Mailing List Archive

I don't know about the high port issue, but you can set the health check to
expect a certain value or string - that should take care of the proxy issue.

Take a look at this page, it explains more about setting the health check
status code.

http://www.foundrynet.com/solutions/appNotes/HealthChecks.html


----- Original Message -----
From: <burnside@kattare.com>
To: "Bill McCaffrey" <bill@neopets.com>
Cc: <foundry-nsp@puck.nether.net>
Sent: Thursday, December 05, 2002 3:10 AM
Subject: serveriron http on ports other than 80


> Greetings,
>
> I'm running several instances of Apache per server. Many of them on
> ports above 1024. (so that normal users can start/stop them.) Two
> issues I've run into:
>
> I've tried configuring TCP health checks on the high ports (10000,
> 10010, etc.) via the TCP/UDP port config and it seems to fail the health
> checks on the real server every time. (and thus serves nothing.) If I
> connect directly to the servers on the high ports I get the pages I
expect.
>
> The second issue is that I cannot bind from a low point to a high
> point. I was kind of hoping to be able to bind port 80 on the virtual
> server to port 10000 (or whatever) on the real server. This is
> necessary because right now I use apache on port 80 to proxy up to port
> 10000 (or whatever) on the individual webservers. So... if the health
> checks just check port 80, the proxy may be up just fine, but the high
> port server may not be up. Thus the client may see a "proxy failure"
> page if the port 80 server is alive and the port 10000 server is dead.
>
> Sorry about all the questions. I just got this serveriron recently
> and despite reading through most of the docs on the website, there is
> still much I am having trouble figuring out. ;-)
>
> Cheers,
>
> ~Ethan B.
>
> --------------------------
> Ethan Burnside - Founder
> Kattare Internet Services
> http://www.kattare.com
> --------------------------
>

I believe you are looking for the 'no http port translate' command.. I
suggest searching the ServerIron docs on their site.

-----Original Message-----
From: Bill McCaffrey [mailto:bill@neopets.com]
Sent: Thursday, December 05, 2002 11:33 AM
To: burnside@kattare.com
Cc: foundry-nsp@puck.nether.net
Subject: [f-nsp] Re: serveriron http on ports other than 80


I don't know about the high port issue, but you can set the health check
to
expect a certain value or string - that should take care of the proxy
issue.

Take a look at this page, it explains more about setting the health
check
status code.

http://www.foundrynet.com/solutions/appNotes/HealthChecks.html


----- Original Message -----
From: <burnside@kattare.com>
To: "Bill McCaffrey" <bill@neopets.com>
Cc: <foundry-nsp@puck.nether.net>
Sent: Thursday, December 05, 2002 3:10 AM
Subject: serveriron http on ports other than 80


> Greetings,
>
> I'm running several instances of Apache per server. Many of them
on
> ports above 1024. (so that normal users can start/stop them.) Two
> issues I've run into:
>
> I've tried configuring TCP health checks on the high ports (10000,
> 10010, etc.) via the TCP/UDP port config and it seems to fail the
health
> checks on the real server every time. (and thus serves nothing.) If
I
> connect directly to the servers on the high ports I get the pages I
expect.
>
> The second issue is that I cannot bind from a low point to a high
> point. I was kind of hoping to be able to bind port 80 on the virtual
> server to port 10000 (or whatever) on the real server. This is
> necessary because right now I use apache on port 80 to proxy up to
port
> 10000 (or whatever) on the individual webservers. So... if the health
> checks just check port 80, the proxy may be up just fine, but the high
> port server may not be up. Thus the client may see a "proxy failure"
> page if the port 80 server is alive and the port 10000 server is dead.
>
> Sorry about all the questions. I just got this serveriron
recently
> and despite reading through most of the docs on the website, there is
> still much I am having trouble figuring out. ;-)
>
> Cheers,
>
> ~Ethan B.
>
> --------------------------
> Ethan Burnside - Founder
> Kattare Internet Services
> http://www.kattare.com
> --------------------------
>

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

Errr... 'no port http translate'.. Sorry for the spam.

-----Original Message-----
From: Bulger, Tim
Sent: Thursday, December 05, 2002 11:56 AM
To: Bill McCaffrey; burnside@kattare.com
Cc: foundry-nsp@puck.nether.net
Subject: RE: [f-nsp] Re: serveriron http on ports other than 80

I believe you are looking for the 'no http port translate' command.. I
suggest searching the ServerIron docs on their site.

-----Original Message-----
From: Bill McCaffrey [mailto:bill@neopets.com]
Sent: Thursday, December 05, 2002 11:33 AM
To: burnside@kattare.com
Cc: foundry-nsp@puck.nether.net
Subject: [f-nsp] Re: serveriron http on ports other than 80


I don't know about the high port issue, but you can set the health check
to
expect a certain value or string - that should take care of the proxy
issue.

Take a look at this page, it explains more about setting the health
check
status code.

http://www.foundrynet.com/solutions/appNotes/HealthChecks.html


----- Original Message -----
From: <burnside@kattare.com>
To: "Bill McCaffrey" <bill@neopets.com>
Cc: <foundry-nsp@puck.nether.net>
Sent: Thursday, December 05, 2002 3:10 AM
Subject: serveriron http on ports other than 80


> Greetings,
>
> I'm running several instances of Apache per server. Many of them
on
> ports above 1024. (so that normal users can start/stop them.) Two
> issues I've run into:
>
> I've tried configuring TCP health checks on the high ports (10000,
> 10010, etc.) via the TCP/UDP port config and it seems to fail the
health
> checks on the real server every time. (and thus serves nothing.) If
I
> connect directly to the servers on the high ports I get the pages I
expect.
>
> The second issue is that I cannot bind from a low point to a high
> point. I was kind of hoping to be able to bind port 80 on the virtual
> server to port 10000 (or whatever) on the real server. This is
> necessary because right now I use apache on port 80 to proxy up to
port
> 10000 (or whatever) on the individual webservers. So... if the health
> checks just check port 80, the proxy may be up just fine, but the high
> port server may not be up. Thus the client may see a "proxy failure"
> page if the port 80 server is alive and the port 10000 server is dead.
>
> Sorry about all the questions. I just got this serveriron
recently
> and despite reading through most of the docs on the website, there is
> still much I am having trouble figuring out. ;-)
>
> Cheers,
>
> ~Ethan B.
>
> --------------------------
> Ethan Burnside - Founder
> Kattare Internet Services
> http://www.kattare.com
> --------------------------
>

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp


_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

> I've tried configuring TCP health checks on the high ports (10000,
> 10010, etc.) via the TCP/UDP port config and it seems to fail the health
> checks on the real server every time. (and thus serves nothing.) If I
> connect directly to the servers on the high ports I get the pages I expect.

You need something like:

server port 10000
tcp keepalive protocol http

to force it to do http health-checks on a non-port-80 service.
Foundry's docs are kinda confusing, but the relevant part of the
manual is at

http://www.foundrynet.com/services/documentation/siug/ServerIron_health_checks.html#41255

On Thu, Dec 05, 2002 at 03:10:37AM -0800, burnside@kattare.com wrote:
> Greetings,
>
> I'm running several instances of Apache per server. Many of them on
> ports above 1024. (so that normal users can start/stop them.) Two
> issues I've run into:
>
> I've tried configuring TCP health checks on the high ports (10000,
> 10010, etc.) via the TCP/UDP port config and it seems to fail the health
> checks on the real server every time. (and thus serves nothing.) If I
> connect directly to the servers on the high ports I get the pages I expect.
>
> The second issue is that I cannot bind from a low point to a high
> point. I was kind of hoping to be able to bind port 80 on the virtual
> server to port 10000 (or whatever) on the real server. This is
> necessary because right now I use apache on port 80 to proxy up to port
> 10000 (or whatever) on the individual webservers. So... if the health
> checks just check port 80, the proxy may be up just fine, but the high
> port server may not be up. Thus the client may see a "proxy failure"
> page if the port 80 server is alive and the port 10000 server is dead.

Can you post a snippet of your configuration, e.g. for the virtual
server and some of the real servers?

> Sorry about all the questions. I just got this serveriron recently
> and despite reading through most of the docs on the website, there is
> still much I am having trouble figuring out. ;-)

Yes, there is a lot of stuff about them that is poorly documented or
confusingly documented.

I thought for several years that they were unable to have virtual
servers based on real servers which are not physically connected
through the ServerIron (which actually was broken functionality in
early firmware releases.) It wasn't until some people on this list said
they were doing just that that I started experimenting and discovered
how it had to be configured to make it work, using the source-ip
settings. (The commands were documented, but how you have to use them
in a particular network topology was not.)

-- Clifton

--
Clifton Royston -- LavaNet Systems Architect -- cliftonr@lava.net
"As for yourself, ... I am well disposed to hope you may hitherto have
escaped many Vices of your Country. But by what I have gathered from
your own Relation, and the Answers I have with much Pain wringed and
extorted from you, I cannot but conclude the Bulk of your Natives to be
the most pernicious Race of little odious Vermin that Nature ever
suffered to crawl upon the Surface of the Earth."
- Jonathan Swift, _Gulliver's Travels_

Will,

I appreciate the assistance. After much reading and fandangling
with it I realized that the version of the OS I have is not the version
the docs on the site are for, and does not allow the protocol argument
when working with the given port. This leaves me in a bit of a bind, as
I have all kinds of weird ports that I need to support. (smtp on port
2525, pop3 on port 995, http on port 10000, etc.)

To add to the confusion... I started off using the web based admin,
thinking it'd be an easier way to jump in and learn the concepts. Turns
out that the SLB port management is broken in the web interface. If you
manually add a port it automatically assumes it's an HTTP port and sets
it up to do the default "HEAD /" checks. Cripes. It took me quite a
while to figure out why the checks were failing. There's no way to fix
it from the web interface. Thank goodness the CLI is similar to IOS and
fixing it up wasn't too difficult.

How does one go about getting the latest version of the OS? I poked
around on their site briefly but could not find any downloads. Are they
setup like Cisco where you have to get a service contract and pay for
bugfixes, security patches, and functionality that should have been
there in the first place? ;-)

Cheers,

~Ethan B.



Quoting Will Lowe <harpo@thebackrow.net>:

> > I've tried configuring TCP health checks on the high ports
> (10000,
> > 10010, etc.) via the TCP/UDP port config and it seems to fail the
> health
> > checks on the real server every time. (and thus serves nothing.)
> If I
> > connect directly to the servers on the high ports I get the pages I
> expect.
>
> You need something like:
>
> server port 10000
> tcp keepalive protocol http
>
> to force it to do http health-checks on a non-port-80 service.
> Foundry's docs are kinda confusing, but the relevant part of the
> manual is at
>
>
http://www.foundrynet.com/services/documentation/siug/ServerIron_health_checks.html#41255
>



--------------------------
Ethan Burnside - Founder
Kattare Internet Services
http://www.kattare.com
--------------------------

Yes, a maintenance contract is required to gain access to the code
download pages. You would normally purchase through a local sales team.
If you need assistance in locating a local SE, the following may be
useful:

Contact:
Technical Support Center
408-586-1881
1-877-TURBOCALL (1-877-887-2622)
support@foundrynet.com

Also: from the web
http://www.foundrynet.com/services/support/index.html

Warranty customers may access Foundry's Technical Support section for up
to 90 days after shipment of your system. To obtain access to Foundry's
on-line service and support for the 90-day Software Warranty period,
please:

Locate the Part Number on your Foundry product:
Example: B15000


Locate the Serial Number label on the back of your Foundry product.
Example: F12345


Your User name = Part Number + Serial Number with no spaces
Example: B15000F12345


Your Password = Part Number
Example: B15000


Click on the Log In button below


Enter in the User name and Password which you determined above.


Click "OK" to log in.


Regards,

Kim

-----Original Message-----
From: foundry-nsp-bounces@puck.nether.net
[mailto:foundry-nsp-bounces@puck.nether.net] On Behalf Of
burnside@kattare.com
Sent: Friday, December 20, 2002 7:35 AM
To: Will Lowe
Cc: foundry-nsp@puck.nether.net
Subject: Re: [f-nsp] serveriron http on ports other than 80

Will,

I appreciate the assistance. After much reading and fandangling
with it I realized that the version of the OS I have is not the version
the docs on the site are for, and does not allow the protocol argument
when working with the given port. This leaves me in a bit of a bind, as
I have all kinds of weird ports that I need to support. (smtp on port
2525, pop3 on port 995, http on port 10000, etc.)

To add to the confusion... I started off using the web based admin,
thinking it'd be an easier way to jump in and learn the concepts. Turns
out that the SLB port management is broken in the web interface. If you
manually add a port it automatically assumes it's an HTTP port and sets
it up to do the default "HEAD /" checks. Cripes. It took me quite a
while to figure out why the checks were failing. There's no way to fix
it from the web interface. Thank goodness the CLI is similar to IOS and
fixing it up wasn't too difficult.

How does one go about getting the latest version of the OS? I poked
around on their site briefly but could not find any downloads. Are they
setup like Cisco where you have to get a service contract and pay for
bugfixes, security patches, and functionality that should have been
there in the first place? ;-)

Cheers,

~Ethan B.



Quoting Will Lowe <harpo@thebackrow.net>:

> > I've tried configuring TCP health checks on the high ports
> (10000,
> > 10010, etc.) via the TCP/UDP port config and it seems to fail the
> health
> > checks on the real server every time. (and thus serves nothing.)
> If I
> > connect directly to the servers on the high ports I get the pages I
> expect.
>
> You need something like:
>
> server port 10000
> tcp keepalive protocol http
>
> to force it to do http health-checks on a non-port-80 service.
> Foundry's docs are kinda confusing, but the relevant part of the
> manual is at
>
>
http://www.foundrynet.com/services/documentation/siug/ServerIron_health_
checks.html#41255
>



--------------------------
Ethan Burnside - Founder
Kattare Internet Services
http://www.kattare.com
--------------------------

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.427 / Virus Database: 240 - Release Date: 12/6/2002


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.427 / Virus Database: 240 - Release Date: 12/6/2002

You have a bit of a problem with virtual hosts on the foundrys. They only
support health checks in http 1.0 this means there is no real way to pass a
host header via a health check.

this means you will have to run multiple instances of apache on the server
and bind them to different ports. If you use virtual hosts the serveriron
will not send a host header so you get a 404 from the web server indicating
the site was not found\configured.

the unusual thing is the serveriron does support virtual host slb. this will
allow you to use a single virtual ip address and look for the host header
coming in and send it to an apache instance running on a high port number.

one other thing to note. if you health check at layer 7 or script heal check
then the foundry sets everthing as positive by default once a layer 4
healcheck has been achieved ( 404 error will mark a server as up as the
layer 4 healthcheck was passed ) you need to set server no-fast-bringup
this will enable layer 7 health checks.

same also applies to scripted healthchecks you need an entry of down
default.

one last thing (sorry for the rabit) layer 7 slb can be very unforgiving to
the serveriron check the cpu levels

I the configurations of a working setup if you're interested

Alan


----- Original Message -----
From: <burnside@kattare.com>
To: "Bill McCaffrey" <bill@neopets.com>
Cc: <foundry-nsp@puck.nether.net>
Sent: Thursday, December 05, 2002 11:10 AM
Subject: [f-nsp] serveriron http on ports other than 80


> Greetings,
>
> I'm running several instances of Apache per server. Many of them on
> ports above 1024. (so that normal users can start/stop them.) Two
> issues I've run into:
>
> I've tried configuring TCP health checks on the high ports (10000,
> 10010, etc.) via the TCP/UDP port config and it seems to fail the health
> checks on the real server every time. (and thus serves nothing.) If I
> connect directly to the servers on the high ports I get the pages I
expect.
>
> The second issue is that I cannot bind from a low point to a high
> point. I was kind of hoping to be able to bind port 80 on the virtual
> server to port 10000 (or whatever) on the real server. This is
> necessary because right now I use apache on port 80 to proxy up to port
> 10000 (or whatever) on the individual webservers. So... if the health
> checks just check port 80, the proxy may be up just fine, but the high
> port server may not be up. Thus the client may see a "proxy failure"
> page if the port 80 server is alive and the port 10000 server is dead.
>
> Sorry about all the questions. I just got this serveriron recently
> and despite reading through most of the docs on the website, there is
> still much I am having trouble figuring out. ;-)
>
> Cheers,
>
> ~Ethan B.
>
> --------------------------
> Ethan Burnside - Founder
> Kattare Internet Services
> http://www.kattare.com
> --------------------------
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

This is not correct.. The format to pass host information is like this:

port http url "HEAD /home/home.jsp HTTP/1.1\r\nHost: www.whatever.com"



-----Original Message-----
From: alan [mailto:alan@ic24.net]
Sent: Wednesday, January 08, 2003 2:21 AM
To: burnside@kattare.com; Bill McCaffrey
Cc: foundry-nsp@puck.nether.net
Subject: Re: [f-nsp] serveriron http on ports other than 80


You have a bit of a problem with virtual hosts on the foundrys. They
only support health checks in http 1.0 this means there is no real way
to pass a host header via a health check.

this means you will have to run multiple instances of apache on the
server and bind them to different ports. If you use virtual hosts the
serveriron will not send a host header so you get a 404 from the web
server indicating the site was not found\configured.

the unusual thing is the serveriron does support virtual host slb. this
will allow you to use a single virtual ip address and look for the host
header coming in and send it to an apache instance running on a high
port number.

one other thing to note. if you health check at layer 7 or script heal
check then the foundry sets everthing as positive by default once a
layer 4 healcheck has been achieved ( 404 error will mark a server as up
as the layer 4 healthcheck was passed ) you need to set server
no-fast-bringup this will enable layer 7 health checks.

same also applies to scripted healthchecks you need an entry of down
default.

one last thing (sorry for the rabit) layer 7 slb can be very unforgiving
to the serveriron check the cpu levels

I the configurations of a working setup if you're interested

Alan


----- Original Message -----
From: <burnside@kattare.com>
To: "Bill McCaffrey" <bill@neopets.com>
Cc: <foundry-nsp@puck.nether.net>
Sent: Thursday, December 05, 2002 11:10 AM
Subject: [f-nsp] serveriron http on ports other than 80


> Greetings,
>
> I'm running several instances of Apache per server. Many of them
> on ports above 1024. (so that normal users can start/stop them.) Two

> issues I've run into:
>
> I've tried configuring TCP health checks on the high ports (10000,

> 10010, etc.) via the TCP/UDP port config and it seems to fail the
> health checks on the real server every time. (and thus serves
> nothing.) If I connect directly to the servers on the high ports I
> get the pages I
expect.
>
> The second issue is that I cannot bind from a low point to a high
> point. I was kind of hoping to be able to bind port 80 on the virtual

> server to port 10000 (or whatever) on the real server. This is
> necessary because right now I use apache on port 80 to proxy up to
> port 10000 (or whatever) on the individual webservers. So... if the
> health checks just check port 80, the proxy may be up just fine, but
> the high port server may not be up. Thus the client may see a "proxy
> failure" page if the port 80 server is alive and the port 10000 server

> is dead.
>
> Sorry about all the questions. I just got this serveriron
> recently and despite reading through most of the docs on the website,
> there is still much I am having trouble figuring out. ;-)
>
> Cheers,
>
> ~Ethan B.
>
> --------------------------
> Ethan Burnside - Founder
> Kattare Internet Services
> http://www.kattare.com
> --------------------------
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp