Hello,
I am using Squid 2.3STABLE3 with the cache-expiration patch on RH5.2/Linux
2.2.14.
I am getting a large volume of Forwarding Loop messages in my cache.log.
The really strange thing is that these messages seem to be transient. A
site that is affected one minute, may not be an hour later. If one site
is being affected, it is just that site, not all traffic in that moment.
Further, from the logs, the loop is occuring between another cache that
should only be 'in the loop' under certain source IP addresses that are
specially directed (similar to Cisco route-map) to the second cache. In
this case, it appears that the Linux kernel is sporadically sending
unmatching packets to the second cache, causing the loop. The Linux
kernel feature in use here is the 'iproute2' and 'firewall marking'
features that allow alternate route tables to determine the next hop for a
packet.
I saw some previous messages regarding Forwarding Loops, but didn't see
anyone experiencing anything more than the Usual things, which do not seem
to be the cause here. The transient nature leaves me thinking it is a
bug, or other outside influence. (ICMP redirects?)
The second cache, when the ForwardLoop is logged in the first cache, does
show a matching request by the first cache for the item. The IP address
should not be matched by the 'route-map' like configuration in the first
cache.
The browser shows an Access Denied error response. In Communicator 4.73,
Reload Frame will bring in the correct page response.
I put a an ipchains rule in the second cache to ACCEPT packets sourced
from the first cache, rather than sending them through the REDIRECT. The
forwarding loop problem has then disappeared, and tcpdump shows that when
packets do come at the second cache, it sends a redirect back to the first
cache, and no routing loop seems to happen, making things appear even more
to be a kernel problem in the first cache.
Is any one doing anything similar, or have any ideas?
Thanks,
Brian Curnow
Received on Tue Jun 20 2000 - 19:25:10 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:06 MST