Control | Description |
Enable WCCP v2 Support | Specify to enable WCCP v2 support on all groups added to the Service Group list. |
Multicast TTL | Specify the TTL boundary for the WCCP protocol packets. The default value is 16. |
Control | Description |
Add a New Service Group | Displays the controls for adding a new service group. |
Interface | Select an appliance interface to participate in a WCCP service group. RiOS v6.1 enables multiple SteelHead interfaces to participate in WCCP on one or more routers for redundancy (RiOS 6.0 and earlier enables a single SteelHead interface). If one of the links goes down, the router can still send traffic to the other active links for optimization. You must include an interface with the service group ID. More than one appliance in-path interface can participate in the same service group. For WCCP configuration examples, see the SteelHead Deployment Guide. If multiple appliances are used in the topology, they must be configured as neighbors. |
Service Group ID | Enables WCCP v2 support on all groups added to the Service Group list. Specify a number from 0 to 255 to identify the service group on the router. A value of 0 specifies the standard HTTP service group. Riverbed recommends that you use WCCP service groups 61 and 62. Note: The service group ID is local to the site where WCCP is used. Note: The service group number is not sent across the WAN. |
Protocol | Select All, TCP, or UDP from the drop-down list. All specifies all IP-based protocols. For example, it matches ICMP traffic. The default value is TCP. |
Password | Optionally, assign a password to the appliance interface. This password must be the same password that is on the router. WCCP requires that all routers in a service group have the same password. Passwords are limited to 8 characters. |
Password Confirm | Confirm the password. |
Priority | Specify the WCCP priority for traffic redirection. If a connection matches multiple service groups on a router, the router chooses the service group with the highest priority. The range is from 0 to 255. The default value is 200. The priority value must be consistent across all appliances within a particular service group. |
Weight | Specify the percentage of connections that are redirected to a particular appliance interface, that is useful for traffic load balancing and failover support. The number of TCP, UDP, or ICMP connections an appliance supports determines its weight. The more connections an SCC model supports, the heavier the weight of that model. A higher weight redirects more traffic to that SteelHead interface. The ratio of traffic redirected to a SteelHead interface is equal to its weight divided by the sum of the weights of all the SteelHead interfaces in the same service group. For example, if there are two appliances in a service group and one has a weight of 100 and the other has a weight of 200, the one with the weight 100 receives 1/3 of the traffic and the other receives 2/3 of the traffic. However, because it is generally undesirable for an SCC with two WCCP in-path interfaces to receive twice the proportion of traffic, for appliances with multiple in-paths connected, each of the in-path weights is divided by the number of that SCC's interfaces participating in the service group. For example, if there are two SCCs in a service group and one has a single interface with weight 100 and the other has two interfaces each with weight 200, the total weight will still equal 300 (100 + 200/2 + 200/2). The one with the weight 100 receives 1/3 of the traffic and each of the other's in-path interfaces receives 1/3 of the traffic. The range is from 0 to 65535. The default value corresponds to the number of TCP connections your appliance supports. Failover Support To enable single in-path failover support with WCCP groups, define the service group weight to be 0 on the backup appliance. If one appliance has a weight 0, but another one has a non-zero weight, the appliance with weight 0 does not receive any redirected traffic. If all the appliances have a weight 0, the traffic is redirected equally among them. The best way to achieve multiple in-path failover support with WCCP groups in RiOS v6.1 is to use the same weight on all interfaces from a given appliance for a given service group. For example, suppose you have SteelHead A and SteelHead B with two in-path interfaces each. When you configure SteelHead A with weight 100 from both inpath0_0 and inpath0_1 and SteelHead B with weight 200 from both inpath0_0 and inpath0_1, RiOS distributes traffic to SteelHead A and SteelHead B in the ratio of 1:2 as long as at least one interface is up on both appliances. In a service group, if an interface with a non-zero weight fails, its weight transfers over to the weight 0 interface of the same service group. For details about using the weight parameter to balance traffic loads and provide failover support in WCCP, see the SteelHead Deployment Guide. |
Encapsulation Scheme | Specifies the method for transmitting packets between a router or a switch and an appliance interface. Select one of the following encapsulation schemes from the drop-down list: • Either - Use Layer-2 first; if Layer-2 is not supported, GRE is used. This is the default value. • GRE - Generic Routing Encapsulation. The GRE encapsulation method appends a GRE header to a packet before it is forwarded. This can cause fragmentation and imposes a performance penalty on the router and switch, especially during the GRE packet deencapsulation process. This performance penalty can be too great for production deployments. • L2 - Layer-2 redirection. The L2 method is generally preferred from a performance standpoint because it requires fewer resources from the router or switch than the GRE does. The L2 method modifies only the destination Ethernet address. However, not all combinations of Cisco hardware and IOS revisions support the L2 method. Also, the L2 method requires the absence of L3 hops between the router or switch and the appliance. |
Assignment Scheme | Determines that SteelHead interface in a WCCP service group the router or switch selects to redirect traffic to for each connection. The assignment scheme also determines whether the SteelHead interface or the router processes the first traffic packet. The optimal assignment scheme achieves both load balancing and failover support. Select one of the following schemes from the drop-down list: • Either - Uses Hash assignment unless the router does not support it. When the router does not support Hash, it uses Mask. This is the default setting. • Hash - Redirects traffic based on a hashing scheme and the Weight of the SteelHead interface, providing load balancing and failover support. This scheme uses the CPU to process the first packet of each connection, resulting in slightly lower performance. However, this method generally achieves better load distribution. Riverbed recommends Hash assignment for most appliances if the router supports it. The Cisco switches that do not support Hash assignment are the 3750, 4000, and 4500-series, among others. Your hashing scheme can be a combination of the source IP address, destination IP address, source port, or destination port. • Mask - Redirects traffic operations to the appliances, significantly reducing the load on the redirecting router. Mask assignment processes the first packet in the router hardware, using less CPU cycles and resulting in better performance. Mask assignment in RiOS 5.0.1 and earlier is limited to one appliance per service group. The appliance with the lowest in-path IP address receives all the traffic. This scheme provides high-availability. You can have multiple appliances in a service group but only the appliance with the lowest in-path IP address receives all the traffic. If the appliance with the lowest in-path IP address fails, the appliance with the next lowest in-path IP address receives all of the traffic. When the appliance with the lowest in-path IP address recovers, it again receives all of the traffic. Mask assignment in RiOS 5.0.2 and later supports load-balancing across multiple active appliances. This scheme bases load-balancing decisions (for example, that appliance in a service group optimizes a given new connection) on bits pulled out, or masked, from the IP address and the TCP port packet header fields. Mask assignment in RiOS v6.1 supports load-balancing across multiple active appliance interfaces in the same service group. The default mask scheme uses an IP address mask of 0x1741, that is applicable in most situations. However, you can change the IP mask by clicking the service group ID and changing the service group settings and flags. In multiple SCC environments, it is often desirable to send all users in subnet range to the same SCC. Using mask provides a basic ability to leverage a branch subnet and SCC to the same SCC in a WCCP cluster. Important: If you use mask assignment you must ensure that packets on every connection and in both directions (client-to-server and server-to-client), are redirected to the same appliance. For details and best practices for using assignment schemes, see the SteelHead Deployment Guide. |
Source Mask | • IP Mask - Specify the service group source IP mask. The default value is 0x1741. • Port Mask - Specify the service group source port mask. • IP Hash - Specify that the router hash the source IP address to determine traffic to redirect. • Port Hash - Specify that the router hash the source port to determine traffic to redirect. |
Destination Mask | • IP Mask - Specify the service group destination IP mask. • Port Mask - Specify the service group destination port mask. • IP Hash - Specify that the router hash the destination IP address to determine traffic to redirect. • Port Hash - Specify that the router hash the destination port to determine traffic to redirect. |
Source Hash | • IP Hash - Specify that the router hash the source IP address to determine traffic to redirect. • Port Hash - Specify that the router hash the source port to determine traffic to redirect. |
Destination Hash | • IP Hash - Specify that the router hash the destination IP address to determine traffic to redirect. • Port Hash - Specify that the router hash the destination port to determine traffic to redirect. |
Ports Mode | Select one of the following modes from the drop-down list: • Ports Disabled - Select to disable the ports. • Use Source Ports - The router determines traffic to redirect based on source ports. • Use Destination Ports - The router determines traffic to redirect based on destination ports. |
Ports | Specify a comma-separated list of up to seven ports that the router will redirect. Use this option only after selecting either the Use Source Ports or the Use Destination Ports mode. |
Ports Mode | Select one of the following modes from the drop-down list: • Ports Disabled - Select to disable the ports. • Use Source Ports - The router determines traffic to redirect based on source ports. • Use Destination Ports - The router determines traffic to redirect based on destination ports. |
Ports | Specify a comma-separated list of up to seven ports that the router will redirect. Use this option only after selecting either the Use Source Ports or the Use Destination Ports mode. |
Router IP Address(es) | Specify a multicast group IP address or a unicast router IP address. You can specify up to 32 routers. |
Add | Adds the service group. |
Remove Selected Groups | Select the check box next to the name and click Remove Selected Groups. |