Pools operating at a low capacity-f5-all
Vendor: f5
OS: all
Description:
indeni will alert if the the number of members available in the pool is too low, based on the percentage of members available out of the total.
Remediation Steps:
Log into the device and examine the status of the pool. Troubleshoot the application in case of failed monitors and verify that any disabled members is intentional.\nTroubleshooting steps for HTTP monitors:\n1. Log into the device through SSH.\n2. Issue the following command: echo -ne “” | nc .\n3. Make sure you get a response and that the response matches any receive string you have configured.\nExample:\necho -ne “GET / HTTP/1.1\r\nHost:myapplication.domain.local\r\nUser-agent: Mozilla/5.0 (Windows NT 6.1\r\n\r\n” | nc 10.10.10.1 8080\nTroubleshooting steps for HTTPS monitors:\n1. Log into the device through SSH.\n2. Issue the following command: curl -k https://:\n3. Make sure you get a response and that the response matches any receive string you have configured.\nNote: You might have to add additional header specified in the send string using --header.\nExample:\ncurl -vvv --header “Host:myapplication.domain.local” --header “User-agent:Mozilla/5.0 (Windows NT 6.1” https://10.10.10.1:443/\nTroubleshooting steps for TCP monitors with send strings:\n1. Log into the device through SSH\n2. Issue the following command: echo -ne “” | nc \n3. Make sure you get a response and that the response matches any receive string you have configured.\nExample:\necho -ne “info\r\nquit\r\n” | nc 10.10.10.1 8080\nTroubleshooting steps for TCP monitors without send strings:\n1. Log into the device through SSH\n2. Issue the following command: telnet \nExample\ntelnet 10.10.10.1 8080
How does this work?
This alert uses the iControl REST interface to extract the members available to process traffic compared to the total members of the pool.
Why is this important?
A pool that is not running with full capacity could cause slowness in the application, service disruption, or in worst case downtime. indeni tracks this by measuring the available members of the pool in percent.
Without Indeni how would you find this?
An administrator could manually check member availabilty by logging on to the web interface of the device and clicking on “Local Traffic” -> “Pools” -> “Statistics”. This would show the pool statistics for the active partition.
f5-rest-mgmt-tm-ltm-pool
name: f5-rest-mgmt-tm-ltm-pool
description: Determine pool member state, availability, capacity and action on service
down
type: monitoring
monitoring_interval: 5 minutes
requires:
vendor: f5
product: load-balancer
rest-api: 'true'
comments:
lb-pool-member-availability:
why: |
A member marked as down by a monitor results in reduced pool capacity or in worst case, downtime. This metric would warn administrators when a member is marked as down.
how: |
This alert uses the iControl REST interface to extract the member statuses on the device.
can-with-snmp: true
can-with-syslog: false
lb-pool-member-state:
why: |
A node disabled by an administrator results in reduced pool capacity or in worst case, downtime. Disabling nodes is common during ie. a maintenance but it is easily forgotten. This metric would warn administrators when a node is not ready to accept traffic.
how: |
This alert uses the iControl REST interface to extract the node states on the device.
can-with-snmp: true
can-with-syslog: false
lb-pool-capacity:
why: |
A pool that is not running with full capacity could cause slowness in the application, service disruption, or in worst case downtime. indeni tracks this by measuring the available members of the pool in percent.
how: |
This alert uses the iControl REST interface to extract the members available to process traffic compared to the total members of the pool.
f5-default-action-on-service-down:
why: |
The default option is "None", which maintains connections to pool member even when the monitor fails, but does not create new connections. The better option in most cases however, is "Reject" which instead resets the existing connection and forces the client to establish a new one. This, coupled with good monitors ensures that the client has an optimal chance of connecting to a functioning pool member.
how: |
This alert uses the iControl REST interface to extract the option "Action On Service Down" for all configured pools.
steps:
- run:
type: HTTP
command: /mgmt/tm/ltm/pool?expandSubcollections=true&$select=fullPath,serviceDownAction,membersReference/items/fullPath,membersReference/items/selfLink,membersReference/items/state,membersReference/items/session
parse:
type: JSON
file: rest-mgmt-tm-ltm-pool.parser.1.json.yaml
f5_lb_pool_capacity
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/f5/f5_lb_pool_capacity.scala