You create a service monitor to define health check parameters for a particular type of network traffic. When you associate a service monitor with a pool, the pool members are monitored according to the service monitor parameters.
Following types of monitors are supported: ICMP, TCP, UDP, HTTP, HTTPS, DNS, MSSQL, and LDAP.
Procedure
- Log in to the vSphere Web Client.
- Click Networking & Security > NSX Edges.
- Double-click an NSX Edge.
- Click Manage > Load Balancer > Service Monitoring.
- Click Add.
- Enter a Name for the service monitor.
Interval, Timeout, and Max Retries are common parameters for all types of health checks.
- Enter the Interval in seconds in which a server is to be tested.
The interval is the period in seconds that the monitor sends requests to the back-end server.
- Enter the Timeout value. In each health check, the timeout value is the maximum time in seconds within which a response from the server must be received.
- Enter the Max Retries. This value is the number of times the server is tested before it is declared DOWN.
For example, if Interval is set as 5 seconds, Timeout as 15 seconds, and Max Retries as 3, it means that the NSX load balancer probes the back-end server every 5 seconds. In each probe, if the expected response is received from server within 15 seconds, then the health check result is OK. If not, the result is CRITICAL. If the recent three health check results are all DOWN, the server is marked as DOWN.
- From the Type drop-down menu, select how to send the health check request to the server . Monitor types that are supported are ICMP, TCP, UDP, HTTP, HTTPS, DNS, MSSQL, and LDAP. Three predefined monitors are embedded in the system: default_tcp_monitor, default_http_monitor, and default_https_monitor.
- If you select ICMP as the monitor type, no other parameters are applicable. Leave other parameters empty.
- If you select TCP as the monitor type, three more parameters are available: Send, Receive, and Extension.
- Send (optional) - The string sent to the back-end server after a connection is established. The maximum permitted string length is 256 characters.
- Receive (optional) Enter the string to be matched. This string can be a header or in the body of the response. When the received string matches this definition, the server is considered UP.
- Extension: Enter advanced monitor parameters as key=value pairs in the Extension section.
A sample extension, warning=10, indicates that if a server does not respond within 10 seconds, the status is set as warning.
All extension items must be separated with a carriage return character.
Table 1. Extensions for TCP Protocol Monitor Extension Description escape Can use \n, \r, \t, or \ in send or quit string. Must come before send or quit option. Default: nothing added to send, \r\n added to end of quit. all All expect strings need to occur in server response. Default is any. quit=STRING String to send to server to initiate a clean close of the connection. refuse=ok|warn|crit Accept TCP refusals with states: ok, warn, or criti Default is crit. mismatch=ok|warn|crit Accept expected string mismatches with states: ok, warn, or crit. Default is warn. jail Hide output from TCP socket. maxbytes=INTEGER Close connection once more than the specified number of bytes are received. delay=INTEGER Seconds to wait between sending string and polling for response. certificate=INTEGER[,INTEGER] Minimum number of days a certificate has to be valid. The first value is #days for warning and the second value is critical (if not specified - 0). warning=DOUBLE Response time in seconds to result in warning status. critical=DOUBLE Response time in seconds to result in critical status.
- If you select HTTP or HTTPS as the monitor type, perform the following steps:
- Expected (optional) - Enter the string that the monitor expects to match in the status line of HTTP response in the Expected section. This is a comma-separated list.
For example, 200,301,302,401.
- Method (optional) - Select the method to detect server status from the drop-down menu: GET, OPTIONS, or POST.
- URL (optional) - Enter the URL to GET or POST ("/" by default).
- If you select the POST method, enter the data to be sent in the Bold section.
- Enter the string to be matched in the response content in the Receive section. This string can be a header or in the body of the response.
If the string in the Expected section is not matched, the monitor does not try to match the Receive content.
Example of JSON format: Validate response contains "{"Healthy":true}": receive={\"Healthy\":true}
- Extension: Enter advanced monitor parameters as key=value pairs in the Extension section.
A sample extension, warning=10, indicates that if a server does not respond within 10 seconds, the status is set as warning.All extension items should be separated with a carriage return character.Note: For eregi, regex, and ereg, if the string contains { } and “, then you must add a character \ before parsing the string for JSON format. Example of JSON format: Validate response contains "{"Healthy":true}": eregi="\{\"Healthy\":true\}".
Table 2. Extensions for HTTP/HTTPS Protocol Monitor Extension Description no-body Do not wait for document body: stop reading after headers. Note that this still does an HTTP GET or POST, not a HEAD. ssl-version=3 Force SSL handshake using sslv3.
sslv3 and tlsv1 are deactivated in the health check option by default.
ssl-version=10 Force SSL handshake using tls 1.0. ssl-version=11 Force SSL handshake using tls 1.1. ssl-version=12 Force SSL handshake using tls 1.2. max-age=SECONDS Warn if document is more than SECONDS old. The number can also be in the form 10m for minutes, 10h for hours, or 10d for days. content-type=STRING Specify Content-Type header media type in POST calls. linespan Allow regex to span newlines (must precede -r or -R). regex=STRING or ereg=STRING Search page for regex STRING. eregi=STRING Search page for case-insensitive regex STRING. For example:
- Validate response contains "OK1" or "OK2": eregi="(OK1|OK2)"
- Validate response contains "{"Healthy":true}": eregi="{\"Healthy\":true}"
invert-regex Return CRITICAL if found, OK if not. proxy-authorization=AUTH_PAIR Username:password on proxy-servers with basic authentication. useragent=STRING String to be sent in HTTP header as User Agent. header=STRING Any other tags to be sent in HTTP header. Use multiple times for additional headers. For example:
header="Host: app1.xyz.com
onredirect=ok|warning|critical|follow|sticky|stickyport How to handle redirected pages. sticky is like follow but stick to the specified IP address. stickyport also ensures port stays the same. pagesize=INTEGER:INTEGER Minimum page size required (bytes) : Maximum page size required (bytes). warning=DOUBLE Response time in seconds to result in warning status. critical=DOUBLE Response time in seconds to result in critical status. expect = STRING Comma-delimited list of strings, at least one of them is expected in the first (status) line of the server response (default: HTTP/1. If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)
string = STRING String to expect in the content. url = PATH URL to GET or POST (default: /). post = STRING URL to encode http POST data. method = STRING Set HTTP method (for example, HEAD, OPTIONS, TRACE, PUT, DELETE). timeout = INTEGER Seconds before connection times out (default is 10 seconds). header=Host:host_name -H host_name host_name is a valid host name or an FQDN of the host.
Table 3. Extensions for HTTPS Protocol Monitor Extension Description certificate=INTEGER Minimum number of days a certificate has to be valid. Port defaults to 443. When this option is used the URL is not checked. authorization=AUTH_PAIR Username:password on sites with basic authentication. ciphers=’ECDHE-RSA-AES256-GCM-SHA384’ Display ciphers used in HTTPS health check.
- Expected (optional) - Enter the string that the monitor expects to match in the status line of HTTP response in the Expected section. This is a comma-separated list.
- If you select UDP as the monitor type, perform the following steps:
- Send (required): Enter the string to be sent to the back-end server after a connection is established.
- Receive (required): Enter the string expected to receive from back-end server. Only when the received string matches this definition, is the server is considered as UP.
Note:No extension is supported by the UDP monitor.
- If you select DNS as the monitor type, perform the following steps:
- Send (required): Enter the string to be sent to back-end server after a connection is established.
- Receive: Enter the string expected to receive from the back-end server. Only when the received string matches this definition, the server is considered as UP.
- Extension: Enter advanced monitor parameters as key=value pairs in the Extension section.
A sample extension, warning=10, indicates that if a server does not respond within 10 seconds, the status is set as warning. This monitor type supports only TCP protocol.
All extension items must be separated with a carriage return character.
Table 4. Extensions for DNS Protocol Monitor Extension Description querytype=TYPE Optional: DNS record query type where TYPE =A, AAAA, SRV, TXT, MX, CNAME, ANY.
- A=IPv4 host address
- AAAA=Ipv6 host address
- SRV= Service locator
- TXT=Text record
- MX=Mail Exchange for the domain record
- CNAME=The Canonical name of an alias record
The default query type is A.
expect-authority Optional: Expect the DNS server to be authoritative for the lookup.
accept-cname Optional: Accept cname responses as a valid result to a query. It is used with querytype=CNAME together.
The default is to ignore the cname responses as part of the result.
warning=seconds Optional: Returns a WARNING message if the time elapse exceeds the provided value.
Default is set to off.
critical=seconds Optional: Returns a CRITICAL alert message if the time elapse exceeds the provided value. Default is set to off.
- If you select MSSQL as the monitor type, perform the following steps:
- Send: Enter the string to be run on the back-end server after a connection is established.
- Receive: Enter the string expected to receive from the back-end server. Only when the received string matches this definition, the server is considered as UP.
- User Name, Password and Confirm password (required): Enter the required user name, password, and confirm the entered password. As monitor is associated with a pool, you must set MSSQL servers in the pool with the same user name and password that is specified here.
- Extension: Enter advanced monitor parameters as key=value pairs in the Extension section.
A sample extension, warning=10, indicates that if a server does not respond within 10 seconds, the status is set as warning.
All extension items must be separated with a carriage return character.
Table 5. Extensions for MSSQL Protocol Monitor Extension Description database=DBNAME Optional: Database name to connect to.
This extension is required when the parameter Send or storedproc is used.storedproc=STOREPROC Optional: Stored procedure to run against the MSSQL server.
- If you select LDAP as the monitor type, perform the following steps:
- Password and Confirm password (optional): Enter the required password and confirm the entered password.
- Extension: Enter advanced monitor parameters as key=value pairs in the Extension section.
A sample extension, warning=10, indicates that if a server does not respond within 10 seconds, the status is set as warning.
All extension items must be separated with a carriage return character.
Table 6. Extensions for LDAP Protocol Monitor Extension Description attr=’ATTR’ Optional: LDAP attribute to search (default: ‘(objectclass=*)’.
You must use attr together with crit-entires range.
base=’cn=admin,dc=example,dc=com’ Required: LDAP base (For example, ou=my unit, o=my org, c=at.
ver2 or ver3 Optional:
- ver2: Use LDAP protocol version 2.
- ver3: Use LDAP protocol version 3.
Default protocol version is ver2.
bind=BINDDN Optional: LDAP bind distinguished name (DN) (if necessary).
For more information, refer to https://www.ldap.com/the-ldap-bind-operation.
crit=DOUBLE Optional: Response time to result in CRITICAL status (seconds). crit-entries=low:high Optional: Number of found entries to result in critical status. If the number of found entries is out of range [low, high], then the health check result is CRITICAL.
- Click OK.
What to do next
Associate a service monitor with a pool.