Configuring Network Integration Features : Configuring WCCP
  
Configuring WCCP
You can enable WCCP service groups in the Networking > Network Integration: WCCP page.
WCCP enables you to redirect traffic that isn’t in the direct physical path between the client and the server. To enable WCCP, the SteelHead must join a service group at the router. A service group is a group of routers and SteelHeads that define the traffic to redirect, and the routers and SteelHeads the traffic goes through. You might use one or more service groups to redirect traffic to the SteelHeads for optimization.
RiOS allows each individual SteelHead in-path interface to be configured as a WCCP client. Each configured in-path interface participates in WCCP service groups as an individual WCCP client, providing flexibility to determine load balancing proportions and redundancy.
You must enable connection forwarding in a WCCP cluster. A WCCP cluster refers to two or more SteelHeads participating in the same service group. By default, RiOS provides load balancing across all participating SteelHeads in a WCCP cluster. With connection forwarding enabled, the WCCP load balancing algorithm considers the total number of in-path interfaces of all neighbors in the service group when balancing the traffic load across the interfaces. If you don’t enable connection forwarding, the SteelHead with the lowest IP address assigns all traffic flows to itself.
In virtual in-path configurations, all traffic flows in and out of one physical interface, and the default subnet side rule causes all traffic to appear to originate from the WAN side of the device. For more information, see Configuring subnet side rules.
Enabling WCCP is optional.
WCCP doesn’t support IPv6.
You can also use the CLI to configure WCCP service groups. For detailed configuration information (including configuring the WCCP router), see the SteelHead Deployment Guide.
The AWS Cloud Accelerator doesn’t support L4/PBR/WCCP configuration. The Cloud Accelerator supports it.
To enable a WCCP service group
Before configuring your WCCP service group, you must enable L4/PBR/WCCP support in the General Service Settings page. For details, see Configuring general service settings.
1. Choose Networking > Network Integration: WCCP to display the WCCP page.
WCCP page
2. Under WCCP Service Groups, complete the configuration as described in this table.
Control
Description
Enable WCCP v2 Support
Enables WCCPv2 support on all groups added to the Service Group list.
Multicast TTL
Specify the TTL boundary for the WCCP protocol packets. The default value is 16.
3. Click Apply to save your settings to the running configuration.
To add, modify, or remove a service group
1. Under WCCP groups, complete the configuration as described in this table.
Control
Description
Add a New Service Group
Displays the controls for adding a new service group.
Interface
Select a SteelHead interface to participate in a WCCP service group.
In virtual in-path configurations, all traffic flows in and out of one physical interface, and the default subnet side rule causes all traffic to appear to originate from the WAN side of the device.
RiOS allows multiple SteelHead interfaces to participate in WCCP on one or more routers for redundancy (RiOS 6.0 and earlier allow a single SteelHead interface). If one of the links goes down, the router can still send traffic to the other active links for optimization.
You must include an interface with the service group ID. More than one SteelHead in-path interface can participate in the same service group. For WCCP configuration examples, see the SteelHead Deployment Guide.
If multiple SteelHeads are used in the topology, they must be configured as neighbors.
RiOS 6.5 and later require connection forwarding in a WCCP cluster.
Service Group ID
Enables WCCPv2 support on all groups added to the Service Group list.
Specify a number from 0 to 255 to identify the service group on the router. A value of 0 specifies the standard HTTP service group. We recommend that you use WCCP service groups 61 and 62.
The service group ID is local to the site where WCCP is used.
The service group number is not sent across the WAN.
Protocol
Select a traffic protocol from the drop-down list: TCP, UDP, or ICMP. The default value is TCP.
Password/Password Confirm
Optionally, assign a password to the SteelHead interface. This password must be the same password that is on the router. WCCP requires that all routers in a service group have the same password. Passwords are limited to eight characters.
Priority
Specify the WCCP priority for traffic redirection. If a connection matches multiple service groups on a router, the router chooses the service group with the highest priority. The range is 0 to 255. The default value is 200.
The priority value must be consistent across all SteelHeads within a particular service group.
Weight
Specify the percentage of connections that are redirected to a particular SteelHead interface, which is useful for traffic load balancing and failover support. The number of TCP, UDP, or ICMP connections a SteelHead supports determines its weight. The more connections a SteelHead model supports, the heavier the weight of that model. In RiOS 6.1 and later, you can modify the weight for each in-path interface to manually tune the proportion of traffic a SteelHead interface receives.
A higher weight redirects more traffic to that SteelHead interface. The ratio of traffic redirected to a SteelHead interface is equal to its weight divided by the sum of the weights of all the SteelHead interfaces in the same service group. For example, if there are two SteelHeads in a service group and one has a weight of 100 and the other has a weight of 200, the one with the weight 100 receives 1/3 of the traffic and the other receives 2/3 of the traffic.
However, since it’s generally undesirable for a SteelHead with two WCCP in-path interfaces to receive twice the proportion of traffic, for SteelHeads with multiple in-paths connected, each of the in-path weights is divided by the number of that SteelHead's interfaces participating in the service group.
As an example, if there are two SteelHeads in a service group and one has a single interface with weight 100 and the other has two interfaces each with weight 200, the total weight will still equal 300 (100 + 200/2 + 200/2). The one with the weight 100 receives 1/3 of the traffic and each of the other's in-path interfaces receives 1/3 of the traffic.
The range is 0 to 65535. The default value corresponds to the number of TCP connections your SteelHead supports.
Failover Support
To enable single in-path failover support with WCCP groups, define the service group weight to be 0 on the backup SteelHead. If one SteelHead has a weight 0, but another one has a nonzero weight, the SteelHead with weight 0 doesn’t receive any redirected traffic. If all the SteelHeads have a weight 0, the traffic is redirected equally among them.
The best way to achieve multiple in-path failover support with WCCP groups is to use the same weight on all interfaces from a given SteelHead for a given service group. For example, suppose you have SteelHead A and SteelHead B with two in-path interfaces each. When you configure SteelHead A with weight 100 from both inpath0_0 and inpath0_1 and SteelHead B with weight 200 from both inpath0_0 and inpath0_1, RiOS distributes traffic to SteelHead A and SteelHead B in the ratio of 1:2 as long as at least one interface is up on both SteelHeads.
In a service group, if an interface with a nonzero weight fails, its weight transfers over to the weight 0 interface of the same service group.
For details on using the weight parameter to balance traffic loads and provide failover support in WCCP, see the SteelHead Deployment Guide.
Encapsulation Scheme
Specifies the method for transmitting packets between a router or a switch and a SteelHead interface. Select one of these encapsulation schemes from the drop-down list:
Either—Use Layer 2 first; if Layer 2 is not supported, GRE is used. This is the default value.
GRE—Generic Routing Encapsulation. The GRE encapsulation method appends a GRE header to a packet before it’s forwarded. This method can cause fragmentation and imposes a performance penalty on the router and switch, especially during the GRE packet deencapsulation process. This performance penalty can be too great for production deployments.
L2—Layer-2 redirection. The L2 method is generally preferred from a performance standpoint because it requires fewer resources from the router or switch than the GRE does. The L2 method modifies only the destination Ethernet address. However, not all combinations of Cisco hardware and IOS revisions support the L2 method. Also, the L2 method requires the absence of L3 hops between the router or switch and the SteelHead.
Assignment Scheme
Determines which SteelHead interface in a WCCP service group the router or switch selects to redirect traffic to for each connection. The assignment scheme also determines whether the SteelHead interface or the router processes the first traffic packet. The optimal assignment scheme achieves both load balancing and failover support. Select one of these schemes from the drop-down list:
Either—Uses Hash assignment unless the router doesn’t support it. When the router doesn’t support Hash, it uses Mask. This is the default setting.
Hash—Redirects traffic based on a hashing scheme and the Weight of the SteelHead interface, providing load balancing and failover support. This scheme uses the CPU to process the first packet of each connection, resulting in slightly lower performance. However, this method generally achieves better load distribution. We recommend Hash assignment for most SteelHeads if the router supports it. The Cisco switches that don’t support Hash assignment are the 3750, 4000, and 4500 series, among others.
Your hashing scheme can be a combination of the source IP address, destination IP address, source port, or destination port.
Mask—Redirects traffic operations to the SteelHeads, significantly reducing the load on the redirecting router. Mask assignment processes the first packet in the router hardware, using less CPU cycles and resulting in better performance.
Mask assignment supports load-balancing across multiple active SteelHead interfaces in the same service group.
The default mask scheme uses an IP address mask of 0x1741, which is applicable in most situations. However, you can change the IP mask by clicking the service group ID and changing the service group settings and flags.
In multiple SteelHead environments, it’s often desirable to send all users in a subnet range to the same SteelHead. Using mask provides a basic ability to leverage a branch subnet and SteelHead to the same SteelHead in a WCCP cluster.
For details and best practices for using assignment schemes, see the SteelHead Deployment Guide.
If you use mask assignment you must ensure that packets on every connection and in both directions (client-to-server and server-to-client), are redirected to the same SteelHead. For details, see the SteelHead Deployment Guide.
Source
IP Mask—Specify the service group source IP mask. The default value is 0x1741.
Port Mask—Specify the service group source port mask.
IP Hash—Specify that the router hash the source IP address to determine traffic to redirect.
Port Hash—Specify that the router hash the source port to determine traffic to redirect.
Destination
IP Mask—Specify the service group destination IP mask.
Port Mask—Specify the service group destination port mask.
IP Hash—Specify that the router hash the destination IP address to determine traffic to redirect.
Port Hash—Specify that the router hash the destination port to determine traffic to redirect.
Ports Mode
Select one of these modes from the drop-down list:
Ports Disabled—Select to disable the ports.
Use Source Ports—The router determines traffic to redirect based on source ports.
Use Destination Ports—The router determines traffic to redirect based on destination ports.
Ports
Specify a comma-separated list of up to seven ports that the router will redirect. Use this option only after selecting either the Use Source Ports or the Use Destination Ports mode.
Router IP Address(es)
Specify a multicast group IP address or a unicast router IP address. You can specify up to 32 routers.
Add
Adds the service group.
Remove Selected Groups
Select the check box next to the name and click Remove Selected Groups.
2. Click Apply to save your settings to the running configuration.
3. Click Save to Disk to save your settings permanently.
Verifying a multiple in-path interface configuration
This section describes how to verify that multiple SteelHeads are participating in WCCP with one or more routers using a multiple in-path interface configuration.
1. Because the SteelHeads are configured as neighbors, messages appear in the log at INFO level when the neighbors connect to each other, and the log displays a list of in-path IP addresses.
2. When the weight computation is about to begin, a message appears in the log at INFO level that the SteelHead interface with the lowest IP address is taking over as the lead cache.
3. When the weight computation is complete, a REDIRECT_ASSIGN WCCP message appears from the SteelHead interface with the lowest IP address. This message includes the load balancing information from the hash or mask value table.
For more WCCP troubleshooting, see the SteelHead Deployment Guide.
Modifying WCCP group settings
You modify WCCP service group settings, add additional routers to a service group, and set flags for source and destination ports to redirect traffic (that is, the hash table settings) in the Networking > WCCP Service Group: <group ID> page.
Before you can modify WCCP service group settings, you must create a WCCP service group. For details about creating a WCCP service group, see Configuring WCCP.
When you are modifying service group settings in RiOS 6.1 or later, the service group description includes the interface.
To modify WCCP service group settings
1. Choose Networking > Network Integration: WCCP to display the WCCP page.
2. Select the service group ID in the Groups list to expand the page.
3. Under Editing Service Group <name><interface>, modify the settings.
4. Click Apply to save your settings to the running configuration.
5. Click Save to Disk to save your settings permanently.
Related topics
Configuring general service settings
Verifying a multiple in-path interface configuration