01-14-2010 08:37 AM
I installed a Squid based caching appliance, by Stratacache. it supports GRE wccp redirect in transparent mode, I have it configured as wccpv2 using the Router's LAN ip address 10.250.1.2.
Every time I turn on the caching for a host (or the entire LAN) the internet breaks for whomever I turn wccp on. I have tried disabling CEF and have moved the cache to it's own router interface.
Topology of the Cisco 2801-SEC-K9 router, running 12.4(22)T advsecurity
FastE 0/0 (10.250.1.1) ---> connected directly to cache server
FastE0/1 (10.23.1.1) ---> Connected to internal LAN
MultiLink1 (12.x.x.98) ---> 4 T1 multilink to AT&T Internet Service
so here is my config,
ip wccp web-cache redirect-list 46 group-list 40 password webcache
ip wccp version 2
access-list 40 permit 10.250.1.2 (cache server)
access-list 46 permit 10.23.1.21 (test host for wccp)
interface fastethernet0/1
ip wccp web-cache redirect in
here is the output from the router
Roosevelt-2801(config)#do sh ip wccp web-cache view
WCCP Routers Informed of:
12.x.x.98
WCCP Clients Visible:
10.250.1.2
WCCP Clients NOT Visible:
-none-
Roosevelt-2801(config)#do sh ip wccp web-cache det
WCCP Client information:
WCCP Client ID: 10.250.1.2
Protocol Version: 2.0
State: Usable
Redirection: GRE
Packet Return: GRE
Assignment: HASH
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Hash Allotment: 256 (100.00%)
Packets s/w Redirected: 914
Connect Time: 1d18h
Bypassed Packets
Process: 0
CEF: 0
Errors: 0
Roosevelt-2801(config)#do sh ip wccp web
Global WCCP information:
Router information:
Router Identifier: 12.x.x.98
Protocol Version: 2.0
Service Identifier: web-cache
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 7800
Process: 94
CEF: 7706
Service mode: Open
Service Access-list: -none-
Total Packets Dropped Closed: 0
Redirect Access-list: 46
Total Packets Denied Redirect: 8195426
Total Packets Unassigned: 0
Group Access-list: 40
Total Messages Denied to Group: 14
Total Authentication failures: 8
Total Bypassed Packets Received: 0
**************************************************************************************************************************************************
So I can see the packets redirected, the cache never sees them, the router and cache can ping each other, the cache and LAN clients can ping each other - am I missing something?
01-14-2010 08:52 AM
The WCCP configuration and statistics look ok. How are you determing whether or not the cache is receiving the redirected packets? Packet capture?
Zach
01-14-2010 11:47 AM
Yes from the cache logs, and the stratacache engineer can see whether traffic is flowing. If we set the cache box up as a forward cache on 8080 and set the proxy in the browser you can see the hits, but not with wccp redirect. Traffic shows redirected on the router but the cache never seems to see it.
Does the router identifier matter? I noticed the router shows the ip of the multilink1 interface instead of the FE0/0 interface.
01-15-2010 08:37 AM
so I found the problem... hopefully this helps somebody else in the future... the problem is the redirected packets were sourced from the router multilink1 interface IP address and the cache was expecting them from the router fa0/0 interface, so it dropped them.
also the cache has a "spoof client IP" option that was on, because we prefer to do this for netflow, but, I don't think client-IP-spoofing works with the standard web-cache wccp service. It was causing internet problems so I turned the spoofing off and it works fine...
hope this helps
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: