22-May-2023 09:09
Hi,
The team is looking to set up a WIP to provide DNS failover for some external sites. These sites are not behind our LTMs in the iQuery mesh. We just want to peform a simple health check that determines whether the external site is up.
Anyone have any experience with this? I am able to curl to the websites just fine from the GTM devices.
22-May-2023 09:39
@JustCooLpOOLe If you can reach it you can perform a health check to it. You should be able to configure this as a generic host with no health monitor and then at the pool level you would use a health monitor for the respective website that will return the information you would like to have to classify the site as working.
22-May-2023 10:33
Thanks @paulj !
We have that configuration but still shows down even though I can successfully curl to the site from our GTM. We're looking into the prober pool configuration and routing to determine the source of the health check.
22-May-2023 11:03
@JustCooLpOOLe You might take this opportunity on the GTM to perform a tcpdump to see what you are receiving back from the destination. The following should be a close enough syntax and you can change the port if it's HTTPS rather than HTTP.
tcpdump -nni 0.0:nnp host <gtm_ip> and host <destination_IP> and port 80
It is common that sometimes a curl will function slightly different than the health monitor. A good example of this is I was able to perform a curl from my lab LTM to my lab apache server and the response was the one I expected but when I did a very similar request using the health monitor it would fail because the server said it was not able to find the destination that I requested. I ended up having to add in an entry that allowed the server to respond to any request to itself on 80 which I later narrowed it down once I came up with a lab root domain to use.
22-May-2023 11:08
Yeah, we're running tcpdumps now to see what's happening. I'll update the thread if we find out what's going on.
23-May-2023 21:03
Also be cognizant that F5 health checks don't follow redirects. So, any health check should be for the final URL. A health check only passes if a 200 status code is received, so if you receive a redirect or auth required, you may have issues without using the final URL or setting up authentication for the monitor.