Skip to main content

Posts

Showing posts from August, 2017

Do not be scared from WCCP

I would like to try with you (my readers) explanation in a format of Q&A , hopefully that will make it easier to understand as WCCP is not that hard.

Q:What is WCCP (web cache communication protocol)?

A:To make it simple WCCP is a protocol running between a router and a network appliance for allowing safer and smarter redirection of traffic.

Q:When you say network appliance what do you mean?

A: In WCCPv1 the protocol was used only for redirection of web traffic (and only TCP port 80) so it was clearly very limited for web application (hence the name), however since WCCPv2 the usage and capability expended and WAN optimization devices (WAAS, Riverbed SteelHead etc.) Security Appliances (Cisco WSA, Bluecoat WAF etc.) are using WCCP to receive traffic for optimization or content security handling.

Q: What are the main components of WCCP?

A: That is an Excellent Question :-) , well

Redirector - The Router or group of routersWeb Cache - That is the misleading part as is called a web ca…

DNS Proxy with Juniper SRX

It is often when you come across deployments where branch users need reach an internal resource that is also mapped for external users via DNS however the problem start when user inside the corp is resolving that address over the public DNS he will get response of the public address of that resource and in order for him to reach that address packet will need to go out form the internal trust zone to outside and back in , this is what is called a DNS Split Horizon problem!
to fix that you can either use some static host configuration that is very unscaleable or use a DNS proxy and Internal forwarders, for that there are 2 main methods (with Juniper SRX):
Method 1  Split DNS configuration where all DNS traffic is default to 8.8.8.8 with the exception of sguez.net that is using 198.168.1.200 (Internal DNS) root@SRXv01# show system services dns | display set set system services dns dns-proxy interface ge-0/0/1.0 set system services dns dns-proxy default-domain * forwarders 8.8.8.8 set sy…