On Tue, Dec 05, 2006, Jason Taylor wrote:
> The intercept router:
> - Cisco 6509
> - IOS version 12.2.18sxf
Hm, I've heard rumours that there's been some WCCPv2 bugs in the SXF code.
Yah, there's an unrelated bug resolved in 12.2(18)SXF7 and a couple more
in previous releases but nothing related to GRE. Ok.
> - loopback IP: 172.20.1.72
> - WCCP IP (IP facing squid): 192.168.40.33 (default gateway for squid)
> +-------+-------+ +------------+
> | 192.168.251.1 | | Internet |
> | Cisco 6509 +---+ Firewall +==> To Internet
> | v12.2.18 sxf | | NAT is here|
> | 192.168.40.33 | +------------+
> +-------+-------+
> |
> +-------+-------+
> | 192.168.40.37 |
> | Squid Proxy |
> +---------------+
>
> Squid.conf settings:
> wccp2_router 192.168.40.33
> wccp2_address 192.168.40.37
> wccp2_service standard 0
If its directly connected then I'd give using L2 forwardinga shot over
GRE forwarding. Just set wccp2_forwarding_method 2 in squid.conf.
See if L2 redirection does the right thing. Keep the iptables rule
but toss the GRE tunnel.
(I'd also suggest trying mask assignment over hash assignment with
Squid-2.6 but apparently mask assignment is causing Squid to crash.
I'm testing a workaround atm. It won't matter unless you're doing
quite a lot of traffic and you notice the MSFC CPU usage go way up.)
Adrian
-- - Xenion - http://www.xenion.com.au/ - Hosting and Commercial Squid Support -Received on Tue Dec 05 2006 - 16:36:40 MST
This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST