Mailing List Archive: Configuring default real server for non HTTP traffic?

Configuring default real server for non HTTP traffic?

Dec 1, 2005, 6:11 PM

Post #1 of 3 (1085 views)

Greetings all,

I'm trying to share a particular IP address between our main application server and our VIP. Basically, I would like all requests to port 80 on ishare.illinois.edu (for example) to be distributed amongst the real web servers, like it currently is. Otherwise, all other traffic should to default to the application server, or at least the particular ports I'm interested in. This can probably be done with FreeBSD & pf but I'm trying to use resources already in place.

The best I can come up with so far is to define the application server as a real server and bind all the ports I want forwarded to the app server on the VIP.

For example:

server real eisweb7 128.174.93.47
port http
port http url "HEAD /"
port http status-code 200 299 302 302
!
server real eisweb8 128.174.93.48
port http
port http url "HEAD /"
port http status-code 200 299 302 302

server real appserver xxx.xxx.xxx.xxx
port 10000
...
port 12999

server virtual eisweb 128.174.93.40
sym-priority 50
sym-active
port http sticky
bind http eisweb7 http eisweb8 http
bind 10000 appserver 10000
...
bind 12999 appserver 12999

The big problem is, there are approximately 700 ports (don't ask..) that would need to be forwarded to the application server. So, is there a way to have all traffic default to a particular real server if it's not to port 80? Or is there a way to specify port ranges? Or just an altogether better way of doing this?

Thanks for the help!

Pat Zurek
pzurek at uillinois.edu

Configuring default real server for non HTTP traffic? [ In reply to ]

mkallen at gmail

Dec 1, 2005, 11:40 PM

Post #2 of 3 (1057 views)

Permalink

Patrick, you could bind the default port to the app server (port default,
and bind default, respectively) but Im not sure of the implications with
port 80 then, I am thinking it might overwrite it. Kind of a wierd one
there.......There aren't port ranges, unfortunately, that would help for
your particular case. I think your best bet is to write up a script that
generates the port ranges, then you can just drop that into the config, I
think thats your only option. You could try the default binding first, just
to see, but I think thats going to fold in the port 80 traffic as well.

Mike

On 12/1/05, Zurek, Patrick <pzurek at uillinois.edu> wrote:
>
>
> Greetings all,
>
> I'm trying to share a particular IP address between our main application
> server and our VIP. Basically, I would like all requests to port 80 on
> ishare.illinois.edu (for example) to be distributed amongst the real web
> servers, like it currently is. Otherwise, all other traffic should to
> default to the application server, or at least the particular ports I'm
> interested in. This can probably be done with FreeBSD & pf but I'm trying
> to use resources already in place.
>
> The best I can come up with so far is to define the application server as
> a real server and bind all the ports I want forwarded to the app server on
> the VIP.
>
> For example:
>
> server real eisweb7 128.174.93.47
> port http
> port http url "HEAD /"
> port http status-code 200 299 302 302
> !
> server real eisweb8 128.174.93.48
> port http
> port http url "HEAD /"
> port http status-code 200 299 302 302
>
> server real appserver xxx.xxx.xxx.xxx
> port 10000
> ...
> port 12999
>
>
> server virtual eisweb 128.174.93.40
> sym-priority 50
> sym-active
> port http sticky
> bind http eisweb7 http eisweb8 http
> bind 10000 appserver 10000
> ...
> bind 12999 appserver 12999
>
>
> The big problem is, there are approximately 700 ports (don't ask..) that
> would need to be forwarded to the application server. So, is there a way to
> have all traffic default to a particular real server if it's not to port
> 80? Or is there a way to specify port ranges? Or just an altogether better
> way of doing this?
>
> Thanks for the help!
>
> Pat Zurek
> pzurek at uillinois.edu
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/foundry-nsp/attachments/20051201/1c7b9593/attachment.html

Configuring default real server for non HTTP traffic? [ In reply to ]

bjorn at mork

Dec 2, 2005, 6:47 AM

Post #3 of 3 (1057 views)

Permalink

"Zurek, Patrick" <pzurek at uillinois.edu> writes:

> I'm trying to share a particular IP address between our main
> application server and our VIP. Basically, I would like all
> requests to port 80 on ishare.illinois.edu (for example) to be
> distributed amongst the real web servers, like it currently is.
> Otherwise, all other traffic should to default to the application
> server, or at least the particular ports I'm interested in. This
> can probably be done with FreeBSD & pf but I'm trying to use
> resources already in place.

You could probably do this with a transparent vip. It's simple in
theory. The idea is to use a layer 4 policy to just redirect tcp/80
from the vip address to the real servers, letting other traffic
destined for this address through to some other port (i.e. your
appserver):

(config)# server transparent-vip
(config)# ip policy 1 cache tcp 80 local

(config)# server virtual eisweb 128.174.93.40
(config)# transparent-vip
(config)# ...

and then for each port connected to clients:

(config)# int e 1
(config)# ip policy 1

I haven't tried it though...

ref http://www.foundrynet.com/services/documentation/sixl/slb.html#66179

> The best I can come up with so far is to define the application
> server as a real server and bind all the ports I want forwarded to
> the app server on the VIP.

binding to the default port, as Mike suggested, should also let you do
this without having to specify all the individual ports.

Bj?rn