Now lets consider the following scenario. The client has multiple domains. Traffic is going to all domains on HTTP. However, these domains are under a single virtual server and each domain requires a separate health-check.
In order to achieve this configuration port-aliasing is used. What is port-aliasing, you may ask ?
Within the ADX various configuration options can be assigned on a per port basis on the real server. Port-aliasing allows you to map a different port against your real port i.e port 80.
Below is a summary of the configuration elements within our example,
|Domain||Alias Port||Group id||Port-Policy|
First of all the ports are defined.
server port 81 tcp server port 82 tcp
Next the port-policies are defined i.e the health-check. Within the port-policy the URI and max retries are defined.
server port-policy DOMAIN1 port http protocol http protocol http url "GET /domain1_health.php HTTP/1.1\r\nHOST: domain1.com\r\nConnection: Close \r\n\r\n" retries 3 server port-policy DOMAIN2 port http protocol http protocol http url "GET /domain2_health.php HTTP/1.1\r\nHOST: domain2.com\r\nConnection: Close \r\n\r\n" retries 3
Next a CSW policy is created. This ensures that when traffic with a certain host header is received the ADX will forward traffic to the necessary group.
csw-rule "DOMAIN1" header "host" equals "DOMAIN1.COM" case-insensitive csw-rule "DOMAIN2" header "host" equals "DOMAIN2.COM" case-insensitive csw-policy "DOMAIN_SLB" case-insensitive match "DOMAIN1" forward 1 match "DOMAIN2" forward 2 default reset-client
Each real server is created. The previously created port-policies are attached to the newly defined ports. Along with the server and groupids being set.
server real REALSERVER1 192.168.100.1 port http port http keepalive port http url "HEAD /" port http l4-check-only port 81 port 81 use-port-policy DOMAIN1 port 81 keepalive port 81 server-id 1031 port 81 group-id 1 1 port 81 url "HEAD /" port 82 port 82 use-port-policy DOMAIN2 port 82 keepalive port 82 server-id 1041 port 82 group-id 2 2 port 82 url "HEAD /" server real REALSERVER2 192.168.100.2 port http port http keepalive port http url "HEAD /" port http l4-check-only port 81 port 81 use-port-policy DOMAIN1 port 81 keepalive port 81 server-id 1032 port 81 group-id 1 1 port 81 url "HEAD /" port 82 port 82 use-port-policy DOMAIN2 port 82 keepalive port 82 server-id 1042 port 82 group-id 2 2 port 82 url "HEAD /"
Finally the ports/realservers are bound to the virtual server. The key to the configuration below is the command port http use-alias-port-state. This ensures that the health of the alias port is used rather then the health of the real port.
server virtual TEST_VIP 192.168.100.50 port http port http use-alias-port-state port http csw-policy "DOMAIN_SLB" port http csw port http keep-alive bind http REALSERVER1 http REALSERVER2 http bind http REALSERVER1 81 real-port http REALSERVER2 81 real-port http bind http REALSERVER1 82 real-port http REALSERVER2 82 real-port http
As you will appreciate it is always best to configure and use the simplest configuration possible. With this in mind I would always suggest that different ports (for each domain) are configured on the webserve. The port-policies then assigned to these ports within the real server.
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become a networking expert?
Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial