[squid-users] problem with wccp v2 and cisco

I am trying to setup an HTTP-only WCCP v2 redirection via Cisco 2811
router to a Linux-based Squid 2.6 box. The problem is that there is no
content showing up in the squid access log, and web connections are slow
and often timeout. I have done some research on the net and checked some
things that were noted by peoples posts, but I am still a bit stumped.
The router shows WCCP status as good in that the router and the cache
server see each other, and there appears to be redirection occurring
because 'sh ip wccp' on the router shows it, and a tcpdump session on
the web cache server sees it. The router and the web cache appliance are
layer 2 adjacent to each other, and on the same ip subnet, but the cache
server is connected via a Cisco EtherSwitch module installed in the 2811
router, and the clients being redirected to the cache server are hanging
off a different ip subnet and different layer 2 segment.
 
I also notice that the wccp2 GRE tunnel I setup on the Linux box shows
traffic in only one direction. I suspect that at least part of my
problem is that I have setup the GRE tunnel wrong. I also read that WCCP
functionality is buggy in various Cisco IOS versions, I have tried to
figure out if the IOS version I am using is a buggy one. I attempted to
use the same IOS version as is in use on a Cisco WAAS 2811 router, which
is 12.4(9) but the closest I could get to that was 12.4(10c) 12.4(15)T3
exhibited the same problems.
 
I have provided information below on my setup, can someone please
provide me with some information that can help to figure out what I am
doing wrong?
 
 
 
 
ROUTER INFO
------------------------------------------------------------------------
-------------------
Router: Cisco 2811 running c2800nm-advsecurityk9-mz.124-10c
WCCP version: 2
 
#sh ip wccp
Global WCCP information:
    Router information:
        Router Identifier: <IIP censored>
        Protocol Version: 2.0
 
    Service Identifier: web-cache
        Number of Service Group Clients: 1
        Number of Service Group Routers: 1
        Total Packets s/w Redirected: 4285
          Process: 0
          Fast: 0
          CEF: 4285
        Redirect access-list: -none-
        Total Packets Denied Redirect: 0
        Total Packets Unassigned: 0
        Group access-list: -none-
        Total Messages Denied to Group: 0
        Total Authentication failures: 0
        Total Bypassed Packets Received: 0
 
Other router configure directives:
 
Clients using cache server on FastEthernet 0/0.1
Squid server is directly connected to FastEthernet 0/2/0
 
WCCP router config directives:
ip wccp web-cache
ip wccp web-cache version 2
interface fastethernet0/0.1
ip wccp web-cache redirect in
 
 
SQUID INFO
------------------------------------------------------------------------
-------------------
Squid platform: CentOS 5.1 on x86_64
Squid version: CentOS bundled RPM which is squid-2.6.STABLE6-5.el5_1.2
 
Squid is set for transparent mode and to listen on port 80 and port
3128. The host based firewall is disabled, because I don't need redirect
to 3128 from 80. (Could this be a problem, do I need iptables mangling
of some sort?)
 
squid.conf directives:
http_port 80 transparent
http_port 3128 transparent
wccp2_router <router IP as noted in Cisco sh ip wccp router identifier>
wccp2_rebuild_wait on
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service standard 0
 
 
CENTOS Linux OS INFO
------------------------------------------------------------------------
-------------------
CentOS 5.1 x86_64 on Intel Core 2 Duo
Kernel is custom compiled, version 2.6.23
 
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
/bin/echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
/bin/echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
/sbin/modprobe ip_gre
/sbin/ip tunnel add wccp2 mode gre remote <ip of Cisco router identifier
as listed in the sh ip wccp command> local <same ip as eth0> dev eth0
/sbin/ifconfig wccp2 <same ip as eth0> netmask 255.255.255.255 up
 
 
ifconfig output from CentOS box:
 
eth0 Link encap:Ethernet HWaddr 00:30:1B:44:7F:11
          inet addr:<IP censored> Bcast:<info censored>
Mask:255.255.240.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:38474 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38245 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6402032 (6.1 MiB) TX bytes:5488603 (5.2 MiB)
          Interrupt:19
 
lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
 
wccp2 Link encap:UNSPEC HWaddr
0A-0C-20-3C-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:<same ip as eth0> P-t-P:<same ip as eth0>
Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
          RX packets:36330 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4511404 (4.3 MiB) TX bytes:0 (0.0 b)
 
Received on Thu Feb 21 2008 - 12:48:38 MST