[f-nsp] TCS with spoof support not working

Sun Jun 7 09:44:25 EDT 2009

Thanks olive, it started working without any further changes after
sometime of may be  after I cleared all active sessions, not
sure...can't say. I removed the cache-router-offload (just doing hit and
trail) and has no significance because I do have specif route for my lan
prefixes pointing towards by lan gateway in my proxy.  However, I still
don't see single packet counter in spoof counter hit in "sh cache-group
1", though it is working and works, definitely. Just cannot seen the
packet counter match..weired..

Samit

Oliver Adam wrote:
> You have mentioned that your proxy supports reflecting the client IP...
> is it going to change at least the source port of the packet or is it
> keeping packets as they are (with client IP and client source port)?
> The configuration does not seem to be complete - do you have a complete
> one? You do have cache-router-offload enabled - are you able to tell me
> a bit more about the (expected) traffic flow?
> 
> R, Oliver
> 
> At 21:31 02.06.2009, Samit wrote:
>> Hi, I am trying to implement TCS with spoof support but it is not
>> working,  I don't see any Spoof pkt counter either.  I am using L2 code
>> in ServerIronGT EGx2. Anything more required to enable it and make it
>> work, am I missing anything?  My proxy support reflecting client ip
>> address. Without spoof support it is just rocking without any single
>> issue.
>>
>> My setup is
>>
>> LAN<--->ServerIron<--->WAN
>>                 |
>>              Proxy1
>>
>> Config:
>>
>> ver 10.2.01cTD2
>> !
>> module 1 bi-0-port-wsm6-management-module
>> module 2 bi-jc-8-port-gig-module
>> !
>> no global-stp
>>
>> server port 80
>>  tcp
>> !
>> server cache-name proxy1 192.168.40.142
>>  port http
>>  port http url "GET \"
>> !
>>
>> server cache-bypass 100
>>
>> server cache-group 1
>>  filter-acl 101
>>  cache-name proxy1
>>  spoof-support
>> !
>> server cache-router-offload
>> !
>> interface ethernet 2/1
>>  port-name LAN
>> !
>> interface ethernet 2/3
>>  port-name proxy1
>> !
>> interface ethernet 2/8
>>  port-name WAN
>>  no cache-group
>>  ip-policy 1
>> !
>> ip policy 1 cache tcp http local
>> !
>> access-list 100 remark no-tcs-prefix
>> access-list 100 permit ip host 192.168.55.22 any
>> access-list 101 remark tcs-prefix
>> access-list 101 permit ip 192.168.224.0 0.0.0.255 any
>>
>>
>>
>> SLB-telnet at sw-fdry #sh cache-group 1
>>
>> Cache-group 1 has 1 members Admin-status = Enabled Active = 0
>> Hash_info: Dest_mask = 255.255.255.0 Src_mask = 0.0.0.0
>>
>> Filter-acl: 101 Hit count: 0
>>
>> Cache Server Name                Admin-status Hash-distribution
>> bluecoat                         6            0
>>
>> HTTP Traffic  From <-> to  Web-Caches
>>
>> Name: bluecoat        IP: 192.168.40.142    State: 6   Groups =   1  3
>>
>>                                      Host->Web-cache
>> Web-cache->Host
>>            State   CurCon TotCon     Packets   Octets     Packets
>> Octets
>>                                      Spoof pkt Spoof oct  Spoof pkt
>> Spoof oct
>> Web-Server active  0      0          4515919   2068851043 0         0
>>
>>                                      0         0          0         0
>>
>> Client     active  5903   187341446  252270927 3288932869
>> 16098549142944827043
>> Total              5903   187341446  256786846 1062816616
>> 16098549142944827043
>>
>> SLB-telnet at sw-fdry-jwl-01#
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
> 
> 
> 
> 
> 