Intro to Policies on the CSM

The CSM is pretty bad little box.  It not only watches layer 4 items like TCP connections, but also talks HTTP, which you can use to do some custom, or policy-based, load balancing.

Policies are the objects that make custom balancing work.  Like everything else (it seems) on the CSM, a policy is an object made up of other objects — maps and serverfarms.  A map matches patterns based on a number of things including the URL and HTTP header values, while the serverfarm directive tells where to send traffic that matches the map.  If, for example, you want to send all requests with “/admin” in the URL to a management server instead of the regular web servers, you can do it with a policy.

Let’s try one.  We first build our serverfarm and vserver for normal traffic.  This configuration will simply serve HTTP on via two servers in a serverfarm.

Now let’s set up our policy-based load balancing for this vserver.  Let’s say that we want to send all traffic with “/admin” in the URL to go to the management server at, so we first create a serverfarm with the management server in it.

Next, we create a map that matches the URL.

Notice the pretty wildcards?  If you don’t include those, the URL would have to match exactly for the map to apply.  Since most apps don’t actually go to the same URL over and over, we have to use wildcards to make sure that everything matches.  Obviously, in practice, this can get complicated depending on what you’re trying to match.

Next, we create the policy itself.  Basically, we just combine the map and the serverfarm into a new object.

With me so far?  Good.  There’s only one thing left to do — apply the policy to the vserver.

Everytime the CSM gets a request to the virtual IP of on HTTP, it will check the URL for the string “/admin”, and, if it’s in the request, it will send it over to the management server.  If it doesn’t match, it simply goes to the main serverfarm just as if the policy wasn’t even applied.  If you do a “show mod csm X vservers” now, you’ll see the policy listed under the vserver we just made along with stats on the number of packets that were matched.

There are caveats.  The CSM can only support a limited number of policies for each vserver.  According to a TAC case I opened a while back, you can only have 10 policies configured per vserver, so keep that in mind when designing everything out.  There’s also a 30k memory limit for policies on a serverfarm; I have no clue how to calculate how much memory a policy is using, but using wildcards definitely adds to the memory footprint.

Send me any questions since I still haven’t found anyone who uses the CSM.  🙂

Aaron Conaway

I shake my head around sometimes and see what falls out. That's what lands on these pages.

More Posts

1 comment for “Intro to Policies on the CSM

Leave a Reply

Your email address will not be published. Required fields are marked *