CSM HTTP Probe issue
I am using the HTTP probe shown below. When we shutdown our backend application the server is returning a 500 response code to the client but the CSM does not remove it from service.
probe TEST http
request method get url /test/engine
expect status 0 499
interval 10
failed 10
port 8001
What if any difference is there between
request method get url and
request url
Is there any way that I can see the last response code that the CSM received?
It looked like it wanted to fail but didn't:
CSM#sh mod csm 8 probe real 10.10.63.18
real = 10.10.63.18:8001, probe = TEST, type = http,
vserver = D-TESTVIP, sfarm = D-TESTSERVER
status = OPERABLE, current = 16:44:21 EDT 07/22/08,
successes = 1714, last success = 16:44:16 EDT 07/22/08,
failures = 35, last failure = 16:33:55 EDT 07/22/08,
state = Waiting for server to reply
CSM#sh mod csm 8 probe name TEST
type port interval retries failed open receive
http 8001 10 3 10 10 10
Thank you,
Dave
Ok thanks. I had never seen anything on this venus mode before. It doesn't accept the command though. I get Symbol 'testhttp' not found! when I enter the command. I have version 4.2(3a) of the CSM code running.
VENUS# ?
usage
upgrade slot0:|server-ip-addr filename
create virtual ...
destroy virtual ...
rename virtual ...
add pool ...
remove pool ...
bind virtual-name ...
unbind virtual-name rule-id
reorder virtual-name ...
set balancer ...
classify acl ...
address system ...
show virtual ...
load cfg-filename
restore config defaults|flash|backup
debug ixp rd|wr chip addr #dwords
stats real [rserver-name]
script [file [slot0:script_file|tftp_addr script_file]]
capture [on|off]
venus
tftp core_dump tftp-ip-addr [filename]
exit
Similar Messages
-
HTTP probe issue with expect regex string
Hello,
We have a simple cgi status page setup to poll a background service and return a "PASS" or "FAIL" as output. I've setup an HTTP probe to look for the "PASS" to determine application health. The issue appears to be that the expect regex is searching the HEADER but not the BODY of the web page. I can successfully match on any string in the header, but never on anything in the body.
Here is what the web page returns if you telnet to it:
HTTP/1.1 200 OK
Date: Thu, 22 Sep 2011 22:45:07 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2
Content-Length: 4
Connection: close
Content-Type: text/plain; charset=iso-8859-1
PASS
Here is my probe:
probe http JOE-TEST-CS
interval 45
passdetect interval 30
receive 30
request method get url /cgi-bin/ERMS-PREP-statusRepo.cgi
expect status 0 999
open 20
expect regex "PASS"
Here is the output of the show probe:
ACE1/euhr-test-ace2# sh probe JOE-TEST-CS detail
probe : JOE-TEST-CS
type : HTTP
state : ACTIVE
description :
port : 80 address : 0.0.0.0 addr type : -
interval : 45 pass intvl : 30 pass count : 3
fail count: 3 recv timeout: 30
http method : GET
http url : /cgi-bin/ERMS-PREP-statusRepo.cgi
conn termination : GRACEFUL
expect offset : 0 , open timeout : 20
expect regex : PASS
send data : -
--------------------- probe results --------------------
probe association probed-address probes failed passed health
------------------- ---------------+----------+----------+----------+-------
serverfarm : JOE-TEST-PROBE-CS
real : EUHRTDM50.APP[0]
192.168.73.71 2 2 0 FAILED
Socket state : CLOSED
No. Passed states : 0 No. Failed states : 1
No. Probes skipped : 0 Last status code : 200
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : User defined Reg-Exp was not found in Host Response
Last probe time : Thu Sep 22 15:00:36 2011
Last fail time : Thu Sep 22 15:00:36 2011
Last active time : Thu Sep 22 09:40:19 2011
If I replace the expect regex "PASS" with anything from the HEADER it succeeds!
Any thoughts?Sorry, I missed it. The content-length in your request is 4. I think this may be the issue. I created a basic HTML page that says PASS in the body and my server is returning a content-length of 224 when I fetch the page. Here is my HTML request:
GET /index.html
http-equiv="Content-Type">
Probe
PASS
Here are my headers that I received:
(Status-Line) HTTP/1.1 200 OK
Content-Length 224
Content-Type text/html
Last-Modified Tue, 27 Sep 2011 12:05:00 GMT
Accept-Ranges bytes
Etag "8cca60aed7dcc1:41f"
Server Microsoft-IIS/6.0
Date Tue, 27 Sep 2011 12:25:59 GMT
What version of code are you running on your ACE? I can also look to see if there are any known issues.
Kris -
CSM HTTP Probes with Method GET
Hello.
How does the HTTP Probe with Method GET work on CSM and what is the difference with CSS?
CSS calculates the HASH of the web page it receives as a first answer and considers that as a REFERENCE HASH, to compare with subsequent answers. Is the behaviour of the CSM the same?
In the CSS it is also possible to insert the HASH in the configuration as a reference HASH. I did not find such a command on the CSM. Is that feature not present on CSM?
Thanks.the CSM just looks for the response code.
No hash or anything similar to the CSS.
Regards,
Gilles. -
We use two redundant CSM-Modules with version 3.1(6).
Now we have the need to check the content of a website in a probe configuration. The serveradmins shall have the possibility with a change of a value in the website bring up or down their server (of the view of the CSM). It's not sufficient to check the http returncode, I think we need the possibility to check the whole checksum of the website.
How can we do this ?
Thanks+Best Regards
HLI don't think the CSM has this feature [like the CSS does have the hash function to detect if the content of a page changed].
However, you can create your own tcl script for the CSM to send an http request and look for a special string in the response from the server.
There are example of tcl script on the CSM software download page.
Regards,
Gilles. -
Does CSM support HTTP/1.0 probe?
A tomcat server is giving a "400 bad request" response if request was sent over HTTP/1.1 and 200 OK over 1.0.Hi,
yes. you can create TCL script and send HTTP/1.0 request to server.
martin -
Cisco ACE Mod 30 - HTTPS probes are failing after hardware replacement.
We recently had a hardware failure on ACE Mod30. The replacement went in relatively painless (except for having to import about 100 SSL Certificates and Private Keys).
However, on the new ACE, the HTTPS probes are failing for all contexts using them. We can work around this by using TCP-443 probe, but the customer prefers that we actually request a logon page to ensure that the application is running properly.
Here are the probe stats for one context (THIS ONE IS ACTIVE)
BRTDCSCRTR2/INTRA-DEV-TST# sho stats probe type https
+------------------------------------------+
+----------- Probe statistics -------------+
+------------------------------------------+
----- https probe ----
Total probes sent : 52422 Total send failures : 0
Total probes passed : 0 Total probes failed : 52422
Total connect errors : 0 Total conns refused : 0
Total RST received : 0 Total open timeouts : 52422
Total receive timeout : 0 Total active sockets : 0
Here are the probe stats for one context (THIS ONE IS HOT_STANDBY)
BRTDCSCRTR2/INTRA-PROD# sho stats probe type https
+------------------------------------------+
+----------- Probe statistics -------------+
+------------------------------------------+
----- https probe ----
Total probes sent : 69398 Total send failures : 0
Total probes passed : 0 Total probes failed : 69398
Total connect errors : 0 Total conns refused : 0
Total RST received : 0 Total open timeouts : 69398
Total receive timeout : 0 Total active sockets : 0
Everything else appears to be working properly, except for the HTTPS probes.Hi,
For HTTS Probes to be successful, you don't need to have SSL Certs/Private keys on ACE, unless servers are doing client authentication. When ACE sends HTTS Probes to servers, it acts as a client.
Here are few things that can be tried:
- Test HTTS probe with only one server. Reload the server to clear any SSL cache on it.
- check SSL probe detail to verify the error code received
- Take captures between ACE and that server to find at what stage of the probe packet exchange flow is failing.
Here is a good link to troubleshoot HTTPS probe issues:
http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Troubleshooting_Guide_--_Troubleshooting_ACE_Health_Monitoring#Troubleshooting_an_HTTPS_Probe_Error
Regards,
Hasham -
We are currently using TCP probe for HTTPS webServer health checking. Is there a HTTPS or SSL probe available on CSM to send a url to detect if the HTTPS Apache WebServer is up or not?
Many Thx, Q.XieYou can download the TCL script file from the same locstion as the CSM software.
In this TCL file you should find the following scripts
[root@linux-1 cisco]# cat /tftpboot/c6slb-apc.4-2-1.tcl | grep -i "name ="
#!name = CHECKPORT_STD_SCRIPT
#!name = ECHO_PROBE_SCRIPT
#!name = FINGER_PROBE_SCRIPT
#!name = FTP_PROBE_SCRIPT
#!name = HTTPCONTENT_PROBE
#!name = HTTPHEADER_PROBE
#!name = HTTPPROXY_PROBE
#!name = HTTP_PROBE_SCRIPT
#!name = IMAP_PROBE
#!name = LDAP_PROBE
#!name = MAIL_PROBE
#!name = POP3_PROBE
#!name = PROBENOTICE_PROBE
#!name = RTSP_PROBE
#!name = SSL_PROBE_SCRIPT
#!name = TFTP_PROBE
There is a SSL_PROBE_SCRIPT that will verify that the SSL server respond to a client SSL HELLO message.
It does not verify if you can send an HTTP request.
It only sends a HELLO as a client and wait for the server HELLO.
With the SSLM for the CSM, there might be a way to achieve HTTPS probe.
I never tried it, but the solution I see would be to create an HTTP probe on the CSM and direct to the SSLM which will do the encryption and forward it to the server.
Regards,
Gilles -
Http probe on non-standard tcp port 8021
I've configured http probe on standard port 80 with no issue. I'm now trying http probe on non-standard tcp port 8021, confirmed with packet capture to confirm that the CSM is indeed probing, status code 403 is returned but the reals are showing "probe failed". Am I missing something? Thank you in advance.
CSM v2.3(3)2
probe 8021 http
request method head
interval 2
retries 2
failed 4
port 8021
serverfarm TEST
nat server
no nat client
real 10.1.2.101
inservice
real 10.1.2.102
inservice
probe 8021
vserver TEST
virtual 10.1.2.100 tcp 8021
serverfarm TEST
replicate csrp connection
persistent rebalance
inservice
VIP and real status:
vserver type prot virtual vlan state conns
Q_MAS_8021 SLB TCP 10.1.2.100/32:8021 ALL OUTOFSERVICE 0
real server farm weight state conns/hits
10.1.2.101 TEST 8 PROBE_FAILED 0
10.1.2.102 TEST 8 PROBE_FAILED 0you need to specify what HTTP response code you expect.
The command is :
gdufour-cat6k-2(config-slb-probe-http)#expect status ?
<0-999> expected status - minimum value in a range
The default is to expect only 200.
This is why your 403 is not accepted.
Gilles. -
Using the ACE 4710 for loadbalancing a Sharepoint site.
We currently have a HTTP probe setup to check the port 80 status of the rserver.
Is there anyway to get the HTTP probe to check a DNS entry for each of the application sites? For instance http://info vs http://site are two different web sites running on the same IP. One site could have a problem but the actual port 80 for the IP may be still alive.
Thanks for any information.Has anyone figure this out? I am tring to get healthchecks/probes setup in this same fashion. I have 2 servers with 1 IP but have many sites. I want to probe each side and ensure I get a 200 code. I also have to provide credentials to the site. It seems that if i open IE I can log in just fine to the site with the credentials. However there is an active x control box that is wanting to be installed. When I set this up on my ACE it seems I am getting a http 401 unauthorized error. I have done a wireshark capture while I was browsing and I see the 401 however it also reports a 200 code after that. Do you think this is a problem because of the active x control wanting to be downloaded? Or is this an issue with the first http code that is recieved by the probe, that being the 401 and then the 200? Below is my config (cleaned of course).
probe http HTTP-80-OUR.DOMAIN.COM
interval 15
passdetect interval 60
credentials
request method get url http://our.domain.com/default.aspx
expect status 200 200
header Host header-value "our.domain.com"
open 1
rserver host SERVER-A
ip address X.X.X.47
inservice
rserver host SERVER-B
ip address X.X.X.48
inservice
serverfarm host FARM-AB
predictor leastconns
probe HTTP-80-OUR.DOMAIN.COM
rserver SERVER-A
inservice
rserver SERVER-B
inservice
ACE4710# show probe HTTP-80-OUR.DOMAIN.COM detail
probe : HTTP-80-OUR.DOMAIN.COM
type : HTTP
state : ACTIVE
description :
port : 80 address : 0.0.0.0 addr type : -
interval : 15 pass intvl : 60 pass count : 3
fail count: 3 recv timeout: 10
http method : GET
http url : http://our.domain.com
conn termination : GRACEFUL
expect offset : 0 , open timeout : 1
expect regex : -
send data : -
------------------ probe results ------------------
associations ip-address port porttype probes failed passed health
------------ ---------------+-----+--------+--------+--------+--------+------
serverfarm : OUR.DOMAIN.COM-10.25.4.12-L3-FARM
real : SERVER-A[0]
X.X.X.47 80 DEFAULT 414 406 8 FAILED
Socket state : CLOSED
No. Passed states : 1 No. Failed states : 2
No. Probes skipped : 0 Last status code : 401
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : Received invalid status code
Last probe time : Wed Jun 2 17:44:18 2010
Last fail time : Wed Jun 2 13:37:04 2010
Last active time : Wed Jun 2 13:34:19 2010
real : SERVER-B[0]
X.X.X.48 80 DEFAULT 414 406 8 FAILED
Socket state : CLOSED
No. Passed states : 1 No. Failed states : 2
No. Probes skipped : 0 Last status code : 401
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : Received invalid status code
Last probe time : Wed Jun 2 17:44:20 2010
Last fail time : Wed Jun 2 13:37:06 2010
Last active time : Wed Jun 2 13:34:21 2010 -
Strange HTTP probe with .cfm files.
Hey All,
I setup an http probe that checks a .cfm page for a keyword. according to the documentation there needs to be a content-length in the header for this to be parsed correctly. For some reason this .cfm page does not send the content-length. The developer manually told coldfusion to put the content-length in the header and I can see that the header now has the content-length. The probe is still failing with "Unrecognized or invalid response" If i put a test html page with a keyword, it parses it correctly and passes. If i change the keyword it fails as expected. Has anyone had any issues with the headers of coldfusion? There is no compression on the server side. Below is the probe.
probe http KEYWORD
interval 15
passdetect interval 30
request method get url /index.cfm
open 2
expect regex "go"
Any help or suggestion would be much appreciated.
Regards,
ChristianHey Christian and Paul,
Actually, when using expect regex, you don't need the expect status. I alerted the documentation team about this and they have updated the documents with the following note:
Note If you do not configure an expected status code, any response from the server is marked as failed. However, if you configure the expect regex command without configuring a status code, the probe will pass if the regular expression response string is present.
Christian,
You mention that you see the error message Unrecognized or invalid response, even with the content-length header added. Is this the same error message you got before your app team added the header? If so, then I might suspect that the ACE doesn't like the format they used. The header should look like this:
Content-Length:
This is per RFC2616 and can be found at section 14.13 here. Note that the C and the L are uppercase, the header name is immediately followed by a colon, and there is a spece between the colon and the value.
I would recommend confirming that the header matches this description in a network capture. If it does match, then I would like to see the capture, if possible.
Thanks and I hope this helps,
Sean -
CSM health probe for server farm with multiple vservers
Is there a way to specify the vserver port that a health probe monitors when multiple vservers are configured for the same serverfarm? Let's say I have a serverfarm named farm1. farm1 services two ports www and https so two vservers vserver_www and vserver_https are configured and bound to farm1. I would like to enable http health probe on farm1 with the intention of only monitoring vserver_www http port but, instead, the health probe monitors both www and https and since a http probe on https fails it takes farm1 reals and both vservers vserver_www and vserver_https out-of-service. Is there a way to configure a health probe to monitor a specific port? Or, should I create two duplicate serverfarms farm1 bound to vserver_www and farm2 bound to vserver_https and only enable http health probe on farm1? Any other ideas welcomed.
Appreciate the feedback. I also found what I was looking for in configuration examples. To summarize I've borrowed the comment from the URL below:
# The port for the probe is inherited from the vservers.
# The port is necessary in this case, since the same farm
# is serving a vserver on port 80 and one on port 23.
# If the "port 80" parameter is removed, the HTTP probe
# will be sent out on both ports 80 and 23, thus failing
# on port 23 which does not serve HTTP requests.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/csm/csm_4_2/config/cfgxpls.htm -
We have some webserver behind our ACE that use SSL certificates that are issued by an internal CA.
Do I need to do anything special in order to probe HTTPS? Does the ACE need the internal CA to be trusted?
Thanks.
JasonHi,
If https server is working properly, only you need to do is configure https probe on ACE like below.
You do not have to anything related certificate on ACE side.
ACE-A327/context02# show running-config
Generating configuration....
probe https HTTPS
interval 15
passdetect interval 60
ssl version all
expect status 200 200
open 1
rserver host S1
ip address 10.1.142.209
inservice
serverfarm host SF
probe HTTPS
rserver S1
inservice
interface vlan 11
ip address 10.1.142.1 255.255.255.0
no shutdown
ACE-A327/context02# show probe detail
probe : HTTPS
type : HTTPS
state : ACTIVE
description :
port : 443 address : 0.0.0.0 addr type : -
interval : 15 pass intvl : 60 pass count : 3
fail count: 3 recv timeout: 10
SSL version : All
SSL cipher : RSA_ANY
http method : GET
http url : /
conn termination : GRACEFUL
expect offset : 0 , open timeout : 1
regex cache-len : 0
expect regex : -
send data : -
------------------ probe results ------------------
associations ip-address port porttype probes failed passed health
------------ ---------------+-----+--------+--------+--------+--------+------
serverfarm : SF
real : S1[0]
10.1.142.209 443 DEFAULT 11 0 11 SUCCES
S
Socket state : CLOSED
No. Passed states : 0 No. Failed states : 0
No. Probes skipped : 0 Last status code : 200
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : -
Last probe time : Thu Apr 14 17:34:02 2011
Last fail time : Thu Apr 14 17:30:42 2011
Last active time : Thu Apr 14 17:30:44 2011
ACE-A327/context02#
Additionaly, you can specify cipher in client hello, also you can select ssl/tls version.
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/probe.html#wp1162289
If you find this helpful, please rate this topic.
Regards,
Kim. -
How does the HTTP Probe function work ? Setting it up appears simple but it's not clear to me whether 1) the Local Director's will generate the probe traffic themselves or 2) do they just monitor return codes in client query's ?
If they're just monitoring client traffic, then a failed server may go unnoticed for some time if the file specified in the ProbeHTTP command isn't requested by a client for a period.
Also, aside from reviewing the syslogs, is there any way to see that it was the Probe which caused a server to change to a "failed" state ?I havent used http probe yet but the docs look like it probes either the http get or http header (depending on how its configured). Im sure you can use this with snmp to avoid having to parse the syslogs. Or setup a script to do that for you.
-
We're currently using the TCP probe for a load balanced app, however will need to change it to HTTP. The back-end servers are Window based and are running IIS. There's an app team, another team that supports IIS and another team that support the servers. Once we've configured the HTTP probe on the ACE, including the request method and the url, which of the above team would we need to reach out to coordinate the url path and the expected status code from the server?
Thanks.
_ Greg...Thanks Kanwal. I was just curious which team would the load balancer team be typically dealing with as in my case, it has become a hot potatoe syndrom and none of the teams is willing to own up to this task and pointing fingers to the others. It would seem to me the app team be most likely the one as the server team be just supporting the servers and the IIS team be managing the IIS.
Thanks again.
_ Greg -
Hi,
I think i have a very simple question.
I want to setup an HTTP probe to test for URL, like http://www.cnn.com/
When I specify such "request" command under probe confif menu, I would assume that ACE will need to perform name resolution for www.cnn.com, but I cannot find any reference on how to configure DNS servers on ACE....
Am I missing something, or maybe I cannot do HTTP probe request by name and it had to be in a format of
http://<ip address/?
Thank you,
DavidHi,
My initial idea was to use the following command:
request method get url http://www.abc.com/
This is why I had my initial question about how will ACE resolve www.abc.com
Now thinking more about it I wonder if ACE even needs to resolve it at all.
I intend to apply the probe under rserver in serverfarm config, so ACE will know the IP address of where to send the probe from rserver configuration. If so, no DNS query is needed. ACE will just construct the packet and put relevant information in HTTP portion.... Am I correct?
If yes, what would be a difference is doing
header Host header-value "http://www.abc.com/"
vs
request method get url http://www.abc.com/
Thanks!
David
Maybe you are looking for
-
Problem with windows and my monitor in after effects
HI . before any thing excuse me for speeking english. i have a problem with windows in after effect in my monitor my monitor is 15.6 and resolution is 1366*768 for example when i open interpret footage window i can't see that complete and amount of s
-
Imac G5 will not start up correctly? invalid directory count 52 instead of 53
Hi, i have a Imac G5. it had been working fine for many years untill a year or 2 ago when it stopped all of a sudden and just would not start up as it should. instead, it went to this grey screen with horizontal lines. eventually after trying just ab
-
How do I find how much money I have left on my iPad
How do I find out how much money I have left on my iPad
-
Unable to play m4p tracks with new QuickTime 7.1.6 on Vista?
Running Windows Vista and upgraded to the latest iTunes 7.1.1.5 + QuickTime 7.1.6 today and now I cannot play any purchased m4p (iTunes store) tracks from Quick Time (I only hear silence). Note, I can play these m4p tracks directly in iTunes. Further
-
OutOfMemoryError in TCP Extend nodes?
Hi, We are facing a starnge issue in which a storage disabled tcp extend node is consistently occupying around 450mb of space? Whenever we populate data in cache even smaller than 40mb the it starts filling up oblivious space in tcp extend nodes. Alt