Content Switching provides the ability to distribute / rewrite traffic based upon a sessions Layer 7 payload. This feature also provides the ability to persist connections to a given server/server group. There are 4 main methods to Layer 7 switching:
- Cookie Switching – Uses either a server sent cookie or ADX injected cookie to direct traffic to specific server or server group
- Cookie Hashing – Generates a hash of teh cookie sent from the server to persist further requests when client uses the same cookie.
- URL Switching – Uses a user specified piece of the URL to direct to specific server or server group
- URL Hashing – Hashes the URL string to direct to a specific server or server group
Layer 7 Content Switching
1. Define CSW Rule
Specfies content to match in HTTP
Header
(config) # csw-rule rule4 header host exists
URL
(config) # csw-rule rule3 rule exists
Method
(config) # csw-rule rule1 method eq PUT
Versions
(config) # csw-rule rules 2 version eq 1.1
Create a policy
Specifies action to take when rule is matched.
1. Create a policy
(config) # csw-policy p1
(config-cws-p1) #
2. Action
Match rule/take action in one statement. We can either
a) Forward
(config-csw-p1) # match rule1 forward 1029
b) Redirect
(config-csw-p1) # match rule1 redirect “*” “*” ssl (first * is match all domains, second * is match all URLs.)
c) Rewrite
(config-csw-p1) # match rule1 rewrite request-insert client-ip
Bind Policy
Bind policy and enable CSW
Bind poicy and turn on csw to a paritcluar VIP
(config) # server virtual cswVIP 192.168.1.1
(config-vs-cswVIP) # port http
(config-vs-cswVIP) # port http csw-policy p1
(config-vs-cswVIP) # port http csw
(config-vs-cswVIP) # bind http rs1 http
Cookie Switching (with cookie inserted)
Configure Server Group ID`s
(config) # server real-name rs1 10.10.10.201
(config-rs-rs1) # port http group-id 10 10
(config-rs-rs1) # exit
(config) # server real-name rs1 10.10.10.202
(config-rs-rs2) # port http group-id 10 10
(config-rs-rs2) # exit
As group ids are sqencial you have to speficy the groups that it will be a member of. If you you only want it to be group 109 then you have to spefcy that it will be in group 10 through to group 10
Configure Server ID`s
(config) # server real-name rs1 10.10.10.201
(config-rs-rs1) # port http server-id 1024
(config-rs-rs1) # exit
(config) # server real-name rs1 10.10.10.202
(config-rs-rs2) # port http group-id 1025
(config-rs-rs2) # exit
Create a Policy
Next create a policy that defines the action that is taken when the rule is matched.
(config)# csw-policy myCookie
(config-csw-myCookie)#
Within this example we take 3 actions. They are :
Persist – if rule 1 is matched then send (persist) to server
(config-csw-myCookie)# match r1 persist offset 0 length 3 group-or-server-id
Forward – if we dont match against that rule we will forward to group 10
(config-csw-myCookie)# default forward 10
Rewite – if i dont see the cookie I will insert it
(config-csw-myCookie)# default rewite insert-cookie
Define CSW Rule
Next we define a content switching rule. This rule spefies which content to match.
(config)# csw-rule r1 header “cookie” search “ServerID”
Assign to Virtual Server
(config) # server virtual cookieVIP 2.1.1.1
(config-vs-cookieVIP) # port http
(config-vs-cookieVIP) # port http cookie-name “ServerID”
(config-vs-cookieVIP) # port http csw-policy “myCookie”
(config-vs-cookieVIP) # port http csw
(config-vs-cookieVIP) # bind http rs1 http rs2 http
URL Switching
(config)# csw-rule products url prefix /PRODUCTS case-insensitive
(config)# csw-rule products url prefix /PARTNERS case-insensitive
(config)# csw-policy “myUrlPolicy” case-insensitive
(config-csw-myUrlPolicy)# match products forward 201
(config-csw-myUrlPolicy)# match support forward 202 (server group)
(config-csw-myUrlPolicy)# default forward 201
(config)# server virtual url-sw-VIP [IP]
(config-vs-url-sw-VIP)# port http
(config-vs-url-sw-VIP)# port http csw-policy “myUrlPolicy”
(config-vs-url-sw-VIP)# port http csw
(config-vs-url-sw-VIP)# bind http rs1 http rs2 http
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become a networking expert?
Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial