I'd like to use ASA WCCP to point to a couple different Ironport s160 systems for redundancy. I can't find any documentation that talks about how the WCCP mechanism selects which system to use.
Is it simply round robin or hash-based regardless of cache engine status?
Or does it try the first in the list and if inaccessible move to the next in the llist?
Its hash or mask based (you pick, or the boxes negotiate), against server address or client address, but only if the cache engines are up... ie if one is down, all of the traffic will go to the other one... Keep in mind that WCCP is sort of like a "subscription". If both WSA's are down, the ASA will see no "subscriptions" so it will just pass the traffic without trying to redirect it anywhere. If one is up and talking, it gets all of the traffic..
Take a look at Network/Transparent Redirection, set it for WCCP v2 Router, and add a service. The config is there...
Also, don't forget to add 2 ACE's to the ACL on the ASA to keep the traffic from one WSA proxy ip from getting sent to the the other WSA, and vice versa...
(Taken from AnswerID 1663 in the old ironport support knowledge base)
|wccp 90 redirect-list acl_http group-list acl_wsas password securewccp|
! Access List denying traffic sent to the WSA (as destination IP) to be redirected to the WSA
! Allow http traffic to be redirected
! Allow https traffic to be redirected
! Define which WSAs are allowed to participate on the WCCP communication