The Journey of a Network Engineer

Feb 16 2012   12:03AM GMT

Moving from Explicit Proxy to Transparent Proxy – part 4

Sulaiman Syed Profile: Sulaiman Syed

We have reached into a finalized design to run transparent proxy setup. The figure below shows the network diagram.

transparent proxy

This is the finalized design, i will go through the logical flow of traffic since it might not be that clear from first look. Traffic will reach the core network, from there it will be routed to PBR. The PBR process will send traffic of 80 and 443 to the load balancers, while rest of traffic will be routed with the default policy. Load balancers will load balance the proxies using two or three virtual IPs.

The proxy will be installed in one leg setup. with the feature to reflect the client source IP. This is important to have a full transparent setup, so that private IPs can be natted to pool of public IPs (instead of 1 as right now).

Once that is done, the packet shaper will insure fair share of bandwidth by dividing the big pipe into 2 or 3 main segments that will be shared based on the source IPs (group based shaping), and another dynamic partition to give the IPs fair bandwidth (user based shaping).

We have multiple firewalls and VPN concentrator to provide the required security

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: