Guest

Cisco 500 Series Cache Engines

WCCP Troubleshooting for Transparent Caching

Document ID: 9250

Updated: Jan 31, 2006

   Print

Introduction

This document provides a basic framework for the troubleshoot of Web Cache Communication Protocol (WCCP) when you use WCCP to implement transparent caching.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these devices:

  • Cisco Catalyst 6500 with a Supervisor Engine 1 and Multilayer Switch Feature Card (MSFC) 1 that runs Cisco IOS® Software

    The software version on the 6500 is Cisco IOS Software Release 12.1(8a)EX (c6sup11-jsv-mz.121-8a.EX.bin).

  • Cisco 550 Cache Engine that runs version 2.51

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only) .

Network Diagram

This document uses this network setup:

tshoot_wccp_9250-A.gif

Configuration

A good approach when you install a Cache Engine is to configure only the commands necessary to make WCCP work. You can add other features, such as authentication of the router and clients redirection lists, at a later time.

On the Cache/Content Engine, specify the IP address of the router and the version of WCCP that you want to use.

wccp router-list 1 192.168.15.1 
wccp web-cache router-list-num 1
wccp version 2

On the router, activate the feature and specify the port for the redirection. Recognition of the caches occurs automatically.

ip wccp web-cache 

!--- This is global configuration mode.


interface Vlan100 
 ip address 172.17.241.97 255.255.255.0 
 ip wccp web-cache redirect out 

!--- This is interface configuration mode.

Apply the command ip wccp web-cache redirect out on the interface where you want to intercept the client HTTP packets in the path to the real web server. This interface is typically the interface that brings you to the company Internet service provider (ISP). This interface does not need to be the interface where you have installed your cache.

Once WCCP is active, the router listens on all the ports for WCCP packets. The Cache Engine continuously sends "Here I am" packets to the IP addresses that have a configuration in the router list to signal the Cache Engine presence. If you have set everything correctly, the router acquires and installs the cache. Issue the show ip wccp command to view the configuration.

Router# show ip wccp
Global WCCP information: 
    Router information: 
        Router Identifier:         192.168.15.1 
        Protocol Version:          2.0 

    Service Identifier: web-cache 
        Number of Cache Engines:      1 
        Number of routers:            1 
        Total Packets Redirected:     0 
        Redirect access-list:         -none- 
        Total Packets Denied Redirect:  0 
        Total Packets Unassigned:     0 
        Group access-list:            -none- 
        Total Messages Denied to Group:      0 
        Total Authentication failures:       0

The router identifier is the IP address of the router that the Cache Engines sees. This address is not necessarily the router interface that the redirected traffic uses to reach the cache. The command show ip wccp web-cache detail provides details about the caches.

Router# show ip wccp web-cache detail 
WCCP Cache-Engine information: 
        
        IP Address:            192.168.15.2 
        Protocol Version:      2.0 
        State:                 Usable 
        Redirection:           GRE 
        Initial Hash Info:     FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC 
                               FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 
        Assigned Hash Info:    FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 
                               FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 
        Hash Allotment:        256 (100.00%) 
        Packets Redirected:    0 
        Connect Time:          00:02:49

The Redirection field represents the type of protocol that redirects the packets from the router to the Cache Engine. This protocol can be either generic routing encapsulation (GRE) or Layer 2 (L2). With GRE, a GRE packet encapsulates the packets. With L2, packets send straight to the cache, but the devices must be L2-adjacent.

The Hash Allotment is the number of hash buckets with assignment to this cache. Hex also represents Hash Allotment with Initial Hash Info and Assigned Hash Info. The hash algorithm permits collection and division of all the possible destination Internet addresses in a number of buckets. Each cache in a cluster, or group of caches, receives a percentage of this set of buckets. The WCCP dynamically manages this amount according to the load and some other conditions. If you have installed only one cache, this cache probably receives all the buckets with assignment to the cache.

When the router starts the redirection of packets to the Cache Engine, you see the number in the Total Packets Redirected field increase.

Router# show ip wccp 
Global WCCP information: 
    Router information: 
        Router Identifier:          192.168.15.1 
        Protocol Version:            2.0 

    Service Identifier: web-cache 
        Number of Cache Engines:           1
        Number of routers:                 1 
        Total Packets Redirected:  37 
        Redirect access-list:            -none- 
        Total Packets Denied Redirect:       0 
        Total Packets Unassigned:           12 
        Group access-list:                -none- 
        Total Messages Denied to Group:      0 
        Total Authentication failures:       0 

Total Packets Unassigned is the number of packets without redirection because of a lack of assignment to any cache. This redirection failure can happen during the initial discovery of caches. The failure can also occur for a small interval during a cache removal.

If the router does not acquire the cache, debug the WCCP activity. Whenever the router receives a "Here I am" packet from the cache, the router answers with an "I see you" packet. The debugs report this activity. The available debug commands are debug ip wccp events and debug ip wccp packets.

If you take the debugs on a router after you bring up a cache, this is the result:

Router# debug ip wccp event 
WCCP events debugging is on 
Router# debug ip wccp packet 
WCCP packet info debugging is on 
Router# 
2d18h: WCCP-EVNT:S00: Built new router view: 0 routers, 0 usable web caches, change 
 # 00000001 
2d18h: %SYS-5-CONFIG_I: Configured from console by console 
2d18h: WCCP-PKT:S00: Sending I_See_You packet to 192.168.15.2 w/ rcv_id 00000001 
2d18h: WCCP-EVNT:S00: Redirect_Assignment packet from 192.168.15.2 fails source check 
2d18h: %WCCP-5-SERVICEFOUND: Service web-cache acquired on Web Cache 192.168.15.2 
2d18h: WCCP-PKT:S00: Received valid Here_I_Ampacket from 192.168.15.2 w/rcv_id 00000001 
2d18h: WCCP-EVNT:S00: Built new router view: 1 routers, 1 usable web caches, change 
 # 00000002 
2d18h: WCCP-PKT:S00: Sending I_See_You packet to 192.168.15.2 w/ rcv_id 00000002 
2d18h: WCCP-EVNT:S00: Built new router view: 1 routers, 1 usable web caches, change 
 # 00000002 
2d18h: WCCP-PKT:S00: Received valid Redirect_Assignment packet from 192.168.15.2 w/rcv_id 
 00000002 
2d18h: WCCP-PKT:S00: Sending I_See_You packet to 192.168.15.2 w/ rcv_id 00000003 
2d18h: WCCP-EVNT:S00: Built new router view: 1 routers, 1 usable web caches, change 
 # 00000002 
2d18h: WCCP-PKT:S00: Received valid Redirect_Assignment packet from 192.168.15.2 w/rcv_id 
 00000003 
2d18h: WCCP-PKT:S00: Sending I_See_You packet to 192.168.15.2 w/ rcv_id 00000004 
2d18h: WCCP-PKT:S00: Sending I_See_You packet to 192.168.15.2 w/ rcv_id 00000005 
2d18h: WCCP-PKT:S00: Sending I_See_You packet to 192.168.15.2 w/ rcv_id 00000006 
2d18h: WCCP-EVNT:S00: Built new router view: 1 routers, 1 usable web caches, change 
 # 00000002 
2d18h: WCCP-PKT:S00: Received valid Redirect_Assignment packet from 192.168.15.2 w/rcv_id 
 00000006

To increase the level of debug, trace the IP packet traffic to check whether the router receives packets from the Cache Engine. However, you do not want to kill a router in a production environment, and you only want to show the interesting traffic. Therefore, use an access control list (ACL) to restrict the debugs only to the packets that have the cache IP address as source.

access-list 130 permit ip host 192.168.15.2 host 192.168.15.1  

Router# debug ip wccp event 
WCCP events debugging is on 
Router# debug ip wccp packet 
WCCP packet info debugging is on 
Router# debug ip packet 130 
IP packet debugging is on for access list 130 
2d19h: WCCP-EVNT:S00: Built new router view: 1 routers, 1 usable web caches, change 
 # 00000002 
2d19h: WCCP-PKT:S00: Received valid Redirect_Assignment packet from 192.168.15.2 
 w/rcv_id 0000001B 
2d19h: datagramsize=174, IP 18390: s=192.168.15.2 (Vlan300), d=192.168.15.1 (Vlan300), 
 totlen 160, fragment 0, fo 0, rcvd 3 
2d19h: WCCP-PKT:S00: Sending I_See_You packet to 192.168.15.2 w/ rcv_id 0000001C 
2d19h: datagramsize=174, IP 18392: s=192.168.15.2 (Vlan300), d=192.168.15.1 (Vlan300), 
 totlen 160, fragment 0, fo 0, rcvd 3 
2d19h: WCCP-PKT:S00: Sending I_See_You packet to 192.168.15.2 w/ rcv_id 0000001D 
2d19h: datagramsize=174, IP 18394: s=192.168.15.2 (Vlan300), d=192.168.15.1 (Vlan300), 
 totlen 160, fragment 0, fo 0, rcvd 3 
2d19h: WCCP-PKT:S00: Sending I_See_You packet to 192.168.15.2 w/ rcv_id 0000001E 
2d19h: datagramsize=378, IP 18398: s=192.168.15.2 (Vlan300), d=192.168.15.1 (Vlan300), 
 totlen 364, fragment 0, fo 0, rcvd 3 
2d19h: WCCP-EVNT:S00: Built new router view: 1 routers, 1 usable web caches, change 
 # 00000002 
2d19h: WCCP-PKT:S00: Received valid Redirect_Assignment packet from 192.168.15.2 
 w/rcv_id 0000001E 
2d19h: datagramsize=174, IP 18402: s=192.168.15.2 (Vlan300), d=192.168.15.1 (Vlan300), 
 totlen 160, fragment 0, fo 0, rcvd 3 
2d19h: WCCP-PKT:S00: Sending I_See_You packet to 192.168.15.2 w/ rcv_id 0000001F 
2d19h: datagramsize=174, IP 18404: s=192.168.15.2 (Vlan300), d=192.168.15.1 (Vlan300), 
 totlen 160, fragment 0, fo 0, rcvd 3 
2d19h: WCCP-PKT:S00: Sending I_See_You packet to 192.168.15.2 w/ rcv_id 00000020 
2d19h: datagramsize=174, IP 18406: s=192.168.15.2 (Vlan300), d=192.168.15.1 (Vlan300), 
 totlen 160, fragment 0, fo 0, rcvd 3 
2d19h: WCCP-PKT:S00: Sending I_See_You packet to 192.168.15.2 w/ rcv_id 00000021 
2d19h: datagramsize=378, IP 18410: s=192.168.15.2 (Vlan300), d=192.168.15.1 (Vlan300), 
 totlen 364, fragment 0, fo 0, rcvd 3 
2d19h: WCCP-EVNT:S00: Built new router view: 1 routers, 1 usable web caches, change 
 # 00000002 
2d19h: WCCP-PKT:S00: Received valid Redirect_Assignment packet from 192.168.15.2 
 w/rcv_id 00000021 
2d19h: datagramsize=174, IP 18414: s=192.168.15.2 (Vlan300), d=192.168.15.1 (Vlan300), 
 totlen 160, fragment 0, fo 0, rcvd 3 
2d19h: WCCP-PKT:S00: Sending I_See_You packet to 192.168.15.2 w/ rcv_id 00000022 
2d19h: datagramsize=174, IP 18416: s=192.168.15.2 (Vlan300), d=192.168.15.1 (Vlan300), 
 totlen 160, fragment 0, fo 0, rcvd 3 

If the router sees no caches or WCCP activity, check the basic connectivity. Try to ping the cache from the router or the router from the cache. If the pings works, verify that the configuration is correct.

If the cache acquisition occurs but there is no packet redirection, verify that traffic actually reaches the router. Also, verify that traffic forwards to the interface where you issued the ip wccp web-cache redirect out command. Remember that, with the interception and redirection of traffic, that traffic goes to the TCP port 80.

If the cache acquisition occurs and you see the redirection of packets but your clients cannot browse the Internet, check for cache connectivity to the Internet and to your clients. Then, try to ping from the cache to various IP addresses in the Internet and to some of your clients. If the pings go to fully qualified domains (URLs) instead of IP addresses, be sure that you have specified which Domain Name System (DNS) server to use in the cache configuration.

If you are not sure if the cache processes the requests or not, you can debug the HTTP activity in the cache. First, you must restrict the traffic so that you do not kill the cache. On the router, create an ACL with the source IP address of the client, and use the redirect-list option of the global command ip wccp web-cache.

Router(config)# access-list 50 permit 10.10.10.152 
Router(config)# ip wccp web-cache redirect-list 50

Next, issue the debug http all all command to activate the HTTP debug in the cache. Then, issue the term mon command to activate the terminal monitoring, and try to browse a site from the client that you configured in the ACL. Here is sample command output:

Cache# debug http all trace 
Cache# clear cache 
Clear cache initiated 
Clear cache complete 
irq0#cework_readfirstdata() Start the recv: 0xb820a80 len 4096 timeout 0x3a98 ms ctx 
 0xb87d280 
cework_recvurl() Start the request: 0xb20c800 0xb20c838 0xb20c8e0 
Http Request headers received from client: 
GET / HTTP/1.1 
Host: 172.17.241.126 
User-Agent: Links (0.92; Linux 2.2.19 i686) 
Accept: */* 
Accept-Charset: us-ascii, ISO-8859-1, ISO-8859-2, ISO-8859-4, ISO-8895-5, ISO-8859-13, 
 windows-1250, windows-1251, windows-1257, cp437, cp850, cp852, cp866, x-cp866-u, 
 x-mac-ce, x-kam-cs, x-koi8-r, x-koi8-u, utf-8 
Connection: Keep-Alive 

Protocol dispatch: mode=1 proto=2 
ValidateCode() Begin: pRequest=0xb20c800 
Proxy: CACHE_MISS: HealProcessUserRequest 
cework_teefile() 0xb20c800: Try to connect to server: CheckProxyServerOut(): 
 Outgoing proxy is not enabled: 0xb20c800 (F) 
GetServerSocket(): Forwarding to server: pHost = 172.17.241.126, Port = 80 
HttpServerConnectCallBack : Connect call back socket = 268055136, error = 0 
Http request headers sent to server: 
GET / HTTP/1.1 
Host: 172.17.241.126 
User-Agent: Links (0.92; Linux 2.2.19 i686) 
Accept: */* 
Accept-Charset: us-ascii, ISO-8859-1, ISO-8859-2, ISO-8859-4, ISO-8895-5, ISO-8859-13, 
 windows-1250, windows-1251, windows-1257, cp437, cp850, cp852, cp866, x-cp866-u, 
 x-mac-ce, x-kam-cs, x-koi8-r, x-koi8-u, utf-8 
Connection: keep-alive 
Via: 1.1 irq0 
X-Forwarded-For: 10.10.10.152 

cework_sendrequest: lBytesRemote = 383, nLength = 383 (0xb20c800) 
ReadResCharRecvCallback():  lBytesRemote = 1815, nLength = 1432 0xb20c800) 
IsResponseCacheable() OBJECTSIZE_IS_UNLIMITED, lContentLength = 3195 
cework_processresponse() : 0xb20c800 is cacheable 
Http response headers received from server: 
HTTP/1.1 200 OK 
Date: Mon, 19 Nov 2001 19:26:06 GMT 
Server: Apache/1.3.12 (Unix)  (Red Hat/Linux) mod_ssl/2.6.6 
 OpenSSL/0.9.5a mod_perl/1.24 
Last-Modified: Fri, 12 Oct 2001 12:45:30 GMT 
ETag: "5d63-c7b-3bc6e5ea" 
Accept-Ranges: bytes 
Content-Length: 3195 
Keep-Alive: timeout=15, max=100 
Connection: Keep-Alive 
Content-Type: text/html 

GetUpdateCode(): GET request from client, GET request to server. 
GetUpdateCode(): nRequestType = -1 
SetTChain() 0xb20c800: CACHE_OBJECT_CLIENT_OBJECT sendobj_and_cache 
Http response headers sent to client: 
HTTP/1.1 200 OK 
Date: Mon, 19 Nov 2001 19:26:06 GMT 
Server: Apache/1.3.12 (Unix)  (Red Hat/Linux) mod_ssl/2.6.6 
 OpenSSL/0.9.5a mod_perl/1.24 
Last-Modified: Fri, 12 Oct 2001 12:45:30 GMT 
ETag: "5d63-c7b-3bc6e5ea" 
Content-Length: 3195 
Keep-Alive: timeout=15, max=100 
Content-Type: text/html 
Connection: keep-alive 

cework_tee_sendheaders() 0xb20c800: sent 323 bytes to client 
cework_tee_send_zbuf() 0xb20c800: Send 1087 bytes to client (1087) 
UseContentLength(): Valid Content-Length (T) 
cework_tee_recv_zbuf() 0xb20c800: Register to recv 2108 bytes timeout 120 sec 
HttpServerRecvCallBack(): Recv Call Back socket 268055136, err 0, length 2108 
HttpServerRecvCallBack(): lBytesRemote = 3923, nLength = 2108 (186697728) 
cework_tee_send_zbuf() 0xb20c800: Send 2108 bytes to client (2108) 
UseContentLength(): Valid Content-Length (T) 
cework_setstats(): lBytesLocal = 0, lBytesRemote = 3923 (0xb20c800) 
cework_readfirstdata() Start the recv: 0xb820c00 len 4096 timeout 0x3a98 
 ms ctx 0xb87d280 
cework_cleanup_final() End the request: 0xb20c800 0xb20c838 0xb20c8e0 

So that the cache does not answer directly to the client with some previous load content, you can clear the cache on the Cache Engine. Issue the clear cache command. Boldface text highlights relevant information in the debug. These are the different phases of a web page transaction:

  1. Receipt of HTTP request headers from the client

  2. Send of HTTP request headers to the server

  3. Receipt of HTTP response headers from the server

  4. Send of HTTP response headers to the client

If the web page that you browse contains multiple objects, you see multiple instances of the previous sequences. Always keep the debug process as simple as possible.

If the problem persists and you need further assistance, you can report this problem to Cisco Technical Support.

From the router, collect this information to provide to Cisco Technical Support:

  • The output of the show tech command

    You can substitute the output of the show running-config and show version output commands if there is some serious difficulty with the size of the show tech command output.

  • The output of the show ip wccp command

  • The output of the show ip wccp web-cache detail command

  • The output of the debug ip wccp events and debug ip wccp packets commands, if necessary

    This debug output is necessary if there seems to be a problem with communication between the router and the web cache. Collect the output during occurrence of the problem.

From a Cisco Cache Engine only, collect this information to provide to Cisco Technical Support:

  • The output of the show tech command

When you contact Cisco Technical Support, be ready to:

  • Provide a clear description of the problem

    Include answers to questions such as:

    • What are the symptoms?

    • Does the problem occur all the time, or infrequently?

    • Did the problem start to occur after some configuration change?

    • Are Cisco or third-party caches in use?

  • Provide a clear description of the affected topology, with a diagram if possible

  • Provide any other information that can help solve the problem

Here is sample command output:

*********************************** Router Configuration ************************ 

Router# show running 
Building configuration... 

Current configuration : 4231 bytes 
! 
version 12.1 
service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 
! 
hostname Router 
! 
boot buffersize 126968 
boot bootldr bootflash:c6msfc-boot-mz.120-7.XE1 
! 
redundancy 
 main-cpu 
  auto-sync standard 
ip subnet-zero 
ip wccp web-cache 
! 
! 
! 
interface FastEthernet3/1 
 no ip address 
 switchport 
 switchport access vlan 100 
 switchport mode access 
! 
interface FastEthernet3/2 
 no ip address 
 switchport 
 switchport access vlan 200 
 switchport mode access 
! 
interface FastEthernet3/3 
 no ip address 
 switchport 
 switchport access vlan 300 
 switchport mode access 
! 
interface FastEthernet3/4 
 no ip address 
! 
interface FastEthernet3/5 
 no ip address 
 shutdown 
! 
interface FastEthernet3/6 
 no ip address 
 shutdown 
! 
interface FastEthernet3/7 
 no ip address 
 shutdown 
! 
interface FastEthernet3/8 
 no ip address 
 shutdown 
! 
interface FastEthernet3/9 
 no ip address 
 shutdown 
! 
interface FastEthernet3/10 
 no ip address 
 shutdown 
! 
interface FastEthernet3/11 
 no ip address 
 shutdown 
! 
interface FastEthernet3/12 
 no ip address 
 shutdown 
! 
interface Vlan1 
 no ip address 
 shutdown 
! 
interface Vlan100 
 ip address 172.17.241.97 255.255.255.0 
 ip wccp web-cache redirect out 
! 
interface Vlan200 
 ip address 10.10.10.120 255.255.255.0 
! 
interface Vlan300 
 ip address 192.168.15.1 255.255.255.0 
! 
ip classless 
ip route 0.0.0.0 0.0.0.0 172.17.241.1 
no ip http server 
! 
access-list 30 permit 192.168.15.2 
! 
! 
line con 0 
 exec-timeout 0 0 
line vty 0 4 
 login 
 transport input lat pad mop telnet rlogin udptn nasi 
! 
end 
  

*********************************** Cache Configuration ************************ 

Cache# show running 

Building configuration... 
Current configuration: 
! 
! 
logging disk /local/syslog.txt debug 
! 
user add admin uid 0  capability admin-access 
! 
! 
! 
hostname Cache 
! 
interface ethernet 0 
 ip address 192.168.15.2 255.255.255.0 
 ip broadcast-address 192.168.15.255 
 exit 
! 
interface ethernet 1 
 exit 
! 
ip default-gateway 192.168.15.1 
ip name-server 172.17.247.195 
ip domain-name cisco.com 
ip route 0.0.0.0 0.0.0.0 192.168.15.1 
cron file /local/etc/crontab 
! 
wccp router-list 1 192.168.15.1 
wccp web-cache router-list-num 1 
wccp version 2 
! 
authentication login local enable 
authentication configuration local enable 
rule no-cache url-regex .*cgi-bin.* 
rule no-cache url-regex .*aw-cgi.* 
! 
! 
end 

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Jan 31, 2006
Document ID: 9250