Re: [squid-users] squid HIT and Cisco ACL
On 2016-11-07 20:11, Juan C. Crespo R. wrote: Hi, Thanks for your response and help 1. Cache: Version 3.5.19 Service Name: squid configure options: '--prefix=/usr/local/squid' '--enable-storeio=rock,diskd,ufs,aufs' '--enable-removal-policies=lru,heap' '--disable-pf-transparent' '--enable-ipfw-transparent' '--with-large-files' '--enable-delay-pools' '--localstatedir=/usr/local/squid/var/run' '--disable-select' '--enable-ltdl-convenience' '--enable-zph-qos' 2. The only intermediate device its a Cisco 3750G12 switch with no policy or special configuration between the Squid Box and the Cisco CMTS. If 'mls qos' is enabled on your Catalyst, it would clear any QoS marks by default. If it is not the case, you can mirror Squid's traffic (monitor session on Catalyst) to packet analyzer to check whether the QoS marks applied as expected. Garri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid HIT and Cisco ACL
Hi, Thanks for your response and help 1. Cache: Version 3.5.19 Service Name: squid configure options: '--prefix=/usr/local/squid' '--enable-storeio=rock,diskd,ufs,aufs' '--enable-removal-policies=lru,heap' '--disable-pf-transparent' '--enable-ipfw-transparent' '--with-large-files' '--enable-delay-pools' '--localstatedir=/usr/local/squid/var/run' '--disable-select' '--enable-ltdl-convenience' '--enable-zph-qos' 2. The only intermediate device its a Cisco 3750G12 switch with no policy or special configuration between the Squid Box and the Cisco CMTS. Thanks again On 07/11/2016 08:17 a.m., Garri Djavadyan wrote: On Mon, 2016-11-07 at 06:25 -0400, Juan C. Crespo R. wrote: Good Morning Guys I've been trying to make a few ACL to catch and then improve the BW of the HITS sent from my Squid Box to my CMTS and I can't find any way to doit Squid.conf: qos_flows tos local-hit=0x30 Cisco CMTS: ip access-list extender JC Int giga0/1 ip address 172.25.25.30 255.255.255.0 ip access-group JC in show access-list JC 10 permit ip any any tos 12 20 permit ip any any dscp af12 30 permit ip any any (64509 matches) Thanks Hi, 1. What version of Squid are you using? Also, please provide configure options (squid -v). 2. Are you sure that intermediate devices don't clear DSCP bits before reaching the router? I've tested the feature using 4.0.16-20161104-r14917 with almost default configure options: # sbin/squid -v Squid Cache: Version 4.0.16-20161104-r14917 Service Name: squid configure options: '--prefix=/usr/local/squid40' '--disable- optimizations' '--with-openssl' '--enable-ssl-crtd' And with almost default configuration: # diff etc/squid.conf.default etc/squid.conf 76a77 qos_flows tos local-hit=0x30 Using tcpdump I see that HIT reply has DSCP AF12: 17:14:56.837675 IP (tos 0x30, ttl 64, id 41134, offset 0, flags [DF], proto TCP (6), length 2199) 127.0.0.1.3128 > 127.0.0.1.42848: Flags [P.], cksum 0x068c (incorrect -> 0x478b), seq 1:2148, ack 161, win 350, options [nop,nop,TS val 607416387 ecr 607416387], length 2147 ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid HIT and Cisco ACL
On Mon, 2016-11-07 at 06:25 -0400, Juan C. Crespo R. wrote: > Good Morning Guys > > > I've been trying to make a few ACL to catch and then improve the > BW > of the HITS sent from my Squid Box to my CMTS and I can't find any > way > to doit > > > Squid.conf: qos_flows tos local-hit=0x30 > > Cisco CMTS: ip access-list extender JC > > Int giga0/1 > > ip address 172.25.25.30 255.255.255.0 > > ip access-group JC in > > show access-list JC > > 10 permit ip any any tos 12 > 20 permit ip any any dscp af12 > 30 permit ip any any (64509 matches) > > Thanks Hi, 1. What version of Squid are you using? Also, please provide configure options (squid -v). 2. Are you sure that intermediate devices don't clear DSCP bits before reaching the router? I've tested the feature using 4.0.16-20161104-r14917 with almost default configure options: # sbin/squid -v Squid Cache: Version 4.0.16-20161104-r14917 Service Name: squid configure options: '--prefix=/usr/local/squid40' '--disable- optimizations' '--with-openssl' '--enable-ssl-crtd' And with almost default configuration: # diff etc/squid.conf.default etc/squid.conf 76a77 > qos_flows tos local-hit=0x30 Using tcpdump I see that HIT reply has DSCP AF12: 17:14:56.837675 IP (tos 0x30, ttl 64, id 41134, offset 0, flags [DF], proto TCP (6), length 2199) 127.0.0.1.3128 > 127.0.0.1.42848: Flags [P.], cksum 0x068c (incorrect -> 0x478b), seq 1:2148, ack 161, win 350, options [nop,nop,TS val 607416387 ecr 607416387], length 2147 ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] squid HIT and Cisco ACL
Good Morning Guys I've been trying to make a few ACL to catch and then improve the BW of the HITS sent from my Squid Box to my CMTS and I can't find any way to doit Squid.conf: qos_flows tos local-hit=0x30 Cisco CMTS: ip access-list extender JC Int giga0/1 ip address 172.25.25.30 255.255.255.0 ip access-group JC in show access-list JC 10 permit ip any any tos 12 20 permit ip any any dscp af12 30 permit ip any any (64509 matches) Thanks ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users