ACE loadbalancing to different serverfarm for URL subdirectory

David Niemann · ‎03-20-2013

I have a current load balance configuration for testing. I want to be able to use the same virtual address, but then specify a subdirectory and have it load balance to a different serverfarm. I'm guessing I can use the same policy map, but insert a new class above the default class, but i'm not sure how that can utilize the same ssl proxy and sticky server farm. Applicable config below:

crypto chaingroup EntrustChainGroup
cert EntrustChain.cer

rserver host RS_MIDTIER_222
description orlwebrmd222
ip address 172.31.0.133
inservice

rserver redirect RS_SSL_Redirects
webhost-redirection https://%h/%p 301
inservice

action-list type modify http SSL_URL_REWRITE
ssl url rewrite location ".*"

serverfarm redirect SF_SSL_Redirects
predictor leastconns
rserver RS_SSL_Redirects
inservice
serverfarm host SF_servicedesk2_dev
predictor leastconns
probe APACHE
probe ICMP
rserver RS_MIDTIER_222 80
inservice

ssl-proxy service SSL_PSERVICE_servicedesk2_dev
key servicedesk2-dev.key
cert servicedesk2-dev.crt
chaingroup EntrustChainGroup

sticky http-cookie JSESSIONID Sticky_Jsession_servicedesk2_dev
timeout 90
serverfarm SF_servicedesk2_dev

class-map match-any VS_SSL_Redirects
description Redirects any http VIPS to https
16 match virtual-address 172.31.0.50 tcp eq www

class-map match-any VS_servicedesk2_dev_L3SLB
description servicedesk2-dev
2 match virtual-address 172.31.0.50 tcp eq https

policy-map type loadbalance first-match SSL_Redirect_L4SLB
class class-default
    serverfarm SF_SSL_Redirects
policy-map type loadbalance http first-match servicedesk2_dev_L4SLB
class class-default
    sticky-serverfarm Sticky_Jsession_servicedesk2_dev
    action SSL_URL_REWRITE

policy-map multi-match Farm_VIPS
class VS_SSL_Redirects
    loadbalance vip inservice
    loadbalance policy SSL_Redirect_L4SLB
class VS_servicedesk2_dev_L3SLB
    loadbalance vip inservice
    loadbalance policy servicedesk2_dev_L4SLB
    loadbalance vip icmp-reply active
    ssl-proxy server SSL_PSERVICE_servicedesk2_dev

interface vlan 100
description naportal ACE frontside
bridge-group 1
access-group input BPDUALLOW
access-group input ALL
service-policy input Farm_VIPS
no shutdown

Cesar Roque · ‎03-20-2013

Hi David,

If I'm understanding this correctly, you need to laodbalance the traffic based on the URL. In that case, you can do something like this;

policy-map type loadbalance http first-match servicedesk2_dev_L4SLB

match URL http url /example

servefarm example

class class-default

sticky-serverfarm Sticky_Jsession_servicedesk2_dev

action SSL_URL_REWRITE

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

David Niemann · ‎03-20-2013

I figured it out. I had to add the lines below. Created a new rserver, new serverfarm, new sticky serverfarm and class map for the subdirectory /webpool/.*. Then modified the policy-map for the main web site. This seemed to do the trick. The class default in the policy map still sends traffic to the original serverfarm and when the /webpool/ subdirectory is specified it sends the clients to the serverfarm that I added.

rserver host RS_ORWWEBRPT221

description orwwebrpt221.naportal.com

ip address 172.31.0.112

inservice

serverfarm host SF_WEBREPORT_TEST

description testing subdirectory NLB

predictor leastconns

probe ICMP

probe PROBE_TCP_80

rserver RS_ORWWEBRPT221 80

inservice

sticky http-cookie JSESSIONID Sticky_Jsession_WebReport_Test

timeout 90

serverfarm SF_WEBREPORT_TEST

class-map type http loadbalance match-any VS_WebReport_Test

2 match http url /webpool/.*

and modified the policy map

policy-map type loadbalance http first-match servicedesk2_dev_L4SLB
class VS_WebReport_Test
    sticky-serverfarm Sticky_Jsession_WebReport_Test
    action SSL_URL_REWRITE
class class-default
    sticky-serverfarm Sticky_Jsession_servicedesk2_dev
    action SSL_URL_REWRITE