ACE Load Balancer: Configure the Load-Balancing Service

There are quite a few ways to structure the configuration of the Load Balancing Service on a Cisco ACE device, or a Load Balancer (LB). The official Cisco documentation can be a bit overwhelming, as you can see here. Heres the approach that I´ve always found simple to understand.Step 1
Define the REAL SERVERS (rservers or physical servers) that will participate the Load-Balancing process. The number of Real Servers (rservers) within the Server Farm can vary, where 1 server would logically be the minimum, and the maximum depend on the Balancer model. In this example two Real Servers are configured, with names SERVERCISQUEROS03 and SERVERCISQUEROS04, and the respective IP Addresses 10.187.4.42 and 10.187.4.43.

Define the ratio between the Real Servers in the farm using the "weight X" command. In this case the value X will be 1, so the load will be equally ballanced between the two servers.

From the Global Configuration mode:

 rserver host SERVERCISQUEROS03
 ip address 10.187.4.42
 weight 1
 inservice


 rserver host SERVERCISQUEROS04
 ip address 10.187.4.43
 weight 1
 inservice


Step 2
Define the PROBE. The Probe helps the balancer verify that the Real Servers are available, and providing the Service that we are trying to establish using the exact physical PORT (9080 in this case).

The probe can be TCP, Http, Https... Be careful here! This defines the connection between your ACE and the Real Servers, not between the Client and the Real Server, so make sure how your servers are configured.

In this example I did the http probe that uses the GET method, and goes for /Index.html on the server.

 probe http web_cisqueros.blogspot.com
  port 9080
  interval 30
  faildetect 2
  request method get url /index.html
  expect status 200 200

Other attributes I used in the configuration:

interval 30 #Probe gets launched against the server every 30 seconds faildetect 2 #If the probe fails to get the response from the server twice, it changes the state to "FAILED"expect status 200 200 #Status the probe expects from the Real Server (2xx codes indicate success)


Step 3

Define the SERVER FARM that will inter-connect the two connected Real Servers with the configured Probe. Put both of the configured rservers "in service".

serverfarm host SRV_cisqueros.blogspot.com
 description *** Cisqueros Server Farm ***
 predictor roundrobin
 probe web_cisqueros.blogspot.com
 rserver SERVERCISQUEROS03 9080
  inservice
 rserver SERVERCISQUEROS04 9080
  inservice


Step 4

Define the Layer 7 Policy Map to specify the match criteria and action, and relate it to your Server Farm.

 policy-map type loadbalance first-match PM-VIP-cisqueros.blogspot.com
  class class-default
   serverfarm SRV_cisqueros.blogspot.com


Step 5

Define the Layer L3-L4 Class Map to specify the LB match criteria applied to input traffic. Be sure to know the Load Balancing Service VIP (Virtual IP) address beforehand.

 class-map match-all VIP-cisqueros.blogspot.com
  2 match virtual-address 10.187.4.111 tcp eq 9080


*The number "2" is due to the configuration Best-Practice, its a rule sequence number and this way we can modify the Class Map later adding the 1st rule

Step 6

Define, or use the already existing L3-L4 Policy Map that you are using for the other Balanced Services. Within it define the Class Map for this particular Load Balancing Service, and connect it to the already configured Layer 7 Policy Map.

 policy-map multi-match PM-VIP
  class VIP-cisqueros.blogspot.com
   loadbalance vip inservice
   loadbalance policy PM-VIP-cisqueros.blogspot.com
   loadbalance vip icmp-reply active


Some commands to check the validity of the configured Server Farm and Probe:

 #show probe web_cisqueros.blogspot.com [details]
 #show serverfarm SRV_cisqueros.blogspot.com


ACE Load Balancer: Redirection - HTTP to HTTP/HTTPS

In this document I´ll explain how to filter the http protocol on a Cisco ACE Load Balancer, and how to redirect the filtered http traffic to another URL. This concept is widely used for http-to-https redirection.


Step 1 Create the redirection rserver

rserver redirect REDIRECT-HTTP-APP
  webhost-redirection url_redirect HTTP_CODE
  inservice


The url_ url_redirect is the URL where the traffic will be redirected to, and the HTTP_CODE is the code of redirection (normaly it will be 301 or 302).
If we wish the URL to stay the same, as is normally the case of redirection to Https, we will use the %h%p instead of the URL.

%h stands for Hostname. If you have only %h then http://cisqueros.blogspot.com/mat.html will redirect you to https://cisqueros.blogspot.com

%p stands for Path

301 redirects are permanent. They mean that the page has moved, and they request any search engine or user agent coming to the page to update the URL in their database. This is the most common type of redirect that people should use.

302 - temporary redirect

You can read about these redirects here.

Step 2 Create the Server Farm that will contain the redirection rserver

serverfarm redirect SRV-REDIRECT-HTTP-APP
  rserver REDIRECT-HTTP-APP
    inservice



Step 3 Create the class-map

class-map match-all VIP-APP-REDIRECT
2 match virtual-address X.X.X.X tcp eq www


Where the X.X.X.X is the Virtual IP


Step 4 Create the policy-map, and correlate it to the previously configured Server Farm

policy-map type loadbalance first-match PM-VIP-APP-REDIRECT
  class class-default 
      serverfarm SRV-REDIRECT-HTTP-APP



Step 5 Apply the configuration to the Layer3-4 existing policy map

policy-map multi-match PM-VIP
  class VIP-APP-REDIRECT
    loadbalance vip inservice
    loadbalance policy PM-VIP-APP-REDIRECT
    loadbalance vip icmp-reply active

Most Popular Posts