Use caution when you enter the ip wccp [SG] router command because each ip wccp [SG] router command overwrites the previous ip wccp [SG] router command. You cannot use an ip wccp [SG] router command to augment ip wccp [SG] router commands you previously issued.
To specify the service group password on the WCCP router. Note: You must set the same password on the SteelHead interface and the Cisco router. If you add multiple routers and SteelHead interfaces to a service group, you can configure them to exchange WCCP protocol messages through a multicast group.
Configuring a multicast group is advantageous because if a new router is added, it does not need to be explicitly added on each SteelHead interface. Note: Multicast addresses must be between You can configure a group list on your router to limit service group members for instance, SteelHead interfaces by IP address.
For example, if you want to allow only SteelHead interfaces with IP addresses Note: The following WCCP router commands are not required for the example network configurations in this chapter. This section describes how to configure access control lists ACLs. As soon as a particular packet matches a statement, it is processed according to that statement and the packet is not evaluated against subsequent statements.
The order of your access control list statements is very important. You cannot change or delete this implied entry. If redirection is based on traffic characteristics other than ports, you can use ACLs on the router to define which traffic is redirected. If you only want the traffic for IP address Note: Enter configuration commands, one per line. For information about ACL commands, refer to your router documentation. The access-list router command has the following syntax:.
Number from 1 to that identifies the access control list. Standard access control lists are numbered 1 to 99 ; extended access control lists are numbered to A standard access control list matches traffic based on source IP address. An extended access control list matches traffic based on source or destination IP address. Riverbed recommends that you use extended IP access control lists. Specifies the traffic to redirect.
Use this option only when configuring a redirect list for WCCP. Source IP address and mask. For example:. This option is identical to specifying Cisco routers support many keywords. For details, refer to your router documentation. Destination IP address and mask. To avoid requiring the router to do extra work, Riverbed recommends that you create an ACL that routes only traffic that you intend to optimize to the SteelHead.
Suppose your network is structured so that all internet traffic passes through the WCCP-configured router, and all intranet traffic is confined to Because it is unlikely that remote internet hosts have a SteelHead, do not redirect internet traffic to the SteelHead.
The following is an example ACL that achieves this goal. You can perform load balancing using WCCP. WCCP supports load balancing using either the hash assignment method or the mask assignment method. With the hash assignment method, traffic is redirected based on a hashing scheme and the weight of the SteelHead interfaces. You can hash on a combination of the source IP address, destination IP address, source port, or destination port.
The default weight is based on the SteelHead model for example, for the Model , the weight is You can modify the weight on an interface per service group. When deciding the number of bits to use, always keep in mind the number of SteelHead interfaces in the service group. Ensure that you create enough buckets for all the SteelHead interfaces in the service group.
Having more buckets than SteelHead interfaces is not a problem; in fact, it might be necessary to do so to distribute the load correctly. However, if there are more SteelHead interfaces than available buckets, some SteelHead interfaces remain idle.
You can combine address masks with port masks as long as the total number of bits used for the mask assignment value does not exceed 7 bits. Note: The algorithm used for determining bucket allocation and assignment is vendor specific; there is no common standard in the industry.
The following explanation is specific to SteelHeads. Other vendors who support load distribution with mask assignment might use a different algorithm to distribute the loads amongst their own devices. The default mask on the SteelHead is 0x Change this default to suit your network.
At a minimum, the number of bits you use in the mask must provide enough buckets to load balance the traffic among the SteelHeads in the cluster. In addition, make sure there are enough buckets created to fairly load balance the traffic. When determining bucket allocations, mask assignment uses the WCCP weight parameter. The higher the weight, the more buckets are allocated to that SteelHead interface.
However, even if all the SteelHead interfaces in the service group share the same weight, the distribution among the SteelHead interfaces might not be perfectly equal if the number of buckets is not divisible by the number of SteelHead interfaces in the service group.
When the number of buckets is not divisible by the number of SteelHead interfaces in the service group, the remaining buckets are assigned to the SteelHead interface with the highest effective weight. If all weights are equal, then the interface with the lowest IP address receives the remaining buckets.
In other words, the remainder from the following operation is assigned to the SteelHead interface with the highest effective weight:. Effective weight with multiple in-path WCCP means each of the configured SteelHead interface weights are divided by the number of that SteelHead interfaces participating that service group. For example, a SteelHead has two interfaces participating in service group They have a weight of configured.
A SteelHead with a single interface participating in a service group with a weight of configured would simply have an effective weight of The final allocation is:.
The same operation applies to 16 buckets and 3 SteelHead interfaces of equal effective weight. The example shows that the number of bits used for the mask and the number of SteelHead interfaces in the service group affect the accuracy of the load distribution. To assign weight in the mask assignment method, you use the weight parameter in the same way as the hash assignment method: for example,. You can also assign weight to each SteelHead interfaces so that the larger model SteelHeads are assigned more buckets.
However, doing this is generally unnecessary because the SteelHead models have appropriately larger default weight values relative to their higher capacities. Because the number of allocated buckets must be integers, the number of buckets is rounded to the nearest integer.
The mask for the service group is 0xE, creating16 buckets. The total weight equals the effective weight of all SteelHead interfaces. The effective weight of a SteelHead interface is equal to its configured weight divided by the number of that SteelHead interfaces participating in the service group.
The LAN interface is not used. You can configure the fake index feature on your SteelHead to insert the correct interface index before exporting data to a data flow collector. Cisco IOS. ASR ISR and Routers.
ISR G2. Catalyst with Sup or Sup Catalyst with Sup2. Catalyst Nexus Redirection and Return Method. Layer 2. GRE or Layer 2. ISR and routers. Specifies the Ethernet interface on this Content Gateway host system to use with this service group. On a V appliance, eth0 is bound to P1 and eth1 is bound to P2. Mode Negotiation. These settings are required and cannot be changed. Specifies the preferred encapsulation method used by the WCCP router to transmit intercepted traffic to the proxy.
If the router supports GRE and L2, the method specified here is used. Important: GRE and Multicast are incompatible.
Important: If you change the forward or return method configuration while there is an active connection with the WCCP device, in order to re-negotiated the method you must force the current connection to terminate. Typically, this means turning off the service group on the WCCP device for 60 seconds. See the documentation for your WCCP device. Specifies the preferred packet encapsulation method used to return intercepted traffic to the WCCP router.
Note : Selecting L2 requires that the router or switch be Layer 2-adjacent in the same subnet as Content Gateway. Advanced Settings. Specifies the method that the router will use to distribute intercepted traffic across multiple proxy servers.
The MASK value is applied up to 6 significant bits in a cluster, a total of 64 buckets are created. See your WCCP documentation for more information about assignment method. Use the value recommended in the manufacturer's documentation for your device.
Specifies the attribute that the assignment method uses to determine which requests are distributed to which proxy servers. If the assignment method is HASH, select one or more distribution attributes. If the assignment method is MASK, select one distribution attribute. This option is only useful when Synchronize in the Cluster is disabled. Specifies the distribution of requests to servers in a cluster by proportional weighting. Set weight to a value that is the desired proportion of the total flow of traffic.
When all cluster members have a value of 0 the default , distribution is equal. If any member has a non-zero value, distribution is proportional, relative to the weight values of other members.
Members that continue to have a value of zero, receive no traffic. See WCCP load distribution. When IP spoofing is enabled, the proxy advertises a reverse service group for each enabled WCCP forward service group. The reverse service group must be applied along the return path of origin server responses to the proxy. Router Information. Enables or disables security so that the router and Content Gateway can authenticate each other. If you enable security in Content Gateway, you must also enable security on the router.
In the following scenario, the Silver Peak appliances are not connected in the direct path of the network traffic. As a result, a network traffic redirection technique is used to forward traffic to the appliance. It ensures that all data arrive at the other end accurately and completely intact.
UDP provides for exchange of datagrams without acknowledgements or guaranteed delivery. The appliance intercepts only those packets that have been redirected to it.
The appliance accelerates traffic flows that the Route Policy directs to a tunnel Encapsulating one type of network protocol called the payload protocol within a different delivery protocol.
0コメント