Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Load-balancing of transparent cache + IP spoofing + RTSP + MMS not working

We have already in production an architecture with load-balancing of

transparent cache + ip spoofing.

We are unable to do the same for streaming flows (MMS and RTSP).

We are doing PBR from our core network (2 * C6K) to redirect port 80, 554 and

1755 toward CSS boxes, same in our access router (2* Ciso7200).

In this config desired flows are redirected toward the CSS.

Then CSS should load balance the traffic toward our BlueCoat proxy-cache farm.

It's working fine for HTTP but we are unable to make it works for MMS and

RTSP.

Note that we are requiered to use ECMP to perform IP Spoofing on the CSS, meaning we need 4 routes for each client subnet (one route toward upstream C6K, and 3 routes for each proxy cache). We use acl to get rid off looping condition.

Anyone who has already put in place Load-balancing of Streaming transparent cache + IP spoofing could give us some hint.

Many thanks.

Regards,

Pierre Viennet

3 REPLIES
Cisco Employee

Re: Load-balancing of transparent cache + IP spoofing + RTSP + M

Pierre,

the problem with streaming is that 554 is the control channel [similar to FTP control channel].

The client and server negotiate udp ports for sending the data.

So, your PBR solution would have to intercept the UDP traffic as well and since you don't know which port will be used, I don't see how this can work.

You can always force a client to use TCP instead of UDP and a specific port, but I don't know if you control all the clients.

You can verify this by capturing a sniffer trace.

Regards,

Gilles.

Thanks for rating this answer.

New Member

Re: Load-balancing of transparent cache + IP spoofing + RTSP + M

Gilles, thanks for your input.

Here where we are at with streaming implementation:

- HTTP on all type off client is working

- RTSP: TCP 554 with Real Media client is working

- RTSP: TCP 554 with WMP not working, but it's due to a bug in Bluecoat implementation, the proxy send an error when he see a request with ( User-Agent: WMPlayer ) for RTSP content.

- MMS: TCP 1755 not working with IP spoofing enable on the proxy but OK without IP spoofing...

- UDP 554: not working

- UDP 1755: not working

I fully understand the limitation for UDP traffic.

But I don't see why it's not working for MMS over TCP traffic.

Note that I have the exact same configuration for RTSP and MMS.

Why is it not working for MMS with IP spoofing? Are you aware of a difference on the way CSS handle MMS flows? or a specificity of the MMS protocol?

Below what we can see on the different equipement when trying to launch a MMS over TCP Stream:

c6k-Faaa#sh mls ip source 195.83.182.72

Displaying Netflow entries in Supervisor Earl

DstIP SrcIP Prot:SrcPort:DstPort Src i/f:AdjPtr

--------------------------------------------------------------------

Pkts Bytes Age LastSeen Attributes

---------------------------------------------------

202.3.225.5 195.83.182.72 tcp :1755 :1504 0 : 0

3 124 17 18:58:12 L3 - Dynamic

202.3.225.5 195.83.182.72 tcp :1755 :1527 0 : 0

2 84 3 18:58:20 L3 - Dynamic

202.3.225.5 195.83.182.72 tcp :554 :1503 0 : 0

4 360 17 18:58:06 L3 - Dynamic

c6k-Faaa#

CSS11503_CORE1# sho flows 202.3.225.5 | grep 1755

202.3.225.5 38531 195.83.182.72 1755 0.0.0.0 TCP

2/3 2/1

202.3.225.5 1527 195.83.182.72 1755 195.83.182.72 TCP

2/7 2/3

CSS11503_CORE1# sho flows 202.3.225.5 | grep 1755

202.3.225.5 38531 195.83.182.72 1755 0.0.0.0 TCP

2/3 2/1

202.3.225.5 1527 195.83.182.72 1755 195.83.182.72 TCP

2/7 2/3

CSS11503_CORE1# sho flows 202.3.225.5 | grep 1755

202.3.225.5 38531 195.83.182.72 1755 0.0.0.0 TCP

2/3 2/1

202.3.225.5 1527 195.83.182.72 1755 195.83.182.72 TCP

2/7 2/3

CSS11503_CORE1#

TCP 192.168.4.19:1491 195.83.182.72:554 TIME_WAIT

TCP 192.168.4.19:1492 195.83.182.72:554 TIME_WAIT

TCP 192.168.4.19:1493 195.83.182.72:1755 TIME_WAIT

TCP 192.168.4.19:1502 195.83.182.72:554 TIME_WAIT

TCP 192.168.4.19:1503 195.83.182.72:554 TIME_WAIT

TCP 192.168.4.19:1504 195.83.182.72:1755 TIME_WAIT

TCP 192.168.4.19:1525 195.83.182.72:554 TIME_WAIT

TCP 192.168.4.19:1526 195.83.182.72:554 TIME_WAIT

TCP 192.168.4.19:1527 195.83.182.72:1755 TIME_WAIT

Many Thanks for your input.

Pierre Viennet.

Cisco Employee

Re: Load-balancing of transparent cache + IP spoofing + RTSP + M

Pierre,

I do not think the CSS is to blame here.

For the CSS, RTSP & MMS are treated the same way - that is as simple TCP connection.

The CSS is not aware this is RTSP or MMS.

Since in non-spoofing more it works but not in spoofind mode, I would say the problem is the data channel that is not caught by your PBR rules and therefore the traffic does not make it back to the cache.

Try to sniff such a session and see what is going on.

Gilles.

568
Views
4
Helpful
3
Replies
CreatePlease login to create content