Forum Discussion
Cirrushttps Monitor
F5 LTM is load balancing among 6 webservers. Application servers are behind webserver. I have configured a monitor of tcp halfopen for port 4443 which is the port of webserver.
Now I am facing a problem that webserver somehow stop working but still responding on port 4443 so F5 still sends traffic to that webserver. Now I am thinking of making more specific monitor which can check the application is working through that webserver.
URL is "https://10.50.169.27:4443/ecommunications_enu/start.swe"
put username and password. but this process takes about 40 seconds. So I am afraid that if I make https monitor and application takes more time to respond that might be F5 mark it down. so how to make a monitor now?
12 Replies
Sheigh_65772You can have both the tcp and http monitor. Also for the timeout the recommendation is (3*interval)+1.
For example if you expect the process to take 40 seconds you could put your interval at 40 and your timeout at 121. This will allow for 3 bad polls before the member is marked down. If you want it to allow for only two bad polls by the monitor you could set your timeout to 81.
Muhammad_Irfan1We have 6 webservers, link is https://10.50.169.26:4443/ecommunications_enu/start.swe. Just ip changes for each webserver. As i only want to check if webserver returns application login page then its up otherwise down if does not return login page. I know which cipher string to put. Using HTTP1.1. can you make a monitor for this please
- nitass
Employee
We have 6 webservers, link is https://10.50.169.26:4443/ecommunications_enu/start.swe. Just ip changes for each webserver.
health monitor will take ip and port from pool member (you do not need to hard-code ip and port in health monitor setting).
I know which cipher string to put.
you may try default first.
Using HTTP1.1. can you make a monitor for this please
sol2167: Constructing HTTP requests for use with the HTTP or HTTPS application health monitor
https://support.f5.com/kb/en-us/solutions/public/2000/100/sol2167.html- Muhammad_Irfan1Nitass, Webserver gets non response somehow but its still replying on port 4443. if webserver is using HTTP1.1 and I only want that whether it returns login page or not. Can you please guide me in making this. ecommunications_enu/start.swe is the URI. Return page would be successful page open that's it. I do not want to login or anything. just return login page. Please please we just went into production and when webserver goes down even then we do not know that its not responding. It should be only up its returning a login page
nitass_89166Noctilucent
We have 6 webservers, link is https://10.50.169.26:4443/ecommunications_enu/start.swe. Just ip changes for each webserver.
health monitor will take ip and port from pool member (you do not need to hard-code ip and port in health monitor setting).
I know which cipher string to put.
you may try default first.
Using HTTP1.1. can you make a monitor for this please
sol2167: Constructing HTTP requests for use with the HTTP or HTTPS application health monitor
https://support.f5.com/kb/en-us/solutions/public/2000/100/sol2167.html- Muhammad_Irfan1Nitass, Webserver gets non response somehow but its still replying on port 4443. if webserver is using HTTP1.1 and I only want that whether it returns login page or not. Can you please guide me in making this. ecommunications_enu/start.swe is the URI. Return page would be successful page open that's it. I do not want to login or anything. just return login page. Please please we just went into production and when webserver goes down even then we do not know that its not responding. It should be only up its returning a login page
- nitass
Can you please guide me in making this. ecommunications_enu/start.swe is the URI.
can you try something like this?
[root@ve11a:Active:In Sync] config tmsh list ltm monitor https myhttps ltm monitor https myhttps { adaptive disabled cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from https destination *:* interval 5 ip-dscp 0 recv "200 OK" send "GET /ecommunications_enu/start.swe HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n" time-until-up 0 timeout 16 }- Muhammad_Irfan1This marked the webserver down nitass. Default https monitor marks the webservers up. I tried with 200 OK and just 200 as well but marks the webserver down
- nitasshave you done troubleshooting? what did you get? Troubleshooting Ltm Monitors https://devcentral.f5.com/s/articles/ltm-external-monitors-troubleshooting
- nitass_89166
Can you please guide me in making this. ecommunications_enu/start.swe is the URI.
can you try something like this?
[root@ve11a:Active:In Sync] config tmsh list ltm monitor https myhttps ltm monitor https myhttps { adaptive disabled cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from https destination *:* interval 5 ip-dscp 0 recv "200 OK" send "GET /ecommunications_enu/start.swe HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n" time-until-up 0 timeout 16 }- Muhammad_Irfan1This marked the webserver down nitass. Default https monitor marks the webservers up. I tried with 200 OK and just 200 as well but marks the webserver down
- nitass_89166have you done troubleshooting? what did you get? Troubleshooting Ltm Monitors by Aaron https://devcentral.f5.com/wiki/advdesignconfig.TroubleshootingLtmMonitors.ashx?csrt=16883458612122064783&lc=1
