Class Refresh for Class mapped through Relation not Query

We have Class A which is root of Domain Object Tree for our Application.
We have Class B. Relationship for A -> B is one to one with Use Indirection turned on.
Back reference (B->A) is also one to one with Use Indirection turn on.
When we try to do getB() on Class A (i.e. A.getB()). Query is fired only on first
access call to get(). We have a query to get Class A which always refresh A
but not B. We tried setting Caching Policy - Always refresh on Class Descriptor for
Class B. But still the query is not fired on object B when A.getB() is called.
I need to class to be always refresh as this can get added on deleted outside
Toplink Application. Hence is always need to refresh the Class B.
What should We do.

Refreshing in TopLink is based on queries. When you are accessing getB(), you are simply resolving a Java reference. (ie A.b). If B must always be refreshed I would recommend not mapping A.b attribute. Instead getB() should always issue a refreshing query.
--Gordon

Similar Messages

The class-default class map

According to Cisco dumentation (http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/mpc.html)
, the ASA is equipped with two default class-maps
class-map inspection_default
match default-inspection-traffic
and
class-map class-default
match any
The first makes perfect sense, but what is the class-default used for? Cisco says
"This class map appears at the end of all Layer 3/4 policy maps and essentially tells the adaptive security appliance to not perform any actions on all other traffic. You can use the class-default class map if desired, rather than making your own
match any class map. In fact, some features are only available for class-default."
But I see stuff like this:
policy-map MyPolicy
class class-default
inspect tfp MyFTPpolicy
Obviously it is being used here to act on traffic! So I am confused.
I also noticed that when you upgrade from 8.2 to 8.4, all default class-maps are removed from the configuration: you have to re-create everything (strange)

Hello Collin,
This is Mike. I dont think it is well documented. Basically it is just a class map (that does not appear on the configuration unless an action is specified) that will match all traffic passing through the ASA firewall. Some features like NSEL (Netflow) and Traffic shaping are only allowed to use this kind of class maps because they dont support any other match command.
The one that you currently have (and God I hope its not applied) will look for tftp traffic on every IP packet passing across the ASA.
This specific type of policy you have there can only be applied on the interface (as it is not a layer 7 inspection policy) you can check if it is applied or not by running the show "run service-policy command"
Mike

Class-map type inspect match access-group name question

I'm creating a zone base firewall solution and all appears to be fine until I create a class-map type inspect match-all or any
and match access-group name acl to match an extended ACL and once I match it the commands runs but when I go back to view the configuration of the class-map it is not there.
I have tried other named ACLs and it works if the ACL contents are simple like permit ip any any but for complex ACLs with ranges, tcp, udp, icmp etc etc it does not take it but it does not report an issue either and when I view the config its not there for the complex extended acl but for the simple extended acl it does show.
Any restrictions or possible bugs I'm running into?
Thanks for all looking

This could be a bug. Could you post the exact configuration you are trying to implement? I just set up a small test and I have been unable to reproduce what you are seeing. I would like to see if I get the same result using your config.
Please remember to select a correct answer and rate helpful posts

Dac not generating paramter files for unspecified mapping in one workflow

Hi,
We are facing a problem with DAC while generating parameter files.I have a task in DAC which is calling a workflow(It contains two sessions,1.SILOS mapping,2.SILOS_UNSPECIFIED mapping).
Both are using the same parameter file.
During Development DAC used to generate parameters for both sessions in the same file.Both now in diff environment,it is generating parameters for the first session
and for unspecified mapping it is not generating any parameters.So unspecified mappings are failing.
Any one help?

Please check whether the file parameterfileDW.txt has the section for that unspecified workflow. If not please copy and paste from DEV env and restart the load.
If it exists in parameterfileDW.txt and still not not generating section for unspecified session in parameter file then try running the below command at <infa_home>\server\bin
pmrep listobjectdependencies -n <WORKFLOW_NAME> -o workflow -f <FOLDER_NAME> -d session -p children
and see whether the output as your unspecified session and post your observations.
Mark If Helps

Encountering Error in webadi : "&Value is invalid. Enter a valid value for the Mapping column &Column"

We are having a custom WebADI, containing a field (Employee Name) which is a LOV.
The LOV has ID : Person ID, Meaning : Employee name, Description : Position Name.
There are multiple records with same Employee name but different Person ID.
If I select an Employee in the LOV which has multiple records (through different IDs), I am getting an error in WebADI:
"Enter a valid EMPLOYEE_NAME.
XX is invalid. Enter a valid value for the Mapping column EMPLOYEE_NAME"
The Query for the LOV is correct and is returning correct records.
Any pointers on this issue highly appreciated.

Hi,
The problem could be with HR security profile attached to the responsibility from where you are launching the spreadsheet. Check it once.
Thanks.

Class-maps used for load balancing on ACE

I am from CCS background and am trying to understand how the VIPs could be configured on an ACE module (using class maps).
I am looking for specific information for the following :
1. Will each VIP have a corresponding Service-policy on the VLAN Interface or can we club many VIPs (through policy-maps) onto a single service-policy entry on teh interface?
2. I could not find any cisco doco with the configuration examples for more than one VIP address and would please like to know some examples, if possible or could some one direct me to a doco with many VIP entries ?
- Should each VIP have a seperate class-map or can list them together?

You will have to configure L3/L4 class-maps for corresponding VIPs. You just need a single policy with n class-maps for n VIPS.
I am writing a sample that will hopefully help you on this
class-map match-all app1-vip
match virtual-address 10.1.1.1 tcp eq 80
class-map match-any app2-vip
match virtual-address 10.1.1.2 tcp eq 443
policy-map type loadbalance first-match L7app1
class class-default
server-farm App1-farm
policy-map type loadbalance first-match L7app2
class class-default
server-farm App2-farm
policy-map multi-match All-vips
class app1-vip
loadbalance vip inservice
loadbalance policy L7app1
loadbalance vip icmp-reply active
class app2-vip
loadbalance vip inservice
loadbalance policy L7app2
loadbalance vip icmp-reply active
int vlan 100
ip address 10.10.10.101 255.255.255.0
service-policy input All-vips
Syed Iftekhar Ahmed

Query: Missing tablename in generated SQL for vertical mapped classes

Hi,
I am playing with Kodo 3.1.4 / Postgres 7.4 and could not find any
solution for this problem:
I have one class calles "Clipfragment" which represents video clips and
has a long - field named "lengthInMinutes". It extends a baseclass
called "Categorizablefragment", which has a field "id" and some others.
I use vertical mapping, thus having one table per class. The identity
type is 'application'. The table for the class "Categorizablefragment"
contains fields for jdoclass and jdoversion and IMHO correct entries.
Everything works really fine except for Querys against subclass fields
with aggregate functions. E.g. counting all clips works:
KodoQuery q = (KodoQuery) getJdoPm().newQuery(ClipFragment.class);
q.setResult ("count(id)");
Number count = (Number) q.execute ();
But: Querying for the sum of the field 'lengthInMinutes' fails:
KodoQuery q = (KodoQuery) getJdoPm().newQuery(ClipFragment.class);
q.setResult ("sum(lengthInMinutes)");
Number count = (Number) q.execute ();
The exception is:
kodo.util.UserException: com.solarmetric.jdbc.ReportingSQLException:
ERROR: syntax error at or near "WHERE"
{prepstmnt 16398807 SELECT AVG(t0.lengthinminutes) FROM WHERE
t1.jdoclass = ? [reused=0]} [code=0, state=42601]
NestedThrowables:
com.solarmetric.jdbc.ReportingSQLException: ERROR: syntax error at or
near "WHERE"
{prepstmnt 16398807 SELECT AVG(t0.lengthinminutes) FROM WHERE
t1.jdoclass = ? [reused=0]} [code=0, state=42601]
at kodo.query.AbstractQuery.executeWithMap(AbstractQuery.java:865)
at kodo.query.AbstractQuery.execute(AbstractQuery.java:728)
atde.jk.buvas.model.impl.DefaultClipManager.getTotalTime(DefaultClipManager.java:43)
And the SQL - Trace:
5766 TRACE [main] kodo.jdbc.SQL - <t 17089909, conn 31908613 (1
errors)> [0 ms] executing prepstmnt 17226426 SELECT
SUM(t0.lengthinminutes) FROM WHERE t1.jdoclass = ? [params=(String)
de.jk.buvas.model.fragments.ClipFragment] [reused=0]
I tried both 'base-tables' and 'per-subclass' for the property
kodo.jdbc.VerticalQueryMode, without any results.
Any ideas?
Thanks,
Jochen

Hi Stephen,
here are the excerpts from the .jdo and the .mapping files. The .jdo
file was generated by XDoclet.
..jdo
<class name="ClipFragment"
identity-type="application"
objectid-class="CategorizableFragment$Id"
persistence-capable-superclass="CategorizableFragment"
> 
<extension vendor-name="kodo"
key="jdbc-class-map-name"
value="vertical">
<extension vendor-name="kodo" key="table" value="Clip"/>
</extension>
<field name="title"
> 
<extension vendor-name="kodo"
key="jdbc-size"
value="100">
</extension>
</field>
<field name="lengthInMinutes"
> 
</field>
<field name="description"
> 
<extension vendor-name="kodo"
key="jdbc-size"
value="3000">
</extension>
</field>
<field name="recordingDate"
> 
</field>
<field name="actors"
> 
<collection
element-type="de.jk.buvas.model.fragments.ActorFragment"
> 
</collection>
<extension vendor-name="kodo"
key="jdbc-element-delete-action"
value="exception-deferred">
</extension>
<extension vendor-name="kodo"
key="inverse-owner"
value="clips">
</extension>
</field>
<field name="media"
> 
<collection
element-type="de.jk.buvas.model.fragments.MediumFragment"
> 
</collection>
<extension vendor-name="kodo"
key="jdbc-element-delete-action"
value="exception-deferred">
</extension>
</field>
</class>
<class name="CategorizableFragment"
identity-type="application"
objectid-class="CategorizableFragment$Id"
> 
<extension vendor-name="kodo"
key="jdbc-class-map-name"
value="base">
<extension vendor-name="kodo" key="table" value="Categorizable"/>
</extension>
<field name="id"
primary-key="true"
> 
</field>
<field name="category"
> 
<extension vendor-name="kodo"
key="jdbc-delete-action"
value="exception-deferred">
</extension>
</field>
</class>
..mapping
<class name="ClipFragment">
<jdbc-class-map type="vertical" ref-column.ID="ID" table="CLIPFRAGMENT"/>
<field name="actors">
<jdbc-field-map type="many-many" element-column.ID="ID"
ref-column.ID="CLIPS_ID" table="ACTOR_CLIPS"/>
</field>
<field name="description">
<jdbc-field-map type="value" column="DESCRIPTION"/>
</field>
<field name="lengthInMinutes">
<jdbc-field-map type="value" column="LENGTHINMINUTES"/>
</field>
<field name="media">
<jdbc-field-map type="many-many" element-column.ID="MEDIA_ID"
order-column="MEDIA_ORDER" ref-column.ID="ID" table="CLIPF_MEDIA"/>
</field>
<field name="recordingDate">
<jdbc-field-map type="value" column="RECORDINGDATE"/>
</field>
<field name="title">
<jdbc-field-map type="value" column="TITLE"/>
</field>
</class>
<class name="CategorizableFragment">
<jdbc-class-map type="base" table="CATEGORIZABLEFRAGMENT"/>
<jdbc-version-ind type="version-number" column="JDOVERSION"/>
<jdbc-class-ind type="in-class-name" column="JDOCLASS"/>
<field name="category">
<jdbc-field-map type="one-one" column.ID="CATEGORY_ID"/>
</field>
<field name="id">
<jdbc-field-map type="value" column="ID"/>
</field>
</class>
Thanks,
Jochen
Stephen Kim wrote:
Can you post the mapping/metadata files for the two classes?
Jochen Kressin wrote:
Hi,
I am playing with Kodo 3.1.4 / Postgres 7.4 and could not find any
solution for this problem:
I have one class calles "Clipfragment" which represents video clips
and has a long - field named "lengthInMinutes". It extends a baseclass
called "Categorizablefragment", which has a field "id" and some
others. I use vertical mapping, thus having one table per class. The
identity type is 'application'. The table for the class
"Categorizablefragment" contains fields for jdoclass and jdoversion
and IMHO correct entries.
Everything works really fine except for Querys against subclass fields
with aggregate functions. E.g. counting all clips works:
KodoQuery q = (KodoQuery) getJdoPm().newQuery(ClipFragment.class);
q.setResult ("count(id)");
Number count = (Number) q.execute ();
But: Querying for the sum of the field 'lengthInMinutes' fails:
KodoQuery q = (KodoQuery) getJdoPm().newQuery(ClipFragment.class);
q.setResult ("sum(lengthInMinutes)");
Number count = (Number) q.execute ();
The exception is:
kodo.util.UserException: com.solarmetric.jdbc.ReportingSQLException:
ERROR: syntax error at or near "WHERE"
{prepstmnt 16398807 SELECT AVG(t0.lengthinminutes) FROM WHERE
t1.jdoclass = ? [reused=0]} [code=0, state=42601]
NestedThrowables:
com.solarmetric.jdbc.ReportingSQLException: ERROR: syntax error at or
near "WHERE"
{prepstmnt 16398807 SELECT AVG(t0.lengthinminutes) FROM WHERE
t1.jdoclass = ? [reused=0]} [code=0, state=42601]
at kodo.query.AbstractQuery.executeWithMap(AbstractQuery.java:865)
at kodo.query.AbstractQuery.execute(AbstractQuery.java:728)
atde.jk.buvas.model.impl.DefaultClipManager.getTotalTime(DefaultClipManager.java:43)
And the SQL - Trace:
5766 TRACE [main] kodo.jdbc.SQL - <t 17089909, conn 31908613 (1
errors)> [0 ms] executing prepstmnt 17226426 SELECT
SUM(t0.lengthinminutes) FROM WHERE t1.jdoclass = ? [params=(String)
de.jk.buvas.model.fragments.ClipFragment] [reused=0]
I tried both 'base-tables' and 'per-subclass' for the property
kodo.jdbc.VerticalQueryMode, without any results.
Any ideas?
Thanks,
Jochen

How to get OIDs of indexes for class-map ?

I have policy-map configured on cisco router with some class-maps inside. I need to draw a graph traffic passing through these classes. To make a graphs I use Cacti which use SNMP query to draw the graphs (object name cbQosObjectsIndex).
How to get OIDs of class-map indexes ?
I tried to do this by following query:
#snmpwalk -c community_string -v 2c 192.168.0.252 1.3.6.1.4.1.9.9.166.1.5.1.1.1
but the answer was:
iso.3.6.1.4.1.9.9.166.1.5.1.1.1 = No Such Object available on this agent at this OID
The information i need is contained at the OID 1.3.6.1.4.1.9.9.166.1.15.1.1.7:
# snmpwalk -c community_string -v 2c 192.168.0.252 1.3.6.1.4.1.9.9.166.1.15.1.1.7
iso.3.6.1.4.1.9.9.166.1.15.1.1.7.1251.1277 = Gauge32: 0
iso.3.6.1.4.1.9.9.166.1.15.1.1.7.1251.13363 = Gauge32: 0
iso.3.6.1.4.1.9.9.166.1.15.1.1.7.1251.13383 = Gauge32: 0
iso.3.6.1.4.1.9.9.166.1.15.1.1.7.1251.13435 = Gauge32: 734000
iso.3.6.1.4.1.9.9.166.1.15.1.1.7.1251.13481 = Gauge32: 233000

Because 192.168.0.252 1.3.6.1.4.1.9.9.166.1.5.1.1.1 is marked "non-accessible" according to http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=cbQosObjectsIndex
You'll need to obtain the indices as explained in this blog post:
http://pierky.wordpress.com/2009/04/09/cisco-class-based-qos-snmp-mib-and-statistics-monitor-for-nms/
Joe wrote a very illustrative post on the subject of snmptables: https://supportforums.cisco.com/message/3051004#3051004
And if your IOS supports it, you would want to configure the following to keep the indices from changing after every reboot or OIR:
"snmp mib persist cbqos"

Detailed example for ABAP mapping in XI7.0 with code in class builder

hi experts,
will any one one send me the detailed example(including navigation steps) for ABAP mapping in XI7.0 with code in class builder.
Thankin u,

Hi,
Just go through the below link.It will guide you how to do abap mapping:
The guide is on XI 3.0 but the same can be used in 7.0 also.
The How-to-guide
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/5c46ab90-0201-0010-42bd-9d0302591383
This link will provide more information regarding program point of view.
http://help.sap.com/saphelp_nw04/helpdata/en/86/8280ba12d511d5991b00508b6b8b11/content.htm
Thanks,
Kishore.
Edited by: Kishore on Mar 14, 2008 4:35 AM

Class-map does not support match protocol ssl

I have several 1941/k9's that do not have the class-map command: to suppot ssl. System image is c1900-universalk9-mz.SPA.152-1.T.bin.
class-map match-any af31
match protocol ssl <-- missing.
I did some google searches but come up with nothing.
Is the fix to upgrade IOS? I have found it on other routers running c1900-universalk9-mz.SPA.152-4.M4.bin. I would just upgrade and check but have an extensive change review board with questions before doing so.
Thanks for advice,
Haydn

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
I'm not current on NBAR (or NBAR 2), but NBAR used to support loadable modules (PDMs?). Sometimes Cisco would provide those so you could add match protocols without upgrading your IOS.
Otherwise the "fix" would be to upgrade your IOS.
Lastly, depending on what it matching SSL really means to you, using port based ACLs might suffice (in fact, some NBAR match protocol is only really that, but some NBAR matches regardless of the port usage).
PS:
Also on the subject of SSL, don't forget much can use it. I once matched on it for the purposes of providing secure shell higher queuing priority, worked great for SSH, not so great when secure copy (SCP) also matched against it.

Total drops for class-map class-default

Hi,
I have a gigabit ethernet interface on a 2951 configured with 4x sub interfaces providing connectivity to our four WAN sites. Each sub interface services a 100mb connection to another site.
I have configured a QoS policy and attached to each sub interface with the primary function of limiting each sub interface to 100mbs. I am now seeing drops (total drops) on the class default and not sure why. I would not expect to see any drops on this interface as it never even reaches 15mb (15%) capacity.
Any ideas?
        Class-map: class-default (match-any)
          175934881 packets, 95319007968 bytes
          5 minute offered rate 23000 bps, drop rate 0000 bps
          Match: any
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/340/0
          (pkts output/bytes output) 314212026/180287074028
policy-map PM-Branch-QoS
class CM-OAM
set dscp af11
class CM-Network
set dscp cs6
class CM-VC
bandwidth percent 5
class CM-Citrix
set dscp af21
class CM-CAPWAP
set dscp af22
policy-map PM-WAN
class class-default
shape peak 100000000
   service-policy PM-Branch-QoS

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
I would not expect to see any drops on this interface as it never even reaches 15mb (15%) capacity.
Your expectations might be incorrect. Often percentage of bandwidth capacity measurements are misunderstood.
Let's assume your ingress is 100 Mbps. Let's also assume your measuring over a five minute period. Lastly, assume the ingress transmits at 100% for 1 minute and then stops for 4 minutes. Bandwidth utilization across the 1 minute would be 100% and 0% for the other 4 minutes, but it would be 20% for the 5 minutes.
But if the 100 Mbps was sent at 100% for each 12 seconds, and not sent for each 48 seconds, 5 minute utilization would still be 20% but unlike the prior 1 minute stats of 100% and 0%, each minute would now also be 20%.
So these first two examples show how bandwidth utilization don't reveal what's happening within the measured time period.
Since ingress was same bandwidth as egress, in the above, there would be no queuing.
If ingress is gig, though, suppose gig ingress arrives for 6 seconds and stops for a remaining 4 minutes and 54 seconds. This too would measure as 20% usage across 5 minutes, but since it will take 60 seconds to transmit the same traffic at 100 Mbps, packets will need to be queued. If queuing buffers are insufficient to hold all the packets, some will be dropped.
The above is a long way of saying, if your ingress rate exceeds your egress rate, there can be a need to queue packets, and if queuing is insufficient, packets will be dropped, this even if utilization is "low". Most likely, you have occasional "bursts" if ingress bandwidth exceeds the egress bandwidth.
From your actual stats, the drop rate percentage is so low, you might not need to concern yourself with the few drops you're seeing. If it is a concern, you might be able to reduce the drop rate by increasing egress buffering, but doing so, also increases egress queuing delay.

Class-map not works, Packets not tagging

Hey Guys,
I have define policy maping and dont know why its not tagging the IPs;
class-map match-all KHAN
match access-group name ABC
match input-interface GigabitEthernet0/1
ip access-list extended ABC
permit ip host 10.11.201.20 10.11.207.128 0.0.0.127
permit ip host 10.11.201.19 10.11.207.128 0.0.0.127
policy-map TAIM
class voice
priority percent 50
set dscp ef
class KHAN
priority percent 49
set dscp af41
interface Multilink1
service-policy output TAIM
When I check the IPs on netflow it is showing half packets are tagged with af41 anf half are default.
Any idea will be appreciated.
Thanks
show policy map interface result
Class-map: TAIM (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name ABC
Match: input-interface GigabitEthernet0/1
Priority: 49% (3763 kbps), burst bytes 94050, b/w exceed drops: 0
QoS Set
dscp af41
Packets marked 0

The problem is the way you are matching the packets:
Here it shows that there are 0 packets marked and 0 packets matched:
Class-map: TAIM (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name ABC
Match: input-interface GigabitEthernet0/1
Priority: 49% (3763 kbps), burst bytes 94050, b/w exceed drops: 0
QoS Set
dscp af41
Packets marked 0
When you define this:
class-map match-all KHAN
match access-group name ABC
match input-interface GigabitEthernet0/1
You are telling the router to match both conditions of ACL ABC and Interface input Gi0/1... most likely what happens here is that the class map does not match both condtions here.
Depending on what you need to accomplish, you can change it to be ANY:
class-map match-any KHAN
match access-group name ABC
match input-interface GigabitEthernet0/1
This way it will work if it matches either the first condition ACL ABC or second condition input Gi0/1.
Or you can just remove the input statement for Gi0/1 and match by the IPs only:
class-map match-all KHAN
match access-group name ABC

Policy map/ class map/ service policy for IOS xr

Hi,
I need to create a policy map and class map/service policy to limit the amount of bandwidth that can be used on one interface both in and out.
I need the cap for the bandwidth to traverse this circuit to ne 10 Meg.
the IOS xr version we are using is 4.3.4
I was hoping someone could help me out by giving me a configuration example I could follow.
Thank you.

for instance like this:
policy-map police-in
class class-default
police rate 10 mpbs <optionally set burst>
policy-map shape-out-parent
class class-default
shape 10 mpbs <optional burst config>
service-policy shape-out-child
policy-map shape-out-child
class class-default
queue-limit 10 packets
int g 0/0/0/0
service-policy police-in in
service-policy shape-out-parent out
also have a look at CL 2013/2014 (orlando/sanfran) ID 2904 for more QOS details
and the support forum article of "asr9000 quality of service architecture"
xander

Layer-7 Class-maps: 'not' match-any

Hallo All,
I'm wondering if the following logic is possible on the ACEs.
First Match is:
class-map type http loadbalance match-any CM7-MatchSrcIP
   10 match source-address 192.168.0.0 255.255.0.0
   20 match source-address 172.16.0.0 255.255.0.0
class-map type http loadbalance match-any CM7-URLs
   10 match http url /testing.*
class-map type http loadbalance match-all CM7-WWW
   10 match class-map CM7-MatchSrcIP
   20 match class-map CM7-URLs
If the above URL and IP sources are matched, I want to send to a specific SF. (easy enough)
If the URL matches /testing.* but source IP address doesn't match of any of the above subnets, I want to redirect to a 'restricted' page. (ummm)
If the URL is something else (e.g. /temporary.*) with any IP source address, I want it to be load-balanced by a different SF (say like in a class-default)
Thx in adv
David

Hi David,
Sure you can try this on the ACE, you already created most of the configuration so now just need to apply the maps under the first-match policy.
According to your description this is how this policy should look like:
policy-map type loadbalance first-match SLB_LOGIC
class CM7-WWW
    serverfarm Testing
class CM7-URLs
    serverfarm Restricted
class class-default
    serverfarm Any
- ACE checks for testing plus IP address matching.
- If user belongs to any other subnet then SF restricted is used.
- If none of the above statements is matched then defaul class map and SF is used.
Cheers!
Pablo

Match-any or Match All For Class-map On Nexus?

I have an access-list MANAGEMENT
       permit udp any eq snmp any
        permit udp any any eq snmp
        permit tcp any any eq telnet
        permit tcp any eq telnet any
       permit tcp any any eq 22
       permit tcp any eq 22 any
My question does it matter if I use a match-any or match-all. I want to match anything in the access-list to classify the traffic correctly
class-map type qos match-any MANAGEMENT
            match access-group name MANAGEMENT
Or
class-map type qos match-all MANAGEMENT
            match access-group name MANAGEMENT
I understand a match-any is an or and a match-all is an and function. Does this apply to an access-list for a class-map?
Thanks

It applies to match statements within the class map. In your case, you're only using one match statement, so there will be no difference between match-all and match-any, no matter how many entries are in the ACL. If your class map had two different ACLs in two different match statements , then the and/or logic of match-all and match-any would come into play.

Class Refresh for Class mapped through Relation not Query

Similar Messages

Maybe you are looking for