Cisco Support Community
Community Member


Hi Folks, 

I have a layer 7 policy at Cisco ACE 4710 working in that scenario:


1 - One VIP address used for 5 websites, responding in DNS to the same VIP address;

2 - 5 class-map type http, matching the host header for each web site;

3 - One Policy Map type http configured, matching 5 class-maps and 5 serverfarms, one for each website.


This layer 7 policy is working fine for 4 websites, but one in particular is not working. Using wireshark, I can see that for this particular site is requesting not just the, but also some / atributes, like and something else.

I was checking with Web guys and this behavior is expected from the application view, since the web page is requesting all images and directories to mount all content.


Class Map example, matching the host header of htttp:

class-map type http loadbalance match-all L7-SITE-5
  2 match http header Host header-value ""

Also, I was trying to match class map using complete url, but no success.

Basically, seems to be that ACE needs to understand that command, needs to hit the class map created and sends traffic to the serverfarm.

I am trying, but its comming a challenge...



Cisco Employee

Hi Luiz,As long as the http

Hi Luiz,

As long as the http header "host" value is, it will match the class-map condition and it will be loadbalanced to the serverfarm. What user requests in the URL doesn't matter. That is for the server to serve. Do you see the host header and value "" in the wireshark and still that packet is not loadbalanced to appropriate serverfarm?



Note: Please mark answers if they are helpful.



Community Member

Hi Kanwal, Thanks a lot, but

Hi Kanwal, 

Thanks a lot, but checking at wireshark capture, seems to be that the packet is trying to reach real servers and ACE is sending to the host a connection reset.


When we removed the layer 7 policy and change that to layer 4 policy, the web page is working properly.


Is there any situation that Cisco ACE, using layer 7 policy, is trying to inject something at HTTP packet ?

Cisco Employee

Hi,Unless ACE is configured


Unless ACE is configured for inserting or modifying anything, it will not touch anything. In L7 loadbalancing, ACE just needs to wait for the HTTP GET and once it sees what it is configured for, it will take the loadbalancing decision and open a new connection at the backend.

Can you send me the pcaps you have taken and mention where were they taken and what is the client IP and server IP and VIP in question?



Note: Please mark answers if they are helpful.

CreatePlease to create content