ACE ping probe

Similar Messages

• ACE Health probe for SIP

  I've setup a SIP probe to check the health of a Microsoft OCS. The health of this server is always failed. What am I missing? I also tried it with a telnet probe on port 5061, but got the same result. A telnet from ACE to the server on port 5061 works fine.
  See below a show probe SIP detail and the relevant configuration.
  ACE21_Secondary/MOCS# sh probe SIP det
  probe : SIP
  type : SIP
  state : ACTIVE
  description :
  port : 5061 address : 0.0.0.0 addr type : -
  interval : 10 pass intvl : 10 pass count : 3
  fail count: 3 recv timeout: 4
  request-method : OPTIONS
  conn termination : GRACEFUL
  expect offset : 0 , open timeout : 2
  expect regex : -
  ------------------ probe results ------------------
  associations ip-address port porttype probes failed passed health
  ------------ ---------------+-----+--------+--------+--------+--------+------
  rserver : OCS_11
  10.105.11.70 5061 -- 7566 7566 0 FAILED
  Socket state : CLOSED
  No. Passed states : 0 No. Failed states : 0
  No. Probes skipped : 0 Last status code : 0
  No. Out of Sockets : 0 No. Internal error: 0
  Last disconnect err : Server reply timeout (no reply)
  Last probe time : Thu Oct 30 14:18:42 2008
  Last fail time : Tue Oct 28 16:31:30 2008
  Last active time : Never
  ACE21_Secondary/MOCS# sh run
  probe sip tcp SIP
  port 5061
  interval 10
  passdetect interval 10
  receive 4
  expect status 200 200
  open 2
  rserver host OCS_11
  ip address 10.105.11.70
  probe SSL
  probe PING
  probe SIP
  probe SIP_TELNET
  inservice
  Cheers
  Peter

  Peter,
  make sure to NOT run version A2(1.1a) as SIP probes are broken in that specific release.
  If your version is something else, get a sniffer trace on the server to see what is going on.
  Seems like we don't get a reply according to the line :
  "Last disconnect err : Server reply timeout (no reply) "
  Gilles.

• ACE HTTP Probe with regex

  ACE HTTP Probe with regex
  Hi,
  I'm trying to setup a HTTP probe with expected string rather then a code (config below). I do a GET for the page then a search for a string in the response however it's not working, as probe appears as failed.
  I've tested the connection to the server by using telneting and then looking at the page displayed to make sure the string I want to match is in the response.
  probe http HTTP-PROBE
  port 43050
  interval 30
  passdetect interval 30
  passdetect count 1
  request method get url /action=help
  open 43050
  expect regex action=help
  Q. Is there anything wrong with this configuration and what I'm trying to achive?
  Thanks,
  Pritesh

  Use "expect status" under probe config. expect regex doesnt work if expect status is not configured.
  expect regex work flawlessly with static pages. It doesnt work all the time with dynamic pages.
  Specially if "content-length" header is missing from Server response.
  Hope it helps
  Syed Iftekhar Ahmed

• First ping probe timeout

  Hello,
  May be silly question but...
  When I check connectivity between two neighbour Cisco devices (routers and switches) using standart ping command with default parameters, I frequently see, what first ping probe is timeout and next four are successfull
  I suppose what on Ethernet links this is due ARP mechanism. But default ping timeout 2s, ARP Requst/Reply roundtrip on 100 Mbit/s Ethernet is ~ 100 us (I have observed with analyzer).
  The same situation on serial point-to-point links, where no ARP exists.
  Any Idea, why first ping probe is timeout?
  Also I have found this question in Cisco BCMSN Course LAB Guide
  On some pings, there was one lost packet (.) and then four good packets. You should know why that occurred.
  Best Regards,
  Tomas

  Tomas
  To understand this behavior I suggest that you start with show arp and look for the destination that you will ping. Then run debug arp and debug ip icmp. Then try the ping. This should help to clarify what the router does if the destination is not in the arp table and how that impacts the first ping.
  HTH
  Rick

• ACE http probe "request method type" mandatory on A3(2.6)?

  Hi people,
  I recently upgraded to A3(2.6) from A3(2.0) and I don't see the N/A option on the http probe "request method type".
  It also has an asterisk * which means it's mandatory.
  I tried to set up a new http probe for another farm I am creating and the probe shows status failed, although I can ping and telnet to the http server on port 80 from the ACE context. My probe is like that:
  probe http http_probe_WWW
    interval 15
    passdetect interval 60
    expect status 200 200
    open 10
  My other http probes for other farms work ok after the upgrade and they are similar.
  So my question is: Do I need to set the request method type or something else causes the probe to fail?
  thanks a lot.
  George

  What you see is a problem with the GUI.
  CSCtg78008    while creating http probe default method slected should be get as in CLI
  But the request-method is not required.
  So your config should work.
  Do a 'show probe detail' to see the failure reason.
  Get a sniffer trace as well.
  Regards,
  Gilles.

• ACE ping problem

  hello
  i have ace running in the router mode
  i have server and client different vlan
  (server vlan 20, client vlan 192)
  1. client vlan(20) -> vip(20.1.1.102) service ok
  2. client vlan(20) -> vip(20.1.1.102) ping fail?
  why happen ping fail ?
  Hope this helps
  [Configuration]
  access-list ALL line 10 extended permit ip any any
  access-list ALL line 11 extended permit icmp any any
  probe tcp tcp_21
  port 21
  interval 2
  faildetect 2
  passdetect interval 5
  passdetect count 2
  serverfarm host slb
  probe tcp_21
  rserver test_01
  inservice
  rserver test_02
  inservice
  class-map type management match-any REMOTE_ACCESS
  2 match protocol telnet any
  3 match protocol ssh any
  4 match protocol icmp any
  class-map match-all slb
  2 match virtual-address 20.1.1.102 any
  policy-map type management first-match REMOTE_MGMT
  class REMOTE_ACCESS
  permit
  policy-map type loadbalance first-match slb
  class class-default
  serverfarm slb
  policy-map multi-match test
  class slb
  loadbalance vip inservice
  loadbalance policy slb
  loadbalance vip icmp-reply active
  interface vlan 20
  ip address 20.1.1.2 255.255.255.0
  alias 20.1.1.1 255.255.255.0
  peer ip address 20.1.1.3 255.255.255.0
  access-group input ALL
  access-group output ALL
  service-policy input REMOTE_MGMT
  service-policy input test
  no shutdown
  interface vlan 192
  ip address 192.168.1.102 255.255.255.0
  alias 192.168.1.1 255.255.255.0
  peer ip address 192.168.1.103 255.255.255.0
  access-group input ALL
  access-group output ALL
  service-policy input test
  no shutdown

  Is the A2 train the current version recommended by Cisco? These devices load balance critical systems so we usually try and stay with Safe Harbor code were ever possible. In my deployment I require stability over features and in the past have stayed away from the "newest" code releases for fear of flaky or buggy behavior.
  Thanks

• ACE - TCP probe goes into INVALID state

  Hello,
  I have a problem with the following configuration of a sticky serverfarm with a backup serverfarm
  (this setup is ofcourse used only for failover purposes, not loadbalancing):
  probe tcp tcp-8888-probe
    port 8888
    interval 5
    faildetect 2
    passdetect interval 3
    passdetect count 1
  rserver host rsrv1
    ip address 10.1.2.10
    inservice
  rserver host rsrv2
    ip address 10.1.2.11
    inservice
  serverfarm host rfarm-primary
    predictor leastconns
    probe tcp-8888-probe
    rserver rsrv1 8888
      inservice
  serverfarm host rfarm-backup
    predictor leastconns
    probe tcp-8888-probe
    rserver rsrv2 8888
     inservice
  sticky http-cookie RFARM-COOKIE sticky-rfarm-1
    cookie insert browser-expire
    serverfarm rfarm-primary backup rfarm-backup
  etc....
  The problem is that every time probe state changes (from SUCCESS to FAIL or otherwise), the tcp-8888-probe on the server that changed
  the state of service, goes into INVALID state:
  #show probe tcp-8888-probe detail
  probe       : tcp-8888-probe
  type        : TCP
  state       : ACTIVE
  description :
     port      : 8888    address     : 0.0.0.0         addr type  : -
     interval  : 5       pass intvl  : 3               pass count : 1
     fail count: 2       recv timeout: 10
     conn termination : GRACEFUL
     expect offset    : 0         , open timeout     : 10
     expect regex     : -
     send data        : -
                         --------------------- probe results --------------------
     probe association   probed-address  probes     failed     passed     health
     ------------------- ---------------+----------+----------+----------+-------
     serverfarm  : rfarm-backup
       real      : rsrv2[8888]
                         10.1.2.11    291        0          291        SUCCESS
     Socket state        : CLOSED
     No. Passed states   : 1         No. Failed states : 0
     No. Probes skipped  : 0         Last status code  : 0
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err :  -
     Last probe time     : Thu Jun 17 22:12:31 2010
     Last fail time      : Never
     Last active time    : Thu Jun 17 21:48:21 2010
     serverfarm  : rfarm-primary
       real      : rsrv1[8888]
                         10.1.2.10    0          0          0          INVALID
     Socket state        : CLOSED
     No. Passed states   : 0         No. Failed states : 0
     No. Probes skipped  : 0         Last status code  : 0
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err :  -
     Last probe time     : Never
     Last fail time      : Never
     Last active time    : Never
  I have managed to get the probe into FAIL state again for a moment by removing it from serverfarm, and then reapplying, but in a few seconds it goes again from FAIL to INVAILD state, and stays in this state regardless of avaliability of probed TCP port. Only when i'm reapplying it when the port is avaliable/up, it can stay in SUCCESS state, and work till the failure of service, when INVALID state reappears.
  What can be the cause of such behavior ?
  thanks,
  WM

  Hello,
  It looks very similar to this bug: CSCsh74871
  You may need to collect a #show tech-support and do the following:
  -remove the serverfarm in question
  -reboot the ace module under a maintenance window.
  You may upgrade to a higher version since your version is kind of old.
  Jorge

• Ace HTTP Probe expect regex

  Hi,
  I have a question about the config of the ACe probe.
  I have the following probe defined :
  probe http P_HTTP_TEST
  interval 5
  passdetect interval 2
  passdetect count 2
  request method get url /test
  expect status 200 200
  expect regex trululu
  I would like to use the regex just like the expect string on the csm probe...
  The regex doesn't seem to work as the strin trululu is not on the page tested.
  I guess the expect status override the regex but without the expect status it doesn't work either.
  Anyone know how exactly the probe expect works for http ?
  Another question, on the CSM module, the tcp probe by default use the real port for the probe, not the default port of the probe type, is it possible to change that so it mimmicks the CSM way of working ?
  Thanks a lot ;-)

  This seems to be bug related to some version of ACE software as HTTP return code overrides missing regexp. For sure this bug is present in:
  system:    Version A2(2.0) [build 3.0(0)A2(2.0)]
  Notice the difference between 192.168.1.1 (is missing regex in HTTP response) and 192.168.1.2 (sends regexp in HTTP response). Both are successful and as addition 192.168.1.1 (missing regexp) is showing last status code 200 which seems to be sufficient for probe to pass. 192.168.1.2 (which sends expected regexp) doesn't show last status code.
  probe       : tw2_http_81
  type        : HTTP
  state       : ACTIVE
  description :
     port      : 81      address     : 0.0.0.0         addr type  : -
     interval  : 30      pass intvl  : 30              pass count : 1
     fail count: 1       recv timeout: 10
     http method      : GET
     http url         : /knowtw2-f/livelink.exe?func=ll&objtype=142&bypass
     conn termination : GRACEFUL
     expect offset    : 0         , open timeout     : 10
     expect regex     : lbmonitor
     send data        : -
                         --------------------- probe results --------------------
     probe association   probed-address  probes     failed     passed     health
     ------------------- ---------------+----------+----------+----------+-------
       real      : 192.168.1.1[81]
                         192.168.1.1    2          0          2          SUCCESS
     Socket state        : CLOSED
     No. Passed states   : 1         No. Failed states : 0
     No. Probes skipped  : 0         Last status code  : 200
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err :  -
     Last probe time     : Mon Nov  7 12:38:42 2011
     Last fail time      : Never
     Last active time    : Mon Nov  7 12:38:22 2011
       real      : 192.168.1.2[81]
                         192.168.1.2    2          0          2          SUCCESS
     Socket state        : CLOSED
     No. Passed states   : 1         No. Failed states : 0
     No. Probes skipped  : 0         Last status code  : 0
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err :  -
     Last probe time     : Mon Nov  7 12:38:27 2011
     Last fail time      : Never
     Last active time    : Mon Nov  7 12:37:58 2011

• ACE HTTP probe hash md5 value

  Hi,
  We would like to see the hash value calculated by the ACE when the HTTP probe hash command configured.
  This is possible on CSS via the "sh service" command. We have tried to get it from sh rserver , sh probe XXX detail sh serverfarm XXX det but we do not get it.
  Is this possible to get it on the ACE as we do on the CSS?
  We need this to manually configure it via the hash <value> command because if the ACE probe is reseted for any reason, the probe http hash will be re-calculated based on the first http response of the server and we can not predict that the server will give the expected web page at this time.
  A // question is: on what the md5 value is calculated? HTTP header + payload or only http object payload? We have calculated the md5 hash value by ourselves but the probe is still failing whatever the http portion used for the calculation is.
  Many thanks for your help.
  Regards/ludovic.

  probe http MD5-HTTP
  interval 15
  passdetect interval 15
  request method get url /index.html
  expect status 200 200
  hash 2441DA7F68A265F8CFB4426B6897CE33
  And here is how I computed the hash on the server itself [linux machine]
  md5sum /var/www/HTML/index.html
  2441da7f68a265f8cfb4426b6897ce33 /var/www/HTML/index.html
  [root@linux-1 tftpboot]#
  The probe is UP
  switch/Admin# sho probe MD5-HTTP detail
  probe : MD5-HTTP
  type : HTTP
  state : ACTIVE
  description :
  port : 80 address : 0.0.0.0 addr type : -
  interval : 15 pass intvl : 15 pass count : 3
  fail count: 3 recv timeout: 10
  http method : GET
  http url : /index.html
  Hash-value : 2441da7f68a265f8cfb4426b6897ce33
  conn termination : GRACEFUL
  expect offset : 0 , open timeout : 10
  expect regex : -
  send data : -
  --------------------- probe results --------------------
  probe association probed-address probes failed passed health
  ------------------- ---------------+----------+----------+----------+-------
  serverfarm : linux1
  real : linux1[0]
  192.168.30.27 13 4 9 SUCCESS
  md5sum is a standard tool.
  Nothing fancy about it.
  Gilles.

• ACE ICMP probe

  Hi,
  I have a strange behavior on a ACE blade :
  The blade is configured in bridge mode, when a configured reals server, if they are on the same site, the probe is ok, if they are on another site, the probe is failed.
  What I found is that the echo reply on the PO of the blade is padded with 23 bytes of "0" only for the probe.
  This is really strange...
  the version of the blade and ios:
  blade : 3.0(0)A1(4a)
  Sup (720): 12.2(18)SXF8
  I found on the forum that it could be related to the PFC3b but I don't see how I could try to bypass it.
  Thanks for your help ;-)

  I understand the reply will come on some ethernet module and be forwarded into the ACE PO.
  So, what is the the ethernet hardware module type ? 'show mod'.
  Could you also give us the trace so we can look at the icmp packet.
  Thanks,
  Gilles.

• ACE -- SSH probe

  Hello,
  We are trying to configure an SSH probe.
  I've tried creating a TCP port which checks for port 22, but I want to go further and get the probe to actually log on.
  I noticed that only HTTP probes have an option to configure credentials. 
  Is there a way that I can configure a probe on the ACE to do this without having to create a script?
  Thanks.

  Hi Michelle,
  If you manage to have a TCL script that connects through SSH, you can pass the username and password through arguments of the scripted probe and those arguments could be use to login.
  Now how can you use TCL to login through SSH, I'm sorry but I don't know.
  Regards,
  Nicolas

• ACE Health probe using get URL

  Hello,
  We are trying to create a health probe for our google search appliances and as part of the URL get there is a question mark but the ACE doesn't like that.  Is there a way around this or should it be done differently?
  request method get url /searchq? (This is what we want the URL to be)
  request method get url /searchq (This is where it thinks i'm asking it for help)
  Thanks in Advance.

  Hello,
  You need to typ CRTL+v prior to entering the ?
  That's the Control key then lowercase v, then your question mark.
  Hope this helps,
  Sean

• ACE Health Probe for SQL

  Hi All,
  Has anyone seen sample TCL code for probing a generic SQL server?
  Thanks,
  Dave

  You can use the following configuration:
  probe tcp MS-SQL
  description TO-RBSQL1
  ip address 10.15.160.3
  port 1433
  interval 2
  faildetect 2
  passdetect interval 2
  passdetect count 2
  rserver host RBWEB1
  ip address 10.15.177.11
  rserver host RBWEB3
  ip address 10.15.177.13
  inservice
  serverfarm host RBWEB
  description TO-VLAN-177-RBWEB-SERVERS
  predictor leastconns
  probe WWW-RISKBROWSER
  probe PING
  rserver RBWEB1
  rserver RBWEB3
  inservice
  And also you can use the command sh probe MS-SQL, to know probe association probed-address probes health. Sure that the server respond or responded with a RST.

• ACE failed probe and established connections

  Hello,
  I have four ACE 4710. Each pair of ACE is in one geographical location. Probes are configured so that it is checking regular regex (HTTP GET).
  When there is need rserver update we change text in our testpage.html (for ie. from "OK" to "SUSPEND" ) so that probe detect fail.
  In fact rservers are still operational, but should not accept new connections. This works fine.
  BUT I observed that established connection/sessions did not end up after probe fails. ACE probably wait for openned/established connections to end up and it is what I am askign for.
  What happens if probe fails but in fact rserver is operational? I thought that if probe fails it also end up/cut all established connections to rserver. But seems it is not true. Does anybody has this experience?
  Thanks for your opinion.
  Jan

  Hello Jan,
  if I understood correctly what you're looking for is domented in the area for the failaction command which actually makes the ACE behavior on this aspect configurable:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_2_0/configuration/slb/guide/rsfarms.html#wp1117375
  indeed the default behavior of the ACE is to take a  failed real server out of load-balancing rotation for new connections  and to allow existing connections to complete.
  Hope it helps,
  Francesco

• ACE dual probe AND-action

  Hi,
  I have the need of a dual probe with a AND-action, ie both probes needs to be down to take the service down.
  The following configuration is an OR-operation but I need a AND-operation.
  Any? Scripted?
  probe https HEALTHCHECK-OPEN-SSL
    interval 10
    passdetect interval 5
    receive 2
    ssl version all
    request method get url /open/healthcheck.html
    expect status 200 200
    header User-Agent header-value "Cisco-Probe"
    hash
    connection term forced
    open 2
  probe https HEALTHCHECK-SSL
    interval 10
    passdetect interval 5
    receive 2
    ssl version all
    request method get url /healthcheck.html
    expect status 200 200
    header User-Agent header-value "Cisco-Probe"
    hash
    connection term forced
    open 2
  serverfarm host MOBI-SSL
    probe HEALTHCHECK-SSL
    probe HEALTHCHECK-OPEN-SSL
    rserver MOBI-NY-L 443
      inservice
    rserver MOBI-NY-R 443
      inservice

  Hi,
  Use the "fail-on-all" command to configure the ACE to take the rserver out of service if all the associated probes fail. You can use this command under the serverfarm or the rserver.
  -Alex