[f-nsp] configuring port groups for health checks

Dan Norton dan at synccast.com
Fri Aug 19 20:07:04 EDT 2005 

The first example is direct from Foundry support. The second is our
version of it.

It does need to be duplicated according to them.
 

> -----Original Message-----
> From: foundry-nsp-bounces at puck.nether.net 
> [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of 
> Matt Stockdale
> Sent: Friday, August 19, 2005 5:03 PM
> To: Dan Norton
> Cc: foundry-nsp at puck.nether.net
> Subject: Re: [f-nsp] configuring port groups for health checks
> 
> Sweet - thanks.
> 
> Question - in policy1 you applying content-match m1 to port 
> http, but you also do so in the real server. Does it need to 
> be duplicated? could I just do port http healthck policy1 on it?
> 
> On Fri, 2005-08-19 at 19:49, Dan Norton wrote:
> > Here's an example config (with comments):
> > 
> > #first, create a http match list to check a page for a 
> certain string 
> > that shows server is connected to database#
> > 
> > http match-list m1
> >  default down
> >  up simple "Good"
> > 
> > #Then create your healthcheck for the primary port that 
> will bring the 
> > others down in a failure#
> > 
> > healthck policy1 tcp
> >   dest-ip 10.10.10.1
> >   port http
> >   protocol http
> >   protocol http url "GET /test.htm"
> >   protocol http content-match m1
> >   l7-check
> > 
> > #now create a second healthcheck to check the secondary 
> port that will 
> > be brought down when the first one fails#
> > 
> > healthck policy2 tcp
> >   dest-ip 10.10.10.1
> >   port 443
> >   l7-check
> > 
> > #create a boolean for the two ports#
> > 
> > healthck policy3 boolean
> >   and policy1 policy2
> > 
> > #And now your server config#
> > 
> > server real rs1 10.10.10.1
> >  port http
> >  port http keepalive
> >  port http url "GET /test.htm"
> >  port http content-match m1
> >  port 443
> >  port 443 keepalive
> >  port 443 healthck policy3
> > !
> > 
> > Here is a sample config for a windows media streaming server, that 
> > will check a web page served on port 8080, and then fail 
> http, mms and 
> > rtsp if the page doesn't return the string "OK"
> > 
> > http match-list streamglobal
> > default down
> > up simple "OK"
> > !
> > healthck stream03policy8080 tcp
> > dest-ip 10.10.10.2
> > port 8080
> > protocol http
> > protocol http url "GET /servercheck.aspx"
> > protocol http content-match streamglobal l7-check !
> > healthck stream03policyhttp tcp
> > dest-ip 10.10.10.2
> > port http
> > l4-check
> > !
> > healthck stream03policyrtsp tcp
> > dest-ip 10.10.10.2
> > port rtsp
> > l4-check
> > !
> > healthck stream03policymms tcp
> > dest-ip 10.10.10.2
> > port mms
> > l4-check
> > !
> > healthck stream03httppolicy boolean
> >  and stream03policy8080 stream03policyhttp !
> > healthck stream03rtsppolicy boolean
> >  and stream03policy8080 stream03policyrtsp !
> > healthck stream03mmspolicy boolean
> >  and stream03policy8080 stream03policymms !
> > server real stream03 10.10.10.2
> >  port default disable
> >  weight 1 0
> >  port 8080
> >  port 8080 keepalive
> >  port 8080 url "GET /servercheck.aspx"
> >  port 8080 content-match m1
> >  port http
> >  port http keepalive
> >  port http healthck stream03httppolicy  port rtsp  port 
> rtsp keepalive  
> > port rtsp healthck stream03rtsppolicy  port mms  port mms 
> keepalive  
> > port mms healthck stream03mmspolicy !
> > 
> > 
> >  
> > 
> > > -----Original Message-----
> > > From: foundry-nsp-bounces at puck.nether.net
> > > [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Matt 
> > > Stockdale
> > > Sent: Friday, August 19, 2005 4:22 PM
> > > To: foundry-nsp at puck.nether.net
> > > Subject: [f-nsp] configuring port groups for health checks
> > > 
> > > I've checked the archives briefly, and I've been staring 
> at the docs 
> > > for a while, but it's friday and my brain is frazzled. I'm hoping 
> > > someone can take pity on me and answer this -
> > > 
> > > Can I configure a real server to mark all ports as failed 
> if any one 
> > > of them fails? I've been looking at the port groups, but 
> those seem 
> > > to be more for sticky..
> > > 
> > > (Specifically, the code we are running on one of our old XL's 
> > > doesn't allow us to do in depth health checks on port 
> 443, I want it 
> > > to fail that port if the content-matching on port 80 fails. I'll 
> > > upgrade if I have to, but it will affect many customers, and I'd 
> > > rather avoid it)
> > > 
> > > Thanks in advance,
> > >   Matt
> > > _______________________________________________
> > > foundry-nsp mailing list
> > > foundry-nsp at puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/foundry-nsp
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

More information about the foundry-nsp mailing list