Understanding Services
Services represent applications on a server. While services are normally combined with vservers, in the absence of a vserver, a service can still manage application-specific traffic. For example, you can create an HTTP service on a NetScaler to represent a Web server application. When the client attempts to access a Web site hosted on the Web server, the NetScaler intercepts the HTTP requests and creates a transparent connection with the Web server.
In service-only mode, a NetScaler functions as a transparent proxy. It terminates client connections, uses the MIP to establish a connection to the server, and translates incoming client requests to the MIP. Although the clients send requests directly to the IP address of the server, the server sees them as coming from the MIP. The NetScaler translates the IP addresses, port numbers, and sequence
numbers.
A service is also a point for applying features. However, only a limited set of features can be configured in the service-only case. Consider the example of SSL acceleration. To use this feature, you must create an SSL service and bind an SSL certificate to the service. When the NetScaler receives an HTTPS request, it decrypts the traffic and sends it, in clear text, to the server.
Services use entities called monitors to track the health of applications. Every service has a default monitor, which is based on the service type, bound to it. As specified by the settings configured on the monitor, the NetScaler sends probes to the application at regular intervals to determine its state. If the probes fail, the NetScaler marks the service as down. In such cases, the NetScaler responds to client requests with an appropriate error message or re-routes the request as determined by the configured load balancing policies.
Understanding Policies and Expressions
A policy defines specific details of traffic filtering and management on a NetScaler. It consists of two parts: the expression and the action. The expression defines the types of requests that the policy matches. The action tells the NetScaler what to do when a request matches the expression. As an example, the expression might be to match a specific URL pattern to a type of security attack, with the action being to drop or reset the connection. Each policy has a priority, and the priorities determine the order in which the policies are evaluated.
When a NetScaler receives traffic to or from any server it manages, the appropriate policy list determines how to process the traffic. Each policy on the list contains one or more expressions, which together define the criteria that a connection must meet to match the policy.
For all policy types except Rewrite policies, a NetScaler implements only the first policy that a request matches, not any additional policies that it might also match. For Rewrite policies, the NetScaler evaluates the policies in order and, in the case of multiple matches, performs the associated actions in that order. Policy priority is important for getting the results you want.
Processing Order of Features
Depending on requirements, you can choose to configure multiple features. For example, you might choose to configure both compression and SSL offload. As a result, an outgoing packet might be compressed and then encrypted before being sent to the client. The following figure shows the interaction and processing order of the NetScalerfeatures.
Processing Order of Features
Depending on requirements, you can choose to configure multiple features. For example, you might choose to configure both compression and SSL offload. As a result, an outgoing packet might be compressed and then encrypted before being sent to the client. The following figure shows the interaction and processing order of the NetScalerfeatures.
No comments:
Post a Comment