I have a multi-site Cisco WAAS deployment in process that is causing significant CPU load on our core WAN router. For each remote site I deploy WAAS to, I add 4 lines to my extended ACL on the WAN router. In our data center (hub and spoke network) we have a CIsco 3845 router. This router has a 45 Mbps DS3 and a 100 Mbps Ethernet connection to our WAN provider's MPLS cloud (two circuits for diversity and bandwidth). We have over 60 remote sites in the USA, soon to be over 70 that eventually will all have WAAS in place. Each remote site has a 2800 or 2900 series Cisco router with a WAAS module in it (NME-WAE-502), and has either 2 or 3 T1's bonded together for connectivity to the WAN cloud. The WAAS implementation was going great, and all the remote sites we had deployed to were seeing approximately 5x in bandwidth throughput increase. Then we noticed our CPU usage climbing on that 3845 router, now running 75% and higher at times. The initial deployment of the WAAS was performed for us by a VAR, but the specific engineer is no longer with them. The configuration was set up to use WCCP redirect, hence the need for the extended ACL list. The core WAAS appliances consists of a Cisco 674 accelerator and a Cisco 512 central manager. Given all this, was the WCCP redirect (as opposed to an in-line scenario) the best deployment? Any suggestions on reducing the CPU load on that core WAN router? Here's an example of the ACL entries:
deny tcp 10.44.18.0 0.0.0.255 any
deny tcp any 10.44.18.0 0.0.0.255
permit tcp 10.44.0.0 0.0.31.255 any
permit tcp any 10.44.0.0 0.0.31.255
If an 'In-line' configuration or other would better apply here, how would that confuration differ?