fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Brocade ADX - Multiple Health-checks on a Per Domain Basis

Now lets consider the following scenario. The client has multiple domains. Traffic is going to all domains on HTTP. However, these domains are under a single virtual server and each domain requires a separate health-check.

In order to achieve this configuration port-aliasing is used. What is port-aliasing, you may ask ?
Within the ADX various configuration options can be assigned on a per port basis on the real server. Port-aliasing allows you to map a different port against your real port i.e port 80. 

Below is a summary of the configuration elements within our example,

Domain Alias Port Group id Port-Policy
Domain1 81 1 DOMAIN1
Domain2 82 2 DOMAIN2

Create Ports

First of all the ports are defined.

server port 81
 tcp

server port 82
 tcp

Create Policies

Next the port-policies are defined i.e the health-check. Within the port-policy the URI and max retries are defined. 

server port-policy DOMAIN1                                       
  port http                                                      
  protocol http                                                   
  protocol http url "GET /domain1_health.php HTTP/1.1\r\nHOST: domain1.com\r\nConnection: Close\r\n\r\n"
  retries 3                                                      
                                                           
server port-policy DOMAIN2                                       
  port http                                                      
  protocol http                                                  
  protocol http url "GET /domain2_health.php HTTP/1.1\r\nHOST: domain2.com\r\nConnection: Close\r\n\r\n"
  retries 3

CSW

Next a CSW policy is created. This ensures that when traffic with a certain host header is received the ADX will forward traffic to the necessary group.

csw-rule "DOMAIN1" header "host" equals "DOMAIN1.COM" case-insensitive
csw-rule "DOMAIN2" header "host" equals "DOMAIN2.COM" case-insensitive

csw-policy "DOMAIN_SLB" case-insensitive                          
 match "DOMAIN1" forward 1                                       
 match "DOMAIN2" forward 2                                                                             
 default reset-client 

Real ServeRs

Each real server is  created. The previously created port-policies are attached to the newly defined ports. Along with the server and groupids being set.

server real REALSERVER1 192.168.100.1                                                                      
 port http                                                       
 port http keepalive                                             
 port http url "HEAD /"                                          
 port http l4-check-only                                         
 port 81                                                         
 port 81 use-port-policy DOMAIN1                                  
 port 81 keepalive                                               
 port 81 server-id 1031                                          
 port 81 group-id  1 1                                           
 port 81 url "HEAD /"                                            
 port 82                                                         
 port 82 use-port-policy DOMAIN2                                 
 port 82 keepalive                                                
 port 82 server-id 1041                                          
 port 82 group-id  2 2                                           
 port 82 url "HEAD /"                                            
                                     
server real REALSERVER2 192.168.100.2                                                                      
 port http                                                       
 port http keepalive                                             
 port http url "HEAD /"                                          
 port http l4-check-only                                         
 port 81                                                        
 port 81 use-port-policy DOMAIN1                                 
 port 81 keepalive                                                
 port 81 server-id 1032                                          
 port 81 group-id  1 1                                           
 port 81 url "HEAD /"                                            
 port 82                                                          
 port 82 use-port-policy DOMAIN2                                 
 port 82 keepalive                                               
 port 82 server-id 1042                                          
 port 82 group-id  2 2                                           
 port 82 url "HEAD /"

Bind Ports

Finally the ports/realservers are bound to the virtual server. The key to the configuration below is the command port http use-alias-port-state. This ensures that the health of the alias port is used rather then the health of the real port.

server virtual TEST_VIP 192.168.100.50
 port http
 port http use-alias-port-state
 port http csw-policy "DOMAIN_SLB"
 port http csw
 port http keep-alive
 bind http REALSERVER1 http REALSERVER2 http
 bind http REALSERVER1 81 real-port http REALSERVER2 81 real-port http 
 bind http REALSERVER1 82 real-port http REALSERVER2 82 real-port http

Final Thought

As you will appreciate it is always best to configure and use the simplest configuration possible. With this in mind I would always suggest that different ports (for each domain) are configured on the webserve. The port-policies then assigned to these ports within the real server.

Tags: Brocade, ADX, Healthchecks

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001