You create a service monitor to define health check parameters for a particular type of network traffic. When you associate a service monitor with a pool, the pool members are monitored according to the service monitor parameters.

Following types of monitors are supported: ICMP, TCP, UDP, HTTP, HTTPS, DNS, MSSQL, and LDAP.

Procedure

  1. Log in to the vSphere Web Client.
  2. Click Networking & Security and then click NSX Edges.
  3. Double-click an NSX Edge.
  4. Click Manage and then click the Load Balancer tab.
  5. In the left navigation panel, click Service Monitoring.
  6. Click the Add (Add icon.) icon.
  7. Enter a Name for the service monitor.

    Interval, Timeout, and Max Retries are common parameters for all types of health checks.

  8. Enter the Interval in seconds in which a server is to be tested.

    The interval is the period of time in seconds that the monitor sends requests to the back-end server.

  9. Enter the Timeout. In each health check, the timeout value is the maximum time in seconds within which a response from the server must be received.
  10. Enter the Max Retries. This value is the number of times the server is tested before it is declared DOWN.

    For example, if Interval is set as 5 seconds, Timeout as 15 seconds, and Max Retries as 3, it means NSX load balancer will probe backend server every 5 seconds. In each probe, if the expected response is received from server within 15 seconds, then the health check result is OK. If not, then the result is CRITICAL. If the recent three health check results are all DOWN, the server is marked as DOWN.

  11. Select the way in which to send the health check request to the server from the drop-down menu. Monitor types that are supported are ICMP, TCP, UDP, HTTP, HTTPS, DNS, MSSQL, and LDAP. Three predefined monitors are embedded in the system: default_tcp_monitor, default_http_monitor, and default_https_monitor.
  12. If you select ICMP as the monitor type, then no other parameters are applicable. Leave other parameters empty.
  13. If you select TCP as the monitor type, three more parameters are available: Send, Receive, and Extension.
    1. Send (optional) - The string sent to the backend server after a connection is established.
    2. Receive (optional) Enter the string to be matched. This string can be a header or in the body of the response. Only when the received string matches this definition is the server considered UP.
    3. Extension: Enter advanced monitor parameters as key=value pairs in the Extension section.

      A sample extension, warning=10, indicates that if a server does not respond within 10 seconds, the status is set as warning.

      All extension items should be separated with a carriage return character.

      Table 1. Extensions for TCP Protocol

      Monitor Extension

      Description

      escape

      Can use \n, \r, \t, or \ in send or quit string. Must come before send or quit option. Default: nothing added to send, \r\n added to end of quit.

      all

      All expect strings need to occur in server response. Default is any.

      quit=STRING

      String to send to server to initiate a clean close of the connection.

      refuse=ok|warn|crit

      Accept TCP refusals with states ok, warn, or criti Default is crit.

      mismatch=ok|warn|crit

      Accept expected string mismatches with states ok, warn, or crit. Default is warn.

      jail

      Hide output from TCP socket.

      maxbytes=INTEGER

      Close connection once more than the specified number of bytes are received.

      delay=INTEGER

      Seconds to wait between sending string and polling for response.

      certificate=INTEGER[,INTEGER]

      Minimum number of days a certificate has to be valid. The first value is #days for warning and the second value is critical (if not specified - 0).

      warning=DOUBLE

      Response time in seconds to result in warning status.

      critical=DOUBLE

      Response time in seconds to result in critical status.

  14. If you select HTTP or HTTPS as the monitor type, perform the steps below.
    1. Expected (optional) - Enter the string that the monitor expects to match in the status line of HTTP response in the Expected section. This is a comma separated list.

      For example, 200,301,302,401.

    2. Method (optional) - Select the method to detect server status from the drop-down menu: GET, OPTIONS, or POST.
    3. URL (optional) - Enter the URL to GET or POST ("/" by default).
    4. If you select the POST method, enter the data to be sent in the Bold section.
    5. Enter the string to be matched in the response content in the Receive section. This string can be a header or in the body of the response.

      If the string in the Expected section is not matched, the monitor does not try to match the Receive content.

      Example of JSON format: Validate response contains "{"Healthy":true}": receive={\"Healthy\":true}

    6. Extension: Enter advanced monitor parameters as key=value pairs in the Extension section.

      A sample extension, warning=10, indicates that if a server does not respond within 10 seconds, the status is set as warning.

      All extension items should be separated with a carriage return character.

      Note:

      For eregi, regex, and ereg, if the string contains { } and “, then you must add a character \ before parsing the string for JSON format. Example of JSON format: Validate response contains "{"Healthy":true}": eregi="\{\"Healthy\":true\}".

      Table 2. Extensions for HTTP/HTTPS Protocol

      Monitor Extension

      Description

      no-body

      Do not wait for document body: stop reading after headers. Note that this still does an HTTP GET or POST, not a HEAD.

      ssl-version=3

      Force SSL handshake using sslv3.

      sslv3 and tlsv1 are disabled in the health check option by default.

      ssl-version=10

      Force SSL handshake using tls 1.0.

      ssl-version=11

      Force SSL handshake using tls 1.1.

      ssl-version=12

      Force SSL handshake using tls 1.2.

      max-age=SECONDS

      Warn if document is more than SECONDS old. The number can also be in the form 10m for minutes, 10h for hours, or 10d for days.

      content-type=STRING

      Specify Content-Type header media type in POST calls.

      linespan

      Allow regex to span newlines (must precede -r or -R).

      regex=STRING or ereg=STRING

      Search page for regex STRING.

      eregi=STRING

      Search page for case-insensitive regex STRING.

      For example:

      • Validate response contains "OK1" or "OK2": eregi="(OK1|OK2)"

      • Validate response contains "{"Healthy":true}": eregi="{\"Healthy\":true}"

      invert-regex

      Return CRITICAL if found, OK if not.

      proxy-authorization=AUTH_PAIR

      Username:password on proxy-servers with basic authentication.

      useragent=STRING

      String to be sent in HTTP header as User Agent.

      header=STRING

      Any other tags to be sent in HTTP header. Use multiple times for additional headers.

      For example:

      header="Host: app1.xyz.com

      onredirect=ok|warning|critical|follow|sticky|stickyport

      How to handle redirected pages. sticky is like follow but stick to the specified IP address. stickyport also ensures port stays the same.

      pagesize=INTEGER:INTEGER

      Minimum page size required (bytes) : Maximum page size required (bytes).

      warning=DOUBLE

      Response time in seconds to result in warning status.

      critical=DOUBLE

      Response time in seconds to result in critical status.

      expect = STRING

      Comma-delimited list of strings, at least one of them is expected in the first (status) line of the server response (default: HTTP/1. If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)

      string = STRING

      String to expect in the content.

      url = PATH

      URL to GET or POST (default: /).

      post = STRING

      URL to encode http POST data.

      method = STRING

      Set HTTP method (for example, HEAD, OPTIONS, TRACE, PUT, DELETE).

      timeout = INTEGER

      Seconds before connection times out (default is 10 seconds).

      Table 3. Extensions for HTTPS Protocol

      Monitor Extension

      Description

      certificate=INTEGER

      Minimum number of days a certificate has to be valid. Port defaults to 443. When this option is used the URL is not checked.

      authorization=AUTH_PAIR

      Username:password on sites with basic authentication.

      ciphers=’ECDHE-RSA-AES256-GCM-SHA384’

      Display ciphers used in HTTPS health check.

  15. If you select UDP as the monitor type, perform the steps below:
    1. Send (required): Enter the string to be sent to back-end server after a connection is established.
    2. Receive (required): Enter the string expected to receive from back-end server. Only when the received string matches this definition, is the server is considered as UP.
    Note:

    No extension is supported by UDP monitor.

  16. If you select DNS as the monitor type, perform the following steps:
    1. Send (required): Enter the string to be sent to back-end server after a connection is established.
    2. Receive (required): Enter the string expected to receive from back-end server. Only when the received string matches this definition, the server is considered as UP.
    3. Extension: Enter advanced monitor parameters as key=value pairs in the Extension section.

      A sample extension, warning=10, indicates that if a server does not respond within 10 seconds, the status is set as warning.

      All extension items should be separated with a carriage return character.

    Table 4. Extensions for DNS Protocol

    Monitor Extension

    Description

    querytype=TYPE

    Optional: DNS record query type where TYPE =A, AAAA, SRV, TXT, MX, CNAME, ANY.

    • A=IPv4 host address

    • AAAA=Ipv6 host address

    • SRV= Service locator

    • TXT=Text record

    • MX=Mail Exchange for the domain record

    • CNAME=The Canonical name of an alias record

    The default query type is A.

    expect-authority

    Optional: Expect the DNS server to be authoritative for the lookup.

    accept-cname

    Optional: Accept cname responses as a valid result to a query. It is used with querytype=CNAME together.

    The default is to ignore the cname responses as part of the result.

    warning=seconds

    Optional: Returns a WARNING message if the time elapse exceeds the provided value.

    Default is set to off.

    critical=seconds

    Optional: Returns a CRITICAL alert message if the time elapse exceeds the provided value.

    Default is set to off.

  17. If you select MSSQL as the monitor type, perform the following steps:
    1. Send: Enter the string to be executed on the back-end server after a connection is established.
    2. Receive: Enter the string expected to receive from the back-end server. Only when the received string matches this definition, the server is considered as UP.
    3. User Name, Password and Confirm password (required): Enter the required user name, password and confirm the entered password. As monitor is associated with a pool, you must set MSSQL servers in the pool with the same user name and password that is specified here.
    4. Extension: Enter advanced monitor parameters as key=value pairs in the Extension section.

      A sample extension, warning=10, indicates that if a server does not respond within 10 seconds, the status is set as warning.

      All extension items should be separated with a carriage return character.

    Table 5. Extensions for MSSQL Protocol

    Monitor Extension

    Description

    database=DBNAME

    Optional: Database name to connect to.

    This field is required when the parameter Send or storedproc is used.

    storedproc=STOREPROC

    Optional: Stored procedure to execute against the MSSQL server.

  18. If you select LDAP as the monitor type, perform the following steps:
    1. Password and Confirm password (optional): Enter the required password and confirm the entered password.
    2. Extension: Enter advanced monitor parameters as key=value pairs in the Extension section.

      A sample extension, warning=10, indicates that if a server does not respond within 10 seconds, the status is set as warning.

      All extension items should be separated with a carriage return character.

    Table 6. Extensions for LDAP Protocol

    Monitor Extension

    Description

    attr=’ATTR’

    Optional: LDAP attribute to search (default: ‘(objectclass=*)’.

    You must use attr together with crit-entires range.

    For more information, refer to https://www.centos.org/docs/5/html/CDS/ag/8.0/Finding_Directory_Entries-LDAP_Search_Filters.html.

    base=’cn=admin,dc=example,dc=com’

    Required: LDAP base (For example, ou=my unit, o=my org, c=at.

    ver2 or ver3

    Optional:

    • ver2: Use LDAP protocol version 2.

    • ver3: Use LDAP protocol version 3.

    Default protocol version is ver2.

    bind=BINDDN

    Optional: LDAP bind distinguished name (DN) (if required).

    For more information, refer to https://www.ldap.com/the-ldap-bind-operation.

    crit=DOUBLE

    Optional: Response time to result in CRITICAL status (seconds).

    crit-entries=low:high

    Optional: Number of found entries to result in critical status.

    If the number of found entries is out of range [low, high], then the health check result is CRITICAL.

  19. Click OK.

What to do next

Associate a service monitor with a pool.