ePolicy – FortiBalancer

17.4 ePolicy Applications

With ePolicy scripts, an FortiBalancer appliance can be customized to:

  • Balance loads. When being applied to Server Load Balancing (SLB), ePolicy can work as SLB policies and collaborate with SLB methods to realize load balancing among real services.
  • Analyze the packet contents of the HTTP, Simple Object Access Protocol (SOAP), eXtensible Markup Language (XML), and Diameter protocols.
  • Receive, send, analyze, and discard Generic TCP and TCPS packets.
  • Perform pattern matching for txt data
  • Control TCP connections
  • Monitor and take statistics of traffic

17.4.1 SLB Methods Collaborating with ePolicy

In SLB, ePolicy can collaborate with the following methods:

  • Round Robin (rr)
  • Least Connection (lc)
  • Shortest Response (sr)
  • Persistent IP (pi)
  • Hash IP (hi)
  • Hash IP and port (hip)
  • Consistent hash IP (chi)
  • SNMP (snmp)

17.4.2 SLB Polices and ePolicy

In SLB, ePolicy has higher priority than the existing SLB policies. When a virtual service is associated with ePolicy scripts, the SLB policies associated with the virtual service does not take effect.

17.5 ePolicy Configurations

To complete the ePolicy configuration, perform the following steps:

  • Prepare setting and runtime scripts according to events, commands, and command invocation rules.
  • Import setting and runtime scripts.
  • Associate the virtual service with the setting script.
  • Associate the virtual service with the runtime script.

The following takes balancing loads among servers according to HTTP request packet method to describe how to configure ePolicy.

17.5.1 Preparing Setting and Runtime Scripts

The following table shows the contents of the setting and runtime scripts:

Table 17–2 Setting and Runtime Scripts

  Name Content
Setting Script setting_http.tcl message::type http
Runtime Script http_slb.tcl when HTTP_REQUEST_HEADER {

if { [http::method] == “GET” } {         slb::select_server realserver_1

} else {

slb::select_server realserver_2

}

}

In which, “http_slb.tcl”, “realserver_1” and “realserver_2” are the names of SLB real servers.

For detailed information of events, commands, and command invocation rules, contact Customer Support for related documents.

17.5.2 Importing Setting and Runtime Scripts

Ø    CLI:

  1. Execute the following command to import the setting script:

epolicy import setting <url> <setting_script_name>

For example:

FortiBalancer(config)#epolicy import setting http://192.168.10.10/setting_http.tcl setting_http.tcl

  1. Execute the following command to import the runtime script:

epolicy import script <url> <script_name>

For example:

FortiBalancer(config)#epolicy import script http://192.168.10.10/http_slb.tcl http_slb.tcl

17.5.3 Associating the Virtual Service with the Setting Script

Ø    CLI:

Execute the following command to associate the virtual service with the setting script:

epolicy attach setting <vs_name> <setting_script_name>

For example:

FortiBalancer(config)#epolicy attach setting vs_epolicy setting_http.tcl

17.5.4 Associating the Virtual Service with the Runtime Script

Ø    CLI:

Execute the following command to associate the virtual service with the runtime script:

epolicy attach script <vs_name> <script_name>

For example:

FortiBalancer(config)#epolicy attach script vs_epolicy http_slb.tcl

17.5.5 Configuration Results

After the preceding configurations are completed, the FortiBalancer appliance will:

Ÿ   Direct HTTP request packets whose method is GET to real server realserver_1. Ÿ      Direct HTTP request packets with other methods to real server realserver_2.

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.