L2 Redirect and Redirect Lists

Answered Question
Sep 22nd, 2010

Recently we changed  how we did redirection from out branches to our datacenter

Before we did GRE-GRE Hash at the head end and the Same GRE -GRE and the branch end. We controlled what traffic was allowed to be rediretced by redirect list that pointed back to ACLs.

Now we have our Head end WAEs doing L2/L2 Mask with our 6509 instead of GRE-GRE. I looked at my ACLS today a realized that they are no longer getting any "hits" which make sense IP ACLs are layer 3 and L2 redirection is L2. How do i control which traffic will be redirected?

Reason im asking is we ahve stood up a New Host Agg section and i wanted the throw a WAAS in there but i fear is there will be servers from Old Server Farm talking to Hosts in new HostAgg and the traffic will be redirected which i dont want since the WAAS has a 2 G connection(port channel ) and all my connections to alot of servers and between host agg and core are all 10G plus....

How do i control which traffic will be redirected?

Correct Answer by Zach Seils about 6 years 5 months ago

The redirect list is still being applied.  The issue on the 6500 platform is the Assignment Method used with WCCP.  Hash Assignment is handled (partially) in software, while Mask Assignment is handled in hardware.  The redirect list ACL counters are only going to show hits for packets that are redirected in software.  When all of the redirection is occuring in hardware, the counters won't increment.  In fact, on the 6500, you don't want to see the counters increment, since that indicates sub-optimal redirection performance.

To see if redirection is occuring on the 6500, you can use the command:

show tcam interface acl in ip

where is one of the interfaces where you have WCCP redirection applied.

Regards,

Zach

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Zach Seils Wed, 09/22/2010 - 10:54

The redirect list is still being applied.  The issue on the 6500 platform is the Assignment Method used with WCCP.  Hash Assignment is handled (partially) in software, while Mask Assignment is handled in hardware.  The redirect list ACL counters are only going to show hits for packets that are redirected in software.  When all of the redirection is occuring in hardware, the counters won't increment.  In fact, on the 6500, you don't want to see the counters increment, since that indicates sub-optimal redirection performance.

To see if redirection is occuring on the 6500, you can use the command:

show tcam interface acl in ip

where is one of the interfaces where you have WCCP redirection applied.

Regards,

Zach

wrobbin Wed, 09/22/2010 - 11:01

Thank you Zach your are correct i see the " policy-route tcp "..BTW just started  reading your book...so far been really helpful

Actions

This Discussion