From: Djerk Geurts (djerk@djerk.nl)
Date: Tue Aug 07 2007 - 05:00:09 ART
Not when using mere ACL's. ACL's only go to Layer 4 (port numbers). Cisco
does have content switching modules which can. The closest you'll get is
with nbar url matching.
But really in real life best thing is to put all this traffic through a
scrubbing device rather than have a router decide what needs to be verified
and what not.
To that effect WCCP is ideal as the 'web-cache' will update the
router/switch on what it will accept and how many devices there are in the
cluster. Also if the device dies wccp will allo the traffic through rather
than dropping it which is what PBR would do (unless you built in some nifty
reachability checks, not sure if that's possible with PBR but would be cool
to try)
Djerk
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of Radioactive Frog
> Sent: dinsdag 7 augustus 2007 9:34
> To: Djerk Geurts
> Cc: groupstudy@cconlinelabs.com; Cisco certification
> Subject: Re: L4 traffic redirection with route map
>
> Thanks Shiran & Djerk,
>
> example: Port 80 redirection.
>
> Guys, if we go one more step further, can we inspect in HTTP
> packet's DATA
> field and redirect only certain type of HTTP data packets using ACL's?
>
> It is sort of deep packet inspection. e.g. first we took the
> traffic from IP
> for port 80, now inspect port 80 traffic for certain data
> field and redirect
> those which matches certain criteria in the data field of this type of
> traffic.
>
> Not sure if we can do it with ACL's. It need a sort of QoS
> device which does
> DPI e.g. Allot BOX ?
>
> Frog
>
> ______________________________________________________________
> _________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:09 ART