TACACS health monitoring

Question

Hello, 
&nbsp;  
&nbsp; We are working on a solution utilising LTM to load balance to some TACACS+ appliances. 
&nbsp;  
&nbsp; While we've managed to build an iRule to gain persistance based on the session ID generated from routers contacting the vserver on the LTM, I'm trying to get my head around doing some intelligent monitoring of the nodes other than simply connecting to TCP port 49. 
&nbsp;  
&nbsp; I got my hands on a TACACS+ perl client and got it working from a linux host, but wanted to know what I could possibly do from the LTM perspective, even if it meant using an external health monitoring script, but without having to load something custom on the box that could potentially void support on the box. 
&nbsp;  
&nbsp; Anyone got any ideas at all? 
&nbsp;

biju_kurian_103 · Answer

I have the same requirement to set up a pool of TACACS + servers. Looking for a solution to health monitor TACACS+. Dont know if there is any advancement in the new software revisions of LTMs.&nbsp;
&nbsp;Thanks
&nbsp;-Biju

milk_man · Answer

I started reading this, and then forgot it was me that started this thread about 3 years ago.... 
&nbsp;  
&nbsp; The quickest way to get this going is to probably use a TCP health monitor that sends a string in hex, and has a specific receive string that indicates the auth was successful. You'd need to take a capture of a valid request and a valid reply, and then play around with it. 
&nbsp;  
&nbsp; In 10.2.1 you can send hex using \x (including nulls as \x00) in a stock TCP monitor. &lt;--- blatantly copied from hoolio.

josh_41258 · Answer

I apologize for resurrecting such an old thread, but can anyone comment on the requirement for persistence when load balancing TACACS+?  Is some type of custom persistence required like Milk_Man refers to (a custom iRule)?  Anyone doing this?&nbsp;
Thanks&nbsp;

Forum Discussion

TACACS health monitoring

3 Replies

Recent Discussions

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Related Content

TACACS+ External Monitor (Python)

Health monitor question

F5 Distributed Cloud - Regional Edge Health Monitoring Insights

iRule based RADIUS Health Monitor Builder

GTM health Monitoring and Probe