Knowledge Search


×
 

[VXA] Redirecting port 80 traffic to Junos Content Encore (JCE)

  [KB28461] Show Article Properties


Summary:

This article provides commands for redirecting traffic from both an EX switch and a Cisco router.

Symptoms:

The list below summarizes the sample topology in the figure:

  • Customer traffic originating from the right, Unit (customer traffic).

  • Management traffic at the bottom, Firewall to LAN.

  • Traffic destined for the top, toward origin servers via Cisco 7609 or Juniper MX480.

  • There are two places where customer traffic destined for origin servers can be redirected: the EX4200 or the Cisco 3825.

Cause:

Solution:

Only port 80 traffic should come to Junos Content Encore.

If the EX4200 switch in configured in routed mode (which means that the client interfaces(s), the server interface, and the MFC interface are in L3 mode), you can set up the EX4200 to perform filter-based forwarding (FBF) as shown below:

  • On the MFC, set up full transparent behavior by configuring follow header host with the command below:

use-client-ip

  • On the inbound client interface(s) on the EX4200 (interfaces toward the BMU/LAN), run the command below:

set interfaces <interface-name> unit 0 family inet filter input media_flow_client

  • On the inbound server interface on the EX4200 (likely the interface toward the Cisco 3825 router), run the command below:

set interfaces <interface-name> unit 0 family inet filter input media_flow_server

  • Run the supporting EX4200 configuration commands below:

set routing-options interface-routes rib-group inet fbf_group
set routing-options rib-groups fbf_group import-rib inet.0
set routing-options rib-groups fbf_group import-rib media_flow.inet.0

set firewall family inet filter media_flow_client term 1 from protocol tcp
set firewall family inet filter media_flow_client term 1 from destination-port http
set firewall family inet filter media_flow_client term 1 then routing-instance media_flow
set firewall family inet filter media_flow_client term 2 then accept 

set firewall family inet filter media_flow_server term 1 from protocol tcp
set firewall family inet filter media_flow_server term 1 from source-port http
set firewall family inet filter media_flow_server term 1 then routing-instance media_flow
set firewall family inet filter media_flow_server term 2 then accept

set routing-instances media_flow instance-type forwarding
set routing-instances media_flow routing-options static route 0.0.0.0/0 next-hop <mfc-ip-add>

If the EX4200 is working as a pure L2 device, you must set up the Cisco 3825 router to perform policy-based routing (PBR). However, for this to work correctly in full transparent mode, the MFC cache and the client should be reachable from the Cisco 3825 via distinct interfaces. In this case, the topology would be as follows:

MFC---------3825---------EX4200--------BMU

Contrast this with the current topology:

3825-------EX4200---------BMU
                         |
                     MFC

At any rate, if the MFC cache and the client are made to be reachable from the Cisco 3825 via distinct interfaces, PBR can be configured on the 3825 as follows:

ip access-list extended 101 permit tcp any any eq 80
ip access-list extended 102 permit tcp any eq 80 any

cisco3825(config)# route-map mfc-client permit
cisco3825(config-route-map)# match ip address 101
cisco3825(config-route-map)# set ip next-hop <mfc-ip-add>

cisco3825(config)# route-map mfc-server permit
cisco3825(config-route-map)# match ip address 102
cisco3825(config-route-map)# set ip next-hop <mfc-ip-add>

on the interface towards EX4200:

cisco3825(config-if)# ip policy route-map mfc-client

On both the interface toward the Cisco 7609 and the MX480, run the following command:

cisco3825(config-if)# ip policy route-map mfc-server

Related Links: