Bluecoat Internet Monitor

Hi,

Just wondered if someone could help me. We've set up our F5 LTM pair to load balance outbound internet requests via two bluecoat proxies which are located at 2 diifferent data centres. We're using SNAT as the bluecoat proxies don't have a default route via the F5 LTM. All is working fine its just the monitor I would like to optimize.

Currently we are using two monitors for each bluecoat pool member. A icmp ping to check the bluecoat is available and google udp monitor to check the availability of the internet via each data centre. The problem is the google udp monitor isn't sent via the bluecoat box so there could be scenario where the bluecoat responds to ping and the internet monitor is up but for some reason internet access via the bluecoat isn't working. is it possible to force the internet monitor via the bluecoat?

How have other people configured the F5 to load balance outbound internet access?

Thanks

Darren

config

design

Chris_Miller
Altostratus
Jan 13, 2011
Posted By Dazzla on 01/13/2011 09:04 AM

I set up the http monitor without transparent and it was up but I'm not seeing any logs on the firewall or the monitor. From my understanding I would expect to see logs from the F5 to google.

I've then set up transparent with ip address of 193.105.162.85 and port 80. Once I set up transparent the monitor goes down and still not seeing any hits on the firewall from the bluecoat or the f5.

I logged on to the command line utility and and did a telnet to port 80 which was logged in the firewall so I know it dns is functioning and the f5 has route to get there.

First off, Hamish's post about having done this before was spot on...pretty cool.

http://devcentral.f5.com/Forums/tab...fault.aspx

He brought up a great point about the format for monitoring through proxies. Might be worth trying this instead for your monitor. That could very well explain the issues when changing to transparent.

~~GET http://www.google.co.uk/ HTTP/1.0\r\nConnection: Close\r\n\r\n~~
Dazzla_20011
Nimbostratus
Jan 14, 2011
Hi Chris,

Tried your suggestion but still not able to get his working. I will have a read of he documentation and and Hamish's post to see if I can get to the bottom of this.

Many Thanks for your help.
Chris_Miller
Altostratus
Jan 14, 2011
Posted By Dazzla on 01/14/2011 02:32 AM

Hi Chris,

Tried your suggestion but still not able to get his working. I will have a read of he documentation and and Hamish's post to see if I can get to the bottom of this.

Many Thanks for your help.

Bummer. If you can't find anything from Hamish's post, it wouldn't be a terrible idea to check with Bluecoat on what their expected request format looks like for HTTP traffic. F5 Support would certainly help as well. I'm sure they've encountered this before.
Dazzla_20011
Nimbostratus
Jan 14, 2011
I think I may have managed to figure out why this isn't working. The bluecoat boxes are on a different network to the F5 LTM. In transparent mode do the Pools members need to sit inline with F5 devices?
Chris_Miller
Altostratus
Jan 14, 2011
Posted By Dazzla on 01/14/2011 07:43 AM

I think I may have managed to figure out why this isn't working. The bluecoat boxes are on a different network to the F5 LTM. In transparent mode do the Pools members need to sit inline with F5 devices?

From this link, it says it must be "adjacent"

http://support.f5.com/kb/en-us/solu...r=12121378

From the wiki page, it says LTM sends to the pool member via L2

http://devcentral.f5.com/wiki/defau...nitor.html

"When an alternate Destination is specified and the Transparent option is selected, the monitor traffic will be sent to the alternate L3 destination via the pool member's L2 address . Useful for verifying gateways and proxies. (Pool member must be able to forward traffic as expected.)"

Not entirely sure what adjacent means in this case. Not sure whether it has to be on the same network so the L3 info remains intact or what. Might be worth asking F5 support unless someone else chimes in.
Hamish
Cirrocumulus
Jan 14, 2011
adjacent == on same subnet.

The way the transparent monitor works is the F5 sends the packets to the destination defined VIA the poolmember. Acting as a router. Therefore the poolmember needs to be on the same subnet as the F5 (e.g. An F5 VLAN with a selfIP on it) so that the packet can be sent via the poolmember.

H
Dazzla_20011
Nimbostratus
Jan 17, 2011
On another note what sort of persistence profile have you guys created for bluecoat/proxies as now and again my browser asks me to re-authenticate. I presume that will be because the session is terminated after a period of inactivity then the F5 sends the connection via a different bluecoat.
Chris_Miller
Altostratus
Jan 17, 2011
Posted By Dazzla on 01/17/2011 03:21 AM

On another note what sort of persistence profile have you guys created for bluecoat/proxies as now and again my browser asks me to re-authenticate. I presume that will be because the session is terminated after a period of inactivity then the F5 sends the connection via a different bluecoat.

As long as your devices aren't being NATed between the client machine and F5, I'd expect source address persistence would work fine.

Forum Discussion

Bluecoat Internet Monitor

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

The sooner the better: Web App Scanning Without Internet Exposure

Protect an application exposed on Internet with F5 XC WAAP

Unbreaking the Internet and Converting Protocols

F5 APM VPN Choking Internet Bandwidth

Internet of Food

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS