read packet for specific information

The short answer is yes, you can dig into the payloads and look for strings. Does the LTM have any visibility to the third tier at all? Would it be possible to use a custom monitor to check that tier for health, marking services up or down accordingly?

 

 

Another approach would be to stage a script someplace else, periodically check health on that back end, then issue a command via iControl to take services down.

The best way to monitor a multi-tier app is to configure a monitor that makes a request to the load balanced tier that will only return the expected result if all underlying tiers are functional.

 

 

For example, if you are load balancing only the web tier, you can construct a monitor that makes an HTTP request via the web tier for a dynamic page that can only be properly generated if the app tier and the database are alive & well. cURL may be used to construct a scripted monitor if more than one request must be made to simulate the required transaction.

 

 

Monitoring only the app tier can be a bit trickier because the client may not be available on BIG-IP, but the same approach is recommended: Send a request to the tier you are LB'ing that reaches all the way through to the backend, and mark the middle tier server down if the expected response is not received. Netcat (nc) may be used to construct a scripted monitor if there is no builtin monitor type available, or if more than one request must be made to simulate the required transaction.

 

 

hth

 

/deb

thanks for the info. the third tier is not directly accessible. these are vendor located tiers and access to them is tightly controlled. we have icmp and our service ports from very specific servers so checking them direct is not an option. i do have a remote app that is running a vscript and querying ping status to these vendors VIA the servers themselves. this for one of our monitoring applications so we can "see" the visibility to these vendors. otherwise we are blind so to speak from a monitoring standpoint. this vbscript does work and returns a status 1 or 0 to my app. i guess that would be possible to integrate with iControl? i have never used that so i will have to look into it. my scripts are fine however my results are flaky right now. trying to narrow down if i have real issues or a busy server.

 

 

i did realize that inspecting the packet may not work since if it gives the down indication and i pull the node, how would i ever check to get it back up when the backside is available again?

 

 

thanks for your ideas and any other forthcoming.

 

 

can you use irule to read a file off of a share and search a string?

i do have a remote app that is running a vscript and querying ping status to these vendors VIA the servers themselves. this for one of our monitoring applications so we can "see" the visibility to these vendors. otherwise we are blind so to speak from a monitoring standpoint. this vbscript does work and returns a status 1 or 0 to my app. i guess that would be possible to integrate with iControl?

 

Yes, you could build a simple iControl call into the monitoring script to update the related pool member status.

 

 

i did realize that inspecting the packet may not work since if it gives the down indication and i pull the node, how would i ever check to get it back up when the backside is available again?

 

You could do that by applying a service monitor of some kind that makes a request then will mark it back up when the service is again available. But sounds like that might be challenging in this case.

 

Give the iControl solution a shot, I think it will work nicely.

 

/d

thanks for your help

ok well we are going with iControl for that functionality but i then realized in order for this to work i must split my vip into three pools and select the pool based on a value in the packet. so i will continue looking at packet inspection for that while we evaluate iControl to handle the node status.