Table of Contents
Advertisement
Filtering Enhancements
Starting with version 28.1.50, Alteon simplifies session management through filters. While filters
classify user traffic and qualify the proper action, Alteon transparently takes care of session
management and proper handling in cases of proxy deployments.
Alteon supports the following filtering enhancements:
•
Reverse Session, page 363
•
Return to Proxy, page 363
•
Layer 7 Invert Filter, page 363
Reverse Session
Filters only handle and search for a match of incoming traffic sent from the client server. In previous
versions, filters only created one entry in a session table per session. To handle reverse traffic,
either Direct Access Mode (DAM) or a reverse session must be defined.
When using DAM, Alteon changes the source port of the session and identifies the return session by
its changed source port. Alteon then reverts the session parameters to the original parameters of
the client session.
Previously, when using reverse session, Alteon created a reverse session entry in the session table,
handled the packet and reversed its parameters to those of the original client session. However,
reverse session could only handle traffic at layer 4.
Starting with version 28.1.50, reverse session returns traffic to the original session without changing
the source port and handles traffic at all layers. Return traffic is redirected to the original session
table and forwarded to the client with the original parameters.
Reverse session is defined per filter. At Layer 4, if DAM is activated, it takes precedence over reverse
session and overrides it. At Layer 7, reverse session takes precedence over DAM. That is, if reverse
session is enabled, DAM is automatically overridden.
To view an example using reverse session, see
page
364.
Return to Proxy
Alteon supports a wide range of server deployments. In some deployment scenarios, the servers
must have the traffic destined to their own assigned IP address, while the service must maintain
transparent. Starting with version 28.1.50, you can redirect traffic to such servers by changing the
session destination IP to match that of the server. To maintain persistency, that is for the return
traffic to return via the proxy, you must enable the reverse session option when using the
redirecting to proxy option.
To view an example using return to proxy, see
Layer 7 Invert Filter
Previously, traffic that matched the layer 7 filtering criteria was redirected to the origin server
(internet) and traffic that did not match was redirected real servers.
The layer 7 invert filter now enables the opposite result. A layer 7 invert filter works just like a basic
invert filter, except that the invert action is delayed until the string content is examined to see if the
session needs to be redirected because of its content.
Traffic that matches the layer 7 invert filtering criteria can be redirected to VAS servers when
enabling /cfg/slb/filt/adv/invert .
Document ID: RDWR-ALOS-V2900_AG1302
Alteon Application Switch Operating System Application Guide
Redirecting Traffic with a Transparent Server,
Redirecting Traffic with a NAT Filter, page
Filtering and Traffic Manipulation
366.
363
- Quick Links:
- Part 1-Basic Features
Hide quick links:
Advertisement
Table of Contents
