Options
Manage multiple interal servers by one public IP
Posted by a10jliu
One of my customers has hundred of internal servers which need to map to one public VIP, using different port to manage.
We came up with this idea to use aFlex to map different servers and ports systematically :
But remember the node used in aFleX still must be defined by slb server and include in a service group, which is a bit painful.
code
#mapping port >10000 to manage internal servers
#First digit of port stands for protocol, such as 1 port 3389 2 port 23 3 port 443 etc
#Second digit of port stands for internal subnet. such as 1 as 192.168.1.x
#Last 3 digits stands for interanl ip in certain subnet, such as 001 as .1 and 254 as .254
#
#connect to VIP port 12125 means to connect to 192.168.2.125 port 3389
#connect to VIP port 23001 means to connect to 192.168.3.1 port 23
#
#node must be defined; for port 12125 to work must define
#slb server name 192.168.2.125
#port 3389
#also need to create a pool which includes all members
when CLIENT_ACCEPTED {
set dport [TCP::local_port]
if { $dport < 10000 } {
drop
}
scan $dport "%c%c%c%c%c" a b c d e
set realport 0
switch [ format %c $a] {
"1" { set realport 3389 }
"2" { set realport 23 }
"3" { set realport 443 }
}
set p1 [ format %c $c ]
set p2 [ format %c $d ]
set p3 [ format %c $e ]
if { $p1 == 0 } {
if { $p2 == 0 } {
set realip $p3
} else {
set realip $p2$p3
}
} else {
set realip $p1$p2$p3
}
set target 192.168.[ format %c $b].$realip
node $target $realport
}
One of my customers has hundred of internal servers which need to map to one public VIP, using different port to manage.
We came up with this idea to use aFlex to map different servers and ports systematically :
But remember the node used in aFleX still must be defined by slb server and include in a service group, which is a bit painful.
code
#mapping port >10000 to manage internal servers
#First digit of port stands for protocol, such as 1 port 3389 2 port 23 3 port 443 etc
#Second digit of port stands for internal subnet. such as 1 as 192.168.1.x
#Last 3 digits stands for interanl ip in certain subnet, such as 001 as .1 and 254 as .254
#
#connect to VIP port 12125 means to connect to 192.168.2.125 port 3389
#connect to VIP port 23001 means to connect to 192.168.3.1 port 23
#
#node must be defined; for port 12125 to work must define
#slb server name 192.168.2.125
#port 3389
#also need to create a pool which includes all members
when CLIENT_ACCEPTED {
set dport [TCP::local_port]
if { $dport < 10000 } {
drop
}
scan $dport "%c%c%c%c%c" a b c d e
set realport 0
switch [ format %c $a] {
"1" { set realport 3389 }
"2" { set realport 23 }
"3" { set realport 443 }
}
set p1 [ format %c $c ]
set p2 [ format %c $d ]
set p3 [ format %c $e ]
if { $p1 == 0 } {
if { $p2 == 0 } {
set realip $p3
} else {
set realip $p2$p3
}
} else {
set realip $p1$p2$p3
}
set target 192.168.[ format %c $b].$realip
node $target $realport
}
0