Forum Discussion
Nimbostratuspool member not responding to https port (443) but responding on tcp.
Dear Devcentral Team,
Thanks for being there always to help us.
We have below setup,
VS (port443)---> pool member (port443)----->. Actual servers (other tcp ports ex: 3310)
our VS server send request to pool member which is working on port 443 and this server again send request to below application servers on any other ports which are not configured in F5.
I am currently facing the below issue in my environment,
for our pool member we have configured health monitor https (443) but some time the member is responding to the monitor and after some time it will not respond and our pool members get down so application is also not working.
Now I have changed all the health monitors to tcp and its working currently but we want only https health monitor.
Could you please help me to solve this issue.
Do we have any custom health monitor to configure.
Regards,
Ashish Takawale
9 Replies
nitass_89166Noctilucent
for our pool member we have configured health monitor https (443) but some time the member is responding to the monitor and after some time it will not respond and our pool members get down so application is also not working.
have you tried tcpdump?
do you have server's private key to decrypt packet. also, since it is https, you may have to remove the monitor from pool first, start tcpdump and assign it back to the pool. so, you will be able to decrypt it.
Ashish_Ram_Tak1Thank you for your quick response, I will run the tcpdump and will let you know, and yes i have servers private key.
- nitass
Employee
for our pool member we have configured health monitor https (443) but some time the member is responding to the monitor and after some time it will not respond and our pool members get down so application is also not working.
have you tried tcpdump?
do you have server's private key to decrypt packet. also, since it is https, you may have to remove the monitor from pool first, start tcpdump and assign it back to the pool. so, you will be able to decrypt it.
- Ashish_Ram_Tak1Thank you for your quick response, I will run the tcpdump and will let you know, and yes i have servers private key.
- nitass
I will run the tcpdump and will let you know, and yes i have servers private key.
to prevent an effect to production, you can create a new pool (using the same pool member) but use https monitor.
- Ashish_Ram_Tak1thank you for your suggestion, could you please help me with the tcpdump command, and what i need to check from that tcpdump.
- nitass_89166
I will run the tcpdump and will let you know, and yes i have servers private key.
to prevent an effect to production, you can create a new pool (using the same pool member) but use https monitor.
- Ashish_Ram_Tak1thank you for your suggestion, could you please help me with the tcpdump command, and what i need to check from that tcpdump.
- nitass
could you please help me with the tcpdump command, and what i need to check from that tcpdump.
try this and look for tcp reset or http response which does not match the receive string.
tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host x.x.x.x and host y.y.y.y and port zzz -v x.x.x.x is non-floating self ip on server vlan y.y.y.y is server ip zzz is server port
