cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
457
Views
4
Helpful
3
Replies

Health Probes

kasiddiq
Level 1
Level 1

Group,

My health probes are configured as following:

probe UDP-MONITOR udp

recover 3

interval 5

failed 5

!

probe TCP-MONITOR tcp

recover 3

interval 5

failed 5

I assigned them to the serverfarms and the UDP and TCP ports are inherited from the vserver cofnig. However, the servers taken these probes as real traffic.

I've used F5 LB in the past and their probes/health monitors indicate that the packets are for monitoring purpose only, but CSM probes dont do that. Please take a look at the .pcap files for both F5 and CSM probes. Note the keyword "monitor" in the F5 probes but none in Cisco.

Is there any way of making CSM send it's probes as "monitor" and not as real packet?

Regards,

Kash

3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

Let me first say that in both cases this is real traffic.

Your server may have been configured to ignore udp frames containing the word 'monitor' but I could not find anywhere on the web a document that would say this is a common practice.

I assume F5 just decided to put some text in the udp frame, while Cisco opted for the all null characters.

Both frames are considered illegal/malformed by sniffer tools.

If you find a document that explains the F5 behavior as being a standard, please forward it to me so I can use it to try to have this function added.

Now, if you really want Cisco to behave like F5, you can do it through the use of script probes.

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.1.x/configuration/guide/scriptg.html#wp1052360

it should look something like this :

set ip $csm_env(realIP)

set port $csm_env(realPort)

set msg "monitor"

set handle [udp connect $ip $port]

udp send $handle $msg

set response [ udp receive $handle ]

Now, I'm not sure what kind of response you expect from the server here, so I can't finish the script.

Hope this helps.

Gilles.

Giles - Thanks for your reply. It has give me something to play with. However, in F5 there is an option to set "string" in the monitor configuration. So a command option to do that for probes in CSM/ACE would certainly help.

Moreover, f5 probes actually look like a proper "protocol" message. For example, a probe for port 1813 would be an actually RADIUS message (as seen in the pcap attached before). But Cisco's health probes are just plain tcp or udp messages sent to the port. Is there any way to force CSM/ACE to send "protocol-like" probes?

Thanks in advance!

Kashif

Kashif,

the F5 packet/probe absolutely does not look like radius. Actually because the content ofthe frame is non-null [string is "monitor"] the sniffer tool tries to decode it based on the dst port - the 'M' has ascii code 0x4d which the sniffer tool will use as code (77) which is unknown.

I will introduce a feature request to have a string added to the udp packet, but there is no guarantee it will be accepted.

Currently, your only option is the script.

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: