Application Delivery (ADX)

Reply
N/A
Posts: 1
Registered: ‎01-06-2013

Client Spoofing problem on TCS

I´m trying to deploy a ServerIron XL 450 to replace old Cisco CSS and a faulty ACE but I´m facing an strange problem.

These Switches are used to redirect HTTP traffic to a cache farm with client IP address being reflected by the caches.

I was able to redirect traffic using ServerIron but when I activate IP Reflection on my caches traffic stops. I´ve tried many topologies (spoof-support is enabled) but when I check for spoofed traffic on show cache-group it is always 0. It goes fine when IP reflection is off.

I´ve tried using Router and Switch firmware.

Here is my actual settings:

!Building configuration...

!Current configuration : 3219 bytes

!

ver 10.2.01TD4

!

module 1 bi-0-port-wsm6-management-module

module 2 bi-jc-16-port-gig-copper-module

module 3 bi-jc-16-port-gig-copper-module

!

global-protocol-vlan

!

session sync-update

!

server force-cache-rehash

no server l4-check

server port 80

session-sync

tcp

!

url-map policyA

default 0

!

url-map policyB

default 20

!

url-map policyC

default 30

!

url-map policyZ

default 99

!

context default

!

server cache-name Transparent_Cache1 10.60.60.101

asymmetric

port http

port http url "HEAD /"

port http l4-check-only

port http group-id  20 20

!

server cache-name Bypass 10.5.5.1

port http

port http url "HEAD /"

port http group-id  99 99

!

server cache-group 1

filter-acl 101

cache-name Transparent_Cache1

cache-name Bypass

url-host-id "*youtube.com" "policyB"

url-map policyZ

url-switch

fw-health-check icmp 5

vlan 1 name DEFAULT-VLAN by port

router-interface ve 1

!

vlan 222 by port

untagged ethe 2/2 to 2/3

router-interface ve 10

!

vlan 333 by port

untagged ethe 2/4 to 2/5

router-interface ve 20

!

aaa authentication web-server default local

aaa authentication enable default local

aaa authentication login default local

aaa authentication login privilege-mode

enable telnet authentication

enable aaa console

hostname SI-1

ip l4-policy 1 cache tcp http global

ip route 0.0.0.0 0.0.0.0 10.5.5.1

ip route 187.94.194.0 255.255.255.0 10.73.73.2

!

telnet server

username admin password .....

username conecta password .....

username armando password .....

snmp-server

!

interface ethernet 2/1

port-name Mgmt

!

interface ve 1

ip address 10.5.5.123 255.255.255.0

!

interface ve 10

ip address 10.60.60.1 255.255.255.0

!

interface ve 20

ip address 10.73.73.101 255.255.255.0

!

access-list 101 permit tcp any any

!

I´d be really thankful if anyone could help me.

Best regards,

Armando Imbroisi

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook