cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14384
Views
4
Helpful
8
Replies

WCCP Redirection and Performance Hit on 3750

AJAZ NAWAZ
Level 5
Level 5

This may well be more of a 'sizing' qtn more than anything else.

Yesterday I enabled wccp redirection on a collapsed distribution/core 3750 stack, in a branch office with 150users. The WAE is 612 model.

As soon as the redirection config was applied, I observed the network slowdown significantly and received a CPU event alert from NMS, reporting CPU on 3750 stack was exceeding the set threshold (65%). Putting the threshold to one side, the cli was terribly slow and so I immediately removed redirection from relevant interfaces. This bought the netwok back to normal in terms of performance.

Is this a sizing issue or perhaps misconfiguration, or something else...?


WAE:

EDGE-WAE-01#show ver
Cisco Wide Area Application Services Software (WAAS)
Copyright (c) 1999-2009 by Cisco Systems, Inc.
Cisco Wide Area Application Services Software Release 4.1.3 (build b55 Apr 18 2009)
Version: oe612-4.1.3.55

Compiled 00:13:45 Apr 18 2009 by cnbuild

System was restarted on Tue Apr 27 04:30:10 2010.
The system has been up for 6 hours, 21 minutes, 0 seconds.

EDGE-WAE-01#show inv

PID: WAE-612-K9 VID: 0 SN: KQLLZBL
EDGE-WAE-01#sh ver
Cisco Wide Area Application Services Software (WAAS)
Copyright (c) 1999-2009 by Cisco Systems, Inc.
Cisco Wide Area Application Services Software Release 4.1.3 (build b55 Apr 18 2009)
Version: oe612-4.1.3.55

Compiled 00:13:45 Apr 18 2009 by cnbuild

System was restarted on Tue Apr 27 04:30:10 2010.
The system has been up for 6 hours, 31 minutes, 8 seconds.

EDGE-WAE-01# show run | inc wccp

wccp router-list 1 10.10.50.1
wccp tcp-promiscuous router-list-num 1 l2-redirect
wccp version 2
!
egress-method negotiated-return intercept-method wccp

!

---------------------------------------------------------------------------------------

3750:

edge-cre-01#show sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

!

cisco WS-C3750G-24TS-1U (PowerPC405) processor (revision F0) with 131072K bytes of memory.

512K bytes of flash-simulated non-volatile configuration memory.


Switch Ports Model              SW Version            SW Image                
------ ----- -----              ----------            ----------              
*    1 28    WS-C3750G-24TS-1U  12.2(50)SE3           C3750-IPSERVICESK9-M    
     2 28    WS-C3750G-24TS-1U  12.2(50)SE3           C3750-IPSERVICESK9-M


Switch 02
---------------

Switch Uptime                   : 3 days, 4 hours, 39 minutes

Configuration register is 0xF

edge-cre-01# show run | inc wccp                              
ip wccp 61 redirect-list TN-WAAS-OUT
ip wccp 62 redirect-list TN-WAAS-IN

!

edge-cre-01#show run | begin ip access-list standard TN-WAAS-OUT

ip access-list standard TN-WAAS-OUT
permit 10.10.10.0 0.0.1.255
permit 10.10.25.0 0.0.0.255
!
ip access-list extended TN-WAAS-IN
permit tcp 10.20.0.0 0.1.255.255 10.10.10.0 0.0.1.255
permit tcp 10.20.0.0 0.1.255.255 10.10.25.0 0.0.0.255
permit tcp 10.128.16.0 0.0.0.255 10.10.10.0 0.0.1.255

1 Accepted Solution

Accepted Solutions

Below is a list of best practices to follow when doing wccp redirection on hardware based platforms like the 3750.  I have found this in the link below.

http://www.cisco.com/web/services/news/ts_newsletter/tech/chalktalk/archives/200806.html

The following best practices should be followed for implementing WCCP on a hardware-based platform:

  • L2 Forwarding
  • Mask Assignment
  • Inbound Interception
  • No "ip wccp redirect exclude in"

Your configuration of "egress-method negotiated-return intercept-method wccp" will call for a WCCP GRE tunnel to be created from the 3750 to the WAE.  All traffic will then be software redirected based on this line of configuration.

"Set negotiated-return as the egress method. With this specification, the Cisco WAE will use GRE to return redirected traffic to the intercepting router. Note: In this case, WCCP negotiated WCCP GRE as the return method."

Found here:  https://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/prod_white_paper0900aecd806d976a_ps6474_Products_White_Paper.html

I would stick to the best practices that Zach has outlined in the link at the beginning of this post.  It is a very well written article on WCCP redirection.

Regards

View solution in original post

8 Replies 8

cfolkerts
Level 1
Level 1

I did not see the relevant configuration on the interfaces and which direction you are redirecting.  Remember that you should have L2-redirect and mask-assign configured on the WAE.  Plus you should only configure redirect in on your interfaces as a redirect out will cause all redirection to happen in software.

One more thing, you do not need the egress method of negotiated return on a L2 redirection.  My 6509 L2 redirection is as follows.

wccp router-list 1 10.x.x.x 10.x.x.x
wccp tcp-promiscuous mask src-ip-mask 0xf00 dst-ip-mask 0x0
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign l2-return
wccp version 2

Hope this helps.

hey cfolkserts

Couple of things i should've perhaps mentioned.

1. The C3750 platform does not support redirect out (only in), but I didn't know that 'out' redirection is done in sw.

2. The 'l2-redirect mask-assign' command is only relevant when there is more than one wae, isnt it?. I have one currently

3. I was wondering about specifying the egress-method redirection. I'll try out your config and let you know. I need to know

    what those command are doing though so i'm going to rtfm

thanks

Ajaz

Below is a list of best practices to follow when doing wccp redirection on hardware based platforms like the 3750.  I have found this in the link below.

http://www.cisco.com/web/services/news/ts_newsletter/tech/chalktalk/archives/200806.html

The following best practices should be followed for implementing WCCP on a hardware-based platform:

  • L2 Forwarding
  • Mask Assignment
  • Inbound Interception
  • No "ip wccp redirect exclude in"

Your configuration of "egress-method negotiated-return intercept-method wccp" will call for a WCCP GRE tunnel to be created from the 3750 to the WAE.  All traffic will then be software redirected based on this line of configuration.

"Set negotiated-return as the egress method. With this specification, the Cisco WAE will use GRE to return redirected traffic to the intercepting router. Note: In this case, WCCP negotiated WCCP GRE as the return method."

Found here:  https://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/prod_white_paper0900aecd806d976a_ps6474_Products_White_Paper.html

I would stick to the best practices that Zach has outlined in the link at the beginning of this post.  It is a very well written article on WCCP redirection.

Regards

Hi cfolkets,

ok.. so now I understand that the 3750 performs wccp redirection in the hardware, which means inbound redirection only.

so... does this mean to say that this platform has sw limitations which prevent redirection in the other direction i.e.outbound?

when compared with ISR router platform for instance, I find this a bit strange since 3750 is considered a powerful and feature rich piece of kit.

thanks

Ajaz

Hi All,

Our customer will depoy a IronPort for 2500 users, but they intend to connect IronPort to a 3750-X and use WCCP to redirect traffic.

I concern that the 3750-X should be overloaded.

Could you please give me a solution?

Thanks & regards,

Quan

Hi Quan,

As mentioend above, WCCP in 3750, by default, uses L2 / Mask redirection for forwarding traffic. Unless you specifically try to use GRE, there should not be any load on 3750 from WCCP perspective. However, you may want to check for other resources that wil be used by 3750.

Best practices and Limitations on 3750 for WCCP redirection:

Unsupported WCCP Features

These WCCP features are not supported in this software release:

Packet redirection on an outbound interface that is configured by using the ip wccp redirect out interface configuration command. This command is not supported.

The GRE forwarding method for packet redirection is not supported.

The hash assignment method for load balancing is not supported.

There is no SNMP support for WCCP.

Hope this helps.

Regards.

PS: Please mark this as Answered, if this answers your question.

Dear Bhavin Yadav!

I have one question. I want config WCCP in the 2 interfaces of the 3750 switch. I don't know the 3750 switch has support it ?. You can answer me.

Thanks!

Hi,

This link should give you good idea on whether your 3750 has WCCP support or not.

http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/white_paper_c11-608042.html

Further, WCCP is supported only on the templates that support PBR: access, routing, and dual IPv4/v6 routing.

Please make sure your 3750 is using one of the above template. CLI command on 3750 to find out what template you are using: show sdm prefer

Regards.

PS: Please mark this as Answered, if this answers your question.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: