Hello,
>> 2. As I could not set up the cache on our router (it is cisco :-)
>> I've run into trouble with ICMP messages of type 3 code 4 (Need Frag)
>> as they are neccessary for TCP protocol operation, but had aliased
>> addresses and went to the "real" destination host (e.g. www.microsoft.com :-)
>> instead of the cache server. Have anyone overcome the problem in a nice way?
>> (If it's interesting to anybody I can tell about my solution)
> This is one of the reasons the linux box normally has to be the default route,
> so that it can intercept the outgoing ICMP messages... AFAIK it's not
> possible to intercept them with the cisco... hmm - more discussion for
> my transproxy list.... I forgot about this gotcha
The trouble with cisco routers is that they can redirect ICMP type 3 code 4,
but cannot look into the ICMP data field to decide whether the original
packet was from port 80.
> What about changing the system - use the BSD box as a default route for
> all traffic, and point it's default route to the cisco - this way it
> does IP-NAT for the port 80 requests, and will thus pick up the ICMP stuff
> CORRECtly.
We have no default route. We run BGP, OSPF etc... :-) And we cache
only the WWW traffic going from the expensive satellite international channel.
So only the router connected to the channel can redirect the traffic.
We solved the problem by redirecting all ICMP "Need Frag" packets on the
way to satellite to the cache box. It picks the packets belonging to it.
And all other ICMP packets are send back to the router with source address
set to some uniform value (the hack allows to have policy routing enabled
for only one cisco's interface as enabling it on two ones almost kills
the poor cisco (CPU load 99%))
SY, Yar
Received on Thu Oct 23 1997 - 03:16:13 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:37:19 MST