Re: [squid-users] Squid, WCCP, and Loading?

From: Masood Ahmad Shah <masood@dont-contact.us>
Date: Mon, 4 Aug 2003 13:03:32 +0500

yes I heard from someone since last 2 months that there is a bug in CISCO
ios regarding WCCP but I don't know on which IOS :(... so better to change
your IOS

-- 
Best Regs,
Masood Ahmad Shah
System Administrator
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
|   * * * * * * * * * * * * * * * * * * * * * * * *
|   Fibre Net (Pvt) Ltd. Lahore, Pakistan
|   Tel: +92-42-6677024
|   Mobile: +92-300-4277367
|   http://www.fibre.net.pk
|   * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
----- Original Message ----- 
From: "Damian-Grint Philip" <pdamian-grint@collierscre.co.uk>
To: "'Larry M. Smith'" <squid-cache.org@fahq2.com>;
<squid-users@squid-cache.org>
Sent: Monday, August 04, 2003 12:41 PM
Subject: RE: [squid-users] Squid, WCCP, and Loading?
| I had similar symtoms - working fine on one 3620 but blocking on another,
| even when I clamped path MTU down to 576... I eventually used a route map
"
| set df 0"  for returning traffic which sorted the problem - I think there
| may be a Cisco implementation bug...
|
| See this url for more details:
|
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a0080
| 093f1f.shtml
|
| Phil DG
|
| -----Original Message-----
| From: Larry M. Smith [mailto:squid-cache.org@fahq2.com]
| Sent: 04 August 2003 06:53
| To: squid-users@squid-cache.org
| Subject: [squid-users] Squid, WCCP, and Loading?
|
|
| I am trying to set up Squid 2.5-STABLE3 as a transparent proxy with a
| Cisco 7204 VXR (running IOS 12.2(6))and am running across a maddening
| problem - works in test network, doesn't work in production network.
|
| I have read the FAQ as well as searched the lists.  I have tried both
| the ip_no_pmtu_disc and setting the MTU of eth0 back to 1476, and
| neither worked (nor did I expect them to as when it doesn't work, it
| doesn't work for redirection as well as it doesn't work hitting the
| proxy directly).
|
| I am using the ip_wccp module as described in the FAQ.  Have tried
| ip_gre however ip_wccp just seems more straightforward to me.
|
| When it's not working, doing a "sh ip wccp web-cache" on the router will
| show the redirected packet counter incrementing, access.log is logging
| client accesses, cache.log shows no abnormalities, and messages shows no
| abnormalities (i.e. if I wasn't sitting at the client everything would
| look like it's working), top shows the box barely breaking a sweat
| (squid taking < 1% of CPU), but the clients never get pages and
| eventually time out.  Did a sniff of the segment (with ethereal) that
| the Squid box is on and it appears that redirected requests are going on
| the segment, but Squid never (or more accurately very rarely) goes out
| to get the data for the requests. (Conversely, in the test network, you
| see the redirected request, Squid going out to get the data, the remote
| server responding, and Squid sending the data back - this only happens
| for a minute number of the redirected requests in the production
| network).  Once I disable the redirection from the Cisco side, clients
| (test, small number) hitting the squid cache directly work once again
| (no further intervention required).
|
| The only difference between the production and test networks (other than
| client load) is the production network is redirecting off of atm1/0
| while the test network is redirecting off of fa0/0 (and the requisite
| addressing/configuration changes).  I don't believe that to be cause of
| the functionality problem as in the production network I do see the
| packets being redirected to Squid.
|
| The box is a dual P4 XEON 2.4G, hyperthreading (Linux sees "4"
| processors) with 3GB RAM and 3 36GB U320 SCSI drives.  Linux 2.4.20,
| iptables 1.2.8, squid 2.5STABLE3.  I do have fairly restrictive firewall
| rules, however they are consistent between the production and test
| environments therefore I don't at this point believe the issue lies there.
|
| Squid was compiled with:  --prefix=/usr/local/squid
| --enable-storeio=ufs,diskd --enable-removal-policies=lru,heap
| --enable-wccp --disable-ident-lookups --enable-truncate
| --enable-underscores --enable-linux-netfilter
|
| squid.conf excerpt:
| http_port (IP Address eth0):8080
| httpd_accel_host virtual
| httpd_accel_port 80
| httpd_accel_with_proxy on
| httpd_accel_uses_host_header on
| wccp_router (router's fa0/0 same subnet)
|
| iptables redirect:
| iptables -t nat -A PREROUTING -p TCP -i eth0 --dport 80 -s (myIPspace)
| -j REDIRECT --to-port 8080
|
| Cache partition mount options:
| LABEL=/var/squid/0      /var/squid/0            ext3
| defaults,noatime,noexec,nosuid        1 2
| LABEL=/var/squid/1      /var/squid/1            ext3
| defaults,noatime,noexec,nosuid        1 2
| LABEL=/var/squid/2      /var/squid/2            ext3
| defaults,noatime,noexec,nosuid        1 2
|
| router configuration:
| ip wccp version 1
| ip wccp web-cache
| (within the interface) ip wccp web-cache redirect out
|
| If I didn't know any better it would appear to be purely a load related
| issue (within Squid, as the box doesn't appear to be doing anything) but
| I know there has to be people out there throwing more at it than I am
| (between 500-600 potential clients when I attempted to insert into the
| production environment).
|
| Lastly, in the production environment (prior to trying Squid) I did have
| a Cisco Cache Engine 590 running WCCPv2 against the same router (I did
| configure the router for WCCPv1 when removing this cache and inserting
| Squid) and working...  So I know the production router will handle the
| redirection properly...
|
| Any ideas on how to fix or where to look for more info to debug this?
| Could it purely be a performance tuning/recompile issue?
|
|
|
|
|
|
| ________________________________________________________________________
| This e-mail has been scanned for all viruses by Star Internet. The service
| is powered by MessageLabs. For more information on a proactive anti-virus
| service working around the clock, around the globe, visit:
| http://www.star.net.uk
| ________________________________________________________________________
|
| Confidentiality Notice
| This communication and the information it contains:
| (a) is intended for the person(s) or Organisation(s) named above and for
no other persons or organisations and,
| (b) may be confidential, legally privileged and protected by law.
| Unauthorised use, copying or disclosure of any of it may be unlawful.
| When addressed to our clients any opinions or advice contained in this
e-mail are subject to CCRE's terms and conditions of business notified to
the client or expressed in the governing client engagement letter.
| If you receive this communication in error, please notify us immediately,
destroy any copies and delete it from your computer system.
|
Received on Mon Aug 04 2003 - 02:04:04 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:34 MST