CSM HTTP Probe issue

Similar Messages

• HTTP probe issue with expect regex string

  Hello,
  We have a simple cgi status page setup to poll a background service and return a "PASS" or "FAIL" as output.  I've setup an HTTP probe to look for the "PASS" to determine application health.  The issue appears to be that the expect regex is searching the HEADER but not the BODY of the web page.  I can successfully match on any string in the header, but never on anything in the body.
  Here is what the web page returns if you telnet to it:
  HTTP/1.1 200 OK
  Date: Thu, 22 Sep 2011 22:45:07 GMT
  Server: Apache/2.0.59  HP-UX_Apache-based_Web_Server (Unix) DAV/2
  Content-Length: 4
  Connection: close
  Content-Type: text/plain; charset=iso-8859-1
  PASS
  Here is my probe:
  probe http JOE-TEST-CS
    interval 45
    passdetect interval 30
    receive 30
    request method get url /cgi-bin/ERMS-PREP-statusRepo.cgi
    expect status 0 999
    open 20
    expect regex "PASS"
  Here is the output of the show probe:
  ACE1/euhr-test-ace2# sh probe JOE-TEST-CS detail
  probe       : JOE-TEST-CS
  type        : HTTP
  state       : ACTIVE
  description :
     port      : 80      address     : 0.0.0.0         addr type  : -
     interval  : 45      pass intvl  : 30              pass count : 3
     fail count: 3       recv timeout: 30
     http method      : GET
     http url         : /cgi-bin/ERMS-PREP-statusRepo.cgi
     conn termination : GRACEFUL
     expect offset    : 0         , open timeout     : 20
     expect regex     : PASS
     send data        : -
                         --------------------- probe results --------------------
     probe association   probed-address  probes     failed     passed     health
     ------------------- ---------------+----------+----------+----------+-------
     serverfarm  : JOE-TEST-PROBE-CS
       real      : EUHRTDM50.APP[0]
                         192.168.73.71   2          2          0          FAILED
     Socket state        : CLOSED
     No. Passed states   : 0         No. Failed states : 1
     No. Probes skipped  : 0         Last status code  : 200
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err : User defined Reg-Exp was not found in Host Response
    Last probe time     : Thu Sep 22 15:00:36 2011
     Last fail time      : Thu Sep 22 15:00:36 2011
     Last active time    : Thu Sep 22 09:40:19 2011
  If I replace the expect regex "PASS" with anything from the HEADER it succeeds!
  Any thoughts?

  Sorry, I missed it.  The content-length in your request is 4.  I think this may be the issue.  I created a basic HTML page that says PASS in the body and my server is returning a content-length of 224 when I fetch the page.  Here is my HTML request:
  GET /index.html
  http-equiv="Content-Type">
    Probe
  PASS
  Here are my headers that I received:
  (Status-Line)    HTTP/1.1 200 OK
  Content-Length    224
  Content-Type    text/html
  Last-Modified    Tue, 27 Sep 2011 12:05:00 GMT
  Accept-Ranges    bytes
  Etag    "8cca60aed7dcc1:41f"
  Server    Microsoft-IIS/6.0
  Date    Tue, 27 Sep 2011 12:25:59 GMT
  What version of code are you running on your ACE?  I can also look to see if there are any known issues.
  Kris

• CSM HTTP Probes with Method GET

  Hello.
  How does the HTTP Probe with Method GET work on CSM and what is the difference with CSS?
  CSS calculates the HASH of the web page it receives as a first answer and considers that as a REFERENCE HASH, to compare with subsequent answers. Is the behaviour of the CSM the same?
  In the CSS it is also possible to insert the HASH in the configuration as a reference HASH. I did not find such a command on the CSM. Is that feature not present on CSM?
  Thanks.

  the CSM just looks for the response code.
  No hash or anything similar to the CSS.
  Regards,
  Gilles.

• CSM HTTP-Probe question

  We use two redundant CSM-Modules with version 3.1(6).
  Now we have the need to check the content of a website in a probe configuration. The serveradmins shall have the possibility with a change of a value in the website bring up or down their server (of the view of the CSM). It's not sufficient to check the http returncode, I think we need the possibility to check the whole checksum of the website.
  How can we do this ?
  Thanks+Best Regards
  HL

  I don't think the CSM has this feature [like the CSS does have the hash function to detect if the content of a page changed].
  However, you can create your own tcl script for the CSM to send an http request and look for a special string in the response from the server.
  There are example of tcl script on the CSM software download page.
  Regards,
  Gilles.

• CSM HTTP Probe

  Does CSM support HTTP/1.0 probe?
  A tomcat server is giving a "400 bad request" response if request was sent over HTTP/1.1 and 200 OK over 1.0.

  Hi,
  yes. you can create TCL script and send HTTP/1.0 request to server.
  martin

• Cisco ACE Mod 30 - HTTPS probes are failing after hardware replacement.

  We recently had a hardware failure on ACE Mod30. The replacement went in relatively painless (except for having to import about 100 SSL Certificates and Private Keys).
  However, on the new ACE, the HTTPS probes are failing for all contexts using them. We can work around this by using TCP-443 probe, but the customer prefers that we actually request a logon page to ensure that the application is running properly.
  Here are the probe stats for one context (THIS ONE IS ACTIVE)
  BRTDCSCRTR2/INTRA-DEV-TST# sho stats probe type https
  +------------------------------------------+
  +----------- Probe statistics -------------+
  +------------------------------------------+
   ----- https probe ----
   Total probes sent       : 52422        Total send failures   : 0
   Total probes passed     : 0            Total probes failed   : 52422
   Total connect errors    : 0            Total conns refused   : 0
   Total RST received      : 0            Total open timeouts   : 52422
   Total receive timeout   : 0            Total active sockets  : 0
  Here are the probe stats for one context (THIS ONE IS HOT_STANDBY)
  BRTDCSCRTR2/INTRA-PROD# sho stats probe type https
  +------------------------------------------+
  +----------- Probe statistics -------------+
  +------------------------------------------+
   ----- https probe ----
   Total probes sent       : 69398        Total send failures   : 0
   Total probes passed     : 0            Total probes failed   : 69398
   Total connect errors    : 0            Total conns refused   : 0
   Total RST received      : 0            Total open timeouts   : 69398
   Total receive timeout   : 0            Total active sockets  : 0
  Everything else appears to be working properly, except for the HTTPS probes.

  Hi,
  For HTTS Probes to be successful, you don't need to have SSL Certs/Private keys on ACE, unless servers are doing client authentication. When ACE sends HTTS Probes to servers, it acts as a client.
  Here are few things that can be tried:
  - Test HTTS probe with only one server. Reload the server to clear any SSL cache on it.
  - check SSL probe detail to verify the error code received
  - Take captures between ACE and that server to find at what stage of the probe packet exchange flow is failing.
  Here is a good link to troubleshoot HTTPS probe issues:
  http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Troubleshooting_Guide_--_Troubleshooting_ACE_Health_Monitoring#Troubleshooting_an_HTTPS_Probe_Error
  Regards,
  Hasham

• CSM HTTPS or SSL Health Probe

  We are currently using TCP probe for HTTPS webServer health checking. Is there a HTTPS or SSL probe available on CSM to send a url to detect if the HTTPS Apache WebServer is up or not?
  Many Thx, Q.Xie

  You can download the TCL script file from the same locstion as the CSM software.
  In this TCL file you should find the following scripts
  [root@linux-1 cisco]# cat /tftpboot/c6slb-apc.4-2-1.tcl | grep -i "name ="
  #!name = CHECKPORT_STD_SCRIPT
  #!name = ECHO_PROBE_SCRIPT
  #!name = FINGER_PROBE_SCRIPT
  #!name = FTP_PROBE_SCRIPT
  #!name = HTTPCONTENT_PROBE
  #!name = HTTPHEADER_PROBE
  #!name = HTTPPROXY_PROBE
  #!name = HTTP_PROBE_SCRIPT
  #!name = IMAP_PROBE
  #!name = LDAP_PROBE
  #!name = MAIL_PROBE
  #!name = POP3_PROBE
  #!name = PROBENOTICE_PROBE
  #!name = RTSP_PROBE
  #!name = SSL_PROBE_SCRIPT
  #!name = TFTP_PROBE
  There is a SSL_PROBE_SCRIPT that will verify that the SSL server respond to a client SSL HELLO message.
  It does not verify if you can send an HTTP request.
  It only sends a HELLO as a client and wait for the server HELLO.
  With the SSLM for the CSM, there might be a way to achieve HTTPS probe.
  I never tried it, but the solution I see would be to create an HTTP probe on the CSM and direct to the SSLM which will do the encryption and forward it to the server.
  Regards,
  Gilles

• Http probe on non-standard tcp port 8021

  I've configured http probe on standard port 80 with no issue. I'm now trying http probe on non-standard tcp port 8021, confirmed with packet capture to confirm that the CSM is indeed probing, status code 403 is returned but the reals are showing "probe failed". Am I missing something? Thank you in advance.
  CSM v2.3(3)2
  probe 8021 http
  request method head
  interval 2
  retries 2
  failed 4
  port 8021
  serverfarm TEST
  nat server
  no nat client
  real 10.1.2.101
  inservice
  real 10.1.2.102
  inservice
  probe 8021
  vserver TEST
  virtual 10.1.2.100 tcp 8021
  serverfarm TEST
  replicate csrp connection
  persistent rebalance
  inservice
  VIP and real status:
  vserver type prot virtual vlan state conns
  Q_MAS_8021 SLB TCP 10.1.2.100/32:8021 ALL OUTOFSERVICE 0
  real server farm weight state conns/hits
  10.1.2.101 TEST 8 PROBE_FAILED 0
  10.1.2.102 TEST 8 PROBE_FAILED 0

  you need to specify what HTTP response code you expect.
  The command is :
  gdufour-cat6k-2(config-slb-probe-http)#expect status ?
  <0-999> expected status - minimum value in a range
  The default is to expect only 200.
  This is why your 403 is not accepted.
  Gilles.

• ACE 4710 HTTP Probes

  Using the ACE 4710 for loadbalancing a Sharepoint site.
  We currently have a HTTP probe setup to check the port 80 status of the rserver.
  Is there anyway to get the HTTP probe to check a DNS entry for each of the application sites? For instance http://info vs http://site are two different web sites running on the same IP. One site could have a problem but the actual port 80 for the IP may be still alive.
  Thanks for any information.

  Has anyone figure this out?  I am tring to get healthchecks/probes setup in this same fashion.  I have 2 servers with 1 IP but have many sites.  I want to probe each side and ensure I get a 200 code.  I also have to provide credentials to the site.  It seems that if i open IE I can log in just fine to the site with the credentials.  However there is an active x control box that is wanting to be installed.  When I set this up on my ACE it seems I am getting a http 401 unauthorized error.  I have done a wireshark capture while I was browsing and I see the 401 however it also reports a 200 code after that.  Do you think this is a problem because of the active x control wanting to be downloaded?  Or is this an issue with the first http code that is recieved by the probe, that being the 401 and then the 200? Below is my config (cleaned of course).
  probe http HTTP-80-OUR.DOMAIN.COM
    interval 15
    passdetect interval 60
    credentials
    request method get url http://our.domain.com/default.aspx
    expect status 200 200
    header Host header-value "our.domain.com"
    open 1
  rserver host SERVER-A
    ip address X.X.X.47
    inservice
  rserver host SERVER-B
    ip address X.X.X.48
    inservice
  serverfarm host FARM-AB
    predictor leastconns
    probe HTTP-80-OUR.DOMAIN.COM
    rserver SERVER-A
      inservice
    rserver SERVER-B
      inservice
  ACE4710# show probe HTTP-80-OUR.DOMAIN.COM detail
  probe       : HTTP-80-OUR.DOMAIN.COM
  type        : HTTP
  state       : ACTIVE
  description :
     port      : 80      address     : 0.0.0.0         addr type  : -
     interval  : 15      pass intvl  : 60              pass count : 3
     fail count: 3       recv timeout: 10
     http method      : GET
     http url         : http://our.domain.com
     conn termination : GRACEFUL
     expect offset    : 0         , open timeout     : 1
     expect regex     : -
     send data        : -
                  ------------------ probe results ------------------
     associations ip-address      port  porttype probes   failed   passed   health
     ------------ ---------------+-----+--------+--------+--------+--------+------
     serverfarm  : OUR.DOMAIN.COM-10.25.4.12-L3-FARM
       real      : SERVER-A[0]
                  X.X.X.47      80    DEFAULT  414      406      8        FAILED
     Socket state        : CLOSED
     No. Passed states   : 1         No. Failed states : 2
     No. Probes skipped  : 0         Last status code  : 401
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err : Received invalid status code
     Last probe time     : Wed Jun  2 17:44:18 2010
     Last fail time      : Wed Jun  2 13:37:04 2010
     Last active time    : Wed Jun  2 13:34:19 2010
       real      : SERVER-B[0]
                  X.X.X.48      80    DEFAULT  414      406      8        FAILED
     Socket state        : CLOSED
     No. Passed states   : 1         No. Failed states : 2
     No. Probes skipped  : 0         Last status code  : 401
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err : Received invalid status code
     Last probe time     : Wed Jun  2 17:44:20 2010
     Last fail time      : Wed Jun  2 13:37:06 2010
     Last active time    : Wed Jun  2 13:34:21 2010

• Strange HTTP probe with .cfm files.

  Hey All,
  I setup an http probe that checks a .cfm page for a keyword. according to the documentation there needs to be a content-length in the header for this to be parsed correctly. For some reason this .cfm page does not send the content-length. The developer manually told coldfusion to put the content-length in the header and I can see that the header now has the content-length. The probe is still failing with "Unrecognized or invalid response" If i put a test html page with a keyword, it parses it correctly and passes. If i change the keyword it fails as expected. Has anyone had any issues with the headers of coldfusion? There is no compression on the server side. Below is the probe.
  probe http KEYWORD
    interval 15
    passdetect interval 30
    request method get url /index.cfm
    open 2
    expect regex "go"
  Any help or suggestion would be much appreciated.
  Regards,
  Christian

  Hey Christian and Paul,
  Actually, when using expect regex, you don't need the expect status.  I alerted the documentation team about this and they have updated the documents with the following note:
  Note If you do not configure an expected status code, any response from the server is marked as failed. However, if you configure the expect regex command without configuring a status code, the probe will pass if the regular expression response string is present.
  Christian,
  You mention that you see the error message Unrecognized or invalid response, even with the content-length header added.  Is this the same error message you got before your app team added the header?  If so, then I might suspect that the ACE doesn't like the format they used.  The header should look like this:
  Content-Length:
  This is per RFC2616 and can be found at section 14.13 here.  Note that the C and the L are uppercase, the header name is immediately followed by a colon, and there is a spece between the colon and the value.
  I would recommend confirming that the header matches this description in a network capture.  If it does match, then I would like to see the capture, if possible.
  Thanks and I hope this helps,
  Sean

• CSM health probe for server farm with multiple vservers

  Is there a way to specify the vserver port that a health probe monitors when multiple vservers are configured for the same serverfarm? Let's say I have a serverfarm named farm1. farm1 services two ports www and https so two vservers vserver_www and vserver_https are configured and bound to farm1. I would like to enable http health probe on farm1 with the intention of only monitoring vserver_www http port but, instead, the health probe monitors both www and https and since a http probe on https fails it takes farm1 reals and both vservers vserver_www and vserver_https out-of-service. Is there a way to configure a health probe to monitor a specific port? Or, should I create two duplicate serverfarms farm1 bound to vserver_www and farm2 bound to vserver_https and only enable http health probe on farm1? Any other ideas welcomed.

  Appreciate the feedback. I also found what I was looking for in configuration examples. To summarize I've borrowed the comment from the URL below:
  # The port for the probe is inherited from the vservers.
  # The port is necessary in this case, since the same farm
  # is serving a vserver on port 80 and one on port 23.
  # If the "port 80" parameter is removed, the HTTP probe
  # will be sent out on both ports 80 and 23, thus failing
  # on port 23 which does not serve HTTP requests.
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/csm/csm_4_2/config/cfgxpls.htm

• HTTPS Probe on ACE

  We have some webserver behind our ACE that use SSL certificates that are issued by an internal CA.
  Do I need to do anything special in order to probe HTTPS?  Does the ACE need the internal CA to be trusted?
  Thanks.
  Jason

  Hi,
  If https server is working properly, only you need to do is configure https probe on ACE like below.
  You do not have to anything related certificate on ACE side.
  ACE-A327/context02# show running-config
  Generating configuration....
  probe https HTTPS
    interval 15
    passdetect interval 60
    ssl version all
    expect status 200 200
    open 1
  rserver host S1
    ip address 10.1.142.209
    inservice
  serverfarm host SF
    probe HTTPS
    rserver S1
      inservice
  interface vlan 11
    ip address 10.1.142.1 255.255.255.0
    no shutdown
  ACE-A327/context02# show probe detail
  probe       : HTTPS
  type        : HTTPS
  state       : ACTIVE
  description :
     port      : 443     address     : 0.0.0.0         addr type  : -          
     interval  : 15      pass intvl  : 60              pass count : 3   
     fail count: 3       recv timeout: 10  
     SSL version      : All
     SSL cipher       : RSA_ANY
     http method      : GET
     http url         : /
     conn termination : GRACEFUL 
     expect offset    : 0         , open timeout     : 1        
     regex cache-len  : 0        
     expect regex     : -
     send data        : -
                  ------------------ probe results ------------------
     associations ip-address      port  porttype probes   failed   passed   health
     ------------ ---------------+-----+--------+--------+--------+--------+------
     serverfarm  : SF
       real      : S1[0]
                  10.1.142.209    443   DEFAULT  11       0        11       SUCCES
  S
     Socket state        : CLOSED
     No. Passed states   : 0         No. Failed states : 0
     No. Probes skipped  : 0         Last status code  : 200
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err :  -
     Last probe time     : Thu Apr 14 17:34:02 2011
     Last fail time      : Thu Apr 14 17:30:42 2011
     Last active time    : Thu Apr 14 17:30:44 2011
  ACE-A327/context02#
  Additionaly, you can specify cipher in client hello, also you can select ssl/tls version.
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/probe.html#wp1162289
  If you find this helpful, please rate this topic.
  Regards,
  Kim.

• HTTP Probe

  How does the HTTP Probe function work ? Setting it up appears simple but it's not clear to me whether 1) the Local Director's will generate the probe traffic themselves or 2) do they just monitor return codes in client query's ?
  If they're just monitoring client traffic, then a failed server may go unnoticed for some time if the file specified in the ProbeHTTP command isn't requested by a client for a period.
  Also, aside from reviewing the syslogs, is there any way to see that it was the Probe which caused a server to change to a "failed" state ?

  I haven’t used http probe yet but the docs look like it probes either the http get or http header (depending on how it’s configured). I’m sure you can use this with snmp to avoid having to parse the syslogs. Or setup a script to do that for you.

• Attempting to use HTTP probe

  We're currently using the TCP probe for a load balanced app, however will need to change it to HTTP. The back-end servers are Window based and are running IIS. There's an app team, another team that supports IIS and another team that support the servers. Once we've configured the HTTP probe on the ACE, including the request method and the url, which of the above team would we need to reach out to coordinate the url path and the expected status code from the server?
  Thanks.
  _ Greg...  

  Thanks Kanwal. I was just curious which team would the load balancer team be typically dealing with as in my case, it has become a hot potatoe syndrom and none of the teams is willing to own up to this task and pointing fingers to the others. It would seem to me the app team be most likely the one as the server team be just supporting the servers and the IIS team be managing the IIS.
  Thanks again.
  _ Greg

• HTTP Probe and DNS names

  Hi,
  I think i have a very simple question.
  I want to setup an HTTP probe to test for URL, like http://www.cnn.com/
  When I specify such "request" command under probe confif menu, I would assume that ACE will need to perform name resolution for www.cnn.com, but I cannot find any reference on how to configure DNS servers on ACE....
  Am I missing something, or maybe I cannot do HTTP probe request by name and it had to be in a format of
  http://<ip address/?
  Thank you,
  David

  Hi,
  My initial idea was to use the following command:
  request method get url http://www.abc.com/
  This is why I had my initial question about how will ACE resolve www.abc.com
  Now thinking more about it I wonder if ACE even needs to resolve it at all.
  I intend to apply the probe under rserver in serverfarm config, so ACE will know the IP address of where to send the probe from rserver configuration. If so, no DNS query is needed. ACE will just construct the packet and put relevant information in HTTP portion.... Am I correct?
  If yes, what would be a difference is doing
  header Host header-value "http://www.abc.com/"
  vs
  request method get url http://www.abc.com/
  Thanks!
  David