Adrian Chadd wrote:
It might be an IOS release issue then. You may need to upgrade to some
more recent?
If you're really nice then I can load that IOS version on the 7200 I have
here. Let me know the output of "show ver" and I'll see what I can do.
Here's the detailed version strings (of the 4th router):
IOS (tm) 7200 Software (C7200-P-M), Version 12.2(27), RELEASE SOFTWARE (fc3)
ROM: System Bootstrap, Version 11.1(13)CA, EARLY DEPLOYMENT RELEASE
SOFTWARE (fc1)
BOOTLDR: 7200 Software (C7200-BOOT-M), Version 12.0(10)S, EARLY
DEPLOYMENT RELEASE SOFTWARE (fc1)
The 2nd squid machine gets redirects from a cisco switch, and is still
running without any noticeable problems. Also the reports I currently
have show that the problems were happening with users on the 4th router,
but I have no way of verifying that it was just the 4th.
Which platform/IOS version? That switch will be doing L2 redirect.
The switch is a 3550, and will be replaced soon:
Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version
12.2(25)SEE1, RELEASE SOFTWARE (fc1)
ROM: Bootstrap program is C3550 boot loader
"Some people report problems with WCCP and IOS 12.x. They see truncated
or fragmented GRE packets arriving at the cache. Apparently it works if
you disable Cisco Express Forwarding for the interface"
Well, its for some IOS releases. The trick here is to realise the GRE MTU
will be smaller than the ethernet MTU, so you need to make certain that
all packets that'll come to you over GRE will fit unfragmented inside it.
You do this by ensuring the MSS the Squid box negotiates on its incoming
and outgoing TCP connections is less than the default (1460); something
like 1360 would definitely bypass the GRE packet size issue.
Hmm interesting. Tomorrow I'll try to get a web browser running on one
of the networks behind the 4th router, and try some random web browsing
before and after those changes. I increased the default MSS on the
squid box to 1460 from (I think) 500 (or whatever the FreeBSD 6.2
default is) in that previous try. The both the em0 interface and the
router's ethernet interface have an MTU of 1500. Also I just realized
we were trying to previously adjust the tunnel MTU according to the MTU
of an unused tunnel interface on the first router.
Its also potentially a topology related issue. Its hard to tell without
a diagram and set of configs. :)
Well if you need more info, then I'll see what I can get.
Ryan Thoryk
Adrian
