Should not cause any problems.
You only see this kind of MTU problems caused by transparent proxying if
there is some device inbetween the proxy and the clients using a smaller
MTU than the proxy and you are using "dumb" routers doing policy routing
looking at TCP packets only to intercept port 80 traffic, not caring about
ICMP. (btw, such "dumb" routers apparently includes WCCP routers)
Regards
Henrik
On Sat, 30 Nov 2002, HMM wrote:
> Hi how are you?
> I found this msg from you about MTU.
> If I have a squid gateway, with two NICs, the MTUs on the inside are the
> same on the clients as on the squid-NIC, but the outside NIC on the
> squid box is greater, do you think that can give up problems? The OS is
> FBSD.
>
> Atenciosamente, Hans Meyer
> Prudente Online Emp. Ltda (18) 222.7402
>
> Date: Mon, 10 Jul 2000 14:30:52 -0700
> Reply-To: squid-users@IRCACHE.NET
> Sender: Fake list for archiving at Cineca <SQUID@LIST.CINECA.IT>
> Comments: Resent-From: squid-users@ircache.net
> Comments: Originally-From: Henrik Nordstrom <hno@hem.passagen.se>
> From: squid-users@IRCACHE.NET
> Subject: Re: Transparent Proxying and FTP.
> Comments: To: tristan@netasia-angeles.net
> Content-Type: text/plain; charset=us-ascii
>
> tristan@netasia-angeles.net wrote:
> >
> > Hi Guys,
> >
> > Hmmm... Got transparent proxying work fine, but Download
> > rates seems to be faster when using a manually configured proxy!
> > Please help... Download via Transparent Proxing is only 7.0KBPS
> > while manually configured proxy is at 23.1KBPS!
>
> Hmm.. what are you using to transparently proxy FTP? Squid cannot to
> this..
>
> Regarding the download speed (which I assume is for HTTP transfers, not
> FTP), this is certainly not normal, and is a sign of some kind of
> misconfiguration or redirection incompability.
>
> First test is to check if the speed degration is there when using normal
> proxying without transparent redirection of TCP. If so then the TCP of
> the proxy server is not tuned correctly. But you say that you have
> already tested this and it is not the case so lets look elsewere.
>
> If you are using policy routing to have the TCP packets redirected to
> the proxy server then there are a couple of known issues:
> a) Path MTU discovery proxy->client. If the client connection uses a
> smaller MRU than the MTU of the proxy then problems will quite likely
> arise because the policy routing does not match ICMP must fragment
> packets..
> b) The router making the redirection might become overloaded from the
> added workload. Not all routers are suitable for policy routing.
> c) The redirection might simply have been wrongly implemented.
> d) Improper measurements of the download speed.
>
> --
> Henrik Nordstrom
> Squid hacker
>
Received on Sat Nov 30 2002 - 06:19:59 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:39 MST