Configuring L4 Switch for Redirection Ver.4.1

Transcription

1 JAG C TB L4Switch v4.1e Configuring L4 Switch for Redirection Ver.4.1 Technical Brief When JAGUAR operates in Transparent Mode or Hidden Mode, L4 Switch or PBR (Policy Based Routing) of L3 Router is used normally to redirect HTTP Traffic to the JAGUAR. Configurations of various L4 Switches and L3 Routers are described in this Technical Brief. What is Transparent Mode? In Transparent mode, by using L4 Switch, a user s web browser does not require additional Explicit Proxy configuration to redirect client s web request traffic to a JAGUAR. As a One-Way Redirection method, the packet sent to OCS (Original Contents Server) from a client redirects to a JAGUAR is redirected to a JAGUR communicates with OCS by its own IP. It will be useful under Asymmetric Routing environment and easy to implement. Figure 1 1

2 What is Hidden Mode? In Hidden mode, by using L4 Switch, a user s web browser does not require additional Explicit Proxy configuration to redirect client s web request traffic to a JAGUAR as well as Transparent mode. As a Two-way Redirection method, the packet sent to OCS (Original Contents Server) from a client is redirected to a JAGUAR, and the JAGUAR communicates with OCS by the client s IP not its own IP. Therefore, a returned packet from OCS has to be redirected to JAGUAR by L4 Switch as well. It should be implemented under Symmetric Routing environment and could not be configured under Asymmetric Routing environment. Figure 2 Following L4 Switch and L3 Router PBR Configurations are covered in this Technical Brief. 1. Brocade ServerIron 2. Nortel Alteon 3. Nortel Router 4. ArrowPoint 5. Extreme 6. Piolink 7. F5 Big-IP 8. Juniper Router 9. Cisco Router 10. Cisco Router with ACE 2

3 1. Brocade [top] Configuring Brocade ServerIron Layer 4 Switch - Serial Cable Connecting Brocade uses console serial cable made of Roll-over cable like Cisco, so compatible with Cisco Console cable. - Console Port Settings Figure or any later software version is required for Foundry Switch. Or visit below site to purchase it to update by yourself. Foundry Switch uses Global or Local Redirection policy for cache in transparent mode. Global: Redirect traffic which comes from devices that are linked to all ports of Switch. Local: Redirect traffic only which goes to an applied Local policy port. - Network Diagram Figure 4 3

4 1) Basic Configuration Assign IP Address, Gateway, and Subnet mask to Switch. ServerIron> en ServerIron# config t ServerIron(config)# ip address ServerIron(config)# ip default-gateway ) Configuring for JAGUAR Transparent Mode Global Setting: ServerIron(config)# ip policy 1 cache tcp 80 global [Note: Numbers between 1 and 64 are used for Policy Number.] ServerIron(config)# server cache-name jaguar ServerIron(config-rs-cacheflow1)# exit ServerIron(config)# server cache-group ServerIron(config-tc-1)# cache-name jaguar1 ServerIron(config-tc-1)# exit ServerIron(config)# interface ethernet 2 ServerIron(config-if-1)# no cache-group 1 Redirect Destination Port 80 in all interfaces One or more caches Create cache server group Assign cache name to the cache group Configure ethernet interface 2 Except it from Redirection Policy ServerIron(config)# interface ethernet 4 ServerIron(config-if-6)# no cache-group 1 ServerIron(config-if-6)# exit ServerIron(config)# exit ServerIron# write mem configure ethernet interface 4 Except it from Redirection Policy Save configuration Local Setting: ServerIron(config)# ip policy 1 cache tcp http local Redirect Destination Port 80 in a specific interface ServerIron(config)# server cache-name jaguar One or more caches ServerIron(config-rs-cacheflow)# server cache-group Create cache server group 4

5 ServerIron(config-tc-1)# cache-name jaguar1 ServerIron(config-tc-1)# exit ServerIron(config)# interface ethernet 1 ServerIron(config-if-4)# ip-policy 1 ServerIron(config-if-4)# exit ServerIron(config)# write mem Assign cache name to the cache group configure ethernet interface 1 Apply Local Policy Save Configuration 3) Configuring for JAGUAR Hidden Mode Global Setting: ServerIron(config)# ip policy 1 cache tcp 80 global Redirect Destination Port 80 in all interfaces [Note: Numbers between 1 and 64 are used for Policy Number.] ServerIron(config)# server cache-name jaguar One or more ServerIron(config-rs-cacheflow1)# exit ServerIron(config)# server cache-group 1 ServerIron(config-tc-1)# cache-name jaguar1 ServerIron(config-tc-1)#spoof-support ServerIron(config-tc-1)# exit ServerIron(config)# interface ethernet 2 ServerIron(config-if-1)# no cache-group 1 ServerIron(config-if-6)# exit ServerIron(config)# exit ServerIron# write mem Caches Create cache server group Assign cache name to the cache group Apply it for using IP- spoofig configure ethernet interface 2 Except it from Redirection policy Save configuration Local Setting: ServerIron(config)# ip policy 1 cache tcp http local Redirect Destination [Note: Numbers between 1 and 64 are used for Policy Number.] ServerIron(config)# server cache-name jaguar ServerIron(config-rs-cacheflow)# exit ServerIron(config)# server cache-group 1 Port 80 in a specific interface One or more caches Create cache server group 5

6 ServerIron(config-tc-1)# cache-name jaguar1 ServerIron(config-tc-1)# spoof-support ServerIron(config-tc-1)# exit ServerIron(config)# interface ethernet 1 ServerIron(config-if-4)# ip-policy 1 ServerIron(config)# interface ethernet 4 ServerIron(config-if-4)# ip-policy 1 ServerIron(config-if-4)# exit ServerIron(config)# write mem Assign cache name to the cache group Apply it for using IPspoofig configure ethernet interface 1 Apply Local policy configure ethernet interface 4 Apply Local policy Save configuration 6

7 2. Nortel Alteon Switches [top] Configuring Alteon Layer 4 Switch - Serial Cable Connecting Connect to L4 Switch by using Laptop PC with RS232 Cable. - Console Port Settings Figure 5 - Network Diagram Figure 6 7

8 1) Basic Configuration A password is required for the initial connecting of Switch. Default password is admin. >> Main# cfg >> Configuration# ip >> IP# if Enter interface number: (1-256) 1 >> IP Interface 1# mask >> IP Interface 1# add >> IP Interface 1# en >> IP Interface 1# apply >> IP Interface 1# /info/ip >> Information#.. >> Main# cfg >> Configuration# ip >> IP# gw Enter default gateway number: (1-250) 1 >> Default gateway 1# add >> Default gateway 1# en >> Default gateway 1# apply >> Default gateway 1# /info/ip >> Information# /cfg >> Configuration# slb >> Layer 4# on >> Layer 4# diff >> Layer 4# >> Layer 4# real Enter real server number: (1-1023) 1 >> Real server 1 # rip Current real server IP address: Enter new real server IP address: >> Real server 1 # en >> Real server 1 # submac Current source MAC substitution: disabled Enter new source MAC substitution [d/e]: en >> Real server 1 # apply >> Real server 1 #.. >> Layer 4# gr Enter real server group number: (1-256) 1 >> Real server group 1# add Enter real server number: (1-1023) 1 >> Real server group 1#.. 8

9 2) Configuration for JAGUAR Transparent Mode >> Layer 4# filt 100 >> Filter 100 # dport 80 >> Filter 100 # action redir Redirection >> Filter 100 # rport 80 Redirect TCP 80 traffic with TCP 80 Port number. >> Filter 100 # group Current real server group: 1 Real server group 1 Enter new real server group [1-256]: >> Filter 100 # diff >> Filter 100 # en >> Filter 100 # apply >> Filter 100 # dip Current destination address: any Enter new destination address or any: any >> Filter 100 # dport http >> Filter 100 # /cfg/du >> Configuration# /cfg/slb/fil 100 >> Filter 100 # cu >> Filter 100 # proto tcp Current protocol: any Pending new protocol: tcp >> Filter 100 # apply >> Filter 100 # /cfg/du >> Configuration# /cfg/slb >> Layer 4# port/ Enter port number: (1-9) 2 >> SLB port 2# cu >> SLB port 2# filt en >> SLB port 2# add 100 >> SLB port 2# apply >> SLB port 2# /cfg/du >> Configuration# save 3) Configuration for JAGUAR Hidden Mode >> Layer 4# filt 100 >> Filter 100 # dport 80 >> Filter 100 # action redir Redirection >> Filter 100 # rport 80 Redirect TCP 80 traffic with TCP 80 Port number. >> Filter 100 # group Current real server group: 1 Real server group 1 Enter new real server group [1-256]: >> Filter 100 # diff >> Filter 100 # en 9

10 >> Filter 100 # apply >> Filter 100 # dip Current destination address: any Enter new destination address or any: any >> Filter 100 # dport http >> Filter 100 # /cfg/du >> Configuration# /cfg/slb/fil 100 >> Filter 100 # cu >> Filter 100 # proto tcp Current protocol: any Pending new protocol: tcp >> Filter 100 # apply >> Filter 100 # /cfg/du >> Configuration# /cfg/slb >> Layer 4# port/ Enter port number: (1-9) 2 >> SLB port 2# cu >> SLB port 2# filt en >> SLB port 2# add 100 >> SLB port 2# apply >> SLB port 2# /cfg/du >> Configuration# save >> Configuration# /cfg/slb/fil 200/en/ac re/pro tcp/sport http >> Filter 200 # apply >> Filter 200 # /cfg/du >> Configuration# /cfg/slb/port 1/fil en/add 200 >> SLB port 1# apply >> SLB port 1# save >> SLB port 1# /info/ip >> Information# /info/slb/du >> Main# /cfg/du >> Main# /cfg/slb/real Enter real server number: (1-1023) 1 >> Real server 1 # en 10

11 3. Nortel Networks Router PBR (Policy Based Routing) [top] Configuring Nortel Networks Router Site Manger is a tool for configuring Nortel Networks Routers HTTP Redirection filter. Following examples are configured under Site Manger Version Network Diagram Figure 7 1) Basic Configuration Run the Site Manager. 1. From Tools menu, select Configuration Manager >> Dynamic. 2. Select Interface (XCVR1 in the above Network Diagram, Figure 7) to link a JAGUAR, and then select Edit Circuit. 3. From Protocols menu, select Edit IP >> Traffic Filters. 11

12 4. Then, Select Template>>Create. 5. From Tools menu, select Action >> Add >> Forward to next hop. 6. Type IP address of JAGUAR ( ), and then save it. 2) Configuring in Transparent Mode 1. From Criteria menu, select Add >> TCP Frame >> TCP Destination Port. 2. Set minimum value for port In Filter name field, type Send_to_cache, then click OK to be done. 4. Select Template>>Create to create second filter. 12

13 5. From Action menu, select Add >> Accept. 6. From Criteria menu, select Add >> IP Source Address. 7. Type IP address of the JAGUAR ( ), and then click OK. 8. In Filter name field, type Let_Through, and then click OK to be done. 9. Apply filter rule in Send_to_Cache template to interface (SCVR2) which is related to client. 10. Apply filter rule in Let_Through template to interface (XCVR2) witch is related to client. 13

14 4. ArrowPoint Switch [top] Configuring ArrowPoint Switches Network Diagram Figure 8 1) Basic Configuration CS100#conf t CS100(config)# ip route (Assign default gateway) CS100(config)# circuit VLAN1 CS100(config-circuit[VLAN1])# ip address (Assign switch IP) Create ip interface < >, [y/n]:y 2) Configuring in Transparent Mode CS100(config-circuit-ip[VLAN ])# service transparent_jaguar1 (Create service) Create service <jaguar1>, [y/n]:y CS100(config-service[jaguar1])# type transparent-cache CS100(config-service[jaguar1])# service ip address (JAGUAR IP Address) CS100(config-service[jaguar1])# port 80 CS100(config-service[jaguar1])# protocol tcp CS100(config-service[jaguar1])# active CS100(config-service[jaguar1])# owner transparent_owner Create owner <transparent_owner>, [y/n]:y CS100(config-owner[transparent_owner])# content transparent_rule 14

15 Create content <transparent_rule>, [y/n]:y CS100(config-owner-content[transparent_owner-transparent_rule])# add service jaguar1 CS100(config-owner-content[transparent_owner-transparent_rule])# port 80 CS100(config-owner-content[transparent_owner-transparent_rule])# protocol tcp CS100(config-owner-content[transparent_owner-transparent_rule])# balance roundrobin (Set if there are several cache servers) CS100(config-owner-content[transparent_owner-transparent_rule])# failover bypass (Bypass if it is failed) CS100(config-owner-content[transparent_ownertransparent_rule])#application http CS100(config-owner-content[transparent_owner-transparent_rule])#active This is a copy of the configuration file we just created:!generated APR 17 8:20:22!Active version: ap s configure!*************************** GLOBAL *************************** ip route !************************** CIRCUIT ************************** circuit VLAN1 ip address !************************** SERVICE ************************** service transparent_jaguar1 type transparent-cache port 80 protocol tcp ip address active!*************************** OWNER *************************** owner transparent_owner content transparent_rule protocol tcp add service transparent_jaguar1 port 80 balance roundrobin failover bypass active 15

16 5. Extreme Networks Switch PBR (Policy Based Routing) [top] Configuring Extreme Networks Summit - Network Diagram Figure 9 1) Basic Configuration # Factory setting - all ports belong to the "default" vlan # Best practice - delete all ports from "default" vlan Summit71Tx:#config default del port 1-32 # Create "internet" vlan, assign IP address and define port assignment Summit71Tx:#create vlan internet Summit71Tx:#conf internet ip Summit71Tx:#conf internet add po 1-4 # Create "cache" vlan, assign IP address and define port assignment Summit71Tx:#create vlan cache Summit71Tx:#conf cache ip Summit71Tx:#conf cache add po 5-8 # Create "client" vlan, assign IP address and define port assignment Summit71Tx:#create vlan client Summit71Tx:#conf client ip Summit71Tx:#conf client add po 9-16 # Configure default gateway Summit71Tx:#conf ipr add default # Enable ipforward - also known as enable routing Summit71Tx:#ena ipf 16

17 2) Configuration for JAGUAR Transparent Mode # Create flow for port 80 traffic Summit71Tx:#create flow-redirect web tcp destination any ip-port 80 source any Summit71Tx:#config flow-redirect web service-check L4-port Summit71Tx:#config web add next-hop ) Configuration JAGUAR for Hidden Mode # Create flow for port 80 traffic Summit71Tx:#create flow-redirect web tcp destination any ip-port 80 source any Summit71Tx:#config flow-redirect web service-check L4-port Summit71Tx:#config web add next-hop Summit71Tx:#create flow-redirect web1 tcp destination any ip-port any source any ip-port 80 Summit71Tx:#configure flow-redirect web1 service-check L 17

18 6. Piolink [top] Configuring Piolink Switch - Serial Cable Connecting Piolink uses console serial cable made of Roll-over cable like Cisco, so compatible with Cisco Console cable. - Console Port Settings Figure 10 - Network Diagram Figure 11 18

19 1) Basic Configuration switch# configure switch(config)# vlan JAGUAR 3 Configuring VLAN switch(config)# vlan pvid JAGUAR port 1 Configuring Port (Client) switch(config)# vlan pvid JAGUAR port 2 switch(config)# vlan pvid JAGUAR port 3 switch(config)# vlan pvid JAGUAR port 4 Configuring Port (Jaguar) switch(config)# vlan pvid JAGUAR port 5 switch(config)# vlan pvid JAGUAR port 8 Configuring Port (Internet) switch(config)# ip address /24 interface JAGUAR Configuring IP Address switch(config)# vlan JAGUAR port 1,2,3,4,5,8 untagged switch(config)# port-boundary 1 switch(config-portbnd[1])# include-mac unicast switch(config-portbnd[1])# protocol tcp switch(config-portbnd[1])# boundary server switch(config-portbnd[1])# tcp-port-list 80 switch(config-portbnd[1])# port 8 switch(config-portbnd[1])# enable switch(config-portbnd[1])# apply Port-boundary '1' is applied to system. Apply Redirecting Internet side switch(config)# port-boundary 2 Apply Redirecting Client side. switch(config-portbnd[11])# include-mac unicast switch(config-portbnd[11])# protocol tcp switch(config-portbnd[11])# tcp-port-list 80 switch(config-portbnd[11])# port 1,2,3 switch(config-portbnd[11])# enable switch(config-portbnd[11])# apply Port-boundary '11' is applied to system. switch(config)# cslb L4 Configuring Destination IP Hash switch(config-cslb[l4])# lb-method hash switch(config-cslb[l4])# sticky source-subnet switch(config-cslb[l4])# sticky destination-subnet switch(config-cslb[l4])# apply CSLB service 'L4' is applied to system. switch(config-cslb[l4])# real 1 Configuring Real Server switch(config-cslb[l4]-real[1])# name Jaguar5k_1 switch(config-cslb[l4]-real[1])# rip Configuring IP of Cache switch(config-cslb[l4]-real[1])# mac 00:1a:2b:3c:4d:5e Configuring MAC of Cache switch(config-cslb[l4]-real[2])# enable switch(config-cslb[l4]-real[1])# apply 19

20 CSLB real '1' is applied to system. switch(config-cslb[l4])# real 2 Configuring Real Server switch(config-cslb[l4]-real[2])# name Jaguar5k_2 switch(config-cslb[l4]-real[2])# rip Configuring IP of Cache switch(config-cslb[l4]-real[2])# mac 11:2a:3b:4c:5d:6e Configuring MAC of Cache switch(config-cslb[l4]-real[2])# enable switch(config-cslb[l4]-real[2])# apply CSLB real '2' is applied to system. switch(config-cslb[l4]-real[2])# exit switch(config-cslb[l4])# health 1 switch(config-cslb[l4]-health[1])# type tcp switch(config-cslb[l4]-health[1])# port 80 Healthcheck TCP Port 80 switch(config-cslb[l4]-health[1])# apply CSLB healthcheck '1' is applied to system. 2) Configuration for JAGUAR Transparent Mode switch# configure switch(config)# cslb L4 switch(config-cslb[l4])# filter 100 switch(config-cslb[l4]-filter[100])# protocol tcp switch(config-cslb[l4]-filter[100])# dport 80 Redirection Destination Port 80 switch(config-cslb[l4]-filter[100])# apply (Client side) CSLB filter '100' is applied to system. 3) Configuration for JAGUAR Hidden Mode switch# configure switch(config)# cslb L4 switch(config-cslb[l4])# filter 100 switch(config-cslb[l4]-filter[100])# protocol tcp switch(config-cslb[l4]-filter[100])# dport 80 Redirection Destination Port 80 switch(config-cslb[l4]-filter[100])# apply (Client side) CSLB filter '100' is applied to system. switch(config-cslb[l4])# filter 101 switch(config-cslb[l4]-filter[101])# protocol tcp switch(config-cslb[l4]-filter[101])# sport 80 Redirection Source Port 80 switch(config-cslb[l4]-filter[101])# apply (Internet side) CSLB filter '101' is applied to system. 20

21 7. F5 Big-IP [top] Configuring F5 BIG-IP Switch - Serial Cable Connecting F5 BIG-IP uses console serial cable made of Roll-over cable like Cisco, so compatible with Cisco Console cable. - Console Port Settings Figure 12 - Network Diagram Figure 13 21

22 1) Basic Configuration a. Configuring IP address b. Configuring VLAN c. Configuring Default Gateway 22

23 23

24 Case 1. Configuration for Redirection by Destination IP Hash.(L4 Redirection) Both configurations of Jaguar Transparent mode and Hidden mode are same for F5 switch. a. Web Traffic(Destination Port is 80) Redirection to Virtual Server(Web Cache) 24

25 b. Configuring the type of Load balancing (Destination IP Hash is recommended) and Persistent timeout of session table. c. Apply Session Table Profile 25

26 Case 2. Configuration for Redirection by URL Hash.(L7 Redirection) Both configurations of Jaguar Transparent mode and Hidden mode are same for F5 switch. a. Web Traffic(Destination Port is 80) Redirection to Virtual Server(Web Cache) 26

27 b. Configuring URL Hash c. Configuring URL_Hash_Rule rule URL_Hash_Rule { when HTTP_REQUEST { if { [active_members test_pool] > 0 { set m [lindex [active_members -list test_pool] [expr [crc32 [ % [active_members test_pool]]] pool test_pool member [lindex $m 0] [lindex $m 1] else { pool gw_pool d. Configuring URL_Hash_exlude_rule rule URL_Hash_exclude_rule { when HTTP_REQUEST { set uri [string tolower [ if { [active_members test_pool] == 0 { pool gw_pool elseif { [matchclass $uri contains $::exclude_cache] { 27

28 pool gw_pool else { set m [lindex [active_members -list test_pool] [expr [crc32 [ % [active_members test_pool]]] pool test_pool member [lindex $m 0] [lindex $m 1] e. Configuring exclude Host and Dynamic contents. 28

29 f. Configuring to exclude Dynamic contents g. Configuring to exclude the specific Domain. 29

30 8. Juniper Router PBR (Policy Based Routing) [top] Case 1. Configuration with Router two interfaces. - Serial Cable Connecting Juniper uses console serial cable made of Roll-over cable like Cisco, so compatible with Cisco Console cable. - Console Port Settings - Network Diagram Figure 14 Figure 15 30

31 1) Basic Configuration ae0 { description "Client side"; vlan-tagging; unit 12 { vlan-id 12; family inet { address /24; ge-1/1/0 { description "Internet side"; vlan-tagging; unit 11 { vlan-id 11; family inet { address /28; ge-0/1/0 { description "Jaguar Web-cache side"; unit 60 { vlan-id 60; family inet { address /24; routing-options { interface-routes { rib-group inet int-route; rib-groups { int-route { import-rib [ inet.0 fbf1.inet.0 ]; routing-instances { fbf1 { instance-type forwarding; routing-options { static { route /0 next-hop ; Jaguar IP address 31

32 2) Configuration for JAGUAR Transparent Mode ae0 { description "Client side"; filter { input f1; filter f1 { term 1 { from { protocol tcp; destination-port 80; then { routing-instance fbf1; term 2 { then accept; 3) Configuration for JAGUAR Hidden Mode ae0 { description "Client side"; filter { input f1; ge-1/1/0 { description "Internet side"; filter { input f2; filter f1 { term 1 { from { 32

33 protocol tcp; destination-port 80; then { routing-instance fbf1; term 2 { then accept; filter f2 { term 1 { from { protocol tcp; source-port 80; then { routing-instance fbf1; term 2 { then accept; 33

34 Case 2. Configuration with Router one interface. Following configuration is available over JunOS version Serial Cable Connecting Juniper uses console serial cable made of Roll-over cable like Cisco, so compatible with Cisco Console cable. - Console Port Settings Figure 16 - Network Diagram Figure 17 34

35 1) Basic Configuration interfaces { ge-0/0/0 { unit 0 { family inet { address /24; ge-0/0/2 { unit 0 { family inet { address /24; ge-0/0/1 { unit 0 { family inet { address /24; Internet side interface Jaguar web cache side interface Client side interface routing-options { interface-routes { rib-group inet int-route; Configuring Routing Policy of Juniper Router static { Configuring default gateway of Router route /0 next-hop ; rib-groups { int-route { import-rib [ inet.0 fbf-01.inet.0 ]; import-policy d-filter; policy-options { policy-statement d-filter { 35

36 term 5 { if any network, go to default gateway. from { protocol static; route-filter /0 exact accept; then accept; term 10 { if the defined network, don t go to default gateway, from { but redirect to cache. route-filter /24 exact; route-filter /24 exact; then reject; term 30 { then accept; routing-instances { Traffic Redirection to Jaguar Web cache fbf-01 { instance-type forwarding; routing-options { static { route /0 next-hop ; 2) Configuration for JAGUAR Transparent Mode interfaces { Client side interface ge-0/0/1 { unit 0 { family inet { filter { Redirection for Client side traffic input outbound-filter; address /24; 36

37 firewall { Defining Redirection of Client side traffic filter outbound-filter { term 10 { from { source-address { /24; protocol tcp; Redirecting only Destination port is 80 destination-port http; 3) Configuration for JAGUAR Hidden Mode interfaces { ge-0/0/1 { unit 0 { family inet { filter { input outbound-filter; output inbound-filter; address /24; Client side interface Redirection for Client side traffic Redirection for Internet side traffic firewall { filter inbound-filter { Defining Redirection of Internet side traffic term 10 { from { destination-address { /24; protocol tcp; Redirecting only Source port is 80 source-port http; interface ge-0/0/0; Redirecting only traffic from Internet side interface to prevent Looping between Router and Load Balancer 37

38 filter outbound-filter { Defining Redirection of Client side traffic term 10 { from { source-address { /24; protocol tcp; Redirecting only Destination port is 80 destination-port http; 38

39 9. Cisco Router PBR (Policy Based Routing) [top] Configuring Cisco Router - Serial Cable Connecting Cisco uses console serial cable made of Roll-over cable. - Console Port Settings Figure 18 - Network Diagram Figure 19 39

40 1) Configuration for JAGUAR Transparent Mode ip access-list extended 101 permit tcp any any eq www route-map dst_80 match ip address 101 set ip next-hop Redirection to JAGUAR interface Vlan1 description [Client] ip address ip policy route-map dst_80 interface Vlan2 description [Internet] ip address ) Configuration for JAGUAR Hidden Mode ip access-list extended 101 permit tcp any any eq www ip access-list extended 102 permit tcp any eq www any route-map dst_80 match ip address 101 set ip next-hop Redirection to JAGUAR route-map src_80 match ip address 102 set ip next-hop Redirection to JAGUAR interface Vlan1 description [Client] ip address ip policy route-map dst_80 interface Vlan2 description [Internet] ip address ip policy route-map src_80 40

41 10. Cisco Router PBR (Policy Based Routing) and ACE LB (Load Balancing) [top] Configuring Cisco Router - Serial Cable Connecting Cisco uses console serial cable made of Roll-over cable. - Console Port Settings Figure 20 - Network Diagram Figure 21 41

42 1) PBR Configuration for JAGUAR Transparent Mode ip access-list extended 101 permit tcp any any eq www route-map dst_80 permit 10 match ip address 101 set ip next-hop Redirection to ACE interface Vlan10 description [Internet] ip address interface Vlan20 description [Client] ip address ip policy route-map dst_80 interface Vlan30 description [ACE] ip address ip route Default Gateway ip route Routing for Jaguar 2) PBR Configuration for JAGUAR Hidden Mode ip access-list extended 101 permit tcp any any eq www ip access-list extended 102 permit tcp any eq www any route-map dst_80 match ip address 101 set ip next-hop Redirection to ACE route-map src_80 match ip address 102 set ip next-hop Redirection to ACE interface Vlan10 description [Internet] ip address ip policy route-map src_80 interface Vlan20 description [Client] ip address ip policy route-map dst_80 42

43 interface Vlan30 description [ACE] ip address ip route ip route Default Gateway Routing for Jaguar 3) ACE Basic Configuration access-list ALL line 8 extended permit ip any any probe tcp TCP_80 interval 2 faildetect 2 passdetect interval 3 receive 1 Configuration of Health Check rserver host Jaguar01 ip address inservice rserver host Jaguar02 ip address inservice rserver host Jaguar03 ip address inservice rserver host MSFC ip address inservice Configuration of Real Server serverfarm host Jaguar transparent failaction purge predictor hash address destination probe TCP_80 Health Check TCP 80 rserver Jaguar01 inservice rserver Jaguar02 inservice rserver Jaguar03 inservice serverfarm host MSFC transparent failaction purge probe ICMP rserver MSFC 43

44 inservice class-map match-all Jaguar_class 2 match virtual-address tcp eq www policy-map type loadbalance first-match Jaguar_policy class class-default serverfarm Jaguar backup MSFC policy-map multi-match LB_policy class Jaguar_class loadbalance vip inservice loadbalance policy Jaguar_policy access-group input ALL ip route ) ACE Configuration for JAGUAR Transparent Mode interface vlan 30 description [MSFC Side] ip address service-policy input LB_policy no shutdown interface vlan 40 description [Jaguar Side] ip address no shutdown 5) ACE Configuration for JAGUAR Hidden Mode interface vlan 30 description [MSFC Side] ip address service-policy input LB_policy no shutdown interface vlan 40 description [Jaguar Side] ip address mac-sticky enable Creating Session table for IP spoofing no shutdown 44

45 Copyright 2010 ARA Networks Co., Ltd. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of ARA networks Co., Ltd. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, ARA Networks Co., Ltd. assumes no responsibility for its use. Jaguar is a registered trademark of ARA Networks Co., Ltd. In the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. Contact ARA Networks (Fax) 45