WCCP redirections over IPv6

Hi,
I've a question related to WCCP and IPv6.
Let's imagine a web-cache cluster, all the nodes dual stack (IPv4+IPv6) and all of them supporting WCCP (also IPv4+IPv6) for transparent web-cache, so they can cache either IPv6 or IPv4 web pages.
Let's imagine one Cisco router that is also dual-stack and having WCCP support (AFAIK only for IPv4). I assume that the router and the web-cache nodes are able to communicate to each other through either IPv6 and/or IPv4 for any protocol different than WCCP. For WCCP only communication through IPv4 is feasible (IPv4 only support for WCC in the cisco router).
My question is what about the port-80 IPv6 traffic (http queries indeed) forwarded to the router from the user's hosts?
Would such a traffic be forwarded to the external IPv6 HTTP public server (like no-http traffic)?
Would such a traffic be forwarded to the web-cache farm (like IPv4-http traffic does) in spite of WCCP supports only IPv4?
In other words, the IPv4-only-WCCP capable cisco router (but dual-stack) inspects only the IPv4 packets looking for the TCP-80 port or it does it also for IPv6 packets?
Regards
Miguel

This URL should help you:
http://www.cisco.com/en/US/products/ps6350/prod_bulletin09186a0080457b39.html

Similar Messages

  • WCCP Redirection on a GRE Tunnel

    For some of our smaller branch offices we run GRE tunnels through a secured IPSec VPN connection over the Internet. Will WCCP redirect work if configured on the GRE Tunnel interface?

    Hi,
    Yes, it will work.
    Regards,
    Erik
    Sent from Cisco Technical Support iPad App

  • WCCP Redirect list ACL mask for WAAS

    Good day,
    I would like to conform if the following would be correct to implement for WCCP redirection list on 6500. We have over 800 branches and we also need to manage the intra-server traffic in the Data Center which we do not want to be re-directed.
    ip access-list extended WCCPLIST-61
    permit tcp 10.112.0.0 0.0.31.255 any
    ip access-list extended WCCPLIST-62
      permit tcp any 10.112.0.0 0.0.31.255
    So, as an example, would these masks work for us, as the number of entries otherwise would be exhaustive.
    Just want to confirm that the mask in the ACL doesn't have to match exactly.
    Thanks in advance.

    Hi Zach,
    Thanks for the response and confirmation.
    I was wanting to make sure that it is not required to have the masks match the source masks, resulting in the exhaustive list (operational nightmare).
    A quick question on the ACL for WCCP redirect-list. Should we not see hits on specific entry's (e.g.permit tcp 10.113.9.0 0.0.0.31 any for the 61 redirect list, and the same for the permit tcp any 10.113.9.0 0.0.0.31 for the 62 redirect list).
    If we don't, no traffic? We see flows on the branch WAE, although very few (not many users), but no hits on the ACL on the DC 6500. Is this due them being handled in hardware maybe, TCAM's?
    Any input would be apprecited.
    Thanks again.
    Paul.

  • Problem about the jmf when working over IPV6

    I write a program about monitoring a RTP stream ,get the feedbacks about the stream by receving the RTCP reports and analysize the paramaters .Now the throny issues encountered is the code working perfect over the IPV4 network .but there are many exceptions when working over IPV6 the exceptions is as follows:
    Exception in thread "RTCP Reporter" java.lang.NullPointerException
    at com.sun.media.rtp.RTCPTransmitter.makereports(RTCPTransmitter.java:200)
    at com.sun.media.rtp.RTCPTransmitter.report(RTCPTransmitter.java:106)
    at com.sun.media.rtp.RTCPReporter.run(RTCPReporter.java:193)
    at java.lang.Thread.run(Thread.java:619)
    the session can be set up and can receive the stream .so I think it is ok of setting up the session with the IPV6 multicast address.strangely , the same particate in the session sends more than one feedbacks with different SSRC which is ought to be single.I cannot figure out.
    I wonder whether there is any special setting when JMF working on the IPV6 network.I did not find materials about the JMF working on IPV6 network in Microsoft xp pc.
    can any guys give me any tips?
    Edited by: judyw115 on Sep 4, 2010 6:08 AM

    judyw115 wrote:
    Is there anyone giving me any advices?You realize this is a free forum and not paid tech support, right?
    Drop the attitude and learn to be patient.

  • Does introducing WCCP redirect for WAAS disrupt Netflow information?

    Before installing WAAS and WCCP redirect on some 6500 interfaces in our data center, those interfaces showed Netflow flows for users at a remote location accessing servers at our data center. Now with WCCP redirecting that traffic to the WAEs, I notice the only netflow flows for that remote location are UDP flows and some ICMP stuff.
    Is this an unintended consequence of installing WAAS - that netflow statistics are going to be skewed by not showing flows that are now accelerated?

    I believe your problem may be due to the fact that you are redirecting http
    based traffic per the ACL configuration. The sup720 uses wccp v2 as a default
    version,however, the Sup720 does NOT support the hardware-based redirection for the TCP port 80 when we enable wccpv2.
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/wccp.
    htm#wp1017009
    Support for Non-HTTP Services:
    WCCPv2 allows redirection of traffic other than HTTP (TCP port 80 traffic), including a variety of UDP and TCP traffic. WCCPv1 supported the redirection of HTTP (TCP port 80)traffic only. WCCPv2 supports the redirection of packets intended for other ports, including those used for proxy-web cache handling, File Transfer Protocol (FTP) caching, FTP proxy handling, web caching for ports other than 80, and real audio, video, and telephony applications.

  • Apply WCCP redirect to logical or physical interface?

    If there is a logical subinterface configured under its physical interface (for example serial0/0/0.100 for routing), I should apply WCCP redirect (ip wccp 62 redirect in) to the logical interface, not the physical interface. Is that correct?
    Thanks

    Yes. You apply WCCP redirect to subinterface if you are using sub interfaces.
    Regards.
    PS: Please mark this Answered, if it answers your question.

  • Wccp redirection for waas on same platform as wccp for websense?

    just wondering if anyone knows if a Cisco router or switch can handle wccp redirection enabled for both waas and some other web content filtering appliance using a different service group?
    seems like the priority value would come into play determining which service group gets handled first?
    we currently do WCCP for WaaS on our 3945s.
    I am going to advocate to my customer that we separate this out for CPU load issues, config complexity issues, IOS issues, etc... but the question is going to come up - "can we do WCCP for different applications on our Catalyst 3750 core switch, or our 3945 WAN routers?"
    Thanks,
    Paul

    Hi Paul,
    Yes, it's technically possible to have WCCP redirection for several services even in those devices that don't support setting the priority. However, in this case, both WAAS and Websense need to redirect HTTP traffic, and that's what makes things complicated.
    Assuming you first want to send the traffic to Websense and then to WAAS, I would recommend doing the WAAS redirection only on the WAN link (with one service inbound and the other outbound). You can then configure Web-cache redirection inbound on the client vlan and, a service for the return traffic (I'm not sure if this is required for websense), inbound on the interface where the WAE is connected (with a redirect-list to match only the return direction)
    Even if it's possible to have both redirections in the same device, if possible, I would strongly suggest you to either use different devices for the redirection or to make them mutually exclusive (for example, not sending HTTP to WAAS), otherwise, if you make a small mistake with the configuration, you can end up with a redirection loop.
    Regards
    Daniel

  • ASR1002 throughput degradation when wccp redirect-list is changed

    We have two ASR 1002's going to 2 different WAN service providers, and two 7371 WAE load balanced by mask assignment. When we change the ACL (adding or removing lines) from our wccp redirect-list, the throughput on interfaces applied to the wccp service-groups is degraded to almost no traffic passing, until we completely remove wccp service group from the global configuration and then reapply. Then traffic throughput on the interface goes back to normal.
    Our ACL defined in the redirect list specifies our specific networks on our WAN that have WAE's and need the redirection. All other networks are denied implicitly. We need to regularly change this ACL, and this service interruption is a major issue. This was not an issue before moving to the ASR platform from 7206's.
    At TAC's request we have upgraded our IOS version to 15.1(3)S4 and that did not make any difference. Does anyone know why this occurs and if there is a way to work around this other than removing wccp configuration and adding back, every time the ACL needs to be modified?
    As a side note to this... We have recently added riverbed appliances, and created separate service groups with separate redirect-lists. The exact same behavior occurs on the ASR 1002 when the ACL for the riverbed's redirect list is altered.

    Thank you very much for sharing that information.  It is great to hear verification that the mask assignment change did resolve your problem.   That is the latest resolution that TAC has recommended, but we have to restart the WCCP service on all redundant edge routers to be able to implement this, so planning the outage window is taking some time.   We've been told that TAC will set this up in a lab and test for us by our Cisco SE.  We're hoping to get verfication that this actually resolves the problem before we take the outage.   
         If you could, can you tell me if this resolved the issue 100% or do you still have any performance issues when making a change to your WCCP ACL going to your bluecoat equipment?    We may also need to implement this in our redirects to BlueCoat from our Nexus.  Do you happen to have a link to how to make this change in Bluecoat?   Thanks again!

  • Does wccp redirect break routing protocol?

    This may be a dumb question to ask, sorry i don't have equipment to test it at this moment.
    If wccp redirect is configured on an interface running routing protocol (such as eigrp or ospf), will this redirect the "unicast" ospf database or eigrp topology update to WAAS?  and/or will this also redirect ospf & eigrp "multicast" update which maintains neighbor relationship to WAAS?
    Should this type of traffic be denied on wccp redirect-list?
    Thanks

    Hi Joe,
    Since WAAS normally uses TCP promiscuous mode services, based on service group number 61 and 62 - you'll only get TCP redirected ... and neither OSPF nor EIGRP runs on top of TCP, so don't worry.
    If you run a TCP based routing protocol like BGP, it will get redirected.
    Later versions of WAAS don't, by default, try to optimize on BGP, as it has given some problems in the past due to sequence number manipulation.
    Best Regards
    Finn Poulsen

  • Unexpected case IPv4 tunnel over IPv6 ?

    hi,
    I wonder if there is one use case one can think of that is not possible with Cisco IOS:
    Establish a IPsec tunnel over an IPv6 network tranporting both IPv4 and Ipv6 traffic. Even IPsec tunnel over an IPv6 network transporting IPv4 only does not work.
    I tried several things in my lab but couldn't get it running.
    I tried to search the net for my use case but I only find the other way round.
    Question: is it possible to achieve connectivity of the following IPv4 addresses over an IIPsec tunnel over Ipv6 network?
    Ultimately, the same tunnel should be capable transporting both. A dedicated Tunnel for IPv4 and IPv6 tunnel on the same routers would also be OK.
         Svr A                (  )                Svr B
        +----+             , `,( .)              +----+
        |    |   +----+   ( .(  ...)    +----+   |    |
        |    |---| R1 |---`    .....)---| R2 |---|    |
        |    |   +----+    ( ......)    +----+   |    |
        +----+                                   +----+
    10.0.23.1/24          IPv6 only          10.0.42.1/24
                            network

    Same/similar question but the case is instead of Site to Site VPN, it would be using the Cisco VPN Client.  The host on the left side is connected to an IPv6-only network.  They need to communicate with IPv4 devices across the Internet (behind a Cisco ASA).
    Is this possible?
    Cisco VPN Client         (  )                Cisco ASA    +----+             , `,( .)              +----+    |    |   +----+   ( .(  ...)    +----+   |    |    |    |---| R1 |---`    .....)---| R2 |---|    |----IPv4 network    |    |   +----+    ( ......)    +----+   |    |    +----+                                   +----+IPv6-only HOST        IPv6 Network         has IPv6 Interface on public side
    alexander.koeppe wrote:hi,I wonder if there is one use case one can think of that is not possible with Cisco IOS:Establish a IPsec tunnel over an IPv6 network tranporting both IPv4 and Ipv6 traffic. Even IPsec tunnel over an IPv6 network transporting IPv4 only does not work.I tried several things in my lab but couldn't get it running.I tried to search the net for my use case but I only find the other way round.Question: is it possible to achieve connectivity of the following IPv4 addresses over an IIPsec tunnel over Ipv6 network?Ultimately, the same tunnel should be capable transporting both. A dedicated Tunnel for IPv4 and IPv6 tunnel on the same routers would also be OK.                           ,_     Svr A                (  )                Svr B     +----+             , `,( .)              +----+    |    |   +----+   ( .(  ...)    +----+   |    |     |    |---| R1 |---`    .....)---| R2 |---|    |     |    |   +----+    ( ......)    +----+   |    |     +----+                                   +----+ 10.0.23.1/24          IPv6 only          10.0.42.1/24                        network

  • HDMI over IPv6

    Can HDMI be routed over IP/IPv6, or dare I say it, transported over HTTP? Since HDMI is a digital protocol, this must be possible.
    Is there any known work in progress to get HDMI to be routed over IP/IPv6, or even to get it to be transported over HTTP?
    Do these CE hardware folks even know about the Internet? And why can't they fit PC video cards with real HDMI connectors that can carry HD audio as well? All PC video cards I've seen have S-Video out, or a DVI-HDMI connector, and neither can carry audio.
    With a high-bandwidth Layer 2 technology such as 10Gbps Ethernet or InfiniBand that offers even more bandwidth, the commodity potential of HDMI over IPv6 would be enormous. It can drive a substantial segment of any nation's economy.
    Thanks.

    Well, the reason Apple TV doesn't work well with HDMI switches is probably because Apple is not doing HDMI right. And the fact that Apple TV does not process HD Audio codecs such as DTS-HD Master Audio and Dolby TrueHD supports this theory.
    When Apple provides support for those HD audio codecs in Apple TV, you would get HDMI right.

  • LaserJet Pro 200 M251NW - Redirected over RDP

    Having an issue with an M251 I'm redirecting over RDP.  Prints fine the first time, but does not afterwards until the remote computer is restarted.  It's a semi-well known issue with the Printer Status Notifications turned on.  My issue is that on the remote computer has the Printer Status Notifications enabled and greyed out.  The local computer has it Disabled.  Any way I can disable that on the remote computer?  I've tried every method of doing it from the remote computer, but with no luck.
    Thanks,
    Daniel

    Hi @Helmut1 ,
    I read your post and see that the printer has no power. I would be happy to help you.
    Please try the steps in this document to see if it will resolve this issue. Most of the steps you have already tried.
    Try another power cord, you can use a monitor's power cord, just to see if you have the same results.
    The Printer Will Not Turn On or Respond When the Power Button or Power Switch is Pressed.
    Try another outlet in another room on a different breaker, just to rule that out.
    I have provided you with a link to the Parts Surfer website and HP Parts Store.  They may or may not have replaceable parts for this model.
    Welcome to HP PartSurfer !
    HP Parts Store.
    Have a nice day!
    Thank You.
    Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
    Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
    Gemini02
    I work on behalf of HP

  • Ip wccp redirect-list acl

    Hi
    İ have 2 different Nexus working diffrent NX-OS (6.0(4) & 6.2(6) )  with different line card (F2  & F2E ) and different Sup (Sup 1 & Sup 2 ) but share the same problem. Sup 2 devices work with VPC Sup 1 device Standalone this is the only difference
     I try to configure WCCP on device your redirect http & https Traffic  to Websense. i create following lines  in boot nexus
    Feature wccp
    ip wccp 1 redirect-list WS_REDIRECT
    ip wccp 5 redirect-list WS_REDIRECT
    ip wccp 70 redirect-list WS_REDIRECT
    ip access-list  WS_REDIRECT
     deny  ip any 10.0.0.0 0.255.255.255
     deny   ip any 172.16.0.0 0.15.255.255
     deny   ip any 192.168.0.0 0.0.255.255
     permit tcp any any eq www
     permit tcp any any eq 443
     permit tcp any any eq ftp
    interface vlan 7
    ip wccp 1 redirect in
    ip wccp 5 redirect in
    ip wccp 70 redirect in
    This redirects all the traffic even deny list.
    No bug reported in but tool kit
    Could you please help me.

    Okay, Its weird you have multiple WCCP groups, 
    Considering you are only using one ACL, just simple use one WCCP Group ID
    Also, here is a sample config:
    Let's say you want to redirect traffic from VLAN 10,11 and 12 to WCCP
    and your WCCP device is at VLAN20
    #conf t
    #ip wccp version 2            -DEFAULT: ver1
    #ip wccp 90 
    #ip wccp 90 password wccp123    -THIS IS OPTIONAL! Place a password on your WCCP instance.
    #interface vlan 10
      #ip wccp 90 redirect in
    #interface vlan 11
    ​  #ip wccp 90 redirect in
    #interface vlan 12
    ​  #ip wccp 90 redirect in
    #interface vlan 20
      #ip wccp redirect exclude in     -avoid optimization loops
    Your WCCP device will be in VLAN 20, and I recommend dedicating that VLAN to WCCP devices:
    Configure your WCCP device(Websense) and define the Service group ID, in this example, its wccp 90 and of course the IP of VLAN 20
    By default, all traffic in interfaces configured with "wccp 90 in" will forward traffic to the WCCP device

  • Wccp redirection

    We're utilizing wccp redirection in conjunction with WAE 4.1, where we have a good number of edge sites and the core site. If we disable wccp on the edge WAE, the session will not be optimized. However, would a packet still hit the WAE on the core?
    Thanks.

    If you are still intercepting traffic on the core and not excluding it via a redirect-list, then the core WAE will see the packets, but put them into PassThrough No-Peer. It would not be counted against optimized sessions.
    Dan

  • Cannot export nfs-share over ipv6 in OS X 10.8

    I've successfully exported my nfs share over ipv4 and can access this with a nfs-client from a linux machine. However, I'm not able to export the same share over ipv6.
    In my /etc/exports I have:
    /Volumes/Harddisk
    -network 10.0.0.0
    -mask 255.255.255.0
    /Volumes/Harddisk
    -network fd60:760d:98ec:8588::/64
    However, from the linux client I can only mount the ipv4 share, but not the ipv6 share.
    Is it possible to export nfs-shares over ipv6 in OS X 10.8?

    I would suggest testing a connection from a second Mac also running 10.8 via IPv6. At least then you know both will be using compatible versions. If that does not work then it would seem to be an IPv6 issue on the Mac server.

Maybe you are looking for

  • Embed a font in one SWF use in another?

    Long version: I've got a "player" app that I've built that shows content from various XML files. I have certain common fonts embedded in it (Verdana, Arial, Times, etc.) that it uses to display text. Now, I've got a client with a special symbol font

  • My phone is disabled from trying the passcode too many times?

    I tried my passcode on the lock screemn too many times and now my phone says "iphone disabled connect to itunes" When I try to connect to itunes it says "cannot connect to itunes because phone is disabled"..... Can anyone please help me get into my p

  • Configuration for BVI1 interface

    Hello to everyone, I am trying to setup a Cisco 1801w. interface Dot11Radio0 no ip address encryption vlan 1 mode ciphers aes-ccm ssid cisco vlan 1 authentication open authentication key-management wpa optional speed basic-1.0 basic-2.0 basic-5.5 6.0

  • Connecting arduino to eclipse (Mac)

    Hello Everybody, I was just trying to connect Arduino to Eclipse(Java) on the Mac side and thought of creating this post if anybody has done this before. Your help would be appreciated. Main reason of doing this is because I want to have dual display

  • SAP BW Query and Xcelsius

    Hi Gurus, SInce now we can directly connect Xcelsius to SAP BW Netweaver queries, I have a requirement to craete a dashboard in Xcelsius  which should get data from several BI Queries. Is it possible. I know how to connect to one QUery but how can I