[f-nsp] configuring port groups for health checks

Peter Clark pclark at raindance.com
Fri Aug 26 17:55:00 EDT 2005


We've been using the "track-group" command on the stackables for years
without any issues.  Here's a sample config...


server no-fast-bringup
server sticky-age 30
server tcp-age 2

server port 80
 tcp

server port 443
 session-sync
 tcp
!
!
!
!
!                                                                 
!
!
!
server real web1-0.net1 x.x.x.x
 port ssl
 port ssl keepalive
 port http
 port http keepalive
 port http url "HEAD /HealthCheck.html"
!
server real web1-0.net2 x.x.x.x
 port ssl
 port ssl keepalive
 port http
 port http keepalive
 port http url "HEAD /HealthCheck.html"
!
server real web2-0.net1 x.x.x.x
 port http
 port http keepalive
 port http url "HEAD /HealthCheck.html"
 port ssl
 port ssl keepalive
!
server real web2-0.net2 x.x.x.x
 port http
 port http keepalive
 port http url "HEAD /HealthCheck.html"
 port ssl
 port ssl keepalive
! 
server virtual webvip1 z.z.z.z
 sym-priority 10
 predictor round-robin                                            
 port ssl sticky
 port ssl dsr
 port http sticky
 port http dsr
 track-group http 443
 bind ssl web1-0.net1 ssl web1-0.net2 ssl web2-0.net1 ssl web2-0.net2
ssl
 bind http web1-0.net1 http web1-0.net2 http web2-0.net1 http
web2-0.net2 http




-----Original Message-----
From: foundry-nsp-bounces at puck.nether.net
[mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Brent Van
Dussen
Sent: Saturday, August 20, 2005 10:50 AM
To: Matt Stockdale; foundry-nsp at puck.nether.net
Subject: Re: [f-nsp] configuring port groups for health checks

We have accomplished this using Track groups in the past.  Group port 80
as the primary and 443 as the grouped service.  If port 80 should fail
its healtcheck, all the rest of the ports that are in the same group
will also be taken out of service.  Yes it is more for sticky but it
does exactly what you want in a fairly easy to configure fashion.

"

track

You can configure the SI to send all client requests for a specific set
of TCP/UDP ports to the same real server as a "primary" TCP/UDP port
grouped with the other ports. You can group a primary TCP/UDP port with
up to four additional TCP/UDP ports. After the SI sends a client request
for the primary port to a real server, subsequent requests from the
client for ports grouped with the primary port go to the same real
server. See
<http://www.foundrynet.com/services/documentation/sichassis/slb.html#wp1
05437>"TCP/UDP
Application Groups" for an example of application grouping.

Note that if any service port is down for a real server, any track ports
on that real server are not considered for load balancing.
"

http://www.foundrynet.com/services/documentation/sichassis/slb.html#wp10
5437

That link is for chassis but the config should be the same on the
stackables.  Give it a shot.

-Brent

At 04:21 PM 8/19/2005, Matt Stockdale wrote:
>I've checked the archives briefly, and I've been staring at the docs 
>for a while, but it's friday and my brain is frazzled. I'm hoping 
>someone can take pity on me and answer this -
>
>Can I configure a real server to mark all ports as failed if any one of

>them fails? I've been looking at the port groups, but those seem to be 
>more for sticky..
>
>(Specifically, the code we are running on one of our old XL's doesn't 
>allow us to do in depth health checks on port 443, I want it to fail 
>that port if the content-matching on port 80 fails. I'll upgrade if I 
>have to, but it will affect many customers, and I'd rather avoid it)
>
>Thanks in advance,
>   Matt
>_______________________________________________
>foundry-nsp mailing list
>foundry-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/foundry-nsp

_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp




More information about the foundry-nsp mailing list