The CSM is pretty bad little box. It not only watches layer 4 items like TCP connections, but also talks HTTP, which you can use to do some custom, or policy-based, load balancing.
Policies are the objects that make custom balancing work. Like everything else (it seems) on the CSM, a policy is an object made up of other objects — maps and serverfarms. A map matches patterns based on a number of things including the URL and HTTP header values, while the serverfarm directive tells where to send traffic that matches the map. If, for example, you want to send all requests with “/admin” in the URL to a management server instead of the regular web servers, you can do it with a policy.
Let’s try one. We first build our serverfarm and vserver for normal traffic. This configuration will simply serve HTTP on 184.108.40.206 via two servers in a serverfarm.
1234567891011 serverfarm TEST-FARMreal 192.168.0.101inservicereal 192.168.0.102inservicevserver TEST-VSvirtual 220.127.116.11 tcp httpvlan 1serverfarm TEST-FARMinservice
Now let’s set up our policy-based load balancing for this vserver. Let’s say that we want to send all traffic with “/admin” in the URL to go to the management server at 192.168.0.150, so we first create a serverfarm with the management server in it.
123 serverfarm TEST-MGMTFARMreal 192.168.0.150inservice
Next, we create a map that matches the URL.
12 map TEST-MAP urlmatch protocol http url */admin*
Notice the pretty wildcards? If you don’t include those, the URL would have to match exactly for the map to apply. Since most apps don’t actually go to the same URL over and over, we have to use wildcards to make sure that everything matches. Obviously, in practice, this can get complicated depending on what you’re trying to match.
Next, we create the policy itself. Basically, we just combine the map and the serverfarm into a new object.
123 policy TEST-POLurl-map TEST-MAPserverfarm TEST-MGMTFARM
With me so far? Good. There’s only one thing left to do — apply the policy to the vserver.
12 vserver TEST-VSslb-policy TEST-POL
Everytime the CSM gets a request to the virtual IP of 18.104.22.168 on HTTP, it will check the URL for the string “/admin”, and, if it’s in the request, it will send it over to the management server. If it doesn’t match, it simply goes to the main serverfarm just as if the policy wasn’t even applied. If you do a “show mod csm X vservers” now, you’ll see the policy listed under the vserver we just made along with stats on the number of packets that were matched.
There are caveats. The CSM can only support a limited number of policies for each vserver. According to a TAC case I opened a while back, you can only have 10 policies configured per vserver, so keep that in mind when designing everything out. There’s also a 30k memory limit for policies on a serverfarm; I have no clue how to calculate how much memory a policy is using, but using wildcards definitely adds to the memory footprint.
Send me any questions since I still haven’t found anyone who uses the CSM. 🙂