Cisco Cisco Web Security Appliance S670 User Guide
2-23
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 2 Connect, Install, and Configure
Using the P2 Data Interface for Web Proxy Data
Step 4
Submit and commit your changes.
Advanced
Load-Balancing Method. This determines how the router performs load
balancing of packets among multiple Web Security appliances. Choose from:
balancing of packets among multiple Web Security appliances. Choose from:
•
Allow Mask Only. WCCP routers make decisions using hardware in the
router. This method can increase router performance over the hash
method. Not all WCCP routers support mask assignment, however.
router. This method can increase router performance over the hash
method. Not all WCCP routers support mask assignment, however.
•
Allow Hash Only. This method relies on a hash function to make
redirection decisions. This method can be less efficient than the mask
method, but may be the only option the router supports.
redirection decisions. This method can be less efficient than the mask
method, but may be the only option the router supports.
•
Allow Hash or Mask. Allows AsyncOS to negotiate a method with the
router. If the router supports mask, then AsyncOS uses masking,
otherwise hashing is used.
router. If the router supports mask, then AsyncOS uses masking,
otherwise hashing is used.
Mask Customization. If you select Allow Mask Only or Allow Hash or
Mask, you can customize the mask or specify the number of bits:
Mask, you can customize the mask or specify the number of bits:
•
Custom mask (max 5 bits). You can specify the mask. The web
interface displays the number of bits associated with the mask you
provide.
interface displays the number of bits associated with the mask you
provide.
•
System generated mask. You can let the system generate a mask for
you. Optionally, you can specify the number of bits for the
system-generated mask, up to 5 bits.
you. Optionally, you can specify the number of bits for the
system-generated mask, up to 5 bits.
Forwarding method. This is the method by which redirected packets are
transported from the router to the web proxy.
transported from the router to the web proxy.
Return Method. This is the method by which redirected packets are
transported from the web proxy to the router.
transported from the web proxy to the router.
Both the forwarding and return methods use one of the following method
types:
types:
•
Layer 2 (L2). This redirects traffic at layer 2 by replacing the packet’s
destination MAC address with the MAC address of the target web proxy.
The L2 method operates at hardware level and typically offers the best
performance. Not all WCCP routers support L2 forwarding, however. In
addition, WCCP routers only allow L2 negotiation with a directly
(physically) connected Web Security appliance.
destination MAC address with the MAC address of the target web proxy.
The L2 method operates at hardware level and typically offers the best
performance. Not all WCCP routers support L2 forwarding, however. In
addition, WCCP routers only allow L2 negotiation with a directly
(physically) connected Web Security appliance.
•
Generic Routing Encapsulation (GRE). This method redirects traffic
at layer 3 by encapsulating the IP packet with a GRE header and a
redirect header. GRE operates at software level, which can impact
performance.
at layer 3 by encapsulating the IP packet with a GRE header and a
redirect header. GRE operates at software level, which can impact
performance.
•
•
L2 or GRE. With this option, the appliance uses the method that the
router says it supports. If both the router and appliance support L2 and
GRE, the appliance uses L2.
router says it supports. If both the router and appliance support L2 and
GRE, the appliance uses L2.
If the router is not directly connected to the appliance, you must choose GRE.
WCCP Service Option
Description