idnits 2.17.1 draft-wilson-wrec-wccp-v2-00.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts -- however, there's a paragraph with a matching beginning. Boilerplate error? == Mismatching filename: the document gives the document name as 'draft-wilson-wrec-wccp-v2-01', but the file name used is 'draft-wilson-wrec-wccp-v2-00' ** The document is more than 15 pages and seems to lack a Table of Contents. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 133 instances of too long lines in the document, the longest one being 16 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (Oct 2001) is 8223 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 1701 (ref. '1') Summary: 8 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT M Cieslak 2 D Forster 3 G Tiwana 4 R Wilson 5 Cisco Systems 6 03 Apr 2001 7 Expires Oct 2001 9 Web Cache Communication Protocol V2.0 11 Status of this Memo 13 This document is an Internet-Draft and is in full conformance with all 14 provisions of Section 10 of RFC2026. 16 Internet-Drafts are working documents of the Internet Engineering Task 17 Force (IETF), its areas, and its working groups. Note that other 18 groups may also distribute working documents as Internet-Drafts. 20 Internet-Drafts are draft documents valid for a maximum of six months 21 and may be updated, replaced, or obsoleted by other documents at any 22 time. It is inappropriate to use Internet-Drafts as reference material 23 or to cite them other than as "work in progress". 25 The list of current Internet-Drafts can be accessed at 26 http://www.ietf.org/ietf/lid-abstracts.txt. 28 The list of Internet-Draft Shadow Directories can be accessed at 29 http://www.ietf.org/shadow.html. 31 1. Abstract 33 This document describes version 2.0 of the Web Cache Communication 34 Protocol (WCCP). The WCCP V2.0 protocol specifies interactions between 35 one or more routers and one or more web-caches. The purpose of the 36 interaction is to establish and maintain the transparent redirection 37 of selected types of traffic flowing through a group of routers. The 38 selected traffic is redirected to a group of web-caches with the aim 39 of optimising resource usage and lowering response times. 41 The protocol does not specify any interaction between the web-caches 42 within a group or between a web-cache and a web-server. 44 2. Definitions 46 Assignment Method 48 The method by which redirected packets are distributed between 50 web-caches. 52 Designated Web-Cache. 54 The web-cache in a web-cache farm responsible for dictating to the 55 router or routers how redirected traffic should be distributed between 56 the members of the farm. 58 Forwarding Method 60 The method by which redirected packets are transported from router to 61 web-cache. 63 Packet Return Method 65 The method by which packets redirected to a web-cache are returned to 66 a router for normal forwarding. 68 Redirection Hash Table. 70 A 256-bucket hash table maintained by the router or routers. This 71 table maps the hash index derived from a packet to be redirected to 72 the IP address of a destination web-cache. 74 Service Group 76 A group of one or more routers plus one or more web-caches working 77 together in the redirection of traffic whose characteristics are part 78 of the Service Group definition. 80 Transparent Redirection. 82 Transparent redirection is a technique used to deploy caching without 83 the need for reconfiguration of clients or servers. It involves the 84 interception and redirection of traffic to one or more web-caches by a 85 router or switch transparently to the end points of the traffic flow. 87 Usable Web-Cache. 89 From the viewpoint of a router a web-cache is considered a usable 90 member of a Service Group when it has sent that web-cache a 91 WCCP2_I_SEE_YOU message and has received in response a WCCP2_HERE_I_AM 92 message with a valid "Receive ID". 94 Web-Cache Farm. 96 One or more web-caches associated with a router or routers. 98 3. Introduction 100 3.1 Protocol Overview 102 WCCP V2.0 defines mechanisms to allow one or more routers enabled for 103 transparent redirection to discover, verify, and advertise 104 connectivity to one or more web-caches. 106 Having established connectivity the routers and web-caches form 107 Service Groups to handle the redirection of traffic whose 108 characteristics are part of the Service Group definition. 110 The protocol provides the means to negotiate the specific method 111 used for load distribution among web-caches and also the method used 112 to transport traffic between router and cache. 114 A single web-cache within a Service Group is elected as the designated 115 web-cache. It is the responsibility of the designated web-cache to 116 provide routers with the data which determines how redirected traffic 117 is distributed between the web-caches in the Service Group. 119 3.2 WCCP V2.0 enhancements 121 WCCP V2.0 supports the following enhancements to the WCCP V1.0 122 protocol. 124 * Multi-Router Support. 125 WCCP V2.0 allows a farm of web-caches to be attached to more than one 126 router. 128 * Multicast Support. 129 WCCP V2.0 supports multicasting of protocol messages between 130 web-caches and routers. 132 * Improved Security. 133 WCCP V2.0 provides optional authentication of protocol packets 134 received by web-caches and routers. 136 * Support for redirection of non-HTTP traffic. 137 WCCP V2.0 supports the redirection of traffic other than HTTP traffic 138 through the concept of Service Groups. 140 * Packet return. 141 WCCP V2.0 allows a web-cache to decline to service a redirected packet 142 and to return it to a router to be forwarded. The method by which 143 packets are returned to a router is negotiable. 145 * Alternative Hashing. 146 WCCP V2.0 allows the designated web-cache to mark individual buckets 147 in the Redirection Hash Table for a secondary hash. This allows the 148 traffic being hashed to a particular bucket to be distributed across 149 the members of a Service Group. 151 * Multiple Forwarding Methods 152 WCCP V2.0 allows individual web-caches to negotiate the method by 153 which packets are forwarded to a web-cache from a router. Packets 154 may now be forwarded unencapsulated using a Layer 2 destination 155 address rewrite. 157 * Multiple Assignment Methods 158 WCCP V2.0 allows the designated web-cache to negotiate the method by which 159 packets are distributed between the web-caches in a service group. 160 Packets may now be assigned using a hashing scheme or a masking scheme. 162 * Command and Status Information 163 WCCP V2.0 includes a mechanism to allow a web-cache to pass a command 164 to the routers in a Service Group. The same mechanism can be employed 165 by the routers to pass status information to the web-caches in a 166 Service Group. 168 4. Protocol Description 170 4.1 Joining a Service Group 172 A web-cache joins and maintains its membership of a Service Group by 173 transmitting a WCCP2_HERE_I_AM message to each router in the Group at 174 HERE_I_AM_T (10) second intervals. This may be by unicast to each 175 router or multicast to the configured Service Group multicast 176 address. The Web Cache Info component in the WCCP2_HERE_I_AM message 177 identifies the web-cache by IP address. The Service Info component of 178 the WCCP2_HERE_I_AM message identifies and describes the Service Group in 179 which the web-cache wishes to participate. 181 A router responds to a WCCP2_HERE_I_AM message with a WCCP2_I_SEE_YOU 182 message. If the WCCP2_HERE_I_AM message was unicast then the router will 183 respond immediately with a unicast WCCP2_I_SEE_YOU message. If the 184 WCCP2_HERE_I_AM message was multicast the router will respond via the 185 scheduled multicast WCCP2_I_SEE_YOU message for the Service Group. 187 A router responds to multicast web-cache members of a Service Group 188 using a multicast WCCP2_I_SEE_YOU message transmitted at 9 second 189 intervals with a 10% jitter. 191 The Router Identity component in a WCCP2_I_SEE_YOU message includes a list 192 of the web-caches to which the packet is addressed. A web-cache not 194 in the list should discard the WCCP2_I_SEE_YOU message. 196 4.2 Describing a Service Group 198 The Service Info component of a WCCP2_HERE_I_AM message describes the 199 Service Group in which a web-cache wishes to participate. A Service 200 Group is identified by Service Type and Service ID. There are two 201 types of Service Group: 203 * Well Known Services 204 * Dynamic Services. 206 Well Known Services are known by both routers and web-caches and do 207 not require a description other than a Service ID. 209 In contrast Dynamic Services must be described to a router. A router 210 may be configured to participate in a particular Dynamic Service 211 Group, identified by Service ID, without any knowledge of the 212 characteristics of the traffic associated with the Service Group. The 213 traffic description is communicated to the router in the 214 WCCP2_HERE_I_AM message of the first web-cache to join the Service 215 Group. A web-cache describes a Dynamic Service using the Protocol, 216 Service Flags and Port fields of the Service Info component. Once a 217 Dynamic Service has been defined a router will discard any subsequent 218 WCCP2_HERE_I_AM message which contains a conflicting description. A 219 router will also discard a WCCP2_HERE_I_AM message which describes a 220 Service Group for which the router has not been configured. 222 4.3 Establishing Two-Way Connectivity 224 WCCP V2.0 uses a "Receive ID" to verify two-way connectivity between a 225 router and a web-cache. The Router Identity Info component of a 226 WCCP2_I_SEE_YOU message contains a "Receive ID" field. This field is 227 maintained separately for each Service Group and its value is 228 incremented each time the router sends a WCCP2_I_SEE_YOU message to 229 the Service Group. 231 The "Receive ID" sent by a router is reflected back by a web-cache in 232 the Web-Cache View Info component of a WCCP2_HERE_I_AM message. A 233 router checks the value of the "Receive ID" in each WCCP2_HERE_I_AM 234 message received from a Service Group member. If the value does not 235 match the "Receive ID" in the last WCCP2_I_SEE_YOU message sent to 236 that member the message is discarded. 238 A router considers a web-cache to be a usable member of a Service 239 Group only after it has sent that web-cache a WCCP2_I_SEE_YOU message 240 and received a WCCP2_HERE_I_AM message with a valid "Receive ID" in 241 response. 243 4.4 Negotiating the Forwarding Method 245 A web-cache and router may negotiate the method by which packets are 246 forwarded to the web-cache by the router. 248 This negotiation is per web-cache, per Service Group. Thus web-caches 249 participating in the same Service Group may negotiate different 250 forwarding methods with the Service Group routers. 252 A router will advertise the supported forwarding methods for a Service 253 Group using the optional Capabilities Info component of the 254 WCCP2_I_SEE_YOU message. The absence of such an advertisement implies 255 the router supports the default GRE encapsulation method only. 257 A web-cache will inspect the forwarding method advertisement in the 258 first WCCP2_I_SEE_YOU message received from a router for a particular 259 Service Group. If the router does not advertise a method supported by 260 the web-cache then the web-cache will abort its attempt to join the 261 Service Group. Otherwise the web-cache will pick one method from those 262 advertised by the router and specify that in the optional Capabilities 263 Info component of its next WCCP2_HERE_I_AM message. Absence of a 264 forwarding method advertisement in a WCCP2_HERE_I_AM message implies 265 the cache is requesting the default GRE encapsulation method. 267 A router will inspect the forwarding method selected by a web-cache in 268 the WCCP2_HERE_I_AM message received in response to a WCCP2_I_SEE_YOU 269 message. If the selected method is not supported by the router the 270 router will ignore the WCCP2_HERE_I_AM message. If the forwarding 271 method is supported the router will accept the web-cache as usable and 272 add it to the Service Group. 274 4.5 Negotiating the Assignment Method 276 A web-cache and router may negotiate the method by which packets are 277 distributed between the web-caches in a Service Group. 279 The negotiation is per Service. Thus web-caches participating in 280 several Service Groups may negotiate a different assignment method for 281 each Service Group. 283 A router will advertise the supported assignment methods for a 284 Service Group using the optional Capabilities Info component of the 285 WCCP2_I_SEE_YOU message. The absence of such an advertisement implies 286 the router supports the default Hash assignment method only. 288 A web-cache will inspect the assignment method advertisement in the 289 first WCCP2_I_SEE_YOU message received from a router for the Service 290 Group. If the router does not advertise a method supported by the 292 web-cache then the web-cache will abort its attempt to join the 293 Service Group. Otherwise the web-cache will pick one method from those 294 advertised by the router and specify that in the optional Capabilities 295 Info component of its next WCCP2_HERE_I_AM message. Absence of an 296 assignment method advertisement in a WCCP2_HERE_I_AM message implies 297 the cache is requesting the default Hash assignment method. 299 A router will inspect the assignment method selected by a web-cache in 300 the WCCP2_HERE_I_AM message received in response to a WCCP2_I_SEE_YOU 301 message. If the selected method is not supported by the router the 302 router will ignore the WCCP2_HERE_I_AM message. If the assignment 303 method is supported the router will accept the web-cache as usable and 304 add it to the Service Group. 306 4.5 Negotiating the Packet Return Method 308 A web-cache and router may negotiate the method by which packets are 309 returned from a web-cache to a router for normal forwarding. 311 The negotiation is per Service. Thus web-caches participating in 312 several Service Groups may negotiate a different packet return method 313 for each Service Group. 315 A router will advertise the supported packet return methods for a 316 Service Group using the optional Capabilities Info component of the 317 WCCP2_I_SEE_YOU message. The absence of such an advertisement implies 318 the router supports the default GRE packet return method only. 320 A web-cache will inspect the packet return method advertisement in the 321 first WCCP2_I_SEE_YOU message received from a router for the Service 322 Group. If the router does not advertise a method supported by the 323 web-cache then the web-cache will abort its attempt to join the 324 Service Group. Otherwise the web-cache will pick one method from those 325 advertised by the router and specify that method in the optional 326 Capabilities Info component of its next WCCP2_HERE_I_AM 327 message. Absence of a packet return method advertisement in a 328 WCCP2_HERE_I_AM message implies the cache is requesting the default 329 GRE packet return method. 331 A router will inspect the packet return method selected by a web-cache 332 in the WCCP2_HERE_I_AM message received in response to a 333 WCCP2_I_SEE_YOU message. If the selected method is not supported by 334 the router the router will ignore the WCCP2_HERE_I_AM message. If the 335 packet return method is supported the router will accept the web-cache 336 as usable and add it to the Service Group. 338 4.6 Advertising Views of the Service Group 340 Each router advertises its view of a Service Group via the Router View 341 Info component in the WCCP2_I_SEE_YOU message it sends to web-caches. 342 This component includes a list of the useable web-caches in the 343 Service Group as seen by the router and a list of the routers in the 344 Service Group as reported in WCCP2_HERE_I_AM messages from 345 web-caches. A change number in the component is incremented if the 346 Service Group membership has changed since the last WCCP2_I_SEE_YOU 347 message sent by the router. 349 Each web-cache advertises its view of the Service Group via the Web 350 Cache View Info component in the WCCP2_HERE_I_AM message it sends to 351 routers in the Service Group. This component includes the list of 352 routers that have sent the web-cache a WCCP2_I_SEE_YOU message and a 353 list of web-caches learnt from the WCCP2_I_SEE_YOU messages. The Web 354 Cache View Info component also includes a change number which is 355 incremented each time Service Group membership information changes. 357 4.7 Security 359 WCCP V2.0 provides a security component in each protocol message to 360 allow simple authentication. Two options are supported: 362 * No Security (default) 363 * MD5 password security 365 MD5 password security requires that each router and web-cache wishing 366 to join a Service Group be configured with the Service Group 367 password. Each WCCP protocol packet sent by a router or web-cache for 368 that Service Group will contain in its security component the MD5 369 checksum of the WCCP protocol message (including the WCCP message 370 header) and a Service Group password. Each web-cache or router in the 371 Service Group will authenticate the security component in a received 372 WCCP message immediately after validating the WCCP message header. 373 Packets failing authentication will be discarded. 375 4.8 Distribution of Traffic Assignments 377 WCCP V2.0 allows the traffic assignment method to be negotiated. There 378 are two types of information to be communicated depending on the 379 assignment method: 381 * Hash Tables 382 * Mask/Value Sets 384 4.8.1 Hash Tables 386 When using hash assignment each router uses a 256-bucket Redirection 387 Hash Table to distribute traffic for a Service Group across the member 388 web-caches. It is the responsibility of the Service Group's designated 389 web-cache to assign each router's Redirection Hash Table. 391 The designated web-cache uses a WCCP2_REDIRECT_ASSIGNMENT message to 392 assign the routers' Redirection Hash Tables. This message is 393 generated following a change in Service Group membership and is sent 394 to the same set of addresses to which the web-cache sends WCCP2_HERE_I_AM 395 messages. The designated web-cache will wait 1.5 HERE_I_AM_T 396 seconds following a change before generating the message in order to 397 allow the Service Group membership to stabilise. 399 The Redirection Hash Tables can be conveyed in either an Assignment 400 Info Component or an Alternate Assignment Component within a 401 WCCP2_REDIRECT_ASSIGNMENT. Both components contain an Assignment 402 Key. This will be reflected back to the designated web-cache in 403 subsequent WCCP2_I_SEE_YOU messages from the routers in the Service 404 Group. A WCCP2_REDIRECT_ASSIGNMENT may be repeated after HERE_I_AM_T 405 seconds if inspection of WCCP2_I_SEE_YOU messages indicates a router 406 has not received an assignment. 408 A router will flush its Redirection Hash Table if a 409 WCCP2_REDIRECT_ASSIGNMENT is not received within 5 HERE_I_AM_T seconds 410 of a Service Group membership change. A router will flush its 411 Redirection Hash Table if it receives a WCCP2_REDIRECT_ASSIGNMENT 412 message in which it is not listed. 414 The designated web-cache lists the web-caches to which traffic should 415 be distributed in either an Assignment Info Component or an Alternate 416 Assignment Component within a WCCP2_REDIRECT_ASSIGNMENT message. Only 417 those web-caches seen by every router in the Service Group are 418 included. 420 4.8.2 Mask/Value Sets 422 When using mask assignment each router uses masks and a table of 423 values to distribute traffic for a Service Group across the member 424 web-caches. It is the responsibility of the Service Group's designated 425 web-cache to assign each router's mask/value sets. 427 The designated web-cache uses the Alternate Assignment Component in a 428 WCCP2_REDIRECT_ASSIGNMENT message to assign the routers' mask/value 429 set. This message is generated following a change in Service Group 430 membership and is sent to the same set of addresses to which the 431 web-cache sends WCCP2_HERE_I_AM messages. The designated web-cache 433 will wait 1.5 HERE_I_AM_T seconds following a change before generating 434 the message in order to allow the Service Group membership to 435 stabilise. 437 The Alternate Assignment Info component of the 438 WCCP2_REDIRECT_ASSIGNMENT contains an Assignment Key. This will be 439 reflected back to the designated web-cache in subsequent 440 WCCP2_I_SEE_YOU messages from the routers in the Service Group. A 441 WCCP2_REDIRECT_ASSIGNMENT message may be repeated after HERE_I_AM_T 442 seconds if inspection of WCCP2_I_SEE_YOU messages indicates a router 443 has not received an assignment. 445 A router will flush its mask/value set if a WCCP2_REDIRECT_ASSIGNMENT 446 is not received within 5 HERE_I_AM_T seconds of a Service Group 447 membership change. A router will flush its mask/value set if it 448 receives a WCCP2_REDIRECT_ASSIGNMENT in which it is not listed. 450 The designated web-cache lists the web-caches to which traffic should 451 be distributed in the Alternate Assignment Info component of the 452 WCCP2_REDIRECT_ASSIGNMENT message. Only those web-caches seen by every 453 router in the Service Group are included. 455 4.9 Electing the Designated Web-cache 457 Election of the designated web-cache will take place once a Service 458 Group membership has stabilised following a change. The designated 459 web-cache must be receiving a WCCP2_I_SEE_YOU message from every 460 router in the Service Group. 462 Election of the designated web-cache is not part of the WCCP 463 protocol. However it is recommended that the web-cache with the lowest 464 IP address is selected as designated web-cache for a Service Group. 466 4.10 Traffic Interception 468 A router will check packets passing through it against its set of 469 Service Group descriptions. The Service Group descriptions are 470 checked in priority order. A packet which matches a Service Group 471 description is a candidate for redirection to a web-cache in the 472 Service Group. 474 A router will not redirect a packet with a source IP address matching 475 any web-cache in the Service Group. 477 4.11 Traffic Redirection 479 4.11.1 Redirection with Hash Assignment 481 Redirection with hash assignment is a two-stage process. In the first 482 stage a primary key is formed from the packet (as defined by the 483 Service Group description) and hashed to yield an index into the 484 Redirection Hash Table. 486 If the Redirection Hash Table entry contains an unflagged web-cache 487 index then the packet is redirected to that web-cache. If the bucket 488 is unassigned the packet is forwarded normally. If the bucket is 489 flagged as requiring a secondary hash then a secondary key is formed 490 (as defined by the Service Group description) and hashed to yield an 491 index into the Redirection Hash Table. If the secondary entry contains 492 a web-cache index then the packet is directed to that web-cache. If the 493 entry is unassigned the packet is forwarded normally. 495 4.11.2 Redirection with Mask Assignment 497 The first step in redirection using the mask assignment method is to 498 perform a bitwise AND operation between the mask from the first 499 mask/value set in the Service Group definition and the contents of the 500 packet. The output of this operation is the set of fields in the packet 501 which will be used for value matching. The selected fields from the 502 packet are then compared against each entry in the list of values for 503 that mask/value set. If a match is found the packet is redirected to 504 the web-cache associated with the value entry. If no match is found 505 the process is repeated for each mask/value set defined for the 506 Service Group. If, after trying all of the mask/value sets defined 507 for the Service Group, no match is found, the packet is forwarded 508 normally. 510 Mask/value sets are processed in the order in which they are 511 presented in the Alternate Assignment component. Value elements are 512 compared in the order in which they appear in the mask/value set of which 513 they are part. 515 4.12 Traffic Forwarding 517 WCCP allows the negotiation of the forwarding method between router 518 and web-cache (See Negotiating the Forwarding Method). The currently 519 defined forwarding methods are: 521 * GRE Encapsulated 522 * Unencapsulated with L2 rewrite 524 4.12.1 Forwarding with GRE Encapsulation 526 Redirected packets are encapsulated in a new IP packet with a GRE [1] 527 header followed by a four-octet Redirect header. 529 The GRE encapsulation uses the simple four-octet GRE header with the 530 two Flags and Version octets set to zero and a Protocol Type of 531 0x883E. 533 The Redirect header is as follows: 535 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 536 |D|A| Reserved | Service ID | Alt Bucket | Pri Bucket | 537 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 539 D Dynamic Service 540 0: Well known service 541 1: Dynamic service 543 A Alternative bucket used 544 0: Primary bucket used 545 1: Alternative bucket used 547 Service ID 549 Service Group identifier 551 Alt Bucket 553 Alternative bucket index used to redirect the packet. Only valid 554 for hash assignment. 556 Pri Bucket 558 Primary bucket index used to redirect the packet. Only valid for hash 559 assignment. 561 4.12.2 Forwarding with L2 Rewrite 563 Redirected packets are not encapsulated. The router replaces the 564 packet's destination MAC address with the MAC address of the target 565 web-cache. 567 This forwarding method requires that the target web-cache 568 be directly-connected to the router at Layer 2. A router will not 569 allow a web-cache which is not directly attached to negotiate this 570 forwarding method. 572 4.13 Packet Return 574 WCCP V2.0 allows a web-cache to decline a redirected packet and return 575 it to a router for normal forwarding as specified by the packet's 576 destination IP address. The method by which packets are returned from 577 router to cache is a matter for negotiation (see Negotiating the 578 Packet Return Method). 580 When a router receives a returned packet it must not attempt to 581 redirect that packet back to a web-cache. Two methods are available to 582 prevent any further redirection: 584 * Interface Configuration 585 * Encapsulation 587 The interface configuration method requires that a router is 588 configured to inhibit redirection of packets arriving over interfaces 589 connected to web-caches. Redirection may be disabled for all packets 590 arriving on an interface or for packets where the source MAC 591 address is that of a web-cache. This mechanism is efficient but is 592 topology dependant and thus may not always be suitable. In this case 593 the packet return method in use is L2. 595 The encapsulation method requires a web-cache to send returned packets 596 to a router with encapsulation. Returned packets are encapsulated in a 597 GRE packet [1] with a Protocol Type of 0x883E and contain the original 598 Redirect Header or a null Redirect Header if none was present in the 599 original redirected packet. The receiving router removes the GRE 600 encapsulation from the packets and forwards them without attempting to 601 redirect. The packet return method used in this case is GRE. 603 4.14 Querying Cache Time-Out 605 If a router does not receive a WCCP2_HERE_I_AM message from a Service 606 Group member for 2.5 * HERE_I_AM_T seconds it will query the member by 607 unicasting a WCCP2_REMOVAL_QUERY message to it. The target Service 608 Group member should respond by sending a series of 3 identical 609 WCCP2_HERE_I_AM messages, each separated by HERE_I_AM_T/10 seconds. 611 If a router does not receive a WCCP2_HERE_I_AM message from a Service 612 Group member for 3 * HERE_I_AM_T seconds it will consider the member 613 to be unusable and remove it from the Service Group. The web-cache 614 will no longer appear in the Router View Info component of the 615 WCCP2_I_SEE_YOU message. 617 The web-cache will be purged from the assignment data for the Service 618 Group. 620 4.15 Command and Status Information 622 WCCP V2.0 includes a mechanism to allow web-caches to send commands to 623 routers within a service group. The same mechanism can be used by the 624 routers to provide status information to web-caches. 626 The mechanism is implemented by the Command Extension component. This 627 component is included in the WCCP2_HERE_I_AM message from a web-cache 628 passing commands to routers in a Service Group. 630 If a router needs to send status information to a web-cache it will 631 include a command in the Command Extension component within its own 632 WCCP2_I_SEE_YOU message. That command will indicate the type of status 633 information being carried. 635 5. Protocol Messages 637 Each WCCP protocol message is carried in a UDP packet with a 638 destination port of 2048. There are four WCCP V2.0 messages: 640 * Here I AM 641 * I See You 642 * Redirect Assign 643 * Removal Query 645 5.1 'Here I Am' Message 647 +--------------------------------------+ 648 | WCCP Message Header | 649 +--------------------------------------+ 650 | Security Info Component | 651 +--------------------------------------+ 652 | Service Info Component | 653 +--------------------------------------+ 654 | Web-Cache Identity Info Component | 655 +--------------------------------------+ 656 | Web-Cache View Info Component | 657 +--------------------------------------+ 658 | Capability Info Component (optional) | 659 +--------------------------------------+ 660 |Command Extension Component (optional)| 661 +--------------------------------------+ 663 5.2 'I See You' Message 665 +--------------------------------------+ 666 | WCCP Message Header | 667 +--------------------------------------+ 668 | Security Info Component | 669 +--------------------------------------+ 670 | Service Info Component | 671 +--------------------------------------+ 672 | Router Identity Info Component | 673 +--------------------------------------+ 674 | Router View Info Component | 675 +--------------------------------------+ 676 | Assignment Info Component | 677 | OR | 678 | Assignment Map Component | 679 +--------------------------------------+ 680 | Capability Info Component (optional) | 681 +--------------------------------------+ 682 |Command Extension Component (optional)| 683 +--------------------------------------+ 685 5.3 'Redirect Assign' Message 687 +--------------------------------------+ 688 | WCCP Message Header | 689 +--------------------------------------+ 690 | Security Info Component | 691 +--------------------------------------+ 692 | Service Info Component | 693 +--------------------------------------+ 694 | Assignment Info Component | 695 | OR | 696 | Alternate Assignment Component | 697 +--------------------------------------+ 699 5.4 'Removal Query' Message 701 +--------------------------------------+ 702 | WCCP Message Header | 703 +--------------------------------------+ 704 | Security Info Component | 705 +--------------------------------------+ 706 | Service Info Component | 707 +--------------------------------------+ 708 | Router Query Info Component | 709 +--------------------------------------+ 711 5.5 WCCP Message Header 713 0 1 2 3 714 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 715 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 716 | Type | 717 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 718 | Version | Length | 719 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 721 Type 723 WCCP2_HERE_I_AM (10) 724 WCCP2_I_SEE_YOU (11) 725 WCCP2_REDIRECT_ASSIGN (12) 726 WCCP2_REMOVAL_QUERY (13) 728 Version 730 0x200 732 Length 734 Length of the WCCP message not including the WCCP Message Header. 736 5.6 Message Components 738 Each WCCP message comprises a WCCP Message Header followed by a number of 739 message components. The defined components are: 741 * Security Info 742 * Service Info 743 * Router Identity Info 744 * Web-Cache Identify Info 745 * Router View Info 746 * Web-Cache View Info 747 * Assignment Info 748 * Router Query Info 749 * Capabilities Info 750 * Alternate Assignment 751 * Assignment Map 752 * Command Extension 754 Components are padded to align on a four-octet boundary. Each 755 component has a 4-octet header specifying the component type and 756 length. Note that the length value does not include the 4-octet 757 component header. 759 5.6.1 Security Info Component 761 0 1 2 3 762 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 763 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 764 | Type | Length | 765 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 766 | Security Option | 767 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 768 | Security Implementation | 769 | . | 770 | . | 771 | . | 772 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 774 Type 776 WCCP2_SECURITY_INFO (0) 778 Length 780 Length of the remainder of the component. 782 Security Option 784 WCCP2_NO_SECURITY (0) 785 WCCP2_MD5_SECURITY (1) 787 Security Implementation 789 If Security Option has the value WCCP2_NO_SECURITY then this field is 790 not present. If Security Option has the value WCCP2_MD5_SECURITY this 791 is a 16-octet field containing the MD5 checksum of the WCCP message and 792 the Service Group password. The maximum password length is 8 octets. 794 Prior to calculating the MD5 checksum the password should be padded 795 out to 8 octets with trailing zeros and the Security Implementation 796 field of the Security Option set to zero. The MD5 checksum is calculated 797 using the 8 octet padded password and the WCCP message (including the 798 WCCP Message Header). 800 5.6.2 Service Info Component 802 0 1 2 3 803 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 804 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 805 | Type | Length | 806 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 807 | Service Type | Service ID | Priority | Protocol | 808 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 809 | Service Flags | 810 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 811 | Port 0 | Port 1 | 812 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 813 | . | 814 | . | 815 | . | 816 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 817 | Port 6 | Port 7 | 818 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 820 Type 822 WCCP2_SERVICE_INFO (1) 824 Length 826 Length of the remainder of the component. 828 Service Type 830 WCCP2_SERVICE_STANDARD (0). 831 Service is a well known service and is described by the Service ID. 832 All fields other than Service ID must be zero. 834 WCCP2_SERVICE_DYNAMIC (1). 835 Service is defined by the Protocol, Service Flags and Port fields. 837 Service ID 839 Service number. A number in the range 0-255. For well known services 840 numbers in the range 0-50 are reserved. The numbers currently defined 841 for well known services are: 843 0x00 HTTP 845 Priority 847 Service priority. The lowest priority is 0, the highest is 848 255. Packets for redirection are matched against Services in priority 849 order, highest first. Well known services have a priority of 240. 851 Protocol 853 IP protocol identifier 855 Service Flags 857 0x0001 Source IP Hash 858 0x0002 Destination IP Hash 859 0x0004 Source Port Hash 860 0x0008 Destination Port Hash 861 0x0010 Ports Defined. 862 0x0020 Ports Source. 863 0x0100 Source IP Alternative Hash 864 0x0200 Destination IP Alternative Hash 865 0x0400 Source Port Alternative Hash 866 0x0800 Destination Port Alternative Hash 868 The primary hash flags (Source IP Hash, Destination IP Hash, Source 869 Port Hash, Destination Port Hash) determine the key which will be 870 hashed to yield the Redirection Hash Table primary bucket index. If 871 only the Destination IP Hash flag is set then the packet destination 872 IP address is used as the key. Otherwise if any of the primary hash 873 flags are set then the key is constructed by XORing the appropriate 874 fields from the packet with the key (which has an initial value of 875 zero). 877 The key is hashed using the following algorithm: 879 ulong hash = key; 880 hash ^= hash >> 16; 881 hash ^= hash >> 8; 882 return(hash & 0xFF); 884 If alternative hashing has been enabled for the primary bucket (see 885 Assignment Info Component) the alternate hash flags (Source IP 886 Alternative Hash, Destination IP Alternative Hash, Source Port 887 Alternative Hash, Destination Port Alternative Hash) determine the 888 key which will be hashed to yield a secondary bucket index. The key 889 is constructed by XORing the appropriate fields from the packet with 890 a key (which has an initial value of zero). 892 Port 0-7 894 Zero terminated list of UDP or TCP port identifiers. Packets will be 895 matched against this set of ports if the Ports Defined flag is set. If 896 the Ports Source flag is set the port information refers to a source 897 port, if clear the port information refers to a destination port. 899 5.6.3 Router Identity Info Component 901 0 1 2 3 902 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 903 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 904 | Type | Length | 905 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 906 | Router ID Element | 907 | . | 908 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 909 | Sent To Address | 910 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 911 | Number Received From | 912 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 913 | Received From Address 0 | 914 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 915 | . | 916 | . | 917 | . | 918 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 919 | Received From Address n | 920 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 922 Type 924 WCCP2_ROUTER_ID_INFO (2) 926 Length 928 Length of the remainder of the component. 930 Router ID Element 932 Element containing the router's identifying IP address and Receive 933 ID. The IP address must be a valid, reachable address for the router. 935 Sent To Address 937 IP address to which the target web-cache sent the WCCP2_HERE_I_AM 938 message. When this component is present in a unicast WCCP2_I_SEE_YOU 939 message it will contain the IP address that the target web-cache 940 used. When present in a multicast WCCP2_I_SEE_YOU message it will 941 contain the Service Group multicast address. 943 Number Received From 945 The number of web-caches to which this message is directed. When using 946 multicast addressing it may be less than the number of caches which 948 actually see the message. 950 Received From Address 0-n 952 List of the IP addresses of web-caches to which this message is 953 directed. When using multicast addressing it may be a subset of the 954 caches which actually see the message. 956 5.6.4 Web-Cache Identity Info Component 958 0 1 2 3 959 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 960 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 961 | Type | Length | 962 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 963 | Web-Cache Identity Element | 964 | . | 965 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 967 Type 969 WCCP2_WC_ID_INFO (3) 971 Length 973 Length of the remainder of the component. 975 Web-Cache Identity Element 977 Element containing the web-cache IP address and Redirection Hash Table 978 mapping. 980 5.6.5 Router View Info Component 982 This represents a router's view of the Service Group. 984 0 1 2 3 985 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 986 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 987 | Type | Length | 988 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 989 | Member Change Number | 990 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 991 | Assignment Key | 992 | . | 993 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 994 | Number of Routers | 995 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 996 | Router 0 | 997 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 998 | . | 999 | . | 1000 | . | 1001 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1002 | Router n | 1003 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1004 | Number of Web-Caches | 1005 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1006 | Web-Cache Identity Element 0 | 1007 | . | 1008 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1009 | . | 1010 | . | 1011 | . | 1012 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1013 | Web-Cache Identity Element n | 1014 | . | 1015 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1017 Type 1019 WCCP2_RTR_VIEW_INFO (4) 1021 Length 1023 Length of the remainder of the component. 1025 Member Change Number 1027 Incremented each time there is a change in Service Group membership. 1029 Assignment Key 1031 Assignment Key element received in the last WCCP2_REDIRECT_ASSIGNMENT 1032 message. Used by the designated web-cache to verify that an assignment 1033 has been executed. 1035 Number of Routers 1037 Number of routers in the Service Group 1039 Router 0-n 1041 IP addresses of routers in the Service Group. This list is constructed 1042 from routers reported by web-caches via WCCP2_HERE_I_AM messages. Note 1043 that a router does not include itself in the list unless it has also 1044 been reported via a WCCP2_HERE_I_AM message. 1046 Number of Web-Caches 1048 Number of useable web-caches in the Service Group 1050 Web-Cache Identity Element 0-n 1052 Identity elements of useable web-caches in Service Group. This list 1053 contains web-caches that have sent the router a WCCP2_HERE_I_AM 1054 message with a valid "Received ID". 1056 5.6.6 Web Cache View Info Component 1058 This represents a web-cache's view of the Service Group. 1060 0 1 2 3 1061 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1062 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1063 | Type | Length | 1064 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1065 | Change Number | 1066 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1067 | Number of Routers | 1068 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1069 | Router ID Element 0 | 1070 | . | 1071 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1072 | . | 1073 | . | 1074 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1075 | Router ID Element n | 1076 | . | 1077 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1078 | Number of Web-Caches | 1079 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1080 | Web Cache address 0 | 1081 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1082 | . | 1083 | . | 1084 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1085 | Web Cache address n | 1086 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1088 Type 1090 WCCP2_WC_VIEW_INFO (5) 1092 Length 1094 Length of the remainder of the component. 1096 Change Number 1098 Incremented each time there is a change in the view. 1100 Number of Routers 1102 Number of routers in the Service Group 1104 Router ID Element 0-n 1106 List of elements containing the identifying IP address for each router 1107 in the Service Group and the last "Received ID" from each. 1109 Number of Web-Caches 1111 Number of web-caches in the Service Group 1113 Web Cache address 0-n 1115 List of web-cache IP addresses learnt from WCCP2_I_SEE_YOU messages. 1117 5.6.7 Assignment Info Component 1119 0 1 2 3 1120 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1121 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1122 | Type | Length | 1123 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1124 | Assignment Key | 1125 | . | 1126 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1127 | Number of Routers | 1128 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1129 | Router Assignment Element 0 | 1130 | . | 1131 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1132 | . | 1133 | . | 1134 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1135 | Router Assignment Element n | 1136 | . | 1137 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1138 | Number of Web-Caches | 1139 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1140 | Web-Cache 0 | 1141 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1142 | . | 1143 | . | 1144 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1145 | Web-Cache n | 1146 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1147 | Bucket 0 | Bucket 1 | Bucket 2 | Bucket 3 | 1148 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1149 | . | 1150 | . | 1151 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1152 | Bucket 252 | Bucket 253 | Bucket 254 | Bucket 255 | 1153 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1155 Type 1157 WCCP2_REDIRECT_ASSIGNMENT (6) 1159 Length 1161 Length of the remainder of the component. 1163 Assignment Key 1165 The designated web-cache expects this element to be returned by a router 1166 in subsequent WCCP2_I_SEE_YOU messages. 1168 Number of Routers 1170 Number of routers reachable by the designated web-cache. 1172 Router Assignment Element 0-n 1174 Elements containing the router IP address, "Receive ID" and "Change 1175 Number" for each router. 1177 Number of Web-Caches 1179 Number of useable web-caches in the Service Group seen by all routers. 1181 Web Cache 0-n 1183 List of the IP addresses of useable web-caches in Service Group. The 1184 position of a web-cache identifier in this list is the web-cache 1185 index. The first entry in the list has an index of zero. 1187 Bucket 0-255 1189 Contents of the Redirection Hash Table. The content of each bucket is a 1190 web-cache index value in the range 0-31. If set the A flag indicates 1191 that alternative hashing should be used for this web-cache. The value 1192 0xFF indicates no web-cache has been assigned to the bucket. 1194 0 1 2 3 4 5 6 7 1195 +-+-+-+-+-+-+-+-+ 1196 | Index |A| 1197 +-+-+-+-+-+-+-+-+ 1199 5.6.8 Router Query Info Component 1201 0 1 2 3 1202 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1203 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1204 | Type | Length | 1205 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1206 | Router ID | 1207 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1208 | Receive ID | 1209 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1210 | Sent To IP Address | 1211 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1212 | Target IP Address | 1213 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1215 Type 1217 WCCP2_QUERY_INFO (7) 1219 Length 1221 Length of the remainder of the component. 1223 Router ID 1225 Router IP address. The same address advertised in a WCCP2_I_SEE_YOU 1226 message. 1228 Receive ID 1230 Receive ID expected by the router. 1232 Sent To IP Address 1234 IP address to which the web-cache sent its last WCCP2_HERE_I_AM 1235 message. This will not be the Router ID if the web-cache is 1236 multicasting its WCCP2_HERE_I_AM messages. 1238 Target IP Address 1240 IP address of web-cache being queried. 1242 5.6.9 Capabilities Info Component 1244 0 1 2 3 1245 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1246 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1247 | Type | Length | 1248 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1249 | Capability Element 0 | 1250 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1251 | . | 1252 | . | 1253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1254 | Capability Element n | 1255 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1257 Type 1259 WCCP2_CAPABILITY_INFO (8) 1261 Length 1263 Length of the remainder of the component. 1265 Capability Element 1267 Element in Type-Length-Value format (TLV) describing a router or 1268 web-cache capability. 1270 5.6.10 Alternate Assignment Component 1272 0 1 2 3 1273 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1274 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1275 | Type | Length | 1276 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1277 | Assignment Type | Assignment Length | 1278 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1279 | Assignment Body | 1280 | . | 1281 | . | 1282 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1284 Type 1286 WCCP2_ALT_ASSIGNMENT (13) 1288 Length 1290 Length of the remainder of the component. 1292 Assignment Type 1294 Currently defined values: 1296 WCCP2_HASH_ASSIGNMENT (0x00) 1297 WCCP2_MASK_ASSIGNMENT (0x01) 1299 Assignment Length 1301 Length of Assignment Body 1303 Assignment Body 1305 The format of Assignment Body depends upon the value of Assignment Type. 1307 Assignment Type = WCCP2_HASH_ASSIGNMENT 1309 In this case the body of the message is identical to the Assignment 1310 Info Component with the Type and Length fields omitted. 1312 Assignment Type = WCCP2_MASK_ASSIGNMENT 1314 0 1 2 3 1315 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1316 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1317 | Assignment Key | 1318 | . | 1319 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1320 | Number of Routers | 1321 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1322 | Router Assignment Element 0 | 1323 | . | 1324 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1325 | . | 1326 | . | 1327 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1328 | Router Assignment Element n | 1329 | . | 1330 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1331 | Number of Mask/Value Set Elements (m) | 1332 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1333 | Mask/Value Set Element 0 | 1334 | . | 1335 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1336 | . | 1337 | . | 1338 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1339 | Mask/Value Set Element m | 1340 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1342 Assignment Key 1344 The designated web-cache expects this element to be returned by a 1345 router in subsequent WCCP2_I_SEE_YOU messages. 1347 Number of Routers 1349 Number of routers reachable by the designated web-cache. 1351 Router Assignment Element 0-n 1353 Element containing the router IP address, Receive ID and Change 1354 Number for each router. 1356 Number of Mask/Value Set Elements (m) 1358 Number of Mask/Value Set elements in this message 1360 Mask/Value Set Element 0-m 1362 A list of the Mask/Value Element Sets for the Service Group 1364 5.6.11 Assignment Map Component 1366 0 1 2 3 1367 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1368 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1369 | Type | Length | 1370 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1371 | Number of Mask/Value Set Elements (n) | 1372 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1373 | Mask/Value Set Element 0 | 1374 | . | 1375 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1376 | . | 1377 | . | 1378 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1379 | Mask/Value Set Element n | 1380 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1382 Type 1384 WCCP2_ASSIGN_MAP (14) 1386 Length 1388 Length of the remainder of the component. 1390 Number of Mask/Value Set Elements (n) 1392 Number of Mask/Value Set elements in the message 1394 Mask/Value Set Element 0-n 1396 A list of the Mask/Value Element Sets for the Service Group 1398 5.6.12 Command Extension Component 1400 0 1 2 3 1401 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1402 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1403 | Type | Length | 1404 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1405 | Command Type | Command Length ! 1406 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1407 | Command Data | 1408 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1409 | . | 1410 | . | 1411 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1413 Type 1415 WCCP2_COMMAND_EXTENSION (15) 1417 Length 1419 Length of the remainder of the component. 1421 Command Type 1423 The command specifier. 1425 Command Length 1427 The length of the Command Data field of this command 1429 The defined Command Types are: 1431 Command Type: WCCP2_COMMAND_TYPE_SHUTDOWN (01) 1432 Command Length: 4 1433 Command Data: Web-cache IP address 1434 Description: This command is used by a web-cache to indicate to 1435 the routers in a Service Group that it is shutting 1436 down and should no longer receive any redirected traffic. 1438 Command Type: WCCP2_COMMAND_TYPE_SHUTDOWN_RESPONSE (02) 1439 Command Length: 4 1440 Command Data: Web-cache IP address. 1441 Description: This command is used by a router to acknowledge 1442 receipt of a SHUTDOWN command received from the web-cache 1443 identified by the IP address in the Command Data field. 1445 5.7 Information Elements 1447 5.7.1 Router ID Element 1449 0 1 2 3 1450 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1451 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1452 | Router ID | 1453 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1454 | Receive ID | 1455 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1457 Router ID 1459 Router's identifying IP address. This must be a valid IP address by 1460 which the router is reachable. 1462 Receive ID 1464 Defined per Service Group. Incremented each time the router sends a WCCP 1465 protocol message including a Router Identity Info component. Will never be 1466 zero. 1468 5.7.2 Web-Cache Identity Element 1470 0 1 2 3 1471 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1472 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1473 | WC Address | 1474 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1475 | Hash Revision |U| Reserved | 1476 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1477 | Bucket Block 0 | 1478 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1479 | . | 1480 | . | 1481 | . | 1482 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1483 | Bucket Block 7 | 1484 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1485 | Assignment Weight | Status | 1486 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1488 WC Address 1490 Web-Cache IP address 1492 Hash Revision 1494 0x00 1496 U 1498 If set indicates that the web cache does not have an assignment in the 1499 Redirection Hash Table and that Bucket Block data is historical. 1500 Historical data may be used by the designated web-cache to re-assign 1501 the same bucket set to a web-cache that left and subsequently 1502 rejoined a Service Group. 1504 Bucket Block 0-7 1506 256-bit vector. A set bit indicates the corresponding Redirection 1507 Hash Table bucket is assigned to this web-cache. 1509 Assignment Weight 1511 Hash weight. May be used to indicate to the designated web-cache how new 1512 assignments should be made. 1514 Status 1516 Hash status. May be used to indicate to the designated web-cache how new 1517 assignments should be made. 1519 5.7.3 Assignment Key Element 1521 This element identifies a particular assignment. 1523 0 1 2 3 1524 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1525 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1526 | Key IP Address | 1527 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1528 | Key Change Number | 1529 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1531 Key IP Address 1533 Designated web-cache IP address 1535 Key Change Number 1537 Incremented if a change has occurred. 1539 5.7.4 Router Assignment Element 1541 0 1 2 3 1542 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1543 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1544 | Router ID | 1545 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1546 | Receive ID | 1547 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1548 | Change Number | 1549 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1551 Router ID 1553 Router's identifying IP address. It must be a valid address by which 1554 the router is reachable. 1556 Receive ID 1558 Last Receive ID received from the router identified by Router 1559 ID. A router will ignore an assignment if Receive ID is invalid. 1561 Change Number 1563 Last Member Change Number received from the router identified by 1564 Router ID. A router will ignore an assignment if Change Number is 1565 invalid. 1567 5.7.5 Capability Element 1569 0 1 2 3 1570 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1571 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1572 | Type | Length | 1573 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1574 | Value | 1575 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1577 Type 1579 Currently defined types are: 1581 WCCP2_FORWARDING_METHOD 0x01 1582 WCCP2_ASSIGNMENT_METHOD 0x02 1583 WCCP2_PACKET_RETURN_METHOD 0x03 1585 Length 1587 Length of Capability element Value 1589 Value 1591 The length and format of the value field is dependant on the capability type. 1593 Type = WCCP2_FORWARDING_METHOD 1595 A 32-bit bitmask indicating supported/selected forwarding methods. 1596 Currently defined values are: 1598 WCCP2_FORWARDING_METHOD_GRE 0x00000001 1599 WCCP2_FORWARDING_METHOD_L2 0x00000002 1601 Type = WCCP2_ASSIGNMENT_METHOD 1603 A 32-bit bitmask indicating supported/selected assignment methods. 1604 Currently defined values are: 1606 WCCP2_ASSIGNMENT_METHOD_HASH 0x00000001 1607 WCCP2_ASSIGNEMNT_METHOD_MASK 0x00000002 1609 Type = WCCP2_PACKET_RETURN_METHOD 1611 A 32-bit bitmask indicating supported/selected packet return methods. 1612 Currently defined values are: 1614 WCCP2_PACKET_RETURN_METHOD_GRE 0x00000001 1615 WCCP2_PACKET_RETURN_METHOD_L2 0x00000002 1617 5.7.6 Mask/Value Set Element 1619 0 1 2 3 1620 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1621 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1622 | Mask Element | 1623 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1624 | Number of Value Elements (n) | 1625 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1626 | Value Element 0 | 1627 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1628 | . | 1629 | . | 1630 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1631 | Value Element n | 1632 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1634 Mask Element 1636 Mask element for this set. 1638 Number of Value Elements (n) 1640 The number of value elements in this set. 1642 Value Element 0-n 1644 The list of value elements for this set. 1646 5.7.7 Mask Element 1648 Note that in all of the mask fields of this element a zero means 1649 "Don't care". 1651 0 1 2 3 1652 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1653 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1654 | Source Address Mask | 1655 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1656 | Destination Address Mask | 1657 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1658 | Source Port Mask | Destination Port Mask | 1659 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1661 Source Address Mask 1663 The 32 bit mask to be applied to the source IP address of the packet. 1665 Destination Address Mask 1667 The 32 bit mask to be applied to the destination IP address of the packet. 1669 Source Port Mask 1671 The 16 bit mask to be applied to the TCP/UDP source port field of the packet. 1673 Destination Port Mask 1675 The 16 bit mask to be applied to the TCP/UDP destination port field of the packet. 1677 5.7.8 Value Element 1679 0 1 2 3 1680 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1681 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1682 | Source Address Value | 1683 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1684 | Destination Address Value | 1685 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1686 | Source Port Value | Destination Port Value | 1687 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1688 | Web Cache IP Address | 1689 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1691 Source Address Value 1693 The value to match against the source IP address of the packet after 1694 masking. 1696 Destination Address Value 1698 The value to match against the destination IP address of the packet after 1699 masking. 1701 Source Port Value 1703 The value to match against the TCP/UDP source port number of the 1704 packet after masking. 1706 Destination Port Value 1708 The value to match against the TCP/UDP destination port number of the 1709 packet after masking. 1711 Web-cache IP address 1713 The IP address of the web-cache to which packets matching this value 1714 element should be sent. 1716 6. Security Considerations 1718 WCCP V2 provides a mechanism for message authentication. It is 1719 described in section 4.7 of this document. The authentication 1720 mechanism relies on a password known to all routers and web-caches in 1721 a Service Group. The password is part of the Service Group 1722 configuration and is used to compute message checksums which can be 1723 verified by other members of the group. Should the password become 1724 known to a host attempting to disrupt the operation of a Service Group 1725 it would be possible for that host to spoof WCCP messages and appear 1726 as either a router or web-cache in the Service Group. 1728 To pose as a router in a Service Group a host would advertise its 1729 presence to the members of the group in I_SEE_YOU messages. If 1730 accepted as part of the Service Group the host would receive the 1731 configuration for the group in a HERE_I_AM message from the designated 1732 web-cache. This situation would not pose any threat to the operation 1733 of the Service Group because the host would not be performing any 1734 packet redirection and all packets would flow normally. 1736 To pose as a web-cache within a Service Group a host would advertise 1737 its presence in HERE_I_AM messages. Acceptance of the host as part of 1738 the Service Group would be decided by the designated cache and may be 1739 subject to additional security checks not specified by WCCP. Should 1740 the host become part of the Service Group it would be assigned a 1741 proportion of the traffic redirected by the routers in the Service 1742 Group. Assuming that the host drops any redirected packets the net 1743 effect to clients would be that some attempts to retrieve content via 1744 the Service Group routers would fail. 1746 7. References 1748 [1] Hanks, Li, Farinacci & Traina, "Generic Routing Encapsulation 1749 (GRE)", RFC 1701, October 1994 1751 8. Authors' Addresses 1753 Martin Cieslak 1754 Cisco Systems 1755 170 Tasman Drive 1756 San Jose, CA 95143 1758 David Forster 1759 Cisco Systems 1760 170 Tasman Drive 1761 San Jose, CA 95143 1763 Gurumukh Tiwana 1764 Cisco Systems 1765 170 Tasman Drive 1766 San Jose, CA 95143 1768 Rob Wilson 1769 Cisco Systems 1770 170 Tasman Drive 1771 San Jose, CA 95143 1773 email: robewils@cisco.com 1775 Expires January 2001