A while ago we bought netscalers to replace our old loadbalancers. For the initial transition the plan is to just treat them like “dumb” L4 ones, and then get into fancy L7 stuff as opportunities arise.
Well right off the bat an opportunity arose. One of our “redo everything” projects (because we have three going) wanted to shunt bits and pieces of the live site off to this new system for a trial-run of a few weeks. They were going to use a subdomain and a slew of redirects, but I openend my mouth and said “hey, we’ve got this content switching thing up our sleeves now.” I thought they’d come up with a half dozen directories and we’d point them at the new system.
Round one was a dozen. Ok, no prob, just make sure its well layed out in the wiki.
Oh but they all need to be re-written on the fly bedcause the backend system uses a slightly different directory structure. The netscalers do this, but they do it as a completely seperate rule, so we have to be very careful to maintain the directories in two seperate places in the config. Still, its do-able, and if this test-run is successful eventually the ruleset will get simplified because most stuff will be moved over.
Then, two nights before the go-live date, we get a new list of paths. 40+ entries. Plus rewrite stuff, its worked out to over ten pages of printed config. Also turns out it blew out the netscaler’s built in character limit on a given policy four fold. So we have it broken up into “project-1, project-2…” policies. This invariably leads to a few typos, and several days of adds and removes of other pages or directories they hadn’t thought of. All during the systems inagural week.
The major downside here is that the complexity has ramped up so much that the only way to document what paths are served from what applications is to flat out paste the config file in the wiki. Thats completely over the heads of the support group and most of the junior sysadmins, so lots of little broken image link and “why isnt my stylesheet working” question filter all the way up to senior sysadmins. Its not even close to supportable at a larger scale.
So, in conclusion, content-switching 101:
- sending /images to one server and /blog to another = good idea
- two hundred lines of regex = bad idea