Options

1 VIP to 15 Websites same ports

cairnsbrycecairnsbryce Member
in aFleX
Currently in the process of implementing A10, to replace our ISA 2006 server.

Currently we use 1 external ip address for all our reverse proxied websites.
We want to setup one VIP for access to these internal websites.

All of these websites go over port 443 or port 80
Some of the websites are on seperate servers but a few are on the same back end servers.

So test1@example.com and Test2@example.com are on the same server but test3 and test4 are on different server, all using port 80 or 443.
I have configured the servers and a separate service group for each site.

How can I do this?
Would host switching or url switching work better.

I also have another question.
One of the 443 websites we only allow connections from certain IP address ranges and the same with a few of the port 80 websites.

Sorry guys I am very new to this.

Bryce

Comments

  • Options
    [Deleted User][Deleted User]
    edited May 2014
    So what is the selection criteria? Give us an example. But I assume you only have 1 IP for the VIP. And you host:

    www.aaa.com
    www.bbb.com
    www.ccc.com

    all on the same VIP. So you want the AX to accept traffic on the VIP and sort traffic to servers in service_group_aaa, service_group_bbb, and service_group_ccc accordingly?

    If so, without having to do aflex scripts, the HTTP template is your best bet using HOST switching.
  • Options
    dshindshin Member
    edited May 2014
    Hi Bryce,

    It depends on how you are hosting your websites. If you have the websites hosted as the following wwww.example.com/test1 and www.example.com/test2 then we would recommend URL Switching. If you have www.test1.example.com and www.test2.example.com, then we would recommend host switching. We can also use aFleX scripting as mentioned by TCP-me but lets start with HTTP template for now and see how we can fix the problem before we move to aFleX scripting.

    Genard
  • Options
    dshindshin Member
    edited May 2014
    For your second inquiry, I would recommend that you use the black/whitelisting feature. If B/Wlisting does fit your requirements then let me know and I can assist with aFleX scripting.

    Genard
  • Options
    cairnsbrycecairnsbryce Member
    edited May 2014
    Hi,

    Our environment would be http://www.test1.example.com and http://www.test2.example.com type of sites.
    We do have a few websites that are https://www.test3.example.com

    So it looks like host switching is the way, where do I find that in the GUI? or is it easier to do it in textpad and copy it into the CLI?

    As I said some of our servers hold multiple websites on them, they are in Apache and I am not familiar with Apache, but looking at the ISA rules they are both going over 443 or 80 so I think the Apache service is doing the host switching.
    these would be websites like http://test3.example.com and http://test4.example.

    thanks in advanced for the assistance
    Bryce
  • Options
    thomas.hedstrommer@a10networks.comthomas.hedstrommer@a10networks.com Member
    edited May 2014
    Hi, you can find it in the GUI under:
    Config Mode, SLB, Template, Application, HTTP.
    Then Add(or edit if you already have one in use) and scroll down to app switching.
    From there you can play around with the different settings like match type.

    When you have done this you bind the HTTP template to your virtual service like:
    Config Mode, SLB, Service, Virtual Service, edit your virtual service and add the HTTP template.

    Good luck,
    /Thomas
  • Options
    cairnsbrycecairnsbryce Member
    edited May 2014
    Thanks Thomas,

    I did the fist one via the GUI, then went into CLI and copied the config and replicated it so I could copy an paste the list.

    slb template http tp-HostSwitch
    host-switching contains test1.example.com service-group SG_Test1
    host-switching contains test2.example.com service-group SG_Test2

    I'll bind it to the Virtual Service and test it tonight.
  • Options
    cairnsbrycecairnsbryce Member
    edited May 2014
    okay so looks like host-switching is not going to do what I need it to do.

    I am going to have to go with an AFlex rule and class lists

    My question on class list is if i have 6 websites that will be accessed form the same ip address can i have one list.

    At some stage if i want to limit access to one of the sites, i.e remove a range of allowed ip address. If I used one class list it would effect all the sites right?

    So would it be better to have 6 seperate class list? alot of the ip addresses would be the same. Is there an easy way to manage this?

    Bryce
  • Options
    daniel.neubacher@xing.comdaniel.neubacher@xing.com Member
    edited May 2014
    You should not create multiple lists. I think there are some new features with the memory tables but I did not work with it yet. I'm managing multiple lists with "stacked" aflex.
    Here is for example my IP check:

    when HTTP_REQUEST {
    set ::NET_ALLOW {
    10.0.0.0/8
    1.2.3.4
    5.6.7.8
    9.10.11.12
    }

    foreach net $::NET_ALLOW {
    if { [IP::addr [IP::client_addr] equals $net] } {
    set net_allowed true
    break
    } else {
    set net_allowed false }
    }

    if { not $net_allowed } {
    HTTP::redirect "http://www.xing.com/"
    }
    }

    I could have skipped the net_allowed but I'm using it later in another aflex. You can do the same with website names. But be aware that the a10 doesnt like not existing variables. If you use a variable which wasn set the aflex just aborts without an error. Only axdebug shows it.
Sign In or Register to comment.