- Configuring the Router
- Configuring the Appliance
WCCP configuration on the router is simple, because most WCCP parameters are set by the appliances.
Unlike legacy CloudBridge WCCP support, WCCP clustering uses two service groups for TCP traffic. One service group is used on the router's WAN interface, and the other is used on the router's LAN interfaces (except for the LAN interface used by the CloudBridge appliances themselves, when deployed in L2-mode WCCP cluster).
As shown in the following figure, you need to configure two service groups because WCCP allows the mask to be applied to either the source IP or the destination IP address, which is not quite what is required. To keep connections between two endpoints together, regardless of which endpoint initiates the connection, the appliance applies the address mask to the source IP address of incoming WAN traffic, and to the destination IP address of incoming LAN traffic. This requires two service groups.
The WAN service group uses WCCP source-ip address masking, while the LAN service group uses dest-ip masking. In some deployments, it may be necessary to reverse the assignments, using the “WAN” service group for your LAN interface and vice versa. This might occur if the number of local IP addresses greatly exceeds the number of remote IP addresses.
! ! Example is for WCCP clustering using WCCP redirect in statements ! on LAN and WAN interfaces. ! This definition is appropriate for modern Cisco routers. ! Global declarations ip wccp 61 ip wccp 62 ! interface GigabitEthernet1/1 description LAN interface. SG 62 is used for LAN ip address 184.108.40.206 255.255.255.0 ip wccp 62 redirect in ! interface GigabitEthernet1/2 description LAN interface attaching CloudBridge L2-WCCP appliances description (No wccp redirect statements are used on this interface) ip address 220.127.116.11 255.255.255.0 ! interface GigabitEthernet1/3 description WAN interface. SG 61 is used for WAN ip address 18.104.22.168 255.255.255.0 ip wccp 61 redirect in !
! Example for WCCP clustering using WCCP redirect in/out statements on ! WAN interface only ! This definition is appropriate for modern Cisco routers. interface GigabitEthernet1/3 description WAN interface. SG 61 is used for WAN. SG 62 is used for LAN. ip address 22.214.171.124 255.255.255.0 ip wccp 61 redirect in ip wccp 62 redirect out !
In many routers, the ip wccp redirect out path is not optimized in hardware, but uses the CPU. If the router’s capabilities along this path exceeds the WAN speed, this method is practical, and is simpler than using redirect statements on every interface.
Router ACLs can be used to limit redirection. For example, for initial testing, perhaps only a single remote IP address might be allowed to be redirected through WCCP.