Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1916
Views
0
Helpful
3
Replies

ACE redirect from port 80 to port 8080

Go to solution
jcarvalh
Level 1
Level 1

‎02-16-2012 05:02 AM

Hello.

In ACE module I am trying to redirect traffic (80 to 8080). The thing is that my VIP receives traffic in port 80, 8080 and 443 and I want to redirect only http traffic.

I have tried the following config:

access-list http extended permit tcp any any eq www

serverfarm host A

  rserver 10.0.0.1

   inservice

  rserver 10.0.0.2

   inservice

serverfarm host A-80to8080

  rserver 10.0.0.1 8080

   inservice

  rserver 10.0.0.2 8080

   inservice

class-map match-any VIP

100 match virtual-address 1.1.1.1 any

class HTTP

  10 match access-list http

policy-map type loadbalance first-match A

  class HTTP

   serverfam A-80to8080

  class class-default

    serverfarm A

The thing is that the class HTTP is not acepted. Does anyone know if it is possible to loadbalance traffic based on an ACL? I have also tried port numbers on class HTTP and it didn´t worked also.

Best regards,

Joao Carvalho

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎02-16-2012 06:28 AM

Hi Joao,

You should configure two separate VIPs. One for port 80 doing the redirection and one for port 8080 load-balancing the traffic.

Regards

Daniel

View solution in original post

0 Helpful

Go to solution
mgalazka
Level 1
Level 1

‎02-16-2012 06:52 AM

Hi Joao,

You could try to accomplish this by doing something like the below config?  Basically create two different LB policies - one for straight through, one for PAT. 

Alternatively, if you are OK with a non-transparent redirect, you could create a rserver type redirect to handle the port 80 to 8080 redirect.  This would throw a 302 redirect at the user's browser, thus immediately transferring them to port 8080 on the VIP.

Anyway, here is a quick example of the first option.

class-map match-any VIP1
 2 match virtual-address 1.1.1.1 tcp eq 8080
 3 match virtual-address 1.1.1.1 tcp eq 443
 class-map match-any VIP2
 2 match virtual-address 1.1.1.1 tcp eq 80
 policy-map type loadbalance first-match VIP1-POLICY
  class class-default
   serverfarm A
policy-map type loadbalance first-match VIP2-POLICY
 class class-default
  serverfarm A-80to8080
policy-map multi-match INTERFACE-LB-POLICY
 class VIP1
  loadbalance vip inservice
  loadbalance policy VIP1-POLICY
 class VIP2
  loadbalance vip inservice
  loadbalance policy VIP2-POLICY

Hope this helps!

Matt

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎02-16-2012 06:28 AM

Hi Joao,

You should configure two separate VIPs. One for port 80 doing the redirection and one for port 8080 load-balancing the traffic.

Regards

Daniel

0 Helpful

Go to solution
mgalazka
Level 1
Level 1

‎02-16-2012 06:52 AM

Hi Joao,

You could try to accomplish this by doing something like the below config?  Basically create two different LB policies - one for straight through, one for PAT. 

Alternatively, if you are OK with a non-transparent redirect, you could create a rserver type redirect to handle the port 80 to 8080 redirect.  This would throw a 302 redirect at the user's browser, thus immediately transferring them to port 8080 on the VIP.

Anyway, here is a quick example of the first option.

class-map match-any VIP1
 2 match virtual-address 1.1.1.1 tcp eq 8080
 3 match virtual-address 1.1.1.1 tcp eq 443
 class-map match-any VIP2
 2 match virtual-address 1.1.1.1 tcp eq 80
 policy-map type loadbalance first-match VIP1-POLICY
  class class-default
   serverfarm A
policy-map type loadbalance first-match VIP2-POLICY
 class class-default
  serverfarm A-80to8080
policy-map multi-match INTERFACE-LB-POLICY
 class VIP1
  loadbalance vip inservice
  loadbalance policy VIP1-POLICY
 class VIP2
  loadbalance vip inservice
  loadbalance policy VIP2-POLICY

Hope this helps!

Matt

0 Helpful

Go to solution
jcarvalh
Level 1
Level 1
In response to mgalazka

‎02-16-2012 07:10 AM

Hello.

Thanks for your replies but I tried something diferent and it works.

I have made the following config:

class-map type http loadbalance match-any HTTP
  match http header Host header-value .*


policy-map type loadbalance first-match A-SF
  class HTTP
    serverfarm A-80to8080
  class class-default
    serverfarm A

In this way all http traffic is redirected to 8080; since ACE is making an inspection to the packet it will redirect all HTTP traffic regardless of the destination port (in my case the firewall is only allowing http, https and 8080 so no one will notice this)

Once again thanks for your replies.

Joao

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents