You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@trafficserver.apache.org by Dk Jack <dn...@gmail.com> on 2018/09/28 04:31:21 UTC
remap based on source IP or destination port
Hi,
I need to remap incoming traffic from a specific IP (connection IP) or
traffic that is received on a specific port i.e ATS listening/server port
to be sent to a specific IP+port. Distribute incoming traffic to multiple
sites based on source-ip or listening port. For example, I want to do
something like this:
map_with_recv_port 8081 http://10.1.10.1:8080/
map_with_recv_port 8082 http://10.1.10.2:8080/
or
map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/
With map or regex_remap, they allow me to filter on particular source IP.
However, what I want is not filtering, but remap based on source-ip or
listen port. Tried this:
regex_remap http://.*:8081/ http://10.1.10.1:8080/
@actio=allow @src_ip=10.1.1.1
regex_remap http://.*:8082/ http://10.1.10.2:8080/
@actio=allow @src_ip=10.1.1.2
Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
always tries to send it to 10.1.10.1.
The documentation for map_with_recv_port says it should work exactly as
map, but I haven't found a good example. The example, I showed above
doesn't seem to work. Would greatly appreciate any tips or suggestions.
Thanks.
Regards,
Dk.
Re: remap based on source IP or destination port
Posted by Dk Jack <dn...@gmail.com>.
Thanks for answering Leif,
With some trail and error I came to the same conclusion last night after I had sent my email. That seems to work.
However, this requires me to configure the each client side LB to send on a specific port. I’ll explore Alan’s suggestion and see if I can make work the way I want. Otherwise, I’ll have to live with this. Thanks again.
> On Sep 28, 2018, at 10:06 AM, Leif Hedstrom <zw...@apache.org> wrote:
>
>
>
>> On Sep 27, 2018, at 10:31 PM, Dk Jack <dn...@gmail.com> wrote:
>>
>> Hi,
>> I need to remap incoming traffic from a specific IP (connection IP) or
>> traffic that is received on a specific port i.e ATS listening/server port
>> to be sent to a specific IP+port. Distribute incoming traffic to multiple
>> sites based on source-ip or listening port. For example, I want to do
>> something like this:
>>
>> map_with_recv_port 8081 http://10.1.10.1:8080/
>> map_with_recv_port 8082 http://10.1.10.2:8080/
>
>
> No, I’d expect it to look like this
>
> map_with_recv_port http://example.com:8081 http://10.1.10.1:8080/
> map_with_recv_port http://example.com:8082 http://10.1.10.2:8080/
>
>
> The only (afaik) difference I know is that the match is done on the incoming port rather than what the request sent in the Host: header. So, a request like this (that connects to port server port 8081) would still match the above:
>
> GET / HTTP/1.1
> Host: example.com
>
>
> (notice the absence of a port in the request). This feature was done, I believe, where you might have a router, switch or load balancer in front of ATS, which remaps the incoming port (say 80) to a different destination port (say 8081) based on something else (like, source IP).
>
>
> Try it and see if that helps.
>
> — leif
>
>
>
>>
>>
>> or
>>
>> map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
>> map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/
>>
>> With map or regex_remap, they allow me to filter on particular source IP.
>> However, what I want is not filtering, but remap based on source-ip or
>> listen port. Tried this:
>>
>> regex_remap http://.*:8081/ http://10.1.10.1:8080/
>> @actio=allow @src_ip=10.1.1.1
>> regex_remap http://.*:8082/ http://10.1.10.2:8080/
>> @actio=allow @src_ip=10.1.1.2
>>
>> Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
>> always tries to send it to 10.1.10.1.
>>
>> The documentation for map_with_recv_port says it should work exactly as
>> map, but I haven't found a good example. The example, I showed above
>> doesn't seem to work. Would greatly appreciate any tips or suggestions.
>> Thanks.
>>
>> Regards,
>> Dk.
>
Re: remap based on source IP or destination port
Posted by Leif Hedstrom <zw...@apache.org>.
> On Sep 27, 2018, at 10:31 PM, Dk Jack <dn...@gmail.com> wrote:
>
> Hi,
> I need to remap incoming traffic from a specific IP (connection IP) or
> traffic that is received on a specific port i.e ATS listening/server port
> to be sent to a specific IP+port. Distribute incoming traffic to multiple
> sites based on source-ip or listening port. For example, I want to do
> something like this:
>
> map_with_recv_port 8081 http://10.1.10.1:8080/
> map_with_recv_port 8082 http://10.1.10.2:8080/ <http://10.1.10.2:8080/>
No, I’d expect it to look like this
map_with_recv_port http://example.com:8081 <http://example.com:8081/> http://10.1.10.1:8080/ <http://10.1.10.1:8080/>
map_with_recv_port http://example.com:8082 <http://example.com:8082/> http://10.1.10.2:8080/ <http://10.1.10.2:8080/>
The only (afaik) difference I know is that the match is done on the incoming port rather than what the request sent in the Host: header. So, a request like this (that connects to port server port 8081) would still match the above:
GET / HTTP/1.1
Host: example.com <http://example.com/>
(notice the absence of a port in the request). This feature was done, I believe, where you might have a router, switch or load balancer in front of ATS, which remaps the incoming port (say 80) to a different destination port (say 8081) based on something else (like, source IP).
Try it and see if that helps.
— leif
>
>
> or
>
> map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
> map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/
>
> With map or regex_remap, they allow me to filter on particular source IP.
> However, what I want is not filtering, but remap based on source-ip or
> listen port. Tried this:
>
> regex_remap http://.*:8081/ http://10.1.10.1:8080/
> @actio=allow @src_ip=10.1.1.1
> regex_remap http://.*:8082/ http://10.1.10.2:8080/
> @actio=allow @src_ip=10.1.1.2
>
> Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
> always tries to send it to 10.1.10.1.
>
> The documentation for map_with_recv_port says it should work exactly as
> map, but I haven't found a good example. The example, I showed above
> doesn't seem to work. Would greatly appreciate any tips or suggestions.
> Thanks.
>
> Regards,
> Dk.
Re: remap based on source IP or destination port
Posted by Dk Jack <dn...@gmail.com>.
Thanks Alan,
Will explore that...
/D
> On Sep 28, 2018, at 7:37 AM, Alan Carroll <so...@oath.com.INVALID> wrote:
>
> I would be tempted to see if header_rewrite can do what you want. There are
> a wider variety of conditionals available there. You could hook it up to
> only run on your regex_remap line and "override" the remap rule result as
> needed. I haven't use map_with_recv_port so I can't say if it could be made
> to work. You might try testing that with the debug tag 'http|url_rewrite'
> and see what shows up.
>
>> On Thu, Sep 27, 2018 at 11:31 PM Dk Jack <dn...@gmail.com> wrote:
>>
>> Hi,
>> I need to remap incoming traffic from a specific IP (connection IP) or
>> traffic that is received on a specific port i.e ATS listening/server port
>> to be sent to a specific IP+port. Distribute incoming traffic to multiple
>> sites based on source-ip or listening port. For example, I want to do
>> something like this:
>>
>> map_with_recv_port 8081 http://10.1.10.1:8080/
>> map_with_recv_port 8082 http://10.1.10.2:8080/
>>
>> or
>>
>> map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
>> map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/
>>
>> With map or regex_remap, they allow me to filter on particular source IP.
>> However, what I want is not filtering, but remap based on source-ip or
>> listen port. Tried this:
>>
>> regex_remap http://.*:8081/ http://10.1.10.1:8080/
>> @actio=allow @src_ip=10.1.1.1
>> regex_remap http://.*:8082/ http://10.1.10.2:8080/
>> @actio=allow @src_ip=10.1.1.2
>>
>> Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
>> always tries to send it to 10.1.10.1.
>>
>> The documentation for map_with_recv_port says it should work exactly as
>> map, but I haven't found a good example. The example, I showed above
>> doesn't seem to work. Would greatly appreciate any tips or suggestions.
>> Thanks.
>>
>> Regards,
>> Dk.
>>
>
>
> --
> *Beware the fisherman who's casting out his line in to a dried up riverbed.*
> *Oh don't try to tell him 'cause he won't believe. Throw some bread to the
> ducks instead.*
> *It's easier that way. *- Genesis : Duke : VI 25-28
Re: remap based on source IP or destination port
Posted by Alan Carroll <so...@oath.com.INVALID>.
I would be tempted to see if header_rewrite can do what you want. There are
a wider variety of conditionals available there. You could hook it up to
only run on your regex_remap line and "override" the remap rule result as
needed. I haven't use map_with_recv_port so I can't say if it could be made
to work. You might try testing that with the debug tag 'http|url_rewrite'
and see what shows up.
On Thu, Sep 27, 2018 at 11:31 PM Dk Jack <dn...@gmail.com> wrote:
> Hi,
> I need to remap incoming traffic from a specific IP (connection IP) or
> traffic that is received on a specific port i.e ATS listening/server port
> to be sent to a specific IP+port. Distribute incoming traffic to multiple
> sites based on source-ip or listening port. For example, I want to do
> something like this:
>
> map_with_recv_port 8081 http://10.1.10.1:8080/
> map_with_recv_port 8082 http://10.1.10.2:8080/
>
> or
>
> map_with_src_ip 10.1.1.1 http://10.1.10.1:8080/
> map_with_src_ip 10.1.1.2 http://10.1.10.2:8080/
>
> With map or regex_remap, they allow me to filter on particular source IP.
> However, what I want is not filtering, but remap based on source-ip or
> listen port. Tried this:
>
> regex_remap http://.*:8081/ http://10.1.10.1:8080/
> @actio=allow @src_ip=10.1.1.1
> regex_remap http://.*:8082/ http://10.1.10.2:8080/
> @actio=allow @src_ip=10.1.1.2
>
> Since the regex matches all traffic (both from 10.1.1.1 and 10.1.1.2), it
> always tries to send it to 10.1.10.1.
>
> The documentation for map_with_recv_port says it should work exactly as
> map, but I haven't found a good example. The example, I showed above
> doesn't seem to work. Would greatly appreciate any tips or suggestions.
> Thanks.
>
> Regards,
> Dk.
>
--
*Beware the fisherman who's casting out his line in to a dried up riverbed.*
*Oh don't try to tell him 'cause he won't believe. Throw some bread to the
ducks instead.*
*It's easier that way. *- Genesis : Duke : VI 25-28