Greetings all,
I'm still trying to get wccp working between my squid server and a Cisco
7200. I am now getting a wccp response from the router, albeit not via
a GRE tunnel as I've seen in example after example on the net. Any
additional information would be greatly appreciated.
tail -f /usr/local/etc/squid/logs/cache.log
...
2009/01/29 09:27:06| wccp2HereIam: Called
2009/01/29 09:27:06| wccp2HereIam: sending to service id 0
2009/01/29 09:27:06| Sending HereIam packet size 144
2009/01/29 09:27:06| wccp2HandleUdp: Called.
2009/01/29 09:27:06| Incoming WCCPv2 I_SEE_YOU length 132.
2009/01/29 09:27:06| Complete packet received
2009/01/29 09:27:06| Incoming WCCP2_I_SEE_YOU Received ID old=305
new=306.
2009/01/29 09:27:06| Cleaning out cache list
2009/01/29 09:27:06| checking cache list: (9f0213d8:9f0213d8)
2009/01/29 09:27:06| Change not detected (2 = 2)
ar1.dc.az#sh ip wccp web-cache detail
WCCP Cache-Engine information:
Web Cache ID: 211.22.2.159
Protocol Version: 2.0
State: Usable
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets Redirected: 302
Connect Time: 00:04:30
ar1.dc.az#sh ip wccp web-cache
Global WCCP information:
Router information:
Router Identifier: 211.22.1.254
Protocol Version: 2.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 3463
Redirect access-list: 150
Total Packets Denied Redirect: 164188
Total Packets Unassigned: 779
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
But no squid/access.log activity, i.e. no traffic is being redirected.
My Router config: (sanitized)
ar1.dc.az#sh run
Building configuration...
Current configuration : 4519 bytes
!
! Last configuration change at 15:33:55 UTC Thu Jan 29 2009
! NVRAM config last updated at 19:40:48 UTC Tue Jan 20 2009
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
no service dhcp
no service single-slot-reload-enable
!
hostname ar1.dc.az
!
no logging monitor
!
ip subnet-zero
ip wccp web-cache redirect-list 150
ip cef distributed
ip domain-name commspeed.net
ip name-server 211.22.2.81
ip name-server 211.22.2.82
!
!
call rsvp-sync
!
!
!
!
!
!
controller T1 4/0/0
framing esf
clock source internal
linecode b8zs
channel-group 0 timeslots 1-24
description Customer123 PTP T1 - Qwest-CID: 14.HCXX.XXXXXX..MS
!
controller T1 4/0/1
shutdown
framing esf
linecode b8zs
!
controller T1 4/0/2
shutdown
framing esf
linecode b8zs
!
controller T1 4/0/3
shutdown
framing esf
linecode b8zs
!
controller T1 4/0/4
shutdown
framing esf
linecode b8zs
!
controller T1 4/0/5
shutdown
framing esf
linecode b8zs
!
controller T1 4/0/6
shutdown
framing esf
linecode b8zs
!
controller T1 4/0/7
shutdown
framing esf
linecode b8zs
!
!
!
interface Loopback0
description Loopback for BGP Peering
ip address 211.22.1.254 255.255.255.255
!
interface Tunnel0
no ip address
!
interface FastEthernet2/0
description Prescott Valley Data Center - Core Network
ip address 211.22.2.1 255.255.254.0 secondary
ip address 211.22.0.1 255.255.255.0 secondary
ip address 211.22.47.65 255.255.255.224 secondary
ip address 211.22.4.34 255.255.255.224 secondary
ip address 211.22.8.1 255.255.255.0 secondary
ip address 211.22.4.33 255.255.255.224
ip access-group block-phisher in
ip route-cache same-interface
full-duplex
!
interface FastEthernet2/1
ip address 211.22.1.33 255.255.255.224 secondary
ip address 211.22.5.1 255.255.255.192
full-duplex
!
interface Serial4/0/0:0
description Arcosanti PTP T1 - Qwest-CID: 14.HCXX.XXXXXX..MS
bandwidth 1544
ip address 211.22.1.13 255.255.255.252
encapsulation ppp
!
interface FastEthernet4/1/0
no ip address
shutdown
half-duplex
!
router eigrp 4492
redistribute connected
redistribute static
passive-interface default
no passive-interface FastEthernet2/1
network 211.22.5.0 0.0.0.63
distribute-list 86 out static
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 211.22.5.4
ip route 10.1.0.20 255.255.255.255 211.22.3.6
ip route 211.22.28.0 255.255.255.0 211.22.2.152
ip route 211.22.47.32 255.255.255.224 211.22.1.14
ip route 211.22.56.0 255.255.255.128 211.22.1.41
ip route 211.22.56.128 255.255.255.128 211.22.1.41
ip route 211.22.57.0 255.255.255.128 211.22.1.45
ip route 211.22.57.128 255.255.255.128 211.22.1.43
ip route 211.22.59.128 255.255.255.128 211.22.1.46
no ip http server
!
!
ip access-list extended block-mf-smtp
deny tcp any host 211.22.2.15 eq smtp
deny tcp any host 211.22.2.16 eq smtp
permit ip any any
ip access-list extended block-phisher
deny ip 80.255.59.0 0.0.0.247 any log
deny ip 41.220.64.0 0.0.15.255 any log
permit ip any any
ip access-list extended block-spam1
deny tcp any host 211.22.2.14 eq smtp
permit ip any any
ip access-list extended block-spam2
deny tcp any host 211.22.2.15 eq smtp
permit ip any any
ip access-list extended block-spam3
deny tcp any host 211.22.2.16 eq smtp
permit ip any any
ip access-list extended temp
deny tcp any host 211.22.2.15 eq smtp
permit ip any any
access-list 86 deny 0.0.0.0
access-list 86 permit any
access-list 150 permit ip any any
snmp-server enable traps tty
!
End
FreeBSD Server:
gateway_enable="NO"
defaultrouter="211.22.2.1"
hostname="cache1.ispdomain.net"
ifconfig_em0="inet 211.22.2.159 netmask 255.255.254.0"
linux_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
apache_enable="YES"
squid_enable="YES"
firewall_enable="YES"
firewall_script="/etc/rc.firewall.cache"
firewall_logging="YES"
firewall_flags=""
#firewall_type="open"
router_enable="YES"
gateway_enable="YES"
#natd_enable="YES"
rc.firewall.cache
#!/bin/sh
ipfw -q /etc/custom_firewall
custom_firewall:
cache1# cat /etc/custom_firewall
-q flush
-q queue flush
-q pipe flush
# for testing with the ip on the 2 network
add 65533 allow tcp from 211.22.2.159 to any
add 65534 fwd 211.22.2.159,3128 tcp from any to any 80
Squid.conf (partial)
http_port 211.11.2.159:3128 transparent
wccp2_router 211.22.4.33
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0
wccp2_rebuild_wait off
