Application Acceleration and Optimization Guide vA3(1.0), Cisco ACE 4700 Series Application Control Engine Appliance
Configuring a Traffic Policy for HTTP Optimization
Downloads: This chapterpdf (PDF - 203.0KB) The complete bookPDF (PDF - 4.43MB) | Feedback

Configuring a Traffic Policy for HTTP Optimization

Table Of Contents

Configuring a Traffic Policy for HTTP Optimization

Traffic Policy Configuration Quick Start

Configuring a Layer 7 Class Map and Policy Map for SLB

Configuring a Layer 7 Optimization HTTP Policy Map

Creating a Layer 7 Optimization HTTP Policy Map

Adding a Layer 7 Optimization HTTP Policy Map Description

Including Inline Match Statements in a Layer 7 Command Optimization HTTP Policy Map

Associating a Layer 7 SLB Class Map with a Layer 7 HTTP Optimization Policy Map

Adding an Action List and Parameter Map to the Policy Map

Configuring a Layer 3 and Layer 4 Class Map for SLB

Configuring a Layer 3 and Layer 4 Policy Map for SLB and Application Acceleration

Associating a Layer 3 and Layer 4 Class Map with a Policy Map

Associating a Layer 7 SLB Policy Map with a Layer 3 and Layer 4 Policy Map

Associating a Layer 7 Optimization HTTP Policy Map with a Layer 3 and Layer 4 Policy Map

Applying a Service Policy

Where to Go Next


Configuring a Traffic Policy for HTTP Optimization


This chapter describes how to configure a traffic policy to instruct the Cisco 4700 Series Application Control Engine (ACE) appliance to implement application acceleration and optimization functions on traffic that matches the classification defined in the traffic class. It contains the following major sections:

Traffic Policy Configuration Quick Start

Configuring a Layer 7 Class Map and Policy Map for SLB

Configuring a Layer 7 Optimization HTTP Policy Map

Configuring a Layer 3 and Layer 4 Class Map for SLB

Configuring a Layer 3 and Layer 4 Policy Map for SLB and Application Acceleration

Applying a Service Policy

Where to Go Next

Traffic Policy Configuration Quick Start

Table 4-1 provides a quick overview of the steps required to configure an application acceleration and optimization traffic policy. Each step includes the CLI command and a reference to the procedure required to complete the task. For a complete description of each feature and all the options associated with the CLI commands, see the sections following Table 4-1.

Table 4-1 Application Acceleration and Optimization Policy Configuration Quick Start 

Task and Command Example

1. If you are operating in multiple contexts, observe the CLI prompt to verify that you are operating in the desired context. If necessary, change to, or directly log in to, the correct context.

host1/Admin# changeto C1
host1/C1#

The rest of the examples in this table use the Admin context unless otherwise specified. For details on creating contexts, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.

2. Enter configuration mode.

host1/Admin# config
Enter configuration commands, one per line. End with CNTL/Z
host1/Admin(config)#

3. Create a Layer 7 class map and policy map to define server load-balancing (SLB) functions. See the "Configuring a Layer 7 Class Map and Policy Map for SLB" section.

host1/Admin(config)# class-map type http loadbalance match-all 
L7SLBCLASS
host1/Admin(config-cmap-http-lb)# match http header Host 
header-value .*cisco.com
host1/Admin(config-cmap-http-lb)# exit
host1/Admin(config)# policy-map type loadbalance first-match 
L7SLBPOLICY
host1/Admin(config-pmap-lb)# class L7SLBCLASS
host1/Admin(config-pmap-lb-c)# compress default-method gzip
host1/Admin(config-pmap-lb-c)# serverfarm FARM2 backup FARM3 
sticky

4. Use the exit command to reenter configuration mode.

host1/Admin(config-pmap-lb-c)# exit
host1/Admin(config-pmap-lb)# exit
host1/Admin(config)#

5. Create a Layer 7 optimization HTTP policy map to associate an existing optimization HTTP action list to configure a series of application acceleration and optimization actions. You can optionally specify an existing optimization HTTP parameter map to associate it with the action list. See the "Configuring a Layer 7 Class Map and Policy Map for SLB" section.

host/Admin(config)# policy-map type optimization http first-match 
L7OPTIMIZATION_POLICY
host/Admin(config-pmap-optmz)# class L7SLBCLASS
host1/Admin(config-pmap-optmz-c)# action ACT_LIST1 parameter 
OPTIMIZE_PARAM_MAP

6. Use the exit command to reenter configuration mode.

host1/Admin(config-pmap-optmz-c)# exit
host1/Admin(config-pmap-optmz)# exit
host1/Admin(config)#

7. Create a Layer 3 and Layer 4 SLB class map. See the "Configuring a Layer 3 and Layer 4 Class Map for SLB" section.

host1/Admin(config)# class-map L4VIPCLASS
host1/Admin(config-cmap)# class L4SLBCLASS
host1/Admin(config-cmap)# match virtual-address 192.168.1.10 tcp 
eq 80
host1/Admin(config-cmap)# exit
host1/Admin(config)#

8. Create a Layer 3 and Layer 4 policy map for SLB and application acceleration. See the "Configuring a Layer 3 and Layer 4 Policy Map for SLB and Application Acceleration" section.

host1/Admin(config)# policy-map multi-match L4SLB_OPTIMIZE_POLICY
host1/Admin(config-pmap)# class L4SLBCLASS
host1/Admin(config-pmap-c)#

9. Associate a Layer 7 SLB policy map with a Layer 3 and Layer 4 policy map. See the "Associating a Layer 7 SLB Policy Map with a Layer 3 and Layer 4 Policy Map" section.

host1/Admin(config-pmap-c)# loadbalance policy L7SLBPOLICY

10. Associate a Layer 7 optimization HTTP policy map with a Layer 3 and Layer 4 policy map. See the "Associating a Layer 7 Optimization HTTP Policy Map with a Layer 3 and Layer 4 Policy Map" section.

host1/Admin(config-pmap-c)# optimize http policy 
L7OPTIMIZATION_POLICY

11. Activate a policy map and attach it to an interface. See the "Applying a Service Policy" section.

host1/Admin(config)# interface vlan 50
host1/Admin(config-if)# ip address 172.16.1.100 255.255.255.0
host1/Admin(config-if)# service-policy input 
L4SLB_OPTIMIZE_POLICY

12. (Optional) Save your configuration changes to Flash memory.

host1/Admin# copy running-config startup-config

Figure 4-1 provides a basic overview of the process required to build and apply the Layer 7, Layer 3, and Layer 4 actions lists, parameter maps, and traffic policies that the ACE uses for SLB and application acceleration. The figure also shows how you associate the various components of the policy configuration with each other.

Figure 4-1 Application Acceleration and Optimization Configuration Flow Diagram

Configuring a Layer 7 Class Map and Policy Map for SLB

The Layer 7 class map that you associate with a Layer 7 policy map acts as a filter for traffic that matches the server load-balancing (SLB) criteria that you specify. The match criteria is in the form of the following HTTP load-balancing attributes:

Cookie

HTTP header

URL

Source IP address

To create a Layer 7 SLB class map, use the class-map type http loadbalance command in configuration mode.

To create a Layer 7 SLB policy map, use the policy-map type loadbalance first-match command in configuration mode.

For details on configuring a Layer 7 SLB class map and policy map, see the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide.


Note You can instruct the ACE to compress and encode packets that match a Layer 7 SLB policy map by using the compress command in policy map load-balancing class configuration mode. You define the compression format that the ACE uses when responding to an HTTP compression request from a client. For details, see the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide.


Configuring a Layer 7 Optimization HTTP Policy Map

A policy map associates a predefined traffic class (class map) with a series of actions to be performed on the traffic that matches the classifications defined in the traffic class. The Layer 7 optimization HTTP policy map associates an HTTP optimization action list and, optionally, a parameter map to configure the specified application acceleration and optimization actions.

You associate the completed Layer 7 policy map with a Layer 3 and Layer 4 policy map to activate the operation on a VLAN interface (see the "Configuring a Layer 3 and Layer 4 Policy Map for SLB and Application Acceleration" section).

This section contains the following topics:

Creating a Layer 7 Optimization HTTP Policy Map

Adding a Layer 7 Optimization HTTP Policy Map Description

Including Inline Match Statements in a Layer 7 Command Optimization HTTP Policy Map

Associating a Layer 7 SLB Class Map with a Layer 7 HTTP Optimization Policy Map

Adding an Action List and Parameter Map to the Policy Map

Creating a Layer 7 Optimization HTTP Policy Map

To name the traffic policy and initiate application acceleration and optimization operations, use the policy-map type optimization http command in configuration mode. The syntax of this command is as follows:

policy-map type optimization http first-match map_name

The keyword and arguments are:

http first-match—Specifies a policy map that defines Layer 7 HTTP optimization operations to be performed by the ACE. The first-match keyword defines the execution for the Layer 7 optimization HTTP policy map. The ACE executes only the action specified against the first-matching classification.

map_name—The name assigned to the policy map. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

For example, to create a Layer 7 optimization HTTP policy map and access the policy map optimization configuration mode, enter:

host/Admin(config)# policy-map type optimization http first-match 
L7OPTIMIZATION_POLICY
host/Admin(config-pmap-optmz)#

To remove a Layer 7 optimization policy map from the ACE, enter:

host1/Admin(config)# no policy-map type optimization http first-match 
L7OPTIMIZATION_POLICY

Adding a Layer 7 Optimization HTTP Policy Map Description

To provide a brief summary about the Layer 7 optimization HTTP policy map, use the description command.

The syntax of this command is as follows:

description text

Use the text argument to enter an unquoted text string with a maximum of 240 alphanumeric characters.

For example, to add a description that the policy map is to perform delta optimization, enter:

host1/Admin(config-pmap-optmz)# description This policy map performs 
delta optimization

To remove the description from the policy map, enter:

host1/Admin(config-pmap-optmz)# no description

Including Inline Match Statements in a Layer 7 Command Optimization HTTP Policy Map

To include a single inline match criteria in the policy map without specifying a traffic class, enter an applicable Layer 7 match command. The inline Layer 7 policy map match commands function the same as with the Layer 7 SLB class map match commands. However, when you use an inline match command, you can specify an action for only a single match statement in the Layer 7 policy map.


Note To specify actions for multiple match statements, use a Layer 7 SLB class map as described in the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide.


The syntax for an inline match command is as follows:

match name match_statement [insert-before map_name]

The arguments are:

name—Specifies the name assigned to the inline match command. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. The length of the inline match statement name plus the length of the policy map name with which it is associated cannot exceed a total maximum of 64 alphanumeric characters. For example, if the policy map name is L7_POLICY (nine characters), an inline match statement name under this policy cannot exceed 55 alphanumeric characters (64 - 9 = 55).

match_statement—Specifies the inline match criteria to be used by the policy map. See below for details on the match commands associated with the Layer 7 FTP command inspection class map.

insert-before map_name—(Optional) Places the inline match command ahead of an existing class map in the policy map configuration.

The syntax for the HTTP optimization policy map inline match commands includes:

match http cookie

match http header

match http url

See the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide section for details on the individual inline match commands.

For example, to specify that the Layer 7 optimization policy map load balances on a cookie with the name of testcookie1, enter:

host/Admin(config)# policy-map type optimization http first-match 
L7OPTIMIZATION_POLICY
host/Admin(config-pmap-optmz)# match MATCH2 http cookie testcookie1 
cookie-value 123456

Associating a Layer 7 SLB Class Map with a Layer 7 HTTP Optimization Policy Map

To associate an existing Layer 7 SLB class map with a Layer 7 optimization HTTP policy map, use the class command. The syntax of this command is as follows:

class {name1 [insert-before name2] | class-default}

The keywords, arguments, and options are:

name1—The name of a previously defined Layer 7 SLB class map, configured with the class-map command, to associate traffic to the traffic policy. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

insert-before name2—(Optional) Places the current class map ahead of an existing class map or match statement specified by the name2 argument in the policy-map configuration. The ACE does not save the sequence reordering as part of the configuration.

class-default—Specifies a reserved, well-known class map created by the ACE. You cannot delete or modify this class. All traffic that fails to meet the other matching criteria in the named class map belongs to the default traffic class. If none of the specified classifications match the traffic, then the ACE performs the action specified under the class class-default command. The class-default class map has an implicit match any statement in it enabling it to match all traffic.

For example, to use the class command, enter:

host1/Admin(config-pmap-optmz)# class L7SLBCLASS
host1/Admin(config-pmap-optmz-c)#

To remove a class map from a Layer 7 policy map, enter:

host1/Admin(config-pmap-optmz)# no class L7SLBCLASS 

For example, to use the insert-before option to define the position of a class map in the policy map, enter:

host1/Admin(config-pmap-optmz)# class L7SLBCLASS insert-before 
http_class
host1/Admin(config-pmap-optmz-c)# 

For example, to use the class class-default command, enter:

host1/Admin(config-pmap-optmz)# class class-default
host1/Admin(config-pmap-optmz-c)#

Adding an Action List and Parameter Map to the Policy Map

You can perform a specific set of application acceleration and optimization actions by using the action command. The Layer 7 optimization HTTP policy map activates the use of an optimization HTTP action list to configure the specified actions. See Chapter 2, Configuring an Optimization HTTP Action List. for details about creating an optimization HTTP action list.

You can specify an optional optimization HTTP parameter list in an optimization HTTP policy map to identify the association between the action list and the parameter map. The optimization HTTP action list defines what to do while the optimization HTTP parameter map defines the specific details about how to accomplish the action. See Chapter 3, Configuring an Optimization HTTP Parameter Map for details on creating an optimization HTTP parameter map.

The syntax of this command is as follows:

action list_name [parameter map_name]

The arguments, keywords, and options are:

list_name —A unique name of an existing action list as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

parameter—(Optional) Specifies optimization-related commands that pertain to application acceleration and optimization functions performed by the ACE. A parameter map groups the functions that adjust or control the actions specified in an associated action list.

map_name—A unique name of an existing parameter map as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

For example, to associate an existing action list with an existing parameter map to control the actions in the Layer 7 HTTP optimization policy map, enter:

host/Admin(config)# policy-map type optimization http first-match 
L7OPTIMIZATION_POLICY
host1/Admin(config-pmap-optmz)# class L7SLBCLASS
host1/Admin(config-pmap-optmz-c)# action ACT_LIST1 parameter 
OPTIMIZE_PARAM_MAP

To remove the action list from the Layer 7 HTTP optimization policy map, enter:

host1/Admin(config-pmap-optmz-c)# no action ACT_LIST1 parameter 
OPTIMIZE_PARAM_MAP

Configuring a Layer 3 and Layer 4 Class Map for SLB

A Layer 3 and Layer 4 class map contains match criteria to classify network traffic that can pass through the ACE. The ACE uses these Layer 3 and Layer 4 traffic classes to perform server load balancing (SLB). For a Layer 3 and Layer 4 traffic classification, the match criteria in a class map include the VIP address, the protocol, and the port of the ACE. You can configure multiple commands in a single class map to specify the match criteria in a group that you then associate with a traffic policy.

To create a Layer 3 and Layer 4 class map to classify network traffic that passes through the ACE, use the class-map command in configuration mode. For details about configuring a Layer 3 and Layer 4 SLB class map, see the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide.

Configuring a Layer 3 and Layer 4 Policy Map for SLB and Application Acceleration

You create a Layer 3 and Layer 4 policy map that contains SLB actions that are related to a VIP. In addition, you can configure the HTTP optimization services to be performed by the ACE. This process binds the specified functions in the associated HTTP optimize action lists and parameter maps with the specified VIP.

At the Layer 3 and Layer 4 network traffic level, for each network traffic feature there is a single policy map. The Layer 3 and Layer 4 policy maps are classified accordingly and, using the service-policy command applies these policy maps to a single interface or globally to all interfaces in a context.

The ACE treats all Layer 7 policy maps as child policies, so you must always associate a Layer 7 SLB and a Layer 7 HTTP optimization policy map with a Layer 3 and Layer 4 policy map. You can apply only a Layer 3 and Layer 4 policy map to an interface or globally to all interfaces in a context.

After you associate a Layer 3 and Layer 4 class map with the policy map, specify the SLB and HTTP optimization actions that the ACE should take when network traffic matches one or more match statements in a class map. To specify the Layer 3 and Layer 4 SLB and HTTP optimize policy actions, see the following topics:

Associating a Layer 3 and Layer 4 Class Map with a Policy Map

Associating a Layer 7 SLB Policy Map with a Layer 3 and Layer 4 Policy Map

Associating a Layer 7 Optimization HTTP Policy Map with a Layer 3 and Layer 4 Policy Map

Associating a Layer 3 and Layer 4 Class Map with a Policy Map

To associate a Layer 3 and Layer 4 SLB class map with a Layer 3 and Layer 4 policy map, use the class command in policy-map configuration mode. The syntax of this command is as follows:

class {name1 [insert-before name2] | class-default}

The keywords, arguments, and options are:

name1—The name of a previously defined traffic class configured with the class-map command. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

class-default—Specifies a reserved, well-known class map created by the ACE. You cannot delete or modify this class. All traffic that fails to meet the other matching criteria in the named class map belongs to the default traffic class. If none of the specified classifications match the traffic, then the ACE performs the action specified under the class class-default command. The class-default class map has an implicit match any statement in that it enables it to match all traffic.

insert-before name2—(Optional) Places the current class map ahead of an existing class map specified by the name2 argument in the policy-map configuration. The ACE does not preserve the command in the running configuration but does retain the configured order of class maps in the policy map.

For example, to associate a Layer 3 and Layer 4 class map, enter:

host1/Admin(config)# policy-map multi-match L4SLB_OPTIMIZE_POLICY
host1/Admin(config-pmap)# class L4SLBCLASS
host1/Admin(config-pmap-c)#

To remove a class map from a Layer 3 and Layer 4 policy map, enter:

host1/Admin(config-pmap)# no class L4SLBCLASS

Associating a Layer 7 SLB Policy Map with a Layer 3 and Layer 4 Policy Map

To associate a Layer 7 SLB policy map with a Layer 3 and Layer 4 policy map, use the loadbalance command in policy map class configuration mode. For details on creating a Layer 7 SLB policy map and specifying the Layer 3 and Layer 4 policy actions, see the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide.

The syntax of this command is as follows:

loadbalance policy name

The policy name keyword and argument specify the identifier of an existing Layer 7 SLB policy map. Enter the name as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

For example, to reference the Layer 7 L7SLB_OPTIMIZE_POLICY policy map within the Layer 3 and Layer 4 L4SLB_OPTIMIZE_POLICY policy map, enter:

host1/Admin(config)# policy-map multi-match L4SLB_OPTIMIZE_POLICY
host1/Admin(config-pmap)# class L4SLBCLASS
host1/Admin(config-pmap-c)# loadbalance policy L7SLB_OPTIMIZE_POLICY

To dissociate the Layer 7 SLB policy from the Layer 3 and Layer 4 policy, enter:

host1/Admin(config-pmap-c)# no loadbalance policy 
L7SLB_OPTIMIZE_POLICY

Associating a Layer 7 Optimization HTTP Policy Map with a Layer 3 and Layer 4 Policy Map

To associate a Layer 7 HTTP optimize policy map with a Layer 3 and Layer 4 policy map, use the optimize http policy command in policy map class configuration mode. For details on creating a Layer 7 HTTP optimize policy map, see the "Creating a Layer 7 Optimization HTTP Policy Map" section.

The syntax of this command is as follows:

optimize http policy name

The name argument specifies the identifier of an existing Layer 7 HTTP optimize policy map. Enter the name as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

For example, to references the Layer 7 L7OPTIMIZATION_POLICY policy map within the Layer 3 and Layer 4 L4SLB_OPTIMIZE_POLICY policy map, enter:

host1/Admin(config)# policy-map multi-match L4SLB_OPTIMIZE_POLICY
host1/Admin(config-pmap)# class L4SLBCLASS
host1/Admin(config-pmap-c)# optimize http policy L7OPTIMIZATION_POLICY

To dissociate the Layer 7 HTTP optimize policy from the Layer 3 and Layer 4 policy, enter:

host1/Admin(config-pmap-c)# no optimize http policy 
L7OPTIMIZATION_POLICY

Applying a Service Policy

Use the service-policy command to perform the following tasks:

Apply a previously created policy map.

Attach the traffic policy to a specific VLAN interface or globally to all VLAN interfaces in the same context.

Specify that the traffic policy is to be attached to the input direction of an interface.

The service-policy command is available at both the interface configuration mode and at the configuration mode. Specifying a policy map in the interface configuration mode applies the policy map to a specific VLAN interface. Specifying a policy map in the configuration mode applies the policy to all of the VLAN interfaces associated with a context.

The syntax of this command is as follows:

service-policy input policy_name

The keywords and arguments are:

input—Specifies that the traffic policy is to be attached to the input direction of a VLAN interface. The traffic policy evaluates all traffic received by that interface.

policy_name—Specifies the name of a previously defined policy map, configured with a previously created policy-map command. The name can be a maximum of 64 alphanumeric characters.

For example, to specify a VLAN interface and apply the Layer 3 and Layer 4 policy map to a VLAN, enter:

host1/Admin(config)# interface vlan 50
host1/Admin(config-if)# ip address 172.16.1.100 255.255.255.0
host1/Admin(config-if)# service-policy input L4SLB_OPTIMIZE_POLICY

For example, to globally apply the Layer 3 and Layer 4 policy map to all of the VLANs associated with a context, enter:

host1/Admin(config)# service-policy input FTP_INSPECT_L4POLICY
host1/Admin(config)# service-policy input L4SLB_OPTIMIZE_POLICY

To detach a traffic policy from a VLAN interface, enter:

host1/Admin(config-if)# no service-policy input L4SLB_OPTIMIZE_POLICY

To globally detach a traffic policy from all VLANs associated with a context, enter:

host1/Admin(config)# no service-policy input L4SLB_OPTIMIZE_POLICY

When you detach a traffic policy either individually from the last VLAN interface on which you applied the service policy or globally from all VLAN interfaces in the same context, the ACE automatically resets the associated service policy statistics. The ACE performs this action to provide a new starting point for the service policy statistics the next time that you attach a traffic policy to a specific VLAN interface or globally to all VLAN interfaces in the same context.

Follow these guidelines when creating a service policy:

Policy maps, applied globally in a context, are internally applied on all interfaces existing in the context.

A policy activated on a VLAN interface overwrites any specified global policies for overlapping classification and actions.

The ACE allows only one policy of a specific feature type to be activated on a given interface.

Where to Go Next

Proceed to Chapter 5, Configuring Global Optimization Settings, to configure global optimization settings on the ACE.