Cisco Cisco Web Security Appliance S670 Troubleshooting Guide
WSA Behavior on Path MTU Discovery with Use of
WCCP
WCCP
Document ID: 118843
Contributed by Ivo Sabev, Cisco TAC Engineer.
Mar 17, 2015
Mar 17, 2015
Contents
Introduction
Background Information
Pre−phase
How Path MTU Dicovery and WCCP Work Separately
Path MTU Discovery
WCCP
Problem
Solution
Additional Notes
Background Information
Pre−phase
How Path MTU Dicovery and WCCP Work Separately
Path MTU Discovery
WCCP
Problem
Solution
Additional Notes
Introduction
This document describes a problem encountered where the router drops packets when your configuration
includes both Web Cache Communication Protocol (WCCP) and path Maximum Transmission Unit (MTU)
discovery, and it provides a solution to the problem.
includes both Web Cache Communication Protocol (WCCP) and path Maximum Transmission Unit (MTU)
discovery, and it provides a solution to the problem.
Background Information
Pre−phase
When looked at separately, many features are excellent to handle a specific problem. Sometimes though, if
you combine two or three techniques, it produces some awkward behavior and you must introduce another
feature or workaround in order to make it work properly. For example, use spanning tree and Open Shortest
Path First (OSPF) and Layer 2 (L2) convergence takes longer (20s) than OSPF (1s if minimum dead interval
is used), but replace spanning tree with Multiple Spanning−Tree (MST) and it functions properly again.
you combine two or three techniques, it produces some awkward behavior and you must introduce another
feature or workaround in order to make it work properly. For example, use spanning tree and Open Shortest
Path First (OSPF) and Layer 2 (L2) convergence takes longer (20s) than OSPF (1s if minimum dead interval
is used), but replace spanning tree with Multiple Spanning−Tree (MST) and it functions properly again.
The same interoperability behavior has been observed between WCCP and path MTU discovery; many think
that it is the Generic Routing Encapsulation (GRE) header problem. However, this document explains the real
cause.
that it is the Generic Routing Encapsulation (GRE) header problem. However, this document explains the real
cause.
How Path MTU Dicovery and WCCP Work Separately
Path MTU Discovery
Each line has its limit on how large a packet can be. If you send a larger packet than is supported, then it is
dropped. One of the roles of the L3 devices (routers) on the way is to take care and chop large packets from
one of the lines to the other one in order to make sure that end−to−end communication is transparent to each
line's capabilities.
dropped. One of the roles of the L3 devices (routers) on the way is to take care and chop large packets from
one of the lines to the other one in order to make sure that end−to−end communication is transparent to each
line's capabilities.
Sometimes though, end hosts are configured in such a way that their packets cannot be chopped (for example,