Forum Discussion
NimbostratusMember marked down even tough port is reachable
Hello,
I have 1 VS with 2 members, with https monitor. However, my LTM marked these members as down. From LTM I'am able to ping and telnet to member's port 443. If I changed the monitor to gateway icmp, it'll be marked up. Any advise?
5 Replies
advanx_66706I created new monitor, TCP on port 443 and apply the pool, VS now showing green. My existing https monitor is using default configuration, sending string GET /\r\n.
Tim_K_92675Cirrostratus
This is an excellent article for troubleshooting health monitors:
https://support.f5.com/kb/en-us/solutions/public/12000/500/sol12531.html
I usually perform the following:
- Mimic the monitor request by using curl;
- Run a tcpdump on the monitor - something like: tcpdump -lnni 0.0 -Xs0 host x.x.x.x and port xxx
- advanx_66706Thank you Tim, will bookmark that link for future reference.
R_Marcwhile curl can be useful, I personally find typing it in manually to be the best method. If it's HTTP telnet to the IP an port of the pool member. If it's ssl: openssl s_client -connect : In both cases you can type in the raw HTTP messages. I only rely on curl or tcpdump if its an MSSL connection and I don't have a client cert or if I need to post data. YMMV.
- R_Marc
the monitor you note (the default https monitor) will quite likely produce a 404. You'd need to accept that:
in tmsh:
modify ltm monitor https yourmonitor { recv "HTTP/1\.(0|1) (200|404)" }If you wanted a completely new monitor (assuming you are using defaults), which you should use, in my opinion:
create ltm monitor https yourmonitor { cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from https destination *:* interval 5 recv "HTTP/1\.(0|1) (200|404)" send "GET / HTTP/1.0\r\n\r\n" time-until-up 0 timeout 16 }
