One Arm config Domain Name Content rule

Unanswered Question
Sep 8th, 2010
User Badges:

Hi Guys

How does domain name content rule works in one arm config.

What do we put in source groups as VIP address.

Does it need host headers in WebServer as a requirement.

How does the client request gets completed.

Any help much appriciated..

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jsirstin Thu, 09/09/2010 - 09:32
User Badges:
  • Cisco Employee,


Can you give some more details on what you mean by "domain name content rules"?



virtualoffis Thu, 09/09/2010 - 15:15
User Badges:

Thanks for your reply Jim,

This is what I am trying to do in a One arm config topology

( As the CSS guide ( cntntgd.pdf ) says under Configuring a Domain Name content rule)

The CSS allows you to use a domain name in place of, or in conjunction with, a

VIP address in a content rule. Using a domain name in a content rule enables you


Enable service provisioning to be independent of IP-to-domain name


Provision cache bandwidth as needed based on domain names

So I am trying to create a content rule with a domain name instead of VIP address. For ex.

content domainRule3

protocol tcp

port 80

url "//*"

add service Serv1


group servers

add destination service Serv1

VIP address  ???????? ( what shd we put in here )

In this case what do we put as VIP address in source groups and how does the traffic flows from Client to actual Server in One arm topology. I am trying this topology where we have multiple sites configured with the same IP address with host headers

My assumption is that I shd configure DNS servers with VIP address for and use that as VIP address in source group. But how does the actual traffic flows from client to servers

Many thanks.

jsirstin Fri, 09/10/2010 - 06:04
User Badges:
  • Cisco Employee,

Thank you for the clarification.

This is what the traffic flow will look like in a one-armed config.

Traffic will enter the CSS with the source IP of the Client destined to the VIP address that it receives from DNS. The CSS will need to spoof the connection until it gets the client request. At that time it can make the load balance decision since it can reads the host header of the packet and decides what content rule it matches. Once it finds the correct content rule it will load balance to the server. At this point the packet will have the source IP of the VIP in the group, destined to the server that it load balanced to. CSS will use it's routing table to forward this packet to the sever. The reason you need the group is so that the server responds back to the CSS rather that directly back to the client.

The address you put in the group can be any address that routes back to the CSS. Usually this is the same as the content rule vip, or any local IP in the CSS curcuit vlan subnet.



virtualoffis Mon, 09/13/2010 - 21:32
User Badges:

Thanks Heaps.

This would be same as configuring multiple content rules with same VIP address and different domain names, right

What is the best way if we have to load balance several sites with same IP address and different host headers.

virtualoffis Mon, 09/13/2010 - 22:19
User Badges:

Also, how the client packet will be directed to CSS since it is one arm config and has only Domain name configured and not VIP address.

There won't be any arp reply as well.

jsirstin Thu, 09/16/2010 - 03:45
User Badges:
  • Cisco Employee,


DNS is still going to be resolving these domains to some IP address. You would need to have routing set up to forward those IPs to the CSS interface/redundant-interface. You can also add the VIP address to the content rule along with the domain. If multiple domains resolve to the same IP you can create a content rule for each domain name all containing the same VIP address.

The CSS will parse the client request for the host header and match it to the correct rule.




This Discussion