Configuration CSS perform GET in Servers that provide output SSL (HTTPS)

jrmalmeida · ‎03-23-2009

Running tests in CSS production for deployment of the Implementation Monitoring Layer 7. Using HTTP KeepAlive Method.

What happens is when you use the servers of a specific network, these servers WebServer (IIS) that uses a feature only in the output SSL, HTTPS (443) on your configuration does not understand the call of the CSS through the GET method.

We need to know is if there is any specific configuration to be used in CSS for that can perform GET on servers that only provide output SSL (HTTPS).

Configuration:

CSS-xyz# sh keepalive Monitora-pagina-BKL

Name: Monitora-pagina-BKL Index: 171 State: Alive

Description:

Address: xx.xx.xx.64 Port: 80

Type: <A HREF="javascript:newWin('HTTP:GET:https://xx.xx.xx.64/ok.htm')">HTTP:GET:https://xx.xx.xx.64/ok.htm</A>

Append Port Hosttag: Disabled

Hash: bced998ac204154483c8a8959258e605

Encryption: Disabled

Frequency: 5

Max Failures: 3

Retry Frequency: 5

Dependent Services:

testeBKL

CSS-xyz#

Name: testeBKL Index: 172

Type: Local State: Alive

Rule ( xx.xx.xx.64 ANY ANY )

Session Redundancy: Disabled

Redirect Domain:

Redirect String:

Keepalive: Monitora-pagina-BKL

Keepalive Encryption: Disabled

Last Clearing of Stats Counters: 03/11/2009 18:10:08

Mtu: 1500 State Transitions: 12

Total Local Connections: 0 Total Backup Connections: 0

Current Local Connections: 0 Current Backup Connections: 0

Total Connections: 0 Max Connections: 65534

Total Reused Conns: 0 Weight Reporting: None

Weight: 1 Load: 2

CSS-xyz#

______________________________________________________________________

!************************* KEEPALIVE *************************

keepalive Monitora-pagina-BKL

ip address xx.xx.xx.64

method get

uri "https://xx.xx.xx.64/ok.htm"

port 80

type http

active

service testeBKL

ip address xx.xx.xx.64

keepalive type named Monitora-pagina-BKL

active

tstanik · ‎03-27-2009

The CSS uses the SSL module and a special set of SSL commands to perform the SSL cryptographic functions between the client and the HTTP servers. The SSL functions include user authentication, private-key and public-key generation, certificate management, and data packet encryption and decryption.

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.20/configuration/advanced/guide/SSL.html

jrmalmeida · ‎03-30-2009

Thank's tstanil!

I will examine the documentation.

sachinga.hcl · ‎04-08-2009

Hi Jose Roberto Martins de Almeida,

The HEAD keepalive is used for dynamic content and the GET keepalive is used for static content.

When an HTTP GET keepalive is used, the CSS 11000 expects not only to see the 200 Status OK in the response packet, but it will also run a checksum on the entity body. The first time the CSS 11000 goes out to query, the server will run a checksum on the entity body and store that hash value for future queries. If future responses pass back a 200 Status OK and the hash value that is calculated is different from the stored value, then the service is considered down. If the 200 Staus OK is not returned, or if the 200 OK status is returned but the hash value is different from the reference hash value, the CSS 11000 considers the service down."

The CSS issues an HTTP GET method to the service, computes a hash value on the page, and stores the hash value as a reference hash. Subsequent GETs require a 200 OK status (HTTP command completed OK response) and the hash value to equal the reference hash value. If the 200 OK status is not returned, or if the 200 OK status is returned but the hash value is different from the reference hash value, the CSS considers the service down. When you specify the content information of an HTTP Uniform Resource Identifier (URI) for an HTTP keepalive, the CSS calculates a hash

value for the content. If the content information changes, the hash value no longer matches the original hash value and the CSS assumes that the service is down.

To prevent the CSS from assuming

that a service is down due to a hash value mismatch, specify the keepalive method as HEAD.

Method HEAD (default) The CSS issues an HTTP-HEAD method to the service and a 200 OK status is required. The CSS does not compute a reference hash value for this type of keepalive. If the

200 OK status is not returned, the CSS considers the service down.

If you change the keepalive method on an active service, make sure that you suspend and reactivate the service for the change to take effect.

When you specify a Uniform Resource Identifier (?) (URI) for an HTTP keepalive, the CSS calculates a hash

value for the Web page specified in the URI. If the Web page changes, the hash value no longer matches the

original hash value and the CSS assumes that the service is dead. To prevent the CSS from assuming that a

service is dead due to a hash value mismatch, define keepalive method as head. The CSS does not compute a

hash value for this type of keepalive.

If you specify the URI of a Web page with changeable content and do not specify the head keepalive method,

you must suspend and reactivate the service each time the Web page changes.

Note: The keepalive URI points to a piece of content on the website. This can be a simple page that says the word hello, or it can be any dynamic page you choose. If this page becomes unavailable, then the CSS will mark that server as down and redirect traffic to the other server where the keepalive URI is successful. The HEAD keepalive is used for dynamic content and the GET keepalive is used for static content. The GET keepalive has a tendency to fail when used against ColdFusion content, even when it is used to probe very simple dynamic content. The HEAD keepalive is a reliable means of monitoring the health and availability of a applications like coldfusion.

Regards, Sachin