Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

"ip wccp redirect exclude in" command

Hi all, I am having trouble understanding how the "ip wccp redirect exclude in" command works and was hoping someone would be able to give me some more information on it.

I know that it needs to be put on the interface/subnet where the WAAS is connected when "redirect out" is used on another interface. I also know that it is used to prevent redirection loops. What I don't understand is, why is it only required when "redirect out" is used, and not when "redirect in" is used?

Thanks everyone.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: "ip wccp redirect exclude in" command

Hi

Outbound loops are caused because, before the traffic is sent out of  an interface, it is first redirected back in to the network to the WAAS  for optimisation. Once optimisation is done, the WAAS then sends the  traffic back to the router. If the "ip wccp redirect exclude in" command  is not used on the interface that the WAAS is  connected to, when the traffic reaches the router's interface that has  the outbound redirection, it will then re direct the traffic back to the  WAAS and the whole process will start again (and will continue to  loop).

If,  however, the "ip wccp redirect exclude in" command was put on the  router's interface that connects to the WAAS, when the WAAS sent the  optimised traffic back to the router, instead of the router sending it  back to the WAAS again, the router will know that the traffic should not  be optimised (or re-optimised in this case) so it sends the data out of  the network towards the WAAS at the remote site.

Your understanding is 100% correct. This is precisely what is happening.

Now, in  regards to inbound redirection, the reason why the "ip wccp redirect  exclude in" command (or a similar one) isn't required for inbound  redirection is because the traffic never reaches a redirected interface  twice, therefore a loop cannot form. For example, with outbound  redirection, the traffic hits the outbound interface, then gets sent to  the WAAS, then gets sent back to that same outbound interface that has  the redirection on it. However, with inbound redirection, the traffic  hits the inbound interface, it is then sent to the WAAS, the WAAS then  sends it back to the router and instead of the traffic being sent back  to the same interface that intercepted the traffic (as is the case with  outbound redirection), the traffic is instead sent out a different  interface on the router and therefore it is not intercepted again.

Again, this is correct.

Regards

Daniel

8 REPLIES
Cisco Employee

"ip wccp redirect exclude in" command

Good afternoon,

What this command does is preventing any traffic arriving on the interface where the WAE is connected from being redirected (which would end up creating the loop as any packet arriving from the WAE would again be redirected back to it)

It is only required to use it when using outbound redirection, because you never configure inbound redirection on the interface when the WAE is connected, so the only situation in which traffic arriving from the WAE may hit another redirection rule on the router would be that this redirection is configured for outbound direction.

I hope this makes it more clear

Regards

Daniel

New Member

Re: "ip wccp redirect exclude in" command

Hi Daniel,

Thank you for the reply. To be honset, though, I feel that I don't understand it completely.

Here is a basic network diagram:

Internet-------R1-------- WAE

                         |

                       S1

Now, let's say that there is outbound redirection rule on R1's interface that's connected the Internet, and, there is inbound redirection on R1's interface that's connected to S1 (switch 1).

Now, because R1's internet facing port has outbound redirection on it, R1's interface that's connected to the WA needs the "ip wccp redirect exclude in" command to be applied to it.

What I don't understand is why? If I'm understanding it correctly, WCCPv2 intercepts traffic when either the inbound or outbound command is applied to an interface on a WCCP Server. The intercepted traffic is sent to the WAE, the WAE does its optimisation and then sends the traffic back to the WCCP Server. So what I'm wondering is, if both inbound and outbound sends the intercepted traffic to the WAE, why does one need the

"ip wccp redirect exclude in" command but the other doesn't?

Cisco Employee

"ip wccp redirect exclude in" command

Hi,

Let me punch in here few things, if I can.

The ip wccp redirect in command allows you to configure WCCP redirection on an interface receiving inbound network traffic. When the command is applied to an interface, all packets arriving at that interface will be compared against the criteria defined by the specified WCCP service. If the packets match the criteria, they will be redirected.

Likewise, the ip wccp redirect out command allows you to configure the WCCP redirection check at an outbound interface.

The exclude statement helps router to understand that the traffic coming from WAE is not supposed to go back to WAE. Because the traffic coming back from WAE to the router is already optimized but this traffic is outbound to the router interface now. If you apply redirection out, it will go back to WAE and will create loop.

Having redirect exclude in on router interface connected to WAE does not hurt, even if you do not need it.

Hope this helps.

Take care.

New Member

Re: "ip wccp redirect exclude in" command

Hi there. Thank you very much for taking the time to reply.

In my above example, if there is an outbound redirect on the interface between R1 and the internet, but no inbound redirect on the interface connecting R1 to the WAE, why is the "ip wccp redirect exclude in" command required? Seeing as though the router hasn't been told to intercept the traffic coming in to that interface, how would the redirection loop occur?

Further to this, I thought I read somewhere that the WCCP Server and/or Clients know not to redirect traffic that has already been optimised? e.g If the traffic from the Client is encapsulated in GRE, then it won't be re intercepted. I could be wrong though.

In regards to the "ip wccp redirect exclude in" command doing no harm, I believe it does if your using a hardware based platform.

Thanks again for your assistance.

Cisco Employee

"ip wccp redirect exclude in" command

Hi,

Just a clarification.

The "ip wccp redirect exclude in" command in not used on the Interfaces where the redirection (inbound or outbound) is applied. It is configured on the interface to which the WAE is connected. You never apply any redirection on the router interface connecting to the WAE.

If you are using inbound redirection (ip wccp 61/62 redirect in) on the LAN and WAN interfaces of the router then you don't need to configure the "ip wccp redirect exclude in" on the interface connected to WAE.

If you using outbound redirction (ip wccp 61/62 redirect out) on either of the Router interfaces (LAN or WAN) then you need to configure "ip wccp redirect exclude in". This is needed to make sure that traffic that is redirected to WAE and returned back to WAE is not again redirected to the WAE, beacuse when you use outbound redirection the traffic going out from the router is re-directed to the WAE irrespective of whether it is from WAE or otherwise. When the "ip wccp redirect exclude in" is configured on the Router interface connected to the WAE the router is aware that this traffic should not be redirected.

Hope this clarifies.

Regards

Kiran

New Member

Re: "ip wccp redirect exclude in" command

ktunugun wrote:

The "ip wccp redirect exclude in" command in not used on the Interfaces where the redirection (inbound or outbound) is applied. It is configured on the interface to which the WAE is connected. You never apply any redirection on the router interface connecting to the WAE.

This is where part of the confusion comes for me. Where exactly does the loop occur? Is it the interface that has been configured for outbound redirection?

Using my example diagram above, say the R1 to Internet connection has outbound redirection. Before sending its data out over the internet, it will first send it to the WAAS for optimisation. Once the WAAS is done, it will send it back to R1. Now, let's say that the interface connected to the WAAS does not have the "ip wccp redirect exclude in" command applied. Which interface causes the loop? R1's interface that is connected to the internet, or, R1's interface that is connected to the WAAS?

... Actually, I think I may know the answer. Please tell me if my understanding is correct...

Outbound loops are caused because, before the traffic is sent out of an interface, it is first redirected back in to the network to the WAAS for optimisation. Once optimisation is done, the WAAS then sends the traffic back to the router. If the "ip wccp redirect exclude in" command is not used on the interface that the WAAS is connected to, when the traffic reaches the router's interface that has the outbound redirection, it will then re direct the traffic back to the WAAS and the whole process will start again (and will continue to loop).

If, however, the "ip wccp redirect exclude in" command was put on the router's interface that connects to the WAAS, when the WAAS sent the optimised traffic back to the router, instead of the router sending it back to the WAAS again, the router will know that the traffic should not be optimised (or re-optimised in this case) so it sends the data out of the network towards the WAAS at the remote site.

How does all of that sound?

Now, in regards to inbound redirection, the reason why the "ip wccp redirect exclude in" command (or a similar one) isn't required for inbound redirection is because the traffic never reaches a redirected interface twice, therefore a loop cannot form. For example, with outbound redirection, the traffic hits the outbound interface, then gets sent to the WAAS, then gets sent back to that same outbound interface that has the redirection on it. However, with inbound redirection, the traffic hits the inbound interface, it is then sent to the WAAS, the WAAS then sends it back to the router and instead of the traffic being sent back to the same interface that intercepted the traffic (as is the case with outbound redirection), the traffic is instead sent out a different interface on the router and therefore it is not intercepted again.

How does that sound?

Thanks a lot for taking the time to post guys, I really appreciate it!

Cisco Employee

Re: "ip wccp redirect exclude in" command

Hi

Outbound loops are caused because, before the traffic is sent out of  an interface, it is first redirected back in to the network to the WAAS  for optimisation. Once optimisation is done, the WAAS then sends the  traffic back to the router. If the "ip wccp redirect exclude in" command  is not used on the interface that the WAAS is  connected to, when the traffic reaches the router's interface that has  the outbound redirection, it will then re direct the traffic back to the  WAAS and the whole process will start again (and will continue to  loop).

If,  however, the "ip wccp redirect exclude in" command was put on the  router's interface that connects to the WAAS, when the WAAS sent the  optimised traffic back to the router, instead of the router sending it  back to the WAAS again, the router will know that the traffic should not  be optimised (or re-optimised in this case) so it sends the data out of  the network towards the WAAS at the remote site.

Your understanding is 100% correct. This is precisely what is happening.

Now, in  regards to inbound redirection, the reason why the "ip wccp redirect  exclude in" command (or a similar one) isn't required for inbound  redirection is because the traffic never reaches a redirected interface  twice, therefore a loop cannot form. For example, with outbound  redirection, the traffic hits the outbound interface, then gets sent to  the WAAS, then gets sent back to that same outbound interface that has  the redirection on it. However, with inbound redirection, the traffic  hits the inbound interface, it is then sent to the WAAS, the WAAS then  sends it back to the router and instead of the traffic being sent back  to the same interface that intercepted the traffic (as is the case with  outbound redirection), the traffic is instead sent out a different  interface on the router and therefore it is not intercepted again.

Again, this is correct.

Regards

Daniel

New Member

Re: "ip wccp redirect exclude in" command

Thank you all very much for your assistance. I (finally) understand it

I have given you all 5 stars for your posts as you were all very informative.

11470
Views
23
Helpful
8
Replies
CreatePlease to create content