Jump to content
Welcome to our new Citrix community!

ADC loadbalancing | Active- Passive


Recommended Posts

Hi Folks,

 

we have a requirement to configure loadbalancing using ADC as per the below details. I need your valuable suggestions.

 

We have  two backend servers 

Server A==1.1.1.1

Server B==2.2.2.2

 

The servers needs to be loadbalanced using following ports ===100 , 200 and 300  (TCP protocol) . The servers has to be in active-passive  mode. All the connections (over TCP port 100,200 & 300) should go to Server -A  and  if any one of the port (100/200/300) goes down then all the user connections should go to Server- B.

 

Also if server -A  goes down then ADC should disable Server- A until we manually enable it.  Please let me know how can we achieve this scenario.

 

 

Link to comment
Share on other sites

For active/passive:

You should create lb_vsrv_A which points to serviceA, lb_vsrv_B, which points to serviceB (which can be non-addressable) and configure it as a backup vserver to lb_vsrv_A.

Traffic will only be sent to B, when A is down.  There is a "disable primary when down" setting.  

 

For the specific ports:

The ports, would best be done using a lb vserver on TCP:VIP:* (* for the ports) and listen policy which can restrict you to the ports you want to listen on. You can find listen policies in the admin guide if you want more info. (This article explains the scenario but it on a very old version of the gui:  https://support.citrix.com/article/CTX129192)

 

So all of that together, would be something like this:

 

add service svc_A  1.1.1.1 tcp *

add service svc_B 2.2.2.2 tcp *

add lb vserver lb_vsrv_primary TCP <VIP1> * -listenpolicy 'client.tcp.dstport.eq(100) || client.tcp.dstport.eq(200) || client.tcp.dstport.eq(300)'

add lb vserver lb_vsrv_backup TCP 0.0.0.0 0

bind lb vserver lb_vsrv_primary svc_A

bind lb vserver lb_vsrv_backup svc_B

set lb vserver lb_vsrv_primary -backupvserver lb_vsrv_backup -disableprimaryondown

 

You can configure/set backup vservers in the GUI under the lb and cs vserver "protection method" category.

You might have to tweak the syntax slightly as I was freehanding it; but this is about what you want, I think.

 

Link to comment
Share on other sites

Dear Rhonda ,

Thanks for the details.

 

My plan was to create three different services for 3 ports and in that case I was challenge how I will be redirect the traffic to  Server -B  incase of any one of the service in Server-A fails.

 

Now its clear for me I will try the option as you suggested and will provide you the update.Also please let me know if we need to bind the listen policy expression to Server- B also.

 

Once again Thank You.

Link to comment
Share on other sites

Having 1 vserver with ports on 3 different services will not do what you want as you will load balance across svc_A_100, svc_A_200, svc_B_300. It won't match the front end entry port to the backend destination. And having a vserver/service pair for port, makes that failover based on one port failing more complicated.   So having 1 vserver on all the entry ports (via listen policy) can then direct traffic to the services as a whole; while not making you expose more ports than required.  You could technically set listen policies on the service side to restrict which port combos they are on; but that shouldn't be necessary if you can only receive certain ports on the vserver side.

 

What I didn't note above is configure appropriate persistence (such as sourceip or other) so that all transaction from user1 regardless of which port, stays on the same destination service.

 

Then regarding your question on the backup lb vserver, whether it needs listen policies or not.  If you leave it non-addressable, then technically it only ever receives traffic sent to it by the primary lb vserver, so the primary lb vserver's listen policy would restrict it.  If you make the backup vserver addressable with its own vips so it can be hit directly without going through the primary vserver (as a bypass if you will), then I would definitely set the listen policy.  To be honest, I'm not sure if you can assign a listen policy with port restriction on a non-addressable vserver (i didn't have a hands on system to try it with).   But that was my reasoning why I left it off.

 

 

 

 

 

 

Link to comment
Share on other sites

Yes, depending on how you set up the monitors.

If you had separate monitors for each of the 3 ports in the example. And all three monitors were bound to a single service, then the default behavior is if any one monitor fails, the service is down.  (Service property monitor threshold is 0 by default; which results in this behavior.  Changing the threshold, changes the result).

 

But three monitors bound to the service, each with a separate destination port specified, would monitor the port you indicate.

 

 

 

 

 

Link to comment
Share on other sites

Hi Rhonda,

 

I did the configuration as per the below commands. Now I could see that when  port 100 is not reachable from Server -A   still  all the connections are not going to Server-B.

On Netscaler I found that the virtual server primary status is showing as Up and I believe this might be a reason.. I request you to please share me your inputs.

 

add service svc_A  1.1.1.1 tcp *

add service svc_B 2.2.2.2 tcp *

add lb vserver lb_vsrv_primary TCP <VIP1> * -listenpolicy 'client.tcp.dstport.eq(100) || client.tcp.dstport.eq(200) || client.tcp.dstport.eq(300)'

add lb vserver lb_vsrv_backup TCP 0.0.0.0 0

bind lb vserver lb_vsrv_primary svc_A

bind lb vserver lb_vsrv_backup svc_B

set lb vserver lb_vsrv_primary -backupvserver lb_vsrv_backup -disableprimaryondown

  • Like 1
Link to comment
Share on other sites

What monitors did you create and bind to svc_A?

 

You need to create 3 monitors; each boudnt to svc_A.  Each monitor should have an override port specified as the port you  are monitoring (or else the monitor just monitors the service it is bound to)

mon_port100 

mon_port200

mon_port300

Bind all three monitors to the svc_A  (and if needed to svc_B).  Keep the service's monitor threshold at 0 (which is a value in the service properties; so it shouldn't need to be adjusted). Then any one monitor failure will bring the service down.

 

#example tcp monitors with dest port specified

add lb monitor mon_port100 TCP -LRTM DISABLED -destPort 100
add lb monitor mon_port200 TCP -LRTM DISABLED -destPort 200
add lb monitor mon_port300 TCP -LRTM DISABLED -destPort 300
bind service svc_A -monitorName mon_port100

bind service svc_A -monitorName mon_port200

bind service svc_A -monitorName mon_port300

 

This should remove the default monitor and add a port-specific validations. If any one monitor fails, the service will be down.  Decide if you also need this on svc_B to indicate its health.

Edited by Rhonda Rowland
added cli example
Link to comment
Share on other sites

One other clarification; if you create the service as TCP:* then the default monitor bound is a ping-default monitor. Which validates a ping response but makes no determination based on which (or any) ports are running.  So the explicit monitors for the ports you care about are required to determine the up/down state requirements beyond all or nothing.

Link to comment
Share on other sites

Hi Rhonda,

 

I created the monitors as you mentioned and it is working normally (now any one monitor goes down then it will bring the service down). 

 

But I could see that "Disable primary when down" option is not working now.

 

When my server =A goes down then all the connections are going to server=B.

But when server=A    becomes online all user connections automatically going to server=A.

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...