yes I heard from someone since last 2 months that there is a bug in CISCO
ios regarding WCCP but I don't know on which IOS :(... so better to change
your IOS
-- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) ----- Original Message ----- From: "Damian-Grint Philip" <pdamian-grint@collierscre.co.uk> To: "'Larry M. Smith'" <squid-cache.org@fahq2.com>; <squid-users@squid-cache.org> Sent: Monday, August 04, 2003 12:41 PM Subject: RE: [squid-users] Squid, WCCP, and Loading? | I had similar symtoms - working fine on one 3620 but blocking on another, | even when I clamped path MTU down to 576... I eventually used a route map " | set df 0" for returning traffic which sorted the problem - I think there | may be a Cisco implementation bug... | | See this url for more details: | http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a0080 | 093f1f.shtml | | Phil DG | | -----Original Message----- | From: Larry M. Smith [mailto:squid-cache.org@fahq2.com] | Sent: 04 August 2003 06:53 | To: squid-users@squid-cache.org | Subject: [squid-users] Squid, WCCP, and Loading? | | | I am trying to set up Squid 2.5-STABLE3 as a transparent proxy with a | Cisco 7204 VXR (running IOS 12.2(6))and am running across a maddening | problem - works in test network, doesn't work in production network. | | I have read the FAQ as well as searched the lists. I have tried both | the ip_no_pmtu_disc and setting the MTU of eth0 back to 1476, and | neither worked (nor did I expect them to as when it doesn't work, it | doesn't work for redirection as well as it doesn't work hitting the | proxy directly). | | I am using the ip_wccp module as described in the FAQ. Have tried | ip_gre however ip_wccp just seems more straightforward to me. | | When it's not working, doing a "sh ip wccp web-cache" on the router will | show the redirected packet counter incrementing, access.log is logging | client accesses, cache.log shows no abnormalities, and messages shows no | abnormalities (i.e. if I wasn't sitting at the client everything would | look like it's working), top shows the box barely breaking a sweat | (squid taking < 1% of CPU), but the clients never get pages and | eventually time out. Did a sniff of the segment (with ethereal) that | the Squid box is on and it appears that redirected requests are going on | the segment, but Squid never (or more accurately very rarely) goes out | to get the data for the requests. (Conversely, in the test network, you | see the redirected request, Squid going out to get the data, the remote | server responding, and Squid sending the data back - this only happens | for a minute number of the redirected requests in the production | network). Once I disable the redirection from the Cisco side, clients | (test, small number) hitting the squid cache directly work once again | (no further intervention required). | | The only difference between the production and test networks (other than | client load) is the production network is redirecting off of atm1/0 | while the test network is redirecting off of fa0/0 (and the requisite | addressing/configuration changes). I don't believe that to be cause of | the functionality problem as in the production network I do see the | packets being redirected to Squid. | | The box is a dual P4 XEON 2.4G, hyperthreading (Linux sees "4" | processors) with 3GB RAM and 3 36GB U320 SCSI drives. Linux 2.4.20, | iptables 1.2.8, squid 2.5STABLE3. I do have fairly restrictive firewall | rules, however they are consistent between the production and test | environments therefore I don't at this point believe the issue lies there. | | Squid was compiled with: --prefix=/usr/local/squid | --enable-storeio=ufs,diskd --enable-removal-policies=lru,heap | --enable-wccp --disable-ident-lookups --enable-truncate | --enable-underscores --enable-linux-netfilter | | squid.conf excerpt: | http_port (IP Address eth0):8080 | httpd_accel_host virtual | httpd_accel_port 80 | httpd_accel_with_proxy on | httpd_accel_uses_host_header on | wccp_router (router's fa0/0 same subnet) | | iptables redirect: | iptables -t nat -A PREROUTING -p TCP -i eth0 --dport 80 -s (myIPspace) | -j REDIRECT --to-port 8080 | | Cache partition mount options: | LABEL=/var/squid/0 /var/squid/0 ext3 | defaults,noatime,noexec,nosuid 1 2 | LABEL=/var/squid/1 /var/squid/1 ext3 | defaults,noatime,noexec,nosuid 1 2 | LABEL=/var/squid/2 /var/squid/2 ext3 | defaults,noatime,noexec,nosuid 1 2 | | router configuration: | ip wccp version 1 | ip wccp web-cache | (within the interface) ip wccp web-cache redirect out | | If I didn't know any better it would appear to be purely a load related | issue (within Squid, as the box doesn't appear to be doing anything) but | I know there has to be people out there throwing more at it than I am | (between 500-600 potential clients when I attempted to insert into the | production environment). | | Lastly, in the production environment (prior to trying Squid) I did have | a Cisco Cache Engine 590 running WCCPv2 against the same router (I did | configure the router for WCCPv1 when removing this cache and inserting | Squid) and working... So I know the production router will handle the | redirection properly... | | Any ideas on how to fix or where to look for more info to debug this? | Could it purely be a performance tuning/recompile issue? | | | | | | | ________________________________________________________________________ | This e-mail has been scanned for all viruses by Star Internet. The service | is powered by MessageLabs. For more information on a proactive anti-virus | service working around the clock, around the globe, visit: | http://www.star.net.uk | ________________________________________________________________________ | | Confidentiality Notice | This communication and the information it contains: | (a) is intended for the person(s) or Organisation(s) named above and for no other persons or organisations and, | (b) may be confidential, legally privileged and protected by law. | Unauthorised use, copying or disclosure of any of it may be unlawful. | When addressed to our clients any opinions or advice contained in this e-mail are subject to CCRE's terms and conditions of business notified to the client or expressed in the governing client engagement letter. | If you receive this communication in error, please notify us immediately, destroy any copies and delete it from your computer system. |Received on Mon Aug 04 2003 - 02:04:04 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:34 MST