Configuring Network Integration Features : Configuring WCCP
  
Configuring WCCP
WCCP enables you to redirect traffic that is not in the direct physical path between the client and the server. To enable WCCP, the SteelHead Interceptor must join a service group at the router. A service group is a group of routers and SteelHead Interceptors that define the traffic to redirect, and the routers and SteelHead Interceptors the traffic goes through. You might use one or more service groups to redirect traffic to the SteelHeads for optimization.
WCCP configuration allows all the SteelHead Interceptor in-path interfaces to be individually configured as WCCP clients. Each configured in-path interface participates in WCCP service groups as an individual WCCP client, providing redundancy and flexibility to balance the redirected traffic load among in-path interfaces.
Enabling WCCP is optional when running in standard mode.
WCCP is not supported in VLAN segregation mode and when path selection is enabled.
You can also use the CLI to configure WCCP service groups. For detailed configuration information (including configuring the WCCP router), see the SteelHead Interceptor Deployment Guide.
To enable a WCCP service group
Before configuring your WCCP service group, you must enable L4/PBR/WCCP support in the General Service Settings page. For details, see Configuring general service settings (standard mode only).
1. Choose Networking > Network Services: WCCP to display the WCCP page.
WCCP page
2. Under WCCP Service Groups, complete the configuration as described in this table.
Control
Description
Enable WCCPv2 Support
Enables WCCPv2 support on all groups added to the Service Group list.
Multicast TTL
Specify the TTL boundary for the WCCP protocol packets. The default value is 16.
3. Click Apply to save your settings to the running configuration.
To add, modify, or remove a service group
1. Choose Networking > Network Services: WCCP to display the WCCP page.
2. Under WCCP Groups, complete the configuration as described in this table.
Control
Description
Add a New Service Group
Displays the controls for adding a new service group.
Interface
Select a SteelHead Interceptor interface to participate in a WCCP service group.
You must include an interface with the service group ID. More than one SteelHead Interceptor in-path interface can participate in the same service group. For WCCP configuration examples, see the Riverbed Deployment Guide.
If multiple SteelHead Interceptors are used in the topology, they must be configured as part of the cluster.
Service Group ID
Enables WCCPv2 support on all groups added to the Service Group list.
Specify a number from 0 to 255 to identify the service group on the router. A value of 0 specifies the standard HTTP service group. We recommend that you use WCCP service groups 61 and 62.
The service group ID is local to the site where WCCP is used.
The service group number is not sent across the WAN.
Protocol
Select one of these traffic protocols:
TCP
UDP
ICMP
The default traffic protocol is TCP.
Protocol
Select a traffic protocol from the drop-down list: TCP, UDP, or ICMP. The default value is TCP.
Password/Password Confirm
Optionally, assign a password to the SteelHead Interceptor interface. This password must be the same password that is on the router. WCCP requires that all routers in a service group have the same password. Passwords are limited to eight characters.
Priority
Specify the WCCP priority for traffic redirection. If a connection matches multiple service groups on a router, the router chooses the service group with the highest priority. The range is from 0 to 255. The default value is 200.
The priority value must be consistent across all SteelHead Interceptors within a particular service group.
Weight
Specify the percentage of connections that are redirected to a particular SteelHead Interceptor interface, which is useful for traffic load balancing and failover support. The number of TCP, UDP, or ICMP connections a SteelHead Interceptor supports determines its weight. The more connections that a SteelHead Interceptor model supports, the heavier the weight of that model. You can modify the weight for each in-path interface to manually tune the proportion of traffic a SteelHead Interceptor interface receives.
A higher weight redirects more traffic to that SteelHead Interceptor interface. The ratio of traffic redirected to a SteelHead Interceptor interface is equal to its weight divided by the sum of the weights of all the SteelHead Interceptor interfaces in the same service group. For example, if there are two SteelHead Interceptors in a service group and one has a weight of 100 and the other has a weight of 200, the one with the weight 100 receives one-third of the traffic and the other receives two-thirds of the traffic.
However, because it is generally undesirable for an Interceptor with two WCCP in-path interfaces to receive twice the proportion of traffic, for SteelHead Interceptors with multiple in-paths connected, each of the in‑path weights is divided by the number of that Interceptor’s interfaces participating in the service group.
For example, if there are two SteelHead Interceptors in a service group, and one has a single interface with weight 100 and the other has two interfaces, each with weight 200, the total weight will still equal 300 (100 + 200/2 + 200/2). The one with the weight 100 receives one-third of the traffic and each of the other’s in-path interfaces receives one-third of the traffic.
The range is from 0 to 65535. The default value is 1700.
For details about WCCP in a failover configuration, see Failover support in WCCP.
Encapsulation Scheme
Specifies the method for transmitting packets between a router or a switch and a SteelHead Interceptor interface. Select one of these encapsulation schemes from the drop-down list:
Either—Use Layer 2 first; if Layer 2 is not supported, GRE is used. This is the default value.
GRE—Generic Routing Encapsulation. The GRE encapsulation method appends a GRE header to a packet before it is forwarded. This can cause fragmentation and imposes a capacity reduction on the router and switch, especially during the GRE packet de-encapsulation process. This capacity reduction can be too great for production deployments.
L2—Layer-2 redirection. The Layer-2 method is generally preferred from a performance standpoint, because it requires fewer resources from the router or switch than the GRE does. The Layer-2 method modifies only the destination Ethernet address. However, not all combinations of Cisco hardware and IOS revisions support the Layer-2 method. Also, the Layer-2 method requires the absence of Layer-3 hops between the router or switch and the SteelHead Interceptor.
Assignment Scheme
Determines which Interceptor interface in a WCCP service group the router or switch selects to redirect traffic to for each connection. The assignment scheme also determines whether the Interceptor interface or the router processes the first traffic packet. The optimal assignment scheme achieves both load balancing and failover support. Select one of these schemes from the drop-down list:
Either—Uses Hash assignment unless the router does not support it. When the router does not support Hash, it uses Mask. This is the default setting.
Mask—Redirects traffic operations to the SteelHead Interceptors, significantly reducing the load on the redirecting router. Mask assignment processes the first packet in the router hardware, using less CPU cycles and resulting in better performance.
Mask assignment supports load balancing across multiple active SteelHead Interceptors. This scheme bases load balancing decisions (for example, which SteelHead Interceptor in a service group optimizes a given new connection) on bits pulled out, or masked, from the IP address and the TCP port packet header fields. It also supports load balancing across multiple active SteelHead Interceptor interfaces in the same service group.
The default mask scheme uses an IP address mask of 0x1741, which is applicable in most situations. However, you can change the IP mask by clicking the service group ID and changing the service group settings and flags.
Hash—Redirects traffic based on a hashing scheme and the Weight value of the Interceptor interface, providing load balancing and failover support. This scheme uses the CPU to process the first packet of each connection, resulting in slightly lower performance. However, this method generally achieves better load distribution. We recommend Hash assignment for most SteelHead Interceptors if the router supports it. The Cisco switches that do not support Hash assignment are the 3750, 4000, and 4500-series, among others.
Your hashing scheme can be a combination of the source IP address, destination IP address, source port, or destination port.
For details and best practices for using assignment schemes, see the Riverbed Deployment Guide.
Source Mask
Specify the following:
IP Mask—Specify the service group source IP mask. The default value is 0x1741.
Port Mask—Specify the service group source port mask.
Destination Mask
Specify the following:
IP Mask—Specify the service group destination IP mask.
Port Mask—Specify the service group destination port mask.
Source Hash
Specify the following:
Source IP Hash—Specify that the router hash the source IP address to determine traffic to redirect.
Source Port Hash—Specify that the router hash the source port to determine traffic to redirect.
Destination Hash
Specify the following:
Destination IP Hash—Specify that the router hash the destination IP address to determine traffic to redirect.
Destination Port Hash—Specify that the router hash the destination port to determine traffic to redirect.
Ports Mode
Select one of these modes from the drop-down list:
Ports Disabled—Select to disable the ports.
Use Source Ports—The router determines traffic to redirect based on source ports.
Use Destination Ports—The router determines traffic to redirect based on destination ports.
Ports
Specify a comma-separated list of up to seven ports that the router will redirect. Use this option only after selecting either the Use Source Ports or the Use Destination Ports mode.
Router IP Address(es)
Specify a multicast group IP address or a unicast router IP address. You can specify up to 32 routers.
Add
Adds the service group.
Remove Selected Groups
Select the check box next to the name and click Remove Selected Groups.
3. Click Save to save your settings permanently.
Failover support in WCCP
You enable single in-path failover support with WCCP groups and define the service group weight to be 0 on the backup SteelHead Interceptor. If one SteelHead Interceptor has a weight 0, but another one has a nonzero weight, the SteelHead Interceptor with weight 0 does not receive any redirected traffic. If all the SteelHead Interceptors have a weight 0, the traffic is redirected equally among them.
The best way to achieve multiple in-path failover support with WCCP groups is to use the same weight on all interfaces from a given SteelHead Interceptor for a given service group. For example, suppose you have Interceptor A and Interceptor B with two in-path interfaces each. When you configure Interceptor A with weight 100 from both inpath0_0 and inpath0_1 and Interceptor B with weight 200 from both inpath0_0 and inpath0_1, RiOS distributes traffic to Interceptor A and Interceptor B in the ratio of 1:2 as long as at least one interface is up on both SteelHead Interceptors.
In a service group, if an interface with a nonzero weight fails, its weight transfers to the weight 0 interface of the same service group.
For details about using the weight parameter to balance traffic loads and provide failover support in WCCP, see the SteelHead Interceptor Deployment Guide.