I'm trying to understand one thing with regards to transparent FTP proxy (via WCCPv2) and passive-mode FTP.
I realize that ACNS and routers have a special service group "60", which is used for native-ftp. However their documentaion is suspiciously lacking any technical details with regards to what traffic is sent to the cache-engine.
What I was looking to find out is:
When WCCP negotiates what traffic to redirect, typically the cache-engine tells the router what ports to redirect. Knowing that passive-FTP uses dynamic ports, does "service-group 60" somehow force the WCCP router to send all TCP ports to the ACNS cache-engine? Or is WCCP somehow stateful enough to only send the dynamically negotiated passive ports (which is hard to believe)?
The WCCP ftp-native service in ACNS redirects TCP traffic destined to ports 21 and 40020. Intercepting port 21 gives us the FTP control connection. In the event that the client requests passive mode, ACNS tells the client (over the control connection) to establish a connection on tcp/40020. Since this port is already defined as part of the ftp-native WCCP service, this gives us the data connection as well.
If you're interested in checking what protocol/port(s) are defined as part of a WCCP service group, you can use the commands:
show wccp services detail - Command on ACNS and WAAS devices
show ip wccp service - Hidden IOS command, where is the numeric service ID for the service
If you have any additional questions, please let us know.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...