Content switch & Content Engine

The documentation for COntent Engine says that it can interface with ICAP server to scan the incoming URL request. Is that possible to do the same on the CSS switches? if not what is the method you can use on CSS switches to be able to scan incoming URl request?
thanks in advance.

Yes, you are right. The content engine can interface with ICAP server to scan the incoming URL request. On the CSS switches i think it is possible. But personally i have not tried it out.

Similar Messages

Content Engine and L4 Switches

I am network administrator in a big company, the case is as follows:
I have a new Content Engine 590 and I want not to use wccp, I will buy a new cisco L4 switch and want to use it with the engine, some one told me that it is not supported by my engine, is that true or not???
I have a cisco router and I can use wccp but papers from different web sites writes that L4 switching performance is better, is that true???
thanks
A. F.

The feature is code-specific, and the content engine will support L4 switch forwarding. You might want to look at this document to see the sample configuration for this. If you scroll passed the CSS config you will see what the CE configuration will look like.
http://www.cisco.com/warp/public/117/CSS_CEreverseproxy.html
If you weren't interested inL3 WCCP on your gateway router and wanted performance, you might want to look into the L2/mac re-write redirections you can do with a Cat 6K and a CE:
http://www.cisco.com/warp/customer/117/wccp_redirects.html
Cheers,
Perry.

Content Engine Problem

Dear All,
My apologies if this posting is on the wrong board.
I've a problem with our content engine returning an error of:
"Tre reply from server is not valid"
The URL of the site is http://hiring.monster.co.uk/jobs/createtitle.aspx?mode=qb.
I've attached a screenshot of the error message.
Any advice or help would be greatly appreciated.
Thank you in advance.
Sinh

This symptom is observed on a router on which Web Cache
Communication Protocol (WCCP) is enabled and Cisco Express Forwarding (CEF)
switching is disabled. If the caches are Cisco caches, they will be running
software prior to ACNS 4.2.5.
solution: Ensure that CEF switching is enabled on the router. If this is not possible, the impact of the problem on the cache will be minimized if the authentication bypass function is disabled.also try upgrading IOS to 12.1(18.01)E which may solve the issue.

Content Engine transaction logs -- monitoring and analysis

At our remote sites there's a local Cisco CE511 to ease our WAN bandwidth. I have been tasked to find a method to gather CE usage for trending and troubleshooting.
From my search on the internet I decided to go with the Webalizer application. I setup the CEs to export their transaction logs every hour to my FTP server. After a test of Webalizer on a log file, it produced a nice HTML report for that hour.
I would like to discuss with anyone on bringing this up to a new level. I would like webalizer to run as a cron job, but the log file names changes every hour. So that's a hurdle I need to figure out. Also keeping track of user web hits is important. I would like to make sure my reports are accurate in reporting what IP address is the top talker.
I hope this will start a productive exchange of ideas. Thanks.

Simple Network Management Protocol (SNMP) is an interoperable standards-based protocol that allows for external monitoring of the Content Engine through an SNMP agent.
An SNMP-managed network consists of three primary components: managed devices, agents, and management systems. A managed device is a network node that contains an SNMP agent and resides on a managed network. Managed devices collect and store management information and use SNMP to make this information available to management systems that use SNMP. Managed devices include routers, access servers, switches, bridges, hubs, computer hosts, and printers.
An SNMP agent is a software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP. The SNMP agent gathers data from the Management Information Base (MIB), which is the repository for information about device parameters and network data. The agent can also send traps, or notification of certain events, to the manager.
http://www.cisco.com/en/US/products/sw/conntsw/ps491/products_configuration_guide_chapter09186a0080236630.html#wp1101506

Content Engine caching video content?

I am currently running ACNS version 5.5.11.2 on a CE510 Content Engine. I recently had to replace the unit and when I set up the partitions for the new build, I elected to go with CE510#disk config sysfs 10% cfs 45% mediafs 45%.
Before the cfs was setup to use the whole box. I was thinking that the mediafs partition would start to cache video content. Does that happen automatically or is there some other setting to make that happen further. How do I determine if it is getting any use?

A content engine can cache files transfered via ftp but not https [as the content is encrypted].
It can cache whatever file, including video, audio, ...
Content routing, content switching are just names.
They refer to how the traffic will be intercepted and forwarded to the content engine.
You could simply use a proxy solution and have your users setup their browser to use the content engine as a proxy, or you could transparently intercept http/ftp traffic via a router running wccp, or you could use a Layer7 device like a CSS to intercept the traffic and redirect to the content engine.
Regards,
Gilles.

Content engine datapacket

Hi
I have a content engine ,its uses for transprancy proxy.
i have two router .one router used for lan and remote connect(wccp enable) and another router connect only for internet.
as example:
router1:203.110.153.10
content engine:203.110.153.11
internet router(inside interface): 203.110.153.12
now router1 gateway 203.110.153.12
and content engine gw:203.110.153.12
I confirure router1 that all http request redirect out to content engine.
router1,contentengine and inside interface of internet router connect same switch cisco 3550.
now problem is::
when content engine not connected then the switch port which connect router1 data transfer 3Mb input/output.
but when content engine connected ,then the switch port of content engine shows 4Mb data Input/output.
I think data transfer increase becuse content engine internal communication with router1 and also internet router.
am i right ?. or if i use transparent proxy then bandwith increase ?.
pls anyone help me ?.
thanks
biplob

Hello Biplob,
as a matter of fact, the CE is supposed to actually decrease the amount of bandwidth...
You say that data throughput goes up to 4MB, is that only right after you connect the Content Engine, or does it stay at that increased level ? In the first case, that could probably be explained by the CE starting to fill its cache. In the latter, you could try and turn on 'ip accounting' on the interface connecting router 1 to the 3550. The IP accounting data should at least tell you the source and destination of the increased traffic...
Regards,
GP

Content engine 510 - transparent proxy stand-alone

Hello to all,
after studying architecture examples about Content Engine 510, I found that there is two modes:
1) standard proxy
2) transparent proxy
I need the transparent architecture !
But every example about transparent mode seems to include a router or a switch with a particular level of software, that can send http requests to the Content Engine to have cache.
I don't have any of these components.
I simply need to have a Content Engine that receive any kind of IP protocols on one ethernet, and route it to the other ethernet plug, except that if it is http protocol, it will cache the pages.
Is is simply impossible to configure the Content Engine 510 that way ?
Is the transparent proxy mode always requires a router or a switch to give it the http flow ?
If it is possible, where can I find some configuration examples ?
Thanks to help a newbie in content engine...
Olivier

Olivier,
You'll need to have a router running wccp in order to redirect http requests to the cache. Withouth this, the cache has no visibilty of traffic on your LAN.
Regards,
Dave

Smartfilter with Content Engine Module (NM-CE-BP-40G-K9) & ACNS on 3661

I've been looking over the CCO docs, but can't find one that has sample configs for using a 3661 router containing content engine module, smartfilter, & ACNS. Topology is basically the following...
(PC's)----(LAN Switch)-----(3661 w/content engine module)----(PIX)---(internet)
I don't want to creat a new IP subnet for the 3 interfaces within the content engine module/router. I want to use the IP's from the current LAN IP Block.
Any advice appreciated.

I thought this might help.
Easy NM-CE Configuration Guide!
Router IOS:c3725-ik9o3s-mz.122-15.T2
Content Engine Software: ACNS 5.0.3.5
Configure basic router configuration as normal.
Set the IP addresses for the Service Module (Content-Engine) using these commands:
interface Content-Engine2/0
ip address 10.1.1.1 255.255.255.0
ip nat inside
service-module external ip address 10.0.0.1 255.255.255.0
service-module ip address 10.1.1.2 255.255.255.0
service-module ip default-gateway 10.1.1.1
Complete Config Example (DHCP and NAT for Lab):
urrent configuration : 2440 bytes
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname lab3745_NM-CE
logging queue-limit 100
enable password cisco
ip subnet-zero
ip wccp web-cache
ip dhcp pool NM-ESW-16-POOL
network 10.1.2.0 255.255.255.0
domain-name cisco.com
default-router 10.1.2.1
dns-server 171.68.226.120 171.70.168.183
lease 7
ip audit notify log
ip audit po max-events 100
no voice hpi capture buffer
no voice hpi capture destination
mta receive maximum-recipients 0
interface FastEthernet0/0
ip address 172.16.12.108 255.255.255.0
ip wccp web-cache redirect out
ip nat outside
duplex auto
speed auto
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet1/0
no ip address
interface FastEthernet1/1
no ip address
interface FastEthernet1/2
no ip address
interface FastEthernet1/3
no ip address
interface FastEthernet1/4
no ip address
interface FastEthernet1/5
no ip address
interface FastEthernet1/6
no ip address
interface FastEthernet1/7
no ip address
interface FastEthernet1/8
no ip address
interface FastEthernet1/9
no ip address
interface FastEthernet1/10
no ip address
interface FastEthernet1/11
no ip address
interface FastEthernet1/12
no ip address
interface FastEthernet1/13
no ip address
interface FastEthernet1/14
no ip address
interface FastEthernet1/15
no ip address
interface Content-Engine2/0
ip address 10.1.1.1 255.255.255.0
ip nat inside
service-module external ip address 10.0.0.1 255.255.255.0
service-module ip address 10.1.1.2 255.255.255.0
service-module ip default-gateway 10.1.1.1
interface Vlan1
ip address 10.1.2.1 255.255.255.0
ip nat inside
ip local pool NM-ESW-16-POOL 10.1.2.2 10.1.2.254
ip nat pool TEST-NAT-POOL 172.16.12.108 172.16.12.108 prefix-length 24
ip nat inside source list 7 pool TEST-NAT-POOL overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.12.254
access-list 7 permit 10.1.2.0 0.0.0.255
access-list 7 permit 10.1.1.0 0.0.0.255
access-list 7 permit 10.0.0.0 0.0.0.255
call rsvp-sync
mgcp profile default
dial-peer cor custom
line con 0
speed 115200
line 65
flush-at-activation
no activation-character
no exec
transport input all
line aux 0
line vty 0 4
password cisco
login
end
reset service-module 2 to reboot the Content-Engine:
service-module content-Engine 2/0 reload
Within 30 Seconds Session from the Router to the Service Module:
service-module content-engine session
Enter Basic Configuration for Network Module:
Password, etc
Configure The service Modeule using the command line interface:
hostname NM-CE-BP
ip domain-name CISCO.COM
interface FastEthernet 0/0
ip address 10.0.0.1 255.255.255.0
exit
interface FastEthernet 0/1
ip address 10.1.1.2 255.255.255.0
exit
ip default-gateway 10.1.1.1
primary-interface FastEthernet 0/1
ip name-server 172.72.1.1
wccp router-list 1 172.16.12.108
wccp web-cache router-list-num 1
wccp version 2
username xxx password xxxx
username xxxx privilege 15
authentication login local enable primary
authentication configuration local enable primary
NM-CE-BP#exit
You can use the command line interface to show statics from the Content Engine by using the show statistics screen command or use your web browers for a more graphical report.

Content engine module

Hi, is it possible for a content engine module to work in a 2600 with the following scenario? I want the clients gateway to be the 2600 with content engine installed but I want the 2600 to forward all traffic out a seperate gateway. I know a content switch can do this but can a content module in a 2600 do it too. The reason for wanting this is I want to use url filtering software such as websense and at the moment the existing gateway/firewall is not compatible with websense so Im looking to use a 2600 with content module installed to filter webtraffic and forward out the existing gateway. Thanks

this is no problem
Just look at the nm-ce as a standalone device connected by ethernet to the 2600.
The 2600 can be the default gateway for the client and the cache [nm-ce].
The 2600 will intercept traffic from client and forward to nm-ce.
The nm-ce will use the 2600 as its default gateway.
Gilles.

Content Engine compatability with Windows Media Player

I am currently running ACNS version 5.5 on our CE510 Content Engine. We want to set this box up to serve VOD requests from WMT. I think the clients on site are all using Windows Media Player version 10. Does this version of ACNS software work with Windows Media Player 10?

Dan
this brings up an interesting point. The content (which is canned Video on an Intranet Web site) is HTTP? I am wasting my time here by trying to use the Windows MP services?? Perhaps I already have what I need...
Your comments appreciated.
Kevin

Should the Cisco Content Engines be used as a proxy appliance

Should the Cisco Content Engine be use as a proxy appliance like a Blue Coat appliance, Squid cache engine, ISA server, etc...
I am pretty sure it is but just need some feedback on past experiences. Customer would like to by a Cisco product for Web filtering/proxy.
or is it strictly used to help with web base applications.

HI,
the CE is basically able to check every request it supports. If you are using 3rd level products like smartfilter, websense or webwasher you can use the features of those products to supress/forbid certain requests(i.e MSN etc.)
Kind Regards,
Joerg

Help!!! Content engine

my configuration is follow the attached file. I don't know what is wrong with my content engine using as a cache server. when i connect this CE to my network, i can make my user access to the internet fast only 2 days, but after 2 days it makes my users internet connection slow. So when users access to the internet slow, i disconnect this CE from my network, then my users internet connections is running better. So please help me to find what is incorrect with my configuration and what commands i should add more to this current configuration"

What is the ACNS software version u r using in ur content Engine7305.I am sending u a configuration doc for ACNS rlease 5.2.This has all the info regarding ACNS 5.2.
http://www.cisco.com/en/US/products/sw/conntsw/ps491/products_configuration_guide_book09186a00802debd6.html
Let me know, if you have any problem in browsing this big document. and finding out the pblm.I will assist you.

Content Engine NM ACNS/network access

After searching Google and Cisco, here's my setup...
2851 Router running 15.1T
CE-NM-BP-80G-K9 in slot 1/0
Bridge group 1 for LAN and Wireless WIC.
Goal: Either add the external CE interface to the LAN on the bridge group or use WCCP to cache traffic through the internal interface.
I was able to access ACNS once, but I'm completely new to the design and it was only for testing with the IP scheme. I reset the config, reloaded the router and now I can't access ACNS via the web gui nor can I access the network from the CE (ping or ftp).
Interface ContentEngine 1/0 Config:
     ip address 10.0.0.1 255.255.255.0
     Service Module ip address 10.0.0.2 255.255.255.0
     Service Module external ip address 10.0.1.1 255.255.255.0
     Service Module ip default gateway 10.0.0.1
Interface BVI1
     ip address 192.168.2.1 255.255.255.0
     using dhcp etc
Service module config:
CE#sh run
! ACNS version 5.5.3
hostname CE
http proxy incoming 80 8080
ip domain-name mydomain.com
interface FastEthernet external
exit
interface FastEthernet internal
exit
wmt evaluate
wmt accept-license-agreement
wmt enable
ip name-server 8.8.8.8
ip name-server 192.168.2.1
wccp router-list 1 192.168.2.1
wccp web-cache router-list-num 1
wccp reverse-proxy router-list-num 1
wccp wmt router-list-num 1
wccp version 2
username admin password 1 xxx
username admin privilege 15
username xxxx password 1 xxx uid 2001
username xxxx privilege 15
authentication login local enable primary
authentication configuration local enable primary
cdm ip 192.168.2.1
! End of ACNS configuration
Here's what I get when attempting to ping:
CE#ping 192.168.2.1
connect: Network is unreachable
CE#ping 10.0.0.1
connect: Network is unreachable
CE#ping 10.0.1.1
connect: Network is unreachable
And from the LAN:
seth@Sony:~$ ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_req=1 ttl=255 time=1.79 ms
^C
--- 192.168.2.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.799/1.799/1.799/0.000 ms
seth@Sony:~$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_req=1 ttl=255 time=1.39 ms
64 bytes from 10.0.0.1: icmp_req=2 ttl=255 time=1.93 ms
^C
--- 10.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.396/1.666/1.936/0.270 ms
seth@Sony:~$ ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms
seth@Sony:~$ ping 10.0.1.1
PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.
^C
--- 10.0.1.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1007ms
Page cannot be displayed when attempting to hit the CE on port 8001 or securely at 8003 although the CE shows it's listening
CE#sh gui-server
GUI Server is enabled
Listen on port 8001
Secured GUI Server is enabled
Secured GUI Listen on port 8003
Let me know if there's some other pertinent info, but what am I missing?

SOLVED --
The mistake was my own...in writing this post and re-testing, I realized I had made a foolish mistake. I applied an access-list (which I forgot to include) to the "ip wccp web-cache redirect-list bypass_content_engine" in the global config of the router.
When I installed service 95 for spoofing, I automatically added the same access list to it as well.
This was not a good thing since the access list denied packets with a destination of our internal IP addresses from going through the content engine. This worked fine on the way *out* of the router. But as the now-spoofed packets returned, their destination was an inside IP address and they were pretty much discarded. Foolish Mistake!
Removing the ACL from the "ip wccp 95" statement in the global config fixed the issue and I am spoofing fine.
Sorry to waste time...
David Hunter

Content Engine Module is logging DHCP errors

Content Engine Module in Cisco 3725 is logging the following eror continously:
Sep 29 16:47:50 ContentEngine dhclient: %CE-DHCP-5-191000: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
Sep 29 16:47:54 ContentEngine dhclient: %CE-DHCP-5-191000: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11
Sep 29 16:47:58 ContentEngine smartd: %CE-SMARTD-3-435000: No Errors Logged
Sep 29 16:48:05 ContentEngine dhclient: %CE-DHCP-5-191000: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 1
Sep 29 16:48:06 ContentEngine dhclient: %CE-DHCP-5-191000: No DHCPOFFERS received.
Sep 29 16:48:06 ContentEngine dhclient: %CE-DHCP-5-191000: No working leases in persistent database - sleeping.
Sep 29 16:48:06 ContentEngine %CE-DHCP-5-191000: Script called with reason: FAIL
Sep 29 16:52:58 ContentEngine smartd: %CE-SMARTD-3-435000: No Errors Logged
Disable the external interface (shutdown) didn't fix the problem:
Sep 29 17:02:05 ContentEngine dhclient: %CE-DHCP-5-191000: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
Sep 29 17:02:05 ContentEngine dhclient: %CE-DHCP-3-191000: send_packet: Network is down
Sep 29 17:02:08 ContentEngine dhclient: %CE-DHCP-5-191000: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
Sep 29 17:02:08 ContentEngine dhclient: %CE-DHCP-3-191000: send_packet: Network is down
Sep 29 17:02:11 ContentEngine dhclient: %CE-DHCP-5-191000: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
Sep 29 17:02:11 ContentEngine dhclient: %CE-DHCP-3-191000: send_packet: Network is down
Sep 29 17:02:16 ContentEngine dhclient: %CE-DHCP-5-191000: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
Sep 29 17:02:16 ContentEngine dhclient: %CE-DHCP-3-191000: send_packet: Network is down
Sep 29 17:02:21 ContentEngine dhclient: %CE-DHCP-5-191000: No DHCPOFFERS received.
Sep 29 17:02:21 ContentEngine dhclient: %CE-DHCP-5-191000: No working leases in persistent database - sleeping.
Sep 29 17:02:21 ContentEngine %CE-DHCP-5-191000: Script called with reason: FAIL
Sep 29 17:02:58 ContentEngine smartd: %CE-SMARTD-3-435000: No Errors Logged
Any ideas how to fix this problem ?

Try the global command:
ce(config)# no auto-register enable
http://www.cisco.com/univercd/cc/td/doc/product/webscale/uce/acns53/53cref/6812ref.htm#wp1038726

Should the Content Engine work while the Inernet link is down ?

I have installed CE590 in a client network
The http saving performance is from 30 : 40 %
My client want to make sure the CE is caching the web site
He want to shutdown Serial port of the main router , and try to browse web sites. ( the Cached sites )
Should he get a reply from the CE and browse the cached sites ??
I mean , Can the PC browser ( while the internet is link is down ) open page like www.yahoo.com for example if it is cached on the CE ??
Is there is any command of the CE that can display the name of the cahced web pages ?
Note : Cisco Content Engine Software Release 3.11
Can anyone help me ?
Thanks
Mohamed Abdallah

Mohamed,
Before you go any futher you need to upgrade the CE to ACNS 4.2.3. There are known issues with 3.1.1.
To answer your question the CE will only server content if it can not access the internet if the object is fresh. By this I mean the object has not expired or the object does not need revalidation eg If modified since request.
This could cause problems with broken pages etc etc.
Your best option is to turn on transaction logging.
transaction-logs enable
You can then go to the local1/logs directory on the CE
type working.log
This will show you the urls that clients are requesting and if they got a hit / miss/ ims hit / ims miss etc etc.
Overall your cache should always have access to the origin server for content.
Cheers
Phil

Content switch & Content Engine

Similar Messages

Maybe you are looking for