07-18-2003 09:40 AM
Hello:
I need configure IP Spoofing, and me scheme the configuration is:
Transparent mode with CSS (or Switch Catalyst 6500 w/CSM module) and one Cache 7320.
There is some way for do its, how is?
Thanks you.
Guillermo
07-20-2003 01:42 AM
I did it with a CSS.
So it is feasible.
client --- router1 --- CSS---- Router2 -- Internet
|
cache
since you want to do ip spoofind on the cache, you need the clients to be 1 hop away from the CSS (so router1) and you need traffic from cache to internet to use another router (so router2).
This is required so the CSS knows what to do with the response from the server to the client ip address.
(one time sent to cache and one time sent to client).
On the CSS you need the following static routes
ip route
ip route
ip route 0.0.0.0 0.0.0.0
Then create the service :
service cache
ip address x.x.x.x
type transparent
active
Then the rule
owner mycompany
content cache
proto tcp
port 80
add service cache
active
Finally, you need an acl to avoid redirecting traffic from the cache
acl 1
clause 20 bypass any any destination any
apply circuit(VLAN
acl 2
clause 80 permit any any destination any
apply circuit(VLAN
With a CSM, it should be possible as well with less restrictions
+-------------+
client ---|-MSFC----csm-|--vlan
+-----------|-+
|<-----Vlan
cache
mod csm
vlan
vlan
gateway x.x.x.x
vlan
serverfarm cache
no nat client
no nat server
real
x.x.x.x
inservice
!
serverfarm route
no nat client
no nat server
predictor forward
!
vserver tocache
virtual 0.0.0.0 /0 tcp 80
vlan x
vlan y
serverfarm cache
inservice
vserver fromcache
virtual 0.0.0.0 /0 any
serverfarm route
vlan
inservice
!
Regards,
Gilles.
07-21-2003 04:23 AM
Hello, Gilles:
Thank you, for all your information.
Is it possible, with it scheme?
client ---- router ------ Internet
|
CSS (or CSM)
| |
cache1 cache2
The router will have two vlan againt the CSS (one for return internet from the cache, and other for redirection of the packets from the client).
I need that the CSS work balancing on either Cache's (with the application of IP Spoofing between they).
Thank you.
Guillermo.
07-21-2003 05:15 AM
Guillermo,
the problem with ip spoofing is that the Cache will use the ip address of the client as source.
So, the server response will go back to the client ip address.
When the response gets to the router, it will see that it is directly connected to the client and will forward the response there bypassing the cache/CSS and the client will not accept understand this response.
You could use policy routing to redirect the http response to the CSS (on another vlan otherwise it will still not work) but be carefull about the performance of the box when using policy routing.
It's much better to have 2 routers.
Gilles.
07-21-2003 05:40 AM
Sorry, the scheme is:
client ---- router ------ Internet
.................. |
................ CSS (or CSM)
................ |.......... |
............ cache1.. cache2
And:
Client------- Router------CSS------Router------Internet
.........................................|
.....................................cache
Can here applicated Ip spoofing?
Thank you.
Guillermo.
07-22-2003 04:17 AM
Hello:
With CSM module in Catalyst 6500 and Cache 7320 (mode transparent)
how enable and configured IP Spoofing in both?
I only know the command "wccp spoof-client-ip enable", for cache; but that configuration have do in the Catalyst.
Client----Router------CSM--------Router-------Internet
.......................................|
..................................cache
Client-------Router------------Internet
.........................|
......................CSM
.........................|
.....................cache
Thank you
Guillermo.
07-22-2003 07:51 AM
you enable ip spoofing on the cahce with the command you gave : "wccp spoof-client-ip enable"
It works even if you don't use wccp.
On the CSS, you define the cache as a service with 'type transparent-cache'.
If using a CSM, you define a serverfarm with 'no nat client' and 'no nat server'
Once again, I think in term of design you need 2 separate routers.
Gilles.
07-22-2003 08:09 AM
I don´t understand if I need to configure WCCP in any of the routers or only configuring WCCP SPOOF-CLIENT-IP ENABLE in the cache is enough.
Thank you very much for your help.
Guillermo
07-23-2003 01:15 AM
do not configure WCCP.
It is not required.
Just use the command 'wccp spoof-client-ip' on the cache.
Gilles.
07-23-2003 04:19 AM
With the Catalyst 6500 w/csm module I need two Routers (1-Client and 1-Internet), or is possible other scheme.
In the Catalyst not have that configure acl, and static route; or have that configure the same that in the CSS.
How configure if I have two or more CACHE and I need balance between they.
Guillermo.
07-23-2003 05:15 AM
with a cat6500 and a csm and a msfc, this is possible to do this.
+----------------+
client --| MSFC --- CSM --|----- Internet
+-----------|----+
|
Cache
on MSFC
-------
vlan 10 --> client
vlan 20 --> msfc/csm
On CSM
-------
vlan 20
vlan 30 -> internet
vlan 40 -> Cache
The config of the CSM should be
mod csm slot
vlan 20 client
ip x.x.x.x
route ....
vlan 30 server
ip x.x.x.x
gateway ....
vlan 40 server
ip x.x.x.x
!
serverfarm Caches
no nat client
no nat server
real x.x.x.x
inservice
real x.x.x.x
inservice
!
serverfarm route
no nat client
no nat server
predictor forward
!
vserver bypass
virtual 0.0.0.0/0
vlan 20
serverfarm route
inservice
!
vserver cacheme
virtual 0.0.0.0 /0 tcp 80
vlan 20
serverfarm Caches
inservice
!
vserver response
virtual 0.0.0.0/0
vlan 30
serverfarm Caches
inservice
!
vserver fromcache
virtual 0.0.0.0/0
vlan 40
serverfarm route
inservice
!
Something like this should work.
Gilles.
07-28-2003 11:42 AM
Gilles.
Thank you for all information, it was very good. I probe it and solve the problem, but now need connected two or more CACHE with one CSS, and I don't can make correctly.
How redirected the traffic from Internet the CACHE that make the request, and not the other cache?
I use static route with one Cache, OK (example, the config send for you); but with more cache. How? (in one CSS).
Guillermo.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: