Re: Cisco redirection working from Apiset Tananchai on 1998-02-10 (squid-users)

From: Apiset Tananchai <aet@dont-contact.us>
Date: Tue, 10 Feb 1998 18:16:50 +0700 (ICT)

On Sun, 8 Feb 1998, Henrik Nordstrom wrote:

> ---- Details on step 3, routing ----
>
> This can be done in two ways, either set up a route-map on the router,
> or use the proxy-host as a router. Most people prefer to have the router
> remap port 80 traffic to a separate proxy machine, as the proxy machine
> has a higher failure ratio then a typical router...
>
> A Cisco config resently shown in squid-users ("Graham Somers"
> <gsomers@icon.co.zw>):
> !
> interface Ethernet0
> description To Office Ethernet
> ip address 208.206.76.1 255.255.255.0
> no ip directed-broadcast
> no ip mroute-cache
> ip policy route-map proxy-redir
> !
> access-list 110 deny tcp host 208.206.76.44 any eq www
> access-list 110 permit tcp any any eq www
> route-map proxy-redir permit 10
> match ip address 110
> set ip next-hop 208.206.76.44
>
>
> There are however a few gotchas when doing transparent proxying. The
> most prominent one is that the MTU of the interface talking to the
> clients needs to be set to the lowest MTU possible in the patch between
> the Squid host and the clients (including their dialup connection). I
> have seen on this list that someone did solve this with a patched
> ipfilter(?) and a route-map to redirect ICMP to the Squid host. In most
> situations this is no problem as most links have MTU 1500, but some
> likes to use smaller MTUs to support mixed traffic on slow links. A easy
> path around the problem is to tell those few that use a smaller MTU to
> fill in their proxy settings in the browser.

Hm...I have some question about above Cisco configuration. What if I want
to have more than 1 proxy server to share load? Can someone explain what
the Cisco will do if I specify several ip in 'set ip next-hop' statement,
for example

set ip next-hop 203.155.33.14 203.155.33.18

Will it round-robin forward the packet to these 2 server? (Sorry, I don't
have a cisco manuan around :) I've found that Cisco also has

set ip default next-hop <ip> ...

Can we setup a fall-back server using above 2 statement? or can we
auto-disable the route-map if the proxy server goes down?

TIA

--
aet
"Nobody will ever need more than 640k RAM!"
                           -- Bill Gates, 1981
"Windows 95 needs at least 8 MB RAM."
                           -- Bill Gates, 1996
"Nobody will ever need Windows 95."
                           -- logical conclusion

Received on Tue Feb 10 1998 - 03:07:19 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:50 MST