10-28-2010 06:15 AM
Hi Guys
I need some advice regarding the Cisco ACE design. I am designing a solution for a pair of Cisco ACE devices which needs to load balance between 2 https website address. The first website is supported by 2 servers and the second by a single server. I want to to know the best way t implement as well as ACE failover considerations. I am confused whether I need to use contexts or just 2 server farms and 2 VIP in a single context. Also I would like to do a SSL offload in the ace as well. I am planning for One-Arm mode design. Also I need clarification of which load balancing algorithm should be used and by default which is enabled.
Many thanks in advance.
Regards
Vino
09-20-2011 03:17 PM
Hi Chris,
Thank you so much for this. I am going to test both concept and will let you know how it went.
Kind Regards,
Jim
09-23-2011 07:54 AM
Hi Chris,
Thank you so much for your help. Its working fine.
However, I had another issue, the servers that would be hosting the services have some kind of url that the client would access along with the vip.
Currently, I requested them to change it to the same domain as the same parameter I would have when I buy the wild card certificate. But, I was just wondering is it possible for the ace to redirect the clients to their specific url once they hit the vip.
Kind Regards,
Jim
09-23-2011 10:34 AM
Jim-
That is actually very easy to do on ACE. You just need to know what the initial URL is and the URL that you would like to redirect to.
First, you need to add 2 classes which match the URL that your client initially request + the domain:
class-map type http loadbalance match-any Domain1
3 match http header Host header-value "www\.cisco\.com"
class-map type http loadbalance match-any Domain1-URL
3 match http header Host header-value "www\.cisco\.com"
4 match http url "/login.html"
class-map type http loadbalance match-any Domain2
2 match http header Host header-value "mail\.cisco\.com"
class-map type http loadbalance match-any Domain2-URL
2 match http header Host header-value "mail\.cisco\.com"
3 match http url "/login.html"
Then you need to create the redirect rserver and serverfarm:
rserver redirect Domain1Redirect
webhost-redirection /newloginpage/index.html
inservice
rserver redirect Domain1Redirect
webhost-redirection /newloginpage/index.html
inservice
serverfarm redirect Domain1RedirectFarm
rserver Domain1Redirect
inservice
serverfarm redirect Domain2RedirectFarm
rserver Domain1Redirect
inservice
Then you need to update the loadbalance policy map to include the 2 new classes. Be sure to add them in the order below:
policy-map type loadbalance http first-match LBPM
class Domain1-URL
serverfarm Domain1Redirect
class Domain1
serverfarm Domain1Servers
class Domain2-URL
serverfarm Domain2Redirect
class Domain2
serverfarm Domain2Servers
With this configuration, whenever a user accesses mail.cisco.com/login.html, they will be redirected to mail.cisco.com/newloginpage/index.html
There are actually some really cool things you can do with redirects in general. Say your client accesses mail.cisco.com/stuff/index.html or mail.cisco.com/login/pictures.html. You need to match any pages the client accesses in the /stuff/ folder and redirect the client to the mail.cisco.com/newlogin/stuff/X where x is the same page/object the client initially accessed.. You class map would match http url "/stuff/.*"
And instead of:
rserver redirect Domain1Redirect
webhost-redirection /newloginpage/stuff/index.html
inservice
Use this:
rserver redirect Domain1Redirect
webhost-redirection /newloginpage/%p
inservice
%p copies the entire url and pastes it in after the expression you enter. %h copies the host header that the client sent as well. %h is useful where you need to send the client to a new protocol. I.e. you match http, but want to send the client to https.
i.e.:
rserver redirect Domain1Redirect
webhost-redirection https://%h/newloginpage/%p
inservice
Regards,
Chris
09-26-2011 09:50 AM
Hi Chris,
Sorry for not getting back earlier.
Just have been really busy with the design architecture.
However, the information you provided sounds brilliant.
I am going to test the concept and will let you know how it went.
Thanks a lot again for your valuable advice.
Kind Regards,
Jim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide