ACE Health Probe for SQL
Hi All,
Has anyone seen sample TCL code for probing a generic SQL server?
Thanks,
Dave
You can use the following configuration:
probe tcp MS-SQL
description TO-RBSQL1
ip address 10.15.160.3
port 1433
interval 2
faildetect 2
passdetect interval 2
passdetect count 2
rserver host RBWEB1
ip address 10.15.177.11
rserver host RBWEB3
ip address 10.15.177.13
inservice
serverfarm host RBWEB
description TO-VLAN-177-RBWEB-SERVERS
predictor leastconns
probe WWW-RISKBROWSER
probe PING
rserver RBWEB1
rserver RBWEB3
inservice
And also you can use the command sh probe MS-SQL, to know probe association probed-address probes health. Sure that the server respond or responded with a RST.
Similar Messages
-
I've setup a SIP probe to check the health of a Microsoft OCS. The health of this server is always failed. What am I missing? I also tried it with a telnet probe on port 5061, but got the same result. A telnet from ACE to the server on port 5061 works fine.
See below a show probe SIP detail and the relevant configuration.
ACE21_Secondary/MOCS# sh probe SIP det
probe : SIP
type : SIP
state : ACTIVE
description :
port : 5061 address : 0.0.0.0 addr type : -
interval : 10 pass intvl : 10 pass count : 3
fail count: 3 recv timeout: 4
request-method : OPTIONS
conn termination : GRACEFUL
expect offset : 0 , open timeout : 2
expect regex : -
------------------ probe results ------------------
associations ip-address port porttype probes failed passed health
------------ ---------------+-----+--------+--------+--------+--------+------
rserver : OCS_11
10.105.11.70 5061 -- 7566 7566 0 FAILED
Socket state : CLOSED
No. Passed states : 0 No. Failed states : 0
No. Probes skipped : 0 Last status code : 0
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : Server reply timeout (no reply)
Last probe time : Thu Oct 30 14:18:42 2008
Last fail time : Tue Oct 28 16:31:30 2008
Last active time : Never
ACE21_Secondary/MOCS# sh run
probe sip tcp SIP
port 5061
interval 10
passdetect interval 10
receive 4
expect status 200 200
open 2
rserver host OCS_11
ip address 10.105.11.70
probe SSL
probe PING
probe SIP
probe SIP_TELNET
inservice
Cheers
PeterPeter,
make sure to NOT run version A2(1.1a) as SIP probes are broken in that specific release.
If your version is something else, get a sniffer trace on the server to see what is going on.
Seems like we don't get a reply according to the line :
"Last disconnect err : Server reply timeout (no reply) "
Gilles. -
ACE Health probe using get URL
Hello,
We are trying to create a health probe for our google search appliances and as part of the URL get there is a question mark but the ACE doesn't like that. Is there a way around this or should it be done differently?
request method get url /searchq? (This is what we want the URL to be)
request method get url /searchq (This is where it thinks i'm asking it for help)
Thanks in Advance.Hello,
You need to typ CRTL+v prior to entering the ?
That's the Control key then lowercase v, then your question mark.
Hope this helps,
Sean -
Configuring Health Probe for Server Farm
If I have a server farm with real servers listening on port 8888 and I apply an HTTP-type health probe with no port number specified, will the ACE know to probe the servers at 8888 or will it try to probe port 80?
Hi,
Yes it should inherit the port from the real servers defined in the serverfarm. This gives you the flexibility to associate same probe with different serverfarms probing different servers on different ports. This is probe port inheritance feature which is there in ACE.
Regards,
Kanwal -
CSM health probe for server farm with multiple vservers
Is there a way to specify the vserver port that a health probe monitors when multiple vservers are configured for the same serverfarm? Let's say I have a serverfarm named farm1. farm1 services two ports www and https so two vservers vserver_www and vserver_https are configured and bound to farm1. I would like to enable http health probe on farm1 with the intention of only monitoring vserver_www http port but, instead, the health probe monitors both www and https and since a http probe on https fails it takes farm1 reals and both vservers vserver_www and vserver_https out-of-service. Is there a way to configure a health probe to monitor a specific port? Or, should I create two duplicate serverfarms farm1 bound to vserver_www and farm2 bound to vserver_https and only enable http health probe on farm1? Any other ideas welcomed.
Appreciate the feedback. I also found what I was looking for in configuration examples. To summarize I've borrowed the comment from the URL below:
# The port for the probe is inherited from the vservers.
# The port is necessary in this case, since the same farm
# is serving a vserver on port 80 and one on port 23.
# If the "port 80" parameter is removed, the HTTP probe
# will be sent out on both ports 80 and 23, thus failing
# on port 23 which does not serve HTTP requests.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/csm/csm_4_2/config/cfgxpls.htm -
I have an RDP server farm that lost a disk. The RDP service was still running but users were unable to log in. I'd like to create a health probe that does maybe a combination of TCP probe for port 3389 and something that can determine if the drive that stores user profiles is available.
I cannot add any new service (http or ftp) to the server.
Can anyone think of another way to do this? Is there any way I can check SNMP mibs on the windows server or maybe WMI through TCL?
Thanks.Can you drop me a mail offline ([email protected]) and I can share what I have. Matthew
-
Probe Interval: 5
Pass Detect (Seconds): 60
Fail Detect: 3
Please can someone explain the above settings that are configured for a health probe? am I correct in thinking the probe is sent every 5 seconds, and must fail 3 times in order to failover? Does the "Pass Detect" indicate that the server must be back online for 60 seconds before being placed back into the server farm?
Also if we have a primary server and a back up server (used if primary fails), if the primary fails and the backup server becomes active, will the primary server become available again when it comes back online, or will all connections continue to go to the backup? Is there anyway to make the old primary the new backup when it comes back online?Hi,
You are right about Probe interval and fail detect, but Pass detect has two parameters:-interval and count, where interval defines the amount of time to wait for sending the probe back to failed server where as count paramater will control the minimum succefullt probe return from server for making it active again.
Regarding the backup server, once the prmary server comes online again all new connection will be redirected to it, while all existing connection will continue on existing one. I guess "inservice standby" will be the command of your interest in gracefully removing the primary and bringing the backup active. -
Health Probe for Proxy Servers
We have 2 Microsoft ISA servers that are using the CSM's as loadbalancing. Does anyone have an example of a probe script that I could use as a template. Idealily we would want the script to either hit our external router or site.
Can you drop me a mail offline ([email protected]) and I can share what I have. Matthew
-
ACE http health probes - best practice for interval and passdetect interval?
Hi,
Is there a recommended standard for http health probes in terms of interval and passdetect interval timings, i.e. should the passdetect interval always be less than the interval or visa versa? Can a http probe be 'mis-configured', i.e. return a 'false positive' by configuring an interval timeout thats 'incompatible' with the device it's polling?
I have a http probe for a serverfarm consisting of two Apache http servers and get intermittent 'server reply timeout' probe failures. I'm keen to ensure that the configuration of the probe isn't at fault so I can be confident that a failed probe indicates a problem with the server and not my configuration.
The probe is currently configured as below:-
probe http http-apache
interval 30
passdetect interval 15
passdetect count 6
request method get url /cs/images/ACE.html
expect status 200 304
Any advice on the subject woud be gratefully received.
thanks
MatthewHi Gilles,
Thanks for the advice. In another dicussion (found here https://supportforums.cisco.com/message/462397#462397) a poster has stated that:-
"(The) "Probe interval" should always be less then (open+recieve) timeout value. Default open & receive timeouts are 10 seconds."
Are you able to advise on whether the above is correct and if so, why? I currently have an interval value of 30 that obviously goes against the advice above (which I've interpretted to mean that if you leave the open & receive timeouts at their default settings your probe interval should be less than 20 seconds?).
thanks
Matthew -
ACE failing server out using TCP health probe
We have a mix of ACE20s and ACE30s currently and I am seeing the ACE in both HW platforms failing out our servers sporadically after a sucessful TCP handshake. Here is the configuration:
probe tcp TCP-25
port 25
interval 25
faildetect 2
passdetect interval 90
open 10
When I do a show probe TCP-25 detail I see the default recv timeout is 10.
I captured a trace between the ACE and the server. When the health probes pass I see a good 3 way TCP handshake, then 50ms later the server sends a SMTP 220 then ace from ace, fin ack from ace and graceful TCP termination occurs. When the probe fails I see a sucessful TCP handshake but the ACE sends FIN ACK 47ms after it sends ACK for the TCP connection. Server then sends ACK and ACE sends RST.
Shouldn't ACE wait 10 seconds in this example for server to respond after TCP handshake?TAC/Martin Nash was very helpful in explaining this. The TCP 3 way handshake was sucessful, but the ACE sent a FIN ACK as expected, but after the server sent an ACK the server did not send a FIN ACK so the ACE marked it down. The health check not only requires a 3 way handshake, but a clean teardown of the TCP session.
-
Cisco ACE 4710 - Health Monitoring for Real Servers
Hi,
I have setup the following health probe to check for the existence of a specific web page. My intention is that when the web page is removed, the health check fails and the rserver status changes to 'out of service'. Unfortunately, when I remove the web page, I see the health check fail, and the rserver state change to 'PROBE-FAILED', however the rserver does not go 'out of service' and continues to respond to requests.
Can anyone see where I'am going wrong?
Health check probe config
probe http live_http_int
interval 15
passdetect interval 60
request method get url /loadbalancer/internal.html
expect status 199 201
open 10
RSERVER config
rserver host Server1
description Server1
ip address 10.10.10.1
conn-limit max 4000000 min 4000000
probe live_http_int
inservice
rserver host Server2
ip address 10.10.10.2
conn-limit max 4000000 min 4000000
probe live_http_int
inserviceHi syannetwork,
I think you have to "force" the failed server to close the connection when it has failed. Otherwise it will still serve the available HTML pages.
Have a look at the "Configuring the ACE Action when a Server Fails" in the "Cisco Application Control Engine Module Server Load-Balancing Configuration Guide" and let me know if the following command helped:
conf t
serverfarm host ServerFarm
failaction purge
Have a good WE.
Cheers
LPL -
Does anyone have a good health check for SIP?
Currently ACE is not SIP aware.
ACE will support SIP with version 2.0. It will support SIP load-balancing over TCP and UDP, it can load-balance based upon the SIP header i.e. can load balance based upon the Call-ID (even though information for many calls are in the same TCP connection). It
can also do stickiness based upon Call-ID.
Additionally, ACE 2.0 supports SIP probes.
Currently you can only use udp probes
probe UDP5060 udp
interval 1
faildetect 2
passdetect interval 60
passdetect count 2
port 5060
probe ICMP icmp
interval 1
faildetect 2
passdetect interval 60
passdetect count 2
serverfarm SIP
rserver 192.160.246.147
inservice
rserver 192.160.246.148
inservice
probe ICMP
probe UDP5060
Syed Iftekhar Ahmed -
ACE for sql injection filtering
I have an ACE module in a Cat6500, that is load balancing to some HTTP servers.
occasionally there are SQL injection attacks towards the http servers.
I know the ACE can filter based on http strings, but
If you can provide me with some basic templates on what to filter out and how to format the string
to stop SQL injection attacks, that would be of great help.
Cheers.There are various signatures which are availbale for configuration for sql injection attacks. The signatures are some times application specific and it may not fit other application. Following links may help you
http://www.cisco.com/en/US/products/ps7314/products_white_paper0900aecd8068dcdb.shtml
http://www.cisco.com/en/US/products/ps7314/products_white_paper0900aecd80661ca6.shtml -
Hello,
Can we select which IP source the ACE will used for any kind of probe (ICMP, TCP, ...)
or it just used the nearest interface?
MauriceHi Maurice,
I do no believe that the ip can be changed.. by default the source IP will be the physical interface of the module/appliance. On a bridged deployment, it will use the BVI IP.
Any specific reason why you wanted to change this ?
regards,
Chris -
Hi I've following requirement to do health check for server.
I need to add below three ports in probe with OR condition so if any of these 3 port is up along with 10292 connection should go that server:
10721
10722
10723
how to do this? can we setup up such health check with using script?Hi,
You will need a custom script. The supplied CHECKPORT_STD_SCRIPT should provide a reasonable starting point. You just need to implement the logic behind setting the return code.
HTH
Cathy
Maybe you are looking for
-
IPad iOS 4.2 and Macbook Pro airplay
Hi all, I currently have installed on my iPad iOS 4.2 beta 2, which includes the ability to stream audio and video to devices such as the airport extreme and Apple TV. I have recently purchased the second generation Apple TV and am loving it so far.
-
Difficulty with random bingo card generator
Hi! I'm trying to generate a random bingo card in Flash using ActionScript. The psudeo-code is pretty sound, I think, but I can't even get the first number onto the card. I'm trying a random number variant with output to a dynamic text field. No succ
-
Allow Sorting of Files in Review Tracker
Please make the file list in the review tracker automatically sort by name rather than in reverse of the order you add them. The ability to add subfolders would also be helpful. When you create folders in the review tracker, they are automatically so
-
Hi Background: I've been asked to persuade Kodo to work correctly with some foreign key constraints which have been implemented as triggers (rather than standard foreign keys). Since triggers cannot be deferred, this unfortunately means that statemen
-
Concurrent we service call issue
I am using spring2.5 framework and tomcat6 as web server. I do have a web service implmentation on this. When my consumer applications are trying to call this WS concuurently, The WS response got mis matched or one call gets others response. How do I