Search This Blog

Monday, July 29, 2013

Default ADX Brocade health settings

On Broacde ADX load balancer we configure virtual server (as a virtual IP used to load balancer the incoming traffic) and real servers as resources where the reqeusts should be sent to (aka pool members).

A user intuition says that if you enable healt check (regardless of type  L2/L3/L4 or L7) on a real server the ADX should continue to observer and availability of the server and react to changes. Unfortunately the default setting on the ADX for L4/L7 health checks are not working that way.

# example config
 
server real myserver1 10.0.0.1
 port http
 port http keepalive
 port http url "HEAD /"
 port http l4-check-only
 port ssl
 port ssl l4-check-only
!
server real myserver2 10.0.0.2
 port http
 port http keepalive
 port http url "HEAD /"
 port http l4-check-only
 port ssl
 port ssl l4-check-only

server virtual VIP_1.1.1.1 172.16.0.100
 predictor least-conn
 port http
 port http csw-policy "redirect_ssl"
 port http csw
 port ssl sticky
 bind http myserver1 http myserver2  http
 bind ssl myserver1 ssl myserver2  ssl

When all applications run correctly we can see that the VIP status on the LB is tracked correctly:
 
#sh server bind

Virtual server: VIP_108.166.11.177       Status: enabled  IP: 172.16.0.100
        http -------> myserver1: 10.0.0.1,  http (Active)
                      myserver2: 10.0.0.2,  http (Active)
         ssl -------> myserver1: 10.0.0.1,  ssl (Active)
                      myserver2: 10.0.0.2,  ssl (Active)

Problem

The LB is not changing status for the port 443 once the application is stopped on the server (myserver1 or myserver2)

Solution

By default the heal checks are performe only at the begining

http://www.brocade.com/support/Product_Manuals/ServerIron_SLBGuide/health.4.2.html

By default, the ServerIron ADX does not repeat the Layer 4 health check after bringing up the port when you bind the real server to the virtual server. However, you can enable a periodic keepalive health check for the port. To configure the keepalive health check globally, configure a port profile for the port. You also can enable or disable the keepalive health check on individual real servers.

Once you bind a real server to the virtual serve the ADX is not tracking the availability of the real server any more. To force the ADX to sent heal check requests on a regular basis to the real server to monitor its availability we have to enable the availability options like below.
 
conf t
server real myserver1
port ssl keepalive

server real myserver2
port ssl keepalive

The final configuratin is going to look like: 
 
server real myserver1 10.0.0.1
 port http
 port http keepalive
 port http url "HEAD /"
 port http l4-check-only
 port ssl
 port ssl l4-check-only
 port ssl keepalive
!
server real myserver2 10.0.0.2
 port http
 port http keepalive
 port http url "HEAD /"
 port http l4-check-only
 port ssl
 port ssl l4-check-only
 port ssl keepalive

server virtual VIP_1.1.1.1 172.16.0.100
 predictor least-conn
 port http
 port http csw-policy "redirect_ssl"
 port http csw
 port ssl sticky
 bind http myserver1 http myserver2  http
 bind ssl myserver1 ssl myserver2  ssl
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)