voyeuristic pool monitoring

well the traffic is coming from a snat pool, but even if we were doing an automap then that would snat it to the floating ip not the self ip's. obviosuly if a monitor was coming from a single snat address on both an active and a passive box then monitoring is (presumably) impossible.

 

 

my particular situation is that we have been allocated a large ip range within a third parties network. this range bears no relation to our own range, but is required to be used for their firewalling / routing. the address space therefore lives purely within a virtual space in the LTM's. we would then have to SNAT our requests on a perimeter firewall into the address space on the LTM's. this is possible sure, but not fun.

 

 

in addition to this we naturally want to test the remote applications as far as possible, but that in itself is hard as the requests required are all based on session id's and unique identifiers. if we make a request for the same session id (i.e. with an http monitor) then the remote party starts complaining as their IIS logs fill with HTTP 500's and in their opinion appear to suggest that someone is trying a DOS on them (!!). if we could instead just watch the respsonses to live traffic then implicitly we are covered to the full depth of each nodes service.

 

 

It does seem strange to monitor a node / pool based on tests that do not represent the live usage... but obviously that leads to much more complex grounds.

 

 

Cheers

 

 

Chris