[nsp] Using Local Director for Transparent Proxy Cluster

Mark Taylor maillist at smashie.ision.co.uk
Thu Dec 11 08:30:38 EST 2003


Hi,

I have a Cisco Local Director that is currently load balancing a group of
proxy servers. This is working fine where the client machines have proxy
enabled and connect to the virtual address on the local director with their
proxy requests.

I wanted to turn this optional proxy into a forced/transparent proxy setup,
so added policy routing on my router to send port 80 requests to the virtual
address on the local director (it's configured to load balance both 8080 and
port 80 and my proxy servers are in transparent mode, so they'll accept an
http request on 80 or proxy on 8080).

This doesn't appear to work, and you get no response when trying to browse a
web page. I think it might be because the router policy routes to the local
director, but when the packet get's there it's not for the virtual address -
for example, if you're browsing www.google.com the packet turns up at the
local director for 66.102.11.99 port 80 and it ignores it because
66.102.11.99 is not it's virtual address.

Has anyone managed to use a local director in this way before and can give
any pointers ? Does the local director need to be put in a transparent mode
to except a request that was destined for anywhere, a bit like the
transparent mode on my proxy servers ?

I know the policy routing and my proxy servers work fine in transparent
mode, because if you policy route direct to the address of a proxy server,
it works transparently exactly as intended. Just I'd like to use the local
director to cluster/load balance these proxies.

Also, it's not the proxy server getting policy routed back to itself
creating a loop. I've checked that already (and the above wouldn't work if
that was the case).

Any help or info would be appreciated.
Thanks,
Mark.



More information about the cisco-nsp mailing list