PBR for redirecting HTTP Traffic

Unanswered Question
Jan 7th, 2010

Hi Gurus,

Can you pls. check if this is correct, i want to redirect http request to my L4 and caching servers.


access-list 110 deny   tcp any any neq www
access-list 110 deny   tcp host 202.X.X.2 any
access-list 110 permit tcp any anywww any


route-map HTTP-TRAFFIC permit 10
match ip address 110
set interface GigabitEthernet4/1
set ip next-hop 202.X.X.2

interface FastEthernet3/4
description **To Test Client**
ip address 202.x.x.13 255.255.255.248
ip policy route-map HTTP-TRAFFIC
end

tia

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Thu, 01/07/2010 - 04:01

Hello Jepoy,

configuration looks like correct, but I would suggest you to investigate also WCCP if supported on your router and on the cache engine.

It is a more specific tool for diverting HTTP traffic to web cache and allows router to detect web cache failures

Hope to help

Giuseppe

Marwan ALshawi Thu, 01/07/2010 - 04:04

change your conifg to be like bellow:

use one of the following lines only

if you want to consider http reply ( almost this wil be from the web server to the requesting client )

access-list 101 permit tcp any eq www any

if you want http request use:

access-list 101 permit tcp any any eq www


route-map HTTP-TRAFFIC permit 10
match ip address 101
set ip next-hop 202.X.X.2

about the interface:

yo need to apply it to the inbound interface ( the interface where the traffic sourced from )

i think you were using the exit interface and in this case will not work

good luck

if helpful Rate

jeffersoncbriones Thu, 01/07/2010 - 17:28

Hi guys,

My first setup would be like this

clients---6500 --- redirecting http request ---- L4 switch --- cascading caching servers

Im not seeing any packet counters on my route-map. I want to check if theres a problem on my pbr or on the L4. The route-policy is applied ingress coming from my clients. Also can the route-map also applies to vlan interface?

6500#sh access-lists 110
Extended IP access list 110
    deny tcp any any neq www (18 matches)
    deny tcp host 202.x.x.2 any
    permit tcp any any

6500#sh route-map HTTP-TRAFFIC
route-map HTTP-TRAFFIC, permit, sequence 10
  Match clauses:
    ip address (access-lists): 110
  Set clauses:
    interface GigabitEthernet4/1
    ip next-hop 202.x.x.2
  Policy routing matches: 0 packets, 0 bytes

If i use wccp then do i need to use the L4? or may be the L4 would be use for the wccp, any suggestions?

tia.

Jeff

Giuseppe Larosa Fri, 01/08/2010 - 02:47

Hello Jepoy,

Marwan is right: the PBR has to be applied inbound on client vlans, anyway  on interface(s) that receives traffic to be redirected.

clients---6500 --- redirecting http request ---- L4 switch --- cascading caching servers

has to be:

clients--PBR -6500 --- ---- L4 switch --- cascading caching servers

about WCCP : you need to verify that web engines support it and yes it is an alternative to the use of the L4-L7 switch load balancer

Hope to help

Giuseppe

Actions

This Discussion