北电Alteon应用层交换机技术手册_Proxy IP_图文

Technical Tip
TT-0506401a -- Informational -- 22-Jun-2005

Proxy IP for the Nortel Application Switch OS version 22.x and later
Contents
Associated Products: ......................................................................................................................................................1 Previous Proxy IP Functionality ......................................................................................................................................1 Current Proxy IP Functionality ........................................................................................................................................2 Limitation of Proxy IP ......................................................................................................................................................2 Configuring Proxy IP using the CLI (Command Line Interface) .....................................................................................2 Port and VLAN based Proxy IP addresses ................................................................................................................2 Filter Based Proxy IP Addresses................................................................................................................................6 Enabling Proxy IP on a Port .......................................................................................................................................8 Egress PIP for a Virtual Service .................................................................................................................................9 Configuring Proxy IP using the BBI (Browser-Based Interface) ...................................................................................10 Understanding Proxy IP in the /cfg/dump Output .........................................................................................................19 Sample Configuration Containing Proxy IP ..................................................................................................................20

Introduction:
The purpose of this document is to detail the updated functionality of proxy IP addressing on the Nortel Application Switch. Beginning with the Nortel Application Switch operating system version 22.0, proxy IP functionality has been altered to better suit the needs of the network administrator.

Associated Products:
The information in this document is intended to be used with the following product(s) with the indicated software or hardware revisions:
Product Name or Order Number Nortel Application switches: 2208, 2216, 2224, 2424, 3408 Revision Information Potentially Affected Corrected 22.x and above N/A

Previous Proxy IP Functionality
In the Nortel Web Switch and in the Nortel Application Switches running software prior to release 22.0, proxy IP addresses were assigned to SPs (Switch Processors) instead of physical ports or VLANs. Because proxy processing occurred after VMA (virtual matrix architecture) processing, there was no way to determine which SP a packet would be VMA’d to, and hence which proxy IP would be used. Proxy IP addresses had to be assigned to every SP due to this functionality. The only way to avoid assigning a proxy IP address to every SP was to disable VMA, which is not recommended as doing so will decrease the performance of the switch. Packets would use the proxy IP address of whichever port it was VMA’d to, which could be that of the ingress port, the egress port, or neither. There was no way to accurately predict which proxy IP address would be used. A further limitation to this proxy service was that the number of proxy IP addresses was limited to the number of SPs on the switch. The AD3/AD4/180e/184 Web Switches have eight SPs, while the Application Switches (2000 and 3000 series) have only four SPs.

?2005 Nortel Networks Limited. All Rights Reserved

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

Current Proxy IP Functionality
Beginning with the Nortel Application Switch operating system version 22.0, proxy IP processing is not affected by VMA. Proxy IP addresses are assigned to either physical ports or VLANs instead of SPs. If proxy is set to a type of ‘port’, then each proxy IP address is associated with a specific port. If proxy is set to a type of ‘vlan’, then each proxy IP address is associated with a specific VLAN. Also new is the fact that the proxy feature can be configured to use either the packet’s ingress port or VLAN proxy IP address or the proxy IP address of the egress port or VLAN. A maximum of 32 proxy IP addresses can be configured on the switch. This means that you can configure up to 32 port-based proxy IP addresses, 32 VLAN-based proxy IP addresses, or a combination of both types totaling 32 proxy IP addresses.

Limitation of Proxy IP
Although the use of proxy IP addresses can have many advantages for a network, there is at least one possible limitation to either type of proxy IP functionality. When client requests directed to a virtual server are forwarded on to a real server, the client’s source IP address is changed to the configured proxy IP address. This applies to all clients that ingress and egress the same ports or VLANs. The limitation to this is that the real servers have no way of identifying various clients via their source IP address because all sessions appear to the real server as though they were sourced by the application switch. This limitation leads to another new feature called X-Forwarded-For. The X-Forwarded-For makes it possible to use proxy IP addresses and overcome this limitation, allowing the client’s identity to be maintained by the real server. Please refer to the Configuring the X-Forwarded-For feature to maintain client identity Technical Tip for more information on this feature.

Configuring Proxy IP using the CLI (Command Line Interface)
Port and VLAN based Proxy IP addresses
In order for proxy IP services to be used, server load balancing must first be turned on. This can be done via the /cfg/slb command as such:

>> main# /cfg/slb on

Proxy IP services has its own configuration menu. Not all of the required proxy IP configuration is done in this menu, but here is where the proxy IP addresses are configured along with the type of proxy IP address they will be. The proxy IP address menu is located at /cfg/slb/pip.

>> Proxy IP Address# pwd /cfg/slb/pip

?2005 Nortel Networks Limited. All Rights Reserved

Page: 2 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

Using the ‘single dot’ command displays the available menu options. They are shown below and are self-explanatory. Each of these menu options are used in the following configuration examples:

>> Proxy IP Address# . -----------------------------------------------------------[Proxy IP Address Menu] type - Set base type of Proxy IP address add - Add port or VLAN to Proxy IP address rem - Remove port or VLAN from Proxy IP address cur - Display current Proxy IP address configuration First look at the default configuration. The cur command shows that by default, the active PIP type is port. The type vlan is inactive. This means that any proxy IP addresses configured right now would be associated with a physical port on the switch. You can configure a number of proxy IP addresses equal or less than the number of physical ports on the switch. It is not required to assign a proxy IP address to every physical port.

>> Proxy IP Address# cur Current Proxy IP address settings: Active PIP type: port Inactive PIP type: vlan Now consider adding a proxy IP address to ports 1, 2, 3, and 4. A proxy IP address can be assigned to one or more physical ports. When the address is assigned to multiple ports, the ports do not have to be contiguous. The CLI displays an example of how to assign an address to multiple ports, both contiguous and non-contiguous.

To add a proxy IP address, use the add command. The user is prompted to enter the proxy IP address to be assigned to the port(s). Next, the user is prompted to designate the port(s) onto which the proxy IP address will be assigned. In this example below, the proxy IP address 10.10.10.10 is assigned to physical ports 1, 2, 3, and 4 using the designation 1-4.

>> Proxy IP Address# add Enter Proxy IP address: 10.10.10.10 Enter port <1 to 28> or block <first-last>: e.g. 1 2 3-10 1-4 New pending: 1: 10.10.10.10 port 1-4 The process to assign a proxy IP address to one or more physical ports can be shortened by following the add command with the proxy IP address to be assigned. Below, the command add 10.10.10.20 is used and then a prompt appears for the designated port(s) onto which the proxy IP address will be assigned. Using the command 58, ports 5, 6, 7, and 8 are designated for this proxy IP address.

>> Proxy IP Address# add 10.10.10.20 Enter port <1 to 28> or block <first-last>: e.g. 1 2 3-10 5-8 New pending: 2: 10.10.10.20 port 5-8

?2005 Nortel Networks Limited. All Rights Reserved

Page: 3 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

The process to assign a proxy IP address can be further shortened by following the add command with the proxy IP address to be assigned, and the port(s) to be designated to this proxy IP address. The following example shows the continuation of configuring proxy IP addresses to physical ports in groups of four ports per IP address. Starting with the first address below, the proxy IP address 20.20.20.10 is assigned to physical ports 9, 10, 11, and 12 in a single command: add 20.20.20.10 9-12. After adding the rest of the proxy IP addresses in the same manner, it is necessary to apply and save the changes. The apply command activates the changes, and the save command allows the changes to survive a reboot.

>> Proxy IP Address# add 20.20.20.10 9-12 New pending: 3: 20.20.20.10 port 9-12 >> Proxy IP Address# add 20.20.20.20 13-16 New pending: 4: 20.20.20.20 port 13-16 >> Proxy IP Address# add 30.30.30.10 17-20 New pending: 5: 30.30.30.10 port 17-20 >> Proxy IP Address# add 30.30.30.20 21-24 New pending: 6: 30.30.30.20 port 21-24 >> Proxy IP Address# add 40.40.40.10 25-28 New pending: 7: 40.40.40.10 port 25-28 >> Proxy IP Address# apply/save The new proxy IP addresses and their respective physical port(s) can be displayed using the cur command.

>> Proxy IP Address# cur Current Proxy IP address settings: Active PIP type: port 1: 10.10.10.10 port 1-4 2: 10.10.10.20 port 5-8 3: 20.20.20.10 port 9-12 4: 20.20.20.20 port 13-16 5: 30.30.30.10 port 17-20 6: 30.30.30.20 port 21-24 7: 40.40.40.10 port 25-28 Inactive PIP type: vlan Now that proxy IP addresses have been created and associated with the ports, change the proxy IP functionality to use VLANs instead of physical ports. The switch will only support one type of proxy IP address at a time, so once the type is changed to vlan, the previously created port-based proxy IP addresses will no longer be used. Use the type command to change the proxy IP type from port to vlan. This can be done in a single command as shown below. If you were to simply enter the command type, the user would be prompted for which type they would like to use. The only options are port and vlan. Don’t forget to apply and save your changes.

>> Proxy IP Address# type vlan >> Proxy IP Address# apply/save

?2005 Nortel Networks Limited. All Rights Reserved

Page: 4 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

Before creating any proxy IP addresses for the VLANs, take a look at the current configuration now that the proxy IP type has been changed from port to vlan. Notice below that the previously configured proxy IP addresses still exist in the configuration, but they are inactive. This is because the active PIP type is now vlan. Now configure some proxy IP addresses to be associated with the switch’s VLANs.

>> Proxy IP Address# cur Current Proxy IP address settings: Active PIP type: vlan Inactive PIP type: port 1: 10.10.10.10 port 1-4 2: 10.10.10.20 port 5-8 3: 20.20.20.10 port 9-12 4: 20.20.20.20 port 13-16 5: 30.30.30.10 port 17-20 6: 30.30.30.20 port 21-24 7: 40.40.40.10 port 25-28

Start by adding a proxy IP address to VLAN 1. A proxy IP address can be assigned to one or more VLANs. When the address is assigned to multiple VLANs, the VLANs do not have to be contiguous. The CLI displays an example of how to assign an address to VLANs, both contiguous and non-contiguous. To add a proxy IP address, use the add command. The user is prompted to enter the proxy IP address to be assigned to the VLAN(s). Next, the user is prompted to designate the VLAN(s) onto which the proxy IP address will be assigned. In the following example, the proxy IP address 10.10.10.10 is assigned to VLAN 1 using the designation 1.

>> Proxy IP Address# add Enter Proxy IP address: 10.10.10.10 Enter VLAN <1 to 4090> or block <first-last>: e.g. 1 2 3-10 1 New Pending: 1: 10.10.10.10 vlan 1 The process to assign a proxy IP address to one or more VLANs can be shortened by following the add command with the proxy IP address to be assigned. Below, the command add 20.20.20.10 is used and then the prompt appears for the designated VLAN(s) onto which the proxy IP address will be assigned. Using the command 2, VLAN 2 is designated for this proxy IP address.

>> Proxy IP Address# add 20.20.20.10 Enter VLAN <1 to 4090> or block <first-last>: e.g. 1 2 3-10 2 New Pending: 3: 20.20.20.10 vlan 2

?2005 Nortel Networks Limited. All Rights Reserved

Page: 5 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

The process to assign a proxy IP address can be further shortened by following the add command with the proxy IP address to be assigned, and the VLAN(s) to be designated to this proxy IP address. Below shows the continuation of configuring proxy IP addresses to VLANs. Starting with the first address below, the proxy IP address 30.30.30.10 is assigned to VLAN 3 in a single command: add 30.30.30.10 3. After adding the last of the proxy IP addresses in the same manner, it is necessary to apply and save the changes. The apply command activates the changes, and the save command allows the changes to survive a reboot.

>> Proxy IP Address# add 30.30.30.10 3 New Pending: 5: 30.30.30.10 vlan 3 >> Proxy IP Address# add 40.40.40.10 4 New Pending: 7: 40.40.40.10 vlan 4 >> Proxy IP Address# apply/save Take another look at the current configuration now that the proxy IP type has been changed from port to vlan and some proxy IP addresses have been added. Notice below that the previously configured proxy IP addresses still exist in the configuration, but they are inactive. This is because the active PIP type is now vlan. Only the active PIP type will be used by the switch during runtime.

>> Proxy IP Address# cur Current Proxy IP address settings: Active PIP type: vlan 1: 10.10.10.10 vlan 1 3: 20.20.20.10 vlan 2 5: 30.30.30.10 vlan 3 7: 40.40.40.10 vlan 4 Inactive PIP type: port 1: 10.10.10.10 port 1-4 2: 10.10.10.20 port 5-8 3: 20.20.20.10 port 9-12 4: 20.20.20.20 port 13-16 5: 30.30.30.10 port 17-20 6: 30.30.30.20 port 21-24 7: 40.40.40.10 port 25-28

Filter Based Proxy IP Addresses
A separate proxy IP address can be configured for use with specific filters. This is configured in the filter’s advanced menu /cfg/slb/filt <filter_number>/adv.

>> Filter 10 Advanced# pwd /cfg/slb/filt/adv

?2005 Nortel Networks Limited. All Rights Reserved

Page: 6 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

The first step is to enable proxy IP on the filter. As shown below, this can be done using the proxy command. The user is prompted to either enable or disable proxy for this filter. The e command is used in this example to enable proxy. This could also have been accomplished in a single command such as proxy e.

>> Filter 10 Advanced# proxy Current client proxy: enabled Enter new client proxy [d/e]: e The proxyip command allows the user to specify a proxy IP address to be used on a packet matching this filter. The user may enter either an IP address or “any”. The switch uses the configured proxy IP address to replace the client's IP address. If the user does not configure the proxy IP address in the filter, the switch uses the proxy IP address configured under /cfg/slb/pip command.

>> Filter 10 Advanced# proxyip Current proxy IP address: any Enter new proxy IP address or any: 10.10.10.50 Another parameter that affects how proxy IP is handled by the filter is the epip command. This command only applies when the proxyip parameter of the filter is set to any. It enables or disables proxy IP selection based on egress port or VLAN. By default, the SP selects the proxy IP address based on ingress port or VLAN. By enabling the epip command, you can configure the SP to select proxy IP address based on the egress port or VLAN. Don’t forget to apply and save your changes.

>> Filter 10 Advanced# epip Current egress pip: disabled Enter new egress pip [d/e]: e >> Filter 10 Advanced# apply/save

?2005 Nortel Networks Limited. All Rights Reserved

Page: 7 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

Now move up one directory and execute the cur command to look at the current configuration of the filter, including the latest changes. Highlighted below are the three proxy IP attributes:

>> Filter 10 Advanced# ../cur Current filter 10: enabled, name HTTP Redir invert disabled sip any, dip any proto tcp, sport any, dport http vlan any action redir, group 2, rport 0 log disabled, cache enabled proxy enabled, proxy IP address 10.10.10.50, epip enabled, fwlb disabled linklb disabled, dbind disabled, pbind disabled option disabled, tos 0 0 0 length any tcp no flags enabled ack_or_reset disabled l7lkup disabled, ftpa disabled, radius snoop disabled radius/wap persistence disabled parseall enabled idshash dip, idsgrp none thash auto BW Contract 256 BW Contract for reverse traffic 256 pmatch disabled, matchall disabled ratelim disabled, maxconn 100 timewin 1, holddur 2

Enabling Proxy IP on a Port
In order for proxy IP to be used, it must first be enabled on the switch port or ports. This is enabled as follows:

>> Main# cfg/slb/port 1/proxy ena Current using proxy IP address: disabled New using proxy IP address: enabled Be sure to enable proxy on the rest of the ports you would like to use proxy IP on. Also, don’t forget to apply and save your changes.

?2005 Nortel Networks Limited. All Rights Reserved

Page: 8 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

Egress PIP for a Virtual Service
The switch administrator can choose whether a client packet uses the ingress proxy IP address or the egress proxy IP address when accessing a virtual service. This is determined by the epip parameter of the virtual server’s service. It can be accessed in the /cfg/slb/virt/service menu.

>> Virtual Server 1 http Service# pwd /cfg/slb/virt/service The epip attribute is disabled by default, which means client traffic accessing the virtual service will use the proxy IP address of the ingress port or VLAN, depending on the type of proxy IP addresses being used on the switch. When epip is enabled, client traffic accessing the virtual service will use the proxy IP address of the egress port or VLAN:

>> Virtual Server 1 http Service# epip Current epip: disabled Enter new epip [d/e]: e

?2005 Nortel Networks Limited. All Rights Reserved

Page: 9 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

Configuring Proxy IP using the BBI (Browser-Based Interface)
Configuring proxy IP using the browser-based interface is very similar to the process using the command line interface. 1. Start by establishing an HTTP session to the application switch. 2. Click CONFIGURE at the top of the screen. 3. Click on the folder next to Alteon Application Switch on the left pane. 4. Click on the folder next to L4 Switching. 5. Click on the icon next to PIP Configuration. 6. Use the drop-down menu to select the proxy type: VLAN or Port 7. Click Add to create a proxy IP.

?2005 Nortel Networks Limited. All Rights Reserved

Page: 10 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

8. Enter the Proxy IP Address. 9. Enter the Port(s) or VLAN(s) that will use this proxy IP address. 10. Click Add. 11. Don’t forget to apply and save your changes using the links at the top of the page.

?2005 Nortel Networks Limited. All Rights Reserved

Page: 11 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

Enabling proxy processing on a port is accomplished as follows: 1. Click CONFIGURE at the top of the screen. 2. Click on the folder next to Alteon Application Switch on the left pane. 3. Click on the folder next to L4 Switching. 4. Click on the icon next to Switch Ports. The status of proxy processing is displayed. 5. Click on the switch port number.

?2005 Nortel Networks Limited. All Rights Reserved

Page: 12 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

6. Use the Enable/Disable Proxy IP Addressing drop-down menu to enable or disable proxy IP processing on the port. 7. Click Submit. 8. Don’t forget to apply and save your changes using the links at the top of the page.

?2005 Nortel Networks Limited. All Rights Reserved

Page: 13 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

As mentioned in the CLI section, it is possible to enable or disable proxy IP processing on filters. A filter can have its own proxy IP address or the filter can be configured to use the ingress or egress proxy IP of either the port or VLAN that the packet is associated with. 1. Click CONFIGURE at the top of the screen. 2. Click on the folder next to Alteon Application Switch on the left pane. 3. Click on the folder next to L4 Switching. 4. Click on the icon next to Filters. 5. Click on the filter’s number.

?2005 Nortel Networks Limited. All Rights Reserved

Page: 14 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

6. Use the Proxy for client? drop-down menu to disable filter proxy (enabled by default). 7. Enter the proxy IP address for the filter, if one is used. 8. Use the drop-down menu to specify whether the egress port or VLAN proxy IP address should be used. By default the ingress IP is used. This attribute does not apply when the filter is configured with its own proxy IP address. 9. Scroll to the bottom of the screen and click Submit. 10. Don’t forget to apply and save your changes using the links at the top of the page.

?2005 Nortel Networks Limited. All Rights Reserved

Page: 15 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

When proxy IP is used, the use of the ingress or egress port/VLAN proxy IP is configurable. By default, when proxy is used, the proxy IP of the ingress port or VLAN is used. This can be changed to use the egress port or VLAN on a per-virtual service basis. 1. Click CONFIGURE at the top of the screen. 2. Click on the folder next to Alteon Application Switch on the left pane. 3. Click on the folder next to L4 Switching. 4. Click on the icon next to Virtual Servers. 5. Click on the virtual server’s ID number.

?2005 Nortel Networks Limited. All Rights Reserved

Page: 16 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

6. Click on the virtual server’s virtual service ID number.

?2005 Nortel Networks Limited. All Rights Reserved

Page: 17 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

7. Scroll to the bottom of the screen. 8. Use the Egress Proxy drop-down menu to determine whether clients of this service use the ingress or egress proxy IP address. By default, they will use the ingress proxy IP. By enabling this parameter, the egress proxy IP address will be used. 9. Click Submit. 10. Don’t forget to apply and save your changes using the links at the top of the page.

?2005 Nortel Networks Limited. All Rights Reserved

Page: 18 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

Understanding Proxy IP in the /cfg/dump Output
When viewing the proxy IP portion of the switch’s configuration, you may wonder which type of proxy is active. The active type will always show up underneath the inactive type. For example, if the proxy IP type is set to port, then the proxy IP section of the configuration file will appear as follows: /c/slb/pip/type vlan /c/slb/pip/add 10.10.10.10 /c/slb/pip/add 20.20.20.10 /c/slb/pip/add 30.30.30.10 /c/slb/pip/add 40.40.40.10 /c/slb/pip/type port /c/slb/pip/add 10.10.10.10 /c/slb/pip/add 10.10.10.20 /c/slb/pip/add 20.20.20.10 /c/slb/pip/add 20.20.20.20 /c/slb/pip/add 30.30.30.10 /c/slb/pip/add 30.30.30.20 /c/slb/pip/add 40.40.40.10

1 2 3 4 1-4 5-8 9-12 13-16 17-20 21-24 25-28

If the proxy IP type is then changed to vlan, the proxy IP section of the configuration file will appear as follows:

/c/slb/pip/type port /c/slb/pip/add 10.10.10.10 /c/slb/pip/add 10.10.10.20 /c/slb/pip/add 20.20.20.10 /c/slb/pip/add 20.20.20.20 /c/slb/pip/add 30.30.30.10 /c/slb/pip/add 30.30.30.20 /c/slb/pip/add 40.40.40.10 /c/slb/pip/type vlan /c/slb/pip/add 10.10.10.10 /c/slb/pip/add 20.20.20.10 /c/slb/pip/add 30.30.30.10 /c/slb/pip/add 40.40.40.10

1-4 5-8 9-12 13-16 17-20 21-24 25-28 1 2 3 4

It is important to remember that although the configuration of the inactive proxy IP type is still in the configuration, it is not used. When the configuration is applied to the switch, the second type overwrites the first type, thereby making it the active proxy IP type.

?2005 Nortel Networks Limited. All Rights Reserved

Page: 19 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

Sample Configuration Containing Proxy IP
script start "Alteon Application Switch 2424" 4 /**** DO NOT EDIT THIS LINE! /* Configuration dump taken 12:53:27 Wed Apr 13, 2005 /* Configuration last applied at 12:52:51 Wed Apr 13, 2005 /* Configuration last save at 12:52:57 Wed Apr 13, 2005 /* Version 22.0.2, Base MAC address 00:11:58:fc:84:00 /c/port 9 pvid 2 /c/port 10 pvid 2 /c/port 11 pvid 2 /c/port 12 pvid 2 /c/port 13 pvid 2 /c/port 14 pvid 2 /c/port 15 pvid 2 /c/port 16 pvid 2 /c/port 17 pvid 3 /c/port 18 pvid 3 /c/port 19 pvid 3 /c/port 20 pvid 3 /c/port 21 pvid 3 /c/port 22 pvid 3 /c/port 23 pvid 3 /c/port 24 pvid 3 /c/port 25 pvid 4 /c/port 26 pvid 4 /c/port 27 pvid 4 /c/port 28 pvid 4 /c/l2/vlan 1 name "VLAN 1" learn ena def 1 2 3 4 5 6 7 8 /c/l2/vlan 2 ena name "VLAN 2" learn ena def 9 10 11 12 13 14 15 16 /c/l2/vlan 3 ena name "VLAN 3" learn ena def 17 18 19 20 21 22 23 24
?2005 Nortel Networks Limited. All Rights Reserved Page: 20 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

/c/l2/vlan 4 ena name "VLAN 4" learn ena def 25 26 27 28 /c/l2/stg 1/clear /c/l2/stg 1/add 1 2 3 4 /c/l3/if 1 ena addr 10.10.10.1 mask 255.255.255.0 broad 10.10.10.255 /c/l3/if 2 ena addr 20.20.20.1 mask 255.255.255.0 broad 20.20.20.255 vlan 2 /c/l3/if 3 ena addr 30.30.30.1 mask 255.255.255.0 broad 30.30.30.255 vlan 3 /c/l3/if 4 ena addr 40.40.40.1 mask 255.255.255.0 broad 40.40.40.255 vlan 4 /c/slb on /c/slb/real 1 ena rip 20.20.20.99 /c/slb/real 2 ena rip 20.20.20.98 name "Cache Server" /c/slb/group 1 health icmp add 1 /c/slb/group 2 health icmp add 2 /c/slb/pip/type port /c/slb/pip/add 10.10.10.10 /c/slb/pip/add 10.10.10.20 /c/slb/pip/add 20.20.20.10 /c/slb/pip/add 20.20.20.20 /c/slb/pip/add 30.30.30.10 /c/slb/pip/add 30.30.30.20 /c/slb/pip/add 40.40.40.10 /c/slb/pip/type vlan /c/slb/pip/add 10.10.10.10 /c/slb/pip/add 20.20.20.10 /c/slb/pip/add 30.30.30.10 /c/slb/pip/add 40.40.40.10 /c/slb/port 1 proxy ena /c/slb/virt 1

1-4 5-8 9-12 13-16 17-20 21-24 25-28 1 2 3 4

?2005 Nortel Networks Limited. All Rights Reserved

Page: 21 of 22

TT-0506401a

Proxy IP for the Nortel Application Switch OS version 22.x and later

ena vip 30.30.30.100 /c/slb/virt 1/service http group 1 epip ena /c/slb/filt 10 name "HTTP Redir" ena action redir proto tcp dport http group 2 rport 0 vlan any /c/slb/filt 10/adv proxyip 10.10.10.50 epip ena /c/slb/port 1 filt ena add 10 / script end /**** DO NOT EDIT THIS LINE!

Copyright ? 2005 Nortel Networks Limited - All Rights Reserved. Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks Limited. The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks Limited. To access more technical documentation, search our knowledge base, or open a service request online, please visit Nortel Technical Support on the web at: http://www.nortel.com/support If after following this guide you are still having problems, please ensure you have carried out the steps exactly as in this document. If problems still persist, please contact Nortel Technical Support (contact information is available online at: http://www.nortel.com/contactus ). We welcome your comments and suggestions on the quality and usefulness of this document. Please send your feedback to: CRALT@nortel.com

?2005 Nortel Networks Limited. All Rights Reserved

Page: 22 of 22


相关文档

北电Alteon应用层交换机技术手册_NAT
北电Alteon应用层交换机技术手册_HTTP Load Balancing
北电Alteon应用层交换机技术手册_DNS Load Balancing
北电Alteon应用层交换机技术手册_Virtual Hosting
北电Alteon应用层交换机技术手册_SYN Attack Detection
北电Alteon应用层交换机技术手册_TCP Flag Filtering
北电Alteon应用层交换机技术手册_FTP Server Load Balancing
北电Alteon应用层交换机技术手册_Web Cache Redirection
北电Alteon应用层交换机技术手册_Operating System 23.0.2 Release Notes
北电Alteon应用层交换机技术手册_ICMP Flag Filtering
电脑版