Gijs Lemahieu1709159845 Posted December 23, 2021 Share Posted December 23, 2021 Hi, We have a webfarm hosted on Windows Server (IIS) with 10 webservers (shared configuration). On this webfarm there are several websites and application pools and we use SNI (Server Name Indication) to host multiple certificates on the same ip address and port (443) This is the setup used: Customer has its own domain and they create a cname record to host their webshop : webshop.customerA.com and this is redirected to webshop.ourdomain.com webshop.ourdomain.com is a a-record and is pointing to the firewall on the firewall there is a destination nat rule which redirects the traffic to an internal ip address of the Netscaler (virtual server) virtual server on ADC handles the request and sends it to one of the webservers the webserver which receives the request is sending the request to the correct website / app pool (based on the SNI, based in the url of the initial request) We use different websites / application pools because we are hosting several versions and we can upgrade a client to a higher version by removing the binding from website A and link the binding to website B (website A and B are hosted on the same webfarm, just different sites). With the approach, to upgrade a customer, there is no need to change DNS records, only the binding to one of the sites on IIS defines which site / app pool will handle the request. It may happen that one of the app pools or sites is down on one of the servers of the webfarm and that the ADC is still forwarding requests to this site on this specific server and this is something I would like to get resolved. I'm stuck now on the architecture of the virtual server and the monitors to use. Possibilities I see : use ping as a monitor. Disadvantage : this is only layer 4 and doesn't monitor on layer 7 use http or http-ecv as monitor : this may work but I can only monitor one url (and thus one site on each webserver). If this site is down, but all the other sites / app pools are up and running, this would generate a false positive and set the server down http-inline will only generate less impact on the webservers by monitoring but doesn't my problem either. create a monitor for each site/app pool (with a static url for each site which i can use in the monitor for that site (version)) but if there is an incoming request, ADC doesn't know which app pool will pick up the request because it hasn't insight on the bindings on IIS so the ADC can't know if the specific site for the requested URL is up & running on the server to which the request would be redirected The theoretical solution would be to extract the requested url from the client (e.g. webshop.customerA.com where the request is e.g. https://webshop.customerA.com/kql/activities/overview) use the assigned load balancing method (e.g. leastconnection) to define the webserver to where the request would be sent use the inline-http monitor with the extracted url to check if this specific site is running on this specific webserver (defined in step 2) to verify with a layer 7 check if this site is up and running when the result of the monitor is positive => request can be transferred to the webserver when the result is negative (site is down) => the ADC should select another server and consider this webserver as down for this request (or e.g. 5 seconds) when none of the webservers is considered as up for this specific request, the end user should be redirected to another site (generic down site) Does someone has another idea or approach on how I could set this up? Thanks for your help! Gijs. Link to comment Share on other sites More sharing options...
Gijs Lemahieu1709159845 Posted January 3, 2022 Author Share Posted January 3, 2022 Hi, someone with an idea about this? Any help would be much appreciated! Thanks, Gijs Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now