cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
834
Views
0
Helpful
4
Replies

URL LOADBALANCING IN ACE 20

s_shekeil
Level 1
Level 1

Hello Guys,

I have 2 rservers 10.30.1.73, 10.30.1.76,

I have 3 URLs in both

http://10.30.1.73:8000/hcs9prd/signon.html                       à Production

http://10.30.1.73:8085/hcs9fgtpwd/signon.html               à Forgot password

http://10.30.1.73:8020/hcs9gst/signon.html                        à Guest login

The following are the URLs in 10.30.1.76

http://10.30.1.76:8000/hcs9prd/signon.html                       à Production

http://10.30.1.76:8085/hcs9fgtpwd/signon.html               à Forgot password

http://10.30.1.76:8020/hcs9gst/signon.html                        à Guest login

I want to have only one link for two same link in both servers with this ip address 10.30.1.172

so I will have 3 link and will load balance to 6 links

http://10.30.1.172:8000/hcs9prd/signon.html

http://10.30.1.172:8085/hcs9fgtpwd/signon.html

http://10.30.1.172:8020/hcs9gst/signon.html

Please help me in configuration.

4 Replies 4

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

Good morning Salah,

You are listening on 3 different ports, so, you could just configure the most basic load-balancing setup.

Otherwise, you could create one VIP listening on several ports and then differenciate between them based on the URL. I would recommend you to have a look at http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3048.shtml for a configuration example on how to achieve this.

Regards

Daniel

Hi Danial

I have configured the below but still not working!


access-list any line 8 extended permit icmp any any
access-list any line 16 extended permit ip any any


probe http HTTP_PROBE
  interval 20
  passdetect interval 60
  expect status 200 300


rserver host Server01
  ip address 10.30.1.73
  inservice
rserver host Server02
  ip address 10.30.1.76
  inservice

serverfarm host SIS
  probe HTTP_PROBE
  rserver Server01
    weight 5
    rate-limit bandwidth 268435456
    inservice
  rserver Server02
    weight 5
    rate-limit bandwidth 268435456
    inservice

class-map match-any L4VIPCLASS
  2 match virtual-address 10.30.1.172 tcp eq www
  3 match virtual-address 10.30.1.172 tcp eq 8000
  4 match virtual-address 10.30.1.172 tcp eq 8085
  5 match virtual-address 10.30.1.172 tcp eq 8020
  6 match virtual-address 10.30.1.172 tcp eq 8050
  7 match virtual-address 10.30.1.172 tcp eq 8065
  8 match virtual-address 10.30.1.172 tcp eq 8035
class-map type management match-any REMOTE-ACCESS
  description REMOTE ACCESS TRAFFIC MATCH
  2 match protocol telnet any
  3 match protocol ssh any
  4 match protocol icmp any
class-map type http loadbalance match-any SIS_VIP_URL
  2 match http url http://10.30.1.172:8000/hcs9prd/signon.html
  3 match http url http://10.30.1.172:8085/hcs9fgtpwd/signon.html
  4 match http url http://10.30.1.172:8020/hcs9gst_u/signon.html
  5 match http url http://10.30.1.172:8035/hcs9gst_p/signon.html
  6 match http url http://10.30.1.172:8050/hcs9gst_t/signon.html
  7 match http url http://10.30.1.172:8065/hcs9gst_v/signon.html

policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
  class REMOTE-ACCESS
    permit

policy-map type loadbalance first-match POLICYMAP_L7
  class SIS_VIP_URL
    serverfarm SIS

policy-map multi-match VIPs
  class L4VIPCLASS
    loadbalance vip inservice
    loadbalance policy POLICYMAP_L7
    loadbalance vip icmp-reply active
    loadbalance vip advertise active

interface vlan 301
  ip address 10.30.1.203 255.255.255.0
  access-group input any
  service-policy input REMOTE_MGMT_ALLOW_POLICY
  no shutdown

Regards,

Salah

Hi Salah,

Your configuration has a few errors:

  • If doing URL parsing (which doesn't make sense in your case because you are anyway using the same serverfarm for all connections), you are not supposed to include the IP or port in the match statement
  • You didn't apply the multi-match policy into the vlan
  • You are using a one-arm setup (with only one vlan for all communication) so, you need somehow to ensure that traffic from the servers towards the clients also goes throgh the ACE. Normally this is done by applying NAT to the client IP address.

Try this configuration:

access-list any line 8 extended permit icmp any any
access-list any line 16 extended permit ip any any

probe http HTTP_PROBE
  interval 20
  passdetect interval 60
  expect status 200 300

rserver host Server01
  ip address 10.30.1.73
  inservice
rserver host Server02
  ip address 10.30.1.76
  inservice

serverfarm host SIS
  probe HTTP_PROBE
  rserver Server01
    weight 5
    rate-limit bandwidth 268435456
    inservice
  rserver Server02
    weight 5
    rate-limit bandwidth 268435456
    inservice

class-map match-any L4VIPCLASS
  2 match virtual-address 10.30.1.172 tcp eq www
  3 match virtual-address 10.30.1.172 tcp eq 8000
  4 match virtual-address 10.30.1.172 tcp eq 8085
  5 match virtual-address 10.30.1.172 tcp eq 8020
  6 match virtual-address 10.30.1.172 tcp eq 8050
  7 match virtual-address 10.30.1.172 tcp eq 8065
  8 match virtual-address 10.30.1.172 tcp eq 8035
 
 
class-map type management match-any REMOTE-ACCESS
  description REMOTE ACCESS TRAFFIC MATCH
  2 match protocol telnet any
  3 match protocol ssh any
  4 match protocol icmp any
 
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
  class REMOTE-ACCESS
    permit

policy-map type loadbalance first-match POLICYMAP_L7
  class class-default
    serverfarm SIS

policy-map multi-match VIPs
  class L4VIPCLASS
    loadbalance vip inservice
    loadbalance policy POLICYMAP_L7
    loadbalance vip icmp-reply active
    loadbalance vip advertise active
    nat dynamic 1 vlan 301

interface vlan 301
  ip address 10.30.1.203 255.255.255.0
  access-group input any
  nat-pool 1 10.30.1.172 10.30.1.172 netmask 255.255.255.0 pat
  service-policy input REMOTE_MGMT_ALLOW_POLICY
  service-policy input VIPs
  no shutdown

Hello,

I tried the configuration you sent, still not working,

if i didn't type the full link the server will not answer I should mention the whole link,


probe http HTTP_PROBE
  interval 20
  passdetect interval 60
  expect status 200 300


rserver host Server01
  ip address 10.30.1.73
  inservice
rserver host Server02
  ip address 10.30.1.76
  inservice

serverfarm host SIS
  probe HTTP_PROBE
  rserver Server01
    weight 5
    rate-limit bandwidth 268435456
    inservice
  rserver Server02
    weight 5
    rate-limit bandwidth 268435456
    inservice

class-map match-any L4VIPCLASS
  2 match virtual-address 10.30.1.172 tcp eq www
  3 match virtual-address 10.30.1.172 tcp eq 8000
  4 match virtual-address 10.30.1.172 tcp eq 8085
  5 match virtual-address 10.30.1.172 tcp eq 8020
  6 match virtual-address 10.30.1.172 tcp eq 8050
  7 match virtual-address 10.30.1.172 tcp eq 8065
  8 match virtual-address 10.30.1.172 tcp eq 8035
class-map type management match-any REMOTE-ACCESS
  description REMOTE ACCESS TRAFFIC MATCH
  2 match protocol telnet any
  3 match protocol ssh any
  4 match protocol icmp any

policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
  class REMOTE-ACCESS
    permit

policy-map type loadbalance first-match POLICYMAP_L7
  class class-default
    serverfarm SIS

policy-map multi-match VIPs
  class L4VIPCLASS
    loadbalance vip inservice
    loadbalance policy POLICYMAP_L7
    loadbalance vip icmp-reply active
    loadbalance vip advertise active
    nat dynamic 1 vlan 301

interface vlan 301
  ip address 10.30.1.203 255.255.255.0
  access-group input any
  nat-pool 1 10.30.1.172 10.30.1.172 netmask 255.255.255.0 pat
  service-policy input REMOTE_MGMT_ALLOW_POLICY
  service-policy input VIPs
  no shutdown

Review Cisco Networking for a $25 gift card