Forum Discussion

InquisitiveMai's avatar
InquisitiveMai
Icon for Cirrus rankCirrus
Nov 04, 2022
Solved

Multiple ports in a Single Health Monitor and LTM policy to Send Traffic to a single pool

Is it possible to have a single Health Monitor to Monitor a server with multiple ports ex:100 ports

For the VIP should we have VIP_X with port 0 and a pool with port 0 and then a LTM policy with this multiple ports sending to the pool_X with port 0?  How should the policy be built? Should it be "Best Match" and TCP port when "client_accepted". Can we put a range in the rule for polcies?

 

Thank you

application delivery
  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Nov 05, 2022

    Hi InquisitiveMai , 
     > I think there is no such an Active health monitor to monitor multiple service ports on single server. 
    But , you can Create multiple custom health monitor , let we say you have 4 ports ( 20 , 30 , 40 , 50 ) over TCP Connections enabled in your real server , you can create a custom TCP monitor for 20 , 30 , 40 , 50 in "Alias Service Port "field with a tcp parent profile , After that go to ( Local traffic , Nodes , Select your node ) , select Node specific monitor and  you can assign all 4 custom monitors which recently created , also change Availablity Requirement to " at least 1 " to make sure that all of your services will not be down if there is an outage happen to one of them , and you will be able to detect if one of your services become down from its specific monitor but you maintain all of other connections for the rest of your services thanks to  ("Availablity Requirement to " at least 1 " ). 
    > you can check this snap shot from my virtual environment : 

     
    > For LTM Policy : 
    I do not know why you want to create LTM Policy to forward traffic as all of your traffic will be forwarded to the Virtual server assigned pool , I mean that all of your traffic even in different services ports should be forwarded to the           " Pool_mem:0" which is the only member option in your pool that you assign to your "virtual_server:0". 
    I am sorry for not understanding well this point. 
    > If you asking about TCP port ranges in LTM policies you can try this : 

    > But if you mean that you want only the Specified range to pass and reach your "Pool_mem:0 " and drop the other ports. 
     in this case you can create 2 rules in a LTM policy , first rule contains such the last snap shot I sent recently and the second rule to deny the rest of traffic that coming in other service ports that not specified in your range , the final policy should be like this : 

    > Sorry I do not have a test server has multiple services to test this workaround , I hope this will help you and clarify to me if i miss-understand you. 

    Regards 
    Mohamed Kansoh

3 Replies

Sort By
  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Nov 05, 2022

    Hi InquisitiveMai , 
     > I think there is no such an Active health monitor to monitor multiple service ports on single server. 
    But , you can Create multiple custom health monitor , let we say you have 4 ports ( 20 , 30 , 40 , 50 ) over TCP Connections enabled in your real server , you can create a custom TCP monitor for 20 , 30 , 40 , 50 in "Alias Service Port "field with a tcp parent profile , After that go to ( Local traffic , Nodes , Select your node ) , select Node specific monitor and  you can assign all 4 custom monitors which recently created , also change Availablity Requirement to " at least 1 " to make sure that all of your services will not be down if there is an outage happen to one of them , and you will be able to detect if one of your services become down from its specific monitor but you maintain all of other connections for the rest of your services thanks to  ("Availablity Requirement to " at least 1 " ). 
    > you can check this snap shot from my virtual environment : 

     
    > For LTM Policy : 
    I do not know why you want to create LTM Policy to forward traffic as all of your traffic will be forwarded to the Virtual server assigned pool , I mean that all of your traffic even in different services ports should be forwarded to the           " Pool_mem:0" which is the only member option in your pool that you assign to your "virtual_server:0". 
    I am sorry for not understanding well this point. 
    > If you asking about TCP port ranges in LTM policies you can try this : 

    > But if you mean that you want only the Specified range to pass and reach your "Pool_mem:0 " and drop the other ports. 
     in this case you can create 2 rules in a LTM policy , first rule contains such the last snap shot I sent recently and the second rule to deny the rest of traffic that coming in other service ports that not specified in your range , the final policy should be like this : 

    > Sorry I do not have a test server has multiple services to test this workaround , I hope this will help you and clarify to me if i miss-understand you. 

    Regards 
    Mohamed Kansoh

    • InquisitiveMai's avatar
      InquisitiveMai
      Icon for Cirrus rankCirrus
      Nov 05, 2022

      Thank you for your response. I like your solution of creating multiple monitors with availability requirement of 1. But I was thinking if there is a better way to do it for ex: if we need to monitor 70 ports.

      For the TCP Policy I was thinking to create a policy with specific ports and drop traffic if  it comes on non specified port. 

      • Mohamed_Ahmed_Kansoh's avatar
        Mohamed_Ahmed_Kansoh
        Icon for MVP rankMVP
        Nov 05, 2022

        Hi InquisitiveMai , 
           I am happy that my reply helped you. 
        I know that you want a single health monitor to monitor all of your 70 services , For instance if service number " 50 and 60 " become down suddenly and become unavailable , you will not able to detect it as an adminstrator and only your customers who send requests on port 50 or 60 will impacted by these services outage. 
        so if you created a custom monitor for each service you can feel and notice if there are an outage happened to one of your services , by SNMP Logs or an integrated SIEM solution with you Big-ip appliance. 
        So I see to create multiple custom monitor will be practical and comfortable for you.

        Regards 
        Mohamed Kansoh