Web caching issue

Unanswered Question
Jun 21st, 2010

Hi,


Recently I have tried to replace the 7200 series router with the C-3560-E L3 switch but the web-caching seems like not working. I can see both WAEs registered to the switch but no traffic transmit out from the WAE. When I ran the show ip wccp web-cache details and it shows NOT Usable (Incompatible redirection method) so my question is how to make it compatible with the WAE? Is there any WAE documentation I can refer to configure the switch to support L2 redirection?



The following are the L3 Switch configuration:

-----------------------------------------------------------------------------------------------------------------------


ip wccp web-cache

ip wccp 61

ip wccp 62

interface GigabitEthernet0/2
description ** To WAAS Devices **
no switchport
ip address 10.10.7.5 255.255.255.248
ip wccp web-cache redirect in
ip pim sparse-mode
standby 2 ip 10.10.7.1
standby 2 priority 110
standby 2 preempt
spanning-tree portfast
!
interface GigabitEthernet0/3
description **  LAN **
no switchport
ip address 10.10.7.100 255.255.255.0
ip wccp 61 redirect in
standby 3 ip 10.10.7.1
standby 3 priority 110
standby 3 preempt
spanning-tree portfast
--------------------------------------------------------------------------------------------------------------------------
Some diagnostic screen:
---------------------------------------------------------------------------------------------------------------------------
SWITCH1#sh ip wccp
Global WCCP information:
    Router information:
        Router Identifier:                   10.10.2.254
        Protocol Version:                    2.0
    Service Identifier: web-cache
        Number of Service Group Clients:     0
        Number of Service Group Routers:     0
        Total Packets s/w Redirected:        0
          Process:                           0
          CEF:                               0
        Redirect access-list:                -none-
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            0
        Group access-list:                   -none-
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0
    Service Identifier: 61
        Number of Service Group Clients:     1
        Number of Service Group Routers:     1
        Total Packets s/w Redirected:        27936
          Process:                           0
          CEF:                               27936
        Redirect access-list:                -none-
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            87456
        Group access-list:                   -none-
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0
    Service Identifier: 62
        Number of Service Group Clients:     1
        Number of Service Group Routers:     1
        Total Packets s/w Redirected:        22941
          Process:                           0
          CEF:                               22941
        Redirect access-list:                -none-
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            46799
        Group access-list:                   -none-
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0
SWITCH1#sh ip wccp web detail
WCCP Client information:
        WCCP Client ID:          10.10.7.63
        Protocol Version:        2.0
        State:                   NOT Usable (Incompatible redirection method)
        Redirection:             L2
        Packet Return:           L2
        Packets Redirected:    0
        Connect Time:          00:36:57
        Assignment:            MASK
        WCCP Client ID:          10.10.7.62
        Protocol Version:        2.0
        State:                   NOT Usable (Incompatible redirection method)
        Redirection:             L2
        Packet Return:           L2
        Packets Redirected:    0
        Connect Time:          00:36:56
        Assignment:            MASK
SWITCH1#deb ip wccp pack
WCCP packet info debugging is on
SWITCH1#
1d21h: WCCP-PKT:D61: Sending I_See_You packet to 10.10.7.2 w/ rcv_id 00000EEE
1d21h: WCCP-PKT:D62: Sending I_See_You packet to 10.10.7.2 w/ rcv_id 00000EB6
1d21h: WCCP-PKT:D61: Sending I_See_You packet to 10.10.7.3 w/ rcv_id 00000EEF
1d21h: WCCP-PKT:D62: Sending I_See_You packet to 10.10.7.3 w/ rcv_id 00000EB7
1d21h: WCCP-PKT:D62: Sending I_See_You packet to 10.10.7.2 w/ rcv_id 00000EBC
1d21h: WCCP-PKT:D61: Sending I_See_You packet to 10.10.7.3 w/ rcv_id 00000EF5
1d21h: WCCP-PKT:D62: Sending I_See_You packet to 10.10.7.3 w/ rcv_id 00000EBD
1d21h: WCCP-PKT:S00: Sending I_See_You packet to 10.10.7.63 w/ rcv_id 000001A7
1d21h: WCCP-PKT:D61: Sending I_See_You packet to 10.10.7.2 w/ rcv_id 00000EF6
1d21h: WCCP-PKT:D62: Sending I_See_You packet to 10.10.7.2 w/ rcv_id 00000EBE
1d21h: WCCP-PKT:D61: Sending I_See_You packet to 10.10.7.3 w/ rcv_id 00000EF7
1d21h: WCCP-PKT:D62: Sending I_See_You packet to 10.10.7.3 w/ rcv_id 00000EBF
1d21h: WCCP-PKT:S00: Sending I_See_You packet to 10.10.7.62 w/ rcv_id 000001A8
1d21h: WCCP-PKT:D61: Sending I_See_You packet to 10.10.7.2 w/ rcv_id 00000EF8
1d21h: WCCP-PKT:D62: Sending I_See_You packet to 10.10.7.2 w/ rcv_id 00000EC0
1d21h: WCCP-PKT:D61: Sending I_See_You packet to 10.10.7.3 w/ rcv_id 00000EF9
1d21h: WCCP-PKT:D62: Sending I_See_You packet to 10.10.7.3 w/ rcv_id 00000EC1
------------------------------------------------------------------------------------------------------------------------------------
WAE Configuration:
------------------------------------------------------------------------------------------------------------------------------------
interface GigabitEthernet 1/0
ip address 10.10.7.2 255.255.255.248
exit
interface GigabitEthernet 2/0
shutdown
exit
interface InlineGroup 1/0
inline vlan all
shutdown
exit
interface InlineGroup 1/1
inline vlan all
shutdown
exit
!
!
ip default-gateway 10.10.7.1
!
ntp server 10.10.6.25
bypass static 10.10.7.18 10.10.54.19
bypass static 10.10.54.19 10.10.7.18
!
wccp router-list 1 10.10.2.254
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign
wccp version 2
------------------------------------------------------------------------------------------------------------------------------------
Appreciate any advice or comment to fix the issue. Thanks.
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Zach Seils Tue, 06/22/2010 - 04:18

WAAS does not provide a separate WCCP web-cache service.  All WCCP traffic interception in WAAS uses the tcp-promiscuous services (61 & 62).  Did you have a separate set of devices running the web-cache service previously?


Regards,

Zach

wooiboontan Tue, 06/22/2010 - 23:11

Hi Zach,


Yes, we are running Web sense in the 10.10.7.0 network. Basically I thought it is as easy as just replace the router with the switch and modify the WAAS to support L2 web cache redirection but it seems like there are more steps to involve.


Please advice what else I need to do in order to enable the web-cache redirection works.


Thanks.

Zach Seils Wed, 06/23/2010 - 05:26

Was the switch running the web-cache service?  If so, what was it running the service with?  Are the Websense servers running WCCP?


Zach

wooiboontan Thu, 06/24/2010 - 23:07

Hi Zach,


Now we are running the C7206 router the web-cache is working fine. The following is the configuration of the router interface:


!
interface FastEthernet0/1
description ** To WAAS Devices **
ip address 10.10.7.1 255.255.255.248
ip pim sparse-mode
ip route-cache flow
duplex auto
speed 100
!


interface FastEthernet2/0
description ** LAN **
ip address 10.10.7.1 255.255.255.0
ip wccp web-cache redirect out
ip wccp 61 redirect in
duplex auto
speed auto
service-policy input REMOTE-LAN-IN


So I guess the only different is the L3 switch only support the L2 web-cache redirection but I can't really find related documentation to configure the WAAS and the L3 switch. Please kindly advice what should be changed in order to make these 2 devices work.


Thanks.

Zach Seils Fri, 06/25/2010 - 09:55

What is the device the 7200 is running the web cache service with?  Is is some kind of proxy?


Zach

wooiboontan Mon, 07/26/2010 - 21:02

Hi Zach,


I have spent some time to check the design and draw a diagram as per attached. We are using ACNS to cache the web content and I have managed to configure the switch to redirect web-cache traffic by using L2 with Mask assignment but still having some issues:


  • I can access from the workstation to some websites only
  • The filtered site showing blank page instead of showing the Proxy filtering error (it works when using the 7200 router for L3 redirection)


May you enlighten me for the L2 web cache redirection work for WAN (access through MPLS) as well or only LAN?


Many thanks.


The following are some output from the 3560:


sh ip wccp
Global WCCP information:
    Router information:
Router Identifier:                   10.10.2.254
Protocol Version:                    2.0

    Service Identifier: web-cache
Number of Service Group Clients:     2
Number of Service Group Routers:     1
Total Packets s/w Redirected:        0
   Process:                           0
   CEF:                               0
Redirect access-list:                -none-
Total Packets Denied Redirect:       0
Total Packets Unassigned:            0
Group access-list:                   -none-
Total Messages Denied to Group:      0
Total Authentication failures:       0
Total Bypassed Packets Received:     0

    Service Identifier: 61
Number of Service Group Clients:     1
Number of Service Group Routers:     1
Total Packets s/w Redirected:        85909
   Process:                           0
   CEF:                               85909
Redirect access-list:                WAAS-TO-REMOTE-SITE
Total Packets Denied Redirect:       0
Total Packets Unassigned:            167609
Group access-list:                   -none-
Total Messages Denied to Group:      0
Total Authentication failures:       0
Total Bypassed Packets Received:     4

    Service Identifier: 62
Number of Service Group Clients:     1
Number of Service Group Routers:     1
Total Packets s/w Redirected:        65902
   Process:                           0
   CEF:                               65902
Redirect access-list:                WAAS-FROM-REMOTE-SITE
Total Packets Denied Redirect:       0
Total Packets Unassigned:            73817
Group access-list:                   -none-
Total Messages Denied to Group:      0
Total Authentication failures:       0
Total Bypassed Packets Received:     3


SWSINCORE01#sh ip wccp web-cache
Global WCCP information:
    Router information:
Router Identifier:                   10.10.2.254
Protocol Version:                    2.0

    Service Identifier: web-cache
Number of Service Group Clients:     2
Number of Service Group Routers:     1
Total Packets s/w Redirected:        0
   Process:                           0
   CEF:                               0
Redirect access-list:                -none-
Total Packets Denied Redirect:       0
Total Packets Unassigned:            0
Group access-list:                   -none-
Total Messages Denied to Group:      0
Total Authentication failures:       0
Total Bypassed Packets Received:     0

SWSINCORE01#sh ip wccp web-cache detail

WCCP Client information:
WCCP Client ID:          10.10.7.63
Protocol Version:        2.0
State:                   Usable
Redirection:             L2
Packet Return:           GRE
Packets Redirected:    0
Connect Time:          00:05:27
Assignment:            MASK

Mask  SrcAddr    DstAddr    SrcPort DstPort
----  -------    -------    ------- -------
0000: 0x00000000 0x00001741 0x0000  0x0000

Value SrcAddr    DstAddr    SrcPort DstPort CE-IP
----- -------    -------    ------- ------- -----
0032: 0x00000000 0x00001000 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0033: 0x00000000 0x00001001 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0034: 0x00000000 0x00001040 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0035: 0x00000000 0x00001041 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0036: 0x00000000 0x00001100 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0037: 0x00000000 0x00001101 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0038: 0x00000000 0x00001140 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0039: 0x00000000 0x00001141 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0040: 0x00000000 0x00001200 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0041: 0x00000000 0x00001201 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0042: 0x00000000 0x00001240 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0043: 0x00000000 0x00001241 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0044: 0x00000000 0x00001300 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0045: 0x00000000 0x00001301 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0046: 0x00000000 0x00001340 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0047: 0x00000000 0x00001341 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0048: 0x00000000 0x00001400 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0049: 0x00000000 0x00001401 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0050: 0x00000000 0x00001440 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0051: 0x00000000 0x00001441 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0052: 0x00000000 0x00001500 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0053: 0x00000000 0x00001501 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0054: 0x00000000 0x00001540 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0055: 0x00000000 0x00001541 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0056: 0x00000000 0x00001600 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0057: 0x00000000 0x00001601 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0058: 0x00000000 0x00001640 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0059: 0x00000000 0x00001641 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0060: 0x00000000 0x00001700 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0061: 0x00000000 0x00001701 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0062: 0x00000000 0x00001740 0x0000  0x0000  0x0AD0073F (10.10.7.63)
0063: 0x00000000 0x00001741 0x0000  0x0000  0x0AD0073F (10.10.7.63)

WCCP Client ID:          10.10.7.62
Protocol Version:        2.0
State:                   Usable
Redirection:             L2
Packet Return:           GRE
Packets Redirected:    0
Connect Time:          00:05:25
Assignment:            MASK

Mask  SrcAddr    DstAddr    SrcPort DstPort
----  -------    -------    ------- -------
0000: 0x00000000 0x00001741 0x0000  0x0000

Value SrcAddr    DstAddr    SrcPort DstPort CE-IP
----- -------    -------    ------- ------- -----
0000: 0x00000000 0x00000000 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0001: 0x00000000 0x00000001 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0002: 0x00000000 0x00000040 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0003: 0x00000000 0x00000041 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0004: 0x00000000 0x00000100 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0005: 0x00000000 0x00000101 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0006: 0x00000000 0x00000140 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0007: 0x00000000 0x00000141 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0008: 0x00000000 0x00000200 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0009: 0x00000000 0x00000201 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0010: 0x00000000 0x00000240 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0011: 0x00000000 0x00000241 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0012: 0x00000000 0x00000300 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0013: 0x00000000 0x00000301 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0014: 0x00000000 0x00000340 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0015: 0x00000000 0x00000341 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0016: 0x00000000 0x00000400 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0017: 0x00000000 0x00000401 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0018: 0x00000000 0x00000440 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0019: 0x00000000 0x00000441 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0020: 0x00000000 0x00000500 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0021: 0x00000000 0x00000501 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0022: 0x00000000 0x00000540 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0023: 0x00000000 0x00000541 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0024: 0x00000000 0x00000600 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0025: 0x00000000 0x00000601 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0026: 0x00000000 0x00000640 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0027: 0x00000000 0x00000641 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0028: 0x00000000 0x00000700 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0029: 0x00000000 0x00000701 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0030: 0x00000000 0x00000740 0x0000  0x0000  0x0AD0073E (10.10.7.62)
0031: 0x00000000 0x00000741 0x0000  0x0000  0x0AD0073E (10.10.7.62)

Attachment: 

Actions

This Discussion