fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Brocade ADX - CSW nested rules

Nested CSW rules provides the ability to perform Boolean (AND, OR etc) based conditions on standard csw rules.

Within this example we will be :

  • Redirecting any request that has a host header of 'PRODUCTION.example.com' and containing a URL request for /FOLDER/index.html to '/REDIRECT/index.html'
  • Balancing any request that has a host header of 'STAGING.example.com' and containing a URL request for /FOLDER/index.html to either SERVER1 or SERVER2
  • Forwarding any request that contains a URL request for '/FOLDER/index.html' to SERVER3.

CSW Rules

First of all the csw rules are created (including the csw nested-rules).

csw-rule "csw-rule1" header "Host" equals "PRODUCTION.example.com"
csw-rule "csw-rule2" header "Host" equals "STAGING.example.com"
csw-rule "csw-rule3" url prefix "/FOLDER/index.html"

csw-rule "csw-rule1-nested" nested-rule "csw-rule1 && csw-rule3"
csw-rule "csw-rule2-nested" nested-rule "csw-rule2 && csw-rule3"

CSW Policy

We then create a csw policy. This defines actions for each of the csw rules when matched.

csw-policy CSW-POLICY
  match "csw-rule1-nested" redirect "*" "/REDIRECT/index.html" 80 301
  match "csw-rule2-nested" forward 1
  match "csw-rule3" forward 1024

Virtual / Real Servers

Finally each of the servers are defined a server-id and a group-id. CSW is also enabled and the csw policy associated to the virtual server.

server real REALSERVER1 192.168.1.11
 port http
 port http keepalive
 port http url "HEAD /index.html"
 port http server-id 1024
 port http group-id 1 1

server real REALSERVER2 192.168.1.12
 port http
 port http keepalive
 port http url "HEAD /index.html"
 port http server-id 1025
 port http group-id 1 2

server real REALSERVER3 192.168.1.13
 port http
 port http keepalive
 port http url "HEAD /index.html"
 port http server-id 1026
 port http group-id 1 3

server virtual VIRTUALSERVER 172.16.1.100
 port http
 port http keepalive
 port http csw
 port http csw-policy "CSW-POLICY"
 port http REALSERVER1 http
 port http REALSERVER2 http
 port http REALSERVER3 http

Tags: Brocade, ADX, CSW

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001