Re: [squid-users] WCCP on Squid 2.6 (URGENT)

From: Dumpolid Exeplish <dumpexec@dont-contact.us>
Date: Thu, 7 Dec 2006 14:17:13 +0100

"So your confusion isn't that its working, but Netenforcer isn't reporting
any traffic savings? "

Precisely, NetEnforcer is not giving a physical (or logical) report on
badndidw usage reduction

i got these values from the Cache Manager CGI

sample_start_time = 1165496653.636038 (Thu, 07 Dec 2006 13:04:13 GMT)
sample_end_time = 1165496953.638503 (Thu, 07 Dec 2006 13:09:13 GMT)
client_http.requests = 48.112938/sec
client_http.hits = 15.986535/sec
client_http.errors = 0.000000/sec
client_http.kbytes_in = 41.296327/sec
client_http.kbytes_out = 476.482752/sec

i think these are pritty cool figures though and this actually shows
that Squid is actievely working

About the L2 redirects, how can i cnfigure this? can you please help
with configuration linse for both Squid and L2?

or is is just as simple as the below:

wccp2_router (router public ip)
wccp2_address (eth0 Public ip)
wccp2_service standard 0 password=*******
wccp2_forwarding_method 2

could u please help with Cisco side configs specific for 6509

thanks for your response

On 12/7/06, Adrian Chadd <adrian@creative.net.au> wrote:
> On Thu, Dec 07, 2006, Dumpolid Exeplish wrote:
>
>
> > clients => 6509 (catalyst) => NetEnforcer => 3550 (Switch) => Internet
> > ||
> > DMZ
>
> Looks right. The netenforcer is going to see the Squid server making
> all the requests (whilst squid is up, obviously.)
>
> > iptunnel add gre1 mode gre remote (router's loopback) local (eth0 ip) dev
> > eth0
> > ifconfig gre1 127.0.0.2 up
> > iptables -t nat -A PREROUTING -i gre1 -d 0/0 -j DNAT --to-destination (eth0
> > ip)
>
> I'd just bypass the GRE entirely when using a 6509 and use the L2 redirection
> method. wccp2_forwarding_method 2 I believe will do it.
>
> > CONFUSION
> > The squid system is currently registering an average of 21% hits but
> > the Net Enforcer system is not registering downward bandwidth usage.
> > According to NE, 80% of our customer traffic is HTTP. but there isnt
> > significant reduction on the end of the Squid server.
>
> Whats the byte hit rate show in cachemgr for squid? Whats the 5 minute
> counters indicate the client http and server http traffic are?
>
> > I have done a tcp dump (without listening to any specific host) and i
> > noticed that there were so many packets being dropped by the kernel
> > and very little traffic from the Squid server (this does not tally
> > with the way the squid access logs fly past when i tail -f it).
> > i also noticed that the gre tunnel (gre1) is registering RX packet
> > conts and absolutely no TX cont. the eth0 interface is registering
> > both RX and TX.
>
> You won't be returning any packets via the GRE tunnel. Its just to
> get packets to the Squid server (in the current Squid+WCCPv2 setup,
> that is.)
>
> Again, I'd use the L2 forwarding method over GRE. Its less prone to
> GRE weirdness and it'll result in less load on the routing side
> of the 6509.
>
> So your confusion isn't that its working, but Netenforcer isn't reporting
> any traffic savings?
>
>
>
> adrian
>
>
> --
> - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
>
Received on Thu Dec 07 2006 - 06:17:21 MST

This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST