Forum Discussion

mlick2's avatar
mlick2
Icon for Nimbostratus rankNimbostratus
Jul 02, 2007

External monitoring

Below is a brief outline of what we are trying to accomplish:

 

 

1. User logs in to a website and is tracked in some way, assuming a cookie

 

2. A monitor will watch cpu usage on an database server

 

3. If the cpu usage goes above a certain percentage, deny any new users, but allow the existing users to continue

 

4. When cpu falls below threshold, begin to allow new users

 

 

We originally started down the road of using the HTTP_SESSION_LIMIT iRule, but quickly found that it did not work for our scenario because the clients close their connection almost immediately after connecting, therefore our active sessions was always at zero. So we have decided that monitoring the db cpu is a more desired approach. I think we can still leverage the session counting portion of this iRule, but we need assistance with how we setup the monitoring of the cpu and feed that information into the iRule.

 

 

I have somewhat discovered it looks like we are going to have to use iControl to do this. I have gone over alot of the tutorials and forums, but can't figure out how to actually get started. The main questions I have are:

 

 

- Are we on the right track looking at iControl?

 

- Are iRules still used, or does the entire process now take place within iControl?

 

- What is my first step to getting started with iControl?

 

 

I have no programming experience what so ever.. All of this is very new to us so any help will be very much appreciated.

 

 

Thanks,

 

Matt
dev
devops
iControl

2 Replies

Sort By
  • Don_MacVittie_1's avatar
    Don_MacVittie_1
    Historic F5 Account
    Jul 30, 2007
    Hi Matt,

     

     

    First off, there are several different ways to tackle this problem, each with its own architectural strengths and weaknesses. I'll touch on the ones I know of, and if I miss anything, someone will tag on, I'm sure.

     

     

    1. Use WMI or SNMP with a custom Monitor. This would allow you to get information from the DB about its status and use a global variable in an iRule to deny access if the CPU usage is too high. This method creates a lag while the BIG-IP waits for the system to return information.

     

    2. Use iControl to monitor the CPU on the DB server and set an iRule to deny access (again with a global to say whether access should be denied or not). From iControl, iRules can be enabled and disabled relatively easily. This method is basically recreating a monitor - but on the DB server.

     

    3. Do it all with iRules and WMI or SNMP. This again would recreate the reason monitors exist, and due to the interpreted nature of iRules combined with the remote call would be the slowest of the three options.

     

     

    To get started with iControl, make sure that your development environment of choice is installed, and download the API from the download section - there are samples and step-by-step documents there and on the iControl wiki. Joe and I have also written some documents and filmed some videos to help get started with different languages - these are accessible through the "Documents|Tutorials" menu, above.

     

     

    I hope this at least gets you pointed in directions to start looking.

     

     

    Don.

     

     

  • Deb_Allen_18's avatar
    Deb_Allen_18
    Historic F5 Account
    Aug 04, 2007
    Hi Matt -- I'll just throw in my 2c as well.

     

     

    While you can use iRules to affect node status, I don't think there's any good way to also pull in the stats you'd need to make the decision to change the status.

     

     

    You could either use a custom scripted external monitor or iControl to both retrieve/evaluate server stats AND set the pool member status to DISABLED (allow new connections for persistent sessions only) rather than DOWN (reject all new connections).

     

     

    The iControl solution is preferred. The best way to implement that would be to write an iControl script that runs on each DB server, monitoring CPU load and toggling the pool member status between UP and DISABLED based on that info. To ensure service availability, I'd recommend implementing an LTM-based service monitor against the pool members as well, and have the iControl script simply exit if the reported pool member status is already showing DOWN.

     

     

    If you decided to go for the monitor-based solution, you'd need to use a custom external monitor for a couple of reasons:

     

    1) The standard built-in health monitors by design are binary -- pool member is either UP or DOWN based on whether the expected response was received. To set nodes to DISABLED rather than having the node marked UP or DOWN by the monitor daemon, you'd need to use an external monitor to run snmpget against the server, evaluate the result & issue the appropriate bigpipe command to change the pool member status.

     

    2) The WMI and SNMP monitors are a special case, and can't exactly be used to give the result you're looking for. These monitors don't check service availability & mark pool members UP & DOWN like a normal monitor does. They are what we call "performance monitors", and are meant to be used with the Dynamic Ratio LB mode to determine the best candidate server. The monitor derives a dynamic ratio value of a pool member based on the configured statistics, and that value is then compared with that of the other pool members to choose the load balancing target.

     

     

    HTH

     

    /deb