WCCP stands for Web Cache Communication Protocol and is mainly used for traffic redirection towards third-party appliances such as proxies, optimization devices or cache engines. This protocol has been developed by Cisco and is currently in version 2. WCCPv2 replaced WCCPv1 by the end of the nineties.
WCCP brings load balancing and redundancy features regarding the content processed.
The version 1 is only compatible with HTTP and uses GRE tunnel as transport mechanism for the redirection. In addition it uses a dedicated UDP control channel.
The version 2 is an evolution. It supports more nodes, works with any IP protocols (TCP/UDP) and offers two traffic redirection methods: layer2 and GRE (negotiated with the receiver). In addition it can be secured with an MD5 password.
Today WCCP is being replaced by AppNav a more flexible successor. AppNav have been introduced with the IOS-XE/ISR-WAAS and is described in detail in the IWAN documentation. Note that AppNav is only available on the IOS-XE platform, so WCCP is going to remain in the landscape for a while (mixed environments).
A common employment of WCCP is for optimization/caching. Most of the WOC (WAN Optimization Controllers) are compatible with WCCP in order to provide off-path topologies (Riverbed Steelheads, Cisco WAAS…). The GRE redirection method may apply to environment where the WOC sits multiple hops away from the edge router, while Layer-2 redirection take advantage of a L2 adjacency by rewriting the MAC headers, inserting the MAC address of the WAAS device.
Note: WCCP is VRF aware on latest code releases.
First the WCCP interface is defined, it is used for control.
The WCCP redirect-list commands bind a WCCP service group to an ACL that is meant to select the traffic to redirect.
ip wccp source-interface Loopback0 ip wccp 61 redirect-list WAAS ip wccp 62 redirect-list WAAS ip access-list extended WAAS permit ip any 192.168.2.0 0.0.0.255 permit ip 192.168.2.0 0.0.0.255 any
The redirection is then activated on the interfaces gi0/0/2.280 (LAN) and tunnel10 (WAN).
The redirection is disabled on the interface where the WAAS is connected (ucse1/0/0 in our case as the vWAAS runs on top of a UCS-E blade).
interface GigabitEthernet0/0/2.280 ip wccp 61 redirect in interface Tunnel10 ip wccp 62 redirect in interface ucse1/0/0 ip wccp redirect exclude in
A similar configuration is applied on the second router:
ip wccp source-interface Loopback0 ip wccp 61 redirect-list WAAS ip wccp 62 redirect-list WAAS interface GigabitEthernet0/0/2.280 ip wccp 61 redirect in interface Tunnel10 ip wccp 62 redirect in ip access-list extended WAAS permit ip any 192.168.2.0 0.0.0.255 permit ip 192.168.2.0 0.0.0.255 any
On the WAAS the appliances are configured for WCCP GRE as well (vCM screenshot)
First, go to the device page and select “Interception Configuration”
Then, enable the WCCP interception method and provide the group number
Finally, configure the redirection method and submit
Then we can check that the service is up and running with :
show ip wccp show ip wccp detail show ip wccp interfaces
For the record, here is a capture of a communication between the WAAS and the routers.
Routers are sending “I see you” requests while WAAS responds with “Here I am” messages.
The following GRE headers can be seen on redirected packets
– The first IPv4 and GRE headers are used to redirect the traffic
– The payload (identified by the second IPv4 header) is the real traffic
A bunch of links for reference