[squid-users] Squid with ASR9001

Yuri Voinov yvoinov at gmail.com
Mon Oct 24 22:07:21 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
Compared with PBR - definitely.

IF OS TCP stack supports bridging - exactly.

25.10.2016 3:59, Eliezer Croitoru пишет:
> So what you are illustrating is that if we will handle the connection
> interception using bridge tables it would be much more efficient then
Policy
> Based routing.
> I believe it’s very simple to implement in linux.
>
> Eliezer
>
> ----
> Eliezer Croitoru <http://ngtech.co.il/lmgtfy/>
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
> 
>
> From: Yuri Voinov [mailto:yvoinov at gmail.com]
> Sent: Monday, October 24, 2016 22:01
> To: Eliezer Croitoru <eliezer at ngtech.co.il>
> Cc: 'Garth van Sittert | BitCo' <garth at bitco.co.za>;
> squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Squid with ASR9001
>
>
> Well, if we're talking about squid-based appliances.....
>
> http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2
>
> In this article descrived approx. half-year experimental experience with
> various LAN topologies, and Cisco devices.
>
> More common:
>
>
http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide
> /ffun_c/fcf018.html
>
https://supportforums.cisco.com/document/143961/understanding-wccp-redirect
> ion-and-assignment-methods-waas
>
> Cisco has not best-in-the-world documentation, yes, but everything depends
> on an understanding of network protocols and basic architecture.
>
> 25.10.2016 0:44, Eliezer Croitoru пишет:
> > Well I do agree on most of the
>       things but it seems that CPU is missing in
>
>       > some devices and there for a simpler protocol is better but….
>       CPU…
> Yessssss. Router has CPU. :) Not only ASIC. :) PBR is problem, because of
> EVERY policy/ACL match handles on CPU.
>
> This brings us to the other side - the rules / policies must be carefully
> optimized - that too few people do, until the router does not choke on CPU
> overload.
>
> > Admins in many cases do not use
>       their own to understand the complexity but
>
>       > from what I do see in the jobs market employers expect the
>       unexpected.
> Admins, in most cases, understand nothing and do not bother trying to
grasp
> and understand more deeply than in the first three-five seconds. ;)
>
> About the present, of course, do not tell. :)
>
> > Or if to be more accurate: They
>       expect a mage which knows and understand
>
>       > every single protocol language and piece of hardware.
>
>
>
>       > Can you gather me what ever documentation on the WCCP
>       protocol?
>
>       > I want to see how simple it would be to implement the same
>       concepts with an
>
>       > HTTP\tcp interface.
> There's really just all. The main thing to understand how the network
works
> on L2 and L3 in OSI. And a bit network hardware knowledge.
>
>
>
>       > Eliezer
>
>
>
>       > ----
>
>       > Eliezer Croitoru <http://ngtech.co.il/lmgtfy/>
> <http://ngtech.co.il/lmgtfy/> 
>
>       > Linux System Administrator
>
>       > Mobile: +972-5-28704261
>
>       > Email: eliezer at ngtech.co.il <mailto:eliezer at ngtech.co.il>
>
>
>
>
>
>       > From: Yuri Voinov [mailto:yvoinov at gmail.com]
>
>       > Sent: Monday, October 24, 2016 21:07
>
>       > To: Eliezer Croitoru <eliezer at ngtech.co.il>
> <mailto:eliezer at ngtech.co.il> ; 'Garth van
>       Sittert | BitCo'
>
>       > <garth at bitco.co.za> <mailto:garth at bitco.co.za> ;
> squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
> > Subject: Re: [squid-users] Squid with ASR9001
>
>
>
>
>
>       > No.
>
>
>
>       > 24.10.2016 23:40, Eliezer Croitoru пишет:
>
>       > > And why would you want this
>
>       >       exactly?
>
>
>
>       >       > The most simple thing is to use routing policy and
>       to monitor
>
>       >       the proxy in
>
>
>
>       >       > a much higher level then WCCP.
>
>       > Based on my personal experience with WCCP (over 6 years). PBR
>       is VERY
>
>       > router's CPU consumpted.
>
>       > WCCP - is not (L2, not GRE. GRE performs on CPU, L2 on
>       control-plane and
>
>       > hardware-accelerated).
>
>
>
>       > However, using edge router for WCCP is not so good idea by
>       another reason.
>
>       > It breaks good network architecture in most cases. I'm not
>       CCA, but ever for
>
>       > me it's obvious.
>
>
>
>       > So, underlying aggregations switches is more appropriate
>       target for WCCP,
>
>       > because of they can be uses L2 WCCP - which is extremely
>       fast.
>
>
>
>       > > For example fetch a web page or
>
>       >       a statistics page every 10 seconds.
>
>
>
>       >       > It’s considered pretty right in the industry.
>
>
>
>       >       > For routers it’s a whole another story but for a
>       rock solid
>
>       >       system I do not
>
>
>
>       >       > believe WCCP is a must.
>
>       > Depending of router. Branch router must have. Just take a
>       look on whole
>
>       > Cisco's router's range. Just for interest.
>
>
>
>       > > Any juniper and Cisco + others
>
>       >       these days do not rely on WCCP since it’s
>
>
>
>       >       > considered a hassle to maintain.
>
>       > Cats delicious. You just do not know how to cook them :)
>
>
>
>       > WCCP is a very simple protocol. While there may be poorly
>       documented. There
>
>       > is another problem - very few people well versed in
>       networking technologies,
>
>       > few details delves into what makes. The vast majority simply
>       copy-paste
>
>       > configs without a single thought in his head, not bothering
>       to understand.
>
>
>
>       > What is there to maintain? Just configure it once and sit on
>       the ass
>
>       > straight.
>
>
>
>
>
>       >       > Eliezer
>
>
>
>
>
>
>
>       >       > ----
>
>
>
>       >       > Eliezer Croitoru
>       <http://ngtech.co.il/lmgtfy/> <http://ngtech.co.il/lmgtfy/>
>
>       > <http://ngtech.co.il/lmgtfy/> <http://ngtech.co.il/lmgtfy/>  
>
>
>
>       >       > Linux System Administrator
>
>
>
>       >       > Mobile: +972-5-28704261
>
>
>
>       >       > Email: eliezer at ngtech.co.il <mailto:eliezer at ngtech.co.il>
>       <mailto:eliezer at ngtech.co.il> <mailto:eliezer at ngtech.co.il>
>
>
>
>
>
>
>
>
>
>
>
>       >       > From: squid-users
>
>       >       [mailto:squid-users-bounces at lists.squid-cache.org] On
>
>
>
>       >       > Behalf Of Yuri
>
>
>
>       >       > Sent: Monday, October 24, 2016 14:06
>
>
>
>       >       > To: Garth van Sittert | BitCo
>       <garth at bitco.co.za> <mailto:garth at bitco.co.za>
>
>       > <mailto:garth at bitco.co.za> <mailto:garth at bitco.co.za>  ;
>
>
>
>       >       > squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
>
>       > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>
>
>       >       > Subject: Re: [squid-users] Squid with ASR9001
>
>
>
>
>
>
>
>       >       > Ha, it seems ASR9000 really does not support WCCP
>       exactly.
>
>       >       You right.
>
>
>
>
>
>
>
>       >       > WCCP supported on Nexus, on ASR1000... So, your
>       router only
>
>       >       can use PBR or
>
>
>
>       >       > analoquie.
>
>
>
>
>
>
>
>       >       > The only idea is to buy 3750 as aggregation
>       switch, config
>
>       >       WCCP on it and
>
>
>
>       >       > connect to your ASR by fiber trunk.
>
>
>
>       >       > 24.10.2016 16:30, Garth van Sittert | BitCo пишет:
>
>
>
>
>
>
>
>       >       > By Cisco employee - “Correct, there is no WCCP and
>       no plans
>
>       >       for it
>
>
>
>       >       > either... :(”
>
>
>
>
>
>
>       https://supportforums.cisco.com/discussion/12227051/ios-xr-and-wccp
>
>
>
>
>
>
>
>       >       > WCCP supported platforms –
>
>
>
>
>
>
>
>
>
>
>
https://supportforums.cisco.com/document/133201/wccp-platform-support-overv
>
>       > i
>
>
>
>       >       > ew
>
>
>
>
>
>
>
>       >       > Our ASR9001 has no commands that support wccp
>       anywhere…
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       > Garth van Sittert | Chief Executive Officer     
>
>
>
>       >       > (BSC Physics & Computer Science)
>
>
>
>       >       > Tel: 087 135 0000 Ext: 201
>
>
>
>       >       > garth at bitco.co.za <mailto:garth at bitco.co.za>
> <mailto:garth at bitco.co.za> <mailto:garth at bitco.co.za>
>
>       > <mailto:garth at bitco.co.za> <mailto:garth at bitco.co.za>
>       <mailto:garth at bitco.co.za> <mailto:garth at bitco.co.za>   
>
>
>
>       >       > bitco.co.za <http://www.bitco.co.za/>
> <http://www.bitco.co.za/>
>       <http://www.bitco.co.za/> <http://www.bitco.co.za/>
>
>
>
>
>
>
>
>
>
>       >       > From: Yuri [mailto:yvoinov at gmail.com]
>
>
>
>       >       > Sent: Monday, 24 October 2016 12:12 PM
>
>
>
>       >       > To: Garth van Sittert | BitCo
>       <garth at bitco.co.za> <mailto:garth at bitco.co.za>
>
>       > <mailto:garth at bitco.co.za> <mailto:garth at bitco.co.za>
>
>
>
>       >       > <mailto:garth at bitco.co.za> <mailto:garth at bitco.co.za>
>       <mailto:garth at bitco.co.za> <mailto:garth at bitco.co.za>   ;
>
>       >       squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
>
>       > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>
>
>       >       > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>       > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>  
>
>
>
>       >       > Subject: Re: [squid-users] Squid with ASR9001
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       > 24.10.2016 13:16, Garth van Sittert | BitCo пишет:
>
>
>
>       >       > Yes, it looks like all of the ASR9000 range which
>       makes use
>
>       >       of IOS XR no
>
>
>
>       >       > longer supports WCCP.
>
>
>
>       >       > Please, provide prooflink from Cisco.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       > Policy Based Routing has been replaced by ACL
>       Based
>
>       >       Forwarding or ABF.
>
>
>
>       >       > So? This is therminology difference, if any.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       > From: squid-users
>
>       >       [mailto:squid-users-bounces at lists.squid-cache.org] On
>
>
>
>       >       > Behalf Of Yuri Voinov
>
>
>
>       >       > Sent: Sunday, 23 October 2016 9:35 PM
>
>
>
>       >       > To: squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
>
>       > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>
>
>       >       > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>       > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>  
>
>
>
>       >       > Subject: Re: [squid-users] Squid with ASR9001
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       > 23.10.2016 23:16, Garth van Sittert | BitCo пишет:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       > Good day all
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       > Has anyone had any experience setting
>       up Squid
>
>       >       with any IOS
>
>
>
>       >       >       XR Cisco routers?  The Cisco ASR9000 range
>       doesn’t
>
>       >       support WCCP
>
>
>
>       >       >       and I cannot find any examples online.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       > Seriously, the entire range?
>
>
>
>
>
>
>
>       >       > Who said that it does not support WCCP? It is
>       obligation to
>
>       >       support, if
>
>
>
>       >       > only because it is not a home dish soap. That's
>       when Cisco
>
>       >       write the
>
>
>
>       >       > documentation that does not support - and then we
>       cry.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       > I have also found quotes regarding PBR
>       on the
>
>       >       ASR9000… “With
>
>
>
>       >       >       IOS XR traditional policy-based routing
>       (PBR) is
>
>       >       history”
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       > It's crazy city a forum talking about? PBR - is a
>       fundamental
>
>       >       functionality
>
>
>
>       >       > for the router. Especially for the router at this
>       level. I
>
>       >       somehow difficult
>
>
>
>       >       > to imagine a company that completely cuts down the
>       business
>
>       >       by releasing
>
>
>
>       >       > incompatible with what device. This is only
>       possible in the
>
>       >       OpenSource. But
>
>
>
>       >       > not in huge IT-business company. AFAIK.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       > I plan to use this on our 10Gbps ISP
>       traffic to
>
>       >       improve
>
>
>
>       >       >       customer experience…
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       > There is no examples because the solutions of such
>       a level
>
>       >       rarely use
>
>
>
>       >       > Squid. Personally, I do not have a machine to play
>       and write
>
>       >       an example to
>
>
>
>       >       > Squid's wiki. As you know, Christmas is not the
>       wife of a
>
>       >       router is present
>
>
>
>       >       > as trinkets.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       > Garth
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       > BitCo Email Footer
>
>
>
>
>
>
>
<https://www.google.co.za/maps/place/Wedgewood+Office+Park/@-26.04982,28.01
>
>
>
>
>
>
>
96914,17z/data=!3m1!4b1!4m5!3m4!1s0x142989bce6c63b3:0xc0b44878907297f4!8m2!
>
>       > 3
>
>
>
>       >       > d-26.04982!4d28.0218801>
>
>
>
>
>
>
>
<https://www.google.co.za/maps/place/Wedgewood+Office+Park/@-26.04982,28.01
>
>       > 9
>
>
>
>
>
>
>
6914,17z/data=%213m1%214b1%214m5%213m4%211s0x142989bce6c63b3:0xc0b448789072
>
>       > 9
>
>
>
>       >       > 7f4%218m2%213d-26.04982%214d28.0218801>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       > The information contained in this
>       message is
>
>       >       intended solely
>
>
>
>       >       >       for the individual to whom it is
>       specifically and
>
>       >       originally
>
>
>
>       >       >       addressed. This message and its contents may
>       contain
>
>       >       confidential
>
>
>
>       >       >       or privileged information from BitCo. If you
>       are not
>
>       >       the intended
>
>
>
>       >       >       recipient, you are hereby notified that any
>       disclosure
>
>       >       or
>
>
>
>       >       >       distribution, is strictly prohibited. If you
>       receive
>
>       >       this email in
>
>
>
>       >       >       error, please notify BitCo immediately and
>       delete it.
>
>       >       BitCo does
>
>
>
>       >       >       not accept any liability or responsibility
>       if action is
>
>       >       taken in
>
>
>
>       >       >       reliance on the contents of this
>       information.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >
>       _______________________________________________
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       > squid-users mailing list
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       > squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
>
>       > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>
>
>       >       > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>       > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >
>       http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
<https://www.google.co.za/maps/place/Wedgewood+Office+Park/@-26.04982,28.01
>
>       > 9
>
>
>
>
>
>
>
6914,17z/data=%213m1%214b1%214m5%213m4%211s0x142989bce6c63b3:0xc0b448789072
>
>       > 9
>
>
>
>       >       > 7f4%218m2%213d-26.04982%214d28.0218801>
>
>
>
>       >       > The information contained in this message is
>       intended solely
>
>       >       for the
>
>
>
>       >       > individual to whom it is specifically and
>       originally
>
>       >       addressed. This message
>
>
>
>       >       > and its contents may contain confidential or
>       privileged
>
>       >       information from
>
>
>
>       >       > BitCo. If you are not the intended recipient, you
>       are hereby
>
>       >       notified that
>
>
>
>       >       > any disclosure or distribution, is strictly
>       prohibited. If
>
>       >       you receive this
>
>
>
>       >       > email in error, please notify BitCo immediately
>       and delete
>
>       >       it. BitCo does
>
>
>
>       >       > not accept any liability or responsibility if
>       action is taken
>
>       >       in reliance on
>
>
>
>       >       > the contents of this information.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
<https://www.google.co.za/maps/place/Wedgewood+Office+Park/@-26.04982,28.01
>
>       > 9
>
>
>
>
>
>
>
6914,17z/data=%213m1%214b1%214m5%213m4%211s0x142989bce6c63b3:0xc0b448789072
>
>       > 9
>
>
>
>       >       > 7f4%218m2%213d-26.04982%214d28.0218801>
>
>
>
>       >       > The information contained in this message is
>       intended solely
>
>       >       for the
>
>
>
>       >       > individual to whom it is specifically and
>       originally
>
>       >       addressed. This message
>
>
>
>       >       > and its contents may contain confidential or
>       privileged
>
>       >       information from
>
>
>
>       >       > BitCo. If you are not the intended recipient, you
>       are hereby
>
>       >       notified that
>
>
>
>       >       > any disclosure or distribution, is strictly
>       prohibited. If
>
>       >       you receive this
>
>
>
>       >       > email in error, please notify BitCo immediately
>       and delete
>
>       >       it. BitCo does
>
>
>
>       >       > not accept any liability or responsibility if
>       action is taken
>
>       >       in reliance on
>
>
>
>       >       > the contents of this information.
>
>
>
>
>
>
>

- -- 
Cats - delicious. You just do not know how to cook them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJYDoYZAAoJENNXIZxhPexGNHcIAJUWBGZF+aEfA8V0FMWVJgJn
LfxfyTdtTqBQYeY+/mJzpoGZRul7SHiaJ98cFc6b30oDXQoPu6L5Url5ueBicqPK
QhTJxnAtWdl3UNy4sxTcYg646Zy9FLXbwloblE9ATn3Q2/Kkj6s4vy+kVy88pgmY
0txDr+K7UdUowhIJzPMSsCLHcNquXHvpIJeZA13TLTzxwAtUWbIioyG+S1Z3aqWy
uHpKBRSx/Ei8Keg1XaDF82QzOnG2uSMU7fcYc6wDYCfN+6MwZoNOqbCoD/69krpV
is4z7bJrlma8hr4Z0KzhNgNYZDowFoGdtG5UY484nTghsyGoot3TgR3aedxMguI=
=5MI8
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161025/a58a04d7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161025/a58a04d7/attachment-0001.key>


More information about the squid-users mailing list