[f-nsp] configuring port groups for health checks

Matt Stockdale mstockda at logicworks.net
Fri Aug 19 20:03:25 EDT 2005 

Sweet - thanks.

Question - in policy1 you applying content-match m1 to port http, but
you also do so in the real server. Does it need to be duplicated? could
I just do port http healthck policy1 on it?

On Fri, 2005-08-19 at 19:49, Dan Norton wrote:
> Here's an example config (with comments):
> 
> #first, create a http match list to check a page for a certain string
> that shows server is connected to database#
> 
> http match-list m1
>  default down
>  up simple "Good"
> 
> #Then create your healthcheck for the primary port that will bring the
> others down in a failure#
> 
> healthck policy1 tcp
>   dest-ip 10.10.10.1
>   port http
>   protocol http
>   protocol http url "GET /test.htm"
>   protocol http content-match m1
>   l7-check
> 
> #now create a second healthcheck to check the secondary port that will
> be brought down when the first one fails#
> 
> healthck policy2 tcp
>   dest-ip 10.10.10.1
>   port 443
>   l7-check
> 
> #create a boolean for the two ports#
> 
> healthck policy3 boolean
>   and policy1 policy2
> 
> #And now your server config#
> 
> server real rs1 10.10.10.1
>  port http
>  port http keepalive
>  port http url "GET /test.htm"
>  port http content-match m1
>  port 443
>  port 443 keepalive
>  port 443 healthck policy3
> !
> 
> Here is a sample config for a windows media streaming server, that
> will check a web page served on port 8080, and then fail http, mms and
> rtsp if the page doesn't return the string "OK"
> 
> http match-list streamglobal
> default down
> up simple "OK"
> !
> healthck stream03policy8080 tcp
> dest-ip 10.10.10.2
> port 8080
> protocol http
> protocol http url "GET /servercheck.aspx"
> protocol http content-match streamglobal
> l7-check
> !
> healthck stream03policyhttp tcp
> dest-ip 10.10.10.2
> port http
> l4-check
> !
> healthck stream03policyrtsp tcp
> dest-ip 10.10.10.2
> port rtsp
> l4-check
> !
> healthck stream03policymms tcp
> dest-ip 10.10.10.2
> port mms
> l4-check
> !
> healthck stream03httppolicy boolean
>  and stream03policy8080 stream03policyhttp
> !
> healthck stream03rtsppolicy boolean
>  and stream03policy8080 stream03policyrtsp
> !
> healthck stream03mmspolicy boolean
>  and stream03policy8080 stream03policymms
> !
> server real stream03 10.10.10.2
>  port default disable
>  weight 1 0
>  port 8080
>  port 8080 keepalive
>  port 8080 url "GET /servercheck.aspx"
>  port 8080 content-match m1
>  port http
>  port http keepalive
>  port http healthck stream03httppolicy
>  port rtsp
>  port rtsp keepalive
>  port rtsp healthck stream03rtsppolicy
>  port mms
>  port mms keepalive
>  port mms healthck stream03mmspolicy
> !
> 
> 
>  
> 
> > -----Original Message-----
> > From: foundry-nsp-bounces at puck.nether.net
> > [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of 
> > Matt Stockdale
> > Sent: Friday, August 19, 2005 4:22 PM
> > To: foundry-nsp at puck.nether.net
> > Subject: [f-nsp] configuring port groups for health checks
> > 
> > I've checked the archives briefly, and I've been staring at 
> > the docs for a while, but it's friday and my brain is 
> > frazzled. I'm hoping someone can take pity on me and answer this -
> > 
> > Can I configure a real server to mark all ports as failed if 
> > any one of them fails? I've been looking at the port groups, 
> > but those seem to be more for sticky..
> > 
> > (Specifically, the code we are running on one of our old XL's 
> > doesn't allow us to do in depth health checks on port 443, I 
> > want it to fail that port if the content-matching on port 80 
> > fails. I'll upgrade if I have to, but it will affect many 
> > customers, and I'd rather avoid it)
> > 
> > Thanks in advance,
> >   Matt
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp

More information about the foundry-nsp mailing list