Friday, 5 June 2009

WCCP



When I did my CCIE Lab this topic was in the blueprints. I didn't care for its existance and didnt look to this feature. I passed the lab and thank god didn't get this feature in my exam. I found a new job as an Expert Engineer and guess what was my first task? Implement Bluecoat ProxySG in the network using WCCP. WoW! I couldnt believe that I am using that feature. Here are some hints that might be useful.

The network Diagram below shows the exact setup of the Proxy in the network. Now you will notice that the proxy is directly connected to the internet gateway so forwarding will be done using L2.Caching is needed only for specific vlans. WCCP is capable of doing that.


Internet Gateway Config

! VLAN 100 web traffic will be cached
ip wccp web-cache redirect-list TO_CACHE

! apply redirection on the incoming interface
interface GigabitEthernet1/1
ip wccp web-cache redirect in

access-list TO_CACHE permit 192.168.100.0

Bluecoat ProxySG config:

wccp enable
wccp version 2
service-group web-cache
forwarding-type L2
interface 0
home-router 192.168.50.1

Troubleshooting:

Router#show ip wccp
Global WCCP information:
Router information:
Router Identifier: 192.168.50.1
Protocol Version: 2.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 15970153
Redirect access-list: TO_CACHE
Total Packets Denied Redirect: 14419
Total Packets Unassigned: 41479
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0

Router#show ip wccp web-cache detail
WCCP Cache-Engine information:
Web Cache ID: 192.168.50.2
Protocol Version: 2.0
State: Usable
Redirection: L2
Packet Return: GRE
Assignment: HASH
Initial Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Assigned Hash ifo: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets Redirected: 15922769
Connect Time: 5w2d

Comments:
  1. The Router Identifier is chosen by the router. The highest IP address of physical interface if no loopbacks are configured; else the highest Loopback IP address is the router ID.
  2. The proxy does not have to be on a common vlan with the gateway. WCCP can run over GRE tunnels with L3 conectivity.
  3. Any service can be activated for caching not only web traffic for more details check the following URL : http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_wccp_ps6350_TSD_Products_Configuration_Guide_Chapter.html
  4. Redirection of traffic can be applied in any direction in or out depending on the business requirements. For example if we have a web server in VLAN 200 where traffic from VLAN 100 to this web server should not be cached as shown in the below figure; then apply the redirection outside on G1/3.

    interface GigabitEthernet1/3
    ip wccp web-cache redirect out

I hope this has been informative for you.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)