[squid-users] squid HIT and Cisco ACL
Garri Djavadyan
garryd at comnet.uz
Mon Nov 7 12:17:38 UTC 2016
On Mon, 2016-11-07 at 06:25 -0400, Juan C. Crespo R. wrote:
> Good Morning Guys
>
>
> I've been trying to make a few ACL to catch and then improve the
> BW
> of the HITS sent from my Squid Box to my CMTS and I can't find any
> way
> to doit
>
>
> Squid.conf: qos_flows tos local-hit=0x30
>
> Cisco CMTS: ip access-list extender JC
>
> Int giga0/1
>
> ip address 172.25.25.30 255.255.255.0
>
> ip access-group JC in
>
> show access-list JC
>
> 10 permit ip any any tos 12
> 20 permit ip any any dscp af12
> 30 permit ip any any (64509 matches)
>
> Thanks
Hi,
1. What version of Squid are you using? Also, please provide configure
options (squid -v).
2. Are you sure that intermediate devices don't clear DSCP bits before
reaching the router?
I've tested the feature using 4.0.16-20161104-r14917 with almost
default configure options:
# sbin/squid -v
Squid Cache: Version 4.0.16-20161104-r14917
Service Name: squid
configure options: '--prefix=/usr/local/squid40' '--disable-
optimizations' '--with-openssl' '--enable-ssl-crtd'
And with almost default configuration:
# diff etc/squid.conf.default etc/squid.conf
76a77
> qos_flows tos local-hit=0x30
Using tcpdump I see that HIT reply has DSCP AF12:
17:14:56.837675 IP (tos 0x30, ttl 64, id 41134, offset 0, flags [DF],
proto TCP (6), length 2199)
127.0.0.1.3128 > 127.0.0.1.42848: Flags [P.], cksum 0x068c
(incorrect -> 0x478b), seq 1:2148, ack 161, win 350, options
[nop,nop,TS val 607416387 ecr 607416387], length 2147
More information about the squid-users
mailing list