Taiping Insurance-RB WCCP Deployment Troubleshooting

topology

Objective: The accelerating channel between Shanghai (TianLin) data center and Suzhou Branch cannot be established. Shanghai TianLin uses WCCP bypass deployment, ha for high availability. Suzhou uses a string-connect deployment.

Issue: After the Suzhou equipment shelves, the acceleration channel cannot be established.

Troubleshooting ideas:

CPIC WCCP Configuration Steps

Step 1. Configure the SteelHead a In-path device and enable In-path support.

#---Configure the basic IP addressing of the SteelHead.
#---Primary address is used for management as well as for RiOS data store sync.
#---The primary interface is not shown in the diagram
#---as this can is attached to any accessible network.
Interface Primary IP address 10.193.23.11/24
IP default-gateway x.x.x.x
Interface Inpath0_0 IP Address x.x.x.x/xx
IP in-path-gateway inpath0_0 x.x.x.x
Interface Inpath0_1 IP Address x.x.x.x/xx
IP in-path-gateway inpath0_1 x.x.x.x
In-path Enable

#--Enable virtual In-path support for WCCP
In-path OOP Enable

#---Enables Connection Forwarding to neighbor Rb2-address
#---Allow-failure allows the SteelHead to continue optimizing
#---Traffic even if the neighbor is down
Steelhead Communication Enable
Steelhead name SH2 Main-ip peer-rb-wan0_0-address
Steelhead Communication Allow-failure
Steelhead Communication Advertiseresync

#---Enable WCCP and create Service Groups &, assign
#---Router IP addresses for each service group.
#---If the SteelHead is Layer-2 adjacent use the interface IP of the router
WCCP enable
WCCP interface Inpath0_0 SE Rvice-group routers interface-ip-of-router1 interface-ip-of-router2
wccp INTERFACE inpath0_0 service-group 62 Routers Interface-ip-of-router1 interface-ip-of-router2
wccp INTERFACE inpath0_1 service-group-Routers Interface-ip-of-router1 interface-ip-of-router2
wccp INTERFACE inpath0_1 service-group Interface-ip-of-router1 Interface-ip-of-router2

#---The above omits configurations related to selecting redirection or assignment methods.
#---It is recommended-read, understand, and select the methods most appropriate for the
#---environment. For example, the majority of L3 switches prefer L2 redirection and mask
#---assignment. When using mask assignment, follow the best practices to ensure consistent
#---Assignment in either direction, typically by using the source IP mask in one service group,
#---and destination IP mask in the other.
#---Enable RiOS data store synchronization and set this SteelHead as the primary
Datastore Sync Master
Datastore Sync Peer-ip 10.10.1.13
Datastore sync Enable

#---Save && Restart
Write memory
Restart

=====================================================================================

Step 2. Enable WCCP on the router by creating a service group on the router.

!---Create The access control lists that determine what traffic to redirect
!---to the Steelheads. Creating separate ACLs is optional
!---Deny all traffic sourced from or destined to the SteelHead
!---In-path IP addresses and allow traffic from the client subnets to
!---the server subnets

IP Access-list Extended wccp_acl_61
Deny TCP <WAN0_0-Subnet> <Reserve-Subnet-Mask> any
Deny TCP any <WAN0_0-Subnet> <Reserve-Subnet-Mask>
Permit TCP <LAN-subnets> <WAN-subnets>

!---Deny all traffic sourced from or destined to the SteelHead
!---In-path IP addresses and allow traffic from the server subnets to
!---the client Subnets
IP Access-list Extended wccp_acl_62
Deny TCP <WAN0_0-Subnet> <Reserve-Subnet-Mask> any
Deny TCP any <WAN0_0-Subnet> <Reserve-Subnet-Mask>
Permit TCP <LAN-subnets> <WAN-subnets>

=====================================================================================

Step 3. Set the router to use WCCP to redirect traffic to the WCCP SteelHead.

!---Enable WCCPv2 and service groups & 62; Define the redirect
!---lists for each service group
ip wccp version 2
ip wccp redirect-list wccp_acl_61
ip wccp redirect-list wccp_acl_62

=====================================================================================

Step 4. Attach the desired SteelHead In-path interface WAN interface to the network. The WAN interface must be able to communicate with the switch or router on which WCCP is configured and where WCCP Redirec tion takes place.

!---Add WCCP Service Group Server-facing interfaces
Interface f0/0
ip wccp redirect in

!---Add WCCP Service Group to the Client-facing interfaces
Interface s0/0
ip wccp redirect in

=====================================================================================

Step 5. ADD the service group on the WCCP SteelHead interface.

!---as a best practice use ' redirect exclude in ' on the interfaces or VLANs
!---that is connected to the Steelheads. If you is using
!---redirect Out interface The This command is REQUIRED.
Interface F0/1
ip wccp redirect Exclude in
End
Write memory

=====================================================================================

Problem description, the client 7069 router uses the L2 conversion method, only the WCCP connection of the direct-attached router can be established, so the redundant disconnected wccp neighbors must be removed.

Taiping Insurance-RB WCCP Deployment Troubleshooting