WAAS WCCP from fortinet

hello,
I need your help, we want to configure WCCP on WAE but the customer have a fortinet firewall in agencies.
Has anyone had to do this type of setup ?
what are the WCCP services 61 and 62? did I need to configure also to Fortinet?
Thanks for your help.

Hi Fatoumata,
The WCCP service is a number specified in the protocol to define what kind of traffic is going to be matched, so, it's not relevant for a firewall.
To allow WCCP traffic to go through a firewall (assuming it's located between the WAE and the router), you just need to allow UDP port 2048 in both directions.
If what you need to do is allowing the optimized traffic to go through the FW (which would happen if you have the FW between the router and the WAN link), then, you would need to enable some kind of WAAS inspection on the Fortinet firewall to allow the modifications that WAAS does on the TCP packets (adding a TCP option in the SYN and SYN/ACK packets and a sequence number shift after the TCP handshake). Unfortunately, I don't know how this can be done because I'm not familiar with that firewall.
Regards
Daniel

Similar Messages

How does QoS work with WAAS WCCP? What's the interaction between QoS Traffic Classification and WAE Traffic Application Policy?

How does QoS work with WAAS WCCP? What's the interaction between Router QoS Traffic Classification and WAE Traffic Application Policy?

By default, WAAS preserves the DSCP marking on intercepted packets. There is a configuration option to set/override the DSCP value at the global (device), application, and classifier levels. Currently WAAS provides marking only. There is no action taken by WAAS based on the DSCP value.
Regards,
Zach

Router IOS requirements to work with WAAS WCCP?

Can some help me with up to date switch and router IOS requirements to work with WAAS WCCP configuration? There used to be a Cisco document explaining that but I can't find it any more.
Here is out WAAS 4.2.3 deployment in the network:
Data center: Cat6500 Sup720-3B running IOS 12.2(18)SXF12a will do WCCP L2 redirection. I've seen minimum Sup720 IOS requirement of 12.2(18)SXF13 in one place and 12.2(18)SXF16 in another, but there are also examples of using 12.2 (18) SXF5. Which one is the latest Cisco recommendation?
Remote sites: 3825 and 3845 routers (some are running 12.4 T train and some are in 12.4 main line) will do WCCP GRE redirection to WAE's. One of the routers will use a WAE-NME-522 module. Others are WAE applicances. Again, what are the latest Cisco recommendations?
Another question: for an IOS release, does it matter which package to use, such as advanced IP services, enterprise services, or SP services?
Thanks a lot.

Here you go.
http://www.cisco.com/en/US/partner/prod/collateral/contnetw/ps5680/ps6870/white_paper_c11-608042.html
For IOS release, you will need a package that has WCCP support.
Hope this helps.
Regards.
PS: Please mark this as Answered, if this answers your question.

WAAS using WCCP from 2 6509's?

I am preparing to install a WAE in the datacenter using WCCP for redirection of traffic to 1 of my networks on a point-to-multipoint frame relay network. Where things get foggy is the WCCP server install on my "router" which is actually 2 6509's which are used to route different vlans for both redundancy and load-balancing in the Datacenter. Is it possible/advisable to set both up with WCCP to redirect to the WAE? Could this cause any unforeseen issues?
I'm also wondering about traffic that is destined for other networks on that point-to-multipoint frame relay connection that my remote site is on which will have the other WAE. Will it be easy to specify which traffic to redirect to the WAE (that which is destined for that one remote site) or will this also cause issues?
Thanks in advance!

Karen,
With WCCP, you can have multiple WAEs (theoretically up to 32) and multiple routers (again up to 32) in the service group. So in your case, both routers can be registered to the same WAE(s). You can limit traffic via a redirect-list, which is an ACL (only accept traffic to/from your remote site).
WCCP is configured on the interfaces for the service groups you are interested in. For WAAS, you use services 61 and 62 in opposite directions to perform load balancing appropriately.
A hint on your wccp on the 6500. Always configure redirect-in on the interfaces, L2-redirect and mask-assign to keep the traffic processed in hardware.
Here is a link on configuring WCCP for WAAS (which I assume you are deploying).
Hope that helps,
Dan

Urgent ! Router-WAAS WCCP problem

I have dot1q enabled 7507 connecting frame relay branch to data centre.
Core WAAS sits on a VLAN subinterface.
As soon as I enable "ip wcccp redirect 61 in" on VLAN trunked interface, I am loosing connection to the branch.
the config is here..
interface GigabitEthernet4/0/0
description Core Data Centre Trunk VLAN 3,120 to SWDC03 3/16
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
load-interval 30
negotiation auto
no cdp enable
interface GigabitEthernet4/0/0.3
description Core Data Centre VLAN
encap dot1q 3
ip address xxxx
ip wccp 61 redirect in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip route-cache flow
no cdp enable
standby 3 ip 10.64.205.17
standby 3 priority 150
standby 3 preempt
interface GigabitEthernet4/0/0.120
description Core WAAS VLAN120
encap dot1q 120
ip address yyyyyyy
ip wccp redirect exclude in
no ip redirects
no ip unreachables
interface Serial0/0/3.64 point-to-point
ip wccp 62 redirect in
The IOS version is rsp-jsv-mz.123-17b and WAAS version 4.0.13.I have tested this before without VLAN trunking on another router using a seperate interface and it was working.Any idea ?
thanks

thanks guys. I will explain the problem a bit more.When WAAS sits on a seperate i/f on WAN router, it works fine. i.e "wccp redirect 61 in " on interface connecting WAN router to Data Centre and "wccp redirect 62 in" on WAN frame relay. Then I configured the i/f connecting WAN router to Data Centre as dot1q trunk and a dedicated VLAN is created for WAAS. The default gateway for WAAS is HSRP address in 6509s. The WCCP router address configured in WAAS is the loopback0 address of the WAN router. The "wccp redirect 62 in" on WAN frame relay stays same. However, " wccp redirect 61 in " carried to a new subinterface on the same access as WAAS VLAN.
All WCCP commands show that there is a connection between WAAS and WAN router, packet count goes up. However, all TCP sessions to the brach (initiated from the Data Centre) fail. I have also tested with and without "wccp redirect exclude in" on WAAS VLAN subinterface without success. Since I had to install the branch the WAAS on the weekend, I moved WAAS back to dedicated interface on WAN router. It works fine but I can not implement redundancy.
The suggestion was to make WAN router subinterface HSRP active rather than 6509 MSFCs.So WAAS talks to WAN routers loopback address and default gateway also points to the same router rather than MSFC. I have not had a chance to test this but I will test in the coming weeks. I was also suggested to use layer2 redirection on 6509 but did not have any chance to look at it closely.
thanks
Serhat

WAAS WCCP 6500 ACL Redirection

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Hi All
I'm sure I'm missing something simple here on a new install and I hope some one can point it out easily. I implemented the following config which worked except it understandably broke connections as everything got redirected. I'm running the WCCP config on a 6500 running 12.2(18) SXF
This config showed total redirected packets climbing sharply in a 'show ip wccp' on the 6500 but this config broke other things.
WAE:
interface GigabitEthernet 1/0
ip address 10.254.0.251 255.255.255.248
ip default-gateway 10.254.0.249
wccp router-list 1 10.254.0.249
wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign
6500:
ip wccp 61
ip wccp 62
interface Vlan<vlans to be accelerated>
description Local VLAN to be accelerated
ip wccp 61 redirect in
interface Vlan <WAAS vlan>
description WAAS Devices(CM and WAE)
ip address 10.254.0.249 255.255.255.248
interface Vlan <Vlan for WAN transit>
description Incoming WAN VLAN
ip wccp 62 redirect in
To try and limit redirection to just LAN space I swapped this:
ip wccp 61
ip wccp 62
for this:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Ip access-list ext WAAS_Inbound
Permit ip 10.22.0.0 0.0.255.255 10.0.0.0 0.0.255.255
Ip access-l ext WAAS_Outbound
Permit ip 10.0.0.0 0.0.255.255 10.22.0.0 0.0.255.255
Ip wccp 62 redirect-list WAAS_Inbound
Ip wccp 61 redirect-list WAAS_Outbound
Once I did this, 'show ip wccp' on the 6500 stopped showing redirected packets but did start showing packets being denied redirect. Optimization stopped(according to the GUI) and I saw no hits on the access-lists(should I?).
Thanks for your help in advance.

A fews questions/comments:
What type of Supervisor are you using?
What is the exact version of software you are using?
The fact that the 'packets redirected' counter is incrementing is a bad thing on the 6500. It means that the redirection is happening in software.
Can you also provide the output from the following commands:
sh ip wccp
sh ip wccp 61 det
sh ip wccp 62 det
Thanks,
Zach

WAAS - wccp L2 setup

Hi all,
Please see the attached diag for our waas setup. The traffic is not optimized and shows as pass-through in one end and no stats are shown in other end.
4500 switch config:
ip wccp 61 redirect-list wccp_list password xxxx
ip wccp 62 redirect-list wccp_list password xxxx
Interface Gi1/1
ip address 10.1.46.1 255.255.255.252
ip wccp 62 redirect in
interface vlan 170
ip address 10.46.170.10 255.255.255.0
ip wccp 61 redirect in
ip access-list extended wccp_list
permit ip 10.46.170.0 0.0.0.255 any
show commands:
sh ip wccp
Global WCCP information:
    Router information:
        Router Identifier:                   10.46.1.1
        Protocol Version:                    2.0
    Service Identifier: 61
        Number of Service Group Clients:     1
        Number of Service Group Routers:     1
        Total Packets Redirected:            150487
          Process:                           0
          CEF:                               0
          Platform:                          150487
        Service mode:                        Open
        Service Access-list:                 -none-
        Total Packets Dropped Closed:        0
        Redirect access-list:                wccp_list
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            0
        Group access-list:                   -none-
        Total Messages Denied to Group:      0
        Total Authentication failures:       2
        Total GRE Bypassed Packets Received: 0
          Process:                           0
          CEF:                               0
          Platform:                          0
    Service Identifier: 62
        Number of Service Group Clients:     1
        Number of Service Group Routers:     1
        Total Packets Redirected:            232994
          Process:                           0
          CEF:                               0
          Platform:                          232994
        Service mode:                        Open
        Service Access-list:                 -none-
        Total Packets Dropped Closed:        0
        Redirect access-list:                wccp_list
        Total Packets Denied Redirect:       3685761
        Total Packets Unassigned:            0
        Group access-list:                   -none-
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total GRE Bypassed Packets Received: 0
          Process:                           0
          CEF:                               0
          Platform:                          0
3750x switch config:
ip wccp 61 redirect-list wccp_list password xxxx
ip wccp 62 redirect-list wccp_list password xxxx
Interface Gi1/0/1
ip address 10.1.46.2 255.255.255.252
ip wccp 62 redirect in
interface vlan 170
ip address 10.45.170.10 255.255.255.0
ip wccp 61 redirect in
ip access-list extended wccp_list
permit ip 10.45.170.0 0.0.0.255 any
show commands:
sh ip wccp
Global WCCP information:
    Router information:
        Router Identifier:                   10.45.1.1
        Protocol Version:                    2.0
    Service Identifier: 61
        Number of Service Group Clients:     1
        Number of Service Group Routers:     1
        Total Packets s/w Redirected:        62
          Process:                           15
          CEF:                               47
        Redirect access-list:                wccp_list
        Total Packets Denied Redirect:       0
        Total Packets Unassigned:            0
        Group access-list:                   -none-
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0
    Service Identifier: 62
        Number of Service Group Clients:     1
        Number of Service Group Routers:     1
        Total Packets s/w Redirected:        0
          Process:                           0
          CEF:                               0
        Redirect access-list:                wccp_list
        Total Packets Denied Redirect:       795
        Total Packets Unassigned:            0
        Group access-list:                   -none-
        Total Messages Denied to Group:      0
        Total Authentication failures:       0
        Total Bypassed Packets Received:     0
Traffic is shown as pass-through in 10.46.40.20 and there is no tcp connections shown in 10.45.40.20! Any inputs?
Regards

G'day Giovanni,
The waas plugged in the 4500 shows PT no peer and the 3750X doesnt show anything at all.
I checked the 3750x it shows it is using desktop routing as the template.
Below is the output from 3750 about wccp 61 detail:
#sh ip wccp 61 detail
WCCP Client information:
        WCCP Client ID:          10.45.40.20
        Protocol Version:        2.0
        State:                   Usable
        Redirection:             L2
        Packet Return:           L2
        Packets Redirected:    62
        Connect Time:          3w1d
        Assignment:            MASK
I can see the matches in the redirect list but nothing shows in the WAAS being optimized.
Extended IP access list wccp_list
    10 permit tcp 10.45.170.0 0.0.0.255 any (76 matches)
    20 permit tcp any 10.45.170.0 0.0.0.255
There is no firewall or bypass lists involved in this setup.
regards

WAAS - WCCP L2-redirection in WS-C6509-E

Hi,
I have a costumer with three offices, one is the data center. The other two offices get information from the data center and between them.
Each one of these remotes offices go through two different SP to the data center, and each one is received in his own router. The core of the data center is a switch WS-C6509-E (IOS s72033-entservicesk9_wan-vz.122-18.SXF7.bin).
Because there are two different SP in the data center, the traffic redirection must be done in the switch c6500. I think that the following configuration is the correct one:
ip wccp version 2
ip wccp 61 redirect-list 101
ip wccp 62 redirect-list 101
interface Vlan1
description *** WAN routers and users ***
ip address 10.0.16.1 255.255.240.0
ip wccp 62 redirect out
ip wccp 61 redirect in
interface Vlan 200
description *** WAEs ***
ip address 10.34.114.65 255.255.255.252
ip wccp redirect exclude in
interface Vlan201
description *** Servers and Users 1 ***
ip address 10.15.240.1 255.255.240.0
ip wccp 61 redirect in
interface Vlan202
description *** Servers and Users 2 ***
ip address 10.16.128.1 255.255.240.0
ip wccp 61 redirect in
But now I read about the problems using GRE redirection in the switch c6500. I read too that the best way to do this is using L2-redirection, but I don't have any idea of how to do this. I am using the WAAS version 4.1.1.
Can anybody help me with explaining me the way to configure that?

Dan,
I think that the best option for this network is number one, use WCCP on the two 7206VXRs, and redirect the traffic to a single WAE in the same subnet of the hosts.
But now, I don't understand the implications of use the command âegress-method negotiated-return intercept-method wccpâ. What else should I consider or configure (in the router or in the WAE) to make this interception works?
I think that the configuration on the routers and in the WAE should be something like this:
--- Router 1
ip wccp version 2
ip wccp 61 redirect-list 101
ip wccp 62 redirect-list 101
interface Serial3/3:1
ip address 10.34.113.213 255.255.255.252
ip wccp 61 redirect in
ip wccp 62 redirect in
interface GigabitEthernet0/1
ip address 10.0.16.2 255.255.240.0
ip wccp redirect exclude in
--- Router 2
ip wccp version 2
ip wccp 61 redirect-list 101
ip wccp 62 redirect-list 101
interface Serial3/3:1
ip address 10.134.143.217 255.255.255.252
ip wccp 61 redirect in
ip wccp 62 redirect in
interface GigabitEthernet0/1
ip address 10.0.16.3 255.255.240.0
ip wccp redirect exclude in
--- WAE
interface GigabitEthernet 1/0
ip address 10.0.16.4 255.255.255.0
exit
egress-method negotiated-return intercept-method wccp
wccp router-list 1 10.0.16.2 10.0.16.3
wccp tcp-promiscuous router-list-num 1
Thanks and Regards,
Pablo

WAAS, wccp service groups and DC/Branch deployment

Hi,
I have two design queries relating to wccp service groups and WAAS in DC and branch deployments.
Firstly, lets say at the DC end I use wccp service 61 (source address) on the WAN interface of my edge-layer switches. I configure the L3 interfaces on the same switches (connecting to the LAN side) to use use wccp service 62 (destination address). The WAEs are using L2 at the edge layer; with masking etc.
I've read that at the branch office you need to 'reverse' the service group setup - so that if I have the same sort of setup at the branch using 3750s and WAEs then the WAN interface should be using wccp service 62 and the LAN side using wccp service 61.
If I assume that is correct, then how does this affect things when two branches are communicating with each other (and they are both setup the same) - will be waas not be effective in this scenario? (Assume that the DC waas does not see any branch-to-branch communication).
What happens if you have a consistent design across your network (61 on WAN, and 62 at LAN interfaces across all WAAS sites)?
Secondly, when using L2 wccp redirection and masking; do most deployments leave the mask as default (0x1741)? I'm thinking that in some situations it might be better to have an entire geographic location covering a few branches being sent to the same DC end WAE. For example, I might want everyone on a /24 subnet in one branch to be using the same WAE/dre cache at the DC; rather than the possibility of duplicate dre caches on DC end WAEs service the same branch subnet (I realise that redundancy might be an advantage should one DC WAE fail).
Is there a table/calculator somewhere that can work out what mask I could use to cover /24 or /22 or even /16 subnets to direct requests to the same WAE at the DC?
Thanks
Cameron

Cameron,
Excellent questions. Rule of thumb is to use source IP based load balancing, so in the branches 61/LAN - 62/WAN and in the DC 61/WAN and 62/LAN. That being said, if there is some site to site traffic at the edges, you may get some splitting, however, unless there is enough traffic to make it a "mini-dc", changing the services around is generally a wash. Also, if you only have a single WAE at the edge, it won't matter either.
On the mask, default mask is definitely not desirable. I generally use Calc and convert my desired Mask from Binary to Hex. The following examples are assuming 4 bit masks, but you can use from 1 up to 6 or 7 max bits if you need more buckets.
If you are looking to group /24, you could be 0xF00 or similar.
If you are looking to group /22, use 0x3C00 or similar
When calculating your mask, don't put your bits in the host bits, only in the network bits. Also, remember that the leftmost bit is usually the decision maker, so don't make it too far to the left or all your traffic will be on one WAE. The less WAEs in your WCCP cluster, the less bits you should use in your mask (allow some extras for fault tolerence).
Hope that helps,
Dan

WAAS / WCCP service groups / L2 adjacencies

Hi all,
I'm having trouble finding a definitive answer on this one. I'm working on a WAAS deployment in a network with asymmetric routing. I want to deploy WAAS accelerators at two geographically dispersed data centre sites (head end). Do the WAAS boxes themselves need to be L2 adjacent with each other in this configuration? i.e. can the service group consist of two routers (one at each DC) and two WAEs (one at each site), with routed links between the DCs (WAEs in separate IP subnets)?
Something like:
- two routers (rtr-A, rtr-B)
- two WAAS accelerators (waas-A, waas-B)
- rtr-A and waas-A are L2 adjacent and use WCCP w/L2 redirection
- rtr-B and waas-B are L2 adjacent and use WCCP w/L2 redirection
- rtr-A and waas-B are not L2 adjacent and use WCCP w/GRE redirection
- rtr-B and waas-A are not L2 adjacent and use WCCP w/GRE redirection
Here's a quick diagram:
http://i4.tinypic.com/62nhf5u.jpg
(all links are L3/routed)
cheers!

Dale,
There is no requirement for the WAE's to be L2 adjacent to each other. Note that the WCCP Forwarding Method is negotiated per Service Group -- so it can either be L2 or GRE. Based on your description, you would want to use GRE Forwarding.
Regards,
Zach

WAAS WCCP help

Hi guys,
Please have a look at my topology attached.Right now this is what I have configured on the core:
ip wccp 61
ip wccp 62
int vlan 151
ip wccp 61 redirect in
int vlan 173
ip wccp 62 redirect in
The same is configured on the branch office with the appropriate vlans.
Whatever I do, the "total packets redirected" count never seems to increase. I tried turning on ip wccp 62 redirect out on vlan 173, and ip wccp 61 redirect in on the same vlan, but then only the count for service 61 goes up.
Also, should I use access-lists to permit redirection only to branch offices that have a WAE? If I don't use a redirect-list, shouldn't all packets be redirected to the WAE, and then the WAE would decide whether to optimize or not based on if there's another WAE at the endpoint location?
Here's an output of "sh ip wccp 61 detail"
WCCP Cache-Engine information:
Web Cache ID: x.x.x.x
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: GRE
Packets Redirected: 0
Connect Time: 00:51:22
Assignment: MASK
Any help is greatly appreciated.

Since you are performing L2 rewrite under WCCP, you will not see the packets redirected increase. The redirection is handled by hardware instead of software. If redirection was done on a router, you would see packet increases.
I have had WAAS in place for about a year now and you can see below that I have only redirected 2 packets. I am redirecting on a 6509 as well.
mp1swcr01#show ip wccp 61
Global WCCP information:
Router information:
Router Identifier:
Protocol Version: 2.0
Service Identifier: 61
Number of Cache Engines: 2
Number of routers: 2
Total Packets Redirected: 2
Redirect access-list: WAAS_61
Total Packets Denied Redirect: 9179
Total Packets Unassigned: 186
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0

WAAS: WCCP Mask or Hash on Routers?

I'm starting thinking about using mask assign on an ISR router running 12:4(24)T with GRE/GRE. Has anyone done this before and can you use mask assign with GRE/GRE? We need to use it with GRE/GRE because our egress method has to be WCCP return. My thought was mask assign will be much better at load balancing across multiple WAEs in a cluster than hash because you can specify a long mask assignment. Right now, see more load on WAE than the other and are sometimes getting TFO overload.

The page you linked contains recommendations (in bold) for each platform. On the ISR G2 specifically, you should be able to use any combination of GRE/L2 and MASK/HASH assignment. Some other platforms require specific disribution and redirection methods to maintain the hardware acceleration of WCCP traffic. However, the ISR G2 does not have this requirement.
WCCP GRE and HASH distribution on ISR G2 is typically recommended to make deployment easier. With GRE, content devices can be an L3 hop away (if needed), and it reduces the chance of customers accidentally creating a WCCP redirect loop.
L2 distribution and HASH redirection method should typically require the least CPU and memory load on the ISR. These should perform the best in most cases.
The MASK distribution method gives better controls on how load is divided between multiple content devices, typically at the cost of more CPU and memory utilization. If you have only one or two content devices in your cluster, typically HASH will meet the need for slightly less CPU. As Zach said, most times MASK is used on the Datacenter side to give the ability to 'tweak' how the load is distributed across multiple devices.
Thanks,
Aaron

WAAS WCCP Errors

Any one know what "Spoofed packets dropped" and the "Packet pullups needed" are? Is the WAAS dropping packets it thinks it's being spoofed? Also, how can I get rid of the pullups? The WCCP setup is as follows; l2 forward/return to a 3750E stack switch, interfaces are setup as standby and the model is a 7371. I'm not using any WCCP redirect list.
Transparent GRE packets received: 0
Transparent non-GRE packets received: 1940435323
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted: 461319375
Invalid packets received: 731
Packets received with invalid service: 0
Packets received on a disabled service: 0
Packets received too small: 0
Packets dropped due to zero TTL: 0
Packets dropped due to bad buckets: 617
Packets dropped due to no redirect address: 0
Packets dropped due to loopback redirect: 227
Pass-through pkts dropped on assignment update:61
Connections bypassed due to load: 0
Packets sent back to router: 1829
GRE packets sent to router (not bypass): 0
Packets sent to another WAE: 63037
GRE fragments redirected: 1116193
GRE encapsulated fragments received: 0
Packets failed encapsulated reassembly: 0
Packets failed GRE encapsulation: 0
Packets dropped due to invalid fwd method: 0
Packets dropped due to insufficient memory: 0
Packets bypassed, no conn at all: 0
Packets bypassed, no pending connection: 0
Packets due to clean wccp shutdown: 0
Packets bypassed due to bypass-list lookup: 166
Packets received with client IP addresses: 460833489
Spoofed packets dropped: 57416
Conditionally Accepted connections: 0
Conditionally Bypassed connections: 0
L2 Bypass packets destined for loopback: 0
Packets w/WCCP GRE received too small: 0
Packets dropped due to received on loopback: 219
Packets dropped due to IP access-list deny: 0
Packets fragmented for bypass: 0
Packets fragmented for egress: 0
Packet pullups needed: 5484
Packets dropped due to no route found: 0

Any one know what "Spoofed packets dropped" and the "Packet pullups needed" are? Is the WAAS dropping packets it thinks it's being spoofed? Also, how can I get rid of the pullups? The WCCP setup is as follows; l2 forward/return to a 3750E stack switch, interfaces are setup as standby and the model is a 7371. I'm not using any WCCP redirect list.
Transparent GRE packets received: 0
Transparent non-GRE packets received: 1940435323
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted: 461319375
Invalid packets received: 731
Packets received with invalid service: 0
Packets received on a disabled service: 0
Packets received too small: 0
Packets dropped due to zero TTL: 0
Packets dropped due to bad buckets: 617
Packets dropped due to no redirect address: 0
Packets dropped due to loopback redirect: 227
Pass-through pkts dropped on assignment update:61
Connections bypassed due to load: 0
Packets sent back to router: 1829
GRE packets sent to router (not bypass): 0
Packets sent to another WAE: 63037
GRE fragments redirected: 1116193
GRE encapsulated fragments received: 0
Packets failed encapsulated reassembly: 0
Packets failed GRE encapsulation: 0
Packets dropped due to invalid fwd method: 0
Packets dropped due to insufficient memory: 0
Packets bypassed, no conn at all: 0
Packets bypassed, no pending connection: 0
Packets due to clean wccp shutdown: 0
Packets bypassed due to bypass-list lookup: 166
Packets received with client IP addresses: 460833489
Spoofed packets dropped: 57416
Conditionally Accepted connections: 0
Conditionally Bypassed connections: 0
L2 Bypass packets destined for loopback: 0
Packets w/WCCP GRE received too small: 0
Packets dropped due to received on loopback: 219
Packets dropped due to IP access-list deny: 0
Packets fragmented for bypass: 0
Packets fragmented for egress: 0
Packet pullups needed: 5484
Packets dropped due to no route found: 0

WAAS Speed from local cache

I have a WAAS demo setup in a test lab and have a simulated T1 span connecting two networks. When I transfer a file using CIFS or web initially, I see the traffic flow through the WAN. When I do the transfer a second time, I know it is getting the data from cache as there is no WAN traffic, but I am not getting it at wire speed. It is only coming to the client at about double the T1 speed. I expected almost line speed access when getting data from local cache. Is there a setting I missed or is this expected behaviour?

Zach,
Yes, I understand some things could break if you are careful with those commands, but doing some simple "show" commands (or using the gui) shouldn't hurt when troubleshooting without TAC. I've used some expert show commands to see which files are actively being accelerated through the edge device.
A little off-topic, but how are the drives partitioned? Our WAE-512 edge has 2 250GB drives mirrored, the "Maximum Cache Disk Size" only shows 93GB. I understand there are probably OS, swap, and log partitions, but it would be nice to know more definitely how it is split up to explain to a customer why they don't get the "full" size of the drive.
Thanks,
Kevin

Enabling WAAS SSH from GUI?

This is posible?
As a workaround it is posible to change the file from a backup and restore that file on the WAAS? What file?
Thanks

Hi Alex,
I played around with this a little it, but wasn't able to find a solution. Looks like you'll need to get console access to the device.
Regards,
Zach

WAAS WCCP from fortinet

Similar Messages

Maybe you are looking for