Forum Discussion
wowchens
Nimbostratus
NimbostratusHTTP Monitor Question
Hello: I have an issue with http monitor on my LTM with one the servers. Well, its actually not a server, its Citrix Access Gateway, hardware box. When I set my Pool with http monitor, its not able to see that its UP. What the CAG does is, for any request on http, it sends a 301 response with a https redirect and closes the connection. This is normal behavior. I am not sure how to tweak my monitor to work with this. Here is the raw output that I captured for a simple Get / transaction with IE browser(fiddler). I have seen this in the past with RSA cleartrust protected websites but I got around those by using a test page and excluding that from CT Protection. Any help is greatly appreciated.
GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8; MS-RTC EA 2)
Host: 172.18.6.21
Proxy-Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Connection: close
Accept-Ranges: none
Location: https://172.18.6.21:443/
Content-Length: 0
Thanks,
Chenna
hoolioCirrostratus
Hi Chenna,
What do you have the receive string set to when the pool member is being marked down? If you want to consider the redirect a valid response, you could set the receive string to "301 moved". bigd parses the full response including the headers looking for the receive string.
Aaron
wowchensHey Aaron: Thanks for the reply. I changed the response string to the same, still no luck. Although I figured if I do GET / HTTP/1.1\r\n it started working. I guess its required to specify the carriage return and the end to mark the end of the request header.
Any ways, I am all set. Thank you!!- hoolioHTTP v1.1 requires a Host header even if the value is empty. It would also be good to tell the server that LTM won't re-use the connection using Connection: close.
GET / HTTP/1.1\r\nHost: \r\nConnection: Close\r\n
It would also be good to set some kind of receive string (like 200 OK or 301 Moved) to ensure that the pool member won't be marked up if it's returning 500 level error codes.
Aaron - wowchensThat's a good point but most of our stuff is IIS based which will always throw a 401 response for the first request unless Anonymous authentication is used. Other option for the monitor to be more effective is to to have a custom monitor for every web app. If there is a way where we can specify multiple receive strings with an OR operator, that would be nice. Then we can give all response codes except 500 and LTM will mark the member down when its 500. Not sure if this is possible.
- hoolioMaybe you could define a generic basic auth account on each web server for monitoring from the BIG-IP? You could then configure the send string with an auth header.
You can't configure multiple send strings in the same monitor, but you can add multiple monitors to a pool. You can set a minimum number of checks so theoretically you can add three monitors and set it so the pool member is marked up if it responds to X number of monitors.
You can also add a monitor which will mark the member down if there is a 500 in the response. You can do this by setting the receive string to 500 - internal server error and enabling the 'reverse' option (mark the member down if the receive string is found in the response).
I think the first option would be the most effective and add the lowest load on LTM and the servers.
Aaron