Brocade ADX: Bind Multiple Ports to a Single Healthcheck

The Brocade ADX offers two methods for binding multiple ports to a single healthcheck ; via the use of a port profile or by using healthcheck element groups.

The main caveat when using a port profile is that you can only bind a non well-known port to the healthcheck of a well known port.
And also that the configuration for the port is global across the ADX.

Within this article we will focus on the configuration steps for configuring healthcheck elements.

Configuration

The configuration is pretty standard. You configure your healthchecks and assign them to your real servers.
The key command, however, is ‘hc-track-port 80 443’. This command instructs the ADX to track the health status of the master port (in this case 80) and bind the health to a secondary port (in this case port 443).
This ensures if the master port goes down traffic is also not sent to the secondary port.

healthck 192.168.100.1-hc tcp
  dest-ip 192.168.100.1
  port http
  protocol http
  protocol http url "GET /healthcheck.html"
  l7-check
!
 healthck 192.168.100.2-hc tcp
  dest-ip 192.168.100.2
  port http
  protocol http
  protocol http url "GET /healthcheck.html"
  l7-check
!
 server real web1_192.168.100.1 192.168.100.1
 port http
 port http healthck 192.168.100.1-hc
 port http keepalive
 port http url "GET /"
 port ssl
 port ssl keepalive
 hc-track-port 80 443
!
server real web2_192.168.100.2 192.168.100.2
 port http
 port http healthck 192.168.100.2-hc
 port http keepalive
 port http url "GET /"
 port ssl
 port ssl keepalive
 hc-track-port 80 443

Gotcha

Based on the configuration above consider the following scenario. Port 80 is marked as failed for a real server after the port failed its healthcheck. However when running a ‘show server bind’ you notice that ssl is still showing as active even though you have grouped these 2 ports via the use of the ‘hc-track-port’ command.

SSH@ADX# show hc-track-port-state
Real Server                                               track-port   state

web1_192.168.100.1                                        80 443       DOWN
web2_192.168.100.2                                        80 443       ACTIVE

Based on this output, you can see that the group is marked as ‘DOWN’. Meaning that the ADX will not send any traffic to either port 80 or 443, even though the port shows as active within ‘show server bind’.

• Author
• Recent Posts

Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Latest posts by Rick Donato (see all)

• How to Configure a BIND Server on Ubuntu - March 15, 2018
• What is a BGP Confederation? - March 6, 2018
• Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial