Problem:
So I was working on implementing WCCP redirection for networks to get TCP accelerated between two data centers and I ran into a problem. The problem was that subnets behind the core switches were not getting WCCP redirected into the WAAS units. So I wonder why? It’s matching the redirect-list ACL and shows up in the ACL hit counters. Subnets directly connected on the CORE switch was getting accelerated fine, I saw TFO matches in the WAE-7371s but any subnet behind in the ACCESS switches were NOT getting accelerated. They were still in PT: pass-through. So I said to myself, wtf?!

After a few hours of thinking in my private office with a magazine, I realized… crap, this is an MPLS-enabled data center… from source IP: 10.10.12.0/24 to destination: 10.20.20.0/24 is applied an MPLS label and switched instead of IP routed towards the destined network.

MPLS Shim Header

So that means there is an extra SHIM HEADER between L2 and L3… if WCCP gets redirected based on IP, then uhh… crap, it never will see the IP header because the CORE is reading the MPLS LABEL when the ACCESS pushed a label as the IP packet came ingress into VLAN12 on ACCESS switches. Bingo!!! This was the reason why WCCP wasn’t redirecting anything behind my CORE switches in the data center.

Solution: I had to remove MPLS-TE paths from source 10.10.12.0/24 towards 10.20.20.0/24 with a special policy, everything else gets label switched as usual. I really hate doing these “one-off” type configurations but it was the only way I could get WCCP working to the WAAS units in an MPLS enabled data center environment.  I really do hope Cisco IOS supports MPLS labels in WCCP in the future…. After my fix, I was successfully seeing “optimized” connections in both source/destination WAAS boxes. No more MPLS shim header, so WCCP was able to read the IP header to redirect transparently.

WAAS with MPLS-enabled Data Center