06-20-2012 04:02 AM
Hi All,
I am wondering if there is a method to redirect particular URLs to individual real servers in a server farm.
Scenario:
We have an url which is setup on our ACE4710s (A3 2.4) to load balancer to a particular server farm as per standard setup i.e.
Customers access http://www.mainwebsite.com on an external VIP, this is then load balanced to a server farm "SF_WEBSITE" consisting of 2 real servers "Server_A" and "Server_B". Nothing difficult in this set up.
However, I have eeen asked if it is possible to redirect certain urls to individual servers within the server farm "SF_WEBSITE": e.g.
Action 1 - Customers access http://www.mainwebsite.com/area1 is redirected to "Server_A" only
Action 2 - Customers access http://www.mainwebsite.com/area2 is redirected to "Server_B" only
Default Action - Customer access http://www.mainwebsite.com/anything else is redirected to server farm "SF_WEBSITE" and is load balanced between "Server_A" and "Server_B"
The Standard Class Maps and Policy would be something like:
policy-map type loadbalance first-match SLB_WEBSITE
class class-default
serverfarm SF_WEBSITE
Where I thought I would need something like:
class-map type http loadbalance match-all CMAP_AREA1
description CMAP used to capture specific URL for area 1
2 match http url /area1
class-map type http loadbalance match-all CMAP_AREA2
description CMAP used to capture specific URL for area 2
2 match http url /area2
policy-map type loadbalance first-match SLB_WEBSITE
class CMAP_AREA1
redirect to "SERVER_A"
class CMAP_AREA2
redirect to "SERVER_B"
class class-default
serverfarm SF_WEBSITE
Now I know there is no redirect command or similar under the class option in the Policy map, so the only way I can think of doing this is to set up new server farms consisting of just the single servers for Server A and B i.e.
serverfarm host SF_SERVER_A
rserver SERVER_A
inservice
serverfarm host SF_SERVER_B
rserver SERVER_B
inservice
serverfarm host SF_WEBSITE
rserver SERVER_A
inservice
rserver SERVER_B
inservice
policy-map type loadbalance first-match SLB_WEBSITE
class CMAP_AREA1
serverfarm SF_SERVER_A
class CMAP_AREA2
serverfarm SF_SERVER_B"
class class-default
serverfarm SF_WEBSITE
Is there an easier way of doing this? I think the above method is ok for 1 instance, but if it test successfully, my company would want to to roll this out across dozens of server farm configurations each consisting of numerous real servers, which will make the administration and implementation time overheads massive, not to mention complicating and lengthening the configuration.
Regards
Ryan
06-20-2012 02:36 PM
Hello Ryan,
This configuration below( which you already supposed) is what you should implement and based on your requirements that the correct path which you can follow.
policy-map type loadbalance first-match SLB_WEBSITE
class CMAP_AREA1
serverfarm SF_SERVER_A
class CMAP_AREA2
serverfarm SF_SERVER_B"
class class-default
serverfarm SF_WEBSITE
serverfarm host SF_SERVER_A
rserver SERVER_A
inservice
serverfarm host SF_SERVER_B
rserver SERVER_B
inservice
serverfarm host SF_WEBSITE
rserver SERVER_A
inservice
rserver SERVER_B
inservice
Jorge
06-21-2012 04:42 AM
Hi Jorge,
Thanks for the reply. I have tried implementing the above scenario to test, and I am failing to get any response when accessing the VIP when I include the Class statements in the policy, not even from the default serverfarm in the class default statement. When I take the class statements out I can reach the web servers. The ACE is running A3 (2.4) and the relevant config extract is below:
serverfarm host SLB-SRVFRM-055
transparent
failaction purge
probe MON_TCP_PORT80
rserver 172.31.111.37
inservice
rserver 172.31.111.38
inservice
serverfarm host SLB-WUGFRM-172.31.111.37
description SRVFARM used for WUG monitoring the host 172.31.111.37
transparent
rserver 172.31.111.37
inservice
serverfarm host SLB-WUGFRM-172.31.111.38
description SRVFARM used for WUG monitoring the host 172.31.111.38
transparent
rserver 172.31.111.38
inservice
class-map type http loadbalance match-all CMAP_WUG_HTTP_MON_1
description CMAP used to capture specific URL for external WUG Monitoring
2 match http url /wug1 method GET
class-map type http loadbalance match-all CMAP_WUG_HTTP_MON_2
description CMAP used to capture specific URL for external WUG Monitoring
2 match http url /wug2 method GET
policy-map type loadbalance first-match VL2997-172.31.114.7-80-l7slb
class CMAP_WUG_HTTP_MON_2
serverfarm SLB-WUGFRM-172.31.111.38
class CMAP_WUG_HTTP_MON_1
serverfarm SLB-WUGFRM-172.31.111.37
class class-default
serverfarm SLB-SRVFRM-055
class-map match-all VL2997-172.31.114.7-80
2 match virtual-address 172.31.114.7 tcp eq www
policy-map multi-match int1111
class VL2997-172.31.114.7-80
loadbalance vip inservice
loadbalance policy VL2997-172.31.114.7-80-l7slb
As I stated above, when I remove the Class maps CMAP_WUG_HTTP_MON_1 & CMAP_WUG_HTTP_MON_2 from the Policy-map VL2997-172.31.114.7-80-l7slb, just leaving the class default all works fine.
I have tried changing the server farm specified in the default class to SLB-WUGFRM-172.31.111.37 & SLB-WUGFRM-172.31.111.38 in turn just to check they work and it's fine.
But when I add the the class statements into the policy config it breaks and I don't get a reply. A packet sniff shows my client establishing a connection to the ACE (SYN) but there is no forwarding of that to the real servers when I have the class statements in the policy.
When I remove the class statements from the policy just leaving the default class using the serverfarm SLB-SRVFRM-055 and do a packet sniff, I show my client connecting to the ACE (SYN), the ACE forwarding that a Real Server, which replies (SYN,ACK) and my client reply with an ACK and then the http GET.
Any ideas as to why it doesn't work when I put the class maps in the policy-map?
On a slightly different topic, if this is successful I will have to role it out to all configured real servers, do you know what the maxium number of server farms is on an ACE4710 with A3(2.4) running?
06-21-2012 10:34 AM
Hi,
Is there a reason for using transparent command
As per the documentation.
To configure the ACE not to use Network Address Translation (NAT) to translate the ACE VIP address to the server IP address, use the transparent command. I see that you are using ACE in routed mode ( vip and server in different subnet)
I dont see any reason for using the command "Transparent". Can you try to remove the command and use it.
Transparent command is only useful in DSR mode.
regards,
Ajay Kumar
06-22-2012 03:22 AM
Hi,
Thanks for you help so far
Ajay - I inherited the configuration from my predecessor. We are running in DSR mode with this, with the real servers having a loopback interface set up on them with the VIP address.
Jorge - The need i have been asked to provide is that we monitor both the http service of the of the main server farm as a whole and also the services running on the individual servers from an external whats up Gold server (WUG). So the idea is that we monitor the main website url via the root url, and then each server individaully by setting up a specific page on each server...
Monitor main website http://www.acompany.com = monitor the main server farm SLB-SRVFRM-055 via class default
Monitor website http://www.acompany.com/wug1 = monitor server A via class CMAP_WUG_HTTP_MON_1
Monitor website http://www.acompany.com/wug2 = monitor server B via class CMAP_WUG_HTTP_MON_2
The results of the command show service-policy shows int2997 (I put the wrong policy name in my last post) show that the policy is being hit under the curr conns but the class maps aren't:
Description: -----------------------------------------
Interface: vlan 1 2991 2997
service-policy: int2997
class: VL2997-172.31.114.7-80
VIP Address: Protocol: Port:
172.31.114.7 tcp eq 80
loadbalance:
L7 loadbalance policy: VL2997-172.31.114.7-80-l7slb
VIP ICMP Reply : DISABLED
VIP State: INSERVICE
Persistence Rebalance: ENABLED
curr conns : 5 , hit count : 8183
dropped conns : 78
client pkt count : 2948847 , client byte count: 179492744
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
L7 Loadbalance policy : VL2997-172.31.114.7-80-l7slb
class/match : CMAP_WUG_HTTP_MON_1
LB action :
primary serverfarm: SLB-WUGFRM-172.31.111.37
state: UP
backup serverfarm : -
hit count : 0
dropped conns : 0
compression : off
class/match : CMAP_WUG_HTTP_MON_2
LB action :
primary serverfarm: SLB-WUGFRM-172.31.111.38
state: UP
backup serverfarm : -
hit count : 0
dropped conns : 0
compression : off
class/match : class-default
LB action :
primary serverfarm: SLB-SRVFRM-055
state: UP
backup serverfarm : -
hit count : 8104
dropped conns : 0
compression : off
compression:
bytes_in : 0
bytes_out : 0
Compression ratio : 0.00%
The other commands of show stats http and show stats loadbalance are as follows:
ACE4710-01/Admin# show stats http
+------------------------------------------+
+-------------- HTTP statistics -----------+
+------------------------------------------+
LB parse result msgs sent : 519538602 , TCP data msgs sent : 1673382720
Inspect parse result msgs : 0 , SSL data msgs sent : 850068624
sent
TCP fin msgs sent : 5183188 , TCP rst msgs sent: : 1142421
Bounced fin msgs sent : 470495 , Bounced rst msgs sent: : 39765
SSL fin msgs sent : 13417608 , SSL rst msgs sent: : 1226955
Drain msgs sent : 257593319 , Particles read : 3397973654
Reuse msgs sent : 0 , HTTP requests : 401562063
Reproxied requests : 274724441 , Headers removed : 0
Headers inserted : 197508962 , HTTP redirects : 0
HTTP chunks : 715213079 , Pipelined requests : 156
HTTP unproxy conns : 321645517 , Pipeline flushes : 7
Whitespace appends : 2 , Second pass parsing : 0
Response entries recycled : 68190567 , Analysis errors : 0
Header insert errors : 0 , Max parselen errors : 54968
Static parse errors : 8699120 , Resource errors : 0
Invalid path errors : 0 , Bad HTTP version errors : 8
Headers rewritten : 0 , Header rewrite errors : 0
Unproxy msgs sent : 321645517
+------------------------------------------+
+------- Loadbalance statistics -----------+
+------------------------------------------+
Total version mismatch : 0
Total Layer4 decisions : 195878612
Total Layer4 rejections : 474874
Total Layer7 decisions : 400988633
Total Layer7 rejections : 62061
Total Layer4 LB policy misses : 0
Total Layer7 LB policy misses : 0
Total times rserver was unavailable : 961
Total ACL denied : 0
Total IDMap Lookup Failures : 0
Total Misc Errors : 0
Total Cipher Lookup Failures : 0
Total Msg sent to Optimization : 0
Total Direct Msg received from Optimization : 0
Total Indirect Msg received from Optimization: 0
Total Optimization Msg sent to Real Servers : 0
Thanks
Ryan
06-22-2012 04:26 AM
DSR with L7 does not work.
Ideally you should try something like this.
The idea is to use SNAT to make sure that the complete connection goes through ACE. Also if normalization is enabled it is going to drop the packet coming back from the client to ACE.
Hope it helps.
regards,
Ajay Kumar
06-21-2012 07:23 PM
Hello,
Is this the way how you are testing that or how exactly?
policy-map multi-match int1111
class VL2997-172.31.114.7-80
loadbalance vip inservice
loadbalance policy VL2997-172.31.114.7-80-l7slb
class-map match-all VL2997-172.31.114.7-80
2 match virtual-address 172.31.114.7 tcp eq www
policy-map type loadbalance first-match VL2997-172.31.114.7-80-l7slb
class CMAP_WUG_HTTP_MON_2
serverfarm SLB-WUGFRM-172.31.111.38
class CMAP_WUG_HTTP_MON_1
serverfarm SLB-WUGFRM-172.31.111.37
class class-default
serverfarm SLB-SRVFRM-055
class-map type http loadbalance match-all CMAP_WUG_HTTP_MON_1
description CMAP used to capture specific URL for external WUG Monitoring
2 match http url /wug1
class-map type http loadbalance match-all CMAP_WUG_HTTP_MON_2
description CMAP used to capture specific URL for external WUG Monitoring
2 match http url /wug2
serverfarm host SLB-WUGFRM-172.31.111.37
description SRVFARM used for WUG monitoring the host 172.31.111.37
transparent -----------> remove this
rserver 172.31.111.37
inservice
serverfarm host SLB-WUGFRM-172.31.111.38
description SRVFARM used for WUG monitoring the host 172.31.111.38
transparent -----------> remove this
rserver 172.31.111.38
inservice
serverfarm host SLB-SRVFRM-055
transparent -----------> remove this
failaction purge
probe MON_TCP_PORT80
rserver 172.31.111.37
inservice
rserver 172.31.111.38
inservice
rserver host 172.31.111.37
ip address 172.31.111.37
inservice
rserver host 172.31.111.38
ip address 172.31.111.38
inservice
What are you getting from: #show service-policy int1111 class-map detail ,#show stats http and #show stats loadbalance?
Jorge
06-21-2012 02:37 PM
Which specific URI you want to match with?
class-map type http loadbalance match-all CMAP_WUG_HTTP_MON_1
description CMAP used to capture specific URL for external WUG Monitoring
2 match http url /wug1 method GET
class-map type http loadbalance match-all CMAP_WUG_HTTP_MON_2
description CMAP used to capture specific URL for external WUG Monitoring
2 match http url /wug2 method GET''
Or what exactly are you looking for with this specific part of the configuration?
Jorge
06-04-2014 09:44 AM
hey guys,
i am having a extreame pain casing by the loadbalancer's everything seems to be fine but the redirection based on url is been sent to default server farm not the one it is configured for.
i have tried to resolve this but all is same
Overview
i have two LB prime and secondary
i have two different services landing on https and ssl offloading on ace however at the backend its plain http servers with different ports.
service A is going to server farm A-Serverfarm with two rservers a1 & a2 lisenting on 7778
service B is going to server farm B-Serverfarm with one rserver B1 lisenting on 8888
the layer 7 policy first match is configured with
class map others class-map B-services
sticky-serverfarms B-Serfarms
Class class default
sitcky serverfarm A-Services
now i am using stickyness becuase these are oracle weblogic forms based app.
no matter what i do the services B request received on 443 and send to A-Serverfarm not B-Serverfarm
please help me out
regards
06-04-2014 11:03 AM
Hi,
I would suggest opening a new thread for this discussion and also share the configuration in place and i will have a look.
Regards,
Kanwal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide