CSS strange behaviour with SSL VIP and host headers inc a port
I had the below config in place so TCP 443 traffic terminated on 184.108.40.206 and unencrypted traffic was sent onto backend servers via a content rule setup to listen on TCP 80 for IP address 10.10.10.10.
If i used a browser and connected to the VIP 220.127.116.11:443 then all was good and everything worked as expected. However we have an application that specifies the port along with the host in the HTTP host header so rather than Host: 18.104.22.168 it would have Host: 22.214.171.124:443
For whatever reason when the host header has the port appended things brake and i'm not sure what the CSS does but the backend servers never receive any traffic. From the client end it seems to go through the client/server hello and at least sends the HTTPS request.
To fix this, i just changed the 10.10.10.10 to be 126.96.36.199 so the VIP was the same as the back-end content rule IP used with the cipher suite.
More out of curiosity than anything but is this a known bug or by design? I'm not sure why having the SSL VIP being different to the backend content rule IP would allow HTTP requests with just the host in the host header and not when there is a port appended ?
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...