04-03-2012 05:32 AM
Hi,
I've configure two ACE 4700 in a SLB modus http to a web server.
To understand how the ACE works and to see if all are ok, I want to test it? but how?
How do I do to initiate a http connection between my test pc to the webserver through the ACE?
Thanks in advance for your help,
Regards
Solved! Go to Solution.
04-06-2012 08:32 PM
Hi,
Your problem is on the class match:
class-map type http loadbalance match-all MATCH-OURWEBSITE
2 match http url 192.168.10.250
192.168.10.250 is your VIP, which make me think that you are trying to match the host domain, correct?
Assuming that this is right, match http url is used to match everything that comes after the domain, the domain is not included, since the domain is not part of the GET or POST header.
You will find the domain name under Host header.
So if you want to match the header Host, you need to use this match:
match http header Host header-value 192.168.10.250
with this match you will catch just the Host coming with that IP, if you use a regular domain like test.com, the match wont work, you need to actually configure what you want to hit, you can use a match-any class and add as many variables as you want.
If there is no requirement to match the domain, just use the class-default and that will do the trick as well.
Hope this Help.
Rodrigo
04-03-2012 07:33 AM
If you have everything configured properly and have active rservers you should be able to simply open a web browser and browse to the URL VIP and verify you are able to get to the web site. On the ACE you can use various show commands to see the connections. show serverfarm
04-03-2012 07:54 AM
Thanks for your reply! Now it's a little bit clear!
Now, my problem is that I couldn't ping the VIP perhaps my config is wrong... I must to check it
...I've check it and change the configuration : now ping is running well!
But I've other problem: The redirection doesn't run!
Here's my config :
interface gigabitEthernet 1/2
switchport access vlan 500
no shutdown
access-list PERMIT-ALL line 8 extended permit ip any any
access-list PERMIT-ALL line 16 extended permit icmp any any
rserver redirect REDIRECT
webhost-redirection http://192.168.0.33%p
inservice
serverfarm redirect REDIRECT-OURWEBSITE
rserver REDIRECT
inservice
class-map type management match-any L4_REMOTE-ACCESS_CLASS
2 match protocol icmp any
3 match protocol http any
4 match protocol ssh any
5 match protocol https any
6 match protocol xml-https any
class-map type http loadbalance match-all MATCH-OURWEBSITE
2 match http url 192.168.10.250
class-map match-all VIP-OURWEBSITE
2 match virtual-address 192.168.10.250 tcp eq www
policy-map type management first-match L4_REMOTE-ACCESS_MATCH
class L4_REMOTE-ACCESS_CLASS
permit
policy-map type loadbalance first-match LB-OURWEBSITE
class MATCH-OURWEBSITE
serverfarm REDIRECT-OURWEBSITE
policy-map multi-match VIP-SERVICE-POLICY
class VIP-OURWEBSITE
loadbalance vip inservice
loadbalance policy LB-OURWEBSITE
loadbalance vip icmp-reply active
interface vlan 500
ip address 192.168.10.249 255.255.255.0
access-group input PERMIT-ALL
access-group output PERMIT-ALL
service-policy input L4_REMOTE-ACCESS_MATCH
service-policy input VIP-SERVICE-POLICY
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.10.1
I don't see any address for the rserver nor serverfarm! Is it normal?
ACE1/Admin# sh rserver detail
rserver : REDIRECT, type: REDIRECT
state : OPERATIONAL (by default, unverified)
description : -
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
redirect str : http://192.168.0.33%p
redirect code : 302 , redirect port: 0
---------------------------------
----------connections-----------
real weight state current total
---+---------------------+------+------------+----------+--------------------
serverfarm: REDIRECT-OURWEBSITE
0.0.0.0:0 8 OPERATIONAL 0 0
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
total conn-failures : 0
ACE1/Admin# sh serverfarm detail
serverfarm : REDIRECT-OURWEBSITE, type: REDIRECT
total rservers : 1
state : ACTIVE
DWS state : DISABLED
active rservers: 1
description : -
predictor : ROUNDROBIN
failaction : -
back-inservice : 0
partial-threshold : 0
num times failover : 0
num times back inservice : 0
total conn-dropcount : 0
---------------------------------
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: REDIRECT
0.0.0.0:0 8 OPERATIONAL 0 0 0
sticky-conns : 0 0
description : -
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
inband HM out-of-rotation count : -
I dont' know what do to???
Thanks in advance for your help!
Best regards
04-04-2012 07:30 AM
Please see above: I've reactualize the message !
04-06-2012 08:32 PM
Hi,
Your problem is on the class match:
class-map type http loadbalance match-all MATCH-OURWEBSITE
2 match http url 192.168.10.250
192.168.10.250 is your VIP, which make me think that you are trying to match the host domain, correct?
Assuming that this is right, match http url is used to match everything that comes after the domain, the domain is not included, since the domain is not part of the GET or POST header.
You will find the domain name under Host header.
So if you want to match the header Host, you need to use this match:
match http header Host header-value 192.168.10.250
with this match you will catch just the Host coming with that IP, if you use a regular domain like test.com, the match wont work, you need to actually configure what you want to hit, you can use a match-any class and add as many variables as you want.
If there is no requirement to match the domain, just use the class-default and that will do the trick as well.
Hope this Help.
Rodrigo
04-09-2012 11:50 PM
Hi Rodrigo,
Thanks for your help, your post answers my question!
Best regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide