[f-nsp] multiple service failover

manolo mhernand1 at comcast.net
Wed Jul 15 11:17:40 EDT 2009 

David,

   I recommend you set up custom health checks to force the  fail over.
You can specify a page or output of the status of your application.



manolo

David Miller wrote:
> Oliver Adam wrote:
>> I am not sure why you would like to solve this problem with another
>> vendors box. I would suggest to look at the features of the 4G. There
>> is something called health check track groups.
>>
>> Out of the documentation:
>>
>> ServerIron(config)# server real r1 1.1.1.1
>> ServerIron(config-real-server-r1) port 80
>> ServerIron(config-real-server-r1) port ftp
>> ServerIron(config-real-server-r1) port dns
>> ServerIron(config-rsr1) hc-track-group 80 21 53
>>
>> The ServerIron now tracks health status for ports 80, 21, and 53. If
>> any of these ports is down then the combined
>> health would be marked as failed and the ServerIron will not use
>> these ports for load balancing traffic.
>>
>> You would have to combine port 80 and port 443 in a health check
>> track group.
>>
>> Is not that what you are looking for?
>
> Ahh, now that's just what I was looking for.  I already have that though:
>
>
> healthck Server1_HC tcp
>  dest-ip 192.168.0.60
>  port http
>  protocol http
>  protocol http url "GET /status.html"
>  protocol http content-match Content_Match
>  l7-check
>
>
> server real server1 192.168.0.60
> source-nat access-list 1
> port http
> port http healthck Server1_HC
> port http url "HEAD /"
> port ssl
> port ssl keepalive
> port ssl l4-check-only
> port 8080
> port 9000
> port 4443
> hc-track-group 80 443
>
>
> server virtual vserver 1.2.3.4
> sym-priority 110
> port http
> port http lb-pri-servers backup-stay-active
> port ssl sticky
> port ssl ssl-terminate Action
> port ssl lb-pri-servers backup-stay-active
> bind http server1 8080 real-port http server2 8080 real-port http
> bind ssl server1 4443 real-port ssl server2 4443 real-port ssl
>
>
> However, we recently ran into the situation where server1 was
> responding very slowly and http failed over to server2 but ssl
> remained on server1.
>
>
> The 8080 and 4443 are so we can access the real server for testing
> before binding it to the LB VIP.  Are they what's causing the problem
> here?  Should I have hc-track-group 80 443 8080 4443 ?
>
> Thanks!  I love the S/N ratio on this list!
>
> --- David
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

More information about the foundry-nsp mailing list