I have a Head Quarter and a remote site running over a OC3 circuit.
On the HQ, I have a Cisco VXR7204 running IOS 12.4.15T(10) Advanced IP Service and the remote site is a Cisco 2851 also running IOS 12.4.15T(10) Advanced Ip Service. The HQ has a Riverbed Steelhead 5050H capable of delivering 100Mbps WCCP throughput. The remote site has a Riverbed Steelhead 1050H which can deliver 10Mbps WCCP throughput. At the HQ, the LAN network is 192.168.251.0/24. The Steelhead residing on the 192.168.251.0 network. At the remote site, the LAN network is 192.168.103.0/24 and 192.168.211.0/24. The Riverbed resides on the 192.168.103.0/24 network.
Here is the configuration on the HQ side:
ip wccp 90 redirect-list wccp
interface GigabitEthernet0/1 ip address 192.168.251.254 255.255.255.0 ip wccp 90 redirect out ip wccp 90 redirect in load-interval 30 duplex auto speed auto media-type rj45
ip access-list extended wccp deny tcp any any eq telnet deny tcp any eq telnet any deny tcp any any eq 22 deny tcp any eq 22 any deny tcp any any eq 443 deny tcp any eq 443 any deny tcp any any eq 3389 deny tcp any eq 3389 any deny ip any host 192.168.251.88 deny ip host 192.168.251.88 any permit tcp any any
Here is the configuration is on the remote side:
ip wccp 90 redirect-list wccp
interface GigabitEthernet0/1.191 encapsulation dot1Q 191 ip address 192.168.103.253 255.255.255.0 ip wccp 90 redirect out ip wccp 90 redirect in standby 191 ip 192.168.103.254 standby 191 priority 105 standby 191 preempt standby 191 name vlan191 standby 191 track GigabitEthernet0/0 ! interface GigabitEthernet0/1.211 encapsulation dot1Q 211 ip address 192.168.211.253 255.255.255.0 ip wccp 90 redirect out ip wccp 90 redirect in standby 191 track GigabitEthernet0/0 standby 211 ip 192.168.211.254 standby 211 priority 105 standby 211 preempt standby 211 name vlan211
ip access-list extended wccp deny tcp any any eq telnet deny tcp any eq telnet any deny tcp any any eq 22 deny tcp any eq 22 any deny tcp any any eq 443 deny tcp any eq 443 any deny tcp any any eq 3389 deny tcp any eq 3389 any deny ip any host 192.168.103.246 deny ip host 192.168.103.246 any deny ip 192.168.103.0 0.0.0.255 192.168.211.0 0.0.0.255 deny ip 192.168.211.0 0.0.0.255 192.168.103.0 0.0.0.255 permit tcp any any
When a host on network 192.168.211.0/24 download a file from network 192.168.251.0/24 network via http, the CPU on the Cisco 2851 goes to 99% utilization and that it stays there for the duration of the http session. There is very little traffic goes across the WAN which is the way it should be but the CPU on the 2851 stays at constant at 99% CPU utilization.
Why would WCCP consume so much CPU on the Cisco 2851? By the way, I am only getting about 5Mbps download instead of 90Mbps download, I think because of the high CPU on the router?
Do a show proc cpu and see what process is taking up the most cpu cycles. I'm betting it's because traffic is being redirected in and out of the same interface and the router has to use it's cpu to process each packet every time.
Try "ip route-cache same-interface" on your LAN interface on GigabitEthernet0/1.191 and GigabitEthernet0/1.211.
ip route-cache same-interface
Enables the fast switching of packets out of the same interface on which they arrived.
Re: WCCP and high CPU utilization on the Cisco 2851
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Could be because of your WCCP redirect outs.
If you can manage it, place the Riverbed Steelheads in line so that you don't need to run WCCP at all (as I believe it supports).
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.