On Thu, 24 Jun 2004, Paul P Komkoff Jr wrote:
> Currently my goal is to make squid + wccp configuration working
> out-of-the box. Ideally - without any extra modules.
This is possible with WCCPv2 using direct routing avoiding the need of
GRE/WCCP tunneling. WCCPv2 patches do exists for Squid-2.5, but may be a
little hard to find.. (no official maintainer of the WCCPv2 support for
Squid at the moment)
> Currently, most wccp configurations are working with this module:
> http://www.squid-cache.org/WCCP-support/Linux/ip_wccp.c
Please note that this module is by no means clean, and lacks a lot in
security.
There is also a WCCP patch available to the GRE driver. This approach
provides a little more security but is also more complex to set up for the
same reasons and is not used very much..
http://www.swelltech.com/pengies/joe/patches/linux-2.4.8-ip_gre.patch
The GRE patch is very simplistic and would do good of being properly
implemented and integrated with the "ip tunnel" command for
configuration of the GRE protocol (normal GRE / WCCPv1 / WCCPv2 /
whatever...).
> What do you think? Which way I should do?
I think approach 1 (decapsulation within GRE) is most suitable. It also
provides an adequate level of control on security and permissions which
may be hard to accomplish if separating the two.
Regards
Henrik Nordström
aka hno@xxxxxxxxxxxxxxx and current maintainer of the Squid ip_wccp.c
module
|