Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE - Class-maps

I want to load balance traffic to a VIP based on client source address. Here is what I had in mind:

access-list special-25 extended permit tcp host 10.20.138.18 host 10.20.96.19 eq 25

access-list special-25 extended permit tcp host 10.20.138.30 host 10.20.96.19 eq 25

access-list special-25 extended permit tcp host 10.20.138.40 host 10.20.96.19 eq 25

access-list special-25 extended permit tcp host 10.20.254.88 host 10.20.96.19 eq 25

access-list internal-25 extended permit tcp 10.20.0.0 0.0.255.255 host 10.20.96.19 eq 25

access-list internet-25 extended permit tcp any host 10.20.96.19 eq 25

class-map match-any INTERNET-MAIL

2 match access-list internet-25

class-map match-any INTERNAL-MAIL

2 match access-list internal-25

class-map match-any SPECIAL-MAIL

2 match access-list special-25

class-map match-all VIP-MAILGATE-25

description MAILGATE INTERNAL 25

2 match virtual-address 10.20.96.19 tcp eq 25

serverfarm host mailgate-zero

description INTERNET MAIL

failaction purge

rserver mailgate-1

rserver mailgate-2

rserver mailgate-3

rserver mailgate-4

serverfarm host mailgate-one

description INTERNAL MAIL

failaction purge

rserver mailgate-5

rserver mailgate-6

serverfarm host mailgate-two

description I DON'T KNOW MAIL

failaction purge

rserver mailgate-8

policy-map type loadbalance first-match MAILGATE-POLICY

class SPECIAL-MAIL

serverfarm mailgate-two

class INTERNAL-MAIL

serverfarm mailgate-one

class INTERNET-MAIL

serverfarm mailgate-zero

policy-map multi-match CLIENT-VIPS

class VIP-MAILGATE-25

loadbalance vip inservice

loadbalance policy MAILGATE-POLICY

loadbalance vip icmp-reply active

The problem with this design is the policy-map MAILGATE-POLICY won't accept anything but the "class-default".

Any ideas how can I make this work?

Thanks,

Milo

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACE - Class-maps

Milo,

you need to create a class-map of type http.

Sounds weird but this is the way to do it.

You can then match using a 'match source-address' command.

You can't specify the destination with an acl, but this traffic would normal hit a vip anyway this will set the destination.

Gilles.

2 REPLIES
Cisco Employee

Re: ACE - Class-maps

Milo,

you need to create a class-map of type http.

Sounds weird but this is the way to do it.

You can then match using a 'match source-address' command.

You can't specify the destination with an acl, but this traffic would normal hit a vip anyway this will set the destination.

Gilles.

New Member

Re: ACE - Class-maps

Gilles,

You're right, it does sound weird. However, it appears to work (the commands weren't rejected anyway). Now as soon as I get time on the real servers I test it out. Here's my modified config with your suggestion:

class-map type http loadbalance match-all INTERNAL-MAIL-TEST

10 match source-address 10.20.0.0 0.0.255.255

class-map type http loadbalance match-any SPECIAL-MAIL-TEST

10 match source-address 10.20.138.18 255.255.255.255

15 match source-address 10.20.138.30 255.255.255.255

20 match source-address 10.20.138.40 255.255.255.255

25 match source-address 10.20.254.88 255.255.255.255

class-map match-all VIP-MAILGATE-TEST-25

description MAILGATE-TEST.NAU.EDU SMTP MAIL

2 match virtual-address 10.20.96.36 tcp eq smtp

policy-map type loadbalance first-match MAILGATE-POLICY-TEST

class SPECIAL-MAIL-TEST

serverfarm mailgate-two-test

class INTERNAL-MAIL-TEST

serverfarm mailgate-one-test

class class-default

serverfarm mailgate-zero-test

policy-map multi-match CLIENT-VIPS

class VIP-MAILGATE-TEST-25

loadbalance vip inservice

loadbalance policy MAILGATE-POLICY-TEST

loadbalance vip icmp-reply active

Thank you!

Milo

163
Views
0
Helpful
2
Replies