WCCP only in MR and not MX?

Roble
Here to help

WCCP only in MR and not MX?

Hi $Community,

 

first post in this board and I hope you guys take it easy on me. My active networking days have been a while but I'll try my luck anyhow. 😉

 

Situation:

 

Hospitality with an Infrastructure of AP's (not Meraki yet) and an MX64 as perimeter. Uplink Bandwidth currently 3Mbps don't laugh, which I have shaped to kingdom come to get all those Apple/Microsoft update and YouTube addicts under control.

I plan to acquire a caching/proxy appliance although I know the MX84 has Squid based Proxy feature integrated, but it currently does not fit our sizing.

 

Question:

 

The almighty $searchegine only points me to a hidden feature within the AP series of Meraki. So far I had no luck in finding a WCCP option within the MX portion of the management page. Is WCCP not integrated in the MX series at all and am i "forced" to configuring it on a bridging device rather than within routing entity?

 

Best Regards and a charming Weekend from Tanzania

 

Roble

 

 

 

 

 

5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal

No Meraki device has WCCP support.

 

The other bad news is that you will probably get very little caching out of a transparent proxy these days.  That is because a lot of content is delivered over https.

 

I wouldn't be surprised if you only got 1% caching.

Roble
Here to help

Thanks for the fast feedback Philip, sounds like if I want to be a 1%er, I’ll have to do it inline, north of the MX then.
Some appliances claim that they can cope with the dynamics of modern CDN's, YouTube and such. Breaking up the ssl traffic with an intermittent device, could be solution then if i recall correct.

Cheers

Roble

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Have a think about SSL - the whole point of it is to prevent a man in the middle attack - to make sure the end point you are really talking to is who they say they are.

 

Some systems that insert themselves into an SSL conversation do so by generating their own private CA certificate.  You then have to load this CA certificate onto every machine that passes through it.  Every machine that does not have it gets a security warning in their web browser or application.

 

Apart from that method, there is no other way of doing transparent inline SSL caching.

 

The next closet thing you could consider doing is setting up your own content node.  Cisco have a solution called "Akamai Connect" that runs on ISR routers.

https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/intelligent-wan-akamai/datash...

This only works when Akamai is used as the CDN.  It usually goes inside your network.  This allows you to have a private Akamai node.  When uses request content from an Akamai CDN the DNS that gets returned is your local private node.  This then retrieves the contents, caches it, and returns it to the user.

 

One bonus - it does allow the caching of Apple iOS updates ....

 

This wont help with You Tube or any other CDN.

 

You really need a lot of users for this to work well - who request similar content.  I could see it costing $US15k since it sounds like your deployment is on the smaller side of things.

 

 

I don't know where you are in the world, but have you considered getting a Satellite connection?  You'll probably be able to get something much faster and the pricing is not too bad these days.  If it was me I would rather spend the money on a satellite connection.

Roble
Here to help

Hey Philip,

thanks for your feedback, it really is appreciated.
Regarding the SSL part I agree, that it is used for authenticating the validity of the source and making sure your privacy is protected.
The CDN part is new to me and of course the sizing is way out of what we need here.

The satellite connection part Is probably the best approach for bulk downloads. The latency surely is nothing I would prefer, but if I combine this with loadbalancing and assigning the traffic to different WAN connections, it might actually be the best solution.

If the satellite bandwith is accordingly cheaper than our 3Mbps WiMAX Access, this will be the way to go.

Cheers and thanks for the valuable input. 👏🏾✊🏾👍🏾

Roble

 

PS: My whereabouts are part of my introduction post. 

Roble
Here to help

Update

A SAT Link is Budget wise a step from bad to worse, but the load balance to cheaper Medium approach in general, is still on my agenda.

Cheers

Roble
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels