Basically I want to do PAT to multiple ports on a single server. The problem that I am seeing is that regular IP load-balancing is not forwarding http requests to specific directories. We can overcome this with a redirect to the appropriate directory but the IP and port is not being masked.
So the vip is X.X.X.1:15000 and we are trying to load-balance to X.X.X.2 on ports 80 81 82 to a directory X.X.X.2/TEST. How can I NAT and load-balance to multiple ports while masking the rserver IP address?
I have seen multiple examples, but nothing with this combination.
If I put:
rserver host TEST1
ip address X.X.X.2 80
rserver host TEST2
ip address X.X.X.2 81
rserver host TEST3
ip address X.X.X.2 82
The traffic is load-balanced and nat'd, but the directories are not reachable. If I do the redirect, the destination IP and port are not masked.
Is this correct?
If so, then you would configure a redirect that would have the ACE redirect the client to come back to the same VIP but with the /test at the end of their URL. Now the ACE will load balance the connection to the rserver on one of the ports configure, perform NAT, and the client's request will have the /test at the end of the URL.
Is this what you're looking for?
More or less. The problem is that when I do the redirect the %h doesn't seem to work? Or I am not understanding how to implement it. We are currently working with IPs and not FQDNs.
So how do I apply the redirect and still load-balance to the same IP port 80 81 and 82 while masking the destination? Do you have some sample code?
I'm not sure I understand what you mean by "masking the destination". Below is a sample config that will take a request from a client for http://10.10.10.100/ and redirect the client to connect to http://10.10.10.100/test/ After the client connects to the new URL on the same VIP and port, the ACE will load balance the client to the rserver on one of the three configured ports and to the /test URL. It will also perform source NAT on the one-armed config.
rserver redirect REDIRECT-TO-TEST-DIR
webhost-redirection http://10.10.10.100/test/ 301
rserver host SERVER_01
ip address 10.10.10.20
serverfarm redirect REDIRECT-SERVERFARM
serverfarm host REAL_SERVERS
rserver SERVER_01 80
rserver SERVER_01 81
rserver SERVER_01 82
class-map match-all HTTP-VIP
2 match virtual-address 10.10.10.100 tcp eq http
class-map type http loadbalance match-any ROOT
2 match http url /
policy-map type loadbalance first-match SLB-LOGIC
policy-map multi-match WEB-TRAFFIC
loadbalance vip inservice
loadbalance policy SLB-LOGIC
loadbalance vip icmp-reply active
nat dynamic 1 vlan 10
interface vlan 10
description Servers vlan
ip address 10.10.10.2 255.255.255.0
access-group input ANYONE
service-policy input WEB-TRAFFIC
nat-pool 1 10.10.10.10 10.10.10.10 netmask 255.255.255.0 pat
ip route 0.0.0.0 0.0.0.0 10.10.10.1
Does this help?
I think this is what I was looking for, this seems to tie everything together. I will do some testing today and see how it works out? We have 1 6.3a is that a problem?
I would highly encourage you to upgrade to A2(3.1) before you get started. The code you are on is very old and many, many bugs have been fixed since then. We have also added a lot of popular features since then..
would X.X.X.X/test work the same as well? I can't figure out why it's not working, must be the code and not the configs What if the server is doing the redirecting? Should that matter?
So with the example I gave it would work like this:
If you wanted, you could change the string '10.10.10.100' in the relocation string to www.example.com, as long as www.example.com will resolve to the VIP. Or, as long as DNS will resolve www.example.com to the VIP, then you could change the host from 10.10.10.100 to %h in the relocation string. In that case, it would be http://%h/test/
It is fine if the server is sending a redirect, as long as the host in the redirect Location header is either the VIP or an FQDN that resolves to the VIP.
Hope this helps,