Native SNI support for Health Monitoring
Hi all,
Back in 2018 i was wondering why there was no native Bigd process based SNI support in Health Monitoring. It turned out that the only way to achive this was with the help of the famous external curl script.
The other option was to change to in-TMM monitoring. And that probably for a good reason. This would require setting a database key : modify sys db bigd.tmm value enable - according to K11323537.
Has anyone tried this in-TMM option and would you please share your experiences?
I was still hoping F5 would incorporate this very useful option as native, but haven't found this in any new version yet. Or perhaps i missed it somehow? 🙂
Thanks,
Erik
I have tried this in the past on v13.x 🙂 and it showed unexpected behaviours. The in-tmm monitoring was brought up and it caused multiple other pools to go down. Later investigation showed that it consumed huge memory as the version was having a bug. So we turned it off and sticked back to external monitor.
Also to note, if once upgrades from v11 to v13, the upgry process by default appends a SSL profile to the monitor. So need to make sure they remove those profiles or add right profile before turning on in-tmm monitoring.
I'm sure with the latest bug fixes, it should be stable, make sure your infra is on that version. Don't start off with the production and later have a face palm 😉
Hi ErikM,
On my part, I use In-TMM monitoring on a version v14.x to be able to use Authenticate Name option on Server SSL profile to perform a CN check of the backend server certificates
No problem for the past 2 years, it's stable and does the job well 🙂