C3750 & WCCP redirection

Answered Question
Feb 4th, 2010
User Badges:
  • Bronze, 100 points or more

Hi all,


I am trying to setup a web cache using a WAE-612 and a C3750 switch. The switch is configured with three interfaces:


CLIENTS ----- VLAN 1 ----- SWITCH ----- GI1/0/1 routed ---- SERVER(s)

        WAE-ENGINE ---- VLAN2--|


I have configured inbound redirection on vlan 1 and inbound redirection on gi1/0/1

ip wccp web-cache redirect in


I am using L2 redirect & L2 return & my state is "enabled":


Switch#show ip wccp web-cache detail
WCCP Client information:
        WCCP Client ID:          10.101.2.202
        Protocol Version:        2.0
        State:                   Usable
        Redirection:             L2
        Packet Return:           L2
        Packets Redirected:    0
        Connect Time:          02:24:08
        Assignment:            MASK



First, the "packets redirected" counter doesn't increment, is this normal (maybe due to hardware redirection ?)

Second, i am seeing HTTP GET requests from my clients going to my WAE-engine and i am also seeing the WAE-engine sending them back to the switch (changed mac address, L2 redirection)

Third, my  cache savings are 0 %

Fourth, i don't see any traffic returning into the WAE-engine. How can the WAE cache traffic if he never sees the server return traffic ?

Fifth, i have "spoof client ip" enabled on the WAE (need this for security reasons, web server verifies source ip address)





Now i am thinking it is logical that my cache savings are 0% . The web-cache service group redirects port 80 packets and the switch supports only "inbound" direction. This means that the switches never redirects the ANSWER of the server,so how on earth can it ever "cache" the response ?


Am i correct or am i wrong ? How to solve it ?


Should i use different WCCP service groups on the interfaces (for example: based on source ip redirection, the other on destination ip redirection)


PS. I am running 12.2(44)SE6 on the switch and 5.5.9.B9 on the WAE

regards,

Geert

Correct Answer by rvavale about 7 years 5 months ago

Hi Geert,


You will need to specify 'match source-port' on the wccp service-number 95 statement. The default mask is 0x1741 which
will be applied to web-cache service. Since you have only one WAE all traffic will be send to same wae. However incase later
you plan to add one more wae then you need to make sure the mask is same on both Services.


Hope this helps,


Best Regards,
Rahul

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
rvavale Thu, 02/04/2010 - 17:47
User Badges:
  • Cisco Employee,


Hi Geert,


With L2 redirection 'packets redirected' counter won't increment since its Hardware redirection. You might want to
check on WAE counter 'Transparent non-GRE packets received:' by running 'show wccp gre'



With wccp ip-spoofing enabled, requests will be sent to web server with Clients IP address. So yes you will need
to configure WCCP to catch return traffic coming from web server to be redirected to WAE.



To redirect return traffic you will need to configure WCCP Dynamic Service group ,



By default web-cache service will Mask on Destination address. Since we need to make sure return traffic is sent to
same WAE as forwarding traffic, we need to Mask return traffic on Source IP address.


This will config Service group 95 and it will Mask on Source IP which will be Webservers IP address


wccp service-number 95 mask src-ip-mask 0x1741 dst-ip-mask 0x0 
wccp service-number 95 router-list-num 1 port-list-num 1 application cache l2-redirect mask-assign l2-return
wccp version 2
wccp spoof-client-ip enable



You will then need to enable 'ip wccp 95 redirect in' on the WAN interface.



Hope this helps,


Best Regards,
Rahul

gnijs Fri, 02/05/2010 - 15:12
User Badges:
  • Bronze, 100 points or more

Rahul,


Many thanks for you explanation. One question though, in your command


wccp service-number 95 router-list-num 1 port-list-num 1 application  cache l2-redirect mask-assign l2-return


What is the port-list-num to be used ? is it the destination port number or the source port number ? i thought wccp only works

with a destination port number and this would be dynamic for the return traffic. Or can i use port 80 here and will wccp match on the source port ?

the mask is only used to determine which content engine in a cluster to forward the request to,but since i only have one content engine, it is always forwarded to the correct one.



regards,

Geert

Correct Answer
rvavale Wed, 02/10/2010 - 02:21
User Badges:
  • Cisco Employee,

Hi Geert,


You will need to specify 'match source-port' on the wccp service-number 95 statement. The default mask is 0x1741 which
will be applied to web-cache service. Since you have only one WAE all traffic will be send to same wae. However incase later
you plan to add one more wae then you need to make sure the mask is same on both Services.


Hope this helps,


Best Regards,
Rahul

Actions

This Discussion