Technical data
56 ServerIron ADX Advanced Server Load Balancing Guide
53-1002435-03
Other transparent cache switching options
2
Enabling cache server spoofing support
In TCS, when a client makes a request for HTTP content on the Internet, the ServerIron ADX directs 
the request to a cache server, rather than to the Internet. If the requested content is not on a cache 
server, it is obtained from a Web server of origin on the Internet, stored on a cache server to 
accommodate future requests, and sent from the cache server back to the requesting client.
NOTE
You cannot use the cache server spoofing feature with the reverse proxy SLB feature on the same 
ServerIron ADX. 
When a cache server makes a request for content from the origin server, it can perform one of the 
following actions:
• The cache server replaces the requesting client's IP address with its own before sending the 
request to the Internet. The origin server then sends the content to the cache server. The 
cache server stores the content and sends it to the requesting client, changing the source IP 
address from its own to the origin server's IP address.
• The cache server does not replace the requesting client's IP address with its own. Instead, the 
cache server sends the request to the Internet using the requesting client's IP address as the 
source. This allows the origin server to perform authentication and accounting based on the 
client’s IP address, rather than the cache server’s IP address. This functionality is known as 
cache server spoofing.
When cache server spoofing support is enabled, the ServerIron ADX does the following with 
requests sent from a cache server to the Internet.
1. The ServerIron ADX looks at the MAC address to see if the packet is from a cache server. Note 
that the ServerIron ADX and the cache server cannot be separated by any router hops; they 
must be on the same physical segment. The ServerIron ADX uses an ARP request to get the 
MAC address of each configured cache server.
2. If the MAC address indicates that the packet is from a cache server, the ServerIron ADX checks 
the source IP address. If the source IP address does not match the cache server's IP address, 
the ServerIron ADX concludes that this is a spoofed packet.
3. The ServerIron ADX creates a session entry for the source and destination (IP address and 
port) combination, and then sends the request to the Internet.
When the origin server sends the content back, the ServerIron ADX looks for a session entry that 
matches the packet. If the session entry is found, the ServerIron ADX sends the packet to the 
appropriate cache server.
To enable cache server spoofing support, enter commands such as the following.
ServerIronADX(config)# server cache-group 1
ServerIronADX(config-tc-1)# spoof-support
Syntax: [no] spoof-support
The no form of the command disables cache server spoofing support. Cache server spoofing 
support is disabled by default.
To display the number of spoofed packets encountered by the ServerIron ADX, enter the following 
command.










