07-16-2012 02:39 PM
Hello team: I would like to loadbalance based on two simultaneous conditions
Condition 1. specific destination VIP and TCP port
Condition 2. specific URL content within the HTTP request
Something like: if (destination IP == 10.1.1.1) and (destination port==80) and (URL contains "intranet")
I found this not possible:
If I select a L4 class-map then I can fulfill Condition1 but I can not match based on URLs
If I select a L7 class-map then I can fulfill Condition2 but I can not math based on destination VIP
¿ Is there a way to implement the concept?
Your hints will be greatly appreciated.
Best regards
Rogelio Alvez
Argentina
Solved! Go to Solution.
07-16-2012 03:54 PM
Hi Rogelio,
Then you want to match the destination x.x.x.x under port 80, then hit a virtual address hearing on port 80 and match a url like /intranet, correct?
Basically, you may match the vip in question on port 80 and then on L7 you may configure a class-map which can match the destination and the url.
Jorge
07-16-2012 04:43 PM
Rogelio Alvez,
Here's one way:
*/ VIP class-map
class-map match-any [name]
2 match virtual 10.1.1.1 tcp eq 80
*/ URL
class-map type http loadbalance match-any [name]
2 match http url /intranet.* (matches intranet and everything else after that)
or
class-map type http loadbalance match-any [name]
2 match http url .*intranet.* (matches everything before and after "intranet" if it is not contained in a directory of its own.
*/ Policy map
policy-map type loadbalance http first-match [name]
class [name] (whatever you named the class-map]
serverfarm or sticky-serverfarm [name] (intranet serverfarm)
action [if any action lists apply]
class class-default
serverfarm or sticky-serverfarm [name]
apply to a multi-match policy map, and attach it to an interface.
You might want to ensure that persistence-rebalance (with or without strict) and case-insensitive is applied using a parameter-map as well.
Cheers Mate.
Sincerely,
Søren Elleby Sørensen
07-16-2012 08:31 PM
Hola Rogelio,
Ese es lo bueno del ACE.
Se pueden establecer criterios múltiples de "matcheo", donde el más básico es de la VIP y el puerto por ejemplo, pero luego a nivel de capa 7 se podría"matchear" otros criterios adicionales como el host header, el url e incluso la direccion(es) donde fue generado el tráfico(source) y las direcciones de destino(destination), etc
Saludos,
Jorge
07-16-2012 03:23 PM
Hello Rogelio,
Can you share the configuration which you have done so far?
Jorge
07-16-2012 03:48 PM
Hi Jorge:
Actually, I have not done it yet because I can not combine the desired matching criteria.
My question is if the desired combination is feasible or not. I have not found how to do it. If you use L4 then you can´t include URLs for additional matching. If you use L7 then you can not include a VIP for additional matching.
Any hints will be greatly appreciated.
Rogelio
07-16-2012 03:54 PM
Hi Rogelio,
Then you want to match the destination x.x.x.x under port 80, then hit a virtual address hearing on port 80 and match a url like /intranet, correct?
Basically, you may match the vip in question on port 80 and then on L7 you may configure a class-map which can match the destination and the url.
Jorge
07-16-2012 04:43 PM
Rogelio Alvez,
Here's one way:
*/ VIP class-map
class-map match-any [name]
2 match virtual 10.1.1.1 tcp eq 80
*/ URL
class-map type http loadbalance match-any [name]
2 match http url /intranet.* (matches intranet and everything else after that)
or
class-map type http loadbalance match-any [name]
2 match http url .*intranet.* (matches everything before and after "intranet" if it is not contained in a directory of its own.
*/ Policy map
policy-map type loadbalance http first-match [name]
class [name] (whatever you named the class-map]
serverfarm or sticky-serverfarm [name] (intranet serverfarm)
action [if any action lists apply]
class class-default
serverfarm or sticky-serverfarm [name]
apply to a multi-match policy map, and attach it to an interface.
You might want to ensure that persistence-rebalance (with or without strict) and case-insensitive is applied using a parameter-map as well.
Cheers Mate.
Sincerely,
Søren Elleby Sørensen
07-16-2012 07:04 PM
Hello Soren!
So I can get what I want by nesting the matching criterias on two different levels (first on the class-map and then in the load-balancing policy).
thanks a lot for the hint.
Best regards, rogelio
07-16-2012 05:57 PM
Hola Rogelio,
No me queda claro lo que andas buscando, te refieres a una ip virtual (VIP) que lo va a buscar es concidir con url especifico para hacer el balanceo de carga especifico, o buscas "matchear" la VIP y luego algun usuario en especifico (destino). Como podras saber se pueden hacer clases que balanceen la direccion de destino, entonces no se si te refieres a eso y luego "matchear" la ip virtual y el puerto
Si solo requieres "matchear" la vip en puerto 80 y el url este seria un ejemplo, sino especifica lo que realmentes te gustaria configurar:
class-map match-all vip_balanceo_80
2 match virtual-address 172.16.1.101 tcp eq www
policy-map multi-match clientes
class vip_balanceo_80
loadbalance vip inservice
loadbalance policy poliza-capa7
policy-map type loadbalance http first-match poliza-capa7
class poliza_url
serverfarm intranet
class class-default
serverfarm web
class-map type http loadbalance match-all poliza_url
2 match http url /intranet.*
serverfarm host intranet
rserver lnx1
inservice
rserver lnx2
inservice
serverfarm host intranet-default
rserver lnx3
inservice
rserver lnx4
inservice
rserver host lnx1
ip address 192.168.1.11
inservice
rserver host lnx2
ip address 192.168.1.12
inservice
rserver host lnx3
ip address 192.168.1.13
inservice
rserver host lnx4
ip address 192.168.1.14
inservice
Saludos,
Jorge
07-16-2012 07:02 PM
Hola Jorge!
No sabía que se podían anidar condiciones.
Por lo que veo, en tu policy-map, vos ejecutás la primer selección (la VIP y el port TCP). Una vez en la "load-balance policy", tu puedes volver a ejecutar un nuevo matching, en este caso por la URL!
Voy a probar y hacerte saber mis resultados.
Gracias por la ayuda!!!
saludos, Rogelio
07-16-2012 08:31 PM
Hola Rogelio,
Ese es lo bueno del ACE.
Se pueden establecer criterios múltiples de "matcheo", donde el más básico es de la VIP y el puerto por ejemplo, pero luego a nivel de capa 7 se podría"matchear" otros criterios adicionales como el host header, el url e incluso la direccion(es) donde fue generado el tráfico(source) y las direcciones de destino(destination), etc
Saludos,
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide