[squid-users] squid HIT and Cisco ACL

Juan C. Crespo R. jcrespo at ifxnw.com.ve
Mon Nov 7 15:11:19 UTC 2016


Hi, Thanks for your response and help


1. Cache: Version 3.5.19
Service Name: squid
configure options:  '--prefix=/usr/local/squid' 
'--enable-storeio=rock,diskd,ufs,aufs' 
'--enable-removal-policies=lru,heap' '--disable-pf-transparent' 
'--enable-ipfw-transparent' '--with-large-files' '--enable-delay-pools' 
'--localstatedir=/usr/local/squid/var/run' '--disable-select' 
'--enable-ltdl-convenience' '--enable-zph-qos'

2. The only intermediate device its a Cisco 3750G12 switch with no 
policy or special configuration between the Squid Box and the Cisco CMTS.


Thanks again


On 07/11/2016 08:17 a.m., Garri Djavadyan wrote:
> On Mon, 2016-11-07 at 06:25 -0400, Juan C. Crespo R. wrote:
>> Good Morning Guys
>>
>>
>>       I've been trying to make a few ACL to catch and then improve the
>> BW
>> of the HITS sent from my Squid Box to my CMTS and I can't find any
>> way
>> to doit
>>
>>
>> Squid.conf: qos_flows tos local-hit=0x30
>>
>> Cisco CMTS: ip access-list extender JC
>>
>> Int giga0/1
>>
>> ip address 172.25.25.30 255.255.255.0
>>
>> ip access-group JC in
>>
>> show access-list JC
>>
>>       10 permit ip any any tos 12
>>       20 permit ip any any dscp af12
>>       30 permit ip any any (64509 matches)
>>
>> Thanks
> Hi,
>
> 1. What version of Squid are you using? Also, please provide configure
> options (squid -v).
>
> 2. Are you sure that intermediate devices don't clear DSCP bits before
> reaching the router?
>
>
> I've tested the feature using 4.0.16-20161104-r14917 with almost
> default configure options:
>
> # sbin/squid -v
> Squid Cache: Version 4.0.16-20161104-r14917
> Service Name: squid
> configure options:  '--prefix=/usr/local/squid40' '--disable-
> optimizations' '--with-openssl' '--enable-ssl-crtd'
>
>
> And with almost default configuration:
>
> # diff etc/squid.conf.default etc/squid.conf
> 76a77
>> qos_flows tos local-hit=0x30
>
> Using tcpdump I see that HIT reply has DSCP AF12:
>
> 17:14:56.837675 IP (tos 0x30, ttl 64, id 41134, offset 0, flags [DF],
> proto TCP (6), length 2199)
>      127.0.0.1.3128 > 127.0.0.1.42848: Flags [P.], cksum 0x068c
> (incorrect -> 0x478b), seq 1:2148, ack 161, win 350, options
> [nop,nop,TS val 607416387 ecr 607416387], length 2147
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list