Forum Discussion

Jeffrey_Morrow's avatar
Jeffrey_Morrow
Icon for Nimbostratus rankNimbostratus
Feb 11, 2015

Custom HTTPS health check Problem

This is my first attempt at creating a custom HTTPS health monitor on the LTM. Checked AskF5 and DevCentral for like problems, but didn't see anything for reference.

 

We do have a pool that is for an off-site hosted service. While the pool is functional with a default TCP health monitor, the service provider has provided a specific gateway monitor, and two individual server monitors to use. I've tried to create the custom monitor, but so far no luck getting it to work. The Get string does work, if I go directly to the gateway and servers. Here's the info [aliases of course]:

 

vs_ABCD_8000 pool_ABCD_8000 nodes a1234v567_server1, b1234v567_server2

 

The service provider gave us these for health monitors:

 

I tried using the first line as a pool health monitor, but didn't work. I deleted the pool monitor, and created an individual monitor per server. Still, no luck. That's about the limit of my self-taught experience. Any suggestions or methods would be appreciated.

 

JEffrey

 

application delivery
availability
deployment
LTM
sap

2 Replies

  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Feb 11, 2015

    Hi Jeffrey,

     

    The LTM monitor will add in the first portion of the monitor based using the "node" information (for the LTM a Node is an IP and Port combination).

     

    Example:

     

    ABCDgateway = 10.10.10.10:443

     

    a1234v567_server1 = 20.20.20.20:8443

     

    b1234v567_server2 = 30.30.30.30:8443

     

    So the LTM will actually similarly test this monitor like this:

     

    curl https://10.10.10.10:443/csp/public/ping?csp-client=100

     

    curl https://20.20.20.20:8443/csp/public/ping?csp-client=100

     

    curl https://30.30.30.30:8443/csp/public/ping?csp-client=100

     

    The monitor you have are all basically the same so when creating your monitor you should be able to use something like this:

     

    tmsh create ltm monitor https foo.monitor defaults-from https send "GET /csp/public/pingcsp-client=100\r\n\r\n" recv alive

     

    NOTE: You will need to enter the correct response value in the Recieve String and replace "alive". I did this in TMSH for you to make it easier to create and take a look at, so after the monitor is created you can look in the Management Console to see what it did.

     

    Hope this helps. Let us know if this puts you on the right track.

     

  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    Feb 11, 2015

    Hi Jeffrey,

     

    as Michael already recommended you can try to use cURL from BIG-IP bash:

     

    curl -k -v -H "Host: ABCDgateway.mygroup.local" https:///csp/public/ping?csp-client=100

    The "-k" ignores the server´s certificate, the "-v" provides verbose output including status code and headers, the "-H" inserts a header which should fit the vhost of the webserver and needs to be replaced by actual poolmember definitions.

     

    Does it work?

     

    You can also add "-I" to force a HEAD request instead of a GET. So only headers will be returned by the server.

     

    Thanks, Stephan