[f-nsp] configuring port groups for health checks

Dan Norton dan at synccast.com
Fri Aug 19 19:59:23 EDT 2005


(I've tried posting this a couple times but got bounced so forgive any
duplicates)

Here's an example config (with comments):

#first, create a http match list to check a page for a certain string
that shows server is connected to database#

http match-list m1
 default down
 up simple "Good"

#Then create your healthcheck for the primary port that will bring the
others down in a failure#

healthck policy1 tcp
  dest-ip 10.10.10.1
  port http
  protocol http
  protocol http url "GET /test.htm"
  protocol http content-match m1
  l7-check

#now create a second healthcheck to check the secondary port that will
be brought down when the first one fails#

healthck policy2 tcp
  dest-ip 10.10.10.1
  port 443
  l7-check

#create a boolean for the two ports#

healthck policy3 boolean
  and policy1 policy2

#And now your server config#

server real rs1 10.10.10.1
 port http
 port http keepalive
 port http url "GET /test.htm"
 port http content-match m1
 port 443
 port 443 keepalive
 port 443 healthck policy3
!

Here is a sample config for a windows media streaming server, that will
check a web page served on port 8080, and then fail http, mms and rtsp
if the page doesn't return the string "OK"

http match-list streamglobal
default down
up simple "OK"
!
healthck stream03policy8080 tcp
dest-ip 10.10.10.2
port 8080
protocol http
protocol http url "GET /servercheck.aspx"
protocol http content-match streamglobal
l7-check
!
healthck stream03policyhttp tcp
dest-ip 10.10.10.2
port http
l4-check
!
healthck stream03policyrtsp tcp
dest-ip 10.10.10.2
port rtsp
l4-check
!
healthck stream03policymms tcp
dest-ip 10.10.10.2
port mms
l4-check
!
healthck stream03httppolicy boolean
 and stream03policy8080 stream03policyhttp
!
healthck stream03rtsppolicy boolean
 and stream03policy8080 stream03policyrtsp
!
healthck stream03mmspolicy boolean
 and stream03policy8080 stream03policymms
!
server real stream03 10.10.10.2
 port default disable
 weight 1 0
 port 8080
 port 8080 keepalive
 port 8080 url "GET /servercheck.aspx"
 port 8080 content-match m1
 port http
 port http keepalive
 port http healthck stream03httppolicy
 port rtsp
 port rtsp keepalive
 port rtsp healthck stream03rtsppolicy
 port mms
 port mms keepalive
 port mms healthck stream03mmspolicy
!


 

> -----Original Message-----
> From: foundry-nsp-bounces at puck.nether.net
> [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of
> Matt Stockdale
> Sent: Friday, August 19, 2005 4:22 PM
> To: foundry-nsp at puck.nether.net
> Subject: [f-nsp] configuring port groups for health checks
>
> I've checked the archives briefly, and I've been staring at
> the docs for a while, but it's friday and my brain is
> frazzled. I'm hoping someone can take pity on me and answer this -
>
> Can I configure a real server to mark all ports as failed if
> any one of them fails? I've been looking at the port groups,
> but those seem to be more for sticky..
>
> (Specifically, the code we are running on one of our old XL's
> doesn't allow us to do in depth health checks on port 443, I
> want it to fail that port if the content-matching on port 80
> fails. I'll upgrade if I have to, but it will affect many
> customers, and I'd rather avoid it)
>
> Thanks in advance,
>   Matt
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp 

 

> -----Original Message-----
> From: foundry-nsp-bounces at puck.nether.net 
> [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of 
> Matt Stockdale
> Sent: Friday, August 19, 2005 4:30 PM
> To: foundry-nsp at puck.nether.net
> Subject: Re: [f-nsp] configuring port groups for health checks
> 
> As is usually the case, posting to the list causes a flash of insight.
> 
> Can I define an external health check (per server, I suppose) 
> that does the layer 7 content matching, and then apply it to port ssl?
> 
> Will this cause it to mark port 443 as failed if the 
> healthcheck fails on port 80?
> 
> i.e,
> 
> healthck rs1-http tcp
>   dest-ip 10.0.1.11
>   port http
>   proto http url "GET /healthcheck.asp"
>   proto http status-code 200 200
>   proto http content-match health1
> 
> healthck rs2-http tcp
>   dest-ip 10.0.1.12
>   port http
>   proto http url "GET /healthcheck.asp"
>   proto http status-code 200 200
>   proto http content-match health1
> 
> server real rs1 10.0.1.11
>   port http
>   port http healthck rs1-http
>   port ssl
>   port ssl healthck rs1-http
> 
> server real rs1 10.0.1.12
>   port http
>   port http healthck rs2-http
>   port ssl
>   port ssl healthck rs2-http
> 
> server virtual vs1 10.0.1.10
>   port http
>   port ssl
>   bind http rs1 http rs2 http
>   bind ssl rs1 ssl rs2 ssl
> 
> http match-list health1
>   default down
>   up simple everythingsaok
> 
> On Fri, 2005-08-19 at 19:21, Matt Stockdale wrote:
> > I've checked the archives briefly, and I've been staring at 
> the docs 
> > for a while, but it's friday and my brain is frazzled. I'm hoping 
> > someone can take pity on me and answer this -
> > 
> > Can I configure a real server to mark all ports as failed 
> if any one 
> > of them fails? I've been looking at the port groups, but 
> those seem to 
> > be more for sticky..
> > 
> > (Specifically, the code we are running on one of our old 
> XL's doesn't 
> > allow us to do in depth health checks on port 443, I want 
> it to fail 
> > that port if the content-matching on port 80 fails. I'll 
> upgrade if I 
> > have to, but it will affect many customers, and I'd rather avoid it)
> > 
> > Thanks in advance,
> >   Matt
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> > 
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
> 




More information about the foundry-nsp mailing list