Forum Discussion

Pradeep_more_10's avatar
Pradeep_more_10
Icon for Nimbostratus rankNimbostratus
Aug 09, 2012

How HTTPS health monitor works in f5 loadbalancer

Hi,     i want to know how https health monitor works in f5 laodbalancer on non standerd port(eg:- 7005) .     can you please explane with example..       Regards   Pradeep
config
design
nitass's avatar
nitass
Icon for Employee rankEmployee
Aug 10, 2012
there are 2 certificates in ssl handshake. one is on server which always be presented to client and the other one is on client which is sent to server only when server requests i.e. client certificate authentication.

 

 

if server does client certificate authentication, you have to import client certificate and key to bigip and set them in https monitor. otherwise, certificate and key is not needed.

 

 

 

as of now i have read access..so not able to see logs ..tcpdump/ssldump.....for log, you may try to enable bigd debug.

 

 

Troubleshooting Ltm Monitors by Aaron

 

https://devcentral.f5.com/wiki/AdvDesignConfig.TroubleshootingLtmMonitors.ashx

 

 

about tcpdump/ssldump, step should look like this. and you know private key is necessary to decrypt packet.

 

1/ remove https monitor from pool

 

2/ start tcpdump

 

tcpdump -i 0.0:nnn -s0 -w /var/tmp/output.pcap host x.x.x.x and host y.y.y.y and port 7002

 

 

3/ assign https monitor to pool

 

4/ wait until pool member is marked down

 

5/ stop tcpdump

 

 

to decrypt packet, you may try wireshark.

 

 

e.g.

 

How to decrypt SSL and TLS traffic using Wireshark

 

http://support.citrix.com/article/CTX116557/

 

 

hope this helps.