HTTPS SNI Monitoring How-to
Hi,
You may or may not already have encountered a webserver that requires the SNI (Server Name Indication) extension in order to know which website it needs to serve you. It comes down to "if you ...
Published Mar 23, 2014
Version 1.0
Thomas_Schocka1
Altocumulus
AltocumulusThomas_Schocka1Altocumulus
Altocumulus
Peter_Baumann
Cirrostratus
CirrostratusHi ,
Today I had the time to test the In-TMM Monitoring on a test instance and it was working quite well.
Since we have only generic ICMP/HTTP/HTTPS monitors, all of them are still running.
You will see the following in the log:
# modify sys db bigd.tmm value enable
Aug 14 13:52:29 slot1/f5-test-mng notice tmm[12672]: 01ad0000:5: Monitor Agent TMM 0: channel connection opened
Aug 14 13:52:29 slot1/f5-test-mng notice tmm[12672]: 01ad0002:5: Monitor Agent TMM 0: channel authenticated
Aug 14 13:52:29 slot1/f5-test-mng notice tmm[12672]: 01ad0014:5: Monitor Agent TMM 0: created activity: proto TMA_PROTO_HTTP, endpoint 1.4.2.9:80, monitor /Common/http_test
Aug 14 13:52:29 slot1/f5-test-mng notice tmm[12672]: 01ad0014:5: Monitor Agent TMM 0: created activity: proto TMA_PROTO_GATEWAY_ICMP, endpoint 1.4.7.5:0, monitor /Common/icmp_Routing-Pool
Aug 14 13:52:29 slot1/f5-test-mng notice tmm[12672]: 01ad0014:5: Monitor Agent TMM 0: created activity: proto TMA_PROTO_GATEWAY_ICMP, endpoint 1.4.2.1:0, monitor /Common/icmp_Routing_via_NewDCA
Aug 14 13:52:29 slot1/f5-test-mng notice tmm[12672]: 01ad0014:5: Monitor Agent TMM 0: created activity: proto TMA_PROTO_GATEWAY_ICMP, endpoint 1.4.4.1:0, monitor /Common/icmp_Routing_via_NewDCB
Aug 14 13:52:34 slot1/f5-test-mng notice tmm[12672]: 01ad0014:5: Monitor Agent TMM 0: created activity: proto TMA_PROTO_GATEWAY_ICMP, endpoint 1.4.6.1:0, monitor /Common/icmp_Routing-PoolSo In-TMM Health Monitoring has started processing.
I planned to start tests with a SNI monitor but then I found the following "show-stopper":
Bug ID 778517: Large number of in-TMM monitors results in delayed processing
https://cdn.f5.com/product/bugtracker/ID778517.html
We did tests with External scripts as SNI health monitors but this was leading to a too high loadad big-ip then.
With the "show-stopper" above it makes no sense to use this kind of health-monitoring on our about 1500 virtual-servers and manymany health monitors loaded machine.
The question is now again:
When is F5 implement a native SNI health monitor to the big-ips??