Forum Discussion

Perry_71428's avatar
Perry_71428
Icon for Nimbostratus rankNimbostratus
Mar 11, 2010

F5 Monitor Issue

Hi

 

 

All our websites are managed in a standard F5 Virtual Server / Pool / Node way.

 

 

We have health monitors running against the pools and nodes. These are set to run every 5 seconds. These are simple tcp port 80 monitors. They are not HTTP GETs.

 

 

When our website receives a new session request, it creates a session record in our database for later analysis, storing the ip of the request from the http x-forwarded-for attribute passed in by the F5.

 

 

Amongst the real traffic, I am seeing database records being created from the internal ip's of our F5 units every 5 seconds indicating that somewhere, the F5 itself is actually making calls direct to our website.

 

 

This must be coming from a monitor but for the life of me I cannot find the culprit.

 

 

Every pool is a simple TCP port 80 monitor and every node is a simple icmp monitor.

 

 

There is another monitor set up, lets call it monitorA, which does do a website GET which says it has some instances attached but when I review the pools & nodes listed, none of them list the monitorA as a healthcheck.

 

 

I have disabled these monitor instances, but still these records are being created in our database by our website. I cannot delete the monitor due to the instances existing.

 

 

Is this a case where the F5 needs to be rebooted to clear itself, as I cannot work out where these calls to the website are coming from.

 

 

Any ideas?

 

 

Thanks

 

 

 

 

management
monitoring

8 Replies

Sort By
  • Perry_71428's avatar
    Perry_71428
    Icon for Nimbostratus rankNimbostratus
    Mar 12, 2010
    Hi Aaron

     

     

    Thanks for the help

     

     

    We do have a redundant pair of F5's and they are synched. The database logs are recording two calls from each of the F5's ip every 5 seconds. It must be a monitor somewhere that is doing it but having gone through 50+ pools and 50+ nodes I can't find it!

     

     

    I'll try and check out the things you suggested, but booting the devices if it comes to that is something I'll have to get done out of hours.

     

     

    Thanks

     

     

    Perry
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Mar 12, 2010
    Hi Perry,

     

     

    No problem. I'd check for a default node monitor first and then use the grep command. You should be able to find the monitor association with those methods.

     

     

    Aaron
  • smp_86112's avatar
    smp_86112
    Icon for Cirrostratus rankCirrostratus
    Mar 12, 2010
    I guess I think about this as, there are only a limited number of places that a monitor can be applied, right? The Pool level, the Pool Member level, the Node level, or the Default Node level. Have you confirmed that you have checked all four of these places?
  • Perry_71428's avatar
    Perry_71428
    Icon for Nimbostratus rankNimbostratus
    Mar 15, 2010
    Hi

     

     

    Sorry for no replies - I am relooking at this issue today. Will post when I have done the analysis suggested.

     

     

    Thanks

     

     

    Perry
  • Perry_71428's avatar
    Perry_71428
    Icon for Nimbostratus rankNimbostratus
    Mar 15, 2010
    Hi

     

     

    Managed to get the bigip.conf file using WinSCP and have found the offending section referencing the problem monitorA

     

     

    shell write partition Seatwave

     

    pool pool_name {

     

    monitor all monitorA

     

    members

     

    xx.xxx.xxx.xxx:http

     

    down

     

    session disable

     

    ....

     

    }

     

     

    The interesting thing is I cannot see the pool "pool_name" on the UI at all - I'd like to delete it, and then delete the monitorA.

     

     

    Any ideas why that is when I am logged on as an administrator?

     

     

    Thanks

     

     

    Perry
  • Perry_71428's avatar
    Perry_71428
    Icon for Nimbostratus rankNimbostratus
    Mar 15, 2010
    Aha - I think its to do with partitions.

     

     

    All the main configuration is in the "Common" partition, as is the definition of the monitorA, but the problem pool referencing monitorA is in the "Seatwave" partition.

     

     

    I can't see anywhere in the UI to move around partitions - how can I get access to the "Seatwave" partition in order delete the pool, so I can return to the Common partition to delete the monitor?

     

     

    Perry
  • smp_86112's avatar
    smp_86112
    Icon for Cirrostratus rankCirrostratus
    Mar 15, 2010
    Nicely done. Obviously I need to amend my statement about there only being four places to apply a monitor - I did not consider alternate partitions.

     

     

    I don't run a version of software that uses partitions yet. But I do know one way is to move that section of the config file to a spot underneath the "Common" partition. Then after you save it, load the config by executing "b config load".

     

     

    Alternatively, you can change to a different partition by selecting it from the drop-down list of partitions in the upper right-hand corner of the admin GUI. But I think you will only be able to delete it from one partition, change to the Common partition, and then re-create it. I don't know this for certain, but I suspect you would not be able to duplicate a pool using the same name in a different partition. I could be wrong about that - might be worth a shot.
  • Perry_71428's avatar
    Perry_71428
    Icon for Nimbostratus rankNimbostratus
    Mar 15, 2010
    Got it - thanks! All tidied up as required.

     

     

    One thing to note is that the partition drop down doesn't get enabled until you select something in the Local Traffic menu.

     

     

    The only reason the second partition exists is down to our managed host and the way they originally wanted to manage our level of permissions to the boxes. Now we have full control we can keep it nice and simple and do everything in "Common".