October 05, 2008, 3:58 PM — I'm frequently asked to recommend or validate a WCCP design for customers. This tech note will summarize the most current capabilities and recommendations for using WCCPv2 with Cisco Wide Area Application Services (WAAS).
WCCPv2 is the preferred off-path interception mechanism for WAAS. WCCP with WAAS is currently supported on a variety of routing platforms, including the Integrated Services Router (ISR models 1800, 2800, and 3800), 3700 series Access Routers, Cisco 7200 series routers (with NPE-400, NPE-G1, NPE-G2 only),7600 routers, and ASR 1000 series routers. WCCP is also supported on a variety of switching products, including the Catalyst 3560/3750, Catalyst 4500/4948, and Catalyst 6500.
WCCP Platform Support
The following platforms are recommended for use with Cisco WAAS and the WCCP tcp-promiscuous services:
- Cisco Integrated Services Routers (1800, 2800, 3800)
- Cisco 3700, 7200 (NPE-400, NPE-G1, and NPE-G2 only), 7600, and ASR 1000 Series Routers
- Cisco Catalyst 3560 and 3750 Series Switches
- Cisco Catalyst 4500 and 4948 Series Switches
- Cisco Catalyst 6500 Series Switches
The following table lists the key capabilities of each platform:
| Platform | OS Version | Forwarding | Return | Assignment | Direction | Redirect List |
|---|---|---|---|---|---|---|
| IOS (Software-based) | < 12.4(20)T | GRE | GRE | Hash | In or Out | Yes |
| IOS (Software-based) | > 12.4(20)T | GRE or L2 | GRE or L2 | Hash or Mask | In or Out | Yes |
| ASR 1000 Series | 2.1 XE | GRE or L2 | GRE or L2 | Mask | In | Yes |
| Cisco 7600 Series | 12.2(18)SXD1 | GRE or L2 | GRE | Hash or Mask | In or Out | Yes 1 |
| Catalyst 3560/3750 | 12.37(SE) | L2 | GRE or L2 | Mask | In | Yes 2 |
| Catalyst 4500/4948 | 12.2(31)SG | L2 | L2 | Mask | In | No |
| Catalyst 6500 (Sup2) | 12.1(13)E | GRE or L2 | GRE | Hash or Mask | In or Out | Yes 1 |
| Catalyst 6500 (Sup32/Sup720) | 12.2(18)SXD1 | GRE or L2 | GRE or L2 | Hash or Mask | In or Out | Yes 1 |
1 The following options are supported in the redirect list: source & destination IP addresses (host or subnet), individual source and destination port numbers ("eq" operator only), DSCP, TOS and precedence operators ("dscp", "precedence" and "tos" keywords), IP options ("options" keyword), and logging.
2 Only 'permit' entries are supported.
The following platforms support WCCP, but their implementation is not compatible with WAAS:
- Catalyst 6500, Sup1a
- Cisco PIX/ASA Firewalls
- Catalyst 3550 Series Switch
Configuration Recommendations
The following best practices should be followed for implementing WCCP on a software-based platform:
- GRE Forwarding (Default)
- Hash Assignment (Default)
- Inbound or Outbound Interception
- "ip wccp redirect exclude in" on WCCP client interface (outbound interception only)
- WAAS Egress Method: IP Forwarding, Negotiated Return, Generic GRE Return
The following best practices should be followed for implementing WCCP on a hardware-based platform:
- L2 Forwarding
- Mask Assignment
- Inbound Interception
- No "ip wccp redirect exclude in"
- WAAS Egress Method: IP Forwarding, Generic GRE (Cat6k PFC-based systems only)
This combination of configuration options will ensure WCCP interception is handled completely in hardware on hardware-based platforms. There is no impact on switch CPU utilization or forwarding performance in these cases.
Warning
Use of alternate configurations, such as hash assignment, the 'ip wccp redirect exclude in' command, the negotiated return egress method, can lead to elevated levels of CPU utilization and a reduction in overall performance.
Note
The Catalyst 6500/7500 do not support WCCP+NAT on the same interface for the same flows. Prior to PFC3B hardware, the Catalyst 6500/7600 platforms do not support WCCP+NAT in hardware when configured on the same interface. You can check the PFC mode with the command show platform hardware pfc mode. With PFC3B or later hardware, the following command is required for hardware processing of WCCP+NAT on the same interface: mls ip nat netflow-frag-l4-zero.
