ADC load balancing webfarm and define custom monitoring

[Gijs Lemahieu1709159845]

Hi,

 

We have a webfarm hosted on Windows Server (IIS) with 10 webservers (shared configuration).

On this webfarm there are several websites and application pools and we use SNI (Server Name Indication) to host multiple certificates on the same ip address and port (443)

 

This is the setup used:

• Customer has its own domain and they create a cname record to host their webshop : webshop.customerA.com and this is redirected to webshop.ourdomain.com
• webshop.ourdomain.com is a a-record and is pointing to the firewall
• on the firewall there is a destination nat rule which redirects the traffic to an internal ip address of the Netscaler (virtual server)
• virtual server on ADC handles the request and sends it to one of the webservers
• the webserver which receives the request is sending the request to the correct website / app pool (based on the SNI, based in the url of the initial request)

 

We use different websites / application pools because we are hosting several versions and we can upgrade a client to a higher version by removing the binding from website A and link the binding to website B (website A and B are hosted on the same webfarm, just different sites). 

With the approach, to upgrade a customer, there is no need to change DNS records, only the binding to one of the sites on IIS defines which site / app pool will handle the request.

 

It may happen that one of the app pools or sites is down on one of the servers of the webfarm and that the ADC is still forwarding requests to this site  on this specific server and this is something I would like to get resolved.

 

I'm stuck now on the architecture of the virtual server and the monitors to use.

 

Possibilities I see :

• use ping as a monitor. Disadvantage : this is only layer 4 and doesn't monitor on layer 7
• use http or http-ecv as monitor : this may work but I can only monitor one url (and thus one site on each webserver). If this site is down, but all the other sites / app pools are up and running, this would generate a false positive and set the server down
• http-inline will only generate less impact on the webservers by monitoring but doesn't my problem either.
• create a monitor for each site/app pool (with a static url for each site which i can use in the monitor for that site (version)) but if there is an incoming request, ADC doesn't know which app pool will pick up the request because it hasn't insight on the bindings on IIS so the ADC can't know if the specific site for the requested URL is up & running on the server to which the request would be redirected

 

The theoretical solution would be

1. to extract the requested url from the client (e.g. webshop.customerA.com where the request is e.g. https://webshop.customerA.com/kql/activities/overview)
2. use the assigned load balancing method (e.g. leastconnection) to define the webserver to where the request would be sent
3. use the inline-http monitor with the extracted url to check if this specific site is running on this specific webserver (defined in step 2) to verify with a layer 7 check if this site is up and running
4. when the result of the monitor is positive => request can be transferred to the webserver
5. when the result is negative (site is down) => the ADC should select another server and consider this webserver as down for this request (or e.g. 5 seconds)
6. when none of the webservers is considered as up for this specific request, the end user should be redirected to another site (generic down site)

 

Does someone has another idea or approach on how I could set this up?

 

Thanks for your help!

 

Gijs.

 

[Gijs Lemahieu1709159845]

Hi,

 

someone with an idea about this?

 

Any help would be much appreciated!

 

Thanks,

 

Gijs