Guest

Cisco 500 Series Cache Engines

Configuring Cache Engine for Transparent Redirection and Cache HTTP Proxy Requests Using WCCPv2

Document ID: 27760

Updated: Oct 27, 2006

   Print

Introduction

In many organizations, there is the need to have all clients pass through a unique proxy server to go out to the Internet in order to provide centralized authentication and logging of all outgoing HTTP requests. Cisco Cache Engine uses Web Cache Communication Protocol Version 2 (WCCPv2) to transparently redirect and cache such requests issued by the clients. This sample configuration provides high bandwidth and resource savings for all the traffic that goes to the parent HTTP proxy, and ultimately to the Internet.

Prerequisites

Requirements

There are no specific prerequisites for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco Content Engine 560 that runs Cisco ACNS Software Release 4.2.1

  • Cisco 2600 Router that runs Cisco IOS® Software Release 12.1.11(T)

  • HTTP proxy server

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

Network Diagram

This document uses this network setup:

transparent_proxy.gif

Configurations

This document uses the configuration shown in this section.

All clients have configured their HTTP browser with HTTP proxy configured to the IP address 10.48.66.216 and port 8080. The Content Engine AGRA transparently redirects all requests to the HTTP proxy server JSH.

The http proxy outgoing origin-server command is issued. Therefore, if the upstream proxy server JSH is not responsive, the Content Engine redirects the request directly to the origin server and preserves transparency.

In the event that the clients are also authenticated on the HTTP proxy server, issue the http authentication header 407 command in order to preserve the authentication credentials entered by the client, and pass them to the upstream proxy server.

Cisco ACNS 4.2.1
!
http proxy outgoing host 10.48.66.216 8080 primary

!--- This command is issued for the Content Engine to pass all requests 
!--- to an upstream proxy server.

http proxy outgoing origin-server

!--- If the proxy server is not responsive, the Content Engine 
!--- forwards requests directly to origin server.


http reval-each-request all


!--- Only for testing purposes. The Content Engine revaluates each 
!--- request to the origin server.


!
!
!
!
!
ip domain-name cisco.com
!
!
interface FastEthernet 0/0
 ip address 192.168.150.250 255.255.255.0
 exit
interface FastEthernet 0/1
 shutdown
 exit
!
!
ip default-gateway 192.168.150.1
!
primary-interface FastEthernet 0/0
!
!
ecdn enable
!
!
!
!
ip name-server 144.254.10.123
!
!
logging facility local1
logging console priority debug

!--- Only for testing purposes. Logging is enabled 
!--- to the console directly.

!
!
!
!
!
wccp router-list 1 192.168.150.1
wccp port-list 1 8080
wccp custom-web-cache router-list-num 1 port 8080

!--- Customer web caching to redirect HTTP proxy requests to port 8080.


wccp version 2
no wccp slow-start enable
!
!
rule no-cache url-regex cgi-bin
!
!
transaction-logs enable
transaction-logs file-marker
transaction-logs export enable
!
!
username admin password 1 FwgIKhhg2Nn4Q
username admin privilege 15
!
!
!
!
authentication login local enable
authentication configuration local enable
!
Cisco router 2600 running wccp:
!
hostname giulio
!
enable password ww
!
ip wccp 98

!--- WCCP service 98 to transparently redirect 
!--- HTTP connections on port 8080.


!
!
!
interface FastEthernet0/0
 ip address 10.48.66.27 255.255.254.0
 ip wccp 98 redirect out
 speed 100
 full-duplex
!
 
interface FastEthernet0/1
 ip address 192.168.150.1 255.255.255.0
 ip route-cache same-interface
 speed 100
 full-duplex
!

Verify

Use this section to confirm that your configuration works properly.

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

  • show http proxy —Displays status from the Content Engine of the HTTP proxy configuration.

    agra#show http proxy 
    Incoming Proxy-Mode: Not servicing incoming proxy mode connections.
    Outgoing Proxy-Mode: Primary Proxy Server:10.48.66.216 port   8080

    The interval for outgoing proxy servers is 60 seconds. The timeout period for outgoing proxy servers that probe is 300,000 microseconds. The use of the origin server upon proxy failures is enabled.

  • debug http header—Displays HTTP proxy requests on the Content Engine.

    Oct  9 10:47:57 agra cache: [[[GET http://www.cisco.com/ HTTP/1.0\r\nAccept: 
    */*\r\nAccept-Language: 
    en-us\r\nPragma: no-cache\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 5.5; 
    Windows NT 5.0; T312461)\r\nHost: www.cisco.com\r\nProxy-Connection: 
    Keep-Alive\r\n\r\n]]]
  • debug http proxy—Displays the request that is issued by the Content Engine to the upstream proxy JSH, 10.48.66.216:8080.

    Oct  9 10:53:44 agra cache: Connecting to ip: 10.48.66.216, 
    port 8080, rqst_server_addr ip: 10.48.66.216, port 8080
  • tcpdump—Sniffs packets.

    agra#tcpdump tcp
    
    !--- Sniffs only TCP packets.
    
    Kernel filter, protocol ALL, datagram packet socket
    tcpdump: listening on all devices
    10:37:59.582303 eth0 > jsh.cisco.com.webcache > 192.168.150.217.2340: 
       S 3150663558:3150663558(0) ack 1450975212 win 5840 <mss 1432,nop,nop,sackOK>
    10:37:59.583628 eth0 > jsh.cisco.com.webcache > 192.168.150.217.2340: 
       . 1:1(0) ack 218 win 5840
    10:37:59.593258 eth0 > agra.cisco.com.34987 > jsh.cisco.com.webcache: 
       S 3153525366:3153525366(0) win 5840 <mss 1460,nop,nop,sackOK>
    
    !--- TCP connection established between ASD (HTTP Client) 
    !--- and JSH (HTTP proxy server), which is spoofed by 
    !--- AGRA (Content Engine).
    
    10:37:59.596084 eth0 < jsh.cisco.com.webcache > agra.cisco.com.34987:
       S 3257871852:3257871852(0) ack 3153525367 win 17520 <mss 1460,nop,nop,sackOK> 
      (DF)
    10:37:59.596151 eth0 > agra.cisco.com.34987 > jsh.cisco.com.webcache: 
       . 1:1(0) ack 1 win 5840
    
    !--- AGRA retrieves the content on behalf of the client. Note the 
    !--- HTTP request on port 8080 (webcache).
    
    10:37:59.611127 eth0 > agra.cisco.com.34987 > jsh.cisco.com.webcache:  
       P 1:212(211) ack 1 win 5840
    10:37:59.742790 eth0 < jsh.cisco.com.webcache > agra.cisco.com.34987: 
       . 1:1(0) ack 212 win 17309 (DF)
    ...

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Oct 27, 2006
Document ID: 27760