You can configure WCCP
to classify traffic for redirection, such as FTP, proxy-web-cache handling, and
audio and video applications. This classification, known as a service group, is
based on the protocol type (TCP or UDP) and the Layer 4 source destination port
numbers. The service groups are identified either by well-known names such as
web-cache, which means TCP port 80, or a service number, 0 to 99. Service
groups are configured to map to a protocol and Layer 4 port numbers and are
established and maintained independently. WCCP allows dynamic service groups,
where the classification criteria are provided dynamically by a participating
application engine.
You can configure up to 8 service groups on a
device or
device stack and up to 32 cache engines per
service group. WCCP maintains the priority of the service group in the group
definition. WCCP uses the priority to configure the service groups in the
device hardware. For example, if service
group 1 has a priority of 100 and looks for destination port 80, and service
group 2 has a priority of 50 and looks for source port 80, the incoming packet
with source and destination port 80 is forwarded by using service group 1
because it has the higher priority.
WCCP supports a
cluster of application engines for every service group. Redirected traffic can
be sent to any one of the application engines. The
device supports the mask assignment method of
load balancing the traffic among the application engines in the cluster for a
service group.
After WCCP is
configured on the
device, the
device forwards all service group packets
received from clients to the application engines. However, the following
packets are not redirected:
-
Packets
originating from the application engine and targeted to the server.
-
Packets
originating from the application engine and targeted to the client.
-
Packets returned
or rejected by the application engine. These packets are sent to the server.
You can configure a
single multicast address per service group for sending and receiving protocol
messages. When there is a single multicast address, the application engine
sends a notification to one address, which provides coverage for all routers in
the service group, for example, 225.0.0.0. If you add and remove routers
dynamically, using a single multicast address provides easier configuration
because you do not need to specifically enter the addresses of all devices in
the WCCP network.
You can use a router
group list to validate the protocol packets received from the application
engine. Packets matching the address in the group list are processed, packets
not matching the group list address are dropped.
To disable caching for
specific clients, servers, or client/server pairs, you can use a WCCP redirect
access control list (ACL). Packets that do not match the redirect ACL bypass
the cache and are forwarded normally.
Before WCCP packets
are redirected, the
device examines ACLs associated with all
inbound features configured on the interface and permits or denies packet
forwarding based on how the packet matches the entries in the ACL.
Note
|
Both permit and
deny ACL entries are supported in WCCP redirect lists.
|
When packets are
redirected, the output ACLs associated with the redirected interface are
applied to the packets. Any ACLs associated with the original port are not
applied unless you specifically configure the required output ACLs on the
redirected interfaces.