Configuring TCP Redirection Using WCCP
Contents
•WCCP on Data Centers
WCCP on Data Centers
This section contains the following:
•High Availability
•Enabling WCCP on an NCE Module
•Configuring WCCP Routers on NCE Modules
•Verifying WCCP Service Status on NCE
•Show TPO WCCP Statistics
•Configuring WCCP Group on Branch NCE
•Configuring a WCCP Group on a Branch NCE Module
Note Only WCCP version 2 is supported.
Web Cache Communication Protocol (WCCP) provides a mechanism to redirect traffic flows in real-time. It involves the transparent interception and redirection of traffic to one or more web caches by a router or switch to the end points of the traffic flow.
WCCP provides transparent interception and redirection of TCP traffic between the WCCP router and NCE modules. Multiple routers and NCE modules can be part of a WCCP service group. The NCE module supports TCP promiscuous service (61) to intercept the TCP traffic going through the head end router. A single NCE module within a service group is selected as the designated NCE module. It is the responsibility of the designated NCE module to provide WCCP routers with the data which determines how redirected traffic is distributed among the NCE modules in the service group.
WCCP also provides a mechanism for high availability (fail safe) and load balancing features. It has built-in load balancing, scaling, fault tolerance, and service-assurance (fail-safe) mechanisms.
High Availability
High availability is fail-safe recovery when the active ISR or NCE module fails. When the primary ISR/NCE fails, thebackup ISR/NCE continues to optimize traffic between the branch and data center locations.
WCCP version 2.0 must be enabled at the head end side to support high availability.
Multiple NCE modules are configured at the data center, forming a WCCP service group. All these modules are configured with WCCP to redirect TCP traffic from the WCCP router to the NCE modules.
The NCE module with the lowest IP address works as the designated module within the service group. The router periodically reports all NCE modules seen into a service group. Whenever there is any change in service group membership, such as the WCCP router or module comes up or goes down, the designated NCE module election process occurs again, if required.
Note Whenever there is a change in the redirection table, existing connections on the module see a reset. The router starts redirecting the TCP packets based on the new hash for all new incoming connections.
Figure 6-1 shows a typical topology for WCCP on data centers.
Figure 6-1 WCCP on Data Centers
Configuring WCCP
This section contains the following procedures:
•Enabling WCCP on an NCE Module
•Configuring WCCP Routers on NCE Modules
•Verifying WCCP Service Status on NCE
•Show TPO WCCP Statistics
•Configuring WCCP Group on Branch NCE
•Configuring a WCCP Group on a Branch NCE Module
Enabling WCCP on an NCE Module
NCE-HQ(config)# [no] tpo wccp 61 ?
61 - TCP Promiscuous mode, to intercept TCP traffic
Note When you enable WCCP on NCE, configure TPO lookup as bind using the tpo lookup bind command on the NCE module. Add branch networks under the respective tpo ID using the bind command.
Configuring WCCP Routers on NCE Modules
Up to 32 WCCP routers can be configured in a service group.
The no form of this command deletes the IP addresses specified from the existing list.
NCE-HQ(config)# tpo wccp router-list ?
A.B.C.D Router's IP Address
NCE-HQ(config)# tpo wccp router-list <wccp-router1-ip> <wccp-router2-ip>
<wccp-router32-ip>
Verifying WCCP Service Status on NCE
To verify WCCP status, use the show tpo wccp status command.
NCE-HQ> show tpo wccp status
WCCP Service ID: 61, Version: 2.0
*****************************************
Router IP: 90.0.0.1, Status: ACTIVE, Recv-ID: 6320, ID: 90.0.0.1
NCE Status: ACTIVE, Service Flags: 0x1
Redirection: GRE, Packet Return: GRE, Assignment: HASH
NCE Modules in this service group: 1.3.252.111
*****************************************
|
|
WCCP Service ID |
61, NCE supports WCCP service 61(TCP promiscuous Mode). |
Router IP |
IP address of the WCCP router configured on the NCE module. |
NCE Status |
Shows NCE status. If the NCE is successfully registered with WCCP router, it is Active, otherwise it is Inactive. |
Redirection |
GRE or L2 Redirection. Default is GRE. |
Assignment |
Mask or Hash. Default is Hash. |
NCE Modules in the same WCCP group |
The NCE module IP address which is registered with the same WCCP group. |
Show TPO WCCP Statistics
Use the show tpo wccp statistics command to check WCCP traffic statistics.
NCE-HQ> show tpo wccp statistics
Transparent GRE packets received: 5346715
Transparent non-WCCP packets received: 0
Transparent non-TCP packets received: 0
Total packets accepted: 5346715
Invalid packets received: 0
Packets received with invalid service: 0
Packets received on a disabled service: 0
Packets dropped due to zero TTL: 0
Packets sent back to router: 0
GRE fragments redirected: 0
Packets dropped due to invalid fwd method: 0
Packets w/WCCP GRE received too small: 0
Packets dropped due to received on loopback: 0
Packets fragmented for bypass: 0
Packets dropped due to no route found: 0
The packets received and packets accepted counters show the number of packets redirected to this NCE module from the Cisco IOS WAN interface and accepted by the module. Packets sent back to router is the total number of packets bypassed and not optimized.
Configuring WCCP Group on Branch NCE
Use the tpo wccp group-id id bind/map-tpo-id command to configure a WCCP group ID.
A WCCP group ID is a collection of multiple or single tpo IDs that redirect the packets to the multiple modules on the data center router, which is based on the redirection table transmitted from the data center service-modules.
WCCP BRANCH Point-To-Point Configuration (map-tpo-id)
With the tpo wccp group-id id map-tpo-id command, mapping is based on the tpo ID configured in the Cisco IOS.
Use the map argument when WCCP is enabled at the data center with a single NCE module, and the branch NCE is connecting with a single peer over the same WAN link.
WCCP BRANCH Point-To-Multipoint Configuration
Use the tpo wccp group-id id bind ip-address mask command to configures a WCCP group ID, which includes the destination network configured as part of bind to be routed, based on the WCCP redirection table. This command is recommended when the branch NCE is connecting with multiple peers at the data center over the same WAN link. WCCP must be enabled at the data center.
Note The WCCP group ID number has to be different than tpo ID number and unique. Use the WCCP group ID number as the tpo ID number when configuring the interception in the Cisco IOS configurations.
NCE-BRANCH(config)> tpo wccp group-id <id> ?
map-tpo-id Based on Transport-opt TPO ID configured on IOS
NCE-BRANCH(config)> tpo wccp group-id <id> bind ?
A.B.C.D Destination Network IP address
NCE-BRANCH(config)> tpo wccp group-id <id> bind <ip address> <subnet mask>
Configuring a WCCP Group on a Branch NCE Module
Use the group ID map-tpo ID command where the WCCP group has been mapped to the tpo ID configured for Intercept on the IOS WAN Interface using the transport-opt tpo-id interface transport slot/port command. This group ID is then attached to a configured tpo ID. This command works when WCCP is enabled on the Data Center module with a single NCE module configured in a WCCP service group.
All of the intercept traffic from the configured WAN interface is optimized regardless of the destination network address.
NCE-BRANCH(config)> tpo wccp group-id <id> ?
map-tpo-id Based on Transport-opt TPO ID configured on IOS
NCE-BRANCH(config)> tpo wccp group-id 1 map-tpo-id ?
NCE-BRANCH(config)> tpo wccp group-id 1 map-tpo-id
===============================================================
TPO-ID: 60, SCTP Peer: 1.3.252.210, Peer Relationship: Acceptor
Capability Exchange: Compatible, Negotiated Version: 2.0
Default Policy-action: compress-sctp, Service Policy: <not configured>
Bandwidth Profile: default-sctp, TCP Connections: 0/10240 (active/max)
10 sec input rate: SCTP: 0 bits/sec, 0 pkts/sec TCP: 0 bits/sec
10 sec output rate: SCTP: 0 bits/sec, 0 pkts/sec TCP: 0 bits/sec
sctp_tx: 0 pkts, 0 bytes, sctp_rx: 0 pkts, 0 bytes
tcp_tx: 0 bytes, tcp_rx: 0 bytes, dropped: 0 bytes
_____________________________________________________________
TOS: 0, DSCP: 0, TCP Connections: 0
Status: UP, DOWN -> UP at Thu Jan 22 13:11:27 2009
TOS: 1, DSCP: 8, TCP Connections: 0
Status: UP, DOWN -> UP at Thu Jan 22 13:11:27 2009
TOS: 2, DSCP: 16, TCP Connections: 0
Status: UP, DOWN -> UP at Thu Jan 22 13:11:27 2009
TOS: 3, DSCP: 26, TCP Connections: 0
Status: UP, DOWN -> UP at Thu Jan 22 13:11:27 2009
TOS: 4, DSCP: 32, TCP Connections: 0
Status: UP, DOWN -> UP at Thu Jan 22 13:11:27 2009
TOS: 5, DSCP: 46, TCP Connections: 0
Status: UP, DOWN -> UP at Thu Jan 22 13:11:27 2009
TOS: 6, DSCP: 48, TCP Connections: 0
Status: UP, DOWN -> UP at Thu Jan 22 13:11:27 2009
TOS: 7, DSCP: 56, TCP Connections: 0
Status: UP, DOWN -> UP at Thu Jan 22 13:11:27 2009
===============================================================