Question in tracing wccp traffic

Similar Messages

• SRE External Gig port for WCCP traffic?

  Has anyone been successful with using the external Gig port on the SRE modules for WCCP traffic?  Has anyone tried it?
  I'd like to reduce the CPU on my ISR-G2 routers that have the SRE modules running WCCP GRE.  I'd like to use the external gig port on the SRE module for the WCCP traffic, which will allow me to use WCCP L2.  Is this even feasible?  Or maybe I just need to add WCCP L2 on an SRE as a New Feature request to Cisco?
  According the to Cisco documentation....
  The external service-module interface can be used to monitor LAN traffic. You can also select the external interface as the management interface for the SM. The external interface cannot be used for downloading applications.
  Visible only to the SM software on the Cisco SM-SRE, the external service-module interface is the Gigabit Ethernet interface connector on the Cisco SM-SRE faceplate. The external interface supports data requests and data transfers from outside sources, and it provides direct connectivity to the LAN through an RJ-45 connector.

  Tammy,
  What is preventing you from configuing WAAS on SRE with L2 WCCP / Mask assignment via the internal interface?   This is totally feasible.
  If you are trying to decrease CPU utilization on your router, don't expect switching from GRE to L2 to make a drastic difference.  The ISR G2 is a software based platform, as such WCCP (whether L2 or GRE) is processed by the CPU with CEF assistance. 
  True removing the GRE encapsulation will save some processing overhead, but in the end it's the PPS (packets per second) your router is handling that's driving the CPU.
  Remember when you add WCCP / WAAS to the flow it's no longer packet in/ packet out on the router.  Compressed data in on WAN, out to WAAS, uncompressed from WAAS back to Router, out on the LAN, then the reverse... uncompressed data on the LAN in to the router, out to WAAS, compressed from WAAS out to the router, then out on the WAN.  So depending on the compression observed you will see > 2x the amount of traffic being processed by the router. 

• ASA not redirecting WCCP traffic (traffic from one particular source address)

  Friends,
    I have a redirect list allowing three traffic and denying one.
        On ASA: access-list wccp-traffic permit ip 10.100.x.x 255.255.255.0 any
                         access-list wccp-traffic permit ip 10.1.x.x 255.255.255.0 any
                         access-list wccp-traffic deny ip 10.2.x.x 255.255.255.0 any
    One traffic among the three allowed doesn't return any hits on the access-list.
                        10.100.x.x is not getting any hits.
                but  10.1.x.x is getting hits
    ASA is configured to redirect the traffic to the Blue Coat cache engine.
                 on the ASA if I checked I could see 10.100.x.x is hitting the ASA but not the access-list
   Any thoughts??

  Check if this traffic is in bypass list on wsa. Because if bypass list is configured in transparent mode then bypass list is first checked before redirecting it to wccp client.

• WSA is not getting WCCP traffic and cant browse any websites

  Hi,
  We have WSA configured for central office users web traffic control and its working fine. We also want to use the branch users to controler their web traffic using the same WSA. We have added the branch network subnets to existing WCCP ACL which is configured on 6509 core switch and could see http/https hits coming from branch subnets.
  We have created new Identity (with no authentication) and added the branch subnet to it and created new access policy and use the same identity. However users are not able to browse any website when we added the branch subnets to existing WCCP ACL. When we did packet capture on WSA for one of the PCs IP address on branch network there is no packet reaching on WSA. However when we did policy trace on WSA for the same branch IP address we could see the it was hitting correct policy and identity where allowed website is passing and blocked site is blocked. However users are not able to browse for any websites.
  Not sure where the problem is and appreciate if someone can guide us or give some troubleshooting steps to verify the configuration.
  thanks in advance.

  Hi Tony,
  Thanks for your response. Actually IP WCCP redirect out is already there on the interface connecting to firewall. Since we cant have WCCP redirect in on every users SVI we have used the firewal connecting interface as one gateway.
  Since we already use wccp redirect out we can't use the wccp redirect in connection on the WAN connecting interface. I have attached the network topolgy for better understanding. Also attached is the policy-trace output where I could see its hitting the correct Access policy. However im not sure what there's no packets found on the packet-capture output taken from WSA.
  the issue is that while the policy are intact, when I add the branch router to wccp ACL they cant access any of the websites. Not sure whether issue on WSA policy or WCCP config...??

• Question in Tracing

  Hi All,
  I have a rename task workflow for one of the processes, which renames the task. However with the new task, length is more than 128 characters due to which the request is not moving further and ending with an error
  XPRESS exception: Can't call method rename object on class com.waveset.server.InternalSession com.waveset.InvalidArgumentName "TASKNAME" is to long exceeds maximum name length of 128
  I tried tracing the WF to see if i get more information but that didnt help. I tried changing the column length in the DB where this task is stored, that didnt help either.
  Is there any other way i can trace this to find where it is coming from? I was trying to find logconfig.xml fileto see if trace setting can be changed. However, i'm unable to find that xml file in weblogic. I used to be able to find it in tomcat.
  Any help is appreciated
  Thanks,

  Is your TaskInstance still available? Generally, when I get an exception like that, I can pull up the TaskInstance and follow through it although sometimes that will suggest a different answer than where the problem actually occurred.. Also, you may want to add code similar to below to display the values through the workflow. When it fails, you may still see the task and the display.
  <Action id='8' name='Report Process Progress - Role Variables' hidden='true'>
  <expression>
  <set name='statusMessage'>
  <concat>
  <s> - oldname= </s>
  <ref>oldname</ref>
  <s> - newnamewillbe= </s>
  <ref>newnamewillbe</ref>
  </concat>
  </set>
  </expression>
  <Variable name='statusMessage'/>
  <ActionResult name='ProvisionStatus'>
  <ref>statusMessage</ref>
  </ActionResult>
  </Action>

• Complicated easy question - ray tracing

  Hello,
  i am working currently on one project - i have an optical system (some prisms, some lenses etc) and i want to make a VI to calculate propagation of a light ray - something like ray tracing.
  I know that labview is not the perfect platform to deal with this issue, however i still would like to try.
  My problem is as following: i want to calculate the propagation of a ray through a lens. I have the ray with some coordinate (y=const) and a plano convex lens - the front of a lens is a piece of a sphere. To calculate the propagation (using snell law) I have to find an angle between the ray and the line which is tangent to this lens-sphere in the point where my light beam hits the lens.
  My procedure (on the piece of paper):
  1.i know the coordinates of a center of a sphere (let's take (0,0)) and its radius r (x^2+y^2=r^2). I know the value of y=y_0 for which the ray enters the lens.
  then i can calculate the x_0: x_0^2+y_0^2=r^2. Now i know the point where light enters the lens (x_0,y_0)
  2.then just the usual procedure of finding equation for a line tangent to sphere (y=a*x+b):
  i put y_0 and x_0 to this equation:
  y_0=a*x_0+b
  and i can remove one unknown value (for example b): y=a*(x-y_0)+x_0
  3.then i put such equation into the equation for sphere (x^2+y^2=r^2) and this is the quadratic equation which has only one unknown value x and one free parameter: a.
  4.beacause i want to have tangent line, so it should have only one common point with sphere - so the quadratic equation should have determinant equal to zero (only one solution for x). This gives me an equation for a. I should find the value of a which satisfy this equation and then i know this tangent line and have the solution! uf....
  Unfortunately i still didn't find a solution to implement this in labview (and i'm motivated beacuse most of the work for this project is already done). I was trying with the formula parsing and so on, but i didn't succeeded. 
  I will be really grateful for any hints or help!
  Solved!
  Go to Solution.

  helmik,
  LabVIEW does not do symbolic math.  Once you have the equations solved on paper or reduced to a set which can be solved numerically, tehn you can program it in LV.
  When I look at your math in the first post, I see that in (3) you describe an equation in x and a. However, this is not a quadratic equation but a fourth order polynomial with terms like a^2*x^2 and 2*a^2*x*y_0. So this is not so easily solved.
  Is not the tangent to the sphere at right angles to the radius at that point? The angle of the radius can be calculated from x_0 and y_0 and the center of the sphere. Then add 90 degrees. One arctangent and no complicated equations.
  Lynn

• A question about tracing users' connections

  Dear all,
  I would like to know, whether there is a report in SAP
  providing information about users connection. What we
  are looking for in terms of information is:
  1) How many times each user connected to the system?
  (for example how many times during each day or each week)
  2) How long each session lasted?
  3) What standard transactions did each user execute during
  each connection?
  Is there any report providing such information?
  Thanks in advance,
  Kind Regards,
  Dariyoosh

  Hi Dariyoosh,
  1) How many times each user connected to the system?
  SM20 (Information security audit logs ) In USER Statistics and Terminal statistics , you can get enough information .
  ST03N
  In ST03N (Workload distirbution monitor ) you can  find ,what is the workload of individual users and which actions users performed ?
  2) How long each session lasted?
  In  tcode - SM20,you can find  detaild activites about users in Users statistics  field . Secondly For transcation details ,Please select Transactions statisitcs field .It
  will  provide  you enough information
  AL08 Shows you Tcodes using by user time ,external & internalsessions  .Also  with tcode  SM04  You can find list of users .There is USER TAB on top left hand side
  You can click on that and select  " Techincal Information , you will get informatoin   STATE , MODES ,MEMORY  COnsumption etc .
  3) What standard transactions did each user execute during
  each connection?
  Pleae use these tcodes :SM20, SM04(users overview) , AL08
  Thanks in advance,
  Kind Regards,

• Question about wireless ethernet traffic

  Im sniffing wireless packets and seeing something I don't understand and cannot find relevant documentation on....
  In the 802.11 wireless lan management frame, tagged parameters section I am seeing a Tag number 133 which is listed as a reserved tag number, with a value that LOOKS like an SSID. But is not in fact the ssid, as broadcast-ssid is not enabled on this AP and the SSID tag field length is shorter than this piece of data.
  Can anyone help me
  1. decipher the meaning of tagged paremeter 133
  2. point me in the direction of documentation that will break out each tagged parameter and its meaning and values?
  Thx!
  -brkn!

  Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
  If anyone else in the forum has some advice, please reply to this thread.
  Thank you for posting.

• WCCP on ASA & traffic between physical interfaces on ASA

  Hello,
  I am trying to get WCCP working on the ASA for WAAS implementation. Here is a simple snapshot of my config:
  Eth 0/0 : Outside (to internet)
  Eth 0/1 : Vlan1 (20.20.0.0/16) (trunk port to remote office LAN)
  Eth 0/1.211 : Vlan211 (20.21.10.0/24)
  Eth 0/1.212 : Vlan212 (20.21.20.0/24)
  Eth 0/1.220 : Vlan220 (20.22.0.0/16)
  Eth 0/2 : WAAS (20.21.30.0/24)
  I have the site to site tunnel working. I can ping the WAAS device from the other end of the tunnel but I cannot ping it from the 20.20.0.0/16 network. I have enabled traffic between interfaces on same security level as WAAS and LAN have same security.
  I get this error message:
  3 Feb 12 2007 17:54:05 305006 20.20.10.101 portmap translation creation failed for icmp src WAAS:20.21.30.230 dst LAN:20.20.10.101 (type 8, code 0)
  How can I fix this?
  My second question is regarding WCCP on ASA. Here is the WCCP part of the config I have:
  wccp 61 redirect-list WCCP_To_LAN
  wccp 62 redirect-list WCCP_To_WAN
  wccp interface outside 62 redirect in
  wccp interface LAN 61 redirect in
  access-list WCCP_To_LAN extended permit ip any 20.20.0.0 255.252.0.0
  access-list WCCP_To_WAN extended permit ip 20.20.0.0 255.252.0.0 any
  I am not seeing any packets being redirected to the WAE. I once changed the access lists to 'any any' and I saw some packets but I couldn't ping or telnet to the remote site. Could it be a loop? Is there any way to exclude traffic to avoid loop?
  Thanks
  Ankit

  common guys
  Am I doing something wrong here?
  No one replies to my posts. I had the same experience with the previous one.
  Is this not the right forum for this query???
  Ankit

• Does WCCP support traffic from different VLANs(mapped to VRFs)?

  Hello,
  I have the following scenario from the WAN to the Data Center and from the WAN to the Branch:
  1. Router 2800/7200 with three (3) MPLS VRFs (VRF Lite)
  2. Switch 3750 with three (3) WAN VLANs (one for each VRF) and three (3) LAN User Traffic VLANs (one for each ASA Context) and one WAE VLAN
  3. WAE with WCCP enabled for one VLAN in the switch
  4. ASA with three (3) Contexts
  5. Three (3) Internal LANs (one for each Context)
  In summary, there are three flows of traffic which are separated along the way from Branch to Data Center. WAEs are working for one VLAN(VRF1) and WCCP is enabled at the 3750 Switch to do the redirection (not in the router). The question is: does WCCP support traffic from different VLANs (similar to inline 802.1Q) and handle all three flows separate? If so, what should the configuration be at the switch and the WAE?
  Thanks.

  The VRF awareness for 12.4(T) is still probably 8-12 months out. VRF aware WCCP features are definitely in the pipeline, but nothing has been publically published on availability timelines.
  It's now publically available on the forum... but , I've only found it on the 3750 and 3550 documentation.
  at the 3750 you will need to place the redirect statement on each of the VLANs, ip wccp 61 redirect in
  Kindly find here GRE Tunnel with VRF Configuration Example:
  http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801e1294.shtml
  I have gotten as far as the WAE registering the router:
  "WCCP configuration for TCP Promiscuous service 61 and 62 succeeded.
  WCCP configuration for TCP Promiscuous succeeded.Please remember to
  configure WCCP service 61 and 62 on the corresponding router."
  wae01#sh wccp router
  Router Information for Service: TCP Promiscuous 61
  Routers Configured and Seeing this Wide Area Engine(1)
  Router Id Sent To Recv ID
  0.0.0.0 209.1.1.1 0000022F
  The router registers the WAE as a WCCP client:
  router04#
  "*Feb 4 18:56:09.892: %WCCP-5-SERVICEFOUND: Service 61 acquired on WCCP
  client 209.1.1.2"
  "*Feb 4 18:56:09.892: %WCCP-5-SERVICEFOUND: Service 62 acquired on WCCP
  client 209.1.1.2"
  The router however cannot figure out what its ID is and does not see
  itself as a WCCP group router.
  router04#sh ip wccp
  Global WCCP information:
  Router information:
  Router Identifier: -not yet determined-
  Protocol Version: 2.0
  Service Identifier: 61
  Number of Service Group Clients: 1
  Number of Service Group Routers: 0
  Total Packets s/w Redirected: 0
  Process: 0
  Fast: 0
  CEF: 0
  Redirect access-list: ACCELERATED-TRAFFIC
  Total Packets Denied Redirect: 0
  Total Packets Unassigned: 25957
  Group access-list: -none-
  Total Messages Denied to Group: 0
  Total Authentication failures: 0
  Total Bypassed Packets Received: 0
  This is a short summary of important commands for working with VRF's.
  View the VRF instances and the associated interfaces.
  ml-mr-c6-gs#show ip vrf
  Name Default RD Interfaces
  blurvrf 100:2 Vlan215
  Vlan326
  tgvrf 100:1 Vlan132
  Vlan325
  TenGigabitEthernet1/1
  ml-mr-c6-gs#
  Show the routing table for a specific VRF.
  ml-mr-c6-gs#show ip route vrf tgvrf
  Routing Table: tgvrf
  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
  D - EIGRP, EX - EIGRP external,
  ---More--
  Gateway of last resort is 128.117.243.57 to network 0.0.0.0
  O E2 192.52.106.0/24 [110/1] via 128.117.243.57, 1d19h, Vlan325
  O E2 192.168.150.0/24 [110/160] via 128.117.243.57, 1d19h, Vlan325
  172.17.0.0/29 is subnetted, 3 subnets
  O E2 172.17.1.16 [110/0] via 128.117.243.57, 1d19h, Vlan325
  O E2 172.17.1.8 [110/1] via 128.117.243.57, 1d19h, Vlan325
  O E2 172.17.1.0 [110/1] via 128.117.243.57, 1d19h, Vlan325
  --More--
  Debugging should otherwise be similar to a regular switch or router.
  Final Teragrid VRF Design and Diagrams
  http://www.cisl.ucar.edu/nets/devices/routers/cisco/vrf/final.shtml
  Teragrid Testbed Design
  http://www.cisl.ucar.edu/nets/devices/routers/cisco/vrf/testbed.shtml
  Cisco 4500 Series Switch Cisco IOS s/w config guide 12.1(20)EW
  Configuring VRF-Lite
  http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/20ew/configuration/guide/vrf.html
  sachin garg

• Branch IPSEC VPN Site with WCCP setup for vWAAS - Overthinking this

  OK, I have a fairly large WAAS environment so I'm kicking myself for overthinking this.  I have a particular branch that has an 881 router that terminates an IPSEC connection back to my main location.  I have a vWAAS at this branch site, so I'm going WCCP.  I got the license upgrade to enable to the WCCP feature set.  Now Im confused on the WCCP setup.  There is only 1 VLAN at the branch.  I have the WAAS setup to do WCCP GRE.
  Question is:  Would I do the redirect 61,62 on the VLAN1 internface?  I think I would, but Im used to dropping the 62 on the serial interface of my MPLS.  I.E.:
  int vlan1
  ip wccp 62 redirect in
  ip wccp 61 redirect in
  HERE IS THE CURRENT CONFIG
  ip wccp 61 redirect-list branch-waas
  ip wccp 62 redirect-list branch-waas
  interface Vlan1
  description Branch Data VLAN
  ip address 10.22.1.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  ip tcp adjust-mss 1452
  crypto ipsec client ezvpn Corporate-client inside
  ip access-list extended branch-waas
  remark WCCP Redirect ACL
  deny   tcp any any eq telnet
  deny   tcp any any eq 22
    permit ip any any

  wccp 62 is to intercept the WAN traffic, but if you put it on the LAN side, you have to catch the traffic on its way out:
  ip wccp 62 redirect out
  There is no need to deny telnet and ssh, those both have policies in WAAS for passthrough.  Also, I prefer to put my WAAS device on its own VLAN.  However, if it is going to be on VLAN 1, your access list will need:
  ip access-list extended branch-waas
  remark WCCP Redirect ACL
  deny   ip any host (WAAS IP)
  deny   ip host (WAAS IP) any
    permit ip any any
  To make sure you do not loop WCCP traffic.
  Just edited to change from TCP to IP in access list.

• WCCP redirections over IPv6

  Hi,
  I've a question related to WCCP and IPv6.
  Let's imagine a web-cache cluster, all the nodes dual stack (IPv4+IPv6) and all of them supporting WCCP (also IPv4+IPv6) for transparent web-cache, so they can cache either IPv6 or IPv4 web pages.
  Let's imagine one Cisco router that is also dual-stack and having WCCP support (AFAIK only for IPv4). I assume that the router and the web-cache nodes are able to communicate to each other through either IPv6 and/or IPv4 for any protocol different than WCCP. For WCCP only communication through IPv4 is feasible (IPv4 only support for WCC in the cisco router).
  My question is what about the port-80 IPv6 traffic (http queries indeed) forwarded to the router from the user's hosts?
  Would such a traffic be forwarded to the external IPv6 HTTP public server (like no-http traffic)?
  Would such a traffic be forwarded to the web-cache farm (like IPv4-http traffic does) in spite of WCCP supports only IPv4?
  In other words, the IPv4-only-WCCP capable cisco router (but dual-stack) inspects only the IPv4 packets looking for the TCP-80 port or it does it also for IPv6 packets?
  Regards
  Miguel

  This URL should help you:
  http://www.cisco.com/en/US/products/ps6350/prod_bulletin09186a0080457b39.html

• WAAS supprt for GRE traffic?

  We have WAAS running at both our data center and branch offices. We are connecting the WAAS device to the WAN routers directly and using WCCP for redirection. Some of our branch to data center traffic is running through GRE tunnels which begin/end in our branch and data center server switches. Question - can WAAS optimize traffic that is already in GRE tunnels?

  Greg,
  congiufre your redirection on the lan and wan interface service 61 on the lan interface and 62 on the wan interface. the wan interface in question is the gre tunnel.
  Regards.

• WCCP problem or routing

  Hi,
  We have two datacenters same logical LAN.
  Two ISP routers and two WAE 674 and using WCCP "egress-method negotiated-return intercept-method wccp"
  See attached file.
  The problem is when one of the "line" WAN interface goes down, some of the network are not reach from the LAN side and some are.
  We are using BGP as routing protocol in the ISP routers.
  Any suggestion for the problem?
  Jan

  Hello I am from the ISP and wanted to address these issues
  2. When WAN goes down and LAN remains up, your WCCP is still UP and hence, it continues to forward packets out of same WAN interface but  because that interface is down, packets ultimately die / gets blackholed.
  3. Another speculation is: Asymmetric routing. When WAN is down but LAN is up, you are forwarding soem traffic out of LAN but as WAN goes down, the return packets then come up on different interface and creates asymmetric routing.
  On question 2 with WCCP the router would still try to send packets out the wan interface even though its down?   Wouldn't the router be able to tell that routing changed to the source/dest subnets and not blindly send packets to a down interface?   If not then this most likely is what happened.
  Here is the WAN interface config WCCP is enabled for inbound redirection but the same for the actual data LAN interface
  interface GigabitEthernet0/0
  description link to PE
  bandwidth 9000
  no ip address
  ip route-cache flow
  duplex full
  speed 10
  media-type rj45
  no cdp enable
  interface GigabitEthernet0/0.22
  encapsulation dot1Q 22
  ip address **********omit ****** 255.255.255.252
  ip wccp 62 redirect in
  no cdp enable
  and here is the LAN side
  interface GigabitEthernet0/1
  no ip address
  ip access-group 113 in
  ip route-cache flow
  duplex full
  speed 100
  media-type rj45
  service-policy output CE_OUT_MARK_0
  interface GigabitEthernet0/1.2450
  description Customer LAN
  encapsulation dot1Q 2450
  ip address ********* 255.255.255.224
  ip wccp 61 redirect in
  no cdp enable
  interface GigabitEthernet0/1.2459
  description Connection to customer-managed WAE Device For WCCP
  encapsulation dot1Q 2459
  ip address ******** 255.255.255.224
  ip wccp redirect exclude in
  no cdp enable
  interface GigabitEthernet0/1.2460
  encapsulation dot1Q 2460
  ip address ******* 255.255.255.224
  ip wccp redirect exclude in
  no cdp enable
  The sister router is configured in much the same way.
  On question 3
  3. Another speculation is: Asymmetric routing. When WAN is down but LAN is up, you are forwarding soem traffic out of LAN but as WAN goes down, the return packets then come up on different interface and creates asymmetric routing.
  Wouldn't Asymetric routing just result in non optimized connections as it would never see the tcp option set for optimization?
  We are going to run this same test this weekend and I will look at all these things but it seems as though asymetric routing would result in no optimization but not packet blockage.   Regarding question 2 if wccp remains up and is black holing traffic I can see this as an issue for sure.
  One last question also regarding the loopbacks and GRE return.  There are distribute lists that block each router from learning the others loopback when the WAN is down.   Do you think this would matter?    Reason I ask is because on the Asymetric side again lets say a packet comes into router #1 via the lan and gets redirected to the WAE with source ip of the Loopback.   When the Was returns the packet to the router I would think it would not need routing to the #2 routers loopback as the destination at this point would be back to the client/server.   Also when the router forwards to the WAE what ip on the WAE does it use?

• WAAS: WCCP Mask or Hash on Routers?

  I'm starting thinking about using mask assign on an ISR router running 12:4(24)T with GRE/GRE. Has anyone done this before and can you use mask assign with GRE/GRE? We need to use it with GRE/GRE because our egress method has to be WCCP return. My thought was mask assign will be much better at load balancing across multiple WAEs in a cluster than hash because you can specify a long mask assignment. Right now, see more load on WAE than the other and are sometimes getting TFO overload.

  The page you linked contains recommendations (in bold) for each platform. On the ISR G2 specifically, you should be able to use any combination of GRE/L2 and MASK/HASH assignment. Some other platforms require specific disribution and redirection methods to maintain the hardware acceleration of WCCP traffic. However, the ISR G2 does not have this requirement.
  WCCP GRE and HASH distribution on ISR G2 is typically recommended to make deployment easier. With GRE, content devices can be an L3 hop away (if needed), and it reduces the chance of customers accidentally creating a WCCP redirect loop.
  L2 distribution and HASH redirection method should typically require the least CPU and memory load on the ISR. These should perform the best in most cases.
  The MASK distribution method gives better controls on how load is divided between multiple content devices, typically at the cost of more CPU and memory utilization. If you have only one or two content devices in your cluster, typically HASH will meet the need for slightly less CPU. As Zach said, most times MASK is used on the Datacenter side to give the ability to 'tweak' how the load is distributed across multiple devices.
  Thanks,
  Aaron