Re: [squid-users] Dynamic Client Bypass

From: Joe Cooper <joe@dont-contact.us>
Date: Wed, 17 Jul 2002 14:50:39 -0500

Henrik Nordström wrote:
> Francisco Obispo wrote:
>
>>Is there a way to implement Dynamic Client Bypass as specified in
>>
>>http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/net_cach.htm#xtoci
>>d13
>
>
> Yes, by writing a small daemon that monitors Squid access.log for such errors,
> and reconfigures the TCP interception on the Host where Squid is running to
> not intercept traffic for the detected client,server IP pair.
>
> No changes to Squid is really needed for doing this.
>
> If you are using Linux-2.4 iptables then look into the ippools iptables
> feature (in iptables patch-o-matic). Should make these kinds of rules easier.

Worth noting: Francisco is using WCCP. This presents the additional
problem of how to get past the router without the packet being
redirected back to the cache in a theoretical infinite loop, because the
IP when routing through the cache machine will remain the client IP.
The only way around this I know of is to use policy routing on the
router, wherein the last-hop is checked and WCCP is bypassed if the
cache is the last hop. As I understand it, the ability to route based
on last-hop is not a common feature on most Ciscos and requires an
upgrade to an advanced policy routing module (I don't know enough about
Cisco routers or the various IOS branches to know the specifics of this).

-- 
Joe Cooper <joe@swelltech.com>
Web caching appliances and support.
http://www.swelltech.com
Received on Wed Jul 17 2002 - 13:52:46 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:17 MST