WAAS redirection methods

Similar Messages

• Http redirection method

  im making a program that connects to a certain web site, the pages in that website redirect me several times (each one is a sql validation, so i need to go through everyone of this pages).
  The thing is i have read that, once u give a URL object a value, later you cant assign that same URL object another value. So i was thinking of making a method, something like this (took away all the try/catch for simplicity reading):
  private InputStream conectar(String nuevaURL){
     URL newURL = null;
     URLConnection newConnection = null;
     newURL = new URL(nuevaURL);
     newConnection = newURL.openConnection();
     return newConnection.getInputStream();
  }This method would return an InputStream so in the caller i would use a BufferedReader to process the information from the URL, parse the new redirection URL and call again this method to receive the new content from the new URL.
  The thing is i dont know if this is valid cause of the variables scope, so every time it gets in here it can assign a new url to the newURL variable. Also i dont know if i should close the BufferedReader every time i finish processing each of the contents URL and before calling this method to fetch the new content.
  Any help is greatly appreciated :)
  KodiaK

  Well, if you want the new URL that the redirection provides, it's easiest to grab it from the connection as an HTTP header. (the header's name is "Location") I don't know if it's possible to grab headers via the input stream, and even if it were it would seem like a real pain.
  But actually, HttpURLConnection provides setFollowRedirects and getFollowRedirects methods. You shouldn't have to handle this yourself at all.
  If you were to write something to follow redirects by hand, I'd suggest using recursion. Something like this (using pseudo-code where I can't recall the exact API):
  private InputStream conectar(String nuevaURL) {
      URL newURL = new URL(nuevaURL);
      HttpURLConnection huc = newURL.getConnection();
      if (huc.getStatus() > 299 && huc.getStatus() < 400) {
          String nextURL = huc.getHeader("Location");
          return conectar(nextURL);
      return huc.getInputStream();
  }But like I said, just use the redirect-following functionality already in the API.

• WAAS WCCP Method

  Hello everyone,
  What is the recommended method for configuring WCCP on the WAAS to register to an ISR router running version 12.4(24)T? I been going back and forth on whether or not to use L2 forward/return w/mask or GRE forward/return w/mask or hash. I have to do the egress method as "negotiated-return" because of the way we have 2 ISR routers setup.

  Thanks for responding to my question. You can however perform L2 on an ISR router running 12.4(20T) or higher. I'm running 12.4(24T) and was wondering if L2 on an ISR will cause CPU to spike up... A huge benefit to go with L2 is you can see the original and optimized side traffic using TCPDUMP with a pre captured filter on the command line... I may leave it at GRE forward & return if the CPU would be an issue, may be can use this method with mask assign instead of the default hash; this way I can get better load balancing by going with mask assign, but then again I'm not sure if using mask assign will cause any issues.

• WAAS Redirect Issues

  I'm trying to setup a simple WAAS setup with a Manager, Core and Edge device. The core and edge devices are seperated across an MPLS cloud. The redirect is configured on the CE routers so I don't believe the MPLS is the problem.
  The Manager can see both the Core and Edge devices but no acceleration is happening. When I check the wccp status on the core I see both LAN and WAN inetrfaces are redirecting packets but the edge router is only showing redirects on the LAN.
  The edge router is a Cisco 2821 with a WAAS Services Module. The router is connected to the MPLS cloud by an ATM interface. (Config Below).
  service timestamps debug datetime
  service timestamps log datetime
  service password-encryption
  hostname xxxxxxxxxxx
  boot-start-marker
  boot-end-marker
  logging buffered 10000 debugging
  aaa new-model
  aaa authentication login default group tacacs+ local
  aaa authentication login conmethod group tacacs+ enable
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec default group tacacs+ local
  aaa authorization network default group tacacs+
  aaa authorization network noauthor none
  aaa session-id common
  resource policy
  clock timezone GMT 0
  clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
  ip wccp 61
  ip wccp 62
  ip telnet source-interface GigabitEthernet0/0
  ip cef
  interface Loopback0
  description MPLS ATM Loopback Address
  ip address 10.0.0.5 255.255.255.255
  interface GigabitEthernet0/0
  description London Corp LAN
  ip address 53.253.7.250 255.255.255.0
  ip access-group dealersubnets in
  ip wccp 61 redirect in
  duplex auto
  speed auto
  interface ATM0/3/0
  no ip address
  no atm ilmi-keepalive
  dsl operating-mode auto
  interface ATM0/3/0.1 point-to-point
  description MPLS WAN
  bandwidth 2000
  ip unnumbered Loopback0
  ip wccp 62 redirect in
  no snmp trap link-status
  pvc 0/38
  vbr-nrt 248 248
  encapsulation aal5mux ppp Virtual-Template100
  interface Integrated-Service-Engine1/0
  ip address 192.168.1.9 255.255.255.252
  ip wccp redirect exclude in
  service-module ip address 192.168.1.10 255.255.255.252
  service-module ip default-gateway 192.168.1.9
  no keepalive
  interface Virtual-Template100
  ip unnumbered Loopback0
  no peer default ip address
  router bgp 64527
  no synchronization
  bgp log-neighbor-changes
  network 10.0.0.5 mask 255.255.255.255
  network 53.253.7.0 mask 255.255.255.0
  network 192.168.1.8 mask 255.255.255.252
  neighbor x.x.x.x remote-as 2856
  neighbor x.x.x.x ebgp-multihop 3
  neighbor x.x.x.x update-source Loopback0
  no auto-summary
  ip route 0.0.0.0 0.0.0.0 x.x.x.x
  no ip http server
  no ip http secure-server
  ip tacacs source-interface GigabitEthernet0/0
  access-list 120 permit tcp any any log
  If anyone can help me with this I would be most greatful as I need to get WAAS working ASAP.
  The IOS version is c2800nm-spservicesk9-mz.124-9.T2.bin and the WAAS module is running 4.0.3.b.9
  Thanks

  I have implemented the above config and the wccp redirect on tcp 61 and 62 is now working. WAAS is now seeing traffic and optimising.
  Why do you think that wccp want work on the atm interface?

• WAAS Redirect -list on 4506

  I am trying to configure a redirect on my 4506 device to restrict some data from being processed by the WAE located in my datacenter. Outside the redirect-list command, how do I prevent data from being processed by the WAE?
  The IOS I am running is bootflash:cat4500-entservicesk9-mz.122-40.SG.bin and I run WCCPv2 on both the edge and the core appliances.
  Thanks

  Zach,
  Thanks for your timely response. Is it possible to use the service group approach to block subnets that I do not want the WAE device to process?
  On another note, if I have 2 frame relay subinterfaces. Where do I need to apply the "IP wccp 62 redirect in" command. Should I put them on only the physical interface (S0/0) or on both of the subinterfaces (S0/0.100 and S0/0.109)?
  Thanks

• WAAS Redirection on ACE

  Hi All,
  We are having issues with traffic redirection to WAE devices via an ACE module.
  Does anyone know what troubleshooting steps can be taken on an ace to confirm that traffic redirection is happening to the WAE devices?
  Many Thanks
  Kris

  Hello,
  This document might help.
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/WAASDC11.html
  Thanks
  Eric

• The attempt to contact Autodiscover using the HTTP Redirect method failed. Exchange 2007 to Office 365 Cutover Mirgation

  I am getting the following error message shown below. Wondering if i could get some help on how to resolve this issue.

  My understanding is that the only way to resolve this issue is to install an Exchange 2010 or 2013 server in your on-premises organization and configure that as a hybrid server.  Once you configure your Autodiscover record to point to the Office 365
  hostname as shown in "domains", this should no longer be an issue.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• WCCP src group & redirect/return method

  Has anyone here implemented 3rd party WAN optimization such as Bluecoat or Riverbed w/ WCCP?
  What service groups and redirect/return methods did you use, and on which Cisco switch/router platforms?
  I'd like to know what works, and what doesn't...
  It looks like you generally use service group 61 & 62 to redirect all TCP traffic to WAAS, based on source/destination IP's.
  Do those two service groups also work w/ 3rd party devices?
  If they don't, do I just pick some random service groups, other than the well known ones?
  How would the switch/router know what traffic to redirect, if no redirect-list is used?
  The Networkers' wccp presentation slides say if GRE is to be used w/ 6500's, generic GRE needs to be used instead of WCCP GRE.
  Where would you configure what type of GRE is used, within WAAS?
  Does anyone know if such setting exists on 3rd party devices?
  Our Bluecoat SE isn't even aware of two different versions of GRE, and neither was I, before I watched the Networkers session.

  Hi,
  I know with Riverbed you can use wccp 61/62 as well. I don't have experience with other vendors though.
  The router knows what to redirect based on the WCCP service number. It can be a well-known service or a custom service where you define what to redirect directly on the optimizer/web-cache device. The redirect list is only used to further limit what is redirected.
  In h/w forwarding platform WCCP GRE is handled in s/w, this is why using generic GRE is suggested. On WAAS you can configure it using "egress-method generic-gre intercept-method wccp"
  For more details check the "Egress Method" section in the following doc:
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11-629052.html
  Here you have WCCP redirection method supported and suggested for different Cisco platforms:
  http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/white_paper_c11-608042.html
  hope this helps,
  Fabrizio

• WAAS Placement & Egress method

  We have Cisco WAAS deployed Our Enviornment.
  We are using wccp gre as return & redirection method.
  We are using the default egress method which is IP forwarding with of all our offsite routers.
  Our smaller site Offsite routers are configured as LAN on stick / SVI terminated on the router.
  While Large Site is configured with access/Distribution Layer architecture where SVI is terminated on L3 Switches/3750
  & they have point to point routed connection to WAN Edge Router .
  Can I still use the my default egress method for Ip forwarding?
  Sincerely,
  Viral Patel

  See again some more detail is needed from point of redirection.
  lets take example for your own setup, if all client vlan (SVI on l3 switch) traffic, going out via that WAN router needed to be redirected, then you can place the WAE on seperate VLAN on L3 and do redirection for all user LAN interfaces and interface connected towards WAN router. This is a simple setup and doing redirection on Switch will help as it will be done in H/w. In this case you can have IP forwarding as egress method.
  But now take example that there multiple WAN links on the same router. And you want traffic going only to one particular site (via one of the WAN link only) to be optimized, then its good to do redirection on router. But for this WAE has to be a L2 neighbor to router (may via a fre router interface or router on stick). but if that is not possible and WAE has to remain at switch with HOP away from router then we have no other option but to GRE (both redirection and forwarding)

• Wccp redirection for waas on same platform as wccp for websense?

  just wondering if anyone knows if a Cisco router or switch can handle wccp redirection enabled for both waas and some other web content filtering appliance using a different service group?
  seems like the priority value would come into play determining which service group gets handled first?
  we currently do WCCP for WaaS on our 3945s.
  I am going to advocate to my customer that we separate this out for CPU load issues, config complexity issues, IOS issues, etc... but the question is going to come up - "can we do WCCP for different applications on our Catalyst 3750 core switch, or our 3945 WAN routers?"
  Thanks,
  Paul

  Hi Paul,
  Yes, it's technically possible to have WCCP redirection for several services even in those devices that don't support setting the priority. However, in this case, both WAAS and Websense need to redirect HTTP traffic, and that's what makes things complicated.
  Assuming you first want to send the traffic to Websense and then to WAAS, I would recommend doing the WAAS redirection only on the WAN link (with one service inbound and the other outbound). You can then configure Web-cache redirection inbound on the client vlan and, a service for the return traffic (I'm not sure if this is required for websense), inbound on the interface where the WAE is connected (with a redirect-list to match only the return direction)
  Even if it's possible to have both redirections in the same device, if possible, I would strongly suggest you to either use different devices for the redirection or to make them mutually exclusive (for example, not sending HTTP to WAAS), otherwise, if you make a small mistake with the configuration, you can end up with a redirection loop.
  Regards
  Daniel

• WAAS - WCCP redirect in Cat 3560

  Are WAAS redirect ACLs supported on Catalyst 3560?
  Thanks

  You can only configure allow ACLs, no denys (except the deny all at the end).
  Dan

• WAAS: WCCP Mask or Hash on Routers?

  I'm starting thinking about using mask assign on an ISR router running 12:4(24)T with GRE/GRE. Has anyone done this before and can you use mask assign with GRE/GRE? We need to use it with GRE/GRE because our egress method has to be WCCP return. My thought was mask assign will be much better at load balancing across multiple WAEs in a cluster than hash because you can specify a long mask assignment. Right now, see more load on WAE than the other and are sometimes getting TFO overload.

  The page you linked contains recommendations (in bold) for each platform. On the ISR G2 specifically, you should be able to use any combination of GRE/L2 and MASK/HASH assignment. Some other platforms require specific disribution and redirection methods to maintain the hardware acceleration of WCCP traffic. However, the ISR G2 does not have this requirement.
  WCCP GRE and HASH distribution on ISR G2 is typically recommended to make deployment easier. With GRE, content devices can be an L3 hop away (if needed), and it reduces the chance of customers accidentally creating a WCCP redirect loop.
  L2 distribution and HASH redirection method should typically require the least CPU and memory load on the ISR. These should perform the best in most cases.
  The MASK distribution method gives better controls on how load is divided between multiple content devices, typically at the cost of more CPU and memory utilization. If you have only one or two content devices in your cluster, typically HASH will meet the need for slightly less CPU. As Zach said, most times MASK is used on the Datacenter side to give the ability to 'tweak' how the load is distributed across multiple devices.
  Thanks,
  Aaron

• WCCP assignment method mismatch

  Hi all,
  I am using a Cisco 3825 running 12.4(25G) code. I just upgraded my WAE (oe674) to 5.1.1c.
  The WAE and router wouldnt peer due to assignment method mismatch when i do a show wccp router.
  Router Information for Service Id: 61
          Routers Seeing this Wide Area Engine(0)
                  -NONE-
          Routers not Seeing this Wide Area Engine
          10.204.28.1     - Assignment Method Mismatch
          Routers Notified of from other WAE's
                  -NONE-
  Router Information for Service Id: 62
          Routers Seeing this Wide Area Engine(0)
                  -NONE-
          Routers not Seeing this Wide Area Engine
          10.204.28.1     - Assignment Method Mismatch
          Routers Notified of from other WAE's
                  -NONE-
  The WAE is configured as follows:
  wccp router-list 1 10.204.28.1
  wccp tcp-promiscuous service-pair 61 62
  router-list-num 1
  assignment-method mask
  password ****
  redirect-method gre
  egress-method wccp-gre
  enable
  exit
  wccp flow-redirect enable
  When i changed the assignment method to hash, everything worked. I believe Cisco 3825 should support Mask.
  Any advice?

  Hi Leonardo,
  Did you try disabling wccp on router as well as WAE and re-enable it on router and then WAE and see if that makes a difference? If you have already done that and since as per documentation MASK assignment is supported in version you are running on router and it was working prior to upgrade, i would suggest capturing WCCP communication i.e HIA and ISU and opening a TAC case for further investigation. Did you follow the procedure as suggested in release notes during upgrade?
  WCCP Interoperability
  Central Managers running Version 5.1.1x can manage WAEs running software Versions 4.2.1 and later. However, we recommend that all WAEs in a given WCCP service group be running the same version.
  Note All WAEs in a WCCP service group must have the same mask.
  To upgrade the WAEs in your WCCP service group, follow these steps:
  Step 1 You must disable WCCP redirection on the Cisco IOS router first. To remove the global WCCP configuration, use the following no ip wccp global configuration commands:
  Router(config)# no ip wccp 61
  Router(config)# no ip wccp 62
  Step 2 Perform the WAAS software upgrade on all WAEs using the WAAS Central Manager GUI.
  Step 3 Verify that all WAEs have been upgraded in the Devices pane of the WAAS Central Manager GUI. Choose Devices to view the software version of each WAE.
  Step 4 If mask assignment is used for WCCP, ensure that all WAEs in the service group are using the same WCCP mask value.
  Step 5 Reenable WCCP redirection on the Cisco IOS routers. To enable WCCP redirection, use the ip wccp global configuration commands:
  Router(config)# ip wccp 61
  Router(config)# ip wccp 62
  Release notes for your reference.
  http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v511/release/notes/ws511xrn.html#wp151010
  Regards,
  Kanwal

• Here_I_Am packet w/bad fwd method L2 received indirectly via SM1/0

  new to these devices and followed the quick setup guide. having a problem;
  this is a 2921 router wirh a sm-sre-710  module
  basic config;
  on the sm-sre-710;
  wccp tcp-promiscuous service-pair 61 62
  on the router router;
  ip wccp 61
  ip wccp 62
  interface GigabitEthernet0/0
  ip address 10.1.1.1 255.255.255.0
  ip wccp 61 redirect in
  interface GigabitEthernet0/2
  ip address 10.2.2.1 255.255.255.0
  ip wccp 62 redirect in
  interface SM1/0
  ip unnumbered GigabitEthernet0/0
  service-module ip address 10.1.1.100 255.255.255.0
  service-module ip default-gateway 10.1.1.1
  and I get this in debug messages;
  WCCP-EVNT:D62: Here_I_Am packet from 10.1.1.100 with incompatible capabilites
  Oct 16 17:38:28.139: WCCP-PKT:D62: Sending I_See_You packet to 10.1.1.100 w/ rcv_id 0000001Bug al
  Oct 16 17:38:30.147: WCCP-EVNT:D61: updating wc orig assign info
  Oct 16 17:38:30.147: WCCP-EVNT:D61: reuse wc orig mask info (28 bytes)
  Oct 16 17:38:30.147: WCCP-EVNT:D61: Here_I_Am packet from 10.1.1.100 w/bad fwd method L2, received indirectly via SM1/0

  I found on google the following sample; ( they are using WCCP GRE as redirect method which is the one I  suggest for your router  please look at this sample IP addressig configuration and how he uses the Rediret In statements and on which interfaces)
  http://2and2is5.wordpress.com/2011/03/30/configuring-cisco-waas-on-a-sre/
  hope that helps!

• WAAS Deployement : Inline Vs Off-path

  Hi All,
  I would like to get your expertise on deciding  suitable deployement method.
  We have to deploy the WAAS solution between a DC and 70+ branch locations ( expected TCP connections in each <= 200) which are connected through provider managed MPLS cloud . Decided to use WAE 7341 (with WCCP redirection method)as the WAE in DC side but when it comes to branch side still thinking between INLINE ( WAVE 274) vs WCCP (ISR router with NME) . Basically , would like to understand more about ..
  a) Difference between Inline and Off-path deployement in all aspects.
  b) Does inline deployement with WAVE 274 ( has 2 NIC ) passes through the traffic in case of Power / device failure
  We have been did PoC with WCCP method , it was very stable and got good respone. We would like to use inline method as it is the  low cost solution, if it can provide same level STABLITIY + RESPONSE.
  Regards,
  Maria

  Hi Maria,
  I don't know exactly which aspects you are interested in but usually, WCCP is used when we want to spread the load over multiple WAE as it is easier to achieve then with Inline interfaces.
  Now, as in your case, you'll be only using one NME, so it doesn't apply.
  Another difference is that the module is integrated inside your router while the WAVE obviously isn't so it will require additional cabling in your network.
  Inline acceleration will not add any processing load to your router while WCCP will. Even if this load increase might not be that high, you might want to think about it if your routers are already heavily used.
  If you have any other aread you would like to get more info on, let me know and I'll see what I can do for you.
  Regarding your question on what would happen if the WAVE gets powered off or fails completely, the inline interface has an hardware bypass mechanism that will kick off if this occurs and the device will simply start bridging the traffic between the two sides of the interface, preventing a network outage.
  Regards,
  Nicolas