cisco wccp configuration example

Configuring Enhanced Object Tracking Configuring IP Services Configuring IPv4 Broadcast Packet Handling Configuring TCP Configuring UDP Forwarding Support for IP Redundancy Virtual Router Groups Configuring WCCP Object Tracking: IPv6 Route Tracking IPv6 Static Route Support for Object Tracking Stream Control Transmission Protocol WCCP—Configurable Router ID WCCP—Fast Timers WCCPv2—IPv6 Support

Đang xem: Cisco wccp configuration example

Book Title

IP Application Services Configuration Guide, freewebsfarms.com IOS Release 15M&T

Chapter Title

Configuring WCCP

PDF – Complete Book (3.96 MB) PDF – This Chapter (1.55 MB)

View with Adobe Reader on a variety of devices

Configuring WCCP Finding Feature Information Prerequisites for WCCP Restrictions for WCCP Information About WCCP WCCP Overview Layer 2 Forwarding Redirection and Return WCCP Mask Assignment Hardware Acceleration WCCPv1 Configuration WCCPv2 Configuration WCCPv2 Support for Services Other Than HTTP WCCPv2 Support for Multiple Routers WCCPv2 MD5 Security WCCPv2 Web Cache Packet Return WCCPv2 Load Distribution WCCP VRF Support WCCP VRF Tunnel Interfaces WCCP Bypass Packets WCCP Closed Services and Open Services WCCP Outbound ACL Check WCCP Service Groups WCCP—Check All Services WCCP Interoperability with NAT WCCP Troubleshooting Tips How to Configure WCCP Configuring WCCP Configuring Closed Services Registering a Router to a Multicast Address Using Access Lists for a WCCP Service Group Enabling the WCCP Outbound ACL Check Enabling WCCP Interoperability with NAT Verifying and Monitoring WCCP Configuration Settings Configuration Examples for WCCP Example: Changing the Version of WCCP on a Router Example: Configuring a General WCCPv2 Session Example: Setting a Password for a Router and Content Engines Example: Configuring a Web Cache Service Example: Running a Reverse Proxy Service Example: Registering a Router to a Multicast Address Example: Using Access Lists Example: WCCP Outbound ACL Check Configuration Example: Verifying WCCP Settings Example: Enabling WCCP Interoperability with NAT Additional References Feature Information for WCCP Close
Configuring WCCP

The Web Cache Communication Protocol (WCCP) is a freewebsfarms.com-developed content-routing technology that intercepts IP packets and redirects those packets to a destination other than that specified in the IP packet. Typically the packets are redirected from their destination web server on the Internet to a content engine that is local to the client. In some WCCP deployment scenarios, redirection of traffic may also be required from the web server to the client. WCCP enables you to integrate content engines into your network infrastructure.

freewebsfarms.com IOS Release 12.1 and later releases allow the use of either WCCP Version 1 (WCCPv1) or Version 2 (WCCPv2).

The tasks in this document assume that you have already configured content engines on your network. For specific information on hardware and network planning associated with freewebsfarms.com Content Engines and WCCP, see the freewebsfarms.com Content Engines documentation at the following URL:

https://www.freewebsfarms.com/univercd/cc/td/doc/product/webscale/content/index.htm

Finding Feature Information Prerequisites for WCCP Restrictions for WCCP Information About WCCP How to Configure WCCP Configuration Examples for WCCP Additional References Feature Information for WCCP

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use freewebsfarms.com Feature Navigator to find information about platform support and freewebsfarms.com software image support. To access freewebsfarms.com Feature Navigator, go to www.freewebsfarms.com/go/cfn. An account on freewebsfarms.com is not required.

Prerequisites for WCCP

To use WCCP, IP must be configured on the interface connected to the Internet and another interface must be connected to the content engine.

The interface connected to the content engine must be a Fast Ethernet or Gigabit Ethernet interface.

Restrictions for WCCP

General

The following limitations apply to Web Cache Communication Protocol Version1 (WCCPv1) and WCCP Version 2 ( WCCPv2):

WCCP works only with IPv4 networks.

WCCP bypasses Network Address Translation (NAT) when freewebsfarms.com Express Forwarding is enabled.

WCCPv1

WCCPv1 supports the redirection of HTTP (TCP port 80) traffic only.

WCCPv1 does not allow multiple routers to be attached to a cluster of content engines.

WCCPv2

WCCP works only with IPv4 networks.

For routers servicing a multicast cluster, the Time To Live (TTL) value must be set at 15 or fewer.

Service groups can comprise up to 32 content engines and 32 routers.

All content engines in a cluster must be configured to communicate with all routers servicing the cluster.

Multicast addresses must be from 224.0.0.0 to 239.255.255.255.

WCCP VRF Support

In freewebsfarms.com IOS Release 12.2(33)SRE, this feature is supported only on freewebsfarms.com 7200 NPE-G2 and freewebsfarms.com 7304-NPE-G100 routers.

WCCP Layer 2 Forwarding and Return

In a freewebsfarms.com Wide Area Application Services (WAAS) and freewebsfarms.com IOS XE firewall configuration, all packets processed by a Wide Area Application Engine (WAE) device must go over the freewebsfarms.com IOS XE firewall in both directions to support the Web Cache Coordination Protocol (WCCP) generic routing encapsulation (GRE) redirect. This situation occurs when a Layer 2 redirect is not available. If a Layer 2 redirect is configured on the WAE, the system defaults to the GRE redirect to continue to function.

The client device and a WAE device or a cache engine cannot be connected to a freewebsfarms.com device with the same interface and WCCP redirect configured on the interface.

The following two configurations are supported:

For WCCP Layer 2 return, the client and WAE are connected to a freewebsfarms.com device with same interface and WCCP output is configured on the interface.

For WCCP Layer 2 return, the client and WAE are connected to a freewebsfarms.com device with same physical interface but in different VLANs and sub-interfaces.

freewebsfarms.com 7600 Series Routers Access Control Lists

When WCCP is using the mask assignment, any redirect list is merged with the mask information from the appliance and the resulting merged ACL is passed down to the freewebsfarms.com 7600 series router hardware. Only Permit or Deny ACL entries from the redirect list in which the protocol is IP or exactly matches the service group protocol are merged with the mask information from the appliance.

The following restrictions apply to the redirect-list ACL:

The ACL must be an IPv4 simple or extended ACL.

Only individual source or destination port numbers may be specified; port ranges cannot be specified.

The only valid matching criteria in addition to individual source or destination port numbers are dscp or tos .

The use of fragments , time-range , or options keywords, or any TCP flags is not permitted.

If the redirect ACL does not meet the restrictions shown, the system will log the following error message: WCCP-3-BADACE: Service <service group>, invalid access-list entry (seq:<sequence>, reason:<reason>)

WCCP continues to redirect packets, but the redirection is carried out in software until the access list is adjusted.

Information About WCCP

WCCP Overview Layer 2 Forwarding Redirection and Return WCCP Mask Assignment Hardware Acceleration WCCPv1 Configuration WCCPv2 Configuration WCCPv2 Support for Services Other Than HTTP WCCPv2 Support for Multiple Routers WCCPv2 MD5 Security WCCPv2 Web Cache Packet Return WCCPv2 Load Distribution WCCP VRF Support WCCP VRF Tunnel Interfaces WCCP Bypass Packets WCCP Closed Services and Open Services WCCP Outbound ACL Check WCCP Service Groups WCCP—Check All Services WCCP Interoperability with NAT WCCP Troubleshooting Tips

Read More:  Windows 7 Services To Disable To Improve Performance, Useless Windows 7 Services

WCCP Overview

WCCP uses freewebsfarms.com Content Engines (or other content engines running WCCP) to localize traffic patterns in the network, enabling content requests to be fulfilled locally. Traffic localization reduces transmission costs and download time.

WCCP enables routing platforms to transparently redirect content requests. With transparent redirection, users can fulfill content requests locally without configuring their browsers to use a web proxy. Instead, they can use the target URL to request content, and have their requests automatically redirected to a content engine. The word “transparent” in this case means that the end user does not know that a requested file (such as a web page) came from the content engine instead of from the originally specified server.

A content engine receiving a request attempts to service it from its own local cache. If the requested information is not present, the content engine issues its own request to the originally targeted server to get the required information. A content engine retrieving the requested information forwards it to the requesting client and caches it to fulfill future requests, thus maximizing download performance and substantially reducing transmission costs.

WCCP enables a series of content engines, called a content engine cluster, to provide content to a router or multiple routers. Network administrators can easily scale their content engines to manage heavy traffic loads through these clustering capabilities. freewebsfarms.com clustering technology enables each cluster member to work in parallel, resulting in linear scalability. Clustering content engines greatly improves the scalability, redundancy, and availability of your caching solution. You can cluster up to 32 content engines to scale to your desired capacity.

Layer 2 Forwarding Redirection and Return

WCCP uses either generic routing encapsulation (GRE) or Layer 2 (L2) to redirect or return IP traffic. When WCCP forwards traffic via GRE, the redirected packets are encapsulated within a GRE header. The packets also have a WCCP redirect header. When WCCP forwards traffic using L2, the original MAC header of the IP packet is overwritten and replaced with the MAC header for the WCCP client.

Using L2 as a forwarding method allows direct forwarding to the content engine without further lookup. Layer 2 redirection requires that the router and content engines are directly connected, that is, on the same IP subnetwork.

When WCCP returns traffic via GRE, the returned packets are encapsulated within a GRE header. The destination IP address is the address of the router and the source address is the address of the WCCP client. When WCCP returns traffic via L2, the original IP packet is returned without any added header information. The router to which the packet is returned will recognize the source of the packet and prevent redirection.

The WCCP redirection method does not have to match the return method.

L2 forwarding, return, or redirection are typically used for hardware-accelerated platforms. Depending on your release, L2 forwarding, return, and redirection can also be used for software-switching platforms.

For content engines running Application and Content Networking System (ACNS) software, use the wccp custom-web-cache command with the l2-redirect keyword to configure L2 redirection. For content engines running freewebsfarms.com Wide Area Application Services (WAAS) software, use the wccp tcp-promiscuous command with the l2-redirect keyword to configure L2 redirection.

*

Note Before configuring a GRE tunnel, configure a loopback interface (that is not attached to a VRF) with an IP address so that the internally created tunnel interface is enabled for IPv4 forwarding by unnumbering itself to this dummy loopback interface. You do not need to configure a loopback interface if the system has at least one interface that is not attached to a VRF and that is configured with an IPv4 address.

For information about freewebsfarms.com ACNS commands used to configure freewebsfarms.com Content Engines, see the freewebsfarms.com ACNS Software Command Reference.

For more information about WAAS commands used to configure freewebsfarms.com Content Engines, see the freewebsfarms.com Wide Area Application Services Command Reference.

WCCP Mask Assignment

The WCCP Mask Assignment feature enables mask assignment as the load-balancing method (instead of the default hash assignment method) for a WCCP service.

For content engines running Application and Content Networking System (ACNS) software, use the wccp custom-web-cache command with the mask-assign keyword to configure mask assignment. For content engines running freewebsfarms.com Wide Area Application Services (WAAS) software, use the wccp tcp-promiscuous command with the mask-assign keyword to configure mask assignment.

For information about freewebsfarms.com ACNS commands used to configure freewebsfarms.com Content Engines, see the freewebsfarms.com ACNS Software Command Reference.

For more information about WAAS commands used to configure freewebsfarms.com Content Engines, see the freewebsfarms.com Wide Area Application Services Command Reference.

Hardware Acceleration

freewebsfarms.com 7600 series routers provide WCCP Layer 2 Policy Feature Card (PFC) redirection hardware acceleration. Hardware acceleration allows freewebsfarms.com Content Engines to perform a L2 MAC address rewrite redirection method when directly connected to a compatible router.

Redirection processing is accelerated in the routing hardware, which is more efficient than L3 redirection with Generic Routing Encapsulation (GRE). L2 redirection takes place on the router, and is not visible to the Multilayer Switch Feature Card (MSFC). The WCCP L2 PFC redirection feature requires no configuration on the MSFC. The show ip wccp detail command displays which redirection method is in use for each content engine.

In order for the router to make complete use of hardware redirection, the content engine must be configured with L2 redirection and mask assignment.

Use the ip wccp web-cache accelerated command on hardware-based platforms to enforce the use of L2 redirection and mask assignment. Using this command configures the router to form a service group and redirect packets with an appliance only if the appliance is configured for L2 and mask assignment.

The following guidelines apply to WCCP Layer 2 PFC redirection:

The WCCP Layer 2 PFC redirection feature sets the IP flow mask to full-flow mode.

You can configure the freewebsfarms.com Cache Engine software Release 2.2 or later releases to use the WCCP Layer 2 PFC redirection feature.

L2 redirection takes place on the PFC and is not visible to the MSFC. The show ip wccp detail command on the MSFC displays statistics for only the first packet of an L2 redirected flow, which provides an indication of how many flows, rather than packets, are using L2 redirection. You can view information about L2 redirected flows by entering the show platform flow ip command. The PFC3 provides hardware acceleration for GRE. If you use WCCP Layer 3 redirection with GRE, there is hardware support for encapsulation, but the PFC3 does not provide hardware support for decapsulation of WCCP GRE traffic.

WCCPv1 Configuration

With WCCPv1, only a single router services a cluster.

Xem thêm: How To Hide Duplicates In Excel ? How To Hide Duplicate Records In Columns In Excel

Xem thêm: How To Stop Windows 7 Block Windows 10 Automatically, Windows Update Blocker V1

In this scenario, this router is the device that performs all the IP packet redirection. The figure below illustrates the WCCPv1 configuration.

Read More:  why doctor doom is the best villain

Figure 1. WCCPv1 Configuration

*

Content is not duplicated on the content engines. The benefit of using multiple content engines is that you can scale a caching solution by clustering multiple physical content engines to appear as one logical cache.

The following sequence of events details how WCCPv1 configuration works:

Each content engine is configured by the system administrator with the IP address of the control router. Up to 32 content engines can connect to a single control router.

The content engines send their IP addresses to the control router using WCCP, indicating their presence. Routers and content engines communicate to each other via a control channel; this channel is based on UDP port 2048.

This information is used by the control router to create a cluster view (a list of caches in the cluster). This view is sent to each content engine in the cluster, essentially making all the content engines aware of each other. A stable view is established after the membership of the cluster remains the same for a certain amount of time.

When a stable view has been established, one content engine is elected as the lead content engine. (The lead is defined as the content engine seen by all the content engines in the cluster with the lowest IP address). This lead content engine uses WCCP to indicate to the control router how IP packet redirection should be performed. Specifically, the lead content engine designates how redirected traffic should be distributed across the content engines in the cluster.

WCCPv2 Configuration

Multiple routers can use WCCPv2 to service a content engine cluster. In WCCPv1, only one router could redirect content requests to a cluster. The figure below illustrates a sample configuration using multiple routers.

Figure 2. freewebsfarms.com Content Engine Network Configuration Using WCCPv2

*

The subset of content engines within a cluster and routers connected to the cluster that are running the same service is known as a service group. Available services include TCP and UDP redirection.

In WCCPv1, the content engines were configured with the address of the single router. WCCPv2 requires that each content engine be aware of all the routers in the service group. To specify the addresses of all the routers in a service group, you must choose one of the following methods:

Unicast—A list of router addresses for each of the routers in the group is configured on each content engine. In this case the address of each router in the group must be explicitly specified for each content engine during configuration.

Multicast—A single multicast address is configured on each content engine. In the multicast address method, the content engine sends a single-address notification that provides coverage for all routers in the service group. For example, a content engine could indicate that packets should be sent to a multicast address of 224.0.0.100, which would send a multicast packet to all routers in the service group configured for group listening using WCCP (see the ip wccp group-listen or the ipv6 wccp group-listen interface configuration command for details).

The multicast option is easier to configure because you need only specify a single address on each content engine. This option also allows you to add and remove routers from a service group dynamically, without needing to reconfigure the content engines with a different list of addresses each time.

The following sequence of events details how WCCPv2 configuration works:

Each content engine is configured with a list of routers.

Each content engine announces its presence and a list of all routers with which it has established communications. The routers reply with their view (list) of content engines in the group.

When the view is consistent across all content engines in the cluster, one content engine is designated as the lead and sets the policy that the routers need to deploy in redirecting packets.

WCCPv2 Support for Services Other Than HTTP

WCCPv2 allows redirection of traffic other than HTTP (TCP port 80 traffic), including a variety of UDP and TCP traffic. WCCPv2 supports the redirection of packets intended for other ports, including those used for proxy-web cache handling, File Transfer Protocol (FTP) caching, FTP proxy handling, web caching for ports other than 80, and Real Audio, video, and telephony applications.

To accommodate the various types of services available, WCCPv2 introduced the concept of multiple service groups. Service information is specified in the WCCP configuration commands using dynamic services identification numbers (such as 98) or a predefined service keyword (such as web-cache ). This information is used to validate that service group members are all using or providing the same service.

The content engines in a service group specify traffic to be redirected by protocol (TCP or UDP) and up to eight source or destination ports. Each service group has a priority status assigned to it. The priority of a dynamic service is assigned by the content engine. The priority value is in the range of 0 to 255 where 0 is the lowest priority. The predefined web-cache service has an assigned priority of 240.

WCCPv2 Support for Multiple Routers

WCCPv2 allows multiple routers to be attached to a cluster of cache engines. The use of multiple routers in a service group allows for redundancy, interface aggregation, and distribution of the redirection load. WCCPv2 supports up to 32 routers per service group. Each service group is established and maintained independently.

WCCPv2 MD5 Security

WCCPv2 provides optional authentication that enables you to control which routers and content engines become part of the service group using passwords and the Hashed Message Authentication Code—Message Digest (HMAC MD5) standard. Shared-secret MD5 one-time authentication (set using the ip wccp password > global configuration command) enables messages to be protected against interception, inspection, and replay.

WCCPv2 Web Cache Packet Return

If a content engine is unable to provide a requested object it has cached due to error or overload, the content engine will return the request to the router for onward transmission to the originally specified destination server. WCCPv2 provides a check on packets that determines which requests have been returned from the content engine unserviced. Using this information, the router can then forward the request to the originally targeted server (rather than attempting to resend the request to the content engine cluster). This process provides error handling transparency to clients.

Typical reasons why a content engine would reject packets and initiate the packet return feature include the following:

Instances when the content engine is overloaded and has no room to service the packets

Instances when the content engine is filtering for certain conditions that make caching packets counterproductive (for example, when IP authentication has been turned on)

WCCPv2 Load Distribution

WCCPv2 can be used to adjust the load being offered to individual content engines to provide an effective use of the available resources while helping to ensure high quality of service (QoS) to the clients. WCCPv2 allows the designated content engine to adjust the load on a particular content engine and balance the load across the content engines in a cluster. WCCPv2 uses three techniques to perform load distribution:

Hot spot handling—Allows an individual hash bucket to be distributed across all the content engines. Prior to WCCPv2, information from one hash bucket could go to only one content engine.

Read More:  movies to play drinking games to

Load balancing—Allows the set of hash buckets assigned to a content engine to be adjusted so that the load can be shifted from an overwhelmed content engine to other members that have available capacity.

Load shedding—Enables the router to selectively redirect the load to avoid exceeding the capacity of a content engine.

The use of these hashing parameters prevents one content engine from being overloaded and reduces the potential for bottlenecking.

WCCP VRF Support

The WCCP VRF Support feature enhances the WCCPv2 protocol by implementing support for virtual routing and forwarding (VRF).

The WCCP VRF Support feature allows service groups to be configured on a per-VRF basis in addition to those defined globally.

Along with the service identifier, the VRF of WCCP protocol packets arriving at the router is used to associate cache-engines with a configured service group.

The same VRF must have the interface on which redirection is applied, the interface which is connected to cache engine, and the interface on which the packet would have left if it had not been redirected.

WCCP VRF Tunnel Interfaces

In releases that support the WCCP VRF Support feature, the use of GRE redirection results in the creation of new tunnel interfaces. You can display these tunnel interfaces by entering the show ip interface brief | include tunnel command:

Device# show ip interface brief | include tunnel Tunnel0 172.16.0.1 YES unset up up Tunnel1 172.16.0.1 YES unset up up Tunnel2 172.16.0.1 YES unset up up Tunnel3 172.16.0.1 YES unset up up Device#

The tunnel interfaces are automatically created in order to process outgoing GRE-encapsulated traffic for WCCP. The tunnel interfaces appear when a content engine connects and requests GRE redirection. The tunnel interfaces are not created directly by WCCP, but are created indirectly via a tunnel application programming interface (API). WCCP does not have direct knowledge of the tunnel interfaces, but can redirect packets to them, resulting in the appropriate encapsulation being applied to the packets. After the appropriate encapsulation is applied, the packet is then sent to the content engine.

*

Note

The tunnel interfaces are not used to connect with incoming WCCP GRE return packets.

One tunnel is created for each service group that is using GRE redirection. One additional tunnel is created to provide an IP address that allows the other tunnel group interfaces to be unnumbered but still enabled for IPv4.

You can confirm the connection between the tunnels and WCCP by entering the show tunnel groups wccp command:

Device# show tunnel groups wccp WCCP : service group 0 in “Default”, ver v2, assgnmnt: hash-table intf: Tunnel0, locally sourced WCCP : service group 317 in “Default”, ver v2, assgnmnt: hash-table intf: Tunnel3, locally sourced WCCP : service group 318 in “Default”, ver v2, assgnmnt: hash-table intf: Tunnel2, locally sourced

You can display additional information about each tunnel interface by entering the show tunnel interface interface-number command:

Device# show tunnel interface t0 Tunnel0 Mode:multi-GRE/IP, Destination UNKNOWN, Source 10.1.1.80 Application ID 2: WCCP : service group 0 in “Default”, ver v2, assgnmnt: hash-table Linestate – current up Internal linestate – current up, evaluated up Device# show tunnel interface t1 Tunnel1 Mode:multi-GRE/IP, Destination UNKNOWN, Source 172.16.0.1 Application ID 2: unspecified Linestate – current up Internal linestate – current up, evaluated up Device# show tunnel interface t2 Tunnel2 Mode:multi-GRE/IP, Destination UNKNOWN, Source 10.1.1.80 Application ID 2: WCCP : service group 318 in “Default”, ver v2, assgnmnt: hash-table Linestate – current up Internal linestate – current up, evaluated up Device# show tunnel interface t3 Tunnel3 Mode:multi-GRE/IP, Destination UNKNOWN, Source 10.1.1.80 Application ID 2: WCCP : service group 317 in “Default”, ver v2, assgnmnt: hash-table Linestate – current up Internal linestate – current up, evaluated up Device#

Note that the service group number shown in the examples is the internal tunnel representation of the WCCP service group number. Group 0 is the web-cache service. To determine the dynamic services, subtract 256 from the displayed service group number to convert to the WCCP service group number. For interfaces that are used for redirection, the source address shown is the WCCP router ID.

You can display information about the connected content engines and encapsulation, including software packet counters, by entering the show adjacency command:

Device# show adjacency t0 Protocol Interface Address IP Tunnel0 10.1.1.82(3) Device# show adjacency t0 encapsulation Protocol Interface Address IP Tunnel0 10.1.1.82(3) Encap length 28 4500000000000000FF2F7D2B1E010150 1E0101520000883E00000000 Provider: TUNNEL Protocol header count in macstring: 3 HDR 0: ipv4 dst: static, 10.1.1.82 src: static, 10.1.1.80 prot: static, 47 ttl: static, 255 df: static, cleared per packet fields: tos ident tl chksm HDR 1: gre prot: static, 0x883E per packet fields: none HDR 2: wccpv2 dyn: static, cleared sgID: static, 0 per packet fields: alt altB priB Device# show adjacency t0 detail Protocol Interface Address IP Tunnel0 10.1.1.82(3) connectionid 1 0 packets, 0 bytes epoch 0 sourced in sev-epoch 1 Encap length 28 4500000000000000FF2F7D2B1E010150 1E0101520000883E00000000 Tun endpt Next chain element: IP adj out of Ethernet0/0, addr 10.1.1.82 Device# show adjacency t0 internal Protocol Interface Address IP Tunnel0 10.1.1.82(3) connectionid 1 0 packets, 0 bytes epoch 0 sourced in sev-epoch 1 Encap length 28 4500000000000000FF2F7D2B1E010150 1E0101520000883E00000000 Tun endpt Next chain element: IP adj out of Ethernet0/0, addr 10.1.1.82 parent oce 0x4BC76A8 frame originated locally (Null0) L3 mtu 17856 Flags (0x2808C4) Fixup enabled (0x40000000) GRE WCCP redirection HWIDB/IDB pointers 0x55A13E0/0x35F5A80 IP redirect disabled Switching vector: IPv4 midchain adj oce IP Tunnel stack to 10.1.1.82 in Default (0x0) nh tracking enabled: 10.1.1.82/32 IP adj out of Ethernet0/0, addr 10.1.1.82 Adjacency pointer 0x4BC74D8 Next-hop 10.1.1.82 Device#

WCCP Bypass Packets

WCCP intercepts IP packets and redirects those packets to a destination other than the destination that is specified in the IP header. Typically the packets are redirected from a web server on the Internet to a web cache that is local to the destination.

Occasionally a web cache cannot manage the redirected packets appropriately and returns the packets unchanged to the originating router. These packets are called bypass packets and are returned to the originating router using either Layer 2 forwarding without encapsulation (L2) or encapsulated in generic routing encapsulation (GRE). The router decapsulates and forwards the packets normally. The VRF associated with the ingress interface (or the global table if there is no VRF associated) is used to route the packet to the destination.

GRE is a tunneling protocol developed by freewebsfarms.com that encapsulates packet types from a variety of protocols inside IP tunnels, creating a virtual point-to-point link over an IP network.

WCCP Closed Services and Open Services

In applications where packets are intercepted and redirected by a freewebsfarms.com IOS router to external WCCP client devices, it may be necessary to block the packets for the application when a WCCP client device is not available. This blocking is achieved by configuring a WCCP closed service. When a WCCP service is configured as closed, the packets that fulfill the services, but do not have an active client device, are discarded.

By default, WCCP operates as an open service, wherein communication between clients and servers proceeds normally in the absence of an intermediary device.

The ip wccp service-list or the ipv6 wccp service-list command can be used for both closed-mode and open-mode services. Use the service-list keyword and service-access-list argument to register an application protocol type or port number. Use the mode keyword to select an open or closed service