|
|
The Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing technology which allows you to integrate cache engines (such as the Cisco Cache Engine 550) into your network infrastructure. Cisco IOS Release 12.1 allows the use of either Version 1 (WCCPv1) or Version 2 (WCCPv2) of the Web Cache Communication Protocol. This chapter explains how to configure your router to redirect traffic to cache engines (web-caches), how to manage cache engine clusters (cache farms), and outlines the benefits of using WCCPv2.
For a complete description of the WCCP configuration commands in this chapter, including a list of commands that have changed since IOS Release 12.0, refer to the "WCCP Commands" chapter in the "Cisco IOS System Management Commands" part of the Release 12.1 Cisco IOS Configuration Fundamentals Command Reference. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.
The tasks in this chapter assume you have already configured Cache Engines on your network. For specific information on hardware and network planning associated with Cisco Cache Engines and WCCP, see the Product Literature and Documentation links available on the CCO Web Scaling site at: http://www.cisco.com/go/cache.
The Cisco IOS Web Cache Communication Protocol feature allows utilization of Cisco Cache Engines (or other caches running WCCP) to localize web traffic patterns in the network, enabling content requests to be fulfilled locally. Traffic localization reduces transmission costs and download time.
WCCP enables Cisco IOS routing platforms to transparently redirect content requests. The main benefit of transparent redirection is that users do not have to configure their browsers to use a web proxy. Instead, they can use the target URL to request content, and the have their requests automatically redirected to a cache engine. The word "transparent" is this case means that the end user does not know that a requested file (such as a web page) came from the cache engine instead of from the originally specified server.
When a cache engine receives a request, it attempts to service it from its own local cache. If the requested information is not present, the cache engine issues its own request to the originally targeted server to get the required information. When the cache engine retrieves the requested information, it forwards it to the requesting client and caches it to fulfill future requests, thus maximizing download performance and significantly reducing transmission costs.
WCCP enables a series of cache engines, called a cache engine cluster, to provide content to a router or multiple routers. Network administrators can easily scale their cache engines to handle heavy traffic loads through these clustering capabilities. Cisco clustering technology enables each cache member to work in parallel, resulting in linear scalability. Clustering cache engines greatly improves the scalability, redundancy, and availability of your caching solution. You can cluster up to 32 cache engines to scale to your desired capacity.
With WCCP-Version 1, only a single router services a cluster. In this scenario, this router is the device that performs all the IP packet redirection. Figure 31 illustrates how this configuration appears.
Content is not duplicated on the cache engines. The benefit of using multiple caches is that one can scale a caching solution by clustering multiple physical caches to appear as one logical cache.
The following sequence of events details how WCCPv1 configuration works:
1. Each cache engine is configured by the system administrator with the IP address of the control router. Up to 32 cache engines can connect to a single control router.
2. The cache engines transmit their IP addresses to the control router using WCCP, indicating their presence. Routers and cache engines communicate to each other via a control channel; this channel is based on UDP port 2048.
3. This information is used by the control router to create a cluster view (a list of caches in the cluster). This view is transmitted to each cache in the cluster, essentially making all the cache engines aware of each other. A stable view is established after the membership of the cluster remains the same for a certain amount of time.
4. Once a stable view has been established, one cache engine is elected as the lead cache engine. (The lead is defined as the cache engine seen by all the cache engines in the cluster with the lowest IP address). This lead cache engine uses WCCP to indicate to the control router how IP packet redirection should be performed. Specifically, the lead cache engine designates how redirected traffic should be distributed across the cache engines in the cluster.
Using WCCPv2, multiple routers can service a cache cluster. This is in contrast to WCCPv1, in which only one router could redirect content requests to a cluster. Figure 32 illustrates a sample configuration using multiple routers.
The subset of cache engines within a cluster and routers connected to the cluster that are running the same service is known as a service group. Available services include TCP and UDP redirection.
Using WCCPv1, the cache engines were configured with the address of the single router. WCCPv2 requires that each cache engine must be aware of all the routers in the service group. To specify the addresses of all the routers in a service group, you must choose one of the following methods:
The multicast option is easier to configure because you only have to specify a single address on each cache engine. This option also allows you to add and remove routers from a service group dynamically, without having to reconfigure the cache engines with a different list of addresses each time.
The following sequence of events details how WCCPv2 configuration works:
1. Each cache engine is configured with a list of routers.
2. Each cache engine announces its presence and a list of all routers with which it has established communications. The routers reply with their view (list) of cache engines in the group.
3. Once the view is consistent across all cache engines in the cluster, one cache engine is designated as the lead and sets the policy that the routers need to deploy in redirecting packets.
The sections which follow explain how to configure WCCPv2 on routers so they may participate in a service group.
WCCPv2 provides the following new features:
WCCPv2 allows redirection of traffic other than HTTP (TCP port 80 traffic), including a variety of UDP and TCP traffic. WCCPv1 supported the redirection of HTTP (TCP port 80) traffic only. WCCPv2 supports the redirection of packets intended for other ports, including those used for proxy-web cache handling, FTP caching, FTP proxy handling, web caching for ports other than 80, and Real Audio, video, and telephony applications.
To accomodate the various types of services available, WCCPv2 introduces the concept of multiple service groups. Service information is specified in the WCCP configuration commands, using dynamic services identification numbers, or a predifined service keywords (web-cache). This information is used to validate that service group members are all using or providing the same service.
The cache engines in service group specify traffic to be redirected by protocol (TCP or UDP) and port (source or destination). Each service group has a priority. Packets are matched against service groups in priority order.
WCCPv2 allows multiple routers to be attached to a cluster of cache engines. The use of multiple routers in a service group allows for redundancy, interface aggregation and distribution of the redirection load.
WCCPv2 provides optional authentication that enables you to control which routers and cache engines become part of the service group using passwords and the HMAC MD5 standard. Shared-secret MD5 one-time authentication (set using the ip wccp [password [0-7] password] command) enables messages to be protected against interception, inspection, and replay.
If a cache engine is unable to provide a requested object it has cached due to error or overload, the cache engine will return the request to the router for onwards transmission to the originally specified destination server. Cisco routers use WCCPv2 to filter packets to determine which request packets have been returned from the cache engine unserviced. Using this information, the router can then forward the request to the originally targeted server (rather than attempting to resend the request to the cache cluster). This provides error handling transparency to clients.
Typical reasons why a cache engine would reject packets and initiate the packet return feature include:
WCCPv2 has the capability to adjust the load being offered to individual cache engines to provide more effective use of the resources available and at the same time help to ensure high quality of service to the clients. WCCPv2 allows the designated cache to adjust the load on a particular cache, and balance the load across the caches in a cluster. WCCPv2 uses three techniques to perform load distribution:
The use of these hashing parameters prevents one cache from being overloaded and reduces the potential for bottlenecking.
The following limitations apply to WCCP v2:
The following configuration tasks assume you have already installed and configured the cache engines you wish to include in your network. You must configure the cache engines in the cluster before configuring WCCP functionality on your router(s). See the Cisco Cache Engine User Guide for cache engine configuration and setup tasks.
IP must be configured on the router interface connected to the cache engines and on the router interface connected to the internet. Note that Cisco Cache Engines require use of a Fast Ethernet interface for a direct connection. Examples of router configuration tasks follow this section. For complete descriptions of the command syntax, see the Release 12.1 Cisco IOS Configuration Fundamentals Command Reference.
Perform the tasks found in the following sections to configure WCCP on a router:
| Command | Purpose |
|---|---|
ip wccp version {1 | 2} | Specifies which version of WCCP you wish to configure on a router. WCCPv2 is the default running version. |
WCCPv1 does not use the WCCP commands from earlier Cisco IOS versions. Instead, use the WCCP commands documented in this chapter. If a function is not allowed in WCCPv1, an error prompt will be printed to the screen. For example, if WCCPv1 is running on the router and you try to configure a dynamic service, the following message will be displayed: "WCCP V1 only supports the web-cache service." The show ip wccp command will display the WCCP protocol version number that is currently running on your router.
In addition to the web-cache service, there can be up to seven dynamic services running concurently in a service group.
 |
Note More than one service can run on a router at the same time, and routers and cache devices can be part of multiple service groups at the same time. |
The dynamic services are defined by the cache engines; the cache instructs the router what protocol and/or ports to intercept, and how to distribute the traffic. The router itself does not have information on the characteristics of the dynamic service group's traffic, as this information is provided by the first web cache to join the group. In a dynamic service, up to 8 ports can be specified within a single protocol.
Cisco Cache Engines, for example, use dynamic service 99 to specify a Reverse-Proxy service. However, other cache devices may use this service number for some other service. The configuration information below deals with enabling general services on Cisco routers. Please see the appropriate documentation for information on configuring services on cache devices.
To enable a service on a router, use the following commands, starting in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step 1 | Router(config)# ip wccp {web-cache |
service-number} [group-address groupaddress]
[redirect-list access-list] [group-list access-list]
[password password]
| Specifies a web-cache or dynamic service to enable on the router, specifies the IP multicast address used by the service group, specifies any access lists to use, specifies whether to use MD5 authentication, and enables the WCCP service. |
Step 2 | Router(config)# interface interface-number | Specifies an interface to configure and enters interface configuration mode. |
Step 3 | Router(config-if)# ip wccp {web-cache |
service-number} redirect out
| Enables WCCP redirection on the specified interface. |
Using the specific forms of the above commands, you can configure a web-cache service as follows:
| Command | Purpose | |
|---|---|---|
Step 1 | Router(config)# ip wccp web-cache | Enables the web-cache service on the router. |
Step 2 | Router(config)# interface interface-number | Targets an interface number for which the web cache service will run, and enters interface configuration mode. |
Step 3 | Router(config-if)# ip wccp web-cache redirect out | Enables the check on packets to determine if they qualify to be redirected to a web cache, using the interface specified in Step 2. |
To exclude any interface from redirecting inbound traffic, use the following commands, starting in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step 1 | Router(config)# interface interface-number | Specifies an interface to configure and enters interface configuration mode. |
Step 2 | Router(config-if)# ip wccp redirect exclude in | Allows inbound packets on this interface to be excluded from redirection. |
If you decide to use the multicast address option for your service group, you must configure the router to listen for the multicast broadcasts on an interface using the following commands:
| Command | Purpose | |
|---|---|---|
Step 1 | Router(config)# ip wccp {web-cache | service-number}
group-address groupaddress
| Specifies the multicast address for the service group. |
Step 2 | Router(config)# interface interface-number | Specifies the interface to be configured for multicast reception. |
Step 3 | Router(config-if)# ip wccp {web-cache |
service-number} group-listen
| Enables the reception of IP multicast packets (content originating from the cache engines) on the interface specified in Step 2. |
For network configurations where redirected traffic needs to traverse an intervening router, the router being traversed must be configured to perform IP multicast routing. You must configure two components to enable traversal over an intervening router:
To configure the router to use an access list to determine which traffic should be directed to which cache engines, use the following commands, starting in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step 1 | Router(config)# access-list access-list permit ip host host-address | Creates an access list that enables or disables traffic redirection to the cache engine. |
Step 2 | Router(config)# ip wccp web-cache group-list access-list | Indicates to the router which IP addresses of cache engines to accept packets from. |
To disable caching for certain clients, use the following commands, starting in global configuration mode:
| Command | Purpose | |
|---|---|---|
Step 1 | Router(config)# access-list access-list permit ip host host-address | Creates an access list that enables or disables traffic redirection to the cache engine. |
Step 2 | Router(config)# ip wccp web-cache redirect-list access-list | Sets the access list used to enable redirection |
MD5 password security requires that each router and cache engine wishing to join a service group be configured with the service group password. The password can consist of up to seven characters. Each cache engine or router in the service group will authenticate the security component in a received WCCP packet immediately after validating the WCCP message header. Packets failing authentication will be discarded.
To configure an MD5 password for use by the router in WCCP communications, use the following command in global configuration mode:
| Command | Purpose |
|---|---|
Router(config)# ip wccp web-cache password password | Sets an MD5 password on the router. |
Use the following commands to verify and monitor the configuration settings for WCCP:
| Command | Purpose |
|---|---|
show ip wccp [web-cache | service-number] | Displays global information related to WCCP, including the protocol version currently running, the number of cache engines in the routers service group, which cache engine group is allowed to connect to the router, and which access list is being used. |
show ip wccp {web-cache | service-number} detail
| Queries the router for information on which cache engines of a specific service group the router has detected. The information can be displayed for either the web cache service or the specified dynamic service. |
show ip interface | Displays status about whether any ip wccp redirection commands are configured on an interface. For example, "Web Cache Redirect is enabled / disabled." |
show ip wccp {web-cache | service-number} view
| Displays which devices in a particular service group have been detected and which cache engines are having trouble becoming visible to all other routers to which the current router is connected. The keyword view indicates a list of addresses of the service group. The information can be displayed for either the web cache service or the specified dynamic service. For further troubleshooting information, use the show ip wccp {web-cache | service number} service command. |
This section provides the following configuration examples:
The following example shows the process of changing the WCCP version from the default of WCCPv2 to WCCPv1, starting in privileged EXEC mode:
router# show ip wccp % WCCP version 2 is not enabled router# configure terminal router(config)#ip wccp version 1 router(config)#end router# show ip wccp % WCCP version 1 is not enabled
The following example shows a general WCCP v2 configuration session:
router# configure terminal router(config)# ip wccp web-cache group-address 224.1.1.100 password alaska1 router(config)# interface ethernet0 router(config-if)# ip wccp web-cache redirect out
The following example shows a web cache service configuration session:
router# configure terminal router(config)# ip wccp web-cache router(config)# interface ethernet 0 router(config-if)# ip wccp web-cache redirect out
The following example assumes you a configuring a service group using Cisco Cache Engines, which use dynamic service 99 to run a reverse proxy service:
router# configure terminal router(config)# ip wccp 99 router(config)# interface ethernet 0 router(config-if)# ip wccp 99 redirect out
The following example shows how to register a router to a multicast address of 224.1.1.100:
router# configure terminal router(config)# ip wccp web-cache group-address 224.1.1.100 router(config)# interface ethernet 0 router(config-if)# ip wccp web cache group-listen
To achieve better security, you can notify the router which IP addresses are valid addresses for a cache engine attempting to register with the current router, using a standard access list. The following example shows a standard access list configuration session where the access list number is 10 for some sample hosts:
router# configure terminal router(config)# access-list 10 permit host 11.1.1.1 router(config)# access-list 10 permit host 11.1.1.2 router(config)# access-list 10 permit host 11.1.1.3 router(config)# ip wccp web-cache group-list 10
To disable caching for certain clients, servers, or client/server pairs, you can use WCCP access lists. The following example shows any requests coming from 10.1.1.1 to 12.1.1.1 will bypass the cache, while all other requests will be serviced normally:
router# configure terminal router(config)# ip wccp web-cache redirect-list 120 router(config)# access-list 120 deny tcp host 10.1.1.1 router(config)# access-list 120 deny tcp any host 12.1.1.1 router(config)# access-list 120 permit ip any any
The following example shows a WCCP v2 password configuration session where the password is alaska1:
router# configure terminal router(config)# ip wccp web-cache password alaska1
To verify your configuration changes, use the more system:running-config command. The following example shows that the both the Web-Cache Service and dynamic service 99 is enabled on the router:
router# more system:running-config Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname router4 ! enable secret 5 $1$nSVy$faliJsVQXVPW.KuCxZNTh1 enable password alabama1 ! ip subnet-zero ip wccp web-cache ip wccp 99 ip domain-name cisco.com ip name-server 10.1.1.1 ip name-server 10.1.1.2 ip name-server 10.1.1.3 ! ! ! interface Ethernet0 ip address 10.3.1.2 255.255.255.0 no ip directed-broadcast ip wccp web-cache redirect out ip wccp 99 redirect out no ip route-cache no ip mroute-cache ! interface Ethernet1 ip address 10.4.1.1 255.255.255.0 no ip directed-broadcast ip wccp 99 redirect out no ip route-cache no ip mroute-cache ! interface Serial0 no ip address no ip directed-broadcast no ip route-cache no ip mroute-cache shutdown ! interface Serial1 no ip address no ip directed-broadcast no ip route-cache no ip mroute-cache shutdown ! ip default-gateway 10.3.1.1 ip classless ip route 0.0.0.0 0.0.0.0 10.3.1.1 no ip http server ! ! ! line con 0 transport input none line aux 0 transport input all line vty 0 4 password alaska1 login ! end
Posted: Fri Aug 18 09:13:11 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.