08-19-2008 05:11 AM
Hello,
In the Application Control Engine Module Command Reference manual,
the section about "Class Map HTTP Load Balancing Configuration Mode Commands"
mentions for "(config-cmap-http-lb) match http url" that
| Usage Guidelines
|
| Include only the portion of the URL following http://www.hostname.domain in
| the match statement. For example, in the URL
| http://www.anydomain.com/latest/whatsnew.html, include only
| /latest/whatsnew.html. To match the http://www.anydomain.com portion, the
| URL string can take the form of a URL regular expression.
It is a bit contradictory, but my interpretation of this explanation is
that if one uses a regular expression pattern it could match the
hostname portion of the URL. I tried, among others, the following
patterns to no avail:
match http url www[.]hostname[.]domain/.*
match http url /www[.]hostname[.]domain/.*
match http url //www[.]hostname[.]domain/.*
match http url http://www[.]hostname[.]domain/.*
- What is the proper pattern to use to match the hostname portion?
- Is there a way to debug pattern matching (i.e. see what is the input
to match and which "match http url" line matched)?
I would like to use this in order to direct HTTP queries to different
servers depending on specific combinations of (apache virtual) host
and path. One could use
(config-cmap-http-lb) match http header Host header-value www[.]hostname[.]domain
but then one is forced to use "match-all", which becomes very
cumbersome if there are many virtual hosts and a lot of paths patterns
for the same virtual host.
Incidently, the table describing regular expression characters
does not mention "(expr)? Zero or one of expression". It works and is
very useful; e.g:
match http url "/path_with_or_without_trailing_slash(/.*)?"
Thanks in advance for you help!
Dominique
Solved! Go to Solution.
08-19-2008 08:51 AM
URL is the piece that comes after the HTTP method in the HTTP request
from the client. Since that will not contain the hostname (unless the
request is destined for an HTTP proxy), you will need to read the
hostname from the host header.
If you look at a HTTP request it looks like
GET /index.htm HTTP/1.1\r\n <-- This is the url
Host:www.cisco.com <-- This is the HOST
If you want to match these two conditions then you need to math both HOST and URL.
The syntax would look like:
class-map type http loadbalance match-all xyz
2 match http header Host header-value www[.]cisco[.]com
3 match http url /index.htm
HTH
Syed Iftekhar Ahmed
08-19-2008 08:51 AM
URL is the piece that comes after the HTTP method in the HTTP request
from the client. Since that will not contain the hostname (unless the
request is destined for an HTTP proxy), you will need to read the
hostname from the host header.
If you look at a HTTP request it looks like
GET /index.htm HTTP/1.1\r\n <-- This is the url
Host:www.cisco.com <-- This is the HOST
If you want to match these two conditions then you need to math both HOST and URL.
The syntax would look like:
class-map type http loadbalance match-all xyz
2 match http header Host header-value www[.]cisco[.]com
3 match http url /index.htm
HTH
Syed Iftekhar Ahmed
08-20-2008 02:33 PM
Thanks for the explanation: it makes sense that the matching is made
on the argument of the method (i.e. an explicit string in the HTTP
protocol rather than a string constructed from various pieces as the
name "URL" would let one believe).
I was confused because by definition an URL is an absolute URI that
always includes the scheme (e.g. "http://") and the host name
(cf. http://tools.ietf.org/html/rfc1738#section-5); i.e. I thought
that the example regular expression patterns given in the manual were
not anchored and thus could match an URL. The piece that comes after
the HTTP request method in the general case should not be called an
URL: it can be an URL but is usually an absolute path (cf
http://tools.ietf.org/html/rfc2616#section-5.1.2).
The manual clarity could be improved by specifying that the pattern
following "match http url" should match the first argument of the HTTP
request method (i.e. "Request-URI" of RFC 2616).
Some logging of the matching process would have helped to understand
what is really happening:
- Is it possible to trace or log "match" lines or class-maps, or more
generally the full classification process?
Best regards,
Dominique
08-20-2008 02:56 PM
Using "Show service-policy" you can see which class-map is hit how many times. Its a great help to see if your traffic is really falling under the Class-maps you defined.
for example
Ace/Context# show service-policy Vlan10-policy detail
Status : ACTIVE
Description: -
-----------------------------------------
Interface: vlan 10
service-policy: Vlan10-policy
class: VIP
VIP Address: Port:
10.10.10.10 eq 80
loadbalance:
L7 loadbalance policy: APP1-policy
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
curr conns : 0 , hit count : 10
dropped conns : 1
client pkt count : 67 , client byte count: 14414
server pkt count : 81 , server byte count: 9545
L7 Loadbalance policy : APP1-policy
class/match : CLASS-A <-- No hits for this class
LB action :
serverfarm: serverfarm1
hit count : 0
dropped conns : 0
class/match : CLASS-B <--31 hits for this class
LB action :
serverfarm: serverfarm2
hit count : 31
08-20-2008 05:55 PM
You are right: "show service-policy" gives a very useful information.
Infortunately, if the classes are complex, it might become difficult to locate the pattern that did (or did not) match. e.g. when there are classes of classes and there is a typo somewhere in a pattern:
class-map type http loadbalance match-any virtual_host_class
2 match http header Host header-value "vhost(\.domain\.com){0,1}(:8[0_9]{1,3})?"
class-map type http loadbalance match-any path_class
2 match http url "/complexpattern1(/.*)?"
3 match http url "/complexpattern2(/.*)?"
class-map type http loadbalance match-all host_and_path_class
2 match class-map virtual_host_class
3 match class-map path_class
If traffic to http://vhost:8080/path1 fails to match it might be difficult to trace it to the pattern "[0_9]" that should be "[0-9]".
With just "show service-policy" one would have to isolate each "match" line: tedious.
Thanks again for your answers!
Best regards,
Dominique
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide