What is the difference between the standard web-cache and reverse-proxy WCCP service groups?
In a cache cluster environment, the web-cache service group tells the router to hash the destination IP address and source port to select a CE in the cluster. However, with the reverse-cache service group, the router hashes the source IP address and source port to select an available CE. With reverse caching, hashing on the source IP addresses from clients on the Internet provides a wider distribution of hash values, as compared to the finite number of IP addresses for your data center origin servers.
Is it possible to configure IP spoofing with forward caching?
If you need to preserve your client's source IP address for requests across your WAN or onto the Internet, you can configure IP spoofing in a forward caching. However, bear in mind that, if you do not configure spoofing, your client's source IP addresses are hidden from the Internet, which is a security measure against hacking.
Does the CE always require spoofing the origin server for client requests?
Yes, the CE must spoof the origin server IP address in both forward and reverse proxy environments for at least the duration of establishing the TCP connection. Because the client sends its TCP SYN segment to the origin server IP address, it drops any TCP SYN/ ACK packets from any other IP address. However, once the TCP connection is established, the CE may send the HTTP/RTSP method "305 Use Proxy" to redirect client media players or browsers to send their requests directly to the CE IP address instead of the origin server.
Why can't the CE cache Kerberos-, NTLM-, or Digest-authenticated objects?
As you learned in Chapter 8, "Exploring the Application Layer," these protocols use a one-time nonce value with the user's credentials to prevent replay attacks, thus preventing the CE (or anyone else) from re-using the client's credentials.
What transparent value-added services can you enable on your Cisco CEs, other than standard caching services?
You can enable content authentication and authorization, SSL caching, content adaptation, URL filtering, and TCP parameter value adjustments. Live stream splitting is also a transparent value-added service that Cisco CEs can provide to your clients, origin servers, or both.
What are pull- and push-splitting?
With pull-splitting, the client requests trigger the CE to proactively pull the live stream via unicast from the origin server. With push-splitting, the origin server pushes the live stream via multicast to the network for the CE to actively join.