10-21-2013 07:32 AM
Hi There,
I'm new to this forum and have a question regarding ACE Loadbalancing based on Source-IP.
The customer wants there internal client having full access to the VIP, while clients from Extranet should be limited/redirected to a special URL.
Both (internal/Extranet) should use the same VIP and the same realservers (costs). So far I have only seen configuration examples where based on source-ip, requests were send to different serverfarm with different realservers.
Could I rewrite the URL based on source address as well?
Thanks in advance,
Anke
10-21-2013 08:56 AM
Hi Anke,
This is doable with your ACE but depends on how the restricted URL looks like, for the intenal clients we just need to "filter" their access by adding the internal subnets on an ACL fashion.
This is an example I came up with, give it a try and if you have any questions let us know
rserver redirect External-Redirect
webhost-redirection http://%h/external/ 301
inservice
serverfarm redirect External-Redirect
rserver External-Redirect
inservice
serverfarm host HTTP
rserver Web-1
inservice
rserver Web-2
inservice
class-map type http loadbalance match-any Internal
10 match source-address 192.168.10.0 255.255.255.0
11 match source-address 192.168.20.0 255.255.255.0
12 match source-address 192.168.30.0 255.255.255.0
class-map type http loadbalance match-any Restricted
2 match http url http://myvip.com/external/.*
class-map match-any My-VIP
2 match virtual-address 10.10.10.1 tcp eq www
policy-map type loadbalance first-match LB
class Internal
serverfarm HTTP
class Restricted
serverfarm HTTP
class class-default
serverfarm External-Redirect
policy-map multi-match LB
class My-VIP
loadbalance vip inservice
loadbalance policy LB
loadbalance vip icmp-reply active
HTH
__ __
Pablo
10-21-2013 11:42 PM
Pablo,
thanks for the answer - it sounds exactly what I want do to. I will try and keep you informed!
Regards, Anke
10-24-2013 02:00 AM
Hi Pablo,
I tried to adopt your configuration, but get an redirection error (never ending redirection). Maybe I explained not detailed enough ... I want to have a class like your "Internal" - based on source IP. These clients should use rserver like your Web-1 and Web-2 in serverfarm HTTP, but restricted to only one subdomain. Alle other should use every subdomain possible. My class ist called Wiki_Extranet.
I tried the following, but it seems not completely work as I wanted:
rserver redirect Wiki_Extranet_Redirect
webhost-redirection http://7it.wiki.intra.de
inservice
serverfarm redirect Wiki_Extranet_Redirect
rserver Wiki_Extranet_Redirect
inservice
serverfarm host Wiki_SF
probe HTTP_Wiki
probe PING_Wiki
rserver Wiki1
inservice
rserver Wiki2
inservice
rserver Wiki3
inservice
sticky http-cookie JSESSIONID Wiki_http_stickgroup
replicate sticky
serverfarm Wiki_SF
class-map type http loadbalance match-any Wiki_Extranet
10 match source-address 10.127.31.68 255.255.255.255
class-map match-all VIP_Wiki_http
description filter http traffic
2 match virtual-address 10.37.13.10 tcp eq www
policy-map type loadbalance first-match LB_Wiki_http
class Wiki_Extranet
serverfarm Wiki_Extranet_Redirect
nat dynamic 401 vlan 401 serverfarm primary
class class-default
sticky-serverfarm Wiki_http_stickgroup
nat dynamic 401 vlan 401 serverfarm primary
policy-map multi-match Wiki_Balancing
class VIP_Wiki_http
loadbalance vip inservice
loadbalance policy LB_Wiki_http
loadbalance vip icmp-reply active
loadbalance vip advertise active
appl-parameter http advanced-options HTTP_Parameter
If you had time to have a look, would be so helpful.
Thank you - Anke
10-24-2013 07:47 AM
Hi,
According to your configuration src address 10.37.13.10 would be redirected. If you want it to be loadbalanced to servers then you should change the configuration under policy map type first match.
If i understood correctly you want src 10.37.13.10 to be load balanced to servers wiki1,2 &3. So the configuration should look this:
policy-map type loadbalance first-match LB_Wiki_http
class Wiki_Extranet
sticky-serverfarm Wiki_http_stickgroup
nat dynamic 401 vlan 401 serverfarm primary
class class-default
serverfarm Wiki_Extranet_Redirect
nat dynamic 401 vlan 401 serverfarm primary
Let me know if this helps.
Regards,
Kanwal
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: