07-07-2009 12:38 AM
I do have a customer with the following requirement:
They would like to send some kind of maintenance page out to the clients during maintenance windows. It is one of these pages saying "we are sorry but our systems are.... we are soon back online.".
They would like to send this page to real users only. They do not want to send it to their operations group. The so called operations group is coming from well known IP addresses.
The problem with that is the following: being in maintenance mode does not imply that the real servers or real server ports are not available. They might be up and running and health checks are successful from time to time - that implies they can not use backup servers.
Any suggestions are welcome. Is it PBSLB I have to use because decisions need to be based on source IPs?
07-07-2009 01:38 AM
I do have a customer doing something similar - below is a short explanation how they do it. There are most probably other ways to do it but this one is an option (it is not PBSLB):
VIP-A is for Real Users and VIP-B is for Operations Group users. Both VIPs are bound to same real servers.
You may write acls for VIP-B to allow access only for Operations Group users.
The basic idea is to put some http header at VIP-A like the following config during the maintenance window.
server virtual VIP-A
port http request-insert "Via: maintenance"
If real server receive http request header with "Via: maintenance", real server will reply with the pages which will say that the Service is in Maintenance Mode and that it will be back soon.
If you access to VIP-B, since no "Via: maintenance" header are added and you can access without going to the maintenace mode pages.
You do need to virtual servers to do so - does it fit to your requirements?
07-07-2009 01:42 AM
Hmmm... interesting. The problem I am seeing is the following: it is the same set of real servers behind two virtual servers - the real server itself are responsible for the maintenance page. There are situations were the real servers are down and that would result in no message at all. On top of that we would have to use different VIPs for the operations group. Any other ideas?
07-07-2009 01:47 AM
PBSLB is the only solution which covers the fact that they do not need/want to send the maint page to all users.
It might be an option to do the following:
Configure PBSLB for your virtual server right away. Ensure you have two groups of servers:
Group A: production
Group B: maintenance
Use PBSLB to send everything to Group A during normal operation. The maintenance group is the "failsafe" group only during normal operation. Have a second PBSLB policy list mapping ALL real clients to the maintenance group B and all Operations Group users to the group 0 (getting blocked - in case that is OK for you).
Move to the second PBSLB policy list during maintenance windows and back to the first one afterwards. This should work.
Pro: You do not need Layer 7 switching for this which gives you a better performance.
Contra: you can not use Layer 7 switching for the switch VIP you are doing PBSLB with.
Have a look at the following link in case you need some more details related to PBSLB:
07-07-2009 01:48 AM
This sounds interesting... I am going to check with the customer if that is OK for him. It sounds like a working solution for our problem.
Thanks a lot!