Very good explanation. We are using Hash...but I believe we have to use Mask in order for the Source IP to actually matter.
Right now it is set to hash and I believe the WCCP ASA comes up with the hash and it doesn't matter what IP or Destination IP is.
From the MWG Product Guide:
Input for load
(The main item does not appear in the list, but is visible in the Add and Edit windows. The
four elements shown below are related to it, specifying what is used in a data packet as the
criteria for load distribution.)
When running multiple appliances, load distribution can be configured for the proxies on
them. Data packets can be distributed to these proxies based on the masking of source or
destination IP addresses and port numbers or on a hash algorithm.
• Source IP — When selected, load distribution relies on the masking of source IP
• Destination IP — When selected, load distribution relies on the masking of destination
• Source port — When selected, load distribution relies on the masking of source port
• Destination port — When selected, load distribution relies on the masking of the
destination port numbers.
Assignment method (The main item does not appear in the list, but is visible in the Add and Edit windows. The
two elements shown below are related to it, specifying the method used for load
• Assignment by mask — When selected, masking of the parameter specified above is
used for load distribution.
• Assignment by hash — When selected, a hash algorithm is used for load distribution.
Mask does not work with my Cisco ASA. I put it back to Hash and selected only Source IP and it works like it should. I was only hitting one proxy instead of both back and forth like it was. This is definitely better for authentication and log purposes.
Thanks for the help.
That documentation is a little misleading. Hash and mask are just slightly different mechanisms for coming up with the load distribution. Both support source IP only (and the other options for that matter). Basically the ASA/Router take whatever pairs you give it (source|destination IP|Port, or all iterations) and either hashes that value to determine which cache gets the traffic, or looks at a mask table of all the possibilities. You were using the default (maybe it shouldn't be) source ip + destination ip.
I believe hash is supposed to be a little smarter (which is why all modern Cisco equipment only supports it) especially when the pairs are all right next to each other.
After some modifications, I have com up with this as being the best way to load balance with a .pac file. Notice I have replaced "if (myseg==Math.floor(myseg/2)*2)" which takes more time to process and used the MOD.
//Find the 4th octect
var myIp = myIpAddress();
var ipBits = myIp.split(".");
var mySeg = parseInt(ipBits);
if((mySeq % 2) == 0) //Check to see if 4th octect is EVEN
return "PROXY ed-proxy1:8080; PROXY ed-proxy2:8080; DIRECT";
else //If ODD
return "PROXY ed-proxy2:8080; PROXY ed-proxy1:8080; DIRECT";