03-26-2010 07:14 AM
Using the ACE 4710 for loadbalancing a Sharepoint site.
We currently have a HTTP probe setup to check the port 80 status of the rserver.
Is there anyway to get the HTTP probe to check a DNS entry for each of the application sites? For instance http://info vs http://site are two different web sites running on the same IP. One site could have a problem but the actual port 80 for the IP may be still alive.
Thanks for any information.
03-26-2010 10:31 AM
Hi Andy
If you have a single web server hosting multiple sites where the
individual web sites are differentiated by the "Host" header in the HTTP
requests. In order to probe these types of sites, it is necessary to
specify this header, using the "header" command, eg.
*******************************************
Here is an example
probe http Site
request method head url /url1.html
expect status 200 200
header Host header-value "info.com"
interval 15
open 1
probe http Info
request method head url /index.html
expect status 200 200
header Host header-value "site.com"
interval 15
open 1
rserver host Sharepoint
ip address 172.16.35.11
inservice
serverfarm host Site
rserver Sharepoint
probe Site
inservice
serverfarm host Info
rserver Sharepoint
probe Info
inservice
**************************************
In the above example, a regular HTTP HEAD will be sent to the Sharepoint service
specifying the Host header as info.com and site.com
Hope this helps.
___ ___
Pablo
Cisco TAC
06-01-2010 07:30 AM
Hello,
I'm trying to do exactly the same thing using Host header values. I've setup a test probe and serverfarm to experiment with this. However, I'm finding that it doesn't seem to matter what you put in the header value because it always returns a positive response.
Here are the correct settings:
probe http prb-heartbeat.php-TEST
port 80
interval 10
passdetect interval 10
request method get url /heartbeat.php
expect status 200 200
header Host header-value "noreservationsapp.com"
serverfarm host sf-10.2.130.197-TEST
probe prb-heartbeat.php-TEST
rserver rs-10.2.224.75
inservice
rserver rs-10.2.224.76
inservice
I get this:
LB-7273-WA1/LB-D01-WA# sh probe prb-heartbeat.php-TEST
probe : prb-heartbeat.php-TEST
type : HTTP
state : ACTIVE
----------------------------------------------
port : 80 address : 0.0.0.0 addr type : -
interval : 10 pass intvl : 10 pass count : 3
fail count: 3 recv timeout: 10
------------------ probe results ------------------
associations ip-address port porttype probes failed passed health
------------ ---------------+-----+--------+--------+--------+--------+------
serverfarm : sf-10.2.130.197-TEST
real : rs-10.2.224.75[0]
10.2.224.75 80 PROBE 231 90 141 SUCCESS
real : rs-10.2.224.76[0]
10.2.224.76 80 PROBE 231 90 141 SUCCESS
If I change the header value to "bark" or anything else, it still passes! Is this a bug? Or am I doing missing something?
Thanks,
Gabe
06-02-2010 03:47 PM
Has anyone figure this out? I am tring to get healthchecks/probes setup in this same fashion. I have 2 servers with 1 IP but have many sites. I want to probe each side and ensure I get a 200 code. I also have to provide credentials to the site. It seems that if i open IE I can log in just fine to the site with the credentials. However there is an active x control box that is wanting to be installed. When I set this up on my ACE it seems I am getting a http 401 unauthorized error. I have done a wireshark capture while I was browsing and I see the 401 however it also reports a 200 code after that. Do you think this is a problem because of the active x control wanting to be downloaded? Or is this an issue with the first http code that is recieved by the probe, that being the 401 and then the 200? Below is my config (cleaned of course).
probe http HTTP-80-OUR.DOMAIN.COM
interval 15
passdetect interval 60
credentials
request method get url http://our.domain.com/default.aspx
expect status 200 200
header Host header-value "our.domain.com"
open 1
rserver host SERVER-A
ip address X.X.X.47
inservice
rserver host SERVER-B
ip address X.X.X.48
inservice
serverfarm host FARM-AB
predictor leastconns
probe HTTP-80-OUR.DOMAIN.COM
rserver SERVER-A
inservice
rserver SERVER-B
inservice
ACE4710# show probe HTTP-80-OUR.DOMAIN.COM detail
probe : HTTP-80-OUR.DOMAIN.COM
type : HTTP
state : ACTIVE
description :
----------------------------------------------
port : 80 address : 0.0.0.0 addr type : -
interval : 15 pass intvl : 60 pass count : 3
fail count: 3 recv timeout: 10
http method : GET
http url : http://our.domain.com
conn termination : GRACEFUL
expect offset : 0 , open timeout : 1
expect regex : -
send data : -
------------------ probe results ------------------
associations ip-address port porttype probes failed passed health
------------ ---------------+-----+--------+--------+--------+--------+------
serverfarm : OUR.DOMAIN.COM-10.25.4.12-L3-FARM
real : SERVER-A[0]
X.X.X.47 80 DEFAULT 414 406 8 FAILED
Socket state : CLOSED
No. Passed states : 1 No. Failed states : 2
No. Probes skipped : 0 Last status code : 401
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : Received invalid status code
Last probe time : Wed Jun 2 17:44:18 2010
Last fail time : Wed Jun 2 13:37:04 2010
Last active time : Wed Jun 2 13:34:19 2010
real : SERVER-B[0]
X.X.X.48 80 DEFAULT 414 406 8 FAILED
Socket state : CLOSED
No. Passed states : 1 No. Failed states : 2
No. Probes skipped : 0 Last status code : 401
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : Received invalid status code
Last probe time : Wed Jun 2 17:44:20 2010
Last fail time : Wed Jun 2 13:37:06 2010
Last active time : Wed Jun 2 13:34:21 2010
06-05-2010 02:25 PM
ACE probes support only Basic authentication but not Integrated Windows Authentication. Look into the captured 401 packet and search for WWW-Authenticate header. If you see only Negotiate or NTLM then your web server does not allow Basic authentication.
06-07-2010 12:22 AM
You absolutely can't get 2 responses (401 and then 200) to a single request.
Therefore, I can't help you unless you show us the sniffer trace so we can really see what is going on.
Gilles.
06-05-2010 02:14 PM
I guess your server accepts any Host header. Try to restrict that. It can easily be tested with a PC if you add the 'bank' hostname to the hosts file then point your browser to http://bank
06-07-2010 04:53 AM
Hello all,
I determined that our problem was a web server configuration issue. It was set to accept all headers, with undefined headers going to the root. It just so happens the probe file resides there as well, which explains the positive 200 response.
Thanks,
GM
06-07-2010 09:46 AM
I opened a TAC case on this and found that the ACE only supports basic authentication. I spoke with the sharepoint admin and found out that it was using NTLM. After doing some more thinking on this we decided to change our probes to expect a 401 code instead of a 200 code. This would still tell us that Share Point is functional or not. When the probe runs it will run as anonymous and Sharepoint will deliver the 401 error. However if sharepoint is having problems and cant display pagers it would deliver a 404 error or no code at all which would take the rserver out of rotation in both events.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide