×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ACE redirect from port 80 to port 8080

Answered Question
Feb 16th, 2012
User Badges:

Hello.


In ACE module I am trying to redirect traffic (80 to 8080). The thing is that my VIP receives traffic in port 80, 8080 and 443 and I want to redirect only http traffic.


I have tried the following config:


access-list http extended permit tcp any any eq www


serverfarm host A

  rserver 10.0.0.1

   inservice

  rserver 10.0.0.2

   inservice



serverfarm host A-80to8080

  rserver 10.0.0.1 8080

   inservice

  rserver 10.0.0.2 8080

   inservice



class-map match-any VIP

100 match virtual-address 1.1.1.1 any


class HTTP

  10 match access-list http


policy-map type loadbalance first-match A

  class HTTP

   serverfam A-80to8080

  class class-default

    serverfarm A



The thing is that the class HTTP is not acepted. Does anyone know if it is possible to loadbalance traffic based on an ACL? I have also tried port numbers on class HTTP and it didn´t worked also.


Best regards,

Joao Carvalho

Correct Answer by mgalazka about 5 years 6 months ago

Hi Joao,


You could try to accomplish this by doing something like the below config?  Basically create two different LB policies - one for straight through, one for PAT. 


Alternatively, if you are OK with a non-transparent redirect, you could create a rserver type redirect to handle the port 80 to 8080 redirect.  This would throw a 302 redirect at the user's browser, thus immediately transferring them to port 8080 on the VIP.


Anyway, here is a quick example of the first option.


class-map match-any VIP1

2 match virtual-address 1.1.1.1 tcp eq 8080

3 match virtual-address 1.1.1.1 tcp eq 443


class-map match-any VIP2

2 match virtual-address 1.1.1.1 tcp eq 80


policy-map type loadbalance first-match VIP1-POLICY

  class class-default

   serverfarm A


policy-map type loadbalance first-match VIP2-POLICY

class class-default

  serverfarm A-80to8080


policy-map multi-match INTERFACE-LB-POLICY

class VIP1

  loadbalance vip inservice

  loadbalance policy VIP1-POLICY

class VIP2

  loadbalance vip inservice

  loadbalance policy VIP2-POLICY



Hope this helps!


Matt

Correct Answer by Daniel Arrondo Ostiz about 5 years 6 months ago

Hi Joao,


You should configure two separate VIPs. One for port 80 doing the redirection and one for port 8080 load-balancing the traffic.


Regards


Daniel

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Daniel Arrondo Ostiz Thu, 02/16/2012 - 06:28
User Badges:
  • Cisco Employee,

Hi Joao,


You should configure two separate VIPs. One for port 80 doing the redirection and one for port 8080 load-balancing the traffic.


Regards


Daniel

Correct Answer
mgalazka Thu, 02/16/2012 - 06:52
User Badges:
  • Bronze, 100 points or more

Hi Joao,


You could try to accomplish this by doing something like the below config?  Basically create two different LB policies - one for straight through, one for PAT. 


Alternatively, if you are OK with a non-transparent redirect, you could create a rserver type redirect to handle the port 80 to 8080 redirect.  This would throw a 302 redirect at the user's browser, thus immediately transferring them to port 8080 on the VIP.


Anyway, here is a quick example of the first option.


class-map match-any VIP1

2 match virtual-address 1.1.1.1 tcp eq 8080

3 match virtual-address 1.1.1.1 tcp eq 443


class-map match-any VIP2

2 match virtual-address 1.1.1.1 tcp eq 80


policy-map type loadbalance first-match VIP1-POLICY

  class class-default

   serverfarm A


policy-map type loadbalance first-match VIP2-POLICY

class class-default

  serverfarm A-80to8080


policy-map multi-match INTERFACE-LB-POLICY

class VIP1

  loadbalance vip inservice

  loadbalance policy VIP1-POLICY

class VIP2

  loadbalance vip inservice

  loadbalance policy VIP2-POLICY



Hope this helps!


Matt

jcarvalh Thu, 02/16/2012 - 07:10
User Badges:

Hello.

Thanks for your replies but I tried something diferent and it works.

I have made the following config:


class-map type http loadbalance match-any HTTP
  match http header Host header-value .*


policy-map type loadbalance first-match A-SF
  class HTTP
    serverfarm A-80to8080
  class class-default
    serverfarm A

In this way all http traffic is redirected to 8080; since ACE is making an inspection to the packet it will redirect all HTTP traffic regardless of the destination port (in my case the firewall is only allowing http, https and 8080 so no one will notice this)


Once again thanks for your replies.

Joao

Actions

This Discussion