CSS11501 - UDP DNS Load balancing Monitoring the servers

Unanswered Question
Mar 4th, 2010

Hi all,

I am having a problem with our monitoring tool getting replies from the servers behinf the LB.

The servers are monitored by a different team and they issue a dig command to the server to monitor it but this fails as the return traffic is seen from the vip.

The traffic is DNS / UDP, I am using Static Groups. Is there anyway the LB can just "bridge" the traffic when the request is made to the real ip address of a box.

Looking at the documentaion on line, I would say that my topology is InLine with an L2 in the middle. The servers use the LB as gateway.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Thu, 03/04/2010 - 05:14

The problem is that the CSS consider UDP as unidirectional.

So when the response from the server comes, we don't try to match it to a known flow.

And with your "group" to perform nating of server traffic back to the vip address, all packets sent by the servers will be nated.

You could create an ACL to NOT NAT traffic sent to the monitoring station.

But then, those devices will not be able to monitor the vip ...since the response would not be nated.

Why don't they monitor the vip instead of the servers ?

The real servers should be hidden from the rest of the world.


fallegretti Thu, 03/04/2010 - 06:33

Thanks Giles.

They do monitor the VIP, but that's not enough for them, they want to be alerted if one of the boxes behind the VIP is not longer listening on that port.

Dees the device generate an SNMP trap if a probe fails and the servers is removed from the pull?

Gilles Dufour Fri, 03/05/2010 - 00:26

Yes, the CSS will generate log and traps when a service goes down :

For example:

JAN  1 00:00:56 5/1 189 NETMAN-2: Enterprise:Service  Transition:ded07-2(443) -> suspended
JAN  1 00:00:29 5/1 190 NETMAN-2: Enterprise:Service  Transition:ded07-2(443) -> down


fallegretti Fri, 03/05/2010 - 04:53

Thanks again Gilles.

I am assuming the information would be available by an snmp poll as well. Would you happen to know the oids I would need to get this information out?


This Discussion

Related Content