Cisco Wide Area Application Engine 612 User Manual

C H A P T E R4Network Integration and InterceptionThis chapter provides an in-depth review of the network integration and interception capabilities of

84 Chapter 4: Network Integration and Interceptioninterface for the group. The standby interface does not have a preempt capability. When a new i

Interface Connectivity 85To check the status of the standby interface, use the show interface Standby standby-interface-number command. Example 4-

86 Chapter 4: Network Integration and InterceptionIn this output, the only indication that the interface is a member of a standby group is the se

Interception Techniques and Protocols 87of the WCCPv2 protocol, you are encouraged to read the WCCPv2 protocol draft. The full WCCPv2 IETF draft i

88 Chapter 4: Network Integration and InterceptionWell-known services, also referred to as static services, have a fixed set of characteristics th

Interception Techniques and Protocols 89A description of each value is provided in Table 4-2.Example 4-9 WCCP Service Group Attributes AST6-RTR-02

90 Chapter 4: Network Integration and InterceptionThe command output shows that the only difference between services 61 and 62 is the value from

Interception Techniques and Protocols 91Figure 4-6 WCCP Redirection Using GRE ForwardingFigure 4-7 WCCP Redirection Using L2 ForwardingOne of the

92 Chapter 4: Network Integration and InterceptionThe return method defines how traffic should be returned from the WAE to the redirecting router f

Interception Techniques and Protocols 93Figure 4-8 WCCP Redirection Using Hash AssignmentFigure 4-9 WCCP Redirection Using Mask AssignmentScr IP 1

76 Chapter 4: Network Integration and InterceptionFigure 4-1 NME-WAE Physical Interface ConnectivityThe WAE interface configuration options are si

94 Chapter 4: Network Integration and InterceptionFailure DetectionOnce a WAE has successfully joined a service group, a periodic keepalive packe

Interception Techniques and Protocols 95Flow ProtectionWhen a WAE (re)joins the service group, a new Redirect Assignment message is generated by t

96 Chapter 4: Network Integration and Interceptionconfigured with the IP address of each WAE in the service group. Each router listens passively f

Interception Techniques and Protocols 97This example uses a redirect list to allow WCCPv2 to intercept and redirect SMTP traffic only on port 25.Se

98 Chapter 4: Network Integration and InterceptionFor the reverse direction of the connection, service group 62 is used. Service group 62 will be

Interception Techniques and Protocols 99Example 4-12 shows a basic WCCP router list configuration.Up to six IP addresses may be defined per line. Fo

100 Chapter 4: Network Integration and InterceptionThe IOS WCCPv2 configuration involves two steps. First, the WCCPv2 services are configured in gl

Interception Techniques and Protocols 101Note that the ip wccp redirect exclude in command is configured on the subinterface connecting to the WAE.

102 Chapter 4: Network Integration and InterceptionThis example uses inbound redirection on the interface connecting to the client subnet and the

Interception Techniques and Protocols 103The L2 forwarding and mask assignment options are configured as part of the service definition in WAAS. The

Interface Connectivity 77One of the interface configuration commands that behaves differently in WAAS versus IOS is the bandwidth command. The band

104 Chapter 4: Network Integration and InterceptionPBR functions in a similar manner to WCCPv2, in that a router/switch running Cisco IOS is confi

Interception Techniques and Protocols 105Because PBR evaluates only traffic entering an interface, the route map entries are configured on both the

106 Chapter 4: Network Integration and InterceptionPhysical inline interception is an attractive option for situations where it is not possible o

Interception Techniques and Protocols 107The keepalive frequency is configurable between 1 and 10 seconds. The default failover timer is set to 3 s

108 Chapter 4: Network Integration and InterceptionVLAN ID that is excluded from interception will be bridged without any optimization. This capa

Interception Techniques and Protocols 109Content SwitchingContent switching is the final interception mechanism discussed in this chapter. Content

110 Chapter 4: Network Integration and Interception• Support for up to 250 virtual partitions, allowing customers to create virtual ACE modules u

Egress Methods for Intercepted Connections 111Figure 4-17 ACE Deployed Using Routed ModeACE is typically deployed in conjunction with WAAS using t

112 Chapter 4: Network Integration and InterceptionProtocol (GLBP) to be used for default gateway redundancy. HSRP provides an active/standby con

Egress Methods for Intercepted Connections 113the WAE. The following CLI command changes the default EMIC from IP forwarding to negotiated return:

78 Chapter 4: Network Integration and InterceptionIn addition to the normal interface information, such as IP address, Ethernet address, and coun

114 Chapter 4: Network Integration and InterceptionNetwork Integration Best PracticesThe following network integration best practices are recomme

Summary 115SummaryThis chapter provided a detailed examination of the various methods for integrating WAAS into the network infrastructure. The ch

Interface Connectivity 79the channel group. The EtherChannel interface uses the MAC address from one of the physical interfaces in the group. The

80 Chapter 4: Network Integration and InterceptionExample 4-3 shows a basic EtherChannel configuration.You should observe the following limitation

Interface Connectivity 81Each member of the channel group, along with the status of the interface, is shown at the beginning of the output. The MA

82 Chapter 4: Network Integration and InterceptionThe command output for each physical interface is the same as it is without EtherChannel configu

Interface Connectivity 83Figure 4-3 WAE Connected Using Standby Interface FeatureThe failure of the active interface in the standby group is detec