RE: [squid-users] WCCPv2 current instructions?

From: Shaun Skillin \(home\) <shaun@dont-contact.us>
Date: Wed, 20 Sep 2006 23:40:55 -0600

More information, if this helps to narrow it down...I have tried adjusting MTU sizes to try to solve this. When I set wccp0 to 1200, it seems to make no difference at all. When I set eth0 to 1200, ebay.com will not load at all. Other sites (presumably with smaller page?) can load OK.
Also, very curious to me, I notice from a sniffer trace on the Squid box, that the SYN packet goes through the GRE tunnel, the SYN-ACK does not (seems to be a spoof from Squid back to client), and the final ACK goes through the tunnel. Is this normal?

________________________________

From: Shaun Skillin (home)
Sent: Wed 9/20/2006 8:19 PM
To: Henrik Nordstrom; Shaun Skillin (home)
Cc: Squid Users
Subject: RE: [squid-users] WCCPv2 current instructions?

Hi Henrik,
For this test, all of the clients are on the same LAN, 172.16.1.X/24. The firewall is 172.16.1.254, squid is 172.16.1.3, clients are .100-.199 (dhcp range). Client gateway is 172.16.1.252, which is a Cisco 3550 Layer 3 switch with IP redirects.
I was wondering if I perhaps need to adjust the TCP MSS because we're using a GRE tunnel? I don't know if this is possible on an ASA firewall. I also heard something about vport?

Shaun

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Wednesday, September 20, 2006 1:48 PM
To: Shaun Skillin (home)
Cc: Squid Users
Subject: RE: [squid-users] WCCPv2 current instructions?

ons 2006-09-20 klockan 08:07 -0600 skrev Shaun Skillin (home):
> more help. I've experienced a few times that certain websites (like
> Ebay auctions) have problems. I can access most things on the site, but
> certain functions just die horribly in timeout-land. When I put the
> settings directly into the browser, I have no problem, but when running
> transparent using WCCP I have this problem.

Sites causing timeout problems when intercepted but not when using proxy
configuration usually indicates an MTU related problem for traffic
proxy->client.

What does the network between your station and the proxy look like? Any
path there with a MTU smaller than the standard ethernet?

Regards
Henrik
Received on Wed Sep 20 2006 - 23:43:43 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:04 MDT