Jump to content
Welcome to our new Citrix community!

New Deployement - Load Balance Different Site across same IIS servers

Recommended Posts

Should be pretty simple but I am missing something in the configuration.  Basically the idea is that website are published with domain name binding on IIS. I want to monitor each site with host header.  When I create a virtual server it won't allow multiple virtual servers with same IP and different Monitor.


What's the correct place to create these? I want to create the pairing based on underlying real server + correct header request.

Link to comment
Share on other sites

If you want to monitor each web site independently and load balance them as separate services, you would have to configure one of the sites to run on a separate IP or port from the other so you the ns can distinguish them.


The problem with using 2 monitors on one service, is that if svc1 AppA is down, then neither AppA or AppB traffic will be sent to service 1.


If you want it so that you run AppA on srv1 and srv2 and AppB on srv1 and srv2, but you if AppA srv1 is down, you only send appA traffic srv2 but AppB can still go to srv1 or srv2, you would need to distinguish them from the NS perspective by configuring IIS to assign a unique IP or PORT per website, so you can load balance them separately.


Link to comment
Share on other sites

This has been an OLD question from a lot of admins.

Since the NetScaler load balances services (and sees their up down state) based on the unique IP:POrt combination. The NetScaler isn't load balancing individual web-apps as much as it is the individual infrastructure.  If you assume the apps work unless the infrastructure fails, then we load balance them all together on one service.


But if you really want to do per app load balancing (based on app specific monitors going up and down) where some apps can still function and others shuld be skipped (and they aren't servicees that depend on each other), then you have to configure it in such a way that netscaler can see appA separate from AppB and the separate ip/ports will do that for the service up/down state.


We can sort content based on content switching and policies all day; but if the app-level status is what you are tracking, this is the only "good" way to do it.


So, if the 3 webapps were on ServerA all work together for the same application. I would load balance normally, because of depdency B is failed on server1, then I shouldn't send App A or C traffic there either.


If the scenario is that I've 3 distinct web apps that are on the same web server, but they can go up/down through other mechanisms and I want to load balance them separately, then I would consider if running them on separate ports would allow me to do that.  The users never have to see the port change, but it gives the adc a way to make this different.  The downside in this case, is that the "services" now only see part of the load geenrated and not the total hitting the server, so if you don't think about your traffic load and don't adjust the service thresholds on a per app usage, then you might saturate a server unexpectedly in a high volume scenario. (Which is why I think the original view of the web server as a web server regardless of apps, originally started, but could be wrong.)


I'm going to look to see if listen policies would help out in this instance (as i forget one way or the other). And will get back to you. 



Link to comment
Share on other sites

Do you mean in context of the original question, or if you a user hits port 80 you want to direct the traffic to the unique ports on the backend?

I kind of need to know where your at in the problem you are trying to solve to give you a more specific answer.  So if the below doesn't help, please clarify and we'll get you a better response.


But based on the original question, where you wanted to load balance different web apps on the same server independently, let me make an assumption that you have three different sites on the one web server and you decided to load balance them on different ports but you don't want the user to know about this ports...


https://demo.company.com/AppA  is going to be port 8080 on the backend services

https://demo.company.com/AppB is going to be port 8081 on the backend services


Assuming you can distinguish AppA from AppB either as path elements above or as FQDNs. IF users will only connect at HTTP:80 or HTTPS:443 and you want to then sort traffic to the appropriate port on the backend without the user seeing it, then content switching is the best option.  If some of these ports may get to the user in URLs, then you might need some listeners on the 8080/8081 ports and use responder policies or rewrite/url transform policies to make sure internal url formats are rewritten to the external format.


This can be adjusted depending on whether you need HTTPS or HTTP traffic.  Whether you want the ports only on the services or also on the lb vservers (but behind the cs vserver on port HTTP:80 or HTTPS:443).


# backend ssl (https) as an example...

add service svc_srv1_8080 <srv1 ip> ssl 8080

add service svc_srv2_8080 <srv2_ip> ssl 8080

add service svc_srv1_8081 <srv1 ip> ssl 8080

add service svc_srv2_8081 <srv2_ip> ssl 8080


# these can have their own lb vip or they can be non-addressable and only accessed behind a cs vserver (it depends)

add lb vserver lb_vsrv_appA SSL 0

bind lb vserver lb_vsrv_appA svc_srv1_8080

bind lb vserver lb_vsrv_appA svc_srv2_8080

bind ssl vserver lb_vsrv_AppA -certkey <certkey>


add lb vserver lb_vsrv_appB SSL 0

bind lb vserver lb_vsrv_appB svc_srv1_8081

bind lb vserver lb_vsrv_appB svc_srv2_8081

bind ssl vserver lb_vsrv_AppB -certkey <certkey>


# these last commands on the cs policies might have some minor typos in them as doing them from memory; might need to mock up in gui to correct any settings.

add cs vserver cs_vsrv_multiweb SSL <VIP1> 443

bind ssl vserver cs_vsrv_multiweb -certkey <certkey>

add cs policy cs_pol_appA -rule 'http.req.url.path.get(1).set_text_mode(ignorecase).eq("AppA")'

add cs policy cs_pol_appB -rule 'http.req.url.path.get(1).set_text_mode(ignorecase).eq("AppB")'

bind cs vserver cs_vsrv_multiweb -policyName cs_pol_appA -targetlbvserver lb_vsrv_AppA -priority 100

bind cs vserver cs_vsrv_multiweb -policyName cs_pol_appB -targetlbvserver lb_vsrv_AppB -priority 110

bind cs vserver cs_vsrv_multiweb -lbvserver <default lb vserver>   # not shown above; should have a destination for unmatched traffic with a responder policy to display error message


If users will be making connections on the custom ports and then you need to redirect to an alternate location, then the setup would be different.

But there are a couple different ways to accomplish this.   The lb vservers could be on the same VIP and different ports, but behind the cs vserver to hide the ports from the user.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...