Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 5
Registered: ‎09-02-2010

Need HELP - Content Switching and Track-Group

I have a configuration issues on a ServerIron 4G.

I am using track-group to keep my port 80 and 443 connections sent to the same real server.
I am trying to enable two features - client IP insertion and url switching.
I first tried client ip insertion using the following commands:
url-map u1
default 0
server virtual outside
port http url-map "u1"
port http url-switch
port http request-insert client-ip
This got the ip inserted, but track-group immediately quit working. So, I removed all the commands from the config.
Second, I tried adding csw to redirect a url to another server:
csw-rule "r1" url prefix "/apps/load.php"
!
csw-policy "p1"
match "r1" redirect "apps.example.com" "/apps/load.php"
!
server virtual outside x.x.x.x
port http csw-policy "p1"
port http csw
The redirect worked fine, but again track-group stopped working.
(the commands are in the config below except I removed "port http csw" to disable it for now).
How can I get client-ip insertion, url redirect, and track-group working together in my config?

!!!
ver 10.2.01bTI2
!
client-connection-limit max-conn1
max-conn default 50
!
!
server backup ethe 3 0012.f27c.ee10 vlan-id 2
!
!
server sticky-age 60
server source-nat
server source-standby-ip 10.0.0.1 255.255.0.0 0.0.0.0
server source-ip 10.0.0.2 255.255.0.0 0.0.0.0
server router-ports ethernet 1
server router-ports ethernet 2
!
context default
!
csw-rule "r1" url prefix "/apps/load.php"
!
csw-policy "p1"
match "r1" redirect "apps.example.com" "/apps/load.php"
!
!
server real server1a 10.0.0.100
source-nat
max-conn 1000
port http
port http max-conn 800
port http keepalive
port http url "GET /healthcheck/healthcheck.php"
port http content-match healthyck
port 5900
port ftp
port ssh
port ssl
port ssl keepalive
port ssl url "GET /healthcheck/healthcheck.php"
port ssl content-match healthyck
!
server real server2a 10.0.0.102
source-nat
max-conn 1000
port http
port http max-conn 800
port http keepalive
port http url "GET /healthcheck/healthcheck.php"
port http content-match healthyck
port ftp
port 5900
port ssh
port ssl
port ssl keepalive
port ssl url "GET /healthcheck/healthcheck.php"
port ssl content-match healthyck
!
server real server3a 10.0.0.104
source-nat
max-conn 1000
port http
port http max-conn 800
port http keepalive
port http url "GET /healthcheck/healthcheck.php"
port http content-match healthyck
port 5900
port ftp
port ssh
port ssl
port ssl keepalive
port ssl url "GET /healthcheck/healthcheck.php"
port ssl content-match healthyck
port 9898
port 9339
port 8443
port 8080
port 51180
port 5000
!
!
server virtual outside x.x.x.x
client-max-conn-limit max-conn1
port default disable
port http sticky concurrent
port http csw-policy "p1"
port ftp
port ssh sticky
port 5900 sticky
port ssl sticky
port 9898
port 9339
port 8443
port 8080
port 51180
port 5000
track-group http 443
bind http server1a http server2a http server3a http
bind ftp server1a ftp server2a ftp server3a ftp
bind ssh server1a ssh server2a ssh server3a ssh
bind 5900 server2a 5900 server1a 5900 server3a 5900
bind ssl server1a ssl server2a ssl server3a ssl
bind 9898 server3a 9898
bind 9339 server3a 9339
bind 8443 server3a 8443
bind 8080 server3a 8080
bind 51180 server3a 51180
bind 5000 server3a 5000
!
vlan 1 name DEFAULT-VLAN by port
no spanning-tree
!
vlan 2 name Bridge by port
untagged ethe 3
no spanning-tree
!
vlan 3 name Outside by port
untagged ethe 1
no spanning-tree
!
bp-ipc-logging-enable
http match-list healthyck
  default down
  up simple healthy
aaa authentication web-server default local
enable telnet authentication
enable telnet password 8 <removed>
enable super-user-password 8 <removed>
no enable aaa console
ip address x.x.x.x 255.255.255.248
ip default-gateway x.x.x.x
ip nat inside
ip nat inside source list 1 pool OutAdds overload
ip nat pool OutAdds x.x.x.x x.x.x.x netmask 255.255.255.248
ip dns server-address x.x.x.x x.x.x.x
ip policy 1 cache tcp 0 global
telnet server
username admin password 8 <removed>
snmp-server
!
interface ethernet 1
slb
!
interface ethernet 2
slb
!
interface ethernet 3
slb
!
interface ethernet 4
slb
no spanning-tree
!
access-list 1 permit 10.0.0.0 0.0.0.255
!
end

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Need HELP - Content Switching and Track-Group

Hi jonathan,

     This looks all good to me.  The only thing I can see is that you are only tracking one port (443)?  This command is used to track two or more ports normally - up to a max of 8 ports.

     Suggest adding a second port and retest (rememeber that all ports in a track group must be sticky).

Thanks

Michael.

Occasional Contributor
Posts: 5
Registered: ‎09-02-2010

Re: Need HELP - Content Switching and Track-Group

track-group http 443

Isnt this two ports (80 & 443)? The ports track together until I active the content switching.

Any other ideas?

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Need HELP - Content Switching and Track-Group

doh, you are correct, that is two ports sorry.

I did find this in the manual.

NOTE: You cannot enable URL switching and L7 content switching simultaneously on the same virtual server.

And this this bug

Module: WSM6, WSM7, WSM6-SSL, SI4G & SI4G-SSL

Symptom: A ServerIron configured with sticky and content switching (CSW) may create a sticky session with an incorrect group-id causing persistence to break.

Resolution: Fixed in Release 10.2.01h.

But there are LOTS of L7 fixes from the version you are running and few for track-group too.

I do think your config is correct, but I think you are hitting a bug.

The latest version is on the 10.2.01 is 10.2.01v - you are running 10.2.01b

The last release for that box is 11.000g

Now I can not promis that it is a bug but I think so.

Do you have a support contract?  If so I would upgrade and retest or check with the TAC to confiim that it is a bug.

Thanks

Michael.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook