[squid-users] SQUID 2.6STABLE1 + WCCPv2 + Cisco 4503 : Here_I_am w/bad rcv_id

From: Mornard Christian <[email protected]>
Date: Tue, 25 Jul 2006 11:50:45 -0400

Hi,

 

 

I've been trying to configure WCCPv2 in SQUID 2.6STABLE1 to communicate with a Cisco 4503 router IOS 12.2(31)SG. Unfortunately, though the Squid box is seen by the router, it is marked as "NOT usable" :

 

CAT4503#sh ip wccp web-cache detail

WCCP Cache-Engine information:

        Web Cache ID: 10.19.3.x

        Protocol Version: 2.0

        State: NOT Usable

        Redirection: L2

        Packet Return: L2

        Packets Redirected: 0

        Connect Time: 00:00:11

        Assignment: MASK

 

 

I tried the debug command on the Cisco to see what's going on and got this:

 

 

3d02h: WCCP-EVNT:wccp_free_wc_assignment_memory: enter

3d02h: WCCP-EVNT:wccp_free_wc_assignment_memory: deallocate orig info (40 bytes)

3d02h: WCCP-EVNT:wccp_free_wc_assignment_memory: exit

3d02h: WCCP-EVNT:wccp_change_router_view: S00

3d02h: WCCP-EVNT:wccp_change_router_view: reuse rtr_view (24 of 24 bytes)

3d02h: WCCP-EVNT:S00: Built new router view: 0 routers, 0 usable web caches, change # 00000A66

3d02h: WCCP-EVNT:wccp_copy_wc_assignment_data: enter

3d02h: WCCP-EVNT:wccp_copy_wc_assignment_data: allocate orig hash info (40 bytes)

3d02h: WCCP-EVNT:wccp_copy_wc_assignment_data: exit

3d02h: WCCP-PKT:S00: Sending I_See_You packet to 10.19.3.x w/ rcv_id 000029AE

3d02h: WCCP-EVNT:S00: Here_I_Am packet from 10.19.3.x w/bad rcv_id 00000000

3d02h: WCCP-PKT:S00: Sending I_See_You packet to 10.19.3.x w/ rcv_id 000029AF

3d02h: WCCP-EVNT:S00: Here_I_Am packet from 10.19.3.x w/bad rcv_id 00000000

3d02h: WCCP-PKT:S00: Sending I_See_You packet to 10.19.3.x w/ rcv_id 000029B0

3d02h: WCCP-PKT:S00: Sending Removal_Query packet to 10.19.3.x w/ rcv_id 000029B1

 

on and on....

 

On the Squid box, I launched tcpdump and saw packets coming and going on port 2048 between the router (10.19.2.x) and the squid (10.19.3.x):

 

tcpdump: listening on eth0

11:13:00.233196 0:d0:b7:79:ce:a6 0:12:d9:a6:a7:bf ip 178: 10.19.3.x.2048 > 10.19.2.x.2048: udp 136 (DF) (ttl 64, id 33784, len 164)

0x0000 4500 00a4 83f8 4000 4011 9c8e 0a13 0399 E.....@.@.......

0x0010 0a13 0204 0800 0800 0090 9121 0000 000a ...........!....

0x0020 0200 0080 0000 0004 0000 0000 0001 0018 ................

0x0030 0000 0000 0000 0000 0000 0000 0000 0000 ................

0x0040 0000 0000 0000 0000 0003 002c 0a13 0399 ...........,....

0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................

0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................

0x0070 0000 0000 2710 0000 0005 0014 0000 0001 ....'...........

0x0080 0000 0001 0a13 0204 0000 0000 0000 0000 ................

0x0090 0008 ..

11:13:00.234064 0:12:d9:a6:a7:bf 0:d0:b7:79:ce:a6 ip 162: 10.19.2.x.2048 > 10.19.3.x.2048: udp 120 (ttl 255, id 50468, len 148)

0x0000 4500 0094 c524 0000 ff11 dc71 0a13 0204 E....$.....q....

0x0010 0a13 0399 0800 0800 0080 b059 0000 000b ...........Y....

0x0020 0200 0070 0000 0004 0000 0000 0001 0018 ...p............

0x0030 0000 0000 0000 0000 0000 0000 0000 0000 ................

0x0040 0000 0000 0000 0000 0002 0014 cc13 05f0 ................

0x0050 0000 2b41 0a13 0204 0000 0001 0a13 0399 ..+A............

0x0060 0004 0014 0000 0aca 0000 0000 0000 0000 ................

0x0070 0000 0000 0000 0000 0008 0018 0001 0004 ................

0x0080 0000 0002 0002 0004 0000 0002 0003 0004 ................

0x0090 0000 ..

11:13:11.253180 0:d0:b7:79:ce:a6 0:12:d9:a6:a7:bf ip 178: 10.19.3.x.2048 > 10.19.2.x.2048: udp 136 (DF) (ttl 64, id 33785, len 164)

0x0000 4500 00a4 83f9 4000 4011 9c8d 0a13 0399 E.....@.@.......

0x0010 0a13 0204 0800 0800 0090 9121 0000 000a ...........!....

0x0020 0200 0080 0000 0004 0000 0000 0001 0018 ................

0x0030 0000 0000 0000 0000 0000 0000 0000 0000 ................

0x0040 0000 0000 0000 0000 0003 002c 0a13 0399 ...........,....

0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................

0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................

0x0070 0000 0000 2710 0000 0005 0014 0000 0001 ....'...........

0x0080 0000 0001 0a13 0204 0000 0000 0000 0000 ................

0x0090 0008 ..

 

It seems that they cannot negotiate the WCCP2 communication because, according to the protocol specifications, the router expects Squid to send back the rcv_id (bytes 0x0052 and 0x0053) but Squid keeps on sending zeroes. I've been searching mailing lists and the Internet about this problem. Somebody suggested that the wccp2_router address could be wrong in squid.conf. Here is the relevant part of my squid.conf (actually, that's the running config reported by cachemgr.cgi):

 

wccp2_router 10.19.2.x
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0
wccp2_address 0.0.0.0

 

By the way, I explicitly set forwarding and return methods to 1, hoping that the router would recognize the cache capabilities properly, but it still sees the squid box as L2 capable. From posts on your developers list, I understood that only high-level Cisco routers supported L2 redirection, so I guess our little 4503 does not. Which is why I forced method 1, but the router doesn't seem to understand what Squid advertises and that might be a problem.

I disabled all rules in iptables, thinking that perhaps the squid process did not receive the packets from the router, but to no avail.

Turned debugging options on, and got this in cache.log:

 

2006/07/21 11:30:11| Accepting transparently proxied HTTP connections at 0.0.0.0, port 3128, FD 11.

2006/07/21 11:30:11| Accepting ICP messages at 0.0.0.0, port 3130, FD 12.

2006/07/21 11:30:11| WCCP Disabled.

2006/07/21 11:30:11| Accepting WCCPv2 messages on port 2048, FD 13.

2006/07/21 11:30:11| Initialising all WCCPv2 lists

2006/07/21 11:30:11| Ready to serve requests.

2006/07/21 11:30:11| Done reading /var/spool/squid swaplog (562 entries)

2006/07/21 11:30:11| Finished rebuilding storage from disk.

2006/07/21 11:30:11| 562 Entries scanned

2006/07/21 11:30:11| 0 Invalid entries.

2006/07/21 11:30:11| 0 With invalid flags.

2006/07/21 11:30:11| 562 Objects loaded.

2006/07/21 11:30:11| 0 Objects expired.

2006/07/21 11:30:11| 0 Objects cancelled.

2006/07/21 11:30:11| 0 Duplicate URLs purged.

2006/07/21 11:30:11| 0 Swapfile clashes avoided.

2006/07/21 11:30:11| Took 0.3 seconds (1805.4 objects/sec).

2006/07/21 11:30:11| Beginning Validation Procedure

2006/07/21 11:30:11| Completed Validation Procedure

2006/07/21 11:30:11| Validated 562 Entries

2006/07/21 11:30:11| store_swap_size = 12096k

2006/07/21 11:30:12| storeLateRelease: released 0 objects

2006/07/21 11:30:13| Sending HereIam packet size 136

2006/07/21 11:30:13| Incoming WCCPv2 I_SEE_YOU length 112.

2006/07/21 11:30:23| Sending HereIam packet size 136

2006/07/21 11:30:23| Incoming WCCPv2 I_SEE_YOU length 112.

2006/07/21 11:30:33| Sending HereIam packet size 136

2006/07/21 11:30:33| Incoming WCCPv2 I_SEE_YOU length 112.

 

So I guess the squid process receives the packets from the router but discards them. I tried a lot of different configurations, different parameters in squid.conf, different versions of squid (2.5+visolve WCCP2 patch, 2.6 and even 3.0PRE4), different versions of kernel (2.4.21-40 and 2.6.9-34). Nothing worked ! Currently I have SQUID 2.6 STABLE 1 (compiled from last sources), RedHat Enterprise Linux 3 AS (kernel 2.4.21-40EL smp), ip_gre module (with wccp patch applied) and a Cisco 4503 router equipped with IOS 12.2(31)SG. This version of IOS doesn't support WCCPv1 anymore, otherwise I would have been happy to go with that and avoid the trouble of WCCPv2 which seems to me - correct me if I am wrong - still a bit experimental in Squid. My Squid box only has one Ethernet card.

 

I saw some people suggest that GRE tunnel could be misconfigured, but I don't think I even got that far. The router doesn't even want to accept the cache and no redirection is attempted. So my question is: is there something I can try to make this work or should I simply forget about all this ?

 

Thank you in advance for any hint or piece of information.
Received on Tue Jul 25 2006 - 09:48:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:02 MDT