03-04-2013 09:23 AM
I work with a segmented network, with firewalls between the segments. The firewall seem arbitrary right now, and I have no access to check them,
Instead of dealing with the network team while I learn to configure and test our STM appliances, is it possible to configure TEST pools with external site (known to be working):
- without interfering with their real traffic
Then, I can hit the STM address, and it would forward (connect) me with outside site.
Solved! Go to Solution.
03-04-2013 10:11 AM
Yes - that's a very common test scenario.
If the Stingray device is correctly configured to use a dns server, then it's simply a matter of using the 'Manage a New Service' wizard to load balance traffic received on port 80 to www.yahoo.com:80 (for example). Stingray will resolve that domain and apply the IP addresses if there are multiple:
Hit 'Finish' and the wizard will create a Pool, a Virtual Server and then wire the two together for you. Of course, you can create these objects manually if you want too.
A very common gotcha - multiple websites on a single IP address (and why you should use www.w3.org instead of yahoo.com)
There is one very common gotcha with this scenario, called the 'Host Header Problem'. If you see a 'not found' or 'no such site' error message, or something similarly unexpected when you try to connect to the service through Stingray, you've probably hit that problem. For example, with Yahoo:
When you connect to Stingray using a url like 'http://192.168.23.15:80', your browser will send a Host Header of '192.168.23.15' in the request. Stingray will forward that request to the server is hosting multiple websites (domains), it will use the host header value to determine which domain the client wanted.... and '192.168.23.15' does not correspond to any domains it's hosting.
You can fix that easily with a simple TrafficScript rule to modify each request as it goes through the Traffic Manager. Add the following rule to your HTTP virtual server (it should be a 'request rule'):
http.setHeader( "Host", "www.yahoo.com" );
That may work for you; in my case, I'm in the UK and the site redirected me to 'uk.yahoo.com' which provoked my browser to go direct to uk.yahoo.com and bypass Stingray. Setting the host header as follows then worked for me:
http.setHeader( "Host", "uk.yahoo.com" );
Other things can also catch you out... perhaps the site puts absolute links (http://www.domain.com/) in the content rather than relative ones. You can fix these up with a response rule that strips the absolute part of the link out - Stingray is a great swiss army knife, but this is probably more complex than you want for a first experiment!
To avoid this, try a 'simpler' website. For example, www.w3.org:80 is a good and well-behaved target to load-balance to.
03-04-2013 11:12 AM
Owen, thank you very much. I am slowly making my way thru this neat software's manual. I thoroughly understand in principal how this stuff works, I just have to do the test cases to confirm my thoughts. I have to understand these appliances well enough to explain it to others.
I have two ethernet ports configured (the console port and the web access port). Obviously, the console port won't route web traffic, but does the MAIN web access port do the traffic AND configurations? Do I need another?
03-05-2013 03:00 AM
Hi Derek - in the simple case, you can route data and configuration traffic through all interfaces. It's possible to lock ports down, most commonly so that only the nominated management' port will accept configuration traffic.
You're running our Cisco-based 'Z100' hardware appliance (this appliance is not generally available). This configuration uses the port lock-down by default, so control traffic is limited to the management port (eth0). Web and other data traffic must use the other ports on the appliance.