Appendix B Deployment Examples
Transparent Local-Listen
B-32
Cisco 11000 Series Secure Content Accelerator Configuration Guide
78-13124-05
(decrypted) traffic. Unlike traditional no transparent mode, however, when the
offloader sends the outbound traffic, it will use the client’s IP address rather than
its own IP address in fashioning these packets; thus the hybridity of the proxy.
The CSS (or other load-balancer) will be responsible for performing port address
translation from the default SSL port 443 to a unique port for each additional
logical SSL server hosted on each offloader. Again, this is different from
traditional transparent proxy mode wherein the differentiation between
certificate/key pairs is offered by uniqueness in the listening IP address on the
offloader.
The content and services portion of the CSS configuration is nearly identical to
the configuration used in non-transparent proxy mode, while the network portion
of the CSS configuration mirrors that used in transparent mode.
The flows from the perspective of the CSS are essentially a combination of what
is expected in transparent and non-transparent modes: the first two flow entries
(client to offloader) look like a non-transparent flow view, and the second two flow
entries (offloader to origin server) look like a transparent flow view. Again, it is
critical to keep in mind that although transparent local-listen is a hybrid proxy,
the model still creates two instances of the client’s IP address and must employ
some means of differentiation. This is why even though network address
translation is occurring on the redirection of traffic from the client to the offloader,
ECMP (or some other hashing mechanism) is still necessary for proper routing of
traffic within the offloading triangle.
Summary of Contents for CSS11501 - 100Mbps Ethernet Load Balancing Device
Page 4: ......
Page 28: ...Figures xxviii Cisco 11000 Series Secure Content Accelerator Configuration Guide 78 13124 05 ...
Page 30: ...Tables xxx Cisco 11000 Series Secure Content Accelerator Configuration Guide 78 13124 05 ...
Page 422: ...Glossary 4 Cisco 11000 Series Secure Content Accelerator Configuration Guide 78 13124 05 ...
Page 432: ...Index 10 Cisco 11000 Series Secure Content Accelerator Configuration Guide 78 13124 04 ...