"So your confusion isn't that its working, but Netenforcer isn't reporting any traffic savings? " Precisely, NetEnforcer is not giving a physical (or logical) report on badndidw usage reduction i got these values from the Cache Manager CGI sample_start_time = 1165496653.636038 (Thu, 07 Dec 2006 13:04:13 GMT) sample_end_time = 1165496953.638503 (Thu, 07 Dec 2006 13:09:13 GMT) client_http.requests = 48.112938/sec client_http.hits = 15.986535/sec client_http.errors = 0.000000/sec client_http.kbytes_in = 41.296327/sec client_http.kbytes_out = 476.482752/sec i think these are pritty cool figures though and this actually shows that Squid is actievely working About the L2 redirects, how can i cnfigure this? can you please help with configuration linse for both Squid and L2? or is is just as simple as the below: wccp2_router (router public ip) wccp2_address (eth0 Public ip) wccp2_service standard 0 password=******* wccp2_forwarding_method 2 could u please help with Cisco side configs specific for 6509 thanks for your response On 12/7/06, Adrian Chadd <adrian@xxxxxxxxxxxxxxx> wrote:
On Thu, Dec 07, 2006, Dumpolid Exeplish wrote: > clients => 6509 (catalyst) => NetEnforcer => 3550 (Switch) => Internet > || > DMZ Looks right. The netenforcer is going to see the Squid server making all the requests (whilst squid is up, obviously.) > iptunnel add gre1 mode gre remote (router's loopback) local (eth0 ip) dev > eth0 > ifconfig gre1 127.0.0.2 up > iptables -t nat -A PREROUTING -i gre1 -d 0/0 -j DNAT --to-destination (eth0 > ip) I'd just bypass the GRE entirely when using a 6509 and use the L2 redirection method. wccp2_forwarding_method 2 I believe will do it. > CONFUSION > The squid system is currently registering an average of 21% hits but > the Net Enforcer system is not registering downward bandwidth usage. > According to NE, 80% of our customer traffic is HTTP. but there isnt > significant reduction on the end of the Squid server. Whats the byte hit rate show in cachemgr for squid? Whats the 5 minute counters indicate the client http and server http traffic are? > I have done a tcp dump (without listening to any specific host) and i > noticed that there were so many packets being dropped by the kernel > and very little traffic from the Squid server (this does not tally > with the way the squid access logs fly past when i tail -f it). > i also noticed that the gre tunnel (gre1) is registering RX packet > conts and absolutely no TX cont. the eth0 interface is registering > both RX and TX. You won't be returning any packets via the GRE tunnel. Its just to get packets to the Squid server (in the current Squid+WCCPv2 setup, that is.) Again, I'd use the L2 forwarding method over GRE. Its less prone to GRE weirdness and it'll result in less load on the routing side of the 6509. So your confusion isn't that its working, but Netenforcer isn't reporting any traffic savings? adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
