2009/7/14 Amos Jeffries <squid3_at_treenet.co.nz>:
>> Do you have an example of this particular (mis) configuration? The
>> note in the Wiki article isn't very clear.
>
> I don't. The admin only mentioned that by adding a bypass on service group
> fixed the issue.
> I had a tcpdump of as set of requests showing pairs of seemingly identical
> requests arriving from the router within 1sec of each other. On deep
> inspection the slightly delayed one showed some minor alterations such as
> Squid makes from the first.
Right. But what was the squid config, cisco config and network
topology for both the "doesn't work" and "works" setups?
> If there is any way to make the wiki clearer without wholesale including of
> per-IOS config setting go for it.
Well, it may boil down to per-IOS config and per-platform, per-IOS
config. The problem is getting some more information to at least
document what is needed.
> The behavior I saw was:
> enable wccpv2 + NAT intercept with wiki config
> ==> perfectly working, not a sign of any squid-sourced packets.
Right, probably because it was using one service group and the
half-duplex redirection needed for normal, non-tproxy interception was
being done.
> swap NAT for tproxy4 with the wiki config (no change to WCCP or links)
> ==> loop trace showing squid outward packets coming IN from WCCP.
Yeah that won't work. :)
> So I say "seems" and "appears" to be an automatic bypass in WCCP or router
> somewhere. No idea where. "may" need bypassing manually to fix tproxy.
Well, the automatic bypass should be "if the router sees packets from
an IP address or MAC of a registered device, it should be passing it
through." I have no idea whether it is doing this without explicit
"don't further redirect" rules (eg by deny entries in the redirect
list, or "wccp exclude in", etc) because that may absolutely be
platform, IOS and WCCPv2 negotiation type dependant.
So please, poke the admin in question to get as much information about
the configuration and setup of everything.
Adrian
Received on Tue Jul 14 2009 - 04:25:48 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 14 2009 - 12:00:03 MDT