cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2592
Views
0
Helpful
3
Replies

ACE-Single VIP-Multiple URL-Multiple ServerFarm

michaelcoffey
Level 1
Level 1

Hi Everyone,

I am trying to put together a configuration that has multiple requirements that are all dependant so I wanted to post in a single discussion.  Please see the parameters below:

1. ACE 4710 placed in DMZ in one-armed mode

2. Use only 2 VIPS (1 for HTTP traffic and 1 HTTPS traffic)

3. Multiple URLs for each VIP. Each URL makes use of sub-domains (ex. "subdomain1.domain.com" , "subdomain2.domain.com")

4. Match on the hostheader and send to a corresponding serverfarm. (each URL has seperate serverfarm).

5. SSL off-load. All Secure URL's share a single wild-card certificate.

6. Any connections to Secure URL's that connect using HTTP need to be redirected to HTTPS and then load-balanced. I would like to have a single redirect serverfarm that will take the path and url that is sent,whichever that may be, and redirect it to HTTPS.

So here are my questions:

1. One of the URL's being matched is for Exchange 2010 (OWA and ActiveSync).  Since all services will be directed at the same serverfarm I believe that matching on the sub-domain (host header) will be sufficient for both services but I would like some confirmation.

2. I would like to confirm that the composition of my class-maps and subsequent policy-maps will meet the requirements listed above.

3. I would like any suggestions on how I may make this configuration more efficient.

I have attached a scrubbed copy of my configuration, any suggestions would be greatly appreciated!!!

1 Accepted Solution

Accepted Solutions

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi Michael,

One of the URL's being matched is for Exchange 2010 (OWA and ActiveSync).  Since all services will be directed at the same serverfarm I believe that matching on the sub-domain (host header) will be sufficient for both services but I would like some confirmation

The ACE performs regular expression matching against the received packet data and hence you can use a single expression like \.mvnu\.edu and that should match msmail\.mvnu\.edu", ihelp\.mvnu\.edu and ishare\.mvnu\.edu and since all of them need to go to same serverfarm there is no need to define three different server farms under policy map.

2. I would like to confirm that the composition of my class-maps and subsequent policy-maps will meet the requirements listed above.

The config looks fine but you can make it more stream line by using one regex which will match all host header information and since it needs to go one serverfarm only, it is not required to have three different server farms unless needed of course. Pardon if i haven't  understood your requirment correctly.

3. I would like any suggestions on how I may make this configuration more efficient.

It should be there in answer 1:)

Please feel free to discuss if there is something which is not what you were looking for.

Regards,

Kanwal

View solution in original post

3 Replies 3

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi Michael,

One of the URL's being matched is for Exchange 2010 (OWA and ActiveSync).  Since all services will be directed at the same serverfarm I believe that matching on the sub-domain (host header) will be sufficient for both services but I would like some confirmation

The ACE performs regular expression matching against the received packet data and hence you can use a single expression like \.mvnu\.edu and that should match msmail\.mvnu\.edu", ihelp\.mvnu\.edu and ishare\.mvnu\.edu and since all of them need to go to same serverfarm there is no need to define three different server farms under policy map.

2. I would like to confirm that the composition of my class-maps and subsequent policy-maps will meet the requirements listed above.

The config looks fine but you can make it more stream line by using one regex which will match all host header information and since it needs to go one serverfarm only, it is not required to have three different server farms unless needed of course. Pardon if i haven't  understood your requirment correctly.

3. I would like any suggestions on how I may make this configuration more efficient.

It should be there in answer 1:)

Please feel free to discuss if there is something which is not what you were looking for.

Regards,

Kanwal

Thanks for the quick response Kanwaljeet!  I want to clarify that the URL's need to seperate server farms and that is the reason that there are three serverfarms and seperate class-maps to match each URL.

Hi Michael,

In that your configuration is good.

Regards,

Kanwal

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: