Jump to content
Welcome to our new Citrix community!

Load balance the initial connection only -


Recommended Posts

Hi,

 

We are looking to load balance an initial connection to a web service that has an inbuilt load balancing and failover mechanism already. This service is Cisco Finesse.

 

We would like the user to browse to Https://finesse (A Record for the Netscaler VIP) but then remove the load balancer from the conversation once it has directed the user to a service that is up. i.e. redirect the users browser direct to the  URL of the finesse server is was load balanced too. Once its there, then failover is dealt within the Finesse web app.

 

So in theory if you could place a responder rule on each service in the VIP and have the responder action to redirect the URL direct to the hostname of the service that is chosen that would be excellent. not sure its possible though.

 

I have thought about using Direct Server Return (DSR) too? 

 

Any thoughts on how this is achieved?

Link to comment
Share on other sites

To Clarify:  So, your scenario is traffic arrives at an lb vserver 1 and selects service 1, 2, or N based on an initial decision AND then all other traffic is client to destination without the ADC in the middle?

What criteria is distributing the traffic?

 

Otherwise, like Carl said it sounds like DSR to me.

 

If you still need the proxy in the middle (the lb vserver), but the app on the backend inserts an ID or something that the ADC can use for follow up decisions, then incorporating the service ID into the persistence decision could be used...but I don't think that's what you are describing. 

 

The problem with your initial request is that responder/redirects run before load balancing decisions are made.  So, to do a redirect AFTER the lb decision is made is not something the lb vserver does on its own; meaning we can't assign a responder policy at the service level either.  And without a better understanding of your criteria for the initial distribution decision, not sure if a responder/redirect on its own would do the job. Example: if there is a path element that can be used to determine redirect before load balancing, then use responder can definitely be used.   If there was a criteria to base the decision on not related to load, then content switching could direct traffic to lbvserver1 vs 2 vs N, and then responder would kick in.  But if its based on volume of traffic, then again LB does this and CS doesn't usually.  

 

 

 

 

Link to comment
Share on other sites

Hey, Thanks for the responses.  I think DSR is the way forward but never set it up so will be an adventure.

 

So to answer your questions. We currently only publish the URL to service 1 to the users (shortcut on desktop) this is not ideal because if service 1 breaks we have an outage for the users. We could send them the URL for service 2 as well but this is not good for an enterprise solution or user experience.

 

The load balancing method and failover is done within the app itself. Its just the front door to the service we need.

Link to comment
Share on other sites

If you don't need the ADC is the middle of the transaction, then yes DSR>

If you want the "frontdoor" to failover to the second service if needed, you can also do an active/passive config:

 

add service svc_primary 1.2.3.4 http 80 #adjust protocol/ports

add service svc_backup 1.2.3.5 ...

add lb vserver lb_vsrv_primary <Protocol> <VIP> <Port>

    bind lb vserver lb_vsrv_primary svc_primary

add lb vserver lb_vsrv_secondary <PROTOCOL> 0.0.0.0 0   # this is a non-addressable vserver

    bind lb vserver lb_vsrv_backup svc_backup

set lb vserver lb_vsrv_primary -backuplbvserver lb_vsrv_secondary    # I might have the backup vserver parameter name wrong, but its under Protection Methods in gui

 

This will send all traffic to vserver1/service1 unless down and then only fail over to service2.  

This may or may not be part of your DSR config.  But may also help you overcome your service1 unavailability issue.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...