05-23-2013 04:20 AM
hi ,
my question is how to trace the wccp traffic in" upload and dowload " "from and to " clients .
assume the topology below :
we have router with 4 interfaces :
here is the config of router with wccp :
============================================================
GI0/1========>ip wccp 80 redirect in
GI0/4========>ip wccp redirect exclude in
GI0/3========>ip wccp 90 redirect in
and in the gloabl config of the router we have :
#ip access-list ex cache80
#permit tcp 192.168.1.0 0.0.0.255 any eq 80
#ip access-list ex cache90
#permit tcp any 192.168.1.0 0.0.0.255
#ip wccp 80 redirect-list cache80
i#p wccp 90 redirect-list cache90
======================================================
my question is , how to trace the http trafic from client to internet .
i will post my understanding and wish to correct me if im not correct .
*******************
when clinet make http request , it enter the interface Gi01
then it matched by the acl redirect cache80 ,
then it will be redirected to the interface where cache seerver of service 80 exist , so it will go to interface GI0/4.
the cache server will see if the request cache before or not .
to here , its clear ,
but im understanding wt will come next
plz i wish somebody clarify what is comming next .
aslo another question ,
the interface GI0/2 has no relation to cache , does it require any wccp config under interface config "Gi0/2 " ???
wish my best regards
Solved! Go to Solution.
05-29-2013 10:57 PM
getting security threat in opening your diagram,
regarding wccp exclude in --
take for example instead of using ip wccp 80 redirect in on LAN, you used ip wccp 80 redirect out on WAN, SO in that case there is chance that packet egress from cache engine will again get redirected back to CE, because of redirection in "out" direction. So we can instruct router to exclude traffic entering from CE interface from further redirection and avoid loop
05-29-2013 06:34 PM
I will try to explaing what happen next.
once traffic is redirected to cache-engine, and cache enigne has no content locally cached, it will forward the request to orignal server. Now there are two ways of doing that, one by intiating connection using its own IP, second spoofing orignal client IP and intiating backend connection using that.
For case 1, as conection is intiated by CE only, so return traffic will be destined to it.
For case 2, return traffic from server will be destined to orignal client thats why need redirection, so wccp service 90 come in picutre [hoping gig0/3 is our WAN interface].
Also note that you have used ip wccp redirect exclude in, for CE facing interface. With configuration you are using i.e redirection in "IN" direction, we do not need that command.
Cannot open your diagram, so not able to answer your question on interface gig0/2
05-29-2013 10:45 PM
hi ,
thanks alot for reply ,
u can have a look on my diagram from here :
http://www5.0zz0.com/2013/05/23/11/170478839.jpg
=======================================================================
but im still not understanding , why we dont need the command ip wccp redirect exlude in in my sitiuation ??
i mean that all the redirection has the direction "in " , as i fresult i dont need the command :
ip wccp redirect exclude in on the interface Gi0/4
=========================================================
i just need an example or explanation , when we need it , and i wish it with an example about the topology ive posted , i think it will help me in understaning it .
with my best regards
05-29-2013 10:57 PM
getting security threat in opening your diagram,
regarding wccp exclude in --
take for example instead of using ip wccp 80 redirect in on LAN, you used ip wccp 80 redirect out on WAN, SO in that case there is chance that packet egress from cache engine will again get redirected back to CE, because of redirection in "out" direction. So we can instruct router to exclude traffic entering from CE interface from further redirection and avoid loop
05-29-2013 11:23 PM
nice ,
relative to ur answer above , if i put redirect out in wan interface , and redirect in in wan interface .
but my question is ,
how will the router estimate this traffic if it was redirected from squid or not ???!!!!
is there method the router use to estimate that the traffic
it seems clear to me
regards
05-29-2013 11:29 PM
Not sure about internal mechanism which router uses, but from top, router simply filter traffic arriving from interface [on which wccp exclude is configured] for further redirection.
05-29-2013 11:36 PM
thanks alot for your replies .
i really got alot benefit .
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide