More: More: Squid/Cisco trans proxy

Okay, I used tcpdump to see the following conversation:

15:41:00.743329 | cisco router | > | client router | : icmp: redirect
203.41.45.219 to net | web cache |
15:41:00.743419 | cisco router | > | client router | : icmp: redirect
203.41.45.219 to net | web cache |
15:41:00.745712 | client router | .4048 > 203.41.45.219.www: P
493:1245(752) ack 146 win 8615 (DF) [tos 0x10]
15:41:00.745809 | web cache | > | client router | : icmp: redirect
203.41.45.219 to host | cisco router | [tos 0xd0]
15:41:00.745878 | client router | .4048 > 203.41.45.219.www: P
493:1245(752) ack 146 win 8615 (DF) [tos 0x10]
15:41:00.753861 | cisco router | > | client router | : icmp: redirect
203.41.45.219 to net | web cache |
15:41:00.753941 | cisco router | > | client router | : icmp: redirect
203.41.45.219 to net | web cache |
15:41:00.756312 | client router | .4048 > 203.41.45.219.www: P
493:1245(752) ack 146 win 8615 (DF) [tos 0x10]
15:41:00.756425 | client router | .4048 > 203.41.45.219.www: P
493:1245(752) ack 146 win 8615 (DF) [tos 0x10]
15:41:00.763182 | cisco router | > | client router | : icmp: redirect
203.41.45.219 to net | web cache |
15:41:00.763261 | cisco router | > | client router | : icmp: redirect
203.41.45.219 to net | web cache |
15:41:00.765566 | client router | .4048 > 203.41.45.219.www: P
493:1245(752) ack 146 win 8615 (DF) [tos 0x10]
15:41:00.765650 | client router | .4048 > 203.41.45.219.www: P
493:1245(752) ack 146 win 8615 (DF) [tos 0x10]
15:41:00.773708 | cisco router | > | client router | : icmp: redirect
203.41.45.219 to net | web cache |
15:41:00.773886 | cisco router | > | client router | : icmp: redirect
203.41.45.219 to net | web cache |
15:41:00.776300 | client router | .4048 > 203.41.45.219.www: P
493:1245(752) ack 146 win 8615 (DF) [tos 0x10]
15:41:00.776384 | client router | .4048 > 203.41.45.219.www: P
493:1245(752) ack 146 win 8615 (DF) [tos 0x10]

It seems that a loop is created where the client is told by the cache to go
to the router & the router tells the client to go to the cache.

Does anyone have a solution?

> From: Marc Lucke <hohum@sydney.cc>
> Date: Tue, 25 Jan 2000 15:28:07 +1100
> To: <squid-users@ircache.net>
> Subject: More: Squid/Cisco trans proxy
>
> Ping works okay on those clients that have the problem, so not all ICMP is
> blocked for path discovery.
>
>> From: Marc Lucke <info@talent.com.au>
>> Date: Tue, 25 Jan 2000 15:20:52 +1100
>> To: <squid-users@ircache.net>
>> Subject: Squid/Cisco trans proxy
>>
>> This is one I've asked before & the answers to lower the MTU & echo 1 >
>> /proc/sys/net/ipv4/ip_no_pmtu_discovery didn't end up resolving the problem
>> although I thought it had.
>>
>> Trans proxy works fine when I use a route map on IOS 11.2 for most except
>> those people via a remote router & I just cannot figure out why. Their
>> browsers get stuck on contacting host - they never get a reply.
>>
>> My usual config is:
>>
>> * RAS's default gateway is web-cache
>> * web-cache hijacks port 80
>>
>> this works fine for everyone but a lot of web requests slip by
>>
>> What I have problems with is:
>>
>> * RAS's default gateway set to cisco (prob same when left on web-cache)
>> * cisco/squid setup exactly as specified in FAQ
>> * some customers using routers
>>
>> I am absolutely stumped & very frustrated. It doesn't seem to matter what I
>> do & there doesn't seem to be a common thread except for a vague possibility
>> that the people experiencing problems are using MS-Proxy although this is
>> not even a well-educated guess.
>>
>> I don't know too much about the routing protocol OSPF but could this have
>> anything to do with it?
>>
>> Does anyone have any advice that might lead me closer to the answer?
>>
>>
>>
>> Cheers,
>> Marc
>>
Received on Tue Jan 25 2000 - 04:17:56 MST