Cisco CSS 11000 Series Content Services Switches

Configuring Cache Redirecting and Bypassing on the CSS 11800

Cisco - Configuring Cache Redirecting and Bypassing on the CSS 11800

Document ID: 16217

Updated: Jan 31, 2006



With the help of content rules and Extension Qualifier Lists (EQLs), the Cisco Content Service Switch 11800 (CSS 11800) is configured to redirect HTTP requests to caching devices such as the Cisco Cache Engine. This feature can be used in place of running Web Cache Communication Protocol (WCCP) in the same local environment. It performs these redirects on Layer 2 with a Media Access Control (MAC) address rewrite. This is different from WCCP, which functions on Layer 3.

This document shows how to create a relationship between a CSS and a caching device with transparent redirects from the CSS perspective. This document also explains two different methods to bypass this caching redirect for particular requests.



There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • CSS 11800 with version WebNS 5.01 build 5

  • CSS 11000 with version WebNs 6.10

  • CSS 11500 with version WebNs 7.10, 7.20 and 7.30

The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.


For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Cache Configuration Task Lists

Create Caching Service

The special caching parameter of type transparent-cache is used when you create services that point to caching devices.

CSS11800(config)# service cache1 
CSS11800(config-service[cache1])# ip address 
CSS11800(config-service[cache1])# type transparent-cache 
CSS11800(config-service[cache1])# active

Create EQL List

An EQL list is used to identify the object extensions the CSS needs to listen for in passing traffic. Once the flow manager/processor in the CSS detects a request for a particular object that is defined in an EQL, the CSS load balances those requests to the caching services defined under the content rule referencing that EQL list.

CSS11800# configure 
CSS11800(config)# eql Cache-these-extensions 
CSS11800(config-eql[Cache-these-extensions])# extension gif "GIF Image image/gif" 
CSS11800(config-eql[Cache-these-extensions])# extension html "Hypertext Markup Language text/html" 
CSS11800(config-eql[Cache-these-extensions])# extension htm 
CSS11800(config-eql[Cache-these-extensions])# extension jpeg "JPEG image image/jpeg" 
CSS11800(config-eql[Cache-these-extensions])# extension jpg

Note:  Continue with additional extensions if you want to cache. The entire EQL list used in this configuration is shown later in this document.

Create Caching Content Rule

CSS11800# configure 
CSS11800(config)# owner Perry 
CSS11800(config-owner[Perry])# content Cache-Rule 
CSS11800(config-owner-content[Perry-Cache-Rule])# add service cache1 
CSS11800(config-owner-content[Perry-Cache-Rule])# protocol tcp 
CSS11800(config-owner-content[Perry-Cache-Rule])# port 80 
CSS11800(config-owner-content[Perry-Cache-Rule])# url "/*" eql Cache-these-extensions 
CSS11800(config-owner-content[Perry-Cache-Rule])# active

Cache-Bypass Configuration Task List

These are two separate methods used to bypass cache re-direction to the Cache Engine:

  • One method uses an Access Control List (ACL) with Network Qualifier List (NQL) lists to flag source and destination IP ranges.

  • The other method uses a Domain Qualifier List (DQL) in a content rule to define a domain for which all requests are bypassed.

ACL/NQL Method

This method allows the entire source or destination subnets defined in an NQL to be bypassed. See the bypass caveats section of this document for design considerations.

Create NQLs

CSS11800# configure 
CSS11800(config)# nql Bypass-destination-range 
CSS11800(config-nql[Bypass-destination-range])# ip address 
CSS11800# configure 
CSS11800(config)# nql Bypass-source-range 
CSS11800(config-nql[Bypass-source-range])# ip address

Create ACL

CSS11800# configure 
CSS11800(config)# acl 10 
CSS11800(config-acl[10])# clause 10 bypass any nql Bypass-source-range destination any 
CSS11800(config-acl[10])# clause 20 bypass any any destination nql Bypass-destination-range 
CSS11800(config-acl[10])# clause 30 permit any any destination any 
CSS11800(config-acl[10])# apply circuit-(VLAN4) 
CSS11800(config-acl[10])# apply circuit-(VLAN2) 
CSS11800# configure 
CSS11800(config)# acl 20 
CSS11800(config-acl[20])# clause 10 permit any any destination any 
CSS11800(config-acl[20])# apply all 

CSS11800(config)# acl enable

DQL Method

This method bypasses requests for domains identified in the DQL. See the bypass caveats section of this document for design considerations.

CSS11800# configure 
CSS11800(config)# dql Domains-to-not-cache 
CSS11800(config-dql[Domains-to-not-cache])# domain 
CSS11800(config-dql[Domains-to-not-cache])# domain 
CSS11800# configure 
CSS11800(config)# owner Perry 
CSS11800(config-owner[Perry])# content Bypass 
CSS11800(config-owner-content[Perry-Bypass])# protocol tcp 
CSS11800(config-owner-content[Perry-Bypass])# port 80 
CSS11800(config-owner-content[Perry-Bypass])# url "/*" dql Domains-to-not-cache 
CSS11800(config-owner-content[Perry-Bypass])# application-bypass 
CSS11800(config-owner-content[Perry-Bypass])# active

Cache-Bypass Caveats and Cache Design Considerations

If you create an application-bypass content rule, it prevents matching requests from hitting any content rule. This method is effective for cache-bypass (DQL matches always take precedence over EQL matches). The bypass parameter in the ACL also prevents all ACL matches from hitting any content rule.

Network Diagram



CSS Configuration
!Active version: ap0501005
!*************************** GLOBAL
  acl enable
  ip route 1 
!************************* INTERFACE *************************
interface e2
  bridge vlan 2 
interface e3
  bridge vlan 2 
interface e4
  bridge vlan 4 
!************************** CIRCUIT **************************
circuit VLAN1
  description "outside connection" 
  ip address 
circuit VLAN2
  description "inside to servers" 
  ip address 
circuit VLAN4
  ip address 
!************************** SERVICE **************************
service cache1 
  ip address 
  type transparent-cache 
!**************************** EQL ****************************
eql Cache-these-extensions 
  extension au "Sound audio/basic" 
  extension bmp "Bitmap Image" 
  extension z "Compressed data application/x-compress" 
  extension gif "GIF Image image/gif" 
  extension html "Hypertext Markup Language text/html" 
  extension htm 
  extension js "Java script application/x-javascript" 
  extension mocha 
  extension jpeg "JPEG image image/jpeg" 
  extension jpg 
  extension jpe 
  extension jfif 
  extension pjpeg 
  extension pjp 
  extension mp2 "MPEG Audio audio/x-mpeg" 
  extension mpa 
  extension abs 
  extension mpeg "MPEG Video video/mpeg" 
  extension mpg 
  extension mpe 
  extension mpv 
  extension vbs 
  extension m1v 
  extension pcx "PCX Image" 
  extension txt "Plain text text/plain" 
  extension text 
  extension mov "QuickTime video/quicktime" 
  extension tiff "TIFF Image image/tiff" 
  extension tar "Unix Tape Archive application/x-tar" 
  extension avi "Video for Windows video/x-msvideo" 
  extension wav "Wave File audio/x-wav" 
  extension gz "application/x-gzip" 
  extension zip "ZIP file application/x-zip-compressed" 
!**************************** NQL ****************************
nql Bypass-destination-range 
  ip address 
nql Bypass-source-range 
  ip address 
!**************************** DQL ****************************
dql Domains-to-not-cache 
!*************************** OWNER ***************************
owner Perry 
  content Bypass 
    port 80 
    url "/*" dql Domains-to-not-cache 
    protocol tcp 
    application bypass 
  content Cache-Rule 
    add service cache1 
    protocol tcp 
    port 80 
    url "/*" eql Cache-these-extensions 
!**************************** ACL ****************************
acl 10 
  clause 10 bypass any nql Bypass-source-range destination content
  clause 20 bypass any any destination nql Bypass-destination-range eq
  clause 30 permit any any destination any
  apply circuit-(VLAN4)
  apply circuit-(VLAN2) 
acl 20 
  clause 10 permit any any destination any 
  apply circuit-(VLAN4)
  apply circuit-(VLAN2)
  apply circuit-(VLAN1)


This section provides the information to confirm that your configuration works properly.

Certain show commands are supported by the Output Interpreter Tool (registered customers only) . This allows you to view an analysis of show command output.

  • show summary—Displays the relationship between owners, content rules, and services.

  • show service summary—Displays the summary information for all services. This information includes the service state, connections, weight, and load.

  • show rule—Displays all content rules for a specific owner or all owners. The screen shows information about the owner and the content rules. If you are in owner mode, the show rule command displays the summary for the current owner.


There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Jan 31, 2006
Document ID: 16217