CSS strange behaviour with SSL VIP and host headers inc a port
I had the below config in place so TCP 443 traffic terminated on 184.108.40.206 and unencrypted traffic was sent onto backend servers via a content rule setup to listen on TCP 80 for IP address 10.10.10.10.
If i used a browser and connected to the VIP 220.127.116.11:443 then all was good and everything worked as expected. However we have an application that specifies the port along with the host in the HTTP host header so rather than Host: 18.104.22.168 it would have Host: 22.214.171.124:443
For whatever reason when the host header has the port appended things brake and i'm not sure what the CSS does but the backend servers never receive any traffic. From the client end it seems to go through the client/server hello and at least sends the HTTPS request.
To fix this, i just changed the 10.10.10.10 to be 126.96.36.199 so the VIP was the same as the back-end content rule IP used with the cipher suite.
More out of curiosity than anything but is this a known bug or by design? I'm not sure why having the SSL VIP being different to the backend content rule IP would allow HTTP requests with just the host in the host header and not when there is a port appended ?
常见的数据中心之间通信均会采用运营商MSTP/OTN专线进行互联实现通信，由于长途线路价格昂贵通常我们需要最大化使用线路带宽，传统的网络传输中通常是尽力而为传输一旦突发流量较大就会发生线路拥塞的情况，从而影响业务正常通信传输。这时候我们可以采用Qos技术来实现数据中心思科设备之间关键网络流量保障，从而实现链路最大化利用。拓扑图场景如下：如上图，SW01是位于数据中心A的广域网接入Cisco Nexus 3048交换机，SW02是位于数据中心B的广域网接...
Cloud Networking Community on Cisco Customer Connection
Join our community!!
As a valued Cisco Cloud Networking (former DCN) customer, you can be part of Cisco Customer Connection Program (CCP), Cisco’s global online community program. Connect ...
Join us for a live demo of Cisco Intersight Cloud Orchestrator to learn how you can simplify the orchestration and automation of your infrastructure and workloads across your hybrid cloud environment. We will take a closer look at Cisco Intersight Cloud O...
Hybrid Cloud Demo Series: Simplify Orchestration of Your Infrastructure and Workloads
Tuesday, September 7, 202110:00 am Pacific Time(San Francisco, GMT-08:00)Join us for a live demo of Cisco Intersight Cloud Orchestrator to learn how you can simpli...
Hybrid Cloud Demo Series: Simplify your hybrid cloud environment with Cisco Cloud ACI
Tuesday, August 24, 202110:00 am Pacific Time(San Francisco, GMT-08:00)Join us for a special Hybrid Cloud Demo Series webinar featuring Cisco Cloud Application Cen...