Load Balancing with ACE using HTTP Header information

Unanswered Question
Aug 4th, 2008

Hello,

I am trying to setup a class-map using http loadbalance match-all.

What I want to do is check for the HTTP Host and if it doesnot match the http referer than go to server farm A. if it does match then go to server farm B.

My problem is the host can be serveral different values as well as the referer. Can you setup varibales in the ACE so I can store the value from http host and compare it against http referer?


Thanks


Mike C.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)
Loading.
Syed Iftekhar Ahmed Mon, 08/04/2008 - 12:29

Mike~


With Nested Class-maps & Regular expressions you can achieve a lot.


I have tried to write an example that will give you a hint of the flexibility of ACE

in line with your requirements.


class-map type http loadbalance match-any uri-set-1

2 match http url /aa1/.*

4 match http ur1 /aa2/.*

6 match http ur1 /aa1/.*


class-map type http loadbalance match-any uri-set-2

2 match http url /bb1/.*

4 match http ur1 /bb2/.*

6 match http ur1 /bb1/.*


class-map type http loadbalance match-all L7-APP1

2 match http host header-value App1.com


class-map type http loadbalance match-all L7-APP2

2 match http host header-value App2.com



class-map type http loadbalance match-all APP1-policy

2 match class-map L7-APP1

3 match class-map uri-set-1



class-map type http loadbalance match-all APP2-policy

2 match class-map L7-APP2

3 match class-map uri-set-2



policy-map type loadbalance http first-match xyz


class APP1-policy

serverfarm App1-SF


class APP2-policy

serverfarm App2-SF


HTH

Syed Iftekhar Ahmed

MICHAEL CICCONE Mon, 08/04/2008 - 13:29

Syed,

I think I understand what you're doing but let me show you an example of what I'm trying to do:


class-map type http loadbalance match-any L7SLBHOST

2 match http header Host header-value ".*site1.com"

3 match http header Host header-value ".*site2.com"

4 match http header Host header-value ".*site3.com"


class-map type http loadbalance match-any L7SLBREFERER

2 match http header Host header-value ".*site1.com"

3 match http header Host header-value ".*site2.com"

4 match http header Host header-value ".*site3.com"


I need to check the HOST filed and the REFERER filed from the HTTP Header information. If they are the same then I need to send to server farm A if different then I need to send it to server farm B.


I'm not sure what to do next?


Thanks

Mike C.


Syed Iftekhar Ahmed Mon, 08/04/2008 - 13:50

It should be like this (If you want to use separate class maps for referrer & Host).


class-map type http loadbalance match-any site1-HostHDR

2 match http header Host header-value ".*site1.com"


class-map type http loadbalance match-any site1-Referer

2 match http header Referer header-value "http://site1.*"



class-map type http loadbalance match-any site2-HostHDR

2 match http header Host header-value ".*site2.com"


class-map type http loadbalance match-any site2-Referer

2 match http header Referer header-value "http://site2.*"



class-map type http loadbalance match-all Site1-policy

2 match class-map site1-HostHDR

3 match class-map site1-Referer


class-map type http loadbalance match-all Site2-policy

2 match class-map site2-HostHDR

3 match class-map site2-Referer






policy-map type loadbalance http first-match Site1


class Site1-policy

serverfarm SFarm-A

class Site2-policy

serverfarm SFarm-A

class class-default

serverfarm SFARm-B



Syed Iftekhar Ahmed

sachinga.hcl Mon, 08/04/2008 - 13:55

HI Mike/Syed,



the ACE does not allow you to specify a match-any condition for single URL, HTTP header, and URL cookie statements in the same class map but does allow you to specify a match-any condition for multiple URLs, or multiple HTTP headers or multiple cookies with different names in the same class map.


So I think above mentioned configurations will not work as they are having single host header valuse.


Kindly check.


Sachin Garg


Syed Iftekhar Ahmed Mon, 08/04/2008 - 14:06

"ACE does not allow you to specify a match-any condition for single URL, HTTP header, and URL cookie statements in the same class map"


Since you took it from the user guide.. If you look further then you will find what it means


"For example, the ACE does not allow you to specify a match-any condition for URL, HTTP header, and URL cookie statements in the same class map but does allow you to specify a match-any condition for multiple URLs, multiple HTTP headers, or multiple cookies with different names in the same class map."


In the above config there is no class-map where diff type of HDR checking is performed.


Syed



MICHAEL CICCONE Tue, 08/05/2008 - 06:16

Guys,

Again, Thanks for the help. From what I'm hearing I don't think what I'm trying to do will work. Unless I create multiple class maps. Again, I am trying to compare the HTTP Host to the HTTP Referer line. If they are the same host then go to Server Farm A if different then go to Server Farm B. So If I'm understanding you guys then I will need to create many class maps. For example. If I create the following class map:

class-map type http loadbalance match-all L7SLBREFERER

2 match http header Host header-value ".*sitea.*"

3 match http header Referer header-value ".*sitea.*"

4 match http cookie ServerID cookie-value "1024"


If all the above values are true to go server farm A. otherwise go to Server farm B.


If this will work then I just need to create server dozen to do what I want to do.


Am I correct in what I am saying?


Thanks


Mike C.




Syed Iftekhar Ahmed Tue, 08/05/2008 - 09:08

Mike


The nested class-map option that I suggested was to give you a variable like functionality (As you asked fot it in your first post of the thread).


Apart from the config I posted earlier you can achieve your objective without nested class as follows


class-map type http loadbalance match-all Sitea-L7

2 match http header Host header-value ".*sitea.*"

3 match http header Referer header-value ".*sitea.*"


policy-map type loadbalance first-match Sitea-policy

class Sitea-L7

serverfarm serverfarmA

class class-default

serverfarm ServerfarmB


Syed


MICHAEL CICCONE Tue, 08/05/2008 - 10:28

Syed,

Thanks for the help. I've got the config in place and should be testing soon.


regards


Mike C.


MICHAEL CICCONE Tue, 09/02/2008 - 13:37

Syed,

I'm still doing something wrong

This is what I have for my host and referer:


class-map type http loadbalance match-all L7_HOST_REFERER_COOKIE_TESTWABC

2 match http header Host header-value "testw[.]abc[.]com"

3 match http header Referer header-value "!^http[:][/][/]testw[.]abc[.]com.*"


What I want the above to do is find header host when equal to testw.abc.com and find a refer that is NOT equal to a line that begins with http://testw.abc.com


if the above two statements are true then send to serverfarm A. But this is not happening. I think my regular expression is wrong but I'm not finding much help in Cisco's doc.


Do you or anyone have any suggestions?


Thanks


Mike C.

Syed Iftekhar Ahmed Tue, 09/02/2008 - 14:24

I don't consider myself a regular expression expert but can you try


"^(http[:][/][/]testw[.]abc[.]com.*)"




Syed



MICHAEL CICCONE Thu, 09/04/2008 - 05:55

Syed,

I finally got this to work and wanted to post it so if anyone else is trying to do this.



match http header Referer header-value "([^a-z]|[^0-9])+"


This checks the refer filed and if there is any value at all it will send it to which ever serverfarm I choose. So combine this with another statement you get:


class-map type http loadbalance match-all L7_HOST_REFERER_COOKIE_TESTWABC

3 match http header Referer header-value "http://testw[.]abc[.]com.*"

class-map type http loadbalance match-all


L7_HOST_REFERER_COOKIE_TESTW_NOT_ABC

4 match http header Referer header-value "([^a-z]|[^0-9])+"


So in my policy map I have:


policy-map type loadbalance first-match L7_VIP_LB_DMZ_TESTW_ABC

class L7_HOST_REFERER_COOKIE_TESTWABC

serverfarm ABC123

class L7_HOST_REFERER_COOKIE_TESTW_NOT_US

serverfarm XYZ456


So if the referer is testw.abc.com then it will go to server farm ABC123 but if its anything else such as www.google.com it will got to serverfarm XYZ456.


Thank


MIke C.




chris.pomeroy Sun, 09/07/2008 - 17:04

You could have done this as well


policy-map type loadbalance first-match L7_VIP_LB_DMZ_TESTW_ABC

class L7_HOST_REFERER_COOKIE_TESTWABC

serverfarm ABC123


class class-default

serverfarm XYZ456



Actions

This Discussion