Asymmetric routing occurs when traffic does not traverse the same path in both directions of a conversation. While routing protocols ensure that loops are avoided, the symmetry of bidirectional traffic flows cannot be guaranteed when destination prefixes are reachable by multiple paths.
In Asymmetric routing, a packet traverses from a source to a destination in one path and takes a different path when it returns to the source. This is commonly seen in Layer-3 routed networks. Asymmetric routing is not a problem by itself, but will cause problems when Network Address Translation (NAT) or firewalls are used in the routed path. A branch site that has multiple WAN connections, with either a single router or multiple routers, is always prone to asymmetric routing. This can occur because the routing protocol on each end selects a different path, by load or session balancing, or even by path optimization mechanisms.
Identifying Asymmetric Routes
Asymmetric routing can be caused by a variety of factors, including bad network design, wrong device config, policy based routing etc. To Identify asymmetric routes follow these steps:
a) Check the connections on the WAE that may have Asymmetry.
sh stat conn | inc Asym
This will list Asymmetric connection. Let us say you have gone through the connection and identified 4 subnets that these connections belong to.
b) Check the connection in WAE for the same subnets; either same hosts or different hosts and they have been optimized. If the connections are present then the chances are that you no longer have Asymmetric issue.
c) If you still notice that connections are asymmetric, then do a regular traceroute and telnet hop by hop. Telnet will get redirected by TCP on the interface where WCCP is and you will see the multiple redirections which will help you resolve the issue. An easier way is to download the tool tcptraceroute to a PC on one of the boxes and run the tcptraceroute command. The output of that command will show multiple redirections.
Without proper design and placement of network services, asymmetric routing can create challenges in networks. For example, asymmetric routing results in suboptimal TCP performance; TCP assumes that the SYN from one end and the ACK from other end traverse the same path. Because data does not traverse the same physical path in both directions, this results in suboptimal TCP performance.
Troubleshooting Asymmetric routing simply involves changes in routing information that was responsible for this. Checking that networks/subnets are perfectly matched by subnet masks and there is no static routing causing the issue. Check and remove WCCP from one of the multiple redirections to the same WAE. However in some cases where a part of network is handled by an ISP or a vendor, it is advised to contact the repective organization and work with them to resolve the issue.
To verify asymmetric routing check the following.
Does a traceroute from the data center towards the remote not follow the same path as from the remote to the data center?
What are the WAAS units reporting?
What is the output of a command like 'show stat conn' show? Do you see connections in progress or partial?