Forum Discussion

ErikM's avatar
ErikM
Icon for Cirrus rankCirrus
Feb 09, 2022

Native SNI support for Health Monitoring

Hi all, Back in 2018 i was wondering why there was no native Bigd process based SNI support in Health Monitoring. It turned out that the only way to achive this was with the help of the famous exter...
application delivery
  • jaikumar_f5's avatar
    jaikumar_f5
    Feb 10, 2022

    I have tried this in the past on v13.x 🙂 and it showed unexpected behaviours. The in-tmm monitoring was brought up and it caused multiple other pools to go down. Later investigation showed that it consumed huge memory as the version was having a bug. So we turned it off and sticked back to external monitor.

     

    Also to note, if once upgrades from v11 to v13, the upgry process by default appends a SSL profile to the monitor. So need to make sure they remove those profiles or add right profile before turning on in-tmm monitoring.

     

    I'm sure with the latest bug fixes, it should be stable, make sure your infra is on that version. Don't start off with the production and later have a face palm 😉

  • Lidev's avatar
    Lidev
    Feb 14, 2022

    Hi ErikM,
    On my part, I use In-TMM monitoring on a version v14.x to be able to use Authenticate Name option on Server SSL profile to perform a CN check of the backend server certificates
    No problem for the past 2 years, it's stable and does the job well 🙂

ErikM's avatar
ErikM
Icon for Cirrus rankCirrus

Thanks to you all for sharing your thoughts! Much appreciated!

Since we have some space left on our vcmp host i will spin up another guest in order to do some testing with this.

Again, wondering why something so mainstream as SNI is not natively supported in HM-land. Or in the case of in-TMM: not being fully documented yet. Perhaps someone from F5 could pls comment on this.

Erik

thecarrionkind's avatar
thecarrionkind
Icon for Altostratus rankAltostratus
Aug 02, 2024

I've started to use in-TMM monitoring to SNI in non-production and noticed this:

  • less verbosity in logs when enabling health check monitor logs on a member of a pool.
  • before you have a message when you have response that doesn't match the receive string defined in a http health check, now it's only up or down.
  • an specific application health check goes UP when using bigd monitoring. Goes DOWN when switching to In-TMM monitoring.

 

So I'm not so happy about less verbosity with In-TMM monitoring.