Forum Discussion
MiLK_MaN
Nimbostratus
NimbostratusTACACS health monitoring
Hello,
We are working on a solution utilising LTM to load balance to some TACACS+ appliances.
While we've managed to build an iRule to gain persistance based on the session ID generated from routers contacting the vserver on the LTM, I'm trying to get my head around doing some intelligent monitoring of the nodes other than simply connecting to TCP port 49.
I got my hands on a TACACS+ perl client and got it working from a linux host, but wanted to know what I could possibly do from the LTM perspective, even if it meant using an external health monitoring script, but without having to load something custom on the box that could potentially void support on the box.
Anyone got any ideas at all?
Biju_Kurian_103I have the same requirement to set up a pool of TACACS + servers. Looking for a solution to health monitor TACACS+. Dont know if there is any advancement in the new software revisions of LTMs.
Thanks
-Biju- MiLK_MaNI started reading this, and then forgot it was me that started this thread about 3 years ago....
The quickest way to get this going is to probably use a TCP health monitor that sends a string in hex, and has a specific receive string that indicates the auth was successful. You'd need to take a capture of a valid request and a valid reply, and then play around with it.
In 10.2.1 you can send hex using \x (including nulls as \x00) in a stock TCP monitor. <--- blatantly copied from hoolio. - Josh_41258
I apologize for resurrecting such an old thread, but can anyone comment on the requirement for persistence when load balancing TACACS+? Is some type of custom persistence required like Milk_Man refers to (a custom iRule)? Anyone doing this?
Thanks