Re: [squid-users] WCCPv2 - only one service group redirecting

From: Stufish <scossar_at_caprock.com>
Date: Wed, 11 Nov 2009 03:52:56 -0800 (PST)

Stufish wrote:
> Hi,
>
> I have the following simple network set up on the bench:
>
>
> Squid box
> x.x.11.90/30
> |
> |
> 7206
> Internet x.x.61.62/30 ----------- Router ------------ Client PC
> x.x.11.94/30
>
>
> In the router wccp service group 99 redirects HTTP requests to squid and
> service group 96 redirects the HTTP replies from the internet to squid.
>
> I have the service groups set up in squid and the router verifies this by
> displaying a service group client for both 96 and 99.
>
> My problem is that only service group 96 (replies from the internet) is
> performing any redirection. I think the gre tunnel is correctly set up as
> when I perform a TCP dump at the squid box, I can see the HTTP replys from
> the internet being passed to the squid box in a gre tunnel.
>
> Below is the WCCP stats from the router:
>
> show ip wccp
> Global WCCP information:
> Router information:
> Router Identifier: x.x.61.93
> Protocol Version: 2.0
>
> Service Identifier: 96
> Number of Service Group Clients: 1
> Number of Service Group Routers: 1
> Total Packets s/w Redirected: 326
> Process: 0
> Fast: 0
> CEF: 326
> Redirect access-list: -none-
> Total Packets Denied Redirect: 0
> Total Packets Unassigned: 0
> Group access-list: -none-
> Total Messages Denied to Group: 0
> Total Authentication failures: 0
> Total Bypassed Packets Received: 0
>
> Service Identifier: 99
> Number of Service Group Clients: 1
> Number of Service Group Routers: 1
> Total Packets s/w Redirected: 0
> Process: 0
> Fast: 0
> CEF: 0
> Redirect access-list: -none-
> Total Packets Denied Redirect: 0
> Total Packets Unassigned: 0
> Group access-list: -none-
> Total Messages Denied to Group: 0
> Total Authentication failures: 0
> Total Bypassed Packets Received: 0
>
>
> Also below is the router config:
>
> Building configuration...
>
> Current configuration : 1200 bytes
> !
> version 12.4
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname Router
> !
> boot-start-marker
> boot-end-marker
> !
> !
> no aaa new-model
> !
> resource policy
> !
> ip wccp check services all
> ip wccp 96
> ip wccp 99
> !
> !
> ip cef
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> interface GigabitEthernet0/1
> description traffic from user network to internet
> ip address x.x.61.93 255.255.255.252
> ip wccp 99 redirect in
> load-interval 30
> duplex full
> speed 100
> media-type rj45
> no negotiation auto
> !
> interface GigabitEthernet0/2
> description Squid
> ip address x.x.61.89 255.255.255.252
> load-interval 30
> duplex full
> speed 100
> media-type rj45
> no negotiation auto
> !
> interface GigabitEthernet0/3
> description traffic from internet to user network
> ip address x.x.61.61 255.255.255.252
> ip wccp 96 redirect in
> duplex full
> speed 100
> media-type rj45
> no negotiation auto
> !
> interface ATM1/0
> no ip address
> shutdown
> no atm ilmi-keepalive
> !
> ip route 0.0.0.0 0.0.0.0 x.x.60.1
> !
> no ip http server
> no ip http secure-server
> !
> !
> !
> !
> !
> !
> control-plane
> !
> !
> !
> !
> !
> !
> gatekeeper
> shutdown
> !
> !
> line con 0
> stopbits 1
> line aux 0
> line vty 0 4
> !
> !
> end
>
> Could anyone suggest some reasons why only the the HTTP reply traffic from
> the internet (service group 96) is being redirected?
>
> Regards,
>
> Stuart

Amos Jeffries-2 wrote:
>
> Hint: Any idea why there is reply traffic going to a machine which has
> no reason to make said requests in the first place?
>
> I think your clients are contacting Squid directly.
> It _is_ preferable that client software contacts the proxy directly as a
> proxy and uses it that way.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
> Current Beta Squid 3.1.0.14
>
>

Forgive me but I'm not sure I follow exactly what you mean. The requests and
the respoces should be redirected by the relevent wccp service group to
squid (99 request, 96 reply).

We are doing this testing as developement for our network and requre that
WCCP functions in this way, with seperate service groups redirecting the
request for a web page and the reply from the internet which should be
compleately transparent to the clients.

Thanks for your timely responce,

Stuart

-- 
View this message in context: http://old.nabble.com/WCCPv2---only-one-service-group-redirecting-tp26299313p26300068.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Wed Nov 11 2009 - 11:52:59 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 11 2009 - 12:00:03 MST