oops/INSTALL at master · stiletto/oops · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
What you will need:

BerkeleyDB (www.sleepycat.com)
flex (ftp.gnu.org/pub/gnu/non-gnu/flex)


General procedure:

1) ./configure

2) make install

3) cd /usr/local/oops (or whatever you choose with --prefix= during configure)

4) vi oops.cfg - change settings (nameservers, path to storages, acl, peers,...)

5) ./oops -z -c oops.cfg - format storages.

6) ./oops -c oops.cfg    - run proxy


If you use regexes extensively in your oops config files, we recommended to
compile oops with --with-regexp=pcre to speed it up.
The latest release of PCRE is always available from
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.tar.gz

WARNING!!!!: If you upgrade from version prior to 1.5.0 to any later -
reformat your storages and remove database files. Format of data on disk
changed.

Known problems:

1) linux - Don't use MIT_PTHREADS. Use LinuxThreads and glibc later
   than 2.0.7-19. Wrong thread library manifest itself in broken
   connections.
   Latest RedHat comes with right libraries. If you
   have any info re other Linux distributions, please, send me info.

   Linux Slackware older than 4.0. OOPS require to reinstall BerkeleyDB library.

2) FreeBSD - don't use old libdb which is supplied with new FreeBSD (3.x) -
   use DB from Sleepycat.
   This programm can hang under old versions of FreeBSD (prior to 3.3)

3) Solaris: WS 5.0, Forte 6 - if you use GigaBASE, you MUST compile it with
   -compat=4 compiler option.
   We tested Oops with SUN Forte C++ 6 Update 1 (+ last fixes) compiler.


To build FreeBSD port use next configure options:

./configure --sbindir=/usr/local/sbin --sysconfdir=/usr/local/etc/oops
	    --localstatedir=/var/run --libdir=/usr/local/libexec/oops

Then: executables oops and oopsctl will be in /usr/local/sbin,
oops.cfg, tables, templates, rules will be in /usr/local/etc/oops,
oops.pid in /var/run,
modules in /usr/local/etc/oops,
in /usr/local/oops you will have directories logs/, storages/, DB/


Config for WCCP2.
----------------

1. Set up oops for transparent operation.
   Checklist:
	enable redir_mods transparent for desired group
	enable and configure module transparent
	enable and configure module wccp2

   Example:
	group myusers {
		networks 10/8 127/8;
		...
		redir_mods transparent;
	}

	module transparent {
	#
	#       myport must be consistent with rules for ipfilter
	#	i.e. all packets must be forwarded by firewall to this
	#	"myport"
	#
		myport	80
	}
	module wccp2 {
		identity write_your_ip_here
		service-group web-cache
        	router 10.0.0.1
	}
}

2. Setup firewall on your proxy machine for forwarding packets to proxy.
   This depends on your firewall. You can use Squid recomendations:
   http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#trans-freebsd

   If needed - set up proper gre driver. Driver for FreeBSD 4.x you can find
	direcory contrib.

   Solaris 8 notes: you should install ip_filter 3.4.20 and apply patch to
   sources, then install gre driver. Read instructions in README from the
   contrib/sol8_gre.tar.gz

3. Setup your Cisco router
   In the simpliest case:

   (config)# ip wccp web-cache
   (config)# interface FastEthernet0/1
   (config)# ip wccp web-cache redirect out
   (config)# ^Z

   Note, here FastEthernet0/1 is your interface to the world (e.g.
   all outgoing traffic go via this interface)

4. Start oops.
   In several seconds on Cisco you should see

    CS#sh ip wccp web-cache detail
    WCCP Cache-Engine information:
        IP Address:            10.0.0.2
        Protocol Version:      2.0
        State:                 Usable
        Initial Hash Info:     00000000000000000000000000000000
                               00000000000000000000000000000000
        Assigned Hash Info:    FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
                               FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
        Hash Allotment:        256 (100.00%)
        Packets Redirected:    8982
        Connect Time:          00:00:10

    CS#sh ip wccp web-cache view
        WCCP Routers Informed of:
        10.0.0.1

        WCCP Cache Engines Visible:
        10.0.0.2

        WCCP Cache Engines NOT Visible:
        -none-

5. If something not works.
   Check that you point out correct ip address for router(s).
   If not helps - try to run tcpdump...

Useful links:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/fcprt3/fcd305.htm
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/webcache/ce20/ver20/wc20wcc2.htm#xtocid508575

Config for NETFLOW.
------------------

Setup for netflow is easy. You have to set up collector (cflow, flowtools,
any other), set it to collect netflow version 5 records.

If you need ASNs in your records then you have to supply netflow module
with special file which contain route prefixes and ASNs
This file looks like this

3.0.0.0/24 80
4.0.0.0/24 3356
4.17.225.0/24 6496
4.17.226.0/23 6496
...
221.228.0.0/14 4134
221.232.0.0/14 4134
221.240.0.0/12 17506
222.0.0.0/16 2516
222.1.0.0/16 4732
222.16.0.0/16 4538
222.17.0.0/16 4538

This file at the time of writing (Nov 2003) contain near 128000 lines.

To build such file you have to have full internet routing table on your
router.

You can periodically update this file as routing change. The only important
thing - updates visible to the module must be atomic. Module must see
complete file, not updates in progress. You have to create complete new
file, then remove old file then rename new file to proper name.