To optimize traffic, the appliance must intercept both the inbound and outbound packets of a flow. Therefore, whenever you place an appliance out-of-path, you must direct traffic from the client to the appliance. Outbound (or LAN–side) redirection is required whether you’re using subnet sharing, TCP-based or IP-based auto-optimization, or manually creating a Route Policy entry.
In this section, we’ll configure WCCP on the router and set up redirection for the traffic that originates on the local LAN. The end devices and servers point to their local router/L3 switch interface on the LAN as the next hop. The router must be configured to send traffic to the Silver Peaks, which are on a different interface and subnet from the end devices, per recommended best practice.
|
1
|
Create an Access Control List (ACL) to redirect all traffic from Site A’s 10.110.33.0/24 subnet to Site B’s 10.110.11.0/24 subnet.
|
Note 
If there were additional local subnets from which traffic originated, we would need to create additional rules to make sure the ACL matched that traffic also.
If there were additional local subnets from which traffic originated, we would need to create additional rules to make sure the ACL matched that traffic also.|
2
|
Since you’ll be using two protocols, you’ll need two service groups. Therefore, create two WCCP service groups (as placeholders) and associate the ACL with them. Here, we’ll create 53 to use (later) with TCP and 54 to use (later) with UDP. Service Groups can be numbers between 51 and 255, inclusive.
|
Note that we can reuse the same ACL because it matches traffic based on IP addresses. It’s the WCCP service group which redirects traffic based on protocol.
Note 
On a Cisco Catalyst 6500, WCCP redirection can be done in hardware by adding the keyword, accelerated, at the end of the global command, ip wccp 53 redirect-list 101. The accelerated keyword allows the 6500 to do WCCP redirection (forwarding) in L2.
On a Cisco Catalyst 6500, WCCP redirection can be done in hardware by adding the keyword, accelerated, at the end of the global command, ip wccp 53 redirect-list 101. The accelerated keyword allows the 6500 to do WCCP redirection (forwarding) in L2.
You must also associate the WCCP service group with Site A’s LAN-side interface. The interface number below would be for your LAN–side interface.
How you plan to optimize traffic affects whether or not you also need inbound redirection from the WAN router (also known as WAN-side redirection):
|
n
|
If you enable subnet sharing (which relies on advertising local subnets between Silver Peak appliances) or route policies (which specify destination IP addresses), then you only need outbound redirection.
|
|
n
|
If, instead, you default to TCP-based or IP-based auto-optimization (which relies on initial handshaking outside a tunnel), then you must set up inbound and outbound redirection on the WAN router.
|
This simply means creating another access list with the source and destinations addresses reversed from the one shown in the last section (since incoming packets on the WAN side are destined to the local LAN), and creating two new WCCP service groups to the WAN interface that’s using the new ACL.
Note 
The best practice recommendation is to use auto subnet sharing (covered elsewhere in this chapter), which does not require WAN side redirects. If you’re going to use auto subnet sharing, then you can skip this section.
The best practice recommendation is to use auto subnet sharing (covered elsewhere in this chapter), which does not require WAN side redirects. If you’re going to use auto subnet sharing, then you can skip this section.|
1
|
Add an entry to the Access Control List (ACL) to redirect traffic from Site B’s 10.110.11.0/24 subnet to Site A’s 10.110.33.0/24 subnet.
|
This entry will redirect traffic inbound from the other side of the network to the local Silver Peak. This is necessary in cases where subnet sharing is not being used.
This last entry (access-list 102) redirects inbound WAN-to-LAN traffic from the other side of the network to the local Silver Peak. This is necessary in cases where subnet sharing is not being used.
|
2
|
Create two WCCP Service Groups (as placeholders) and associate the new ACL (102) with them. Here, we’ll create 55 to use (later) with TCP and 56 to use (later) with UDP.
|
Do not use the same Service Group numbers that are used in the previous (outbound redirection) section. The best practice is to use two, unique Service Groups for inbound redirection.
|
3
|
You must also associate the WCCP service group with Site A’s WAN-side interface. The interface number would be the one for your WAN facing interface.
|
