Health Monitor for LDAP-Node

Question

Hi, 
&nbsp;  
&nbsp; i´m currently working on a Big IP LTM (BIG-IP 9.4.5 Build 1049.10 Final). I want to use Big IP to loadbalance the traffic thats caused by ldap requests. 
&nbsp; The problem is that twice a day we discover high peaks of ldap requests. This often ends in high loads on the servers an sometimes leads to a complete lockup. I now want to "balance" this traffic between six ldap-servers using Big IP. 
&nbsp;  
&nbsp; There are six ldap-servers wich i have configured as nodes inside a pool. For now, the Health Monitor for the nodes is gateway-icmp only. Using round-robin, everything works fine and the requests are now spread through all the servers. 
&nbsp; I now discovered that there is a template for monitoring ldap-servers. I configured a health monitor which now monitors the ldap pool.  
&nbsp; Unfortunately this monitor cant be assigned to a single node. From what i understand this means that the monitor just checks if the pool is available (through ldap authentication) but doesnt check for ldap on single nodes. 
&nbsp;  
&nbsp; What I wanted to achieve is that Big IP checks if a single node answeres the ldap-request send from the loadbalancer and therefore marks the node as available or not. With this setup we could "balance" the incoming traffic to different nodes. 
&nbsp;  
&nbsp; For now its just the pool thats beeing checked. This doesnt solve the problem I have. 
&nbsp;  
&nbsp; I´m new to Big IP so if theres a configuration guide i really have to read first, feel free to link it. 
&nbsp;  
&nbsp; Maybe the answer isnt that difficult. 
&nbsp;  
&nbsp; Thank you. 
&nbsp;  
&nbsp; Timo 
&nbsp;  
&nbsp;

timo_schlueter_ · Answer

everything is fine. 
&nbsp; I managed to assign the ldap-check to a single node. 
&nbsp; The strange thing is, that if you go through "Local Traffic" -&gt; "Virtual Servers" -&gt; "Nodes" -&gt; and then choose "Node Specific" in the dropdown menu, you can't assign all the available checks. 
&nbsp; But if you go through "Local Traffic" -&gt; "Virtual Servers" -&gt; "Pools" -&gt; "Members" you can choose "Member specific" and then add all the checks you want to the single node (here called "Member"). 
&nbsp;  
&nbsp; Since it works for me now, this thread is no longer needed.  
&nbsp;  
&nbsp; Thank you anyway.. 
&nbsp;  
&nbsp; Timo

hooleylist · Answer

Hi Timo, 
&nbsp;  
&nbsp; A node (IP address) health monitor either needs to be valid for an IP address, like ICMP, or have a specific alias port defined in the health monitor.  A health monitor without an alias port definition will inherit the port from the pool member (IP:port) definition.  
&nbsp;  
&nbsp; Another difference between applying a health monitor to a node versus a pool member is that when a node monitor marks a node down, the node is marked down in all pools the node is defined in.  A monitor added to a pool or pool member only affects that single pool member. 
&nbsp;  
&nbsp; Aaron

timo_schlueter_ · Answer

Hi Aaron, 
&nbsp;  
&nbsp; thank you very much. 
&nbsp; Thats all I needed to know. 
&nbsp; For my setup I can assign the Health Monitor to the single pool member since I don´t use a single node inside multiple pools. 
&nbsp; The LDAP-Authentication-Monitor works great and with it working I can even get rid of the TCP Monitor that checks port 389 (LDAP default). 
&nbsp;  
&nbsp; Thank you! 
&nbsp;  
&nbsp; Timo

Forum Discussion

Health Monitor for LDAP-Node

3 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Health monitor question

F5 Distributed Cloud - Regional Edge Health Monitoring Insights

iRule based RADIUS Health Monitor Builder

GTM health Monitoring and Probe

Losing Requests because of health monitoring