jlamousn Wed, 08/18/2010 - 06:17
User Badges:

Interesting.  We would need to know more about your config and this may require more involved troubleshooting by Cisco Tac.  The class-map configuration is fine since it works on my setup.


Thanks


Joel Lamousnery

TAC Customer Support Engineer

bsbanksysteme Wed, 08/18/2010 - 06:32
User Badges:

Hi !


Thanks for your comment.


Can you give me some troubleshooting hints for the moment ?


kr

jlamousn Wed, 08/18/2010 - 07:12
User Badges:

Assuming the rest of the config is correct, which I don't have the rest of your config.  You can check "show stats http"  check to see if static parse or max parse length errors are incrementing when you connect to the vip, if the ace run into any of these errors then it would not able to do any layer 7 function like matching that host header.


Joel Lamousnery

TAC Customer Support Engineer

bsbanksysteme Wed, 08/18/2010 - 07:20
User Badges:

Hi !


I


We connect with xxx.org in our browser on which address we do a ssl offload and layer 7 loadbalancing.

This works very good.


Now we would need a redirection when we enter www.xxx.org in the browser to the xxx.org L7 LB.


DNS ist working for xxx.org and www.xxx.org (both to the same ip)

Can you help me with a config example ?

I cannot put my config in because off the names and IP addresses.

kr

jlamousn Thu, 08/19/2010 - 05:37
User Badges:

kr,


Here is a sample config


class-map match-all WEB_VIP
  2 match virtual-address 10.10.10.10 tcp eq www


class-map type http loadbalance match-all www
  2 match http header Host header-value "www.xxx.org"
class-map type http loadbalance match-all www1
  2 match http header Host header-value "www1.xxx.org"


policy-map type loadbalance first-match WEB
  class www
    serverfarm Farm1
  class www1
    serverfarm Farm2
  class class-default
    serverfarm Farm3


policy-map multi-match WEB
  class WEB_VIP
    loadbalance vip inservice
    loadbalance WEB
    loadbalance vip icmp-reply active


As I previously stated, you may need to open a tac case for more advanced troubleshooting.


Thanks

Joel Lamousnery

bsbanksysteme Mon, 08/23/2010 - 06:36
User Badges:

Hi !


Done, but getting errors:




+------------------------------------------+
LB parse result msgs sent : 10         , TCP data msgs sent       : 0
Inspect parse result msgs : 0          , SSL data msgs sent       : 0
                      sent
TCP fin msgs sent         : 0          , TCP rst msgs sent:       : 0
Bounced fin msgs sent     : 0          , Bounced rst msgs sent:   : 0
SSL fin msgs sent         : 0          , SSL rst msgs sent:       : 0
Drain msgs sent           : 0          , Particles read           : 10
Reuse msgs sent           : 0          , HTTP requests            : 10
Reproxied requests        : 0          , Headers removed          : 0
Headers inserted          : 0          , HTTP redirects           : 0
HTTP chunks               : 0          , Pipelined requests       : 0
HTTP unproxy conns        : 0          , Pipeline flushes         : 0
Whitespace appends        : 0          , Second pass parsing      : 0
Response entries recycled : 0          , Analysis errors          : 0
Header insert errors      : 0          , Max parselen errors      : 0
Static parse errors       : 10         , Resource errors          : 0
Invalid path errors       : 0          , Bad HTTP version errors  : 0
Headers rewritten         : 0          , Header rewrite errors    : 0
Unproxy msgs sent         : 0



class: CLASS-MAP-REDIRECT-www
     VIP Address:    Protocol:  Port:
     192.xxxxxx   tcp        eq    443
     192.xxxxxxx  tcp        eq    80
      loadbalance:
        L7 loadbalance policy: WWW
        VIP Route Metric     : 77
        VIP Route Advertise  : DISABLED
        VIP ICMP Reply       : ENABLED
        VIP state: OUTOFSERVICE
        curr conns       : 0         , hit count        : 20
        dropped conns    : 20
        client pkt count : 60        , client byte count: 5250
        server pkt count : 0         , server byte count: 0
        conn-rate-limit      : 0         , drop-count : 0
        bandwidth-rate-limit : 0         , drop-count : 0
        L7 Loadbalance policy : WWW
          class/match : WWW
            LB action: :
               primary serverfarm: REDIRECT-SERVERS-WWW
                    state: DOWN
                  backup serverfarm : -
            hit count        : 0
            dropped conns    : 0



Any suggestions ?


Get no rdirect

bsbanksysteme Tue, 08/24/2010 - 00:10
User Badges:

Hi !


works now.

No connection drop anymore.

Must be some configuration error. Can´t exactly tell anymore.


fixed it with host header-value "www.*"


Thanks for ya help

tkitzky Sun, 10/10/2010 - 15:43
User Badges:

For future reference... the problem is that you are not escaping the periods in the regex expression in your class-map. Periods in regex are not just periods, they have special meaning so need to be "escaped" in order to escape their special meaning within the regex. Anyway... you should learn regex a little before getting too involved with these layer-7 class-maps.


Try this to match a specific Host header value.


class-map type http loadbalance match-all WWW.EXAMPLE.COM
  2 match http header Host header-value "www[.]example[.]com"
class-map type http loadbalance match-all IMAGES.ANOTHER-EXAMPLE.COM
  2 match http header Host header-value "images[.]another-example[.]com
"

Actions

This Discussion