Scott Hanselman

New Modules for IIS7: Application Request Routing - Proxy and Load Balancing Module

July 15, '08 Comments [12] Posted in IIS
Sponsored By

image I really like the IIS7 team at Microsoft. They're cool people, but the what I like is that IIS7 is so freaking modular (I've talked about this at conferences before when showing how to use PHP and Ruby under IIS7 using FastCGI) that the group keeps bringing out new functionality as "OOB" or Out Of Band releases.

Bill Staples as a good post on how IIS7 ships software now. There's a big list of all the Release to Web (RTW) modules for IIS7. I demo'ed a the Bit Rate Throttler at TechEd and talked about it in a post on"Squeezing the most out of IIS7 Media Bit Rate Throttling which can help people save bandwidth money while hosting downloadable files/media.

This week the IIS7 team put out three new preview releases for download.

  • IIS7 PowerShell Provider CTP2
    • This provider marries the two technologies and makes administrating IIS7 feel more natural to PowerShell folks. To put it bluntly, you can "cd" into iis:\ as if it were a drive, the type "dir" to see your websites. Drink that in. It's the bomb. I loves me some Powershell.
  • URL Rewrite Module CTP1
    • Just what it sounds like. Unlike ISAPI_Rewrite (which I love) this is an HTTP Module rather than an ISAPI Filter, and it includes an integrated UI for management within the IIS Manager.
  • OSIApplication Request Routing CTP1
    • This is the real dark-horse release. It's got that bland "huh?" name that might cause you to just blow it off or ignore it in the middle of these three modules' release. However, it's deceptively powerful and worth checking out.
      • It requires the URL Rewrite Module above, and hugely builds on its functionality. If you get an error while installing ARR, you need to go install the URL Rewrite Module first.
      • IMPORTANT NOTE: You have to run the MSI from an Administrator Command Prompt. Just running the MSI by double clicking doesn't work. This is a known bug in this CTP. Bummer.

Application Request Routing is interesting. At first I thought it was like NLB (Network Load Balancing), that feature of NT 4.0 that used to be called "Wolfpack." I figured that the great Load Balancing Wars of the '90s were won, and the winner was hardware. I've used Cisco LocalDirector and F5's BigIP in my previous jobs.

ARR is basically a proxy module with load balancing capability that does its routing at Layer 7, rather than Layer 4. That means you make decisions at the HTTP level rather than the IP level. It sits on top of the URL rewrite module, so you can write routing or load balancing rules that can key off of HTTP Headers or Server Vars. You can do Client Affinity via cookie to differentiate between clients behind NAT.  These rules mean it could compliment a system that has an existing hardware load balancer.

If you're familiar with Apache, IIS7's ARR Module kind of combines the functionality you'd find in modproxy, modloadbalance, modproxyhttp along with some other goodness.

It's also a nice reverse proxy if you've ever wanted to do have a smarter IIS7 app router in your home to sit on the outside of your network and route traffic to machines or services inside.

For example, this screenshot shows a routing condition where we want to route folks who have .NET 3.5 on their systems to a separate server. Perhaps a beta site, or a site that has ClickOnce apps or some different functionality. It's totally up to you. You could route folks with certain cookie values, browsers, or  based on path requested.

image

If we had 3 machines in the farm, one IIS7+ARR for routing in front and two other IIS7 machines behind it, I could write a rule that said "don't route requests for images." In this example, I'll have the /images folder served by the ARR machine up front instead.

image

It also has Health Monitoring to check on boxes being down, and you can decide what "healthy" means to you.

ARR is a free download and it plus into IIS7 Manager using the new UI extensibility stuff in IIS7, so it just looks like part of IIS and is managed the same way you manage everything else.

Download

Check 'em out. I'm looking into how I can use ARR to expose my internal Subversion server in a more secure and easily configurable way.

Related Links

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. I am a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web
Wednesday, July 16, 2008 2:13:25 AM UTC
Cool stuff. I've been looking for a good IIS7 reverse proxy.
Wednesday, July 16, 2008 8:03:14 AM UTC
Hi Scott,

We had a brief chat about exactly this at NDC 2008 - it's really cool to see this happening, looking forward to trying it out!
Wednesday, July 16, 2008 8:21:52 AM UTC
Rune - This post was for you! ;)
Wednesday, July 16, 2008 11:44:52 AM UTC
When is it due to be out ?
Aaron
Wednesday, July 16, 2008 4:44:09 PM UTC
Aaron - It'll be sometime next year for ARR.
Wednesday, July 16, 2008 4:45:58 PM UTC
Scott, do you know if ARR will support shipping of routing information across nodes? A single ARR server does not make a fault tolerant software only cluster but 2 of them , sharing that cookie based routing information/rules would.
Ian
Wednesday, July 16, 2008 7:26:48 PM UTC
Hi Scott,
You say: "ARR is basically a proxy module with load balancing capability that does its routing at Layer 7, rather than Layer 4 like most hardware load balancers."

ARR (Application Request Routing) is basically Microsoft's implementation of Application Switching, a.k.a. Content Switching, a.k.a. Layer 7 load balancing. These features have been available for years in application delivery controllers or what you might be thinking of as "layer 4 load balancers".

Whether it's rewriting URIs or providing cookie-based persistence (what you're calling "cookie affinity", more appropriately known to most web administrators as "server affinty") this technology is well-established. Most "load balancers" have been capable of layer 7 switching since before the turn of the century. Load balancers such as those from Cisco, Nortel ,Radware, F5, and a host of others have not been relegated to "just" layer 4 load balancing for a long time.

While definitely cool, ARR is nothing new in the industry and, in fact, is fairly rudimentary compared to the advanced features found in today's "load balancers".

Lori

Wednesday, July 16, 2008 7:37:26 PM UTC
Lori from F5 - Totally agree, I didn't mean to imply this was rocket science or the cutting edge of technology. Instead, I'm saying that doing this kind of thing continues to get easier and easier to the point where it's as easy as falling off a log, from download to install to configure. I had ARR running in 10 minutes.

To your point, I'll clarify that Layer 4 statement.
Wednesday, July 16, 2008 9:52:36 PM UTC
Ian

The routing rules are part of the IIS configuration. So you could use the "shared configuration" feature in IIS to share the routing rules across multiple ARR machines.

What is more challenging is sharing of states (which is probably what you were really asking). For ARR, there are two states are that most interesting: 1) client affinity and 2) hostname affinity. For the client affinity, because the persistency information is stored in the cookie, the ARR instances do not manage them. So there is really nothing to share. For hostname affinity, this is a problem. In CTP1, there is no support for this, but as we think more about the next release milestone, this is something that we are definitely thinking about.

Won
Won Yoo
Thursday, July 17, 2008 12:32:20 AM UTC
Thanks Won.
I was thinking state, but not ASP sessionstate, it was our downstream servers state. We use cookies to tie disconnected http connections back to connected tcp sockets (which are connected to a server that has state per connection).
So, obviously it's important that when a user sends more form data it's routed to the node that serviced them last time so that data can be sent downstream.
We have our own software cluster server that manages that, and I after using my brain for 2minutes I realized that ARR isn't doing any clustering services, it's merely routing requests but with such a plugable model I wonder if it's possible to add clustering type rules also? maybe through another plugin in the pipe?

As we look at cloud computing, what's avaliable in the MS stack becomes more important as it's harder to roll and deploy your own. If NLB understood state better perhaps that would be a more logical place to look for a full MS cluster solution (active/passive from the current cluster server obviously doesn't cover scale out) but ARR and it's 'rules' made me stop for a second.

I guess the point of my original comment was that if AAR node1 routed cookie IAN to serverNode3 the first time, and then dies; how does AAR node2 know to route cookie IAN to serverNode3 the next time, unless both AAR nodes are sharing that routing information.

Or, have I totally missed the point here? (very possible - it's been a long week already)
Ian
Monday, July 21, 2008 4:00:12 PM UTC
Please get with the vista team and get run as administrator added to the MSI context menu, here it's a pain to do this, unless there is a trick you could share that doesnt involve a command prompt.

Thanks...
Mike D
Tuesday, September 02, 2008 1:12:54 PM UTC
Hi,
I am new in .NET .
we are converting existing web site from java to .NET but we still want to use few .jsp pages.

I am doing URL Rewrite (Proxy Reverse) and when i am calling .html page its working fine but when i call .jsp page the ISAPI is blocking it (i am working on IIS 7) bcose i can see response 200 on the server.

Thanks
keshav
Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.