Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Health Probes


My health probes are configured as following:

probe UDP-MONITOR udp

recover 3

interval 5

failed 5


probe TCP-MONITOR tcp

recover 3

interval 5

failed 5

I assigned them to the serverfarms and the UDP and TCP ports are inherited from the vserver cofnig. However, the servers taken these probes as real traffic.

I've used F5 LB in the past and their probes/health monitors indicate that the packets are for monitoring purpose only, but CSM probes dont do that. Please take a look at the .pcap files for both F5 and CSM probes. Note the keyword "monitor" in the F5 probes but none in Cisco.

Is there any way of making CSM send it's probes as "monitor" and not as real packet?



Cisco Employee

Re: Health Probes

Let me first say that in both cases this is real traffic.

Your server may have been configured to ignore udp frames containing the word 'monitor' but I could not find anywhere on the web a document that would say this is a common practice.

I assume F5 just decided to put some text in the udp frame, while Cisco opted for the all null characters.

Both frames are considered illegal/malformed by sniffer tools.

If you find a document that explains the F5 behavior as being a standard, please forward it to me so I can use it to try to have this function added.

Now, if you really want Cisco to behave like F5, you can do it through the use of script probes.

it should look something like this :

set ip $csm_env(realIP)

set port $csm_env(realPort)

set msg "monitor"

set handle [udp connect $ip $port]

udp send $handle $msg

set response [ udp receive $handle ]

Now, I'm not sure what kind of response you expect from the server here, so I can't finish the script.

Hope this helps.


New Member

Re: Health Probes

Giles - Thanks for your reply. It has give me something to play with. However, in F5 there is an option to set "string" in the monitor configuration. So a command option to do that for probes in CSM/ACE would certainly help.

Moreover, f5 probes actually look like a proper "protocol" message. For example, a probe for port 1813 would be an actually RADIUS message (as seen in the pcap attached before). But Cisco's health probes are just plain tcp or udp messages sent to the port. Is there any way to force CSM/ACE to send "protocol-like" probes?

Thanks in advance!


Cisco Employee

Re: Health Probes


the F5 packet/probe absolutely does not look like radius. Actually because the content ofthe frame is non-null [string is "monitor"] the sniffer tool tries to decode it based on the dst port - the 'M' has ascii code 0x4d which the sniffer tool will use as code (77) which is unknown.

I will introduce a feature request to have a string added to the udp packet, but there is no guarantee it will be accepted.

Currently, your only option is the script.