Hi Edward,
Please don't send HTML messages to public mailing lists. It's quite
annoying to those using text only mail programs (and many send them
straight to the trash without ever reading them). In fact, I'm
surprised to see this come through the mailing list--I thought Adrian
had disallowed HTML messages a while back.
Edward wrote:
> Hi there!
> From my analysis, it seems that squid only reply w/ one ip addr, not
> both as I was expecting.
Squid sends HERE_I_AM messages for only one IP, because it is only one
web cache. In WCCP a web cache /is/ an IP. You can't have two entries
for the same cache. You could probably successfully run two instances
of Squid on different IPs on the same machine and have both recognized
by WCCP, however, the redirected packets would then have to be split up
by your redirect rules since they would come in on the same interface.
> When I tried wccp_outgoing_address x.x.x.A2, I can browse on the other
> network. I am also see that ip addr appearing in the cisco sh ip wccp
> web-cache view
>
> My squid machine have 1 ether card with one main ip: 200.50.68.7 and an
> alias 64.110.11.2.
>
> By default, with wccp (w/o wccp_outgoing_address ), the squid machine
> use 200.50.68.7.
>
> Now I do not know if this is a problem w/ ip_wccp?
Nope. Squid only sends one IP, regardless of what form of decapsulation
you are using.
> Now will I need 2 ether cards in the squid server to have wccp to work
> for the 2 networks?
I wouldn't think so.
I don't think I understand the problem you're having...Why do you need
Squid to be listed under two different IPs on your router?
When the packet is decapsulated it will still be from the original
network (not from the router IP, anymore) and will be destined for
wherever the client was sending it.
Let me see if I can clear up how WCCP works with Squid:
Squid sends out HERE_I_AM packets, and carries on a conversation with
the router. This conversation is /completely/ separate from the ip_wccp
or ip_gre module--these packets never go through those channels. As
long as the router is recieving WCCP HERE_I_AM packets (with a correct
ID), the router will send traffic to the cache IP, encapsulated in a GRE
packet.
The GRE decapsulation is separate from this, and has nothing to do with
Squid. Squid never talks to the ip_wccp/ip_gre module at all. The gre
decapsulation occurs at the network layer in your kernel, and then the
packets enter the normal routing table including ipchains/iptables.
ipchains, just like in a more simple redirection proxy environment,
hijacks any packets destined for port 80 on the internet (in this case
everything coming from the router in GRE packets) and sends it over to
the cache port.
Sounds to me like maybe you're running into the problem that you're
getting a loop in your router, because Squid is sending out on port 80
on addresses that are not the web cache IP listed in the WCCP cache
list...and thus gets redirected back to the cache.
Make sure the web cache is not in the access list that gets redirected
to the web cache and you should be fine.
--
Joe Cooper <joe@swelltech.com>
Affordable Web Caching Proxy Appliances
http://www.swelltech.com
Received on Sat Sep 15 2001 - 22:14:29 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:12 MST