Tuesday, September 2, 2014

Alteon group selection by HTTP Host header using Content Rules

Using this lab setup, I will practice HTTP Host based group selection, which is a server pool in Alteon's terminology.

Fist I need to add two hosts to my /etc/hosts files, which is c:\windows\system32\drivers\etc\hosts :

  • a.dans-net.com
  • b.dans-net.com

Both will point to    a.dans-net.com    b.dans-net.com

I want a.dans-net.com to go to SRV1 and b.dan-net.com to go to SRV2

I need to add two groups with one host only. Notice that AFAIK since version 29 Alteon allows to use strings as rip, groups and virt

 /c/slb/group a_dans
        ipver v4
        add 1
 /c/slb/group b_dans
        ipver v4
        add 2

Next step is to configure the Content Class, which means to configure matching classes which will be later used by Content Rules

 /c/slb/layer7/slb/cntclss a_dans http
 /c/slb/layer7/slb/cntclss a_dans http/hostname a_dans
        hostname "a.dans-net.com"
        match equal
 /c/slb/layer7/slb/cntclss b_dans http
 /c/slb/layer7/slb/cntclss b_dans http/hostname b_dans
        hostname "b.dans"

Notice that class a_dans is and exact match and that class b_dans is an include match (the default mathod, thats why we don't see it in the config). Just for fun...

Now lets add virt  and apply the changes.

 /c/slb/virt 11
        ipver v4
 /c/slb/virt 11/service 80 http
        group 1
        rport 80
 /c/slb/virt 11/service 80 http/cntrules 10
        cntclss "a_dans"
        group a_dans
 /c/slb/virt 11/service 80 http/cntrules 20
        cntclss "b_dans"
        group b_dans
 /c/slb/virt 11/service 80 http/pip
        mode address
        addr v4 persist disable

Notice that we added two new rules, matching the Content Class we configured before and the action is to select a group, which we configured before too.

As usual we use Source NAT, hence the pip with address.

And he are some "show" commands

>> LB1 - Server Load Balancing Information# /i/slb/virt 11
11: IP4,    00:03:b2:80:00:4e
    Virtual Services:
    http: rport http, group 1, health tcp (TCP), dbind forceproxy
        Content Rule 10, enabled
             content class a_dans, group a_dans
        Real Servers:
        1:, group ena, health  (runtime TCP), 2 ms, UP
        Content Rule 20, enabled
             content class b_dans, group b_dans
        Real Servers:
        2:, group ena, health  (runtime TCP), 2 ms, UP

Now lets see what happens in the browser.

First we test for a.dans-net.com. We expect to see SRV1 only.

Success. We see SRV1 only. Next lets try b.dans-net.

Success again, we see SRV2 only.