太平保险 - RB WCCP 部署排错

Topology

目的:上海(田林)数据中心与苏州分公司之间加速通道无法建立。上海田林使用wccp旁路部署,HA做高可用性。苏州使用串接部署。

issue: 苏州设备上架后,加速通道无法建立。

排错思路:

CPIC WCCP Configuration Steps

Step 1. Configure the SteelHead a an in-path device and enable in-path support.

#--- Configure the basic IP addressing of the SteelHead.
#--- Primary address is used for management as well as for RiOS data store sync.
#--- The primary interface is not shown in the diagram
#--- as this can be attached to any accessible network.
interface primary ip address 10.193.23.11 /24
ip default-gateway x.x.x.x
interface inpath0_0 ip address x.x.x.x /xx
ip in-path-gateway inpath0_0 x.x.x.x
interface inpath0_1 ip address x.x.x.x /xx
ip in-path-gateway inpath0_1 x.x.x.x
in-path enable

#-- Enable virtual In-path support for WCCP
in-path oop enable

#--- Enables Connection Forwarding to neighbor RB2-Address
#--- allow-failure allows the SteelHead to continue optimizing
#--- traffic even if the neighbor is down
steelhead communication enable
steelhead name SH2 main-ip Peer-RB-WAN0_0-ADDRESS
steelhead communication allow-failure
steelhead communication advertiseresync

#--- Enable WCCP and create Service Groups 61 & 62; assign
#--- router IP addresses for each service group.
#--- If the SteelHead is Layer-2 adjacent use the interface IP of the router
wccp enable
wccp interface inpath0_0 service-group 61 routers INTERFACE-IP-OF-ROUTER1 INTERFACE-IP-OF-ROUTER2
wccp interface inpath0_0 service-group 62 routers INTERFACE-IP-OF-ROUTER1 INTERFACE-IP-OF-ROUTER2
wccp interface inpath0_1 service-group 61 routers INTERFACE-IP-OF-ROUTER1 INTERFACE-IP-OF-ROUTER2
wccp interface inpath0_1 service-group 62 routers INTERFACE-IP-OF-ROUTER1 INTERFACE-IP-OF-ROUTER2

#--- The above omits configurations related to selecting redirection or assignment methods.
#--- It is recommended to read, understand, and select the methods most appropriate for the
#--- environment. For example, the majority of L3 switches prefer L2 redirection and mask
#--- assignment. When using mask assignment, follow the best practices to ensure consistent
#--- assignment in either direction, typically by using source IP mask in one service group,
#--- and destination IP mask in the other.
#--- Enable RiOS data store synchronization and set this SteelHead as the primary
datastore sync master
datastore sync peer-ip 10.10.1.13
datastore sync enable

#--- Save && Restart
write memory
restart

=====================================================================================

Step 2. Enable WCCP on the router by creating a service group on the router.

!--- Create the access control lists that determine what traffic to redirect
!--- to the SteelHeads. Creating two separate ACLs is optional
!--- Deny all traffic sourced from or destined to the SteelHead
!--- in-path IP addresses and allow traffic from the client subnets to
!--- the server subnets

ip access-list extended WCCP_ACL_61
deny tcp <WAN0_0-Subnet> <Reserve-Subnet-Mask> any
deny tcp any <WAN0_0-Subnet> <Reserve-Subnet-Mask>
permit tcp <LAN-subnets> <WAN-subnets>

!--- Deny all traffic sourced from or destined to the SteelHead
!--- in-path IP addresses and allow traffic from the server subnets to
!--- the client subnets
ip access-list extended WCCP_ACL_62
deny tcp <WAN0_0-Subnet> <Reserve-Subnet-Mask> any
deny tcp any <WAN0_0-Subnet> <Reserve-Subnet-Mask>
permit tcp <LAN-subnets> <WAN-subnets>

=====================================================================================

Step 3. Set the router to use WCCP to redirect traffic to the WCCP SteelHead.

!--- Enable WCCPv2 and service groups 61 & 62; define the redirect
!--- lists for each service group
ip wccp version 2
ip wccp 61 redirect-list WCCP_ACL_61
ip wccp 62 redirect-list WCCP_ACL_62

=====================================================================================

Step 4. Attach the desired SteelHead in-path interface WAN interface to the network. The WAN interface must be able to communicate with the switch or router on which WCCP is configured and where WCCP redirection takes place.

!--- Add WCCP service group 62 to the server-facing interfaces
interface f0/0
ip wccp 62 redirect in

!--- Add WCCP service group 61 to the client-facing interfaces
interface s0/0
ip wccp 61 redirect in

=====================================================================================

Step 5. Add the service group on the WCCP SteelHead interface.

!--- As a best practice use “redirect exclude in” on the interfaces or VLANs
!--- that are connected to the SteelHeads. If you are using
!--- redirect out on any interface this command is REQUIRED.
interface f0/1
ip wccp redirect exclude in
end
write memory

=====================================================================================

问题描述,客户7069路由器使用l2转换方法, 只有直连路由器的WCCP连接才能建立,所以必须删除多余的disconnected wccp邻居。

时间: 2024-10-18 16:05:35

太平保险 - RB WCCP 部署排错的相关文章

SCCM OSD部署排错

前提: 1. 已完成WinPE加载 2. 应用OS镜像是报错 排错过程: 出现错误后按F8 进入到x:\windows\Temp\SMSLog文件夹中,将smsts.log文件拷贝到U盘中 日志分析: 使用Trace日志分析工具分析日志,一般错误或者警告的都有标黄色或者红色显示. 具体的错误问题具体分析. 附件为日志查看工具.

[k8s]k8s 1.9(on the fly搭建) 1.9_cni-flannel部署排错 ipvs模式

角色 节点名 节点ip master n1 192.168.14.11 节点1 n2 192.168.14.12 节点2 n3 192.168.14.13 https://raw.githubusercontent.com/lannyMa/scripts/master/k8s/ 准备token.csv和bootstrap.kubeconfig文件 - 在master生成token.csv BOOTSTRAP_TOKEN="41f7e4ba8b7be874fcff18bf5cf41a7c"

[原创]好买财富测试环境自动化发布部署系统实践

一  为什么要开发一套测试环境自动化发布部署系统? (1) 好买的交易系统越来越庞大,越来越复杂,仅搭建一套系统要涉及到50多件内容: (2)手工搭建测试环境容易出错,投诉较多,各业务方抱怨较多: (3)搭建测试环境效率低下,庞大的系统,旧的方式需要大约忙1天,有时出了问题时间会更长, (4)开发多分支并行开发,抢占市场,要求必须满足公司在快速开发和迭代测试,目前维护了16套环境,估计16年会更多: (5)  以前系统搭建,太依赖个人的经验,人员离职会造成非常大的瓶颈; (6)都是领导逼的,这年

redis专题

1. redis介绍 1.1 什么是redis Redis是用C语言开发的一个开源的高性能 ( key-value ) ,它是一种NOSQL的数据库. redis是单进程单线程的内存数据库, 所以说不存在线程安全问题 redis课支持10wQPS, 可以说性能非常优秀. 之所以单进程单线程性能还那么好, 是因为底层采用了[IO多路复用(NIO思想)] 1.2 redis数据类型 redis提供了五种数据类型: string(字符串) list(链表) set(集合) zset(有序集合) has

ADRMS部署系列之(六)—为Win8+Office2013排错

ADRMS的配置很简单,但是如果说想直接在客户端就能用可就没那么简单了,尤其是Windows Server 2012中的ADRMS,因为引入了新的加密方式,更有可能会引起一些客户端的错误,我们分为win7+Office 2010和win8+Office 2013来看,首先先来看Win8+Office 2013可能遇到的问题 1.登陆之后,打开Office 2013,点开文件 2.然后选择保护文档->限制访问,可以看到在Office 2013中默认显示的是连接到数字权限管理服务器并获取模板,我们直

PXE部署系统过程中报错0x80070490如何排错?举一反三的IT技术学习方式

PXE部署系统过程中报错0x80070490如何排错?举一反三的IT技术学习方式 ?Lander Zhang 专注外企按需IT基础架构运维服务,IT Helpdesk 实战培训践行者http://blog.51cto.com/lander 2018/09/3 7:30 问题描述 相信很多同学在照着某些技术视频或博客学习SCCM服务器是都以为安装配置好了,但在测试的时候总会出现一些莫名其妙的问题,于是在网络上按错误提示去搜索,花了N多时间但进展又缓慢,还经常找不到有效的解决建议,即使找到了这个问题

kicistart 部署linux(实验失败,待排错)

实验环境:    centos7.1    vmware worksation 11 实验设备:    kick.test.com 服务端(kickstart+dhcp+dns+vsftp+tftp) client 客户端(1G内存)        注意内存最小1G,否则回报out of memory的错误. 所需服务:    1.DHCP    2.tftp-server    2.VSFTP    3.DNS 所需文件:    1.vmlinuz    2.initrd    3.ks.cf

企业级分布式监控Zabbix部署+安装排错解决本地无法登录问题+测试邮件报警

---------------------概述---------------------- Zabbix是一个高度集成的企业级开源网络监控解决方案,与Caci. Nagios类似,提供分布式监控以及集中的Web管理界面.被监控对象只要支持SNMP协议或者运行Zabbix_agents代理程序即可,Zabbix的官方网址为http://www.zabbix.com/ 软件可以自由下载使用.补充:SNMP协议:简单网络管理协议(SNMP),由一组网络管理的标准组成,包含一个应用层协议(applica

Redis3.0.7集群部署完整版

Redis3.0.7集群安装部署 Redis集群没有出来前,一直使用Codis集群,现在部署Redis集群看看效果如何. 一,架构 Centos6.5 64位 redis1 redis1:6379主 redis3:6380从 redis2 redis2:6379主 redis1:6380从 redis3 redis3:6379主 redis2:6380从 二,部署Redis实例 1,安装依赖 yum -y install tcl-devel 2,下载 wget http://download.r