you can then configure WCCP Redirect list based on access-list
to permit only traffic destined to server segment


For 2: This will cause traffic only coming in on interface which has "ip wccp 62  redirect in" to be redirected to WAE.

wccp service 61 does redirection based on Source IP whereas service 62 does redirection based on Destination IP

When traffic comes in on WAN interface which has "ip wccp 62 redirect in" , it will redirect to WAE based on Destination
address. The WAE will then sent it back to its Default Gateway (IP forwarding). The router routes it to Destination.

The response from this Destination comes in on interface which doesn't have "ip wccp redirect" statement, so it won't
get redirected to WAE.

A point to remember, traffic through WAE needs to be Symmetrical which means it needs to see both Request and Response
for it to Optimize traffic

Attached document provides detail explaination on wccp.

Hope this helps,

Best Regards,
Rahul

View solution in original post

3 Replies 3

rvavale
Cisco Employee
Cisco Employee

Hi Patrick,

when you configure "redirect in" on an interface, traffic "Coming IN" on this interface will get redirected to WAE.

For 1: where traffic comes in on WAN interface which has "ip wccp 62 redirect in" and exits another WAN link which
has "ip wccp 62 redirect in"

In this case when traffic comes in on first WAN interface it will get redirected to WAE. The WAE will then sent it
back to its Default Gateway (IP forwarding). The Router will then route it out through second WAN interface

If you don't want this traffic to be redirected to WAE, you can then configure WCCP Redirect list based on access-list
to permit only traffic destined to server segment


For 2: This will cause traffic only coming in on interface which has "ip wccp 62  redirect in" to be redirected to WAE.

wccp service 61 does redirection based on Source IP whereas service 62 does redirection based on Destination IP

When traffic comes in on WAN interface which has "ip wccp 62 redirect in" , it will redirect to WAE based on Destination
address. The WAE will then sent it back to its Default Gateway (IP forwarding). The router routes it to Destination.

The response from this Destination comes in on interface which doesn't have "ip wccp redirect" statement, so it won't
get redirected to WAE.

A point to remember, traffic through WAE needs to be Symmetrical which means it needs to see both Request and Response
for it to Optimize traffic

Attached document provides detail explaination on wccp.

Hope this helps,

Best Regards,
Rahul

Thanks!  That helps clarify things for me.  The pdf is definitely a good read.

Patrick

Excellent post and the doc rocks!

Thanks for making it clear the that wccp service 61 does redirection based on Source IP whereas service 62  does redirection based on Destination IP. However, there is a further option for  'in'  and  'out' . Take a look here:

WAAS-RTR(config)#ig 0/1
WAAS-RTR(config-if)#ip wcc
WAAS-RTR(config-if)#ip wccp 61 red
WAAS-RTR(config-if)#ip wccp 61 redirect ?
  in   Redirect to a Cache Engine appropriate inbound packets
  out  Redirect to a Cache Engine appropriate outbound packets

AND

WAAS-RTR(config)#ig 0/1
WAAS-RTR(config-if)#ip wcc
WAAS-RTR(config-if)#ip wccp 62 red
WAAS-RTR(config-if)#ip wccp 62 redirect ?
   in   Redirect to a Cache Engine appropriate inbound packets
   out  Redirect to a Cache Engine appropriate outbound packets

----------------------------------------

For the sake of completeness I would like to offer an explanation for this, but please feel free to ratify if you want.

So, where for example you wanted to redirect (to the WAE), selected traffic arriving at a particular egress interface for onward forwarding - then you would use redirect out under the interface configuration mode. But, ensure you configure ' ip wccp redirect exclude in', under the interface connected to the WAE otherwise a WCCP Black Hole scenario will occur because the router will once again attempt the route the packet/s out from the same interface (i.e. egress), and remember this is where redirect out was configured.

thanks

Ajaz

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: