[squid-users] Squid -2.6.STABLE13 + WCCP Problem from Fiero, Paul on 2007-06-10 (squid-users)

From: Fiero, Paul <Paul.Fiero@dont-contact.us>
Date: Sun, 10 Jun 2007 19:12:23 -0500

Greetings all, I am once again returning to you all for some assistance.

The following is a desription of my problem, here is a legend
designating the various devices in my network:
WCCP2 Router : 000.111.222.333
Squid Server : 444.555.666.777 ( squid1.austin.network.com
)

I have installed Squid -2.6.STABLE13 with WCCPv2 enabled on a CentOS 4.4
server (2.6.9-42.0.10.EL kernel). I have ip_forward enabled, I have
iptables configured to REDIRECT traffic inbound on port 80 to port 3128
the way I've always done it. Nothing appreciable has changed on the
network. I'm convinced that this is an issue with the new
software/config.

Thus, I went through the configuration and made the following settings I
gathered were pertinant to WCCP:

http_port <444.555.666.777>:3128 transparent
wccp2_router <000.111.222.333>
wccp2_forwarding_method 1 (the WCCP device upstream is a Cisco router)
wccp2_return_method 1 (the WCCP device upstream is a Cisco router)
wccp2_assignment_method 1
wccp2_service standard 0
wccp2_weight 10000

I created a GRE tunnel according to instructions on wiki.squid-cache.org
and made all the other settings I figured I needed and started up Squid.
The following was put in the cache.log, among other things:

Accepting transparently proxied HTTP connections at <444.555.666.777>,
port 3128, FD 73.
2007/06/10 12:51:16| Accepting ICP messages at 0.0.0.0, port 3130, FD
74.
2007/06/10 12:51:16| WCCP Disabled.
2007/06/10 12:51:16| Accepting WCCPv2 messages on port 2048, FD 75.
2007/06/10 12:51:16| Initialising all WCCPv2 lists
2007/06/10 12:51:16| Ready to serve requests.

However, nothing else happens. In my other Squid/WCCP server I get
messages in the cache.log file showing the WCCP negotiation traffic,
nothing shows on this machine.

When I run tcpdump host <wccp2_router's IP> -vv I get the following:

17:13:29.435199 IP (tos 0xc0, ttl 1, id 53800, offset 0, flags [none],
proto 89, length: 64) 000.111.222.333 > OSPF-ALL.MCAST.NET: OSPFv2,
Hello (1), length: 44
        Router-ID: 000.111.222.333, Backbone Area, Authentication Type:
none (0)
        Options: [External]
          Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.192,
Priority: 1
          Designated Router 000.111.222.333
17:13:34.287635 IP (tos 0x0, ttl 64, id 45605, offset 0, flags [none],
proto 17, length: 172) squid1.austin.network.com.2048 >
000.111.222.333.2048: UDP, length 144
17:13:34.288270 IP (tos 0x0, ttl 255, id 53825, offset 0, flags [none],
proto 17, length: 212) 000.111.222.333.2048 >
squid1.austin.network.com.2048: UDP, length 184
17:13:39.434235 IP (tos 0xc0, ttl 1, id 53841, offset 0, flags [none],
proto 89, length: 64) 000.111.222.333 > OSPF-ALL.MCAST.NET: OSPFv2,
Hello (1), length: 44
        Router-ID: 000.111.222.333, Backbone Area, Authentication Type:
none (0)
        Options: [External]
          Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.192,
Priority: 1
          Designated Router 000.111.222.333
17:13:44.287628 IP (tos 0x0, ttl 64, id 45606, offset 0, flags [none],
proto 17, length: 172) squid1.austin.network.com.2048 >
000.111.222.333.2048: UDP, length 144
17:13:44.288352 IP (tos 0x0, ttl 255, id 53865, offset 0, flags [none],
proto 17, length: 212) 000.111.222.333.2048 >
squid1.austin.network.com.2048: UDP, length 184
17:13:49.434223 IP (tos 0xc0, ttl 1, id 53898, offset 0, flags [none],
proto 89, length: 64) 000.111.222.333 > OSPF-ALL.MCAST.NET: OSPFv2,
Hello (1), length: 44
        Router-ID: 000.111.222.333, Backbone Area, Authentication Type:
none (0)
        Options: [External]
          Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.192,
Priority: 1
          Designated Router 000.111.222.333

To make things a bit more puzzling we already have one Squid/WCCP server
running here and the box I'm currently trying to get configured and
running used to be the second one of a pair, but the existing one is
running squid-2.5.STABLE3 on a RedHat9 (2.4.20-19.9 custom compiled
kernel) server.

If anyone can assist I would appreciate it.

Paul Fiero, RHCE
Information Security Analyst
Communications and Technology Management Office
City of Austin
(512) 974-3559

===========================================================

The information contained in this ELECTRONIC MAIL transmission is
confidential. It may also be a privileged work product or proprietary
information. This information is intended for the exclusive use of the
addressee(s). If you are not the intended recipient, you are hereby
notified that any use, disclosure, dissemination, distribution [other
than to the addressee(s)], copying or taking of any action because of
this information is strictly prohibited.

===========================================================
Received on Sun Jun 10 2007 - 18:12:33 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT