ACE: How to have icmp-reply active ignore redirect rhosts?

Advertisement
I'm wondering if anyone knows if I can have an ace4710 not reply to ICMP requests for a VIP unless atleast one of the host rservers is up. It appears to reply if just a single redirect service is online.
Thanks,
Chad
Advertisement

Replay

Chad,
Thanks for the clarification regretably I'm pretty sure the ACE works alike as the CSS in this requirement.
The problem is that the content rules (CSS) and the class-maps (ACE) are not dependent with each other. i.e with a config like the one shown below regardless if you suspend the service SIP or the content Web, ICMP still is going to be answered as the MAC address is still allocated on the arp table of your SW, in this case for the content Redirect there's no way you can stop ICMP replies other than manually suspending the rule.
owner Web
  content Redirect
    vip address 10.10.10.10
    url "/*"
    port 80
    protocol tcp
    redirect "http://website.com/blah.htm"
    active
  content Web
    vip address 10.10.10.10
    port 80
    protocol tcp
    url "/blah*"
    add service SIP
    active
I had thought I would've been able to it with an ACL like this one buuuut this is not traffic directed to the VIP :S
acl 5
  clause 1 deny icmp any destination content Web/Redirect
  clause 2 permit icmp any destination content Web/Web
  clause 3 permit any any destination any
  apply circuit-(VLAN10)
Same happens with the ACE redirect services will always make the VIP show as "inservice" as they don't require a health check to check the aliveness, these ones were thought to be UP all the time.
serverfarm host Web
  probe HTTP
  rserver Web-1
    inservice
  rserver Web-2
    inservice
rserver redirect Redirect
  webhost-redirection https://%h/blah.htm
  inservice
serverfarm redirect Blah
  rserver Redirect
    inservice
class-map type http loadbalance match-any Any
  2  math http url  .*
class-map type http loadbalance match-any Blah
  2 match http url /blah.htm
policy-map type loadbalance first-match Insertion
   class Blah
     serverfarm Web
   class Any
     serverfarm Blah