Now lets consider the following scenario. The client has multiple domains. Traffic is going to all domains on HTTP. However, these domains are under a single virtual server and each domain requires a separate health-check.
In order to achieve this configuration port-aliasing is used. What is port-aliasing, you may ask ?
Within the ADX various configuration options can be assigned on a per port basis on the real server. Port-aliasing allows you to map a different port against your real port i.e port 80.
Below is a summary of the configuration elements within our example,
| Domain | Alias Port | Group id | Port-Policy |
| Domain1 | 81 | 1 | DOMAIN1 |
| Domain2 | 82 | 2 | DOMAIN2 |
Create Ports
First of all the ports are defined.
server port 81 tcp server port 82 tcp
Create Policies
Next the port-policies are defined i.e the health-check. Within the port-policy the URI and max retries are defined.
server port-policy DOMAIN1
port http
protocol http
protocol http url "GET /domain1_health.php HTTP/1.1\r\nHOST: domain1.com\r\nConnection: Close
\r\n\r\n"
retries 3
server port-policy DOMAIN2
port http
protocol http
protocol http url "GET /domain2_health.php HTTP/1.1\r\nHOST: domain2.com\r\nConnection: Close
\r\n\r\n"
retries 3CSW
Next a CSW policy is created. This ensures that when traffic with a certain host header is received the ADX will forward traffic to the necessary group.
csw-rule "DOMAIN1" header "host" equals "DOMAIN1.COM" case-insensitive csw-rule "DOMAIN2" header "host" equals "DOMAIN2.COM" case-insensitive csw-policy "DOMAIN_SLB" case-insensitive match "DOMAIN1" forward 1 match "DOMAIN2" forward 2 default reset-client
Real ServeRs
Each real server is created. The previously created port-policies are attached to the newly defined ports. Along with the server and groupids being set.
server real REALSERVER1 192.168.100.1
port http
port http keepalive
port http url "HEAD /"
port http l4-check-only
port 81
port 81 use-port-policy DOMAIN1
port 81 keepalive
port 81 server-id 1031
port 81 group-id 1 1
port 81 url "HEAD /"
port 82
port 82 use-port-policy DOMAIN2
port 82 keepalive
port 82 server-id 1041
port 82 group-id 2 2
port 82 url "HEAD /"
server real REALSERVER2 192.168.100.2
port http
port http keepalive
port http url "HEAD /"
port http l4-check-only
port 81
port 81 use-port-policy DOMAIN1
port 81 keepalive
port 81 server-id 1032
port 81 group-id 1 1
port 81 url "HEAD /"
port 82
port 82 use-port-policy DOMAIN2
port 82 keepalive
port 82 server-id 1042
port 82 group-id 2 2
port 82 url "HEAD /"Bind Ports
Finally the ports/realservers are bound to the virtual server. The key to the configuration below is the command port http use-alias-port-state. This ensures that the health of the alias port is used rather then the health of the real port.
server virtual TEST_VIP 192.168.100.50 port http port http use-alias-port-state port http csw-policy "DOMAIN_SLB" port http csw port http keep-alive bind http REALSERVER1 http REALSERVER2 http bind http REALSERVER1 81 real-port http REALSERVER2 81 real-port http bind http REALSERVER1 82 real-port http REALSERVER2 82 real-port http
Final Thought
As you will appreciate it is always best to configure and use the simplest configuration possible. With this in mind I would always suggest that different ports (for each domain) are configured on the webserve. The port-policies then assigned to these ports within the real server.
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become a networking expert?
Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial