[f-nsp] TCS with spoof support not working

Oliver Adam oadam at madao.de
Wed Jun 3 10:30:22 EDT 2009 

You have mentioned that your proxy supports reflecting the client 
IP... is it going to change at least the source port of the packet or 
is it keeping packets as they are (with client IP and client source port)?
The configuration does not seem to be complete - do you have a 
complete one? You do have cache-router-offload enabled - are you able 
to tell me a bit more about the (expected) traffic flow?

R, Oliver

At 21:31 02.06.2009, Samit wrote:
>Hi, I am trying to implement TCS with spoof support but it is not
>working,  I don't see any Spoof pkt counter either.  I am using L2 code
>in ServerIronGT EGx2. Anything more required to enable it and make it
>work, am I missing anything?  My proxy support reflecting client ip
>address. Without spoof support it is just rocking without any single issue.
>
>My setup is
>
>LAN<--->ServerIron<--->WAN
>                 |
>              Proxy1
>
>Config:
>
>ver 10.2.01cTD2
>!
>module 1 bi-0-port-wsm6-management-module
>module 2 bi-jc-8-port-gig-module
>!
>no global-stp
>
>server port 80
>  tcp
>!
>server cache-name proxy1 192.168.40.142
>  port http
>  port http url "GET \"
>!
>
>server cache-bypass 100
>
>server cache-group 1
>  filter-acl 101
>  cache-name proxy1
>  spoof-support
>!
>server cache-router-offload
>!
>interface ethernet 2/1
>  port-name LAN
>!
>interface ethernet 2/3
>  port-name proxy1
>!
>interface ethernet 2/8
>  port-name WAN
>  no cache-group
>  ip-policy 1
>!
>ip policy 1 cache tcp http local
>!
>access-list 100 remark no-tcs-prefix
>access-list 100 permit ip host 192.168.55.22 any
>access-list 101 remark tcs-prefix
>access-list 101 permit ip 192.168.224.0 0.0.0.255 any
>
>
>
>SLB-telnet at sw-fdry #sh cache-group 1
>
>Cache-group 1 has 1 members Admin-status = Enabled Active = 0
>Hash_info: Dest_mask = 255.255.255.0 Src_mask = 0.0.0.0
>
>Filter-acl: 101 Hit count: 0
>
>Cache Server Name                Admin-status Hash-distribution
>bluecoat                         6            0
>
>HTTP Traffic  From <-> to  Web-Caches
>
>Name: bluecoat        IP: 192.168.40.142    State: 6   Groups =   1  3
>
>                                      Host->Web-cache
>Web-cache->Host
>            State   CurCon TotCon     Packets   Octets     Packets
>Octets
>                                      Spoof pkt Spoof oct  Spoof pkt
>Spoof oct
>Web-Server active  0      0          4515919   2068851043 0         0
>
>                                      0         0          0         0
>
>Client     active  5903   187341446  252270927 3288932869
>16098549142944827043
>Total              5903   187341446  256786846 1062816616
>16098549142944827043
>
>SLB-telnet at sw-fdry-jwl-01#
>_______________________________________________
>foundry-nsp mailing list
>foundry-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/foundry-nsp

More information about the foundry-nsp mailing list