A sorry-server responding if all services are down

A

This is something, people tend to ask for: A sorry server responding with a meaningful message in case all services are down. It’s an easy task to do, so I decided to write a quick guide on how to create a setup like that.

What we need

A load-balancing vServer does not respond, as soon as all services are down. However, there are “protection Servers”. And that’s what I will use.

The protection server

Is a dummy server. It actually has no content. The only job it has is to be always up. The service is pointing to nowhere (I’ll use an APIPA address in 169.254.0.0/16 subnet) and got health monitoring disabled.

The service

add service svc_always_up 169.254.0.1 HTTP 80 -healthMonitor NO

Citrix ADC / NetScaler: A service that's always up

The IP address, 169.254.0.1, is an IP address in the link-local network, 169.254.0.0/16 (also known as APIPA), and can’t get routed. Sometimes, we see “Always Up Services” using 1.1.1.1 or similar IP addresses, but that’s absolutely wrong, as they are available on the internet.

Don’t forget to turn health monitoring off (click at more, if you don’t see the full dialogue)

The lb vServer

Will be a “non-addressable vServer”, as connections to it, coming from outside the Citrix ADC / NetScaler is not desired.

add lb vserver lb_vs_dummy HTTP

Citrix ADC / NetScalewr: A non-addressable vServer

The type of vServer has to be HTTP. SSL would be possible as well, but it does not make sense to encrypt/decrypt traffic inside the ADC. There is absolutely no security risk. That’s why I use HTTP.

bind lb vserver lb_vs_dummy svc_always_up

Citrix ADC / NetScaler: Binding the dummy service

Citrix ADC / NetScaler: Binding the dummy serviceThe status of the vServer should show “up” as soon as the service is bound.

Citrix ADC / NetScaler: The status of vServers

The responder policy

The responder policy needs to be of type RESPONDWITHHTMLPAGE. I created an HTML page and inserted it.

The HTML page to respond with

Go to AppExpert → Responder → HTML Page Imports. Import your HTML-Page. I named mine respond_with_sorry. This is a very primitive version of a sorry page.

Citrix ADC / NetScaler: Importing an HTML page to use in responder policies

<html>
  <head>
    <title>Sorry, we are down for maintainence</title>
  </head>
  <body>
    <h1>Sorry, down for maintainence</h1>
    <p>There is a scheduled maintainence window right now, that's why this server is down.<br>Try again in half an hour.</p>
  </body> 
</html>

Citrix ADC / NetScaler: Create an HTML page to be used in an responder policy
Citrix ADC / NetScaler: Create an HTML page to be used in an responder policy
Of yourse, you could also import the HTML page from local file-system or from a web-server.

The responder action

add responder action res_act_respond_with_sorry respondwithhtmlpage respond_with_sorry -responseStatusCode 200

Citrix ADC / NetScaler: Responder action to respond with an HTML page

The responseStatusCode may be anything, a 200 OK is good, a 500 (internal server error) or 503 (service unavailable), would be a bit more honest, something like a 404 (not found) or a 418 (I’m a tea-pot) would be a bit confusing.

The responder policy

add responder policy res_pol_respondwithsorry true res_act_respond_with_sorry

Citrix ADC / NetScaler: Responder policy to respond with an HTML page

The expression of this policy should be a simple true value (I’m not a big fan of HTTP.REQ.IS_VALID, as it means more overhead and absolutely does not make sense, the validity of the request is not relevant, we want to do this always)


Binding it all together

Binding the responder policy to the dummy vServer

bind lb vserver lb_vs_dummy -weight 1 -policyName res_pol_respondwithsorry -priority 100 -gotoPriorityExpression END

Citrix ADC / NetScaler: Binding the responder policy

Open the vServer and click Policies

Citrix ADC / NetScaler: Binding the responder policy

Select Responder

Citrix ADC / NetScaler: Binding the responder policy

select the policy we just created and click bind

Setting the dummy vServer as a failover server to the actual vServer

set lb vserver lb_vsrv_colors_ssl -IPAddress 192.168.229.100 -backupVServer lb_vs_dummy

Citrix ADC / NetScaler: setting a failover vServer

Select protection from the far right side

Citrix ADC / NetScaler: setting a failover vServer

Set the dummy vServer as a failover vServer.

That’s it. Give it a try: Disable the existing vServer and surf to it, you will see the sorry page!


About the author

Johannes Norz

Johannes Norz is a Citrix Certified Citrix Technology Advocate (CTA), Citrix Certified Instructor (CCI) and Citrix Certified Expert on Application Delivery and Security.

He frequently works for Citrix international Consulting Services and several education centres all around the globe.

Add comment

Recent Posts

Recent Comments