Application Delivery (ADX)

Reply
N/A
Posts: 1
Registered: ‎01-06-2013

Client Spoofing problem on TCS

I´m trying to deploy a ServerIron XL 450 to replace old Cisco CSS and a faulty ACE but I´m facing an strange problem.

These Switches are used to redirect HTTP traffic to a cache farm with client IP address being reflected by the caches.

I was able to redirect traffic using ServerIron but when I activate IP Reflection on my caches traffic stops. I´ve tried many topologies (spoof-support is enabled) but when I check for spoofed traffic on show cache-group it is always 0. It goes fine when IP reflection is off.

I´ve tried using Router and Switch firmware.

Here is my actual settings:

!Building configuration...

!Current configuration : 3219 bytes

!

ver 10.2.01TD4

!

module 1 bi-0-port-wsm6-management-module

module 2 bi-jc-16-port-gig-copper-module

module 3 bi-jc-16-port-gig-copper-module

!

global-protocol-vlan

!

session sync-update

!

server force-cache-rehash

no server l4-check

server port 80

session-sync

tcp

!

url-map policyA

default 0

!

url-map policyB

default 20

!

url-map policyC

default 30

!

url-map policyZ

default 99

!

context default

!

server cache-name Transparent_Cache1 10.60.60.101

asymmetric

port http

port http url "HEAD /"

port http l4-check-only

port http group-id  20 20

!

server cache-name Bypass 10.5.5.1

port http

port http url "HEAD /"

port http group-id  99 99

!

server cache-group 1

filter-acl 101

cache-name Transparent_Cache1

cache-name Bypass

url-host-id "*youtube.com" "policyB"

url-map policyZ

url-switch

fw-health-check icmp 5

vlan 1 name DEFAULT-VLAN by port

router-interface ve 1

!

vlan 222 by port

untagged ethe 2/2 to 2/3

router-interface ve 10

!

vlan 333 by port

untagged ethe 2/4 to 2/5

router-interface ve 20

!

aaa authentication web-server default local

aaa authentication enable default local

aaa authentication login default local

aaa authentication login privilege-mode

enable telnet authentication

enable aaa console

hostname SI-1

ip l4-policy 1 cache tcp http global

ip route 0.0.0.0 0.0.0.0 10.5.5.1

ip route 187.94.194.0 255.255.255.0 10.73.73.2

!

telnet server

username admin password .....

username conecta password .....

username armando password .....

snmp-server

!

interface ethernet 2/1

port-name Mgmt

!

interface ve 1

ip address 10.5.5.123 255.255.255.0

!

interface ve 10

ip address 10.60.60.1 255.255.255.0

!

interface ve 20

ip address 10.73.73.101 255.255.255.0

!

access-list 101 permit tcp any any

!

I´d be really thankful if anyone could help me.

Best regards,

Armando Imbroisi

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.