WCCP Redirection and Performance Hit on 3750

Answered Question
Apr 27th, 2010
User Badges:
  • Silver, 250 points or more

This may well be more of a 'sizing' qtn more than anything else.


Yesterday I enabled wccp redirection on a collapsed distribution/core 3750 stack, in a branch office with 150users. The WAE is 612 model.

As soon as the redirection config was applied, I observed the network slowdown significantly and received a CPU event alert from NMS, reporting CPU on 3750 stack was exceeding the set threshold (65%). Putting the threshold to one side, the cli was terribly slow and so I immediately removed redirection from relevant interfaces. This bought the netwok back to normal in terms of performance.


Is this a sizing issue or perhaps misconfiguration, or something else...?


WAE:

EDGE-WAE-01#show ver
Cisco Wide Area Application Services Software (WAAS)
Copyright (c) 1999-2009 by Cisco Systems, Inc.
Cisco Wide Area Application Services Software Release 4.1.3 (build b55 Apr 18 2009)
Version: oe612-4.1.3.55


Compiled 00:13:45 Apr 18 2009 by cnbuild


System was restarted on Tue Apr 27 04:30:10 2010.
The system has been up for 6 hours, 21 minutes, 0 seconds.


EDGE-WAE-01#show inv


PID: WAE-612-K9 VID: 0 SN: KQLLZBL
EDGE-WAE-01#sh ver
Cisco Wide Area Application Services Software (WAAS)
Copyright (c) 1999-2009 by Cisco Systems, Inc.
Cisco Wide Area Application Services Software Release 4.1.3 (build b55 Apr 18 2009)
Version: oe612-4.1.3.55


Compiled 00:13:45 Apr 18 2009 by cnbuild


System was restarted on Tue Apr 27 04:30:10 2010.
The system has been up for 6 hours, 31 minutes, 8 seconds.


EDGE-WAE-01# show run | inc wccp

wccp router-list 1 10.10.50.1
wccp tcp-promiscuous router-list-num 1 l2-redirect
wccp version 2
!
egress-method negotiated-return intercept-method wccp

!

---------------------------------------------------------------------------------------

3750:


edge-cre-01#show sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

!

cisco WS-C3750G-24TS-1U (PowerPC405) processor (revision F0) with 131072K bytes of memory.


512K bytes of flash-simulated non-volatile configuration memory.


Switch Ports Model              SW Version            SW Image                
------ ----- -----              ----------            ----------              
*    1 28    WS-C3750G-24TS-1U  12.2(50)SE3           C3750-IPSERVICESK9-M    
     2 28    WS-C3750G-24TS-1U  12.2(50)SE3           C3750-IPSERVICESK9-M



Switch 02
---------------

Switch Uptime                   : 3 days, 4 hours, 39 minutes


Configuration register is 0xF


edge-cre-01# show run | inc wccp                              
ip wccp 61 redirect-list TN-WAAS-OUT
ip wccp 62 redirect-list TN-WAAS-IN

!

edge-cre-01#show run | begin ip access-list standard TN-WAAS-OUT

ip access-list standard TN-WAAS-OUT
permit 10.10.10.0 0.0.1.255
permit 10.10.25.0 0.0.0.255
!
ip access-list extended TN-WAAS-IN
permit tcp 10.20.0.0 0.1.255.255 10.10.10.0 0.0.1.255
permit tcp 10.20.0.0 0.1.255.255 10.10.25.0 0.0.0.255
permit tcp 10.128.16.0 0.0.0.255 10.10.10.0 0.0.1.255

Correct Answer by cfolkerts about 7 years 1 month ago

Below is a list of best practices to follow when doing wccp redirection on hardware based platforms like the 3750.  I have found this in the link below.


http://www.cisco.com/web/services/news/ts_newsletter/tech/chalktalk/archives/200806.html


The following best practices should be followed for implementing WCCP on a hardware-based platform:

  • L2 Forwarding
  • Mask Assignment
  • Inbound Interception
  • No "ip wccp redirect exclude in"


Your configuration of "egress-method negotiated-return intercept-method wccp" will call for a WCCP GRE tunnel to be created from the 3750 to the WAE.  All traffic will then be software redirected based on this line of configuration.


"Set negotiated-return as the egress method. With this specification, the Cisco WAE will use GRE to return redirected traffic to the intercepting router. Note: In this case, WCCP negotiated WCCP GRE as the return method."


Found here:  https://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/prod_white_paper0900aecd806d976a_ps6474_Products_White_Paper.html


I would stick to the best practices that Zach has outlined in the link at the beginning of this post.  It is a very well written article on WCCP redirection.


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
cfolkerts Tue, 04/27/2010 - 08:16
User Badges:

I did not see the relevant configuration on the interfaces and which direction you are redirecting.  Remember that you should have L2-redirect and mask-assign configured on the WAE.  Plus you should only configure redirect in on your interfaces as a redirect out will cause all redirection to happen in software.


One more thing, you do not need the egress method of negotiated return on a L2 redirection.  My 6509 L2 redirection is as follows.


wccp router-list 1 10.x.x.x 10.x.x.x
wccp tcp-promiscuous mask src-ip-mask 0xf00 dst-ip-mask 0x0
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign l2-return
wccp version 2


Hope this helps.

AJAZ NAWAZ Tue, 04/27/2010 - 08:45
User Badges:
  • Silver, 250 points or more

hey cfolkserts


Couple of things i should've perhaps mentioned.


1. The C3750 platform does not support redirect out (only in), but I didn't know that 'out' redirection is done in sw.

2. The 'l2-redirect mask-assign' command is only relevant when there is more than one wae, isnt it?. I have one currently

3. I was wondering about specifying the egress-method redirection. I'll try out your config and let you know. I need to know

    what those command are doing though so i'm going to rtfm


thanks

Ajaz

Correct Answer
cfolkerts Wed, 04/28/2010 - 11:54
User Badges:

Below is a list of best practices to follow when doing wccp redirection on hardware based platforms like the 3750.  I have found this in the link below.


http://www.cisco.com/web/services/news/ts_newsletter/tech/chalktalk/archives/200806.html


The following best practices should be followed for implementing WCCP on a hardware-based platform:

  • L2 Forwarding
  • Mask Assignment
  • Inbound Interception
  • No "ip wccp redirect exclude in"


Your configuration of "egress-method negotiated-return intercept-method wccp" will call for a WCCP GRE tunnel to be created from the 3750 to the WAE.  All traffic will then be software redirected based on this line of configuration.


"Set negotiated-return as the egress method. With this specification, the Cisco WAE will use GRE to return redirected traffic to the intercepting router. Note: In this case, WCCP negotiated WCCP GRE as the return method."


Found here:  https://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/prod_white_paper0900aecd806d976a_ps6474_Products_White_Paper.html


I would stick to the best practices that Zach has outlined in the link at the beginning of this post.  It is a very well written article on WCCP redirection.


Regards

AJAZ NAWAZ Tue, 05/04/2010 - 02:24
User Badges:
  • Silver, 250 points or more

Hi cfolkets,


ok.. so now I understand that the 3750 performs wccp redirection in the hardware, which means inbound redirection only.

so... does this mean to say that this platform has sw limitations which prevent redirection in the other direction i.e.outbound?

when compared with ISR router platform for instance, I find this a bit strange since 3750 is considered a powerful and feature rich piece of kit.


thanks

Ajaz

anhqnguy Thu, 08/11/2011 - 01:05
User Badges:
  • Cisco Employee,

Hi All,


Our customer will depoy a IronPort for 2500 users, but they intend to connect IronPort to a 3750-X and use WCCP to redirect traffic.


I concern that the 3750-X should be overloaded.


Could you please give me a solution?


Thanks & regards,

Quan

Bhavin Yadav Thu, 08/11/2011 - 10:36
User Badges:
  • Cisco Employee,

Hi Quan,

As mentioend above, WCCP in 3750, by default, uses L2 / Mask redirection for forwarding traffic. Unless you specifically try to use GRE, there should not be any load on 3750 from WCCP perspective. However, you may want to check for other resources that wil be used by 3750.

Best practices and Limitations on 3750 for WCCP redirection:

Unsupported WCCP Features


These WCCP features are not supported in this software release:


Packet redirection on an outbound interface that is configured by using the ip wccp redirect out interface configuration command. This command is not supported.


The GRE forwarding method for packet redirection is not supported.


The hash assignment method for load balancing is not supported.


There is no SNMP support for WCCP.


Hope this helps.

Regards.


PS: Please mark this as Answered, if this answers your question.

vuonghongvu Mon, 08/15/2011 - 19:33
User Badges:

Dear Bhavin Yadav!


I have one question. I want config WCCP in the 2 interfaces of the 3750 switch. I don't know the 3750 switch has support it ?. You can answer me.


Thanks!

Bhavin Yadav Tue, 08/16/2011 - 12:04
User Badges:
  • Cisco Employee,

Hi,

This link should give you good idea on whether your 3750 has WCCP support or not.

http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/white_paper_c11-608042.html


Further, WCCP is supported only on the templates that support PBR: access, routing, and dual IPv4/v6 routing.

Please make sure your 3750 is using one of the above template. CLI command on 3750 to find out what template you are using: show sdm prefer


Regards.


PS: Please mark this as Answered, if this answers your question.

Actions

This Discussion