foreword source IP with wccp

nextisp · ‎06-27-2002

Hi there!

I have the following setup and need your advise:

We have tow exits to our AS only one of them is forewording traffic toword the internet at atime. both of them are connecting to each other through a small LAN that also includes a Cache-Engine. Each router's gateway interface is configured with (ip wccp web redirect out).

The two routers are configured with a wccp-multicast address and the small LAN interface is configured to listen to wccp multicast.

Our problem is that: using wccp will force all http traffic to pass to the internet with only one IP address that is the real IP specified to the cache engine. doing so causing few problems when going to some internet sites.

Obgective:can we somehow use wccp to foreword the internet traffic with the real user's source IP.

Notes: the gateway routers are Cisco 7206VXR, and the cache engine is from CacheFlow.

David Chan · ‎06-28-2002

Hi,

Usually when a web site needs to see the original source IP its because it is trying to authenticate you based on that IP address. Cisco's web site does this authentication. WCCP interacts with the cache when it is determined that the cache has received a http authentication request. The cache tells the router to dynamically set up a bypass list so that the client makes the request directly to the web server. For a short presentation on this please see slides 46-49 found here:

http://www.cisco.com/warp/public/732/Tech/switching/wccp/docs/WCCP_Presentation_2.ppt

On a Cisco Content Engine there is a configurable parameter for authentication bypass:

http://www.cisco.com/univercd/cc/td/doc/product/webscale/uce/acns41/cnfg41/trnsprnt.htm#16898

See if the Cacheflow supports bypass authentication.