Aug 31, 2017
A WCCP deployment follows the same initial steps as an inline deployment, but has additional steps beyond the basic inline procedure.
Perform the following tasks if you have not done so already:
- Install the SD-WAN hardware. See Installing the Hardware.
- Fill out the Deployment Worksheet and perform the initial configuration. See .
- If you are using high-availability mode, see the Configuring the High Availability Setup on the Appliances section before proceeding.
The following high-level procedure summarizes the WCCP installation process, which works for both GRE and L2 forwarding and for any number of routers and links.
To configure WCCP mode
Note: You must follow the hyperlinks and follow the detailed instructions for each step.
Configuring the Router.
- Enable WCCP globally.
- Disable reverse path forwarding if your router supports it.
- Configure WCCP service groups.
Configuring Accelerators for WCCP Negotiation.
- Enable WCCP.
For each service group:
- Create a service group definition on the SD-WAN appliance.
- Verify that this service group establishes WCCP communication with its associated routers.
- Verifying WCCP Mode.
- If using high-availability mode, configure and test the second appliance, then complete the Configuring the High Availability Setup on the Appliances procedure.
Configuring the Router
Note: This information is for WCCP mode. For WCCP Clustering, see the SD-WAN WCCP Clustering topics, especially the Configuring the Router subtopic.
For each WCCP router:
- Enable WCCP in global router configuration.
- For each WCCP service group on the worksheet for this router, declare ip wccp <sg> in global router configuration
- Referring to the configuration examples below, for each WAN interface on this router:
- You can either use Method A or Method B to configure the router:
- Method A: On the WAN interface only, declare ip wccp <sg> redirect in and ip wccp <sg> redirect out for the two service groups associated with the WAN interface.
- Method B: If there is only one WAN interface, you can alternatively declare ip wccp <sg> redirect in on the WAN interface and on every LAN interface except the appliance’s traffic interface.
- If your router supports reverse path forwarding, disable it on this interface by changing any ip verify unicast reverse-path commands to no ip verify unicast reverse-path commands on each interface that has an ip wccp redirect command.
- You can either use Method A or Method B to configure the router:
- Save the configuration.
Router Configuration Examples
For normal operation, you must declare WCCP version 2 and the WCCP group ID for the router as a whole, and then enable redirection on each WAN interface.
Either one or two WCCP service groups can be used, but two are recommended, so that both TCP and UDP can be redirected, allowing more accurate traffic shaping. The WCCP standard requires that TCP and UDP traffic use different service groups.
Method A is required if the router has multiple WAN interfaces.
Following is an example of configuring a Cisco IOS router:
``` pre codeblock ! This example is for WCCP mode, not WCCP clustering ! (which is covered elsewhere) config term ip wccp version 2 ! The two service groups are T11 and T12 on the ! configuration worksheet ! We will use group 72 for TCP and 73 for UDP. ip wccp 72 ip wccp 73
! Repeat the following lines for each WAN interface ! you wish to accelerate: interface
! If reverse-path forwarding is enabled, change any ! ip verify unicast reverse-path commands to ! no ip verify unicates reverse-path commands: no ip verify unicast reverse-path ip wccp 72 redirect out ip wccp 72 redirect in ip wccp 73 redirect out ip wccp 73 redirect in
**Method B** is preferred in circumstances when the routers do not support the wccp redirect out statement. Example Following is an example of configuring a Cisco IOS router: ``` pre codeblock ! This example is for WCCP mode, not WCCP clustering ! (which is covered elsewhere) config term ip wccp version 2 ! ! The two service groups are T11 and T12 on the ! configuration worksheet ! We will use group 72 for TCP and 73 for UDP. ip wccp 72 ip wccp 73 ! Repeat the following lines for the WAN interface ! you wish to accelerate: interface <WAN_Interface> ! ! If reverse-path forwarding is enabled, change any ! ip verify unicast reverse-path commands to ! no ip verify unicates reverse-path commands: no ip verify unicast reverse-path ip wccp 72 redirect in ip wccp 73 redirect in ! Repeat the following lines for all the LAN interfaces ! EXCEPT those connected to the SD-WAN appliance: interface <LAN_Interface> ! ! If reverse-path forwarding is enabled, change any ! ip verify unicast reverse-path commands to ! no ip verify unicates reverse-path commands: no ip verify unicast reverse-path ip wccp 72 redirect in ip wccp 73 redirect in ^Z
Remember to save your router configuration when you are satisfied that it is correct.
Configuring Accelerators for WCCP Negotiation
One accelerator instance manages WCCP control traffic on behalf of all the instances. The WCCP control traffic is negligible. The actual data traffic is divided among all the accelerators.
Note: The GUI calls WCCP mode “single cache.”
Summary: To configure the accelerators for WCCP mode, first enable WCCP mode. Then, configure service groups and create a WAN link definition, on the SD-WAN appliance, for each WAN link on each WCCP router. (Each link has two service groups, one for TCP and one for UDP.) If a service group is already defined for a given link, add the current router’s IP address to the definition. Test the service group’s WCCP status before creating the WAN link definition, and verify link traffic and acceleration status before configuring the next WAN link.
To configure the accelerators for WCCP mode
- On the SD-WAN appliance, Navigate to Configuration > Appliance Settings > Advance Deployments > WCCP page.
- If the Enable button is displayed, click it to enable WCCP mode on the appliance. (If the Disable button is displayed, WCCP mode is already enabled.) Note: We will actually be configuring two caches.
- In the Select Mode area, select Single Cache.
- Starting with accelerator instance #1 (labeled “WCCP Cache 1” on the page), configure the SD-WAN IP Details by entering the external VIP you defined for accelerator instance 1 (T5 on your worksheet for instance #1, T6 for instance #2). Set the subnet mask for the external traffic network (T2 on your worksheet). Set the gateway IP for the external traffic network (T1 on your worksheet). Click Save. The Configure Service Group controls appear.
- In the Configure Service Group section, click Add. An Add Service Group popup appears.
- In the Service Group Details area, specify a WCCP service group ID in the ID field. This ID must match one of the service groups that you have defined on your router. Start with the lowest-numbered service group in your list (T11 for the TCP service class, T12 for the UDP service class.).
- In the WCCP Priority field, set the WCCP priority to 100 for instance #1, or to 80 for instance #2. (Other values work. Use a priority for instance #1 that is greater than the priority for instance #2, and use a priority for instance #2 that is greater than zero.)
- From the Protocol list, select a protocol. You will perform this step for both TCP and UDP. Start with TCP.
- In the Service Group Password field, enter a password if your router is configured to require one. Otherwise, leave the field blank.
- In the Router Communications Details area, in the Router IP Address field, enter the IP address of the router. This is the router’s address for its appliance-facing interface (T8 on your worksheet). If you use multiple routers to communicate with the appliance, list them all here.
- From the Router Assignment list, select a router assignment (Hash, Mask, or Auto). Auto is recommended. If Auto is selected, Hash is negotiated if the router supports it. Otherwise Mask is used.
- From the Router Forwarding list, select Level 2 or GRE. The same method must be used for both outbound and inbound packets. L2 is recommended whenever possible, as GRE adds overhead to both the router and the appliance. L2 requires that your router support Level 2, and that the router’s IP and the VIP addresses be in the same subnet. Otherwise, use GRE.
- Click Create.
- Repeat steps 6-13 with the next service group in sequence, but selecting UDP instead of TCP.
- Repeat steps 4-14 for instance #2 (called “WCCP Cache 2” in the GUI), except that the Cache IP is T6 from your worksheet (instead of T5), and the WCCP priority value is 80 (instead of 100).
- If desired, click Advanced Settings on the WCCP page and select a quicker timeout (Responsive or Tolerant, rather than Default). This is a WCCP 2.1 feature and is not supported by all routers. If the appliance has trouble connecting to the router, set this parameter back to Default.
Note: You must consider the following points when configuring a Citrix SD-WAN 4000/5000 appliance:
- Traffic is load balanced across the accelerators on the basis of NetScaler load balancing policies.
- The WCCP service group ID that you assign to the accelerator must match a service group defined on your router, or the WCCP negotiation fails.