Search This Blog

Saturday, April 14, 2012

Cisco ACE config for HTTP VIP








Consult Cisco manuals for specific commands explanation.

!-- testing specific web page for string "SUCCESS"
probe http probe-http
   request method get url /test.html
   expect regex SUCCESS
   interval 30
   passdetect interval 60
   open 1


rserver host http-server1
  ip address 10.0.1.11
  inservice
rserver host http-server2
  ip address 10.0.1.12
  inservice


serverfarm host http-farm
  probe probe-http
  rserver http-server1 80
    inservice
  rserver http-server2 80
    inservice
 


class-map match-all www.mycompany.com
  2 match virtual-address 55.55.55.55 tcp eq 80  ! This is ftp site IP


policy-map type loadbalance generic first-match lbmap-www.mycompany.com
  class class-default
    serverfarm http-farm
   


policy-map multi-match pmap-vlan100
  class www.mycompany.com
    loadbalance vip inservice
    loadbalance policy lbmap-www.mycompany.com
    loadbalance vip icmp-reply
   

access-list ALL line 10 extended permit ip any any

interface vlan 200
  description Web Servers Lan
  ip address 10.0.1.2 255.255.255.0
  peer ip address 10.0.1.3 255.255.255.0 
  alias 10.0.1.1 255.255.255.0            
  access-group input ALL
  no shutdown


interface vlan 100
  description OUTSIDE
  ip address 55.55.55.11 255.255.255.0
  alias 55.55.55.10 255.255.255.0
  peer ip address 55.55.55.12 255.255.255.0
  access-group input ALL
  service-policy input pmap-vl100
  no shutdown


  
Posted by at No comments:

Cisco ACE config for FTP load balancing with source NAT





This configuration handles both regular and passive ftp. Consult Cisco manuals for specific commands explanation.

!-- using dummy tcp probe for ftp server for simplicity.
probe tcp probe-tcp-21
  port 21
  interval 30
  passdetect interval 60
  connection term forced   !-- optional. Linux ftp server probe has issues if connection is not forced to close
  open 1


rserver host ftp-server1
  ip address 10.0.1.11
  inservice
rserver host ftp-server2
  ip address 10.0.1.12
  inservice


serverfarm host ftp-farm
  probe probe-tcp-21
  rserver ftp-server1 21
    inservice
  rserver ftp-server2 21
    inservice
 


class-map match-all ftp.mycompany.com
  2 match virtual-address 55.55.55.55 tcp eq ftp  ! This is ftp site IP


policy-map type loadbalance generic first-match lbmap-ftp.mycompany.com
  class class-default
    serverfarm ftp-farm
    nat dynamic 1 vlan 200 serverfarm primary


policy-map multi-match pmap-vlan100
  class ftp.mycompany.com
    loadbalance vip inservice
    loadbalance policy lbmap-ftp.mycompany.com
    loadbalance vip icmp-reply
    inspect ftp

access-list ALL line 10 extended permit ip any any

interface vlan 200
  description Web Servers Lan
  ip address 10.0.1.2 255.255.255.0
  peer ip address 10.0.1.3 255.255.255.0 
  alias 10.0.1.1 255.255.255.0            
  nat-pool 1 10.0.1.254 10.0.1.254 netmask 255.255.255.255 pat
  access-group input ALL
  no shutdown


interface vlan 100
  description OUTSIDE
  ip address 55.55.55.11 255.255.255.0
  alias 55.55.55.10 255.255.255.0
  peer ip address 55.55.55.12 255.255.255.0
  access-group input ALL
  service-policy input pmap-vl100
  no shutdown
Posted by at No comments:

Cisco ACE config for FTP load balancing



This configuration handles both regular and passive ftp. Consult Cisco manuals for specific commands explanation.

!-- using dummy tcp probe for ftp server for simplicity.
probe tcp probe-tcp-21
  port 21
  interval 30
  passdetect interval 60
  connection term forced   !-- optional
  open 1


rserver host ftp-server1
  ip address 10.0.1.11
  inservice
rserver host ftp-server2
  ip address 10.0.1.12
  inservice


serverfarm host ftp-farm
  probe probe-tcp-21
  rserver ftp-server1 21
    inservice
  rserver ftp-server2 21
    inservice
 


class-map match-all ftp.mycompany.com
  2 match virtual-address 55.55.55.55 tcp eq ftp  !-- This is ftp site IP


policy-map type loadbalance generic first-match lbmap-ftp.mycompany.com
  class class-default
    serverfarm ftp-farm


policy-map multi-match pmap-vlan100
  class ftp.mycompany.com
    loadbalance vip inservice
    loadbalance policy lbmap-ftp.mycompany.com
    loadbalance vip icmp-reply
    inspect ftp

access-list ALL line 10 extended permit ip any any

interface vlan 200
  description Web Servers Lan
  ip address 10.0.1.2 255.255.255.0
  peer ip address 10.0.1.3 255.255.255.0 
  alias 10.0.1.1 255.255.255.0           
  access-group input ALL
  no shutdown


interface vlan 100
  description OUTSIDE
  ip address 55.55.55.11 255.255.255.0
  alias 55.55.55.10 255.255.255.0
  peer ip address 55.55.55.12 255.255.255.0
  access-group input ALL
  service-policy input pmap-vl100
  no shutdown
Posted by at No comments:
Subscribe to: Comments (Atom)