cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1335
Views
5
Helpful
10
Replies

Can a real Server be applied in two different server farms associated with two different VIP IP and TCP Port

RAMAN AZIZIAN
Level 1
Level 1

Good day everyone,

I have a question in regard to real server operation with different server farms, and VIPs

Can a Real Server be associated ( for simpliciy) with two different Server Farms that have a VIP associated with each, servicing the same TCP Port (443).

Example:

SF-A

RSRV-1: 192.168.1.10 /24

RSRV-2: 192.168.1.11 /24

VIP-A: 192.168.1.20 /24

VIP-A: https:web-A

Protocol: HTTPS

SF-B

RSRV-2: 192.168.1.11 /24

RSRV-3: 192.168.1.12 /24

VIP-B: 192.168.1.30 /24

VIP-b: https:web-B

Protocol: HTTPS

Client-A: 172.16.128.10

Client-B: 172.16.128.15

I have attached an sketch depicting the connectivity.

As always any feedback/Suggestions will be greatly apprecaited.

Cheers,

Raman Azizian

2 Accepted Solutions

Accepted Solutions

Raman

LoadBalncer will accept connection on different ports and then it will translate the destination ports.

For e.g  let say you have two VIPs configured

x.x.x.1 : 80

x.x.x.2 : 8080

and you want to use same real server (z.z.z.z)  listening on port 80.

When a request reaches Loadbalancer for x.x.x.1:80  it will tranlsate the destination IPs and ports to   z.z.z.z:80

Similarly for a request for x.x.x.2:8080 it will again  translate the destination IPs & POrts  to z.z.z.z.:80

Server replies in both cases will reach Loadbalancer which will identify the appropriate response for each request.

Hope this helps

Syed Iftekhar Ahmed

View solution in original post

Raman,

This type of config is no problem. What the server is doing is virtual web hosting. The server would have two different web services running for the same IP, but each listening for a unique host header.

From an IP point of view both connections would be destined to the rserver address on port 80, but in the http header they would have two different Host headers.

one for www.example1.com and the second for www.example2.com. If the web server is configured correct so each host name is tied to one web service it will not have any issues.

The config you attached looks ok. The way you have the sticky group is ok doing source IP. If you use cookies for the sticky group I would suggest you create two sticky groups each with a different cookie name and add the same serverfarm to both groups. The client will only send a cookie for the domain it received it from so using the same cookie in two vips could cause problems if the same client hits both vips.

Hope that helps

Regards

Jim

View solution in original post

10 Replies 10

Pablo
Cisco Employee
Cisco Employee

Hi Raman,

You should not run into any issue while doing this. You can add a single rserver on all the SF's that you have configured, if you've planned to configure health monitoring for this rservers then you might want to do it per serverfarm so that if one real goes down only the traffic under that serverfarm will be affected. I've attached a config sample that might help.

If you want to use different ports for each SF then it would look like this:

serverfarm host VIP-A
  rserver RSRV-1 444
    inservice
  rserver RSRV-2 444
    inservice

serverfarm host VIP-B
  rserver RSRV-2 8443
    inservice
  rserver RSRV-3 8443
    inservice

Cheers!

__ __

Pablo

Pabllo, your post was helpfull.

Pabllo,

Thanks for taking the time and providing the answer. I thought the ACE could support that, but I was not certain.

We are in a Major Transition process (From Foundry to ACE), and unfortunately time or test lab is not on my side right now.

;-(

I will have to figure out how to apply a clever way of applying an "Health Check".

Thanks, and have a a great week.

-Raman

Hi Raman,

If time is not your ally you can go and configure a simple TCP probe for health monitoring (can't go wrong with this one) and once you have a chance to play further with your configs then you can test with a HTTPS probe that  can check the actual website using SSL. i.e

probe tcp Site-A

port 444

interval 5

probe tcp Site-B

port 8443

interval 5

serverfarm host VIP-A

  probe Site-A
  rserver RSRV-1 444
    inservice
  rserver RSRV-2 444
    inservice

serverfarm host VIP-B

  probe Site-B
  rserver RSRV-2 8443
    inservice
  rserver RSRV-3 8443
    inservice

Glad to help =)

Have a nice one!

__ __

Pablo

Hi Pablo,

This request has resurfaced again and I just want to make sure I understand your suggestion.

Basically the request as stated before is, can a rserver be associated with two different VIP IP address, using the same TCP port, in this case 443, or 80?

I am trying to figure how will the real server process two different IP addresses going to the same TCP port?

If you need any additional information I will be glad to provide them to you.

As always thanks for your help.

-raman

Raman

LoadBalncer will accept connection on different ports and then it will translate the destination ports.

For e.g  let say you have two VIPs configured

x.x.x.1 : 80

x.x.x.2 : 8080

and you want to use same real server (z.z.z.z)  listening on port 80.

When a request reaches Loadbalancer for x.x.x.1:80  it will tranlsate the destination IPs and ports to   z.z.z.z:80

Similarly for a request for x.x.x.2:8080 it will again  translate the destination IPs & POrts  to z.z.z.z.:80

Server replies in both cases will reach Loadbalancer which will identify the appropriate response for each request.

Hope this helps

Syed Iftekhar Ahmed

Hi Syed,

Thanks for taking the time to respond to my question.

One more question, and I think I will be clear on this.

What if the scenario is as follow:

VIP:

x.x.x.1 : 80

x.x.x.2 : 80

associated with the same rserver

rserver: z.z.z.z

I'm not sure why would a situation like the above come up, but it has been brought to my attention.

I know foundry would not allow two VIP's (with different IP address and same TCP port) going to one real server for the same TCP port (i.e Port 80).

When you have a moment can you look over the attached document and tell me if the config I have supplied would work.

Thanks, and best regards,

-raman

I think my subject header is incorrect, and mis-leading.

What it should say is:

Can Two VIP's with Different IP address, and same TCP Port (TCP Port 80), be associated with one real server for the same port (TCP port 80).

My login credentials probably going to be on probation after this post.

;-(

not LOL

Raman,

This type of config is no problem. What the server is doing is virtual web hosting. The server would have two different web services running for the same IP, but each listening for a unique host header.

From an IP point of view both connections would be destined to the rserver address on port 80, but in the http header they would have two different Host headers.

one for www.example1.com and the second for www.example2.com. If the web server is configured correct so each host name is tied to one web service it will not have any issues.

The config you attached looks ok. The way you have the sticky group is ok doing source IP. If you use cookies for the sticky group I would suggest you create two sticky groups each with a different cookie name and add the same serverfarm to both groups. The client will only send a cookie for the domain it received it from so using the same cookie in two vips could cause problems if the same client hits both vips.

Hope that helps

Regards

Jim

Thanks Jim!

I can finally put this one away, and move on to the next Brain Teaser!

have a great holiday.

-raman

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: