Mailing List Archive: L7 Healthchecks on TLS (stunnel) ports

L7 Healthchecks on TLS (stunnel) ports

Jun 12, 2003, 10:08 PM

Post #1 of 3 (2040 views)

Greetings,

I'm trying to configure the ServerIron XL to do health checks
against pop3s (995) and imaps (993) ports. The ports are stunnel (TLS)
localhost redirects to pop3 and imap respectively. I set it up with:

server port 995
tcp keepalive 15 3

server port 993
tcp keepalive 15 3

server real <servername> <ip>
port 995
port 995 keepalive
port 993
port 993 keepalive
port 2525
port 2525 keepalive

But I still see failure after failure (flapping) in the logs.
Anyone have any experience with SSL/TLS port monitoring outside of the
ServerIron's known ports?

TYIA!

Cheers,

~Ethan B.

--
--------------------------
Ethan Burnside - Founder
Kattare Internet Services
http://www.kattare.com
--------------------------

L7 Healthchecks on TLS (stunnel) ports [ In reply to ]

vandusb at attens

Jun 13, 2003, 1:28 PM

Post #2 of 3 (2014 views)

Permalink

Ditch the port 995, etc.. keepalive statements under your real server
config. By specifying the ports globally at the top of your config you
elimate the need to do it under the real servers. It might not solve the
problem but it might fix it too ;)

-Brent

At 07:06 PM 6/12/2003, Ethan Burnside wrote:
>Greetings,
>
> I'm trying to configure the ServerIron XL to do health checks
>against pop3s (995) and imaps (993) ports. The ports are stunnel (TLS)
>localhost redirects to pop3 and imap respectively. I set it up with:
>
>server port 995
> tcp keepalive 15 3
>
>server port 993
> tcp keepalive 15 3
>
>server real <servername> <ip>
> port 995
> port 995 keepalive
> port 993
> port 993 keepalive
> port 2525
> port 2525 keepalive
>
> But I still see failure after failure (flapping) in the logs.
>Anyone have any experience with SSL/TLS port monitoring outside of the
>ServerIron's known ports?
>
> TYIA!
>
>Cheers,
>
>~Ethan B.
>
>
>--
>--------------------------
>Ethan Burnside - Founder
>Kattare Internet Services
>http://www.kattare.com
>--------------------------
>
>
>
>
>
>_______________________________________________
>foundry-nsp mailing list
>foundry-nsp@puck.nether.net
>http://puck.nether.net/mailman/listinfo/foundry-nsp

L7 Healthchecks on TLS (stunnel) ports [ In reply to ]

burnside at kattare

Jun 13, 2003, 3:44 PM

Post #3 of 3 (1990 views)

Permalink

Cool, I think that took care of it!

Many thanks!

--
--------------------------
Ethan Burnside
Kattare Internet Services
http://www.kattare.com
--------------------------

Quoting Brent Van Dussen <vandusb@attens.com>:

> Ditch the port 995, etc.. keepalive statements under your real server
>
> config. By specifying the ports globally at the top of your config
> you
> elimate the need to do it under the real servers. It might not solve
> the
> problem but it might fix it too ;)
>
> -Brent
>
>
> At 07:06 PM 6/12/2003, Ethan Burnside wrote:
> >Greetings,
> >
> > I'm trying to configure the ServerIron XL to do health checks
> >against pop3s (995) and imaps (993) ports. The ports are stunnel
> (TLS)
> >localhost redirects to pop3 and imap respectively. I set it up
> with:
> >
> >server port 995
> > tcp keepalive 15 3
> >
> >server port 993
> > tcp keepalive 15 3
> >
> >server real <servername> <ip>
> > port 995
> > port 995 keepalive
> > port 993
> > port 993 keepalive
> > port 2525
> > port 2525 keepalive
> >
> > But I still see failure after failure (flapping) in the logs.
> >Anyone have any experience with SSL/TLS port monitoring outside of
> the
> >ServerIron's known ports?
> >
> > TYIA!
> >
> >Cheers,
> >
> >~Ethan B.
> >
> >
> >--
> >--------------------------
> >Ethan Burnside - Founder
> >Kattare Internet Services
> >http://www.kattare.com
> >--------------------------
> >
> >
> >
> >
> >
> >_______________________________________________
> >foundry-nsp mailing list
> >foundry-nsp@puck.nether.net
> >http://puck.nether.net/mailman/listinfo/foundry-nsp
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>