For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

ICMP Custom Source Address Monitor

Problem this snippet solves:

This external monitor shows how to select a custom self IP address from the /config/bigip_base.conf to source ICMP pings from. The scenario is described in the following post:

How to setup external monitor with extended ping? http://devcentral.f5.com/Default.aspx?tabid=53&aft=1171280

How to use this snippet:

  1. Create a new file containing the code below on the LTM filesystem. Recommended location is /usr/bin/monitors. Permissions on the file must be 700 or better, giving root rwx access to the file. Customize the self IP prefix to search for in the bigip_base.conf by replacing 10.41.1. in the script below

  2. Create a monitor profile of type "External" with the following values:

    • External Program: . . the name of the script file created in step 1
    • Arguments: . . . . . .DEBUG=0 or DEBUG=1 to log debug messages to /var/log/ltm

If you add a DEBUG variable in the monitor definition and set it to 1, the script will write out debug to /var/log/ltm.

Example monitor definition: 

# b monitor custom_ping_monitor list
monitor custom_ping_monitor {
   defaults from external
   DEBUG "0"
   run "custom_ping.bash"
}

3.Adjust the interval and timeout as appropriate for your application

Code :

#!/bin/bash

# Save as /usr/bin/monitors/custom_ping.bash
# Make executable using chmod 700 custom_ping.bash

# Use a custom IP address to source a ping to the pool member IP address
# Get the self IP address starting with 10.41.1. from the bigip_base.conf

# Log debug to local0.debug (/var/log/ltm)?
# Check if a variable named DEBUG exists from the monitor definition
# This can be set using a monitor variable DEBUG=0 or 1
if [ -n "$DEBUG" ]
then
   if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0`: true: \$DEBUG: $DEBUG" | logger -p local0.debug; fi
else
   # If the monitor config didn't specify debug, enable/disable it here
   DEBUG=0
   #echo "EAV `basename $0`: false: \$DEBUG: $DEBUG" | logger -p local0.debug
fi

# Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)
IP=`echo $1 | sed 's/::ffff://'`

# We don't use the port except for logging
PORT=$2

# Check if there is a prior instance of the monitor running
pidfile="/var/run/`basename $0`.$IP.$PORT.pid"
if [ -f $pidfile ]
then
   kill -9 `cat $pidfile` > /dev/null 2>&1
   echo "EAV `basename $0`: exceeded monitor interval, needed to kill ${IP}:${PORT} with PID `cat $pidfile`" | logger -p local0.error
fi

# Add the current PID to the pidfile
echo "$$" > $pidfile

# Debug log of the command before it is run
if [ $DEBUG -eq 1 ]
then
   echo "EAV `basename $0`: Running for ${IP}:${PORT} using source IP `awk 'BEGIN {RS="}\n";FS=RS} /^self 10\.41\.1\./ {print $1;} ' /config/bigip_base.conf |head -1|awk '{print $2}'`" | logger -p local0.debug
fi

# Send the ping request and look for rtt in response
# Redirect stderr and stdout to nothing to ensure we don't errantly mark the pool member up
ping -I `awk 'BEGIN {RS="}\n";FS=RS} /^self 10\.41\.1\./ {print $1;}' /config/bigip_base.conf |head -1|awk '{print $2}'` -c 1 -W 1 $IP | grep rtt 2>&1 > /dev/null

# Check if the command ran successfully
# Note that any standard output will result in the script execution being stopped
# So do any cleanup before echoing to STDOUT
if [ $? -eq 0 ]
then
   rm -f $pidfile
   if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0`: Succeeded for ${IP}:${PORT}" | logger -p local0.debug; fi
   echo "UP"
else
   rm -f $pidfile
   if [ $DEBUG -eq 1 ]; then echo "EAV `basename $0`: failed for ${IP}:${PORT}" | logger -p local0.debug; fi
fi
Published Mar 12, 2015
Version 1.0
No CommentsBe the first to comment