|
|
|
|
|
|
|
|
iPrism has long supported the WCCPv1 protocol (Web Cache Communication Protocol), providing all the advantages of Transparent-Mode (i.e. no client configuration) while only requiring HTTP traffic to pass through iPrism, reducing the overall traffic load. In addition, WCCP provides fault tolerance by automatic detection and re-routing to eliminate network downtime in the event that iPrism is turned off, disconnected, or a system failure occurs.
Note: using WCCP routers to redirect web traffic to iPrism is often thought of as a form of "policy based routing," which is a general term for explicitly re-directing traffic in some advantageous way.
With HF 2-440 installed, "limited" support for WCCPv2 protocol is provided. The primary purpose of adding WCCPv2 support is to provide integration with newer routers that support WCCPv2, but not WCCPv1. WCCPv2 support is "limited" in the sense that additional features unique to WCCPv2 protocol are not implemented or supported. However, all WCCPv1 features are supported to provide the necessary compatibility.
For Clarity, WCCPv2 features that are supported with HF 2-440 installed include:
Support for the default “web-cache” service group (Redirection of only HTTP (TCP Port 80) traffic)
Support for GRE (Generic Routing Encapsulation) based forwarding methods
Support for the “Hash” assignment method.
Support for excluding traffic for a specific router interface
Support for WCCP access lists (to deny or permit hosts/servers for redirection)
For clarity, WCCPv2 features that are not supported include:
… being attached to more than one router
… redirection of non-HTTP traffic
… negotiatiation of Forwarding Methods (default is GRE "Generic Routing Encapulation" method only)
… negotiatiation of Assignment Methods (default is "hash assignment" method only)
… negotiatiation of Packet Return Methods (default is GRE return method only)
… MD5 security
The configuration is straightforward and involves deploying iPrism with WCCPv1 or WCCPv2 support:
WCCPv2 is supported with HotFix 2-440.
WCCPv1 is supported by all iPrism versions since 3.2.
When the client workstation generates traffic outbound to web servers on the Internet, the router detects that it is HTTP traffic (TCP port 80) and redirects that traffic to iPrism. iPrism then makes the request to the server on behalf of the client, and responds directly to the client. However, from a client perspective the response appears to come directly from the originating server, so the client does not know it is communicating with iPrism.
iPrism can be placed on either side of the router, but it is recommended that iPrism and the users be on the same side of a Firewall/NAT device. This scenario above outlines the simplest approach where iPrism, the Router, and the Client all reside on the same network. Keep in mind your network addresses will likely differ.
The WCCP router must be identified to iPrism before enabling WCCP services on the router. Launch Appliance Manager. Go to System Configuration > System > Networking. Enter the IP address of your WCCPv1 or WCCPv2 router (192.168.1.1 in the example above).
Important: Please do NOT specify the HSRP standby IP address or the Secondary IP address of the router or Layer 3 switch as the WCCP router in the iPrism configuration. Only the Primary IP address of the router's interface connecting to the iPrism should be used as the WCCP router address. If the WCCP router is on a VLAN that has an IP, that can be specified as well. Make sure to save the configuration on exit.
You must have a router that supports WCCPv1 or WCCPv2. This would include routers supporting the following Cisco IOS (Internetworking Operating System) versions:
11.1(19)CA/CC or later
11.2(14)P or later
12.0(anything) or later
Also note that certain routers (especially small office routers) may not support WCCP or may require additional memory.
The following three examples (refer to your IOS documentation for details on how to configure your specific equipment) illustrate enabling WCCP re-direction of Port 80 Web traffic (web-cache argument).
IOS Version 11
enable
conf t
wccp enable
interface [Interface carrying outgoing traffic]
ip wccp web-cache redirect
CTRL Z
write mem
IOS Version 12
enable
conf t
ip wccp version 1
ip wccp web-cache
interface [Interface Carrying Outgoing/Incoming Traffic]x/x
ip wccp web-cache redirect out|in
CTRL Z
write mem
In some versions of IOS 12.x, the following commands may apply:
conf t
ip wccp enable
interface [Interface carrying outgoing/incoming traffic]
ip web-cache redirect
CTRL Z
write mem
WCCP Enablement Tips:
Configure WCCP Redirection on the “outbound most” router interface
You may use WCCP "Access Lists" for control of packet redirection on the router
You may use WCCP "Load Balancing" for multiple iPrisms
Once you have configured iPrism and the WCCP router, do the following:
Generate web traffic and use iPrism Reporting/RTM to detect that WCCP re-directs are working.
You should also be able to unplug the network interface from iPrism and see that within 15 or 20 seconds traffic is redirected unfiltered to the Internet. When you plug iPrism back into the network, within 15 to 20 seconds you should see that traffic is once again filtered.
From a Cisco console or Telnet session, you may view the current WCCP version, statistics, and whether iPrism has registered itself as a Cache Engine.
show ip wccp
show ip wccp web-cache view (Shows the
viewable web-caches and if they are usable)
show ip wccp web-cache detail (Shows
the details of each web-cache)
To view WCCP heartbeat messages between iPrism and the Cisco router, you may issue the following commands when connected to Cisco over a Telnet session:
term mon
debug ip wccp packets
debug ip wccp events
