Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACE redirect from port 80 to port 8080

Hello.

In ACE module I am trying to redirect traffic (80 to 8080). The thing is that my VIP receives traffic in port 80, 8080 and 443 and I want to redirect only http traffic.

I have tried the following config:

access-list http extended permit tcp any any eq www

serverfarm host A

  rserver 10.0.0.1

   inservice

  rserver 10.0.0.2

   inservice

serverfarm host A-80to8080

  rserver 10.0.0.1 8080

   inservice

  rserver 10.0.0.2 8080

   inservice

class-map match-any VIP

100 match virtual-address 1.1.1.1 any

class HTTP

  10 match access-list http

policy-map type loadbalance first-match A

  class HTTP

   serverfam A-80to8080

  class class-default

    serverfarm A

The thing is that the class HTTP is not acepted. Does anyone know if it is possible to loadbalance traffic based on an ACL? I have also tried port numbers on class HTTP and it didn´t worked also.

Best regards,

Joao Carvalho

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

ACE redirect from port 80 to port 8080

Hi Joao,

You should configure two separate VIPs. One for port 80 doing the redirection and one for port 8080 load-balancing the traffic.

Regards

Daniel

Bronze

Re: ACE redirect from port 80 to port 8080

Hi Joao,

You could try to accomplish this by doing something like the below config?  Basically create two different LB policies - one for straight through, one for PAT. 

Alternatively, if you are OK with a non-transparent redirect, you could create a rserver type redirect to handle the port 80 to 8080 redirect.  This would throw a 302 redirect at the user's browser, thus immediately transferring them to port 8080 on the VIP.

Anyway, here is a quick example of the first option.

class-map match-any VIP1

2 match virtual-address 1.1.1.1 tcp eq 8080

3 match virtual-address 1.1.1.1 tcp eq 443

class-map match-any VIP2

2 match virtual-address 1.1.1.1 tcp eq 80

policy-map type loadbalance first-match VIP1-POLICY

  class class-default

   serverfarm A

policy-map type loadbalance first-match VIP2-POLICY

class class-default

  serverfarm A-80to8080

policy-map multi-match INTERFACE-LB-POLICY

class VIP1

  loadbalance vip inservice

  loadbalance policy VIP1-POLICY

class VIP2

  loadbalance vip inservice

  loadbalance policy VIP2-POLICY

Hope this helps!

Matt

3 REPLIES
Cisco Employee

ACE redirect from port 80 to port 8080

Hi Joao,

You should configure two separate VIPs. One for port 80 doing the redirection and one for port 8080 load-balancing the traffic.

Regards

Daniel

Bronze

Re: ACE redirect from port 80 to port 8080

Hi Joao,

You could try to accomplish this by doing something like the below config?  Basically create two different LB policies - one for straight through, one for PAT. 

Alternatively, if you are OK with a non-transparent redirect, you could create a rserver type redirect to handle the port 80 to 8080 redirect.  This would throw a 302 redirect at the user's browser, thus immediately transferring them to port 8080 on the VIP.

Anyway, here is a quick example of the first option.

class-map match-any VIP1

2 match virtual-address 1.1.1.1 tcp eq 8080

3 match virtual-address 1.1.1.1 tcp eq 443

class-map match-any VIP2

2 match virtual-address 1.1.1.1 tcp eq 80

policy-map type loadbalance first-match VIP1-POLICY

  class class-default

   serverfarm A

policy-map type loadbalance first-match VIP2-POLICY

class class-default

  serverfarm A-80to8080

policy-map multi-match INTERFACE-LB-POLICY

class VIP1

  loadbalance vip inservice

  loadbalance policy VIP1-POLICY

class VIP2

  loadbalance vip inservice

  loadbalance policy VIP2-POLICY

Hope this helps!

Matt

Community Member

ACE redirect from port 80 to port 8080

Hello.

Thanks for your replies but I tried something diferent and it works.

I have made the following config:

class-map type http loadbalance match-any HTTP
  match http header Host header-value .*


policy-map type loadbalance first-match A-SF
  class HTTP
    serverfarm A-80to8080
  class class-default
    serverfarm A

In this way all http traffic is redirected to 8080; since ACE is making an inspection to the packet it will redirect all HTTP traffic regardless of the destination port (in my case the firewall is only allowing http, https and 8080 so no one will notice this)

Once again thanks for your replies.

Joao

1432
Views
0
Helpful
3
Replies
CreatePlease to create content