A user intuition says that if you enable healt check (regardless of type L2/L3/L4 or L7) on a real server the ADX should continue to observer and availability of the server and react to changes. Unfortunately the default setting on the ADX for L4/L7 health checks are not working that way.
# example config
server real myserver1 10.0.0.1 port http port http keepalive port http url "HEAD /" port http l4-check-only port ssl port ssl l4-check-only ! server real myserver2 10.0.0.2 port http port http keepalive port http url "HEAD /" port http l4-check-only port ssl port ssl l4-check-only server virtual VIP_1.1.1.1 172.16.0.100 predictor least-conn port http port http csw-policy "redirect_ssl" port http csw port ssl sticky bind http myserver1 http myserver2 http bind ssl myserver1 ssl myserver2 ssl
When all applications run correctly we can see that the VIP status on the LB is tracked correctly:
#sh server bind Virtual server: VIP_108.166.11.177 Status: enabled IP: 172.16.0.100 http -------> myserver1: 10.0.0.1, http (Active) myserver2: 10.0.0.2, http (Active) ssl -------> myserver1: 10.0.0.1, ssl (Active) myserver2: 10.0.0.2, ssl (Active)
Problem
The LB is not changing status for the port 443 once the application is stopped on the server (myserver1 or myserver2)
Solution
By default the heal checks are performe only at the begining
http://www.brocade.com/support/Product_Manuals/ServerIron_SLBGuide/health.4.2.html
By default, the ServerIron ADX does not repeat the Layer 4 health check after bringing up the port when you bind the real server to the virtual server. However, you can enable a periodic keepalive health check for the port. To configure the keepalive health check globally, configure a port profile for the port. You also can enable or disable the keepalive health check on individual real servers.
Once you bind a real server to the virtual serve the ADX is not tracking the availability of the real server any more. To force the ADX to sent heal check requests on a regular basis to the real server to monitor its availability we have to enable the availability options like below.
conf t server real myserver1 port ssl keepalive server real myserver2 port ssl keepalive
The final configuratin is going to look like:
server real myserver1 10.0.0.1 port http port http keepalive port http url "HEAD /" port http l4-check-only port ssl port ssl l4-check-only port ssl keepalive ! server real myserver2 10.0.0.2 port http port http keepalive port http url "HEAD /" port http l4-check-only port ssl port ssl l4-check-only port ssl keepalive server virtual VIP_1.1.1.1 172.16.0.100 predictor least-conn port http port http csw-policy "redirect_ssl" port http csw port ssl sticky bind http myserver1 http myserver2 http bind ssl myserver1 ssl myserver2 ssl