Router Support for WCCP
Configuring the router for WCCP is very simple. WCCP version 2 support is included in all modern routers, having been added to the Cisco IOS at release 12.0(11)S and 12.1(3)T. The best router-configuration strategy is determined by the characteristics of your router and switches. Traffic shaping requires two service groups.
If your router supports Reverse Path Forwarding, you must disable it on all ports, because it can confuse WCCP traffic with spoofed traffic. This feature is found in newer Cisco routers such as the Cisco 7600.
Router Configuration Strategies
There are two basic approaches to redirecting traffic from the router to the appliance:
- On the WAN port only, add a “WCCP redirect in” statement and a “WCCP redirect out” statement.
- On every port on the router, except the port attached to the appliance, add a “WCCP redirect in” statement.
The first method redirects only WAN traffic to the appliance, while the second method redirects all router traffic to the appliance, whether it is WAN related or not. On a router with several LAN ports and substantial LAN-to-LAN traffic, sending all traffic to the appliance can overload its LAN segment and burden the appliance with this unnecessary load. If GRE is used, the unnecessary traffic can load down the router as well.
On some routers, the “redirect in” path is faster and puts less of a load on the router’s CPU than does the “redirect out” path. If necessary, this can be determined by direct experiment on your router: Try both redirection methods under full network load to see which delivers the highest transfer rates.
Some routers and WCCP-capable switches do not support “WCCP redirect out,” so the second method must be used. To avoid overloading the router, the best practice to avoid redirecting large numbers of router ports through the appliance, perhaps by using two routers, one for WAN routing and one for LAN-to-LAN routing.
In general, method 1 is simpler, while method 2 may provide greater performance.
Traffic Shaping and WCCP
A service group can be either TCP or UDP, but not both. For the traffic shaper to be effective, both kinds of WAN traffic must pass through the appliance. Therefore:
- Acceleration requires one service group, for TCP traffic.
- Traffic shaping requires two service groups, one for TCP traffic and one for UDP traffic.
- The difference between the two is configured on the appliance, and the router accepts this configuration.