IP Application Services Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
WCCP Version 2
Downloads: This chapterpdf (PDF - 176.0KB) The complete bookPDF (PDF - 470.0KB) | The complete bookePub (ePub - 682.0KB) | Feedback

WCCP Version 2

WCCP Version 2

Last Updated: January 30, 2013

The Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing technology that intercepts IP packets and redirects those packets to a destination other than that specified in the IP packet. Typically the packets are redirected from their destination web server on the Internet to a content engine that is local to the client. In some WCCP deployment scenarios, redirection of traffic may also be required from the web server to the client. WCCP enables you to integrate content engines into your network infrastructure.

The tasks in this document assume that you have already configured content engines on your network. For specific information on hardware and network planning associated with Cisco Content Engines and WCCP, see the Cisco Content Engines documentation at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/webscale/content/index.htm

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for WCCP Version 2

  • IP must be configured on the interface connected to the Internet and another interface must be connected to the content engine.
  • The interface connected to the content engine must be a Fast Ethernet or Gigabit Ethernet interface.

Information About WCCP Version 2

WCCPv2 Overview

WCCP uses Cisco Content Engines (or other content engines running WCCP) to localize web traffic patterns in the network, enabling content requests to be fulfilled locally. Traffic localization reduces transmission costs and download time.

WCCP enables Cisco IOS XE routing platforms to transparently redirect content requests. The main benefit of transparent redirection is that users need not configure their browsers to use a web proxy. Instead, they can use the target URL to request content, and have their requests automatically redirected to a content engine. The word "transparent" in this case means that the end user does not know that a requested file (such as a web page) came from the content engine instead of from the originally specified server.

A content engine receiving a request attempts to service it from its own local cache. If the requested information is not present, the content engine issues its own request to the originally targeted server to get the required information. A content engine retrieving the requested information forwards it to the requesting client and caches it to fulfill future requests, thus maximizing download performance and substantially reducing transmission costs.

WCCP enables a series of content engines, called a content engine cluster, to provide content to a router or multiple routers. Network administrators can easily scale their content engines to manage heavy traffic loads through these clustering capabilities. Cisco clustering technology enables each cluster member to work in parallel, resulting in linear scalability. Clustering content engines greatly improves the scalability, redundancy, and availability of your caching solution. You can cluster up to 32 content engines to scale to your desired capacity.

The WCCP Version 2 feature provides several enhancements and features to the WCCP protocol, including:

  • The ability of multiple routers to service a content engine cluster.
  • Redirection of traffic other than HTTP (TCP port 80 traffic), including a variety of UDP and TCP traffic.
  • Optional authentication that enables you to control which routers and content engines become part of the service group using passwords and the HMAC MD5 standard.
  • A check on packets that determines which requests have been returned from the content engine unserviced.
  • Load adjustments for individual content engines to provide an effective use of the available resources while helping to ensure high quality of service (QoS) to the clients.

WCCPv2 Configuration

Multiple routers can use WCCPv2 to service a content engine cluster. In WCCPv1, only one router could redirect content requests to a cluster. The figure below illustrates a sample configuration using multiple routers.

Figure 1 Cisco Content Engine Network Configuration Using WCCPv2


The subset of content engines within a cluster and routers connected to the cluster that are running the same service is known as a service group. Available services include TCP and UDP redirection.

In WCCPv1, the content engines were configured with the address of the single router. WCCPv2 requires that each content engine be aware of all the routers in the service group. To specify the addresses of all the routers in a service group, you must choose one of the following methods:

  • Unicast--A list of router addresses for each of the routers in the group is configured on each content engine. In this case the address of each router in the group must be explicitly specified for each content engine during configuration.
  • Multicast--A single multicast address is configured on each content engine. In the multicast address method, the content engine sends a single-address notification that provides coverage for all routers in the service group. For example, a content engine could indicate that packets should be sent to a multicast address of 224.0.0.100, which would send a multicast packet to all routers in the service group configured for group listening using WCCP (see the ip wccp group-listen or the ipv6 wccp group-listen interface configuration command for details).

The multicast option is easier to configure because you need only specify a single address on each content engine. This option also allows you to add and remove routers from a service group dynamically, without needing to reconfigure the content engines with a different list of addresses each time.

The following sequence of events details how WCCPv2 configuration works:

  1. Each content engine is configured with a list of routers.
  2. Each content engine announces its presence and a list of all routers with which it has established communications. The routers reply with their view (list) of content engines in the group.
  3. When the view is consistent across all content engines in the cluster, one content engine is designated as the lead and sets the policy that the routers need to deploy in redirecting packets.

WCCPv2 Support for Services Other Than HTTP

WCCPv2 allows redirection of traffic other than HTTP (TCP port 80 traffic), including a variety of UDP and TCP traffic. WCCPv1 supported the redirection of HTTP (TCP port 80) traffic only. WCCPv2 supports the redirection of packets intended for other ports, including those used for proxy-web cache handling, File Transfer Protocol (FTP) caching, FTP proxy handling, web caching for ports other than 80, and Real Audio, video, and telephony applications.

To accommodate the various types of services available, WCCPv2 introduced the concept of multiple service groups. Service information is specified in the WCCP configuration commands using dynamic services identification numbers (such as 98) or a predefined service keyword (such as web-cache). This information is used to validate that service group members are all using or providing the same service.

The content engines in a service group specify traffic to be redirected by protocol (TCP or UDP) and up to eight source or destination ports. Each service group has a priority status assigned to it. The priority of a dynamic service is assigned by the content engine. The priority value is in the range of 0 to 255 where 0 is the lowest priority. The predefined web-cache service has an assigned priority of 240.

WCCPv2 Support for Multiple Routers

WCCPv2 allows multiple routers to be attached to a cluster of cache engines. The use of multiple routers in a service group allows for redundancy, interface aggregation, and distribution of the redirection load. WCCPv2 supports up to 32 routers per service group. Each service group is established and maintained independently.

WCCPv2 MD5 Security

WCCPv2 provides optional authentication that enables you to control which routers and content engines become part of the service group using passwords and the Hashed Message Authentication Code--Message Digest (HMAC MD5) standard. Shared-secret MD5 one-time authentication (set using the ip wccp [password [0 | 7] password] global configuration command) enables messages to be protected against interception, inspection, and replay.

WCCPv2 Web Cache Packet Return

If a content engine is unable to provide a requested object it has cached due to error or overload, the content engine will return the request to the router for onward transmission to the originally specified destination server. WCCPv2 provides a check on packets that determines which requests have been returned from the content engine unserviced. Using this information, the router can then forward the request to the originally targeted server (rather than attempting to resend the request to the content engine cluster). This process provides error handling transparency to clients.

Typical reasons why a content engine would reject packets and initiate the packet return feature include the following:

  • Instances when the content engine is overloaded and has no room to service the packets
  • Instances when the content engine is filtering for certain conditions that make caching packets counterproductive (for example, when IP authentication has been turned on)

WCCPv2 Load Distribution

WCCPv2 can be used to adjust the load being offered to individual content engines to provide an effective use of the available resources while helping to ensure high quality of service (QoS) to the clients. WCCPv2 allows the designated content engine to adjust the load on a particular content engine and balance the load across the content engines in a cluster. WCCPv2 uses three techniques to perform load distribution:

  • Hot spot handling--Allows an individual hash bucket to be distributed across all the content engines. Prior to WCCPv2, information from one hash bucket could go to only one content engine.
  • Load balancing--Allows the set of hash buckets assigned to a content engine to be adjusted so that the load can be shifted from an overwhelmed content engine to other members that have available capacity.
  • Load shedding--Enables the router to selectively redirect the load to avoid exceeding the capacity of a content engine.

The use of these hashing parameters prevents one content engine from being overloaded and reduces the potential for bottlenecking.

WCCP Troubleshooting Tips

CPU usage may be very high when WCCP is enabled. The WCCP counters enable a determination of the bypass traffic directly on the router and can indicate whether the cause is high CPU usage due to enablement of WCCP. In some situations, 10 percent bypass traffic may be normal; in other situations, 10 percent may be high. However, any figure above 25 percent should prompt a closer investigation of what is occurring in the web cache.

If the counters suggest that the level of bypass traffic is high, the next step is to examine the bypass counters in the content engine and determine why the content engine is choosing to bypass the traffic. You can log in to the content engine console and use the CLI to investigate further. The counters allow you to determine the percent of traffic being bypassed.

How to Configure WCCP Version 2

Configuring WCCP

Perform this task to configure WCCP.

Until you configure a WCCP service using the ip wccp{web-cache | service-number} global configuration command, WCCP is disabled on the router. The first use of a form of the ip wccp command enables WCCP. By default WCCPv2 is used for services, but you can use WCCPv1 functionality instead.

Use the ip wccp web-cache password command to set a password for a router and the content engines in a service group. MD5 password security requires that each router and content engine that wants to join a service group be configured with the service group password. The password must be up to eight characters in length. Each content engine or router in the service group will authenticate the security component in a received WCCP packet immediately after validating the WCCP message header. Packets failing authentication will be discarded.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ip wccp [vrf vrf-name] {web-cache | service-number} [group-address multicast-address] [redirect-list access-list] [group-list access-list] [password password [0 | 7] ]

4.    interface type number

5.    ip wccp [vrf vrf-name] {web-cache | service-number} redirect {in | out}

6.    exit

7.    interface type number

8.    ip wccp redirect exclude in


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Device# configure terminal

 

Enters global configuration mode.

 
Step 3
ip wccp [vrf vrf-name] {web-cache | service-number} [group-address multicast-address] [redirect-list access-list] [group-list access-list] [password password [0 | 7] ]


Example:

Device(config)# ip wccp web-cache password password1

 

Specifies a web-cache or dynamic service to enable on the router, specifies a VRF-name to associate with the service group, specifies the IP multicast address used by the service group, specifies any access lists to use, specifies whether to use MD5 authentication, and enables the WCCP service.

 
Step 4
interface type number


Example:

Device(config)# interface ethernet0/0

 

Targets an interface number for which the web cache service will run, and enters interface configuration mode.

 
Step 5
ip wccp [vrf vrf-name] {web-cache | service-number} redirect {in | out}


Example:

Device(config-if)# ip wccp web-cache redirect in

 

Enables packet redirection on an outbound or inbound interface using WCCP.

  • As indicated by the out and in keyword options, redirection can be specified for outbound interfaces or inbound interfaces.
 
Step 6
exit


Example:

Device(config-if)# exit

 

Exits interface configuration mode.

 
Step 7
interface type number


Example:

Device(config)# interface GigabitEthernet 0/2/0

 

Targets an interface number on which to exclude traffic for redirection, and enters interface configuration mode.

 
Step 8
ip wccp redirect exclude in


Example:

Device(config-if)# ip wccp redirect exclude in

 

(Optional) Excludes traffic on the specified interface from redirection.

 

Verifying and Monitoring WCCP Configuration Settings

SUMMARY STEPS

1.    enable

2.    show ip wccp [vrf vrf-name] [web-cache |service-number] [detail view]

3.    show ip interface

4.    more system:running-config


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Device> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
show ip wccp [vrf vrf-name] [web-cache |service-number] [detail view]


Example:

Device# show ip wccp 24 detail

 

Displays global information related to WCCP, including the protocol version running, the number of content engines in the router service group, which content engine group is allowed to connect to the router, and which access list is being used.

  • vrf vrf-name--(Optional) Virtual routing and forwarding (VRF) instance associated with a service group.
  • service-number--(Optional) Dynamic number of the web-cache service group being controlled by the content engine. The range is from 0 to 99. For web caches that use Cisco Content Engines, the reverse proxy service is indicated by a value of 99.
  • web-cache--(Optional) statistics for the web-cache service.
  • detail--(Optional) other members of a particular service group or web cache that have or have not been detected.
  • view--(Optional) information about a router or all web caches.
 
Step 3
show ip interface


Example:

Device# show ip interface

 

Displays status about whether any ip wccp redirection commands are configured on an interface; for example, "Web Cache Redirect is enabled / disabled."

 
Step 4
more system:running-config


Example:

Device# more system:running-config

 

(Optional) Displays contents of the running configuration file (equivalent to the show running-config command).

 

Configuration Examples for WCCP Version 2

Example: Changing the Version of WCCP on a Router

The following example shows how to change the WCCP version from the default of WCCPv2 to WCCPv1, and enabling the web-cache service in WCCPv1:

Router# show ip wccp 

% WCCP version 2 is not enabled
Router# configure terminal
 
Router(config)# ip wccp version 1
 
Router(config)# end 
Router# show ip wccp 

% WCCP version 1 is not enabled
Router# configure terminal
 
Router(config)# ip wccp web-cache 
Router(config)# end 
Router# show ip wccp 

Global WCCP information:
    Router information:
        Router Identifier:                   10.4.9.8
        Protocol Version:                    1.0
.
.
.

Example: Configuring a General WCCPv2 Session

Device# configure terminal
Device(config)# ip wccp web-cache group-address 224.1.1.100 password password1 
Device(config)# ip wccp source-interface GigabitEthernet 0/1/0
Device(config)# ip wccp check services all 
 Configures a check of all WCCP services.
Device(config)# interface GigabitEthernet 0/1/0 
Device(config-if)# ip wccp web-cache redirect in
Device(config-if)# exit
Device(config)# interface GigabitEthernet 0/2/0
Device(config-if)# ip wccp redirect exclude in
Device(config-if)# exit

Example: Setting a Password for a Router and Content Engines

Router# configure terminal
Router(config)# ip wccp web-cache password password1

Example: Verifying WCCP Settings

The following example shows how to verify your configuration changes by using the more system:running-config command in privileged EXEC mode. The following example shows that both the web cache service and dynamic service 99 are enabled on the device:

Device# more system:running-config

	Building configuration...
	Current configuration: 
	! 
	version 12.0 
	service timestamps debug uptime 
	service timestamps log uptime 
	no service password-encryption 
	service udp-small-servers 
	service tcp-small-servers 
	! 
	hostname router4 
	! 
	enable secret 5 $1$nSVy$faliJsVQXVPW.KuCxZNTh1 
	enable password password1
	! 
	ip subnet-zero 
	ip wccp web-cache 
	ip wccp 99 
	ip domain-name cisco.com 
	ip name-server 10.1.1.1
	ip name-server 10.1.1.2
	ip name-server 10.1.1.3
	! 
	! 
	! 
	interface GigabitEthernet0/1/1 
	ip address 10.3.1.2 255.255.255.0 
	no ip directed-broadcast 
	ip wccp web-cache redirect in 
	ip wccp 99 redirect in 
	no ip route-cache 
	no ip mroute-cache 
	! 
	interface GigabitEthernet0/1/0 
	ip address 10.4.1.1 255.255.255.0 
	no ip directed-broadcast 
	ip wccp 99 redirect in 
	no ip route-cache 
	no ip mroute-cache 
	! 
	interface Serial0 
	no ip address 
	no ip directed-broadcast 
	no ip route-cache 
	no ip mroute-cache 
	shutdown 
	! 
	interface Serial1 
	no ip address 
	no ip directed-broadcast 
	no ip route-cache 
	no ip mroute-cache 
	shutdown 
	! 
	ip default-gateway 10.3.1.1 
	ip classless 
	ip route 0.0.0.0 0.0.0.0 10.3.1.1 
	no ip http server 
	! 
	! 
	! 
	line con 0 
	transport input none 
	line aux 0 
	transport input all 
	line vty 0 4 
	password password1
	login 
	! 
	end

The following example shows how to display global statistics related to WCCP:

Device# show ip wccp web-cache detail

WCCP Client information:
WCCP Client ID:      10.1.1.2
Protocol Version:    2.0
State:               Usable
Redirection:         L2
Packet Return:       L2
Packets Redirected:  0
Connect Time:        00:20:34
Assignment:          MASK
Mask  SrcAddr    DstAddr    SrcPort DstPort
----  -------    -------    ------- -------
0000: 0x00000000 0x00001741 0x0000  0x0000
Value SrcAddr    DstAddr   SrcPort DstPort CE-IP
----- -------    -------   ------- ------- -----
0000: 0x00000000 0x00000000 0x0000 0x0000 0x3C010102 (10.1.1.2)
0001: 0x00000000 0x00000001 0x0000 0x0000 0x3C010102 (10.1.1.2)
0002: 0x00000000 0x00000040 0x0000 0x0000 0x3C010102 (10.1.1.2)
0003: 0x00000000 0x00000041 0x0000 0x0000 0x3C010102 (10.1.1.2)
0004: 0x00000000 0x00000100 0x0000 0x0000 0x3C010102 (10.1.1.2)
0005: 0x00000000 0x00000101 0x0000 0x0000 0x3C010102 (10.1.1.2)
0006: 0x00000000 0x00000140 0x0000 0x0000 0x3C010102 (10.1.1.2)

For more information about the show ip wccp web-cache command, see the Cisco IOS IP Application Services Command Reference.

Additional References

Related Documents

Related Topic Document Title

IPv6 addressing and connectivity

IPv6 Configuration Guide

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

IPv6 commands

Cisco IOS IPv6 Command Reference

Cisco IOS IPv6 features

Cisco IOS IPv6 Feature Mapping

Classifying Network Traffic

"Classifying Network Traffic" module

Standards and RFCs

Standard/RFC Title

RFCs for IPv6

IPv6 RFCs

MIBs

MIB

MIBs Link

No new or modified MIBs are supported, and support for existing MIBs has not been modified.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

Technical Assistance

Description Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Command List, All Releases

IP addressing services configuration tasks

IP Addressing Services Configuration Guide

IP application services configuration tasks

IP Application Services Configuration Guide

IP application services commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples

Cisco IOS IP Application Services Command Reference

IP accounting

Cisco IOS XE Flexible NetFlow Configuration Guide

Standards

Standard

Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

--

RFCs

RFC

Title

RFC 791

Internet Protocol

RFC 792

Internet Control Message Protocol

RFC 1191

Path MTU Discovery

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for WCCP Version 2

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1 Feature Information for WCCP Version 2

Feature Name

Releases

Feature Information

WCCP Version 2

Cisco IOS XE Release 2.2

Cisco IOS XE Release 3.3SG

Cisco IOS XE Release 3.2SE

The WCCP Version 2 feature provides several enhancements and features to the WCCP protocol, including:

  • The ability of multiple routers to service a content engine cluster.
  • Redirection of traffic other than HTTP (TCP port 80 traffic), including a variety of UDP and TCP traffic.
  • Optional authentication that enables you to control which routers and content engines become part of the service group using passwords and the HMAC MD5 standard.
  • A check on packets that determines which requests have been returned from the content engine unserviced.
  • Load adjustments for individual content engines to provide an effective use of the available resources while helping to ensure high quality of service (QoS) to the clients.

The following commands were introduced or modified by this feature: clear ip wccp, ip wccp, ip wccp group-listen, ip wccp redirect, ip wccp redirect exclude in, ip wccp version, show ip wccp.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2013 Cisco Systems, Inc. All rights reserved.