[squid-users] WCCP+Squid not working

Greetings all,

I'm still trying to get wccp working between my squid server and a Cisco
7200. I am now getting a wccp response from the router, albeit not via
a GRE tunnel as I've seen in example after example on the net. Any
additional information would be greatly appreciated.

tail -f /usr/local/etc/squid/logs/cache.log
...
2009/01/29 09:27:06| wccp2HereIam: Called
2009/01/29 09:27:06| wccp2HereIam: sending to service id 0
2009/01/29 09:27:06| Sending HereIam packet size 144
2009/01/29 09:27:06| wccp2HandleUdp: Called.
2009/01/29 09:27:06| Incoming WCCPv2 I_SEE_YOU length 132.
2009/01/29 09:27:06| Complete packet received
2009/01/29 09:27:06| Incoming WCCP2_I_SEE_YOU Received ID old=305
new=306.
2009/01/29 09:27:06| Cleaning out cache list
2009/01/29 09:27:06| checking cache list: (9f0213d8:9f0213d8)
2009/01/29 09:27:06| Change not detected (2 = 2)

ar1.dc.az#sh ip wccp web-cache detail
WCCP Cache-Engine information:
        Web Cache ID: 211.22.2.159
        Protocol Version: 2.0
        State: Usable
        Initial Hash Info: 00000000000000000000000000000000
                               00000000000000000000000000000000
        Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
                               FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
        Hash Allotment: 256 (100.00%)
        Packets Redirected: 302
        Connect Time: 00:04:30

ar1.dc.az#sh ip wccp web-cache
Global WCCP information:
    Router information:
        Router Identifier: 211.22.1.254
        Protocol Version: 2.0

    Service Identifier: web-cache
        Number of Cache Engines: 1
        Number of routers: 1
        Total Packets Redirected: 3463
        Redirect access-list: 150
        Total Packets Denied Redirect: 164188
        Total Packets Unassigned: 779
        Group access-list: -none-
        Total Messages Denied to Group: 0
        Total Authentication failures: 0

But no squid/access.log activity, i.e. no traffic is being redirected.

My Router config: (sanitized)

ar1.dc.az#sh run
Building configuration...

Current configuration : 4519 bytes
!
! Last configuration change at 15:33:55 UTC Thu Jan 29 2009
! NVRAM config last updated at 19:40:48 UTC Tue Jan 20 2009
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
no service dhcp
no service single-slot-reload-enable
!
hostname ar1.dc.az
!
no logging monitor
!
ip subnet-zero
ip wccp web-cache redirect-list 150
ip cef distributed
ip domain-name commspeed.net
ip name-server 211.22.2.81
ip name-server 211.22.2.82
!
!
call rsvp-sync
!
!
!
!
!
!
controller T1 4/0/0
 framing esf
 clock source internal
 linecode b8zs
 channel-group 0 timeslots 1-24
 description Customer123 PTP T1 - Qwest-CID: 14.HCXX.XXXXXX..MS
!
controller T1 4/0/1
 shutdown
 framing esf
 linecode b8zs
!
controller T1 4/0/2
 shutdown
 framing esf
 linecode b8zs
!
controller T1 4/0/3
 shutdown
 framing esf
 linecode b8zs
!
controller T1 4/0/4
 shutdown
 framing esf
 linecode b8zs
!
controller T1 4/0/5
 shutdown
 framing esf
 linecode b8zs
!
controller T1 4/0/6
 shutdown
 framing esf
 linecode b8zs
!
controller T1 4/0/7
 shutdown
 framing esf
 linecode b8zs
!
!
!
interface Loopback0
 description Loopback for BGP Peering
 ip address 211.22.1.254 255.255.255.255
!
interface Tunnel0
 no ip address
!
interface FastEthernet2/0
 description Prescott Valley Data Center - Core Network
 ip address 211.22.2.1 255.255.254.0 secondary
 ip address 211.22.0.1 255.255.255.0 secondary
 ip address 211.22.47.65 255.255.255.224 secondary
 ip address 211.22.4.34 255.255.255.224 secondary
 ip address 211.22.8.1 255.255.255.0 secondary
 ip address 211.22.4.33 255.255.255.224
 ip access-group block-phisher in
 ip route-cache same-interface
 full-duplex
!
interface FastEthernet2/1
 ip address 211.22.1.33 255.255.255.224 secondary
 ip address 211.22.5.1 255.255.255.192
 full-duplex
!
interface Serial4/0/0:0
 description Arcosanti PTP T1 - Qwest-CID: 14.HCXX.XXXXXX..MS
 bandwidth 1544
 ip address 211.22.1.13 255.255.255.252
 encapsulation ppp
!
interface FastEthernet4/1/0
 no ip address
 shutdown
 half-duplex
!
router eigrp 4492
 redistribute connected
 redistribute static
 passive-interface default
 no passive-interface FastEthernet2/1
 network 211.22.5.0 0.0.0.63
 distribute-list 86 out static
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 211.22.5.4
ip route 10.1.0.20 255.255.255.255 211.22.3.6
ip route 211.22.28.0 255.255.255.0 211.22.2.152
ip route 211.22.47.32 255.255.255.224 211.22.1.14
ip route 211.22.56.0 255.255.255.128 211.22.1.41
ip route 211.22.56.128 255.255.255.128 211.22.1.41
ip route 211.22.57.0 255.255.255.128 211.22.1.45
ip route 211.22.57.128 255.255.255.128 211.22.1.43
ip route 211.22.59.128 255.255.255.128 211.22.1.46
no ip http server
!
!
ip access-list extended block-mf-smtp
 deny tcp any host 211.22.2.15 eq smtp
 deny tcp any host 211.22.2.16 eq smtp
 permit ip any any
ip access-list extended block-phisher
 deny ip 80.255.59.0 0.0.0.247 any log
 deny ip 41.220.64.0 0.0.15.255 any log
 permit ip any any
ip access-list extended block-spam1
 deny tcp any host 211.22.2.14 eq smtp
 permit ip any any
ip access-list extended block-spam2
 deny tcp any host 211.22.2.15 eq smtp
 permit ip any any
ip access-list extended block-spam3
 deny tcp any host 211.22.2.16 eq smtp
 permit ip any any
ip access-list extended temp
 deny tcp any host 211.22.2.15 eq smtp
 permit ip any any
access-list 86 deny 0.0.0.0
access-list 86 permit any
access-list 150 permit ip any any
snmp-server enable traps tty
!

End

FreeBSD Server:

gateway_enable="NO"
defaultrouter="211.22.2.1"
hostname="cache1.ispdomain.net"
ifconfig_em0="inet 211.22.2.159 netmask 255.255.254.0"

linux_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
apache_enable="YES"

squid_enable="YES"

firewall_enable="YES"
firewall_script="/etc/rc.firewall.cache"
firewall_logging="YES"
firewall_flags=""
#firewall_type="open"

router_enable="YES"
gateway_enable="YES"
#natd_enable="YES"

rc.firewall.cache
#!/bin/sh
ipfw -q /etc/custom_firewall

custom_firewall:
cache1# cat /etc/custom_firewall
-q flush
-q queue flush
-q pipe flush

# for testing with the ip on the 2 network
add 65533 allow tcp from 211.22.2.159 to any
add 65534 fwd 211.22.2.159,3128 tcp from any to any 80

Squid.conf (partial)
http_port 211.11.2.159:3128 transparent
wccp2_router 211.22.4.33
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0
wccp2_rebuild_wait off
Received on Thu Jan 29 2009 - 17:16:57 MST