Web Cache Services Using WCCP

This chapter describes how to configure web caching services using WCCP, and includes the following sections:

Information About WCCP

Web Cache Communication Protocol (WCCP) is a content routing protcol that allows utilization of Cisco Cache Engines (or other caches running WCCP) to localize web traffic patterns in the network, enabling content requests to be fulfilled locally. The purpose of web caching is to reduce latency and network traffic. Previously-accessed web pages are stored in a cache buffer, so if users need the page again, they can retrieve it from the cache instead of the web server.

WCCP specifies interactions between the ASA and external web caches. The feature transparently redirects selected types of traffic to a group of web cache engines to optimize resource usage and lower response times. The ASA only supports WCCP Version 2.

Using an ASA as an intermediary eliminates the need for a separate router to do the WCCP redirection, because the ASA redirects requests to cache engines. When the ASA determines that a packet needs redirection, it skips TCP state tracking, TCP sequence number randomization, and NAT on these traffic flows.

Guidelines and Limitations

The following WCCPv2 features are supported for the ASA:

  • Redirection of multiple TCP and UDP port-destined traffic.
  • Authentication for cache engines in a service group.
  • Multiple cache engines in a service group.
  • GRE encapsulation.

The following WCCPv2 features are not supported for the ASA:

  • Multiple routers in a service group.
  • Multicast WCCP.
  • The Layer 2 redirect method.
  • WCCP source address spoofing.
  • WAAS devices.

ASA Implementation of WCCP

In the ASA implementation of WCCP, the protocol interacts with other configurable features according to the following:

  • AAA for network access will not work in combination with WCCP.
  • An inbound access rule always takes higher priority over WCCP. For example, if an ACL does not permit a client to communicate with a server, then traffic is not redirected to a cache engine.
  • TCP intercept, authorization, URL filtering, inspect engines, and IPS features are not applied to a redirected flow of traffic.
  • When a cache engine cannot service a request and a packet is returned, or when a cache miss happens on a cache engine and it requests data from a web server, then the contents of the traffic flow is subject to all the other configured features of the ASA.
  • If you have two WCCP services and they use two different redirection ACLs that overlap and match the same packets (with a deny or a permit action), the packets behave according to the first service-group found and installed rules. The packets are not passed thorugh all service-groups.

Failover Guidelines

Supports Active/Active and Active/Standby failover. WCCP redirect tables are not replicated to standby units. After a failover, packets are not redirected until the tables are rebuilt. Sessions redirected before failover are probably reset by the web server.

Firewall Mode Guidelines

Supported in routed and transparent firewall modes.

Context Mode Guidelines

Supported in single mode and multiple context mode.

IPv6 Guidelines

Does not support IPv6 traffic for redirection.

Additional Guidelines

The ASA selects the highest IP address configured on any interface as the WCCP router ID. This address is used to establish a GRE tunnel with the cache engine.

WCCP does not support ACLs that include a user, user group, or a fully qualified domain name object.

Licensing Requirements for WCCP

 

Model
License Requirement

ASAv

Standard or Premium License.

All other models

Base License.

Configuring WCCP Service Groups

To allocate space and enable support of the specified WCCP service group, perform the following steps:

Step 1 In the ASDM main application window, choose Configuration > Device Management > Advanced > WCCP > Service Groups.

Step 2 To add a new service group, click Add to display the A dd Service Group dialog box.

Step 3 To modify an existing service group, click Edit to display the Edit Service Group dialog box.

Step 4 To remove a selected service group, click Delete.

Step 5 To continue, see Adding or Editing WCCP Service Groups.

Step 6 Click Apply to save your changes, or click Reset to discard them and enter new ones.

 

Adding or Editing WCCP Service Groups

To add a new service group or change the service group parameters for a configured service group, perform the following steps:

Step 1 Click either the Web Cache Service or the Dynamic Service Number radio button. The maximum number of services, including those specified with a dynamic service identifier is 256.

Step 2 Enter the dynamic service identifier, which means the service definition is dictated by the cache. Valid dynamic service numbers are 0 to 254, and are used as the name of the service group.

Step 3 In the Options area, perform the following steps:

a. Choose the predefined ACL that controls traffic redirected to this service group.

b. Choose the predefined ACL that determines which web caches are allowed to participate in the service group. Only extended ACLs are allowed.

c. Enter a password up to seven characters long, which is used for MD5 authentication for messages received from the service group.

d. Confirm the password.

e. Click Manage to display the ACL Manager window, where you can create or change an ACL.

Step 4 Click OK to close the Add or Edit Service Group dialog box.

Step 5 To continue, see Configuring Packet Redirection.

 

Configuring Packet Redirection

To configure packet redirection on the ingress of an interface using WCCP, perform the following steps:

Step 1 In the ASDM main application window, choose Configuration > Device Management > Advanced > WCCP > Redirection.

Step 2 To add a new WCCP packet redirection, click Add to display the Add WCCP Redirection dialog box.

Step 3 To modify an existing WCCP packet redirection, click Edit to display the Edit WCCP Redirection dialog box.

Step 4 To remove a selected WCCP packet redirection, click Delete.

Step 5 To continue, see Adding or Editing Packet Redirection.

 

Adding or Editing Packet Redirection

To add or change packet redirection on the ingress of an interface using WCCP, perform the following steps:

Step 1 Choose the interface on which to enable WCCP redirection from the drop-down list.

Step 2 Choose the service group from the drop-down list.

Step 3 Click OK to close the Edit WCCP Redirection dialog box.

Step 4 (Optional) If you need to create a new service group, click New to display the Add Service Group dialog box.

Step 5 (Optional) To continue, see Adding or Editing WCCP Service Groups.

 

WCCP Monitoring

To monitor WCCP, perform the following steps:

 

Path
Purpose

Tools > Command Line Interface

Type show running-config wccp, then click Send.

Shows the current WCCP configuration.

Tools > Command Line Interface

Type show running-config wccp interface, then click Send.

Shows the current WCCP interfaces status.

Monitoring > Properties > WCCP > WCCP Service Groups

Shows configured WCCP service groups.

Monitoring > Properties > WCCP > WCCP Redirection

Shows configured WCCP interface statistics.

Feature History for WCCP

Table 20-1 lists the release history for this feature. ASDM is backwards-compatible with multiple platform releases, so the specific ASDM release in which support was added is not listed.

 

Table 20-1 Feature History for WCCP
Feature Name
Releases
Feature Information

WCCP

7.2(1)

WCCP specifies interactions between the ASA and external web caches.

We introduced the following screens:

Configuration > Device Management > Advanced > WCCP > Service Groups
Configuration > Device Management > Advanced > WCCP > Redirection