[j-nsp] Best way to use transparent caching with M/E-series

Dean Albano dean.albano at 121media.com
Wed Jun 14 09:17:46 EDT 2006


Thanks Guy.  We will give this a try.  One question though; what  
happens if the cache host goes down?  Is there any mechanism with  
Filter Based Forwarding to identify that the cache host is down and  
route http traffic around it?

Regards,

Dean J. Albano
Network Integration Consultant


On Jun 14, 2006, at 8:37 AM, Guy Davies wrote:

Hi Dean,

You can do something similar on the M/T series by doing filter based  
forwarding.

You need a minimum of three interfaces.

1. The ingress interface from which http/https requests will be  
received.
2. The egress interface to the Internet
3. The egress interface to the Caching device

You identify ingress traffic that is http or https and then apply a
non-standard routing-instance (with a default pointing to the Caching
device) to that traffic.  The traffic is then forwarded to the caching
device which is able to either respond direct or has to make a query
to the Internet.  It is important to apply the filter to the input of
the ingress interface rather than the output of the egress to the
Internet or you'll catch the traffic from the caching device too and
send it back to the caching device.

interfaces {
   ge-0/0/0 {
      description "Ingress";
      family inet {
          address 192.168.0.1/24;
          filter {
             input transparent-cache;
         }
      }
    }
    ge-0/1/0 {
        description "Egress";
        family inet {
            address 192.168.1.1/24;
        }
    }
    ge-0/2/0 {
        description "Cache";
        family inet {
            address 192.168.2.1/24;
        }
    }
}
firewall {
    family inet {
        filter transparent-cache {
           term http-https {
               from {
                   protocol tcp;
                   destination-port [ 80 443 ];
               }
               then {
                   routing-instance cache;
               }
            }
            term default {
                then accept;
            }
        }
    }
}
routing-instances {
    cache {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 192.168.2.2;
            }
        }
    }
}
routing-options {
    interface-routes {
        rib-group inet direct-if;
    }
    rib-groups {
        direct-if {
            import-rib [ inet.0 cache.inet.0 ];
        }
    }
}

Rgds,

Guy

On 14/06/06, Bjørn Mork <bjorn at mork.no> wrote:
> Dean Albano <dean.albano at 121media.com> writes:
>
> > What would be the best way to do transparent caching through either
> > an M-series or E-series router?
>
> Put a L4-switch at either side of it?
>
>
> Bjørn
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>




More information about the juniper-nsp mailing list