Table Of Contents
Layer 2 Forwarding, Redirection and Return
Support for Services Other Than HTTP
Using Access Lists for a WCCP Service Group
Verifying and Monitoring WCCP Configuration Settings
Configuration Examples for WCCP
Configuring a General WCCPv2 Session: Example
Setting a Password for a Router and Content Engines: Example
Configuring a Web Cache Service: Example
Verifying WCCP Settings: Examples
Configuring WCCP
First Published: August 21, 2007Last Updated: March 2, 2009The Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing technology that intercepts IP packets and redirects those packets to a destination other than that specified in the IP packet. Typically the packets are redirected from their destination web server on the Internet to a content engine that is local to the client. In some WCCP deployment scenarios, redirection of traffic may also be required from the web server to the client. WCCP enables you to integrate content engines into your network infrastructure.
Cisco IOS XE Release 2.2 supports only WCCPv2.
The tasks in this document assume that you have already configured content engines on your network. For specific information on hardware and network planning associated with Cisco Content Engines and WCCP, see the Cisco Content Engines documentation at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/webscale/content/index.htm
Note
Cisco Systems replaced the Cache Engine 500 series platforms with content engine platforms in July 2001. Cache engine products were the Cache Engine 505, 550, 570, and 550-DS3. Content engine products are the Content Engine 507, 560, 590, and 7320.
Finding Feature Information
For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for WCCP" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS XE software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Prerequisites for WCCP
•
•
Restrictions for WCCP
•
•
•
•
•
•
•
•
•
Configure a loopback address and assign an IP address to it so that it is used as the routerID. It is unlikely that such a loopback IP address will get removed, but when removed, the source IP address of the GRE packet from the router to the cache engine will carry the removed IP address. Enter the shutdown command, followed by the no shutdown command on the cache engine interface that has the GRE redirect method configured to stop the interface from using the removed IP address.•
The following limitation applies to WCCP Layer 2 Forwarding and Return:
•
Information About WCCP
To configure WCCP, you should understand the following concepts:
•
Understanding WCCP
WCCP uses Cisco Content Engines (or other content engines running WCCP) to localize web traffic patterns in the network, enabling content requests to be fulfilled locally. Traffic localization reduces transmission costs and download time.
WCCP enables Cisco IOS XE routing platforms to transparently redirect content requests. The main benefit of transparent redirection is that users need not configure their browsers to use a web proxy. Instead, they can use the target URL to request content, and have their requests automatically redirected to a content engine. The word "transparent" in this case means that the end user does not know that a requested file (such as a web page) came from the content engine instead of from the originally specified server.
When a content engine receives a request, it attempts to service it from its own local cache. If the requested information is not present, the content engine issues its own request to the originally targeted server to get the required information. When the content engine retrieves the requested information, it forwards it to the requesting client and caches it to fulfill future requests, thus maximizing download performance and substantially reducing transmission costs.
WCCP enables a series of content engines, called a content engine cluster, to provide content to a router or multiple routers. Network administrators can easily scale their content engines to handle heavy traffic loads through these clustering capabilities. Cisco clustering technology enables each cluster member to work in parallel, resulting in linear scalability. Clustering content engines greatly improves the scalability, redundancy, and availability of your caching solution. You can cluster up to 32 content engines to scale to your desired capacity.
Layer 2 Forwarding, Redirection and Return
WCCP uses either Generic Routing Encapsulation (GRE) or Layer 2 (L2) to redirect or return IP traffic. When WCCP forwards traffic via GRE, the redirected packets are encapsulated within a GRE header. The packets also have a WCCP redirect header. When WCCP forwards traffic using L2, the original MAC header of the IP packet is overwritten and replaced with the MAC header for the WCCP client.
Using L2 as a forwarding method allows direct forwarding to the content engine without further lookup. Layer 2 redirection requires that the router and content engines are directly connected, that is, on the same IP subnetwork.
When WCCP returns traffic via GRE, the returned packets are encapsulated within a GRE header. The destination IP address is the address of the router and the source address is the address of the WCCP client. When WCCP returns traffic via L2, the original IP packet is returned without any added header information. The router to which the packet is returned will recognize the source of the packet and prevent redirection.
The WCCP redirection method does not have to match the return method.
L2 forwarding, return, or redirection are typically used for hardware accelerated platforms. On Cisco ASR 1000, both the GRE and L2 forward/return methods use the hardware, so there is not any significant performance degradation between them.
For content engines running Application and Content Networking System (ACNS) software, use the wccp web-cache command with the l2-redirect keyword to configure L2 redirection. For content engines running Cisco Wide Area Application Services (WAAS) software, use the wccp tcp-promiscuous command with the l2-redirect keyword to configure L2 redirection.
For more information on Cisco ACNS commands used to configure Cisco Content Engines, see the Cisco ACNS Software Command Reference, Release 5.5, at the following URL:
http://www.cisco.com/en/US/docs/app_ntwk_services/waas/acns/v55/command/reference/55cref.html
For more information on WAAS commands used to configure Cisco Content Engines, see the Cisco Wide Area Application Services Command Reference (Software Versions 4.0.1 and 4.0.3) at the following URL:
http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v401_v403/command/reference/cmdref.html
WCCP Mask Assignment
The WCCP Mask Assignment feature enables mask assignment as the load-balancing method (instead of the default hash assignment method) for a WCCP service.
For content engines running Application and Content Networking System (ACNS) software, use the wccp web-cache command with the mask-assign keywords to configure mask assignment. For content engines running Cisco Wide Area Application Services (WAAS) software, use the wccp tcp-promiscuous command with the mask-assign keyword to configure mask assignment.
For more information on Cisco ACNS commands used to configure Cisco Content Engines, see the Cisco ACNS Software Command Reference, Release 5.5, at the following URL:
http://www.cisco.com/en/US/docs/app_ntwk_services/waas/acns/v55/command/reference/55cref.html
For more information on WAAS commands used to configure Cisco Content Engines, see the Cisco Wide Area Application Services Command Reference (Software Versions 4.0.1 and 4.0.3) at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/webscale/waas/waas40/cmdref/index.htm
Hardware Acceleration
WCCP implementation on the Cisco ASR 1000 series routers is hardware accelerated by default. You do not need to configure the ip wccp web-cache accelerated command on Cisco ASR 1000 series routers to enable hardware acceleration.
WCCPv2 Configuration
Multiple routers can use WCCPv2 to service a content engine cluster. Figure 1 illustrates a sample configuration using multiple routers.
Figure 1 Cisco Content Engine Network Configuration Using WCCPv2
The subset of content engines within a cluster and routers connected to the cluster that are running the same service is known as a service group. Available services include TCP and User Datagram Protocol (UDP) redirection.
WCCPv2 requires that each content engine be aware of all the routers in the service group. To specify the addresses of all the routers in a service group, you must choose the following method:
•
The following sequence of events details how WCCPv2 configuration works:
1.
2.
3.
Support for Services Other Than HTTP
WCCPv2 allows redirection of traffic other than HTTP (TCP port 80 traffic), including a variety of UDP and TCP traffic. WCCPv2 supports the redirection of packets intended for other ports, including those used for proxy-web cache handling, File Transfer Protocol (FTP) caching, FTP proxy handling, web caching for ports other than 80, and Real Audio, video, and telephony applications.
To accommodate the various types of services available, WCCPv2 introduces the concept of multiple service groups. Service information is specified in the WCCP configuration commands using dynamic services identification numbers (such as 98) or a predefined service keyword (such as web-cache). This information is used to validate that service group members are all using or providing the same service.
The content engines in a service group specify traffic to be redirected by protocol (TCP or UDP) and up to eight source or destination ports. Each service group has a priority status assigned to it. The priority of a dynamic service is assigned by the content engine. The priority value is in the range of 0 to 255 where 0 is the lowest priority. The predefined web-cache service has an assigned priority of 240.
Support for Multiple Routers
WCCPv2 allows multiple routers to be attached to a cluster of cache engines. The use of multiple routers in a service group allows for redundancy, interface aggregation, and distribution of the redirection load. WCCPv2 supports up to 32 routers per service group. Each service group is established and maintained independently.
MD5 Security
WCCPv2 provides optional authentication that enables you to control which routers and content engines become part of the service group using passwords and the HMAC MD5 standard. Shared-secret MD5 one-time authentication (set using the ip wccp [password [0-7] password] global configuration command) enables messages to be protected against interception, inspection, and replay.
Web Cache Packet Return
If a content engine is unable to provide a requested object it has cached due to error or overload, the content engine will return the request to the router for onward transmission to the originally specified destination server. WCCPv2 provides a check on packets that determines which requests have been returned from the content engine unserviced. Using this information, the router can then forward the request to the originally targeted server (rather than attempting to resend the request to the content engine cluster). This process provides error handling transparency to clients.
Typical reasons why a content engine would reject packets and initiate the packet return feature include the following:
•
•
WCCP Bypass Packets
WCCP intercepts IP packets and redirects those packets to a destination other than the destination that is specified in the IP header. Typically the packets are redirected from a web server on the Internet to a web cache that is local to the destination.
Occasionally a web cache decides that it cannot deal with the redirected packets appropriately and returns the packets unchanged to the originating router. These packets are called bypass packets and are returned to the originating router using either Layer 2 forwarding without encapsulation (L2) or encapsulated in generic routing encapsulation (GRE). The router decapsulates and forwards the packets normally.
GRE is a tunneling protocol developed by Cisco that encapsulates packet types from a variety of protocols inside IP tunnels, creating a virtual point-to-point link over an IP network.
WCCP Service Groups
WCCP is a component of Cisco IOS XE software that redirects traffic with defined characteristics from its original destination to an alternative destination. The typical application of WCCP is to redirect traffic bound for a remote web server to a local web cache to improve response time and optimize network resource usage.
The nature of the selected traffic for redirection is defined by service groups specified on content engines and communicated to routers by using WCCP. The current implementation of WCCP in Cisco IOS XE software allows for a maximum of 256 service groups.
WCCPv2 supports up to 32 routers per service group. Each service group is established and maintained independently.
WCCPv2 uses service groups based on logical redirection services, deployed for intercepting and redirecting traffic. The standard service is web cache, which intercepts TCP port 80 (HTTP) traffic and redirects that traffic to the content engines. This service is referred to as a well-known service, because the characteristics of the web cache service are known by both the router and content engines. A description of a well-known service is not required beyond a service identification. To specify the standard web cache service, use the ip wccp command with the web-cache keyword.
Note
Figure 2 WCCP Service Groups
The dynamic services are defined by the content engines; the content engine instructs the router which protocol or ports to intercept, and how to distribute the traffic. The router itself does not have information on the characteristics of the dynamic service group's traffic, because this information is provided by the first content engine to join the group. In a dynamic service, up to eight ports can be specified within a single protocol.
Cisco Content Engines, for example, use dynamic service 99 to specify a reverse-proxy service. However, other content engine devices may use this service number for some other service. The configuration information in this document deals with enabling general services on the Cisco ASR 1000 Series routers.
How to Configure WCCP
The following configuration tasks assume that you have already installed and configured the content engines you want to include in your network. You must configure the content engines in the cluster before configuring WCCP functionality on your routers or switches. Refer to the Cisco Cache Engine User Guide for content engine configuration and setup tasks.
Perform these tasks to configure WCCP on a router or switch:
•
•
•
Configuring WCCP
Perform this task to configure WCCP.
Until you configure a WCCP service using the ip wccp {web-cache | service-number} global configuration command, WCCP is disabled on the router. The first use of a form of the ip wccp command enables WCCP. By default WCCPv2 is used for services.
Using the ip wccp web-cache password command, you can set a password for a router and the content engines in a service group. MD5 password security requires that each router and content engine that wants to join a service group be configured with the service group password. The password can consist of up to eight characters. Each content engine or router in the service group will authenticate the security component in a received WCCP packet immediately after validating the WCCP message header. Packets failing authentication will be discarded.
Restrictions
WCCPv1 is not supported on the Cisco ASR 1000 Router.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Using Access Lists for a WCCP Service Group
Perform this task to configure the router to use an access list to determine which traffic should be directed to which content engines.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
DETAILED STEPS
What to Do Next
For more information about configuring and using IP access lists, see "IP Access List Features Roadmap" in the Cisco IOS Security Configuration Guide.
Verifying and Monitoring WCCP Configuration Settings
The show ip wccp command displays information about software-based (process, fast, and Cisco Express Forwarding [CEF]) forwarding of WCCP packets. The Cisco ASR 1000 series routers implement WCCP in hardware, rather than in the CEF or process-switching paths. This results in a packet count of 0 when the show ip wccp command is entered. To display global statistics related to WCCP in Cisco ASR 1000, use the show platform software wccp command.
Use the following commands in EXEC mode to verify and monitor the configuration settings for WCCP.
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPS
Troubleshooting Tips
If the counters suggest that the level of bypass traffic is high, the next step is to examine the bypass counters in the content engine and determine why the content engine is choosing to bypass the traffic. You can log in to the content engine console and use CLI to investigate further. The counters allow you to determine the percent of traffic being bypassed.
Configuration Examples for WCCP
This section provides the following configuration examples:
•
•
•
•
Configuring a General WCCPv2 Session: Example
The following example shows how to configure a general WCCPv2 session:
configure terminalip wccp web-cache password password1interface GigabitEthernet0/1/0ip wccp web-cache redirect inexitSetting a Password for a Router and Content Engines: Example
The following example shows how to configure a WCCPv2 password where the password is password1:
configure terminalip wccp web-cache password password1Configuring a Web Cache Service: Example
The following example shows how to configure a web cache service:
configure terminalip wccp web-cacheinterface GigabitEthernet0/1/0ip wccp web-cache redirect inexitcopy running-config startup-configThe following example shows how to configure a session in which redirection of HTTP traffic arriving on GigabitEthernet interface 0/1/0 is enabled:
configure terminalinterface GigabitEthernet0/1/0ip wccp web-cache redirect inexitshow ip interface GigabitEthernet0/1/0...WCCP Redirect inbound is enabledWCCP Redirect exclude is disabled...Using Access Lists: Example
To achieve better security, you can use a standard access list to notify the router which IP addresses are valid addresses for a content engine attempting to register with the current router. The following example shows a standard access list configuration session where the access list number is 10 for some sample hosts:
access-list 10 permit host 11.1.1.1access-list 10 permit host 11.1.1.2access-list 10 permit host 11.1.1.3ip wccp web-cache group-list 10To disable caching for certain clients, servers, or client/server pairs, you can use WCCP access lists. The following example shows that any requests coming from 10.1.1.1 to 12.1.1.1 will bypass the cache, and that all other requests will be serviced normally:
ip wccp web-cache redirect-list 120access-list 120 deny tcp host 10.1.1.1 anyaccess-list 120 deny tcp any host 12.1.1.1access-list 120 permit ip any anyThe following example configures a router to redirect web-related packets received via interface GigabitEthernet 0/1/0, destined to any host except 209.165.200.224:
access-list 100 deny ip any host 209.165.200.224access-list 100 permit ip any anyip wccp web-cache redirect-list 100interface GigabitEthernet0/1/0ip wccp web-cache redirect inVerifying WCCP Settings: Examples
The following example shows how to verify your configuration changes by using the more system:running-config command in privileged EXEC mode. The following example shows that both the web cache service and dynamic service 99 are enabled on the router:
Router# more system:running-configBuilding configuration...Current configuration:!version 12.0service timestamps debug uptimeservice timestamps log uptimeno service password-encryptionservice udp-small-serversservice tcp-small-servers!hostname router4!enable secret 5 $1$nSVy$faliJsVQXVPW.KuCxZNTh1enable password password1!ip subnet-zeroip wccp web-cacheip wccp 99ip domain-name cisco.comip name-server 10.1.1.1ip name-server 10.1.1.2ip name-server 10.1.1.3!!!interface GigabitEthernet0/1/0ip address 10.3.1.2 255.255.255.0no ip directed-broadcastip wccp web-cache redirect inip wccp 99 redirect inno ip route-cacheno ip mroute-cache!interface GigabitEthernet0/1/0ip address 10.4.1.1 255.255.255.0no ip directed-broadcastip wccp 99 redirect inno ip route-cacheno ip mroute-cache!interface Serial0no ip addressno ip directed-broadcastno ip route-cacheno ip mroute-cacheshutdown!interface Serial1no ip addressno ip directed-broadcastno ip route-cacheno ip mroute-cacheshutdown!ip default-gateway 10.3.1.1ip classlessip route 0.0.0.0 0.0.0.0 10.3.1.1no ip http server!!!line con 0transport input noneline aux 0transport input allline vty 0 4password alaska1login!endThe following example shows how to display global statistics related to WCCP:
Router# show ip wccp web-cache detailWCCP Client information:WCCP Client ID: 10.1.1.2Protocol Version: 2.0State: UsableRedirection: L2Packet Return: L2Packets Redirected: 0Connect Time: 00:20:34Assignment: MASKMask SrcAddr DstAddr SrcPort DstPort---- ------- ------- ------- -------0000: 0x00000000 0x00001741 0x0000 0x0000Value SrcAddr DstAddr SrcPort DstPort CE-IP----- ------- ------- ------- ------- -----0000: 0x00000000 0x00000000 0x0000 0x0000 0x3C010102 (10.1.1.2)0001: 0x00000000 0x00000001 0x0000 0x0000 0x3C010102 (10.1.1.2)0002: 0x00000000 0x00000040 0x0000 0x0000 0x3C010102 (10.1.1.2)0003: 0x00000000 0x00000041 0x0000 0x0000 0x3C010102 (10.1.1.2)0004: 0x00000000 0x00000100 0x0000 0x0000 0x3C010102 (10.1.1.2)0005: 0x00000000 0x00000101 0x0000 0x0000 0x3C010102 (10.1.1.2)0006: 0x00000000 0x00000140 0x0000 0x0000 0x3C010102 (10.1.1.2)0007: 0x00000000 0x00000141 0x0000 0x0000 0x3C010102 (60.1.1.2)0008: 0x00000000 0x00000200 0x0000 0x0000 0x3C010102 (60.1.1.2)0009: 0x00000000 0x00000201 0x0000 0x0000 0x3C010102 (60.1.1.2)0010: 0x00000000 0x00000240 0x0000 0x0000 0x3C010102 (60.1.1.2)0011: 0x00000000 0x00000241 0x0000 0x0000 0x3C010102 (60.1.1.2)0012: 0x00000000 0x00000300 0x0000 0x0000 0x3C010102 (60.1.1.2)0013: 0x00000000 0x00000301 0x0000 0x0000 0x3C010102 (60.1.1.2)For more information about the show ip wccp web-cache command, see the Cisco IOS IP Application Services Command Reference.
Additional References
The following sections provide references related to WCCP.
Related Documents
Cisco ACNS software configuration information
•
•
IP Access List overview, configuration tasks, and commands
•
IP addressing and services commands and configuration tasks
•
WCCP commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples
Standards
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
MIBs
RFCs
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
Technical Assistance
Feature Information for WCCP
Table 1 lists the features in this module and provides links to specific configuration information.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS XE software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note
Table 1 Feature Information for WCCP
WCCP Bypass Counters
Cisco IOS XE Release 2.2
The WCCP Bypass Counters feature allows you to display a count of packets that have been bypassed by a web cache and returned to the originating router to be forwarded normally.
The following sections provide information about this feature:
WCCP Layer 2 Redirection / Forwarding
Cisco IOS XE Release 2.2
The WCCP Layer 2 Redirection/Forwarding feature allows directly connected Cisco content engines to use Layer 2 redirection, which is more efficient than Layer 3 redirection via GRE encapsulation. You can configure a directly connected Cache Engine to negotiate use of the WCCP Layer 2 Redirection/Forwarding feature. The WCCP Layer 2 Redirection/Forwarding feature requires no configuration on the router or switch.
The following sections provide information about this feature:
•
•
There are no new or modified commands associated with this feature.
WCCP L2 Return
Cisco IOS XE Release 2.2
The following sections provide information about this feature:
•
There are no new or modified commands associated with this feature.
WCCP Mask Assignment
Cisco IOS XE Release 2.2
The WCCP Mask Assignment feature introduces support for ACNS/WAAS devices using mask assignment as a cache engine assignment method.
The following section provides information about this feature:
There are no new or modified commands associated with this feature.
WCCP Redirection on Inbound Interfaces
Cisco IOS XE Release 2.2
The WCCP Redirection on Inbound Interfaces feature enables interfaces to be configured for input redirection for a particular WCCP service. When this feature is enabled on an interface, all packets arriving at that interface are compared against the specified WCCP service. If the packets match, they will be redirected.
The following sections provide information about this feature:
•
The following commands were introduced or modified by this feature: ip wccp redirect-list
WCCP Version 2
Cisco IOS XE Release 2.2
The WCCP Version 2 feature provides several enhancements and features to the WCCP protocol, including:
•
•
•
•
•
The following sections provide information about this feature:
•
•
The following commands were introduced or modified by this feature: clear ip wccp, ip wccp, ip wccp group-listen, ip wccp redirect, ip wccp redirect exclude in, ip wccp version, show ip wccp
CCDE, CCSI, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0903R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2007-2009 Cisco Systems, Inc. All rights reserved.
