Forum Discussion

Ram_Khakurel_75's avatar
Ram_Khakurel_75
Icon for Nimbostratus rankNimbostratus
Feb 28, 2013

Loadbalancing of Bluecoat proxysg and failover of internet links

Guys,

 

We have got 2 Bluecoat proxy in different datacenter with different ISP connection.

 

 

I have got a Big IP LTM LTM loadbalancing 2 Bluecoat proxy device using icmp ping health check but I want to go beyond this like check the health of Internet access through Bluecoat device.What kind of health check do I use at node level.

 

 

This is for automatic failover of ISP link failure. The current config only does failover incase the Bluecoat device is not available(not pingable)

 

 

I want to failover of Bluecoat proxy even in case of ISP failure.

 

Since all the users will be hitting LTM Vip for proxy ,I want the LTM health monitor to do this check http get google.com through proxyserver:8080 etc.

 

Which monitor type would achieve this kind of check?

 

 

 

Any of you have experienced with this F5 Big IP and bluecoat proxy.

 

The main purpose of this is failover of both proxies and 2 ISP links at each data center.

 

How do you guys have failover of 2 ISP link at different data center.

 

Link controller is not an option here since 2 ISP link is at separate data center.

 

9 Replies

  • I have got a Big IP LTM LTM loadbalancing 2 Bluecoat proxy device using icmp ping health check but I want to go beyond this like check the health of Internet access through Bluecoat device.What kind of health check do I use at node level.is transparent http health monitor usable?

     

     

    Transparent: When an alternate Destination is specified and the Transparent option is selected, the monitor traffic will be sent to the alternate L3 destination via the pool member's L2 address . Useful for verifying gateways and proxies. (Pool member must be able to forward traffic as expected.)Health Monitor

     

    https://devcentral.f5.com/wiki/advdesignconfig.HealthMonitor.ashx
  • Thanks for the guidance mate.

     

    I did create the http monitor as in attached screenshot. 192.168.5.15 is one of the proxy with port 8080.\

     

    send string : GET / HTTP/1.1\r\nHost: news.com.au\r\nConnection: Close\r\n\r\n

     

     

    Trasparent:yes

     

    alias address 192.168.5.8 (proxy1)

     

    port 8080

     

    LTM doesnt allow me to assign this monitor to the proxy node 192.168.5.15.

     

    I can assign this to proxy pool . how would this work?

     

    I want to monitor this http check for both proxies.does that mean I need another monitor with transparent another proxy node

     

    This is confusing me.

     

     

    My setup is :

     

    LTM vip 192.168.5.5

     

    proxy1(isp1) node: 192.168.5.8

     

    proxy2 (isp2)node: 192.168.6.9

     

    proxy pool has above 2 nodes.

     

     

     

  • sorry i misunderstood. you do not need transparent monitor.

    this is my testing. 200.200.200.101:3128 is squid.

    [root@ve10:Active] config  b pool foo list
    pool foo {
       monitor all mygoogle
       members 200.200.200.101:3128 {}
    }
    [root@ve10:Active] config  b monitor mygoogle list
    monitor mygoogle {
       defaults from http
       recv "200 OK"
       send "HEAD / HTTP/1.1\r\nHost: www.google.com.sg\r\nConnection: Close\r\n\r\n"
    }
    
     pool member status
    
    [root@ve10:Active] config  b pool foo
    POOL foo  LB METHOD round robin   MIN/CUR ACTIVE MEMBERS 0/1
    |     (cur, max, limit, tot) = (0, 0, 0, 0)
    |     (pkts,bits) in = (0, 0), out = (0, 0)
    +-> POOL MEMBER foo/200.200.200.101:3128   active,up
        |     session enabled    priority 0    ratio 1
        |     (cur, max, limit, tot) = (0, 0, 0, 0)
        |     (pkts,bits) in = (0, 0), out = (0, 0)
        |     requests (total) = 0
    
     tcpdump
    
    [root@ve10:Active] config  ssldump -Aed -nni 0.0 port 3128
    New TCP connection 1: 200.200.200.10(48497) <-> 200.200.200.101(3128)
    1362040206.9071 (0.0014)  C>S
    ---------------------------------------------------------------
    HEAD / HTTP/1.1
    Host: www.google.com.sg
    Connection: Close
    
    ---------------------------------------------------------------
    
    1362040206.9564 (0.0493)  S>C
    ---------------------------------------------------------------
    HTTP/1.0 200 OK
    Date: Thu, 28 Feb 2013 08:40:32 GMT
    Expires: -1
    Cache-Control: private, max-age=0
    Content-Type: text/html; charset=ISO-8859-1
    Set-Cookie: PREF=ID=bff4b113de26d0d2:FF=0:TM=1362040832:LM=1362040832:S=tuWmYzI4GaCIWAj7; expires=Sat, 28-Feb-2015 08:40:32 GMT; path=/; domain=.google.com.sg
    Set-Cookie: NID=67=Vk_ZGP-e7XtjRuo0dUrE0MnmrlJgfHQeNaSL-tyRNuoTqdBydLNE0q3rhvLs4jCP6mFTvGfGhdaU84q_ESRteAq6QKQDX9Bou9FwKE4vZmavYalZBXf4nB77tV3w49JK; expires=Fri, 30-Aug-2013 08:40:32 GMT; path=/; domain=.google.com.sg; HttpOnly
    P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
    Server: gws
    X-XSS-Protection: 1; mode=block
    X-Frame-Options: SAMEORIGIN
    X-Cache: MISS from proxy.acme.com
    X-Cache-Lookup: MISS from proxy.acme.com:3128
    Via: 1.0 proxy.acme.com:3128 (squid/2.6.STABLE21)
    Connection: close
    
    ---------------------------------------------------------------
    
    1    1362040206.9565 (0.0000)  S>C  TCP FIN
    1    1362040206.9574 (0.0009)  C>S  TCP FIN
    
  • Hi Nitass,

     

    I am not quite familiar with big ip command line .what do I need to make this happen through GUI? The testing that you have above is not clear to me?
  • this is put in send string.

     

    HEAD / HTTP/1.1\r\nHost: www.google.com.sg\r\nConnection: Close\r\n\r\n

     

     

    this is put in receive string.

     

    200 OK
  • Let's pool member (Bluecoat) send GET to check ISP link while Load balancing with Round robin. so if proxy1 can't receive string "200 OK" , BIG-IP won't send traffic to that box (that link) , Am I correct?
  • Let's pool member (Bluecoat) send GET to check ISP link while Load balancing with Round robin. so if proxy1 can't receive string "200 OK" , BIG-IP won't send traffic to that box (that link) , Am I correct?bigip sends GET request for website in Internet (e.g. www.google.com.sg) to proxy (e.g. squid). if proxy can get 200 OK response, bigip will mark the proxy up.