Configuring and Testing an External Monitor

In follow-up to my post on Monitoring Access Policy Manager this post will walk you through how to assign the monitor to a GTM pool and simulate a down status to ensure GTM is configured correctly. If you do not know how to import the external monitor into GTM please reference SOL13423.

Someone asked what my external monitor configuration looked like (which is pretty basic) so I’ve included a screenshot below.

Example monitor for APM
Example monitor for APM

To add the external monitor to an existing GTM pool navigate to DNS -> GSLB -> Pools and select the application pool you’re looking to monitor. Under the Configuration tab move the apm_monitor from Available to Active. If you refresh the page after a few seconds you should see the Availability go green.

Adding monitor to GTM pool.
Adding monitor to GTM pool.

To simulate a down status you can update the external monitor to look for F6 versus F5.

  1. Navigate to System -> File Management -> External Monitor Program File List and select your APM monitor.
  2. Scroll towards the bottom and change the string “This product is licensed from F5 Networks” to “This product is licensed from F6 Networks”.
  3. Navigate to DNS -> GSLB -> Pools
  4. Verify that your APM pool is now red
Shows a GTM Pool as down
Shows a GTM Pool as down

Be sure to run through steps 1 through 4 again and set the monitor back to F5 otherwise the application will not work 🙂

A Living Architecture

Great overview of F5’s GTM capabilities. If you still think all we do is load balancing you’re missing all the cool stuff!

psilva's prophecies

You often hear people say, ‘oh, this is a living document,’ to indicate that the information is continually updated or edited to reflect changes that may occur during the life of the document. Your infrastructure is also living and dynamic. You make changes, updates or upgrades to address the ever changing requirements of your employees, web visitors, customers, partners, networks, applications and anything else tied to your systems.

This is also true for F5’s Reference Architectures. They too are living architectures.

F5’s Reference Architectures are the proof-points or customer scenarios that drive Synthesis to your data center and beyond.

When we initially built out these RA’s, we knew that they’d be continuously updated to not only reflect new BIG-IP functionality but also show new solutions to the changing challenges IT faces daily. We’ve recently updated the Intelligent DNS Scale Reference Architecture to include more security (DNSSEC) and to…

View original post 451 more words

Monitoring Access Policy Manager

I have a customer who recently needed to monitor the APM logon page but noticed the default HTTP monitor was eating up APM access sessions. To address this issue we need the HTTP monitor to retain the MRHSession cookie as it follows the redirect from / to /my.policy. After the monitor determines the health of the APM logon page it needs to also access the logout page to delete it’s current access session.

To accomplish this we can use the cookie jar option in curl:

  • -c create the cookie jar
  • -b uses an existing cookie jar

We also tell curl to follow redirects with the -L argument.

In the example code below the monitor is looking for the F5 licensing statement at the bottom of the APM logon page. If you’ve customized the APM logon page this monitor can easily be modified to fit your specific requirements. You can also download a PDF version of the file here.

Update: I’ve added a new post on Configuring and Testing an External Monitor if you need help adding this monitor to GTM.

#!/bin/sh
#
# (c) Copyright 1996-2014 F5 Networks, Inc.
#
# This software is confidential and may contain trade secrets that are the
# property of F5 Networks, Inc.  No part of the software may be disclosed
# to other parties without the express written consent of F5 Networks, Inc.
# It is against the law to copy the software.  No part of the software may
# be reproduced, transmitted, or distributed in any form or by any means,
# electronic or mechanical, including photocopying, recording, or information
# storage and retrieval systems, for any purpose without the express written
# permission of F5 Networks, Inc.  Our services are only available for legal
# users of the program, for instance in the event that we extend our services
# by offering the updating of files via the Internet.
#
# @(#) $Id: http_monitor_cURL+GET,v 1.0 2007/06/28 16:10:15 deb Exp $
# (based on sample_monitor,v 1.3 2005/02/04 18:47:17 saxon)
#
# these arguments supplied automatically for all external monitors:
# $1 = IP (IPv6 notation. IPv4 addresses are passed in the form 
#                         ::ffff:w.x.y.z
#                         where "w.x.y.z" is the IPv4 address)
# $2 = port (decimal, host byte order)
#

# remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)
IP=`echo ${1} | sed 's/::ffff://'`
PORT=${2}

PIDFILE="/var/run/`basename ${0}`.${IP}_${PORT}.pid"
# kill of the last instance of this monitor if hung and log current pid
if [ -f $PIDFILE ]
then
   echo "EAV exceeded runtime needed to kill ${IP}:${PORT}" | logger -p local0.error
   kill -9 `cat $PIDFILE` > /dev/null 2>&1
fi
echo "$$" > $PIDFILE

# send request & check for expected response
curl -Lsk https://${IP}:${PORT} -c cookiejar.txt | grep "This product is licensed from F5 Networks" > /dev/null

# mark node UP if expected response was received
if [ $? -eq 0 ]
then
    rm -f $PIDFILE
    echo "UP"
else
    rm -f $PIDFILE
fi

# delete APM session
curl -Lsk https://${IP}:${PORT}/my.logout.php3 -b cookiejar.txt > /dev/null
exit

Continue reading