[squid-users] WCCPv2 - L2 + 3550 cisco switch

Hi all,

Thanks to everyone who supports the great Squid! The Wiki and this
mail-list have been very useful to me, but this time I'm stuck and I
can't find any previous example to take off from there, so I was
hoping for you guys feeling generous today and give me a clue or
two... :)

I want to do transparent redirection using a 3550 cisco switch, but it
doesn't redirect any packet at all.

My setup is like this:

  - Squid2.6stable14 on Ubuntu server 7.04 and a switch which has an
up-to-date IP services IOS image.

  - The clients, the Squid, and the internet access are each one on
separated switch virtual interfaces (SVI).

  - Although they aren't directly connected, there are no firewalls or
any L3 hops between Squid and the switch.

The docs says I have to use L2 redirection instead of GRE, but the
switch doesn't even want to acknowledge the Squid-box (NOT usable, it
says) when my WCCP configuration is like this:

  wccp2_forwarding_method 2
  wccp2_return_method 2
  wccp2_assignment_method 2

And the cache.log file shows this:

  fatal error - A WCCP router has specified a different assignment
method 1, expected 2

Changing the Assignment method to 1 didn't had any effect, so I
changed the Return method too, like this:

  wccp2_forwarding_method 2
  wccp2_return_method 1
  wccp2_assignment_method 1

After that, everything looked like if it were going to work:

  - No related errors inside "cache.log".

  - The switch reported the following:

        WCCP Client ID: 10.10.2.2
        Protocol Version: 2.0
        State: Usable
        Redirection: L2
        Packet Return: GRE
        Assignment: HASH
        Initial Hash Info: 00000000000000000000000000000000
                                 00000000000000000000000000000000
        Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
                                 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
        Hash Allotment: 256 (100.00%)
        Packets s/w Redirected: 0
        Connect Time: 00:08:11
        Bypassed Packets
          Process: 0
          CEF: 0

  - And even the GRE tunnel seems to be up:

    Proto Recv-Q Send-Q Local Address Foreign Address State
    udp 0 0 10.10.2.2:2048 10.10.2.1:2048 ESTABLISHED

BUT the clients are still able to browse internet directly, and the
access.log file shows no activity.
Mystery ~ ~ ~

If someone have any clues, please send a message...

Thanks,
Horacio.

P.D. Other relevant configuration:

+ Switch related:

  ip wccp web-cache

  interface Vlan6
    description Clients
    ip wccp web-cache redirect in

+ Squid related:

  http_port 8081 transparent

+ Iptables rules:

  # for L2 redirection
  iptables -t nat -A PREROUTING -i eth0 -p tcp -d 10.10.2.2/32 -j ACCEPT
  iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-ports 8081

  # for GRE redirection*
  iptables -t nat -A PREROUTING -i gre0 -p tcp -j REDIRECT --to-ports 8081

  * -> I know, normally used from-router-2-squid way. In this case,
not used for forwarding, but may be needed for return method? help
here!

+ GRE tunnel ** (/etc/network/interfaces):

  auto gre0
  iface gre0 inet static
  address 172.16.1.1
  netmask 255.255.255.252
  broadcast 172.16.1.3

  ** -> for GRE redirection to work, the IP address its not relevant,
found out at some place and proved with a router but not so sure in
this setup... help!

  # ip tunnel
  gre0: gre/ip remote any local any ttl inherit nopmtudis
Received on Wed Sep 05 2007 - 11:06:34 MDT