[f-nsp] multiple service failover

David Miller syslog at d.sparks.net
Wed Jul 15 09:16:29 EDT 2009 

Oliver Adam wrote:
> I am not sure why you would like to solve this problem with another 
> vendors box. I would suggest to look at the features of the 4G. There 
> is something called health check track groups.
>
> Out of the documentation:
>
> ServerIron(config)# server real r1 1.1.1.1
> ServerIron(config-real-server-r1) port 80
> ServerIron(config-real-server-r1) port ftp
> ServerIron(config-real-server-r1) port dns
> ServerIron(config-rsr1) hc-track-group 80 21 53
>
> The ServerIron now tracks health status for ports 80, 21, and 53. If 
> any of these ports is down then the combined
> health would be marked as failed and the ServerIron will not use these 
> ports for load balancing traffic.
>
> You would have to combine port 80 and port 443 in a health check track 
> group.
>
> Is not that what you are looking for?

Ahh, now that's just what I was looking for.  I already have that though:


healthck Server1_HC tcp
  dest-ip 192.168.0.60
  port http
  protocol http
  protocol http url "GET /status.html"
  protocol http content-match Content_Match
  l7-check


server real server1 192.168.0.60
 source-nat access-list 1
 port http
 port http healthck Server1_HC
 port http url "HEAD /"
 port ssl
 port ssl keepalive
 port ssl l4-check-only
 port 8080
 port 9000
 port 4443
 hc-track-group 80 443


server virtual vserver 1.2.3.4
 sym-priority 110
 port http
 port http lb-pri-servers backup-stay-active
 port ssl sticky
 port ssl ssl-terminate Action
 port ssl lb-pri-servers backup-stay-active
 bind http server1 8080 real-port http server2 8080 real-port http
 bind ssl server1 4443 real-port ssl server2 4443 real-port ssl


However, we recently ran into the situation where server1 was responding 
very slowly and http failed over to server2 but ssl remained on server1.


The 8080 and 4443 are so we can access the real server for testing 
before binding it to the LB VIP.  Are they what's causing the problem 
here?  Should I have hc-track-group 80 443 8080 4443 ?

Thanks!  I love the S/N ratio on this list!

--- David

More information about the foundry-nsp mailing list