Deterministic WCCP assignment of buckets to WAEs

Similar Messages

• WCCP 61 and 62 for WAAS?

  What if, I wanted to use TWO wan optimizing pieces of hardware--One WAAS and one another vendor? Both "Head-End" devices would need to use a WCCP redirect off the same GIG and POS interace (with a different ACL and WCCP number) BUTTTT..the problem it seems, is the Cisco WAAS devices will only use 61 and 62 in promiscuous mode...while other vendors can do numbered modes...is this true? Or can you do something like
  Gig0/0
  ip wccp 10 redirect in <--Cisco waas
  ip wccp 20 redirect in <--vendor2
  etc..
  Thanks for any help

  Hi Alan,
  WAAS currently only supports service groups 61/62. Note that these numeric designations are really just identifiers, and don't impact order of operations or anything else. So long as the 'vendor2' device above uses some other service group numbers besides 61/62, you should be fine.
  Also note that if you are configuring WCCP on a software-based platform (ISR, 7200, etc.), you will also need to configure the global command 'ip wccp check services all'.
  Please let us know if you have any additional questions.
  Regards,
  Zach

• WCCP assignment method mismatch

  Hi all,
  I am using a Cisco 3825 running 12.4(25G) code. I just upgraded my WAE (oe674) to 5.1.1c.
  The WAE and router wouldnt peer due to assignment method mismatch when i do a show wccp router.
  Router Information for Service Id: 61
          Routers Seeing this Wide Area Engine(0)
                  -NONE-
          Routers not Seeing this Wide Area Engine
          10.204.28.1     - Assignment Method Mismatch
          Routers Notified of from other WAE's
                  -NONE-
  Router Information for Service Id: 62
          Routers Seeing this Wide Area Engine(0)
                  -NONE-
          Routers not Seeing this Wide Area Engine
          10.204.28.1     - Assignment Method Mismatch
          Routers Notified of from other WAE's
                  -NONE-
  The WAE is configured as follows:
  wccp router-list 1 10.204.28.1
  wccp tcp-promiscuous service-pair 61 62
  router-list-num 1
  assignment-method mask
  password ****
  redirect-method gre
  egress-method wccp-gre
  enable
  exit
  wccp flow-redirect enable
  When i changed the assignment method to hash, everything worked. I believe Cisco 3825 should support Mask.
  Any advice?

  Hi Leonardo,
  Did you try disabling wccp on router as well as WAE and re-enable it on router and then WAE and see if that makes a difference? If you have already done that and since as per documentation MASK assignment is supported in version you are running on router and it was working prior to upgrade, i would suggest capturing WCCP communication i.e HIA and ISU and opening a TAC case for further investigation. Did you follow the procedure as suggested in release notes during upgrade?
  WCCP Interoperability
  Central Managers running Version 5.1.1x can manage WAEs running software Versions 4.2.1 and later. However, we recommend that all WAEs in a given WCCP service group be running the same version.
  Note All WAEs in a WCCP service group must have the same mask.
  To upgrade the WAEs in your WCCP service group, follow these steps:
  Step 1 You must disable WCCP redirection on the Cisco IOS router first. To remove the global WCCP configuration, use the following no ip wccp global configuration commands:
  Router(config)# no ip wccp 61
  Router(config)# no ip wccp 62
  Step 2 Perform the WAAS software upgrade on all WAEs using the WAAS Central Manager GUI.
  Step 3 Verify that all WAEs have been upgraded in the Devices pane of the WAAS Central Manager GUI. Choose Devices to view the software version of each WAE.
  Step 4 If mask assignment is used for WCCP, ensure that all WAEs in the service group are using the same WCCP mask value.
  Step 5 Reenable WCCP redirection on the Cisco IOS routers. To enable WCCP redirection, use the ip wccp global configuration commands:
  Router(config)# ip wccp 61
  Router(config)# ip wccp 62
  Release notes for your reference.
  http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v511/release/notes/ws511xrn.html#wp151010
  Regards,
  Kanwal

• WCCP on multilink interface for WAAS

  Hi,
  I have 2xE1 bundled into multilink interface, ip wccp 62 redirect in on multilink only, ip wccp 61 redirect in on fast0/0.
  While both serials works - everything is fine and WAAS works smoothly. (4.0.19(b14) ). Problem appeared when we had lot of errors on one of the serials, shutted down it eventually. Even multilink stayed up , we couldn't access any TCP outside of the site. When I removed wccp from multilink and placed on healthy serial all traffic was back to normal, then after a while stopped again.
  Router soft version : C2801-ADVIPSERVICESK9-M, Version 12.4(10a).
  Does anybody has some info if wccp should be placed only on multilink, only on serials or both ?
  Thanks in advance

  Assuming it's a known issue, 12.4(10a) would be subject to the following:
  CSCsj17187
  CSCsm12247
  If you can provide the following information when things break, we can start to sort it out:
  1. show version
  2. show ip wccp
  3. show ip wccp interface detail
  4. show ip wccp 61 service
  5. show ip wccp 62 service
  6. show ip wccp 61 detail
  7. show ip wccp 62 detail
  8. show running-config
  Zach

• WAAS - WCCP loadbalancing

  Here is a scenario I'm running into and want to know if this is expected:
  WAE1 is rebooted and all of the hash buck is assigned to WAE2 to optimize all the traffic.
  WAE1 comes back online but receives a different hash buck assignment 128-255 instead of the original 0-127 buckets.
  The problem here is all of the original traffic (x.x.x.1-127) going to WAE1 is now being optimized by WAE2. Is this correct in the way the WCCP reassigns hash buckets?
  WCCP setup:
  Multicast group address 239.10.10.1
  61in and 62 out configured on the same LAN facing interface
  Egress mehtod is WCCP Negotiated Return

  Yes, this is the current behavior of WCCP.  There is no guarantee that the bucket assignments will be the same when WAE1 comes back online.  That being said, the WCCP flow protection feature should ensure that any connections that were being optimized by WAE2 that are now redirected to WAE1, will be sent directly back to WAE2 for proper handling.
  Regards,
  Zach

• Assignment of WAVEs to Buckets WCCPv2

  All,
  Can anyone explain how WAVEs (caches in WCCP lexicon) are assigned to buckets please?
  The context to my question is probably best illustrated by an example:
  * You have two CEs (CE-A and CE-B), each with a provider circuit
  * Asymmetric routing across the WAN providers
  * Four WAVE units registered using WCCPv2
  * An assignment mask of 0x0f00 on the source ip (16 bits)
  * Therefore, there are four caches and 16 buckets (4 buckets per cache)
  How does WCCPv2 ensure buckets 1-4 get assigned to WAVE-A on both CEs?
  According to the post below, the assignment is based on WCCP registration time, but I am not confident in that, else rebooting WAVEs or CEs would cause loss of optimisation (unless they were all rebooted together in sequence):
  https://supportforums.cisco.com/thread/2225305
  This seems like a fundamental part of the WCCP operation, but I can't find any documentation for it.
  Many thanks for anyone who can assist.
  Regards
  James.

  Hi James,
  Please take a look here :
  http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf018_ps1835_TSD_Products_Configuration_Guide_Chapter.html#wp1000909
  especially bullet point 3, where one of the WAVEs is elected/selected as the lead, and that WAVE controls the bucket assignments.
  Know it's an (old) IOS 12.2 document, but that hasen't changed!
  What you want to acheive is that you always redirect to the same WAVE from both routers, based on some common criteria.
  So if you reboot one of the routers (CEs) the other one has to handle all the traffic, but should still redirect to the same WAVE.
  If you reboot one of the WAVEs, this WAVE will deregister and the lead WAVE will inform everyone about the new assignment buckets.If it's the lead WAVE that is rebooted another lead WAVE is selected.
  Off course TCP sessions being redirected to the rebooting WAVE will be disrupted and another TCP session will be set up from the client and eventually being redirected to one of the remaining WAVEs.
  Hope this answers you question.
  Best regards
  Finn Poulsen

• WAAS and WCCP

  Hello ,
  I have many Qs regarding the WAAS implemntation
  1- which better , using inline card or wccp and why ( is there any problem with inline cards ?)
  2- if we have ASA in the network , is there any os version required for the ASA to support tha WAAS, we have impelmnted the waas with wccp between 2 branches, all traffic optimized but there is 2 applications blocked ( not working at all ) , the 2 applications passing via Firewall is there any known reason for that ?
  3- we have cat4500 and it should support wccp to redirect traffic for WAAS , but redirect list is not supported at all, do you know if that for all 4500 platform or for just specific OS or Sup as nothing clear on Cisco regarding this point ( wccp redirect list ).
  Thanks
  Moamen

  Hey Moamen,
  1. I would not say either is better, but there are different applications. Where you need more then a single WAE for scaling and redundancy, I would recommend WCCP. Where you have fairly simple topology, requirements for only one WAE, and/or non-Cisco gear, I would probably recommend In-line. I've done ton's of both and both work really well for interception.
  2. ASA do have a minimum recommend code version. For interoperability with WAAS, you need Cisco ASA/PIX version 7.2.3 or later. In that version, there is the command "inspect waas" to allow for the sequence number jump in optimized traffic, which is why your ASA is blocking the traffic.
  3. The CAT4500 can support WCCP in hardware. The platform hardware only supports ingress interception, L2-redirect, L2-return, mask-assign configs on the WAE and the minimum IOS version I would recommend running would be 12.2(40)SG or later. As you mentioned, there are limitations with the redirect lists, they are NOT supported in any version of IOS, it's a function of the hardware. If you need to exclude traffic, you might want to consider using application policies when using CAT-4500.
  I hope that helps you out.
  Dan

• WAAS using WCCP from 2 6509's?

  I am preparing to install a WAE in the datacenter using WCCP for redirection of traffic to 1 of my networks on a point-to-multipoint frame relay network. Where things get foggy is the WCCP server install on my "router" which is actually 2 6509's which are used to route different vlans for both redundancy and load-balancing in the Datacenter. Is it possible/advisable to set both up with WCCP to redirect to the WAE? Could this cause any unforeseen issues?
  I'm also wondering about traffic that is destined for other networks on that point-to-multipoint frame relay connection that my remote site is on which will have the other WAE. Will it be easy to specify which traffic to redirect to the WAE (that which is destined for that one remote site) or will this also cause issues?
  Thanks in advance!

  Karen,
  With WCCP, you can have multiple WAEs (theoretically up to 32) and multiple routers (again up to 32) in the service group. So in your case, both routers can be registered to the same WAE(s). You can limit traffic via a redirect-list, which is an ACL (only accept traffic to/from your remote site).
  WCCP is configured on the interfaces for the service groups you are interested in. For WAAS, you use services 61 and 62 in opposite directions to perform load balancing appropriately.
  A hint on your wccp on the 6500. Always configure redirect-in on the interfaces, L2-redirect and mask-assign to keep the traffic processed in hardware.
  Here is a link on configuring WCCP for WAAS (which I assume you are deploying).
  Hope that helps,
  Dan

• WAAS and WCCP - looping packet detected

  Hi,
  Has anyone ran into this senario before. Before anyone answers with "move your WAE off the user subnet", it already has been.
  I have wccp 61 redirect in on the user subnet (gig0/0.83 of a dot1q trunk). The WAE is on gig0/1. Before I apply wccp62 to the serial link, I attempt to telnet from a user pc to the router (same subnet, clients default gateway), and the telnet fails. I get a "looping packet detected" on the router console. It shows the source of the packet as the router (wccp router id actually), and the destination ip of the WAE, but the packet came in gig0/1 (interface connected to wae). Obviously the WAE returned the packet to the router (with the original GRE headers, (router as source)). I thought WCCP would understand this as "don't redirect this traffic to me anymore", but the router, actually tries to route it back down gig0/1 and then sees it as a looping packet. I believe the WAE is returning the encapsulated packet to the router to indicate it doesn't want the flow, and the router is attempting to route the GRE packet, instead of realizing it should remove the GRE header and route the internal packet. Router is IOS 12.4(12) as recommended by my Cisco engineer. 2821 router.
  For kicks, I continue the WCCP setup on the datatcenter side. As expected, it doesn't work. When I apply the WCCP to the datacenter router (only redirecting lab subnet), the entire lab subnet is unreachable via TCP (but icmp still works as expected).
  The WCCP configuration isn't very complex, I can't believe its something I'm doing. I think its a code issue.
  Any advise?

  no "out" anywhere. The LAB router has a WAE list to only allow redirect to the lab WAE. I don't even need the 62 in on the WAN side, just applying 61 in on the LAN side breaks telnet to the router.
  LOOPING PACKET DETECTION:
  from router console
  Feb 27 14:56:32.924: %IP-3-LOOPPAK: Looping packet detected and dropped -
  src=132.242.11.18, dst=153.61.83.70, hl=20, tl=76, prot=47, sport=0, dport=0
  in=GigabitEthernet0/1, nexthop=153.61.83.70, out=GigabitEthernet0/1
  options=none -Process= "IP Input", ipl= 0, pid= 77 -Traceback= 0x410F6978 0x415CC960 0x415CDC60 0x415BBB38 0x415BCF18 0x415BD27C 0x415BD2FC 0x415BD4E8
  Router configuration:
  ip wccp 61 redirect-list REDIRECT-WAAS-SUBNETS-61 group-list remote-waas-box
  interface Loopback0
  ip address 132.242.11.18 255.255.255.255
  h323-gateway voip bind srcaddr 132.242.11.18
  interface GigabitEthernet0/0.83
  description << data vlan 83 >>
  encapsulation dot1Q 83
  ip address 153.61.83.3 255.255.255.192
  ip helper-address 192.127.250.22
  ip helper-address 149.25.1.182
  no ip proxy-arp
  ip wccp 61 redirect in
  standby 83 ip 153.61.83.1
  standby 83 priority 200
  standby 83 preempt
  standby 83 track Serial0/1/0:0.99 100
  interface GigabitEthernet0/1
  description << WHQ LAB CE connection >>
  ip address 153.61.83.65 255.255.255.192
  load-interval 30
  duplex full
  speed 100
  ip access-list standard remote-waas-box
  permit 153.61.83.70
  ip access-list extended REDIRECT-WAAS-SUBNETS-61
  permit ip 153.61.83.0 0.0.0.63 any
  WAE configuration:
  device mode application-accelerator
  primary-interface GigabitEthernet 1/0
  interface GigabitEthernet 1/0
  ip address 153.61.83.70 255.255.255.192
  no autosense
  bandwidth 100
  full-duplex
  exit
  wccp router-list 1 153.61.83.65
  wccp tcp-promiscuous router-list-num 1
  wccp version 2
  wccp slow-start enable

• Wccp redirection for waas on same platform as wccp for websense?

  just wondering if anyone knows if a Cisco router or switch can handle wccp redirection enabled for both waas and some other web content filtering appliance using a different service group?
  seems like the priority value would come into play determining which service group gets handled first?
  we currently do WCCP for WaaS on our 3945s.
  I am going to advocate to my customer that we separate this out for CPU load issues, config complexity issues, IOS issues, etc... but the question is going to come up - "can we do WCCP for different applications on our Catalyst 3750 core switch, or our 3945 WAN routers?"
  Thanks,
  Paul

  Hi Paul,
  Yes, it's technically possible to have WCCP redirection for several services even in those devices that don't support setting the priority. However, in this case, both WAAS and Websense need to redirect HTTP traffic, and that's what makes things complicated.
  Assuming you first want to send the traffic to Websense and then to WAAS, I would recommend doing the WAAS redirection only on the WAN link (with one service inbound and the other outbound). You can then configure Web-cache redirection inbound on the client vlan and, a service for the return traffic (I'm not sure if this is required for websense), inbound on the interface where the WAE is connected (with a redirect-list to match only the return direction)
  Even if it's possible to have both redirections in the same device, if possible, I would strongly suggest you to either use different devices for the redirection or to make them mutually exclusive (for example, not sending HTTP to WAAS), otherwise, if you make a small mistake with the configuration, you can end up with a redirection loop.
  Regards
  Daniel

• Urgent ! Router-WAAS WCCP problem

  I have dot1q enabled 7507 connecting frame relay branch to data centre.
  Core WAAS sits on a VLAN subinterface.
  As soon as I enable "ip wcccp redirect 61 in" on VLAN trunked interface, I am loosing connection to the branch.
  the config is here..
  interface GigabitEthernet4/0/0
  description Core Data Centre Trunk VLAN 3,120 to SWDC03 3/16
  no ip address
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  load-interval 30
  negotiation auto
  no cdp enable
  interface GigabitEthernet4/0/0.3
  description Core Data Centre VLAN
  encap dot1q 3
  ip address xxxx
  ip wccp 61 redirect in
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nbar protocol-discovery
  ip route-cache flow
  no cdp enable
  standby 3 ip 10.64.205.17
  standby 3 priority 150
  standby 3 preempt
  interface GigabitEthernet4/0/0.120
  description Core WAAS VLAN120
  encap dot1q 120
  ip address yyyyyyy
  ip wccp redirect exclude in
  no ip redirects
  no ip unreachables
  interface Serial0/0/3.64 point-to-point
  ip wccp 62 redirect in
  The IOS version is rsp-jsv-mz.123-17b and WAAS version 4.0.13.I have tested this before without VLAN trunking on another router using a seperate interface and it was working.Any idea ?
  thanks

  thanks guys. I will explain the problem a bit more.When WAAS sits on a seperate i/f on WAN router, it works fine. i.e "wccp redirect 61 in " on interface connecting WAN router to Data Centre and "wccp redirect 62 in" on WAN frame relay. Then I configured the i/f connecting WAN router to Data Centre as dot1q trunk and a dedicated VLAN is created for WAAS. The default gateway for WAAS is HSRP address in 6509s. The WCCP router address configured in WAAS is the loopback0 address of the WAN router. The "wccp redirect 62 in" on WAN frame relay stays same. However, " wccp redirect 61 in " carried to a new subinterface on the same access as WAAS VLAN.
  All WCCP commands show that there is a connection between WAAS and WAN router, packet count goes up. However, all TCP sessions to the brach (initiated from the Data Centre) fail. I have also tested with and without "wccp redirect exclude in" on WAAS VLAN subinterface without success. Since I had to install the branch the WAAS on the weekend, I moved WAAS back to dedicated interface on WAN router. It works fine but I can not implement redundancy.
  The suggestion was to make WAN router subinterface HSRP active rather than 6509 MSFCs.So WAAS talks to WAN routers loopback address and default gateway also points to the same router rather than MSFC. I have not had a chance to test this but I will test in the coming weeks. I was also suggested to use layer2 redirection on 6509 but did not have any chance to look at it closely.
  thanks
  Serhat

• WAAS and WCCP router selection

  Hi
  Is there some information about that how much of wccp traffic can be handled by different model of routers?
  I'm not looking for throughput report like Process\CEF switching per routers but I would like to see some info about wccp treshold on each models, what's the maximum amount of redirected traffic what the router can handle?
  thanks

  no "out" anywhere. The LAB router has a WAE list to only allow redirect to the lab WAE. I don't even need the 62 in on the WAN side, just applying 61 in on the LAN side breaks telnet to the router.
  LOOPING PACKET DETECTION:
  from router console
  Feb 27 14:56:32.924: %IP-3-LOOPPAK: Looping packet detected and dropped -
  src=132.242.11.18, dst=153.61.83.70, hl=20, tl=76, prot=47, sport=0, dport=0
  in=GigabitEthernet0/1, nexthop=153.61.83.70, out=GigabitEthernet0/1
  options=none -Process= "IP Input", ipl= 0, pid= 77 -Traceback= 0x410F6978 0x415CC960 0x415CDC60 0x415BBB38 0x415BCF18 0x415BD27C 0x415BD2FC 0x415BD4E8
  Router configuration:
  ip wccp 61 redirect-list REDIRECT-WAAS-SUBNETS-61 group-list remote-waas-box
  interface Loopback0
  ip address 132.242.11.18 255.255.255.255
  h323-gateway voip bind srcaddr 132.242.11.18
  interface GigabitEthernet0/0.83
  description << data vlan 83 >>
  encapsulation dot1Q 83
  ip address 153.61.83.3 255.255.255.192
  ip helper-address 192.127.250.22
  ip helper-address 149.25.1.182
  no ip proxy-arp
  ip wccp 61 redirect in
  standby 83 ip 153.61.83.1
  standby 83 priority 200
  standby 83 preempt
  standby 83 track Serial0/1/0:0.99 100
  interface GigabitEthernet0/1
  description << WHQ LAB CE connection >>
  ip address 153.61.83.65 255.255.255.192
  load-interval 30
  duplex full
  speed 100
  ip access-list standard remote-waas-box
  permit 153.61.83.70
  ip access-list extended REDIRECT-WAAS-SUBNETS-61
  permit ip 153.61.83.0 0.0.0.63 any
  WAE configuration:
  device mode application-accelerator
  primary-interface GigabitEthernet 1/0
  interface GigabitEthernet 1/0
  ip address 153.61.83.70 255.255.255.192
  no autosense
  bandwidth 100
  full-duplex
  exit
  wccp router-list 1 153.61.83.65
  wccp tcp-promiscuous router-list-num 1
  wccp version 2
  wccp slow-start enable

• Load balancing - WAAS

  Hi all,
  We got 2 x 674's in data center and use hash method for load balancing. Due to our IP address scheme, cisco's hash method puts most of the connections go to one WAE only. I know we can increase weight (currently 0) to get nearly 50-50 or 60-40 load balance, but i have no idea how to calculate the weight value. Currently it is 90-10 sharing! Any suggestions or doco is much appreciated.
  Regards
  Srini

  Hello Srini,
  If you're stick to hash (and cannot use mask for some reason), then you're correct, you can use weights.
  Couple of suggestions are there - https://supportforums.cisco.com/docs/DOC-21593#WCCP_best_practices_for_WAAS_deployment
  Make sure that weight factors for individual devices are greater thane 100 - that will ensure complete "bucket" coverage in case one of the devices is down (that is, the remaining device will get 100 % load then).
  When the sum of all weight factors is greater than 100, the specific percentage of buckets assigned to a specific WAAS device is the weight assigned to that WAAS device divided by the total weight and rounded up. Rounding up guarantees that each WAAS device will be assigned at least one bucket.
  p.s. Still mask assignment gives you a bit more flexibility of load-balancing between devices in WCCP farm - see http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/white_paper_c11-608042.html for recommended methods, depending on your HW (WCCP router/switch).
  HTH,
  Amir

• WCCP flows during Lead WAE Failure

  We are actually planning a large scale WAAS solution. We found many descriptions how  the WCCP flows is protected in redundant design against a WAE failure. We learnt that the Lead WAE is necessary to redirect the WCCP flow to the remaining WAEs. Our question is what will happen when the Lead WAE fails. How will the WAE farm recover the WCCP flows. 

  Hi Peter,
  The lead WAE is responsible for instructing all of the WCCP-enabled routers/switches how traffic should be distributed across the cluster of WAE devices.  It does this by communictaing an assignment table of buckets/masks.  The lead WAE does not actually handle the flows, they are redirected directly from the router/switch to the target WAE.
  In the event that the lead WAE fails, another WAE in the service group takes over the lead role and updates the assignment for all of the routers/switches.
  Regards,
  Zach

• WCCP Multicast with 6500

  I have two 6500s (6509-1 and 6509-2)and two WAE-674 devices. I am trying to configure these devices in a redundant way. However the WAEs form wccp relation only with the 6509-2.
  6509-2#sh ip wccp 61 detail
  WCCP Cache-Engine information:
  Web Cache ID: 172.27.249.65
  Protocol Version: 2.0
  State: Usable
  Redirection: GRE
  Packet Return: GRE
  Assignment: HASH
  Initial Hash Info: 00000000000000000000000000000000
  00000000000000000000000000000000
  Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  00000000000000000000000000000000
  Hash Allotment: 128 (50.00%)
  Packets Redirected: 0
  Connect Time: 00:36:19
  Web Cache ID: 172.27.249.66
  Protocol Version: 2.0
  State: Usable
  Redirection: GRE
  Packet Return: GRE
  Assignment: HASH
  Initial Hash Info: 00000000000000000000000000000000
  00000000000000000000000000000000
  Assigned Hash Info: 00000000000000000000000000000000
  FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  Hash Allotment: 128 (50.00%)
  Packets Redirected: 0
  Connect Time: 00:36:18
  however on the 6509-1
  6509-1#sh ip wccp 61 detail
  WCCP Cache-Engine information:
  Web Cache ID: 172.27.249.66
  Protocol Version: 2.0
  State: NOT Usable
  Redirection: L2
  Packet Return: L2
  Packets Redirected: 0
  Connect Time: 01:17:18
  Assignment: MASK
  Web Cache ID: 172.27.249.65
  Protocol Version: 2.0
  State: NOT Usable
  Redirection: L2
  Packet Return: L2
  Packets Redirected: 0
  Connect Time: 00:00:15
  Assignment: MASK
  Redirection (L2 on 6509-1 and GRE on the 6509-2) methods are shown differently on the 6500 switches.
  However the configurations on the WAE side is same:
  HOAE1674#sh run
  <outputs omitted>
  primary-interface Standby 1
  interface Standby 1
  ip address 172.27.249.65 255.255.255.240
  exit
  interface GigabitEthernet 1/0
  standby 1 priority 250
  exit
  interface GigabitEthernet 2/0
  standby 1
  exit
  ip default-gateway 172.27.249.78
  <outputs omitted>
  wccp router-list 1 224.10.10.10
  wccp tcp-promiscuous router-list-num 1
  wccp version 2
  And the 6500 configurations:
  6509-2#sh run int vlan 311
  interface Vlan311
  description WAAS-Normal
  ip address 172.27.249.77 255.255.255.240
  ip wccp 61 group-listen
  ip wccp 62 group-listen
  ip pim dense-mode
  standby 211 ip 172.27.249.78
  6509-2#sh run | i redire
  ip wccp 61 group-address 224.10.10.10 redirect-list 101
  ip wccp 62 group-address 224.10.10.10 redirect-list 102
  I know that L2-redirection and masking advised on the 6500s, however when I configure, 6500 sh ip wccp output shows that GRE masking is used.
  The WAE devices are connected directly to the 6509-2, I suspected a multicast issue, to test I shutdown the 6509-2 vlan interface but no help
  The version on the 6500s are same (12.2SXF8), as I know that 12.2SXF14 is suggested. However a software upgrade requires a lot of change management procedures. I want to be sure that I did not make a configuration mistake.

  Thanks Dan, Matthew
  After I remove l2-return, wccp seems to be ok:
  HOAE1674#sh run | i wccp
  wccp router-list 1 224.10.10.10
  wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign
  wccp version 2
  6509-1#sh ip wccp 61
  Global WCCP information:
  Router information:
  Router Identifier: 192.168.2.253
  Protocol Version: 2.0
  Service Identifier: 61
  Number of Cache Engines: 2
  Number of routers: 2
  Total Packets Redirected: 0
  Redirect access-list: 101
  Total Packets Denied Redirect: 13843
  Total Packets Unassigned: 0
  Group access-list: -none-
  Total Messages Denied to Group: 0
  Total Authentication failures: 0
  6509-1#sh ip wccp 61 de
  WCCP Cache-Engine information:
  Web Cache ID: 172.27.249.66
  Protocol Version: 2.0
  State: Usable
  Redirection: L2
  Packet Return: GRE
  Packets Redirected: 0
  Connect Time: 01:32:23
  Assignment: MASK
  Mask SrcAddr DstAddr SrcPort DstPort
  0000: 0x00001741 0x00000000 0x0000 0x0000
  Value SrcAddr DstAddr SrcPort DstPort CE-IP
  0032: 0x00001000 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)
  0033: 0x00001001 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)
  0034: 0x00001040 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)
  0035: 0x00001041 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)
  0036: 0x00001100 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)
  0037: 0x00001101 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)
  0038: 0x00001140 0x00000000 0x0000 0x0000 0xAC1BF942 (172.27.249.66)
  Now I am trying to redirect packets over the these appliances.
  However TCP connections could not be established between redireced subnets. I can sniff that packet is forwarded to the WAAS but it did not send a respond. I saw that bad bucket error are incrementing when I try new connections.
  HOAE1674#sh wccp gre | i buckets
  Packets dropped due to bad buckets: 516
  regards,
  Bulent