It's time to dump Chrome as your default browser on Android. Women and middle managers will lead the Great Resignation into How Windows 11 makes updates so much smaller. Linux finally has an impressive cloud-like OS in Ubuntu Web.
Best Raspberry Pi accessories and alternatives for Show Comments. Hide Comments. My Profile Log out. Join Discussion. Add your Comment. When a stable view has been established, one content engine is elected as the lead content engine. The lead is defined as the content engine seen by all the content engines in the cluster with the lowest IP address. Specifically, the lead content engine designates how redirected traffic should be distributed across the content engines in the cluster.
Multiple routers can use WCCPv2 to service a content engine cluster. In WCCPv1, only one router could redirect content requests to a cluster. The figure below illustrates a sample configuration using multiple routers.
The subset of content engines within a cluster and routers connected to the cluster that are running the same service is known as a service group. In WCCPv1, the content engines were configured with the address of the single router.
WCCPv2 requires that each content engine be aware of all the routers in the service group. To specify the addresses of all the routers in a service group, you must choose one of the following methods:. Unicast—A list of router addresses for each of the routers in the group is configured on each content engine. In this case the address of each router in the group must be explicitly specified for each content engine during configuration.
Multicast—A single multicast address is configured on each content engine. In the multicast address method, the content engine sends a single-address notification that provides coverage for all routers in the service group. For example, a content engine could indicate that packets should be sent to a multicast address of The multicast option is easier to configure because you need only specify a single address on each content engine.
This option also allows you to add and remove routers from a service group dynamically, without needing to reconfigure the content engines with a different list of addresses each time. Each content engine announces its presence and a list of all routers with which it has established communications. The routers reply with their view list of content engines in the group.
When the view is consistent across all content engines in the cluster, one content engine is designated as the lead and sets the policy that the routers need to deploy in redirecting packets. WCCPv2 supports the redirection of packets intended for other ports, including those used for proxy-web cache handling, File Transfer Protocol FTP caching, FTP proxy handling, web caching for ports other than 80, and Real Audio, video, and telephony applications. To accommodate the various types of services available, WCCPv2 introduced the concept of multiple service groups.
Service information is specified in the WCCP configuration commands using dynamic services identification numbers such as 98 or a predefined service keyword such as web-cache. This information is used to validate that service group members are all using or providing the same service. The content engines in a service group specify traffic to be redirected by protocol TCP or UDP and up to eight source or destination ports. Each service group has a priority status assigned to it.
The priority of a dynamic service is assigned by the content engine. The priority value is in the range of 0 to where 0 is the lowest priority. The predefined web-cache service has an assigned priority of WCCPv2 allows multiple routers to be attached to a cluster of cache engines.
The use of multiple routers in a service group allows for redundancy, interface aggregation, and distribution of the redirection load. WCCPv2 supports up to 32 routers per service group. Each service group is established and maintained independently. Shared-secret MD5 one-time authentication set using the ip wccp [ password [ 0 7 ] password ] global configuration command enables messages to be protected against interception, inspection, and replay. If a content engine is unable to provide a requested object it has cached due to error or overload, the content engine will return the request to the router for onward transmission to the originally specified destination server.
WCCPv2 provides a check on packets that determines which requests have been returned from the content engine unserviced. Using this information, the router can then forward the request to the originally targeted server rather than attempting to resend the request to the content engine cluster.
This process provides error handling transparency to clients. Typical reasons why a content engine would reject packets and initiate the packet return feature include the following:. Instances when the content engine is overloaded and has no room to service the packets. Instances when the content engine is filtering for certain conditions that make caching packets counterproductive for example, when IP authentication has been turned on.
WCCPv2 can be used to adjust the load being offered to individual content engines to provide an effective use of the available resources while helping to ensure high quality of service QoS to the clients. WCCPv2 allows the designated content engine to adjust the load on a particular content engine and balance the load across the content engines in a cluster. WCCPv2 uses three techniques to perform load distribution:. Hot spot handling—Allows an individual hash bucket to be distributed across all the content engines.
Prior to WCCPv2, information from one hash bucket could go to only one content engine. Load balancing—Allows the set of hash buckets assigned to a content engine to be adjusted so that the load can be shifted from an overwhelmed content engine to other members that have available capacity.
Load shedding—Enables the router to selectively redirect the load to avoid exceeding the capacity of a content engine. The use of these hashing parameters prevents one content engine from being overloaded and reduces the potential for bottlenecking. Along with the service identifier, the VRF of WCCP protocol packets arriving at the router is used to associate cache-engines with a configured service group.
The same VRF must have the interface on which redirection is applied, the interface which is connected to cache engine, and the interface on which the packet would have left if it had not been redirected. You can display these tunnel interfaces by entering the show ip interface brief include tunnel command:. The tunnel interfaces appear when a content engine connects and requests GRE redirection.
WCCP does not have direct knowledge of the tunnel interfaces, but can redirect packets to them, resulting in the appropriate encapsulation being applied to the packets.
After the appropriate encapsulation is applied, the packet is then sent to the content engine. One tunnel is created for each service group that is using GRE redirection. One additional tunnel is created to provide an IP address that allows the other tunnel group interfaces to be unnumbered but still enabled for IPv4.
You can confirm the connection between the tunnels and WCCP by entering the show tunnel groups wccp command:. You can display additional information about each tunnel interface by entering the show tunnel interface interface-number command:. Note that the service group number shown in the examples is the internal tunnel representation of the WCCP service group number.
Group 0 is the web-cache service. To determine the dynamic services, subtract from the displayed service group number to convert to the WCCP service group number. You can display information about the connected content engines and encapsulation, including software packet counters, by entering the show adjacency [ tunnel-interface ] [ encapsulation ] [ detail ] [ internal ] command:.
Typically the packets are redirected from a web server on the Internet to a web cache that is local to the destination. Occasionally a web cache cannot manage the redirected packets appropriately and returns the packets unchanged to the originating router. These packets are called bypass packets and are returned to the originating router using either Layer 2 forwarding without encapsulation L2 or encapsulated in generic routing encapsulation GRE.
The router decapsulates and forwards the packets normally. The VRF associated with the ingress interface or the global table if there is no VRF associated is used to route the packet to the destination.
GRE is a tunneling protocol developed by Cisco that encapsulates packet types from a variety of protocols inside IP tunnels, creating a virtual point-to-point link over an IP network. In applications where packets are intercepted and redirected by a Cisco IOS router to external WCCP client devices, it may be necessary to block the packets for the application when a WCCP client device is not available.
This blocking is achieved by configuring a WCCP closed service. When a WCCP service is configured as closed, the packets that fulfill the services, but do not have an active client device, are discarded. By default, WCCP operates as an open service, wherein communication between clients and servers proceeds normally in the absence of an intermediary device.
The ip wccp service-list or the ipv6 wccp service-list command can be used for both closed-mode and open-mode services. Use the service-list keyword and service-access-list argument to register an application protocol type or port number. Use the mode keyword to select an open or closed service. When WCCP is enabled for redirection on an ingress interface, the packets are redirected by WCCP and instead egress on an interface other than the destination that is specified in the IP header.
The packets are still subject to ACLs configured on the ingress interface. However, redirection can cause the packets to bypass the ACL configured on the original egress interface. Packets that would have been dropped because of the ACL configured on the original egress interface can be sent out on the redirect egress interface, which poses a possible security problem.
WCCP is a component of Cisco IOS software that redirects traffic with defined characteristics from its original destination to an alternative destination. The typical application of WCCP is to redirect traffic bound for a remote web server to a local web cache to improve response time and optimize network resource usage.
The nature of the selected traffic for redirection is defined by service groups see figure below specified on content engines and communicated to routers by using WCCP. The maximum number of service groups allowed across all VRFs is WCCPv2 uses service groups based on logical redirection services, deployed for intercepting and redirecting traffic.
This service is referred to as a well-known service , because the characteristics of the web cache service are known by both the router and content engines. A description of a well-known service is not required beyond a service identification. To specify the standard web cache service, use the ip wccp or the ipv6 wccp command with the web-cache keyword.
More than one service can run on a router at the same time, and routers and content engines can be part of multiple service groups at the same time. The dynamic services are defined by the content engines; the content engine instructs the router which protocol or ports to intercept, and how to distribute the traffic. In a dynamic service, up to eight ports can be specified within a single protocol.
Cisco Content Engines, for example, use dynamic service 99 to specify a reverse-proxy service. However, other content engine devices may use this service number for some other service. An interface may be configured with more than one WCCP service.
When more than one WCCP service is configured on an interface, the precedence of a service depends on the relative priority of the service compared to the priority of the other configured services. Each WCCP service has a priority value as part of its definition. When an interface is configured with more than one WCCP service, the precedence of the packets is matched against service groups in priority order.
With the ip wccp check services all or the ipv6 wccp check services all command, WCCP can be configured to check all configured services for a match and perform redirection for those services if appropriate.
The caches to which packets are redirected can be controlled by a redirect ACL and by the service priority. The ip wccp check services all commands must be configured at global level to support multiple WCCP services. If no services match the packet, the packet is not redirected.
If the packet is rejected by the ACL, the packet will not be passed down to lower priority services unless the ip wccp check services all or the ipv6 wccp check services all command is configured. When the ip wccp check services all or the ipv6 wccp check services all command is configured, WCCP will continue to attempt to match the packet against any remaining lower priority services configured on the interface.
If you are not able to configure the ip nat inside or the ipv6 nat inside command on the WAAS interface, disable Cisco Express Forwarding. In some situations, 10 percent bypass traffic may be normal; in other situations, 10 percent may be high. However, any figure above 25 percent should prompt a closer investigation of what is occurring in the web cache.
If the counters suggest that the level of bypass traffic is high, the next step is to examine the bypass counters in the content engine and determine why the content engine is choosing to bypass the traffic. You can log in to the content engine console and use the CLI to investigate further.
The counters allow you to determine the percent of traffic being bypassed. You can use the clear ipv6 wccp service-id command to remove the IPv6 WCCP statistics counts maintained on the router for a particular service. The following configuration tasks assume that you have already installed and configured the content engines you want to include in your network. You must configure the content engines in the cluster before configuring WCCP functionality on your routers or switches. The first use of a form of the ip wccp command enables WCCP.
If a function is not allowed in WCCPv1, an error prompt will be printed to the screen. Use the ip wccp web-cache password command to set a password for a device and the content engines in a service group. MD5 password security requires that each device and content engine that wants to join a service group be configured with the service group password.
The password must be up to eight characters in length. Each content engine or device in the service group will authenticate the security component in a received WCCP packet immediately after validating the WCCP message header. Packets failing authentication will be discarded. Enter your password if prompted. Specifies which version of WCCP to configure on a device.
WCCPv2 is the default running version. Targets an interface number for which the web cache service will run, and enters interface configuration mode. Router Configuration. Routing Examples. Virtual Inline Mode and High-Availability. Monitoring and Troubleshooting. Group Mode.
When to Use Group Mode. How Group Mode Works. Enabling Group Mode. Forwarding Rules. Monitoring and Troubleshooting Group Mode. High-Availability Mode. How High-Availability Mode Works. Cabling Requirements. Other Requirements. Management Access to the High-Availability Pair.
Configuring the High-Availability Pair. Updating Software on a High-Availability Pair. Troubleshooting High Availability Pairs. Aviso legal. It is also useful where asymmetric routing occurs, that is, when packets from the same connection arrive over different WAN links. Once received by the appliance, the traffic is treated by the acceleration engine and traffic shaper as if it were received in inline mode. The WCCP standard includes a protocol negotiation in which the appliance registers itself with the router, and the two negotiate the use of features they support in common.
Once this negotiation is successful, traffic is routed between the router and the appliance according to the WCCP router and redirection rules defined on the router. Do not mix inline and WCCP modes. The following figure shows how a router is configured to intercept traffic on selected interfaces and forward it to the WCCP-enabled appliance.
Whenever the WCCP-enabled appliance is not available, the traffic is not intercepted, and is forwarded normally. WCCP allows traffic to be forwarded between the router and the appliance in either of the following modes:.
L2 forwarding. Each router can have multiple WAN links. Each link can have its own WCCP service group. The appliance operates on this traffic and forwards the resulting traffic to the original endpoint. The status of an appliance is tracked through the WCCP registration process and a heartbeat protocol.
0コメント