Forum Discussion
EuropeanITCrow1
Cirrus
CirrusSNMP Health Monitor
Hello *,
For my first post at DevCentral I want to show you an external monitor for checking SNMP values.
My customer has several VPN gateways using IPsec protocol.
IPsec can establish connections on two ports (4500 and 500 UDP) so it wasn’t possible to use connection limits:
Because a client may use port 500 for transferring keys but can also connect directly on port 4500 sessions cannot by counted reliably.
So my customer wanted to use SNMP queries as a health check to check the number of sessions for VPN gateways.
Because SNMP_DCA and SNMP_DCA_BASE monitors are considered as performance monitors I developed a small external monitor.
While developing my customer had several additional requirements:
1) Because access on the LTM is not allowed they want to activate/deactiviate nodes by using a webpage.
Return code False: Mark node as status session disable
Return code true: Mark node as status session enable
2) Checking the CPU utilization via SNMP
So, this is my result:
!/bin/bash
IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)
IP=`echo ${1} | sed 's/::ffff://'`
PORT=${2}
PIDFILE="/var/run/`basename ${0}`.${IP}_${PORT}.pid"
kill of the last instance of this monitor if hung and log current pid
if [ -f $PIDFILE ]
then
kill -9 `cat $PIDFILE` > /dev/null 2>&1
fi
echo "$$" > $PIDFILE
curl --connect-timeout 1 -fNs http://XX.XX.XX.XX/lb/test.php?IP=${IP} | grep -i FALSE 2>&1 > /dev/null
mark node UP if expected response or no response was received
if [ $? -eq 1 ] No Answer or TRUE
then
Getting session count from GW
SESSION=`/usr/bin/snmpget -v2c -c ${COMMUNITY} -OqUv ${IP} ${OID}`
Getting CPU Utilization from GW
CPU=`/usr/bin/snmpget -v2c -c ${COMMUNITY} -OqUv ${IP} ${CPU_OID}`
if [ $? -eq 0 ] check if snmpget worked properly
then
if [ $SESSION -lt ${THRESHOLD} -a $CPU -lt ${CPU_THRESHOLD} ] Checking CPU Threshold
then echo "UP"
/bin/bigpipe node ${NODE} session enable
else /bin/bigpipe node ${NODE} session disable No more sessions for the GW
echo "UP" Keep the GW up
fi
fi
else
echo "UP"
/bin/bigpipe node ${NODE} session disable
fi
rm -f $PIDFILE
exit
I’m not sure if everything is fine, perhaps I should initialize all variables?
Does anybody see improvements I should implement?
EuropeanITCrow1I've got a small improvement:
Depending on your interval and timeout value one should use
SESSION=`/usr/bin/snmpget -v2c -t 1 -r 1 -c ${COMMUNITY} -OqUv ${IP} ${OID}` and
CPU=`/usr/bin/snmpget -v2c -t 1 -r 1 -c ${COMMUNITY} -OqUv ${IP} ${CPU_OID}`
Mikhail_SmirnovNimbostratus
I've written a similar script for enabling/disabling pool members using bigpipe command. Everything is ok when I run it from CLI shell but It doesn't work when using it from external monitor. Does monitor have enough rights to run bigpipe commands? It looks like the monitor doesn't.
Btw monitor based on the script of topic starter cannot be applied to nodes but only to pool members. (At least on 10.1.0).- Mikhail_SmirnovIn my case it looks like a broken image. Guys from F5 support have tried my simplest example script like
-----
!/bin/bash
echo "UP"
bigpipe pool SamplePool member 192.168.10.51:3389 session enable
(On my platform I disabled member 192.168.10.51:3389 first, and this member were staying disabled after I apply EAV with this script to this member)
-----
one a same platform/version and got positive results. I'll re-image my strongbox and look for results. 
hoolioCirrostratus
I think you'd need to run all of the commands in the script before you echo anything to stdout. I've seen in external monitors where no further code runs after the stdout output.!/bin/bash Run commands bigpipe pool SamplePool member 192.168.10.51:3389 session enable Send something to stdout to show successful completion of the monitoring attempt echo "UP"
Aaron- Mikhail_SmirnovI've already tried it. It looks like bigpipe command in EAV is silently ignored and other code after "UP" works as expected. I'll try to boot from another partition and try my config there.
- hoolioYes, it's expected behavior where the script is stopped after anything is sent to stdout. So if you echo "UP" nothing else in the script will run. Therefore, you'd need to put all code you want run before you echo anything to standard output.
I added a Codeshare example which demonstrates this:
http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/TemplateForExternalLtmMonitors.html
Aaron