Dear list,
since I have seen several questions on WCCP&squid in the list let me post
some of my experience (... how to get wccp running in 20 minutes :-)
This description does not cover all the situations but my local
state and configuration.
1. Squid developers, thanks for the wccp support. Since this feature is
supported from the 2.3 version I have transfered wccp code to the
2.2STABLE5 version ( http://www.vsb.cz/~hal01/cache/wccp)
2.
Set up Cisco router (enable wccp redirection) (IOS 12.0(6a))
ip wccp enable
ip wccp redirect-list 161
interface ATM1/0.3 multipoint
ip address INTERFACE_IP_ADDR NETMASK
ip web-cache redirect
/*http requests to be redirected to the cache */
access-list 161 permit ip NETWORK_TO_REDIRECT NETMASK any
access-list 161 permit ip host HOST_TO_REDIRECT any
/* some www servers should not be accessed through the http cache */
access-list 161 deny ip any host IP_DESTINATION_ADDRESS
access-list 161 deny ip any any
3. Linux kernel compile options (Linux version 2.2.5-15)
CONFIG_EXPERIMENTAL=y
CONFIG_IP_FIREWALL=y
CONFIG_IP_TRANSPARENT_PROXY=y
CONFIG_IP_ROUTER=y
CONFIG_NET_IPGRE=y
Redirected http packets are GRE encapsulated and type marked as protocol
type 0x883e - such packets processed by the linux GRE driver will be
dropped (because of the protocol type)
Since encapsulated packets are IP packets, let the GRE driver rewrites
packet protocol type specification
(patch can be found here http://www.vsb.cz/~hal01/cache/wccp/ip_gre.patch)
/usr/src/linux/net/ipv4/ip_gre.c
int ipgre_rcv(struct sk_buff *skb, unsigned short len){
.
if (skb->protocol == __constant_htons(0x883e))
skb->protocol = __constant_htons(ETH_P_IP);
.
}
4. Having modified ip_gre.c and configured kernel options, compile the
kernel and reboot
5.Set up gre0 interface (using reserved IP address is the most simple way
to do it) Since this is one way communication, we do not need to set up
gre channel on the router or set up routing on the cache host.
ifconfig gre0 10.0.0.1 netmask 255.255.255.255 up
6. (should not be necessary since the kernel was compiled with the
CONFIG_IP_ROUTER option)
echo "1" > /proc/sys/net/ipv4/ip_forward
7.Set up ipchains (ipchains-1.3.8-3)
/sbin/ipchains -A input -i gre0 -p tcp -d 0.0.0.0/0 80 -j REDIRECT 3128
8. Squid config (squid-2.3DEVEL2 or
http://www.vsb.cz/~hal01/cache/wccp/squid-2.2STABLE5-WCCP.tar.gz)
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_uses_host_header on
wccp_router WCCP_ROUTER_IP_ADDRESS
9. Start wccp debug on the router
> debug ip wccp event
> debug ip wccp packets
> term mon
take look at the wccp router status report
> sh ip wccp
> sh ip wccp we
After starting cache there is approx 30 sec. communication going between
cache and router (WCCP_I_AM_HERE <-> WCCP_I_SEE_YOU). This can be observed
looking at the router debug messages. "sh ip wccp" command let's you know
how many caches are communicating with the router. In case of succesfull
initial here_i_am<->i_see_you communication, cache assigns IP buckets
(WCCP_ASSIGN_BUCKETS) and router starts http packets redirection
10. Enjoy the reliability and scalability with wccp
11. In spite of the fact that this works for fine for me, I am no
linux/squid guru so feel free to send comments.
In case you can read czech, you cand find more in
http://www.vsb.cz/~hal01/cache/doc/wccp_cache.doc
(In case of demands I am ready to translate it.)
Best regards,
Jan
===============================================================================
TECHNICAL UNIVERSITY OSTRAVA tel.: +42 69 6991257
COMPUTER CENTRE fax.: +42 69 6919352
Tr. 17. listopadu e-mail: jan.haluza@vsb.cz
708 33 Ostrava-Poruba
Czech Republic
===============================================================================
Received on Tue Oct 19 1999 - 03:54:05 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:57 MST