From within a Virtual Service, one or more ‘Sub-Virtual Services’ (SubVSs) can be created. SubVSs are useful when there are complex applications that require a larger number of Virtual Services. SubVSs may be used for certain configurations such as Exchange or Citrix.
This document describes how to add and configure SubVSs on the LoadMaster using the LoadMaster Web User Interface (WUI).
This document is intended to help anyone who wishes to learn about or implement SubVSs on their LoadMaster configuration.
Using SubVSs has many advantages, such as:
SubVSs are linked to, and use the IP address of, the ‘parent’ Virtual Service.
Using SubVSs reduces the number of IP addresses required by applications such as Lync or Exchange
SubVSs are always transparent to the main Virtual Service
SubVSs may have different settings (such as content rules) to the parent Virtual Service and to each other
Using a SubVS provides the ability to have content switching and persistency on the same Virtual Service
Using a SubVS gives the ability to perform multiple health checks on the same Virtual Service
There are a few prerequisites/points to note before setting up a SubVS:
- Before a SubVS can be added, you must set up a Virtual Service. For steps on how to add a Virtual Service, refer to the Virtual Services and Templates, Feature Description on the Documentation Page.
- Real Servers and SubVSs cannot be associated with the same Virtual Service. A SubVS can only be added to a Virtual Service if there are no Real Servers set up on it already. A Real Server can be associated with a SubVS if required.
- Users with the Virtual Services permission cannot add a SubVS. Users with the Real Server permission can add a SubVS.
- SubVS functionality is only available on version 7.0-4 or later of the LoadMaster.
- There cannot be a SubVS of a SubVS.
To add, modify or delete a SubVS, follow the steps below:
1. Log in to the relevant Virtual LoadMaster (VLM).
2. In the main menu, click Virtual Services and select View/Modify Services.
3. Click the Modify button on the relevant Virtual Service.
To add a SubVS, go to the Add a SubVS section.
To modify a SubVS, go to the Modify a SubVS section.
To delete a SubVS, go to the Delete a SubVS section.
Following on from the steps in the Add/Modify/Delete a SubVS section, continue with the steps below.
1. Expand the Real Servers section (if there are already SubVSs on this Virtual Service this section will be called SubVSs).
2. Click the Add SubVS… button (or Add New … button if this is not the first SubVS to be added to this Virtual Service).
3. A success message will appear, as illustrated in the above screenshot. Click the OK button.
When the first SubVS is added to a Virtual Service the Real Servers section will be replaced with the SubVSs section in the Virtual Services configuration page. Any SubVSs of the relevant Virtual Service will be listed in this section.
Following on from the Add/Modify/Delete a SubVS section, continue with the steps below:
1. Expand the SubVSs section.
2. Click Modify.
When the Modify button is clicked a configuration screen for the SubVS appears. This contains a subset of the configuration options that a normal Virtual Service has.
For a description of SubVS specific fields, refer to the SubVS WUI Options section.
For a description of the other (non-SubVS specific) fields and options, refer to the Web User Interface (WUI), Configuration Guide on the Documentation Page.
For steps on how to configure a Virtual Service, refer to the Virtual Services and Templates, Feature Description on the Documentation Page.
When a SubVS is added to a Virtual Service, the Transparency setting on the Virtual Service is enabled and cannot be changed. This is because the Virtual Service forwards the client request transparently to the SubVS. The Transparency setting on the SubVS can be enabled or disabled as required.
The SSL Acceleration and Reencrypt options must be set in the parent Virtual Service, not in the SubVS. If these options are enabled, data is decrypted, then passed to the SubVS and re-encrypted on the way out of the SubVS.
For Exchange, we recommend that the Edge Security Pack (ESP) and Web Application Firewall (WAF) is not enabled on the parent service but instead is enabled in the SubVSs.
When using SNMP monitoring of ESP-enabled Virtual Services that were created using a template, ensure to monitor each SubVS directly rather than relying on the master service. This is because the Authentication Proxy sub-service will always be marked as up and, as a consequence, so will the master service.
Following on from the Add/Modify/Delete a SubVS section, continue with the steps below to delete a SubVS:
1. Expand the SubVSs section.
2. On the SubVS that is to be deleted, click the Delete button.
3. Click OK.
The SubVS will be deleted. If this SubVS was the only SubVS on the Virtual Service, the SubVSs section will change back to the Real Servers section.
A parent Virtual Service can only be deleted if its SubVSs have all been deleted.
Most of the fields in the SubVS properties screen are the same as the ones used for a normal Virtual Service.
For a description of the other fields and options, refer to the Web User Interface (WUI), Configuration Guide on the Documentation Page.
See below for descriptions of the SubVS specific fields.
You can click Duplicate SubVS to create a duplicate SubVS within the same Virtual Service. All SubVS configuration settings are copied to the duplicate SubVS.
When you click Duplicate SubVS, a pop-up message appears like "SubVS duplicated, SubVS Id:4, RS Id: 3". Click OK to close the pop-up. A SubVS has both a Virtual Service ID (SubVS Id) and a Real Server ID (RS Id).
The SubVS Id in the message refers to the Virtual Service ID. You can see this ID in the heading at the top of the SubVS modify screen for the relevant SubVS.
The RS Id refers to the Real Server Id - but for SubVSs this Real Server Id is used to identify the SubVS in the SubVSs section of the Virtual Service modify screen.
In some scenarios, when using the Application Programming Interface (API), you need to use the Virtual Service Index of the SubVS but in other scenarios you need to use the Real Server Id of a SubVS. For further details, refer to the RESTful API Interface Description, PowerShell Interface Description, or PowerShell command help text.
SubVS Name: An identifiable name for the SubVS. This field is optional but we recommend that SubVSs are named as it may get confusing if several SubVSs exist.
In addition to the usual alphanumeric characters, the following ‘special’ characters can be used as part of the Service Name:
. @ - _
However, there must be at least one alphanumeric character before the special characters.
SubVS Type: Setting this controls the options displayed for the SubVS. It’s important to make sure the SubVS Type is set according to the type of application is being load balanced.
SubVS Weight: This will be used when determining the priority of the SubVS.
SubVS Limit: This is the maximum number of connections that can be forwarded to this SubVS before it is taken out of rotation from the main Virtual Service. The maximum limit is 100,000.
SubVS Rate Limit: This is the maximum number of connections per second that can be forwarded to this SubVS before it is taken out of rotation from the main Virtual Service. The maximum limit is 100,000.
Reencryption SNI Hostname: In LoadMaster firmware version 7.2.52 and above, it is possible to set a Reencryption SNI Hostname at the SubVS level. If this is set in a SubVS, this overrides the parent Virtual Service value and/or the received SNI value.
This field is only visible when SSL re-encryption is enabled.
Unless otherwise specified, the following documents can be found at: http://kemptechnologies.com/loadmaster-documentation
This document was last updated on 01 March 2023.