[c-nsp] remove
JJ JJ
jjsurlenet at hotmail.fr
Tue Apr 7 10:23:54 EDT 2009
remove
> Date: Tue, 7 Apr 2009 21:38:57 +0800
> From: adrian at creative.net.au
> To: cklam at ias.edu
> CC: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Squid cannot see wccp traffic through GRE Tunnel
>
> On Tue, Apr 07, 2009, Christina Klam wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > All,
> >
> > We have been having some problems with wccpv2 working through a GRE
> > tunnel between a 6504e (version
> > s3223-ipservicesk9_wan-mz.122-33.SXI.bin) and a Squid server (RHEL5).
> > The tunnel is up; and we an see GRE traffic on both sides. WCCP is up
>
> Error - don't use a GRE tunnel with a 65xx series switch.
>
> > as well. But, when we try to redirect wccp traffic to the Squid
> > server, the Squid server never receives it. We are not having this
> > problem on a separate network where we are using wccp but not though a
> > GRE tunnel. Any ideas?
>
> Don't use GRE redirection/return. Use L2 redirection and return.
> Use mask assignment rather than hash assignment. The traffic will
> then stay 100% in the hardware path.
>
> Anyway, for GRE redirection, you don't configure up a tunnel on the Cisco
> router - the router just prepends the GRE packet header onto it.
>
>
>
>
> Adrian
>
> >
> > interface Tunnel2
> > description GRE_Squid
> > ip address 172.16.X.Y 255.255.255.252
> > ip wccp web-cache redirect out
> > tunnel source Loopback1
> > tunnel destination 172.16.C.C
> > end
> >
> > interface Loopback1
> > ip address 172.16.X.A 255.255.255.255
> > ip wccp web-cache redirect out
> > ip flow ingress
> >
> > Internet facing interface:
> > interface Vlan3
> > description #Uplink_Packeteer_Nitroguard_FW#
> > ip address 172.16.X.X 255.255.255.0
> > ip wccp web-cache redirect out
> > ip wccp web-cache redirect in
> > ip flow ingress
> >
> > gateway-resnet#sh ip wccp web-cache detail
> > WCCP Client information:
> > WCCP Client ID: 172.16.X.Z
> > Protocol Version: 2.0
> > State: Usable
> > Redirection: GRE
> > Packet Return: GRE
> > Assignment: HASH
> > Initial Hash Info: 00000000000000000000000000000000
> > 00000000000000000000000000000000
> > Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > Hash Allotment: 256 (100.00%)
> > Packets s/w Redirected: 0
> > Connect Time: 01:21:48
> > Bypassed Packets
> > Process: 0
> > CEF: 0
> > Errors: 0
> >
> > gateway-resnet#sh int tunn 2
> > Tunnel2 is up, line protocol is up
> > Hardware is Tunnel
> > Description: GRE_Squid
> > Internet address is 172.16.X.Y/30
> > MTU 17868 bytes, BW 100 Kbit, DLY 50000 usec,
> > reliability 255/255, txload 1/255, rxload 1/255
> > Encapsulation TUNNEL, loopback not set
> > Keepalive not set
> > Tunnel source 172.16.X.A (Loopback1), destination 172.16.C.C
> > Tunnel protocol/transport GRE/IP
> > Key disabled, sequencing disabled
> > Checksumming of packets disabled
> > Tunnel TTL 255, Fast tunneling enabled
> > Tunnel transport MTU 1476 bytes
> > Last input 00:00:00, output 00:00:00, output hang never
> > Last clearing of "show interface" counters never
> > Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
> > Queueing strategy: fifo
> > Output queue: 0/0 (size/max)
> > 5 minute input rate 0 bits/sec, 0 packets/sec
> > 5 minute output rate 0 bits/sec, 0 packets/sec
> > L2 Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
> > L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast
> > L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 0 pkt, 0 bytes
> > 226578 packets input, 47805578 bytes, 0 no buffer
> > Received 0 broadcasts (0 IP multicasts)
> > 0 runts, 0 giants, 0 throttles
> > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
> > 114505 packets output, 23682296 bytes, 0 underruns
> > 0 output errors, 0 collisions, 0 interface resets
> > 0 output buffer failures, 0 output buffers swapped out
> >
> > sh log:
> > Mar 11 14:58:09 172.16.X.X 1654: Mar 11 14:58:08.985 EST:
> > %SEC-6-IPACCESSLOGP: list Squid permitted tcp 172.16.B.B(0) ->
> > 64.233.161.147(0), 3 packets
> > Mar 11 14:58:09 172.16.X.X 1655: Mar 11 14:58:08.989 EST:
> > %SEC-6-IPACCESSLOGP: list Squid permitted tcp 172.16.B.B(0) ->
> > 209.85.133.101(0), 3 packets
> > Mar 11 14:59:10 172.16.X.X 1658: Mar 11 14:59:09.013 EST:
> > %SEC-6-IPACCESSLOGP: list Squid permitted tcp 172.16.B.B(0) ->
> > 209.85.133.102(0), 2 packets
> >
> > Squid ACL:
> > Extended IP access list SquidProxy
> > 10 permit tcp host 172.16.A.A any log
> > 20 permit tcp host 172.16.B.B any log (1220 matches)
> > 30 deny ip any any (118 matches)
> >
> >
> > Thank you,
> >
> > - -- Christina
> >
> >
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.5 (MingW32)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iQEVAwUBSdtNwt9pUgshfvqBAQKrnwgAh9TciUhv2kEdF8bgPJ/fzqU3gf33JD3F
> > BLlHXCVOdWNz7TmcFqWc7+jkbEtkOJ89/MFH6pD7zwzwRUfauH2O66Fwg8eJVYgO
> > qh4GTbwWwU0rFJ7IUhUQNDlN5Yw4zQtvMKaQmfOvNIGgp77eLj7E9PkPw0lBu7+E
> > O6qt1HCjASPpUVlh6onH6sVz3gjxuhYshkN+O8qO+Bt6uSNUQKit5JqrZ4vZkVWw
> > Syx/SN5DhwPpqQ5MSoyDLwvq41x8cfZ59C/+cnfNW9Sgv7XXMYJhnyO5mYBPhb8W
> > y1zwNtzI19l/x9DNPQeXlvV24jACkx3YD3471CYsJL8X5smDdF28HQ==
> > =XCEq
> > -----END PGP SIGNATURE-----
> >
>
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> --
> - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
> - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_________________________________________________________________
Inédit ! Des Emoticônes Déjantées! Installez les dans votre Messenger !
http://www.ilovemessenger.fr/Emoticones/EmoticonesDejantees.aspx
More information about the cisco-nsp
mailing list