Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral


Questions and Answers

Loading... Loading...


Hello,

I have my F5 managing several pools and subsequent websites. As part of each pool I have set up a HTTP health check to the pools. As I understand the LTM test it simply does a HTTP GET to the specified port number defined for each pool. The polling interval is default.

The issue is that my WebSphere logs show massive number of connections/sessions. I believe it is the F5 that when it performs a HTTP GET it is creating a new session but not terminating it.

My question to the forum is that when the LTM performs the HTTP GET, does it actualy initiate a session and then more importantly how do I get it to terminate the session?

thanks
Greg

11 Answer(s):

Hi Greg,

You can have the BIG-IP tell the server that the server close the TCP connection using an HTTP 1.1 formatted send string with a Connection header:

GET /monitor_page.html HTTP/1.1\r\nHost: \r\nConnection: Close\r\n

Sessions would be created on the application--not LTM. If you want to tell the server that the session should be removed, you'd need to figure out how the client can do that in an HTTP request and then configure that in the SEND string. If it requires two requests (one to create the session and one to close it) you could create an external monitor which references a shell script to make the two requests. You can find some examples for external monitors in the Monitoring Codeshare (Click here). Else, is there a page which LTM could monitor for which the server won't generate a session? That might be easier than trying to end the session.

Aaron
Aaron,

Thank you for the information. My apologies on the delayed response. In reading your response, it looks like there are two possible options. One would be to create my own custom monitor on the LTM or the second to find or write an external script. If I might pursue the first, since all I want is a simple get and then terminate the session can ask a few more questions then?

My LTM currentl manages about 10 pools each with their own application environment.. basically each environment has a unique port.For each pool I am doing an HTTP health test.

1) Does that mean, on the LTM I would have create a custom HTTP health monitor for each pool?
2) Do you happen to know of any sample snippets of something similar I could use for reference? Iask because when I look at the snippet you provided I am not sure if that is the exact string? or do I substitute a real HTML page, host, connection port into that string?


thanks
Greg
thanks
Greg
Hi Greg,

Most webservers will respond to a request with an HTTP host header and no value. The Connection: close header tells the server that the client won't try to re-use the TCP connection, so the server can close the connection after responding to the request.

Rather than worrying about the monitor configuration, I'd focus first on finding a page you can make a request to where the server doesn't generate a session. If that's possible, you could use a standard HTTP monitor with a customized send string. If that's not possible, then you could figure out how to make a request which tells the server to kill the session. That would probably take two requests and require using an external monitor which references a shell script using curl. There are examples of using curl from a shell script for an external monitor in the monitoring Codeshare (Click here).

Aaron
Hi aaraon

is that possible use http monitor for text content
for example i want send request GET /id/123445 and receive string hello
but hello content in the text file not html
this is not working with this way
i also use this method getting response from html content

is that possible work from text file


regards

zafer
Hi zafer,

The monitoring daemon evaluates the receive string against the response content. So it shouldn't matter what type of file you configure for the request as long as the server responds with the expected content.

If this isn't working, you could either enable bigd debug (b db bigd.debug enable) and check the /var/log/bigdlog file, or you could test from the command line using curl. If you make a curl request from LTM to a pool member, do you get back a response containing "hello"? You can use something like 'curl -v http://1.1.1.1/id/123445' to test where 1.1.1.1 is the pool member IP address.

Aaron

Aaron,

I am truly appreciative of your assistance on this issue and I feel bad about my lack of knowledge on these types of resolutions. I confess I am not an HTTP guru and recently inherited the F5 management so I will apologize if these questions are remedial. I have been re-reading your responses and I think I understand but I need to delve a little deeper to understand. I am providing more information on my environment in hopes to better understand your suggestions.

My configuration as such is that I have 4 physical web servers running multiple application environments on each server via a unique port number. I have created a pool for each application environment as dictated specify the unique port number for that pool. For example, I have a test environment running on port 80 and a training environment running on port 8080 with Websphere as my App/Web server.

train_pool conains webserver1 & webserver2 port 8080
test_pool contains webserver3 & webserver4 --port 80

When creating the pool I use the default Health Check to test if Webserver is available. I also have standard log in Page for each environment and use IRULES for URI filter.. for example

www.domain.com/train/jsp/pgLogin.jsp (which is directed to train_pool and port)
www.domain.com/test/jsp/pgLogin.jsp (which is directed to test_pool and port)


With this default configuration, I know the F5 performs an HTTP GET as its health check for the pool, and I assume for each physical server in the pool. This health check seems to create a session but not terminate it.. I know on the F5 you can create custom HTTP, as you indicated. What I did not understand was that there is some HTTP GET string I can create for Send strings that would be able to HTTP GET and then terminate/close the session. Is that correct? Do I put a custom receive string?I am not sure I understand the recieve string section and trying to find the Syntax... Below is a sample string I was thinking for say the train environment


GET /train HTTP/1.1\r\nHost: \r\nConnection: Close\r\n


Is this all I need with no receive string? I am assuming that the "Host" and "Connection" pieces are populated automatically via the F5 request. is it possible you can shed a little more light

thank you for help
Greg

Hi Greg,

Maybe a few more background questions are in order .

When you say "This health check seems to create a session but not terminate it..", what do you mean?

Does the web application generate a session for the request because the request doesn't contain a valid session identifier?

Is the problem that these sessions aren't terminated soon enough? Does the application run into problems when too many sessions are open?

How would a client tell the web application that they're done using the application and that the app can terminate their session? Is there a logout URI that instructs the app to kill the session?

Are there any objects in the application that can be accessed where the application does not generate a session? If so, this would be an ideal object to use in the monitor.

To answer some of your questions:


"With this default configuration, I know the F5 performs an HTTP GET as its health check for the pool, and I assume for each physical server in the pool."

-- Yes, bigd sends an HTTP request using the send string to each pool member that the monitor is configured for. The port information does not need to be specified in the monitor as bigd uses the pool member definition for the request destination.

"What I did not understand was that there is some HTTP GET string I can create for Send strings that would be able to HTTP GET and then terminate/close the session."

-- You can configure any single HTTP request for bigd to send as long as it's valid HTTP using a stock HTTP(S) monitor's send string. The concept of "session" is something that is specific to the application--not the HTTP protocol or bigd. If the application allows a client to send a request which either doesn't trigger a session being created, or tells the application that it should terminate the session, you could configure this as the send string in a stock monitor.

If there isn't a way for a client to send a single request which doesn't generate a session, there should be a way to do this with multiple requests. If that's the case, you could create an external monitor which references a script. The script would make the series of requests which determine whether the application is responding correctly. This could be as simple as using Curl ([urlhttp://curl.haxx.se/docs/manpage.html">Click here) to send one request for the page you want to monitor and then a second GET request with the session identifier from the first request which tells the app to terminate the session.

A stock HTTP(S) monitor is significantly less resource intensive, so you should try that if you can. If you do need to make multiple requests for one monitor polling, the Codeshare (Click here) has some good examples. Here is an example for sending an HTTP GET request with Curl (Click here). And here is an example for using Curl to make an HTTP POST request (Click here). You would need to modify one of these examples to make the first request verify the response is okay, parse the session identifier that the server sends, make a second request to the app with the session ID to tell the app to close the session and then respond to the monitoring daemon with confirmation that the pool member is up.

"'GET /train HTTP/1.1\r\nHost: \r\nConnection: Close\r\n' Is this all I need with no receive string? I am assuming that the "Host" and "Connection" pieces are populated automatically via the F5 request."

-- The send string is what bigd sends to the pool member. The only changes to the request are the \r\n's are replaced with actual carriage return/linefeeds:

 
GET /train HTTP/1.1
Host:
Connection: Close



Most applications aren't configured to require a host header value, so I didn't include one in that example. The Connection: Close header tells the server to close the TCP connection. This doesn't have anything to do with the applications "session". If you want to dynamically change the request that bigd sends to the pool member, you'd need to use an external monitor.

Hopefully this makes a bit more sense?

Aaron
Posted By hoolio on 11/18/2008 1:08 PM

The concept of "session" is something that is specific to the application--not the HTTP protocol or bigd.


I've struggled in explaining this before and you put it very succinctly, thanks, I will definitely use that in the future


Most applications aren't configured to require a host header value


I have encountered quite a few apps that will return a 400 Bad Request if they are sent an HTTP 1.1 request that doesn't include a valid host header, FWIW. I don't know that I'd fully agree with "most" here.

Now, without a receive string configured, a 400 Bad Request will still pass the health check. So that's not necessarily a problem either. Maybe a 400 response wouldn't generate an app "session". But probably not really what you want for a health check.

I'd advise Greg to use the host header if in doubt:

  
GET /train HTTP/1.1
Host: www.domain.com
Connection: Close


Denny
Hi Aaron,
when i request the webpage from browser it works i think browser converting text to html
but when i use curl request the page i see 500 internal server error

what can i do monitor from flat file

zafer
Hi Aaron
i think problem is the ISS, it only accepts get request from IE and Mozilla

ISS works between client and webserver for protect from attacks


regards
zafer
Hi Zafer,

Can you create a new post for your questions? I'm guessing there are components of the request which the application is expecting which aren't set by default using curl. If you make a request with a browser plugin like Fiddler for IE or HttpFox for FF, can you post an anonymized copy of the request? You can then use Curl (or the monitor send string) to mimic the browser request. If the application really does check the User-Agent header, you can set that in the monitor send string and with Curl.

Denny, good point on the Host header value. I'm not sure on the proportion, but I've many apps which do require a valid host header value and many which don't.

Greg, I forgot to add that the way a client tells the app that they're done with the session is by making a request with the session ID to a logout page. If you can't make a single request which doesn't generate a session on the app, you could use an external monitor to make the first GET request. You'd need to parse the session ID from the app response (typically set in a cookie) and then include the cookie in a second request to the logout page. You can also use Fiddler for IE or HttpFox for Firefox to test this with a browser and capture the request and response headers and payloads. If you can post anonymized samples, we could help you create the send string or curl commands to make the requests. I'd leave the actual script to you though

Aaron

Your answer:

You must be logged in to reply. You can login here.