The Brocade ADX offers two methods for binding multiple ports to a single healthcheck ; via the use of a port profile or by using healthcheck element groups.
The main caveat when using a port profile is that you can only bind a non well-known port to the healthcheck of a well known port.
And also that the configuration for the port is global across the ADX.
Within this article we will focus on the configuration steps for configuring healthcheck elements.
Configuration
The configuration is pretty standard. You configure your healthchecks and assign them to your real servers.
The key command, however, is ‘hc-track-port 80 443’. This command instructs the ADX to track the health status of the master port (in this case 80) and bind the health to a secondary port (in this case port 443).
This ensures if the master port goes down traffic is also not sent to the secondary port.
healthck 192.168.100.1-hc tcp dest-ip 192.168.100.1 port http protocol http protocol http url "GET /healthcheck.html" l7-check ! healthck 192.168.100.2-hc tcp dest-ip 192.168.100.2 port http protocol http protocol http url "GET /healthcheck.html" l7-check ! server real web1_192.168.100.1 192.168.100.1 port http port http healthck 192.168.100.1-hc port http keepalive port http url "GET /" port ssl port ssl keepalive hc-track-port 80 443 ! server real web2_192.168.100.2 192.168.100.2 port http port http healthck 192.168.100.2-hc port http keepalive port http url "GET /" port ssl port ssl keepalive hc-track-port 80 443
Gotcha
Based on the configuration above consider the following scenario. Port 80 is marked as failed for a real server after the port failed its healthcheck. However when running a ‘show server bind’ you notice that ssl is still showing as active even though you have grouped these 2 ports via the use of the ‘hc-track-port’ command.
[email protected]# show hc-track-port-state Real Server track-port state
web1_192.168.100.1 80 443 DOWN
web2_192.168.100.2 80 443 ACTIVE
Based on this output, you can see that the group is marked as ‘DOWN’. Meaning that the ADX will not send any traffic to either port 80 or 443, even though the port shows as active within ‘show server bind’.
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become a networking expert?
Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial