01-11-2014 06:47 PM
Hi,
I have ACE 4710. My users will be accessing website
www.fcc.com which is mapped to VIP in DNS.
My requirement is that when users access www.fcc.com then ACE should redirect the URL to the following ones
Dear Team,
Kindly create an new website with the below mentioned details.
Sitename : www.fcc.com
Ip address: 10.52.7.198
The above mentioned ip address will be given for load balancer. The urls to be mapped in load balancer is given below.
http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD
http://chfccapp02.kvbad.com:9001/forms/frmservlet?config=FCCPROD
Is it possible in ACE. Below is the config which I have planned to deploy.
probe tcp port9001
port 9001
interval 5
passdetect interval 5
connection term forced
rserver host FCC-APP-WEB1
ip address 10.52.7.196
inservice
rserver host FCC-APP-WEB2
ip address 10.52.7.197
inservice
rserver redirect FCC-Redirect1
webhost-redirection http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301
inservice
rserver redirect FCC-Redirect2
webhost-redirection http://chfccapp02.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301
inservice
serverfarm host FCC-Dynamic-SF
description *** FCC Dynamic ServerFarm ***
probe port10870
rserver FCC-APP-WEB1
inservice
rserver FCC-APP-WEB2
inservice
serverfarm redirect FCC-App-Redirect
rserver FCC-Redirect1
inservice
rserver FCC-Redirect2
inservice
class-map type http loadbalance match-any FCC-Redirect
2 match http header Host header-value "fcc"
class-map match-any FCC-Redirect-VIP
2 match virtual-address 10.52.7.198 tcp any
policy-map type loadbalance first-match FCC-APP
class FCC-Redirect
serverfarm FCC-App-Redirect
policy-map multi-match PM-MULTI-MATCH
class FCC-Redir-VIP
loadbalance vip inservice
loadbalance policy IDAM-REDIR
loadbalance vip icmp-reply
Is the config right. The customer is ready to change any URL name or the config to make it work.
01-12-2014 08:31 AM
Hi Mukund,
Have never tried the redirection with two redirect servers in a single serverfarm but it doesn't say anywhere that you cannot add more than one. Only thing i notice is that you have mentioned the port on which ACE shall send the traffic at backend. Other than that configuration looks fine. Kindly test and see how it works.
Regards,
Kanwal
01-13-2014 03:09 AM
Thanks Kanwal,
I was worried whether my base configuration is correct or not. But I didn't get what you are trying to say on the point of port on which ACE shall send the traffic. Is it wrong somewhere.? Client will use web port 80 to access the site fcc.com which should be redirected to the two URLs where the application is working on 9001. Can you please clarify this point
Anyways, we have scheduled downtime in coming weekend. I will test and let you know.
Thanks for your timely advice and support.
01-13-2014 07:23 AM
Hi Mukund,
If user is coming on port 9001 and servers are listening on port 9001 as well then there is no need to define a port for rservers in serverfarm. If user is coming on a different port and rserver is listening on different port then you need to define a port so that ACE forwards the request at backend on that port. For example, if a user is coming on port 80 but you want that ACE sends the traffic to rserver on port 8000 then you need to do this:
serverfarm host FCC-Dynamic-SF
description *** FCC Dynamic ServerFarm ***
rserver FCC-APP-WEB1 8000
inservice
rserver FCC-APP-WEB2 8000
inservice
Regards,
Kanwal
01-13-2014 11:06 AM
Hi Kanwal,
Thanks for your quick response.
Still I have some issues..
My webhost redirection URL is http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD.
But ACE was not accepting the "?" in the URL..it was ommiting the "?" from URL.
So I have used the redirection URL as http://chfccapp01.kvbad.com:9001%p
Rserver redirection confiig is as follows
rserver redirect FCC-Redirect1
webhost-redirection http://chfccapp01.kvbad.com:9001%p
inservice
rserver redirect FCC-Redirect2
webhost-redirection http://chfccapp02.kvbad.com:9001%p
inservice
Even after modifying the URL, users are not able to access the webpage.
When I see the show service-policy command, I am getting connection drops. Attaching the config and the output of "show conn" and "show service-policy" command
01-13-2014 11:13 AM
Hi Mukund,
For ACE to accept ? in URL you need to press Ctrl-v before you type the question mark. That way you shall see the ? in configuration and redirection string sent to user.
Are you able to access the server directly with the same URL? Do you see redirection is happening fine?
I will check attachments later and update you.
Regards,
Kanwal
01-16-2014 09:00 PM
Hi Kanwal,
I got that URL copied as it is with ? included as per you suggestion. Then I came to know that ACE cannot redirect to two different URLs so I changed it only one URL.
Old Config :
Earlier there were two URLs with two redirect servers.
rserver redirect FCC-Redirect1
webhost-redirection http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301
inservice
rserver redirect FCC-Redirect2
webhost-redirection http://chfccapp02.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301
inservice
serverfarm redirect FCC-App-Redirect
rserver FCC-Redirect1
inservice
rserver FCC-Redirect2
inservice
New Config:
rserver redirect FCC-Redirect1
webhost-redirection http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD 301
inservice
serverfarm redirect FCC-App-Redirect
rserver FCC-Redirect1
inservice
After this config change, ACE is not redirecting traffic to the real servers but only handing over the redirect URL "http://chfccapp01.kvbad.com:9001/forms/frmservlet?config=FCCPROD" to the client. When the client access www.fcc.com, his webpage is redirected to the above URL and then he direclty hits the real server as the redirected URL is mapped to real server IP in DNS. This means that I will have to give direct access to server on port 9001. This behaviour is not which I want. Is this how the URL redirect works?? I am bit naive on this type of ACE config.
I want the client to access www.fcc.com port 80 which should then be redirected to the URL running on real servers on port 9001. The real server should then respond back to VIP on port 80 and then VIP should return the traffic to the client.
Is it possible? Attaching the running config
01-16-2014 09:10 PM
Hi,
After redirect the user shall come on a different VIP. For that you should change DNS mapping. The redirect url shall point to Ace vip and not real server ip.
Regards,
Kanwal
Sent from Cisco Technical Support iPhone App
01-16-2014 09:12 PM
Also you have 9001 in redirect url so you should have vip listening on port 9001. If i am not wrong if the user comes with the above url then destination port will be 9001 and not 80.
Regards,
Kanwal
Sent from Cisco Technical Support iPhone App
01-16-2014 09:18 PM
Thanks Kanwal for a excellent solution ..
But is it mandatory that I should keep the redirect URL on 9001.
Probably I will change the URL to 80 itself and then new VIP translating from 80 to 9001.
01-16-2014 09:32 PM
Hi,
Yes you can make the user come on port 80 and let ace send the traffic at backend on port 9001. That adds extra layer of security by not exposing the real server port.
Regards,
Kanwal
Sent from Cisco Technical Support iPhone App
01-17-2014 11:47 PM
Hi Kanwal,
Thanks for all the feedback...Its absolutely working fine...both the redirection and then redirected URL also load-balanced via new VIP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide