WCCP

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 5

The Web Cache Communication Protocol (WCCP) was initially designed as a component of IOS

whose purpose was to intercept HTTP traffic traversing a router and redirect that traffic to a local
cache with the aim of reducing access times to web sites and conserving wide area
bandwidth. Typically the packets are redirected from their destination web server on the Internet to a
content engine that is local to the client. In some WCCP deployment scenarios, redirection of traffic
may also be required from the web server to the client. WCCP enables you to integrate content
engines into your network infrastructure. With the introduction of WCCPv2 the scope of the protocol
widened to include traffic types other than HTTP allowing the protocol to be used as a more general
interception mechanism. In WCCPv2 clients specify the nature of the traffic to be intercepted and
forwarded to external devices which are then in a position to provide services, based upon the traffic
type, such as WAN optimisation and application acceleration.
Cisco IOS Release 12.1 and later releases allow the use of either WCCP Version 1 (WCCPv1) or
Version 2 (WCCPv2).

WCCP VRF Support


The WCCP VRF Support feature enhances the existing WCCPv2 protocol by implementing support
for virtual routing and forwarding (VRF).
The WCCP VRF Support feature allows service groups to be configured on a per VRF basis in
addition to those defined globally.
Along with the service identifier, the VRF of WCCP protocol packets arriving at the router is used to
associate cache-engines with a configured service group.
The interface on which redirection is applied, the interface which is connected to cache engine, and
the interface on which the packet would have left if it had not been redirected must be in the same
VRF.
In Cisco IOS Release 12.2(33)SRE, this feature is supported only on Cisco 7200 NPE-G2 and Cisco
7304-NPE-G100 routers.

Configuring WCCP
Until you configure a WCCP service using the ip wccp {web-cache | service-number} global
configuration command, WCCP is disabled on the router. The first use of a form of
the ip wccp command enables WCCP. By default WCCPv2 is used for services, but you can use
WCCPv1 functionality instead. To change the running version of WCCP from Version 2 to Version
1, or to return to WCCPv2 after an initial change, use the ip wccpversion command in global
configuration mode.
If a function is not allowed in WCCPv1, an error prompt will be printed to the screen. For example, if
WCCPv1 is running on the router and you try to configure a dynamic service, the following message
will be displayed: "WCCP V1 only supports the web-cache service." The show ip wccp EXEC
command will display the WCCP protocol version number that is currently running on your router.

Using the ip wccp web-cache password command, you can set a password for a router and the
content engines in a service group. MD5 password security requires that each router and content
engine that wants to join a service group be configured with the service group password. The
password can consist of up to eight characters. Each content engine or router in the service group
will authenticate the security component in a received WCCP packet immediately after validating
the WCCP message header. Packets failing authentication will be discarded.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip wccp version {1 | 2}
4. ip wccp [vrf vrf-name] {web-cache | service-number} [group-address group-address] [redirectlist access-list] [group-list access-list] [password password [0| 7]]
5. interface type number
6. ip wccp [vrf vrf-name] {web-cache | service-number} redirect {out | in}
7. exit
8. interface type number
9. ip wccp redirect exclude in

Tunnel Interfaces
In IOS versions where WCCP is VRF aware, such as 15.0M and 15.1T, the use of GRE redirection
will result in some new tunnel interfaces appearing. On the ASR platform these tunnel interfaces are
also present from IOS XE release 2.5 onwards (although VRF support within WCCP on the ASR
platform is not present until IOS XE release 3.1).
Examples of the new tunnel interfaces are shown below:
Router#show ip wccp summary
WCCP version 2 enabled, 3 services
Service
Clients Routers Assign
Redirect Bypass
------------- ------- ------------- -----Default routing table (Router Id: 30.1.1.80):
web-cache 1
1
HASH
GRE
GRE
61
1
1
HASH
GRE
GRE
62
1
1
HASH
GRE
GRE
Router#show ip interface brief | include Tun

Tunnel0
Tunnel1
Tunnel2
Tunnel3
Router#

172.16.0.1
172.16.0.1
172.16.0.1
172.16.0.1

YES
YES
YES
YES

unset
unset
unset
unset

up
up
up
up

up
up
up
up

The tunnels are created automatically to process outgoing GRE encapsulated traffic for WCCP.
They appear when a cache engine connects and requests GRE redirection. They're not created
directly by WCCP, but indirectly via a tunnel API. WCCP has no direct knowledge of these tunnel
interfaces, but knows enough to cause packets to be redirected to them. This results in the
appropriate encapsulation being applied, after which the packet is then sent to the cache engine.
Note that these interfaces are not used in connection with incoming WCCP GRE return packets.
There is one tunnel created per service group that is using GRE redirection, plus one additional
tunnel to provide an IP address to allow the other tunnel group interfaces to be unnumbered but still
enabled for IPv4. Some information about the tunnels is shown with the command show tunnel
groups wccp, although this is unlikely to be useful to the end-user other than to confirm the
connection between the tunnels and WCCP.
Router#show tunnel groups wccp
WCCP : service group 0 in "Default", ver v2, assgnmnt: hash-table
intf: Tunnel0, locally sourced
WCCP : service group 317 in "Default", ver v2, assgnmnt: hash-table
intf: Tunnel3, locally sourced
WCCP : service group 318 in "Default", ver v2, assgnmnt: hash-table
intf: Tunnel2, locally sourced
Router#show tunnel interface t0
Tunnel0
Mode:multi-GRE/IP, Destination UNKNOWN, Source 30.1.1.80
Application ID 2: WCCP : service group 0 in "Default", ver v2, assgnmnt: hash-table
Linestate - current up
Internal linestate - current up, evaluated up
Router#show tunnel interface t1
Tunnel1
Mode:multi-GRE/IP, Destination UNKNOWN, Source 172.16.0.1
Application ID 2: unspecified
Linestate - current up
Internal linestate - current up, evaluated up
Router#show tunnel interface t2
Tunnel2
Mode:multi-GRE/IP, Destination UNKNOWN, Source 30.1.1.80
Application ID 2: WCCP : service group 318 in "Default", ver v2, assgnmnt: hash-table
Linestate - current up

Internal linestate - current up, evaluated up


Router#show tunnel interface t3
Tunnel3
Mode:multi-GRE/IP, Destination UNKNOWN, Source 30.1.1.80
Application ID 2: WCCP : service group 317 in "Default", ver v2, assgnmnt: hash-table
Linestate - current up
Internal linestate - current up, evaluated up
Router#

Note that service group number shown above is the internal tunnel representation of the WCCP
service group number. Group 0 is the web-cache service, but for dynamic services subtract 256 to
convert to the WCCP service group number. For interfaces used for redirection, the source address
shown is the WCCP router ID.
Information relating to the connected cache engines and encapsulation, including software packet
counters, can be seen with the command "show adjacency <tunnel-interface> ...":
Router#show adjacency t0
Protocol Interface
Address
IP
Tunnel0
30.1.1.82(3)
Router#show adjacency t0 encapsulation
Protocol Interface
Address
IP
Tunnel0
30.1.1.82(3)
Encap length 28
4500000000000000FF2F7D2B1E010150
1E0101520000883E00000000
Provider: TUNNEL
Protocol header count in macstring: 3
HDR 0: ipv4
dst: static, 30.1.1.82
src: static, 30.1.1.80
prot: static, 47
ttl: static, 255
df: static, cleared
per packet fields: tos ident tl chksm
HDR 1: gre
prot: static, 0x883E
per packet fields: none
HDR 2: wccpv2
dyn: static, cleared
sgID: static, 0
per packet fields: alt altB priB
Router#show adjacency t0 detail

Protocol Interface
IP
Tunnel0

Address
30.1.1.82(3)
connectionid 1
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 1
Encap length 28
4500000000000000FF2F7D2B1E010150
1E0101520000883E00000000
Tun endpt
Next chain element:
IP adj out of Ethernet0/0, addr 30.1.1.82
Router#show adjacency t0 internal
Protocol Interface
Address
IP
Tunnel0
30.1.1.82(3)
connectionid 1
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 1
Encap length 28
4500000000000000FF2F7D2B1E010150
1E0101520000883E00000000
Tun endpt
Next chain element:
IP adj out of Ethernet0/0, addr 30.1.1.82
parent oce 0x4BC76A8
frame originated locally (Null0)
L3 mtu 17856
Flags (0x2808C4)
Fixup enabled (0x40000000)
GRE WCCP redirection
HWIDB/IDB pointers 0x55A13E0/0x35F5A80
IP redirect disabled
Switching vector: IPv4 midchain adj oce
IP Tunnel stack to 30.1.1.82 in Default (0x0)
nh tracking enabled: 30.1.1.82/32
IP adj out of Ethernet0/0, addr 30.1.1.82
Adjacency pointer 0x4BC74D8
Next-hop 30.1.1.82
Router#

You might also like