WCCP on ASA

WCCP on ASA

The flow of work for redirection has these steps:

1. The host uses the default gateway of the ASA in order to open the HTTP connection.
2. The ASA redirects the packet (encapsulated in GRE) to the CE.
3. The CE verifies or updates the cache for the requested site.
4. The CE replies directly to the host.
   • All outbound packets from the host are redirected from the ASA to the CE.
   • All inbound packets from the server to the host are directed from the CE to the host.

   

 

WCCP Redirection

WCCP V2 defines mechanisms that allow one or more routers enabled for transparent redirection to discover, verify, and advertise connectivity to one or more web caches. These are the steps in WCCP redirection:

1. The user enters a URL into a browser.
2. The URL is forwarded to Domain Name System (DNS) for address resolution.
3. The URL is resolved to the IP address of the web server.
4. The client initiates a connection to the server with a SYN request.
5. On the active router, the WCCP web cache service intercepts the HTTP request (TCP port 80) and redirects the request to caches based on the configured load distribution:
   • If there is a cache hit, the CE responds to the original GET with the requested content and uses the source IP address of the origin server in the response pack.
   • If the requested content is not already stored on the CE, there is a cache miss:
   1. The CE establishes a connection to the origin server, uses its own IP address as the source, and sends the HTTP GET.
   2. The server responds to CE with content.
   3. The CE writes a copy of the cacheable content to the disk.
   
   

   Configurations

    

    

   1.Configure an access-list containing all members of WCCP servers.

   ASA(config)#access-list wccp-servers permit ip host 192.168.6.10 any

    

   2. Create an access-list of the traffic that needs to be re-directed to WCCP

    ASA(config)#access-list wccp-traffic permit ip 192.168.6.0 255.255.255.0 any

    

   4. Enable WCCP redirection on the inside interface

   The standard service is web-cache, which intercepts TCP port 80 (HTTP) traffic and redirects that traffic to the cache engines
   
   
   ASA(config)#wccp interface inside web-cache redirect in
   
   

   5. Enabling WCCP to redirect native FTP traffic to a cache engine, using service 60

   Verify with the WCCP provider regarding service IDs that they support. You can identify a service number between 0 and 254.
   
   
   ASA(config)#wccp interface inside service 60 redirect in
   
   
   
   
   
   

   Show commands and debugs:

   show wccp web-cache
   show wccp interface
   debug wccp event
   debug wccp packets
   
   
    

    

    

    

    

 

WCCPv1 Vs WCCPv2

WCCPv1 Vs WCCPv2

WCCPv1	WCCPv2
·         Only a single router services a cluster of systems	·         Multi-Router Support ·         Up to 32  WCCP servers/client
·         No multicast -use UDP port 2048	·         Multicast Support -send traffic to  224.0.0.100
·         Supports HTTP (TCP port 80) traffic flows only ·	·         Support for redirection of non-HTTP traffic
·         No  Web cache Packet return	·         Web cache Packet return
·         No authentication	·         MD5 authentication support

WCCPv1

·         Provides generic routing encapsulation (GRE) to prevent packet modification

·         Routers and cache engines communicate to each other via a control channel based on UDP port 2048

WCCPv2

·         Allows for use across up to 32 routers (WCCP servers)

·         Supports up to 32 engines/accelerators (WCCP clients)

·         Supports any IP protocol including any TCP or UDP

·         Supports up to 255 service groups (0-254)

·         Adds MD5 shared secret security

·         Load distributions like load balancing and load shedding

With the introduction of WCCPv2 the scope of the protocol widened to include traffic types other than HTTP allowing the protocol to be used as a more general interception mechanism.

In WCCPv2 clients specify the nature of the traffic to be intercepted and forwarded to external devices which are then in a position to provide services, based upon the traffic type, such as WAN optimisation and application acceleration