Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1001
Views
0
Helpful
3
Replies

Redirect based on list of source IP ranges

osiristrading
Level 1
Level 1

‎12-21-2010 07:07 AM

Hi everyone

We are looking for a way to 302 redirect a client to an alternate url based on their source IP address. If they do not match the source IP, the request will be load balanced to a farm.

The list of matching IP ranges is quite large though - there are upwards of 5000.

Is there a way to do this on the ACE 4710 efficiently?

Thanks

A

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎12-23-2010 12:21 AM

Yes, you can use an HTTP class-map

Scimitar1/User1(config)# class-map type http loadbalance redirect_clients
Scimitar1/User1(config-cmap-http-lb)# match source-address ?
    Enter client source address to match

Then you can use this class-map in your policy-map to use different serverfarm

Scimitar1/User1(config)# policy-map type load first-match WEB
Scimitar1/User1(config-pmap-lb)# class ?
  class-default     Specify actions for default class-map
  redirect_clients

Scimitar1/User1(config-pmap-lb)# class redirect_clients
Scimitar1/User1(config-pmap-lb-c)#
<.....add your redirect serverfarm here ......>

Scimitar1/User1(config-pmap-lb-c)# ex
Scimitar1/User1(config-pmap-lb)# class class-default
Scimitar1/User1(config-pmap-lb-c)#

<.... add your loadbalancing serverfarm here .....>

This is going to be a bit tedious to configure your 5000 client ip addresses.

Maybe you could script it ?

Gilles.

0 Helpful

osiristrading
Level 1
Level 1
In response to Gilles Dufour

‎12-23-2010 12:32 AM

Hi Gilles

Thanks for the reply. I figured something like that might work.

A) Will 5000 "match source address" entries actually be allowed? I can't find any documentation on hard limits.

B) Is the 4710 powerful enough that this will not slow it down a lot?

I can easily script this, I was more worried about the limitations of the device. I tried a 5000 line access list on a low end router, and it wasn't happy!

Thanks

A

0 Helpful

osiristrading
Level 1
Level 1
In response to osiristrading

‎02-24-2011 07:30 AM

So, I got round to attempting to implement this. It turns out that you can only have 1024 entries per "class-map type http loadbalance" class map entry.

I tried to set up a parent class to match multiple child classes (with each child class having 1024 entries). Unfortunately, the ACE stopped taking my config after about 8300 entries (split over 9 class-maps), complaining that I'd reached the limit of match entries.

Any ideas to get around this? We have around 10000 entries which we need to match on.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Top