Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WAAS WCCP interception on 6509

Hi:

I have a question regarding the use of WCCP interception in a collapsed core design.  We have a 6509 which has multiple different WAN provider connections uplinked to it on SVI/routed ports.   "Ip wccp 62 redirect in" is used on all the uplinks to the different WAN provider and "Ip wccp 61 redirect in" is used on the server vlan interfaces.  How does the WCCP interception work when:

1. Traffic comes in one WAN provider uplink and exist another WAN provider uplink both having a "ip wccp 62 redirect in" statement on the uplinks?  This is transit traffic that doesn't hit the server segment. Does WCCP know not to send this traffic to the WAAS based on both interfaces have the "ip wccp 62 redirect in" or maybe based on a CEF lookup?  Or will an ACL need to be used to prevent inspection of transit traffic?

2. Traffic comes in one WAN provider uplink with "ip wccp 62 redirect in" and it sent to an interface that doesn't have any redirection configured.  i.e. the traffic flow doesn't have a pair of "ip wccp 62 redirect in" and "ip wccp 61 redirect in" in the path.  Does this cause the traffic in one direction to be inspected but not the other direction?

Thanks,

Patrick

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: WAAS WCCP interception on 6509

Hi Patrick,

when you configure "redirect in" on an interface, traffic "Coming IN" on this interface will get redirected to WAE.

For 1: where traffic comes in on WAN interface which has "ip wccp 62 redirect in" and exits another WAN link which
has "ip wccp 62 redirect in"

In this case when traffic comes in on first WAN interface it will get redirected to WAE. The WAE will then sent it
back to its Default Gateway (IP forwarding). The Router will then route it out through second WAN interface

If you don't want this traffic to be redirected to WAE, you can then configure WCCP Redirect list based on access-list
to permit only traffic destined to server segment


For 2: This will cause traffic only coming in on interface which has "ip wccp 62  redirect in" to be redirected to WAE.

wccp service 61 does redirection based on Source IP whereas service 62 does redirection based on Destination IP

When traffic comes in on WAN interface which has "ip wccp 62 redirect in" , it will redirect to WAE based on Destination
address. The WAE will then sent it back to its Default Gateway (IP forwarding). The router routes it to Destination.

The response from this Destination comes in on interface which doesn't have "ip wccp redirect" statement, so it won't
get redirected to WAE.

A point to remember, traffic through WAE needs to be Symmetrical which means it needs to see both Request and Response
for it to Optimize traffic

Attached document provides detail explaination on wccp.

Hope this helps,

Best Regards,
Rahul

3 REPLIES
Cisco Employee

Re: WAAS WCCP interception on 6509

Hi Patrick,

when you configure "redirect in" on an interface, traffic "Coming IN" on this interface will get redirected to WAE.

For 1: where traffic comes in on WAN interface which has "ip wccp 62 redirect in" and exits another WAN link which
has "ip wccp 62 redirect in"

In this case when traffic comes in on first WAN interface it will get redirected to WAE. The WAE will then sent it
back to its Default Gateway (IP forwarding). The Router will then route it out through second WAN interface

If you don't want this traffic to be redirected to WAE, you can then configure WCCP Redirect list based on access-list
to permit only traffic destined to server segment


For 2: This will cause traffic only coming in on interface which has "ip wccp 62  redirect in" to be redirected to WAE.

wccp service 61 does redirection based on Source IP whereas service 62 does redirection based on Destination IP

When traffic comes in on WAN interface which has "ip wccp 62 redirect in" , it will redirect to WAE based on Destination
address. The WAE will then sent it back to its Default Gateway (IP forwarding). The router routes it to Destination.

The response from this Destination comes in on interface which doesn't have "ip wccp redirect" statement, so it won't
get redirected to WAE.

A point to remember, traffic through WAE needs to be Symmetrical which means it needs to see both Request and Response
for it to Optimize traffic

Attached document provides detail explaination on wccp.

Hope this helps,

Best Regards,
Rahul

New Member

Re: WAAS WCCP interception on 6509

Thanks!  That helps clarify things for me.  The pdf is definitely a good read.

Patrick

Silver

Re: WAAS WCCP interception on 6509

Excellent post and the doc rocks!

Thanks for making it clear the that wccp service 61 does redirection based on Source IP whereas service 62  does redirection based on Destination IP. However, there is a further option for  'in'  and  'out' . Take a look here:

WAAS-RTR(config)#ig 0/1
WAAS-RTR(config-if)#ip wcc
WAAS-RTR(config-if)#ip wccp 61 red
WAAS-RTR(config-if)#ip wccp 61 redirect ?
  in   Redirect to a Cache Engine appropriate inbound packets
  out  Redirect to a Cache Engine appropriate outbound packets

AND

WAAS-RTR(config)#ig 0/1
WAAS-RTR(config-if)#ip wcc
WAAS-RTR(config-if)#ip wccp 62 red
WAAS-RTR(config-if)#ip wccp 62 redirect ?
   in   Redirect to a Cache Engine appropriate inbound packets
   out  Redirect to a Cache Engine appropriate outbound packets

----------------------------------------

For the sake of completeness I would like to offer an explanation for this, but please feel free to ratify if you want.

So, where for example you wanted to redirect (to the WAE), selected traffic arriving at a particular egress interface for onward forwarding - then you would use redirect out under the interface configuration mode. But, ensure you configure ' ip wccp redirect exclude in', under the interface connected to the WAE otherwise a WCCP Black Hole scenario will occur because the router will once again attempt the route the packet/s out from the same interface (i.e. egress), and remember this is where redirect out was configured.

thanks

Ajaz

4753
Views
0
Helpful
3
Replies