2009/1/23 Anthony DeMatteis <adematteis@xxxxxxxxxxxxx>: > Greetings Group, > I'm new to this group... > We're an ISP trying to control some of our bandwidth issues. I've never > set up squid before. I have a working squid server, working very well, > including caching youtube vids. However, this is via setting up the > proxy settings in the browser and pointing to the caching server's ip > address:3128 or using acl's on the router and redirecting traffic to the > caching server. I would like to set it up transparently using wccp. I > would rather go the wccp route to allow traffic to continue to flow in > the event the caching server(s) die. I understand wccpv2 provides this > feature. > > My problem is getting the gre tunnel to work. I've been googling for two > days. I've used info from pages 143-149 of Squid: The Definitive Guide. > No luck getting wccp tunnel working. I've managed to get this: Hello Tony, The following commands are useful for debugging WCCP problems. * CISCO IOS debug ip wccp events debug ip wccp packets This two commands will make the router log useful WCCP debug info. * squid.conf debug_options 80,3 This will log detailed wccp info to the squid cachelog. See http://squid.cvs.sourceforge.net/viewvc/squid/squid/doc/debug-sections.txt?view=markup * Use tcpdump on the physical and gre interfaces to watch packets arriving from the Cisco router. * Configure your firewall to log dropped packets, and search for any dropped packets originating from the Cisco router. Perhaps this recent blog will be helpful: http://fakrul.wordpress.com/2008/12/11/transparent-squid-proxy-server-with-wccp-support/ You should be aware that if you are deploying a standard transparent Squid proxy, all your web traffic will appear to come from the IP address of the Squid box. For an ISP this can cause problems for users if they are accessing sites (eg download sites) that limit concurrent access based on client source IP. To get round this, there is a patch for Squid called TPROXY which allows it to spoof the source IP address of the original user. This is well supported on Linux, but I'm not sure about FreeBSD (see http://cacheboy.blogspot.com/2009/01/freebsd-tproxy-works.html) Hope that helps. -RichardW. -- Richard Wall ApplianSys Ltd http://www.appliansys.com
