WCCP router-affinity settings

book

Article ID: 171082

calendar_today

Updated On:

Products

SG-300 SG-600 SG-9000 SG-900 SG-S500 SG-S400 SG-S200

Issue/Introduction

What should be my router affinity configuration in WCCP?

Environment

By default, the ProxySG uses regular routing table lookups to determine the next hop for intercepted
traffic. However, in some cases you may have routing policies that prevent your client- and/or server-bound traffic from reaching its destination (for example, if your WCCP router is multiple hops away from the ProxySG). With router affinity, the ProxySG returns intercepted client- and/or server-side traffic
that it intercepts to the router using the negotiated return method, ensuring that the traffic is always
returned to the same WCCP router that redirected it.

For example, network where router A1 only has routes to the B1 and C1 subnets and router A2 only has routes to the B2 and C2 subnets. Because the ProxySG’s default router is configured as A2, if you enable WCCP on A1’s client- and server- facing interfaces, packets from the ProxySG destined for B1 and C1 will be dropped by A2 because it does not have routing information for those subnets. Therefore, to ensure that redirected traffic from B1 and C1 is routed properly (without configuring additional routes on A2, which would change the existing routing policies), you can enable router affinity on the ProxySG. Notice that because there is no client traffic coming from C1 in this example (and therefore incoming SYN packets will only be coming from B1), you only need to enable router affinity (for client- and server-side traffic) traffic on service group 90 and not on service group 92. 

router-affinity [client | server | both] Indicates whether the ProxySG will use the negotiated returning-type (GRE or L2) to return all packets (intercepted as well as bypassed packets) to the WCCP router t hat originally redirected the traffic to it.
 Possible values are: 
• client — return intercepted client-side traffic to the originating WCCP router using the negotiated returning-type. 
• server — return intercepted server-side traffic to the originating WCCP router using the negotiated returning-type. 
• both — return intercepted client- and server-side traffic to the originating WCCP router using the negotiated returning-type. 
Example: router-affinity both 

 

Resolution

Configure WCCP from CLI  and enable router affinity on service group 90:

wccp enable
wccp version 2
service-group 90
interface 0:1
protocol 6
priority 1
forwarding-type gre
assignment-type hash
service-flags source-ip-hash
router-affinity both
home-router 1.2.3.4
end
service-group 92
interface 0:1
protocol 6
priority 1
forwarding-type gre
assignment-type hash
service-flags destination-ip-hash
home-router 1.2.3.4
end
CONFIGURATION EXAMPLE—ROUTER AFFINITY (CONTINUED)