HTTP probe in ACE

Similar Messages

• Http probe on ace 30

  hi,
  i need to configure an http probe on ace,
  the url is like /zz?/ee/rr.png
  the probe is get /zz?/ee/rr.png
  pb: i can type this ? ,
  how can i do that ?
  thanx for your answers

  That's just easy. Type CRTL + v and then you can type ?. That's all.

• HTTPS Probe on ACE

  We have some webserver behind our ACE that use SSL certificates that are issued by an internal CA.
  Do I need to do anything special in order to probe HTTPS?  Does the ACE need the internal CA to be trusted?
  Thanks.
  Jason

  Hi,
  If https server is working properly, only you need to do is configure https probe on ACE like below.
  You do not have to anything related certificate on ACE side.
  ACE-A327/context02# show running-config
  Generating configuration....
  probe https HTTPS
    interval 15
    passdetect interval 60
    ssl version all
    expect status 200 200
    open 1
  rserver host S1
    ip address 10.1.142.209
    inservice
  serverfarm host SF
    probe HTTPS
    rserver S1
      inservice
  interface vlan 11
    ip address 10.1.142.1 255.255.255.0
    no shutdown
  ACE-A327/context02# show probe detail
  probe       : HTTPS
  type        : HTTPS
  state       : ACTIVE
  description :
     port      : 443     address     : 0.0.0.0         addr type  : -          
     interval  : 15      pass intvl  : 60              pass count : 3   
     fail count: 3       recv timeout: 10  
     SSL version      : All
     SSL cipher       : RSA_ANY
     http method      : GET
     http url         : /
     conn termination : GRACEFUL 
     expect offset    : 0         , open timeout     : 1        
     regex cache-len  : 0        
     expect regex     : -
     send data        : -
                  ------------------ probe results ------------------
     associations ip-address      port  porttype probes   failed   passed   health
     ------------ ---------------+-----+--------+--------+--------+--------+------
     serverfarm  : SF
       real      : S1[0]
                  10.1.142.209    443   DEFAULT  11       0        11       SUCCES
  S
     Socket state        : CLOSED
     No. Passed states   : 0         No. Failed states : 0
     No. Probes skipped  : 0         Last status code  : 200
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err :  -
     Last probe time     : Thu Apr 14 17:34:02 2011
     Last fail time      : Thu Apr 14 17:30:42 2011
     Last active time    : Thu Apr 14 17:30:44 2011
  ACE-A327/context02#
  Additionaly, you can specify cipher in client hello, also you can select ssl/tls version.
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/probe.html#wp1162289
  If you find this helpful, please rate this topic.
  Regards,
  Kim.

• ACE 4710 HTTP Probes

  Using the ACE 4710 for loadbalancing a Sharepoint site.
  We currently have a HTTP probe setup to check the port 80 status of the rserver.
  Is there anyway to get the HTTP probe to check a DNS entry for each of the application sites? For instance http://info vs http://site are two different web sites running on the same IP. One site could have a problem but the actual port 80 for the IP may be still alive.
  Thanks for any information.

  Has anyone figure this out?  I am tring to get healthchecks/probes setup in this same fashion.  I have 2 servers with 1 IP but have many sites.  I want to probe each side and ensure I get a 200 code.  I also have to provide credentials to the site.  It seems that if i open IE I can log in just fine to the site with the credentials.  However there is an active x control box that is wanting to be installed.  When I set this up on my ACE it seems I am getting a http 401 unauthorized error.  I have done a wireshark capture while I was browsing and I see the 401 however it also reports a 200 code after that.  Do you think this is a problem because of the active x control wanting to be downloaded?  Or is this an issue with the first http code that is recieved by the probe, that being the 401 and then the 200? Below is my config (cleaned of course).
  probe http HTTP-80-OUR.DOMAIN.COM
    interval 15
    passdetect interval 60
    credentials
    request method get url http://our.domain.com/default.aspx
    expect status 200 200
    header Host header-value "our.domain.com"
    open 1
  rserver host SERVER-A
    ip address X.X.X.47
    inservice
  rserver host SERVER-B
    ip address X.X.X.48
    inservice
  serverfarm host FARM-AB
    predictor leastconns
    probe HTTP-80-OUR.DOMAIN.COM
    rserver SERVER-A
      inservice
    rserver SERVER-B
      inservice
  ACE4710# show probe HTTP-80-OUR.DOMAIN.COM detail
  probe       : HTTP-80-OUR.DOMAIN.COM
  type        : HTTP
  state       : ACTIVE
  description :
     port      : 80      address     : 0.0.0.0         addr type  : -
     interval  : 15      pass intvl  : 60              pass count : 3
     fail count: 3       recv timeout: 10
     http method      : GET
     http url         : http://our.domain.com
     conn termination : GRACEFUL
     expect offset    : 0         , open timeout     : 1
     expect regex     : -
     send data        : -
                  ------------------ probe results ------------------
     associations ip-address      port  porttype probes   failed   passed   health
     ------------ ---------------+-----+--------+--------+--------+--------+------
     serverfarm  : OUR.DOMAIN.COM-10.25.4.12-L3-FARM
       real      : SERVER-A[0]
                  X.X.X.47      80    DEFAULT  414      406      8        FAILED
     Socket state        : CLOSED
     No. Passed states   : 1         No. Failed states : 2
     No. Probes skipped  : 0         Last status code  : 401
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err : Received invalid status code
     Last probe time     : Wed Jun  2 17:44:18 2010
     Last fail time      : Wed Jun  2 13:37:04 2010
     Last active time    : Wed Jun  2 13:34:19 2010
       real      : SERVER-B[0]
                  X.X.X.48      80    DEFAULT  414      406      8        FAILED
     Socket state        : CLOSED
     No. Passed states   : 1         No. Failed states : 2
     No. Probes skipped  : 0         Last status code  : 401
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err : Received invalid status code
     Last probe time     : Wed Jun  2 17:44:20 2010
     Last fail time      : Wed Jun  2 13:37:06 2010
     Last active time    : Wed Jun  2 13:34:21 2010

• ACE http probe "request method type" mandatory on A3(2.6)?

  Hi people,
  I recently upgraded to A3(2.6) from A3(2.0) and I don't see the N/A option on the http probe "request method type".
  It also has an asterisk * which means it's mandatory.
  I tried to set up a new http probe for another farm I am creating and the probe shows status failed, although I can ping and telnet to the http server on port 80 from the ACE context. My probe is like that:
  probe http http_probe_WWW
    interval 15
    passdetect interval 60
    expect status 200 200
    open 10
  My other http probes for other farms work ok after the upgrade and they are similar.
  So my question is: Do I need to set the request method type or something else causes the probe to fail?
  thanks a lot.
  George

  What you see is a problem with the GUI.
  CSCtg78008    while creating http probe default method slected should be get as in CLI
  But the request-method is not required.
  So your config should work.
  Do a 'show probe detail' to see the failure reason.
  Get a sniffer trace as well.
  Regards,
  Gilles.

• ACE HTTP Probe with regex

  ACE HTTP Probe with regex
  Hi,
  I'm trying to setup a HTTP probe with expected string rather then a code (config below). I do a GET for the page then a search for a string in the response however it's not working, as probe appears as failed.
  I've tested the connection to the server by using telneting and then looking at the page displayed to make sure the string I want to match is in the response.
  probe http HTTP-PROBE
  port 43050
  interval 30
  passdetect interval 30
  passdetect count 1
  request method get url /action=help
  open 43050
  expect regex action=help
  Q. Is there anything wrong with this configuration and what I'm trying to achive?
  Thanks,
  Pritesh

  Use "expect status" under probe config. expect regex doesnt work if expect status is not configured.
  expect regex work flawlessly with static pages. It doesnt work all the time with dynamic pages.
  Specially if "content-length" header is missing from Server response.
  Hope it helps
  Syed Iftekhar Ahmed

• ACE 4710 http probe get url question

  I am trying to create a http probe using the request method get url command. My url contains a question mark and the ACE will not accept the url as is and it strips out the question mark character. Is there a way to make the ace accept a url containg a question mark?
  probe http HTTP_PROBE
    port 9040
    interval 10
    faildetect 5
    passdetect interval 60
    expect status 200 200
    open 1
  The url I am trying to enter is /psp/epprod/?cmd=login
  When I enter it the ACE does as shown below
  (config-probe-http)# request method get url /psp/epprod/?
  <LINE>
  ACE-APP-02/vc_peoplesoft(config-probe-http)# request method get url /psp/epprod/cmd=login
  It strips out the ? character.

  Hi Nicholas,
  To enter a question mark you need to type ctrl+v prior to entering the ?
  You enter the control key then lowercase v, then your question mark.
  HTH
  Pablo

• ACE HTTP probe hash md5 value

  Hi,
  We would like to see the hash value calculated by the ACE when the HTTP probe hash command configured.
  This is possible on CSS via the "sh service" command. We have tried to get it from sh rserver , sh probe XXX detail sh serverfarm XXX det but we do not get it.
  Is this possible to get it on the ACE as we do on the CSS?
  We need this to manually configure it via the hash <value> command because if the ACE probe is reseted for any reason, the probe http hash will be re-calculated based on the first http response of the server and we can not predict that the server will give the expected web page at this time.
  A // question is: on what the md5 value is calculated? HTTP header + payload or only http object payload? We have calculated the md5 hash value by ourselves but the probe is still failing whatever the http portion used for the calculation is.
  Many thanks for your help.
  Regards/ludovic.

  probe http MD5-HTTP
  interval 15
  passdetect interval 15
  request method get url /index.html
  expect status 200 200
  hash 2441DA7F68A265F8CFB4426B6897CE33
  And here is how I computed the hash on the server itself [linux machine]
  md5sum /var/www/HTML/index.html
  2441da7f68a265f8cfb4426b6897ce33 /var/www/HTML/index.html
  [root@linux-1 tftpboot]#
  The probe is UP
  switch/Admin# sho probe MD5-HTTP detail
  probe : MD5-HTTP
  type : HTTP
  state : ACTIVE
  description :
  port : 80 address : 0.0.0.0 addr type : -
  interval : 15 pass intvl : 15 pass count : 3
  fail count: 3 recv timeout: 10
  http method : GET
  http url : /index.html
  Hash-value : 2441da7f68a265f8cfb4426b6897ce33
  conn termination : GRACEFUL
  expect offset : 0 , open timeout : 10
  expect regex : -
  send data : -
  --------------------- probe results --------------------
  probe association probed-address probes failed passed health
  ------------------- ---------------+----------+----------+----------+-------
  serverfarm : linux1
  real : linux1[0]
  192.168.30.27 13 4 9 SUCCESS
  md5sum is a standard tool.
  Nothing fancy about it.
  Gilles.

• ACE Module - HTTP Probe failure

  Hi,
  I have configured the http probe with expect status 200 202, but the probe fails despite availability of the port on rserver.
  I tried head/get method to see the return code, and it came back with HTTP1.1/302. How can I configure an http probe to understand HTTP 302 code as success return.
  Thanks.

  I changed the expect status value as below
  probe http TEST-HTTP
  interval 30
  passdetect interval 10
  request method head
  expect status 302 302
  The probe is still failing with the log message
  Apr 20 2009 12:04:35 : %ACE-3-251010: Health probe failed for server 192.168.1.10 on port 80, received invalid status code
  On 'show probe detail' it shows the last status code as 400 which means Bad Request
  --------------------- probe results --------------------
  probe association probed-address probes failed passed health
  ------------------- ---------------+----------+----------+----------+-------
  serverfarm : TEST-APP
  real : TEST-SERVER1[80]
  192.168.1.10 27 27 0 FAILED
  Socket state : CLOSED
  No. Passed states : 0 No. Failed states : 1
  No. Probes skipped : 0 Last status code : 400
  No. Out of Sockets : 0 No. Internal error: 0
  Last disconnect err : Received invalid status code
  Last probe time : Mon Apr 20 12:05:33 2009
  Last fail time : Mon Apr 20 12:00:53 2009
  Last active time : Never
  The http page is showing perfectly on the web browser. Also, using the http head/get tool, I can see that 302 is returned.
  What could be the problem.
  Regards.

• HTTP Probe ACE Modules

  Team,
  Below is a snapshot of the HTTP Probe that I currently have confgured:
  probe http http-probe
  interval 10
  passdetect interval 3
  request method head
  expect status 200 200
  My question is, what if one of my reservers has a bad URL but the subsystem in IIS is responding with a 200 status? How do I protect myself from this situation and have the ACE module take this rserver out of rotation?
  Thank you,
  John...

  For example instead of root url you can probe a specific url pointing to the app like
  probe http http-probe
  interval 10
  passdetect interval 3
  request method head
  request method get url /testpage.html
  expect status 200 200
  Where tespage.html is the app specific page.
  There could also be situations where requirement would be to keep track of the backend server along with the front end/Web server and mark the Web server down if a backend server (like application /database server is down).
  This can be achieved by if APP can be tweaked by developers such that it make calls to backend servers (like DB server) and populate a page with some value from the database. In http probe you can look for that value and if that value doesnt exist then you can mark the server down.
  for e.g in following example if ACE will mark the server down if it gets 200 ok but doesnt get "DBISUP" in response
  probe http http-probe
  interval 10
  passdetect interval 3
  request method head
  request method get url /checkdbpage.html
  expect status 200 200
  expect regex DBISUP
  HTH
  Syed Iftekhar Ahmed

• ACE HTTP Probe Question (HTTP Version)

  Hello, I am wondering what HTTP version ACE uses when sending HTTP/HTTPS probes to a web server. I am currently running A2(3.3) if that has any bearing. TIA

  Hi,
  The default get request method is HTTP/1.1 when the ACE is sending the probe and i dont
  think there is a way to change this default behavior.
  Regards,
  Siva

• ACE HTTP Probe

  Hi,
  This is the current probe that I am using:
  probe http http-probe
  interval 3
  passdetect interval 3
  passdetect count 3
  request method head
  expect status 200 200
  Someone told me that I should be using a more sophisticated web page to probe. If you agree with that statement, could someone please provide a sample config?
  Thank you...

  Hi,
  I'm not sure what your colleague meant by more sophisticated. When I've set up an HTTP probe I've asked that the server management team set up a simple static page on the server that can be tested. So in my probe I'd specify something like:
  request method head url /serverhere.html
  This enables the team to take a server out of service by renaming the page (e.g. to servernothere.html) without having to ask me to modify the ACE configuration. The server can then be tested without real users having access and brought back in when they're happy.
  HTH
  Cathy

• ACE Appliance HTTP Probe with "POST" query

  Does the ACE support HTTP Probe with a "POST" query?
  Thanks
  Joe

  Hi Joe,
  The ACE only supports GET and HEAD
  Here is the documentation related to this:
  http://www.cisco.com/en/US/customer/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/slb/guide/probe.html#wp1031485
  Cesar R

• Cisco ACE Mod 30 - HTTPS probes are failing after hardware replacement.

  We recently had a hardware failure on ACE Mod30. The replacement went in relatively painless (except for having to import about 100 SSL Certificates and Private Keys).
  However, on the new ACE, the HTTPS probes are failing for all contexts using them. We can work around this by using TCP-443 probe, but the customer prefers that we actually request a logon page to ensure that the application is running properly.
  Here are the probe stats for one context (THIS ONE IS ACTIVE)
  BRTDCSCRTR2/INTRA-DEV-TST# sho stats probe type https
  +------------------------------------------+
  +----------- Probe statistics -------------+
  +------------------------------------------+
   ----- https probe ----
   Total probes sent       : 52422        Total send failures   : 0
   Total probes passed     : 0            Total probes failed   : 52422
   Total connect errors    : 0            Total conns refused   : 0
   Total RST received      : 0            Total open timeouts   : 52422
   Total receive timeout   : 0            Total active sockets  : 0
  Here are the probe stats for one context (THIS ONE IS HOT_STANDBY)
  BRTDCSCRTR2/INTRA-PROD# sho stats probe type https
  +------------------------------------------+
  +----------- Probe statistics -------------+
  +------------------------------------------+
   ----- https probe ----
   Total probes sent       : 69398        Total send failures   : 0
   Total probes passed     : 0            Total probes failed   : 69398
   Total connect errors    : 0            Total conns refused   : 0
   Total RST received      : 0            Total open timeouts   : 69398
   Total receive timeout   : 0            Total active sockets  : 0
  Everything else appears to be working properly, except for the HTTPS probes.

  Hi,
  For HTTS Probes to be successful, you don't need to have SSL Certs/Private keys on ACE, unless servers are doing client authentication. When ACE sends HTTS Probes to servers, it acts as a client.
  Here are few things that can be tried:
  - Test HTTS probe with only one server. Reload the server to clear any SSL cache on it.
  - check SSL probe detail to verify the error code received
  - Take captures between ACE and that server to find at what stage of the probe packet exchange flow is failing.
  Here is a good link to troubleshoot HTTPS probe issues:
  http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Troubleshooting_Guide_--_Troubleshooting_ACE_Health_Monitoring#Troubleshooting_an_HTTPS_Probe_Error
  Regards,
  Hasham

• Issue with regexes in http health probes on ACE 4710

  Folks,
  We're currently experiencing fairly bizarre behavior when attempting to set up http probes that expect a regexp.  Namely, if we specify a regexp, the probe *always* passes, regardless of status code and regardless of whether or not the message actually matches the pattern.  Doing 'no expect regexp' fixes this behavior (by which I mean that the 'expect status' rules work again). 
  We haven't noticed until now because this is the first time we've tried to set up a probe that does this.  Are we missing something?  Is this a known issue with our current firmware version?
  Sincerely,
  Patrick T. Ramsey
  # show run probe | begin HTTP-nfscheck | end regex
  Generating configuration....
  probe http HTTP-nfscheck
    description Simple HTTP probe to check nfs mount health
    port 80
    interval 15
    passdetect interval 20
    request method head url /nfs-health-check/
    open 1
    expect regex "^ureytgraeuikghfdjg$"
  # sh ver
  Cisco Application Control Software (ACSW)
  TAC support: http://www.cisco.com/tac
  Copyright (c) 1985-2009 by Cisco Systems, Inc. All rights reserved.
  The copyrights to certain works contained herein are owned by
  other third parties and are used and distributed under license.
  Some parts of this software are covered under the GNU Public
  License. A copy of the license is available at
  http://www.gnu.org/licenses/gpl.html.
  Software
    loader:    Version 0.95.1
    system:    Version A3(2.4) [build 3.0(0)A3(2.4) adbuild_11:46:02-2009/09/27_/auto/adbu-rel2/rel_a3_2_3_throttle/REL_3_0_0_A3_2
  _4]
    system image file: (hd0,1)/c4710ace-mz.A3_2_4.bin
    Device Manager version 1.2 (0) 20090925:1550
    installed license: no feature license is installed
  Hardware
    cpu info:
      Motherboard:
          number of cpu(s): 2
      Daughtercard:
          number of cpu(s): 16
    memory info:
      total: 6226388 kB, free: 3972668 kB
      shared: 0 kB, buffers: 22020 kB, cached 0 kB
    cf info:
      filesystem: /dev/hdb2
      total: 861668 kB, used: 728656 kB, available: 89240 kB
  last boot reason:  Unknown
  configuration register:  0x1
  ldbottom kernel uptime is 325 days 3 hours 46 minute(s) 43 second(s)

  I also went through a similar issue in which we need to probe the real server PESERVER01 and if the real server replies with the keyword "PE Server" in the HTTP content then the probe should be passed successful.
  In my case the real server was listening on port 32776 for HTTP service so we configured the serverfarm as below,
  serverfarm host SF-TEST-32776
    description SF-TEST-32776
    failaction purge
    probe PE-SERVER-STRING
    rserver PESERVER01 32776
      inservice
  And the TCP probe as below,
  probe tcp PE-SERVER-STRING
    port 32776
    send-data GET /IOR/ping HTTP/1.1      <<== command should not be in inverted  commas
    expect regex "PE Server"
  The above probe worked really well and when we checked the probe status it was marking as success. I also tried changing the regex from "PE Server" to "Vishal12345" and it was failing as expected because there was no such keyword in the HTTP content.
  ==================================================================================
  T2-LB02# sh probe PE-SERVER-STRING
  probe       : PE-SERVER-STRING
  type        : TCP
  state       : ACTIVE
     port      : 32776   address     : 0.0.0.0         addr type  : -
     interval  : 15      pass intvl  : 60              pass count : 3
     fail count: 3       recv timeout: 10
                  ------------------ probe results ------------------
     associations ip-address      port  porttype probes   failed   passed   health
     ------------ ---------------+-----+--------+--------+--------+--------+------
     serverfarm  : SF-TEST-32776
       real      : PESERVER01[32776]
                  10.10.10.1    32776 PROBE    105      0        105      SUCCESS
  ==================================================================================
  I was struggling with this issue from long time. Even raised couple of Cisco TAC cases with no luck. The most important thing here is to identify the exact command to be send to real server like GET /IOR/ping HTTP/1.1 that we used here.
  To collect this command I did packet capture on one of the client machine and then tried to open the URL from real server which can return the string "PE Server". Then analyzed the captures in Wireshark and checked the HTTP data with follow the TCP stream option in which I seen the below data, which gives the command to be send in probe as well as the string we should expect.
  ==================================================================================
  GET /IOR/ping HTTP/1.1
  User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
  Host: 10.144.70.85:32776
  Accept: */*
  HTTP/1.0 200 OK
  Content-type: text/html
  Ping
  PE Server
  WRVFKO11 [Win32 Server Production (3 silos) (Oracle Blob 512 MB) -- {dap451.007.028 dap451.004.002 pe451.003.010x pui451.003.010  pui451.001.004} Mar  9 2012 15:07:53 en ]
  ===================================================================================
  Please try this and see if it helps you.
  Thanks,
  Vishal Babrekar