I am implementing a WAN optimization product and I need to get
WCCP working for it to work properly - problem is, I only h
ave 2960 switches and a PIX (6.3.5) at my datacenter so there is no support for WCCP there.
I have been racking my brain and thought that I might be able to employ a 2801 router I have available to get this going.
Does anyone know if it would work if I put the router inline as a bridge between a switch and the PIX (default g/w) and then on the BVI I configured WCCP? would I get the redirects to my WAN appliance the same as if WCCP could be run on the PIX or a L3 switch?
I have not attempted to configure WCCP on a BVI so I can not speak from experience. But I have configured WCCP on other types of virtual interfaces (specifically on VLAN interfaces) and it works. So I would expect that WCCP should work on the BVI. If you do try it, please post back to the forum and let us know how it work out.
Instead of configuring the 2800 as a bridge, can you just configure one
interface in the same LAN segment as PIX and 2960? If you can do that, then
that interface IP can become the default gateway for your entire LAN segment
and the PIX will become default gateway for your router. So, traffic will
enter and exit out of the same interface. Now you can configure WCCP on 2800
Hope this helps.
Sure, that makes sense and I will try that - I was looking at the bridging option because I want to put something inline. I have a SAN that is (according to the manufacturer and the WAN acceleration supplier) doing some route caching so when it sees return traffic from the real gateway it uses that information and all of the replication traffic I'm trying to optimize goes out the gateway and bypasses the accelerator - thus they want me to use WCCP but I don't have access to that in this datacenter - therefore, me trying to be clever and getting a headache.
I'm reading up on proxy arp a bit, is it possible for me to utilize that or something similar so that I can have my inline router pretend to be the default gateway and perhaps mask the existence of the real gateway and the SAN will not be able to see it at all?
While you can enable proxy-arp on the 2800, that would affect rest of your
network as well.
In your set-up, the best approach would be to make the SAN device believe
that the WAN accelerator is the default gateway. Would it be possible for
you to configure a static ARP entry on the SAN device that points default
gateway IP (PIX IP) to WAN accelerators MAC address? In this way,
irrespective of the routes learnt by the SAN device, at Layer 2, everything
will be forwarded to the WAN accelerator. On the WAN accelerator side, you
need to operate in the promiscuous mode.
Other option is to put the 2800 in the routed mode between the PIX and rest
of the network. 2800 will act as a regular router and route traffic between
your LAN and the PIX. So, in this setup, you can configure PBR and forward
all traffic originated from the SAN devices to the WAN accelerator while the
remaining traffic goes un-touched.
Hope this helps.
First, let me say thanks for the help with the Saturday afternoon brainstorming!
To the first point about the proxy-arp and other devices on the network, I don't think it matters much since the other things would be iSCSI initiators and wouldn't ever need to route outside of this subnet.
The SAN appliance is the problem here, no GUI or CLI ability to set a static ARP or route and what I originally thought would work is to simply change the default gateway of the SAN to that of the accelerator and the accelerator's gateway would be the PIX... worked at first but then stopped working. The SAN manufacturer and the accelerator support both confirm the SANs behavior of learning the original path.
I'm also considering the standard router option mentioned, the only thing is that I think I'd have a lot of work to do to change configs elsewhere for VPNs & firewall rules, etc. one additional problem is that the PIX is managed by our datacenter NOC and I have to go through a helpdesk to make changes - I don't mind fiddling with things that don't end up working when it is on my own equipment but I hate to bother other folks with my learning on the fly so I was hoping to implement something inline on my network.
How does the WAN accelerator work? How does the SAN device cache the route?
Would it be possible for you to add a static ARP entry on the PIX with SAN
device IP pointing to WAN accelerator MAC address? This way, all return
traffic from the PIX to the SAN device will go through the WAN accelerator.
I was hoping someone would have solved a similar issue before, I guess I'm going to be labbing this up this week. If I obtain a successful configuration I'll update this thread.