Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
931
Views
0
Helpful
4
Replies

ACE: SourceIP-based Loadbalancing

Anke Lacy
Level 1
Level 1

‎10-21-2013 07:32 AM

Hi There,

I'm new to this forum and have a question regarding ACE Loadbalancing based on Source-IP.

The customer wants  there internal client having full access to the VIP, while clients from Extranet should be limited/redirected to a special URL.

Both (internal/Extranet) should use the same VIP and the same realservers (costs). So far I have only seen configuration examples where based on source-ip, requests were send to different serverfarm with different realservers.

Could I rewrite the URL based on source address as well?

Thanks in advance,

Anke

Labels:
0 Helpful
4 Replies 4

pablo.nxh
Level 3
Level 3

‎10-21-2013 08:56 AM

Hi Anke,

This is doable with your ACE but depends on how the restricted URL looks like, for the intenal clients we just need to "filter" their access by adding the internal subnets on an ACL fashion.

This is an example I came up with, give it a try and if you have any questions let us know

rserver redirect External-Redirect

webhost-redirection http://%h/external/ 301

inservice

serverfarm redirect External-Redirect

   rserver External-Redirect

     inservice

serverfarm host HTTP

  rserver Web-1

    inservice

  rserver Web-2

    inservice

class-map type http loadbalance match-any Internal

  10 match source-address 192.168.10.0 255.255.255.0

  11 match source-address 192.168.20.0 255.255.255.0

  12 match source-address 192.168.30.0 255.255.255.0

class-map type http loadbalance match-any Restricted

2 match http url http://myvip.com/external/.*

class-map match-any My-VIP

  2 match virtual-address 10.10.10.1 tcp eq www

policy-map type loadbalance first-match LB

  class Internal

    serverfarm HTTP

  class Restricted

    serverfarm HTTP

    class class-default

    serverfarm External-Redirect

policy-map multi-match LB

  class My-VIP

    loadbalance vip inservice

    loadbalance policy LB

    loadbalance vip icmp-reply active

HTH

__ __

Pablo

0 Helpful

Anke Lacy
Level 1
Level 1

‎10-21-2013 11:42 PM

Pablo,

thanks for the answer - it sounds exactly what I want do to. I will try and keep you informed!

Regards, Anke

0 Helpful

Anke Lacy
Level 1
Level 1
In response to Anke Lacy

‎10-24-2013 02:00 AM

Hi Pablo,

I tried to adopt your configuration, but get an redirection error (never ending redirection). Maybe I explained not detailed enough ... I want to have a class like your "Internal" - based on source IP. These clients should use rserver like your Web-1 and Web-2 in serverfarm HTTP, but restricted to only one subdomain. Alle other should use every subdomain possible. My class ist called Wiki_Extranet.

I tried the following, but it seems not completely work as I wanted:

rserver redirect Wiki_Extranet_Redirect

webhost-redirection http://7it.wiki.intra.de

inservice

serverfarm redirect Wiki_Extranet_Redirect

  rserver Wiki_Extranet_Redirect

    inservice

serverfarm host Wiki_SF

  probe HTTP_Wiki

  probe PING_Wiki

  rserver Wiki1

    inservice

  rserver Wiki2

    inservice

  rserver Wiki3

    inservice

sticky http-cookie JSESSIONID Wiki_http_stickgroup

  replicate sticky

  serverfarm Wiki_SF

class-map type http loadbalance match-any Wiki_Extranet

10 match source-address 10.127.31.68 255.255.255.255

class-map match-all VIP_Wiki_http

  description filter http traffic

  2 match virtual-address 10.37.13.10 tcp eq www

policy-map type loadbalance first-match LB_Wiki_http

  class Wiki_Extranet

    serverfarm Wiki_Extranet_Redirect

    nat dynamic 401 vlan 401 serverfarm primary

  class class-default

    sticky-serverfarm Wiki_http_stickgroup

    nat dynamic 401 vlan 401 serverfarm primary

policy-map multi-match Wiki_Balancing

  class VIP_Wiki_http

    loadbalance vip inservice

    loadbalance policy LB_Wiki_http

    loadbalance vip icmp-reply active

    loadbalance vip advertise active

    appl-parameter http advanced-options HTTP_Parameter

If you had time to have a look, would be so helpful.

Thank you - Anke

0 Helpful

Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to Anke Lacy

‎10-24-2013 07:47 AM

Hi,

According to your configuration src address 10.37.13.10 would be redirected. If you want it to be loadbalanced to servers then you should change the configuration under policy map type first match.

If i understood correctly you want src 10.37.13.10 to be load balanced to servers wiki1,2 &3. So the configuration should look this:

policy-map type loadbalance first-match LB_Wiki_http

class Wiki_Extranet

sticky-serverfarm Wiki_http_stickgroup

nat dynamic 401 vlan 401 serverfarm primary

class class-default

serverfarm Wiki_Extranet_Redirect

nat dynamic 401 vlan 401 serverfarm primary

Let me know if this helps.

Regards,

Kanwal

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents