What you will need: BerkeleyDB (www.sleepycat.com) flex (ftp.gnu.org/pub/gnu/non-gnu/flex) General procedure: 1) ./configure 2) make install 3) cd /usr/local/oops (or whatever you choose with --prefix= during configure) 4) vi oops.cfg - change settings (nameservers, path to storages, acl, peers,...) 5) ./oops -z -c oops.cfg - format storages. 6) ./oops -c oops.cfg - run proxy If you use regexes extensively in your oops config files, we recommended to compile oops with --with-regexp=pcre to speed it up. The latest release of PCRE is always available from ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-xxx.tar.gz WARNING!!!!: If you upgrade from version prior to 1.5.0 to any later - reformat your storages and remove database files. Format of data on disk changed. Known problems: 1) linux - Don't use MIT_PTHREADS. Use LinuxThreads and glibc later than 2.0.7-19. Wrong thread library manifest itself in broken connections. Latest RedHat comes with right libraries. If you have any info re other Linux distributions, please, send me info. Linux Slackware older than 4.0. OOPS require to reinstall BerkeleyDB library. 2) FreeBSD - don't use old libdb which is supplied with new FreeBSD (3.x) - use DB from Sleepycat. This programm can hang under old versions of FreeBSD (prior to 3.3) 3) Solaris: WS 5.0, Forte 6 - if you use GigaBASE, you MUST compile it with -compat=4 compiler option. We tested Oops with SUN Forte C++ 6 Update 1 (+ last fixes) compiler. To build FreeBSD port use next configure options: ./configure --sbindir=/usr/local/sbin --sysconfdir=/usr/local/etc/oops --localstatedir=/var/run --libdir=/usr/local/libexec/oops Then: executables oops and oopsctl will be in /usr/local/sbin, oops.cfg, tables, templates, rules will be in /usr/local/etc/oops, oops.pid in /var/run, modules in /usr/local/etc/oops, in /usr/local/oops you will have directories logs/, storages/, DB/ Config for WCCP2. ---------------- 1. Set up oops for transparent operation. Checklist: enable redir_mods transparent for desired group enable and configure module transparent enable and configure module wccp2 Example: group myusers { networks 10/8 127/8; ... redir_mods transparent; } module transparent { # # myport must be consistent with rules for ipfilter # i.e. all packets must be forwarded by firewall to this # "myport" # myport 80 } module wccp2 { identity write_your_ip_here service-group web-cache router 10.0.0.1 } } 2. Setup firewall on your proxy machine for forwarding packets to proxy. This depends on your firewall. You can use Squid recomendations: http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#trans-freebsd If needed - set up proper gre driver. Driver for FreeBSD 4.x you can find direcory contrib. Solaris 8 notes: you should install ip_filter 3.4.20 and apply patch to sources, then install gre driver. Read instructions in README from the contrib/sol8_gre.tar.gz 3. Setup your Cisco router In the simpliest case: (config)# ip wccp web-cache (config)# interface FastEthernet0/1 (config)# ip wccp web-cache redirect out (config)# ^Z Note, here FastEthernet0/1 is your interface to the world (e.g. all outgoing traffic go via this interface) 4. Start oops. In several seconds on Cisco you should see CS#sh ip wccp web-cache detail WCCP Cache-Engine information: IP Address: 10.0.0.2 Protocol Version: 2.0 State: Usable Initial Hash Info: 00000000000000000000000000000000 00000000000000000000000000000000 Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Hash Allotment: 256 (100.00%) Packets Redirected: 8982 Connect Time: 00:00:10 CS#sh ip wccp web-cache view WCCP Routers Informed of: 10.0.0.1 WCCP Cache Engines Visible: 10.0.0.2 WCCP Cache Engines NOT Visible: -none- 5. If something not works. Check that you point out correct ip address for router(s). If not helps - try to run tcpdump... Useful links: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/fcprt3/fcd305.htm http://www.cisco.com/univercd/cc/td/doc/product/iaabu/webcache/ce20/ver20/wc20wcc2.htm#xtocid508575 Config for NETFLOW. ------------------ Setup for netflow is easy. You have to set up collector (cflow, flowtools, any other), set it to collect netflow version 5 records. If you need ASNs in your records then you have to supply netflow module with special file which contain route prefixes and ASNs This file looks like this 3.0.0.0/24 80 4.0.0.0/24 3356 4.17.225.0/24 6496 4.17.226.0/23 6496 ... 221.228.0.0/14 4134 221.232.0.0/14 4134 221.240.0.0/12 17506 222.0.0.0/16 2516 222.1.0.0/16 4732 222.16.0.0/16 4538 222.17.0.0/16 4538 This file at the time of writing (Nov 2003) contain near 128000 lines. To build such file you have to have full internet routing table on your router. You can periodically update this file as routing change. The only important thing - updates visible to the module must be atomic. Module must see complete file, not updates in progress. You have to create complete new file, then remove old file then rename new file to proper name.