Solved: Re: ACE, source based decision.

Andriy.Ruban · ‎01-17-2012

Hi guys,

I have a bit none standard task, I need to use only one VIP but depends on the customer source address I have to forward traffic to two different serverfarms.

For instance if request is going from the network 192.168.0.0/16 it should be forwarded to ServF-A

If it goes from 10.0.0/8 to ServF-B.

Is that possible to realize something like that ?

Regards,

Andriy

Daniel Arrondo Ostiz · ‎01-18-2012

Hi Andriy,

What you are trying to achieve is quite common and easy to do with the ACE.

You just need to define two different L7 classes with different "match source-address" statements and associate each of them to a serverfarm.

I would recommend you to read the L7 load-balancing section of the configuration guide (

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/classlb.html#wp1131739). It should give you all the information you need.

If you still have any questions after reading the documentation, let me know. I'll do my best to answer them.

Regards

Daniel

View solution in original post

Daniel Arrondo Ostiz · ‎01-18-2012

Hi Andriy,

What you are trying to achieve is quite common and easy to do with the ACE.

You just need to define two different L7 classes with different "match source-address" statements and associate each of them to a serverfarm.

I would recommend you to read the L7 load-balancing section of the configuration guide (

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/classlb.html#wp1131739). It should give you all the information you need.

If you still have any questions after reading the documentation, let me know. I'll do my best to answer them.

Regards

Daniel

Andriy.Ruban · ‎01-18-2012

Hi Daniel,

I found my mistake, if we can call it as a mistake

Yesterday I was using just a class-maps (without any types) to define source ranges but then with applying those classes in policy-maps ACE complained that this class is not expected to be here or also Error: Specified class-map is not consistent with the policy-map type, depends on the configuration I tried to create.

I just tried to create

class-map match-any NAME and then use it in the policy-map type loadbalance first-match NAME

but I have to create class-map type http to use it in the policy-map type loadbalance first-match NAME

or to create class-map type generic NAME and use it in the policy-map type loadbalance generic first-match NAME, both configurations are working.

Maybe I`m not understanding the main idea of all those types but this stuff is quite confusing...

Would you please to explain my main mistake in the association between class-map type and policy-map.

Thank you.

Daniel Arrondo Ostiz · ‎01-18-2012

Hi Andriy,

Normal class-maps are used to define the L4 information of a VIP (mainly address and port). These classes are then configured under a multi-match policy-map and associated to an interface.

The class-maps defined by type, however, are designed to match on L7 parameters (HTTP URL, cookies...). These are defined under a load-balance policy-map and then associated with a L4 class.

The idea is that the ACE will first match on the L4, and then, go into the load-balance policy-map and try to match on the different L7 classes.

You're case is a bit more complex to understand because common sense says that source address should be a L4 parameter, and in a way it is. It is possible to define a VIP by a combination of destination address and source address (it would be a match-all class map), but it is normally preferred to define it as a L7 parameter because most people consider L4 the "basic" load-balancing parameters and L7 the "advanced" ones.

I hope this makes it more clear

Daniel

Andriy.Ruban · ‎01-24-2012

Hi Daniel,

Yes, now it`s more clear, thank you!