|
n
|
Inbound WCCP redirection is preferred over outbound [also known as ingress/egress] redirection because inbound redirection is less CPU-intensive on the router. Inbound redirection is done in hardware where as outbound is done in software.
|
|
•
|
For Catalyst 6000/76xx deployments, use only inbound redirection to avoid using “redirection exclude in”, which is not understood by the switch hardware and must be processed in software.
|
|
•
|
For Catalyst 6000/76xx deployments, use L2 redirection for near line-rate redirection. Silver Peak appliances automatically negotiate assignment and forwarding methods with all routers and L3 switches from Cisco to the best possible combination that the router or L3 switch supports.
|
|
n
|
WCCPv2 interception forwards all packets from the router or L3 switch to the appliance. Special care should be taken when traffic redirected to the appliance has to be returned back to the router or L3 switch. For many routers the return traffic is delivered via L2 so there is no CPU impact. However, Catalyst 6000/76xx switches returns via GRE so the CPU can be negatively impacted unless Force L2 return is enabled on the appliance.
|
|
•
|
Force L2 Return should only be enabled when the interface/VLAN that the appliance is connected to is not also an interface with the redirection applied to.
|
|
n
|
The appliance should always be connected to an interface/VLAN that does not have redirection enabled – preferably a separate interface/VLAN would be provided for the appliance.
|
|
n
|
The appliance and Catalyst switch negotiate which redirect and return method to use when the service group is formed. There can be many access VLANs on the aggregation switches. Redirection is configured on all VLANs that need optimization. Layer 2 switching ports, including trunk ports, are not eligible for redirection.
|
|
n
|
If Auto Optimization is used for matching traffic to be optimized via the appliance, WCCP redirection must also be applied on the uplinks of the router or L3 switch to the core/WAN.
|
|
n
|
If WCCP redirection is needed on both the WAN and the LAN, the preferred configuration on the appliance is to set the WCCP group configured on the WAN to wan-ingress and the group configured on the LAN to lan-ingress.
|
|
•
|
The configuration of wan-ingress and lan-ingress ensures that load balancing is symmetrical in both directions of a flow.
|
|
•
|
wan-ingress uses the destination address for distribution in the router/L3 switch table
|
|
•
|
lan-ingress uses the source address for distribution.
|
|
n
|
If Route Policies are used for matching traffic to be optimized via the appliance, WCCP redirection is not required on the core uplinks, only the access/LAN links. If Active/Active redistribution is enabled with route policies, then flow redirection is required to handle asymmetrical flows caused by load balancing. Flow redirection can handle millions of flows and ensures that the owner of a given flow always receives the TCP flow for processing.
|
Packet redirection is the process of forwarding packets from the router or L3 switch to the appliance. The router or L3 switch intercepts the packet and forwards it to the appliance for optimization. The two methods of redirecting packets are Generic Route Encapsulation (GRE) and L2 redirection. GRE is processed at Layer 3 while L2 is processed at Layer 2.
|
•
|
Additional mask and hash assignment adjustment can help fine-tune the distribution of traffic to the appliances. The advanced configuration for fine-tuning can be found in the “custom” feature of the WCCP configuration on the appliance.
|
|
•
|
Mask assignments are set up on the appliance. The first appliance that joins the WCCP service group determines the redirection method and masking value – this appliance is referred to as the “designated” appliance. Subsequent appliances that join the group must have the same redirection and mask value setup; otherwise, they are not active participants in the WCCP group.
|
|
•
|
Appliances support both Hash and Mask capabilities for optimal throughput. The preferred WCCP configuration on the appliance is to leave both assignment and forwarding method to “either” which will allow the preferred negotiation to happen between the appliance and the router or L3 switch when WCCP is first enabled.
|
 |
In this case, the payload is a packet from the router to the appliance. GRE works on routing and switching platforms. It allows the WCCP clients to be separate from the router via multiple hops. Because GRE is processed in software, router CPU utilization increases with GRE redirection. Hardware-assisted GRE redirection is available on the Catalyst 6500 with Sup720.
|
n
|
The switch rewrites the destination L2 MAC header with the appliance MAC address. The packet is forwarded without additional lookup.
|
|
n
|
L2 redirection is done in hardware and is available on the Catalyst 6500/7600 platforms. CPU utilization is not impacted because L2 redirection is hardware-assisted; only the first packet is switched by the Multilayer Switch Feature Card (MSFC) with hashing.
|
|
n
|
After the MSFC populates the NetFlow table, subsequent packets are switched in hardware. L2 redirection is preferred over GRE because of lower CPU utilization.
|
 |
|
n
|
