This post will show a basic Content Switching (CS) setup.
We will have 2 clients: 192.168.20.50 and 192.168.20.60.
They will both access the same CS VIP 192.168.20.100
Client .50 will be redirected to an internal VIP which will load balance 4 servers that as a group we will call pool1 and client .60 will be redirected to a different internal VIP that will load balance 4 servers we will call group 2.
So in this lab the CS is therefore happening based on the source IP of the client.
1) First lets check that CS is enabled.
> sh ns feature
Feature Acronym Status
------- ------- ------
1) Web Logging WL ON
2) Surge Protection SP OFF
3) Load Balancing LB ON
4) Content Switching CS ON
2) Lets add IP, VLANs and Bind them together.
> add ns ip 192.168.20.10 255.255.255.0 -type SNIP
Done
> add ns ip 172.16.100.10 255.255.255.0 -type SNIP
Done
> add vlan 20
Done
> add vlan 100
Done
> bind vlan 20 -ifnum 1/1
Done
> bind vlan 20 -ipaddress 192.168.20.10 255.255.255.0
Done
> bind vlan 100 -ifnum 1/2
Done
> bind vlan 100 -ipaddress 172.16.100.10 255.255.255.0
Done
>
> sh ns ip
Ipaddress Traffic Domain Type Mode Arp Icmp Vserver State
--------- -------------- ---- ---- --- ---- ------- ------
1) 192.168.10.10 0 NetScaler IP Active Enabled Enabled NA Enabled
2) 192.168.20.10 0 SNIP Active Enabled Enabled NA Enabled
3) 172.16.100.10 0 SNIP Active Enabled Enabled NA Enabled
Done
>
> sh vlan
1) VLAN ID: 1
Link-local IPv6 addr: fe80::20c:29ff:feed:7bb5/64
Interfaces : 0/1 LO/1
2) VLAN ID: 20 VLAN Alias Name:
Interfaces : 1/1
IPs :
192.168.20.10 Mask: 255.255.255.0
3) VLAN ID: 100 VLAN Alias Name:
Interfaces : 1/2
IPs :
172.16.100.10 Mask: 255.255.255.0
Done
>
3) Add the real web servers.
We will have 2 separate pools of servers and 1 default server to be shared between the 2 pools.
> add server pool1_srv1 172.16.100.1
Done
> add server pool1_srv2 172.16.100.2
Done
> add server pool1_srv3 172.16.100.3
Done
> add server pool1_srv4 172.16.100.4
Done
> add server pool1_default 172.16.100.5
Done
> add server pool2_srv1 172.16.100.21
Done
> add server pool2_srv2 172.16.100.22
Done
> add server pool2_srv3 172.16.100.23
Done
> add server pool2_srv4 172.16.100.24
Done
> add server pool2_default 172.16.100.25
Done
> sh server
1) Name: pool1_srv1 State:ENABLED
IPAddress: 172.16.100.1
2) Name: pool1_srv2 State:ENABLED
IPAddress: 172.16.100.2
3) Name: pool1_srv3 State:ENABLED
IPAddress: 172.16.100.3
4) Name: pool1_srv4 State:ENABLED
IPAddress: 172.16.100.4
5) Name: pool2_srv1 State:ENABLED
IPAddress: 172.16.100.21
6) Name: pool2_srv2 State:ENABLED
IPAddress: 172.16.100.22
7) Name: pool2_srv3 State:ENABLED
IPAddress: 172.16.100.23
8) Name: pool2_srv4 State:ENABLED
IPAddress: 172.16.100.24
9) Name: pool1-2_default State:ENABLED
IPAddress: 172.16.100.25
Done
>
4) Create the 1st service group, vserver and monitor.
We don't need an IP on the vserver when it is working behind a content switching virtual server.
> add servicegroup SG_pool1 HTTP
Done
> add lb vserver VS_pool1 HTTP -lbmethod ROUNDROBIN
Done
> add lb monitor MON_pool1 HTTP
Done
>
5) Glue all virtual server elements together.
Bind the vserver, the monitor and the real servers all to the service group.
> bind lb vserver VS_pool1 SG_pool1
Done
> bind servicegroup SG_pool1 pool1_srv1 80
Done
> bind servicegroup SG_pool1 pool1_srv2 80
Done
> bind servicegroup SG_pool1 pool1_srv3 80
Done
> bind servicegroup SG_pool1 pool1_srv4 80
Done
> bind servicegroup SG_pool1 -monitorName MON_pool1
Done
6) Create the 2nd service group/vserver/monitor and bind everything to the 2nd service group.
add servicegroup SG_pool2 HTTP
add lb vserver VS_pool2 HTTP -lbmethod ROUNDROBIN
add lb monitor MON_pool2 HTTP
bind lb vserver VS_pool2 SG_pool2
bind servicegroup SG_pool2 pool2_srv1 80
bind servicegroup SG_pool2 pool2_srv2 80
bind servicegroup SG_pool2 pool2_srv3 80
bind servicegroup SG_pool2 pool2_srv4 80
bind servicegroup SG_pool2 -monitorName MON_pool2
Status checks on the 2 service groups.
Servicegroup status - we have the monitors and servers up.
> sh servicegroup -summary
-----------------------------------------------------------------------------------------
Name State TCP Buff HTTP Cmp Max Bandwidth SC SP ProtType
-----------------------------------------------------------------------------------------
1 SG_pool1 ENABLED NO NO 0 OFF OFF HTTP
2 SG_pool2 ENABLED NO NO 0 OFF OFF HTTP
Done
>
> sh servicegroup SG_pool1 | grep -E UP|ENABLED
State: ENABLED Effective State: UP Monitor Threshold : 0
Down state flush: ENABLED
Appflow logging: ENABLED
1) Monitor Name: MON_pool1 State: ENABLED Weight: 1 Passive: 0
1) 172.16.100.1:80 State: UP Server Name: pool1_srv1 Server ID: None Weight: 1
Monitor Name: MON_pool1 State: UP Passive: 0
2) 172.16.100.2:80 State: UP Server Name: pool1_srv2 Server ID: None Weight: 1
Monitor Name: MON_pool1 State: UP Passive: 0
3) 172.16.100.3:80 State: UP Server Name: pool1_srv3 Server ID: None Weight: 1
Monitor Name: MON_pool1 State: UP Passive: 0
4) 172.16.100.4:80 State: UP Server Name: pool1_srv4 Server ID: None Weight: 1
Monitor Name: MON_pool1 State: UP Passive: 0
>
> sh servicegroup SG_pool1 | grep 'UP\|ENABLED'
State: ENABLED Effective State: UP Monitor Threshold : 0
Down state flush: ENABLED
Appflow logging: ENABLED
1) Monitor Name: MON_pool1 State: ENABLED Weight: 1 Passive: 0
1) 172.16.100.1:80 State: UP Server Name: pool1_srv1 Server ID: None Weight: 1
Monitor Name: MON_pool1 State: UP Passive: 0
2) 172.16.100.2:80 State: UP Server Name: pool1_srv2 Server ID: None Weight: 1
Monitor Name: MON_pool1 State: UP Passive: 0
3) 172.16.100.3:80 State: UP Server Name: pool1_srv3 Server ID: None Weight: 1
Monitor Name: MON_pool1 State: UP Passive: 0
4) 172.16.100.4:80 State: UP Server Name: pool1_srv4 Server ID: None Weight: 1
Monitor Name: MON_pool1 State: UP Passive: 0
>
7) Add a content switch virtual server.
> add cs vserver CS_web HTTP 192.168.20.100 80
Done
>
> sh cs vserver
1) CS_web (192.168.20.100:80) - HTTP Type: CONTENT
State: UP
Last state change was at Sun Apr 18 02:45:10 2021
Time since last state change: 0 days, 00:00:06.810
Client Idle Timeout: 180 sec
Down state flush: ENABLED
Disable Primary Vserver On Down : DISABLED
Appflow logging: ENABLED
Port Rewrite : DISABLED
State Update: DISABLED
Default: Content Precedence: RULE
Vserver IP and Port insertion: OFF
L2Conn: OFF Case Sensitivity: ON
Authentication: OFF
401 Based Authentication: OFF
Push: DISABLED Push VServer:
Push Label Rule: none
Listen Policy: NONE
IcmpResponse: PASSIVE
RHIstate: PASSIVE
Traffic Domain: 0
Done
>
8) Add CS actions to redirect to virtual servers.
Action CSACT1_pool1 redirects traffic to the internal virtual server VS_pool1.
Action CSACT1_pool2 redirects traffic to the internal virtual server VS_pool2.
> add cs action CSACT1_pool1 -targetLBVserver VS_pool1
Done
> add cs action CSACT1_pool2 -targetLBVserver VS_pool2
Done
9) Add CS policies.
We will direct traffic to pool1 via the action CSACT1_pool1 if the client source ip is 192.168.20.50.
We will direct traffic to pool2 via the action CSACT1_pool2 if the client source ip is 192.168.20.60
> add cs policy CSPOL_pool1 -rule CLIENT.IP.SRC.EQ(192.168.20.50) -action CSACT1_pool1
Done
> add cs policy CSPOL_pool2 -rule CLIENT.IP.SRC.EQ(192.168.20.60) -action CSACT1_pool2
Done
10) Bind the 2 policies to the content switch.
> bind cs vserver CS_web -policyName CSPOL_pool1 -priority 10
Done
> bind cs vserver CS_web -policyName CSPOL_pool2 -priority 20
Done
>
Show commands before we generate any traffic
> sh cs vserver CS_web
CS_web (192.168.20.100:80) - HTTP Type: CONTENT
State: UP
Last state change was at Sun Apr 18 02:47:54 2021
Time since last state change: 0 days, 01:34:06.20
Client Idle Timeout: 180 sec
Down state flush: ENABLED
Disable Primary Vserver On Down : DISABLED
Appflow logging: ENABLED
Port Rewrite : DISABLED
State Update: DISABLED
Default: Content Precedence: RULE
Vserver IP and Port insertion: OFF
L2Conn: OFF Case Sensitivity: ON
Authentication: OFF
401 Based Authentication: OFF
Push: DISABLED Push VServer:
Push Label Rule: none
Listen Policy: NONE
IcmpResponse: PASSIVE
RHIstate: PASSIVE
Traffic Domain: 0
1) Content-Switching Policy: CSPOL_pool1 Priority: 10 Hits: 0
2) Content-Switching Policy: CSPOL_pool2 Priority: 20 Hits: 0
Done
>
> sh cs action
1) Name: CSACT1_pool1
Target LB Vserver: VS_pool1
Hits: 0
Undef Hits: 0
Action Reference Count: 1
2) Name: CSACT1_pool2
Target LB Vserver: VS_pool2
Hits: 0
Undef Hits: 0
Action Reference Count: 1
Done
>
> sh cs policy
1)
Policy: CSPOL_pool1 Rule: CLIENT.IP.SRC.EQ(192.168.20.50) Action: CSACT1_pool1
Hits: 0
2)
Policy: CSPOL_pool2 Rule: CLIENT.IP.SRC.EQ(192.168.20.60) Action: CSACT1_pool2
Hits: 0
Done
>
11) Configure a default policy for the content switch.
This will take effect if we get no policy matches. I.e if the source IP is not 192168.20.50/.60.
We will re-use the existing monitor from pool2.
Currently we have no default.
> sh cs vserver CS_web | grep Default
Default: Content Precedence: RULE
>
Add all config required for the default content switch policy to work.
add server pool1-2_default 172.16.100.25
add servicegroup SG_pool1-2_default HTTP
add lb vserver VS_pool1-2_default HTTP
bind lb vserver VS_pool1-2_default SG_pool1-2_default
bind servicegroup SG_pool1-2_default pool1-2_default 80
bind servicegroup SG_pool1-2_default -monitorName MON_pool2
bind cs vserver CS_web -lbvserver VS_pool1-2_default
After we enter all that in lets check for the default action.
> sh cs vserver CS_web | grep Default
Default: VS_pool1-2_default Content Precedence: RULE
1) Default Target LB: VS_pool1-2_default Hits: 0
>
12) Test access.
We access the CS IP 192.168.20.100 from an IP that is not in either policy and also from 192168.20.50/.60. We can see the 2 polices plus the default get hits.
> sh cs vserver CS_web | grep Hits
1) Content-Switching Policy: CSPOL_pool1 Priority: 10 Hits: 211
2) Content-Switching Policy: CSPOL_pool2 Priority: 20 Hits: 255
1) Default Target LB: VS_pool1-2_default Hits: 197
>
13) Check CS VS stats.
> stat cs vserver CS_web
Vserver Summary
IP port Protocol State
CS_web 192.168.20.100 80 HTTP UP
VServer Stats:
Rate (/s) Total
Vserver hits 22 1331
Requests 22 1331
Responses 22 1331
Request bytes 8978 544041
Response bytes 702806 27097449
Total Packets rcvd 282 13020
Total Packets sent 566 23729
Current client connections -- 129
Current Client Est connections -- 0
Current server connections -- 0
Spill Over Threshold -- 0
Spill Over Hits -- 0
Labeled Connection -- 0
Push Labeled Connection -- 0
Deferred Request 0 0
Invalid Request/Response -- 0
Invalid Request/Response Dropped -- 0
Vserver Down Backup Hits -- 0
Current Multipath TCP sessions -- 0
Current Multipath TCP subflows -- 0
Apdex for client response times. -- 1.00
Average client TTLB -- 7
> sh cs policy -summary
------------------------------------------------------------------------------------------------------
Name URL Expression Domain Action Hits
------------------------------------------------------------------------------------------------------
1 CSP...ool1 CLIENT.I...68.20.50) CSACT1_pool1 475
2 CSP...ool2 CLIENT.I...68.20.60) CSACT1_pool2 310
Done
>
> sh cs action -summary
----------------------------------------------------------------------------------------------
Name TargetLBVserver TargetVserver TargetLBVserverExpression Comment Hits UndefHits ReferenceCount
----------------------------------------------------------------------------------------------
1 CSA...ool1 VS_pool1 475 0 1
2 CSA...ool2 VS_pool2 310 0 1
Done
>
14) All config commands used.
add ns ip 192.168.20.10 255.255.255.0 -type SNIP
add ns ip 172.16.100.10 255.255.255.0 -type SNIP
add vlan 20
add vlan 100
bind vlan 20 -ifnum 1/1
bind vlan 20 -ipaddress 192.168.20.10 255.255.255.0
bind vlan 100 -ifnum 1/2
bind vlan 100 -ipaddress 172.16.100.10 255.255.255.0
add server pool1_srv1 172.16.100.1
add server pool1_srv2 172.16.100.2
add server pool1_srv3 172.16.100.3
add server pool1_srv4 172.16.100.4
add server pool2_srv1 172.16.100.21
add server pool2_srv2 172.16.100.22
add server pool2_srv3 172.16.100.23
add server pool2_srv4 172.16.100.24
add server pool1-2_default 172.16.100.25
add servicegroup SG_pool1 HTTP
add lb vserver VS_pool1 HTTP -lbmethod ROUNDROBIN
add lb monitor MON_pool1 HTTP
bind lb vserver VS_pool1 SG_pool1
bind servicegroup SG_pool1 pool1_srv1 80
bind servicegroup SG_pool1 pool1_srv2 80
bind servicegroup SG_pool1 pool1_srv3 80
bind servicegroup SG_pool1 pool1_srv4 80
bind servicegroup SG_pool1 -monitorName MON_pool1
add servicegroup SG_pool2 HTTP
add lb vserver VS_pool2 HTTP -lbmethod ROUNDROBIN
add lb monitor MON_pool2 HTTP
bind lb vserver VS_pool2 SG_pool2
bind servicegroup SG_pool2 pool2_srv1 80
bind servicegroup SG_pool2 pool2_srv2 80
bind servicegroup SG_pool2 pool2_srv3 80
bind servicegroup SG_pool2 pool2_srv4 80
bind servicegroup SG_pool2 -monitorName MON_pool2
add cs vserver CS_web HTTP 192.168.20.100 80
add cs action CSACT1_pool1 -targetLBVserver VS_pool1
add cs action CSACT1_pool2 -targetLBVserver VS_pool2
add cs policy CSPOL_pool1 -rule CLIENT.IP.SRC.EQ(192.168.20.50) -action CSACT1_pool1
add cs policy CSPOL_pool2 -rule CLIENT.IP.SRC.EQ(192.168.20.60) -action CSACT1_pool2
bind cs vserver CS_web -policyName CSPOL_pool1 -priority 10
bind cs vserver CS_web -policyName CSPOL_pool2 -priority 20
add server pool1-2_default 172.16.100.25
add servicegroup SG_pool1-2_default HTTP
add lb vserver VS_pool1-2_default HTTP
bind lb vserver VS_pool1-2_default SG_pool1-2_default
bind servicegroup SG_pool1-2_default pool1-2_default 80
bind servicegroup SG_pool1-2_default -monitorName MON_pool2
bind cs vserver CS_web -lbvserver VS_pool1-2_default
> sh ver
NetScaler NS12.1: Build 61.19.nc, Date: Mar 8 2021, 09:45:59 (64-bit)
Done
>
