[j-nsp] Best way to use transparent caching with M/E-series

Guy Davies aguydavies at gmail.com
Wed Jun 14 08:37:48 EDT 2006 

Hi Dean,

You can do something similar on the M/T series by doing filter based forwarding.

You need a minimum of three interfaces.

1. The ingress interface from which http/https requests will be received.
2. The egress interface to the Internet
3. The egress interface to the Caching device

You identify ingress traffic that is http or https and then apply a
non-standard routing-instance (with a default pointing to the Caching
device) to that traffic.  The traffic is then forwarded to the caching
device which is able to either respond direct or has to make a query
to the Internet.  It is important to apply the filter to the input of
the ingress interface rather than the output of the egress to the
Internet or you'll catch the traffic from the caching device too and
send it back to the caching device.

interfaces {
   ge-0/0/0 {
      description "Ingress";
      family inet {
          address 192.168.0.1/24;
          filter {
             input transparent-cache;
         }
      }
    }
    ge-0/1/0 {
        description "Egress";
        family inet {
            address 192.168.1.1/24;
        }
    }
    ge-0/2/0 {
        description "Cache";
        family inet {
            address 192.168.2.1/24;
        }
    }
}
firewall {
    family inet {
        filter transparent-cache {
           term http-https {
               from {
                   protocol tcp;
                   destination-port [ 80 443 ];
               }
               then {
                   routing-instance cache;
               }
            }
            term default {
                then accept;
            }
        }
    }
}
routing-instances {
    cache {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 192.168.2.2;
            }
        }
    }
}
routing-options {
    interface-routes {
        rib-group inet direct-if;
    }
    rib-groups {
        direct-if {
            import-rib [ inet.0 cache.inet.0 ];
        }
    }
}

Rgds,

Guy

On 14/06/06, Bjørn Mork <bjorn at mork.no> wrote:
> Dean Albano <dean.albano at 121media.com> writes:
>
> > What would be the best way to do transparent caching through either
> > an M-series or E-series router?
>
> Put a L4-switch at either side of it?
>
>
> Bjørn
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list