Forum Discussion
Justin_Poston_4
Nimbostratus
NimbostratusLoad balancing clients based on client domain name
I have a need to direct my customers to different web pools based on the domain the client is located on. So far i have only seen one solution that doesn't involve just using ip's and that was to search the udp_content for the domain name. I have not had any success at getting that to work.
I am hoping there exists an easier way to key off the client domain information.
TIA
- You might be able to use [NAME::lookup] against the reverse zone, but keep in mind that not all reverse zones accurately reflect the domain from which the user is connecting. (ISPs frequently retain control over the reverse zones, and refuse to customize, returning always records reflecting some-ISP-specific-infrastructure-based-string+the ISPs own domain name.)
You'd have to have a reliable, low-latency resolver configured on LTM to perform the lookup, and DNS timeouts are relatively long if no response from the authoritative nameserver, so you might have to experiment with VS timeout values to accomodate that possibility.
If those are not insurmountable barriers, something like this might do the trick:when HTTP_REQUEST { set PTRname [getfield [IP::client_addr] "." 4].[getfield [IP::client_addr] "." 3].[getfield [IP::client_addr] "." 2].[getfield [IP::client_addr] "." 1].in-addr.arpa. set clDomain [domain [NAME::lookup $PTRname] 2] switch $clDomain { "x.com" { pool x.com } "y.com" { pool y.com } "z.com" { pool z.com } } }
HTH
/deb - It's also worth mentioning that in addition to ISP-controlled reverse zones, not every IP address has a corresponding PTR record, so you could receive either negative or NULL responses.
/d - Justin,
I'm assuming that you are using version 4.x BIG-IP that you've posted to this forum. If this is the case then the only way how to implement something resembling your desired functionality is to use external address class listing *all* client addresses that need to get special treatment. You can collect the addresses by perusing DNS and whois starting from a known host name in the domain. The goal is to to collect all address blocks reverse mapping to the DNS domain in question. The easiest way would be to download the DNS zone data but it is only rarely publicly available. The actual process is left as a homework for the reader, since it is off-topic for this forum :-).
Having a list of client IP addresses you can use the one of operator to test whether client address is in the class. Please, refer to the BIG-IP Reference Manual for details.
Probably the best way how to solve the problem though is to upgrade to version 9 and use the method that Deb suggested. 
Justin_Poston_4Yeah i'm using a 4.x version of Big-ip. I tried setting up classses but my situation is a bit more unique. I had a hard time verifying the address blocks.
It is good to know that it can be done with the newer versions of Big-ip.
Couple of questions regarding the 9.x solution posted above.
1) It was mentioned that not all reverse zones are accurate. By this did you mean that they just might not resolve or someone might be able to spoof it? And is this any different then a normal DNS lookup?
2) Our current solution is to use IIS to do a combination of DNS lookup and ip matches. Then redirect the user to a differnet virtual server on big-ip if the user is unidentifiable. Do you know if the performance impacts in big-ip for DNS lookups is any different then the performance impacts for IIS?
I appreciate all the assitance.
Justin
