Configuring the Router
WCCP configuration on the router is simple, because most WCCP parameters are set by the appliances.
Unlike legacy SD-WAN WCCP support, WCCP clustering uses two service groups for TCP traffic. One service group is used on the router’s WAN interface, and the other is used on the router’s LAN interfaces (except for the LAN interface used by the SD-WAN appliances themselves, when deployed in L2-mode WCCP cluster).
As shown in the following figure, you need to configure two service groups because WCCP allows the mask to be applied to either the source IP or the destination IP address, which is not quite what is required. To keep connections between two endpoints together, regardless of which endpoint initiates the connection, the appliance applies the address mask to the source IP address of incoming WAN traffic, and to the destination IP address of incoming LAN traffic. This requires two service groups.
The WAN service group uses WCCP source-ip address masking, while the LAN service group uses dest-ip masking. In some deployments, it may be necessary to reverse the assignments, using the “WAN” service group for your LAN interface and vice versa. This might occur if the number of local IP addresses greatly exceeds the number of remote IP addresses.
Figure 1. SD-WAN WCCP Cluster
To configure WCCP clustering on the router
This procedure assumes Cisco routers, but is similar on other routers. It uses the first of the two methods, discussed above, of redirecting WCCP traffic with an ip wccp redirect in statement on both LAN and WAN ports.
- Fill in the WCCP clustering Deployment Worksheet.
- Log on to your router
- In the global declarations section, declare each service group on the WCCP clustering worksheet, listed as WAN service group and LAN Service group. For example, ip wccp 61 and ip wccp 62. Note: The ip wccp command allows, but does not require, a more elaborate syntax than this, and can specify an ACL name or a password. Both service groups must have the same password, if one is used. The ACLs can be different.
- Inside the interface declarations for each WAN interface that connects to remote SD-WAN appliances, add an ip wccp x redirect in statement, where x is the WAN service group from the WCCP clustering worksheet.
- Inside the interface declarations for each LAN interface (except the one connecting to the WCCP cluster, if you are using L2 mode), add an ip wccp y redirect in statement, where y is the LAN service group from the WCCP clustering worksheet.
- Save your configuration.
Example. The following example uses service group 61 for the WAN service group and service group 62 for the LAN service group. Three router interfaces are used. One is connected to the WAN, one is connected to the LAN, and one is connected to the WCCP cluster.
``` pre codeblock ! ! Example is for WCCP clustering using WCCP redirect in statements ! on LAN and WAN interfaces. ! This definition is appropriate for modern Cisco routers. ! Global declarations ip wccp 61 ip wccp 62 ! interface GigabitEthernet1/1 description LAN interface. SG 62 is used for LAN ip address 184.108.40.206 255.255.255.0 ip wccp 62 redirect in ! interface GigabitEthernet1/2 description LAN interface attaching SD-WAN L2-WCCP appliances description (No wccp redirect statements are used on this interface) ip address 220.127.116.11 255.255.255.0 ! interface GigabitEthernet1/3 description WAN interface. SG 61 is used for WAN ip address 18.104.22.168 255.255.255.0 ip wccp 61 redirect in !
Note: If the router used multiple ports for LAN traffic, each port is configured with an ip wccp 62 redirect in statement. Similarly, if the router used multiple ports for WAN traffic, each port is configured with an ip wccp 61 redirect in statement. - If the router used multiple ports for LAN traffic, each port is configured with an ip wccp 62 redirect in statement. Similarly, if the router used multiple ports for WAN traffic, each port is configured with an ip wccp 61 redirect in statement. - If multiple routers shared the same WCCP cluster, they use the same service groups. It is also possible to use ip wccp redirect statements on only the WAN interfaces: ``` pre codeblock ! Example for WCCP clustering using WCCP redirect in/out statements on ! WAN interface only ! This definition is appropriate for modern Cisco routers. interface GigabitEthernet1/3 description WAN interface. SG 61 is used for WAN. SG 62 is used for LAN. ip address 22.214.171.124 255.255.255.0 ip wccp 61 redirect in ip wccp 62 redirect out !
In many routers, the ip wccp redirect out path is not optimized in hardware, but uses the CPU. If the router’s capabilities along this path exceeds the WAN speed, this method is practical, and is simpler than using redirect statements on every interface.
Router ACLs can be used to limit redirection. For example, for initial testing, perhaps only a single remote IP address might be allowed to be redirected through WCCP.