ACE HTTP probe hash md5 value

Answered Question
Oct 25th, 2007

Hi,

We would like to see the hash value calculated by the ACE when the HTTP probe hash command configured.

This is possible on CSS via the "sh service" command. We have tried to get it from sh rserver , sh probe XXX detail sh serverfarm XXX det but we do not get it.

Is this possible to get it on the ACE as we do on the CSS?

--

We need this to manually configure it via the hash <value> command because if the ACE probe is reseted for any reason, the probe http hash will be re-calculated based on the first http response of the server and we can not predict that the server will give the expected web page at this time.

--

A // question is: on what the md5 value is calculated? HTTP header + payload or only http object payload? We have calculated the md5 hash value by ourselves but the probe is still failing whatever the http portion used for the calculation is.

--

Many thanks for your help.

Regards/ludovic.

I have this problem too.
0 votes
Correct Answer by Gilles Dufour about 9 years 1 month ago

probe http MD5-HTTP

interval 15

passdetect interval 15

request method get url /index.html

expect status 200 200

hash 2441DA7F68A265F8CFB4426B6897CE33

And here is how I computed the hash on the server itself [linux machine]

md5sum /var/www/HTML/index.html

2441da7f68a265f8cfb4426b6897ce33 /var/www/HTML/index.html

[[email protected]-1 tftpboot]#

The probe is UP

switch/Admin# sho probe MD5-HTTP detail

probe : MD5-HTTP

type : HTTP

state : ACTIVE

description :

----------------------------------------------

port : 80 address : 0.0.0.0 addr type : -

interval : 15 pass intvl : 15 pass count : 3

fail count: 3 recv timeout: 10

http method : GET

http url : /index.html

Hash-value : 2441da7f68a265f8cfb4426b6897ce33

conn termination : GRACEFUL

expect offset : 0 , open timeout : 10

expect regex : -

send data : -

--------------------- probe results --------------------

probe association probed-address probes failed passed health

------------------- ---------------+----------+----------+----------+-------

serverfarm : linux1

real : linux1[0]

192.168.30.27 13 4 9 SUCCESS

md5sum is a standard tool.

Nothing fancy about it.

Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Gilles Dufour Thu, 10/25/2007 - 05:21

there is not way to see the hash currently.

It will be possible with the next generation software A2.0

But why do you want to configure a hash yourself ??

If you do not specify a hash value, ACE will compute one for you with the first probe attempt and will use it as a reference.

The md5 applies only to the HTTP content - no header.

Gilles.

loudo Thu, 10/25/2007 - 07:13

Hi Gilles, Thanks for your update.

We would like to set it because the server application generates a OK web pages when it has checked all the internal processes and a NOK web page when at leats one process is failing.

--

If we use just the hash command (without the value) and if the probe is reseted for any reason, it will request the web page and make the hash based on the server response and will compare the next http page it gets from the server with this hash.

If the server sends back the NOK page during the probe first attempt, the hash will be based on this web page and not on the OK web page. This will make the probe state to be success and then failed if the web sends back the OK web page.

--

We needs the hash value of the OK web page to ensure the probe state is success when OK web page is sent back by the server to the ACE probe.

--

We tested to calculate the md5 hash value of a HTTP data (data length = Content-length parameter in http header) and put is as the value of the hash command. but the probe was still failing.

Is there any special calculation method used by the ace: i mean not only http data.

Many thanks. Regards/Ludovic.

loudo Fri, 10/26/2007 - 00:21

Hi, If we do not succeed in calculating the expected (by the ACE) hash value, we need to upgrade to 2.0. Do you know when this release could be available?

Many thanks.

Regards/Ludovic.

cajalat Fri, 10/26/2007 - 04:34

I'm doing something similar to what you're doing where I check a bunch of processes and return "SUCCESS" when all processes I'm concerned about are running correctly and I return "FAILED" when some of my processes do not pass testing. In either case the page returned is error code 200 (valid page). So in my case I check for a string value of SUCCESS and anything else is considered a failure. So I suppose in your case you would have to change the string value since OK is a substring of NOK.

One thing I haven't tested is a scripted probe. If you take a look at the example HTTP probe (you can download from Cisco) you can see where they use regular expressions to parse server responses. You can easily modify the probe to ensure that you have OK and not NOK as a pass criteria.

Casey

Correct Answer
Gilles Dufour Fri, 10/26/2007 - 07:17

probe http MD5-HTTP

interval 15

passdetect interval 15

request method get url /index.html

expect status 200 200

hash 2441DA7F68A265F8CFB4426B6897CE33

And here is how I computed the hash on the server itself [linux machine]

md5sum /var/www/HTML/index.html

2441da7f68a265f8cfb4426b6897ce33 /var/www/HTML/index.html

[[email protected]-1 tftpboot]#

The probe is UP

switch/Admin# sho probe MD5-HTTP detail

probe : MD5-HTTP

type : HTTP

state : ACTIVE

description :

----------------------------------------------

port : 80 address : 0.0.0.0 addr type : -

interval : 15 pass intvl : 15 pass count : 3

fail count: 3 recv timeout: 10

http method : GET

http url : /index.html

Hash-value : 2441da7f68a265f8cfb4426b6897ce33

conn termination : GRACEFUL

expect offset : 0 , open timeout : 10

expect regex : -

send data : -

--------------------- probe results --------------------

probe association probed-address probes failed passed health

------------------- ---------------+----------+----------+----------+-------

serverfarm : linux1

real : linux1[0]

192.168.30.27 13 4 9 SUCCESS

md5sum is a standard tool.

Nothing fancy about it.

Gilles.

loudo Fri, 10/26/2007 - 07:23

Many thanks Gilles. We were calculating the hash based on http data captured via wireshark...

Last question: Do you know the expected availability date for the A2.0 code?

--

Regards/Ludovic.

Actions

This Discussion