[f-nsp] configuring port groups for health checks
Dan Norton
dan at synccast.com
Fri Aug 19 20:07:04 EDT 2005
The first example is direct from Foundry support. The second is our
version of it.
It does need to be duplicated according to them.
> -----Original Message-----
> From: foundry-nsp-bounces at puck.nether.net
> [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of
> Matt Stockdale
> Sent: Friday, August 19, 2005 5:03 PM
> To: Dan Norton
> Cc: foundry-nsp at puck.nether.net
> Subject: Re: [f-nsp] configuring port groups for health checks
>
> Sweet - thanks.
>
> Question - in policy1 you applying content-match m1 to port
> http, but you also do so in the real server. Does it need to
> be duplicated? could I just do port http healthck policy1 on it?
>
> On Fri, 2005-08-19 at 19:49, Dan Norton wrote:
> > Here's an example config (with comments):
> >
> > #first, create a http match list to check a page for a
> certain string
> > that shows server is connected to database#
> >
> > http match-list m1
> > default down
> > up simple "Good"
> >
> > #Then create your healthcheck for the primary port that
> will bring the
> > others down in a failure#
> >
> > healthck policy1 tcp
> > dest-ip 10.10.10.1
> > port http
> > protocol http
> > protocol http url "GET /test.htm"
> > protocol http content-match m1
> > l7-check
> >
> > #now create a second healthcheck to check the secondary
> port that will
> > be brought down when the first one fails#
> >
> > healthck policy2 tcp
> > dest-ip 10.10.10.1
> > port 443
> > l7-check
> >
> > #create a boolean for the two ports#
> >
> > healthck policy3 boolean
> > and policy1 policy2
> >
> > #And now your server config#
> >
> > server real rs1 10.10.10.1
> > port http
> > port http keepalive
> > port http url "GET /test.htm"
> > port http content-match m1
> > port 443
> > port 443 keepalive
> > port 443 healthck policy3
> > !
> >
> > Here is a sample config for a windows media streaming server, that
> > will check a web page served on port 8080, and then fail
> http, mms and
> > rtsp if the page doesn't return the string "OK"
> >
> > http match-list streamglobal
> > default down
> > up simple "OK"
> > !
> > healthck stream03policy8080 tcp
> > dest-ip 10.10.10.2
> > port 8080
> > protocol http
> > protocol http url "GET /servercheck.aspx"
> > protocol http content-match streamglobal l7-check !
> > healthck stream03policyhttp tcp
> > dest-ip 10.10.10.2
> > port http
> > l4-check
> > !
> > healthck stream03policyrtsp tcp
> > dest-ip 10.10.10.2
> > port rtsp
> > l4-check
> > !
> > healthck stream03policymms tcp
> > dest-ip 10.10.10.2
> > port mms
> > l4-check
> > !
> > healthck stream03httppolicy boolean
> > and stream03policy8080 stream03policyhttp !
> > healthck stream03rtsppolicy boolean
> > and stream03policy8080 stream03policyrtsp !
> > healthck stream03mmspolicy boolean
> > and stream03policy8080 stream03policymms !
> > server real stream03 10.10.10.2
> > port default disable
> > weight 1 0
> > port 8080
> > port 8080 keepalive
> > port 8080 url "GET /servercheck.aspx"
> > port 8080 content-match m1
> > port http
> > port http keepalive
> > port http healthck stream03httppolicy port rtsp port
> rtsp keepalive
> > port rtsp healthck stream03rtsppolicy port mms port mms
> keepalive
> > port mms healthck stream03mmspolicy !
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: foundry-nsp-bounces at puck.nether.net
> > > [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Matt
> > > Stockdale
> > > Sent: Friday, August 19, 2005 4:22 PM
> > > To: foundry-nsp at puck.nether.net
> > > Subject: [f-nsp] configuring port groups for health checks
> > >
> > > I've checked the archives briefly, and I've been staring
> at the docs
> > > for a while, but it's friday and my brain is frazzled. I'm hoping
> > > someone can take pity on me and answer this -
> > >
> > > Can I configure a real server to mark all ports as failed
> if any one
> > > of them fails? I've been looking at the port groups, but
> those seem
> > > to be more for sticky..
> > >
> > > (Specifically, the code we are running on one of our old XL's
> > > doesn't allow us to do in depth health checks on port
> 443, I want it
> > > to fail that port if the content-matching on port 80 fails. I'll
> > > upgrade if I have to, but it will affect many customers, and I'd
> > > rather avoid it)
> > >
> > > Thanks in advance,
> > > Matt
> > > _______________________________________________
> > > foundry-nsp mailing list
> > > foundry-nsp at puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/foundry-nsp
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
More information about the foundry-nsp
mailing list