Overview

Out-of-Path with WCCP : Overview

Overview

In this scenario, the Silver Peak appliances are not connected in the direct path of the network traffic. As a result, a network traffic redirection technique is used to forward traffic to the appliance.

Web Cache Communications Protocol (WCCP) supports the redirection of any TCP or UDP connections to appliances participating in WCCP Service Groups. The appliance intercepts only those packets that have been redirected to it. The appliance accelerates traffic flows that the Route Policy directs to a tunnel; all other traffic passes through the appliance unmodified.

In the unlikely event that the appliance fails, WCCP on the WAN router removes the appliance from the WCCP Service Group and resumes forwarding traffic normally, according to its routing tables.

At Site A, both the router and the participating appliance require a separate WCCP service group for each protocol used in the tunnel. So, if a tunnel uses both TCP and UDP, you must create a separate WCCP Service Group for each protocol (TCP and UDP) used in the A-to-B tunnel.

Network Diagram

Out-of-Path Deployment: Silver Peak Appliance peered with an L3 router using WCCP

The Silver Peak appliances optimize traffic to/from 10.110.31.0/24 and 10.110.11.0/24.

Note You don’t need a spare router port for this configuration. The Silver Peak appliance can be connected to an existing or newly configured subinterface on the router via a VLAN trunk such that a spare port on the LAN switch can be used for the physical connection.

Summary

Appliance Placement

Appliance attached in network, reachable by WAN router

•

Appliance wan0 interface connects to network

•

Do not connect lan0 interface

Fail-Safe Behavior

WCCP recognizes failed appliance

•

Appliance removed from WCCP v2 Service Group

•

WAN router resumes forwarding traffic normally according to its routing tables

IP Addresses

This deployment model requires two IP addresses (on the same or separate subnets)

•

Silver Peak Appliance data path IP address (to originate and terminate tunnels)

•

Silver Peak Management IP Address (for appliance configuration and management)

Configure WCCP on the Silver Peak appliance and the WAN router. Service Group IDs on the router and appliance must match.

•

Configure two WCCP v2 Service Groups on the Silver Peak appliance
(one for TCP and one for UDP)

•

Configure two WCCP v2 Service Groups on the WAN router
(one for TCP and one for UDP)

Fail-Safe Behavior

Fail-safe behavior should always be tested before production deployment by ensuring that traffic continues to flow in each of the following cases:

1

With the appliance in bypass state

2

With the appliance powered off

3

With the tunnels administratively down.

Summary of Configuration Tasks

Task

Notes

For detailed instructions, see...

1

Gather all the IP addresses needed for setup

Saves time and avoids mistakes.

“Collecting the Necessary Information”

2

Install the appliance into the network

Physical appliance: Connect the Site A appliance to the Site A router, and insert the Site B appliance between its WAN edge router and the Ethernet switch. Verify connectivity, connect power, and verify LEDs.

Virtual appliance: Configure the hypervisor, with the required interfaces.

Silver Peak Appliance Manager Operator’s Guide

Quick Start Guides

2

Configure the Site A router for WCCP

Access the Site A router’s command line interface (CLI) to:

•

Configure an Access Control List (ACL) that redirects all traffic from the Site A subnet to the Site B subnet

•

Configure two WCCP Service Groups — one for UDP, one for TCP

•

Associate the ACL with the Service Group

•

Enable WCCP on the appropriate router interface

“Configuring the Site A Router for WCCP”

3

Configure Site A’s appliance for out-of-path deployment¹

Access the Initial Config Wizard to assign Appliance IP and Management IP addresses for Site A’s appliance.

Reboot the appliance.

“Using the Initial Config Wizard with Site A’s Appliance”

4

Configure the WCCP Service Groups on Site A’s appliance

•

Create a pair of Service Groups (TCP, UDP) for outbound redirection.

•

Create a pair of Service Groups (TCP, UDP) for inbound redirection.

“Configuring WCCP on Appliance A”

5

Configure Site B’s appliance for in-line deploymenta

Run the Initial Config Wizard to set up Site B’s Silver Peak appliance in Bridge mode.

Reboot the appliance.

“Using the Initial Config Wizard with Site B’s Appliance”

6

Verify appliance connectivity

Ensure that the cable connections are sound and you haven’t misconfigured any IP addresses.

Do NOT proceed until you have verified connectivity.

“Verifying Appliance Connectivity”

7

Enable subnet sharing

This prepares each appliance to share local subnets.

“Enabling Subnet Sharing”

8

Create a tunnel and Route Policy on Site A’s appliance

Use the Appliance Manager.

“Creating Tunnels and Updating the Subnet Table”

9

Test the connectivity from both ends

Verify that the tunnel is up and that flows are being optimized.

“Verifying Traffic”

1

IMPORTANT: The WAN Next Hop IP Address must be the IP address of the WAN edge router. This may or may not be the same as the Management Interface Next Hop IP Address for hosts on the LAN side of your network. If in doubt, check with your network administrator.

Collecting the Necessary Information

The example makes the following assumptions:

n

You’re not using DHCP.

n

Speed and duplex for all interfaces are left at the default, auto-negotiation.

n

Although it isn’t a requirement, it’s considered a best practice to use different subnets for mgmt0 and the Appliance IP.

Out-of-Path Deployment: Silver Peak Appliance peered with an L3 router using WCCP

Hostname

A

B

Mode

Router / Out-of-Path

Bridge / In-Line

Admin Password: Old

admin

admin

Admin Password: New / Confirm

Time Zone

NTP Server IP Address

License (for virtual appliance only)

mgmt1 IP Address / Mask

10.10.10.1/24

---

mgmt0 IP Address / Mask¹

192.168.1.7/24

192.168.1.9/24

mgmt0 Next-hop IP Address

192.168.1.1

192.168.1.1

Appliance data path IP Address / Mask

10.110.31.100/24

10.110.11.100/24

Appliance data path Next-hop IP

10.110.31.1/24

10.110.11.1/24

LAN Next-hop IP Address (optional) ²

not applicable

---

WCCP Service Groups for outbound redirection

53 (TCP)

54 (UDP)

---

WCCP Service Groups for inbound redirection

55 (TCP)

56 (UDP)

---

WCCP Weight (default)

100

not applicable

1

In this example, all mgmt0 IP addresses are in the same subnet. In your actual network, it’s likely that mgmt0 IP addresses are in different subnets.

2

LAN next-hop IP is only required when there are subnets for which the Silver Peak appliance does not have a configured IP address.

Hostname	A	B
Mode	Router / Out-of-Path	Bridge / In-Line
Admin Password: Old	admin	admin
Admin Password: New / Confirm
Time Zone
NTP Server IP Address
License (for virtual appliance only)
mgmt1 IP Address / Mask	10.10.10.1/24	---
mgmt0 IP Address / Mask¹	192.168.1.7/24	192.168.1.9/24
mgmt0 Next-hop IP Address	192.168.1.1	192.168.1.1
Appliance data path IP Address / Mask	10.110.31.100/24	10.110.11.100/24
Appliance data path Next-hop IP	10.110.31.1/24	10.110.11.1/24
LAN Next-hop IP Address (optional) ²	not applicable	---
WCCP Service Groups for outbound redirection	53 (TCP) 54 (UDP)	---
WCCP Service Groups for inbound redirection	55 (TCP) 56 (UDP)	---
WCCP Weight (default)	100	not applicable

Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com.