07-20-2011 07:44 AM
All,
I have a number of web sites that are currently being load balanced by CSS 11503s runninng 8x code. I was recently requested to configure HTTP --> HTTPS redirects on the CSS for every site. In the past, I have only configured the redirects for sites that had a requirement. Now it appears that the server teams want all content encrypted.
1) What impact will this have on the CPU?
2) What impact will this have on Memory utilization?
3) Is there a maximum nubmer on redirects?
4) Are there other things I should be concerned about?
Thanks!
07-22-2011 07:48 PM
Hi Kevin,
It depends on the number of sites that you're currently load balancing. For example if you're currently doing load balance for say 20+ sites and most of them have L5 "inspection" then you'll be moving all that config to a single layer 5 content rule per VIP with a wildcard URL "/*" so you actually will end up saving resources along with configuration lines.
I don't see the hard numbers for how many redirects you can configure I think that's because there are two ways of configuring HTTP redirection but I do know it goes hand-to-hand with the HW module 11501/11503/11506, the
available RAM (256/512) and most importantly the number of configuration lines which should not exceed 8K per design.
HTH
__ __
Pablo
07-25-2011 06:10 AM
I took a look at a few of the larger configs and they are typically under 4K.
Below is some info on the system memory:
System Resources for 1/1:
Installed Memory: 268,435,456 (256 MB)
Free Memory: 126,424,176 (120 MB)
service bea-ssl-transfer
ip address 3.3.3.3
keepalive type none
type redirect
no prepend-http
domain "
"
active
System Resources for 1/1:
Installed Memory: 268,435,456 (256 MB)
Free Memory: 126,424,176 (120 MB)
I am currently configuring my redirects in the below manner:
service app-ssl-transfer
ip address 3.3.3.3
keepalive type none
type redirect
no prepend-http
domain "https://app.my-fqdn.com"
active
I am not sure I understand your example. You mention being able to save configuration lines, but I am not clear how. Would you be so kind as to insert a config snippet?
Thanks!!
07-25-2011 10:01 AM
Hi Kevin,
As I mentioned there are two ways of doing redirects with the CSS, first is using services type redirect as you're doing and the second is using a redirect as a default action under a L5 content rule (this is where you would save some config lines).
i.e Let's say you have the site www.abz.com with 1 URI www.abz.com and www.abz.com/news; where news is balanced to a different server cluster.
In this case the configuration would look like this:
content ABZ
port 80
protocol tcp
vip address 192.168.10.10
add service Web-1
add service Web-2
url "/*"
active
content ABZ-News
port 80
protocol tcp
vip address 192.168.10.10
add service Web-3
add service Web-4
url "/news/*"
active
Now if you want to redirect all the content to HTTPS regardless of the URI to the main site https:///www.abz.com then you can just do a single content rule like this:
content ABZ
port 80
protocol tcp
vip address 192.168.10.10
url "/*"
redirect "https://www.abz.com"
active
If you do need to keep the URI after the redirection; for example the new request to be like https://www.abz.com/news/ then you would do it with the type service redirect and the domain option as you're currently doing it.
HTH
__ __
Pablo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide