>Dear list,
>
>I'm trying to get squid running with two cisco-routers, but after a lot
of
>trial, I'm on the brink of nonsense... The two cisco-routers are a 2600
>and 3800, both in the same sub-net, connected to a squid-proxy (2.6)
over
>wccp2 and gre. If I try to use the proxy from either cisco-router,
there
>is no problem. But if I try to use the proxy from both routers, the
proxy
>is visible to the routers, but "not usable". I change from one
>configuration to the other by using one or two "wccp2_router"-lines.
>
>Debugging the issue with debug_options 80,9 shows that only one of the
two
>routers is replying, but not the other one, and that the replies are of
a
>different length (only 136 bytes) than when it works with only one
router
> (180 bytes).
>
>Is there anything I can do to test this issue further? I would really
like
>to get this configuration going, but I'm really lost for the moment.
Could
>it be something with the GRE-tunnel? One router works whether I set the
>tunnel up or not, and both tunnel work neither with the GRE-tunnel,
>neither without.
>
>I hope I make sense ;)
>
>Linus
Linus,
I had some difficulty with this as well. But I now have 7 routers
talking to squid. I found that usually the primary interface is the one
that wccp2 likes to communicate on, but not always. I've seen posts
that indicate that if you have a loopback device, use that one. Not the
case for me. Create your GRE tunnel2 on your server so that your squid
server is such:
I use FreeBSD 7.1
169.254.254.10/30 169.254.254.11
squidIP -> router1_Primary_IP
169.254.254.20/30 169.254.254.21
squidIP -> router1_Primary_IP
Don't try to create a tunnel device on the router. That is strictly for
a router to router tunnel. I fell into that trap. Could not figure out
why my tunnel would not communicate.
filter rule:
add 65534 fwd <serverIP>,3128 tcp from any to any 80 recv in gre*
Squid.conf:
wccp2_router Router1IP
wccp2_router Router2IP
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0
Router1 & 2:
ip wccp version 2
ip wccp web-cache redirect-list 150
access-list 150 permit tcp any any eq www
int <our-outgoing--INTERNET--interface>
ip wccp web-cache redirect out
router1# sh ip wccp web-cache detail
WCCP Cache-Engine information:
Web Cache ID: <Squid ServerIP>
Protocol Version: 2.0
State: Usable
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets Redirected: 302
Connect Time: 00:04:30
router1#sh ip wccp web-cache
Global WCCP information:
Router information:
Router Identifier: <Primary Interface in most
cases>
Protocol Version: 2.0
Service Identifier: web-cache
Number of Cache Engines: 1
Number of routers: 1
Total Packets Redirected: 3463
Redirect access-list: 150
Total Packets Denied Redirect: 164188
Total Packets Unassigned: 779
Group access-list: -none-
Total Messages Denied to Group: 0
Total Authentication failures: 0
To see tunnel traffic:
Squid#tcpdump -n -vv -i gre0
Let us know how it goes. I plan on doing a write on implementing
Squid+WCCP2+FreeBSD to fill a gap I found in documentation to be found
using FreeBSD.
Tony DeMatteis
