ACE 4710 http probe get url question

Similar Messages

• ACE 4710 HTTP Probes

  Using the ACE 4710 for loadbalancing a Sharepoint site.
  We currently have a HTTP probe setup to check the port 80 status of the rserver.
  Is there anyway to get the HTTP probe to check a DNS entry for each of the application sites? For instance http://info vs http://site are two different web sites running on the same IP. One site could have a problem but the actual port 80 for the IP may be still alive.
  Thanks for any information.

  Has anyone figure this out?  I am tring to get healthchecks/probes setup in this same fashion.  I have 2 servers with 1 IP but have many sites.  I want to probe each side and ensure I get a 200 code.  I also have to provide credentials to the site.  It seems that if i open IE I can log in just fine to the site with the credentials.  However there is an active x control box that is wanting to be installed.  When I set this up on my ACE it seems I am getting a http 401 unauthorized error.  I have done a wireshark capture while I was browsing and I see the 401 however it also reports a 200 code after that.  Do you think this is a problem because of the active x control wanting to be downloaded?  Or is this an issue with the first http code that is recieved by the probe, that being the 401 and then the 200? Below is my config (cleaned of course).
  probe http HTTP-80-OUR.DOMAIN.COM
    interval 15
    passdetect interval 60
    credentials
    request method get url http://our.domain.com/default.aspx
    expect status 200 200
    header Host header-value "our.domain.com"
    open 1
  rserver host SERVER-A
    ip address X.X.X.47
    inservice
  rserver host SERVER-B
    ip address X.X.X.48
    inservice
  serverfarm host FARM-AB
    predictor leastconns
    probe HTTP-80-OUR.DOMAIN.COM
    rserver SERVER-A
      inservice
    rserver SERVER-B
      inservice
  ACE4710# show probe HTTP-80-OUR.DOMAIN.COM detail
  probe       : HTTP-80-OUR.DOMAIN.COM
  type        : HTTP
  state       : ACTIVE
  description :
     port      : 80      address     : 0.0.0.0         addr type  : -
     interval  : 15      pass intvl  : 60              pass count : 3
     fail count: 3       recv timeout: 10
     http method      : GET
     http url         : http://our.domain.com
     conn termination : GRACEFUL
     expect offset    : 0         , open timeout     : 1
     expect regex     : -
     send data        : -
                  ------------------ probe results ------------------
     associations ip-address      port  porttype probes   failed   passed   health
     ------------ ---------------+-----+--------+--------+--------+--------+------
     serverfarm  : OUR.DOMAIN.COM-10.25.4.12-L3-FARM
       real      : SERVER-A[0]
                  X.X.X.47      80    DEFAULT  414      406      8        FAILED
     Socket state        : CLOSED
     No. Passed states   : 1         No. Failed states : 2
     No. Probes skipped  : 0         Last status code  : 401
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err : Received invalid status code
     Last probe time     : Wed Jun  2 17:44:18 2010
     Last fail time      : Wed Jun  2 13:37:04 2010
     Last active time    : Wed Jun  2 13:34:19 2010
       real      : SERVER-B[0]
                  X.X.X.48      80    DEFAULT  414      406      8        FAILED
     Socket state        : CLOSED
     No. Passed states   : 1         No. Failed states : 2
     No. Probes skipped  : 0         Last status code  : 401
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err : Received invalid status code
     Last probe time     : Wed Jun  2 17:44:20 2010
     Last fail time      : Wed Jun  2 13:37:06 2010
     Last active time    : Wed Jun  2 13:34:21 2010

• ACE Appliance HTTP Probe with "POST" query

  Does the ACE support HTTP Probe with a "POST" query?
  Thanks
  Joe

  Hi Joe,
  The ACE only supports GET and HEAD
  Here is the documentation related to this:
  http://www.cisco.com/en/US/customer/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/slb/guide/probe.html#wp1031485
  Cesar R

• ACE HTTP probe get - not able to contain '?' in URL?

  Trying to put a probe together..
  probe http probeElvis
  interval 5
  passdetect interval 10
  request method get url 8888/livelink/llisapi.dll?func=LL.getlogin&NextURL=%2Flivelink%2Fllisapi%2Edll%3FRedirect%3D1
  expect status 100 404
  connection term forced
  But when typing or pasting that URL in - when it gets to the '?" after llisapi.dll the CLI is interpreting that as a query for HELP - but i want it to be part of the string!!
  Is my only choice to go to TCL scripting? I don't know how to do that! I'm a network guy!! :)

  Precede the question mark with Ctrl-V to prevent the question mark from being interpreted as a help command.

• ACE Module - HTTP Probe failure

  Hi,
  I have configured the http probe with expect status 200 202, but the probe fails despite availability of the port on rserver.
  I tried head/get method to see the return code, and it came back with HTTP1.1/302. How can I configure an http probe to understand HTTP 302 code as success return.
  Thanks.

  I changed the expect status value as below
  probe http TEST-HTTP
  interval 30
  passdetect interval 10
  request method head
  expect status 302 302
  The probe is still failing with the log message
  Apr 20 2009 12:04:35 : %ACE-3-251010: Health probe failed for server 192.168.1.10 on port 80, received invalid status code
  On 'show probe detail' it shows the last status code as 400 which means Bad Request
  --------------------- probe results --------------------
  probe association probed-address probes failed passed health
  ------------------- ---------------+----------+----------+----------+-------
  serverfarm : TEST-APP
  real : TEST-SERVER1[80]
  192.168.1.10 27 27 0 FAILED
  Socket state : CLOSED
  No. Passed states : 0 No. Failed states : 1
  No. Probes skipped : 0 Last status code : 400
  No. Out of Sockets : 0 No. Internal error: 0
  Last disconnect err : Received invalid status code
  Last probe time : Mon Apr 20 12:05:33 2009
  Last fail time : Mon Apr 20 12:00:53 2009
  Last active time : Never
  The http page is showing perfectly on the web browser. Also, using the http head/get tool, I can see that 302 is returned.
  What could be the problem.
  Regards.

• ACE 4710 HTTPS load balance configuration

  Have two ACE 4710 in HA setup. We would like to setup HTTPS loadbalance(actually just a primary and standby configuration in the serverfarm). Initially this would be for Exchange OWA connections but may expand to more HTTPS connections later.
  I know there are several ways to do SSL with the ACE( client, server, end-to-end). I am just wanting to know the easiest way to deploy this? Is a certificate always needed on the ACE for each connection? In HA mode would a certificate be needed for both or does it replicate in some way to the other ACE?
  Any configuration examples would be helpful.
  Thanks.

  IF you terminate SSL on the ACE you need certificates and key on ace in the context in which you are doing the termination. The certs and keys need to be installed on the active and standby (manually unless using anm to manage).
  when speaking of SSL
  SSL termination refers to ace terminating SSL and sending to server as clear text
  end to end - ACE terminates SSL (to look into payload to make a loadbalance decision or sticky decision) and then re-encrypts to the server, so to the client ACE is an ssl server and to the server the ace is an ssl client.
  You can find some config examples at
  http://docwiki.cisco.com/wiki/Category:Data_Center_Application_Services_Configuration_Examples

• Local Director http probes with URLs and http redirect mode

  I am trying to configure http probes on my Local director 430 running 4.2.3
  I am using http redirect mode so the Virtual is bound to URLs not REALs with are linked to DIPs which are bound to REALs. So far the probes seem to not actually do anything. Does anyone know if the probes are compatible with URL redirect loadbalancing. And if so how one would go about configuring it.
  Thanks for your help.

  keepalive can be used for the probe notification in this case.
  Check the following url for details.
  http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/bsccfggd/services.htm#xtocid727448

• ACE 4710 - Parameters Lost in URL

  Hi Everyone,
  I have configured SSL offloading and redirection on a 4710 appliance. Everything works fine. The issue I am facing is that some parameters in url are getting lost.
  I have https://%h/%p configured as a redirect server which works fine as far as hostname and path is concerned. i.e. full hostname and path are preserved, but that there are some parameters after the full path in encrypted format which are getting lost. I think 307 redirect can resolve this issue but ACE does not support that.
  Has anyone faced something similar? Any suggestions would be helpful.
  Thanks.
  Rehan

  Hi,
  See the snip of the config
  parameter-map type ssl SSL-MAP
    session-cache timeout 600
  parameter-map type http HTTP-MAP
    persistence-rebalance
  rserver host E-SERVER01
    ip address X.X.X.Y
    inservice
  rserver host E-SERVER02
    ip address X.X.X.Z
    inservice
  rserver redirect E-SERVICE
    webhost-redirection https://%h/%p 302
    inservice
  serverfarm host E-SERVERS
    rserver E-SERVER01 80
      inservice
    rserver E-SERVER02 80
      inservice
  serverfarm redirect SF-RE-DIRECT
    rserver E-SERVICE
      inservice
  class-map match-any E-WEB-HTTP
    2 match virtual-address X.X.X.15 tcp eq www
  class-map match-any E-WEB-HTTPS
    3 match virtual-address X.X.X.15 tcp eq https
  sticky ip-netmask 255.255.255.255 address source WEB-STICKY
    replicate sticky
    serverfarm E-SERVERS
  policy-map type loadbalance first-match PM-E-WEB
    class class-default
      sticky-serverfarm WEB-STICKY
      insert-http ClientProtocol header-value "https"
  policy-map type loadbalance first-match PM-REDIRECT
    class class-default
      serverfarm SF-RE-DIRECT
  policy-map multi-match SLB-POLICY
    class E-WEB-HTTPS
      loadbalance vip inservice
      loadbalance policy PM-E-WEB
      loadbalance vip icmp-reply
      appl-parameter http advanced-options HTTP-MAP
      ssl-proxy server SSL-MAP
    class E-WEB-HTTP
      loadbalance vip inservice
      loadbalance policy PM-REDIRECT
      loadbalance vip icmp-reply
      appl-parameter http advanced-options HTTP-MAP
  @Jorge: The device has many policies and has been running for a few years, therefore the show stats http command will not be of much help as we may see other traffic statistics/errors. If your looking for max parse len errors then thats not happening. The url length is not that long. Let me know if anything specific you want me to check.
  @Cesar: I will check but as per the information I have there are some parameters after the complete path "/" which are hash value of an authentication request. Basically what is happening when the user goes to the page, user needs to enter credentials. Once the user clicks submit the page just reloads, instead of going to the requested url.
  Thanks for your support,
  Rehan

• ACE 4710 LDAP probe

  Folks,
  We'll be adding a farm this weekend to do some kind of balance for LDAP and LDAPs servers.
  I've been thinking about what would be the best way to probe that servers.
  I assume an generic TCP probe has to be created testing 389 and 636, but i honestly don't know what should i expect coming from the real servers.
  Does anyone have a LDAP farm in place or something like that.. ? I've found an script on the internet, but it seems a little bit further that what i can understand.. therefore i'm not really confident to use this.
  Thanks for any advices.
  Andre

  Hi Andre,
  You can use scripted ldap probe (LDAP_PROBE) available with ACE. It sends an anonymous bind request and check for bind success.
  probe tcp LDAPS_Probe
    port 636
  probe tcp LDAP_Probe
    port 389
  This is how you can apply the script for LDAP port 389.
  script file 1 LDAP_PROBE
  probe scripted LDAP_PROBE_389
  interval 5
  passdetect interval 30
  receive 5
  script LDAP_PROBE
  serverfarm host SF-LDAP-389
  description SF LDAP Port 389
  predictor leastconns
  probe LDAP_PROBE_389
  rserver LDAP-RS1-389
  inservice
  The only supported LDAP probe on the ACE module is the unsecure scripted probe,
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/script.html#wp1111558
  The pre-made TCL script probes available from the Software download page also contains an LDAP probe that you can use to verify the health of the LDAP servers.
  The ace_scripts.tgz zip file contains these scripts and is located at this URL:
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cat6500-ace
  To unzip this file, use the gunzip command in Exec mode,
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/script.html#wp1107470
  For your convenience, the following sample scripts for the ACE are available to support the TCL feature and are supported by Cisco TAC:
  •CHECKPORT_STD_SCRIPT
  •ECHO_PROBE_SCRIPT
  •FINGER_PROBE_SCRIPT
  •FTP_PROBE_SCRIPT
  •HTTP_PROBE_SCRIPT
  •HTTPCONTENT_PROBE
  •HTTPHEADER_PROBE
  •HTTPPROXY_PROBE
  •IMAP_PROBE
  •LDAP_PROBE -----------------> "The LDAP probe you are looking for"
  •MAIL_PROBE
  •POP3_PROBE
  •PROBENOTICE_PROBE
  •RTSP_PROBE
  •SSL_PROBE_SCRIPT
  •TFTP_PROBE
  Also remember that the binding request should be send as a binary and not via ASCII. To get a packet capture of a succeessful credential binding request with username and password and then convert this to HEX value and insert it in the script.
  The easiest way is to capture a packet with the authentication credentials and then replace the hex bind string in the example.
  The alternative is to handcode the BER coded ASN.1 data string - which while more fun is time consuming. The remainder of the script can stay the same.
  You can do this on an ACE module. You have to be aware that 300c02010160 in the example script string is a sort of "header" that holds the request id (1). This will be different in your packet capture.
  If you look at the decomposition of the example you'll be able to see how it is put together and what you need to change.
  0x30 The start of a universal constructed sequence
  0x0c The length of the sequence minus the tag and length bytes = 12 bytes
  0x02 Next field is an integer
  0x01 The length of the next field (1 byte)
  0x01 Value (this is the message ID)
  0x60 Application, number 0, use RFC2251 to decode. This is a Bind Request
  0x07 Length of data to follow.
  0x02 Integer
  0x01 Length 1
  0x03 3 - this is the LDAP version.
  0x04 String
  0x00 Length 0
  0x80 Simple Authentication
  0x00 Length 0
  Just keep the id the same in the unbind.
  The string I use is:
  302d02010160280201030418636e3d41636550726f78792c6f3d556e69766572736974798009ffffffffffffffffff
  where I've replaced the 9 character password with 9*x'ff'.
  The username for binding is AceProxy.  If you want to use the same script then create that username and set the password in the string above (in hex).  If for example you set the password to Example12 then you need to set the 9*x'ff' to '4578616d706c653132' - which is the hex representation of the ASCII.
  Note that if you use fewer or more than 9 characters then you'll need to change other values in the string because they refer to lengths.
  You need to create a copy of the standard LDAP probe into your own file and then replace the hex string in the "puts" line which you identified above with the new string.
  Then copy the file to the ACE:
  ace1/ldap# copy ftp: disk0:
  Enter source filename[]? My-LDAP_PROBE
  Enter the destination filename[]? [My-LDAP_PROBE]
  Enter hostname for the ftp server[]?
  1.2.3.4
  Enter username[]? anonymous
  Enter the file transfer mode[bin/ascii]: [bin]
  Password:
  Passive mode on.
  Hash mark printing on (1024 bytes/hash mark).
  In the context create a scripted probe definition:
  probe scripted PROBE-LDAP-389
    interval 60
    receive 20
    script My-LDAP_PROBE
  Load the script into the context:
  script file 10 My-LDAP_PROBE
  And then add it to the serverfarm:
  serverfarm host FARM-LDAP
    probe PROBE-LDAP-389
  The manual implies that you can pass arguments to a scripted probe, but you would then have to build the hex string dynamically - taking care that all the length values were correct.
  This should be enough to enable you to implement the script.
  Find another example on this
  URL:http://scuq.abyle.org/?page_id=201
  #!name = ADV_LDAP_PROBE
  #### > user for linux tclsh !/usr/bin/tclsh8.4
  # Stefan Nistelberger
  # changes to cisco's original probe
  # * username and password with ldap simple bind (dynamically generated packets)
  # * unable to connect exception handling
  # * debug message for invalidCredentials
  # debug procedure
  # set the EXIT_MSG environment variable to help debug
  # also print the debug message when debug flag is on
  proc ace_debug { msg } {
      global debug ip port EXIT_MSG
      set EXIT_MSG $msg
      if { [ info exists ip ] && [ info exists port ] } {
          set EXIT_MSG "[ info script ]:$ip:$port: $EXIT_MSG "
      if { [ info exists debug ] && $debug } {
          puts $EXIT_MSG
  # main
  # parse cmd line args and initialize variables
  ## set debug value
  set debug 1
  if { [ regsub -nocase "DEBUG" $argv "" argv] } {
      set debug 1
  ace_debug "initializing variable"
  set EXIT_MSG "Error config:  script ADV_LDAP_PROBE \[DEBUG\]"
  set ip $scriptprobe_env(realIP)
  set port "0"
  set ldap_start "30"
  set ldap_bindheader "02010160"
  set ldap_bind "0201"
  set ldap_version "02"
  set ldap_gap1 "04"
  set ldap_gap2 "80"
  set ldap_bindheader_len 5
  set base_len 0c
  set ldap_simple_auth "8007"
  proc toASCII { char } {
     scan $char %c value
     return [format %-x $value]
  set username [ lindex $argv 0 ]
  set hexusername ""
  set password [ lindex $argv 1 ]
  set hexpassword ""
  foreach char [split $username ""] {
       set hexchar [toASCII $char]
       append hexusername $hexchar
  foreach char [split $password ""] {
       set hexchar [toASCII $char]
       append hexpassword $hexchar
  set username_len [string length $username]
  ace_debug $username_len
  set password_len [string length $password]
  ace_debug $password_len
  set base_len [expr 0x$base_len]
  set seq_len [expr $username_len + $password_len + $base_len]
  set sub_seq_len [expr $seq_len - $ldap_bindheader_len]
  set seq_len [format %02x $seq_len]
  set sub_seq_len [format %02x $sub_seq_len]
  set hexldapbindpckt ""
  append hexldapbindpckt $ldap_start
  append hexldapbindpckt "$seq_len"
  append hexldapbindpckt $ldap_bindheader
  append hexldapbindpckt $sub_seq_len
  append hexldapbindpckt $ldap_bind
  append hexldapbindpckt $ldap_version
  append hexldapbindpckt $ldap_gap1
  append hexldapbindpckt [format %02x $username_len]
  append hexldapbindpckt $hexusername
  append hexldapbindpckt $ldap_gap2
  append hexldapbindpckt [format %02x $password_len]
  append hexldapbindpckt $hexpassword
  # if port is zero the use well known ldap port 389
  if { $port == 0 } {
      set port 389
  #ace_debug $hexldapbindpckt
  # PROBE START
  set errorcode [catch {
          set sock [ socket $ip $port ]
  } msg ]
  if {$errorcode != 0} {
          ace_debug $msg
          exit 30002
  fconfigure $sock -buffering line -translation binary
  # anonymous bind request
  #puts -nonewline $sock [ binary format "H*" 300c020101600702010304008000 ]
  puts -nonewline $sock [ binary format "H*" $hexldapbindpckt ]
  set code "ffffff"
  flush $sock
  ace_debug "bef"
  set line [read $sock 22]
  ace_debug "aft"
  binary scan $line H* res
  binary scan $line @15H6 code
  close $sock
  #  make probe fail by exit with 30002 if ldap reply code != success code  0x0a0100
  if {  $code != "0a0100" } {
      if {  $code == "0a0131" } {
          ace_debug " probe failed : expect response code \'0a0100\' but received
  \'$code\' = invalidCredentials"
      } else {
          ace_debug " probe failed : expect response code \'0a0100\' but received
  \'$code\'"
      exit 30002
  ## make probe success by exit with 30001
  ace_debug "probe success"
  exit 30001
  URL for reference:
  https://cisco-support.hosted.jivesoftware.com/thread/132800?decorator=print&displayFullThread=true
  HTH
  Sachin Garg

• Flash Video: get URL question

  Basically, I have a webpage with a flash video on it. What
  I'm trying to do is, once the video plays through, the viewer
  should be taken to another webpage automatically. Does this require
  an ActionScript? Any help on this would be great.
  Thanks.

  yep, it requires some actionscript here a link to a very good
  tutorial:
  http://www.quip.net/blog/2007/flash/actionscript-20/how-to-determine-completion-of-flv

• Cisco ACE Mod 30 - HTTPS probes are failing after hardware replacement.

  We recently had a hardware failure on ACE Mod30. The replacement went in relatively painless (except for having to import about 100 SSL Certificates and Private Keys).
  However, on the new ACE, the HTTPS probes are failing for all contexts using them. We can work around this by using TCP-443 probe, but the customer prefers that we actually request a logon page to ensure that the application is running properly.
  Here are the probe stats for one context (THIS ONE IS ACTIVE)
  BRTDCSCRTR2/INTRA-DEV-TST# sho stats probe type https
  +------------------------------------------+
  +----------- Probe statistics -------------+
  +------------------------------------------+
   ----- https probe ----
   Total probes sent       : 52422        Total send failures   : 0
   Total probes passed     : 0            Total probes failed   : 52422
   Total connect errors    : 0            Total conns refused   : 0
   Total RST received      : 0            Total open timeouts   : 52422
   Total receive timeout   : 0            Total active sockets  : 0
  Here are the probe stats for one context (THIS ONE IS HOT_STANDBY)
  BRTDCSCRTR2/INTRA-PROD# sho stats probe type https
  +------------------------------------------+
  +----------- Probe statistics -------------+
  +------------------------------------------+
   ----- https probe ----
   Total probes sent       : 69398        Total send failures   : 0
   Total probes passed     : 0            Total probes failed   : 69398
   Total connect errors    : 0            Total conns refused   : 0
   Total RST received      : 0            Total open timeouts   : 69398
   Total receive timeout   : 0            Total active sockets  : 0
  Everything else appears to be working properly, except for the HTTPS probes.

  Hi,
  For HTTS Probes to be successful, you don't need to have SSL Certs/Private keys on ACE, unless servers are doing client authentication. When ACE sends HTTS Probes to servers, it acts as a client.
  Here are few things that can be tried:
  - Test HTTS probe with only one server. Reload the server to clear any SSL cache on it.
  - check SSL probe detail to verify the error code received
  - Take captures between ACE and that server to find at what stage of the probe packet exchange flow is failing.
  Here is a good link to troubleshoot HTTPS probe issues:
  http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Troubleshooting_Guide_--_Troubleshooting_ACE_Health_Monitoring#Troubleshooting_an_HTTPS_Probe_Error
  Regards,
  Hasham

• ACE Health probe using get URL

  Hello,
  We are trying to create a health probe for our google search appliances and as part of the URL get there is a question mark but the ACE doesn't like that.  Is there a way around this or should it be done differently?
  request method get url /searchq? (This is what we want the URL to be)
  request method get url /searchq (This is where it thinks i'm asking it for help)
  Thanks in Advance.

  Hello,
  You need to typ CRTL+v prior to entering the ?
  That's the Control key then lowercase v, then your question mark.
  Hope this helps,
  Sean

• Issue with regexes in http health probes on ACE 4710

  Folks,
  We're currently experiencing fairly bizarre behavior when attempting to set up http probes that expect a regexp.  Namely, if we specify a regexp, the probe *always* passes, regardless of status code and regardless of whether or not the message actually matches the pattern.  Doing 'no expect regexp' fixes this behavior (by which I mean that the 'expect status' rules work again). 
  We haven't noticed until now because this is the first time we've tried to set up a probe that does this.  Are we missing something?  Is this a known issue with our current firmware version?
  Sincerely,
  Patrick T. Ramsey
  # show run probe | begin HTTP-nfscheck | end regex
  Generating configuration....
  probe http HTTP-nfscheck
    description Simple HTTP probe to check nfs mount health
    port 80
    interval 15
    passdetect interval 20
    request method head url /nfs-health-check/
    open 1
    expect regex "^ureytgraeuikghfdjg$"
  # sh ver
  Cisco Application Control Software (ACSW)
  TAC support: http://www.cisco.com/tac
  Copyright (c) 1985-2009 by Cisco Systems, Inc. All rights reserved.
  The copyrights to certain works contained herein are owned by
  other third parties and are used and distributed under license.
  Some parts of this software are covered under the GNU Public
  License. A copy of the license is available at
  http://www.gnu.org/licenses/gpl.html.
  Software
    loader:    Version 0.95.1
    system:    Version A3(2.4) [build 3.0(0)A3(2.4) adbuild_11:46:02-2009/09/27_/auto/adbu-rel2/rel_a3_2_3_throttle/REL_3_0_0_A3_2
  _4]
    system image file: (hd0,1)/c4710ace-mz.A3_2_4.bin
    Device Manager version 1.2 (0) 20090925:1550
    installed license: no feature license is installed
  Hardware
    cpu info:
      Motherboard:
          number of cpu(s): 2
      Daughtercard:
          number of cpu(s): 16
    memory info:
      total: 6226388 kB, free: 3972668 kB
      shared: 0 kB, buffers: 22020 kB, cached 0 kB
    cf info:
      filesystem: /dev/hdb2
      total: 861668 kB, used: 728656 kB, available: 89240 kB
  last boot reason:  Unknown
  configuration register:  0x1
  ldbottom kernel uptime is 325 days 3 hours 46 minute(s) 43 second(s)

  I also went through a similar issue in which we need to probe the real server PESERVER01 and if the real server replies with the keyword "PE Server" in the HTTP content then the probe should be passed successful.
  In my case the real server was listening on port 32776 for HTTP service so we configured the serverfarm as below,
  serverfarm host SF-TEST-32776
    description SF-TEST-32776
    failaction purge
    probe PE-SERVER-STRING
    rserver PESERVER01 32776
      inservice
  And the TCP probe as below,
  probe tcp PE-SERVER-STRING
    port 32776
    send-data GET /IOR/ping HTTP/1.1      <<== command should not be in inverted  commas
    expect regex "PE Server"
  The above probe worked really well and when we checked the probe status it was marking as success. I also tried changing the regex from "PE Server" to "Vishal12345" and it was failing as expected because there was no such keyword in the HTTP content.
  ==================================================================================
  T2-LB02# sh probe PE-SERVER-STRING
  probe       : PE-SERVER-STRING
  type        : TCP
  state       : ACTIVE
     port      : 32776   address     : 0.0.0.0         addr type  : -
     interval  : 15      pass intvl  : 60              pass count : 3
     fail count: 3       recv timeout: 10
                  ------------------ probe results ------------------
     associations ip-address      port  porttype probes   failed   passed   health
     ------------ ---------------+-----+--------+--------+--------+--------+------
     serverfarm  : SF-TEST-32776
       real      : PESERVER01[32776]
                  10.10.10.1    32776 PROBE    105      0        105      SUCCESS
  ==================================================================================
  I was struggling with this issue from long time. Even raised couple of Cisco TAC cases with no luck. The most important thing here is to identify the exact command to be send to real server like GET /IOR/ping HTTP/1.1 that we used here.
  To collect this command I did packet capture on one of the client machine and then tried to open the URL from real server which can return the string "PE Server". Then analyzed the captures in Wireshark and checked the HTTP data with follow the TCP stream option in which I seen the below data, which gives the command to be send in probe as well as the string we should expect.
  ==================================================================================
  GET /IOR/ping HTTP/1.1
  User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
  Host: 10.144.70.85:32776
  Accept: */*
  HTTP/1.0 200 OK
  Content-type: text/html
  Ping
  PE Server
  WRVFKO11 [Win32 Server Production (3 silos) (Oracle Blob 512 MB) -- {dap451.007.028 dap451.004.002 pe451.003.010x pui451.003.010  pui451.001.004} Mar  9 2012 15:07:53 en ]
  ===================================================================================
  Please try this and see if it helps you.
  Thanks,
  Vishal Babrekar

• ACE HTTP prove get - not able to contain '?' in URL?

  Trying to put a probe together..
  probe http probeElvis
  interval 5
  passdetect interval 10
  request method get url 8888/livelink/llisapi.dll?func=LL.getlogin&NextURL=%2Flivelink%2Fllisapi%2Edll%3FRedirect%3D1
  expect status 100 404
  connection term forced
  But when typing or pasting that URL in - when it gets to the '?" after llisapi.dll the CLI is interpreting that as a query for HELP - but i want it to be part of the string!!
  Is my only choice to go to TCL scripting? I don't know how to do that! I'm a network guy!! :)

  Hello Gilles.
  is there a cance to bypass the ctrl-v into the config? The reason i ask, i genereate my configs via a script and i then copy&past the whole config on the CLI.
  So i search for a solution to embed the ctrl-v into my configuration.
  I hope you have an idea for me.
  Sven

• ACE HTTP Probe Question (HTTP Version)

  Hello, I am wondering what HTTP version ACE uses when sending HTTP/HTTPS probes to a web server. I am currently running A2(3.3) if that has any bearing. TIA

  Hi,
  The default get request method is HTTP/1.1 when the ACE is sending the probe and i dont
  think there is a way to change this default behavior.
  Regards,
  Siva