Monday, September 8, 2014

Select group/pool by query URI

Lab goal

When a request looks like this: http://a3.dans-net.com/group=GROUPNAME then the group/pool will be selected by the following name:

group_GROUPNAME

For example for http://10.136.5.10/group=g1 the selected group will be group_g1

The following groups should be defined:
  • g1 - SRV1
  • g2 - SRV2
  • g3 - SRV3

The VIP should be 10.136.5.10

Setup

I'll use my Loadbalancer Lab Setup.



The loadbalancer is Radware's Alteon VA version 29.5.1.0

The initial Alteon VA configuration can be found here.

Alteon configuration

First, lets configure the groups.

 /c/slb/group g1                          
        add 1
 /c/slb/group g2
        add 2
 /c/slb/group g3
        add 3

Next lets write the script.


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
attach group g1
attach group g2
attach group g3

when HTTP_REQUEST {
    set group_exists [regexp -nocase {group=(g[0-9]+)(&.*)*$} [HTTP::query] a group_name]
    if {$group_exists == 1} {
        group select $group_name
    }
}

-----END



  • Lines 1-3 declare the groups which will be used later on.
  • Line 6 has the regular expression matching
    • The matching is case insensitive.
    • It looks for a group=g* in the query part of the URI.
    • If a match is found it will 
      • set group_exists to 1
      • put what ever matches in a
      • the result of the first parenthesis (g[0-9]+) to group_name
  • Line 7-8 - If a match  was found, select the group according to the group name
  • Line 12 - As allways we need the -----END to mark the end of script.

Next lets configure the virtual server. Notice that since we are using 10.136.5.X address as VIP, we need to configure the Alteon to use Source NAT/Proxy IP so return traffic from the servers go through Alteon and not directly back to the client.

 /c/slb/virt 5_10
        ena
        vip 10.136.5.10
 /c/slb/virt 5_10/service 80 http
        group 10
 /c/slb/virt 5_10/service 80 http/pip
        mode address
        addr v4 10.136.85.200 255.255.255.255 

Notice we added group 10 to the config. We need this as last resort group. If the AppShape++ script won't choose a group, that group will be chosen.

Next we need to import and apply the AppShape++ script to the HTTP service.

 /c/slb/appshape/script host_by_query
        ena
        import text 
 attach group g1
 attach group g2
 attach group g3
 when HTTP_REQUEST {
     set group_exists [regexp -nocase {group=(g[0-9]+)(&.*)*$} [HTTP::query] a group_name]
     if {$group_exists == 1} {
         log "$group_exists $a $group_name"
         group select $group_name
     }
 }
 -----END


 /c/slb/virt 5_10/service 80 http/appshape
        add 10 host_by_query

Test

First we will try selecting group g1:



Notice that just the GET to the main page was sent with ?group=g1&b=1 . The rest of the requests went without the query string.

Next g3:


Success!

Summary

That wasn't too hard, was it? The one thing I do is to test the TCL script on tclsh and only then import it to the Alteon. That is much faster then copy pasting into the Alteon's config.