Cisco Cisco Web Security Appliance S360 User Guide
25-12
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 25 Configuring Network Settings
Configuring Transparent Redirection
Working with WCCP Services
A WCCP service is an appliance configuration that defines a service group to a WCCP v2 router. It
includes information such as the service ID and ports used. Service groups allow a web proxy to establish
connectivity with a WCCP router and to handle redirected traffic from the router.
includes information such as the service ID and ports used. Service groups allow a web proxy to establish
connectivity with a WCCP router and to handle redirected traffic from the router.
You can create WCCP services that use the following service types:
•
Standard service. The standard service is also known as a well known service because the
characteristics of it are known by both WCCP routers and the appliance. It redirects traffic on port
80. It is identified as the “web-cache” service.
characteristics of it are known by both WCCP routers and the appliance. It redirects traffic on port
80. It is identified as the “web-cache” service.
•
Dynamic service. Dynamic services are any other service a web proxy creates, but the web proxy
must describe the components of the service group to the router. AsyncOS supports the creation of
any dynamic service you choose to define. To create a dynamic service, you must provide the service
ID number, port numbers, and specify whether to redirect packets based on the destination or source
port and whether to distribute packets based on the client or server address.
must describe the components of the service group to the router. AsyncOS supports the creation of
any dynamic service you choose to define. To create a dynamic service, you must provide the service
ID number, port numbers, and specify whether to redirect packets based on the destination or source
port and whether to distribute packets based on the client or server address.
The Web Cache Communication Protocol allows 257 different service IDs. AsyncOS allows you to
create a dynamic WCCP service for each possible service ID. However, in typical usage, most users
create one or two WCCP services, where one is a standard service and the other a dynamic service.
create a dynamic WCCP service for each possible service ID. However, in typical usage, most users
create one or two WCCP services, where one is a standard service and the other a dynamic service.
When you create a WCCP service of any type, you must also specify the following information:
•
Assignment method. For more information, see
.
•
Forwarding and Return method. For more information, see
.
If you enable IP spoofing on the appliance, you must create two WCCP services. For more information,
see
see
.
Working with the Assignment Method
WCCP defines the assignment method as the method by which redirected packets are distributed
between web proxies. In this case, between one or more Web Security appliances. The assignment
method determines how the router performs load balancing of packets among multiple Web Security
appliances.
between web proxies. In this case, between one or more Web Security appliances. The assignment
method determines how the router performs load balancing of packets among multiple Web Security
appliances.
You configure the assignment method for a WCCP service in the Load-Balancing Method field under
the Advanced section when you create or edit a WCCP service.
the Advanced section when you create or edit a WCCP service.
You can configure WCCP services to use either of the following assignment methods:
•
Allow Hash Only. This method relies on a hash function to make redirection decisions. You might
want to use Hash when the WCCP router does not support masking.
want to use Hash when the WCCP router does not support masking.
•
Allow Mask Only. This method relies on masking to make redirection decisions. WCCP routers
make decisions using hardware in the router. This method can be very efficient because the hardware
redirects the packets. You might want to choose mask to reduce CPU cycles on the router which can
increase router performance. You can only use mask with WCCP routers that support mask
assignment.
make decisions using hardware in the router. This method can be very efficient because the hardware
redirects the packets. You might want to choose mask to reduce CPU cycles on the router which can
increase router performance. You can only use mask with WCCP routers that support mask
assignment.
•
Allow Hash or Mask. You can also configure a WCCP service to allow either mask or hash load
balancing. When a WCCP service allows both mask and hash, AsyncOS communicates with the
router to determine whether or not the router supports mask. If the router supports mask, then
AsyncOS uses masking in the service group, if the router does not support mask, then AsyncOS uses
hashing in the service group.
balancing. When a WCCP service allows both mask and hash, AsyncOS communicates with the
router to determine whether or not the router supports mask. If the router supports mask, then
AsyncOS uses masking in the service group, if the router does not support mask, then AsyncOS uses
hashing in the service group.