cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Pool down even Node is up

Koalan
Cirrus
Cirrus

Hi,

 

I don't know if this how F5 behaves, but we have a pool have a health monitor of gateway_icmp and pool members are using port 443:

 

ltm pool FEMA_WFO_POOL {

  description FEMA_WFO_POOL_HTTPS

  members {

    USDEN-WFMFEMA3:https {

      address 170.65.231.131

      monitor FEMA_https 

      session monitor-enabled

      state down

    }

    USDEN-WFMFEMA4:https {

      address 170.65.231.132

      monitor FEMA_https 

      session monitor-enabled

      state down

    }

    USDEN-WFMFEMA5:https {

      address 170.65.231.133

      monitor FEMA_https 

      session monitor-enabled

      state down

    }

  }

  monitor gateway_icmp 

}

 

As you can see it uses gateway_icmp but the port is 443. Port 443 is down on the servers as per my telnet test. But I don't know why it is being marked down by the monitor, it is not a tcp monitor but gateway_icmp (which i believe it doesnt care of the port - only ping)

 

 

Here is the nodes (gateway_icmp) healtcheck too:

 

ltm node USDEN-WFMFEMA3 {

  address 170.65.231.131

  description USDEN-WFMFEMA3

  session monitor-enabled

  state up

}

 

ltm node USDEN-WFMFEMA4 {

  address 170.65.231.132

  description USDEN-WFMFEMA4

  session monitor-enabled

  state up

}

 

ltm node USDEN-WFMFEMA5 {

  address 170.65.231.133

  description USDEN-WFMFEMA5

  session monitor-enabled

  state up

 

It is up. So what's happening here? or what should i change? Is this a bug?

 

I already tried removing the gateway_icmp then adding it again, but same status.

 

1 ACCEPTED SOLUTION

Also to add to what Claudio said, why would put 2 monitor. May be it was there before and you have missed to notice. You are going with pool member specific monitor, which means the pool monitor would be over-riden by the pool member specific monitors.

 

Please correct your infra.

View solution in original post

5 REPLIES 5

cjunior
Nacreous
Nacreous

Hello,

 

You have a gateway_icmp to monitor to pool members, but, there is a specific monitor on each member that sounds to me a HTTPS port monitor.

Isn't the "FEMA_https" a 443 port monitor, that you've checked is really closed on server?

 

Regards.

Also to add to what Claudio said, why would put 2 monitor. May be it was there before and you have missed to notice. You are going with pool member specific monitor, which means the pool monitor would be over-riden by the pool member specific monitors.

 

Please correct your infra.

oh i didnt see that FEMA_HTTPS, i will check it. Thanks!

I removed it already. I didnt knew you can do that per pool member, which is different for the default health monitor for all the members inside a pool

 

and yeah, i am managing these old created VIPs, and I didnt noticed it. Thank you guys!

Glad to hear you found your solution. Pls mark the thread as solution provided.

See ya around.​