Application Request Routing and URL Rewrite – PART 1(Server Farms)
In my previous blogs I had mentioned how we can use URL rewrite without ARR in picture. In the next series of upcoming blogs I will be discussing how we can leverage ARR and URL rewrite with ARR.
ARR is an out of band module available for IIS 7.x and onwards.
ARR can be used for below purposes.
1) As a load balancer when you want to load balance requests between multiple servers.
2) As a reverse proxy where your web servers are hidden from the internet world.
3) It can also be used for platform provisioning and application provisioning(by this I mean keeping configuration and features installed on top of IIS in sync between multiple servers) with the help of web deploy(which is famously know as web farm framework WFF). WFF is not tested completely from IIS 8 and onwards.
In this series we will discuss 1) and 2). First we will concentrate on how we can use ARR as a load balancer.
ARR as a load balancer
Before going ahead and using ARR as a load balancer. Let’s get familiarized with the options present in the ARR server farms UI which will help us during our discussion.
Below are the important options which we need to familiarize ourselves with when we want to use server farms or ARR as a load balancer.
1) Caching
2) Health Test
3) Load Balance
4) Monitoring and Management
5) Proxy
6) Routing rules
7) Server Affinity
Caching:
This is similar to your IIS caching where you have the above mentioned options. This option will help you in caching content received from the backend server when the content has not been changed.
|
https://technet.microsoft.com/en-us/library/ee731895(WS.10).aspx
Load Balance:
Over here you can specify the algorithm you want to use to perform load balancing and based on what criteria the incoming requests should be split between your web servers. The options present are all standard algorithms and you can find info about these algorithms over internet about how they work. Below are the available algorithm options about load balancing and a brief introduction about them.
- Weighted round robin – Distributes traffic based on the number of incoming requests and their normalized weight. Each server can receive the same distribution of requests or a custom distribution.
- Weighted total traffic – Distributes traffic based on the size of the requests and responses in bytes. Requests are routed so that the amount of data is load balanced. In an even distribution, the server with the least amount of data will receive the next request.
- Least current request – Distributes traffic based on the current number of HTTP requests between ARR and each of the application servers. Requests are routed to the server with the least number of current HTTP requests.
- Least response time – Distributes traffic based on the fastest response time from the servers, which enables the server to respond most quickly.
- Server variable hash – Distributes traffic based on a hashed value of a server variable.
- Query string hash – Distributes traffic based on the hashed value of the query string value. When more than one query string name is specified, the concatenated string of the corresponding query string value is used for the hash.
· Request hash – Distributes traffic based on the hashed value of the configured server variable or URL. For example, if the server variable is QUERY_STRING, the hashed value is based on the names in the request query string.
Proxy:
I forgot to include explanation for Reverse rewrite host in response headers in the image while creating it.
Reverse rewrite host in response headers: This option might not be of much value over here but its a very important setting while having reverse proxy. Imagine the internet exposed url is https://contoso.com and you have the backend servers contoso1 and contoso2. consider an example where you have a redirect status set and in the response location tag is set to https://contoso1/redirectedpage.aspx in web server in respect to the request forwarded from ARR server and this has to be notified to the end client. the client doesn't know who contoso1 is. so before sending the complete response to the client, the ARR server rewrites the host name in the location tag as https://contoso.com/redirectedpage.aspx
Routing Rules:
This is pretty much self-explanatory and you will select “Use URL Rewrite to inspect incoming requests” option to use URL rewrite rules to evaluate requests that come through your server.
Another important option over here is Enable SSL offloading- if you select this option even though the requests from client to ARR server will be over https but while forwarding the requests to backend servers this will happen over http.
Requests with the following extensions are not forwarded: This is a very rarely used but a very good feature which helps you in improving performance. if you specify *.jpg, then it means that any request for .jpg image file will not be sent to the backend server. you can keep the static content like images on ARR server itself. This will add a condition in your rule. you can add this condition manually in your inbound rule as well. the condition will look like below.
Requests with the following patterns are not forwarded: This one is similar to the one mentioned above. when you have contents like templates, images or static content which wont change often then you can keep the copy of it in ARR server itself and then choose not to forward these request and process these request locally on ARR server. I can choose to ignore all the requests containing images in the path from being forwarded. you can manually add such a condition in your inbound rule as well and it will look like below.
Server Affinity:
Client affinity: People might be familiar with the name “sticky sessions” available in most of the hardware load balancers. This option provides the same feature in IIS. When you want the requests to be load balanced to the same server where the first request from the client was routed to for the whole session, you can use the client affinity feature over here.
This feature is advantageous where in your session state is ‘in-proc’ and not available outside the worker process.
Host Name affinity: imagine you have multiple hostnames for a site. based on the hostname used you can decide the affinity. Also if you have 4 servers for load balancing you can control the number of servers the requests can be routed if it comes with a specific hostname.
Monitoring and Management:
This will be your load balancer dashboard where you can monitor the health status and the request statistics, also how the load balancing is happening.
Creating sample to demonstrate load balancing by creating server farm in ARR
Scenario: Let’s consider the scenario where in we have two backend web servers’ contoso1.chiranth.com and contoso2.chiranth.com and one ARR server where we want to load balance the requests for the site “contoso.com” between the two servers.
To achieve the above requirement we have two follow two simple steps.
1) Creating a server farm which will be a container for these two servers
2) Creating URL rewrite rules to monitor the incoming requests and route it accordingly
Creating a server farm:
Creating a server farm is a two-step simple procedure as below.
1) Right click on server farms-> Create new server farm
2) Enter a friendly farm name
3) Add the server which you want to include for load balancing. Over here in our scenario we have 2 servers contoso1 and contoso2
Creating URL rewrite rules for your farm:
After creating the farm 50% of the task is done. Now we will have to configure URL rewrite rules to monitor the requests and route it accordingly. When you create a server farm ARR will prompt you asking if it should create a URL rewrite rule for you. Let’s click on No for that. I will take you through the manual steps for creating the rule.
1) Make sure under routing rules at the server farm level you have the “USE URL REWRITE to inspect incoming requests” option checked.
2) When you are using ARR for either Load balancing or as reverse proxy the URL rewrite rules should be created at the server level. Go to URL Rewrite at the server level.
3) Add rule-> Inbound rules ->Blank rule.
4) I have already explained about the sections in inbound rules and regular expressions in my previous blog. So over here pattern would be ‘ .* ’ i.e, anything and a condition stating that this rule should be executed only when the hostname or HTTP_HOST is contoso.com, action would be “Route to server farm” and under action properties select the appropriate server farm and specify the REQUEST_URI which we have stored as {R:0} from the pattern section in the URL.
The rule will look like below.
5) Click on Apply and you are good to go for testing.
Hope this helps. In next part of my upcoming blog I will discuss how we can use ARR as reverse proxy and how we can go through the troubleshooting if we are facing any issues and the tools that we can make use of.
References:
https://technet.microsoft.com/en-us/library/ee731895(WS.10).aspx
https://technet.microsoft.com/en-us/library/dd443524.aspx
https://technet.microsoft.com/en-us/library/dd443526.aspx
https://technet.microsoft.com/en-us/library/dd443532.aspx
https://technet.microsoft.com/en-us/library/dd443543.aspx
Technorati Tags: ARR,application request routing,urlrewrite,server farms,reverse proxy,caching,load balance,iis,proxy
Comments
- Anonymous
October 06, 2014
In your example, you have 2 webservers: contoso1.chiranth.com and contoso2.chiranth.comHowever you provided 2 application servers with only contoso1 and contoso2.How does the ARR find following?contoso1 -> contoso1.chiranth.comcontoso2 -> contoso2.chiranth.com - Anonymous
October 07, 2014
@Ted: i have mentioned the FQDN of the server contoso1.chiranth.com and contoso2.chiranth.com. in the screenshots that i have put in i just entered the name of the servers(it can be either FQDN or just the name) - Anonymous
April 21, 2015
How would you configure the same setting of https? - Anonymous
April 22, 2015
@Nasir: In the Scheme drop down you just need to select HTTPS if you want to route the requests over https to the backend servers. And in the front end for the requests to listen over https bind the appropriate external certificate to the Default Website running on the specific IP and port 443.Also one more thing to take care of is we need to make sure that if the certificates of the backend server are internal then you need to make sure that the issuers of the certificate are added to the trusted issuers list certificate store in the ARR server - Anonymous
April 23, 2015
Hi Chiranth,Actually I have an F5 load balance which is actually a device not a serverTwo ARR server with a shared configuration.Two App server with a shared configuration connected to the ARR web farm.I have bind both 80 and 433 to my web application with appropriate domain but the problem is that I am only able to access my application using port 80 and not port 433.When I try to access the site using port 443 it gives the following error"An error occurred during a connection to (Domain). SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."Also please advice what is the best practice to install SSL certificate,ARR server or the the f5 load balancer which is actually a physical device.I have very little prior experience working in IIS but never worked on multi-tier model. I would be glad if you can guide me through the steps to solve the above errors and problem.I am on my own here and I am trying from last 5 days but still not able to resolve the problem.Thanks - Anonymous
April 23, 2015
Hi Nasir,ssl_error_rx_record_too_long means there is some issue with the certificate chain.Step 1. Make sure from the ARR server you are able to browse the backend site over HTTPS without any error or warning in IE using the same hostname as you have in the server farm(for eg, like a cert name mismatch or cert is not trusted)Step 2. Make sure the certificate chain is installed properly on the backend server. For eg: if you have got a certificate issued to contoso.com and the issuer or intermediary CA is godaddy intermediate and root CA is godaddy main. you will be able to see this when you open the certificate and go to certification path tab, the one present at the top of the list is the root ca and the ones in between are intermediary ca's. Make sure the intermediary ca's of the certificate on the backend severs are installed in the intermediary certificate store of local computer in mmc of the backend servers as well as the ARR servers and root ca is present in trusted certificate store of local computer in mmc of the backend servers as well as the ARR servers.Step 3. Also follow step 2 for the certificate binded on ARR server and make sure the certificate chain is properly installed on the ARR server and also the client certificate store.Out of the note we are discussing we can also follow a approach so that the front end communication between client->NLB->ARR server can be over https and the requests to the backend servers can be offloaded to http as the backedn servers are not exposed outside.please reply back in case of any queries. - Anonymous
July 13, 2016
Hi Chiranth,Thanks for your nice article.I'm trying to accomplish the following: I have 1 ARR server passing the request to 2 IIS's servers.I need when a request, have on URL the following PluginLogs or log written in the url, it forces the request to go to a specific server. Example of the url: http://contoso.com/PluginLogs/TICKET_SYSTEM_2017/EXCEL_TICKET_SYSTEM_20160713.pngI need to do this because this files are generated in server1 and don't exist on server2. Is this possible to do?Thanks,- Anonymous
July 14, 2016
HI Blucas,http://contoso.com/PluginLogs/TICKET_SYSTEM_2017/EXCEL_TICKET_SYSTEM_20160713.pngso for the above the rule will be likeuse regular expressionsPattern will be ^Pluginlogs.*Action URL will http://server1/{R:0}Hope this helpsregards,Chiranth
- Anonymous
- Anonymous
December 12, 2016
Hi Chiranth . Hope you are doing good.. Thanks for the Article. I have a windows web server working as ARR. The requests will be routed to application server(Apache- Linux). There's a self signed certificate installed on app server which was exported to web server. Now we are planning to get SSL cert from Trusted CA. So we should be installing the cert on Web or App ?- Anonymous
December 18, 2016
HI Rama,i am good. Thanks for asking. hope you are doing good. If you were using the same self signed certificate on the windows machine earlier as well and you want to replace it then yes you have to install over there as well. Also once you install the certificate, make sure the trusted root ca is installed in both the app and web server by checking in cert management console. mmc->certificates->local computer->Trusted root cert. Hope it helps.
- Anonymous
- Anonymous
December 16, 2016
Hi, I have prepared the setup for ARR. In Routing Rule, "Use URL Rewrite to inspect incoming requests" checkbox is checked. When I tried to browse my web application from IIS, it show me IIS7 . And if "Use URL Rewrite to inspect incoming requests" checkbox is unchecked, it browse my web application correctly. Please can you guide why this so? Thanks in Advance.- Anonymous
December 16, 2016
Hi, I have prepared the setup for ARR. In Routing Rule, "Use URL Rewrite to inspect incoming requests" checkbox is checked. When I tried to browse my web application from IIS, it shows me IIS7 image. And if "Use URL Rewrite to inspect incoming requests" checkbox is unchecked, it browse my web application correctly. Please can you guide why this so? Thanks in Advance.- Anonymous
December 18, 2016
i think the rule you have is intercepting all the incoming requests. You need to add a proper rule such that it runs for a specific hostname or pattern and also the action url should be proper. You can check more on the inbound rules in https://blogs.msdn.microsoft.com/chiranth/2014/06/12/url-rewrite-part-2inbound-rules/ALso if you can tell me your inbound rule and what is your exact requirement and architecture in steps, i can assist you further- Anonymous
December 20, 2016
If you don't mind, can i have your cell no. so that I can call you? or you can write me an email on kailasgorane@gmail.com to share your cell no. Thanks in Advance.
- Anonymous
- Anonymous
- Anonymous
December 18, 2016
i think the rule you have is intercepting all the incoming requests. You need to add a proper rule such that it runs for a specific hostname or pattern and also the action url should be proper. You can check more on the inbound rules in https://blogs.msdn.microsoft.com/chiranth/2014/06/12/url-rewrite-part-2inbound-rules/ALso if you can tell me your inbound rule and what is your exact requirement and architecture in steps, i can assist you further
- Anonymous
- Anonymous
December 16, 2016
Hi, I have prepared the setup for ARR. In Routing Rule, "Use URL Rewrite to inspect incoming requests" checkbox is checked. When I tried to browse my web application from IIS, it shows me IIS7 image . And if "Use URL Rewrite to inspect incoming requests" checkbox is unchecked, it browse my web application correctly. Please can you guide why this so? Thanks in Advance.- Anonymous
December 18, 2016
i think the rule you have is intercepting all the incoming requests. You need to add a proper rule such that it runs for a specific hostname or pattern and also the action url should be proper. You can check more on the inbound rules in https://blogs.msdn.microsoft.com/chiranth/2014/06/12/url-rewrite-part-2inbound-rules/ALso if you can tell me your inbound rule and what is your exact requirement and architecture in steps, i can assist you further
- Anonymous
- Anonymous
January 04, 2017
@Chiranth, This is really a good write up. This concept seems to be confusing for so many people, including myself until I read this and your part 2 as well. I've got one question:I'm confused about the hierarchy of the Server Farms. Simply put: if I have another non-IIS webserver running on the same IP (But different port) than IIS - Is that it's OWN server farm, or is that a sub-server? For example, I have a few Python-based web servers that run on the same IP as IIS (however, different ports). I've got them added as their own server farm bound to the internal NIC (LOCALHOST). All is good there - But I don't get how to write the ACTION section of the inbound rule? Action type would be: Route to server farm, however, this only routes to their server farm "NAME", which must be a host (FQDN) (i.e. I can't forward to the same IP but different ports?! )So how do I get around this? Essentially, I just need to expose my internal Python-based web UIs to the WAN via IIS. Possible?Cheers,SV- Anonymous
January 06, 2017
Hi Sean,What you want to achieve is possible. When you add the server in the server farm, after you enter the server name or IP address, in advanced settings below you can change the port number of each server you are adding. If the particular site is the same running on all different servers, you can add the servers in the same server farm just changing the ports. The hostname used will be the same as the external hostname, just that the port and IP information are changed. If you want to see in real time on how th requests are forwarded to the backend local server from ARR server, you can attach fiddler or collect failed request traces and see it. Make sure to detach fiddler from ARR before you close it. The steps on how to attach fiddler is in PART 2 of the same series.Hope this helps.Regards,Chiranth
- Anonymous
- Anonymous
January 17, 2017
Hi, good article.have a question, how to cater for incoming request on non-standard port, for example user needs to type in URL like http://test.com:1234Wondering what condition required to catch the port 1234 - {HTTP_HOST} = test.com:1234 or {HTTP_URL} = test.com:1234 or something else?Thanks- Anonymous
January 17, 2017
@David: If the request is coming on a non-standard port, below are the things we need to take cae of.1) Make sure IIS is listening on the non-standard port i.e, 12342) You can check the port in HTTP_HOST or you can check the port number in the server variable SERVER_PORT . This should be visible in the drop down control of the conditions section in the rule.Hope this helps- Anonymous
January 30, 2017
Do you mean in the Conditions section, add two patterns?1. {SERVER_HOST} = test.com2. {SERVER_PORT} = 1234 - Anonymous
January 30, 2017
I put {HTTP_HOST} = test.com and {SERVER_PORT} = 1234 under the Condition --> Logical Grouping section, but doesn't seem working.When i try http://test.com:1234, it only gives me the default IIS page.
- Anonymous
- Anonymous
- Anonymous
February 22, 2017
The comment has been removed - Anonymous
June 12, 2017
TEST - Anonymous
June 12, 2017
Hi, Chiranth- I have a web service Test.asmx published on an app server Appsrv1 in virtual folder MyService. we use the service directly from the app server like http://Appsrv1/MyService/Test.asmx. we want to do load balancing using ARR. but we are unable to understand the concept of ARR. could you please give some hint how to do the load balancing for web server.Thanks in advance- Anonymous
June 12, 2017
HI Piyush,DO you want to load balance the web service or the actual web server where the service is being accessed from. In any case if you want to setup load balancing between multiple servers. Lets say you configure load balancing between appsrv1 and appsrv2 then create a server farm with these servers in it and have the clients make request to the arr server i.e http://appsrv/MyService/Test.asmx where appsrv is the arr server name. ALso you can set server affinity based on requirements if the request in a particular session should keep on going to the same server. Let me know the specific queries you might have in detail so that I can respond accordingly.Regards,Chiranth- Anonymous
July 20, 2017
Please tell me how to make redirect links to the site and so 6 different links. All links from one site should be redirected to links from another site example: at.home.com/ro/room1/1/2 (room1/2/2;room2/1/2 any) - at.home.com/ro-ro/app/ and at.home.com/ro/job/12/at (/job/b1/at?9; /job/b1/at?4 any) - at.home.com/ro-ro/direct/ ? help me please.- Anonymous
July 20, 2017
Hi Denis,Please correct me if I am not correct in understanding your requirements.You want to redirect any requests coming for at.home.com/ro/room1/1/2 (room1/2/2;room2/1/2 any)-original to at.home.com/ro-ro/app/ (redirected url). If this is a single server and all are applications under the same site, you can follow part 2 of the article, you can look at some of the examples here https://blogs.msdn.microsoft.com/chiranth/2014/06/12/url-rewrite-part-2inbound-rules/Also for your first example you need to create an inbound rule and the pattern would be ro/room.The above pattern is assuming all the requests coming to ro/room1 or ro/room2 or ro/room3. action type would be redirect or rewrite based on your requirements. brief difference between the 2 is here https://blogs.msdn.microsoft.com/chiranth/2014/06/10/url-rewrite-part-1prerequisites/ . And the action url would be at.home.com/ro-ro/app/ . if you want the action url or redirected url to be more dynamic to capture parts of the request_uri, you can use containers () in pattern section and use the {R:} resource variables to get those values in the action url. the examples are present in the article. for example 2 pattern would be ro/job. and then the action url would be at.home.com/ro-ro/direct/ . if you want the query string also to be appended in the redirected url, there is an option at the bootom of the inbound rule section specifying "append query string" option. Please let me know in case of any queries or if my understanding of the problem statement was not correct.
- Anonymous
- Anonymous
- Anonymous