WCCP Service Group Configuration Details
In a service group, a WCCP router and an SD-WAN appliance (“WCCP Cache” in WCCP terminology) negotiate communication attributes (capabilities). The router advertises its capabilities in the “I See You” message. The communication attributes are:
- Forwarding Method: GRE or Level-2
- Packet Return Method (multicast only): GRE or Level-2
- Assignment Method: Hash or Mask
- Password (defaults to none)
The appliance triggers an alert if it detects an incompatibility between its attributes and those of the router. The appliance might be incompatible because of a specific attribute of a service group (such as GRE or Level-2). More rarely, in a multicast service group, an alert can be triggered when the “Auto” selection chooses a particular attribute with a particular router connected, but the attribute is incompatible with a subsequent router.
Following are the basic rules for the communication attributes within an SD-WAN Appliance.
For Router Forwarding:
- When “Auto” is selected, the preference is for Level-2, because it is more efficient for both router and appliance. Level-2 is negotiated if the router supports it and the router is on the same subnet as the appliance.
- Routers in a unicast service group can negotiate different methods if “Auto” is selected.
- Routers in a multicast service group must all use the same method, whether forced with “GRE” or “Level-2,” or, with “Auto,” as determined by the first router in the service group to connect.
- For an incompatibility, an alert announces that the router “has incompatible router forwarding.”
For Router Assignment:
The default is Hash.
When “Auto” is selected, the mode is negotiated with the router.
All routers in a service group must support the same assignment method (Hash or Mask).
For any service group, if this attribute is configured as “Auto,” the appliance selects “Hash” or “Mask” when the first router is connected. “Hash” is chosen if the router supports it. Otherwise, “Mask” is selected. The problem of subsequent routers being incompatible with the automatically selected method can be minimized by manually selecting a method common to all routers in the service group.
For an incompatibility, an alert announces that the router “has incompatible router assignment method.”
With either method, the single appliance in the service group instructs all the routers in the service group to direct all TCP or UDP packets to the appliance. Routers can modify this behavior with access lists or by selecting which interfaces to redirect to the service group.
For the Mask method, the appliance negotiates the “source IP address” mask. The appliance provides no mechanism to select “destination IP address” or the ports for either source or destination. The “source IP address” mask does not specifically identify any specific IP address or range. The protocol does not provide a means to specify a specific IP address. By default, because there is only a single appliance in the service group, a one-bit mask is used, to conserve router resources. (Release 6.0 used a larger mask.)
- If the router requires a password, the password defined on the appliance must match. If the router does not require a password, the password field on the appliance must be blank.