Hi Marc,
Thanks for responding and looking into this. So the way I understood the
closed vs open services feature was that if you have an application that is
configured for wccp redirect , but something fails On the content engine ,
by default with open services, the router would allow the packets to
contact the original destination server and not the proxy server. If you
had the closed service feature applied and a failure with content engine
occurred, that traffic would be denied. The closed service can only be
applied to dynamically configured service and not the well know services
like web-cache. Would that sound correct?
Reading the excerpt below:
When there is a mismatch between the service-list ACL and the definition
received from a cache engine, the service is not allowed to start.
... Makes me think that the named ACL i was referencing,has to match the
same application that the content engine has configured for that specific
service group ( I used 3 in my example).
What do you think?
This topic is rather hard since you can't really test it.
Thanks again for looking into it.
Tom
On Jun 25, 2012, at 11:17 PM, marc abel <marcabel_at_gmail.com> wrote:
I've never really used service-lists but did find this:
WCCP Closed Services and Open Services
In applications where packet flows are intercepted and redirected by a
Cisco IOS router to external WCCP client devices, it may be necessary to
block the packet flows for the application when a WCCP client device is not
available. This blocking is achieved by configuring a WCCP closed service.
When a WCCP service is configured as closed, WCCP discards packets that do
not have a WCCP client registered to receive the redirected traffic.
By default, WCCP operates as an open service, wherein communication between
clients and servers proceeds normally in the absence of an intermediary
device.
The* ip wccp **service-list* command can only be used for closed-mode
services. Use the* service-list *keyword and *service-access-list* argument
to register an application protocol type or port number.
When there is a mismatch between the service-list ACL and the definition
received from a cache engine, the service is not allowed to start.
So I guess you would specify it just like a normal group-list but you would
need to include the closed keyword.
-Marc
On Mon, Jun 25, 2012 at 10:15 PM, Tom Kacprzynski <tom.kac_at_gmail.com> wrote:
> Hello,
> I'm a little bit confused about the WCCPv2 service-list, hopefully someone
> could help me out.
>
> When you are configuring a dynamically defined service group, what do you
> configure in the named ACL? The ports for the relevant application?
>
>
> For example:
>
> R2(config)#ip wccp 3 service-list ?
> WORD IP named access list (extended)
>
> would the extended name ACL specify port for the application that will be
> redirected?
>
> Thank you in advance for any help.
>
>
> Tom
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Marc Abel CCIE #35470 (Routing and Switching) Blogs and organic groups at http://www.ccie.netReceived on Mon Jun 25 2012 - 23:34:29 ART
This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 10:39:52 ART