|
|
This feature module describes the Web Cache Communication Protocol (WCCP) Enhancements feature and includes information on the benefits of the new feature, supported platforms, configuration tasks and a command reference.
This document includes the following sections:
WCCP enhancements add support for WCCP Version 2 for Cisco IOS Release 12.0 (11)S. With the WCCP feature you can use Cisco Cache engines or third-party cache engines to handle web traffic, reducing transmission costs and download time. This traffic includes user requests to view pages and graphics on World Wide Web servers, whether internal or external to your network, and the replies to those requests. When a user requests a page from a web server (located in the Internet), the router sends the request to a cache engine. If the cache engine has a copy of the requested page in storage, the cache engine sends the user that page. Otherwise, the cache engine retrieves the requested page and the objects on that page from the web server, stores a copy of the page and its objects, and forwards the page and objects to the user.
WCCP transparently redirects a variety of traffic types, specified by protocol (TCP or UDP) and port. Cisco Cache Engine supports only redirection of HTTP (TCP port 80) traffic requests from the intended server to a cache engine. End users do not know that the page came from the cache engine rather than from the originally requested web server.
WCCP Version 2 for Cisco IOS 12.0 S now contains the following new features:
WCCP Version 2 currently supports Cisco Express Forwarding (CEF), Fast, and Process forwarding paths. CEF is advanced Layer 3 IP switching technology. CEF optimizes network performance and scalability for networks with large and dynamic traffic patterns, such as the Internet, on networks characterized by intensive Web-based applications, or interactive sessions. Distributed CEF (dCEF) is one of two modes of CEF operation that enables line cards to perform the express forwarding between port adapters.
The addition of support for distributed CEF (dCEF) improves performance and scalability by reducing processor load on the router. With dCEF packet classification and redirection takes place on the linecards.
WCCP Version 2 was previously an output feature only, with packets classified by WCCP after a routing table lookup. CEF output features impose an overhead on packets arriving at all interfaces. You can now mark an interface for input redirection via the CLI. Also, you can now configure WCCP as an input feature to CEF, dCEF, Fast, and Process forwarding paths. When configured as an input feature WCCP classifies packets before the routing table reducing overhead time.
Using the netflow acceleration feature you can enable WCCP to attach to netflow flows corresponding to packets which are being redirected by WCCP. Previously, WCCP needed to classify each packet transiting an interface.With netflow enabled, the first packet in a flow triggers the creation of a netflow flow. The WCCP feature is queried to see if it wishes to attach to the flow. When WCCP attaches to the flow subsequent packets, which match the flow, are netflow-switched in the CEF or dCEF switching path.
WCCP supports flow acceleration only when configured as an input feature. WCCP does not attempt flow acceleration when it is configured as an output feature on an interface.
WCCP Version 2 can now classify packets by Border Gateway Protocol (BGP) attributes associated with the source or destination IP address of a packet. You can set a WCCP tag on one or more routes based on the route BGP attributes. WCCP tags are set using a route map. You can configure a WCCP service with a source or destination tag.
After you set a WCCP tag on a route or routes, you can configure a WCCP service with the same tag. WCCP then only redirects packets coming from or going to the tagged routes.When WCCP classifies a packet it matches the packet against a service description. If the packet matches the service description WCCP performs tag matching. If the tag is a source tag, the FIB entry matching the source address of the packet is retrieved and the WCCP tag is examined. If the WCCP tag is a destination tag, the FIB entry matching the packet destination IP address is retrieved. When the FIB tag does not match the WCCP service tag, the packet is not matched against the service.
At redirection time, when a packet has been matched against a service, WCCP performs a policy check. If a policy has been set on the service, WCCP inspects the Forwarding Information Base (FIB) entry associated with the source or destination address of the packet. If the FIB WCCP tag does not match the service tag the next service will be inspected. Both service and policy matches must occur before WCCP redirects packets to a service.
The WCCP Version 2 provides the following benefits:
Standards
No new or modified standards are supported by this feature.
MIBs
No new or modified MIBs are supported by this feature.
For descriptions of supported MIBs and how to use MIBs, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
RFCs
No new or modified RFCs are supported by this feature.
Before you use WCCP Version 2, you must complete the following tasks:
See the following sections for configuration tasks for the WCCP v2 Enhancements feature. Each task in the list indicates if the task is optional or required.
You can configure a router to run the Web cache and reverse proxy services associated with WCCP Version 2. Each service may be configured simultaneously. Perform the following tasks to configure a cluster with multiple routers.
| Command | Purpose | |
|---|---|---|
Step 1 |
| Turns the feature on for the specified service. |
Step 2 |
| Specifies redirection of incoming or outgoing packets. |
| Command | Purpose | |
|---|---|---|
Step 1 | | Turns the protocol on for web caching. |
Step 2 |
| Targets an interface number for which a web cache service will run. |
Step 3 | | Enables the check on packets to determine if they qualify to be redirected to a web cache. |
| Command | Purpose | |
|---|---|---|
Step 1 | | Turns the feature on or off for the reverse proxy service. The value for reverse proxy is 99. |
Step 2 | | Targets an interface on which the reverse proxy service will run. |
Step 3 | | Specifies "out" for the reverse proxy service. |
| Command | Purpose | |
|---|---|---|
Step 1 | Router(config)# ip wccp web-cache group-address groupaddress | Configures the address of the group address for the service group. |
Step 2 | Router(config)# interface interface-number | Configures an interface to listen for the multicast address. |
Step 3 | Router(config-if)# ip wccp web-cache group-listen | Configures an interface on a router to enable or disable the reception of IP multicast packets for WCCP. |
| Command | Purpose | |
|---|---|---|
Step 1 | | Indicates to the router which IP addresses of cache engines to accept packets from. |
Step 2 |
| Creates an access list that enables or disables traffic redirection to the cache engine. |
| Command | Purpose |
|---|---|---|
Step 1 |
| Sets a password for the cache engine the router is trying to access. |
| Command | Purpose | |
|---|---|---|
Step 1 | | Sets the access list used to enable redirection. |
Step 2 |
| Creates an access list that enables or disables traffic redirection to the cache engine. |
Router# show running-config Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname router4 ! enable secret 5 $1$nSVy$faliJsVQXVPW.KuCxZNTh1 enable password alabama1 ! ip subnet-zero ip wccp web-cache ip wccp 99 ip domain-name cisco.com ip name-server 10.1.1.1 ip name-server 10.1.1.2 ip name-server 10.1.1.3 ! ! ! interface Ethernet0 ip address 10.3.1.2 255.255.255.0 no ip directed-broadcast ip wccp web-cache redirect out ip wccp 99 redirect out no ip route-cache no ip mroute-cache ! interface Ethernet1 ip address 10.4.1.1 255.255.255.0 no ip directed-broadcast ip wccp 99 redirect out no ip route-cache no ip mroute-cache ! interface Serial0 no ip address no ip directed-broadcast no ip route-cache no ip mroute-cache shutdown ! interface Serial1 no ip address no ip directed-broadcast no ip route-cache no ip mroute-cache shutdown ! ip default-gateway 10.3.1.1 ip classless ip route 0.0.0.0 0.0.0.0 10.3.1.1 no ip http server ! ! ! line con 0 transport input none line aux 0 transport input all line vty 0 4 password alaska1 login ! end
Step 2 To view values associated with WCCP variables, enter the show ip wccp command. The following output is displayed:
Router# show ip wccp
Global WCCP information:
Router information:
Router Identifier: 16.4.2.1
Protocol Version: 2.0
Service Identifier: web-cache
Number of Cache Engines: 0
Number of routers: 0
Total Packets Redirected: 0
Total Packets Fast Redirected: 0
Total Packets CEF Redirected: 0
Total Packets DCEF Redirected: 0
Redirect access-list: -none-
Packets Denied Redirect (ACL): 0
Packets Denied Redirect (Policy): 0
Total Packets Unassigned: 0
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
Policy Tag: 0
Policy Type: none
| Command | Purpose |
|---|---|
Router# show ip wccp or
Router# show ip wccp {web-cache | service-number}
| Displays global statistics related to WCCP. |
| Queries the router for information about which cache engines of a specific service group the router has detected. The information can be displayed for either a web cache or the reverse proxy service, which is indicated by a value between 1 and 99. |
| Displays status about whether any ip wccp direct commands are configured on an interface. |
| Displays which devices in a particular service group have been detected and which cache engines are having trouble being detected by all other routers to which the current router is connected. The information can be displayed for either a web cache or the reverse proxy service, which is indicated by a value between 1 and 99. |
This section provides the following configuration examples:
The following example shows the process of changing the WCCP version from the default of WCCP Version 1 to WCCP Version 2:
show ip wccp % WCCP version 2 is not enabled configure terminal ip wccp version 2 end show ip wccp % WCCP version 1 is not enabled
The following example shows a general WCCP Version 2 configuration session. WCCP only accepts a
1 to 7 character password.
ip wccp web-cache group-address 224.1.1.100 password alabama interface ethernet0 ip wccp web-cache redirect out
The following example shows a web cache service configuration session:
configure terminal ip wccp web-cache interface ethernet 0 ip wccp web-cache redirect out
The following example shows a reverse proxy service configuration session:
configure terminal ip wccp 99 interface ethernet 0 ip wccp 99 redirect out
The following example shows how to register a router to a multicast address of 224.1.1.100:
configure terminal ip wccp web-cache group-address 224.1.1.100 interface ethernet 0 ip wccp web cache group-listen
To achieve better security, you can notify the router which IP addresses are valid addresses for a cache engine attempting to register with the current router by using a standard access list. The following example, shows a standard access list configuration session in which the access list number is 10 for some sample hosts:
access-list 10 permit host 11.1.1.1 access-list 10 permit host 11.1.1.2 access-list 10 permit host 11.1.1.3 ip wccp web-cache group-list 10
The following example shows a WCCP Version 2 password configuration session in which the password is alabama2:
configure terminal ip wccp web-cache password alabama2
To disable caching for certain clients, servers, or client/server pairs, you can use WCCP access lists. The following example shows any requests coming from 10.1.1.1 to 12.1.1.1 will bypass the cache. while all other requests will be serviced normally:
configure terminal ip wccp web-cache redirect-list 120 access-list 120 deny tcp host 10.1.1.1 access-list 120 deny tcp any host 12.1.1.1 access-list 120 permit ip any any
The following example displays WCCP settings, using the show running-config command:
Router# show running-config Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname router4 ! enable secret 5 $1$nSVy$faliJsVQXVPW.KuCxZNTh1 enable password alabama1 ! ip subnet-zero ip wccp web-cache ip wccp 99 ip domain-name cisco.com ip name-server 10.1.1.1 ip name-server 10.1.1.2 ip name-server 10.1.1.3 ! ! ! interface Ethernet0 ip address 10.3.1.2 255.255.255.0 no ip directed-broadcast ip wccp web-cache redirect out ip wccp 99 redirect out no ip route-cache no ip mroute-cache ! interface Ethernet1 ip address 10.4.1.1 255.255.255.0 no ip directed-broadcast ip wccp 99 redirect out no ip route-cache no ip mroute-cache ! interface Serial0 no ip address no ip directed-broadcast no ip route-cache no ip mroute-cache shutdown ! interface Serial1 no ip address no ip directed-broadcast no ip route-cache no ip mroute-cache shutdown ! ip default-gateway 10.3.1.1 ip classless ip route 0.0.0.0 0.0.0.0 10.3.1.1 no ip http server ! ! ! line con 0 transport input none line aux 0 transport input all line vty 0 4 password alaska1 login ! end
This section documents new or modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.1 command reference publications.
To direct a router to enable or disable the support for a cache engine service group, use the ip wccp global configuration command. To remove the ability of a router to control support for a service group, use the no form of this command.
ip wccp {web-cache | service-number} [group-address groupaddress] [redirect-list access-list] [group-list access-list] [password password] [policy {source | destination} tag]
Syntax Description
web-cache Enables the web cache service. service-number Enables the specified WCCP service. Services are identified using a number from 0 to 99. If a Cisco Cache Engines is used in your service group, the reverse-proxy service is indicated by a value of 99. group-address (Optional) Directs the router to use a specified multicast IP address for communication with the WCCP service group. groupaddress Requires a multicast address used by the router to determine which cache engine should receive redirected messages. redirect-list (Optional) Directs the router to use an access list to control the clients to which this redirection applies. group-list (Optional) Directs the router to use an access list to determine which cache engines are allowed to participate in the group. access-list Identifies the previously configured access-list to be used. password (Optional) A string that directs the router to add md5 authentication to messages received from the service group specified by the service name given. Messages that are not accepted by the authentication are discarded. The password can be up to seven characters in length. password Identifies the password name that will be combined with the HMAC MD5 authentication algorithm value to create security for the connection between the router and the cache engine. policy (Optional) Enables a WCCP tag to be set on a route via a route map. source Configures WCCP to retrieve the FIB entry matching source IP address of a packet. destination Configures WCCP to retrieve the FIB entry matching the destination IP address of a packet. tag A number in the range 1-99.
Defaults
WCCP services are not enabled on the router.
Command Modes
Global configuration
Command History
12.0(3)T This command was introduced. 12.0(11)S The [policy {source | destination} tag] configuration option was introduced.
Release
Modification
Usage Guidelines
This configuration command instructs a router to enable or disable the support for the service group specified by the service-name given. A service-name may be either one of the provided standard keyword definitions or a number representing a cache engine dynamically defined definition. Once the service is enabled, the router can participate in the establishment of a service group.
Currently the only provided keyword definition to be used as a service name is web-cache. This keyword is used to describe the existing WCCP Version 1 functionality.
When the ip wccp global configuration command is issued, it instructs the router to allocate space and enable support of the specified WCCP service for participation in a service group.
When the no ip wccp global configuration command is issued, it instructs the router to terminate participation in the service group, deallocate space if none of the interfaces still have the service configured, and terminate the WCCP task if no other services are configured.
 |
Note The ip wccp command has replaced the ip wccp enable, ip wccp redirect-list, and ip wccp group-list commands from WCCP Version 1. |
The keywords following the service-name are optional and may be specified in any order, but only may be specified once. The following sections outline the specific usage of each of the optional forms of this command:
ip wccp {web-cache | service-number} group-address groupaddress
This option instructs the router to use the specified multicast IP address to coalesce the I See You responses for the Here I Am messages that it has received on this group-address. The response is sent to the group-address as well. The default is for no group-address to be configured, in which case all Here I Am messages are responded to with a unicast reply.
ip wccp {web-cache | service-number} redirect-list access-list
This option instructs the router to use an access list to control the traffic that is redirected to the cache engines of the service group specified by the service-name given. The access-list parameter specifies either a number from 1 to 99 to represent a standard or extended access list number, or a name to represent a named standard or extended access list. The access list itself specifies what traffic is permitted to be redirected. The default is for no redirect-list to be configured (all traffic is redirected).
WCCP requires that the following protocols and ports are not filtered by any access-lists:
ip wccp {web-cache | service-number} group-list access-list
This option instructs the router to use an access list to control the cache engines that can participate in the specified service group. The access-list parameter specifies either a number from 1 to 99 to represent a standard access list number, or a name to represent a named standard access list. The access list itself specifies which cache engines are permitted to participate in the service group. The default is for no group-list to be configured, in which case all cache engines may participate in the service group.
|
Note Note The ip wccp {web-cache | service-number} group-list command syntax resembles the ip wccp {web-cache | service-number} group-listen command, but these are entirely different commands. Please note that the ip wccp group-listen command is an interface configuration command, used to configure an interface to listen for multicast notifications from a cache cluster. |
ip wccp {web-cache | service-number} password password
This option instructs the router to use MD5 authentication on the messages received from the service group specified by the service-name given. Use this form of the command to set the password on the router. You must also configure the same password separately on each cache engine. The password can be up to a maximum of seven characters. Messages that do not authenticate when authentication is enabled on the router are discarded. The default is for no authentication password to be configured and authentication to be disabled.
ip wccp {web-cache | service-number} policy {source | destination} tag
This option enables a WCCP to classify packets by some attribute of their source or destination IP addresses. You can configure a WCCP tag to be set on a route using a route map. The source keyword configures WCCP to retrieve the FIB entry matching a packet source IP address. The destination keyword configures WCCP to retrieve the FIB entry matching a packet destination IP address.
Examples
The following example shows a router configured to run WCCP reverse proxy service, using the multicast address of 224.1.1.1:
Router# configure terminal Router(config)# ip wccp 99 group-address 224.1.1.1 Router(config)# interface ethernet 0 Router(config-if)# ip wccp web-cache group-list
The following example configures a router to redirect web-related packets without a destination of 192.168.196.51 to the Cache Engine:
Router# configure terminal Router(config)# access-list 100 deny ip any host 192.168.196.51 Router(config)# access-list 100 permit ip any any Router(config)# ip wccp redirect-list 100 Router(config)# interface Ethernet 0 Router(config-if)# ip web-cache redirect-list Router(config-if)# end Router# %SYS-5-CONFIG_I: Configured from console by console.
Related Commands
set ip wccp tag tag Configures a tag against which to a packet source or destination address. show ip wccp Displays global statistics related to the WCCP feature.
Command
Description
To enable packet redirection on an outbound or inbound interface using WCCP, use the ip wccp redirect {out | in} interface configuration command. To disable the ability of a router to verify that appropriate packets are being redirected, use the no form of this command.
ip wccp {web-cache | service-number} redirect {out | in}
Syntax Description
web-cache Enables the web cache service. service-number The identification number of the cache engine service group being controlled by a router. The number can be from 0 to 99. If a Cisco Cache Engines is used in the cache cluster, the reverse proxy service is indicated by a value of 99. redirect Enables packet redirection on an outbound or inbound interface. out Specifies packet redirection on an outbound interface. in Specifies packet redirection on an inbound interface.
Defaults
Redirection checking on the interface is disabled.
Command Modes
Interface configuration
Command History
12.0(3) T This command was introduced. 12.0(11)S The in keyword was added.
Release
Modification
Examples
The following example shows that reverse proxy packets on Ethernet interface 0 are being checked for redirection and redirected to a Cisco Cache Engine, beginning in global configuration mode:
Router# configure terminal Router(config)# ip wccp 99 Router(config)# interface ethernet 0 Router(config-if)# ip wccp 99 redirect out
Related Commands
ip wccp redirect exclude in Enables redirection exclusion on an interface.
Command
Description
To tag a route with a WCCP tag, use the set ip wccp tag tag route-map configuration command.
set ip wccp tag tag
Syntax Description
tag A number in the range of 1 to 99.
Defaults
Routes are not configured with a WCCP tag.
Command Modes
Route-map configuration
Command History
12.0(11)S This command was introduced.
Release
Modification
Examples
The following example tags a route with the WCCP 50 tag:
ip cef distributed
!
ip wccp version 2
ip wccp web-cache password <pass> policy source 50
# enable WCCP standard web-cache
# service, apply policy "source"-
# match on WCCP route-tag 50
!
interface <xyz>
ip wccp web-cache redirect in
!
ip bgp-community new-format
ip community-list 3 permit 4433:1050
ip community-list 3 permit 4433:1055
!
ip as-path access-list 121 permit ^65521$
ip as-path access-list 121 permit ^65522
!
route-map neighbor-xyz-in permit 10
match as-path 121
set ip wccp 50
!
route-map neighbor-xyz-in permit 15
match community 3
set ip wccp 50
Related Commands
ip wccp {web-cache | service-number} policy {source | destination} tag Enables a WCCP to classify packets by some attribute of their source or destination IP addresses.
Command
Description
cache engine---A device that stores objects being downloaded from the Web for future use by the host.
Cisco Express Forwarding (CEF)---A scalable, distributed, Layer 3 switching solution designed to meet performance requirements of the Internet and enterprise networks. CEF can also refer to central CEF mode, one of the two modes of CEF operation that enables a route processor to perform express forwarding.
distributed CEF (dCEF)---One of two modes of CEF operation that enables line cards to perform the express forwarding between port adapters.
FIB---Forwarding information base
line card---A general term for an interface processor that can be used in a line of Cisco products. For example, a VIP is a line card for the Cisco 7500 series router.
netflow---A feature of some routers which allows them to categorize incoming packets into flows. As packets in a flow can often be treated in the same way, this classification can be used to bypass some of the work of the router and accelerate its switching operation.
service group---A subset of cache engines within a cluster of routers and routers that are connected to the cluster that are running the same service.
WCCP---Web Cache Communication Protocol---a protocol for communication between routers and Web caches. Two versions currently exist: WCCP Version 1 and WCCP Version 2. The two versions are incompatible. Cisco IOS images may support either of the two versions or both.
Posted: Fri Jun 16 15:27:00 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.