F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

TheMigger36_142's avatar
TheMigger36_142
Icon for Nimbostratus rankNimbostratus
Feb 04, 2014

Web Server consolidation fronted by Wildcard Cert design question....

I am trying to implement the following design and was curious how to execute it. I have a wildcard cert that is currently installed on 54 different web servers with 54 distinct urls. Each company has its own web server and each has its own url companyname.abc.com. I am consolidating these web servers to a farm of 20 and will be offloading the wildcard cert to the load balancer. My question is how do I perform this consolidation? I have an HA pair of LTM 3600s running 11.2. I want to be able to have one pool of 20 web servers and all 54 urls to be able to utilize the pool of 20 nodes.

 

design

3 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Feb 04, 2014

    That depends. Will you still have 54 different application instances (spread across 20 web servers)? If so, are you using IP/port separation, or host header redirection?

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Feb 04, 2014

    Totally understand that, but the solution depends on the consolidated implementation. For example, let's say you have 54 applications spread across 20 app servers, using different ports. You'd create a pool for each application, and then load balance the requests to those pools based on the Host header in the request. For simplicity (and maintainability) I'll use a data group to manage the large set of URLs.

    Data group (string-based). my-url-dg

    www.example.com := pool1
www.foobar.com := pool2
www.barfoo.com := pool3

    iRule

    when HTTP_REQUEST {
    if { [class match [string tolower [HTTP::host]] equals my-url-dg] } {
        pool [class match -value [string tolower [HTTP::host]] equals my-url-dg]
    }
}

    So when a request comes in it's sent to the correct pool based on the Host header in the request. The beauty in this design is that you can scale, load balance, and monitor the health of these servers in their individual pools.

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Feb 04, 2014

    So I would create a separate pool for each URL(54 pools). Associate all of these pools to one VIP and put all 20 servers in each of the 54 pools?

     

    The above is just one example. So let's say you have 54 applications running on one physical web server, listening on different ports. You'd create a separate pool for each application, then use the iRule to direct traffic to the right pool based on Host header. You technically don't have to have a pool assigned to the VIP assuming the data group will match every URL request. If you installed those same 54 applications on another physical host, then you could add those instances to the individual application pools and load balance them. This stuff can all be scripted by the way. If you had 54 applications running on a single physical web server, listening on different IP addresses, the approach would be the same. How you implement this ultimately depends on how you've provisioned those 54 applications on the 20 servers.