Forum Discussion

travis_stl_1128's avatar
travis_stl_1128
Icon for Nimbostratus rankNimbostratus
Mar 07, 2013

smart iRule that sends a log/trap when 2 members of a 4 member pool are down?

@etc-haslb-1:Active] ~ b pool | grep panhangui

 

POOL panhangui-prd-pool LB METHOD round robin MIN/CUR ACTIVE MEMBERS 0/4

 

+-> POOL MEMBER panhangui-prd-pool/5.9.162.184:63433 active,up

 

+-> POOL MEMBER panhangui-prd-pool/5.9.162.185:63433 active,up

 

+-> POOL MEMBER panhangui-prd-pool/5.9.162.188:63433 active,up

 

+-> POOL MEMBER panhangui-prd-pool/5.9.162.189:63433 active,up

 

application delivery
dev
devops
irules

3 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 08, 2013
    i use dummy pool to send periodically send (health monitor) packet to dummy virtual server. in the dummy virtual server, i have an irule to check if active member of pool i am interested (e.g. foo) is less than 1, replace udp (health monitor) payload with snmp trap and send it to nms server.

    for the snmp trap payload, i capture packet when running snmptrap command in the link below.

    Send SNMP traps

    http://www.commandlinefu.com/commands/view/2908/send-snmp-traps

    anyway, i am not sure if this is a good approach but it is fun. 🙂 

    [root@ve10:Active] config  b pool dummy_pool list
pool dummy_pool {
   monitor all udp
   members 1.1.1.1:162 {}
}
[root@ve10:Active] config  b virtual dummy_vs list
virtual dummy_vs {
   translate service disable
   destination 1.1.1.1:162
   ip protocol 17
   rules myrule
   profiles udp_gtm_dns {}
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when RULE_INIT {
   set static::pool_name "foo"
   set static::nms_server "192.168.206.75"
   set static::packetdata [binary format H* "305e02010104067075626c6963a75102041433b1bf0201000201003043301006082b06010201010300430406cdd33b3018060a2b060106030101040100060a2b060104018f650e0101301506082b0601020101060004094a7573742068657265"]
}
when CLIENT_ACCEPTED {
   if { [active_members $static::pool_name] < 1 } {
      set oldlength [UDP::payload length]
      UDP::payload replace 0 0 $static::packetdata
      UDP::payload replace [string length $static::packetdata] [expr [UDP::payload length] - [string length $static::packetdata]] ""
      node $static::nms_server
   } else {
      UDP::drop
   }
}
}
[root@ve10:Active] config  b pool foo list
pool foo {
   monitor all http
   members 200.200.200.101:80 {}
}

 pool foo is down (active member < 1)

[root@ve10:Active] config  tail -f /var/log/ltm
Mar  8 21:44:16 local/ve10 notice mcpd[3824]: 01070638:5: Pool member 200.200.200.101:80 monitor status down.
Mar  8 21:44:16 local/tmm err tmm[4950]: 01010028:3: No members available for pool foo

 snmp trap

[root@ve10:Active] config  tcpdump -nni 0.0 port 162
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
21:44:20.356649 IP 172.28.19.253.58705 > 192.168.206.75.162:  V2Trap(81)  .1.3.6.1.2.1.1.3.0=114152251 .1.3.6.1.6.3.1.1.4.1.0=[|snmp]
21:44:25.295261 IP 172.28.19.253.29598 > 192.168.206.75.162:  V2Trap(81)  .1.3.6.1.2.1.1.3.0=114152251 .1.3.6.1.6.3.1.1.4.1.0=[|snmp]
21:44:30.331824 IP 172.28.19.253.58705 > 192.168.206.75.162:  V2Trap(81)  .1.3.6.1.2.1.1.3.0=114152251 .1.3.6.1.6.3.1.1.4.1.0=[|snmp]
  • Marc_64553's avatar
    Marc_64553
    Icon for Nimbostratus rankNimbostratus
    Mar 19, 2013

    Assuming your virtural server as a default pool defined (IE is not relying on an iRule to define the pool):

    
when CLIENT_ACCPETED {
if { active_members [LB::server pool] <= 2 } {
   log local0. "ALERT:  pool '[LB::server pool]' has two or less active members".
   }
}

    It's then up to syslog or your monitoring infrastructure to alert on this log message.

    Alternately look at HSL here https://devcentral.f5.com/wiki/iRules.HSL__send.ashx for more details on setting up high speed (remote) logging.