Related topics:. WCCP load distribution. Configuring WCCP v2 routers. A list of WCCP v2 supported features follows the setup outline. The network clients, Content Gateway proxy servers, and destination Web servers default gateway must reside on separate subnets. In addition to network interface, protocols, ports, authentication if used , and multicast communication if used , also configure:. If Content Gateway is deployed in a cluster, assignment method load distribution, if desired.
Multiple service groups per protocol. Sometimes it is necessary or convenient to have different service groups for different WCCP devices. See WCCP load distribution.
Note that the WCCP assignment method - not virtual IP failover - is the recommended method for managing load distribution.
List order has no meaning; therefore, the up and down arrows can be ignored. Adds a new service group definition. After Add is clicked, the new definition is displayed in the box at the top of the page. Accepts modifications to the selected service group definition, displaying the new values in the box at the top of the page. Service Group Information. If you change this option, you must restart Content Gateway. Specifies a unique service group name.
This is as an aid to administration. Specifies a service group ID between This ID must also be configured on the router s. If the specified number is already in use, an error is displayed when Add or Set is clicked. Specifies the Ethernet interface on this Content Gateway host system to use with this service group. On a V appliance, eth0 is bound to P1 and eth1 is bound to P2.
Mode Negotiation. These settings are required and cannot be changed. Specifies the preferred encapsulation method used by the WCCP router to transmit intercepted traffic to the proxy. If the router supports GRE and L2, the method specified here is used. Important: GRE and Multicast are incompatible.
Important: If you change the forward or return method configuration while there is an active connection with the WCCP device, in order to re-negotiated the method you must force the current connection to terminate.
Typically, this means turning off the service group on the WCCP device for 60 seconds. See the documentation for your WCCP device. Specifies the preferred packet encapsulation method used to return intercepted traffic to the WCCP router. Note : Selecting L2 requires that the router or switch be Layer 2-adjacent in the same subnet as Content Gateway. Advanced Settings. Specifies the method that the router will use to distribute intercepted traffic across multiple proxy servers.
The MASK value is applied up to 6 significant bits in a cluster, a total of 64 buckets are created. See your WCCP documentation for more information about assignment method. Use the value recommended in the manufacturer's documentation for your device.
Specifies the attribute that the assignment method uses to determine which requests are distributed to which proxy servers. If the assignment method is HASH, select one or more distribution attributes.
If the assignment method is MASK, select one distribution attribute. This option is only useful when Synchronize in the Cluster is disabled. Use the ip wccp web-cache password command to set a password for a device and the content engines in a service group. MD5 password security requires that each device and content engine that wants to join a service group be configured with the service group password.
The password must be up to eight characters in length. Each content engine or device in the service group will authenticate the security component in a received WCCP packet immediately after validating the WCCP message header. Packets failing authentication will be discarded. Enter your password if prompted. Specifies which version of WCCP to configure on a device. WCCPv2 is the default running version. Targets an interface number for which the web cache service will run, and enters interface configuration mode.
Enables packet redirection on an outbound or inbound interface using WCCP. As indicated by the out and in keyword options, redirection can be specified for outbound interfaces or inbound interfaces. Targets an interface number on which to exclude traffic for redirection, and enters interface configuration mode. Optional Excludes traffic on the specified interface from redirection. Perform this task to specify the number of service groups for WCCP, to configure a service group as a closed or open service, and to optionally specify a check of all services.
When configuring the web-cache service as a closed service, you cannot specify a service access list. When configuring a dynamic WCCP service as a closed service, you must specify a service access list. Use this command to configure WCCP to check the other configured services for a match and perform redirection for those services if appropriate. The caches to which packets are redirected can be controlled by the redirect ACL and not just the service description. The ip wccp check services all command is a global WCCP command that applies to all services and is not associated with a single service.
You can specify the standard web-cache service or a dynamic service number from 0 to If you decide to use the multicast address option for your service group, you must configure the router to listen for the multicast broadcasts on an interface. For network configurations where redirected traffic needs to traverse an intervening router, the router being traversed must be configured to perform IP multicast routing. You must configure the following two components to enable traversal over an intervening router:.
Enable IP multicast routing using the ip multicast-routing global configuration command. Enable the interfaces to which the cache engines will connect to receive multicast transmissions using the ip wccp group-listen interface configuration command. Enables the interfaces to which the content engines will connect to receive multicast transmissions for which the web cache service will run, and enters interface configuration mode.
To ensure correct operation of the ip wccp group-listen command on Cisco series routers, you must enter the ip pim command in addition to the ip wccp group-listen command. Perform this task to configure the device to use an access list to determine which traffic should be directed to which content engines.
Creates an access list that enables or disables traffic redirection to the cache engine and permits the specified source based on a source address and wildcard mask. Every access list needs at least one permit statement; it does not need to be the first entry. If the source-wildcard is omitted, a wildcard mask of 0. Optionally use the keyword any as a substitute for the source source-wildcard to specify the source and source wildcard of 0.
Optionally use the abbreviation any as a substitute for the source source-wildcard to specify the source and source wildcard of 0. Repeat some combination of Steps 3 through 6 until you have specified the sources on which you want to base your access list. Remember that all sources not specifically permitted are denied by an implicit deny statement at the end of the access list.
When all redirection is performed in the hardware, the mode of redirection will change when outbound ACL checking is enabled. The first packet is switched in software to allow the extra ACL check to be performed before a shortcut is installed.
Enables the support for a Cisco content engine service group or any content engine service group and configures a redirect ACL list or group ACL. Specifies an interface on which to enable NAT and enters interface configuration mode.
Designates that traffic originating from or destined for the interface is subject to NAT and indicates that the interface is connected to the inside network the network subject to NAT translation. Designates that traffic originating from or destined for the interface is subject to NAT and indicates that the interface is connected to the outside network. Configures an interface to exclude packets received on an interface from being checked for redirection..
Displays global information related to WCCP, including the protocol version running, the number of content engines in the router service group, which content engine group is allowed to connect to the router, and which access list is being used. The range is from 0 to For web caches that use Cisco Content Engines, the reverse proxy service is indicated by a value of Optional Displays contents of the running configuration file equivalent to the show running-config command.
The following example assumes that you are configuring a service group using Cisco cache engines, which use dynamic service 99 to run a reverse proxy service:. The following example shows a router configured to run a reverse proxy service, using the multicast address of To achieve better security, you can use a standard access list to notify the device which IP addresses are valid addresses for a content engine attempting to register with the current device.
The following example shows a standard access list configuration session where the access list number is 10 for some sample hosts:. The following example shows that any requests coming from The following configuration example shows that the access list prevents traffic from network Users with that network address could retrieve web pages even though the network administrator wanted to prevent it.
The following example shows how to verify your configuration changes by using the more system:running-config command in privileged EXEC mode. The following example shows that both the web cache service and dynamic service 99 are enabled on the device:. WCCP commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples.
No new or modified standards are supported, and support for existing standards has not been modified. The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.
The WCCP Bypass Counters feature allows you to display a count of packets that have been bypassed by a web cache and returned to the originating router to be forwarded normally. The show ip wccp command was modified by this feature. The following command was modified by this feature: ip wccp check services all. This is contrary to the traditional use of WCCP to assist caches where the absence of a cache does not change the behavior as observed by the user.
The following command was modified by this feature: ip wccp. The following command was modified by this feature: ip wccp source-interface. The following command was modified by this feature: ip wccp redirect. The WCCP Exclude Interface feature enables you to configure an interface to exclude packets received on an interface from being checked for redirection by configuring. The following command was modified by this feature: show ip wccp.
Configuring a group list is used to validate the protocol packets received from the cache engine. Packets matching the address in a configured group-list are processed, others are discarded. The WCCP--Group Listen and Multicast Service Support feature adds the ability to configure a multicast address per service group for sending and receiving protocol messages.
In the multicast address method, the cache engine sends a single-address notification that provides coverage for all routers in the service group. The following command was modified by this feature: ip wccp group-listen. The following commands were modified by this feature: ip wccp , ip wccp check services all , ip wccp outbound-acl-check , show ip wccp.
The following commands were introduced or modified by this feature: ip wccp , ip wccp check acl outbound. When this feature is enabled on an interface, all packets arriving at that interface are compared against the specified WCCP service. If the packets match, they will be redirected. The following commands were introduced or modified by this feature: ip wccp redirect-list. Optional authentication that enables you to control which routers and content engines become part of the service group using passwords and the HMAC MD5 standard.
A check on packets that determines which requests have been returned from the content engine unserviced. Load adjustments for individual content engines to provide an effective use of the available resources while helping to ensure high quality of service QoS to the clients. The following commands were introduced or modified by this feature: clear ip wccp, ip wccp, ip wccp group-listen, ip wccp redirect, ip wccp redirect exclude in, ip wccp version, show ip wccp.
The following commands were introduced or modified by this feature: clear ip wccp , debug ip wccp , ip wccp , ip wccp group-listen , ip wccp redirect , show ip wccp. Skip to content Skip to search Skip to footer. Book Contents Book Contents. Find Matches in This Book. PDF - Complete Book 3. Updated: February 23, WCCPv1 does not allow multiple routers to be attached to a cluster of content engines. Service groups can comprise up to 32 content engines and 32 routers. Multicast addresses must be from Note Before configuring a GRE tunnel, configure a loopback interface that is not attached to a VRF with an IP address so that the internally created tunnel interface is enabled for IPv4 forwarding by unnumbering itself to this dummy loopback interface.
You do not need to configure a loopback interface if the system has at least one interface that is not attached to a VRF and that is configured with an IPv4 address.
Figure 1. The following sequence of events details how WCCPv1 configuration works: Each content engine is configured by the system administrator with the IP address of the control router. Figure 2. Cisco Content Engine Network Configuration Using WCCPv2 The subset of content engines within a cluster and routers connected to the cluster that are running the same service is known as a service group. To specify the addresses of all the routers in a service group, you must choose one of the following methods: Unicast—A list of router addresses for each of the routers in the group is configured on each content engine.
The following sequence of events details how WCCPv2 configuration works: Each content engine is configured with a list of routers. WCCPv2 Web Cache Packet Return If a content engine is unable to provide a requested object it has cached due to error or overload, the content engine will return the request to the router for onward transmission to the originally specified destination server.
Typical reasons why a content engine would reject packets and initiate the packet return feature include the following: Instances when the content engine is overloaded and has no room to service the packets Instances when the content engine is filtering for certain conditions that make caching packets counterproductive for example, when IP authentication has been turned on WCCPv2 Load Distribution WCCPv2 can be used to adjust the load being offered to individual content engines to provide an effective use of the available resources while helping to ensure high quality of service QoS to the clients.
WCCPv2 uses three techniques to perform load distribution: Hot spot handling—Allows an individual hash bucket to be distributed across all the content engines. You can display these tunnel interfaces by entering the show ip interface brief include tunnel command: Device show ip interface brief include tunnel Tunnel0 You can display information about the connected content engines and encapsulation, including software packet counters, by entering the show adjacency [ tunnel-interface ] [ encapsulation ] [ detail ] [ internal ] command: Device show adjacency t0 Protocol Interface Address IP Tunnel0 Note More than one service can run on a router at the same time, and routers and content engines can be part of multiple service groups at the same time.
Figure 3. WCCP Service Groups The dynamic services are defined by the content engines; the content engine instructs the router which protocol or ports to intercept, and how to distribute the traffic.
How to Configure WCCP The following configuration tasks assume that you have already installed and configured the content engines you want to include in your network. Step 2 configure terminal Example: Device configure terminal Enters global configuration mode. Note The password length must not exceed 8 characters. Step 7 exit Example: Device config-if exit Exits interface configuration mode. Step 9 ip wccp redirect exclude in Example: Device config-if ip wccp redirect exclude in Optional Excludes traffic on the specified interface from redirection.
Configuring Closed Services Perform this task to specify the number of service groups for WCCP, to configure a service group as a closed or open service, and to optionally specify a check of all services. Note When configuring the web-cache service as a closed service, you cannot specify a service access list. Note When configuring a dynamic WCCP service as a closed service, you must specify a service access list.
Note The ip wccp check services all command is a global WCCP command that applies to all services and is not associated with a single service. The maximum number of services that can be specified is Registering a Router to a Multicast Address If you decide to use the multicast address option for your service group, you must configure the router to listen for the multicast broadcasts on an interface.
You must configure the following two components to enable traversal over an intervening router: Enable IP multicast routing using the ip multicast-routing global configuration command. Step 3 ip multicast-routing [ vrf vrf-name ] [ distributed ] Example: Device config ip multicast-routing Enables IP multicast routing. Note To ensure correct operation of the ip wccp group-listen command on Cisco series routers, you must enter the ip pim command in addition to the ip wccp group-listen command.
Using Access Lists for a WCCP Service Group Perform this task to configure the device to use an access list to determine which traffic should be directed to which content engines.
0コメント