Saturday, November 6, 2010

Configuration Similarities between Cisco and Huawei/H3c Products

I was happen to use a Huawei product and saw lots of similarities between Cisco and Huawei configuration. Most of commands seems synonyms of cisco commands :). Following are some of commands comparison.

Cisco Huawei / H3C
enable system-view
show display
show running-config display current-configuration
hostname < Name > sysname < Name >
Ip route ip route-static
interface vlan 1 interface Vlan-interface1
show processes cpu history display cpu-usage history
show interface display interface
line vty 0 4 user-interface vty 0 4
write save
enable password password simple

If you are familiar Cisco IOS it wouldn't be harder to understand the Huawei OS.

Wednesday, November 3, 2010

Squid Cache proxy with Cisco WCCP

WCCP is a nice protocol to use caching with Cisco, Main reason is you don't have to route traffic through the caching PC. You can keep the caching server as a PC running on the LAN. WCCP will find the caching server and route the web traffic through the caching server. Advantage is If your caching server is down still you will be able to access Internet.

As configuration wise you need to enables WCCP on cisco as following in global configuration mode.

ip wccp version 1
ip wccp web-cache

You need to enable cache redirect on the interface connect with the internet as follows.

ip wccp web-cache redirect out

If the caching server located in the same LAN, do following configuration on LAN interface.
ip route-cache same-interface

In your Squid cache proxy you need to enable wccp.
open /etc/squid/squid.conf file and uncomment wccp_router directive and wccp_version as follows.

wccp_router < IP of the wccp router >
wccp_version 4

Now the squid configuration is done. But If you monitor traffic comes to the squid you may realize its unable to cache the web traffic. This is because WCCP redirect web traffic by GRE encapsulated. There fore you need to enable gre interface just to decrypt and get the encapsulated data.

modprobe ip_gre
ifconfig gre0 up

And assign a IP just to up the interface.

ip addr add dev gre0

Then enable IP forwarding and disable rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter

Now you need to redirect traffic comes to port 80 into proxy service port.
iptables -t nat -A PREROUTING -i gre0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Now you are Finished configuring wccp with squid box.

To trouble shoot you can use following commands on cisco.

#sh ip wccp

Global WCCP information:
Router information:
Router Identifier:
Protocol Version: 1.0

Service Identifier: web-cache
Number of Service Group Clients: 1
Number of Service Group Routers: 1
Total Packets s/w Redirected: 263
Process: 49
Fast: 0
CEF: 263

#sh ip wccp web-cache detail
WCCP Client information:
WCCP Client ID:
Protocol Version: 0.4

#sh ip wccp web-cache view

WCCP Clients Visible: