RE: Transparent proxy

From: Barry Raveendran Greene <>
Date: Fri, 30 Jan 1998 09:44:12 +0800


On Friday, January 30, 1998 8:15 AM, Lincoln Dale []
> >We tried transparent proxying with Cisco's here and the result was 'no
> >way'. We have a service contract with Cisco and when attempting to
> >configure as per the instructions in the FAQ, we got stumped.
> >
> >Upon consulting Cisco, they stated that there was no way this approach to
> >transparent proxying would work, mentioning something about the
> >router clobbering the packet header in such a way that Squid couldn't deal
> >with it.

Who said that?

> err, i don't see why it wouldn't work? you can do it via
> policy-based-routing. note that policy-based-routing is
> process-switched within a cisco, so _does_not_scale_.

It's fast switched in 11.2F/11.3. Policy Based Routing is going in CEF soon
(if not already - I have not been watching the leased 11.1 CE and 11.1 CC
releases). This is helps to scale to some higher PPS rates, but it still does
not get you to big PPS interception rates.

I cut this out of one of my workshop labs ..... It should help.


Fast-Switched Policy Routing

IP policy routing can now be fast-switched. Prior to this feature, policy
routing could only be process switched, which meant that on most platforms,
the switching rate was approximately 1,000 to 10,000 packets per second. This
was not fast enough for many applications. Users who need policy routing to
occur at faster speeds can now implement policy routing without slowing down
the router.


Fast-switched policy routing supports all of the match commands and most of
the set commands, except for the following restrictions:

The set ip default command is not supported.

The set interface command is supported only over point-to-point links, unless
a route-cache entry exists using the same interface specified in the set
interface command in the route map. Also, at process level, the routing table
is consulted to determine if the interface is on a reasonable path to the
destination. During fast switching, the software does not make this check.
Instead, if the packet matches, the software blindly forwards the packet to
the specified interface.


This feature is supported on these platforms:

Cisco 2500 series
Cisco 4000 series (Cisco 4000, 4000-M, 4500, 4500-M, 4700, 4700-M)
Cisco 7200 series
Cisco 7500 series


Policy routing must be configured before you configure fast-switched policy
routing. See the section "Enable Policy Routing" in the chapter "Configuring
IP Routing Protocols" in the Cisco IOS Release 11.2 Network Protocols
Configuration Guide, Part 1.

Configuration Task

Fast switching of policy routing is disabled by default. To have policy
routing be fast switched, perform the following task in interface
configuration mode:

Configuration Example

The following example enables policy routing to be fast switched.

ip route-cache policy

Task Command

Enable fast switching of policy routing. ip route-cache policy
Received on Thu Jan 29 1998 - 17:58:57 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:34 MST