> Alex,
> If you are using a Cache engine (Cisco cache engine)
> Go to the interface that is connected to the Internet and
> redirect all http traffic to the interface where your cache
> engine resides.
Yes, I have already done this (I use Squid, but Squid 2.3 supports Cisco
WCCP v.1).
As soon as I switched to WCCP from policy-routing, the bug disappeared - no
fragments leak any more.
But I am trying to understand what is the problem with policy-routing. Once
I may need to use it for some other applications.
> Have you called TAC?
Not yet, because we have found workaround with WCCP.
However, somebody already called:
(from http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.3):
==================================================
Bruce Morgan ([EMAIL PROTECTED]) notes that there is a Cisco bug relating to
transparent proxying using IP policy route maps, that causes NFS and other
applications to break. Apparently there are two bug reports raised in Cisco,
but they are not available for public dissemination.
The problem occurs with o/s packets with more than 1472 data bytes. If you
try to ping a host with more than 1472 data bytes across a Cisco interface
with the access-lists and ip policy route map, the icmp request will fail.
The packet will be fragmented, and the first fragment is checked against the
access-list and rejected - it goes the "normal path" as it is an icmp packet
- however when the second fragment is checked against the access-list it is
accepted (it isn't regarded as an icmp packet), and goes to the action
determined by the policy route map!
==================================================
Alex,
CCNP
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
