Verification of Transparent cache configuration

Answered Question
Mar 12th, 2008
User Badges:

I would like to load balancing a web cache server.

whenever a client connect to http, the traffic reached a MSFC,

the MSFC check dst:0.0.0.0:80, and then forwarding to ACE?

the flow right? It just check only a http to redirect cache!


So I made a configuration like below.

------------------------------------------------


access-list anyone line 10 extended permit ip any any

access-list anyone line 20 extended permit igmp any any

access-list anyone line 30 extended permit icmp any any

access-list anyone line 40 extended permit pim any any


rserver host Cache_1

ip address 192.168.2.10

inservice


rserver host Cache_2

ip address 192.168.2.11



serverfarm host CACHES

transparent

predictor hash url

rserver linux1

inservice

rserver linux1-24

inservice

!

class-map match-all VIP-TCP80

2 match virtual-address 0.0.0.0 0.0.0.0 tcp eq www


class-map type management match-any remote_access

2 match protocol telnet any

3 match protocol icmp any

4 match protocol http any

5 match protocol https any



policy-map type loadbalance first-match SF-CACHES

class class-default

serverfarm CACHES


policy-map multi-match SLB-CACHES

class VIP-TCP80

loadbalance vip inservice

loadbalance policy SF-CACHES


interface vlan 20

description From_Client

ip address 192.168.1.2 255.255.255.0

access-group input anyone

access-group input PERMIT-ANY

service-policy input remote_mgmt_allow

service-policy input SLB-CACHES

no shutdown


inter vlan 30

description From_Server

ip address 192.168.2.1 255.255.255.0

service-policy input remote_mgmt_allow

no shutdown






Correct Answer by Gilles Dufour about 9 years 2 weeks ago

this looks good to me.

Except you should configure an access-group input on interface vlan 30 to allow traffic from the cache.


Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Gilles Dufour Thu, 03/13/2008 - 01:03
User Badges:
  • Cisco Employee,

this looks good to me.

Except you should configure an access-group input on interface vlan 30 to allow traffic from the cache.


Gilles.

Actions

This Discussion