cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
749
Views
0
Helpful
3
Replies

CSM: Balancing to real URLs instead to Realservers ???

hakan.topcu
Level 1
Level 1

Hi there,

I got the following request:

A virtual server should be balanced to two realservers, but not simply to an IP, but to a specific port and a specific location on those servers, lets say to:

realserver1:8002/location” and “realserver2:8002/location

The virtual server should be available only by SSL, e.g. by “https://10.10.10.10

http connects should be automatically redirected to https.

My idea was to build a vserver (vserver1) listening on port 443, that virtualizes “realserver[1/2]:8002” by configuring the two reals in a farm with port 8002:

serverfarm farm1

real name realserver1 8002

real name realserver2 8002

and to configure two vservers (vserver2 and 3) with a farm, that redirects http and https requests to 10.10.10.10 to the above vserver1 appended by the location in the URL, e.g.:

serverfarm sfarm-redirect

redirect-server vserver-redirect

   webhost relocation https://vserver1/location

Any comments if this would work, or is there a more simple way to realize this scenario?

Thanks in advance

Hakan

3 Replies 3

litrenta
Level 3
Level 3

this is how you would do it. then you would have a vserver listening to the vip on

port 80 pointing to the redirect farm , and a vserver on port 443 loadbala

ncing to the farm. Are terminating ssl on an sslm or is

this a csm-s ?

This is a simple CSM WS-X6066-SLB-APC with Software release 4.3(1), without SSL module. SSL should terminate on realservers.

Is this a valid, or a common configuration for such a requirement above?

Or is there another way to configure this scenario?

Thanks

Hakan,

for SSL connections if you do not terminate them on the loadbalancer there is no way that the loadbalancer can anyhow modify the request or issue a redirect. The reason for the limitiation is that with SSL connection the CSM won't have the chance to parse the HTTP traffic as this will be in the encrypted payload of the SSL flow, without access to the underlying HTTP it cannot see the requested URL or HOST nor it can issue an HTTP redirect.

Hope it helps,

Francesco

Review Cisco Networking for a $25 gift card