[c-nsp] WCCP and gre's

Tuc at T-B-O-H.NET ml at t-b-o-h.net
Sun Feb 10 19:15:18 EST 2008 

Hi,

	Yup, been there, done that, got the solutions, everything looked
right but it still didn't work.... Until I turned off my Centos Firewall
rules. Then it purred like a kitten... So its actually not anything to do
with the router... (Atleast in my lab of the lab setup configuration).

	Now I need to figure the right/proper way to edit the Centos
rules to allow the gre in properly without breaking their GUI for the
customer to use.

	Though, I do like the idea of a loopback in the future.

	Sorry to bother people here. I'll bother Adrian over on his
list. ;)

		Thanks, Tuc

> 
> http://wiki.squid-cache.org/ConfigExamples/
> 
> My Hint: use a loopback address on the router, that seems to nail the GRE
> endpoint to a fixed iP address rather than having it float depending on your
> interface IPs.
> 
> (I keep meaning to fix the Squid WCCPv2 implementation to have "hooks"
> to tear up/down the GRE based on the routers' negotiated routerid; but I
> never quite get the time..)
> 
> 
> 
> 
> 
> Adrian
> 
> On Sun, Feb 10, 2008, Tuc at T-B-O-H.NET wrote:
> > Hi,
> > 
> > 	Is anyone running WCCP to a Linux Squid?
> > 
> > 	I've got a 2851 running :
> > 
> > Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(12), RELEASE SOFTWARE (fc1)
> > 
> > 	Linux running:
> > 
> > Linux ports.example.com 2.6.9-42.0.10.EL #1 Tue Feb 27 09:24:42 EST 2007 i686 i686 i386 GNU/Linux
> > 
> > 	And the latest 2.X squid.
> > 
> > 	The doco TELLS me to do something like :
> > 
> > ip tunnel add wccp0 mode gre remote <ROUTER_HIGHEST_IP> local <LOCAL_MACHINE_IP> dev eth0
> > ip addr add <LOCAL_MACHINE_IP>/32 dev wccp0
> > ip link set wccp0 up
> > 
> > 	The problem is once I enable "ip wccp web" on the 2851,
> > all the GRE packets come over the "eth0" interface, NOT "wccp0".
> > 
> > 	Truthfully, I don't know how they are in the first place, can I just claim there
> > is a gre tunnel to a router and not have to declare it on the router itself? Does WCCP
> > just "make" an invisible tunnel?  
> > 
> > 	In the squid debugging section they do say :
> > 
> > Run the most recent General Deployment (GD) release of the software train you have on your router or switch. Broken IOS's can also result in broken redirection. A known good version of IOS for routers with no apparent WCCP breakage is 12.3(7)T12. There was extensive damage to WCCP in 12.3(8)T up to and including early 12.4(x) releases. 12.4(8) is known to work fine as long as you are not doing ip firewall inspection on the interface where your cache is located.
> > 
> > 	Could my 12.4(12) be "broken"?
> > 
> > 		Thanks, Tuc
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> -- 
> - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
> - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
>

More information about the cisco-nsp mailing list