health monitor source IP address
Hi there, Has somebody ever tried to change the source IP address for the LTM health monitor? To work around a specific design in the network I do not want to use the egress interface local self IP address which is used by default. Regards, DanphilSolved163Views0likes2CommentsBIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member
Good day, everyone! Within the LTM platform, if a Pool is configured with "Min 1 of" with multiple monitors, you can check the status per monitor viatmsh show ltm monitor <name>, or you can click the Pool member in the TMUI and it will show you the status of each monitor for that member. I cannot seem to locate a similar function on the GTM/BIG-IP DNS platform. We'd typically use this methodology when transitioning to a new type of monitor, where we can passively test connectivity without the potential for impact prior to removing the previous monitor. Does anyone have a way through tmsh or the TMUI where you can check an individual pool member's status against the multiple monitors configured for its pool? Thanks, all!146Views0likes2Commentsprober pool Round Robin with multi health monitors and with multi prober pool members
I have a question about The GTM monitors and prober pools: In my case, I have three datacenters, three gtm(one in each DC), and one prober pool, the prober pool include all three GTM, and the prober pool was set to use Round Robin. And two vs, vs1 and vs2 in different DC, each vs was configured two health monitors(each monitor with different porbe interval, eg. vs1's monitors have interval 5s and 7s, vs2's monitors have interval 9s and 11s). so, my questions is, how does the porber pool Round Robin work? Looking forward to your help, thank you.295Views0likes2CommentsSNMP DCA based node monitor
Hi, I am trying to implement SNMP based monitoring on node, i am getting current CPU utilization. When it reaches the threshold, node status is not getting into down state. Did i missed anything on configuration? Example : CPU threshold 5%, SNMP trap result is 24%. still node is not going down. SNMP LOG: SNMP output: snmpwalk -c public -v 2c 1xx.xx4.1x.1xx .1.3.6.1.2.1.25.3.3.1.2 HOST-RESOURCES-MIB::hrProcessorLoad.2 = INTEGER: 12 HOST-RESOURCES-MIB::hrProcessorLoad.3 = INTEGER: 25 HOST-RESOURCES-MIB::hrProcessorLoad.4 = INTEGER: 7 HOST-RESOURCES-MIB::hrProcessorLoad.5 = INTEGER: 27 HOST-RESOURCES-MIB::hrProcessorLoad.6 = INTEGER: 8 HOST-RESOURCES-MIB::hrProcessorLoad.7 = INTEGER: 6 Any help or a point in the right direction would be wonderful! Thanks!482Views0likes3CommentsNeed help in send and receive string set up for F5 ECV monitor when response is in json format
Hi Team, I am trying to set up monitoring for F5 load balancer pool. I am using below send and receive string however it does not work. It always shows status as RED even if server is UP. Send string : GET /actuator/health HTTP/1.1\r\n -H Host:<host> recv string :\"UP\" https://<url>/actuator/healthis used for health check which returns response in json format as below. {"status":"UP","groups":["liveness","readiness"]} Could you please help what should be the correct recv string which we should set up so that monitoring works.1.4KViews0likes3CommentsPoll members not stable after failover
Hi, Our setup: - two vcmp guests in HA (viprion with two blades) - ~10 partitions - simple configuration with LTM, AFM. nodes directly connected to f5 device (f5 device is default gw for nodes). - sw 16.1.3.3, after upgrade 16.1.4 ^^ this setup in two data centers. We are hitting interesting behaviour in first data center only: - second f5 guest is active: pool members monitors (http and https) respond without problem. everything is stable. this is valid for both f5 devices in HA. - after failover (first f5 guest is active): pool members response is not stable (not stable for https monitor, http is stable again). sometimes are all pool members down, then virtual server is going down. ^^ it looks like a problem on node side, but it's not, because when second f5 device is active, everything is stable. This issue is hitting almost all partitions. We checked: - physical interface: everything is stable, no error on ports, ether-channels (trunks). - arp records: everything looks correct, no mac flapping - spanning tree: stable in environment - routing: correct, default gw on node side: correct, subnet mask: correct on nodes and both f5 devices. floating addresses is working correctly (including arp in network) - log on f5 devices: without any issue connected to this behaviour. I don't know what else connected to this issue we can check. Configuration for all f5 devices (2x dc1, 2x dc2 - two independed ha pairs) is the same (configured with automation), sw version is the same (we did upgrade to 16.1.4 two days ago). It looks that someting is "blocked" on first f5 device in dc1 (reboot or upgrade is not solving our issue). Do you have any idea what else to check?719Views0likes2CommentsLDAPS Monitor with Certificate Expiration
Hi Team, I have been working with my AD team trying to resolve a problem where they forget to update a Domain Controller certificate and it expires and ADLDAPS queries fail since they dont bind to expired certificates. They have requested to see if we can drop a member out of the pool if the certificate is expired ( ie, not a valid SSL cert ) I have been messing with the LDAP Health monitor, turning on the Security settings, but I dont believe this would actually check that a certificate is valid or not. I know with server side SSL configuration you can enable SSL authentication but would just stop traffic from flow, not actually drop a member out of the pool. Any ideas ?698Views0likes4CommentsErro monitors F5 Big IP APM
Hey guys. I'm experiencing a problem with the Monitors in my environment. I'm on Version 16.1.3 using APM. The Monitors settings seem OK but when we have some fluctuation in the network, the monitors go down and do not go up automatically. It requires me to manually make a change to its configuration (such as switching from HTTP to icmp) This brings a very big impact because we have hundreds of POOL and NODES in the Environment. If anyone has gone through something similar and can share the solution we will be grateful.576Views0likes7CommentsExternal Monitor + cURL + TFTP + Route Domains
Hi, I'm trying to do a external monitor to check if a tftp server is alive. During the development of the external monitor in a LAB, without route domains all works fine. After applying in production with route domains it no longer works as expected. The basic of the external monitor is: curl --globoff --silent --max-time 5 -o /dev/null tftp://[10.xx.xx.180]:69/probef5 After a packet capture we see it is the LTM reply with a ICMP Port Unreachable Even using tftp command in bash, the firt time run as expected, second in a row, it fail with timeout [adm@LTM:/S1-green-P::Active:Changes Pending] run # rdexec 14 tftp -v 10.xx.xx.180 -c get probef5 Connected to 10.xx.xx.180 (10.xx.xx.180), port 69 getting from 10.xx.xx.180:probef5 to probef5 [netascii] Received 7 bytes in 0.0 seconds [1640 bit/s] [adm@LTM:/S1-green-P::Active:Changes Pending] run # rdexec 14 tftp -v 10.xx.xx.180 -c get probef5 Connected to 10.xx.xx.180 (10.xx.xx.180), port 69 getting from 10.xx.xx.180:probef5 to probef5 [netascii] Transfer timed out. Any help would be appreciated.403Views0likes0CommentsHTTP ERROR: Couldn't open socket connection to server http://....... prior to connect()
Hi Guys: There is a solution balancing links with two Big-IP 2000s Lik Controller, is working properly. The solution is working with the functionality of the Wide-IPs actually it has 11 wide-IPs and are working well, but there is one that is generating connectivity issues and presents a random error. Apparently this error occurs when large numbers of queries are made. -ERROR: wsdl error: Getting http://app.domain.com.pe/edi/sisws.asmx?wsdl - HTTP ERROR: Couldn't open socket connection to server http://app.domain.com.pe/edi/sisws.asmx?wsdl prior to connect(). This is often a problem looking up the host name. I describe the flow Connection of this web service that is having problems. The user searches the web delegated by the ISP CNAME to F5 The F5 responds with app.b.domain.com.pe (Wide-IP) and the user shows the website. The user enters the correct page and authenticates when you perform a query operation is when a patient presents random error lines shown above. -FLOW. app.domain.com.pe (ISP-CNAME) >>> app.b.domain.com.pe (F5) >>> vs_ISP1, vs_ISP2 >>> Pool_APP (1 member) I really do not know what would be happening, since the service worked fine before configure you as Wide-IP. That is, when only estab configured as virtual server only worked well, but when the wide-ips are set up to be swinging by two bonds (DNS resolution) start these problems. -Wide-IP gtm pool /Common/app.domain.com.pe { fallback-mode ratio load-balancing-mode least-connections members { /Common/LB1.domain.com.pe:/Common/vs_CLARO_APP { order 0 } /Common/LB1.domain.com.pe:/Common/vs_TdP_APP { order 1 } } } Note: I could see that in the wide-IP is configured TTL default (30 seconds). This could be causing me this error on page when making inquiries or information recorded on the website. I hope some of you can give me some support on this issue that has become critical. Regards. John733Views0likes1Comment