Forum Discussion
Perry_71428
Nimbostratus
NimbostratusF5 Monitor Issue
Hi
All our websites are managed in a standard F5 Virtual Server / Pool / Node way.
We have health monitors running against the pools and nodes. These are set to run every 5 seconds. These are simple tcp port 80 monitors. They are not HTTP GETs.
When our website receives a new session request, it creates a session record in our database for later analysis, storing the ip of the request from the http x-forwarded-for attribute passed in by the F5.
Amongst the real traffic, I am seeing database records being created from the internal ip's of our F5 units every 5 seconds indicating that somewhere, the F5 itself is actually making calls direct to our website.
This must be coming from a monitor but for the life of me I cannot find the culprit.
Every pool is a simple TCP port 80 monitor and every node is a simple icmp monitor.
There is another monitor set up, lets call it monitorA, which does do a website GET which says it has some instances attached but when I review the pools & nodes listed, none of them list the monitorA as a healthcheck.
I have disabled these monitor instances, but still these records are being created in our database by our website. I cannot delete the monitor due to the instances existing.
Is this a case where the F5 needs to be rebooted to clear itself, as I cannot work out where these calls to the website are coming from.
Any ideas?
Thanks
Perry_71428Hi Aaron
Thanks for the help
We do have a redundant pair of F5's and they are synched. The database logs are recording two calls from each of the F5's ip every 5 seconds. It must be a monitor somewhere that is doing it but having gone through 50+ pools and 50+ nodes I can't find it!
I'll try and check out the things you suggested, but booting the devices if it comes to that is something I'll have to get done out of hours.
Thanks
Perry
hoolioCirrostratus
Hi Perry,
No problem. I'd check for a default node monitor first and then use the grep command. You should be able to find the monitor association with those methods.
Aaron
smp_86112I guess I think about this as, there are only a limited number of places that a monitor can be applied, right? The Pool level, the Pool Member level, the Node level, or the Default Node level. Have you confirmed that you have checked all four of these places?- Perry_71428Hi
Sorry for no replies - I am relooking at this issue today. Will post when I have done the analysis suggested.
Thanks
Perry - Perry_71428Hi
Managed to get the bigip.conf file using WinSCP and have found the offending section referencing the problem monitorA
shell write partition Seatwave
pool pool_name {
monitor all monitorA
members
xx.xxx.xxx.xxx:http
down
session disable
....
}
The interesting thing is I cannot see the pool "pool_name" on the UI at all - I'd like to delete it, and then delete the monitorA.
Any ideas why that is when I am logged on as an administrator?
Thanks
Perry - Perry_71428Aha - I think its to do with partitions.
All the main configuration is in the "Common" partition, as is the definition of the monitorA, but the problem pool referencing monitorA is in the "Seatwave" partition.
I can't see anywhere in the UI to move around partitions - how can I get access to the "Seatwave" partition in order delete the pool, so I can return to the Common partition to delete the monitor?
Perry - smp_86112Nicely done. Obviously I need to amend my statement about there only being four places to apply a monitor - I did not consider alternate partitions.
I don't run a version of software that uses partitions yet. But I do know one way is to move that section of the config file to a spot underneath the "Common" partition. Then after you save it, load the config by executing "b config load".
Alternatively, you can change to a different partition by selecting it from the drop-down list of partitions in the upper right-hand corner of the admin GUI. But I think you will only be able to delete it from one partition, change to the Common partition, and then re-create it. I don't know this for certain, but I suspect you would not be able to duplicate a pool using the same name in a different partition. I could be wrong about that - might be worth a shot. - Perry_71428Got it - thanks! All tidied up as required.
One thing to note is that the partition drop down doesn't get enabled until you select something in the Local Traffic menu.
The only reason the second partition exists is down to our managed host and the way they originally wanted to manage our level of permissions to the boxes. Now we have full control we can keep it nice and simple and do everything in "Common".