cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3388
Views
0
Helpful
9
Replies

HTTP Redirection to individual Servers in a Farm

williamsryan
Level 1
Level 1

Hi All,

     I am wondering if there is a method to redirect particular URLs to individual real servers in a server farm.

Scenario:

     We have an url which is setup on our ACE4710s (A3 2.4) to load balancer to a particular server farm as per standard setup i.e.

Customers access http://www.mainwebsite.com on an external VIP, this is then load balanced to a server farm "SF_WEBSITE" consisting of 2 real servers "Server_A" and "Server_B". Nothing difficult in this set up.

     However, I have eeen asked if it is possible to redirect certain urls to individual servers within the server farm "SF_WEBSITE": e.g.

Action 1 - Customers access http://www.mainwebsite.com/area1 is redirected to "Server_A" only

Action 2 - Customers access http://www.mainwebsite.com/area2 is redirected to "Server_B" only

Default Action - Customer access http://www.mainwebsite.com/anything else is redirected to server farm "SF_WEBSITE" and is load balanced between "Server_A" and "Server_B"

The Standard Class Maps and Policy would be something like:

policy-map type loadbalance first-match SLB_WEBSITE

class class-default

  serverfarm SF_WEBSITE

Where I thought I would need something like:

class-map type http loadbalance match-all CMAP_AREA1

description CMAP used to capture specific URL for area 1

2 match http url /area1

class-map type http loadbalance match-all CMAP_AREA2

description CMAP used to capture specific URL for area 2

2 match http url /area2

policy-map type loadbalance first-match SLB_WEBSITE

class CMAP_AREA1

   redirect to "SERVER_A"

class CMAP_AREA2

  redirect to "SERVER_B"

class class-default

  serverfarm SF_WEBSITE

Now I know there is no redirect command or similar under the class option in the Policy map, so the only way I can think of doing this is to set up new server farms consisting of just the single servers for Server A and B i.e.

serverfarm host SF_SERVER_A

rserver SERVER_A

  inservice

serverfarm host SF_SERVER_B

rserver SERVER_B

  inservice

serverfarm host SF_WEBSITE

rserver SERVER_A

   inservice

rserver SERVER_B

  inservice

policy-map type loadbalance first-match SLB_WEBSITE

class CMAP_AREA1

  serverfarm SF_SERVER_A

class CMAP_AREA2

  serverfarm SF_SERVER_B"

class class-default

  serverfarm SF_WEBSITE

Is there an easier way of doing this? I think the above method is ok for 1 instance, but if it test successfully, my company would want to to roll this out across dozens of server farm configurations each consisting of numerous real servers, which will make the administration and implementation time overheads massive, not to mention complicating and lengthening the configuration.

Regards

Ryan

9 Replies 9

Jorge Bejarano
Level 4
Level 4

Hello Ryan,

This configuration below( which you already supposed) is what you should implement and based on your requirements that the correct path which you can follow.

policy-map type loadbalance first-match SLB_WEBSITE

class CMAP_AREA1

  serverfarm SF_SERVER_A

class CMAP_AREA2

  serverfarm SF_SERVER_B"

class class-default

  serverfarm SF_WEBSITE

serverfarm host SF_SERVER_A

rserver SERVER_A

  inservice

serverfarm host SF_SERVER_B

rserver SERVER_B

  inservice

serverfarm host SF_WEBSITE

rserver SERVER_A

   inservice

rserver SERVER_B

  inservice

Jorge

Hi Jorge,

Thanks for the reply. I have tried implementing the above scenario to test, and I am failing to get any response when accessing the VIP when I include the Class statements in the policy, not even from the default serverfarm in the class default statement. When I take the class statements out I can reach the web servers. The ACE is running A3 (2.4) and the relevant config extract is below:

serverfarm host SLB-SRVFRM-055

  transparent

  failaction purge

  probe MON_TCP_PORT80

  rserver 172.31.111.37

    inservice

  rserver 172.31.111.38

    inservice

serverfarm host SLB-WUGFRM-172.31.111.37

  description SRVFARM used for WUG monitoring the host 172.31.111.37

  transparent

  rserver 172.31.111.37

    inservice

serverfarm host SLB-WUGFRM-172.31.111.38

  description SRVFARM used for WUG monitoring the host 172.31.111.38

  transparent

  rserver 172.31.111.38

    inservice

class-map type http loadbalance match-all CMAP_WUG_HTTP_MON_1

description CMAP used to capture specific URL for external WUG Monitoring

2 match http url /wug1 method GET

class-map type http loadbalance match-all CMAP_WUG_HTTP_MON_2

description CMAP used to capture specific URL for external WUG Monitoring

2 match http url /wug2 method GET

policy-map type loadbalance first-match VL2997-172.31.114.7-80-l7slb

  class CMAP_WUG_HTTP_MON_2

    serverfarm SLB-WUGFRM-172.31.111.38

  class CMAP_WUG_HTTP_MON_1

    serverfarm SLB-WUGFRM-172.31.111.37

  class class-default

    serverfarm SLB-SRVFRM-055

class-map match-all VL2997-172.31.114.7-80

2 match virtual-address 172.31.114.7 tcp eq www

policy-map multi-match int1111

class VL2997-172.31.114.7-80

  loadbalance vip inservice

  loadbalance policy VL2997-172.31.114.7-80-l7slb

As I stated above, when I remove the Class maps CMAP_WUG_HTTP_MON_1 & CMAP_WUG_HTTP_MON_2 from the Policy-map VL2997-172.31.114.7-80-l7slb, just leaving the class default all works fine.

I have tried changing the server farm specified in the default class to SLB-WUGFRM-172.31.111.37 & SLB-WUGFRM-172.31.111.38 in turn just to check they work and it's fine.

But when I add the the class statements into the policy config it breaks and I don't get a reply. A packet sniff shows my client establishing a connection to the ACE (SYN) but there is no forwarding of that to the real servers when I have the class statements in the policy.

When I remove the class statements from the policy just leaving the default class using the serverfarm SLB-SRVFRM-055 and do a packet sniff, I show my client connecting to the ACE (SYN), the ACE forwarding that a Real Server, which replies (SYN,ACK) and my client reply with an ACK and then the http GET.

Any ideas as to why it doesn't work when I put the class maps in the policy-map?

On a slightly different topic, if this is successful I will have to role it out to all configured real servers, do you know what the maxium number of server farms is on an ACE4710 with A3(2.4) running?

Hi,

Is there a reason for using transparent command

As per the documentation.

To configure the ACE not to use Network Address  Translation (NAT) to translate the ACE VIP address to the server IP address, use the transparent command. I see that you are using ACE in routed mode ( vip and server in different subnet)

I dont see any reason for using the command "Transparent". Can you try to remove the command and use it.

Transparent command is only useful in DSR mode.

regards,

Ajay Kumar

Hi,

Thanks for you help so far

Ajay - I inherited the configuration from my predecessor. We are running in DSR mode with this, with the real servers having a loopback interface set up on them with the VIP address.

Jorge - The need i have been asked to provide is that we monitor both the http service of the of the main server farm as a whole and also the services running on the individual servers from an external whats up Gold server (WUG). So the idea is that we monitor the main website url via the root url, and then each server individaully by setting up a specific page on each server...

Monitor main website http://www.acompany.com = monitor the main server farm SLB-SRVFRM-055 via class default

Monitor website http://www.acompany.com/wug1 = monitor server A via class CMAP_WUG_HTTP_MON_1

Monitor website http://www.acompany.com/wug2 = monitor server B via class CMAP_WUG_HTTP_MON_2

The results of the command show service-policy shows int2997 (I put the wrong policy name in my last post) show that the policy is being hit under the curr conns but the class maps aren't:

Description: -----------------------------------------

Interface: vlan 1 2991 2997

  service-policy: int2997

    class: VL2997-172.31.114.7-80

     VIP Address:    Protocol:  Port:

     172.31.114.7    tcp        eq    80  

      loadbalance:

        L7 loadbalance policy: VL2997-172.31.114.7-80-l7slb

        VIP ICMP Reply       : DISABLED

        VIP State: INSERVICE

        Persistence Rebalance: ENABLED

        curr conns       : 5         , hit count        : 8183     

        dropped conns    : 78       

        client pkt count : 2948847   , client byte count: 179492744          

        server pkt count : 0         , server byte count: 0                  

        conn-rate-limit      : 0         , drop-count : 0        

        bandwidth-rate-limit : 0         , drop-count : 0        

        L7 Loadbalance policy : VL2997-172.31.114.7-80-l7slb

          class/match : CMAP_WUG_HTTP_MON_1

            LB action :

               primary serverfarm: SLB-WUGFRM-172.31.111.37

                    state: UP

                backup serverfarm : -

            hit count        : 0        

            dropped conns    : 0        

            compression      : off

          class/match : CMAP_WUG_HTTP_MON_2

            LB action :

               primary serverfarm: SLB-WUGFRM-172.31.111.38

                    state: UP

                backup serverfarm : -

            hit count        : 0        

            dropped conns    : 0        

            compression      : off

          class/match : class-default

            LB action :

               primary serverfarm: SLB-SRVFRM-055

                    state: UP

                backup serverfarm : -

            hit count        : 8104     

            dropped conns    : 0        

            compression      : off

      compression:

        bytes_in  : 0                  

        bytes_out : 0                  

        Compression ratio : 0.00%

The other commands of show stats http and show stats loadbalance are as follows:

ACE4710-01/Admin# show stats http

+------------------------------------------+

+-------------- HTTP statistics -----------+

+------------------------------------------+

LB parse result msgs sent : 519538602  , TCP data msgs sent       : 1673382720

Inspect parse result msgs : 0          , SSL data msgs sent       : 850068624

                      sent

TCP fin msgs sent         : 5183188    , TCP rst msgs sent:       : 1142421  

Bounced fin msgs sent     : 470495     , Bounced rst msgs sent:   : 39765    

SSL fin msgs sent         : 13417608   , SSL rst msgs sent:       : 1226955  

Drain msgs sent           : 257593319  , Particles read           : 3397973654

Reuse msgs sent           : 0          , HTTP requests            : 401562063

Reproxied requests        : 274724441  , Headers removed          : 0        

Headers inserted          : 197508962  , HTTP redirects           : 0        

HTTP chunks               : 715213079  , Pipelined requests       : 156      

HTTP unproxy conns        : 321645517  , Pipeline flushes         : 7        

Whitespace appends        : 2          , Second pass parsing      : 0        

Response entries recycled : 68190567   , Analysis errors          : 0        

Header insert errors      : 0          , Max parselen errors      : 54968    

Static parse errors       : 8699120    , Resource errors          : 0        

Invalid path errors       : 0          , Bad HTTP version errors  : 8        

Headers rewritten         : 0          , Header rewrite errors    : 0        

Unproxy msgs sent         : 321645517

+------------------------------------------+

+------- Loadbalance statistics -----------+

+------------------------------------------+

Total version mismatch                       : 0

Total Layer4 decisions                       : 195878612

Total Layer4 rejections                      : 474874

Total Layer7 decisions                       : 400988633

Total Layer7 rejections                      : 62061

Total Layer4 LB policy misses                : 0

Total Layer7 LB policy misses                : 0

Total times rserver was unavailable          : 961

Total ACL denied                             : 0

Total IDMap Lookup Failures                  : 0

Total Misc Errors                            : 0

Total Cipher Lookup Failures                 : 0

Total Msg sent to Optimization               : 0

Total Direct Msg received from Optimization  : 0

Total Indirect Msg received from Optimization: 0

Total Optimization Msg sent to Real Servers  : 0

Thanks

Ryan

DSR with L7 does not work.

Ideally you should try something like this.

http://docwiki.cisco.com/wiki/URL_Load_Balancing_Using_One_Arm_Mode_with_Source_NAT_on_the_Cisco_Application_Control_Engine_Configuration_Example

The idea is to use SNAT to make sure that the complete connection goes through ACE. Also if normalization is enabled it is going to drop the packet coming back from the client to ACE.

Hope it helps.

regards,

Ajay Kumar

Hello,

Is this the way how you are testing that or how exactly?

policy-map multi-match int1111
class VL2997-172.31.114.7-80
  loadbalance vip inservice
  loadbalance policy VL2997-172.31.114.7-80-l7slb

class-map match-all VL2997-172.31.114.7-80
2 match virtual-address 172.31.114.7 tcp eq www


policy-map type loadbalance first-match VL2997-172.31.114.7-80-l7slb
  class CMAP_WUG_HTTP_MON_2
    serverfarm SLB-WUGFRM-172.31.111.38

  class CMAP_WUG_HTTP_MON_1
    serverfarm SLB-WUGFRM-172.31.111.37

  class class-default
    serverfarm SLB-SRVFRM-055

class-map type http loadbalance match-all CMAP_WUG_HTTP_MON_1
description CMAP used to capture specific URL for external WUG Monitoring
2 match http url /wug1

class-map type http loadbalance match-all CMAP_WUG_HTTP_MON_2
description CMAP used to capture specific URL for external WUG Monitoring
2 match http url /wug2


serverfarm host SLB-WUGFRM-172.31.111.37
  description SRVFARM used for WUG monitoring the host 172.31.111.37
  transparent -----------> remove this
  rserver 172.31.111.37
    inservice


serverfarm host SLB-WUGFRM-172.31.111.38
  description SRVFARM used for WUG monitoring the host 172.31.111.38
  transparent -----------> remove this
  rserver 172.31.111.38
  inservice

serverfarm host SLB-SRVFRM-055
  transparent  -----------> remove this
  failaction purge
  probe MON_TCP_PORT80
  rserver 172.31.111.37
    inservice

  rserver 172.31.111.38
    inservice

rserver host 172.31.111.37
  ip address 172.31.111.37
  inservice

rserver host 172.31.111.38
ip address 172.31.111.38
  inservice

What are you getting from: #show service-policy int1111 class-map detail ,#show stats http and #show stats loadbalance?

Jorge

Jorge Bejarano
Level 4
Level 4

Which specific URI you want to match with?

class-map type http loadbalance match-all CMAP_WUG_HTTP_MON_1

description CMAP used to capture specific URL for external WUG Monitoring

2 match http url /wug1 method GET

class-map type http loadbalance match-all CMAP_WUG_HTTP_MON_2

description CMAP used to capture specific URL for external WUG Monitoring

2 match http url /wug2 method GET''

Or what exactly are you looking for with this specific part of the configuration?

Jorge

hey guys,

i am having a extreame pain casing by the loadbalancer's everything seems to be fine but the redirection based on url is been sent to default server farm not the one it is configured for.

 

i have tried to resolve this but all is same 

 

Overview

 

i have two LB prime and secondary

i have two different services landing on https and ssl offloading on ace however at the backend its plain http servers with different ports.

 

service A is going to server farm A-Serverfarm with two rservers a1 & a2 lisenting on 7778

service B is going to server farm B-Serverfarm with one rserver B1 lisenting on 8888

 

the layer 7 policy first match is configured with

class map others class-map B-services

sticky-serverfarms B-Serfarms

 

Class class default 

sitcky serverfarm A-Services

 

now i am using stickyness becuase these are oracle weblogic forms based app. 

 

no matter what i do the services B request received on 443 and send to A-Serverfarm not B-Serverfarm

 

please help me out

 

regards

Hi,

I would suggest opening a new thread for this discussion and also share the configuration in place and i will have a look.

Regards,

Kanwal

Review Cisco Networking for a $25 gift card