cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1050
Views
0
Helpful
11
Replies

HTTP header insertion problem with ACE

lukaszkhalil
Level 1
Level 1

Hi

I try to configure the HTTP header insertion feature based on the action-list type modify http. Unfortunately it does not works.

The config looks like that

action-list type modify http TEST

header insert both Host header-value test:test.

I added this action-list to the correct policy-map.

When I checked the snifer output on the server side, there is no test value in the HTTP header.

I test the same feature based on the "insert-http" command in the policy-map and this one works.

Could anybody help me with this problem?

Thank you in advance

Regards

Lucas

4 Accepted Solutions

Accepted Solutions

configure persistence rebalance with a parameter-map.

G.

View solution in original post

Hi Lukas,

Add a new parameter-map named PRMAP_PERST_REBLNC and add this to the policy map using command appl-parameter http advanced-options PRMAP_PERST_REBLNC as shown below:

action-list type modify http test-insert

header insert both My-Header header-value test

header insert both SSL header-value TRUE

policy-map type loadbalance http first-match HtppInsert

class class-default

serverfarm linux1-80

action test-insert

policy-map multi-match SLB1

class VIP-122-80

loadbalance vip inservice

loadbalance policy HtppInsert

loadbalance vip icmp-reply active

loadbalance vip advertise active

loadbalance vip advertise metric 1

connection advanced-options SetTos

appl-parameter http advanced-options PRMAP_PERST_REBLNC

parameter-map type http PRMAP_PERST_REBLNC

persistence-rebalance

Hope this will make all the packets are inserted with the http header not the first one only.

If it works then plz inform.

Kind Regards.

Sachin Garg

View solution in original post

Instead of persistence-rebalance in your parameter map. Use header modify per-request in the parameter map. This introduces less overhead as we don't need to make a load balance decsion just insert the header.

View solution in original post

Lucas,

analyzing data requires time, cpu, memory ... resources.

So we try to only analyze a minimum of data.

Without persistence rebalance, once we have made our loadbalancing decision, we simply switch the traffic without looking into the data.

This is the best option to achieve best performance.

By configuring 'persistence rebalance' you forces ACE to inspect every request.

You'll get lower performance but since we inspect all request we are able to insert the header to each of them.

Gilles.

View solution in original post

11 Replies 11

Gilles Dufour
Cisco Employee
Cisco Employee

I just gave it a try in my lab and it works.

action-list type modify http test-insert

header insert both My-Header header-value "gilles"

header insert both Host header-value "192.168.30.24:80"

policy-map type loadbalance http first-match HtppInsert

class class-default

serverfarm linux1-80

action test-insert

policy-map multi-match SLB1

class VIP-122-80

loadbalance vip inservice

loadbalance policy HtppInsert

loadbalance vip icmp-reply active

loadbalance vip advertise active

loadbalance vip advertise metric 1

connection advanced-options SetTos

My version: A2(1.4a)

G.

Ok thank you. I did my tests on version A2(1.4) so I'll try to do that on A2(1.4a)

Lucas

Hi

I've done some tests on A2(1.4) and I confirm that the feature works, but the problem is that the new header field in being inserted only into the first packet of the flow. The rest of the packets do not have this parameter set.

Do you know how it can be fixed ?

Regards

Lucas

Hi Lukaszk,

Enter an unquoted text string with no spaces and a maximum of 255 alphanumeric characters in the expression part as shown below.

action-list type modify http test-insert

header insert both My-Header header-value gilles

header insert both Host header-value 192.168.30.24:80

header insert both Host header-value www.cisco.com

Kind Regards,

Sachin Garg

He

I tried to do that, but the results are the same.

My config is as below

action-list type modify http test-insert

header insert both My-Header header-value test

header insert both SSL header-value TRUE

I attached this action-list to the SSL policy-map, and what I saw is that the new headers appeared only in the first HTTP packet of the flow.

Regards

Lucas

configure persistence rebalance with a parameter-map.

G.

Hi Lukas,

Add a new parameter-map named PRMAP_PERST_REBLNC and add this to the policy map using command appl-parameter http advanced-options PRMAP_PERST_REBLNC as shown below:

action-list type modify http test-insert

header insert both My-Header header-value test

header insert both SSL header-value TRUE

policy-map type loadbalance http first-match HtppInsert

class class-default

serverfarm linux1-80

action test-insert

policy-map multi-match SLB1

class VIP-122-80

loadbalance vip inservice

loadbalance policy HtppInsert

loadbalance vip icmp-reply active

loadbalance vip advertise active

loadbalance vip advertise metric 1

connection advanced-options SetTos

appl-parameter http advanced-options PRMAP_PERST_REBLNC

parameter-map type http PRMAP_PERST_REBLNC

persistence-rebalance

Hope this will make all the packets are inserted with the http header not the first one only.

If it works then plz inform.

Kind Regards.

Sachin Garg

Instead of persistence-rebalance in your parameter map. Use header modify per-request in the parameter map. This introduces less overhead as we don't need to make a load balance decsion just insert the header.

Hello

I've done a test and it works as well as the persistent-rebalance.

Could you please explain to me why when using persistent-rebalance I see the header value in each packet ?

Thank you in advance

Regard

Lucas

Lucas,

analyzing data requires time, cpu, memory ... resources.

So we try to only analyze a minimum of data.

Without persistence rebalance, once we have made our loadbalancing decision, we simply switch the traffic without looking into the data.

This is the best option to achieve best performance.

By configuring 'persistence rebalance' you forces ACE to inspect every request.

You'll get lower performance but since we inspect all request we are able to insert the header to each of them.

Gilles.

ok, now it is clear for me.

Thank you

Lucas

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: