Solutions

Use IPv6 Connection Forwarding Clusters

Solutions ID:    KB5184
Version:    2.0
Status:    Published
Published date:    06/27/2012
Updated:    07/23/2013
 

Problem Description

Scenario

For branches that contain multiple ProxySGs deployed in-path, it is possible that a connection can be leaving the company network on one ProxySG, and be entering the network on another ProxySG.

Solution

Connection forwarding is designed to handle asymmetric routing issues, as described here. All the ProxySGs that are in the critical network paths will form a cluster, so that every ProxySG knows the state of every other ProxySG in the same connection forwarding cluster. This feature is typically used in conjunction with ADN, but its application is not limited to WAN optimization deployments. Currently, the connection forwarding tunnel is IPv4 only, but it is capable of handling both IPv4 and IPv6 traffic.

Resolution

Deployment

  1. Configure all ProxySGs to have both IPv4 and IPv6 connectivity. See Deploy ProxySG as an IPv6 Transitional Device.
     
  2. Determine which ProxySG needs to be in the connection forwarding cluster. This is typically done by network topology inspection.
     
  3. Add all the ProxySG addresses to the connection forwarding cluster:
    #(config)connection-forwarding
    #(config connection-forwarding)add <ipv4-address-sg1>
    #(config connection-forwarding)add <ipv4-address-sg2>


    Note that the list of ProxySGs needs to include itself. Currently, the tunnel between the ProxySGs participating in the cluster is IPv4 only. But this should not impact the overall usability since the user traffic can be both IPv4 and IPv6.
     
  4. Enable connection forwarding:
    #(config connection-forwarding)enable

  5. Enable the desired services. We are using HTTP in this example:
    #(config)proxy-services
    #(config proxy-services)edit “External HTTP”
    #(config External HTTP)intercept transparent 80

6.      The blue line illustrated in the following network diagram indicates how the packets are routed through the network. The packets that get forwarded between the ProxySGs are IPv6, although the tunnel indicated in this diagram is IPv4 only.

Network Diagram

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question