Table of Contents
Advertisement
Class Map and Policy Map Overview
If none of the classifications specified in policy maps match, then the ACE
executes the default actions specified against the class map configured with the
class-default keyword (if one is specified). All traffic that fails to meet the other
matching criteria in the named class map belongs to the default traffic class. The
class map configure with the class-default keyword has an implicit match-any
match statement in it and is used to match any traffic classification.
For example, with the following classifications for a specific request, the ACE
attempts to match the incoming content request with the classification defined in
class maps C1, C2, and C3:
host1/Admin(config)# policy-map type loadbalance first-match
SLB_L7_POLICY
host1/Admin(config-pmap-lb)# class C1
host1/Admin(config-pmap-lb-c)# serverfarm SF1
host1/Admin(config-pmap-lb-c)# exit
host1/Admin(config-pmap-lb)# class C2
host1/Admin(config-pmap-lb-c)# serverfarm SF2
host1/Admin(config-pmap-lb-c)# exit
host1/Admin(config-pmap-lb)# class C3
host1/Admin(config-pmap-lb-c)# serverfarm SF3
host1/Admin(config-pmap-lb-c)# exit
host1/Admin(config-pmap-lb-c)# class class-default
host1/Admin(config-pmap-lb-c)# serverfarm SFBACKUP
If the match criteria satisfies, the ACE load balances a content request to
serverfarm SF1; if not, the ACE evaluates the match criteria in class map C2 and
class map C3. If the request does not match any of the classifications in class maps
C1, C2, or C3, then the class defined with the class-default keyword is guaranteed
to match because it contains a match-any match statement in it. This action results
in the ACE load balancing the request to the SFBACKUP server farm.
The ACE supports flexible class map ordering within a policy map. The ACE
executes only the actions for the first matching traffic classification, so the order
of class maps within a policy map is very important. The policy lookup order is
based on the security features of the ACE. The policy lookup order is implicit,
irrespective of the order in which you configure policies on the interface.
The policy lookup order of the ACE is as follows:
1.
2.
3.
4.
Cisco 4700 Series Application Control Engine Appliance Administration Guide
4-8
Access control (permit or deny a packet)
Permit or deny management traffic
TCP/UDP connection parameters
Load balancing based on a virtual IP (VIP)
Chapter 4
Configuring Class Maps and Policy Maps
OL-11157-01
Hide quick links:
Advertisement
Table of Contents
