Cisco Cisco Web Security Appliance S170 사용자 가이드
26-13
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 26 Configuring Network Settings
Configuring Transparent Redirection
You configure the assignment method for a WCCP service in the Load-Balancing Method field under
the Advanced section when you create or edit a WCCP service.
the Advanced section when you create or edit a WCCP service.
You can configure WCCP services to use either of the following assignment methods:
•
Mask. This method relies on masking to make redirection decisions. WCCP routers make decisions
using hardware in the router. This method can be very efficient because the hardware redirects the
packets. You might want to choose mask to reduce CPU cycles on the router which can increase
router performance. You can only use mask with WCCP routers that support mask assignment.
using hardware in the router. This method can be very efficient because the hardware redirects the
packets. You might want to choose mask to reduce CPU cycles on the router which can increase
router performance. You can only use mask with WCCP routers that support mask assignment.
Note
AsyncOS chooses the mask value to use with the router. You cannot configure the mask value.
•
Hash. This method relies on a hash function to make redirection decisions. You might want to use
Hash when the WCCP router does not support masking.
Hash when the WCCP router does not support masking.
You can also configure a WCCP service to allow either mask or hash load balancing. When a WCCP
service allows both mask and hash, AsyncOS communicates with the router to determine whether or not
the router supports mask. If the router supports mask, then AsyncOS uses masking in the service group,
if the router does not support mask, then AsyncOS uses hashing in the service group.
service allows both mask and hash, AsyncOS communicates with the router to determine whether or not
the router supports mask. If the router supports mask, then AsyncOS uses masking in the service group,
if the router does not support mask, then AsyncOS uses hashing in the service group.
Working with the Forwarding and Return Method
WCCP defines the forwarding method as the method by which redirected packets are transported from
the router to the web proxy. Conversely, the return method redirects packets from the web proxy to the
router.
the router to the web proxy. Conversely, the return method redirects packets from the web proxy to the
router.
You configure the forwarding and return methods for a WCCP service in the Forwarding Method and
Return Method fields under the Advanced section when you create or edit a WCCP service.
Return Method fields under the Advanced section when you create or edit a WCCP service.
You can configure WCCP services to use either of the following methods:
•
Layer 2 (L2). This method redirects traffic at layer 2 by replacing the packet’s destination MAC
address with the MAC address of the target web proxy. This method requires that the target web
proxy be directly connected to the router at layer 2. WCCP routers only allow L2 negotiation when
the appliance is directly connected to the router at layer 2. The L2 method redirects traffic at the
router hardware level, and typically has better performance than Generic Routing Encapsulation
(GRE). You might want to choose L2 when the router is directly connected to the appliance and you
want the performance improvement provided by the L2 method. You can only use the L2 method
with WCCP routers that support L2 forwarding.
address with the MAC address of the target web proxy. This method requires that the target web
proxy be directly connected to the router at layer 2. WCCP routers only allow L2 negotiation when
the appliance is directly connected to the router at layer 2. The L2 method redirects traffic at the
router hardware level, and typically has better performance than Generic Routing Encapsulation
(GRE). You might want to choose L2 when the router is directly connected to the appliance and you
want the performance improvement provided by the L2 method. You can only use the L2 method
with WCCP routers that support L2 forwarding.
•
Generic Routing Encapsulation (GRE). This method redirects traffic at layer 3 by encapsulating
the IP packet with a GRE header and a redirect header. This method redirects traffic at the router
software level, which can impact performance. You might want to choose GRE when the appliance
is not directly connected to the router.
the IP packet with a GRE header and a redirect header. This method redirects traffic at the router
software level, which can impact performance. You might want to choose GRE when the appliance
is not directly connected to the router.
You can also configure a WCCP service to allow either the L2 or GRE methods. When a WCCP service
allows both L2 and GRE, the appliance uses the method that the router says it supports. If both the router
and appliance support L2 and GRE, the appliance uses L2.
allows both L2 and GRE, the appliance uses the method that the router says it supports. If both the router
and appliance support L2 and GRE, the appliance uses L2.
Note
If the router is not directly connected to the appliance, you must choose GRE.