Forum Discussion

Ryan_34424's avatar
Ryan_34424
Icon for Altostratus rankAltostratus
Dec 04, 2012

BIG IP LTM, Bluecoat, WCCP... oh my.

Here's an interesting one. I'm fairly new to F5 and the BIG IP LTM series, so everything on this thing is a learning process. I've been able to move past all prior issues (virtual server forwarding, iRules, monitors, etc) as I have a PhD in RTFM... however this one has me for a loop and no amount of RTFM'ing seems to be getting me anywhere. It involves introducing an F5 BIG IP LTM into a mix of Bluecoat SG proxies, routers, and WCCP.

 

With our current environment, we have a router that sees all egress traffic. It has a WCCP communication path with the three Bluecoat Proxies. The router grabs all necessary protocols, and encapsulates it via WCCP and sends to the Bluecoat proxies. Which proxy is used is dependent on the router configuration and which device is currently able to participate. It does not have a way of distributing this traffic... it's strictly failover. You know, without getting into ACLs and all that garbage.

 

This is where the LTM comes into play. What I would like to have in addition to the fault tolerance, is the ability to distribute load across the proxies.

 

I'm running into problems when it comes to how this would work. Some of the questions I have:

 

Does the LTM terminate the WCCP session with the router and then distribute the contents via virtual server?

 

How does that play into the transparency since the destination is something on the Internet and not the proxy itself?

 

Tons-o-questions really...

 

Does anybody have any experience in doing so or pointers on where I should look for more information? Any info really appreciated...

 

Thanks,

 

-RG

 

16 Replies

  • We did eventually get this to work correctly, but have since migrated from Websense to Palo Alto and are no longer using the configuration.

     

  • Charles, did you ever get a chance to find that old working configuration for wccp?

     

  • I haven't found the config, but I did find some notes. Turns out we abandoned wccp in favor of policy based routing. We then were able to load balance the requests using the F5 box as the router for the requests.