wccpv2 and L2 redirection
Hi all, I am trying to implement squid+wccp along with a cisco 3550. i was able to compile the visolve wccp2 patch for squid and the kernel. and got them running okay. However, when i run Squid in wccpv1 (and the cisco 3550) the cisco only redirects traffic destined for itself. (i have an open case with cisco about this). So i tried implementing wccpv2. to my dismay the cisco 3550 does not support wccpv2 with GRE packet redirection. it must use Layer 2 redirection. so when i run squid with the wccpv2 i get the following errors on the cisco 3550 (off course i change both configs on cisco and squid wccp2_router and ip wccp version 2) 17:19:43: WCCP-EVNT:wccp_update_assignment_status: enter 17:19:43: WCCP-EVNT:wccp_update_assignment_status: exit 17:19:43: WCCP-EVNT:S00: Here_I_Am packet from 142.46.145.4 w/bad fwd method 0001, was offered 0002 17:19:43: WCCP-EVNT:S00: Here_I_Am packet from 142.46.145.4 with incompatible capabilites Questions 1. i was wondering if there has been anywork done to support wccpv2+Layer 2 (instead of GRE) 2. what is causing the cisco (in wccpv1) to only redirect traffic when destined to itself. anyhelp would be much appreciated. thank you, John [EMAIL PROTECTED]
Re: wccpv2 and L2 redirection
On Tue, 11 Nov 2003, John El-Rassi wrote: So i tried implementing wccpv2. to my dismay the cisco 3550 does not support wccpv2 with GRE packet redirection. No problem in theory. L2 redirection just makes life a whole lot easier as you don't need any GRE module, just normal interception rules to intercept port 80 traffic at the cache server. Only drawback is that the cache server must be locally attached to the same Ethernet segment as the router. it must use Layer 2 redirection. so when i run squid with the wccpv2 i get the following errors on the cisco 3550 (off course i change both configs on cisco and squid wccp2_router and ip wccp version 2) 17:19:43: WCCP-EVNT:wccp_update_assignment_status: enter 17:19:43: WCCP-EVNT:wccp_update_assignment_status: exit 17:19:43: WCCP-EVNT:S00: Here_I_Am packet from 142.46.145.4 w/bad fwd method 0001, was offered 0002 17:19:43: WCCP-EVNT:S00: Here_I_Am packet from 142.46.145.4 with incompatible capabilites Questions 1. i was wondering if there has been anywork done to support wccpv2+Layer 2 (instead of GRE) In general one can say that there has been very little work done on WCCPv2 for Squid and the WCCPv2 patch is best described as WCCPv1 using the WCCPv2 protocol syntax If it is the case that the WCCP protocol specifies the encapsulation method the router should use when forwarding packets to the cache then the Squid WCCPv2 patch needs to be extended with a parameter for specifying this in the WCCP_HERE_I_AM packet. From a quick glance in the WCCPv2 Internet-Draft this does seem to be the case. The above error message seems to confirm this.. if I am reading it correctly the error says that the WCCP_HERE_I_AM packet wanted GRE encapsulation. 2. what is causing the cisco (in wccpv1) to only redirect traffic when destined to itself. Please explain this a little further. I am not sure exacly what you refer to. Regards Henrik
RE: wccpv2 and L2 redirection
Questions: 1. so would it be as simple as changing the #define WCCP2_CAPABILTIY_INFO 8 value to provide the 0002 value, to put the squid engine as a capable engine, and then squid should be able to read the redirected L2 (Layer 2) requests and service them? or am i totally off wack here? 2. when i run squid in wccp version 1 and cisco 3550 in wccp (with the gre tunnels) the cisco switch only routes traffic normally that is destined to the net. it however redirects traffic if the destination ip of the web request was any IP that the cisco is configured with. ( menaing if i type in the web browser the IP address of the cisco switch. the web managment interface of the router). when i do that i see the redirection counter on the cisco incrementing and the access.log on squid showing the request and query. However if i do from the same client any other web request the redirect counters don't increment, the access.log obviously doesn't show anything, but the request does return webpages, which i am guessing is being routed normally instead of redirecting it. ___ On Tue, 11 Nov 2003, John El-Rassi wrote: So i tried implementing wccpv2. to my dismay the cisco 3550 does not support wccpv2 with GRE packet redirection. No problem in theory. L2 redirection just makes life a whole lot easier as you don't need any GRE module, just normal interception rules to intercept port 80 traffic at the cache server. Only drawback is that the cache server must be locally attached to the same Ethernet segment as the router. it must use Layer 2 redirection. so when i run squid with the wccpv2 i get the following errors on the cisco 3550 (off course i change both configs on cisco and squid wccp2_router and ip wccp version 2) 17:19:43: WCCP-EVNT:wccp_update_assignment_status: enter 17:19:43: WCCP-EVNT:wccp_update_assignment_status: exit 17:19:43: WCCP-EVNT:S00: Here_I_Am packet from 142.46.145.4 w/bad fwd method 0001, was offered 0002 17:19:43: WCCP-EVNT:S00: Here_I_Am packet from 142.46.145.4 with incompatible capabilites Questions 1. i was wondering if there has been anywork done to support wccpv2+Layer 2 (instead of GRE) In general one can say that there has been very little work done on WCCPv2 for Squid and the WCCPv2 patch is best described as WCCPv1 using the WCCPv2 protocol syntax If it is the case that the WCCP protocol specifies the encapsulation method the router should use when forwarding packets to the cache then the Squid WCCPv2 patch needs to be extended with a parameter for specifying this in the WCCP_HERE_I_AM packet. From a quick glance in the WCCPv2 Internet-Draft this does seem to be the case. The above error message seems to confirm this.. if I am reading it correctly the error says that the WCCP_HERE_I_AM packet wanted GRE encapsulation. 2. what is causing the cisco (in wccpv1) to only redirect traffic when destined to itself. Please explain this a little further. I am not sure exacly what you refer to. Regards Henrik
RE: wccpv2 and L2 redirection
On Tue, 11 Nov 2003, John El-Rassi wrote: 1. so would it be as simple as changing the #define WCCP2_CAPABILTIY_INFO 8 value to provide the 0002 value, to put the squid engine as a capable engine, and then squid should be able to read the redirected L2 (Layer 2) requests and service them? or am i totally off wack here? I have never looked at the WCCPv2 patch, but it looks reasonable. I would add a squid.conf parameter for this. 2. when i run squid in wccp version 1 and cisco 3550 in wccp (with the gre tunnels) the cisco switch only routes traffic normally that is destined to the net. it however redirects traffic if the destination ip of the web request was any IP that the cisco is configured with. ( menaing if i type in the web browser the IP address of the cisco switch. the web managment interface of the router). when i do that i see the redirection counter on the cisco incrementing and the access.log on squid showing the request and query. However if i do from the same client any other web request the redirect counters don't increment, the access.log obviously doesn't show anything, but the request does return webpages, which i am guessing is being routed normally instead of redirecting it. That defenitely is a router bug. If your router has a fast switching path then try disabling this to see if that helps. I have heard in the past that there was problems with WCCP in certain Cisco fast switching implementations. Traffic directed to one of the IP addresses of the router itself will always hit the CPU and does not use any fast switching path of the router. Regards Henrik
Re: wccpv2 and L2 redirection
Hi, I tried doing this in my network. We run about 150mb and 8 squid cache box's. Found using transparency and a load balanced route map works better. -- Joe On Tue, 11 Nov 2003, John El-Rassi wrote: Hi all, I am trying to implement squid+wccp along with a cisco 3550. i was able to compile the visolve wccp2 patch for squid and the kernel. and got them running okay. However, when i run Squid in wccpv1 (and the cisco 3550) the cisco only redirects traffic destined for itself. (i have an open case with cisco about this). So i tried implementing wccpv2. to my dismay the cisco 3550 does not support wccpv2 with GRE packet redirection. it must use Layer 2 redirection. so when i run squid with the wccpv2 i get the following errors on the cisco 3550 (off course i change both configs on cisco and squid wccp2_router and ip wccp version 2) 17:19:43: WCCP-EVNT:wccp_update_assignment_status: enter 17:19:43: WCCP-EVNT:wccp_update_assignment_status: exit 17:19:43: WCCP-EVNT:S00: Here_I_Am packet from 142.46.145.4 w/bad fwd method 0001, was offered 0002 17:19:43: WCCP-EVNT:S00: Here_I_Am packet from 142.46.145.4 with incompatible capabilites Questions 1. i was wondering if there has been anywork done to support wccpv2+Layer 2 (instead of GRE) 2. what is causing the cisco (in wccpv1) to only redirect traffic when destined to itself. anyhelp would be much appreciated. thank you, John [EMAIL PROTECTED]