Hy RG,
wow, that's huge on you side!
So the functionality is exactly, as we used it before. But I don't get it from your iRule, how you do the URI switch. Only in this example, the URI was the same on both sides...
I've tried out using your iRule, but there seems to be something wrong:
01070151:3: Rule [loadBalancingiRule] error:
line 1: [undefined procedure: rule] [rule loadBalancingiRule {
when HTTP_REQUEST {
set http_host [string trim [getfield [HTTP::host] ":" 1]]
set http_host [string tolower $http_host]
if { $http_host equals "webservice.xxx.xx" } {
pool ihstestweb
return
} else {
HTTP::respond 404 content {
Not Found
}
}
}
}]
But thank you so far for your support!
Posted By rglaue on 02/19/2009 11:57 AM
Okay, well perhaps I don't have enough information, because from what I understand what you are doing my suggestion will work.
I have used Apache ProxyPass before, and the solution I suggest on the BigIP produces the same results for me.
We use private IPs for the physical backend machines.
We assign every one of our 129 (I just counted them) Projects Sites a different (unique) port number. Each project has 1 to 5 webapps. And they are duplicated across 5 physical machines in our web farm.
So this ends up being 129 x 5 = 640 application instances, each with up to 5 webapps.
So we have one VIP answering on one real IP number for all Non-SSL domains. And based on the domain format, URL and whatever criteria, we forward (ProxyPass) the request to the appropriate physical machine and port number to get processed and answered.
The answered request gets sent back to the BigIP (just like Apache ProxyPass), the event HTTP_RESPONSE is executed in the iRules, and the result is sent back to the web user.
As far as the web user knows, they hit one single web server to be served their requests.
-RG
Posted By delvinadm on 02/19/2009 9:09 AM
Hey RG,
thx again for the support!
But here comes a third problem. We're going to have many apps/portals. So I would need a official ip for every entry... we wouldn't have enough of them for this kind of solution, but the idea is great! Poorly, this won't work here...
Posted By rglaue on 02/19/2009 6:21 AM
...But this won't work I think, because the Client would "see" the change... there is an reconnect happening, or am I wrong? ....
This is similar to how we do it.
The client does not see the change.
The client types in https://www.mysite.com
The BigIP answers with an SSL Certificate and SSL Connection
The iRule sees the Host header as "www.mysite.com"
The iRule issues the command "pool mysite.com_pool"
In the "mysite.com_pool" is a set of nodes:
server1.mysite.com:55011
server1.mysite.com:55012
server2.mysite.com:23543
server3.mysite.com:4002
the "pool" command causes the request to get forwarded to one of the 4 nodes in the mysite.com_pool
The chosen node receives the request, processes it, and sends it back to the BigIP.
The BigIP forwards the request back to the original user.
Also in this scenerio, the web server sees the request as coming from the original web user, and not from the BigIP. In other words, the Access logs show the web user's IP address for the request (not the BigIP IP address).
-RG