WCCP on NSE-100
Hi,
Could you share the experience of enabling WCCP on C7304 NSE-100? As NSE-100 can provide 3.5Mpps unicast forwarding rate by PXF, I am afriad that the forwarding rate wil be dramatically dropped to 450kpps if WCCP is enabled.
Thanks,
Cliff.
As far as I know, WCCPv2 is processed by CEF and it would not be supported by PXF.
Similar Messages
-
Hi Guys,
I am trying to understand more about how cef works in a router.
If we disable, cef and fast switching in a router, then all the packet will be processed by the hardware itself. ie, processing switching means the actual router hardware is taking care of the packets
CEF and fast-switching are software based packet switching. ie, in software, they have written which outgoing interface to select and how the L2 header is to be re-written.
Am I correct in my understanding?
CFDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
BTW, using Jon's example of the EoL 7200, all the NPEs did all packet forwarding using the main CPU. However the NSE-1 (and 7300s' NSE-100 and NSE-150) had special hardware, their PXF, to accelerate packet forwarding. (Also BTW, the ASR1K series, with its Quantum Flow hardware, is also special hardware to accelerate packet forwarding.)
Again, you need to examine sales literature and/or datasheets. Hardware acceleration is usually listed as a major feature. (Oh, one clue, if overall performance starts to exceed a couple of gig, special hardware is usually doing it.) -
WAAS: Packets sent to another WAE
Hello,
Just wondering why after a WAAS reboot, the first WAE devices that was normally handling the bulk of the optimization traffic is now sending packets to the second WAE device? Shouldn't WCCP be smart enough to know this is the lead WAE and to continue optimizing?
show wccp wide-area-engine
Wide Area Engine List for Service: TCP Promiscuous 61
Number of WAE's in the Cache farm: 2
Last Received Assignment Key IP address: x.x.x.68
Last Received Assignment Key Change Number: 11
Last WAE Change Number: 5
Assignment Made Flag = FALSE
IP address = x.x.x.69 Lead WAE = NO Weight = 0
Routers seeing this Wide Area Engine(2)
x.x.x.193
x.x.x.197
IP address = x.x.x.68 Lead WAE = YES Weight = 0
Routers seeing this Wide Area Engine(2)
x.x.x.193
x.x.x.197
Wide Area Engine List for Service: TCP Promiscuous 62
Number of WAE's in the Cache farm: 2
Last Received Assignment Key IP address: x.x.x.68
Last Received Assignment Key Change Number: 11
Last WAE Change Number: 5
Assignment Made Flag = FALSE
IP address = x.x.x.69 Lead WAE = NO Weight = 0
Routers seeing this Wide Area Engine(2)
x.x.x.193
x.x.x.197
IP address = x.x.x.68 Lead WAE = YES Weight = 0
Routers seeing this Wide Area Engine(2)
x.x.x.193
x.x.x.197
show wccp gre
Transparent GRE packets received: 557
Transparent non-GRE packets received: 0
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted: 291
Invalid packets received: 0
Packets received with invalid service: 0
Packets received on a disabled service: 0
Packets received too small: 0
Packets dropped due to zero TTL: 0
Packets dropped due to bad buckets: 0
Packets dropped due to no redirect address: 0
Packets dropped due to loopback redirect: 0
Pass-through pkts dropped on assignment update:0
Connections bypassed due to load: 0
Packets sent back to router: 0
GRE packets sent to router (not bypass): 516
Packets sent to another WAE: 71ok I understand the WCCP hashing/mask and the bucket assignments, with HASH you only get 50% and you can't carve it up to get more granular. The question I have is when a WAE is rebooted and returns to participate in WCCP, why is 100% of the traffic being redirected to the rebooted WAE then being sent to the other WAE? I would like is so when the rebooted WAE is back online it receives the original connections without sending it to the other WAE. It's and extra hop that doesn't seem right, all traffic is sending to the rebooted WAE but then turns around and sends it out to the other WAE for optimization. If it's maintaining existing connections that I can understand, but for new connections its establishing on the other WAE, not the rebooted one. The only way I figured around this is de registering/re registering WCCP at the same time on both WAEs.
So by disabling WCCP flow control help in this situation? -
Hi,
Does anyone know how to remove "rtpmap: 100 X-NSE/8000" and keep only "rtpmap:101 telephone-event /8000" in SDP message?
I have tried this "voice-class sip dtmf-relay force rtp-nte" but did not work.
I am using Cisco AS5400 Version 12.4(11)T4.
dial-peer voice 1798557 voip
description Test via Testing
translation-profile outgoing 389855
huntstop
preference 1
destination-pattern 989610106
voice-class codec 9
voice-class h323 1
voice-class sip rel1xx disable
voice-class sip dtmf-relay force rtp-nte
session protocol sipv2
session target ipv4:xxx.xxx.xxx.xxx
dtmf-relay rtp-nte
Thanks,
SengIs there a reason why you are trying this? There is probably a different reason why the NSE header is added to the message. NSE is usually for modem/fax communication. Can you include your show run in an attachment?
-
Best practice with WCCP flows for WAAS
Hi,
I have a WAAS SRE 910 module in a 2911 router that intercepts packets from this router with WCCP.
All packets are received by external interface (gi 2/0, connected to a switch with port configured in WCCP vlan), and are sent back to the router via internal interface (gi 1/0 directly connected to the router) :
WAAS# sh interface gi 1/0
Internet Address : 10.0.1.1
Netmask : 255.255.255.0
Admin State : Up
Operation State : Running
Maximum Transfer Unit Size : 1500
Input Errors : 0
Input Packets Dropped : 0
Packets Received : 20631
Output Errors : 0
Output Packets Dropped : 0
Load Interval : 30
Input Throughput : 239 bits/sec, 0 packets/sec
Output Throughput : 3270892 bits/sec, 592 packets/sec
Packets Sent : 110062
Auto-negotiation : On
Full Duplex : Yes
Speed : 1000 Mbps
WAAS# sh interface gi 2/0
Internet Address : 10.0.2.1
Netmask : 255.255.255.0
Admin State : Up
Operation State : Running
Maximum Transfer Unit Size : 1500
Input Errors : 0
Input Packets Dropped : 0
Packets Received : 86558
Output Errors : 0
Output Packets Dropped : 0
Load Interval : 30
Input Throughput : 2519130 bits/sec, 579 packets/sec
Output Throughput : 3431 bits/sec, 2 packets/sec
Packets Sent : 1580
Auto-negotiation : On
Full Duplex : Yes
Speed : 100 Mbps
The default route configured in WAAS module is 0.0.0.0/0 to 10.0.1.254 (router interface).
Would it be better that packets leave WAAS module by the external interface (in place of the internal interface) ?
Is there a best practice recommended by Cisco on this ?
Thanks.
StéphaneHi Stephane,
We usually advise the following in such scenario with an internal module:
"ip wccp 61 redirect in" the LAN interface.
"ip wccp 61 redirect in" on the WAN one.
"ip wccp redirect exclude in" on the internal interface between the WAAS and the router.
That way, we are sure that no loops are created because of the WCCP redirection.
Regards,
Nicolas -
Wccp web-cache -- can't get it working
I installed a Squid based caching appliance, by Stratacache. it supports GRE wccp redirect in transparent mode, I have it configured as wccpv2 using the Router's LAN ip address 10.250.1.2.
Every time I turn on the caching for a host (or the entire LAN) the internet breaks for whomever I turn wccp on. I have tried disabling CEF and have moved the cache to it's own router interface.
Topology of the Cisco 2801-SEC-K9 router, running 12.4(22)T advsecurity
FastE 0/0 (10.250.1.1) ---> connected directly to cache server
FastE0/1 (10.23.1.1) ---> Connected to internal LAN
MultiLink1 (12.x.x.98) ---> 4 T1 multilink to AT&T Internet Service
so here is my config,
ip wccp web-cache redirect-list 46 group-list 40 password webcache
ip wccp version 2
access-list 40 permit 10.250.1.2 (cache server)
access-list 46 permit 10.23.1.21 (test host for wccp)
interface fastethernet0/1
ip wccp web-cache redirect in
here is the output from the router
Roosevelt-2801(config)#do sh ip wccp web-cache view
WCCP Routers Informed of:
12.x.x.98
WCCP Clients Visible:
10.250.1.2
WCCP Clients NOT Visible:
-none-
Roosevelt-2801(config)#do sh ip wccp web-cache det
WCCP Client information:
WCCP Client ID: 10.250.1.2
Protocol Version: 2.0
State: Usable
Redirection: GRE
Packet Return: GRE
Assignment: HASH
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets s/w Redirected: 914
Connect Time: 1d18h
Bypassed Packets
Process: 0
CEF: 0
Errors: 0
Roosevelt-2801(config)#do sh ip wccp web
Global WCCP information:
Router information:
Router Identifier: 12.x.x.98
Protocol Version: 2.0
Service Identifier: web-cache
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 7800
Process: 94
CEF: 7706
Service mode: Open
Service Access-list: -none-
Total Packets Dropped Closed: 0
Redirect Access-list: 46
Total Packets Denied Redirect: 8195426
Total Packets Unassigned: 0
Group Access-list: 40
Total Messages Denied to Group: 14
Total Authentication failures: 8
Total Bypassed Packets Received: 0
So I can see the packets redirected, the cache never sees them, the router and cache can ping each other, the cache and LAN clients can ping each other - am I missing something?so I found the problem... hopefully this helps somebody else in the future... the problem is the redirected packets were sourced from the router multilink1 interface IP address and the cache was expecting them from the router fa0/0 interface, so it dropped them.
also the cache has a "spoof client IP" option that was on, because we prefer to do this for netflow, but, I don't think client-IP-spoofing works with the standard web-cache wccp service. It was causing internet problems so I turned the spoofing off and it works fine...
hope this helps -
WAAS and WCCP - looping packet detected
Hi,
Has anyone ran into this senario before. Before anyone answers with "move your WAE off the user subnet", it already has been.
I have wccp 61 redirect in on the user subnet (gig0/0.83 of a dot1q trunk). The WAE is on gig0/1. Before I apply wccp62 to the serial link, I attempt to telnet from a user pc to the router (same subnet, clients default gateway), and the telnet fails. I get a "looping packet detected" on the router console. It shows the source of the packet as the router (wccp router id actually), and the destination ip of the WAE, but the packet came in gig0/1 (interface connected to wae). Obviously the WAE returned the packet to the router (with the original GRE headers, (router as source)). I thought WCCP would understand this as "don't redirect this traffic to me anymore", but the router, actually tries to route it back down gig0/1 and then sees it as a looping packet. I believe the WAE is returning the encapsulated packet to the router to indicate it doesn't want the flow, and the router is attempting to route the GRE packet, instead of realizing it should remove the GRE header and route the internal packet. Router is IOS 12.4(12) as recommended by my Cisco engineer. 2821 router.
For kicks, I continue the WCCP setup on the datatcenter side. As expected, it doesn't work. When I apply the WCCP to the datacenter router (only redirecting lab subnet), the entire lab subnet is unreachable via TCP (but icmp still works as expected).
The WCCP configuration isn't very complex, I can't believe its something I'm doing. I think its a code issue.
Any advise?no "out" anywhere. The LAB router has a WAE list to only allow redirect to the lab WAE. I don't even need the 62 in on the WAN side, just applying 61 in on the LAN side breaks telnet to the router.
LOOPING PACKET DETECTION:
from router console
Feb 27 14:56:32.924: %IP-3-LOOPPAK: Looping packet detected and dropped -
src=132.242.11.18, dst=153.61.83.70, hl=20, tl=76, prot=47, sport=0, dport=0
in=GigabitEthernet0/1, nexthop=153.61.83.70, out=GigabitEthernet0/1
options=none -Process= "IP Input", ipl= 0, pid= 77 -Traceback= 0x410F6978 0x415CC960 0x415CDC60 0x415BBB38 0x415BCF18 0x415BD27C 0x415BD2FC 0x415BD4E8
Router configuration:
ip wccp 61 redirect-list REDIRECT-WAAS-SUBNETS-61 group-list remote-waas-box
interface Loopback0
ip address 132.242.11.18 255.255.255.255
h323-gateway voip bind srcaddr 132.242.11.18
interface GigabitEthernet0/0.83
description << data vlan 83 >>
encapsulation dot1Q 83
ip address 153.61.83.3 255.255.255.192
ip helper-address 192.127.250.22
ip helper-address 149.25.1.182
no ip proxy-arp
ip wccp 61 redirect in
standby 83 ip 153.61.83.1
standby 83 priority 200
standby 83 preempt
standby 83 track Serial0/1/0:0.99 100
interface GigabitEthernet0/1
description << WHQ LAB CE connection >>
ip address 153.61.83.65 255.255.255.192
load-interval 30
duplex full
speed 100
ip access-list standard remote-waas-box
permit 153.61.83.70
ip access-list extended REDIRECT-WAAS-SUBNETS-61
permit ip 153.61.83.0 0.0.0.63 any
WAE configuration:
device mode application-accelerator
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address 153.61.83.70 255.255.255.192
no autosense
bandwidth 100
full-duplex
exit
wccp router-list 1 153.61.83.65
wccp tcp-promiscuous router-list-num 1
wccp version 2
wccp slow-start enable -
Calculating HASH values with WCCP
Ok, I'm just not getting the HASH calculations. Can somebody please explain how the HASH values translate into subnets?
Thanks,
PatrickPatrick,
I'm not a 100% sure of the algorithm used to determine what subnet is assigned to which WCCP bucket. However, I do know it involves an XOR of various L3 and L4 header fields in the packet.
To view the how the calculation has been performed you can run the hidden IOS command
show ip wccp hash <dst-ip> <src-ip> <dst-port> <src-port>
Router# show ip wccp 61 hash 0.0.0.0 10.88.81.10 0 0
WCCP hash information for:
Primary Hash: Src IP: 10.88.81.10
Bucket: 9
WCCP Client: 10.88.81.12
Router#
Hope this helps,
Mike Korenbaum
Cisco WAAS PDI Help Desk
http://www.cisco.com/go/pdihelpdesk -
Does WCCP support traffic from different VLANs(mapped to VRFs)?
Hello,
I have the following scenario from the WAN to the Data Center and from the WAN to the Branch:
1. Router 2800/7200 with three (3) MPLS VRFs (VRF Lite)
2. Switch 3750 with three (3) WAN VLANs (one for each VRF) and three (3) LAN User Traffic VLANs (one for each ASA Context) and one WAE VLAN
3. WAE with WCCP enabled for one VLAN in the switch
4. ASA with three (3) Contexts
5. Three (3) Internal LANs (one for each Context)
In summary, there are three flows of traffic which are separated along the way from Branch to Data Center. WAEs are working for one VLAN(VRF1) and WCCP is enabled at the 3750 Switch to do the redirection (not in the router). The question is: does WCCP support traffic from different VLANs (similar to inline 802.1Q) and handle all three flows separate? If so, what should the configuration be at the switch and the WAE?
Thanks.The VRF awareness for 12.4(T) is still probably 8-12 months out. VRF aware WCCP features are definitely in the pipeline, but nothing has been publically published on availability timelines.
It's now publically available on the forum... but , I've only found it on the 3750 and 3550 documentation.
at the 3750 you will need to place the redirect statement on each of the VLANs, ip wccp 61 redirect in
Kindly find here GRE Tunnel with VRF Configuration Example:
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801e1294.shtml
I have gotten as far as the WAE registering the router:
"WCCP configuration for TCP Promiscuous service 61 and 62 succeeded.
WCCP configuration for TCP Promiscuous succeeded.Please remember to
configure WCCP service 61 and 62 on the corresponding router."
wae01#sh wccp router
Router Information for Service: TCP Promiscuous 61
Routers Configured and Seeing this Wide Area Engine(1)
Router Id Sent To Recv ID
0.0.0.0 209.1.1.1 0000022F
The router registers the WAE as a WCCP client:
router04#
"*Feb 4 18:56:09.892: %WCCP-5-SERVICEFOUND: Service 61 acquired on WCCP
client 209.1.1.2"
"*Feb 4 18:56:09.892: %WCCP-5-SERVICEFOUND: Service 62 acquired on WCCP
client 209.1.1.2"
The router however cannot figure out what its ID is and does not see
itself as a WCCP group router.
router04#sh ip wccp
Global WCCP information:
Router information:
Router Identifier: -not yet determined-
Protocol Version: 2.0
Service Identifier: 61
Number of Service Group Clients: 1
Number of Service Group Routers: 0
Total Packets s/w Redirected: 0
Process: 0
Fast: 0
CEF: 0
Redirect access-list: ACCELERATED-TRAFFIC
Total Packets Denied Redirect: 0
Total Packets Unassigned: 25957
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
This is a short summary of important commands for working with VRF's.
View the VRF instances and the associated interfaces.
ml-mr-c6-gs#show ip vrf
Name Default RD Interfaces
blurvrf 100:2 Vlan215
Vlan326
tgvrf 100:1 Vlan132
Vlan325
TenGigabitEthernet1/1
ml-mr-c6-gs#
Show the routing table for a specific VRF.
ml-mr-c6-gs#show ip route vrf tgvrf
Routing Table: tgvrf
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external,
---More--
Gateway of last resort is 128.117.243.57 to network 0.0.0.0
O E2 192.52.106.0/24 [110/1] via 128.117.243.57, 1d19h, Vlan325
O E2 192.168.150.0/24 [110/160] via 128.117.243.57, 1d19h, Vlan325
172.17.0.0/29 is subnetted, 3 subnets
O E2 172.17.1.16 [110/0] via 128.117.243.57, 1d19h, Vlan325
O E2 172.17.1.8 [110/1] via 128.117.243.57, 1d19h, Vlan325
O E2 172.17.1.0 [110/1] via 128.117.243.57, 1d19h, Vlan325
--More--
Debugging should otherwise be similar to a regular switch or router.
Final Teragrid VRF Design and Diagrams
http://www.cisl.ucar.edu/nets/devices/routers/cisco/vrf/final.shtml
Teragrid Testbed Design
http://www.cisl.ucar.edu/nets/devices/routers/cisco/vrf/testbed.shtml
Cisco 4500 Series Switch Cisco IOS s/w config guide 12.1(20)EW
Configuring VRF-Lite
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/20ew/configuration/guide/vrf.html
sachin garg -
WLC 2500 and WCCP for Wireless Guest Users
Hi there
I would like to redirect web traffic from WLANs on a Wireless LAN Controller 2500 to a proxy server in a remote site. I'm using ironport proxy server and Cisco 3560 Layer 3 switch. Basically current scenario is:
Wireless Guest Users get authenticated by web-auth through Access Point 3501 HREAP configured. Guest client gets an IP address on VLAN 100 in remote site. Once they connect to VLAN 100, I want all web traffic to be redirected to the proxy server. I know PAC file may be the easier solution however our guest clients want seamless solution for internet. I am not sure whether WCCP is supported for this.
You advice will be highly appreciated.
RegardsFor guest wireless traffic redirect to proxy server
https://supportforums.cisco.com/thread/2126486 -
Hello,
I am trying to redirect packets to a bluecoat proxy sg using WCCP on a 3750x stack with IP services.
I cant get the packets to redirect.
The bluecoat device is on the same vlan as the client traffic that I am trying to redirect.
It seems that when I apply the redirect on the vlan interface, the Bluecoat can see the traffic though.
(After it is applied, I can no longer access the websites, but the bluecoat device shows some activity)
SDM prefer is enabled.
Here is the config:
SiteA#sh run
Building configuration...
Current configuration : 7699 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname SiteA
boot-start-marker
boot-end-marker
enable secret 5 $1$V1w8$6bmKd6oXWk//FH7/BaoFG.
username systemsgo privilege 15 secret 5 $1$vu8O$1uMdtS1Gzk12.YT3RObZO1
no aaa new-model
switch 1 provision ws-c3750x-24
switch 2 provision ws-c3750x-24
system mtu routing 1500
ip routing
ip wccp 90 redirect-list 115 group-list 15
vtp mode transparent
track 1 ip sla 1 reachability
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 10
ip ssh version 2
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
interface GigabitEthernet1/0/1
no switchport
ip address 192.168.20.2 255.255.255.252
speed 100
duplex full
interface GigabitEthernet1/0/2
no switchport
ip address 192.168.20.9 255.255.255.252
interface GigabitEthernet1/0/3
switchport access vlan 10
switchport mode access
interface GigabitEthernet1/1/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
interface GigabitEthernet2/0/1
description *BlueCoat Proxy*
switchport access vlan 10
switchport mode access
interface GigabitEthernet2/0/2
switchport access vlan 10
switchport mode access
interface GigabitEthernet2/1/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
interface GigabitEthernet2/1/2
interface GigabitEthernet2/1/3
interface GigabitEthernet2/1/4
interface TenGigabitEthernet2/1/1
interface TenGigabitEthernet2/1/2
interface Vlan1
no ip address
interface Vlan10
ip address 10.10.20.3 255.255.255.0
standby 10 ip 10.10.20.1
standby 10 priority 110
standby 10 preempt
ip wccp 90 redirect in
router eigrp 1
network 10.10.20.0 0.0.0.255
network 192.168.10.0
network 192.168.20.0 0.0.0.3
redistribute static
ip local policy route-map IP_SLA_SiteA
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.20.10 track 1
ip sla 1
icmp-echo 4.2.2.2 source-ip 192.168.20.9
threshold 300
frequency 15
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
logging esm config
access-list 15 permit 10.10.20.220
access-list 101 permit icmp host 192.168.20.9 host 4.2.2.2
access-list 115 permit tcp 10.20.20.0 0.0.0.255 any eq www
access-list 115 permit tcp 10.20.20.0 0.0.0.255 any eq 443
access-list 115 permit tcp 10.10.20.0 0.0.0.255 any eq 443
access-list 115 permit tcp 10.10.20.0 0.0.0.255 any eq www
access-list 115 permit tcp 192.168.20.0 0.0.0.255 any eq www
access-list 115 permit tcp 192.168.20.0 0.0.0.255 any eq 443
route-map IP_SLA_SiteA permit 10
match ip address 101
set ip next-hop 192.168.20.10
SiteA#
SiteA#show ip wccp 90
Global WCCP information:
Router information:
Router Identifier: 192.168.20.9
Protocol Version: 2.0
Service Identifier: 90
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 0
Process: 0
CEF: 0
Redirect access-list: 115
Total Packets Denied Redirect: 52389
Total Packets Unassigned: 71
Group access-list: 15
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total GRE Bypassed Packets Received: 0
SiteA#show ip wccp 90 detail
WCCP Client information:
WCCP Client ID: 10.10.20.220
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: GRE
Packets Redirected: 0
Connect Time: 00:19:36
Assignment: MASK
Mask SrcAddr DstAddr SrcPort DstPort
0000: 0x00000000 0x0000003F 0x0000 0x0000
Value SrcAddr DstAddr SrcPort DstPort CE-IP
0000: 0x00000000 0x00000000 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0001: 0x00000000 0x00000001 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0002: 0x00000000 0x00000002 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0003: 0x00000000 0x00000003 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0004: 0x00000000 0x00000004 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0005: 0x00000000 0x00000005 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0006: 0x00000000 0x00000006 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0007: 0x00000000 0x00000007 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0008: 0x00000000 0x00000008 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0009: 0x00000000 0x00000009 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0010: 0x00000000 0x0000000A 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0011: 0x00000000 0x0000000B 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0012: 0x00000000 0x0000000C 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0013: 0x00000000 0x0000000D 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0014: 0x00000000 0x0000000E 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0015: 0x00000000 0x0000000F 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0016: 0x00000000 0x00000010 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0017: 0x00000000 0x00000011 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0018: 0x00000000 0x00000012 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0019: 0x00000000 0x00000013 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0020: 0x00000000 0x00000014 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0021: 0x00000000 0x00000015 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0022: 0x00000000 0x00000016 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0023: 0x00000000 0x00000017 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0024: 0x00000000 0x00000018 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0025: 0x00000000 0x00000019 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0026: 0x00000000 0x0000001A 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0027: 0x00000000 0x0000001B 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0028: 0x00000000 0x0000001C 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0029: 0x00000000 0x0000001D 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0030: 0x00000000 0x0000001E 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0031: 0x00000000 0x0000001F 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0032: 0x00000000 0x00000020 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0033: 0x00000000 0x00000021 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0034: 0x00000000 0x00000022 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0035: 0x00000000 0x00000023 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0036: 0x00000000 0x00000024 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0037: 0x00000000 0x00000025 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0038: 0x00000000 0x00000026 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0039: 0x00000000 0x00000027 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0040: 0x00000000 0x00000028 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0041: 0x00000000 0x00000029 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0042: 0x00000000 0x0000002A 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0043: 0x00000000 0x0000002B 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0044: 0x00000000 0x0000002C 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0045: 0x00000000 0x0000002D 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0046: 0x00000000 0x0000002E 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0047: 0x00000000 0x0000002F 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0048: 0x00000000 0x00000030 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0049: 0x00000000 0x00000031 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0050: 0x00000000 0x00000032 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0051: 0x00000000 0x00000033 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0052: 0x00000000 0x00000034 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0053: 0x00000000 0x00000035 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0054: 0x00000000 0x00000036 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0055: 0x00000000 0x00000037 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0056: 0x00000000 0x00000038 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0057: 0x00000000 0x00000039 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0058: 0x00000000 0x0000003A 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0059: 0x00000000 0x0000003B 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0060: 0x00000000 0x0000003C 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0061: 0x00000000 0x0000003D 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0062: 0x00000000 0x0000003E 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
0063: 0x00000000 0x0000003F 0x0000 0x0000 0x0A0A14DC (10.10.20.220)
SiteA#
SiteA#sh sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K
SiteA#Hi Jon,
There are no more throughput issues.
Everything is working well. Thanks so much!
As for the WCCP,
I put the redirect acl on the L3 ports that connect back to 3750_3, but it is still not catching the traffic from the user vlan 20 on 3750_3. (We did however get it working for the server vlan in Site1 and Site2)
I'm not sure what you meant when you said:
Then you simply use site1 or site2's devices for web traffic.
Do I need to change the gateway for the users vlan in Site 3750_3 to something else?
Right now it is pointing to 10.20.20.1 on the 3750_3.
Below is what I have so far on the 3750_3.
I tried to force the traffic via PBR to the BlueCoat device, but that didnt seem to work either.
UserSite(config)#do sh run
Building configuration...
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname UserSite
boot-start-marker
boot-end-marker
no aaa new-model
switch 1 provision ws-c3750x-48p
switch 2 provision ws-c3750x-48p
system mtu routing 1500
ip routing
vtp mode transparent
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 10
vlan 20
name clients
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
interface GigabitEthernet1/0/47
description *CERTES-MGMT-MAIN*
switchport access vlan 20
switchport mode access
interface GigabitEthernet1/0/48
description *MAN-LINE-TO-DC-MAIN*
no switchport
ip address 192.168.20.1 255.255.255.252
speed 100
duplex full
interface GigabitEthernet1/1/1
interface GigabitEthernet1/1/2
interface GigabitEthernet1/1/3
interface GigabitEthernet1/1/4
interface TenGigabitEthernet1/1/1
interface TenGigabitEthernet1/1/2
interface GigabitEthernet2/0/47
description *CERTES-MGMT-DR*
switchport access vlan 20
switchport mode access
interface GigabitEthernet2/0/48
description *MAN-LINE-TO-DC-DR*
no switchport
ip address 192.168.20.5 255.255.255.252
speed 100
duplex full
interface GigabitEthernet2/1/1
interface GigabitEthernet2/1/2
interface GigabitEthernet2/1/3
interface GigabitEthernet2/1/4
interface TenGigabitEthernet2/1/1
interface TenGigabitEthernet2/1/2
interface Vlan1
ip address 192.168.10.254 255.255.255.0
interface Vlan20
ip address 10.20.20.1 255.255.255.0
ip helper-address 10.10.20.30
router eigrp 1
network 10.20.20.0 0.0.0.255
network 192.168.10.0
network 192.168.20.0 0.0.0.7
offset-list 10 in 100 GigabitEthernet2/0/48
eigrp stub connected summary
ip local policy route-map PBR_Proxy
ip classless
ip http server
ip http secure-server
ip access-list extended Traffic2Proxy
permit tcp 10.20.20.0 0.0.0.255 eq www any
permit tcp 10.20.20.0 0.0.0.255 eq 443 any
ip sla enable reaction-alerts
route-map PBR_Proxy permit 10
match ip address Traffic2Proxy
set ip next-hop 192.168.50.220
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
login local
line vty 0 4
exec-timeout 30 0
privilege level 15
logging synchronous
login local
length 0
transport input telnet ssh
line vty 5 15
exec-timeout 30 0
privilege level 15
logging synchronous
login local
transport input telnet ssh
end -
Apply WCCP redirect to logical or physical interface?
If there is a logical subinterface configured under its physical interface (for example serial0/0/0.100 for routing), I should apply WCCP redirect (ip wccp 62 redirect in) to the logical interface, not the physical interface. Is that correct?
ThanksYes. You apply WCCP redirect to subinterface if you are using sub interfaces.
Regards.
PS: Please mark this Answered, if it answers your question. -
Cat 4500 - Sup 7L - 03.04.00.SG - WCCP
Ciao,
on a device with 2 service groups it seems that only 1 service group works at the (71 and 72) same time:
Access-list are matched.
If I change the priority I can swap between service group ...
IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3)
cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin / enterprise services
Mod Ports Card Type Model Serial No.
---+-----+--------------------------------------+------------------+-----------
1 18 10GE (X2), 1000BaseX (SFP) WS-X4606-X2-E JAE162703YY
2 12 1000BaseX (SFP) WS-X4612-SFP-E JAE163707H3
3 4 Sup 7-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7-E CAT1627L2M1
5 48 10/100/1000BaseT EEE (RJ45) WS-X4748-RJ45-E CAT1629L0VB
M MAC addresses Hw Fw Sw Status
--+--------------------------------+---+------------+----------------+---------
1 a493.4ca1.972a to a493.4ca1.973b 1.2 Ok
2 6073.5c3a.3898 to 6073.5c3a.38a3 1.1 Ok
3 30f7.0db9.2900 to 30f7.0db9.2903 2.1 15.0(1r)SG5 03.04.00.SG Ok
5 30f7.0dac.ed50 to 30f7.0dac.ed7f 1.1 Ok
Mod Redundancy role Operating mode Redundancy status
----+-------------------+-------------------+----------------------------------
3 Active Supervisor RPR Active
Any clue?Luciano,
Try adding 'ip wccp check services all' to your global config if you have multiple wccp service identifiers attached to an interface. Each service identifier will need a mutually exclusive ACL for the appropriate service identifier to trigger.
Thank You,
Dan Laden
Cisco PDI Data Center
Want to know more about how PDI can assist you?
http://www.youtube.com/watch?v=3OAJrkMfN3c
http://www.cisco.com/go/pdihelpdesk -
Juniper WAN Acceleration and WCCP v2
Somewhat off-topic, and perhaps not the right forum anyway, but wccp is part of content networking, isn't it?
Does anyone have experience of integrating Juniper's WX/WXC products with WCCP ver 2. The reason I ask is that Juniper's documentation says that WCCPv2 is supported, but doesn't seem to give any sense that it really is. Version 2 should support a fault-tolerant configuration where multiple routers operate WCCP with a cluster of caches. According to Cisco IOS documentation, this discovery can be by either of two methods:
1. Static configuration of the cache IP addresses (i.e. unicast), or
2. Multicast advertisement
However, the WX documentation doesn't mention anything about supporting the second (multicast) WCCP discovery method, and doesn't make any explicit reference, either, to supporting multiple statements like
wccp set router-ip-address 10.0.0.100
wccp set router-ip-address 10.0.0.101
to configure the WX to peer WCCP with multiple routers.
Can anyone advise whether (a) there is any undocumented support for WCCPv2 in multicast mode, or (b) whether the explicit definition of multiple unicast WCCP peer routers is supported?
I know this should really be a question to put to Juniper's tech support, but I have no access to it and have been asked by a customer to review a proposal including these products.
Any help greatly appreciated.I don't think WCCPv2 is supported
-
ASR1002 throughput degradation when wccp redirect-list is changed
We have two ASR 1002's going to 2 different WAN service providers, and two 7371 WAE load balanced by mask assignment. When we change the ACL (adding or removing lines) from our wccp redirect-list, the throughput on interfaces applied to the wccp service-groups is degraded to almost no traffic passing, until we completely remove wccp service group from the global configuration and then reapply. Then traffic throughput on the interface goes back to normal.
Our ACL defined in the redirect list specifies our specific networks on our WAN that have WAE's and need the redirection. All other networks are denied implicitly. We need to regularly change this ACL, and this service interruption is a major issue. This was not an issue before moving to the ASR platform from 7206's.
At TAC's request we have upgraded our IOS version to 15.1(3)S4 and that did not make any difference. Does anyone know why this occurs and if there is a way to work around this other than removing wccp configuration and adding back, every time the ACL needs to be modified?
As a side note to this... We have recently added riverbed appliances, and created separate service groups with separate redirect-lists. The exact same behavior occurs on the ASR 1002 when the ACL for the riverbed's redirect list is altered.Thank you very much for sharing that information. It is great to hear verification that the mask assignment change did resolve your problem. That is the latest resolution that TAC has recommended, but we have to restart the WCCP service on all redundant edge routers to be able to implement this, so planning the outage window is taking some time. We've been told that TAC will set this up in a lab and test for us by our Cisco SE. We're hoping to get verfication that this actually resolves the problem before we take the outage.
If you could, can you tell me if this resolved the issue 100% or do you still have any performance issues when making a change to your WCCP ACL going to your bluecoat equipment? We may also need to implement this in our redirects to BlueCoat from our Nexus. Do you happen to have a link to how to make this change in Bluecoat? Thanks again!
Maybe you are looking for
-
The bookmarks that were added from my IE7 favorites aren't up-to-date. How do I update my bookmarks in Safari? Also, if I want to delete the IE7 folder that is not current in Safari and start over, how do I find the right folder to import all of my I
-
I want to get List of all active sessions in current system
Hi experts How to get list of all active sessions in current system in any internal table along with details. A sample code wud be helpful Thanks in advance.
-
Hi all, For some reports, I cannot precompute some values and I need user input. For this I want to use table funcitons but I need to be able to get paramter values from user. Is it at all possible to prompt the parameters, or there can be a workarou
-
Lists of client install error codes
SCCM2012, Primary site, trying to push out clients. Anyone know where a complete list of "Last Installation Error" exists? I've come across the ones below, but I'm having many others that I cannot determine what the installation error refers to. Jus
-
Aperture Creating Large JPG file and placing it with Ref File
When I imported a group of images Aperture automatically created a JPEG file and placed it in the same folder I imported the Master images. The masters are 15.x meg and the JPEG is 3.x Meg. Any idea why this is happening - it is a new behavior