Re: [squid-users] WCCPv2 strangeness - continued from Jason Taylor on 2006-12-05 (squid-users)

From: Jason Taylor <j@dont-contact.us>
Date: Tue, 05 Dec 2006 20:48:10 -0500

Hi Adrian,

I set the wccp2_forwarding_method to 2 and things are working better
now. I had to tweak my iptables redirect rules, however. Note that I
tried using the "wccp2_assignment_method 2" setting but I got the
following error, after which squid restarted.
2006/12/05 19:19:46| assertion failed: wccp2.c:1504: "value <= 0x1741"

In the interests of helping other people down the road, here are the
changes.

=====<beginning of changes>=====

squid.conf changes:
## Add a squid listener on localhost, due to REDIRECT below
##
http_port 127.0.0.1:8080
wccp2_forwarding_method 2

iptables changes:
## flush the existing iptables nat rules.
iptables -t nat -F
iptables -t nat -A PREROUTING -i eth2 \
-p tcp --dport 80 -j REDIRECT --to-port 8080

GRE tunnel no longer needed:
ip tunnel del gre1

=====<end of changes>=====

Thanks very much for the help.

/Jason

Adrian Chadd wrote:
> On Tue, Dec 05, 2006, Jason Taylor wrote:
>
>> The intercept router:
>> - Cisco 6509
>> - IOS version 12.2.18sxf
>
> Hm, I've heard rumours that there's been some WCCPv2 bugs in the SXF code.
> Yah, there's an unrelated bug resolved in 12.2(18)SXF7 and a couple more
> in previous releases but nothing related to GRE. Ok.
>
>> - loopback IP: 172.20.1.72
>> - WCCP IP (IP facing squid): 192.168.40.33 (default gateway for squid)
>
>> +-------+-------+ +------------+
>> | 192.168.251.1 | | Internet |
>> | Cisco 6509 +---+ Firewall +==> To Internet
>> | v12.2.18 sxf | | NAT is here|
>> | 192.168.40.33 | +------------+
>> +-------+-------+
>> |
>> +-------+-------+
>> | 192.168.40.37 |
>> | Squid Proxy |
>> +---------------+
>>
>> Squid.conf settings:
>> wccp2_router 192.168.40.33
>> wccp2_address 192.168.40.37
>> wccp2_service standard 0
>
> If its directly connected then I'd give using L2 forwardinga shot over
> GRE forwarding. Just set wccp2_forwarding_method 2 in squid.conf.
> See if L2 redirection does the right thing. Keep the iptables rule
> but toss the GRE tunnel.
>
> (I'd also suggest trying mask assignment over hash assignment with
> Squid-2.6 but apparently mask assignment is causing Squid to crash.
> I'm testing a workaround atm. It won't matter unless you're doing
> quite a lot of traffic and you notice the MSFC CPU usage go way up.)
>
>
>
> Adrian
>
Received on Tue Dec 05 2006 - 18:48:23 MST

This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST