-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Compared with PBR - definitely.
IF OS TCP stack supports bridging - exactly. 25.10.2016 3:59, Eliezer Croitoru пишет: > So what you are illustrating is that if we will handle the connection > interception using bridge tables it would be much more efficient then Policy > Based routing. > I believe it’s very simple to implement in linux. > > Eliezer > > ---- > Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > From: Yuri Voinov [mailto:yvoi...@gmail.com] > Sent: Monday, October 24, 2016 22:01 > To: Eliezer Croitoru <elie...@ngtech.co.il> > Cc: 'Garth van Sittert | BitCo' <ga...@bitco.co.za>; > squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Squid with ASR9001 > > > Well, if we're talking about squid-based appliances..... > > http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2 > > In this article descrived approx. half-year experimental experience with > various LAN topologies, and Cisco devices. > > More common: > > http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide > /ffun_c/fcf018.html > https://supportforums.cisco.com/document/143961/understanding-wccp-redirect > ion-and-assignment-methods-waas > > Cisco has not best-in-the-world documentation, yes, but everything depends > on an understanding of network protocols and basic architecture. > > 25.10.2016 0:44, Eliezer Croitoru пишет: > > Well I do agree on most of the > things but it seems that CPU is missing in > > > some devices and there for a simpler protocol is better but…. > CPU… > Yessssss. Router has CPU. :) Not only ASIC. :) PBR is problem, because of > EVERY policy/ACL match handles on CPU. > > This brings us to the other side - the rules / policies must be carefully > optimized - that too few people do, until the router does not choke on CPU > overload. > > > Admins in many cases do not use > their own to understand the complexity but > > > from what I do see in the jobs market employers expect the > unexpected. > Admins, in most cases, understand nothing and do not bother trying to grasp > and understand more deeply than in the first three-five seconds. ;) > > About the present, of course, do not tell. :) > > > Or if to be more accurate: They > expect a mage which knows and understand > > > every single protocol language and piece of hardware. > > > > > Can you gather me what ever documentation on the WCCP > protocol? > > > I want to see how simple it would be to implement the same > concepts with an > > > HTTP\tcp interface. > There's really just all. The main thing to understand how the network works > on L2 and L3 in OSI. And a bit network hardware knowledge. > > > > > Eliezer > > > > > ---- > > > Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> > <http://ngtech.co.il/lmgtfy/> > > > Linux System Administrator > > > Mobile: +972-5-28704261 > > > Email: elie...@ngtech.co.il <mailto:elie...@ngtech.co.il> > > > > > > > From: Yuri Voinov [mailto:yvoi...@gmail.com] > > > Sent: Monday, October 24, 2016 21:07 > > > To: Eliezer Croitoru <elie...@ngtech.co.il> > <mailto:elie...@ngtech.co.il> ; 'Garth van > Sittert | BitCo' > > > <ga...@bitco.co.za> <mailto:ga...@bitco.co.za> ; > squid-users@lists.squid-cache.org <mailto:squid-users@lists.squid-cache.org> > > Subject: Re: [squid-users] Squid with ASR9001 > > > > > > > No. > > > > > 24.10.2016 23:40, Eliezer Croitoru пишет: > > > > And why would you want this > > > exactly? > > > > > > The most simple thing is to use routing policy and > to monitor > > > the proxy in > > > > > > a much higher level then WCCP. > > > Based on my personal experience with WCCP (over 6 years). PBR > is VERY > > > router's CPU consumpted. > > > WCCP - is not (L2, not GRE. GRE performs on CPU, L2 on > control-plane and > > > hardware-accelerated). > > > > > However, using edge router for WCCP is not so good idea by > another reason. > > > It breaks good network architecture in most cases. I'm not > CCA, but ever for > > > me it's obvious. > > > > > So, underlying aggregations switches is more appropriate > target for WCCP, > > > because of they can be uses L2 WCCP - which is extremely > fast. > > > > > > For example fetch a web page or > > > a statistics page every 10 seconds. > > > > > > It’s considered pretty right in the industry. > > > > > > For routers it’s a whole another story but for a > rock solid > > > system I do not > > > > > > believe WCCP is a must. > > > Depending of router. Branch router must have. Just take a > look on whole > > > Cisco's router's range. Just for interest. > > > > > > Any juniper and Cisco + others > > > these days do not rely on WCCP since it’s > > > > > > considered a hassle to maintain. > > > Cats delicious. You just do not know how to cook them :) > > > > > WCCP is a very simple protocol. While there may be poorly > documented. There > > > is another problem - very few people well versed in > networking technologies, > > > few details delves into what makes. The vast majority simply > copy-paste > > > configs without a single thought in his head, not bothering > to understand. > > > > > What is there to maintain? Just configure it once and sit on > the ass > > > straight. > > > > > > > > Eliezer > > > > > > > > > > ---- > > > > > > Eliezer Croitoru > <http://ngtech.co.il/lmgtfy/> <http://ngtech.co.il/lmgtfy/> > > > <http://ngtech.co.il/lmgtfy/> <http://ngtech.co.il/lmgtfy/> > > > > > > Linux System Administrator > > > > > > Mobile: +972-5-28704261 > > > > > > Email: elie...@ngtech.co.il <mailto:elie...@ngtech.co.il> > <mailto:elie...@ngtech.co.il> <mailto:elie...@ngtech.co.il> > > > > > > > > > > > > > > From: squid-users > > > [mailto:squid-users-boun...@lists.squid-cache.org] On > > > > > > Behalf Of Yuri > > > > > > Sent: Monday, October 24, 2016 14:06 > > > > > > To: Garth van Sittert | BitCo > <ga...@bitco.co.za> <mailto:ga...@bitco.co.za> > > > <mailto:ga...@bitco.co.za> <mailto:ga...@bitco.co.za> ; > > > > > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > > <mailto:squid-users@lists.squid-cache.org> > <mailto:squid-users@lists.squid-cache.org> > > > > > > Subject: Re: [squid-users] Squid with ASR9001 > > > > > > > > > > Ha, it seems ASR9000 really does not support WCCP > exactly. > > > You right. > > > > > > > > > > WCCP supported on Nexus, on ASR1000... So, your > router only > > > can use PBR or > > > > > > analoquie. > > > > > > > > > > The only idea is to buy 3750 as aggregation > switch, config > > > WCCP on it and > > > > > > connect to your ASR by fiber trunk. > > > > > > 24.10.2016 16:30, Garth van Sittert | BitCo пишет: > > > > > > > > > > By Cisco employee - “Correct, there is no WCCP and > no plans > > > for it > > > > > > either... :(” > > > > > > > https://supportforums.cisco.com/discussion/12227051/ios-xr-and-wccp > > > > > > > > > > WCCP supported platforms – > > > > > > > > > > > https://supportforums.cisco.com/document/133201/wccp-platform-support-overv > > > i > > > > > > ew > > > > > > > > > > Our ASR9001 has no commands that support wccp > anywhere… > > > > > > > > > > > > > > > > > > > > > > > > > > Garth van Sittert | Chief Executive Officer > > > > > > (BSC Physics & Computer Science) > > > > > > Tel: 087 135 0000 Ext: 201 > > > > > > ga...@bitco.co.za <mailto:ga...@bitco.co.za> > <mailto:ga...@bitco.co.za> <mailto:ga...@bitco.co.za> > > > <mailto:ga...@bitco.co.za> <mailto:ga...@bitco.co.za> > <mailto:ga...@bitco.co.za> <mailto:ga...@bitco.co.za> > > > > > > bitco.co.za <http://www.bitco.co.za/> > <http://www.bitco.co.za/> > <http://www.bitco.co.za/> <http://www.bitco.co.za/> > > > > > > > > > > > > From: Yuri [mailto:yvoi...@gmail.com] > > > > > > Sent: Monday, 24 October 2016 12:12 PM > > > > > > To: Garth van Sittert | BitCo > <ga...@bitco.co.za> <mailto:ga...@bitco.co.za> > > > <mailto:ga...@bitco.co.za> <mailto:ga...@bitco.co.za> > > > > > > <mailto:ga...@bitco.co.za> <mailto:ga...@bitco.co.za> > <mailto:ga...@bitco.co.za> <mailto:ga...@bitco.co.za> ; > > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > > <mailto:squid-users@lists.squid-cache.org> > <mailto:squid-users@lists.squid-cache.org> > > > > > > <mailto:squid-users@lists.squid-cache.org> > <mailto:squid-users@lists.squid-cache.org> > > > <mailto:squid-users@lists.squid-cache.org> > <mailto:squid-users@lists.squid-cache.org> > > > > > > Subject: Re: [squid-users] Squid with ASR9001 > > > > > > > > > > > > > > > > > > 24.10.2016 13:16, Garth van Sittert | BitCo пишет: > > > > > > Yes, it looks like all of the ASR9000 range which > makes use > > > of IOS XR no > > > > > > longer supports WCCP. > > > > > > Please, provide prooflink from Cisco. > > > > > > > > > > > > > > > > > > Policy Based Routing has been replaced by ACL > Based > > > Forwarding or ABF. > > > > > > So? This is therminology difference, if any. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > From: squid-users > > > [mailto:squid-users-boun...@lists.squid-cache.org] On > > > > > > Behalf Of Yuri Voinov > > > > > > Sent: Sunday, 23 October 2016 9:35 PM > > > > > > To: squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > > <mailto:squid-users@lists.squid-cache.org> > <mailto:squid-users@lists.squid-cache.org> > > > > > > <mailto:squid-users@lists.squid-cache.org> > <mailto:squid-users@lists.squid-cache.org> > > > <mailto:squid-users@lists.squid-cache.org> > <mailto:squid-users@lists.squid-cache.org> > > > > > > Subject: Re: [squid-users] Squid with ASR9001 > > > > > > > > > > > > > > > > > > > > > > 23.10.2016 23:16, Garth van Sittert | BitCo пишет: > > > > > > > > > > > > > > > > > > > > > > > Good day all > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Has anyone had any experience setting > up Squid > > > with any IOS > > > > > > XR Cisco routers? The Cisco ASR9000 range > doesn’t > > > support WCCP > > > > > > and I cannot find any examples online. > > > > > > > > > > > > > > > > > > > > > > Seriously, the entire range? > > > > > > > > > > Who said that it does not support WCCP? It is > obligation to > > > support, if > > > > > > only because it is not a home dish soap. That's > when Cisco > > > write the > > > > > > documentation that does not support - and then we > cry. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I have also found quotes regarding PBR > on the > > > ASR9000… “With > > > > > > IOS XR traditional policy-based routing > (PBR) is > > > history” > > > > > > > > > > > > > > > > > > > > > > It's crazy city a forum talking about? PBR - is a > fundamental > > > functionality > > > > > > for the router. Especially for the router at this > level. I > > > somehow difficult > > > > > > to imagine a company that completely cuts down the > business > > > by releasing > > > > > > incompatible with what device. This is only > possible in the > > > OpenSource. But > > > > > > not in huge IT-business company. AFAIK. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I plan to use this on our 10Gbps ISP > traffic to > > > improve > > > > > > customer experience… > > > > > > > > > > > > > > > > > > > > > > There is no examples because the solutions of such > a level > > > rarely use > > > > > > Squid. Personally, I do not have a machine to play > and write > > > an example to > > > > > > Squid's wiki. As you know, Christmas is not the > wife of a > > > router is present > > > > > > as trinkets. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Garth > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > BitCo Email Footer > > > > > > > <https://www.google.co.za/maps/place/Wedgewood+Office+Park/@-26.04982,28.01 > > > > > > > 96914,17z/data=!3m1!4b1!4m5!3m4!1s0x142989bce6c63b3:0xc0b44878907297f4!8m2! > > > 3 > > > > > > d-26.04982!4d28.0218801> > > > > > > > <https://www.google.co.za/maps/place/Wedgewood+Office+Park/@-26.04982,28.01 > > > 9 > > > > > > > 6914,17z/data=%213m1%214b1%214m5%213m4%211s0x142989bce6c63b3:0xc0b448789072 > > > 9 > > > > > > 7f4%218m2%213d-26.04982%214d28.0218801> > > > > > > > > > > > > > > > > > > > The information contained in this > message is > > > intended solely > > > > > > for the individual to whom it is > specifically and > > > originally > > > > > > addressed. This message and its contents may > contain > > > confidential > > > > > > or privileged information from BitCo. If you > are not > > > the intended > > > > > > recipient, you are hereby notified that any > disclosure > > > or > > > > > > distribution, is strictly prohibited. If you > receive > > > this email in > > > > > > error, please notify BitCo immediately and > delete it. > > > BitCo does > > > > > > not accept any liability or responsibility > if action is > > > taken in > > > > > > reliance on the contents of this > information. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > > > > > > > > > > > > squid-users mailing list > > > > > > > > > > > > > > > > > > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > > <mailto:squid-users@lists.squid-cache.org> > <mailto:squid-users@lists.squid-cache.org> > > > > > > <mailto:squid-users@lists.squid-cache.org> > <mailto:squid-users@lists.squid-cache.org> > > > <mailto:squid-users@lists.squid-cache.org> > <mailto:squid-users@lists.squid-cache.org> > > > > > > > > > > > > > > > > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > > > > > > > > > <https://www.google.co.za/maps/place/Wedgewood+Office+Park/@-26.04982,28.01 > > > 9 > > > > > > > 6914,17z/data=%213m1%214b1%214m5%213m4%211s0x142989bce6c63b3:0xc0b448789072 > > > 9 > > > > > > 7f4%218m2%213d-26.04982%214d28.0218801> > > > > > > The information contained in this message is > intended solely > > > for the > > > > > > individual to whom it is specifically and > originally > > > addressed. This message > > > > > > and its contents may contain confidential or > privileged > > > information from > > > > > > BitCo. If you are not the intended recipient, you > are hereby > > > notified that > > > > > > any disclosure or distribution, is strictly > prohibited. If > > > you receive this > > > > > > email in error, please notify BitCo immediately > and delete > > > it. BitCo does > > > > > > not accept any liability or responsibility if > action is taken > > > in reliance on > > > > > > the contents of this information. > > > > > > > > > > > > > > > <https://www.google.co.za/maps/place/Wedgewood+Office+Park/@-26.04982,28.01 > > > 9 > > > > > > > 6914,17z/data=%213m1%214b1%214m5%213m4%211s0x142989bce6c63b3:0xc0b448789072 > > > 9 > > > > > > 7f4%218m2%213d-26.04982%214d28.0218801> > > > > > > The information contained in this message is > intended solely > > > for the > > > > > > individual to whom it is specifically and > originally > > > addressed. This message > > > > > > and its contents may contain confidential or > privileged > > > information from > > > > > > BitCo. If you are not the intended recipient, you > are hereby > > > notified that > > > > > > any disclosure or distribution, is strictly > prohibited. If > > > you receive this > > > > > > email in error, please notify BitCo immediately > and delete > > > it. BitCo does > > > > > > not accept any liability or responsibility if > action is taken > > > in reliance on > > > > > > the contents of this information. > > > > > > > - -- Cats - delicious. You just do not know how to cook them. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYDoYZAAoJENNXIZxhPexGNHcIAJUWBGZF+aEfA8V0FMWVJgJn LfxfyTdtTqBQYeY+/mJzpoGZRul7SHiaJ98cFc6b30oDXQoPu6L5Url5ueBicqPK QhTJxnAtWdl3UNy4sxTcYg646Zy9FLXbwloblE9ATn3Q2/Kkj6s4vy+kVy88pgmY 0txDr+K7UdUowhIJzPMSsCLHcNquXHvpIJeZA13TLTzxwAtUWbIioyG+S1Z3aqWy uHpKBRSx/Ei8Keg1XaDF82QzOnG2uSMU7fcYc6wDYCfN+6MwZoNOqbCoD/69krpV is4z7bJrlma8hr4Z0KzhNgNYZDowFoGdtG5UY484nTghsyGoot3TgR3aedxMguI= =5MI8 -----END PGP SIGNATURE-----
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
