06-29-2010 07:20 AM
Basically I want to do PAT to multiple ports on a single server. The problem that I am seeing is that regular IP load-balancing is not forwarding http requests to specific directories. We can overcome this with a redirect to the appropriate directory but the IP and port is not being masked.
So the vip is X.X.X.1:15000 and we are trying to load-balance to X.X.X.2 on ports 80 81 82 to a directory X.X.X.2/TEST. How can I NAT and load-balance to multiple ports while masking the rserver IP address?
I have seen multiple examples, but nothing with this combination.
If I put:
rserver host TEST1
ip address X.X.X.2 80
inservice
rserver host TEST2
ip address X.X.X.2 81
inservice
rserver host TEST3
ip address X.X.X.2 82
inservice
The traffic is load-balanced and nat'd, but the directories are not reachable. If I do the redirect, the destination IP and port are not masked.
06-29-2010 08:14 AM
Hello,
I'm assuming that the client is coming into the VIP as http://www.example.com/ and you want them to be load balanced to the server on one of the three ports, but to http://www.example.com/test
Is this correct?
If so, then you would configure a redirect that would have the ACE redirect the client to come back to the same VIP but with the /test at the end of their URL. Now the ACE will load balance the connection to the rserver on one of the ports configure, perform NAT, and the client's request will have the /test at the end of the URL.
Is this what you're looking for?
Sean
06-29-2010 08:25 AM
More or less. The problem is that when I do the redirect the %h doesn't seem to work? Or I am not understanding how to implement it. We are currently working with IPs and not FQDNs.
So how do I apply the redirect and still load-balance to the same IP port 80 81 and 82 while masking the destination? Do you have some sample code?
06-29-2010 08:48 AM
I'm not sure I understand what you mean by "masking the destination". Below is a sample config that will take a request from a client for http://10.10.10.100/ and redirect the client to connect to http://10.10.10.100/test/ After the client connects to the new URL on the same VIP and port, the ACE will load balance the client to the rserver on one of the three configured ports and to the /test URL. It will also perform source NAT on the one-armed config.
rserver redirect REDIRECT-TO-TEST-DIR
webhost-redirection http://10.10.10.100/test/ 301
inservice
rserver host SERVER_01
ip address 10.10.10.20
inservice
serverfarm redirect REDIRECT-SERVERFARM
rserver REDIRECT-TO-TEST-DIR
inservice
serverfarm host REAL_SERVERS
probe HTTP-KEEPALIVE
rserver SERVER_01 80
inservice
rserver SERVER_01 81
inservice
rserver SERVER_01 82
inservice
class-map match-all HTTP-VIP
2 match virtual-address 10.10.10.100 tcp eq http
class-map type http loadbalance match-any ROOT
2 match http url /
policy-map type loadbalance first-match SLB-LOGIC
class ROOT
serverfarm REDIRECT-SERVERFARM
class class-default
serverfarm REAL-SERVERS
policy-map multi-match WEB-TRAFFIC
class HTTP-VIP
loadbalance vip inservice
loadbalance policy SLB-LOGIC
loadbalance vip icmp-reply active
nat dynamic 1 vlan 10
interface vlan 10
description Servers vlan
ip address 10.10.10.2 255.255.255.0
access-group input ANYONE
service-policy input WEB-TRAFFIC
nat-pool 1 10.10.10.10 10.10.10.10 netmask 255.255.255.0 pat
no shutdown
ip route 0.0.0.0 0.0.0.0 10.10.10.1
Does this help?
Sean
06-29-2010 09:24 AM
Sean,
I think this is what I was looking for, this seems to tie everything together. I will do some testing today and see how it works out? We have 1 6.3a is that a problem?
Thanks!
06-29-2010 09:29 AM
I would highly encourage you to upgrade to A2(3.1) before you get started. The code you are on is very old and many, many bugs have been fixed since then. We have also added a lot of popular features since then..
Sean
06-29-2010 10:05 AM
So if you went to www.example.com/test in the first place it should work without the redirect?
06-29-2010 10:15 AM
yes sir
Sean
06-29-2010 10:31 AM
would X.X.X.X/test work the same as well? I can't figure out why it's not working, must be the code and not the configs What if the server is doing the redirecting? Should that matter?
06-29-2010 10:42 AM
So with the example I gave it would work like this:
If you wanted, you could change the string '10.10.10.100' in the relocation string to www.example.com, as long as www.example.com will resolve to the VIP. Or, as long as DNS will resolve www.example.com to the VIP, then you could change the host from 10.10.10.100 to %h in the relocation string. In that case, it would be http://%h/test/
It is fine if the server is sending a redirect, as long as the host in the redirect Location header is either the VIP or an FQDN that resolves to the VIP.
Hope this helps,
Sean
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide