Re: [squid-users] 2.6S1 WCCP2 problems
ons 2006-07-19 klockan 15:50 -0400 skrev Bryan Shoebottom: > before they stated that WCCP simply needs an IP and will grab any > configured IP on the router, it doesn't matter. I think i am going to > submit a bug, i don't know why squid is sending back a bad id. Perhaps your problem matches bug #1584? "Cache unable to register with WCCPv2" http://www.squid-cache.org/bugs/show_bug.cgi?id=1584> Note: Bug #1584 is about an IOS issue where IOS incorrectly rejects WCCP control channel packets as duplicates if their IP level packet ID is 0. For correct operation IOS should be looking at the WCCP message ID, not the IP packet ID. The IP packet ID should be ignored completely, only relevant in handling of fragmented IP packets which is not the case here. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] 2.6S1 WCCP2 problems
ons 2006-07-19 klockan 15:54 -0400 skrev Bryan Shoebottom: > I will give that a shot. Is there any reason why this isn't in the FAQ? Lack of people having time to update the FAQ? Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] 2.6S1 WCCP2 problems
Yes, check your rp_filter=0 Be sure to try your squid in non-transparent (fill the proxy in client browser) is work well You also had to search topics in web http://www.squid-cache.org/mail-archive/squid-users/200502/0909.html rgds, Tino - Original Message - From: "Bryan Shoebottom" <[EMAIL PROTECTED]> To: "Henrik Nordstrom" <[EMAIL PROTECTED]> Cc: "tino" <[EMAIL PROTECTED]>; Sent: Thursday, July 20, 2006 2:54 AM Subject: Re: [squid-users] 2.6S1 WCCP2 problems Henrik, I will give that a shot. Is there any reason why this isn't in the FAQ? This is the first place i checked when my config didn't work. Thanks, Bryan On Wed, 2006-07-19 at 10:04 -0400, Henrik Nordstrom wrote: ons 2006-07-19 klockan 07:25 +0700 skrev tino: > RE: [squid-users] 2.6S1 WCCP2 problems http_port 3128 transparent > vhost vport=80 why vhost and vport=80? These are for accelerator/reverse proxy mode, not Internet proxies.. The transparent keyword takes care of all which is needed in transparent interception. > #-at squid: > insmod ip_gre > ifconfig gre0 up > ip addr add 172.0.0.2 255.255.255.252 dev gre0 I would say it's better to create a new GRE tunnel for the router. ip tunnel add wccp mode gre remote ip.of.router ip addr add proxy.server.ip/32 dev wccp ip link set wccp up and intercepted packets redirected by the router should be coming in on the virtual wccp interface, where they can easily be redirected to Squid iptables -t nat -A PREROUTING -i wccp -p tcp -j REDIRECT --to 3128 You quite likely also need to disable reverse-path lookups on the wccp interface echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter IP forwarding does not need to be enabled. Regards Henrik
Re: [squid-users] 2.6S1 WCCP2 problems
Henrik, I will give that a shot. Is there any reason why this isn't in the FAQ? This is the first place i checked when my config didn't work. Thanks, Bryan On Wed, 2006-07-19 at 10:04 -0400, Henrik Nordstrom wrote: > ons 2006-07-19 klockan 07:25 +0700 skrev tino: > > RE: [squid-users] 2.6S1 WCCP2 problems http_port 3128 transparent > > vhost vport=80 > > why vhost and vport=80? These are for accelerator/reverse proxy mode, > not Internet proxies.. The transparent keyword takes care of all which > is needed in transparent interception. > > > > #-at squid: > > insmod ip_gre > > ifconfig gre0 up > > ip addr add 172.0.0.2 255.255.255.252 dev gre0 > > I would say it's better to create a new GRE tunnel for the router. > > ip tunnel add wccp mode gre remote ip.of.router > ip addr add proxy.server.ip/32 dev wccp > ip link set wccp up > > and intercepted packets redirected by the router should be coming in on > the virtual wccp interface, where they can easily be redirected to Squid > > iptables -t nat -A PREROUTING -i wccp -p tcp -j REDIRECT --to 3128 > > You quite likely also need to disable reverse-path lookups on the wccp > interface > > echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter > > > IP forwarding does not need to be enabled. > > Regards > Henrik
Re: [squid-users] 2.6S1 WCCP2 problems
Tino, Thanks for your config, i added the vhost and vport=80 options to my config, but i am still having the same problems. As for lo0 on the router, i have never had to setup this up in the past but i tried it anyway and it made no difference. When i have talked to the Cisco guys before they stated that WCCP simply needs an IP and will grab any configured IP on the router, it doesn't matter. I think i am going to submit a bug, i don't know why squid is sending back a bad id. Thanks, Bryan On Tue, 2006-07-18 at 20:25 -0400, tino wrote: > RE: [squid-users] 2.6S1 WCCP2 problems http_port 3128 > transparent > vhost vport=80 > tcp_outgoing address 10.10.10.1 > wccp2_router 10.10.10.2 > wccp2_forwarding_method 1 > wccp2_return_method 1 > wccp2_service standard 0 > > As far I know, kernel 2.6.9 & up , you do need bringing up loopback0 > at > cisco router (this is because wccp will use it as router identifier) > > #at router : > interface lo0 >ip address 172.0.0.1 255.255.255.252 > no shut > > #-at squid: > insmod ip_gre > ifconfig gre0 up > ip addr add 172.0.0.2 255.255.255.252 dev gre0 > > If you shut loopback0, wccp mechanism still alive at router, but no > traffic > being redirected ( gre_tunnel is established between lo0<-->gre0 & via > this > tunnel where web-traffic redirected) > Also put "ip wccp web-cache exclude in" in the router interface where > squid > attached & make sure it is not same vlan where traffic redirected > > > regards > Tino > - Original Message - > From: Shoebottom, Bryan > To: tino ; squid-users@squid-cache.org > Sent: Tuesday, July 18, 2006 7:06 PM > Subject: RE: [squid-users] 2.6S1 WCCP2 problems > > > Tino, > > Our lookback interface is not configured and never has been in the > past for > caches to work. You do bring up an interesting point of the IP > address of > the gre interface. In the past i have simply used an IP that is not > on our > network, maybe i can't do that anymore. What wccp directives do you > have > configured in your squid.conf? > > Thanks, > > Bryan > > > > -Original Message- > From: tino [mailto:[EMAIL PROTECTED] > Sent: Mon 7/17/2006 8:17 PM > To: Shoebottom, Bryan; squid-users@squid-cache.org > Subject: Re: [squid-users] 2.6S1 WCCP2 problems > > Hi, Bryan > what is your interface loopback0 status & ip address at L3 6500 ? It > should > be in the same subnet with your gre0 ip address. > > I'm running 6500 earlier version than yours (supervisor engine-1a & > msfc1), > ip cef enable, & wccpv2 work ok with squid-2.6S1, I'm using kernel > 2.6.15.7 > with ip_gre loaded from kernel module. > > It also work when I put squid-2.6.S1 with 3620 router, ios 12.2(t) & > as5300, ios 12.0.7(t) > > also, make sure iptables loaded first before running squid > > rgds, > Tino > > - Original Message - > From: Shoebottom, Bryan <mailto:[EMAIL PROTECTED]> > To: tino <mailto:[EMAIL PROTECTED]> ; > squid-users@squid-cache.org > Sent: Monday, July 17, 2006 7:29 PM > Subject: RE: [squid-users] 2.6S1 WCCP2 problems > > > > -6500 running code 12.1(26)E > -ip wccp we redirect in configured on vlans > ip wccp web-cache > -2.6.17 > -/sbin/iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp > --dport > 80 -j REDIRECT --to-ports 3128 > > eth0 Link encap:Ethernet HWaddr 00:14:C2:C3:3B:1D > inet addr:10.10.101.3 Bcast:10.10.101.7 > Mask:255.255.255.248 > inet6 addr: fe80::214:c2ff:fec3:3b1d/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:53302 errors:0 dropped:0 overruns:0 > frame:0 > TX packets:41745 errors:0 dropped:0 overruns:0 > carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:7311146 (6.9 MiB) TX bytes:6586185 (6.2 > MiB) > Interrupt:185 > > gre0 Link encap:UNSPEC HWaddr > 00-00-00-00-BD-BF-A8-4C-00-00-00-00-00-00-00-00 > inet addr:10.2.1.1 Mask:255.255.255.252 > UP RUNNING NOARP MTU:1476 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > loLink encap:Local Loopback >
Re: [squid-users] 2.6S1 WCCP2 problems
ons 2006-07-19 klockan 07:25 +0700 skrev tino: > RE: [squid-users] 2.6S1 WCCP2 problems http_port 3128 transparent > vhost vport=80 why vhost and vport=80? These are for accelerator/reverse proxy mode, not Internet proxies.. The transparent keyword takes care of all which is needed in transparent interception. > #-at squid: > insmod ip_gre > ifconfig gre0 up > ip addr add 172.0.0.2 255.255.255.252 dev gre0 I would say it's better to create a new GRE tunnel for the router. ip tunnel add wccp mode gre remote ip.of.router ip addr add proxy.server.ip/32 dev wccp ip link set wccp up and intercepted packets redirected by the router should be coming in on the virtual wccp interface, where they can easily be redirected to Squid iptables -t nat -A PREROUTING -i wccp -p tcp -j REDIRECT --to 3128 You quite likely also need to disable reverse-path lookups on the wccp interface echo 0 >/proc/sys/net/ipv4/conf/wccp/rp_filter IP forwarding does not need to be enabled. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] 2.6S1 WCCP2 problems
RE: [squid-users] 2.6S1 WCCP2 problems http_port 3128 transparent vhost vport=80 tcp_outgoing address 10.10.10.1 wccp2_router 10.10.10.2 wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_service standard 0 As far I know, kernel 2.6.9 & up , you do need bringing up loopback0 at cisco router (this is because wccp will use it as router identifier) #at router : interface lo0 ip address 172.0.0.1 255.255.255.252 no shut #-at squid: insmod ip_gre ifconfig gre0 up ip addr add 172.0.0.2 255.255.255.252 dev gre0 If you shut loopback0, wccp mechanism still alive at router, but no traffic being redirected ( gre_tunnel is established between lo0<-->gre0 & via this tunnel where web-traffic redirected) Also put "ip wccp web-cache exclude in" in the router interface where squid attached & make sure it is not same vlan where traffic redirected regards Tino - Original Message - From: Shoebottom, Bryan To: tino ; squid-users@squid-cache.org Sent: Tuesday, July 18, 2006 7:06 PM Subject: RE: [squid-users] 2.6S1 WCCP2 problems Tino, Our lookback interface is not configured and never has been in the past for caches to work. You do bring up an interesting point of the IP address of the gre interface. In the past i have simply used an IP that is not on our network, maybe i can't do that anymore. What wccp directives do you have configured in your squid.conf? Thanks, Bryan -Original Message- From: tino [mailto:[EMAIL PROTECTED] Sent: Mon 7/17/2006 8:17 PM To: Shoebottom, Bryan; squid-users@squid-cache.org Subject: Re: [squid-users] 2.6S1 WCCP2 problems Hi, Bryan what is your interface loopback0 status & ip address at L3 6500 ? It should be in the same subnet with your gre0 ip address. I'm running 6500 earlier version than yours (supervisor engine-1a & msfc1), ip cef enable, & wccpv2 work ok with squid-2.6S1, I'm using kernel 2.6.15.7 with ip_gre loaded from kernel module. It also work when I put squid-2.6.S1 with 3620 router, ios 12.2(t) & as5300, ios 12.0.7(t) also, make sure iptables loaded first before running squid rgds, Tino - Original Message - From: Shoebottom, Bryan <mailto:[EMAIL PROTECTED]> To: tino <mailto:[EMAIL PROTECTED]> ; squid-users@squid-cache.org Sent: Monday, July 17, 2006 7:29 PM Subject: RE: [squid-users] 2.6S1 WCCP2 problems -6500 running code 12.1(26)E -ip wccp we redirect in configured on vlans ip wccp web-cache -2.6.17 -/sbin/iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 eth0 Link encap:Ethernet HWaddr 00:14:C2:C3:3B:1D inet addr:10.10.101.3 Bcast:10.10.101.7 Mask:255.255.255.248 inet6 addr: fe80::214:c2ff:fec3:3b1d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:53302 errors:0 dropped:0 overruns:0 frame:0 TX packets:41745 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7311146 (6.9 MiB) TX bytes:6586185 (6.2 MiB) Interrupt:185 gre0 Link encap:UNSPEC HWaddr 00-00-00-00-BD-BF-A8-4C-00-00-00-00-00-00-00-00 inet addr:10.2.1.1 Mask:255.255.255.252 UP RUNNING NOARP MTU:1476 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:104 errors:0 dropped:0 overruns:0 frame:0 TX packets:104 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:19992 (19.5 KiB) TX bytes:19992 (19.5 KiB) I have enabled wccp2 when configuring squid. Thanks, Bryan -Original Message- From: tino [mailto:[EMAIL PROTECTED] Sent: Sun 7/16/2006 11:11 PM To: Shoebottom, Bryan; squid-users@squid-cache.org Subject: Re: [squid-users] 2.6S1 WCCP2 problems give me this data : -cisco router version & ios version -cisco runnning config -kernel version -iptables setting -output of ifconfig -when ./configure , your need add this options --enable_wccpv2 rgds, Tino - Original Message - From: "Shoebottom, Bryan" <[EMAIL PROTECTED]> To: Sent: Saturday, July 15, 2006 1:27 AM Subject: RE: [squid-users
Re: [squid-users] 2.6S1 WCCP2 problems
On Mon, Jul 17, 2006, Shoebottom, Bryan wrote: > Adrian, > > The interest is 100%. If I can't get wccpv2 to work in 2.6, i will stay with > 2.5. As for the debug, i will post what is in the cache.log file, i also got > 5 core file for every time squid tried to start: You need to fix this first before we try to fix WCCP2. This error sounds like the diskd stuff isn't setup right - double-check your SYSV shared memory and message queue configuration and get squid-2.6 stable. Adrian > > FATAL: msgget failed > Squid Cache (Version 2.6.STABLE1): Terminated abnormally. > CPU Usage: 0.008 seconds = 0.004 user + 0.004 sys > Maximum Resident Size: 0 KB > Page faults with physical i/o: 0 > FATAL: msgget failed > Squid Cache (Version 2.6.STABLE1): Terminated abnormally. > CPU Usage: 0.004 seconds = 0.004 user + 0.000 sys > Maximum Resident Size: 0 KB > Page faults with physical i/o: 0 > FATAL: msgget failed > Squid Cache (Version 2.6.STABLE1): Terminated abnormally. > CPU Usage: 0.008 seconds = 0.004 user + 0.004 sys > Maximum Resident Size: 0 KB > Page faults with physical i/o: 0 > FATAL: msgget failed > Squid Cache (Version 2.6.STABLE1): Terminated abnormally. > CPU Usage: 0.004 seconds = 0.004 user + 0.000 sys > Maximum Resident Size: 0 KB > Page faults with physical i/o: 0 > FATAL: msgget failed > Squid Cache (Version 2.6.STABLE1): Terminated abnormally. > CPU Usage: 0.004 seconds = 0.004 user + 0.000 sys > Maximum Resident Size: 0 KB > Page faults with physical i/o: 0 > > Thanks, > > Bryan Shoebottom CCNA > Network/UNIX Administrator > Network Services & Computer Operations > Fanshawe College > > > > -Original Message- > From: Adrian Chadd [mailto:[EMAIL PROTECTED] > Sent: Mon 7/17/2006 8:50 AM > To: Shoebottom, Bryan > Cc: Jeremy Hall; squid-users@squid-cache.org > Subject: Re: [squid-users] 2.6S1 WCCP2 problems > > On Mon, Jul 17, 2006, Shoebottom, Bryan wrote: > > I'm not going to say it's not a cisco problem because they seem to change > > their code with every release, but i only changed the cache configuration > > to use 2.6S1 and not 2.5S12. I will try the debug (all on our development > > network) and send in the results. Thanks for the suggestions. > > Hopefully the logs will give us a hint as to why WCCP isn't working. > > How much interest is there in getting Squid-2.6 and WCCPv2 working > well? > > > > > Adrian > >
Re: [squid-users] 2.6S1 WCCP2 problems
On Mon, Jul 17, 2006, Shoebottom, Bryan wrote: > I'm not going to say it's not a cisco problem because they seem to change > their code with every release, but i only changed the cache configuration to > use 2.6S1 and not 2.5S12. I will try the debug (all on our development > network) and send in the results. Thanks for the suggestions. Hopefully the logs will give us a hint as to why WCCP isn't working. How much interest is there in getting Squid-2.6 and WCCPv2 working well? Adrian
[squid-users] [EMAIL PROTECTED]: Re: [squid-users] 2.6S1 WCCP2 problems]
oops. - Forwarded message from Adrian Chadd <[EMAIL PROTECTED]> - Date: Mon, 17 Jul 2006 20:02:38 +0800 From: Adrian Chadd <[EMAIL PROTECTED]> To: "Shoebottom, Bryan" <[EMAIL PROTECTED]> Cc: squid-dev@squid-cache.org Subject: Re: [squid-users] 2.6S1 WCCP2 problems User-Agent: Mutt/1.5.9i On Mon, Jul 17, 2006, Shoebottom, Bryan wrote: > Hey, > > It's a 6500 with 12.1(26)E code on it. It works with 2.5 stable code with > the WCCP2 patch applied. If you're not afraid of a little risk, try this: I think these will turn on wccp packet logging: debug ip wccp packet debug ip wccp event make sure "no logging console" is on. Then, on the squid side: debug_options 80,99 .. and put the resultant logs into a bug submitted via bugzilla. Adrian - End forwarded message -
Re: [squid-users] 2.6S1 WCCP2 problems
give me this data : -cisco router version & ios version -cisco runnning config -kernel version -iptables setting -output of ifconfig -when ./configure , your need add this options --enable_wccpv2 rgds, Tino - Original Message - From: "Shoebottom, Bryan" <[EMAIL PROTECTED]> To: Sent: Saturday, July 15, 2006 1:27 AM Subject: RE: [squid-users] 2.6S1 WCCP2 problems Does anyone have this problem on 2.6S1??? With debug on on the router I get this error: Here_I_Am packet from 10.10.101.3 w/bad rcv_id Any help would be appreciated. Thanks, Bryan -Original Message- From: Shoebottom, Bryan [mailto:[EMAIL PROTECTED] Sent: July 13, 2006 1:18 PM To: squid-users@squid-cache.org Subject: [squid-users] 2.6S1 WCCP2 problems Hey, I can't seem to get wccpv2 working in squid 2.6Stable1. My wccp config is as follows: wccp2_router 10.10.101.1 wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_service standard 0 My router only seems to see L2 redirection even though I have specified GRE/WCCP: ROUTER#sho ip wcc we d WCCP Cache-Engine information: Web Cache ID: 10.10.101.3 Protocol Version: 2.0 State: NOT Usable Redirection: L2 Packet Return: L2 Packets Redirected:0 Connect Time: 00:00:29 Assignment:MASK ROUTER# After 30 seconds, the connect time for the cache restarts. I am running a 2.6.17 kernel which supports WCCP in the GRE module and have this loaded as gre0. Has anyone else gotten this to work under the new 2.6 release yet? Anyone have any suggestions? Thanks, Bryan
Re: [squid-users] 2.6S1 WCCP2 problems
On Fri, Jul 14, 2006, Shoebottom, Bryan wrote: > Does anyone have this problem on 2.6S1??? > With debug on on the router I get this error: > Here_I_Am packet from 10.10.101.3 w/bad rcv_id You need to include the hardware/IOS version of the cisco you're talking to. There's some versions which just don't plain work. Adrian
RE: [squid-users] 2.6S1 WCCP2 problems
Does anyone have this problem on 2.6S1??? With debug on on the router I get this error: Here_I_Am packet from 10.10.101.3 w/bad rcv_id Any help would be appreciated. Thanks, Bryan -Original Message- From: Shoebottom, Bryan [mailto:[EMAIL PROTECTED] Sent: July 13, 2006 1:18 PM To: squid-users@squid-cache.org Subject: [squid-users] 2.6S1 WCCP2 problems Hey, I can't seem to get wccpv2 working in squid 2.6Stable1. My wccp config is as follows: wccp2_router 10.10.101.1 wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_service standard 0 My router only seems to see L2 redirection even though I have specified GRE/WCCP: ROUTER#sho ip wcc we d WCCP Cache-Engine information: Web Cache ID: 10.10.101.3 Protocol Version: 2.0 State: NOT Usable Redirection: L2 Packet Return: L2 Packets Redirected:0 Connect Time: 00:00:29 Assignment:MASK ROUTER# After 30 seconds, the connect time for the cache restarts. I am running a 2.6.17 kernel which supports WCCP in the GRE module and have this loaded as gre0. Has anyone else gotten this to work under the new 2.6 release yet? Anyone have any suggestions? Thanks, Bryan
[squid-users] 2.6S1 WCCP2 problems
Hey, I can't seem to get wccpv2 working in squid 2.6Stable1. My wccp config is as follows: wccp2_router 10.10.101.1 wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_service standard 0 My router only seems to see L2 redirection even though I have specified GRE/WCCP: ROUTER#sho ip wcc we d WCCP Cache-Engine information: Web Cache ID: 10.10.101.3 Protocol Version: 2.0 State: NOT Usable Redirection: L2 Packet Return: L2 Packets Redirected:0 Connect Time: 00:00:29 Assignment:MASK ROUTER# After 30 seconds, the connect time for the cache restarts. I am running a 2.6.17 kernel which supports WCCP in the GRE module and have this loaded as gre0. Has anyone else gotten this to work under the new 2.6 release yet? Anyone have any suggestions? Thanks, Bryan
