Greetings.
Sorry for the long message. We are trying to implement
Transparent/Interception caching using the following:
-- Squid 2.5 Stable 11 (We were able to obtain an RPM for Fedora Core 3)
with WCCP v1
-- Fedora Core 3 (64-bit, 2.6.9-1.667smp)
-- Cisco Router (IOS 12.2)
in the following configuration (not real IP addresses and interface
designations used):
|-----------------------|
| Squid (2.5 S11) |
| Fedora Core 3 |
|-----------------------|
eth 0 | 201. 1.1.2/255.255.255.252
|
|
|
int 0/0 | 201.1.1.1/255.255.255.252
| int 0/1
|------------------------------|
------------------------- to Internet *
Networks of ATM
interface | |
203.1.1.1/255.255.255.224
Dial Up Users via various ------------------------------------|
Cisco Router (IOS 12.2) |
Terminal Servers 202.1.1.1/255.255.255.252
| | 203.1.1.2/255.255.255.224
|------------------------------|-------------------------- to Internet *
int 0/2
* The two network interfaces (int 0/1 and int 0/2) are connected to the
same network and load balanced via OSPF.
(Please pardon the interface designations on the router as I am not too
familiar with it and we have no administrative control of the router)
On the router (IOS 12.2):
-- As mentioned above, connections to the internet (int 0/1 and int 0/2)
are load balanced over OSPF
-- An access list has been defined on ATM interface for various networks
(dialups, DSL, etc.)
-- We have turned CEF off on the interface connected to the Squid CACHE
(we actually tried it with CEF as well).
-- WCCP v1 is enabled and applied at the 2 outbound internet connections
(int 0/1 and int 0/2) with "redirect out" option
-- We have also tried to apply WCCP v1 at the ATM interface with
"redirect in" option.
-- WCCP v1 was enabled and applied to the various interfaces as detailed
above with access lists (as specified above, defined for the ATM interface)
On the Linux Box (FC3, 2.6.9-1.667smp):
-- We used the WCCP v1 module on Squid as pre-compiled with the RPM.
-- We are using GRE instead of WCCP patch as we have read in the FAQs
and lists that this is the implementation to use for kernel versions >=
2.6.9.
-- We are also using iptables to redirect traffic coming in from port 80
to 3128 (the squid port we are using)..
-- We specified and enabled the appropriate variables in squid.conf for
both transparent/interception caching and WCCP v1.
Configurations used:
We have tried the various setups as detailed in the following URLs:
-- http://www.squid-cache.org/mail-archive/squid-users/200505/0678.html
-- http://www.sublime.com.au/squid-wccp/
-- http://www.reub.net/node/3
-- http://www.spc.int/it/TechHead/Wccp-squid.html
Symptoms:
We were able to configure it so that the Cisco Router WCCP v1
configuration actually registers the Squid Server as a usable Cache
Engine. We also traced the GRE connections via the following Linux commands:
-- tethereal -V -s 1500 port 2048
-- tcpdump -lenx -s 1500 port 2048
and we see the "Here I Am" and "I See You" packets and observed the
following:
-- the "Here I Am" packets specify that 0 to 255 buckets ARE NOT ASSIGNED.
-- the "I See You" packets specify that 0 to 255 buckets ARE ASSIGNED.
Also, we can see the router configuration specifying our squid server
registered in the web cache.
On the router, using the "show ip wccp" command, we see the counter
"Total Packets Redirected" being incremented. When we issue the "show ip
wccp web-caches" command, the "Web Cache ID:" parameter displays
0.0.0.0. Also, when we issue the "show ip wccp web-cache view" command,
the "WCCP Routers Informed of:" parameter and the "WCCP Cache Engines
NOT Visible:" parameter show "-- none --" and "WCCP Cache Engines
Visible:" parameter shows the IP address of the squid server (201.
1.1.2). We are unable to issue any debug commands on the router as this
is a production router (we have no other router to implement on) and
this might make the router hang.
Problems:
-- On the squid server, we see nothing coming through port 80 (using the
"tcpdump -n port 80" linux command) eventhough, as mentioned above, we
are registered with the Cisco WCCP configuration and the "Total Packets
Redirected" is incrementing.
-- We do not see anything being recorded on the squid server's access.log.
Some Questions:
-- Is there a definitive how-to on implementing WCCP v1 on Linux for
kernels 2.6.9 and above?
-- Has anyone had a successful installtation of Squid 2.5 Stable 11 with
WCCPv1 connected to a Cisco router (IOS 12.1 or 12.2) on Fedora Core
3(kernel version 2.6.9 smp)?
-- How can we further see that is happening or debug without using the
router's debug commands (if there are any other ways)?
-- Do we need to switch to WCCP v2 using the patch available from the
squid developer site
(http://devel.squid-cache.org/projects.html#visolve_wccpv2) in order for
Transparent/Interception caching to work?
-- Any word on if (or when) full WCCP v2 (with multiple router and
multiple cache) will be or has been implemented (either as a patch or
part of the distribution)? Will this support load balancing protocols on
the router (OSPF, HSRP, VRRP)?
-- Just in case anybody knows, how are the access lists implemented with
regards to the WCCP v1 setting? I read in one article
(http://www.squid-cache.org/Doc/FAQ/FAQ-17.html) that this list should
contain IP addresses that should be excluded from transparent caching,
or something to that effect (the exact words were "IP addresses which
you do not wish to be transparently redirected to your cache"). I just
wanted to confirm if this was correct.
We would appreciate any help you could give on the matter.
Thank you and good day.
-- Oliver --