trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Strongman <jasonstrongman2...@gmail.com>
Subject Re: Transparent proxy with 1 NIC in ATS server
Date Thu, 25 Jun 2015 18:59:13 GMT
Alan,

In your transparency PDF you mention another 'transparency' approach
using NAT. I think the OP can use
his ATS server with a single interface if some inline device performs
a DNAT on the request(s) in question.
I think you mentioned this approach if one didnt want to mess with the
whole kernel TPROXY stuff.

Also per your notes, this only satisfies inbound transparency and
removes the ability for ATS to use the client resolved origin address.



On Sun, Apr 12, 2015 at 3:24 PM, Alan M. Carroll
<amc@network-geographics.com> wrote:
> I'm not sure you can do this. The essence is packets with the same IP addresses that
need to be delivered to different VLAN ports. Let's say your user agent is address A and the
origin server is address S. When the user agent sends a packet, it is A -> S. This is intercepted
by ATS and then when it wants to connect to the origin server it will send a packet A ->
S and this packet needs to flow out to the Internet, not be intercepted by ATS again. If you
have a router you can do this by doing policy routing based on which interface handled the
packet. With just a switch I'm not sure you an distinguish the packets sufficiently.
>
> I've never tried do that and I don't know anyone who has, so I have to just guess.
>

Mime
View raw message