09-21-2005 06:15 AM
Is it possible to create an slb policy using a single SSL Virtual Server that will redirect based on url, to a different port on the serverfarm. I've got a virtual server configured now without policies listening on port 443, which flows to a serverfarm that is running IIS, it works fine. Could I create a policy based on a url map that would redirect traffic to a different ssl port on the serverfarm. In other words the IIS server would be configured to listen on port 443 for one web site, and 444 on the other. Clients accessing the site would only see the standard HTTPS server. For example clients accessing https:\\xyz.com would be forwarded to port 443, clients accessing https:\\abc.com would be forwarded to port 444, again using the same serverfarm. I'm pretty sure I can make this work by multi-homing the web servers and creating two different serverfarms, but I was wondering if I could do this just using an slb-policy and associated url map.
Thanks.
09-21-2005 10:24 PM
First, there is no way to change the destination port with a policy. The only way is by creating serverfarm with the appropriate port.
Then, since your traffic is encrypted, the CSM [or any other device] is not able to see the content of the traffic and therefore is not able to see the url.
Thus, a url-map is never possible on HTTPS traffic.
So, you need to create 2 different serverfarm, one for port 443 and another one for port 444 and then you need 2 vserver using 2 different ip addresses - one for each website.
Regards,
Gilles.
Thanks for rating this answer.
09-22-2005 03:57 AM
Thanks Gilles,
I appreciate the fast response.
02-14-2006 08:54 AM
Giles,
How do you "create a serverfarm with the appropriate port?" It seems like this should be easy, but I haven't been able to find it in the docs or in NetPro.
In general, if I have an application that is publicized as reachable at destination port X, but in actuality the server daemons run on port Y, how do I have the CSM simply redirect the connection at layer 4? I understand that the CSM can facilitate an HTTP redirection at layer 7, but suppose the service is not HTTP. In reality, I *am* trying to redirect connections destined to port 80 to port 7778, but I want to do it "silently" at layer 4, rather than by employing HTTP Redirect. (I suspect redirects would mess up the application.)
So far I have:
!
natpool FOO_CLIENT a.b.c.13 a.b.c.13 netmask 255.255.252.0
!
serverfarm SF_FOO_TCP7778
nat server
nat client FOO_CLIENT
real name F1
inservice
real name F2
inservice
!
vserver VS_FOO_TCP80
virtual a.b.c.55 tcp 80
serverfarm SF_FOO_TCP7778
persistent rebalance
inservice
Thanks very much.
Christopher Ursich
02-15-2006 12:54 AM
gdufour-cat6k-2(config-module-csm)#serverfarm test
gdufour-cat6k-2(config-slb-sfarm)#real name l1 ?
<1-65535> port translation for this server
local exists on local VLAN
gdufour-cat6k-2(config-slb-sfarm)#real name l1 8080
You specify the server port after the ip address or the name as indicated above.
Gilles.
02-16-2006 05:39 AM
Ah, how easy. I should have seen that. Thanks much, Gilles.
Chris
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: