Cisco ASR 1000 Series Configuration Manual

Aggregation services router ip application services cisco ios xe release 3s

Hide thumbs Also See for ASR 1000 Series:

Software configuration manual (602 pages)

Configuration manual (442 pages)

Replacing (120 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

Table of Contents

Quick Links

Summary of Contents for Cisco ASR 1000 Series

Page 1 IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000) Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
Page 3: Table Of Contents
Example: Setting the MTU Packet Size Example: Configuring IP Accounting Additional References Feature Information for IP Services Configuring TCP C H A P T E R 2 Finding Feature Information IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 4 Example: Configuring the TCP Application Flags Enhancement Example: Displaying Addresses in IP Format Example: Configuring Keepalive Parameters Additional References Feature Information for TCP Configuring WCCP C H A P T E R 3 IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 5 Enabling WCCP Interoperability with NAT Verifying and Monitoring WCCP Configuration Settings Configuration Examples for WCCP Example: Changing the Version of WCCP on a Router Example: Configuring a General WCCPv2 Session IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 6 IPv6 WCCP VRF Tunnel Interface WCCP Bypass Packets WCCP Closed Services and Open Services WCCP Outbound ACL Check WCCP Service Groups WCCP—Check All Services WCCP—Configurable Router ID Overview WCCP Troubleshooting Tips IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 7 Example: WCCPv2—IPv6—Using Access Lists for a WCCPv2 IPv6 Service Group Example: WCCPv2—IPv6—Configuring Outbound ACL Check Example: WCCPv2—IPv6—Verifying WCCP Settings Example: WCCPv2—IPv6—Cisco ASR 1000 Platform Specific Configuration Additional References Feature Information for WCCPv2—IPv6 Support IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 8 Contents IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000) viii...
Page 9: Chapter,
This module describes how to configure optional IP services. For a complete description of the IP services commands in this chapter, refer to the Cisco IOS IP Application Services Command Reference. To locate documentation of other commands that appear in this module, use the master command list, or search online.
Page 10: Icmp Overview
Disable IP source routing whenever possible. Disabling IP source routing will cause a Cisco router to never forward an IP packet that carries a source routing option. ICMP Overview Originally created for the TCP/IP suite in RFC 792, the Internet Control Message Protocol (ICMP) was designed to report a small set of error conditions.
Page 11: Icmp Mask Reply Messages
Disabling ICMP redirects will cause no operational impact to the network, and it eliminates this possible method of attack. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 12: Denial Of Service Attack
MTU-sized link (and different routers). As shown in the figure above, suppose a router is sending IP packets over a network where the MTU in the first router is set to 1500 bytes, but the second router is set to 512 bytes. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 13: Cisco Ip Accounting
These new commands are useful for monitoring and managing the Cisco IOS Socket library. In Cisco IOS software, sockets are a per process entity. This means that the maximum number of sockets is per process and all sockets are managed on a per process basis. For example, each Cisco IOS process could have a socket with file descriptor number 1.
Page 14: How To Configure Ip Services
4. interface type/number/slot 5. no ip unreachables 6. no ip redirects 7. no ip mask-reply DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 15: Configuring Icmp Unreachable Rate Limiting User Feedback
This task also configures a packet counter (threshold) and interval to trigger a logging message to a console. This task is beneficial to begin a new log after the thresholds have been set. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 16 • log --(Optional) List of error messages. The arguments are as follows: • packets--(Optional) Number of packets that determine a threshold for generating a log. The default is 1000. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 17: Setting The Mtu Packet Size
All devices on a physical medium must have the same protocol MTU in order to operate. Perform this task to set the MTU packet size for a specified interface. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 18: Configuring Ip Accounting
Device(config-if)# ip mtu 300 Step 5 Returns to privileged EXEC mode. Example: Device(config-if)# end Configuring IP Accounting To configure IP accounting, perform this task for each interface. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 19 IP accounting database. Example: Router(config)# ip accounting-transits 100 Step 6 interface type number Specifies the interface and enters interface configuration mode. Example: Router(config)# interface GigabitEthernet 1/0/0 IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 20: Monitoring And Maintaining The Ip Network
9. show udp [detail] 10. show ip traffic DETAILED STEPS Step 1 clear ip traffic To clear all IP traffic statistical counters on all interfaces, use the following command: IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 21 2749 172.16.2.50 192.168.33.51 1111 172.16.2.50 172.31.2.1 172.16.2.50 172.31.1.2 30991 172.16.19.40 172.16.2.1 172.16.19.40 172.16.1.2 2552 172.16.20.2 172.16.6.100 2184 172.16.13.55 172.16.1.2 3020 172.16.19.40 192.168.33.51 1986 95091 172.16.2.50 192.168.67.20 14908 IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 22 To display the address of the default router and the address of hosts for which an ICMP redirect message has been received, use the show ip redirectscommand. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 23 Total open sockets - TCP:7, UDP:0, SCTP:0 The following example displays IP socket event information: Example: Router# show sockets 35 events Events watched for this process: READ IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 24 Mcast: 0 received, 0 sent Sent: 0 generated, 0 forwarded Drop: 0 encapsulation failed, 0 unresolved, 0 no adjacency 0 no route, 0 unicast RPF, 0 forced drop IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 25 Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0 IGMP statistics: Sent/Received Total: 0/0, Format errors: 0/0, Checksum errors: 0/0 Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0 DVMRP: 0/0, PIM: 0/0 IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 26: Configuration Examples For Ip Services
Router# configure terminal Router(config)# interface ethernet 0/5 Router(config-if)# ip accounting mac-address input Router(config-if)# ip accounting mac-address output Router(config-if)# ip accounting precedence input Router(config-if)# ip accounting precedence output IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 27: Additional References
Unless noted otherwise, subsequent releases of that software release train also support that feature. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 28 Configuring IP Services Feature Information for IP Services Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Table 1: Feature Information for IP Services...
Page 29 IOS Socket library. The following commands were introduced or modified by this feature: clear sockets, show sockets,show udp. The following command was replaced by this feature:show ip sockets. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 30 Configuring IP Services Feature Information for IP Services IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 31: Configuring Tcp
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 32: Prerequisites For Tcp
TCP Connection Establishment To use reliable transport services, TCP hosts must establish a connection-oriented session with one another. Connection establishment is performed by using a “three-way handshake” mechanism. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 33: Tcp Connection Attempt Time
There is no performance impact when the feature is enabled but not used. Use the ip tcp selective-ack command in global configuration mode to enable TCP selective acknowledgment. Refer to RFC 2018 for more details about TCP selective acknowledgment. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 34: Tcp Time Stamp
For more information about Path MTU Discovery, refer to the “Configuring IP Services” module of the IP Application Services Configuration Guide. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 35: Tcp Window Scaling
Previous to introduction of this feature, the sender would exit Fast-Recovery mode, wait for three or more duplicate acknowledgment packets before retransmitting IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 36: Tcp Explicit Congestion Notification
1452 bytes. This value plus the 20-byte IP header, the 20-byte TCP header, and the 8-byte PPPoE header add up to a 1500-byte packet that matches the MTU size for the Ethernet link. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 37: Tcp Applications Flags Enhancement
Base for the Transmission Control Protocol (TCP). RFC 4022 is an incremental change of the TCP MIB to improve the manageability of TCP. To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs...
Page 38: How To Configure Tcp
(Optional) Sets the amount of time the Cisco software will wait before attempting to establish a TCP connection. Example: • The default is 30 seconds. Device(config)# ip tcp synwait-time 60 IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 39 (Optional) Sets the TCP outgoing queue size. Example: Device(config)# ip tcp queuemax 10 Step 11 Exits to privileged EXEC mode. Example: Device(config)# end IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 40: Configuring The Mss Value And Mtu For Transient Tcp Syn Packets
Adjusts the MSS value of TCP SYN packets going through a device. Example: • The max-segment-size argument is the maximum Device(config-if)# ip tcp adjust-mss 1452 segment size, in bytes. The range is from 500 to 1460. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 41: Verifying Tcp Performance Parameters
Foreign host: 10.10.10.2, Foreign port: 12000 Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes) Event Timers (current time is 0x4F31940): Timer Starts Wakeups Next Retrans TimeWait IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 42 Use the show tcp brief command to display a concise description of TCP connection endpoints. Use the optional all keyword to display the status for all endpoints with addresses in a Domain Name System (DNS) hostname format. If IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 43 The following lines from the debug ip tcp transactions command sample output show that a duplicate acknowledgment is received when TCP is in Fast Recovery mode (first line) and a partial acknowledgment has been received (second line): IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 44 *May 20 22:50:32.559: cwnd from 8388480 to 2514841, ssthresh from 65535 to 2514841 For Cisco TCP, New Reno is the default congestion control algorithm. However, an application can also use Binary Increase Congestion Control (BIC) as the congestion control algorithm. The following is sample output from the debug...
Page 45: Configuring Keepalive Parameters
Device(config)# ip tcp keepalive retries 5 Step 5 Exits global configuration mode. Example: Device(config)# end Step 6 show running-config (Optional) Displays the running configuration. Example: Device# show running-config IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 46: Configuration Examples For Tcp
The “in non-ECN-setup SYN-ACK” text means that the remote end did not favorably acknowledge the ECN request and, therefore, the session is not ECN capable. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 47 00:03:32: cwnd from 1460 to 1460, ssthresh from 2920 to 2920 00:03:32: tcp0: R SYNSENT 10.1.25.234:11001 10.1.25.31:23 seq 1922220018 OPTS 4 SYN WIN 4128 !Connection timed out; remote host not responding IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 48: Example: Configuring The Tcp Mss Adjustment
Device(config-if)# ip address 192.168.100.1.255.255.255.0 Device(config-if)# ip tcp adjust-mss 1452 Device(config-if)# ip nat inside Device(config-if)# exit Device(config)# interface ATM 0 Device(config-if)# no ip address Device(config-if)# no atm ilmi-keepalive Device(config-if)# pvc 8/35 IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 49: Example: Configuring The Tcp Application Flags Enhancement
Device# configure terminal Device(config)# ip tcp keepalive interval 2 Device(config)# ip tcp keepalive retries 5 The following is a sample output of the show running-config command: Device# show running-config IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 50: Additional References
MIBs Link CISCO-TCP-MIB To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 51: Feature Information For Tcp
Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 52: Ip Application Services Configuration Guide, Cisco Ios Xe Release 3S (Cisco Asr
• Duplicate acknowledgments being received during Fast Recovery mode. • Partial acknowledgments being received. The following command was modified by this feature: debug ip tcp transactions. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 53 (TCP). RFC 4022 is an incremental change of the TCP MIB to improve the manageability of TCP. There are no new or modified commands for this feature. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 54 Long Fat Networks (LFNs). This TCP Window Scaling enhancement provides that support. The following command was introduced or modified by this feature: ip tcp window-size. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 55 The TCP Keepalive Timer feature introduces the capability to identify dead connections between multiple routing devices. The following command was introduced or modified by this feature: ip tcp keepalive. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 56 Configuring TCP Feature Information for TCP IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 57: Configuring Wccp
In some WCCP deployment scenarios, redirection of traffic may also be required from the web server to the client. WCCP enables you to integrate content engines into your network infrastructure. Cisco IOS Release 12.1 and later releases allow the use of either WCCP Version 1 (WCCPv1) or Version 2 (WCCPv2).
Page 58: Prerequisites For Wccp
In Cisco IOS Release 12.2(33)SRE, this feature is supported only on Cisco 7200 NPE-G2 and Cisco 7304-NPE-G100 routers. This feature is supported in Cisco IOS Release 12.2(50)SY on Catalyst 6000 series switches with a PFC4. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 59 Cisco Catalyst 6500 Series Switches The following limitation apply to Cisco Catalyst 6500 series switches: • With a Policy Feature Card 2 (PFC2), Cisco IOS Release 12.2(17d)SXB and later releases support WCCP. • With a PFC3, Cisco IOS Release 12.2(18)SXD1 and later releases support WCCP.
Page 60: Information About Wccp
When WCCP is using the mask assignment, any redirect list is merged with the mask information from the appliance and the resulting merged ACL is passed down to the Catalyst 6500 series switch or Cisco 7600 series router hardware. Only Permit or Deny ACL entries from the redirect list in which the protocol is IP or exactly matches the service group protocol are merged with the mask information from the appliance.
Page 61: Layer 2 Forwarding Redirection And Return
L2 forwarding, return, and redirection can also be used for software-switching platforms. On Cisco ASR 1000 Series Aggregation Services Routers, both the GRE and L2 forward and return methods use the hardware. Therefore, there is no significant performance degradation between them.
Page 62: Hardware Acceleration
The following guidelines apply to WCCP Layer 2 PFC redirection: • The WCCP Layer 2 PFC redirection feature sets the IP flow mask to full-flow mode. • You can configure the Cisco Cache Engine software Release 2.2 or later releases to use the WCCP Layer 2 PFC redirection feature.
Page 63: Wccpv1 Configuration
This lead content engine uses WCCP to indicate to the control router how IP packet redirection should be performed. Specifically, the lead content engine designates how redirected traffic should be distributed across the content engines in the cluster. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 64: Wccpv2 Configuration
The following sequence of events details how WCCPv2 configuration works: 1 Each content engine is configured with a list of routers. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 65: Wccpv2 Support For Services Other Than Http
(rather than attempting to resend the request to the content engine cluster). This process provides error handling transparency to clients. Typical reasons why a content engine would reject packets and initiate the packet return feature include the following: IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 66: Wccpv2 Load Distribution
The tunnel interfaces are automatically created in order to process outgoing GRE-encapsulated traffic for WCCP. The tunnel interfaces appear when a content engine connects and requests GRE redirection. The IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 67 WCCP service group number. For interfaces that are used for redirection, the source address shown is the WCCP router ID. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 68 GRE WCCP redirection HWIDB/IDB pointers 0x55A13E0/0x35F5A80 IP redirect disabled Switching vector: IPv4 midchain adj oce IP Tunnel stack to 10.1.1.82 in Default (0x0) nh tracking enabled: 10.1.1.82/32 IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 69: Wccp Bypass Packets
(or the global table if there is no VRF associated) is used to route the packet to the destination. GRE is a tunneling protocol developed by Cisco that encapsulates packet types from a variety of protocols inside IP tunnels, creating a virtual point-to-point link over an IP network.
Page 70: Wccp Service Groups
WCCP Service Groups WCCP Service Groups WCCP is a component of Cisco IOS software that redirects traffic with defined characteristics from its original destination to an alternative destination. The typical application of WCCP is to redirect traffic bound for a remote web server to a local web cache to improve response time and optimize network resource usage.
Page 71: Wccp-Check All Services
WAAS interface. If you are not able to configure the ip nat inside or theipv6 nat inside command on the WAAS interface, disable Cisco Express Forwarding. You must also update the WCCP redirect ACL to include a private address to ensure that pretranslated traffic is redirected.
Page 72: How To Configure Wccp
5. ip wccp [vrf vrf-name] {web-cache | service-number} redirect {in | out} 6. exit 7. interface type number 8. ip wccp redirect exclude in DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode. enable IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 73 Device(config-if)# exit Step 7 interface type number Targets an interface number on which to exclude traffic for redirection, and enters interface configuration mode. Example: Device(config)# interface GigabitEthernet 0/2/0 IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 74: Configuring Closed Services
Enters global configuration mode. Example: Device# configure terminal Step 3 Enter one of the following commands: Configures a dynamic WCCP service as closed or open. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 75: Registering A Router To A Multicast Address
If you decide to use the multicast address option for your service group, you must configure the router to listen for the multicast broadcasts on an interface. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 76 Device(config)# ip multicast-routing Step 4 ip wccp [vrf vrf-name] {web-cache | service-number} Specifies the multicast address for the service group. group-address multicast-address Example: Device(config)# ip wccp 99 group-address 239.1.1.1 IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 77: Using Access Lists For A Wccp Service Group
7. Repeat some combination of Steps 3 through 6 until you have specified the sources on which you want to base your access list. 8. ip wccp [vrf vrf-name] web-cache group-list access-list 9. ip wccp [vrf vrf-name] web-cache redirect-list access-list IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 78 Device(config)# access-list 1 remark Give access to user1 Step 6 access-list access-list-number deny {source Denies the specified source based on a source address and wildcard [source-wildcard] | any} | [log] mask. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 79: Enabling The Wccp Outbound Acl Check
When all redirection is performed in the hardware, the mode of redirection will change when outbound Note ACL checking is enabled. The first packet is switched in software to allow the extra ACL check to be performed before a shortcut is installed. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 80 Checks the access control list (ACL) for egress interfaces for ip wccp check acl outbound packets redirected by WCCP. Example: Device(config)# ip wccp check acl outbound Step 5 exit Exits global configuration. Example: Device(config)# exit IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 81: Enabling Wccp Interoperability With Nat
Designates that traffic originating from or destined for the interface is subject to NAT and indicates that the interface is connected to the inside network (the network subject to NAT translation). Example: Router(config-if)# ip nat inside IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 82 Designates that traffic originating from or destined for the interface is subject to NAT and indicates that the interface is connected to the inside network (the network subject to NAT translation). Example: Router(config-if)# ip nat inside IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 83: Verifying And Monitoring Wccp Configuration Settings
• detail—(Optional) other members of a particular service group or web cache that have or have not been detected. • view—(Optional) information about a router or all web caches. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 84: Configuration Examples For Wccp
Global WCCP information: Router information: Router Identifier: 10.4.9.8 Protocol Version: Example: Configuring a General WCCPv2 Session Device# configure terminal Device(config)# ip wccp web-cache group-address 224.1.1.100 password password1 IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 85: Ip Application Services Configuration Guide, Cisco Ios Xe Release 3S (Cisco Asr
WCCP Redirect exclude is disabled Example: Running a Reverse Proxy Service The following example assumes that you are configuring a service group using Cisco cache engines, which use dynamic service 99 to run a reverse proxy service: Router# configure terminal...
Page 86: Example: Using Access Lists
If the outbound ACL check is disabled, the HTTP packets from network 10.0.0.0 would be redirected to a web cache. Users with that network address could retrieve web pages even though the network administrator wanted to prevent it. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 87: Example: Verifying Wccp Settings
10.3.1.1 ip classless ip route 0.0.0.0 0.0.0.0 10.3.1.1 no ip http server IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 88: Example: Enabling Wccp Interoperability With Nat
0004: 0x00000000 0x00000100 0x0000 0x0000 0x3C010102 (10.1.1.2) 0005: 0x00000000 0x00000101 0x0000 0x0000 0x3C010102 (10.1.1.2) 0006: 0x00000000 0x00000140 0x0000 0x0000 0x3C010102 (10.1.1.2) For more information about the show ip wccp web-cache command, see the Cisco IOS IP Application Services Command Reference. Example: Enabling WCCP Interoperability with NAT...
Page 89 MIB Locator found at the following URL: http://www.cisco.com/go/mibs RFCs Title No new or modified RFCs are supported, and support — for existing RFCs has not been modified. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 90: Feature Information For Wccp
The show ip wccp command was modified by this feature. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 91 256 across all VRFs. The following commands were modified by this feature: ip wccp, ip wccp check services all, ip wccp outbound-acl-check, show ip wccp. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 92 The WCCP Mask Assignment feature introduces support for ACNS/WAAS devices using mask assignment as a cache engine assignment method. There are no new or modified commands associated with this feature. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 93 WCCP service. If the packets match, they will be redirected. The following commands were introduced or modified by this feature: ip wccp redirect-list. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 94 IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 95 The following commands were introduced or modified by this feature: clear ip wccp, debug ip wccp, ip wccp, ip wccp group-listen, ip wccp redirect, show ip wccp. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 96 Configuring WCCP Feature Information for WCCP IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 97: Finding Feature Information
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 98: Prerequisites For Wccpv2—Ipv6 Support
• Multicast addresses must be in the range from 224.0.0.0 to 239.255.255.255. • Effective from Cisco IOS XE Release 3.10, the Cisco ASR 1000 Series Aggregation Services Routers support hash assignment for IPv6 load balance across content engines, and does not support mask assignment.
Page 99: Layer 2 Forwarding Redirection And Return
L2 forwarding, return, and redirection can also be used for software-switching platforms. On Cisco ASR 1000 Series Aggregation Services Routers, both the GRE and L2 forward and return methods use the hardware. Therefore, there is no significant performance degradation between them.
Page 100: Wccp Hash Assignment
Reference. WCCP Hash Assignment The Cisco ASR 1000 Series Aggregation Services Routers support supports hash assignment for IPv6 load balance across different content engines, but does not support mask assignment. However, it supports both hash assignment and mask assignment for IPv4.
Page 101: Wccpv2 Configuration
The following sequence of events details how WCCPv2 configuration works: 1 Each content engine is configured with a list of routers. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 102: Wccpv2 Support For Services Other Than Http
(rather than attempting to resend the request to the content engine cluster). This process provides error handling transparency to clients. Typical reasons why a content engine would reject packets and initiate the packet return feature include the following: IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 103: Wccpv2 Load Distribution
The tunnel interfaces are automatically created in order to process outgoing GRE-encapsulated traffic for WCCP. The tunnel interfaces appear when a content engine connects and requests GRE redirection. The IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 104 WCCP service group number. For interfaces that are used for redirection, the source address shown is the WCCP router ID. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 105 Fixup disabled HWIDB/IDB pointers 0x200900DC/0x20090D98 IP redirect disabled Switching vector: IPv6 midchain adjacency oce Next-hop cannot be inferred IP Tunnel stack to 2001:DB8:1::11 in Default (0x0) Device# IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 106: Wccp Bypass Packets
(or the global table if there is no VRF associated) is used to route the packet to the destination. GRE is a tunneling protocol developed by Cisco that encapsulates packet types from a variety of protocols inside IP tunnels, creating a virtual point-to-point link over an IP network.
Page 107: Wccp—Check All Services
In a dynamic service, up to eight ports can be specified within a single protocol. Cisco Content Engines, for example, use dynamic service 99 to specify a reverse-proxy service. However, other content engine devices may use this service number for some other service.
Page 108: Wccp—Configurable Router Id Overview
When an interface is configured with more than one WCCP service, the precedence of the packets is matched against service groups in priority order. The priority of a WCCP service group cannot be configured via Cisco IOS software. Note With the ip wccp check services all or the ipv6 wccp check services all command, WCCP can be configured to check all configured services for a match and perform redirection for those services if appropriate.
Page 109: Ip Application Services Configuration Guide, Cisco Ios Xe Release 3S (Cisco Asr
6. ipv6 wccp [vrf vrf-name] {web-cache | service-number} redirect {out | in} 7. exit 8. interface type number 9. ipv6 wccp redirect exclude in DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode. enable IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 110 • As indicated by the out and in keyword options, Example: redirection can be specified for outbound interfaces or inbound interfaces. Device(config-if)# ipv6 wccp web-cache redirect Step 7 exit Exits interface configuration mode. Example: Device(config-if)# exit IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 111: Configuring Services For Wccpv2—Ipv6
5. ipv6 wccp [vrf vrf-name] {web-cache | service-number} 6. exit DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Device> enable IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 112 • The maximum number of services that can be specified is 256. Device(config)# ipv6 wccp 201 Step 6 exit Exits to privileged EXEC mode. Example: Device(config)# exit IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 113: Registering A Router To A Multicast Address For Wccpv2— Ipv6
Enables IP multicast routing. Example: Device(config)# ipv6 multicast-routing Step 4 ipv6 wccp [vrf vrf-name] {web-cache | service-number} Specifies the multicast address for the service group. group-address multicast-address IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 114: Using Access Lists For Wccpv2—Ipv6 Service Group
7. Repeat some combination of Steps 3 through 6 until you have specified the sources on which you want to base your access list. 8. ipv6 wccp [vrf vrf-name] web-cache group-list access-list 9. ipv6 wccp [vrf vrf-name] web-cache redirect-list access-list IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 115 Device(config)# access-list 1 remark Give access to user1 Step 6 access-list access-list-number deny {source Denies the specified source based on a source address and wildcard [source-wildcard] | any} [log] mask. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 116: Enabling The Wccp—Ipv6 Outbound Acl Check
When all redirection is performed in the hardware, the mode of redirection will change when outbound ACL checking is enabled. The first packet is switched in software to allow the extra ACL check to be performed before a shortcut is installed. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 117 Checks the access control list (ACL) for egress interfaces for packets redirected by WCCP. Example: Device(config)# ipv6 wccp check acl outbound Step 5 Exits global configuration. exit Example: Device(config)# exit IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 118: Verifying And Monitoring Wccpv2—Ipv6 Configuration Settings
Device# show ipv6 interface Step 4 (Optional) Displays contents of the currently running configuration file more system:running-config (equivalent to the show running-config command). Example: Device# more system:running-config IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 119: Configuration Examples For Wccpv2—Ipv6 Support
Device(config)# interface GigabitEthernet 0/1/0 Device(config-if)# ipv6 wccp web-cache redirect in Device(config-if)# exit Device# show ip interface GigabitEthernet 0/1/0 WCCP Redirect inbound is enabled WCCP Redirect exclude is disabled IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 120: Example: Wccpv2—Ipv6—Running A Reverse Proxy Service
Example: WCCPv2—IPv6—Running a Reverse Proxy Service Example: WCCPv2—IPv6—Running a Reverse Proxy Service The following example assumes that you are configuring a service group using Cisco cache engines, which use dynamic service 99 to run a reverse proxy service: Device# configure terminal...
Page 121: Example: Wccpv2—Ipv6—Configuring Outbound Acl Check
99 redirect in no ip route-cache no ip mroute-cache interface GigabitEthernet0/1/0 ip address 10.4.1.1 255.255.255.0 no ip directed-broadcast IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 122 0005: 0x00000000 0x00000101 0x0000 0x0000 0x3C010102 (10.1.1.2) 0006: 0x00000000 0x00000140 0x0000 0x0000 0x3C010102 (10.1.1.2) For more information about the show ip wccp web-cache command, see the Cisco IOS IP Application Services Command Reference document. IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
Page 123: Example: Wccpv2—Ipv6—Cisco Asr 1000 Platform Specific Configuration
ACL id: 0 AOM id: 0x18a, status: created The following example shows how to display the WCCP service group information in the active Cisco Quantum Flow Processor (QFP) on a Cisco ASR 1000 Series Aggregation Services Router: Device# show platform hardware qfp active feature wccp service id service-id ipv6...
Page 124: Additional References
Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 125: Ip Application Services Configuration Guide, Cisco Ios Xe Release 3S (Cisco Asr
. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners.
Page 126 WCCPv2—IPv6 Support Feature Information for WCCPv2—IPv6 Support IP Application Services Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)

Cisco ASR 1000 Series Configuration Manual

CHAPTER 1 Configuringipservices

Configuring WCCP

CHAPTER 2 Configuringtcp

CHAPTER 4 Wccpv2- Ipv6Support 89

Quick Links

Related Manuals for Cisco ASR 1000 Series

Summary of Contents for Cisco ASR 1000 Series

Table of Contents