On Thu, Dec 07, 2006, Dumpolid Exeplish wrote: > clients => 6509 (catalyst) => NetEnforcer => 3550 (Switch) => Internet > || > DMZ Looks right. The netenforcer is going to see the Squid server making all the requests (whilst squid is up, obviously.) > iptunnel add gre1 mode gre remote (router's loopback) local (eth0 ip) dev > eth0 > ifconfig gre1 127.0.0.2 up > iptables -t nat -A PREROUTING -i gre1 -d 0/0 -j DNAT --to-destination (eth0 > ip) I'd just bypass the GRE entirely when using a 6509 and use the L2 redirection method. wccp2_forwarding_method 2 I believe will do it. > CONFUSION > The squid system is currently registering an average of 21% hits but > the Net Enforcer system is not registering downward bandwidth usage. > According to NE, 80% of our customer traffic is HTTP. but there isnt > significant reduction on the end of the Squid server. Whats the byte hit rate show in cachemgr for squid? Whats the 5 minute counters indicate the client http and server http traffic are? > I have done a tcp dump (without listening to any specific host) and i > noticed that there were so many packets being dropped by the kernel > and very little traffic from the Squid server (this does not tally > with the way the squid access logs fly past when i tail -f it). > i also noticed that the gre tunnel (gre1) is registering RX packet > conts and absolutely no TX cont. the eth0 interface is registering > both RX and TX. You won't be returning any packets via the GRE tunnel. Its just to get packets to the Squid server (in the current Squid+WCCPv2 setup, that is.) Again, I'd use the L2 forwarding method over GRE. Its less prone to GRE weirdness and it'll result in less load on the routing side of the 6509. So your confusion isn't that its working, but Netenforcer isn't reporting any traffic savings? adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -