Http and https monitors not working

I have configured below monitors and used them in the pools mentioned below, but the pool does not come up, but when i configure a gateway_icmp monitor the pools come up.

Currently the monitors work from the ACE load balancers. The config for monitors on ACE is as below.

probe https pre-idp interval 10 faildetect 2 passdetect interval 45 passdetect count 2 request method get url /FIM/Info/InfoService expect status 200 200

probe http http80 interval 12 passdetect interval 45 request method get url /ldprobe.html expect status 200 200

=============================================================================================

MONITORS

ltm monitor http http_http80 { defaults-from /Common/http description http_http80 destination *:http interval 12 ip-dscp 0 partition ilm-int-acc recv 200 send "GET /ldprobe.html" time-until-up 0 timeout 10 }

ltm monitor https https_pre-idp { cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from /Common/https description https_pre-idp destination *:https interval 10 ip-dscp 0 partition ilm-int-acc recv 200 send "GET /FIM/Info/InfoService" time-until-up 0 timeout 10 }

=============================================================================================

POOLS

ltm pool pre-holvi { description pre-holvi load-balancing-mode predictive-node members { IPREPRX3_10.129.50.135:any { address 10.129.50.135 session monitor-enabled state down } IPREPRX4_10.129.50.147:any { address 10.129.50.147 session monitor-enabled state down } } monitor http_http80 partition ilm-int-acc }

ltm pool pre-idp { description pre-idp load-balancing-mode predictive-node members { IPREPRX3_10.129.50.140:any { address 10.129.50.140 session monitor-enabled state down } IPREPRX4_10.129.50.143:any { address 10.129.50.143 session monitor-enabled state down } } monitor https_pre-idp partition ilm-int-acc }

ltm pool pre-sp { description pre-sp load-balancing-mode predictive-node members { IPREPRX3_10.129.50.139:any { address 10.129.50.139 session monitor-enabled state down } IPREPRX4_10.129.50.142:any { address 10.129.50.142 session monitor-enabled state down } } monitor https_pre-idp partition ilm-int-acc }

=============================================================================================

application delivery

LTM

25 Replies

IheartF5_45022
Nacreous
Oct 08, 2015
I don't suppose there's any network or host-based (like iptables) firewall inbetween the LTM and the pool members?

Try running tcpdump to see what's going on;-

tcpdump -i 0.0:nnn -s 0 -vv -XXX host 10.129.50.142 and port 80

Paste the results here if you like.
- yogesh_gaikwad_
  Nimbostratus
  Oct 08, 2015
  Hi
- yogesh_gaikwad_
  Nimbostratus
  Oct 08, 2015
  I am getting below output when i run the command tcpdump -i 0.0:nnn -s 0 -vv -XXX host 10.129.50.142 and port 443
- yogesh_gaikwad_
  Nimbostratus
  Oct 08, 2015
  i am not able to paste the output
IheartF5_45022
Nacreous
Oct 08, 2015
OK try less info, and also would help if I gave you correct IP :-)

tcpdump -i 0.0 -s 70 -X host 10.129.50.135 and port 80

You only need to do 12s (max) at a time to see a complete monitor. Try to stop it after 12s and paste the output.
- yogesh_gaikwad_
  Nimbostratus
  Oct 08, 2015
  I am unable to paste the output here, also this site is not giving an option to upload an image
Mark_van_D
Cirrostratus
Oct 08, 2015
What if you tried adding in the \r\n\r\n into the monitor?

ltm monitor http http_http80 { defaults-from /Common/http description http_http80 destination *:http interval 12 ip-dscp 0 partition ilm-int-acc recv 200 send "GET /ldprobe.html\r\n\r\n" time-until-up 0 timeout 10 }

ltm monitor https https_pre-idp { cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from /Common/https description https_pre-idp destination *:https interval 10 ip-dscp 0 partition ilm-int-acc recv 200 send "GET /FIM/Info/InfoService\r\n\r\n" time-until-up 0 timeout 10 }
IheartF5_45022
Nacreous
Oct 08, 2015
Don't append HTTP/1.1 BTW. Do keep Marks suggestion of \r\n\r\n at the end.

Then let's go back to basics. Try this from the command line and paste output;

curl -0 -v http://10.129.50.135/ldprobe.html
- yogesh_gaikwad_
  Nimbostratus
  Oct 09, 2015
  * About to connect() to 10.129.50.135 port 80 (0) * Trying 10.129.50.135... connected * Connected to 10.129.50.135 (10.129.50.135) port 80 (0) > GET /ldprobe.html HTTP/1.0 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1j zlib/1.2.3 libidn/0.6.5 > Host: 10.129.50.135 > Accept: */* > < HTTP/1.1 200 OK < connection: close < content-length: 0 < content-type: text/html < date: Fri, 09 Oct 2015 10:30:28 GMT < last-modified: Mon, 23 Sep 2013 09:40:19 GMT < p3p: CP="NON CUR OTPi OUR NOR UNI" < server: WebSEAL/6.1.1.13 (Build 141126) < Set-Cookie: PD-H-SESSION-ID=4_0_QYgqmmNGLUB6bgCZv+uZMM+WfHoX+7RKmMxz06g4NiyLGiU3; Path=/ < * Closing connection 0
Mark_van_D
Cirrostratus
Oct 13, 2015
Hi Yogesh,

Did you have any luck with trying to post the tcpdump results? You should be able to add it as a picture if you post in answers rather than comments.

Mark
yogesh_gaikwad_
Nimbostratus
Oct 13, 2015
yogesh_gaikwad_
Nimbostratus
Oct 13, 2015
Finally I managed to insert the image :)
IheartF5_45022
Nacreous
Oct 13, 2015
I'm sorry Yogesh - we should have taken more traffic - 70b wasn't enough. Get a binary cap file and email me the hc.cap;-

tcpdump -i 0.0:nnn -s 0 -w /var/tmp/hc.cap host 10.129.50.135 and port 80

and/or read this article https://devcentral.f5.com/wiki/AdvDesignConfig.TroubleshootingLtmMonitors.ashx and try enabling debug on bigd.
- yogesh_gaikwad_
  Nimbostratus
  Oct 13, 2015
  I have got the hc.cap file, how do i email it to you?
- yogesh_gaikwad_
  Nimbostratus
  Oct 13, 2015
  Also, it has captured 77 packets, is that enough ?
- IheartF5_45022
  Nacreous
  Oct 13, 2015
  Should be fine - look on my profile for email address, or else check your messages - I messaged you.
IheartF5_45022
Nacreous
Oct 14, 2015
So the server isn't responding to the GET - it ACKs and then sends a FIN, however the curl works, as we saw above. Can you try to make your monitor more like the curl ie;-

Send String "GET /ldprobe.html HTTP/1.0\r\nHost: 10.129.50.135\r\n\r\n"

Does that make a difference?
- yogesh_gaikwad_
  Nimbostratus
  Oct 14, 2015
  Hey Joanna that worked!! :) Also, i tried to edit the send string to "GET /ldprobe.html HTTP/1.0\r\n\r\n" and this worked too. Thank you so much
IheartF5_45022
Nacreous
Oct 14, 2015
No worries. I feel ashamed I didn't get it earlier :-) - it's just that version numbers are not always mandatory (although it usually is if server only supports 1.1).