Author: Valter Popeskic

This will be a short Reverse Proxy Caching Overview that will explain what proxy is and what is reverse proxy all about.

Normal proxy cache topology is one where the server called proxy server will be some kind of intermediate device between client and server. Proxy will receive all requests from clients and it will forward those requests to servers. The clients will think that the proxy is really the server with the content and the server will think that the Proxy is really the client asking for some resources. Proxy server is used to intercept the communication from client and evaluate the request or control the request for security reasons. On other side clients are sometimes using proxy servers to hide their identity and location because server will only see the location and IP address of proxy server and it will think that that is really the client.

We can say, normal proxy is when proxy server is proxy for clients.

In the reverse proxy, the reverse proxy server acts as a proxy for the server.

Reverse proxy is used for replication of content to different far locations and in other case for replication of content for load balancing.

What is Wildcard Masking?

Wildcard mask is like any other computer IP address basically a group od zeroes and ones (o and 1). To be short, in wildcard mask all number one (1) mean “I don’t care about that position”, and all zeroes (0) mean “I care about that position in binary address”. Let’s take an example where Access list with wildcardmask will be able to deny fourth subnet and alow next four and so on for all /24 subnets of 192.168.0.0/16 supernetwork.

In the access-list we put an  0.0.0.0 255.255.251.255 network;

We know that 255 means 1111 1111 in binary.
We know that 251 means 1111 1011 in binary.

In the 0.0.0.0 255.255.251.255 line we could change 0.0.0.0 to any other kind of 1.1.0.1 23.23.0.33 because in this situation our ACL will not care about the bits in the first, second and last octet. We could write 192.168.0.0 it will fit in our example.

One more thing to make myself more clear. If we use deny 192.168.0.0 255.255.251.255 in ACL, this ACL will not filter only 192.168.0.0/16 network, but every network in the whole 32bit range from 0.0.0.0 to 255.255.255.255 in which third octet has an zero (0) in 6th position. To filter only those subnets that are part of 192.168.0.0/16 supernet we would need to use deny 192.168.0.0 0.0.251.255 because in that way we will say that we care about first and second octet of the address.

Example:

Cisco device will not send log messages to your terminal session by default. That means that you will see log messages in putty only if you are connected to console port but if you connect with telnet or SSH you will not get log messages. Here’s how to resolve this:

Stateless autoconfiguration or SLAAC

SLAAC is a method in which the host or router interface is assigned a 64-bit prefix, and then the last 64 bits of its address are derived by the host or router with help of EUI-64 process which is described in next few lines. SLAAC uses NDP protocol to work.

As the format of the EUI-64 format is seen quite frequently, covering its details seems important too.

L2TP Attributes Summary

Projected L2TP standard was made available in the year 1999 by means of RFC 2661. It was originated primarily from two different tunneling protocols, named as: Point-to-Point communication protocol and PPTP (Point to Point Tunneling protocol). In other words, L2TP (Layer 2 Tunnel Protocol) is an up-and-coming IETF (Internet Engineering Task Force) standard that came in front with the traits of two on-hand tunneling protocols, named as: Cisco’s L2F  (Layer 2 Forwarding) and Microsoft’s PPTP (Point-to-Point Tunneling Protocol). L2TP protocol is actually an expanded form of the PPP (a significant constituent for VPNs).