Routing RTSP though Ace but keeping source address information
Hello
I am trying to set up load balancing for a Wowza streaming media server. The problem I have is that some of the media that we will be on the server is not allowed to be watched from other countries. The server has a modification that can sort this based on the IP address, our ACE is in Routed Mode, so the source address is replaced with a internal one which means that they will be allowed to watch whatever they like.
I have tried to look into injecting the original source address in to RTSP but as far as I can see you cant.
Can anyone help with making the connections from other countries readable thought the ACE?
Ricardo,
What is this route ??
ip route 0.0.0.0 255.255.255.0 10.0.0.1 (VIP address)
You can't have 0.0.0.0/24.
You must be missing something ?
Also, since the vip is part of a vlan with subnet 10.0.0.0/24 you don't need to add a static route to reach that vip.
It should normally be directly connected to your router.
With the static route, do you see traffic coming to the ACE module ?
Does it loadbalance to the server ?
'show service-policy detail' check the packet counters
Gilles.
Similar Messages
-
New icloud account but keeping old icloud information
I broke my phone a few weeks ago and to get a replacement from my insurance i have to delete my icloud account, but i have an ipad which is linked up to it and i dont want to loose any of my stuff so just looking for a bit of advise about the best thing to do? any suggestions
If you are deleting the account from your phone, it only deletes it from your phone, not from iCloud. Doing this will not effect your iPad.
Or, are you asking how to delete the account from your iPad without losing data? -
How is NTP reply routed when requesting router uses loopback as source address
The Cisco NTP Best Practices White Paper and DISA STIGs recommend setting the NTP source address to a loopback interface (e.g. "ntp source loopback0").
But this only seems to work if the requesting (NTP client) router is the default gateway for the NTP server.
Specifically, the NTP server will attempt to reply to the requesting router's loopback-based source address (taken from the NTP request packet). Since that address will always be non-local from the perspective of the NTP server, the NTP server will encapsulate the reply in a Layer 2 frame addressed to its default gateway. If the gateway was the source of the original NTP request, that should work. But in most other situations that gateway won't know how to reach a loopback-based address, and will discard the reply.
I have verified this in tests with routers running both 12.4 and 15.1 releases (and NTP debugging enabled). When the NTP source is a loopback address, NTP replies never reach the requesting router. With the default NTP source address (i.e. based on the exit interface) everything works fine.
Obviously, you could employ workarounds, such as static routes or injecting loopback addresses into your routing protocols. But that seems uglier than leaving NTP source addresses at their defaults.
Why is this "best practice" so commonly advocated without mention of some significant caveats regarding routing? Am I missing something?
Thanks,
MarkMichel:
Thanks for the response. Actually, I understand what kind of routing workarounds could allow NTP to function in spite of this "best practice." But I am mystified as to why a Cisco "NTP best practice" paper (http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a0080117070.shtml) and various security policies would call for setting a loopback address as the NTP source when that practice will often cause more problems than it solves.
The stability of a loopback address is nice when that address is used to uniquely identify the platform for a routing protocol or syslog. A loopback-based source address can also simplify ACL management, since that address won't change if an interface or link failure forces the router to send traffic from a different interface. But I keep seeing security configuration guides/policies that call for also using a loopback address as the source for two-way protocols, such as FTP and NTP. That just doesn't make sense to me when you balance the routing implications against the limited security benefits (stable device identification, simplified ACL maintenance, and obfuscation of device addresses).
I was hoping to learn that some obscure command might allow me to control which NTP exchanges use the loopback-based source address. For example, the loopback source address would work fine on outgoing NTP broadcasts (and probably in replies from NTP servers). But I would prefer that NTP client requests use a source address based on the exit interface. That way replies can be routed back to the client without cluttering up routing tables with routes to loopback addresses.
So far, it looks like I'll need to chalk this up to poor coordination between the network security and network administration communities.
Thanks again,
Mark -
Removing the search bar whilst keeping the address bar?
I've been using Firefox but since updating to SL I'm wanting to go back to Safari. In previous versions I would remove the search bar and keep the address bar, (as I do in all browsers because I don't use the search bar, instead I search via keywords in the address bar), but that doesn't seem to be possible any more.
Why has Apple decided to join the two bars together!? It's random and really annoying.
Is there any way I can get rid of the search bar but keep the address bar?It's hard to please everyone. Apple are obviously more than happy with the interface of Safari 4 at the moment and that is reflected in the millions upon millions of downloads of it, both for OSX and for Windows. These forums only represent issues from a very miniscule percentage of users who are having some issue or dislike some aspect of the software. You will find very few positive comments here as it is a troubleshooting and support forum. This is the first time I have heard anybody complain about this feature (or lack of) so it may well pay to send it through to Apple via the Bug reporter up in your right top corner of the browser.
Cheers -
What is the easiest way to access the router from an iPad? I have no problems accessing it from my laptop. Even though I am entering the address in the left address box, not the Google search box, it wants to do either a search, or add www to the beginning of the IP address.
I usually can eventually access the router, but it is way to much trouble. However, I use my iPad hundreds of times more often than my laptop.Are you typing http:// in front of the IP address of the router? e.g. http://192.168.0.1
Sometimes, and with some routers it doesn't seem to like it if you miss off the http:// -
Importing new Address Book into Address Book but keeping it separate.
I have an existing Address Book on my MacBook Pro and would like to import my office Address Book - BUT keep it as a separate group. The office Address Book has over 1,000 names so it is a lot of work to import it and then, one by one, find, separate and add the names to a New Group. Is there a way to import the new Address Book directly into its own Group?
Both Address Books are Apple.
I understand that the new names will be a part of my existing Address Book when I am in the ALL Group.Well you are correct - you cannot import into .Mac mail.
What you can do is import your .csv file into Address Book on a Mac and then Sync that Address Book with your .Mac information.
In Address Book the Import function is under the File menu.
To Sync use the .Mac preference pane in System Preferences.
HTH,
Steve -
Hi Attempting to update my card but keep getting this notice........................."We cannot verify the address that you've entered. Please confirm that you still wish to use this as your billing address, or return to your billing form to edit your entry" and my billing My address is correct??@
The card got declined on September 18th, please contact bank to get the exact reason. The billing details that we have is messaged to you, please confirm the address ,
The CC is suspended as of now.
Regards
Rajshree -
Router Source address for ACS Server
Does anyone know how to configure a router(MSFC in this case so the same ip address is sent to the ACS server for authenticating. The source address may not always be the same depending on the path taken, If the source address isnt an ip address configured for one of my devices the acs server rejects the attempt and the router defaults to local login. I tried settigng a loopback address and always telnetiing to the loopback address however the source address from the MSFC is not the loopback I have 38 vlans, snd i suppose i could configure thoe ip addresses under a device, however if iI add a vlan then I must remember to add that vlan to ACS. Im sure there is a simpler way to address this, I just cant seem to find the configs needed on the MSFC to make it work.
Any help will be greatly appreciated.
ThanksHi,
Sounds like you need:
ip tacacs source-interface interface-name
(or ip radius source-interface interface-name)
It's recommended to use a loopback interface, so this would give you (assuming loopback0):
ip tacacs source-interface loopback0
HTH - plz rate if it does
Andrew. -
Inserted slide don't "Use Destination Theme" even though "Keep Source Formatting" is unchecked
https://social.technet.microsoft.com/Forums/office/en-US/454c99d1-c256-40ba-9a99-5d297f6c1935/power-point-slide-master-how-to-copypaste-slides-from-different-presentation-without-changing-the?forum=officeitproprevious
I'm having this issue while using PPT 2013 Office 365.
I'm 99% sure my Slide Master is correct and haven't had this issue before. Why is inserting slides from "Reuse Slides" or simple copy/paste inserting a new slide in the master and it won't Use The Destination Theme.
I don't have Keep Source Formatting Checked. I selected Use Destination Theme.
Any solutions?
Thanks.There are workarounds that are discussed in the following link. Primarily, by disabling 'preserve master' in the source file and then copying it into the new file by choosing 'keep source formatting' - when a new layout is then applied, the old one disappears
when its no longer in use as the source master is unpreserved.
http://answers.microsoft.com/en-us/office/forum/office_2010-powerpoint/can-a-slide-be-copied-into-powerpoint-2010-without/27aa7b42-cad9-4e59-a4e6-080796c628fc -
Can I synch 2 phones to the same iMac, but have different address books?
If you and your wife have separate user accounts on the Mac, then each of you will have separate libraries to sync. You can them maintain separate address books, calendars, apps, etc.
-
Ever since I received my Macbook Pro in July 2011 I've had issues with my wireless connection at home. After software updates, Apple support suggested I reboot my router which works. But now I have to do it every other day. ???? AT&T my DSL carrier suggests I get a new router. Apparently the one I have is really old and doesn't support my Macbook Pro. Does this sound right?
If your using WEP encryption yes, Apple has discontinued that becaues it's worthless. WEP (and WPA) is cracked so encryption makes no sense.
Get a new Wireless N router, set it up with WPA2 (AES) Personal and two different 20+ randon letter/numbersymbol character passwords
One for Admin access only of the router, keep this on paper off all comptuers in a safe someplace.
One for entering into devices, computers etc for Internet Access Only.
You need the long and random password to defeat brute force attacks by GPU software that the hackers have now.
Also if you give out the password to another, they can't hack the network with the guest access password.
Computers remember the internet password, so anyone with access to your machines or network will have the password.
Since you have another Admin only password, they can't hack in. got it?
You don't need "Invisible" or "MAC Address filtering" that's a waste of time as hackers can sniff a network and causes issues getting on the network.
Good luck. -
Is their a way to set the source address for TACACS?
I have about 170 remote sites that I want to use my ACS server (Ver. 3.3) for Autentication/Authorization. I am using 1918 addressing at the remote locations, and at the corporate office. The ACS server is inside the Corporate network, and I am telnetting to the 10.address inside interface of the router at the remote site. It looks for the tacacs server, but does not find it, and fails back to use the local password.
I can ping the IP address of the tacacs server doing a ping with the source IP of the Inside ethernet, and the IP address of the loopback, on the remote router.OK, 16 pages down in the forum, I finally found my answer.
Use the command:
ip tacacs source-interface -
Sources addresses need be changed.
I have a case which is showed in attachments.That is in pix outside interface changed the sourecs addresses as illustrate.How can I config the pix.
the changed sources addresses doesn't in the same network with the pix outside interface's.Hi
i feel you want to change the source ip of the packets coming from outside world especially from the 3 networks mentioned in ur figure.
i feel you can make use of ip nat source outside source list command to modify the same.
But do remember you can configure this up in your router also refer this link for more info on the same..
http://cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f8e.shtml
regds -
Different Source Address for a SNMP trap paquet
We use a common platform to manage the CISCO routers for several customers. We are using to manage the devices w/ a loopback address as source of snmp paquet.
We use something like this ...
Router(config)#snmp-server host 172.25.1.1 ORATRAP
Router(config)#snmp-server trap-source loopback0
Router(config)#end
Now, there is some customers that request us to receipt the snmp-traps w/ an ip source of their own ip space (192.168.2.x/24).I cannot imagine how this can be achieve?... Please any idea?. Thks. Eduard.Thks., for your help. This is important matter to us. We also working in the idea of snmp track collector close to our own NMC... but this may cost also money... . So, we are going to try another approach first..
Somewhat like this below....
snmp-server enable traps
snmp-server informs
snmp-server source-interface traps
snmp-server source-interface informs
snmp-server host traps version 1 community string publicCust
snmp-server host informs version 2 community string publicBT
For the get's every MNC sends to the declared IP, so We thing that will use the same IP in answer.
I will let you know. Eduard. -
My confusion is about the source address that voice packets assume for a FXS port in a Ciso router.
I am pasting relevant configuration from 2 routers below.
For the 1st router I have the session targets in the dial peer config as the loopback addresses but the QoS is working using a access-list where the source address is the serial ip.
While in the other router I am getting no packet matches for either the loopback ip or the serial ip.
ROUTER 1
class-map shell_voip
match access-group 170
policy-map shell_voip
class shell_voip
priority 64
class class-default
fair-queue
random-detect
interface Loopback0
ip address 10.66.12.25 255.255.255.255
interface Multilink101
mtu 100
bandwidth 1544
ip address 10.66.50.14 255.255.255.252
no ip mroute-cache
load-interval 30
service-policy output shell_voip
no cdp enable
ppp multilink
ppp multilink fragment-delay 20
ppp multilink interleave
multilink-group 101
access-list 170 permit udp host 10.66.50.14 range 16000 35000 any range 16000 35000
access-list 170 permit tcp any eq 1720 any
access-list 170 permit tcp any any eq 1720
voice-port 2/0
cptone IN
voice-port 2/1
input gain -6
cptone IN
dial-peer voice 1 pots
destination-pattern 40
port 2/0
dial-peer voice 100 voip
destination-pattern 10
session target ipv4:10.129.67.105
dial-peer voice 2 pots
destination-pattern 99
port 2/1
dial-peer voice 102 voip
destination-pattern 11
session target ipv4:10.129.67.105
ROUTER 2
no voice hpi capture buffer
no voice hpi capture destination
class-map match-all Vsp_voice
match access-group 160
policy-map Vsp_voip
class Vsp_voice
priority 32
class class-default
fair-queue
random-detect
interface Loopback0
ip address 10.65.10.121 255.255.255.248
interface Multilink60
ip address 10.65.50.246 255.255.255.252
service-policy output Vsp_voip
load-interval 30
no cdp enable
ppp multilink
ppp multilink fragment delay 10
ppp multilink interleave
ppp multilink group 60
access-list 160 permit udp host 10.65.50.246 range 16000 35000 any range 16000 35000
access-list 160 permit tcp any eq 1720 any
access-list 160 permit tcp any any eq 1720
voice-port 2/0
cptone IN
voice-port 2/1
cptone IN
dial-peer cor custom
dial-peer voice 9 pots
destination-pattern 1101
port 2/0
dial-peer voice 10 pots
destination-pattern 1102
port 2/1
dial-peer voice 5 voip
destination-pattern 8901
session target ipv4:10.196.3.57
dial-peer voice 6 voip
destination-pattern 8902
session target ipv4:10.196.3.57You may want to refer to the following link.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guide09186a0080080115.html
Your dial peers are using H.323, your source will be what ever interface is used to exit the router as determined by the routing table.
You could also use a debug IP packet to have a look at your source and destination if you are unsure.
For this case you may want to just apply:
h323-gateway voip bind srcaddr 10.66.12.25 on Router 1 and h323-gateway voip bind srcaddr 10.65.10.121 to Router 2. Rememeber to put them under the loopback interface.
Maybe you are looking for
-
HT1533 How can I switch back to Mac OS X from Windows 7 Bootcamp?
I'm having problem switching back to Mac OS on my Macbook Air. It's currently running Windows 7 bootcamp without a Mac OS installed with it. I tried booting up on Mac OSX installer disc (Snow Leopard) on the external CDROM drive but it boots to Win
-
Fetching a logo in the Adobe form
hi all, i want to fetch a logo into the adobe form from sap server/application layer. for that i have used the image field and i have tried to browse the image from it but i was not able to ftech the logo/image from the server. could u all please
-
What happened to right click print - must have option????
running win 8.1 latest firefox IN EXPLORER i can right click and print any image. firefox has no print option on right click, even if i view and image there is no print capability not even a right click print. no menu option are avalable. I can print
-
Making sql server database read -write from read only
hey guys i attached adventure works in sql server 2008 and it showing as read only , so please guide me to make it read write or remove read only tag from database thanks in advance sujeet software devloper kolkata
-
IPad's screen turned pink and flashing
All of a sudden, my iPad's screen turned pink. Tried resetting but did not help. The screen is now red/pink-ish and flashing. I, of course, did not drop it or anything like that. Is this a hardware problem? is it fixable by a user?