Exposing multiple IIS web applications using single domain url using F5

We have about 50+ small ASP.Net web applications each with their own domain name and web servers.

We have consolidated them into 3 web servers as now, and they continue to have their own IIS web site + app pool + domain name (using host headers) + a SAN cert, load balanced using F5.

We will deploy 10+ new ASP.Net applications into the same infra soon. To scale the model we would like to have a single domain name like https://apps.mycompany.com/ and serve each application using the following URL scheme:

• https://apps.mycompany.com/app1 for app1
• https://apps.mycompany.com/app2 for app2
• .
• .
• https://apps.mycompany.com/appN for appN

We use IIS (web server) and F5(load balancer). I would like to know what is most efficient + scalable way to achieve this?

1 Answers

Answers 1

I would set up each application as a Web Application under one IIS site. You can still keep separate directories and separate application pools, but they become nested as (aliased) subdirectories under the one site.

Use IIS Shared Configuration and DFS Replication (or some other shared storage system for web files) to keep your ASP.NET application files in sync between all three servers.

The F5 load balancer can be configured to route traffic between the three servers, now that they all have the same configuration and data.

This gives you an efficiently-managed, fault-tolerant, performant web server farm with minimal effort on the part of the administrator.

Read More

Scapy - How to Dissect an Ethernet Trailer field

I'm using the F5 Networks Big-IP products, which are appending a custom Ethernet II trailer frame for debugging purposes. I'm trying with Scapy to bind a new layer for this trailer, but I'm unable to do so.

I can see the payload of interest in the Padding field but using bind_layers does not perform proper dissection of the required Padding section.

class MyEthTrailer(Packet):     name = "Ethernet Trailer"     fields_desc = [ ####Fields Mapping Section ]     def dissect(self, s):         self.payl,self.pad = self.extract_padding(s)         s = self.do_dissect(self.pad) 

One solution I was thinking was to create a new Ethernet replacement class (or overloaded), which I can then refers to the typical Ethernet payload and my new trailer. But I'm not a super Python/scapy programmer, and I am not certain if this is the best option.

This is how Scapy currently maps my packet after I apply bind_layers(TCP,MyEthTrailer). The info I should have parse is in the Padding class

<Ether  dst=00:00:00:00:00:00 src=00:00:00:00:00:01 type=0x8100 |<Dot1Q  prio=0L id=0L vlan=01L type=0x800 |<IP  version=4L ihl=5L tos=0x0 len=67 id=1 flags=DF frag=0L ttl=255 proto=tcp chksum=0x01 src=10.0.0.1 dst=10.0.1.1 options=[] |<TCP  sport=1111 dport=https seq=1 ack=1 dataofs=5L reserved=0L flags=PA window=4380 chksum=0xb718 urgptr=0 options=[] |<MyEthTrailer  |<Padding  load='\xPayload of MyEtherTrailer' |>>>>>> 

[UPDATE-1]

I can force decoding a TCP SYN packet by calling :

packet[TCP].decode_payload_as(MyEthTrailer) 

However, the bind_layers method, does not seem to work automatically, and this does not work with more complex packet because it's mixing up TCP Padding with MyEthTrailer payload.

[UPDATE-2]

I got it partly working, but every packet needs to be casted properly, then I can read the trailer payload and decode it. For example if a packet is TCP/DNS/MyEthTrailer, this will work. If I don't know it's DNS, and it's not set up properly, it's still mixed in in TCP payload and Padding.

Your help is appreciated.

0 Answers

Read More