BMeyering_10972
May 22, 2012Nimbostratus
VMWARE VIEW health monitor SG/Connection broker mapping
We have F5 Big IP 3600 LTM running verision 11.1 HF2
The F5 currently is acting as a front-end for the VMWare security servers which do the authentication. Let’s say 2 physical servers per VIP. A client connects to the VIP (and a security server) and then the security server authenticates the client and pushes them to a Connection Broker (also 2 of them) with a 1:1 mapping of a security server interacts only with its assigned connection broker.
So the problem we’re having is that the node in F5 is still marked up (box and services are responding) even when it’s paired connection broker is down. Would it be possible to configure a health monitor on the F5 to monitor a node other than the ones that it’s assigned to use in the load balancing pool?
Quick mock-up of our setup…
(there’s 3 VIPs for each IP… tcp/443, udp/4172 and tcp/4172)
VIP: 10.2.1.101
VS: view.example.com_sslvpn_tcp_443
VMView_sslvpn_pool
Nodes
172.26.15.20:0
172.26.15.31:0
Health Monitors
tcp/443
tcp/4172
udp/4172
172.26.15.20 is “paired” with connection broker 10.26.15.20
likewise for .31