Wccp ip spoofing configuration for routers, 5 wccp ip spoofing configuration for routers – Comtech EF Data FX Series Administrator Guide User Manual

Comtech EF Data / Stampede

FX Series Administration Guide - Version 6.1.1

87

Chapter: FX Series Network Settings
Section: WCCP

MN-FXSERIESADM6 Rev 5

4.9.5 WCCP IP Spoofing Configuration for Routers

The FX can preserve the source IP address of the remote client when making requests on their behalf by
joining two service groups. The first service group receives the redirected client requests and is also
known as the “User-facing” service group. The second is referred to as the “Server-facing” service group
and it receives the redirected server responses. If two or more FXs have joined these service groups, then
the router will be instructed to split the load of the user-facing service group based on source IP address,
and the responses of the server-facing service group will be split based on destination IP address. This
technique ensures that the response will be directed to the same FX that originated the request on behalf
of the remote user.

The recommended router configuration is to use three interfaces, each corresponding to a different
subnet. To illustrate the setup, we provide an example configuration along with a “show running-config”
that is compatible with the default WCCP settings of the FX.

Example:

Interface A: (Ethernet0/0)

This is the user-facing subnet that receives redirected requests from clients.

Interface B: (Ethernet0/1)

This is the server-facing subnet that receives redirected responses from the content server.

Interface C: (Ethernet1/0)

FX subnet

Service group 99

This should be defined to handle redirected outbound requests from the users destined for the
subnets on Interface B. “Interface C” must be excluded from this to avoid loop-backs that would
otherwise occur when FXs spoof the user IP addresses.

Service group 96

Should be defined to handle redirected responses from content servers that would have
otherwise been sent out on “Interface-A”.

The subnets:

A: User (192.168.103.xxx subnet)
B: Content servers - all other subnets via gateway at 192.168.101.158
C: FXs (192.168.106.xxx)

#show running-config

Building configuration...

Current configuration: 948 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2600-lab