Re: [squid-users] WCCP

On Mon, 19 Oct 2009 18:26:18 -0400, Ross Kovelman
<rkovelman_at_gruskingroup.com> wrote:
>> From: Amos Jeffries <squid3_at_treenet.co.nz>
>> Date: Tue, 20 Oct 2009 11:04:42 +1300
>> To: Ross Kovelman <rkovelman_at_gruskingroup.com>
>> Cc: "squid-users_at_squid-cache.org" <squid-users_at_squid-cache.org>
>> Subject: Re: [squid-users] WCCP
>>
>> On Mon, 19 Oct 2009 14:21:44 -0400, Ross Kovelman wrote:
>>>> From: Amos Jeffries
>>>>
>>>> Ross Kovelman wrote:
>>>>>> From: Amos Jeffries:
>>>>>>
>>>>>> Ross Kovelman wrote:
>>>>>>> I am going to be using WCCP. I did another reconfigure with the
>>>>>>> --enable
>>>>>>> WCCP option. How can I check that it is on and running? The next
>>>>>>> step I
>>>>>>> need to do is upgrade to version 2 since the Cisco only
communicates
>>>>>>> on
>>>>>>> version 2. I tried to do the patch < upgrade patch but then I get
a
>>>>>>> response with path to upgrade and I am not sure where the file is
I
>>>>>>> need
>>>>>>> patch.
>>>>>> There is zero need to patch for support WCCPv2. It's been built
into
>>>>>> Squid for many years now.
>>>>>>
>>>>>> Run "./configure --help".
>>>>>> * If it lists "--disable-wccpv2" there is no need to do anything.
>>>>>> * If it lists "--enable-wccpv2" , add that to your build options.
>>>>>> * If it does not mention "wccpv2" at all upgrade your Squid
>> version.
>>>>>>
>>>>>> Then setup squid.conf with the relevant wccp2_* options.
>>>>>>
>>>>>> http://www.squid-cache.org/Doc/config/ or the wiki example configs
>> have
>>>>>> details on those.
>>>>>
>>>>> Thanks again.
>>>>> Running the ./configure --help only says this:
>>>>> --disable-wccp Disable Web Cache Coordination V1 Protocol
>>>>> --disable-wccpv2 Disable Web Cache Coordination V2 Protocol
>>>>>
>>>>> When I did the install I ran the ./configure --enable wccp option. I
>>>>> didn't
>>>>> say --enable-wccpv2, does this matter? I also have this in the
>> config:
>>>>> wccp2_router 192.168.16.1
>>>>> wccp2_forwarding_method 1
>>>>> wccp2_return_method 1
>>>>>
>>>>> I am running Squid Web Proxy 2.7.STABLE5.
>>>>
>>>> Okay. Thats fine.
>>>>
>>>> The ./configure results mean that both WCCP versions are built into
>>>> Squid by default unless you explicitly say --disable. Nothing extra
>>>> needed to build them.
>>>>
>>>> The config options you have there are already WCCPv2-only options for
>>>> Cisco. Nothing new needed there either.
>>>>
>>>> If thats not working its a config error somewhere.
>>>>
>>>
>>> I am getting this in my cache log:
>>>
>>> Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 20.
>>> commBind: Cannot bind socket FD 21 to *:3128: (48) Address already in
>> use
>>> Accepting proxy HTTP connections at 0.0.0.0, port 80, FD 21.
>>> commBind: Cannot bind socket FD 22 to *:80: (48) Address already in
use
>>
>>
http://wiki.squid-cache.org/SquidFaq/TroubleShooting#Cannot_bind_socket_FD_NN_
>> to_.2A:8080_.28125.29_Address_already_in_use
>>
>> I would suspect this as part of the problem. The WCCP router will be
>> trying to contact whatever software is already running on port 3128,
not
>> the Squid you are starting with WCCP config.
>>
>>> Accepting ICP messages at 0.0.0.0, port 3130, FD 22.
>>> WCCP Disabled.
>>> Accepting WCCPv2 messages on port 2048, FD 23.

To answer your earlier question:
  the above two lines means WCCPv1 is disabled, WCCPv2 is being used.

>>> Initialising all WCCPv2 lists
>>>
>>> As from my other posting I need WCCP enabled but it is showing
disabled.
>>> Any reason why? How can I resolve this. Below is my lines in config
>>>
>>> wccp2_router 192.168.16.1
>>> wccp2_forwarding_method 1
>>> wccp2_return_method 1
>>
>> The above are only the config of how squid sends packets to the Cisco.
>> WCCP requires configuration Cisco, the squid box OS and firewall, and
>> routing tables. Any one of which could be the problem.
>> The tutorials and troubleshooting info we have at present is a little
>> spread out and disjointed. What how-to are you working from?
>>
>> Amos
>
> Amos,
> I just did a TCP dump and I think my problem is the GRE packet. It is
> being
> listed I think as unknown. Shouldn't squid be able to pick the packet
up
> and open it? The Cisco sees squid and relays the information good but
it
> is
> stopping at the squid box. Any ideas? I am just google'ing around no
set
> how to.

Okay. I've polished up our exemplar configs a little:
 http://wiki.squid-cache.org/Features/Wccp2
(some way to go though).

There are four parts to WCCP systems:

 1) WCCP capture and redirect

 2) gre tunnel between the Cisco and Squid boxes

 3) squid box firewall settings and NAT capture of received gre packets
    
http://wiki.squid-cache.org/ConfigExamples/Intercept#Traffic_Interception_capture_into_Squid

 4) squid.conf settings to make Squid contact the cisco router

Amos
Received on Mon Oct 19 2009 - 23:40:05 MDT