Description
This article provides you with a reference to the terminology used in the FortiDirector interface. Objects and elements in what follows will be commonly created, edited and even deleted when using the FortiDirector. FortiDirector administrators should read this first.
Network Resource
Network Resources are always represented with the same iconography across the entire FortiDirector dashboard. Any mention to a Network Resource object will always display the following icon.
Network Resource Attributes
- Configuration-based attributes:
- Hostname, IP address, or base URL to be used as the response or part of the response sent by the FortiDirector platform.
- If the Network Resource is a DNS Network Resource, it will also have a response type, which can be A, AAAA, or CNAME. More DNS types will be available soon, such as MX, SRV, and TXT.
- Health-check configuration: a method of testing the Network Resource’s status to determine its health or ability to service requests, used in the active failover mechanism.
- Operational attributes available to the FortiDirector platform at runtime:
- Health Status: the current state of its health, if health-checking has been configured for the Network Resources
- Health Statistics over time
- Traffic Statistics over time
Summary of differences between HTTP and DNS Network Resources
A DNS Network Resource has two configured attributes:
- A hostname or IP address
- A corresponding DNS record type
An HTTP Network Resource has one configured attribute:
- A “Base URL”, which is used as the hostname and (optionally) start of a URL used in the content of the HTTP redirect response
HTTP Network Resources can only be used in HTTP Rulesets and DNS Network Resources can only be used in DNS Rulesets. HTTP and DNS Network Resources are usually, but not always, health-checked differently.
Network Resource Examples
Let us say you have two CDNs hosting your content, but the base path is different on each:
CDN A hosts your content at http://cdnA.example.com/foo/images/1.jpgCDN B hosts your content at http://cdnB.example.com/bar/images/1.jpgBecause the path for each location is different, we must use HTTP redirection, because HTTP redirection allows us to alter the path that the browser is requesting.
In this case, we would set up two HTTP Network Resources with the following Base URLs:
CDN A: base url of http://cdnA.example.com/foo
CDN B: base url of http://cdnB.example.com/bar
A request coming in to FortiDirector with the URL of http://www.example.com/images/1.jpg would get redirected to:
http://cdnA.example.com/foo/images/1.jpg or
http://cdnB.example.com/bar/images/1.jpg
Let’s consider a second example. Let’s say you have two RTMP servers at rtmp1.example.com and rtmp2.example.com in different locations, and you want to tell clients to connect to rtmp.example.com and load balance between the two servers. In this case, we can use DNS redirection.
We would set up two DNS Network Resources:
rtmp1.example.com as a CNAME
rtmp2.example.com as a CNAME
A request coming in to FortiDirector with a DNS hostname of rtmp.example.com would get redirected to rtmp1.example.com and rtmp2.example.com.
Network Resource Health-checks
A Network Resource Healthcheck can be configured for each Network Resource, which will allow the FortiDirector platform to run a check against the Network Resource at a configurable interval using any of the following types of tests:
- DNS queries
- Ping
- TCP connection
- HTTP(S) request
FortiDirector condition
FortiDirector conditions are used to determine if a redirector Rule is a match for a given request. FortiDirector conditions represent technical or business logic.
FortiDirector supports matches on the following types of conditions:
- Client’s country, region, or city
- Client’s ISP (identified by AS#, or AS Number)
- Client’s IP address
- Time range within day, week, or month
The HTTP redirector platform also supports the following types of conditions:
- URL regex
- HTTP headers
- HTTP request type (GET vs. POST)
The DNS redirector platform also supports the following types of conditions:
- DNS request type
FortiDirector Rule
A redirector Rule is a single collection of redirector conditions and an action statement describing the Network Resources and the method of redirection used by FortiDirector to determine which specific Network Resource to reply with when a request matches the conditions in the Rule.
A simple redirector Rule might say something like:
- Match all traffic coming from Germany
- Redirect those requests to one of 3 locations in Germany with failover to a location in Amsterdam
FortiDirector Ruleset
Rulesets are consistently displayed with the same iconography across the entire FortiDirector dashboard. Any mention to a Ruleset object will always display the following icon.
A Ruleset is an ordered list of Rules corresponding to a single hostname. Every hostname has its own Ruleset, although the same Ruleset can be applied as a template to multiple hostnames to make configuration simpler. Requests are analyzed against the corresponding Ruleset, and the Rules in the Ruleset are evaluated in order until a match is found, and then the routing decision is based on the configuration for that specific Rule.
A summary of what a Ruleset is:
- Rulesets are the FortiDirector object in which you will input your technical and business logic to redirect traffic towards one or more Network Resources.
- Rules are ordered in a stack, which is traversed from Top to Bottom triggering a specific routing decision on first match (and therefore not evaluating the remaining Rules down the stack).
- Each Ruleset has a single Default Action rule, which is always the last Rule in the Ruleset, allowing FortiDirector to respond with a default set of Network Resources in case no other Rule matches the request. The Network Resources and redirection logic must be configured in the Default Rule first, and other Rules in the Ruleset must come before the Default Rule.
- A Ruleset corresponds to the hostname that will be requested:
- An NS pointer configured in your domain pointing to our Redirector Nodes if you are configuring a DNS Rule Set.
- A CNAME configured in your domain pointing to our Redirector Nodes if you are configuring an HTTP Rule Set.
- Once DNS changes have been performed within your DNS, all requests will then be directed to the FortiDirector platform. From this point onwards, redirections will occur according to the Rulesets you have configured, following the technical or business logic you have defined.
The diagram below summarizes the logic above:
