wccp web-cache -- can't get it working

Unanswered Question

I installed a Squid based caching appliance, by Stratacache. it supports GRE wccp redirect in transparent mode, I have it configured as wccpv2 using the Router's LAN ip address 10.250.1.2.

Every time I turn on the caching for a host (or the entire LAN) the internet breaks for whomever I turn wccp on. I have tried disabling CEF and have moved the cache to it's own router interface.

Topology of the Cisco 2801-SEC-K9 router, running 12.4(22)T advsecurity

FastE 0/0 (10.250.1.1) ---> connected directly to cache server

FastE0/1 (10.23.1.1) ---> Connected to internal LAN

MultiLink1 (12.x.x.98)  ---> 4 T1 multilink to AT&T Internet Service

so here is my config,

ip wccp web-cache redirect-list 46 group-list 40 password webcache

ip wccp version 2

access-list 40 permit 10.250.1.2 (cache server)

access-list 46 permit 10.23.1.21 (test host for wccp)

interface fastethernet0/1

ip wccp web-cache redirect in

here is the output from the router

Roosevelt-2801(config)#do sh ip wccp web-cache view
    WCCP Routers Informed of:
        12.x.x.98

    WCCP Clients Visible:
        10.250.1.2

    WCCP Clients NOT Visible:
        -none-

Roosevelt-2801(config)#do sh ip wccp web-cache det
WCCP Client information:
        WCCP Client ID:          10.250.1.2
        Protocol Version:        2.0
        State:                   Usable
        Redirection:             GRE
        Packet Return:           GRE
        Assignment:              HASH
        Initial Hash Info:       00000000000000000000000000000000
                                 00000000000000000000000000000000
        Assigned Hash Info:      FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
                                 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
        Hash Allotment:          256 (100.00%)
        Packets s/w Redirected:  914
        Connect Time:            1d18h
        Bypassed Packets
          Process:               0
          CEF:                   0
          Errors:                0

Roosevelt-2801(config)#do sh ip wccp web
Global WCCP information:
    Router information:
        Router Identifier:                   12.x.x.98
        Protocol Version:                    2.0

    Service Identifier: web-cache
        Number of Service Group Clients:     1
        Number of Service Group Routers:     1
        Total Packets s/w Redirected:        7800
          Process:                           94
          CEF:                               7706
        Service mode:                        Open
        Service Access-list:                 -none-
        Total Packets Dropped Closed:        0
        Redirect Access-list:                46
        Total Packets Denied Redirect:       8195426
        Total Packets Unassigned:            0
        Group Access-list:                   40
        Total Messages Denied to Group:      14
        Total Authentication failures:       8
        Total Bypassed Packets Received:     0

**************************************************************************************************************************************************

So I can see the packets redirected, the cache never sees them, the router and cache can ping each other, the cache and LAN clients can ping each other - am I missing something?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Zach Seils Thu, 01/14/2010 - 08:52

The WCCP configuration and statistics look ok.  How are you determing whether or not the cache is receiving the redirected packets?  Packet capture?

Zach

Yes from the cache logs, and the stratacache engineer can see whether traffic is flowing. If we set the cache box up as a forward cache on 8080 and set the proxy in the browser you can see the hits, but not with wccp redirect. Traffic shows redirected on the router but the cache never seems to see it.

Does the router identifier matter? I noticed the router shows the ip of the multilink1 interface instead of the FE0/0 interface.

so I found the problem... hopefully this helps somebody else in the future... the problem is the redirected packets were sourced from the router multilink1 interface IP address and the cache was expecting them from the router fa0/0 interface, so it dropped them.

also the cache has a "spoof client IP" option that was on, because we prefer to do this for netflow, but, I don't think client-IP-spoofing works with the standard web-cache wccp service. It was causing internet problems so I turned the spoofing off and it works fine...

hope this helps

Actions

This Discussion