Re: [f-nsp] multiple service failover

Wed, 15 Jul 2009 06:23:44 -0700 

Oliver Adam wrote:
I am not sure why you would like to solve this problem with another vendors box. I would suggest to look at the features of the 4G. There is something called health check track groups. 

Out of the documentation:

ServerIron(config)# server real r1 1.1.1.1
ServerIron(config-real-server-r1) port 80
ServerIron(config-real-server-r1) port ftp
ServerIron(config-real-server-r1) port dns
ServerIron(config-rsr1) hc-track-group 80 21 53


The ServerIron now tracks health status for ports 80, 21, and 53. If 
any of these ports is down then the combined
health would be marked as failed and the ServerIron will not use these 
ports for load balancing traffic.



You would have to combine port 80 and port 443 in a health check track 
group.


Is not that what you are looking for?


Ahh, now that's just what I was looking for.  I already have that though:


healthck Server1_HC tcp
 dest-ip 192.168.0.60
 port http
 protocol http
 protocol http url "GET /status.html"
 protocol http content-match Content_Match
 l7-check


server real server1 192.168.0.60
source-nat access-list 1
port http
port http healthck Server1_HC
port http url "HEAD /"
port ssl
port ssl keepalive
port ssl l4-check-only
port 8080
port 9000
port 4443
hc-track-group 80 443


server virtual vserver 1.2.3.4
sym-priority 110
port http
port http lb-pri-servers backup-stay-active
port ssl sticky
port ssl ssl-terminate Action
port ssl lb-pri-servers backup-stay-active
bind http server1 8080 real-port http server2 8080 real-port http
bind ssl server1 4443 real-port ssl server2 4443 real-port ssl



However, we recently ran into the situation where server1 was responding 
very slowly and http failed over to server2 but ssl remained on server1.




The 8080 and 4443 are so we can access the real server for testing 
before binding it to the LB VIP.  Are they what's causing the problem 
here?  Should I have hc-track-group 80 443 8080 4443 ?


Thanks!  I love the S/N ratio on this list!

--- David

_______________________________________________
foundry-nsp mailing list
[email protected]
http://puck.nether.net/mailman/listinfo/foundry-nsp






















					Reply via email to