Jump to content
Welcome to our new Citrix community!

Load balance based on source ip and timing

Recommended Posts

I would like to know the possibility on scheduling the LB to direct traffic to just one node for a period of time for a given set of users

For example,

direct traffic coming in from between 9am-10am to Node A 

direct traffic coming in from between 9am-10am to Node B

all other users can be load-balanced as usual

Link to comment
Share on other sites

You can do Content Switching with rules to different LB vServers. https://docs.citrix.com/en-us/citrix-adc/current-release/appexpert/policies-and-expressions/adv-policy-exp-working-with-dates-times-and-numbers/expressions-for-system-time.html


If your users are identified by source IP, then use source IP in your content switching expressions. Otherwise, you'd need AAA feature to enable authentication to determine the usernames.

  • Like 1
Link to comment
Share on other sites

Carl's correct, but if you need some time examples, this post has several and links to another post:  

https://discussions.citrix.com/topic/417081-configuring-allowed-working-hours-on-adc/#comment-2093328. (This one was classic settings but had links to other articles).

https://discussions.citrix.com/topic/415285-restrict-access-time-by-ad-group/ Use this one for advanced engine examples.


Create your lb vserver 1 pointing to service A; and you lb vserver 2 pointing to service B only.  Create your lb vserver 3 pointing to all the services for normal load balancing. (These can all be non-addressable).  

However, what do you want to happen for the subnet users outside of that time:  no access or fallback to the regular lb vserver #3?  That would affect how this is created.


Then create the cs vserver.


Policy expressions for subnet and time. See references as you may need to adjust for timezones.  But a 9-10 am GMT would be:

client.ip.src.in_subnet( && sys.TIME.HOURS.BETWEEN(9,10)

client.ip.src.in_subnet( && sys.TIME.HOURS.BETWEEN(9,10)


If anyone not in the subnet & time specified is handled normally, then set lb vserver 3 as the default destination for the cs vserver (no policy).  Subnet users outside the 9-10 window will use this one two.


If your two subnets CAN only connect during this time, then we would have to exclude them during their non-approved hours, or maybe use responder to redirect to an error. So more info, would help clarify the final settings you want and how best to handle them outside of their 9-10 hours.




Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...