[c-nsp] content filter placement in data center
Dan Letkeman
danletkeman at gmail.com
Sun Aug 17 21:45:28 EDT 2008
I'm still a bit confused as to how I would connect this to the router?
The filter appliance has an ingress and egress interface and only
works in this configuration. Would I route-map incoming traffic and
outgoing traffic to and from the router? I would like to make sure
all incoming and outgoing traffic is filtered.
I'm visualizing this configuration:
--------------internet
|
switch----------router---------content filter
|
--------------wccp cache
So if I route-map source ip's(workstations) to the content filter, the
content filter will redirect the traffic back to the router and out
the default route to the internet, but do I need to route-map the
internet traffic back to the content filter? If I don't won't the
traffic just go back into the network unfiltered?
Would I be better off using my current configuration and rather
setting up an object track between the switch and router with an
alternate route? eg:
switch----------content filter------------router-------------internet
| |
-------------------------------------------------
Thanks,
Dan.
On Sun, Aug 17, 2008 at 6:17 PM, Adrian Chadd <adrian at creative.net.au> wrote:
> On Sun, Aug 17, 2008, Dan Letkeman wrote:
>
>> Is there a way to connect it to the router and use policy routing, and
>> the verify availability option so that if the content filter is down
>> the system still works with out it?
>
> Yes.
>
> * Does the content filter speak WCCPv2? Or can you glue it to Squid?
> If so, try WCCPv2.
>
> * Otherwise, see if your platform/IOS supports object tracking and
> conditional route maps. You can set things up to use a route-map
> (or route!) if a destination host is reachable via ICMP.
>
> The archives have details on both of these.
>
>
> Adrian
>
>
More information about the cisco-nsp
mailing list