43-3
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter43 Configuring Web Cache Services B y Using WCCP Understanding WCCP
WCCP Negotiation
In the exchange of WCCP protocol messages, the designated application engine and the WCCP-enabled
switch negotiate these items:
Forwarding method (the method by which the switch forwards packets to the application engine).
The switch rewrites the Layer 2 header by replacing the packet destination MAC address with the
target application engine MAC address. It then forwards the packet to the application engine. This
forwarding method requires the target application engine to be di rec tl y con ne cte d to the swi tc h at
Layer 2.
Assignment method (the method by which packets are distributed among the application engines in
the cluster). The switch uses some bits of the destination IP address, the source IP address, the
destination Layer 4 port, and the source Layer 4 port to determine which application engine receives
the redirected packets.
Packet-return method (the method by which packets are returned from the appl ication engine to the
switch for normal forwarding). These are the typica l r eas ons why an a pplic ati on engi ne r e jec ts
packets and starts the packet-return feature:
The application engine is overloaded and has no room to service the packets.
The application engine receives an error message (such as a pro toco l or a uthe nt ic ati on e rro r)
from the web server and uses the dynamic client bypass feature. T he bypass e nabl es c lient s to
bypass the application engines and to connect directly to the w eb ser ver.
The application engine returns a packet to the WCCP-enabled switch to forward to the web ser ver
as if the application engine is not present. The application engine does not intercept the reconnection
attempt. In this way, the application engine effectively cancels the redirection of a packet to the
application engine and creates a bypass flow. If the return method is generic-rout e e ncap sul atio n
(GRE), the switch receives the returned packet through a GRE tunnel that is configured in the
application engine. The switch CPU uses Cisco express forwarding to send these packets to the
target web server. If the return method is Layer2 rewrite, the packets are forwarded in hardware to
the target web server. When the server responds with the requested information, the switch uses
normal Layer3 f orwarding to return the information to the requesting client.
MD5 Security
WCCP provides an optional security component in each protocol message to enable the switc h to use
MD5 authentication on messages between the switch and the application engine. Messages that do not
authenticate by MD5 (when authentication of the switch is enabled) are discarded by the switch. The
password string is combined with the MD5 value to create security for the connection between the switch
and the application engine. You must configure the same password on each application engine.
Packet Redirection and Service Groups
You can configure WCCP to classify traffic for redirection, such as FTP, proxy-web-cache handling, and
audio and video applications. This classification, known as a service group, is based on the protocol type
(TCP or UDP) and the Layer 4 source destination port numbers. The serv ice groups are identified either
by well-known names such as web-cache, which means TCP port 80, or a service number, 0 to 99.
Service groups are configured to map to a protocol and Layer 4 port numbers and are established and
maintained independently. WCCP allows dynamic service groups, where the classification criteria are
provided dynamically by a participating application engine.