Re: WCCP - cache only , no proxy

Lincoln Dale wrote:

> actually, no.
> there are other products in the marketplace which _do_ masquerade as the
> client ip address when talking to web-servers.

I was not talking about masquerading but TCP based redirection in
general. Such redirection requires that all traffic being redirected
passes thru the redirection point, and that no other communication is
taking place to the host being redirected/spoofed (i.e. origin web
server in WCCP). If other traffic are taking place then IP fragmentation
windows and other interesting TCP/IP aspects won't work reliably.

There are indeed products in the market who masquerade as the client,
and it is not that hard to convince Squid+Linux to do the same (done by
a couple of users already).

> i'm merely pointing out that it was a conscious design decision NOT to go
> down this path.

And a very wise one I would say. Having dual redirection/masquerading is
a lot more complicated than only redirect/masquerade in one direction.
The basic problems are mostly the same, but the Internet is far more
diverse than the average dialup user..

> this is one of the benefits of WCCPv2:

For which the time shedule for open implementations is unknown due to
Cisco licensing requirements.

> - you can run a single WCCP service-group on up to 32 routers/switches
> communicating with up to 32 caches.

Which broadens the redirection point considerably, making it possible to
cover all paths in most access networks.

> - due to the nature on it running in a router/switch, you can typically
> perform the interception, even if traffic is not traversing a
> [fast|gigabit]
> ethernet.

Who was talking about ethernet here? Yes, most of your competitors in
the redirection business are restricted to ethernet, but this has more
to do with the available products than the techniques as such.

Btw, how does WCCP handle packet fragmenting in the data stream from the
client?

> here in the real world, the technique works, has been proven to scale and
> is better than the alternatives.

There are no fully deployable alternatives to TCP redirection at this
time, short of "manual" proxy configuration. Microsofts WPAD is a good
step in the right direction but have a number of issues mainly related
to security, and not being implemented in the bulk of the installed
browsers yet..

> NB. i'll take this discussion off-list if you wish, lest this sound too
> commercial.

Leave out the worst marketing hype and keep the discussion on the list.
The techniques are of general interest, and I am not interesting in
Cisco marketing anyway, so there is no point in taking that off the list
with me ;-)

--
Henrik Nordstrom
Squid hacker