Showing results for 
Search instead for 
Did you mean: 


Ace url


I have two servers to be balanced on port 80, but I received a request, from the team that makes the maintenance of these servers, to when anyone introduce a specific url, the access is always made through the same server.

This can be done? I have to use the match http url, or is it better to use the match http header?


Borys Berlog
Cisco Employee


It depends on what exactly they mean.

I mean - do they ask if URL = that traffic always need to go to server #1

or they ask if URL = - traffic can go to any server first but then must sticky to this server.

With first case I'd say the best way is just to create separate serverfarm, place there this server #1 and then use match http url class in level 7 policy map (assuming that host part is the same and resolved to the same VIP)

In second case - different options are available and it's better to clarify, but generally - it can be the same + some kind of stickiness.

Hi Borys

the idea is like this:

if you access the url the traffic is balanced, if you access the url the traffic goes always to the server 1 for example.


In this case your first idea about url matching is absolutely correct.

L7 class map

class-map type http loadbalance L7-C

match http url /123

than you have serverfarm S1 which contains both of your servers and serverfarm S2 with contains only server #1

then in L7 policy map :

policy-map type load fir L7-p

class L7-C

serverfarm S2

class class-default

serverfarm S1

And than use it for necessary VIP

One note regarding URL matching (from my experience it's  quite often confusing


E.g. you have url in your browser like: http:/

however when browser opens a connection - this URL can't be seen anywhere, it will be used like this :

-IP address of will be determined and used in L3 header

- in L7, http header this part will be used in header field "Host"

- this part /test/test.php will be placed in GET request , like GET /test/test.php HTTP1.1 (e.g.)

So, url matching in ACE actually matches  part which is in GET field , so you can't put there something like, as host part is never in GET field. And actually URL as we see it in browser is never sent.

anything of this kind:

serverfarm host Serverfarm_HTTP
  probe KPalive_HTTP
  rserver Server1
  rserver Server2

serverfarm host Serverfarm_URL
  probe KPalive_HTTP
  rserver Server1

sticky ip-netmask address source Sticky_HTTP
  timeout 30
  replicate sticky
  serverfarm Serverfarm_HTTP

class-map match-all CLA4_HTTP
  2 match virtual-address tcp eq www

class-map type http loadbalance Cla7_URL
  2 match http url /123

policy-map type loadbalance first-match POL7_HTTP
  class Cla7_URL 
    serverfarm Serverfarm_URL 
  class class-default
    serverfarm Serverfarm_Portal

policy-map multi-match POL4_HTTP
  class CLA4_HTTP
    loadbalance vip inservice
    loadbalance policy POL7_HTTP
    loadbalance vip icmp-reply active

interface vlan 15
  description Frontend
  ip address
  peer ip address
  no icmp-guard
  access-group input ACL_PermitAll
  access-group output ACL_PermitAll
  service-policy input POL4_HTTP

thanks for the help

Anyone confirm this?

Thank you all