F5 BIG-IP health checks and HTTP errors

When a web site or application becomes too large to run on a single server, it’s frequently placed on multiple servers with a load balancer in front of them to spread the load and also to remove faulty servers from the pool.

The F5 BIG-IP is one such load balancer.

To ensure that faulty servers are removed from the load balancer pool automatically, you need to set a health check (or monitor). These monitors poll the server every few seconds and based on what it receives can make decisions on whether to leave a server in a pool or mark it as faulty.

When monitoring web applications you create a http (or https) monitor, however the default out of the box behaviour is to check two conditions:

  • That content is returned by the server.
  • That the http/https port is open and responding.

Unfortunately applications can also fail in such a way that the above checks pass but the application is not available to the end user (eg: if it’s returning a 500 Internal Server Error). This will result in users intermittently receiving an error page, or worse – receiving an error page for an extended period of time if session persistence is turned on (ie: once a session is created, they’ll be directed to that one server).

To protect against this you need to create a new health check (monitor) that not only checks the above conditions, but also checks to ensure that the HTTP status code returned with the request is not an error code.

First of all you need to create a new HTTP monitor. You’ll have your typical send string (eg: HEAD / HTTP/1.0) but the receive string is what’s important.

Here’s the receive string I use:

This string will accept any returned HTTP status code from 200-206 and 300-306. Any error codes (ie: 4xx and 5xx) will result in the receive string not being matched and the check failing.

Here’s an example of the fully configured check:

f5-pool

You’ll note that I’m using HTTP/1.0 for the check despite HTTP/1.1 being the current version of the protocol. This is because I use the one health check across multiple clients, and HTTP/1.1 would require me to include a host header, eg:

Using HTTP/1.0 (which does not support virtual hosts) eliminates this requirement and makes using a single check for many different clients much easier.

Once you’ve created your new monitor to your requirements you need to go to go the pool and add the new check.

f5-configured-check

After you’ve changed this, all you need to do is update the configuration and your new health check is active. If your application starts returning a 500 Internal Server Error, it should automatically be taken out of the pool within seconds!

Comments

  1. f5 and iis says

    This was extremely helpful. One note is with our version of Big IP LTM 11.x we needed the following for the “send” string:

    HEAD / HTTP/1.0rnn

    This was especially helpful because our IIS 8.x app serves up a 404 error when you shut down the virtual web as opposed to simply not responding.

  2. Phil Surette says

    We found this article very useful when configuring an active check.

    However, we were tripped up by one silly thing: we found that the send string needed to be terminated by two carriage return line feed combinations (backslash r, backslash n, backslash r, backslash n) with no spaces. I think that’s what “f5 and iis” was trying to say… I’m guessing the backslashes were mangled by the blog.

  3. Kamal says

    What if I am specifying 404 as return string?
    I know that should not be done. But I want to test it and want to know will LB considers it and mark the node active or not?

    • says

      Hi Kamal,

      With the string that I’ve included in an example it will not count 404 as a successful result and will therefore cause the node to be marked as inactive.

      You could add 404 to the list of accepted codes by modifying the return string to be something like:
      HTTP/1.[01] ([23]0[0-6]|404)

  4. says

    I read a lot of interesting posts here. Probably you spend
    a lot of time writing, i know how to save you a lot of work, there is
    an online tool that creates readable, SEO friendly articles in minutes, just search in google – laranitas free content source

Leave a Reply

Your email address will not be published.