Forum Discussion
NimbostratusUsing an HTTP monitor without DNS lookup
Greetings.
I have run into an interesting problem... I have an internal F5 LTM configured with a VIP that serves internal clients only. To check on the pool members' health, I use the following GET command:
"GET http://appname.companyname.com/authentication.GetServerstatus/appname \r\n", where "appname.companyname.com" resolves to an internal IP address (10.x.x.x).
I am checking for an "OK" in the response, and things are working great.
Now the bad news: We need to expose the application to external users. So I build an external-facing VIP with a non-RFC1918 IP address, copy over the settings to our external-facing F5, and it mostly works - but the application is advertised externally with the same FQDN. When the external F5 looks up "appname.companyname.com" it goes via the management IP address, and I get the internal IP address.
Can I manually configure an IP address in the monitor? Or is there a smarter trick?
Thanks in advance!
JGCumulonimbus
Why do you need to provide an absolute target URI in a monitor? Is your backend server a proxy?
It would help clear things up if you share your virtual server and pool configuration.
rob_carrCirrocumulus
You can use the alias address setting to specify the address being checked by your monitor.
- JG
You could do this with an external monitor, such as below:
!/bin/sh these arguments supplied automatically for all external pingers: $1 = IP (::ffff:nnn.nnn.nnn.nnn notation or hostname) $2 = port (decimal, host byte order) $3 and higher = additional arguments $MONITOR_NAME = name of the monitor In this sample script, $3 is the regular expression Name of the pidfile pidfile="/var/run/$MONITOR_NAME.$1..$2.pid" Send signal to the process group to kill our former self and any children as external monitors are run with SIGHUP blocked if [ -f $pidfile ] then kill -9 -`cat $pidfile` > /dev/null 2>&1 fi echo "$$" > $pidfile Remove the IPv6/IPv4 compatibility prefix node_ip=`echo $1 | sed 's/::ffff://'` Using the nc utility to get data from the server. Search the data received for the expected expression. echo "GET /" | /usr/bin/nc $node_ip $2 2> /dev/null | grep -E -i $3 > /dev/null echo -e "GET http://appname.companyname.com/authentication.GetServerstatus/appname HTTP/1.0\n\n" | /usr/bin/nc -s ext.ip.addr.on.f5 appname.companyname.com 80 | grep "my expected return string" > /dev/null 2>&1 status=$? if [ $status -eq 0 ] then Remove the pidfile before the script echoes anything to stdout and is killed by bigd rm -f $pidfile echo "up" fi Remove the pidfile before the script ends rm -f $pidfile[Untested].
Replace "ext.ip.addr.on.f5" with a public IP address on your F5 system.
Stanislas_Piro2Hi,
I think you misunderstood monitor configuration
the
is never interpreted by LTM to resolve hostname.Send stringThe monitor open a TCP connection to pool member address and pool member port (or alias address / port is configured)
after TCP handshake, the BigIP send the send string as is.
when server respond, it parse the whole response including HTTP headers, if receive string matches, it mark the pool member up and close TCP connection.
if you want to monitor server with URL
, the monitor send string must be :http://appname.companyname.com/authentication.GetServerstatus/appnameGET /authentication.GetServerstatus/appname HTTP/1.1\r\nHost: appname.companyname.com\r\nConnection: Close\r\n\r\n