Re: [RFC] How to implement wccp over gre tunnel ?

[Henrik Nordstrom]

On Thu, 24 Jun 2004, Paul P Komkoff Jr wrote:

> Currently my goal is to make squid + wccp configuration working
> out-of-the box. Ideally - without any extra modules.

This is possible with WCCPv2 using direct routing avoiding the need of
GRE/WCCP tunneling. WCCPv2 patches do exists for Squid-2.5, but may be a
little hard to find.. (no official maintainer of the WCCPv2 support for
Squid at the moment)

> Currently, most wccp configurations are working with this module:
> http://www.squid-cache.org/WCCP-support/Linux/ip_wccp.c

Please note that this module is by no means clean, and lacks a lot in 
security.

There is also a WCCP patch available to the GRE driver. This approach 
provides a little more security but is also more complex to set up for the 
same reasons and is not used very much..

  http://www.swelltech.com/pengies/joe/patches/linux-2.4.8-ip_gre.patch

The GRE patch is very simplistic and would do good of being properly 
implemented and integrated with the "ip tunnel" command for 
configuration of the GRE protocol (normal GRE / WCCPv1 / WCCPv2 / 
whatever...).

> What do you think? Which way I should do?

I think approach 1 (decapsulation within GRE) is most suitable. It also 
provides an adequate level of control on security and permissions which 
may be hard to accomplish if separating the two.

Regards
Henrik Nordström
aka hno@xxxxxxxxxxxxxxx and current maintainer of the Squid ip_wccp.c 
module

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html