The router configuration that follows is in line with the deployment diagram, which shows the router and the redundant Silver Peak appliances sharing four Service Groups:
n
n
2 Create an Access Control List (ACL) to redirect all traffic from the Site A’s 10.110.33.0/24 subnet to the Site B’s 10.110.11.0/24 subnet.
3 Since you’ll be using two protocols, you’ll need two service groups. Therefore, create two WCCP service groups (as placeholders) and associate the ACL with them. Here, we’ll create 53 to use (later) with TCP and 54 to use (later) with UDP. Service Groups can be numbers between 51 and 255, inclusive.Note that we can reuse the same ACL because it matches traffic based on IP addresses. It’s the WCCP service group that redirects traffic based on protocol.Note On a Cisco Catalyst 6500, WCCP redirection can be done in hardware by adding the keyword, accelerated, at the end of the global command, ip wccp 53 redirect-list 101. The accelerated keyword allows the 6500 to do WCCP redirection (forwarding) in L2.
4 You must also associate the WCCP service group with Site A’s LAN-side interface. In this chapter’s example, you’d need to replace gigabitEthernet <port_number> with 10.110.33.1.Note You can choose not to use an ACL on the Cisco router, thereby allowing all traffic to be redirected to the appliance. The appliance will send back any traffic that doesn’t match its policies.It’s considered a best practice to use separate inbound and outbound ACLs to guarantee maximum flexibility in configuring redirection. Since a Service Group can only point to one redirect list, and we are using a pair of service groups (one for TCP and one for UDP), that would require the use of a total of four service groups if you are also doing inbound (WAN-to-LAN) redirection.Then, later, when you’re configuring WCCP on the redundant Silver Peaks, it’s useful to force the same flow to the same Silver Peak—in both directions—to avoid asymmetry. So, for each protocol (TCP, UDP), a given flow would have an outbound Service Group’s Assignment Detail configured for lan-ingress, and an inbound Service Group’s configured for wan-ingress. Again, this brings the total number of Service Groups to four.
Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com. |