Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Using multiple WCCP service groups and redirect-lists on the 6500 (ingress for all).

Hi,

I have a query regarding using multiple WCCP redirect lists on the 6500 chassis (Sup720-10G) running IOS 12.2(33).

  • The customer currently has WCCP 61 and 62 applied on ingress for WAN/LAN interfaces to redirect traffic to WAAS appliances.
  • The WAN/LAN interfaces both have a redirect ACL applied denying certain traffic from redirection.
  • There is a requirement to add another WCCP service group on the same interfaces in order to redirect a specific application to a different set of accellerators (specifically Citrix).
  • I have to use ingress for both otherwise it will be processed in software.
  • The new WCCP service group also needs to have a redirect ACL applied.

How does the 6500 handle the processing of the ACLs when both service groups are assigned to the same interface in the same direction?

Will both redirect ACL's be processed accordingly?

Or will the 6500 dump traffic if it hits a "deny any any" statement in the first ACL before processing the second ACL where the permit statement will be?

Everyone's tags (3)
3 REPLIES
Community Member

Using multiple WCCP service groups and redirect-lists on the 650

Did you ever recieve a response on this?

Kind Regards,
MTR

Kind Regards, MTR
Community Member

Re: Using multiple WCCP service groups and redirect-lists on the

Hi MTR,

I raised a TAC case and the TAC engineer decided to lab it before giving an answer.

Based on some internal documentation and the lab, the 6500 will process each WCCP service in numerical order (lowest first, eg: 51 and will stop at first ACL match).

As long as the ACL's are in the right order and do not overlap it works without issues.


The TAC tested both L2 and GRE redirection with no issues.

Cheers,

Zig

Community Member

Using multiple WCCP service groups and redirect-lists on the 650

The reason is unlike in ISRs there is a command "ip wccp check service all" which means that process all wccp service groups on the interfaces on the basis of priority until a match is found. However, with 6500/switching platforms, this command is not available but the behavior is enabled by default. 6500 does not consider the group priority but it looks at the group number instead... least numbered service group is considered first.

4399
Views
0
Helpful
3
Replies
CreatePlease to create content