I am attempting to document the traffic flow from our Web clients to our Content Engine, then out to the Internet and back.
Currently we have a CE500 Content Engine employed to Cache Web requests. It talks to our Core SW/RTR which is a 4506 with a SUP II +. I have "ip wccp web-cache redirect in" configured on all of my production VLAN Interfaces. When a client makes a web request, it is redirected to The content engine which resides in its own VLAN.
I have been using a sniffer in the VLAN where the Content Engine resides (VLAN 4). I expected to see for Web sites that are already loaded on the content engine the client make a request to the address of the Content Engine, and then the Content Engine address respond to the client. This was my expectation as the CE should not have to go out to the Web to aquire content which it already has.
The behavior I am observing is quite different.
I can filter on the IP address in Sniffer of the content Engine. When i do so, I see it making lots of requests out to public IP addresses. But I never see Public IP addresses returning content to the CE. What I see instead is public addresses which seem to be responding back to Web client addresses.
If someone can help clarify what is happening here I would greatly appreciate it.