cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
891
Views
0
Helpful
3
Replies

Cisco ACE balance for source?

Hello,

I have a Cisco ACE with a server farm "intranet" with real servers rsrv1 and rsrv2 (round robin) and i have two sites A (IP Address A) and B (IP Address B) in the WAN. I want to that Site A conect to ACE 4710 via VIP, but this connection will be to srv1 and Site B conect to ACE 4710 via VIP, but this connection will be to srv2. it is posible?

Regards

Alvaro

3 Replies 3

pablo.nxh
Level 3
Level 3

Hello Alvaro,

You can do this with L7 policy match on the ACE. You just need to do create new serverfarms where you will

include only serverfarm A and B separately.

serverfarm host A

  rserver RA

    inservice

serverfarm host B

  rserver RB

    inservice

serverfarm host Mixed

  rserver RA

    inservice

  rserver RB

    inservice

- Same virtual for both sites.

class-map match-any Web

  2 match virtual-address 192.168.10.10 tcp eq www

- Here you would match the HTTP header of your websites (if your sites happen to be encrypted you would need to

do the SSL offloading in the ACE).

class-map type http loadbalance match-aany Host-A

  2 match http header Host header-value "mysite-a.com"

class-map type http loadbalance match-all Host-B

  2 match http header Host header-value "mysite-b.com"

- Then you do your first match policy. This is a login "OR" so supposing there's a generic 3rd web site that doesn't match A or B then class-default will take care of the traffic and will end up load balancing the traffic.

policy-map type loadbalance first-match External

  class Host-A

    serverfarm A

  class Host-B

    serverfarm B

  class class-default

    serverfarm Mixed

policy-map multi-match LoadBalance

  class Web

    loadbalance vip inservice

    loadbalance External

    loadbalance vip icmp-reply active

HTH

__ __

Pablo

Hello Pablo,

I need configure this, but without indicate "mysite-b.com" and "mysite-a.com". I need that Site A and B be for IP address, for example:

Regards

Alvaro

thats easy...just use the "match source-address" command instead of "header http..."

Review Cisco Networking for a $25 gift card