Re: [squid-users] WCCPv2 - only one service group redirecting

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 12 Nov 2009 00:29:40 +1300

Stufish wrote:
> Hi,
>
> I have the following simple network set up on the bench:
>
>
> Squid box
> x.x.11.90/30
> |
> |
> 7206
> Internet x.x.61.62/30 ----------- Router ------------ Client PC x.x.11.94/30
>
>
> In the router wccp service group 99 redirects HTTP requests to squid and
> service group 96 redirects the HTTP replies from the internet to squid.
>
> I have the service groups set up in squid and the router verifies this by
> displaying a service group client for both 96 and 99.
>
> My problem is that only service group 96 (replies from the internet) is
> performing any redirection. I think the gre tunnel is correctly set up as
> when I perform a TCP dump at the squid box, I can see the HTTP replys from
> the internet being passed to the squid box in a gre tunnel.
>
> Below is the WCCP stats from the router:
>
> show ip wccp
> Global WCCP information:
> Router information:
> Router Identifier: x.x.61.93
> Protocol Version: 2.0
>
> Service Identifier: 96
> Number of Service Group Clients: 1
> Number of Service Group Routers: 1
> Total Packets s/w Redirected: 326
> Process: 0
> Fast: 0
> CEF: 326
> Redirect access-list: -none-
> Total Packets Denied Redirect: 0
> Total Packets Unassigned: 0
> Group access-list: -none-
> Total Messages Denied to Group: 0
> Total Authentication failures: 0
> Total Bypassed Packets Received: 0
>
> Service Identifier: 99
> Number of Service Group Clients: 1
> Number of Service Group Routers: 1
> Total Packets s/w Redirected: 0
> Process: 0
> Fast: 0
> CEF: 0
> Redirect access-list: -none-
> Total Packets Denied Redirect: 0
> Total Packets Unassigned: 0
> Group access-list: -none-
> Total Messages Denied to Group: 0
> Total Authentication failures: 0
> Total Bypassed Packets Received: 0
>
>
> Also below is the router config:
>
> Building configuration...
>
> Current configuration : 1200 bytes
> !
> version 12.4
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname Router
> !
> boot-start-marker
> boot-end-marker
> !
> !
> no aaa new-model
> !
> resource policy
> !
> ip wccp check services all
> ip wccp 96
> ip wccp 99
> !
> !
> ip cef
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> interface GigabitEthernet0/1
> description traffic from user network to internet
> ip address x.x.61.93 255.255.255.252
> ip wccp 99 redirect in
> load-interval 30
> duplex full
> speed 100
> media-type rj45
> no negotiation auto
> !
> interface GigabitEthernet0/2
> description Squid
> ip address x.x.61.89 255.255.255.252
> load-interval 30
> duplex full
> speed 100
> media-type rj45
> no negotiation auto
> !
> interface GigabitEthernet0/3
> description traffic from internet to user network
> ip address x.x.61.61 255.255.255.252
> ip wccp 96 redirect in
> duplex full
> speed 100
> media-type rj45
> no negotiation auto
> !
> interface ATM1/0
> no ip address
> shutdown
> no atm ilmi-keepalive
> !
> ip route 0.0.0.0 0.0.0.0 x.x.60.1
> !
> no ip http server
> no ip http secure-server
> !
> !
> !
> !
> !
> !
> control-plane
> !
> !
> !
> !
> !
> !
> gatekeeper
> shutdown
> !
> !
> line con 0
> stopbits 1
> line aux 0
> line vty 0 4
> !
> !
> end
>
> Could anyone suggest some reasons why only the the HTTP reply traffic from
> the internet (service group 96) is being redirected?
>
> Regards,
>
> Stuart

Hint: Any idea why there is reply traffic going to a machine which has
no reason to make said requests in the first place?

I think your clients are contacting Squid directly.
It _is_ preferable that client software contacts the proxy directly as a
proxy and uses it that way.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
   Current Beta Squid 3.1.0.14
Received on Wed Nov 11 2009 - 11:30:09 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 11 2009 - 12:00:03 MST