[squid-users] WCCPV2 Help from Wallace, Brian S. on 2004-02-27 (squid-users)

From: Wallace, Brian S. <wallacebs@dont-contact.us>
Date: Fri, 27 Feb 2004 09:52:45 -0500

Hi:

I have reached a dead end trying to get the following to work:

        Solaris 8
        IP Filter 3.4.33pre2
        Squid 2.5Stable4 with transparency and wccpv2 enabled.
        wccpv2 2.5 Patch
        Cisco 6500 Router running IOS in native mode

The router advertises the following:

        WCCP2_FORWARDING_METHOD_L2
        WCCP2_ASSIGNMENT_METHOD_MASK
        WCCP2_PACKET_RETURN_METHOD_GRE

I have modified wccpv2.c and added WCCP2_COMPATIBILTY_INFO (8) to the
HERE_I_AM packet. Since I can't find a GRE kernel module for Solaris,
we want to use L2 with WCCP2. I respond with:

        WCCP2_FORWARDING_METHOD_L2
        WCCP2_ASSIGNMENT_METHOD_HASH
        WCCP2_PACKET_RETURN_METHOD_GRE

Cisco says that they only support GRE for the return method. This may a
future problem, but if we can get things working, we can move this to a
Linux system. So, for now, I pretend that I can do GRE on the return
method.

After I start squid, the router looks like this:

WCCP Cache-Engine information:
        Web Cache ID: 160.91.210.20
        Protocol Version: 2.0
        State: Usable
        Redirection: L2
        Packet Return: GRE
        Assignment: HASH
        Initial Hash Info: 00000000000000000000000000000000
                               00000000000000000000000000000000
        Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
                               FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
        Hash Allotment: 256 (100.00%)
        Packets Redirected: 2050
        Connect Time: 5d00h

However, none of the packets are reaching the proxy server. At least as
far as the squid access log shows. Putting the Cisco router in debug
mode, shows the following info:

Feb 19 16:08:59: %SEC-6-IPACCESSLOGP: list 120 permitted tcp
160.91.217.37(0) -> 160.91.1.17(0), 13 packets Feb 19 16:08:59:
WCCP-EVNT:wccp_update_assignment_status: enter Feb 19 16:08:59:
WCCP-EVNT:wccp_update_assignment_status: exit Feb 19 16:08:59:
WCCP-EVNT:wccp_validate_wc_assignments: enter Feb 19 16:08:59:
WCCP-EVNT:wccp_validate_wc_assignments: not mask assignment, exit Feb 19
16:09:12: %SEC-6-IPACCESSLOGP: list 120 permitted tcp
160.91.217.37(0) -> 199.77.203.38(0), 1 packet Feb 19 16:09:20:
WCCP-EVNT:wccp_update_assignment_status: enter Feb 19 16:09:20:
WCCP-EVNT:wccp_update_assignment_status: exit Feb 19 16:09:20:
WCCP-EVNT:wccp_validate_wc_assignments: enter Feb 19 16:09:20:
WCCP-EVNT:wccp_validate_wc_assignments: not mask assignment, exit

I'm worried about the "not mask assignment" message. Cisco says that
the router will negotiate a hash or mask assignment method.

So, at this point the router and squid look like they are talking
wccpv2. However, the data packets are not getting to squid. Any ideas
as to what may be wrong here? Will the return method of GRE be a
problem in the future or is it a problem now?

In summary, we want to run 3 squid servers loaded balanced by one Cisco
router using WCCP2 and L2 redirection. If GRE support is an issue here,
we will look at moving from Solaris to Linux.

Sorry for the lengthy email and thanks for your help,

Brian S. Wallace

Oak Ridge National Laboratory
P. O. Box 2008, MS 6025
Oak Ridge, Tennessee 37831-6025

Voice (865) 576-3193
Fax (865) 241-4000
Received on Fri Feb 27 2004 - 07:52:59 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:03 MST