* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

* Podcasts
* Social Channels
* Video Streaming

 

 

 

 

 

ABOUT DEVCENTRAL

DevCentral News Technical Forum Technical Articles Technical CrowdSRC Community Guidelines DevCentral EULA Get a Developer Lab License Become a DevCentral MVP

RESOURCES

Product Documentation White Papers Glossary Customer Stories Webinars Free Online Courses F5 Certification LearnF5 Training

SUPPORT

Manage Subscriptions Professional Services Professional Services Create a Service Request Software Downloads Support Portal

PARTNERS

Find a Reseller Partner Technology Alliances Become an F5 Partner Login to Partner Central

---

©2024 F5, Inc. All rights reserved.

Here's an interesting one. I'm fairly new to F5 and the BIG IP LTM series, so everything on this thing is a learning process. I've been able to move past all prior issues (virtual server forwarding, iRules, monitors, etc) as I have a PhD in RTFM... however this one has me for a loop and no amount of RTFM'ing seems to be getting me anywhere. It involves introducing an F5 BIG IP LTM into a mix of Bluecoat SG proxies, routers, and WCCP.

With our current environment, we have a router that sees all egress traffic. It has a WCCP communication path with the three Bluecoat Proxies. The router grabs all necessary protocols, and encapsulates it via WCCP and sends to the Bluecoat proxies. Which proxy is used is dependent on the router configuration and which device is currently able to participate. It does not have a way of distributing this traffic... it's strictly failover. You know, without getting into ACLs and all that garbage.

This is where the LTM comes into play. What I would like to have in addition to the fault tolerance, is the ability to distribute load across the proxies.

I'm running into problems when it comes to how this would work. Some of the questions I have:

Tons-o-questions really...

Does anybody have any experience in doing so or pointers on where I should look for more information? Any info really appreciated...

Thanks,

Here's an interesting one. I'm fairly new to F5 and the BIG IP LTM series, so everything on this thing is a learning process. I've been able to move past all prior issues (virtual server forwarding, iRules, monitors, etc) as I have a PhD in RTFM... however this one has me for a loop and no amount of RTFM'ing seems to be getting me anywhere. It involves introducing an F5 BIG IP LTM into a mix of Bluecoat SG proxies, routers, and WCCP.

With our current environment, we have a router that sees all egress traffic. It has a WCCP communication path with the three Bluecoat Proxies. The router grabs all necessary protocols, and encapsulates it via WCCP and sends to the Bluecoat proxies. Which proxy is used is dependent on the router configuration and which device is currently able to participate. It does not have a way of distributing this traffic... it's strictly failover. You know, without getting into ACLs and all that garbage.

This is where the LTM comes into play. What I would like to have in addition to the fault tolerance, is the ability to distribute load across the proxies.

I'm running into problems when it comes to how this would work. Some of the questions I have:

Tons-o-questions really...

Does anybody have any experience in doing so or pointers on where I should look for more information? Any info really appreciated...

Thanks,

I haven't tested this personally but here's my 2 cents:

> Does the LTM terminate the WCCP session with the router and then distribute the contents via virtual server?

> How does that play into the transparency since the destination is something on the Internet and not the proxy itself?

This documentation below is labelled WOM but in Big-IP 11.2.0 and up, WCCP is available to LTM-only licensed units also.

Configuring WCCPv2 Redirection - http://support.f5.com/kb/en-us/prod...r=27181397

I haven't tested this personally but here's my 2 cents:

> Does the LTM terminate the WCCP session with the router and then distribute the contents via virtual server?

> How does that play into the transparency since the destination is something on the Internet and not the proxy itself?

This documentation below is labelled WOM but in Big-IP 11.2.0 and up, WCCP is available to LTM-only licensed units also.

Configuring WCCPv2 Redirection - http://support.f5.com/kb/en-us/prod...r=27181397

\n

\n

\n

\n

\n

\n

\n

\n

The way I understand it (and I haven't set this up personally so take this with some skepticism) the tunnel is terminated between the router and the Big-IP. Packets arrive unencrpyted to the Big-IP as though the client sent it directly to the Big-IP as the Gateway. Thus, a port 80 VS needs to catch and forward the traffic. If it's going back to another proxy via a pool, it won't be using WCCP to get there on the back-end.

The way I understand it (and I haven't set this up personally so take this with some skepticism) the tunnel is terminated between the router and the Big-IP. Packets arrive unencrpyted to the Big-IP as though the client sent it directly to the Big-IP as the Gateway. Thus, a port 80 VS needs to catch and forward the traffic. If it's going back to another proxy via a pool, it won't be using WCCP to get there on the back-end.

\n

\n

\n

\n

Right, 0.0.0.0/0:80 will catch any HTTP traffic not destined for a more specfic VS.

Right, 0.0.0.0/0:80 will catch any HTTP traffic not destined for a more specfic VS.

Did anyone have any success getting this to work? I have set up WCCP communication between F5 and the router, and can see that port 80 packets are arriving on the F5 via WCCP as expected. I also set up a standard VS for 0.0.0.0/0:80, which has a pool member that is a Websense proxy (same idea as BlueCoat).

The problem is that no packets ever arrive at the Websense interface, which should be receiving packets forwarded by the F5 VS.

Any ideas?

Did anyone have any success getting this to work? I have set up WCCP communication between F5 and the router, and can see that port 80 packets are arriving on the F5 via WCCP as expected. I also set up a standard VS for 0.0.0.0/0:80, which has a pool member that is a Websense proxy (same idea as BlueCoat).

The problem is that no packets ever arrive at the Websense interface, which should be receiving packets forwarded by the F5 VS.

Any ideas?