cấu hình wccp.doc

ITNEWS - Trong phn ny s gii thiu vi cc bn phng php cu hnh dch v web cache trn Catalyst 3560 Switch (chc nng ny ging nh chc nng ca thit b Cisco Cache Engine 550) bng cch s dng giao thc Web Cache Communication Protocol (WCCP). Nhng Cisco IOS cho cc dng Catalyst 3560 Switch ch c kh nng h tr duy nht WCCP version 2 (WCCPv2). - WCCP l mt cng ngh content-routing c pht trin bi Cisco, cho php bn c th s dng tch hp vi cc application engine vo trong mt kin trc mng hp nht. Nhng application engines l trong sut (khng th nhn thy) c dng lu tr nhng ni dung thng xuyn truy cp v sau hon thnh ln lt nhng yu cu c cng ni dung c lu tr, gii hn nhng qu trnh lp i lp li ca nhng ni dung ging nhau t cc web server. Cc application engines gip cho qu trnh truyn ti ni dung ca cc trang web nhanh hn v m bo cho nhng kh nng m rng v tnh sn sng s dng nhng ni dung ca cc web server. Trong mt mng ca nh cung cp dch v, bn c th trin khai WCCP v nhng gii php application engine ti cc POPs (points of presence). Trong mt enterprise network, bn c th trin khai WCCP v nhng gii php engine solution ti cc regional site v cc branch office.

- cu hnh c chc nng ny trn Catalyst 3560 Switch th bn s phi chy mt IP services Image (EMI).

- Gii thiu v WCCP s bao gm cc phn sau:+ Phn I: Tm hiu WCCP.+ Phn II: Cu hnh WCCP.+ Phn III: Gim st v duy tr WCCP.

Phn I: Tm hiu WCCP.

1. Tm hiu WCCP.

- Giao thc WCCP v Cisco cache engines (hoc cc application engines ang chy WCCP) s xc nh c nhng lu lng thng xuyn c truyn trong mt h thng mng, sau cho php tr li nhng yu cu v sau nhng cng ca cc ni dung .

- WCCP ch c kh nng h tr trn cc Cisco router v cc switch c th trc tip tr nhng yu cu c cng mt ni dung c lu tr. Vi chc nng , cc ngi dng khng cn thit phi cu hnh cc trnh duyt web ca mnh s dng mt Web Proxy. Thay vo , chng c th s dng mt target URL yu cu ni dung, v nhng yu cu s t ng c chuyn n mt application engine. Khi ngi dng truy cp n mt web server no th ton b nhng ni dung yu cu n webserver u c chuyn n mt application engine m ngi dng khng h bit rng mnh ang ly ni dung web site l t application engine.

- Khi mt application engine nhn c mt yu cu, th n s c gng tr li yu cu ny t chnh cache nm trn n. Nu nhng thng tin yu cu m khng c tm thy trong cache, th application engine s gi mt yu cu ring l n server cui cng ly v nhng thng tin cn thit tr li. Sau khi nhn nhng thng tin yu cu, th application engine s chuyn nhng thng tin n client yu cu thng tin v s lu thng tin vo cache tr li cho nhng yu cu ln sau.

- Vi WCCP, th application-engine cluster (mt chui ca cc application engines) c th chy trn nhiu router hoc switch. Hnh 1.1

hnh 1.1

INCLUDEPICTURE "http://www.itnews.com.vn/images/image/Networking/itnews00172.JPG" \* MERGEFORMATINET

2. Trao i thng ip WCCP.

Nhng chui s kin sau s m t qu trnh trao i cc thng ip ca giao thc WCCP:

- Cc application engines s gi cc a ch IP ca chng n switch c enable WCCP bng cch s dng giao thc WCCP, nhng tn hiu ny s c biu din thng qua mt thng ip "Here I am". Switch v cc application engine s giao tip vi nhau thng qua mt knh iu khin da trn UDP port 2048.

- Cc switch c enable WCCP s s dng thng tin v a ch IP ca application engine to mt cluster view (l mt danh sch ca cc application engines trong mt cluster). Cluster View ny s gi mt thng ip "I see you" n mi application engine trong cluster, v bn cht l Cluster View s nh du tt c cc application engines phn bit c mi application engine vi nhau. Mt Stable View s c thit lp sau khi cc thnh vin ca cluster cn li cng mt khong thi gian no .

- Khi mt Stable View c thit lp, th application engine trong cluster vi a ch IP thp nht s c bu chn vi vai tr l: designated application engine.

3. Qu trnh WCCP Negotiation.

Trong qu trnh trao i cc thng ip ca giao thc WCCP, th designated application engine v cc switch enable WCCP s thc hin cc qu trnh m phn sau.

- Forwarding method (vi phng thc ny th switch s chuyn cc gi tin n application engine). Switch s thay i li Layer 2 header bng cch thay th a ch MAC ch ca gi tin thnh mt a ch MAC ca target application engine. Sau switch s chuyn gi tin ny n application engine. Forwarding method cn mt target application engine kt ni trc tip n switch layer 2.

- Assignment method (vi phng thc ny th cc gi tin s c phn phi n cc application engines trong cluster). Switch s s dng mt vi bit ca a ch IP ch, a ch IP ngun, ch s port ch Layer 4, v ch s port ngun Layer 4 xc nh xem application engine no s nhn nhng gi tin chuyn tip ny.

- Packet-return method (vi phng thc ny th cc gi tin s c gi tr li t application engine n switch). Nhng l do di y s khin mt application engine hy cc gi tin n v khi ng tnh nng packet-return:

+ Application engine b qu ti v khng cn b nh thc hin vic lu thng tin gi tin li.

+ Application engine nhn cc thng ip li (nh mt giao thc hoc mt qu trnh xc thc b li) t web server v s dng tnh nng t ng bypass trn client. Tnh nng bypass s cho php cc client s khng i qua cc application engines v trc tip thc hin vic kt ni n web server.

4. MD5 Security

- WCCP cung cp mt ty chn thnh phn bo mt trong mi thng ip cho php switch c th s dng phng php xc thc MD5 trn mi mt thng ip gia switch v application engine. Nhng thng ip khng xc thc bi MD5 (Khi xc thc ca switch c enable) th s b hy bi switch. Chui k t ca password kt hp vi mt gi tr ca MD5 to ra mt kt ni bo mt gia switch v application engine. Bn s phi cu hnh cng mt password trn mi mt application engine.

5. Gi tin chuyn tip v Cc nhm dch v

- Bn c th cu hnh WCCP phn loi lu lng cho cc gi tin chuyn tip, nh: FTP, Proxy-web-cache handling, audio v cc ng dng video. S phn loi ny, c bit n nh mt service group (nhm dch v), da trn loi giao thc (TCP hoc UDP) v cc ch s port ngun v port ch ca Layer 4. Cc nhm dch v c xc nh bi well-known names nh: web-cache, vi TCP port l 80 hoc mt dch v no c ch s port t 0 n 99. Cc nhm dch v c cu hnh nh x mt giao thc v mt ch s port ca Layer 4 v thit lp, duy tr chng mt cch c lp. WCCP cho php to cc nhm dch v mt cch t ng, s phn loi theo tiu chun c cung cp mt cch t ng bi cc application engine.- Bn c th cu hnh ti a l 8 nhm dch vu trn mt switch howacj switch stack v ti a l 32 client trn mt nhm dch v . WCCP s duy tr th t u tin ca cc nhm dch vu trong cc nhm c nh ngha. WCCP s dng priority cu hnh cc nhm dch vu trong mt phn cng ca switch. Cho v d, nu nhm dch v 1 c gi tr priority l 100 v ang tr li thng tin cho mt gi tin c port ch l 80, v mt nhm dch v 2 c gi tr priority l 50 v ang tr li thng tin cho mt gi tin c port ngun l 80, th cc gi tin n vi port ngun v port ch l 80 s c chuyn tip bng cch s dng nhm dch v 1 bi v nhm ny c priority cao hn.- WCCP c kh nng h tr mt cluster ca cc application engines cho mi nhm dch v. Cc lu lng chuyn tip c th c gi n mi application engine trong mt cluster. Switch h tr assignment method c th thc hin cn bng ti cho nhng lu lng ca cc application engine trong mt cluster cho mt nhm dch v.- Sau khi WCCP c cu hnh trn switch, th switch s chuyn tip tt c cc gi tin ca cc nhm dch v nhn c t client n cc application engine. Tuy nhin, s c nhng gi tin sau s khng c chuyn tip:+ Cc gi tin n t applicatin engine v ch n l webserer.+ Cc gi tin t cc application engine v ch n l cc client+ Cc gi tin returned hoc rejected bi application engine. Nhng gi tin ny s gi n web server.- Bn c th cu hnh mt a ch multicast trn mt nhm dch v cho cc thng ip gi v nhn. Khi c mt a ch multicast, th application engine s gi mt cnh bo n mt a ch, vi phng php c th cung cp thng tin cho tt c cc router trong mt nhm dch v, cho v d: 225.0.0.0. Nu bn thm hoc xa b cc router mt cch t ng, s dng mt a ch multicast cung cp vic cu hnh mt cch d dng bi v bn khng cn phi nhp vo mt a ch cho tt c cc thit b trong mng WCCP.- Bn c th s dng mt danh sch ca nhm cc router xc nhn tnh hp l ca cc gi tin nhn c t cc application engine. Cc gi tin s phi tng ng vi a ch trong danh sch ca nhm , cc gi tin khng tng thch vi a ch trong nhm danh sch s b drop.- disable cache cho cc client, server hoc cp client/server, bn c th s dng mt WCCP redirect Access Control List (ACL). Cc gi tin tng ng vi redirect ACL s truyn khng thng qua cache v c chuyn tip mt cch bnh thng.- Trc khi cc gi WCCP b chuyn tip, th switch s kim tra ACLs lin quan vi tt c cc gi tin n c cu hnh trn interface v cho php hoc khng cho php cc gi tin tip tc chuyn tip da trn s tng ng ca cc gi tin vi ton b ACL c nh ngha.

6. Cc tnh nng khng h tr trn WCCP.

Nhng tnh nng sau y s khng c WCCP h tr trong cc phin bn IOS ca Cisco ban hnh:- Cc gi tin chuyn tip trn mt interface ra c cu hnh bng cch s dng cu lnh: ip wccp redirect out ch interface configuration. Cu lnh ny khng c h tr.- Phng thc GRE Forwarding cho cc gi tin chuyn tip cng khng c h tr- Phng thc hash assignment cho c ch cn bng ti cng khng c h tr- Khng c phin bn ca giao thc SNMP no c WCCP h tr.

Phn II: Cu hnh WCCP.

Trong phn cu hnh WCCP s bao gm nhng ch sau:- Cu hnh WCCP mc nh- Cu hnh WCCP theo hng dn.- Enabel dch v Web Cache.

1. Cu hnh WCCP mc nh- Bng 1.2 hin th cc tham s cu hnh mc nh ca giao thc WCCP

Bng 1.2

2. Cu hnh WCCP theo hng dn.

Trc khi bn thc hin cu hnh WCCP trn switch ca bn, bn phi chc chn rng lm c nhng hng dn cu hnh sau:

- Cc application engine v switch trong cng mt nhm dch v s phi thuc cng mt subnetwork.

- Phi cu hnh cc interface ca switch ang kt ni trc tip n cc web client, application engine v cc web server hot ng nh mt interface hot ng Layer 3 (routed port v SVI). Khi cc gi tin chuyn tip ca WCCP lm vic, th cc server, application engine v cc client phi hot ng trn cc subnet khc nhau.

- S dng duy nht mt a ch multicast khng c dnh ring khi cu hnh mt a ch multicast cho mi mt application engine.

- Ton b danh mc ca WCCP v PBR s dng cng mt TCAM region. WCCP c kh nng h tr duy nht trn cc templates c h tr PBR: access, routing, v dual IPv4/v6 routing.

- Khi cc danh muc ca TCAM khng c kh nng thm vo cc danh mc ca WCCP, th cc gi tin s khng c chuyn tip v c truyn i bng cch s dng cc bng nh tuyn chun.

- S lng nhn ca PBR (policy-based routing) s b hn ch nh cc interface c php enable WCCP ingress redirection. Mi interface khc vn c kh nng h tr cc nhm dch v, mt nhn s b dng ht. Cc nhn WCCP s c to ra t cc nhn PBR. Khi cc nhn khng c kh nng s dng, th switch s khng th thm cc nhm dch v. Tuy nhin, nu mt interface khc c cng chui ca cc nhm dch v, th mt nhn mi s khng cn thit, v nhm vn c php thm vo interface.

- Kch thc ca MTU trn mt switch s phi ln hn kch thc ca MTU trn cc client. Kch thc ca MTU MAC-layer c cu hnh trn cc port kt ni trc tip vi cc application engine.

- Bn khng th cu hnh WCCP v VPN routing/forwarding (VRF) trn cng mt interface ca switch.

- Bn khng th cu hnh WCCP v PBR trn cng mt interface ca switch.

- Bn khng th cu hnh WCCP v mt private VLAN (PVLAN) trn cng mt interface ca switch

3. Enabel dch v Web Cache.

- Khi cc gi tin chuyn tip ca WCCP hot ng, th bn s phi cu hnh cc interface ca switch kt ni trc tip vo cc client thc hin chuyn tip cc gi tin inbound.

- Cc th tc sau y s m t phng php cu hnh nhng tnh nng trn mt port routed. cu hnh nhng tnh nng trn mt interface SVI, th cc bn cng c th tham kho lun vi v d bn di.

- Bt u cu hnh ch Privileged EXEC, nhng bc sau s c dng enable dch v Web Cache, cu hnh mt a ch multicast cho mt nhm hoc mt danh sch cc nhm, cu hnh mt interface routed, chuyn tip cc gi tin inbound nhn c t cc client n cc application engine, enable mt interface lng nghe cho mt a ch multicast, v cui cng l cu hnh mt password.

- Trong v d bn di s m t cch cu hnh cc routed interface v enable dch v web cache vi mt a ch nhm multicast v mt redirect ACL. Gigabit ethernet port 1 ang kt ni trc tip vi application engine, cu hnh port ny nh mt routed port vi mt a ch IP 172.20.10.30, v re-enabled. Gigabit Ethernet port 2 ang kt ni trc tip thng qua internet n web server, v cu hnh port nh mt routed port vi mt a ch ip l 175.20.20.10, v re-enabled. Cc Gigabit ethernet port 3 n 6 ang kt ni trc tip n cc client v c cu hnh nh mt routed port vi cc a ch ip l: 175.20.20.20, 175.20.40.30, 175.20.50.40 v 175.20.60.50. Switch s lng nghe cc lu lng multicast v chuyn tip cc gi tin nhn c t cc interface kt ni vi cc client n application egine.

example:Switch_3560_ITNEWS# configure terminalSwitch_3560_ITNEWS(config)# ip wccp web-cache 80 group-address 224.1.1.100 redirect list 12Switch_3560_ITNEWS(config)# access-list 12 permit host 10.1.1.1Switch_3560_ITNEWS(config)# interface gigabitethernet 0/1Switch_3560_ITNEWS(config-if)# no switchportSwitch_3560_ITNEWS(config-if)# ip address 172.20.10.30 255.255.255.0Switch_3560_ITNEWS(config-if)# no shutdownSwitch_3560_ITNEWS(config-if)# ip wccp web-cache grop-listenSwitch_3560_ITNEWS(config-if)# exitSwitch_3560_ITNEWS(config)# interface gigabitethernet 0/2Switch_3560_ITNEWS(config-if)# no switchportSwitch_3560_ITNEWS(config-if)# ip address 175.20.20.10 255.255.255.0Switch_3560_ITNEWS(config-if)# no shutSwitch_3560_ITNEWS(config)# exitSwitch_3560_ITNEWS(config)# interface gigabitethernet 0/3Switch_3560_ITNEWS(config-if)# no switchportSwitch_3560_ITNEWS(config-if)# ip address 175.20.30.20 255.255.255.0Switch_3560_ITNEWS(config-if)# no shutdownSwitch_3560_ITNEWS(config-if)# ip wccp web-cache redirect inSwitch_3560_ITNEWS(config-if)# exitSwitch_3560_ITNEWS(config)# interface gigabitethernet 0/4Switch_3560_ITNEWS(config-if)# no switchportSwitch_3560_ITNEWS(config-if)# ip address 175.20.40.30 255.255.255.0Switch_3560_ITNEWS(config-if)# no shutdownSwitch_3560_ITNEWS(config-if)# ip wccp web-cache redirect inSwitch_3560_ITNEWS(config-if)# exitSwitch_3560_ITNEWS(config)# interface gigabitethernet 0/5Switch_3560_ITNEWS(config-if)# no switchportSwitch_3560_ITNEWS(config-if)# ip address 175.20.50.40 255.255.255.0Switch_3560_ITNEWS(config-if)# no shutdownSwitch_3560_ITNEWS(config-if)# ip wccp web-cache redirect inSwitch_3560_ITNEWS(config-if)# exitSwitch_3560_ITNEWS(config)# interface gigabitethernet 0/6Switch_3560_ITNEWS(config-if)# no switchportSwitch_3560_ITNEWS(config-if)# ip address 175.20.60.50 255.255.255.0Switch_3560_ITNEWS(config-if)# no shutdownSwitch_3560_ITNEWS(config-if)# ip wccp web-cache redirect inSwitch_3560_ITNEWS(config-if)# exit

- disable dch v web cache, s dng cu lnh: no ip wccp web-cache ch global configuration. disable cc gi tin chuyn tip inbound, s dng cu lnh: no ip wccp web-cache redirect in ch interface configuration. Sau khi hon thnh nhng cu lnh ny, th bn s cu hnh cc application engine trn mng.

- V d th 2 s m t phng php cu hnh SVI v enable dch v web cache vi mt danh sch ca nhm multicast. VLAN 299 c to v c cu hnh vi mt a ch IP l 175.20.20.10. Gigabit ethernet port 1 ang kt ni trc tip thng qua internet n web server v c cu hnh nh mt access port trong VLAN 299. VLAN 300 c to v c cu hnh vi mt a ch IP: 172.20.10.30. Gigabit ethernet port 2 ang kt ni trc tip n application engine v c cu hnh nh mt access port trong VLAN 300. VLAN 301 to v cu hnh vi mt a ch IP l 175.20.30.50. Fast Ethernet port t 3 n 6, ang kt ni trc tip vo cc client, c cu hnh vi vai tr l access port trong VLAN 301. Switch s chuyn tip cc gi tin nhn c t cc interface kt ni vi cc client n application engine.

example:Switch_3560_ITNEWS# configure terminalSwitch_3560_ITNEWS(config)# ip wccp web-cache 80 group-list 15Switch_3560_ITNEWS(config)# access-list 15 permit host 171.69.198.102Switch_3560_ITNEWS(config)# access-list 15 permit host 171.69.198.104Switch_3560_ITNEWS(config)# access-list 15 permit host 171.69.198.106Switch_3560_ITNEWS(config)# vlan 299Switch_3560_ITNEWS(config-vlan)# exitSwitch_3560_ITNEWS(config)# interface vlan 299Switch_3560_ITNEWS(config-if)# ip address 175.20.20.10 255.255.255.0Switch_3560_ITNEWS(config-if)# exitSwitch_3560_ITNEWS(config)# interface gigabitethernet0/1Switch_3560_ITNEWS(config-if)# switchport mode accessSwitch_3560_ITNEWS(config-if)# switchport access vlan 299Switch_3560_ITNEWS(config)# vlan 300Switch_3560_ITNEWS(config-vlan)# exitSwitch_3560_ITNEWS(config)# interface vlan 300Switch_3560_ITNEWS(config-if)# ip address 172.20.10.30 255.255.255.0Switch_3560_ITNEWS(config-if)# exitSwitch_3560_ITNEWS(config)# interface gigabitethernet0/2Switch_3560_ITNEWS(config-if)# switchport mode accessSwitch_3560_ITNEWS(config-if)# switchport access vlan 300Switch_3560_ITNEWS(config-if)# exitSwitch_3560_ITNEWS(config)# vlan 301Switch_3560_ITNEWS(config-vlan)# exitSwitch_3560_ITNEWS(config)# interface vlan 301Switch_3560_ITNEWS(config-if)# ip address 175.20.30.20 255.255.255.0Switch_3560_ITNEWS(config-if)# ip wccp web-cache redirect inSwitch_3560_ITNEWS(config-if)# exitSwitch_3560_ITNEWS(config)# interface range gigabitethernet0/3 - 6Switch_3560_ITNEWS(config-if-range)# switchport mode accessSwitch_3560_ITNEWS(config-if-range)# switchport access vlan 301Switch_3560_ITNEWS(config-if-range)# exit

Phn III: Gim st v duy tr WCCP- gim st v duy tr WCCP, bn c th s dng mt trong s cc cu lnh sau ch Privileged ExexSwitch_3560_ITNEWS# clear ip wccp web-cacheSwitch_3560_ITNEWS# show ip wccp web-cacheSwitch_3560_ITNEWS# show ip wccp web-cache detailSwitch_3560_ITNEWS# show ip interfaceSwitch_3560_ITNEWS# show ip wccp web-cache view

cấu hình wccp.doc

Documents