Login
- Table of Contents
-
- 06-Layer 3—IP Services Configuration Guide
- 00-Preface
- 01-ARP configuration
- 02-IP addressing configuration
- 03-DHCP configuration
- 04-DNS configuration
- 05-NAT configuration
- 06-NAT66 configuration
- 07-IP forwarding basics configuration
- 08-Fast forwarding configuration
- 09-Multi-CPU packet distribution configuration
- 10-Adjacency table configuration
- 11-IRDP configuration
- 12-IP performance optimization configuration
- 13-UDP helper configuration
- 14-IPv6 basics configuration
- 15-DHCPv6 configuration
- 16-IPv6 fast forwarding configuration
- 17-AFT configuration
- 18-Tunneling configuration
- 19-GRE configuration
- 20-ADVPN configuration
- 21-WAAS configuration
- 22-HTTP proxy configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 22-HTTP proxy configuration | 189.90 KB |
License requirement for HTTP proxy
Restrictions and guidelines: HTTP proxy
Configuring a Web server group
Configuring an HTTP proxy service
Configuring the external media link proxy feature
Configuring the external hyperlink proxy feature
Configuring the HTTP proxy operation recording
Display and maintenance commands for HTTP proxy
HTTP proxy configuration examples (in standalone mode)
Example: Configuring HTTP-based HTTP proxy
Example: Configuring HTTPS-based HTTP proxy
HTTP proxy configuration examples (in IRF mode)
Example: Configuring HTTP-based HTTP proxy
Example: Configuring HTTPS-based HTTP proxy
Configuring HTTP proxy
About HTTP proxy
The HTTP proxy feature enables IPv6 users to access IPv4 Web servers by proxying the HTTP or HTTPS requests of the IPv6 users. This feature has the following advantages:
· Simplifies smooth IPv4-to-IPv6 transition without affecting existing IPv4 services.
· Enables users of one IP stack to access webpages of another IP stack, providing network compatibility and scalability.
· Supports load balancing, which improves the network efficiency and stability and enhances user experience.
Working mechanism
Figure 1 shows the working mechanism.
1. The IPv6 host obtains the IPv6 address corresponding to the requested domain name (the IPv6 address of the HTTP proxy service configured on the device) through the DNS server. The IPv6 host sends an HTTP or HTTPS GET request to the device.
2. The device checks whether the URL of the request contains the domain name of the HTTP proxy service:
¡ If yes, the device strips the domain name from the URL and restores the URL of the request to the original URL.
¡ If not, the device re-encapsulates the HTTP or HTTPS GET request.
3. The device sends the request to the IPv4 Web server. If the IPv4 Web server is an external Web server, a DNS server is required on the device to resolve URL of the IPv4 Web server to an IPv4 address.
4. The IPv4 Web server sends an HTTP or HTTPS response to the device. The devices checks whether the response contains external media links or hyperlinks:
¡ If yes, the device adds the domain name of the HTTP proxy service to the URL of the response. In this way, the IPv6 host can send the HTTP or HTTPS request to the device when it accesses the IPv4 Web server again.
¡ If not, the device re-encapsulates the HTTP or HTTPS response.
5. The device sends the HTTP or HTTPS response to the IPv6 host.
External link proxy
Figure 2 shows the mechanism of external link proxy when an IPv6 user accesses external media links or hyperlinks on webpages of the IPv4 Web server.
Figure 2 External link proxy mechanism
1. When the device receives an HTTP or HTTPS response from the IPv4 Web server, it adds the domain name specified for the HTTP proxy service to the URL of the response.
2. When the IPv6 user accesses the IPv4 Web server again, the DNS server resolves domain name contained in the URL of the Web request to the IPv6 address of the HTTP proxy service. The IPv6 user sends an HTTP or HTTPS GET request for accessing an external link to the device.
3. Upon receiving the GET request, the device strips the domain name from the URL of the request.
4. The device resolves the domain name to the IPv4 address of the GET request.
5. The device re-encapsulates the GET request and sends it to the external IPv4 Web server.
6. The external IPv4 Web server sends the HTTP or HTTPS response to the device.
7. The device re-encapsulates the response and sends it the IPv6 host.
Load balancing of Web access
You can add multiple IPv4 Web servers to a Web server group for the HTTP proxy service. When the device receives HTTP or HTTPS requests, it distributes the traffic to different Web servers according to a certain algorithm, implementing load balancing. This increases network bandwidth and improves network availability and flexibility.
License requirement for HTTP proxy
The HTTP proxy feature requires a license. If you configure the feature without a license, the settings will be lost after a device reboot. For information about license management, see Fundamentals Configuration Guide.
Restrictions and guidelines: HTTP proxy
To enable an HTTP proxy service to proxy the Web resources, make sure the ports on the device used for communication with the IPv6 users and the IPv4 Web servers belong to the same slot.
HTTP proxy tasks at a glance
To configure HTTP proxy, perform the following tasks:
1. Configuring a Web server group
2. Configuring an HTTP proxy service
3. (Optional.) Configuring the external media link proxy
4. (Optional.) Configuring the external hyperlink proxy
5. Enabling a HTTP proxy service
6. Configuring the HTTP proxy operation recording
Configuring a Web server group
About this task
You can configure Web servers to be proxied by an HTTP proxy service in a Web server group and bind the group to the HTTP proxy service.
To proxy both HTTP and HTTPS packets, you can bind a Web server group specified with HTTP and a Web server group specified with HTTPS to an HTTP proxy service.
To implement load balancing, you can add multiple IPv4 Web servers with different IP addresses and port numbers to an IPv4 Web server group.
Restrictions and guidelines
Before binding a Web server group to an HTTP proxy service, first configure the parameters of the Web server group.
To modify the parameters of a Web server group that has been bound to an HTTP proxy service, first unbind the Web server group from the HTTP proxy service. Then, modify the parameters of the Web server group.
Make sure the protocol types of the all Web servers in a Web server group are consistent with the protocol type of the Web server group.
Procedure
1. Enter system view.
system-view
2. Create a Web server group and enter its view.
http-proxy server-group group-name
3. Add a Web server to the Web server group.
ip-address ip-address [ port port-number ]
By default, no Web servers exist in a Web server group.
4. Specify a protocol type for the Web server group.
protocol-type { http | https }
By default, no protocol types are specified for a Web server group.
Configuring an HTTP proxy service
About this task
An HTTP proxy service listens for and proxies HTTP or HTTPS requests from a specified TCP port number and IPv6 address. To proxy HTTPS packets, you must also specify an SSL certificate file and SSL certificate key file so the device can establish secure connections to IPv6 hosts.
Prerequisites
Before you specify an SSL certificate file and SSL certificate key file, upload the files to the device through FTP or TFTP. For more information about FTP and TFTP configuration, see Fundamentals Configuration Guide.
Restrictions and guidelines
You must specify an unused TCP port number for an HTTP proxy service. To view TCP port numbers in use, execute the display tcp command.
The protocol type of an HTTP proxy service can be different from the protocol type of the Web server group bound to the HTTP proxy service.
To modify the parameters of an enabled HTTP proxy service, first disable the HTTP proxy service.
Procedure
1. Enter system view.
system-view
2. Create an HTTP proxy service and enter its view.
In standalone mode:
http-proxy service service-name
In IRF mode:
http-proxy service service-name slot slot-number
3. Specify a protocol type and listening port for the HTTP proxy service and bind a Web server group to the service.
protocol-type { http | https } [ port port-number ] [ server-group group-name ]
By default, no protocol type or listening port number is specified for an HTTP proxy service and no Web server group is bound to the HTTP proxy service.
4. Specify an IPv6 address for the HTTP proxy service.
ipv6-address ipv6-address
By default, no IPv6 address is specified for an HTTP proxy service.
5. Specify an SSL certificate file.
ssl certificate file certificate-file
By default, no SSL certificate file is specified.
6. Specify an SSL certificate key file.
ssl certificate key-file key-file
By default, no SSL certificate key file is specified.
Configuring the external media link proxy feature
About this task
This feature enables IPv6 users to access the external media (such as pictures or videos) linked to webpages of the Web servers proxied by an HTTP proxy service.
Restrictions and guidelines
Before configuring this feature, first disable the HTTP proxy service.
Procedure
1. Enter system view.
system-view
2. Enter the view of an HTTP proxy service.
In standalone mode:
http-proxy service service-name
In IRF mode:
http-proxy service service-name slot slot-number
3. Specify a domain name for the HTTP proxy service.
domain-name domain-name
By default, no domain name is specified for an HTTP proxy service.
4. Specify a DNS server for the HTTP proxy service.
dns-server ip-address
By default, no DNS servers are specified for an HTTP proxy service.
5. Enable the external media link proxy feature.
medialink-proxy enable
By default, the external media link proxy feature is disabled.
Configuring the external hyperlink proxy feature
About this task
This feature enables an HTTP proxy service to proxy external hyperlinks on webpages of proxied Web servers by adding the specified domain name to the link URLs. In this way, users can access webpage resources that are not on the proxied Web servers.
Restrictions and guidelines
Before configuring this feature, first disable the HTTP proxy service.
Procedure
1. Enter system view.
system-view
2. Enter the view of an HTTP proxy service.
In standalone mode:
http-proxy service service-name
In IRF mode:
http-proxy service service-name slot slot-number
3. Specify a domain name for the HTTP proxy service.
domain-name domain-name
By default, no domain name is specified for an HTTP proxy service.
4. Specify a DNS server for the HTTP proxy service.
dns-server ip-address
By default, no DNS servers are specified for an HTTP proxy service.
5. Specify an external hyperlink to be proxied on webpages.
hyperlink-proxy link-string
By default, no external hyperlinks are specified to be proxied
Enabling a HTTP proxy service
1. Enter system view.
system-view
2. Enter the view of an HTTP proxy service.
In standalone mode:
http-proxy service service-name
In IRF mode:
http-proxy service service-name slot slot-number
3. Enable the HTTP proxy service.
service enable
By default, an HTTP proxy service is disabled.
Configuring the HTTP proxy operation recording
About this task
This feature enables an HTTP proxy service to record all proxy operations in chorological order in a file and save the file in the specified directory. You can execute the more command to view the content of the file. For more information about the more command, see file management commands in Fundamentals Command Reference.
Procedure
1. Enter system view.
system-view
2. Enter the view of an HTTP proxy service.
In standalone mode:
http-proxy service service-name
In IRF mode:
http-proxy service service-name slot slot-number
3. Enable the HTTP proxy operation recording and specify the directory for saving the HTTP proxy operation recording file.
access-record enable file-path path
By default, the HTTP proxy operation recording is disabled and no directory is specified for saving the HTTP proxy operation recording file.
Display and maintenance commands for HTTP proxy
Execute display commands in any view.
|
Task |
Command |
|
Display HTTP proxy configuration information. |
display http-proxy { server-group [ group-name ] | service [ service-name ] } |
HTTP proxy configuration examples (in standalone mode)
Example: Configuring HTTP-based HTTP proxy
Network configuration
As shown in Figure 3, configure HTTP proxy on the device to proxy HTTP requests for the IPv6 host, so that the IPv6 host can access the IPv4 Web servers.
· Specify domain name test.gov.cn for the HTTP proxy service and specify 2001::1/64 as the IPv6 address of the HTTP proxy service.
· Add external hyperlink www.hyperlink.org to be proxied by the HTTP proxy service and enable the external media link proxy feature.
· Specify the DNS server with IP address 8.8.8.8 for the HTTP proxy service.
· Enable the HTTP proxy operation recording.
Prerequisites
Assign IP addresses and subnet mask to interfaces. (Details not shown.)
Make sure the domain name test.gov.cn of the HTTP proxy service can be resolved into IPv6 address 2001::1/64.
Procedure
1. Configure a Web server group:
# Create Web server group httpback and enter its view.
<Device> system-view
[Device] http-proxy server-group httpback
# Add the Web server with IP address 192.168.1.1 and port number 80 to Web server group httpback.
[Device-http-proxy-server-group-httpback] ip-address 192.168.1.1 port 80
# Add the Web server with IP address 192.168.1.2 and port number 80 to Web server group httpback.
[Device-http-proxy-server-group-httpback] ip-address 192.168.1.2 port 80
# Specify HTTP as the protocol type of Web server group httpback.
[Device-http-proxy-server-group-httpback] protocol-type http
[Device-http-proxy-server-group-httpback] quit
2. Configure an HTTP proxy service:
# Create HTTP proxy service proxyservice and enter its view.
[Device] http-proxy service proxyservice
# Specify HTTP as the protocol type of HTTP proxy service proxyservice and bind Web server group httpback to the HTTP proxy service.
[Device-http-proxy-proxyservice] protocol-type http server-group httpback
# Specify DNS server at 8.8.8.8 for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice] dns-server 8.8.8.8
# Specify domain name test.gov.cn for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice] domain-name test.gov.cn
# Specify 2001::1 as the IPv6 address of HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice] ipv6-address 2001::1
# Enable the external media link proxy feature for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice] medialink-proxy enable
# Specify external hyperlink www.hyperlink.org to be proxied by HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice] hyperlink-proxy http://www.hyperlink.org/
# Configure a source IP pool that contains IP addresses 192.168.1.10 to 192.168.1.20 for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice] ip-pool 192.168.1.10 192.168.1.20
# Enable the HTTP proxy operation recording and specify directory flash:/httpproxy/20191010.log for saving the HTTP proxy operation recording file.
[Device-http-proxy-proxyservice] access-record enable file-path flash:/httpproxy/20191010.log
3. Enable the HTTP proxy service.
[Device-http-proxy-proxyservice] service enable
[Device-http-proxy-proxyservice] quit
[Device] quit
Verifying the configuration
# Display the configuration information about Web server group httpback.
<Device> display http-proxy server-group
Server group name: httpback
Protocol type: http
Server IP addresses: 192.168.1.1:80
192.168.1.2:80
The output shows that the Web server group httpback is configured with the correct protocol type and IPv4 Web servers have been added to the Web server group.
# Display the configuration information about HTTP proxy service proxyservice.
<Device> display http-proxy service proxyservice
Service name: proxyservice
IPv6 address: 2001::1
Domain name: test.gov.cn
Protocol types: HTTP [Server group: httpback]
SSL certificate file: N/A
SSL certificate key-file: N/A
Hyperlink proxy strings: www.hyperlink.org
DNS server: 8.8.8.8
IP pools: 192.168.1.10 to 192.168.1.20
Medialink proxy: Enabled
HTTP proxy operation recording: Enabled
Operation record file path: flash:/httpproxy/20191010.log
HTTP proxy status: Enabled
The output shows that the HTTP proxy service proxyservice is configured with correct parameters and has been enabled.
# Display the content of the HTTP proxy operation recording file generated by HTTP proxy service proxyservice.
<Device> more flash:/httpproxy/20191010.log
[03/Dec/2019:16:11:35 +0800] Client=2001::4 URL=http://test.gov.cn/desert.jpg Server=192.168.1.1:80
[03/Dec/2019:16:11:35 +0800] Client=2001::4 URL=http://test.gov.cn/config.js Server=192.168.1.1:80
[03/Dec/2019:16:11:36 +0800] Client=2001::4 URL=http://test.gov.cn/config.js Server=192.168.1.2:80
[03/Dec/2019:16:11:36 +0800] Client=2001::4 URL=http://test.gov.cn/desert.jpg Server=192.168.1.2:80
The output shows the following:
· The IPv6 host can access the IPv4 Web servers proxied by the HTTP proxy service and the proxy information is correctly recorded in the file, indicating that the HTTP proxy service has taken effect.
· The requests to access the same URL are distributed to different Web servers, indicating that the two Web servers load balance the traffic.
Example: Configuring HTTPS-based HTTP proxy
Network configuration
As shown in Figure 3, configure HTTP proxy on the device to proxy HTTPS requests for the IPv6 host, so that the IPv6 host can access the IPv4 Web servers.
· Specify domain name test.gov.cn for the HTTP proxy service and specify 2001::1/64 as the IPv6 address of the HTTP proxy service.
· Add external hyperlink www.hyperlink.org to be proxied by the HTTP proxy service and enable the external media link proxy feature.
· Specify the DNS server with IP address 8.8.8.8 for the HTTP proxy service.
· Enable the HTTP proxy operation recording.
Figure 4 Network diagram
Prerequisites
Assign IP addresses and subnet mask to interfaces. (Details not shown.)
Make sure the domain name test.gov.cn of the HTTP proxy service can be resolved into the IPv6 address 2001::1/64.
Procedure
1. Upload an SSL certificate file and SSL certificate key file to the device through FTP or TFTP. For more information about FTP and TFTP, configuration, see Fundamentals Configuration Guide.
<Device> tftp 2001::1 get httpproxy.key flash:/cert.key
Press CTRL+C to abort.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 8 100 8 0 0 330 0 --:--:-- --:--:-- --:--:-- 571
Writing file...Done.
<Device> tftp 2001::1 get httpproxy.pem flash:/cert.pem
Press CTRL+C to abort.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 8 100 8 0 0 330 0 --:--:-- --:--:-- --:--:-- 571
Writing file...Done.
2. Configure a Web server group:
# Create Web server group httpsback and enter its view.
<Device> system-view
[Device] http-proxy server-group httpsback
# Add the Web server with IP address 192.168.1.1 and port number 443 to Web server group httpsback.
[Device-http-proxy-server-group-httpsback] ip-address 192.168.1.1 port 443
# Add the Web server with IP address 192.168.1.2 and port number 443 to Web server group httpsback.
[Device-http-proxy-server-group-httpsback] ip-address 192.168.1.2 port 443
# Specify HTTPS as the protocol type of Web server group httpsback.
[Device-http-proxy-server-group-httpsback] protocol-type https
[Device-http-proxy-server-group-httpsback] quit
3. Configure an HTTP proxy service:
# Create HTTP proxy service proxyservice and enter its view.
[Device] http-proxy service proxyservice
# Specify HTTP as the protocol type of HTTP proxy service proxyservice and bind Web server group httpsback to the HTTP proxy service.
[Device-http-proxy-proxyservice] protocol-type https server-group httpsback
# Specify the SSL certificate file cert.pem for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice] ssl certificate file flash:/cert.pem
# Specify the SSL certificate key file cert.key for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice] ssl certificate key-file flash:/cert.key
# Specify DNS server at 8.8.8.8 for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice] dns-server 8.8.8.8
# Specify domain name test.gov.cn for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice] domain-name test.gov.cn
# Specify 2001::1 as the IPv6 address of HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice] ipv6-address 2001::1
# Enable the external media link proxy feature for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice] medialink-proxy enable
# Specify external hyperlink www.hyperlink.org to be proxied by HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice] hyperlink-proxy www.hyperlink.org
# Configure a source IP pool that contains IP addresses 192.168.1.10 to 192.168.1.20 for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice] ip-pool 192.168.1.10 192.168.1.20
# Enable the HTTP proxy operation recording and specify directory flash:/httpproxy/20191010.log for saving the HTTP proxy operation recording file.
[Device-http-proxy-proxyservice] access-record enable file-path flash:/httpproxy/20191010.log
4. Enable the HTTP proxy service.
[Device-http-proxy-proxyservice] service enable
[Device-http-proxy-proxyservice] quit
[Device] quit
Verifying the configuration
# Display the configuration information about Web server group httpsback.
<Device> display http-proxy server-group
Server group name: httpsback
Protocol type: https
Server IP addresses: 192.168.1.1:443
192.168.1.2:443
The output shows that the Web server group httpsback is configured with the correct protocol type and IPv4 Web servers have been added to the Web server group.
# Display the configuration information about HTTP proxy service proxyservice.
<Device> display http-proxy service proxyservice
Service name: proxyservice
IPv6 address: 2001::1
Domain name: test.gov.cn
Protocol types: HTTPS [Server group: httpsback]
SSL certificate file: flash:/cert.pem
SSL certificate key-file: flash:/cert.key
Hyperlink proxy strings: www.hyperlink.org
DNS server: 8.8.8.8
IP pools: 192.168.1.10 to 192.168.1.20
Medialink proxy: Enabled
HTTP proxy operation recording: Enabled
Operation record file path: flash:/httpproxy/20191010.log
HTTP proxy status: Enabled
The output shows that the HTTP proxy service proxyservice is configured with correct parameters and has been enabled.
# Display the content of the HTTP proxy operation recording file generated by HTTP proxy service proxyservice.
<Device> more flash:/httpproxy/20191010.log
[03/Dec/2019:16:11:35 +0800] Client=2001::4 URL=https://test.gov.cn/sert.jpg Server=192.168.1.1:443
[03/Dec/2019:16:11:35 +0800] Client=2001::4 URL=https://test.gov.cn/config.js Server=192.168.1.1:443
[03/Dec/2019:16:11:36 +0800] Client=2001::4 URL=https://test.gov.cn/config.js Server=192.168.1.2:443
[03/Dec/2019:16:11:36 +0800] Client=2001::4 URL=https://test.gov.cn/sert.jpg Server=192.168.1.2:443
The output shows the following:
· The IPv6 host can access the IPv4 Web servers proxied by the HTTP proxy service and the proxy information is correctly recorded in the file, indicating that the HTTP proxy service has taken effect.
· The requests to access the same URL are distributed to different Web servers, indicating that the two Web servers load balance the traffic.
HTTP proxy configuration examples (in IRF mode)
Example: Configuring HTTP-based HTTP proxy
Network configuration
As shown in Figure 3, configure HTTP proxy on the device to proxy HTTP requests for the IPv6 host, so that the IPv6 host can access the IPv4 Web servers.
· Specify domain name test.gov.cn for the HTTP proxy service and specify 2001::1/64 as the IPv6 address of the HTTP proxy service.
· Add external hyperlink www.hyperlink.org to be proxied by the HTTP proxy service and enable the external media link proxy feature.
· Specify the DNS server with IP address 8.8.8.8 for the HTTP proxy service.
· Enable the HTTP proxy operation recording.
Figure 5 Network diagram
Prerequisites
Assign IP addresses and subnet mask to interfaces. (Details not shown.)
Make sure the domain name test.gov.cn of the HTTP proxy service can be resolved into the IPv6 address 2001::1/64.
Procedure
1. Configure a Web server group:
# Create Web server group httpback and enter its view.
<Device> system-view
[Device] http-proxy server-group httpback
# Add the Web server with IP address 192.168.1.1 and port number 80 to Web server group httpback.
[Device-http-proxy-server-group-httpback] ip-address 192.168.1.1 port 80
# Add the Web server with IP address 192.168.1.2 and port number 80 to Web server group httpback.
[Device-http-proxy-server-group-httpback] ip-address 192.168.1.2 port 80
# Specify HTTP as the protocol type of Web server group httpback.
[Device-http-proxy-server-group-httpback] protocol-type http
[Device-http-proxy-server-group-httpback] quit
2. Configure an HTTP proxy service:
# Create HTTP proxy service proxyservice and enter its view.
[Device] http-proxy service proxyservice slot 1
# Specify HTTP as the protocol type of HTTP proxy service proxyservice and bind Web server group httpback to the HTTP proxy service.
[Device-http-proxy-proxyservice-slot1] protocol-type http server-group httpback
# Specify DNS server at 8.8.8.8 for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice-slot1] dns-server 8.8.8.8
# Specify domain name test.gov.cn for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice-slot1] domain-name test.gov.cn
# Specify 2001::1 as the IPv6 address of HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice-slot1] ipv6-address 2001::1
# Enable the external media link proxy feature for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice-slot1] medialink-proxy enable
# Specify external hyperlink www.hyperlink.org to be proxied by HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice-slot1] hyperlink-proxy www.hyperlink.org
# Configure a source IP pool that contains IP addresses 192.168.1.10 to 192.168.1.20 for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice-slot1] ip-pool 192.168.1.10 192.168.1.20
# Enable the HTTP proxy operation recording and specify directory slot1#flash:/httpproxy/20191010.log for saving the HTTP proxy operation recording file.
[Device-http-proxy-proxyservice-slot1] access-record enable record-path slot1#flash:/httpproxy/20191010.log
3. Enable the HTTP proxy service.
[Device-http-proxy-proxyservice-slot1] service enable
[Device-http-proxy-proxyservice-slot1] quit
[Device] quit
Verifying the configuration
# Display the configuration information about Web server group httpback.
<Device> display http-proxy server-group
Server group name: httpback
Protocol type: http
Server IP addresses: 192.168.1.1:80
192.168.1.2:80
The output shows that the Web server group httpback is configured with the correct protocol type and IPv4 Web servers have been added to the Web server group.
# Display the configuration information about HTTP proxy service proxyservice.
<Device> display http-proxy service proxyservice
Service name: proxyservice
IPv6 address: 2001::1
Domain name: test.gov.cn
Protocol types: HTTP [Server group: httpback]
SSL certificate file: N/A
SSL certificate key-file: N/A
Hyperlink proxy strings: www.hyperlink.org
DNS server: 8.8.8.8
IP pools: 192.168.1.10 to 192.168.1.20
Medialink proxy: Enabled
HTTP proxy operation recording: Enabled
Operation record file path: slot1#flash:/httpproxy/20191010.log
HTTP proxy status: Enabled
The output shows that the HTTP proxy service proxyservice is configured with correct parameters and has been enabled.
# Display the content of the HTTP proxy operation recording file generated by HTTP proxy service proxyservice.
<Device> more slot1#flash:/httpproxy/20191010.log
[03/Dec/2019:16:11:35 +0800] Client=2001::4 URL=http://test.gov.cn/desert.jpg Server=192.168.1.1:80
[03/Dec/2019:16:11:35 +0800] Client=2001::4 URL=http://test.gov.cn/config.js Server=192.168.1.1:80
[03/Dec/2019:16:11:36 +0800] Client=2001::4 URL=http://test.gov.cn/config.js Server=192.168.1.2:80
[03/Dec/2019:16:11:36 +0800] Client=2001::4 URL=http://test.gov.cn/desert.jpg Server=192.168.1.2:80
The output shows the following:
· The IPv6 host can access the IPv4 Web servers proxied by the HTTP proxy service and the proxy information is correctly recorded in the file, indicating that the HTTP proxy service has taken effect.
· The requests to access the same URL are distributed to different Web servers, indicating that the two Web servers load balance the traffic.
Example: Configuring HTTPS-based HTTP proxy
Network configuration
As shown in Figure 3, configure HTTP proxy on the device to proxy HTTPS requests for the IPv6 host, so that the IPv6 host can access the IPv4 Web servers.
· Specify domain name test.gov.cn for the HTTP proxy service and specify 2001::1/64 as the IPv6 address of the HTTP proxy service.
· Add external hyperlink www.hyperlink.org to be proxied by the HTTP proxy service and enable the external media link proxy feature.
· Specify the DNS server with IP address 8.8.8.8 for the HTTP proxy service.
· Enable the HTTP proxy operation recording.
Figure 6 Network diagram
Prerequisites
Assign IP addresses and subnet mask to interfaces. (Details not shown.)
Make sure the domain name test.gov.cn of the HTTP proxy service can be resolved into the IPv6 address 2001::1/64.
Procedure
1. Upload an SSL certificate file and SSL certificate key file to the device through FTP or TFTP. For more information about FTP and TFTP, configuration, see Fundamentals Configuration Guide.
<Device> tftp 2001::1 get httpproxy.key slot1#flash:/cert.key
Press CTRL+C to abort.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 8 100 8 0 0 330 0 --:--:-- --:--:-- --:--:-- 571
Writing file...Done.
<Device> tftp 2001::1 get httpproxy.pem slot1#flash:/cert.pem
Press CTRL+C to abort.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 8 100 8 0 0 330 0 --:--:-- --:--:-- --:--:-- 571
Writing file...Done.
2. Configure a Web server group:
# Create Web server group httpsback and enter its view.
<Device> system-view
[Device] http-proxy server-group httpsback
# Add the Web server with IP address 192.168.1.1 and port number 443 to Web server group httpsback.
[Device-http-proxy-server-group-httpsback] ip-address 192.168.1.1 port 443
# Add the Web server with IP address 192.168.1.2 and port number 443 to Web server group httpsback.
[Device-http-proxy-server-group-httpsback] ip-address 192.168.1.2 port 443
# Specify HTTPS as the protocol type of Web server group httpsback.
[Device-http-proxy-server-group-httpsback] protocol-type https
[Device-http-proxy-server-group-httpsback] quit
3. Configure an HTTP proxy service:
# Create HTTP proxy service proxyservice and enter its view.
<Device> system-view
[Device] http-proxy service proxyservice slot 1
# Specify HTTP as the protocol type of HTTP proxy service proxyservice and bind Web server group httpsback to the HTTP proxy service.
[Device-http-proxy-proxyservice-slot1] protocol-type https server-group httpsback
# Specify the SSL certificate file cert.pem for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice-slot1] ssl certificate file slot1#flash:/cert.pem
# Specify the SSL certificate key file cert.key for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice-slot1] ssl certificate key-file slot1#flash:/cert.key
# Specify DNS server at 8.8.8.8 for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice-slot1] dns-server 8.8.8.8
# Specify domain name test.gov.cn for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice-slot1] domain-name test.gov.cn
# Specify 2001::1 as the IPv6 address of HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice-slot1] ipv6-address 2001::1
# Enable the external media link proxy feature for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice-slot1] medialink-proxy enable
# Specify external hyperlink www.hyperlink.org to be proxied by HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice-slot1] hyperlink-proxy www.hyperlink.org
# Configure a source IP pool that contains IP addresses 192.168.1.10 to 192.168.1.20 for HTTP proxy service proxyservice.
[Device-http-proxy-proxyservice-slot1] ip-pool 192.168.1.10 192.168.1.20
# Enable the HTTP proxy operation recording and specify directory slot1#flash:/httpproxy/20191010.log for saving the HTTP proxy operation recording file.
[Device-http-proxy-proxyservice-slot1] access-record enable file-path slot1#flash:/httpproxy/20191010.log
4. Enable the HTTP proxy service.
[Device-http-proxy-proxyservice-slot1] service enable
[Device-http-proxy-proxyservice-slot1] quit
[Device] quit
Verifying the configuration
# Display the configuration information about Web server group httpsback.
<Device> display http-proxy server-group
Server group name: httpsback
Protocol type: https
Server IP addresses: 192.168.1.1:443
192.168.1.2:443
The output shows that the Web server group httpsback is configured with the correct protocol type and IPv4 Web servers have been added to the Web server group.
# Display the configuration information about HTTP proxy service proxyservice.
<Device> display http-proxy service proxyservice
Service name: proxyservice
IPv6 address: 2001::1
Domain name: test.gov.cn
Protocol types: HTTPS [Server group: httpsback]
SSL certificate file: slot1#flash:/cert.pem
SSL certificate key-file: slot1#flash:/cert.key
Hyperlink proxy strings: www.hyperlink.org
DNS server: 8.8.8.8
IP pools: 192.168.1.10 to 192.168.1.20
Medialink proxy: Enabled
HTTP proxy operation recording: Enabled
Operation record file path: slot1#flash:/httpproxy/20191010.log
HTTP proxy status: Enabled
The output shows that the HTTP proxy service proxyservice is configured with correct parameters and has been enabled.
# Display the content of the HTTP proxy operation recording file generated by HTTP proxy service proxyservice.
<Device> more slot1#flash:/httpproxy/20191010.log
[03/Dec/2019:16:11:35 +0800] Client=2001::4 URL=https://test.gov.cn/sert.jpg Server=192.168.1.1:443
[03/Dec/2019:16:11:35 +0800] Client=2001::4 URL=https://test.gov.cn/config.js Server=192.168.1.1:443
[03/Dec/2019:16:11:36 +0800] Client=2001::4 URL=https://test.gov.cn/config.js Server=192.168.1.2:443
[03/Dec/2019:16:11:36 +0800] Client=2001::4 URL=https://test.gov.cn/sert.jpg Server=192.168.1.2:443
The output shows the following:
· The IPv6 host can access the IPv4 Web servers proxied by the HTTP proxy service and the proxy information is correctly recorded in the file, indicating that the HTTP proxy service has taken effect.
· The requests to access the same URL are distributed to different Web servers, indicating that the two Web servers load balance the traffic.
Troubleshooting HTTP proxy
HTTP proxy enabling failure
Symptom
HTTP proxy failed to be enabled.
Analysis
The TCP port number and IPv6 address specified for HTTP proxy might be used by other services.
Solution
To resolve the issue:
1. Execute the display tcp command to display TCP port numbers in use.
2. Enter HTTP proxy service view, execute the protocol-type command to specify a new port as the TCP listening port, and then enable the HTTP proxy service again.
