I have a bit of a dilemma with our LTM and integrating with intelligent DNS, e.g. GTM.
Our LTM inspects backend servers using an HTTP monitor. It checks a URI, /in.html, if the node returns with a '200 OK' in the header, the node is marked as up. If we get a timeout, 404, etc, the server is marked as down. This allows server-admins to manage node-state on the F5 by scripting changes to this file in addition to marking HTTP nodes down when they fail.
Tied to this I have an iRule applied to each virtual-server. When all nodes in a pool fail, the F5 will present an under-maintenance page hosted on the LTM. So when either planned or unplanned incidents occur on backend servers, customers are presented with a maintenance page instead of a timeout.
This works great if you only have a single site, but we are looking to run multiple sites with a GTM monitoring each public IP. I would like to implement the same behavior with the GTM as our LTM.
Seems simple, but not in tandem with my maintenance configuration. We need three states.
How can I configure my maintenance iRule so that the /dns.html times-out when GTM probes it while still providing the "Planned Maintenance" state? Currently if the servers crashed and GTM probed the VIP, it would get a 200 OK on that URI because the LTM is presenting it the maintenance page.
I know you can implement two monitors per-pool and only pass if all monitors are up, but I need logic so that it has three states, not two. Is this possible with a custom iRule monitor?
Can I check the status of monitors in an iRule? I.e. 'if monitor a = up do x, if monitor b = up do y, if monitor a & b = down do z'?
Do you have your BIGIP systems configured in GTM as the Bigip redundant/standalone type? If so, a monitor is not required on the GTM side of things, as the LTM and GTM will transfer information about the state of a VIP. Your health monitors on the LTM will directly influence GTM's decision making. The iRule doesn't apply in this case. If all sites for a wideIP are down, then GTM's default behavior is to return all IP addresses, which would then hit your iRule. Users may see the maintenance page if the site they are connected to goes down, until the DNS TTL expires and they receive a different response.
If you have many LTM systems, you can control which system actually performs the checks by configuring a prober pool for the BIGIP server object. More information about prober pools could be obtained here: https://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-11-6-0/15.html#unique_990600193
The only case we use GTM's monitoring capability for is for services that are not traversing a LTM VIP, for example, network/VPN appliances.