virtual-server with two service-group

Hi team

I've a virtual server with a specify IP, but I need associate differentes service-group because the service will be use always the same IP.

How I can associate for the same port (in my case 80) differents service-group for SLB?


Thank you

Tagged:

Comments

  • mdunnmdunn Member ✭✭

    I'm a little confused on the requirement, but this potentially sounds like a URL / Host switching use-case. URL / host switching enables an ACOS device to select a service group based on the URL or domain name in a client’s GET request. The selection overrides the service group configured on the virtual port.


    You can configure an HTTP template with one of the following service-group switching options:

    • URL switching – Selects a service group based on the URL path in the GET line of the HTTP request’s header.

    • Host switching – Selects a service group based on the domain name in the Host field of the HTTP request’s header


    Would this work for you?

  • Thank you @mdunn , for your great explanation.


    Do you've any example? I'm new working with A10 LB.


    Thank you

  • mdunnmdunn Member ✭✭

    Here is a quick CLI example for the configuration. In this example, traffic which does not match the "urlswitch" http template logic will be sent to service-group sg-abc. If no service-group is configured on the virtual port, traffic which does not match will be dropped.

    Configure the HTTP template:

    ACOS(config)# slb template http urlswitch
    ACOS(config-http)# url-switching starts-with /abc service-group sg-abc
    ACOS(config-http)# url-switching starts-with /123 service-group sg-123
    ACOS(config-http)# exit
    

    Configure the Virtual Server:

    ACOS(config)# slb virtual-server vs1 192.168.10.40
    ACOS(config-slb vserver)# port 80 http
    ACOS(config-slb vserver-vport)# template http urlswitch
    ACOS(config-slb vserver-vport)# service-group sg-abc
    

    You may wish to grab the SLB admin guide from the A10 Support portal to reference as you learn the A10 LB.

  • Thank you @mdunn. I would like do a last question.

    I guess that the good idea is do it with host-switching. Attached you will can find a example, do you can check pls?


    Thank you

  • mdunnmdunn Member ✭✭

    Looks like you have the right approach with host-switching since you want to match the domain. The initial template configuration appears to match your spreadsheet. After binding the template to the virtual port, you should be able to test your results.

  • Thank you again @mdunn. We were with the customer a migration the last monday and it it's works.

    Anyway, I would like do a new question, do you know if there are another way to add url-contains (only is possible with aflex) ? or how I can do thsoot if is necessary?


    slb template http-policy 10.186.17.151_80

     url contains '/api/*' service-group pool_apac_tchile_api

     url contains '/*' service-group pool_apac_tchile_api

     url contains '/hpnp_al/*'  '/TelefonicaAdapter/* service-group pool_wlx_Portabilidad_SPN


    The customer has this URL contains that cannot open in the root path.


    thank you

  • mdunnmdunn Member ✭✭

    Glad to hear the config was successful. Would changing the logic from "contains" to "equals" or even a regex pattern fulfill the requirement? We have these options:

    Can you clarify what you mean by "URL contains that cannot open in the root path"

  • Thank you @mdunn. I mean that for example I've a service that has:


    • a virtual server that has many servers, and need re-direct-to https. Do you know if I can do a template HTTP for example to allow communication HTTPs ? Or is necessary enable another parameter?

    Example that its not works the last night:


    slb virtual-server CS_443 10.186.17.77

     name CS_10.186.17.77_http

     source-nat auto 

     service-group pool_doc-microservices_get

     slb template http 10.186.17.77_http_template

     redirect-to-https

     port 443 https

     name CS_10.186.17.77_https

     source-nat auto 

     service-group pool_doc-microservices_get

     slb template http 10.186.17.77_http_template


    slb template http 10.186.17.77_http_template

    host-switching contains doc-microservices.movistar.cl service-group pool_doc-microservices_get

    host-switching contains doc-microservices.movistar.cl service-group pool_doc-microservices_getActivity

    host-switching contains doc-microservices.movistar.cl service-group pool_doc-microservices_upstream

  • mdunnmdunn Member ✭✭

    If the goal is perform a redirect to HTTPS, that is generally configured on virtual port 80 which will then redirect the client to virtual port 443. I don't see port 80 http in your config above. Also, we need a client-ssl template on the virtual port 443. So we'd do something like this:

    slb virtual-server CS_443 10.186.17.77
      port 80 http
       name CS_10.186.17.77_http
       service-group pool_doc-microservices_get
       redirect-to-https
      port 443 https
        name CS_10.186.17.77_https
        source-nat auto 
        service-group pool_doc-microservices_get
        template http 10.186.17.77_http_template
        template client-ssl your_cl_ssl_template
    
Sign In or Register to comment.