Re: [squid-users] WCCP + Squid with Cisco 2811. Not working

"Chris Abel" <cabel_at_wildwood.edu> writes:
>Amos Jeffries <squid3_at_treenet.co.nz> writes:
>>On Tue, 07 Sep 2010 13:59:05 -0400, "Chris Abel" <cabel_at_wildwood.edu>
>>wrote:
>>> Hello Everyone!
>>>
>>> I seem to be very close to getting this to work, but I'm running into
>>some
>>> problems. First I'll explain my background story.
>>>
>>> I need a transparent proxy and the proxy server will need to be able to
>>> view the client's IP address. I currently have a sonicwall router which
>>> forwards all web traffic to the proxy. This is transparent and it
>works,
>>> but it gives the sonicwall ip address as the client's ip address. I
>>cannot
>>> see who went to what.
>>>
>>> I was told WCCP will maintain the source ip address. I've been
>following
>>> this tutorial almost strictly word by word:
>>> http://www.digitalnerds.net/linux/transparent-squid-with-wccp/
>>
>>OMG! that tutorial is so broken I'm surprised their Squid even starts.
>>
>>>
>>> The only thing I changed is that I am using wccpv2 instead of 1. When I
>>> enable wccp on the router I can no longer download web pages, but I can
>>> ping the web servers. On the router side I do see traffic going through
>>as
>>> CEF when I do a "show ip wccp". On the linux server side I also see
>gre1
>>> encapsulation packets on the gre interface and I also get entrys in my
>>> cache.log for squid, but I don't know what they mean:
>>
>>Please understand WCCP *only* routes packets going to port 80. ping and
>>any other testing which involves protocols and ports other than port 80
>>HTTP give false results.
>>
>><snip>
>>> 50.
>>> 2010/09/03 14:47:08| WCCP Disabled.
>>
>>WCCPv1 is turned off...
>>
>>
>>> 51.
>>> 2010/09/03 14:47:08| Accepting WCCPv2 messages on port 2048, FD
>>14.
>>
>>WCCPv2 is turned on...
>>
>>> 52.
>>> 2010/09/03 14:47:08| Initialising all WCCPv2 lists
>>> 53.
>>> 2010/09/03 14:47:08| Ready to serve requests.
>>> 54.
>>> 2010/09/03 14:47:08| Done reading /var/spool/squid swaplog (3901
>>> entries)
>>> 55.
>>> 2010/09/03 14:47:08| Finished rebuilding storage from disk.
>>> 56.
>>> 2010/09/03 14:47:08| 3901 Entries scanned
>>> 57.
>>> 2010/09/03 14:47:08| 0 Invalid entries.
>>> 58.
>>> 2010/09/03 14:47:08| 0 With invalid flags.
>>> 59.
>>> 2010/09/03 14:47:08| 3901 Objects loaded.
>>> 60.
>>> 2010/09/03 14:47:08| 0 Objects expired.
>>> 61.
>>> 2010/09/03 14:47:08| 0 Objects cancelled.
>>> 62.
>>> 2010/09/03 14:47:08| 0 Duplicate URLs purged.
>>> 63.
>>> 2010/09/03 14:47:08| 0 Swapfile clashes avoided.
>>> 64.
>>> 2010/09/03 14:47:08| Took 0.4 seconds (11008.4 objects/sec).
>>> 65.
>>> 2010/09/03 14:47:08| Beginning Validation Procedure
>>> 66.
>>> 2010/09/03 14:47:08| Completed Validation Procedure
>>> 67.
>>> 2010/09/03 14:47:08| Validated 3901 Entries
>>> 68.
>>> 2010/09/03 14:47:08| store_swap_size = 92096k
>>> 69.
>>> 2010/09/03 14:47:08| storeLateRelease: released 0 objects
>>>
>>>
>>> I'm not sure where to go from here. It looks like everythings working,
>>but
>>> it obviously is not. Is there anything else I can try? Any other ways
>to
>>> help me debug this?
>>>
>>
>>First, check your configuration for Squid and its firewall match this
>>page:
>>http://wiki.squid-cache.org/Features/Wccp2#Squid_configuration_for_WCCP_version_2
>>
>>An alternative to WCCP is to do real routing, we have an example for a
>>2501 here:
>>http://wiki.squid-cache.org/ConfigExamples/Intercept/Cisco2501PolicyRoute
>>
>>
>>For the troubleshooting;
>> * There is no indication in the cache.log that the cisco or Squid are in
>>contact with each other. Check the cisco wccp information to see if its
>>got
>>any knowledge of Squid.
>> * check if requests are getting into Squid. access.log should have
>>records of every request attempt made, even failed ones.
>> * the 'usual' problem when this behaviour is seen is that packets going
>>from squid get looped back somewhere strange. They are supposed to get a
>>free pass out to the Internet. Whether or not they go back to the cisco
>to
>>do so is optional.
>>
>>
>>Squid by default will hold off sending its HERE_I_AM message to the cisco
>>until the cache has been fully loaded and Squid is actually ready for
>>service. If you have a large cache (GB) wccp2_rebuild_wait can make it
>not
>>wait, but you will see degraded service until the cache is available.
>>
>>
>>Amos
>
>
>I have used the squid wiki on wccp word for word and I am still having
>trouble. I'm getting a different kind of problem though. Instead of the
>webservers timing out, I get an immediate 404 response. I can see that the
>router is sending the wccp packets from "show ip wccp":
>Global WCCP information:
> Router information:
> Router Identifier: 192.168.0.22
> Protocol Version: 2.0
>
> Service Identifier: web-cache
> Number of Service Group Clients: 1
> Number of Service Group Routers: 1
> Total Packets s/w Redirected: 254
> Process: 2
> Fast: 0
> CEF: 252
> Redirect access-list: -none-
> Total Packets Denied Redirect: 0
> Total Packets Unassigned: 112
> Group access-list: -none-
> Total Messages Denied to Group: 0
> Total Authentication failures: 0
> Total Bypassed Packets Received: 0
>
>
>I also see that my squid server is getting activity on the gre tunnel
>using "tcpdump -ni wccp0":
>
>12:17:32.446759 IP 10.131.5.215.49859 > 173.194.10.167.80: . ack
>2241056207 win 65535 <nop,nop,timestamp 497582527 3217260831,nop,nop,sack
>1 {1449:7241}>
>12:17:32.448952 IP 10.131.4.24.63323 > 194.47.250.18.80: . ack 2006719259
>win 65535 <nop,nop,timestamp 903097936 64231447,nop,nop,sack 1
>{1449:4345}>
>
>BUT I do not see any activity in my squid logs. I did a tail -f * in the
>directory my squid logs are in and I did not recieve anything.
>
>Could I trying anything else?
>
>Thanks in advance!
>Chris

Please let me know if You need anymore information. It seems as if I am
very very close now and It is just very frustrating that I cannot get wccp
or routing to work.

-Chris

___________________________
Chris Abel
Systems and Network Administrator
Wildwood Programs
2995 Curry Road Extension
Schenectady, NY 12303
518-836-2341
Received on Mon Sep 13 2010 - 14:34:30 MDT