Cisco Application :: ACE4710s / HTTP Redirection To Individual Servers In Farm?
Jun 19, 2012
I am wondering if there is a method to redirect particular URLs to individual real servers in a server farm.Scenario: We have an url which is setup on our ACE4710s (A3 2.4) to load balancer to a particular server farm as per standard setup i.e.Customers access [URL] on an external VIP, this is then load balanced to a server farm "SF_WEBSITE" consisting of 2 real servers "Server_A" and "Server_B". Nothing difficult in this set up. However, I have eeen asked if it is possible to redirect certain urls to individual servers within the server farm "SF_WEBSITE": e.g.
Action 1 - Customers access [URL] is redirected to "Server_A" only
Action 2 - Customers access [URL] is redirected to "Server_B" only
Default Action - Customer access [URL] anything else is redirected to server farm "SF_WEBSITE" and is load balanced between "Server_A" and "Server_B"
The Standard Class Maps and Policy would be something like:
policy-map type loadbalance first-match SLB_WEBSITE
class class-default
serverfarm SF_WEBSITE
Where I thought I would need something like:
class-map type http loadbalance match-all CMAP_AREA1
description CMAP used to capture specific URL for area 1
2 match http url /area1
class-map type http loadbalance match-all CMAP_AREA2
description CMAP used to capture specific URL for area 2
2 match http url /area2
[code]...
I think the above method is ok for 1 instance, but if it test successfully, my company would want to to roll this out across dozens of server farm configurations each consisting of numerous real servers, which will make the administration and implementation time overheads massive, not to mention complicating and lengthening the configuration.
i have a 4710 appliance (one armed) and i am load balancing with two webservers. In the URL, there are links that need to be redirected to https:
[URL]
i am using the
rserver redirect REDIRECT-TO-HTTPS[URL]
The https is working but i have a problem. when i access the Main link "first" it is redirected to https to the Main link.But if i access one of the Sublinks directly(without having to click on the main link first) the page is redirected to https but to the Main Link. i have to click the Sublink again in order to get the page.How can i redirect to https and stay on the same page? What might be the general link in the webserver-redirection?
I have an RDP server farm that lost a disk. The RDP service was still running but users were unable to log in. I'd like to create a health probe that does maybe a combination of TCP probe for port 3389 and something that can determine if the drive that stores user profiles is available.
I cannot add any new service (http or ftp) to the server. Is there any way I can check SNMP mibs on the windows server or maybe WMI through TCL?
I have a requirement to select a farm based on source IP address. I tried creating a match all class-map that matches on the virtual-address and source address but I get this message.LB01/Admin(config-cmap)# match source-address x.x.x.75 255.255.255.255 Error: Only one match virtual-address is allowed in a match-all class-map and it cannot mix with any other match type To me this is the only place where it makes sense to set the source match criteria.
ACE 4710 software A3(2.7) [code] Why is the fail-on-all option missing from the serverfarm that is of type redirect? This option is something that I would actually need in a certain situation.
I have CSS in single arm deployment model. I want to configure port redirection for the servers. Servers are actually running web service on port TCP 3636. Which is accessibale by VIP http://192.168.200.87:3636 but I dont want to give user this URL I want the user to use standard HTTP URL as mention below, I want user to open http://192.168.200.87 and once they access this URL automatically CSS redirect them to port 3636. How I can achive this. I am using IP addresses for the load balancing.
if a Cisco router or switch can handle wccp redirection enabled for both waas and some other web content filtering appliance using a different service group?
seems like the priority value would come into play determining which service group gets handled first?
we currently do WCCP for WaaS on our 3945s.
I am going to advocate to my customer that we separate this out for CPU load issues, config complexity issues, IOS issues, etc... but the question is going to come up - "can we do WCCP for different applications on our Catalyst 3750 core switch, or our 3945 WAN routers?"
I have a number of web sites that are currently being load balanced by CSS 11503s runninng 8x code. I was recently requested to configure HTTP --> HTTPS redirects on the CSS for every site. In the past, I have only configured the redirects for sites that had a requirement. Now it appears that the server teams want all content encrypted.
1) What impact will this have on the CPU? 2) What impact will this have on Memory utilization? 3) Is there a maximum nubmer on redirects? 4) Are there other things I should be concerned about?
is it possible to construct the L7 HTTP class-map expression to match all URLs except one? I have 1 correct url, for example: /correcturl.* and want to redirect requests to all other possible URLs to this one, without the need to list them all in "possitive match" statements.
I have an ACE version A5.2 configured in one-armed leg (doing source nat). I have a requirement to add(or copy) the "referer" header value from the original request to the request send by ACE.
I cannot figure out how to copy this value. It is easy to add the source ip address by adding: " insert-http x-forwarded-for header-value "%is".
So how I am going to copy the Refere header?
#Referer #Address (URI) of the resource from which the URI in the request was obtained
For a CSS with a SSL module (performing SSL termination) - is it possible to impliment a redirect on https URL to send to equivalent http URL.If my understanding is correct, the CSS will do SSL termination and then use an http content rule on the resultant http stream as it is recursively handled by the CSS ? This would mean that the SSL module has no way of seeing/acting on layer 5 and above data (i.e. picking up on a specific URL) and can not itself issue a redirect - i.e. you could not associate a redirect statement or service with the following ssl content rule ? [code]The CSS would instead rely on a http content rule to impliment a redirect - i.e. you would have to associate a redirect statement or service to the following http content rule instead?
But if the CSS is already handling traffic for existing url... traffic that is going to cause a loop when a client goes direct to. url...I realise the requirment is uncommon / a bit convoluted, its one of those don't ask type scenarios - aimed at achieving a specific requirement.Would the ACE 4710 be able to handle such a scenario any differently ?
I am trying to make a redirect from http to https. the goal is whenever a user writes in http://10.80.199.71 it should be redirected to https://10.80.199.71 I am just haveing some trouble making it work.
How to configure a redirection on the ACE from HTTP to HTTPS using specific URL example [URL] to [URL], the SSL certificates were installed on the servers.
I need to configure a keepalive that check an url in a server (http in port 9500 not in port 80) and check the port 443 in the same server. If any of them not response . the service should go down.
We had a PCI security audit of an existing VIP on our ACE 4710. The VIP is set up as HTTPS terminating on the ACE with a http redirect for all 80 traffic. The audit reported this VIP was vunerabled to the Cisco "IOS HTTP Authorization Vulnerability". Which basicly states, http Management is on this IOS device. It does not make any sense, as the VIP is pointed to a pair IIS servers?
I have a requirement to load balance OWA 2010 inbound connectivity to 2 CAS servers using a ACE 4710 with sticky sessions enabled.
The CAS servers are currently responding on 80 or 443 at this moment in time. Eventually I want to off load the SSL to the ACE 4710, its currently running on the CAS servers. I need to enable sticky sessions to keep the session to the same CAS server for each internet based connection. I also have a proxy enabled for inbound connectivity so I cannot use source IP.
Here is my configuration but it doesn’t seem to be working, i am currently testing with port 80 connections not SSL.
I am configuring a GSS to check an Web server that responds to https requests.I put 443 as the port but I don´t see replies from the server and the Answer Status is always offline.Other servers using http on port 80 are showing OK.The appliance is a GSS-4492-k9 Version 3.1(0).
We are using a ACE 4710 with A3(2.6) software release.I had to change our sticky load balancing method for HTTPS to cookie based.However while connections appear to work if I look at the show sticky database table I can not see or confirm sticky entries for the cookie based connections.Here or config snippets to show the config
I recently "inherited" a CSS 11503 - I've only used ACEs before - and I want to get HTTP keepalives working.To start, I created a test service:
lb-1# show run service sunbird-http-7025-test !************************** SERVICE ************************** service sunbird-http-7025-test port 7025 ip address 141.211.229.168
We are migrating from ACE 20 module to an ACE 4710 appliance. [code] When pasting in the config on the ACE 4710 running A4(2.1) code, I get the subject error message when trying to enter in the highlighted sticky-serverfarm command above. Again, this config works on the older hardware and older code.
Can the ACE appliance behave as a reverse proxy for http and ssl traffic? I would assume it can given how it does SLB but SLB is not a requirement at this time.
We want to mask part of the path prefix to hide development content: For example: the site(s) are: [URL]However we don't want anything with acme showing...so we would want the loadbalanced url to be: [URL] ...for requests and responses. I think this would be an http re-write request/response scenario?Is this possible to configure this on the ACE Device? We've got the load balance configuration down...not sure how to do this re-write type scenario?
After replacing a Cisco CSS/SSL Accelorator and PIX firewall with an ACE 4710 to do load balancing and SSL encryption behind an ASA firewall we started seeing mangled HTTP requests in the Apache access logs for the servers in the server farm. This is occurring for several different URLs and not just the one above and for multiple web browsers.The ACE load balances to servers running Tomcat 7 with Apache HTTP server v. 2.2.14. A recent ACE software upgrade to A5(2.1) has not fixed the problem.
I have question about the basics of a high performance application and database server connection to each other. I have two servers, one application and one database server. Both of them are Windows 2008 R2 servers. I would like to connect them. What is the best configuration for quicker communication between them. Is it better to connect them through a network switch? Or directly connect them? Do I need to dedicate one of the ethernet ports on each server to separate their traffic to each other, from the internet connection traffic?
We have deployed an ACE 4710 and its working perfectly. But the problem is that after I chage the default gateway of the servers I am not able to transfer files from one server to other. Is there any special configuration needs to be done on ACE to achieve this?Other than copy Ping, telnet and everything is working fine from the servers. These servers are in the same subnet & VLAN.
I saw a strange beaviour in the ACE30 today.We are configuring most of our VIP:s with "loadbalance vip icmp-reply active" and I haven't thought about it that much.I just assumed it would do what the command says.Today an Intel tech called and said that he had taken down the webservice on port 80 on both servers in a serverfarm and he could still ping the VIP.I had a look in the ACE and saw that the VIP was marked OUTOFSERVICE. But he could still ping it at that moment.What is the criteria for the VIP not to respond to ping with the above command set?
I am going to install two new Cisco Prime LMS 4.1 servers application in a Master and Slave Deployment, and how many bandwidth is consumed between the servers.
is there a possibility to get a load balancing across two rservers so: when client sends http://vip/ and it goes to rserver1 then url is sent without change when client sends http://vip/ and it goes to rserver2 then url is modified to http://vip/xyz/
Or maybe load balancing can be done across two serverfarms ?
I'm setting up an ACE 4710 in our test lab before deploying in production. Do the test web servers I am using need to use the ACE as their default gateway? The are currently configured to use a multilayer switch on their vlan as their gateway but I'm guessing the ACE needs to see the return traffic for load balancing to work correctly?