08-31-2007 08:00 AM
Group,
My health probes are configured as following:
probe UDP-MONITOR udp
recover 3
interval 5
failed 5
!
probe TCP-MONITOR tcp
recover 3
interval 5
failed 5
I assigned them to the serverfarms and the UDP and TCP ports are inherited from the vserver cofnig. However, the servers taken these probes as real traffic.
I've used F5 LB in the past and their probes/health monitors indicate that the packets are for monitoring purpose only, but CSM probes dont do that. Please take a look at the .pcap files for both F5 and CSM probes. Note the keyword "monitor" in the F5 probes but none in Cisco.
Is there any way of making CSM send it's probes as "monitor" and not as real packet?
Regards,
Kash
09-03-2007 12:08 AM
Let me first say that in both cases this is real traffic.
Your server may have been configured to ignore udp frames containing the word 'monitor' but I could not find anywhere on the web a document that would say this is a common practice.
I assume F5 just decided to put some text in the udp frame, while Cisco opted for the all null characters.
Both frames are considered illegal/malformed by sniffer tools.
If you find a document that explains the F5 behavior as being a standard, please forward it to me so I can use it to try to have this function added.
Now, if you really want Cisco to behave like F5, you can do it through the use of script probes.
it should look something like this :
set ip $csm_env(realIP)
set port $csm_env(realPort)
set msg "monitor"
set handle [udp connect $ip $port]
udp send $handle $msg
set response [ udp receive $handle ]
Now, I'm not sure what kind of response you expect from the server here, so I can't finish the script.
Hope this helps.
Gilles.
09-12-2007 11:48 AM
Giles - Thanks for your reply. It has give me something to play with. However, in F5 there is an option to set "string" in the monitor configuration. So a command option to do that for probes in CSM/ACE would certainly help.
Moreover, f5 probes actually look like a proper "protocol" message. For example, a probe for port 1813 would be an actually RADIUS message (as seen in the pcap attached before). But Cisco's health probes are just plain tcp or udp messages sent to the port. Is there any way to force CSM/ACE to send "protocol-like" probes?
Thanks in advance!
Kashif
09-12-2007 09:34 PM
Kashif,
the F5 packet/probe absolutely does not look like radius. Actually because the content ofthe frame is non-null [string is "monitor"] the sniffer tool tries to decode it based on the dst port - the 'M' has ascii code 0x4d which the sniffer tool will use as code (77) which is unknown.
I will introduce a feature request to have a string added to the udp packet, but there is no guarantee it will be accepted.
Currently, your only option is the script.
Gilles.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide