[squid-users] Squid with ASR9001
Yuri Voinov
yvoinov at gmail.com
Mon Oct 24 22:07:21 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Compared with PBR - definitely.
IF OS TCP stack supports bridging - exactly.
25.10.2016 3:59, Eliezer Croitoru пишет:
> So what you are illustrating is that if we will handle the connection
> interception using bridge tables it would be much more efficient then
Policy
> Based routing.
> I believe it’s very simple to implement in linux.
>
> Eliezer
>
> ----
> Eliezer Croitoru <http://ngtech.co.il/lmgtfy/>
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
>
>
> From: Yuri Voinov [mailto:yvoinov at gmail.com]
> Sent: Monday, October 24, 2016 22:01
> To: Eliezer Croitoru <eliezer at ngtech.co.il>
> Cc: 'Garth van Sittert | BitCo' <garth at bitco.co.za>;
> squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Squid with ASR9001
>
>
> Well, if we're talking about squid-based appliances.....
>
> http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2
>
> In this article descrived approx. half-year experimental experience with
> various LAN topologies, and Cisco devices.
>
> More common:
>
>
http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide
> /ffun_c/fcf018.html
>
https://supportforums.cisco.com/document/143961/understanding-wccp-redirect
> ion-and-assignment-methods-waas
>
> Cisco has not best-in-the-world documentation, yes, but everything depends
> on an understanding of network protocols and basic architecture.
>
> 25.10.2016 0:44, Eliezer Croitoru пишет:
> > Well I do agree on most of the
> things but it seems that CPU is missing in
>
> > some devices and there for a simpler protocol is better but….
> CPU…
> Yessssss. Router has CPU. :) Not only ASIC. :) PBR is problem, because of
> EVERY policy/ACL match handles on CPU.
>
> This brings us to the other side - the rules / policies must be carefully
> optimized - that too few people do, until the router does not choke on CPU
> overload.
>
> > Admins in many cases do not use
> their own to understand the complexity but
>
> > from what I do see in the jobs market employers expect the
> unexpected.
> Admins, in most cases, understand nothing and do not bother trying to
grasp
> and understand more deeply than in the first three-five seconds. ;)
>
> About the present, of course, do not tell. :)
>
> > Or if to be more accurate: They
> expect a mage which knows and understand
>
> > every single protocol language and piece of hardware.
>
>
>
> > Can you gather me what ever documentation on the WCCP
> protocol?
>
> > I want to see how simple it would be to implement the same
> concepts with an
>
> > HTTP\tcp interface.
> There's really just all. The main thing to understand how the network
works
> on L2 and L3 in OSI. And a bit network hardware knowledge.
>
>
>
> > Eliezer
>
>
>
> > ----
>
> > Eliezer Croitoru <http://ngtech.co.il/lmgtfy/>
> <http://ngtech.co.il/lmgtfy/>
>
> > Linux System Administrator
>
> > Mobile: +972-5-28704261
>
> > Email: eliezer at ngtech.co.il <mailto:eliezer at ngtech.co.il>
>
>
>
>
>
> > From: Yuri Voinov [mailto:yvoinov at gmail.com]
>
> > Sent: Monday, October 24, 2016 21:07
>
> > To: Eliezer Croitoru <eliezer at ngtech.co.il>
> <mailto:eliezer at ngtech.co.il> ; 'Garth van
> Sittert | BitCo'
>
> > <garth at bitco.co.za> <mailto:garth at bitco.co.za> ;
> squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
> > Subject: Re: [squid-users] Squid with ASR9001
>
>
>
>
>
> > No.
>
>
>
> > 24.10.2016 23:40, Eliezer Croitoru пишет:
>
> > > And why would you want this
>
> > exactly?
>
>
>
> > > The most simple thing is to use routing policy and
> to monitor
>
> > the proxy in
>
>
>
> > > a much higher level then WCCP.
>
> > Based on my personal experience with WCCP (over 6 years). PBR
> is VERY
>
> > router's CPU consumpted.
>
> > WCCP - is not (L2, not GRE. GRE performs on CPU, L2 on
> control-plane and
>
> > hardware-accelerated).
>
>
>
> > However, using edge router for WCCP is not so good idea by
> another reason.
>
> > It breaks good network architecture in most cases. I'm not
> CCA, but ever for
>
> > me it's obvious.
>
>
>
> > So, underlying aggregations switches is more appropriate
> target for WCCP,
>
> > because of they can be uses L2 WCCP - which is extremely
> fast.
>
>
>
> > > For example fetch a web page or
>
> > a statistics page every 10 seconds.
>
>
>
> > > It’s considered pretty right in the industry.
>
>
>
> > > For routers it’s a whole another story but for a
> rock solid
>
> > system I do not
>
>
>
> > > believe WCCP is a must.
>
> > Depending of router. Branch router must have. Just take a
> look on whole
>
> > Cisco's router's range. Just for interest.
>
>
>
> > > Any juniper and Cisco + others
>
> > these days do not rely on WCCP since it’s
>
>
>
> > > considered a hassle to maintain.
>
> > Cats delicious. You just do not know how to cook them :)
>
>
>
> > WCCP is a very simple protocol. While there may be poorly
> documented. There
>
> > is another problem - very few people well versed in
> networking technologies,
>
> > few details delves into what makes. The vast majority simply
> copy-paste
>
> > configs without a single thought in his head, not bothering
> to understand.
>
>
>
> > What is there to maintain? Just configure it once and sit on
> the ass
>
> > straight.
>
>
>
>
>
> > > Eliezer
>
>
>
>
>
>
>
> > > ----
>
>
>
> > > Eliezer Croitoru
> <http://ngtech.co.il/lmgtfy/> <http://ngtech.co.il/lmgtfy/>
>
> > <http://ngtech.co.il/lmgtfy/> <http://ngtech.co.il/lmgtfy/>
>
>
>
> > > Linux System Administrator
>
>
>
> > > Mobile: +972-5-28704261
>
>
>
> > > Email: eliezer at ngtech.co.il <mailto:eliezer at ngtech.co.il>
> <mailto:eliezer at ngtech.co.il> <mailto:eliezer at ngtech.co.il>
>
>
>
>
>
>
>
>
>
>
>
> > > From: squid-users
>
> > [mailto:squid-users-bounces at lists.squid-cache.org] On
>
>
>
> > > Behalf Of Yuri
>
>
>
> > > Sent: Monday, October 24, 2016 14:06
>
>
>
> > > To: Garth van Sittert | BitCo
> <garth at bitco.co.za> <mailto:garth at bitco.co.za>
>
> > <mailto:garth at bitco.co.za> <mailto:garth at bitco.co.za> ;
>
>
>
> > > squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
>
> > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>
>
> > > Subject: Re: [squid-users] Squid with ASR9001
>
>
>
>
>
>
>
> > > Ha, it seems ASR9000 really does not support WCCP
> exactly.
>
> > You right.
>
>
>
>
>
>
>
> > > WCCP supported on Nexus, on ASR1000... So, your
> router only
>
> > can use PBR or
>
>
>
> > > analoquie.
>
>
>
>
>
>
>
> > > The only idea is to buy 3750 as aggregation
> switch, config
>
> > WCCP on it and
>
>
>
> > > connect to your ASR by fiber trunk.
>
>
>
> > > 24.10.2016 16:30, Garth van Sittert | BitCo пишет:
>
>
>
>
>
>
>
> > > By Cisco employee - “Correct, there is no WCCP and
> no plans
>
> > for it
>
>
>
> > > either... :(”
>
>
>
>
>
>
> https://supportforums.cisco.com/discussion/12227051/ios-xr-and-wccp
>
>
>
>
>
>
>
> > > WCCP supported platforms –
>
>
>
>
>
>
>
>
>
>
>
https://supportforums.cisco.com/document/133201/wccp-platform-support-overv
>
> > i
>
>
>
> > > ew
>
>
>
>
>
>
>
> > > Our ASR9001 has no commands that support wccp
> anywhere…
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > Garth van Sittert | Chief Executive Officer
>
>
>
> > > (BSC Physics & Computer Science)
>
>
>
> > > Tel: 087 135 0000 Ext: 201
>
>
>
> > > garth at bitco.co.za <mailto:garth at bitco.co.za>
> <mailto:garth at bitco.co.za> <mailto:garth at bitco.co.za>
>
> > <mailto:garth at bitco.co.za> <mailto:garth at bitco.co.za>
> <mailto:garth at bitco.co.za> <mailto:garth at bitco.co.za>
>
>
>
> > > bitco.co.za <http://www.bitco.co.za/>
> <http://www.bitco.co.za/>
> <http://www.bitco.co.za/> <http://www.bitco.co.za/>
>
>
>
>
>
>
>
>
>
> > > From: Yuri [mailto:yvoinov at gmail.com]
>
>
>
> > > Sent: Monday, 24 October 2016 12:12 PM
>
>
>
> > > To: Garth van Sittert | BitCo
> <garth at bitco.co.za> <mailto:garth at bitco.co.za>
>
> > <mailto:garth at bitco.co.za> <mailto:garth at bitco.co.za>
>
>
>
> > > <mailto:garth at bitco.co.za> <mailto:garth at bitco.co.za>
> <mailto:garth at bitco.co.za> <mailto:garth at bitco.co.za> ;
>
> > squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
>
> > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>
>
> > > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
> > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>
>
> > > Subject: Re: [squid-users] Squid with ASR9001
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > 24.10.2016 13:16, Garth van Sittert | BitCo пишет:
>
>
>
> > > Yes, it looks like all of the ASR9000 range which
> makes use
>
> > of IOS XR no
>
>
>
> > > longer supports WCCP.
>
>
>
> > > Please, provide prooflink from Cisco.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > Policy Based Routing has been replaced by ACL
> Based
>
> > Forwarding or ABF.
>
>
>
> > > So? This is therminology difference, if any.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > From: squid-users
>
> > [mailto:squid-users-bounces at lists.squid-cache.org] On
>
>
>
> > > Behalf Of Yuri Voinov
>
>
>
> > > Sent: Sunday, 23 October 2016 9:35 PM
>
>
>
> > > To: squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
>
> > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>
>
> > > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
> > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>
>
> > > Subject: Re: [squid-users] Squid with ASR9001
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > 23.10.2016 23:16, Garth van Sittert | BitCo пишет:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > Good day all
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > Has anyone had any experience setting
> up Squid
>
> > with any IOS
>
>
>
> > > XR Cisco routers? The Cisco ASR9000 range
> doesn’t
>
> > support WCCP
>
>
>
> > > and I cannot find any examples online.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > Seriously, the entire range?
>
>
>
>
>
>
>
> > > Who said that it does not support WCCP? It is
> obligation to
>
> > support, if
>
>
>
> > > only because it is not a home dish soap. That's
> when Cisco
>
> > write the
>
>
>
> > > documentation that does not support - and then we
> cry.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > I have also found quotes regarding PBR
> on the
>
> > ASR9000… “With
>
>
>
> > > IOS XR traditional policy-based routing
> (PBR) is
>
> > history”
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > It's crazy city a forum talking about? PBR - is a
> fundamental
>
> > functionality
>
>
>
> > > for the router. Especially for the router at this
> level. I
>
> > somehow difficult
>
>
>
> > > to imagine a company that completely cuts down the
> business
>
> > by releasing
>
>
>
> > > incompatible with what device. This is only
> possible in the
>
> > OpenSource. But
>
>
>
> > > not in huge IT-business company. AFAIK.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > I plan to use this on our 10Gbps ISP
> traffic to
>
> > improve
>
>
>
> > > customer experience…
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > There is no examples because the solutions of such
> a level
>
> > rarely use
>
>
>
> > > Squid. Personally, I do not have a machine to play
> and write
>
> > an example to
>
>
>
> > > Squid's wiki. As you know, Christmas is not the
> wife of a
>
> > router is present
>
>
>
> > > as trinkets.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > Garth
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > BitCo Email Footer
>
>
>
>
>
>
>
<https://www.google.co.za/maps/place/Wedgewood+Office+Park/@-26.04982,28.01
>
>
>
>
>
>
>
96914,17z/data=!3m1!4b1!4m5!3m4!1s0x142989bce6c63b3:0xc0b44878907297f4!8m2!
>
> > 3
>
>
>
> > > d-26.04982!4d28.0218801>
>
>
>
>
>
>
>
<https://www.google.co.za/maps/place/Wedgewood+Office+Park/@-26.04982,28.01
>
> > 9
>
>
>
>
>
>
>
6914,17z/data=%213m1%214b1%214m5%213m4%211s0x142989bce6c63b3:0xc0b448789072
>
> > 9
>
>
>
> > > 7f4%218m2%213d-26.04982%214d28.0218801>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > The information contained in this
> message is
>
> > intended solely
>
>
>
> > > for the individual to whom it is
> specifically and
>
> > originally
>
>
>
> > > addressed. This message and its contents may
> contain
>
> > confidential
>
>
>
> > > or privileged information from BitCo. If you
> are not
>
> > the intended
>
>
>
> > > recipient, you are hereby notified that any
> disclosure
>
> > or
>
>
>
> > > distribution, is strictly prohibited. If you
> receive
>
> > this email in
>
>
>
> > > error, please notify BitCo immediately and
> delete it.
>
> > BitCo does
>
>
>
> > > not accept any liability or responsibility
> if action is
>
> > taken in
>
>
>
> > > reliance on the contents of this
> information.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > >
> _______________________________________________
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > squid-users mailing list
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
>
> > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>
>
> > > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
> > <mailto:squid-users at lists.squid-cache.org>
> <mailto:squid-users at lists.squid-cache.org>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > >
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
<https://www.google.co.za/maps/place/Wedgewood+Office+Park/@-26.04982,28.01
>
> > 9
>
>
>
>
>
>
>
6914,17z/data=%213m1%214b1%214m5%213m4%211s0x142989bce6c63b3:0xc0b448789072
>
> > 9
>
>
>
> > > 7f4%218m2%213d-26.04982%214d28.0218801>
>
>
>
> > > The information contained in this message is
> intended solely
>
> > for the
>
>
>
> > > individual to whom it is specifically and
> originally
>
> > addressed. This message
>
>
>
> > > and its contents may contain confidential or
> privileged
>
> > information from
>
>
>
> > > BitCo. If you are not the intended recipient, you
> are hereby
>
> > notified that
>
>
>
> > > any disclosure or distribution, is strictly
> prohibited. If
>
> > you receive this
>
>
>
> > > email in error, please notify BitCo immediately
> and delete
>
> > it. BitCo does
>
>
>
> > > not accept any liability or responsibility if
> action is taken
>
> > in reliance on
>
>
>
> > > the contents of this information.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
<https://www.google.co.za/maps/place/Wedgewood+Office+Park/@-26.04982,28.01
>
> > 9
>
>
>
>
>
>
>
6914,17z/data=%213m1%214b1%214m5%213m4%211s0x142989bce6c63b3:0xc0b448789072
>
> > 9
>
>
>
> > > 7f4%218m2%213d-26.04982%214d28.0218801>
>
>
>
> > > The information contained in this message is
> intended solely
>
> > for the
>
>
>
> > > individual to whom it is specifically and
> originally
>
> > addressed. This message
>
>
>
> > > and its contents may contain confidential or
> privileged
>
> > information from
>
>
>
> > > BitCo. If you are not the intended recipient, you
> are hereby
>
> > notified that
>
>
>
> > > any disclosure or distribution, is strictly
> prohibited. If
>
> > you receive this
>
>
>
> > > email in error, please notify BitCo immediately
> and delete
>
> > it. BitCo does
>
>
>
> > > not accept any liability or responsibility if
> action is taken
>
> > in reliance on
>
>
>
> > > the contents of this information.
>
>
>
>
>
>
>
- --
Cats - delicious. You just do not know how to cook them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYDoYZAAoJENNXIZxhPexGNHcIAJUWBGZF+aEfA8V0FMWVJgJn
LfxfyTdtTqBQYeY+/mJzpoGZRul7SHiaJ98cFc6b30oDXQoPu6L5Url5ueBicqPK
QhTJxnAtWdl3UNy4sxTcYg646Zy9FLXbwloblE9ATn3Q2/Kkj6s4vy+kVy88pgmY
0txDr+K7UdUowhIJzPMSsCLHcNquXHvpIJeZA13TLTzxwAtUWbIioyG+S1Z3aqWy
uHpKBRSx/Ei8Keg1XaDF82QzOnG2uSMU7fcYc6wDYCfN+6MwZoNOqbCoD/69krpV
is4z7bJrlma8hr4Z0KzhNgNYZDowFoGdtG5UY484nTghsyGoot3TgR3aedxMguI=
=5MI8
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161025/a58a04d7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161025/a58a04d7/attachment-0001.key>
More information about the squid-users
mailing list