CSS110501 -> CE590 (ACNS 5.1), reverse proxy config issue

ebeekman · ‎08-01-2005

Guys,

I'm trying to get the following to work:

Client on internet (no explicit proxy config) is connecting to a webserver. The VIP resides on the CSS which has a reverse proxy config pointing to the CE590.

--------

|Client|

--------

|

-------- ---------

| CSS |----------| CE590 |

-------- ---------

|

--------

| Web |

--------

I used the config from the Cisco web, but I can't get it to work.

I can connect to the webserver, but it looks like the CE590 is not acting as a proxy, at least not completely.

Because it looks like it 'hangs' on collecting the graphics.

This is my config on the CSS:

service bktpce1

protocol tcp

port 80

no cache-bypass

ip address 192.168.0.2

type transparent-cache

active

eql cacheable

description "This EQL contains extensions of cacheable content"

extension pdf "Acrobat"

extension fdf "Acrobat Forms Document"

extension au "Sound audio/basic"

extension bmp "Bitmap Image"

extension z "Compressed data application/x-compress"

extension gif "GIF Image image/gif"

extension html "Hypertext Markup Language text/html"

extension htm

extension js "Java script application/x-javascript"

extension mocha

extension jpeg "JPEG image image/jpeg"

extension jpg

extension jpe

extension jfif

extension pjpeg

extension pjp

extension mp2 "MPEG Audio audio/x-mpeg"

extension mpa

extension abs

extension mpeg "MPEG Video video/mpeg"

extension mpg

extension mpe

extension mpv

extension vbs

extension m1v

extension pcx "PCX Image"

extension txt "Plain text text/plain"

extension text

extension mov "QuickTime video/quicktime"

extension tiff "TIFF Image image/tiff"

extension tar "Unix Tape Archive application/x-tar"

extension avi "Video for Windows video/x-msvideo"

extension wav "Wave File audio/x-wav"

extension gz "application/x-gzip"

extension zip "ZIP file application/x-zip-compressed"

content p_cm_vip-prod-appl-www

protocol tcp

port 80

vip address 123.13.112.56

add service x-appl-server1

active

content p_nc_vip-prod-appl-www

sticky-inact-timeout 15

add service x-appl-server1

port 80

url "/*"

protocol tcp

vip address 123.13.112.55

active

content p_rp-vip-http-web

protocol tcp

port 80

url "/*" eql cacheable

add service bktpce1

vip address 123.13.112.55

active

This is the config on the CE590:

! ACNS version 5.1.15

!

http proxy outgoing host 123.13.112.56 80 primary

http l4-switch enable

interface FastEthernet 0/0

ip address 192.168.0.2 255.255.255.248

no autosense

bandwidth 100

full-duplex

no cdp enable

exit

ip default-gateway 192.168.0.1

no bypass load enable

rule action use-proxy 123.13.112.56 80 pattern-list 1 protocol all

Do I need to configure something else?

Regards,

Edwin

Gilles Dufour · ‎08-01-2005

Edwin,

if you do a 'sho summary' on the css, do you see traffic hitting the rule p_cm_vip-prod-appl-www ?

Is the server receiving the traffic from the cache ?

At first glance, I would say everything is ok, but we would need sniffer trace and some info to known where is the traffic from the cache going.

Is the cache spoofing client ip ?

Can the server ping the cache ?

Thanks,

Gilles.

ebeekman · ‎08-02-2005

I can see traffic hitting the VIPs:

p_cm_vip-prod-ap Active x-appl-server1 5827

p_nc_vip-prod-ap Active x-appl-server1 1574

p_rp-vip-http-we Active bktpce1 1149

When I look in the apache error logs there are no entries.

When I look in the appache access logs I only see the following entries from my client host:

82.4.195.39 - - [02/Aug/2005:10:24:37 +0200] "GET / HTTP/1.1" 200 5296 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"

82.4.195.39 - - [02/Aug/2005:10:24:37 +0200] "GET /outerframe.php?language=NL&strSiteCountry=NL&BRCHERKOMST=BRC HTTP/1.1" 200 3624 "http://preprod.daarginds.nl/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"

82.4.195.39 - - [02/Aug/2005:10:24:37 +0200] "GET /main.php?language=NL&strSiteCountry=NL&BRCHERKOMST=BRC HTTP/1.1" 200 36569 "http://preprod.daarginds.nl/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"

82.4.195.39 - - [02/Aug/2005:10:24:37 +0200] "GET /js/dropdown_initialize.js.php?language=NL&strSiteCountry=NL&BRCHERKOMST=BRC HTTP/1.1" 200 228 "http://preprod.daarginds.nl/main.php?language=NL&strSiteCountry=NL&BRCHERKOMST=BRC" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"

82.4.195.39 - - [02/Aug/2005:10:24:37 +0200] "GET /js/dropdownC.js.php?language=NL&strSiteCountry=NL&BRCHERKOMST=BRC HTTP/1.1" 200 15928 "http://preprod.daarginds.nl/main.php?language=NL&strSiteCountry=NL&BRCHERKOMST=BRC" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"

82.4.195.39 - - [02/Aug/2005:10:24:37 +0200] "GET /css/daarginds.css HTTP/1.1" 304 - "http://preprod.daarginds.nl/main.php?language=NL&strSiteCountry=NL&BRCHERKOMST=BRC" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"

When I do a tcpdump on destination port 80 on the server, I see the following:

preprod.daarginds.nl.http: . ack 52149 win 64860 (DF)

10:34:05.957776 82.4.195.39.6242 > preprod.daarginds.nl.http: . ack 10204 win 64860 (DF)

10:34:06.058767 82.4.195.39.6242 > preprod.daarginds.nl.http: P 1403:1905(502) ack 10204 win 64860 (DF)

10:34:06.058777 82.4.195.39.6243 > preprod.daarginds.nl.http: R 1064:1064(0) ack 53295 win 0 (DF)

10:34:06.070434 82.4.195.39.6242 > preprod.daarginds.nl.http: R 1905:1905(0) ack 10372 win 0 (DF)

10:34:27.020617 192.168.0.2.55444 > preprod.daarginds.nl.http: S 1662943048:1662943048(0) win 5840 (DF)

10:34:27.020866 192.168.0.2.55444 > preprod.daarginds.nl.http: . ack 155787170 win 5840 (DF)

10:34:27.020889 192.168.0.2.55444 > preprod.daarginds.nl.http: F 0:0(0) ack 1 win 5840 (DF)

10:34:27.021240 192.168.0.2.55444 > preprod.daarginds.nl.http: . ack 2 win 5840 (DF)

So the CE is hitting the webserver (although not shown in the apache log files).

But the 192.168.0.2 you see with the tcpdump is listed every 60 sec, and this is the is-a-live test of the CE.....

You don't see an entry in tcpdump or in the apache log files when hitting the server with a browser.

Edwin