Routing the HTTP Traffic to PowerCache appliance OR iZone Bandwidth Optimization Cloud

 

Principles

 

This technique is used to deploy a transparent proxy. It can be used either with a proxy such as squid or with Traffic Forwarder. Transparent proxy means that the proxy is not explicitly used by the browsers, in other words the browsers do not need to be setup in order to go through the proxy.

 

The HTTP traffic goes through the proxy because it is seen as the next-hop by a router of the network infrastructure. This router, which is often the default router, is setup with a routing policy which forwards any TCP packet whose port number is 80 to the transparent proxy.

 

Implementing next-hop with a Cisco router

 

Such a routing policy can be setup on a Cisco router. In the following commands, we assume that the ACL is named alpha and the policy is named bravo. In addition we also assume that the transparent proxy IP address is 192.168.2.34

 

1- enable

 

2- configure terminal

 

3- ip access-list extended alpha

 

This command create a new access list also called an ACL in the Cisco jargon. "alpha" is the name given to this ACL (Any other name would be ok) as long as it complies with the name syntax of the cisco command.

 

***Any further commands will refer to this ACL***

 

4- permit tcp any host any eq www

 

This command describes the conditions the ACL must match in order to be used. any connection from any source IP to any hosts or IP and to the port 80

 

5- route-map bravo permit 10

 

This command create a policy whose name is "bravo" In this example, 10 is a policy number. The policy are used regarding this number.

 

6- match ip address alpha

 

This command adds the ACL alpha .

 

7- set ip next-hop 192.168.2.34

 

This command indicates that the next router used when the packet mathes one of the ACLs of "bravo" is 192.168.2.343

 

8- exit

 

9- interface 0/1

 

10- ip policy route-map bravo

 

This command applies the policy "bravo"

 

Implementing next-hop with ipfw

 

Ipfw is a firewall running under FreeBSD. By using a single rule, the traffic can be routed to the transparent proxy.

 

ipfw add 200 fwd 192.168.2.34 tcp from 192.168.0.0/24 to any 80 out xmit fxp0

 

 

Implementing next-hop with IP-Table

 

The routing policy can be set up by using IP-table rules on a linux.

 

iptables -t nat -A PREROUTING -p tcp -i $LAN -d $EXTIP --dport 80 -j DNAT --to 192.168.0.1:80 iptables -A FORWARD -p tcp -i $EXTIF -d 10.2.0.1 --dport 80 -j ACCEPT

Integration with optimization cloud