https://community.extremenetworks.com/t5/network-architecture-design/flowredirection-based-transparent-web-cache-redirection/m-p/12853#M257 Wow so basically the configuration above should be able to drop in replace the WCCP from cisco? Fri, 10 Jul 2015 19:43:00 GMT Chris1 2015-07-10T19:43:00Z https://community.extremenetworks.com/t5/network-architecture-design/flowredirection-based-transparent-web-cache-redirection/m-p/12851#M255 We're currently using a Cisco for WCCP Redirection of HTTP traffic to a cache server (ISP)<BR /> <BR /> We have 2x MLAG x670 for our Core that feed into that Cisco, as you can see now we have a point of failure which we don't like and it's EOL, and not 10G)<BR /> <BR /> What i was wondering is cant we just do an ACL (flowredirection?) on both of our MLAG'd core switches to redirect dst-port 80 to go to the Cache Server IP instead of routing directly to the internet.<BR /> <BR /> For instance....<BR /> Port 1 customerVLAN (plus others that i dont want to get proxied) (various subnets)<BR /> Port 2 wanVLAN (gateway 10.0.0.1)<BR /> Port 3 cacheVLAN (cache 10.0.1.1)<BR /> <BR /> create flow-redirect ToProxy<BR /> configure flow-redirect ToProxy add nexthop 10.0.1.1 priority 100<BR /> configure flow-redirect ToProxy add nexthop 10.0.0.1 priority 200<BR /> configure flow-redirect ToProxy health-check ping<BR /> <BR /> allhttp.pol<BR /> entry allhttp {<BR /> if {<BR /> protocol tcp;<BR /> source-address 100.100.100.0/24; (whatever our customers subnet is)<BR /> destination-port 80; (only for internet hosted websites, not customer served)<BR /> } then {<BR /> redirect-name ToProxy;<BR /> count WebHTTP;<BR /> }<BR /> <BR /> configure access-list allhttp vlan customerVLAN ingress<BR /> <BR /> That way it would use the proxy if it's up but if we have a crash on our cache server it would fallback to the lower priority nexthop (default gateway) until the proxy server is restored?<BR /> <BR /> Would this have a negative impact on our x670's or the routing performance, I don't think it would as from my reading through the manuals the ACL's are done on the ASIC's at linerate? IS their something i should specifically be watching out for? Will we run into issues as with substantial traffic getting redirected/notredirected) Fri, 10 Jul 2015 01:55:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/flowredirection-based-transparent-web-cache-redirection/m-p/12851#M255 Chris1 2015-07-10T01:55:00Z https://community.extremenetworks.com/t5/network-architecture-design/flowredirection-based-transparent-web-cache-redirection/m-p/12852#M256 You are right, this has no impact as ACL and redircted traffic will be handled by the ASIC at wirespeed. Fri, 10 Jul 2015 11:35:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/flowredirection-based-transparent-web-cache-redirection/m-p/12852#M256 OscarK 2015-07-10T11:35:00Z https://community.extremenetworks.com/t5/network-architecture-design/flowredirection-based-transparent-web-cache-redirection/m-p/12853#M257 Wow so basically the configuration above should be able to drop in replace the WCCP from cisco? Fri, 10 Jul 2015 19:43:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/flowredirection-based-transparent-web-cache-redirection/m-p/12853#M257 Chris1 2015-07-10T19:43:00Z https://community.extremenetworks.com/t5/network-architecture-design/flowredirection-based-transparent-web-cache-redirection/m-p/12854#M258 I guess that it does not replace WCCP because it does not keep user session to proxy (in case you have multiple proxy servers) Fri, 10 Jul 2015 19:43:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/flowredirection-based-transparent-web-cache-redirection/m-p/12854#M258 Brunno_Lopes 2015-07-10T19:43:00Z