cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1209
Views
4
Helpful
5
Replies

How to test the ACE appliance?

blankguy7
Level 1
Level 1

Hi,

I've configure two ACE 4700 in a SLB modus http to a web server.

To understand how the ACE works and to see if all are ok, I want to test it? but how?

How do I do to initiate a http connection between my test pc to the webserver through the ACE?

Thanks in advance for your help,

Regards

1 Accepted Solution

Accepted Solutions

Hi,

Your problem is on the class match:

class-map type http loadbalance match-all MATCH-OURWEBSITE

  2 match http url 192.168.10.250

192.168.10.250 is your VIP, which make me think that you are trying to match the host domain, correct?

Assuming that this is right, match http url is used to match everything that comes after the domain, the domain is not included, since the domain is not part of the GET or POST header.

You will find the domain name under Host header.

So if you want to match the header Host, you need to use this match:

match http header Host header-value 192.168.10.250

with this match you will catch just the Host coming with that IP, if you use a regular domain like test.com, the match wont work, you need to actually configure what you want to hit, you can use a match-any class and add as many variables as you want.

If there is no requirement to match the domain, just use the class-default and that will do the trick as well.

Hope this Help.

Rodrigo

View solution in original post

5 Replies 5

David Niemann
Level 3
Level 3

If you have everything configured properly and have active rservers you should be able to simply open a web browser and browse to the URL VIP and verify you are able to get to the web site.  On the ACE you can use various show commands to see the connections.  show serverfarm detail, show rserver , sh connections and show connections serverfarm detail.  If you are using sticky sessions you can verify those are in the sticky database by using show sticky database.

Thanks for your reply! Now it's a little bit clear!

Now, my problem is that I couldn't ping the VIP perhaps my config is wrong... I must to check it

...I've check it and change the configuration : now ping is running well!

But I've other problem: The redirection doesn't run!

Here's my config :

interface gigabitEthernet 1/2

  switchport access vlan 500

  no shutdown

access-list PERMIT-ALL line 8 extended permit ip any any

access-list PERMIT-ALL line 16 extended permit icmp any any

rserver redirect REDIRECT

  webhost-redirection http://192.168.0.33%p

  inservice

serverfarm redirect REDIRECT-OURWEBSITE

  rserver REDIRECT

    inservice

class-map type management match-any L4_REMOTE-ACCESS_CLASS

  2 match protocol icmp any

  3 match protocol http any

  4 match protocol ssh any

  5 match protocol https any

  6 match protocol xml-https any

class-map type http loadbalance match-all MATCH-OURWEBSITE

  2 match http url 192.168.10.250

class-map match-all VIP-OURWEBSITE

  2 match virtual-address 192.168.10.250 tcp eq www

policy-map type management first-match L4_REMOTE-ACCESS_MATCH

  class L4_REMOTE-ACCESS_CLASS

    permit

policy-map type loadbalance first-match LB-OURWEBSITE

  class MATCH-OURWEBSITE

    serverfarm REDIRECT-OURWEBSITE

policy-map multi-match VIP-SERVICE-POLICY

  class VIP-OURWEBSITE

    loadbalance vip inservice

    loadbalance policy LB-OURWEBSITE

    loadbalance vip icmp-reply active

interface vlan 500

  ip address 192.168.10.249 255.255.255.0

  access-group input PERMIT-ALL

  access-group output PERMIT-ALL

  service-policy input L4_REMOTE-ACCESS_MATCH

  service-policy input VIP-SERVICE-POLICY

  no shutdown

ip route 0.0.0.0 0.0.0.0 192.168.10.1

I don't see any address for the rserver nor serverfarm! Is it normal?

ACE1/Admin# sh rserver detail

rserver              : REDIRECT, type: REDIRECT

state                : OPERATIONAL (by default, unverified)

description          : -

max-conns            : -         ,  out-of-rotation count  : -

min-conns            : -

conn-rate-limit      : -         ,  out-of-rotation count  : -

bandwidth-rate-limit : -         ,  out-of-rotation count  : -

redirect str         : http://192.168.0.33%p

redirect code        : 302       , redirect port: 0

---------------------------------

                                                ----------connections-----------

       real                  weight state        current    total

   ---+---------------------+------+------------+----------+--------------------

   serverfarm: REDIRECT-OURWEBSITE

       0.0.0.0:0             8      OPERATIONAL  0          0

         max-conns            : -         ,  out-of-rotation count  : -

         min-conns            : -

         conn-rate-limit      : -         ,  out-of-rotation count  : -

         bandwidth-rate-limit : -         ,  out-of-rotation count  : -

         total conn-failures  : 0

ACE1/Admin# sh serverfarm detail

serverfarm     : REDIRECT-OURWEBSITE, type: REDIRECT

total rservers : 1

state          : ACTIVE

DWS state      : DISABLED

active rservers: 1

description    : -

predictor      : ROUNDROBIN

failaction     : -

back-inservice    : 0

partial-threshold : 0

num times failover       : 0

num times back inservice : 0

total conn-dropcount : 0

---------------------------------

                                                ----------connections-----------

       real                  weight state        current    total      failures

   ---+---------------------+------+------------+----------+----------+---------

   rserver: REDIRECT

       0.0.0.0:0             8   OPERATIONAL     0          0          0

         sticky-conns         :                  0          0

         description          : -

         max-conns            : -         , out-of-rotation count : -

         min-conns            : -

         conn-rate-limit      : -         , out-of-rotation count : -

         bandwidth-rate-limit : -         , out-of-rotation count : -

         retcode out-of-rotation count : -

         inband HM out-of-rotation count : -

I dont' know what do to???

Thanks in advance for your help!

Best regards

Please see above: I've reactualize the message !

Hi,

Your problem is on the class match:

class-map type http loadbalance match-all MATCH-OURWEBSITE

  2 match http url 192.168.10.250

192.168.10.250 is your VIP, which make me think that you are trying to match the host domain, correct?

Assuming that this is right, match http url is used to match everything that comes after the domain, the domain is not included, since the domain is not part of the GET or POST header.

You will find the domain name under Host header.

So if you want to match the header Host, you need to use this match:

match http header Host header-value 192.168.10.250

with this match you will catch just the Host coming with that IP, if you use a regular domain like test.com, the match wont work, you need to actually configure what you want to hit, you can use a match-any class and add as many variables as you want.

If there is no requirement to match the domain, just use the class-default and that will do the trick as well.

Hope this Help.

Rodrigo

Hi Rodrigo,

Thanks for your help, your post answers my question!

Best regards

Review Cisco Networking for a $25 gift card