cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
550
Views
0
Helpful
5
Replies

Redirect for dummies - need some help.

Roble Mumin
Level 3
Level 3

Having a hard time to get a load balanced redirect working on the css.

What i want to do...

VIP accepts the client request and instead of forwarding it simply to port 80 on the backend it redirects it to "hostname.domain:50000/dir/".

I have read the two docs on redirecting but haven't been able to produce a working config so far. I am a bit confused which approach to take.

What configuration would be correct for the services?

service 1

ip a.b.c.d

type redirect

redirect string "hostname.domain:50000/dir/"

or

service 1

ip a.b.c.d

domain http://hostname.domain:50000/dir"

no prepend-http

---

Another thing is how do i configure the content rules. Do i only need a single rule which listenes on port 80 and just add the service or do i have to create a second rule which then listenes on port 50000.

content rule1

vip address 10.10.10.1

add service server1

protocol tcp

port 80

url "/"

active

or and additional rule like...

content rule2

vip address 10.10.10.1

add service server1

protocol tcp

port 50000

url "/"

active

Thanks for Reading!

Ps: Any advice on a good book for the CSS Series Switches?

5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

you can't use domain if you want to redirect to a specific url [that is a domain + a path].

The command domain is if you just want to replace the domain part of the url.

You need a rule 80 to catch the first request and apply the redirect.

You may need a rule 5000 if you also want to intercept this traffic and loadbalance it.

This is all explained at

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a00801de8d6.shtml

Regards,

Gilles.

I already read that example and it doesn't seem to fit for my case.

I have four servers which start their services at the path fqdn/path/.

For design reasons they need to be load balanced and appear as a single url. We have created an Record (A) in the DNS whicht points to the VIP.

service.domain.de -> 10.10.10.1

The entry directory on the server itself "/path/" is a local redirector which points to

localserver1.domain.de:50000/path/

localserver2.domain.de:50200/path/

localserver3.domain.de:50300/path/

localserver4.domain.de:50400/path/

I am able to configure a service entry for each with type redirect and use as redirect-string "/ip/path".

service redirect-localserver1-http

ip address 192.168.1.1

type redirect

no prepend http

redirect-string "http://192.168.1.1/path/"

active

my content rule looks like this

owner test

content redirect-http

protocol tcp

port 80

url "/*"

add service redirect-localserver1-http

active

The result of this rule is a working redirect based on IP address. Looks in the browser like "http://192.168.1.1/path/".

But what i need is the same thing based upon the A Record. "service.domain.de/path".

If i change the service redirect-string to "http://service.domain.de/path" i end up in a loop on the CSS.

If i understood correct i need to provide another content rule which intercepts the redirected page now. I tried different approaches but none seems to work.

Funny thing is, if i use a "global redirect" in the content rule the redirection does not work at all. Serverlog shows a "Get /" which is not what i need.

content default-redirect

redirect "//service.domain.de/path"

protocol tcp

port 80

url "/*"

add service redirect-localserver1-http

active

Any advice on what to do?

Sorry but you're not clear.

What is the url that will be entered and where do you want to redirect it.

Do you need to intercept the redirect ?

The page I gave shows the different options possible on the CSS to configure redirect.

You have to use one of these options to fit into your case.

Again, if you want to preserve the path provided by the client, all you can do is change the domain name with the domain command.

If you want to override the path, you need to use the redirect-string command.

If you want to keep part of the path or override just part of the path, this is not possible.

Gilles.

The URL the user will enter "www.mysite.com" which points to the vip.

The back end consists of 4 server. Which start their content at a directory one below root and redirect internal to a high port (5000,50200 etc.).

server1.mysite.com/path/

server2.mysite.com/path/

I want a content rule which redirects the url entered www.mysite.com to www.mysite.com/path/.

Because of reasons i can not influence we can't just simply redirect at the root of each server. So i have to redirect first on the CSS.

I got it working for http now and still have no clue if will work for https as well.

The Application we are trying to load balance this way is an SAP Enterprise Portal 6 running on IIS6 (Win2K3 Server).

I will post some part of my config now.

-------

owner Portal

content http-catch

port 80

protocol tcp

url "//www.mysite.com/irj*"

vip address x.y.z.21

add service http-sas00572

add service http-sas00573

add service http-sas00574

add service http-sas00575

active

content https-catch

application ssl

advanced-balance ssl

sticky-inact-timeout 5

balance aca

protocol tcp

port 443

url "//www.mysite.com/irj*"

vip address x.y.z.21

add service http-sas00571

add service http-sas00572

add service http-sas00573

add service http-sas00575

active

content redirect-http

protocol tcp

port 80

url "/*"

vip address x.y.z.21

add service redirect-http-sas00572

add service redirect-http-sas00573

add service redirect-http-sas00574

add service redirect-http-sas00575

balance aca

advanced-balance sticky-srcip

sticky-inact-timeout 5

active

content redirect-https

protocol tcp

port 443

url "/*"

vip address x.y.z.21

add service redirect-https-sas00572

add service redirect-https-sas00573

add service redirect-https-sas00574

add service redirect-https-sas00575

active

----------

service http-sas00572

ip address a.b.c.182

active

service http-sas00573

ip address a.b.c.183

active

service redirect-http-sas00572

ip address a.b.c.182

type redirect

keepalive type http

port 50000

keepalive frequency 15

keepalive retryperiod 15

keepalive uri "/index.html"

no prepend-http

redirect-string "http://a.b.c.182:8080/"

active

service redirect-http-sas00573

ip address a.b.c.183

type redirect

keepalive type http

port 50200

keepalive frequency 15

keepalive retryperiod 15

keepalive uri "/index.html"

no prepend-http

redirect-string "http://a.b.c.183:8080/"

active

service redirect-https-sas00572

ip address a.b.c.182

type redirect

keepalive type http

port 50000

keepalive frequency 15

keepalive retryperiod 15

keepalive uri "/index.html"

no prepend-http

redirect-string "https://a.b.c.182/irj/"

active

service redirect-https-sas00573

ip address a.b.c.183

type redirect

keepalive type http

port 50200

keepalive frequency 15

keepalive retryperiod 15

keepalive uri "/index.html"

no prepend-http

redirect-string "https://a.b.c.183/irj/"

active

ok - glad you could make it work for HTTP.

Now, for HTTPS, it will be difficult.

The advantage of HTTPS over HTTP is that the traffic is encrypted.

So nobody else than the source and the destination can see it.

Which means the CSS can't see the URL and can't respond with a redirect.

You need an ssl module to decrypt the traffic in order to do this.

Regards,

Gilles.

Review Cisco Networking for a $25 gift card