08-19-2010 12:33 PM
Good day everyone,
I have a question in regard to real server operation with different server farms, and VIPs
Can a Real Server be associated ( for simpliciy) with two different Server Farms that have a VIP associated with each, servicing the same TCP Port (443).
Example:
SF-A
RSRV-1: 192.168.1.10 /24
RSRV-2: 192.168.1.11 /24
VIP-A: 192.168.1.20 /24
VIP-A: https:web-A
Protocol: HTTPS
SF-B
RSRV-2: 192.168.1.11 /24
RSRV-3: 192.168.1.12 /24
VIP-B: 192.168.1.30 /24
VIP-b: https:web-B
Protocol: HTTPS
Client-A: 172.16.128.10
Client-B: 172.16.128.15
I have attached an sketch depicting the connectivity.
As always any feedback/Suggestions will be greatly apprecaited.
Cheers,
Raman Azizian
Solved! Go to Solution.
12-01-2010 12:39 PM
Raman
LoadBalncer will accept connection on different ports and then it will translate the destination ports.
For e.g let say you have two VIPs configured
x.x.x.1 : 80
x.x.x.2 : 8080
and you want to use same real server (z.z.z.z) listening on port 80.
When a request reaches Loadbalancer for x.x.x.1:80 it will tranlsate the destination IPs and ports to z.z.z.z:80
Similarly for a request for x.x.x.2:8080 it will again translate the destination IPs & POrts to z.z.z.z.:80
Server replies in both cases will reach Loadbalancer which will identify the appropriate response for each request.
Hope this helps
Syed Iftekhar Ahmed
12-03-2010 07:48 AM
Raman,
This type of config is no problem. What the server is doing is virtual web hosting. The server would have two different web services running for the same IP, but each listening for a unique host header.
From an IP point of view both connections would be destined to the rserver address on port 80, but in the http header they would have two different Host headers.
one for www.example1.com and the second for www.example2.com. If the web server is configured correct so each host name is tied to one web service it will not have any issues.
The config you attached looks ok. The way you have the sticky group is ok doing source IP. If you use cookies for the sticky group I would suggest you create two sticky groups each with a different cookie name and add the same serverfarm to both groups. The client will only send a cookie for the domain it received it from so using the same cookie in two vips could cause problems if the same client hits both vips.
Hope that helps
Regards
Jim
08-19-2010 01:33 PM
Hi Raman,
You should not run into any issue while doing this. You can add a single rserver on all the SF's that you have configured, if you've planned to configure health monitoring for this rservers then you might want to do it per serverfarm so that if one real goes down only the traffic under that serverfarm will be affected. I've attached a config sample that might help.
If you want to use different ports for each SF then it would look like this:
serverfarm host VIP-A
rserver RSRV-1 444
inservice
rserver RSRV-2 444
inservice
serverfarm host VIP-B
rserver RSRV-2 8443
inservice
rserver RSRV-3 8443
inservice
Cheers!
__ __
Pablo
08-19-2010 08:38 PM
Pabllo, your post was helpfull.
08-20-2010 06:33 AM
Pabllo,
Thanks for taking the time and providing the answer. I thought the ACE could support that, but I was not certain.
We are in a Major Transition process (From Foundry to ACE), and unfortunately time or test lab is not on my side right now.
;-(
I will have to figure out how to apply a clever way of applying an "Health Check".
Thanks, and have a a great week.
-Raman
08-20-2010 09:39 AM
Hi Raman,
If time is not your ally you can go and configure a simple TCP probe for health monitoring (can't go wrong with this one) and once you have a chance to play further with your configs then you can test with a HTTPS probe that can check the actual website using SSL. i.e
probe tcp Site-A
port 444
interval 5
probe tcp Site-B
port 8443
interval 5
serverfarm host VIP-A
probe Site-A
rserver RSRV-1 444
inservice
rserver RSRV-2 444
inservice
serverfarm host VIP-B
probe Site-B
rserver RSRV-2 8443
inservice
rserver RSRV-3 8443
inservice
Glad to help =)
Have a nice one!
__ __
Pablo
12-01-2010 10:41 AM
Hi Pablo,
This request has resurfaced again and I just want to make sure I understand your suggestion.
Basically the request as stated before is, can a rserver be associated with two different VIP IP address, using the same TCP port, in this case 443, or 80?
I am trying to figure how will the real server process two different IP addresses going to the same TCP port?
If you need any additional information I will be glad to provide them to you.
As always thanks for your help.
-raman
12-01-2010 12:39 PM
Raman
LoadBalncer will accept connection on different ports and then it will translate the destination ports.
For e.g let say you have two VIPs configured
x.x.x.1 : 80
x.x.x.2 : 8080
and you want to use same real server (z.z.z.z) listening on port 80.
When a request reaches Loadbalancer for x.x.x.1:80 it will tranlsate the destination IPs and ports to z.z.z.z:80
Similarly for a request for x.x.x.2:8080 it will again translate the destination IPs & POrts to z.z.z.z.:80
Server replies in both cases will reach Loadbalancer which will identify the appropriate response for each request.
Hope this helps
Syed Iftekhar Ahmed
12-03-2010 06:39 AM
Hi Syed,
Thanks for taking the time to respond to my question.
One more question, and I think I will be clear on this.
What if the scenario is as follow:
VIP:
x.x.x.1 : 80
x.x.x.2 : 80
associated with the same rserver
rserver: z.z.z.z
I'm not sure why would a situation like the above come up, but it has been brought to my attention.
I know foundry would not allow two VIP's (with different IP address and same TCP port) going to one real server for the same TCP port (i.e Port 80).
When you have a moment can you look over the attached document and tell me if the config I have supplied would work.
Thanks, and best regards,
-raman
12-03-2010 06:45 AM
I think my subject header is incorrect, and mis-leading.
What it should say is:
Can Two VIP's with Different IP address, and same TCP Port (TCP Port 80), be associated with one real server for the same port (TCP port 80).
My login credentials probably going to be on probation after this post.
;-(
not LOL
12-03-2010 07:48 AM
Raman,
This type of config is no problem. What the server is doing is virtual web hosting. The server would have two different web services running for the same IP, but each listening for a unique host header.
From an IP point of view both connections would be destined to the rserver address on port 80, but in the http header they would have two different Host headers.
one for www.example1.com and the second for www.example2.com. If the web server is configured correct so each host name is tied to one web service it will not have any issues.
The config you attached looks ok. The way you have the sticky group is ok doing source IP. If you use cookies for the sticky group I would suggest you create two sticky groups each with a different cookie name and add the same serverfarm to both groups. The client will only send a cookie for the domain it received it from so using the same cookie in two vips could cause problems if the same client hits both vips.
Hope that helps
Regards
Jim
12-06-2010 06:04 AM
Thanks Jim!
I can finally put this one away, and move on to the next Brain Teaser!
have a great holiday.
-raman
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide