Cisco Nexus 7000 NX-OS has a bug with WCCP that prevents the ProxySG from establishing a WCCP session with the Nexus 7000. The ProxySG will not establishing a WCCP session when the ProxySG's WCCP configuration is using defined port numbers for redirection. If Web-Cache (Port 80 only) is used, WCCP is established correctly and redirection works for port 80.
Cisco Nexus 7000 NX-OS versions with the known WCCP bug: 4.2 though 4.2(2a). Cisco has identified this as bug #: CSCtg76473
HIM with ZERO (0x0) Recieve ID from WCCP Client where ISY show recieve ID increment. WCCP service will not come up on N7K.
ProxySG reports the following in WCCP Debug Log:
7595.321 WCCP0.C873FD4: Service Group 'Dynamic/91' service mismatch 7595.321 WCCP0.C873FD4: tt=4, tl=20, len=68, buffer_length=120 7595.321 WCCP0.C873FD4: tt=2, tl=20, len=44, buffer_length=120 7595.321 WCCP0.C873FD4: tt=1, tl=24, len=16, buffer_length=120 7595.321 WCCP0.C873FD4: tt=0, tl=4, len=8, buffer_length=120 7595.320 WCCP0.C873FD4: 1148 bytes sent to 10.50.128.1 7595.320 WCCP0.C873FD4: Build_mask_value_set(64), total_weight=0 7595.320 WCCP: Service Group 'Dynamic/91/v2' Timer timeout.
Cisco Nexus 7000 reports this in WCCP debug:
Nexus7K# debug ip wccp events Nexus7K# debug ip wccp packets
Nexus7K# 2010 May 3 13:21:39.352364 wccp: WCCP-PKT: vrf default service 91: Received valid Here_I_Am packet from 10.50.128.10 w/ Receive ID: 0x0 2010 May 3 13:21:39.352949 wccp: WCCP-PKT: vrf default service 91: Sending I_See_You packet to 10.50.128.10 w/ Receive ID 0x634d 2010 May 3 13:21:49.352300 wccp: WCCP-PKT: vrf default service 91: Received valid Here_I_Am packet from 10.50.128.10 w/ Receive ID: 0x0 2010 May 3 13:21:49.352766 wccp: WCCP-PKT: vrf default service 91: Sending I_See_You packet to 10.50.128.10 w/ Receive ID 0x634e 2010 May 3 13:21:59.352280 wccp: WCCP-PKT: vrf default service 91: Received valid Here_I_Am packet from 10.50.128.10 w/ Receive ID: 0x0 2010 May 3 13:21:59.352841 wccp: WCCP-PKT: vrf default service 91: Sending I_See_You packet to 10.50.128.10 w/ Receive ID 0x634f
There is NO workaround to Cisco's WCCP problem if defined port numbers must be used. The only solution is to upgrade the Cisco Nexus 7000 to a fixed version of NX-OS.
Note: The reported versions of NX-OS that has the fix has not been tested by Blue Coat. The reported versions with the fix are from Cisco's Bug Details for bug number CSCtg76473 .
If the problem is still happening after upgrading, try changing the WCCP MASK bit setting on the proxy. Cisco also has a problem when a large number of mask bits are used. Try setting the number of MASK bits from 6 to 1 to see if it resolves the problems.
The ProxySG’s default mask 0x3F is applied to the IP address or the port’s least significant bits. Newer ProxySG SGOS 5.5.x and 6.x gives the administrator the ability to configure a custom mask value for the mask assignment. The new mask-value option is only settable in the ‘Install WCCP Settings’ field under the WCCP tab. The ProxySG WCCP mask value command is mask-value 0x[hex string].
The number of bits specified for the mask determines the number of address buckets created for the assignment pool (2^n). The number of bits used in the mask must provide enough buckets to be apportioned to each ProxySG assigned to the service group, taking into account the load balancing weight assigned to each device. A 1-bit mask can support only 2 ProxySG devices (2^1 = 2) while a 5-bit (or more) mask can support 32 ProyxSG devices (2^5 = 32), the maximum number allowed in a service group. ProxySG uses 6 bits for its default mask 0x3F.