Solved: WCCP with HSRP Causing WAE to drop packets

dtran · ‎01-19-2010

Hi all,

Here is scenario. Hope someone can help !!!

I have two remote sites (Site A and Site B. Please see attached diagram), site A has two routers each with a separate WAN link (one to Verizon and one to Sprint) and site B only has one router with one WAN link to Sprint. I am running HSRP at site A with HSRP active on the Verizon router. And on both routers at site A I am running "IP WCCP 61 redirect in" on the LAN interface and "IP WCCP 62 redirect in" on the WAN interface and "IP WCCP redirect exclude in" on the subinterface that connects to the WAE device. When traffic leaves site A to site B it will hit the Verizon router first since it is HSRP active but it has not direct path to site B because site B does not have WAN connection to Verizon, so the traffic will then get rerouted over to the Sprint router to get out to site B.

Here is my issue: When the Verizon router receives a packet leaving for site B it redirects the packet to the WAE, then the WAE returns the packet to the Verizon router, it then does a layer 3 look up and sees that it has to route the packet to the Sprint router to get to site B. Then when the Sprint router receives the packet, it then redirects the packet to the WAE again and hence the WAE drops the packet as it sees the packet gets redirected to it twice.

Does anyone know if that's a normal behavior ?

Has anyone run into this issue and how to work around it ? I appreciate any inputs / suggestions !!!

And I do have "egress-method negotiated-return intercept-method wccp" on the WAE device.

Thanks in advance !!!

Danny

Eric Rose · ‎01-20-2010

That is correct that is what I was thinking.

Thanks

Eric

if this answers your questions, dont forget to mark it with a 5 and answered.

View solution in original post

Eric Rose · ‎01-19-2010

HI,

That behavior is normal. If a WAE see the traffic more than once than the WAE will think that the packet is in a loop and drop the packet to protect the network from a wccp redirection loop.

egress method neg return is to make sure that the WAE send the traffic back to router that sent the traffic to it.

One way to overcome your configuration, i believe, is to place wccp 61/61 in/out on the wan interface and no redirection on the LAN interface. This way the routing decision will happen before redirection and redirection should happen only once.

Thanks

Eric

dtran · ‎01-19-2010

Hi Eric !! Thanks for responding to my post !! I appreciate your inputs !!!

Do you mean applying "IP wccp 61 redirect in" and "IP wccp 62 redirect out" on the WAN interface ? could you confirm that for me please ?

Thanks again !!!

Danny

Eric Rose · ‎01-20-2010

That is correct that is what I was thinking.

Thanks

Eric

if this answers your questions, dont forget to mark it with a 5 and answered.

dtran · ‎01-20-2010

Hi Eric !!!

I will give it a try today and will let you how it goes !!! Thank you very much !!! I appreciate your help !!!

Danny

dtran · ‎01-21-2010

Hi Eric,

I've applied the change and it's looking positive so far.

Thanks Eric !!! I appreciate your help !!! Five stars for you !!!

Danny

Eric Rose · ‎01-21-2010

Hi Dale,

I am glad that everything is working for you!! Enjoy WAAS.

Eric

edwinwhang · ‎04-11-2011

I believe I have a similar issue where the primary HSRP router redirects via WCCP to WAAS, returns, and then when routed to the standby HSRP router, is redirected again and dropped. However, in my case, we're using IPSec tunnels on the WAN, which I believe precludes me from applying the WCCP redirect statements to the WAN interface. How would I get around that?