cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2912
Views
0
Helpful
11
Replies

ACE full URL redirect

Mukund Sandur
Level 1
Level 1

Hi,

I have ACE 4710. My users will be accessing website

www.fcc.com which is mapped to VIP in DNS.

My requirement is that when users access www.fcc.com then ACE should redirect the URL to the following ones

Dear Team,

               Kindly create an new website with the below mentioned details.

Sitename : www.fcc.com

Ip address: 10.52.7.198

               The above mentioned ip address will be given for load balancer. The urls to be mapped in load balancer is given below.

http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD

http://chfccapp02.kvbad.com:9001/forms/frmservlet?config=FCCPROD

Is it possible in ACE. Below is the config which I have planned to deploy.

probe tcp port9001

  port 9001

  interval 5

  passdetect interval 5

  connection term forced

rserver host FCC-APP-WEB1

  ip address 10.52.7.196

  inservice

rserver host FCC-APP-WEB2

  ip address 10.52.7.197

  inservice

rserver redirect FCC-Redirect1

webhost-redirection http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301

inservice

rserver redirect FCC-Redirect2

webhost-redirection http://chfccapp02.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301

inservice

serverfarm host FCC-Dynamic-SF

  description *** FCC Dynamic ServerFarm ***

  probe port10870

  rserver FCC-APP-WEB1

    inservice

  rserver FCC-APP-WEB2

    inservice

serverfarm redirect FCC-App-Redirect

rserver FCC-Redirect1

  inservice

rserver FCC-Redirect2

  inservice

class-map type http loadbalance match-any FCC-Redirect

2 match http header Host header-value "fcc"

class-map match-any FCC-Redirect-VIP

2 match virtual-address 10.52.7.198 tcp any

policy-map type loadbalance first-match FCC-APP

class FCC-Redirect

  serverfarm FCC-App-Redirect

policy-map multi-match PM-MULTI-MATCH

class FCC-Redir-VIP

  loadbalance vip inservice

  loadbalance policy IDAM-REDIR

  loadbalance vip icmp-reply

  Is the config right. The customer is ready to change any URL name or the config to make it work.

11 Replies 11

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi Mukund,

Have never tried the redirection with two redirect servers in a single serverfarm but it doesn't say anywhere that you cannot add more than one. Only thing i notice is that you have mentioned the port on which ACE shall send the traffic at backend. Other than that configuration looks fine. Kindly test and see how it works.

Regards,

Kanwal

Thanks Kanwal,

I was worried whether my base configuration is correct or not. But I didn't get what you are trying to say on the point of port on which ACE shall send the traffic. Is it wrong somewhere.? Client will use web port 80 to access the site fcc.com which should be redirected to the two URLs where the application is working on 9001. Can you please clarify this point

Anyways, we have scheduled downtime in coming weekend. I will test and let you know.

Thanks for your timely advice and support.

Hi Mukund,

If user is coming on port 9001 and servers are listening on port 9001 as well then there is no need to define a port for rservers in serverfarm. If user is coming on a different port and rserver is listening on different port then you need to define a port so that ACE forwards the request at backend on that port. For example, if a user is coming on port 80 but you want that ACE sends the traffic to rserver on port 8000 then you need to do this:

serverfarm host FCC-Dynamic-SF

description *** FCC Dynamic ServerFarm ***

rserver FCC-APP-WEB1 8000

inservice

rserver FCC-APP-WEB2 8000

inservice

Regards,

Kanwal

Hi Kanwal,

Thanks for your quick response.

Still I have some issues..

My webhost redirection URL is http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD.

But ACE was not accepting the "?" in the URL..it was ommiting the "?" from URL.

So I have used the redirection URL as http://chfccapp01.kvbad.com:9001%p

Rserver redirection confiig is as follows

rserver redirect FCC-Redirect1

  webhost-redirection http://chfccapp01.kvbad.com:9001%p

   inservice

rserver redirect FCC-Redirect2

  webhost-redirection http://chfccapp02.kvbad.com:9001%p

   inservice

Even after modifying the URL, users are not able to access the webpage.

When I see the show service-policy command, I am getting connection drops. Attaching the config and the output of "show conn" and "show service-policy" command

Hi Mukund,

For ACE to accept ? in URL you need to press  Ctrl-v before you type the question mark. That way you shall see the ? in configuration and redirection string sent to user.

Are you able to access the server directly with the same URL? Do you see redirection is happening fine?

I will check attachments later and update you.

Regards,

Kanwal

Hi Kanwal,

I got that URL copied as it is with ? included as per you suggestion. Then I came to know that ACE cannot redirect to two different URLs so I changed it only one URL.

Old Config :

Earlier there were two URLs with two redirect servers.

rserver redirect FCC-Redirect1

webhost-redirection http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301

inservice

rserver redirect FCC-Redirect2

webhost-redirection http://chfccapp02.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301

inservice

serverfarm redirect FCC-App-Redirect

  rserver FCC-Redirect1

    inservice

  rserver FCC-Redirect2

    inservice

New Config:

rserver redirect FCC-Redirect1

webhost-redirection http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301

inservice

serverfarm redirect FCC-App-Redirect

  rserver FCC-Redirect1

    inservice

After this config change, ACE is not redirecting traffic to the real servers but only handing over the redirect URL "http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD" to the client. When the client access www.fcc.com, his webpage is redirected to the above URL and then he direclty hits the real server as the redirected URL is mapped to real server IP in DNS. This means that I will have to give direct access to server on port 9001. This behaviour is not which I want. Is this how the URL redirect works?? I am bit naive on this type of ACE config.

I want the client to access www.fcc.com port 80 which should then be redirected to the URL running on real servers on port 9001. The real server should then respond back to VIP on port 80  and then VIP should return the traffic to the client.

Is it possible? Attaching the running config

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi,

After redirect the user shall come on a different VIP. For that you should change DNS mapping. The redirect url shall point to Ace vip and not real server ip.

Regards,
Kanwal

Sent from Cisco Technical Support iPhone App

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Also you have 9001 in redirect url so you should have vip listening on port 9001. If i am not wrong if the user comes with the above url then destination port will be 9001 and not 80.

Regards,
Kanwal

Sent from Cisco Technical Support iPhone App

Thanks Kanwal for a excellent solution ..

But is it mandatory that I should keep the redirect URL on 9001.

Probably I will change the URL to 80 itself and then new VIP translating from 80  to 9001.

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi,

Yes you can make the user come on port 80 and let ace send the traffic at backend on port 9001. That adds extra layer of security by not exposing the real server port.

Regards,
Kanwal

Sent from Cisco Technical Support iPhone App

Hi Kanwal,

Thanks for all the feedback...Its absolutely working fine...both the redirection and then redirected URL also load-balanced via new VIP.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: