Using an HTTP monitor without DNS lookup

Question

Greetings.&nbsp;
I have run into an interesting problem... I have an internal F5 LTM configured with a VIP that serves internal clients only. To check on the pool members' health, I use the following GET command:&nbsp;
"GET http://appname.companyname.com/authentication.GetServerstatus/appname 
", where "appname.companyname.com" resolves to an internal IP address (10.x.x.x). &nbsp;
I am checking for an "OK" in the response, and things are working great.&nbsp;
Now the bad news: We need to expose the application to external users. So I build an external-facing VIP with a non-RFC1918 IP address, copy over the settings to our external-facing F5, and it mostly works - but the application is advertised externally with the same FQDN. When the external F5 looks up "appname.companyname.com" it goes via the management IP address, and I get the internal IP address.&nbsp;
Can I manually configure an IP address in the monitor? Or is there a smarter trick?&nbsp;
Thanks in advance!&nbsp;

jg · Answer

Why do you need to provide an absolute target URI in a monitor? Is your backend server a proxy? &nbsp;
It would help clear things up if you share your virtual server and pool configuration.&nbsp;

rob_carr · Answer

You can use the alias address setting to specify the address being checked by your monitor.&nbsp;

jg · Answer

You could do this with an external monitor, such as below:
!/bin/sh

these arguments supplied automatically for all external pingers:
 $1 = IP (::ffff:nnn.nnn.nnn.nnn notation or hostname)
 $2 = port (decimal, host byte order)
 $3 and higher = additional arguments
 
 $MONITOR_NAME = name of the monitor
 
 In this sample script, $3 is the regular expression

Name of the pidfile
pidfile="/var/run/$MONITOR_NAME.$1..$2.pid"

Send signal to the process group to kill our former self and any children 
 as external monitors are run with SIGHUP blocked
if [ -f $pidfile ]
then
   kill -9 -`cat $pidfile` &gt; /dev/null 2&gt;&amp;1
fi

echo "$$" &gt; $pidfile

Remove the IPv6/IPv4 compatibility prefix 
node_ip=`echo $1 | sed 's/::ffff://'`

Using the nc utility to get data from the server. 
 Search the data received for the expected expression.
echo "GET /" | /usr/bin/nc $node_ip $2 2&gt; /dev/null | grep -E -i $3 &gt; /dev/null

echo -e "GET http://appname.companyname.com/authentication.GetServerstatus/appname HTTP/1.0

" | /usr/bin/nc -s ext.ip.addr.on.f5 appname.companyname.com 80 | grep "my expected return string" &gt; /dev/null 2&gt;&amp;1

status=$?
if [ $status -eq 0 ]
then
 Remove the pidfile before the script echoes anything to stdout and is killed by bigd      
    rm -f $pidfile
    echo "up"
fi

Remove the pidfile before the script ends
rm -f $pidfile

[Untested].
Replace "ext.ip.addr.on.f5" with a public IP address on your F5 system.

stanislas_piro2 · Answer

Hi,
I think you misunderstood monitor configuration
the Send string is never interpreted by LTM to resolve hostname.
The monitor open a TCP connection to pool member address and pool member port (or alias address / port is configured)
after TCP handshake, the BigIP send the send string as is.
when server respond, it parse the whole response including HTTP headers, if receive string matches, it mark the pool member up and close TCP connection.
if you want to monitor server with URL http://appname.companyname.com/authentication.GetServerstatus/appname, the monitor send string must be :
GET /authentication.GetServerstatus/appname HTTP/1.1
Host: appname.companyname.com
Connection: Close

Forum Discussion

Using an HTTP monitor without DNS lookup

4 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

SNI Routing with DNS Lookup

HTTP error 503, DNS lookup failed

Irule Table lookup

DNS Monitor Using NS Lookup

SPF TXT lookup limit RFC 7208 4.6.4