G'day,
* Yes you still need iptables to redirect packets going to arbitrary destinations
into Squid running on a port.
* Traffic will only flow over the GRE tunnel one way - from the router to the
cache.
On Thu, Feb 21, 2008, Ritter, Nicholas wrote:
> I am trying to setup an HTTP-only WCCP v2 redirection via Cisco 2811
> router to a Linux-based Squid 2.6 box. The problem is that there is no
> content showing up in the squid access log, and web connections are slow
> and often timeout. I have done some research on the net and checked some
> things that were noted by peoples posts, but I am still a bit stumped.
> The router shows WCCP status as good in that the router and the cache
> server see each other, and there appears to be redirection occurring
> because 'sh ip wccp' on the router shows it, and a tcpdump session on
> the web cache server sees it. The router and the web cache appliance are
> layer 2 adjacent to each other, and on the same ip subnet, but the cache
> server is connected via a Cisco EtherSwitch module installed in the 2811
> router, and the clients being redirected to the cache server are hanging
> off a different ip subnet and different layer 2 segment.
>
> I also notice that the wccp2 GRE tunnel I setup on the Linux box shows
> traffic in only one direction. I suspect that at least part of my
> problem is that I have setup the GRE tunnel wrong. I also read that WCCP
> functionality is buggy in various Cisco IOS versions, I have tried to
> figure out if the IOS version I am using is a buggy one. I attempted to
> use the same IOS version as is in use on a Cisco WAAS 2811 router, which
> is 12.4(9) but the closest I could get to that was 12.4(10c) 12.4(15)T3
> exhibited the same problems.
>
> I have provided information below on my setup, can someone please
> provide me with some information that can help to figure out what I am
> doing wrong?
>
>
>
>
> ROUTER INFO
> ------------------------------------------------------------------------
> -------------------
> Router: Cisco 2811 running c2800nm-advsecurityk9-mz.124-10c
> WCCP version: 2
>
> #sh ip wccp
> Global WCCP information:
> Router information:
> Router Identifier: <IIP censored>
> Protocol Version: 2.0
>
> Service Identifier: web-cache
> Number of Service Group Clients: 1
> Number of Service Group Routers: 1
> Total Packets s/w Redirected: 4285
> Process: 0
> Fast: 0
> CEF: 4285
> Redirect access-list: -none-
> Total Packets Denied Redirect: 0
> Total Packets Unassigned: 0
> Group access-list: -none-
> Total Messages Denied to Group: 0
> Total Authentication failures: 0
> Total Bypassed Packets Received: 0
>
> Other router configure directives:
>
> Clients using cache server on FastEthernet 0/0.1
> Squid server is directly connected to FastEthernet 0/2/0
>
> WCCP router config directives:
> ip wccp web-cache
> ip wccp web-cache version 2
> interface fastethernet0/0.1
> ip wccp web-cache redirect in
>
>
> SQUID INFO
> ------------------------------------------------------------------------
> -------------------
> Squid platform: CentOS 5.1 on x86_64
> Squid version: CentOS bundled RPM which is squid-2.6.STABLE6-5.el5_1.2
>
> Squid is set for transparent mode and to listen on port 80 and port
> 3128. The host based firewall is disabled, because I don't need redirect
> to 3128 from 80. (Could this be a problem, do I need iptables mangling
> of some sort?)
>
> squid.conf directives:
> http_port 80 transparent
> http_port 3128 transparent
> wccp2_router <router IP as noted in Cisco sh ip wccp router identifier>
> wccp2_rebuild_wait on
> wccp2_forwarding_method 1
> wccp2_return_method 1
> wccp2_assignment_method 1
> wccp2_service standard 0
>
>
> CENTOS Linux OS INFO
> ------------------------------------------------------------------------
> -------------------
> CentOS 5.1 x86_64 on Intel Core 2 Duo
> Kernel is custom compiled, version 2.6.23
>
> /bin/echo 1 > /proc/sys/net/ipv4/ip_forward
> /bin/echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
> /bin/echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
> /sbin/modprobe ip_gre
> /sbin/ip tunnel add wccp2 mode gre remote <ip of Cisco router identifier
> as listed in the sh ip wccp command> local <same ip as eth0> dev eth0
> /sbin/ifconfig wccp2 <same ip as eth0> netmask 255.255.255.255 up
>
>
> ifconfig output from CentOS box:
>
> eth0 Link encap:Ethernet HWaddr 00:30:1B:44:7F:11
> inet addr:<IP censored> Bcast:<info censored>
> Mask:255.255.240.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:38474 errors:0 dropped:0 overruns:0 frame:0
> TX packets:38245 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:6402032 (6.1 MiB) TX bytes:5488603 (5.2 MiB)
> Interrupt:19
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
> wccp2 Link encap:UNSPEC HWaddr
> 0A-0C-20-3C-00-00-00-00-00-00-00-00-00-00-00-00
> inet addr:<same ip as eth0> P-t-P:<same ip as eth0>
> Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
> RX packets:36330 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:4511404 (4.3 MiB) TX bytes:0 (0.0 b)
>
-- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -Received on Thu Feb 21 2008 - 13:18:39 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST