×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

CSM Policy Question

Unanswered Question
Sep 21st, 2005
User Badges:

Is it possible to create an slb policy using a single SSL Virtual Server that will redirect based on url, to a different port on the serverfarm. I've got a virtual server configured now without policies listening on port 443, which flows to a serverfarm that is running IIS, it works fine. Could I create a policy based on a url map that would redirect traffic to a different ssl port on the serverfarm. In other words the IIS server would be configured to listen on port 443 for one web site, and 444 on the other. Clients accessing the site would only see the standard HTTPS server. For example clients accessing https:\\xyz.com would be forwarded to port 443, clients accessing https:\\abc.com would be forwarded to port 444, again using the same serverfarm. I'm pretty sure I can make this work by multi-homing the web servers and creating two different serverfarms, but I was wondering if I could do this just using an slb-policy and associated url map.


Thanks.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Gilles Dufour Wed, 09/21/2005 - 22:24
User Badges:
  • Cisco Employee,

First, there is no way to change the destination port with a policy. The only way is by creating serverfarm with the appropriate port.


Then, since your traffic is encrypted, the CSM [or any other device] is not able to see the content of the traffic and therefore is not able to see the url.

Thus, a url-map is never possible on HTTPS traffic.


So, you need to create 2 different serverfarm, one for port 443 and another one for port 444 and then you need 2 vserver using 2 different ip addresses - one for each website.


Regards,


Gilles.

Thanks for rating this answer.

Christopher Ursich Tue, 02/14/2006 - 08:54
User Badges:

Giles,


How do you "create a serverfarm with the appropriate port?" It seems like this should be easy, but I haven't been able to find it in the docs or in NetPro.


In general, if I have an application that is publicized as reachable at destination port X, but in actuality the server daemons run on port Y, how do I have the CSM simply redirect the connection at layer 4? I understand that the CSM can facilitate an HTTP redirection at layer 7, but suppose the service is not HTTP. In reality, I *am* trying to redirect connections destined to port 80 to port 7778, but I want to do it "silently" at layer 4, rather than by employing HTTP Redirect. (I suspect redirects would mess up the application.)


So far I have:



!

natpool FOO_CLIENT a.b.c.13 a.b.c.13 netmask 255.255.252.0

!

serverfarm SF_FOO_TCP7778

nat server

nat client FOO_CLIENT

real name F1

inservice

real name F2

inservice

!

vserver VS_FOO_TCP80

virtual a.b.c.55 tcp 80

serverfarm SF_FOO_TCP7778

persistent rebalance

inservice



Thanks very much.


Christopher Ursich


Gilles Dufour Wed, 02/15/2006 - 00:54
User Badges:
  • Cisco Employee,

gdufour-cat6k-2(config-module-csm)#serverfarm test

gdufour-cat6k-2(config-slb-sfarm)#real name l1 ?

<1-65535> port translation for this server

local exists on local VLAN


gdufour-cat6k-2(config-slb-sfarm)#real name l1 8080


You specify the server port after the ip address or the name as indicated above.


Gilles.

Actions

This Discussion