Hi,

Thanks for that, not a bad idea.. Sadly we don't have any hardware load balancers in the environment as I know that we would have various options then as they inevitibly would be much "smarter" and properly location aware.

The JPG idea is definatly feasible, equally it occured to me that I could include in a custom template a reference to the cluster status page, wouldn't be massively elegant but would at least give me something. I'll have a play with a custom template and see if that gets us anywhere..

All other ideas/opinions still greatfully recieved..

Thanks again

Kendal

You can configure a custom login page and via the template toolkit do things on the server side.

Here is the code:

<% USE CGI %>
<% CGI.server_name() %>

And here are the other cgi variables you could display:

DOCUMENT_ROOT The root directory of your server
HTTP_COOKIE The visitor's cookie, if one is set
HTTP_HOST The hostname of the page being attempted
HTTP_REFERER The URL of the page that called your program
HTTP_USER_AGENT The browser type of the visitor
HTTPS "on" if the program is being called through a secure server
PATH The system path your server is running under
QUERY_STRING The query string (see GET, below)
REMOTE_ADDR The IP address of the visitor
REMOTE_HOST The hostname of the visitor (if your server has reverse-name-lookups on; otherwise this is the IP address again)
REMOTE_PORT The port the visitor is connected to on the web server
REMOTE_USER The visitor's username (for .htaccess-protected pages)
REQUEST_METHOD GET or POST
REQUEST_URI The interpreted pathname of the requested document or CGI (relative to the document root)
SCRIPT_FILENAME The full pathname of the current CGI
SCRIPT_NAME The interpreted pathname of the current CGI (relative to the document root)
SERVER_ADMIN The email address for your server's webmaster
SERVER_NAME Your server's fully qualified domain name (e.g. www.cgi101.com)
SERVER_PORT The port number your server is listening on
SERVER_SOFTWARE The server software you're using (e.g. Apache 1.3)

Unfortunately, as you have found out through contacting JTAC it sounds, there is nothing on the IVE that will allow you to do this; there is no <HOSTNAME>, or similar, variable that can be used.

In addition, as you are aware from the same JTAC conversations, DNS load balancing is not supported on the SA devices. Is there a specific reason for using a cluster rather than separate nodes (other than ease of configuration parity)?

Hi JJH, thanks for your contribution, another poster seems to contradict you but I will give it a try in anycase as i've nothing to lose really.

Hi Zanyterp,

Things weren't looking good, hence I was looking for the more left-field solutions.

We are not strictly using DNS to Loadbalance, only for failover should our the primary site fail and even then it is not instanionous (about 8mins of downtime in our testing so far). Suggesting that Juniper don't support DNS Load balancing is like saying you don't support DNS. the SA is oblivious is to what is happening externally to it, for that reason we have to have a solution to provide geographic failover since Juniper dropped the DX (at mine and my customers extreme invconvience and cost). Having seperate nodes doesn't make sense in most cases as it increases the admin workload and the likelihood of an introduced configuration error occuring. Furthermore, despite the cluster license changes in version 7.0 (which the last time I looked still weren't adequatly documented) seperate nodes without local load balancers doesn't give the same guarentees as having a shared cluster across two locations. Specifcally, in the new licenseing there is a 5 day grace period before the license count drops back the surving nodes capacity. This means that we either have to double the licensing that we need, accept that during an outage 50% of capacity will be lost, or purchase ICE licesening at signifncant cost. The problem for us is that some customers we have a 2 week wait time before we can get into there data centre (crazy I know). We have recently had a problem with a cluster node which would intermittetly crash and require a cold boot before restarting, the case went on for 4 months before the issue was resolved, during that time would have been at 50% capacity for most of the duration. Whilst the new licesning scheme offers a new solution, it's not going to be right for everyone and I think a lot of -CL licenses will still be sold.

The primary reason we have DNS failover versus local balancers is cost; an in the cloud service costs about $4000/year to maintain, the cheapest, nastiest hardware load balancers I could find which met the spec were ~$20,000 all in for the first year, the preffered F5 solution was ~$60,000.

Please see this KB http://kb.pulsesecure.net/KB17848 for more information on why DNS load balancing is not a supported configuration.