思科接口和模块 : 思科内容交换模块

使用内容交换模块的透明缓存的配置示例

2016 年 10 月 24 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 8 月 22 日) | 反馈


目录


简介

本文为透明缓存提供一个配置示例,使用Cisco Cache引擎和内容交换模块(CSM)。透明缓存是用于透明地拦截来自Web浏览器的流量并重定向它到缓存设备以获取以前缓存的内容的技术。

要执行透明缓存的另一个方法是Web缓存通讯协议(WCCP)。在WCCP上的透明缓存的优点是CSM查看来自客户端的URL请求,并且决定流量是否应该发送到缓存。静态文件的请求例如gif或jpeg镜像是从缓存获取的,而动态页(脚本的结果)直接地从服务器获取,无需去到缓存。

开始使用前

要求

本文档没有任何特定的要求。

使用的组件

本文档中的信息基于下列硬件和软件版本:

  • CSM版本3.x

  • 应用程序内容网络软件(ACNS)版本5.1

规则

有关文档规则的详细信息,请参阅 Cisco 技术提示规则

配置

本部分提供有关如何配置本文档所述功能的信息。

网络图

本文档使用下图所示的网络设置。

/image/gif/paws/50381/csm_transparent_caching.jpg

配置

本文档使用以下配置:


module ContentSwitchingModule 4 
 vlan 501 server
  ip address 192.168.30.97 255.255.254.0
!
 vlan 499 client
  ip address 192.168.10.97 255.255.254.0
  gateway 192.168.10.1
!
 vlan 500 server
  ip address 192.168.20.97 255.255.254.0
!
 serverfarm CACHES
  no nat server 


!--- This is a transparent redirect; do not change the destination IP address.

  
no nat client
  predictor hash url


!--- Use URL hashing to make sure the request for a specific URL always goes to the same server.

  
real 192.168.30.200
   inservice
  real 192.168.30.201
   inservice
!
 
serverfarm FORWARD
  no nat server 
  no nat client
  predictor forward


!--- This serverfarm tells the CSM not to load balance.
!--- The CSM instead uses its routing table to forward the traffic.

!

map CACHEABLE url


!--- In this example, you want to only redirect requests for certain  file types.
!--- This is not mandatory.
!--- You can also adjust this to something more realistic.

  
match protocol http url *.html
  match protocol http url *.gif
  match protocol http url *.jpg
  match protocol http url *.exe
  match protocol http url *.zip
!   
 
policy CACHEABLE


!--- The policy is the way to link the map with a serverfarm.

  
url-map CACHEABLE
  serverfarm CACHES
!
 
vserver FROMCACHE


!--- This rule is for traffic originating from the caches (when they have 
!--- to retrieve content from the origin server).

  
virtual 0.0.0.0 0.0.0.0 any
  vlan 501


!--- The VLAN command guarantees that you limit this vserver to the cache VLAN.

  
serverfarm FORWARD


!--- Use the serverfarm FORWARD command to disable load balancing for this traffic.
!--- In this example, you need forward requests from the caches to the origin server.
!--- You could, however, load balance this traffic to a series of Web servers, that is,
!--- when doing reverse proxy caching.

  
persistent rebalance
  inservice
!
 
vserver INTERCEPT


!---- This is the rule to transparently redirect requests from the client to the caches.

  
virtual 0.0.0.0 0.0.0.0 tcp www
  vlan 499
  serverfarm FORWARD


!--- The default action is forward; no load balancing.
!--- This is for requests that do not match the policy.

  
persistent rebalance
  slb-policy CACHEABLE


!--- Traffic matching the policy is load balanced to the caches.

  
inservice
!
 
vserver NONHTTP


!--- Non-HTTP traffic from the clients is forwarded.

  
virtual 0.0.0.0 0.0.0.0 any
  vlan 499
  serverfarm FORWARD
  persistent rebalance
  inservice
!

验证

本部分所提供的信息可用于确认您的配置是否正常工作。

  • show mod csm X vserver name name detail

  • show mod csm X conns detail

EOMER#show mod csm 4 vser name intercept det
INTERCEPT, type = SLB, state = OPERATIONAL, v_index = 22
  virtual = 0.0.0.0/0:80 bidir, TCP, service = NONE, advertise = FALSE
  idle = 3600, replicate csrp = none, vlan = 499, pending = 30, layer 4
  max parse len = 2000, persist rebalance = TRUE
  ssl sticky offset = 0, length = 32
  conns = 0, total conns = 3
  Default policy:
    server farm = FORWARD, backup = <not assigned>
    sticky: timer = 0, subnet = 0.0.0.0, group id = 0
  Policy          Tot matches  Client pkts  Server pkts
  -----------------------------------------------------
  CACHEABLE       2            410          926          
  (default)       5            20           17          

验证流量是匹配策略(流量重定向到缓存),还是流量被转发(匹配默认的策略)。

EOMER#show mod csm 4 conn det

    prot vlan source                destination           state       
----------------------------------------------------------------------
In  ICMP 499  192.168.11.41         192.168.21.4          ESTAB       
Out ICMP 500  192.168.21.4          192.168.11.41         ESTAB       
    vs = NONHTTP, ftp = No, csrp = False

In  ICMP 501  192.168.10.107        10.48.66.102          ESTAB       
Out ICMP 499  10.48.66.102          192.168.10.107        ESTAB       
    vs = FROMCACHE, ftp = No, csrp = False

In  TCP  499  192.168.11.41:4402    192.168.21.4:80       REQ_WAIT    
Out TCP  501  192.168.21.4:80       192.168.11.41:4402    REQ_WAIT    
    vs = INTERCEPT, ftp = No, csrp = False

In  TCP  501  192.168.11.41:32784   192.168.21.4:80       ESTAB       
Out TCP  500  192.168.21.4:80       192.168.11.41:32784   ESTAB       
    vs = FROMCACHE, ftp = No, csrp = False

缓存为IP伪装配置。您在以上输出可以看到,一条从客户端192.168.11.41到服务器192.168.21.4 499在VLAN 499上的连接,一条相似的连接能VLAN 501上看到。第一个是从客户端重定向到缓存的真正的连接(出口VLAN是501),并第二个是从缓存(伪装客户端IP地址)到源服务器的连接。

故障排除

本部分提供的信息可用于对配置进行故障排除。


相关信息


Document ID: 50381