[squid-users] WCCP+Squid not working. Could use some of your experience.

Greetings Group,

I'm new to this group...

We're an ISP trying to control some of our bandwidth issues. I've never
set up squid before. I have a working squid server, working very well,
including caching youtube vids. However, this is via setting up the
proxy settings in the browser and pointing to the caching server's ip
address:3128 or using acl's on the router and redirecting traffic to the
caching server. I would like to set it up transparently using wccp. I
would rather go the wccp route to allow traffic to continue to flow in
the event the caching server(s) die. I understand wccpv2 provides this
feature.

My problem is getting the gre tunnel to work. I've been googling for two
days. I've used info from pages 143-149 of Squid: The Definitive Guide.
No luck getting wccp tunnel working. I've managed to get this:

 
ar1.dc#show ip wccp web-cache detail
WCCP Cache-Engine information:
        Web Cache ID: 222.11.2.159
        Protocol Version: 2.0
        State: NOT Usable
        Initial Hash Info: 00000000000000000000000000000000
                               00000000000000000000000000000000
        Assigned Hash Info: 00000000000000000000000000000000
                               00000000000000000000000000000000
        Hash Allotment: 0 (0.00%)
        Packets Redirected: 0
        Connect Time: 00:00:12

.. and ..

ar1.dc#show ip wccp
Global WCCP information:
    Router information:
        Router Identifier: 222.11.1.254
        Protocol Version: 2.0
 
    Service Identifier: web-cache
        Number of Cache Engines: 0
        Number of routers: 0
        Total Packets Redirected: 0
        Redirect access-list: 150
        Total Packets Denied Redirect: 0
        Total Packets Unassigned: 0
        Group access-list: -none-
        Total Messages Denied to Group: 0
        Total Authentication failures: 0

ar1.dc#show ip wccp web-cache view
    WCCP Routers Informed of:
        -none-
 
    WCCP Cache Engines Visible:
        222.11.2.159

    WCCP Cache Engines NOT Visible:
        -none-

Any resource references or personal experience would be greatly
appreciated. Below is some information to aid all of you to perhaps
help me. Thank you.
 
FreeBSD 7 - Recompiled kernel with the following:
# Firewall and traffic limiting
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options DUMMYNET

# SQUID Options
options MAXFILES=8192
options MSGMNB=16384 # Max # of bytes in queue
options MSGMNI=41 # number of message queue
identifiers
options MSGSEG=4096 # number of message segments per
queue
options MSGSSZ=64 # size of a message segment
options MSGTQL=4096 # max messages in system
options SHMSEG=128 # max shared mem id's per
process
options SHMMNI=33 # max shared mem id's per system
options SHMMAX=268435456 # max shared memory segment size
(bytes)
options SHMALL=262144 # max amount of shared memory
(pages)
options MAXDSIZ=(2048UL*1024*1024)
options MAXSSIZ=(1024UL*1024*1024)
options DFLDSIZ=(1024UL*1024*1024)
device gre

Cisco 7200 Router - IOS 12.4
Router Incoming Interface 222.11.2.1 (Gateway)
Router Outgoing Interface 222.11.4.33 (To Upstream Provider) (Interface
fa2/0)

Squid 2.7 STABLE - Installed from ports
            With wccpv2 support
 
(Partial info for security) 222.11 fake ip octets
Router show run
!
interface FastEthernet2/0
description Data Center - Core Network
ip address 222.11.2.1 255.255.254.0 secondary
ip address 222.11.0.1 255.255.255.0 secondary
ip address 222.11.47.65 255.255.255.224 secondary
ip address 222.11.4.34 255.255.255.224 secondary
ip address 222.11.8.1 255.255.255.0 secondary
ip address 222.11.4.33 255.255.255
ip access-group block-phisher in
ip wccp web-cache redirect out
full-duplex
 
!
access-list 150 permit tcp 222.11.2.0 0.0.1.255 any
access-list 150 deny tcp any any
ar1.dc#
 

ar1.dc#show ip int fa2/0
FastEthernet2/0 is up, line protocol is up
  Internet address is 222.11.4.33/27
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Secondary address 222.11.2.1/23
  Secondary address 222.11.0.1/24
  Secondary address 222.11.47.65/27
  Secondary address 222.11.4.34/27
  Secondary address 222.11.8.1/24
  Outgoing access list is not set
  Inbound access list is block-phisher
  Proxy ARP is enabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP Feature Fast switching turbo vector
  IP Feature CEF switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Probe proxy name replies are disabled
  Policy routing is disabled
  Network address translation is disabled
  WCCP Redirect outbound is enabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
  BGP Policy Mapping is disabled
  IP multicast multilayer switching is disabled
 

>ee rc.conf
gateway_enable="NO"
defaultrouter="222.11.2.1"
hostname="cache1.domain.net"
ifconfig_em1="inet 222.11.2.159 netmask 255.255.254.0"

# This server's ip -> gateway ip
ifconfig_gre0="inet 222.11.2.159 222.11.2.1 netmask 255.255.255.255"
ifconfig_gre0="tunnel 222.11.2.159 222.11.2.1"

linux_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
apache_enable="YES"

squid_enable="YES"

firewall_enable="YES"
firewall_script="/etc/rc.firewall.cache"
firewall_logging="YES"
firewall_flags=""

>ee custom_firewall
##
#
# rc.firewall.cache calls ipfw -q /etc/custom_firewall
#
-q flush
-q queue flush
-q pipe flush
add 65533 allow tcp from 222.11.2.159 to any
add 65534 fwd 222.11.2.159,3128 tcp from any to any 80
# allow GRE packets from the router
add allow gre from 222.11.2.1 to 222.11.2.159

Interface's Status:
>ifconfig
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
        ether 00:e0:81:28:a7:e3
        inet 222.11.2.159 netmask 0xfffffe00 broadcast 222.11.3.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
gre0: flags=9051<UP,POINTOPOINT,RUNNING,LINK0,MULTICAST> metric 0 mtu
1476
        tunnel inet 222.11.2.159 --> 222.11.2.1
        inet 222.11.2.159 --> 222.11.2.1 netmask 0xffffffff

#squid.conf
http_port 3128 transparent
wccp2_router 222.11.2.1
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0

Any other info I can provide? Thank you all for your support.

Tony DeMatteis
Received on Fri Jan 23 2009 - 18:15:26 MST