I already had a look at both articles before asking here.

The problem is not the http interface which works fine (the /cloud/server_status is only available on the http interface and not on the console proxy).

Duncan (YB) sugests to use the /sdk/vimServiceVersions.xml but it does not work at least no on my F5 systems and Christian (edge-cloud) uses a simple tcp check which has the downsides I just mentioned above: log polution and improper health detection.

Hi Cristian,

I have to admit that I completely ignored the fact that with the standard F5 TCP monitor the vCD cells log files are polluted. That's cause I'm usually ignoring these log files given the usefulness of most of the log messages in it...

But you raise a very valid point: If we can monitor availability with the F5 through the SDK method, without polluting the log files we should do so. Challenge accepted! 🙂

The F5 doesn't actually do a curl on the provided URL, but instead connects to the provided ports and sends the string within the "Send String" field and expects to see what is entered in the "Receive String". That makes the method more generic to be used with most plain text based services, as you can also monitor a service such as e.g. SMTP.

With HTTP one could connect via telnet to the given port and just type (or better copy&paste) the "Send String" to see what the server returns.

But with HTTPS that doesn't work anymore as you need to encrypt the traffic now. On Linux you would therefore use e.g.

openssl s_client -connect cell01.edge-cloud.net:443

then watch the ssl certificate details scroll by and finally enter:

GET /sdk/vimServiceVersions.xml HTTP/1.1
Host: cell01.edge-cloud.net

<new line>

As we are simulating an HTTP client (web browser) this way, the expectation would be to receive the actual XML file back. Because that's what happens if we type https://cell01.edge-cloud.net/sdk/vimServiceVersions.xml into the browser.

But instead we get back read:errno=0, which means that the connection times out. That isn't that useful at all. It only shows that the console proxy isn't behaving like a regular web server.

I need to have a look at the communication between a browser and the URL above to see what's going on there. Then we can build a "Send String" and corresponding "Receive String" and build a custom monitor for the Console Proxy on the F5. As it's SSL encrypted that will take me a tiny bit longer.

Give me a few days to look into this and I'll update you and my original post at http://www.edge-cloud.net/2013/05/configuring-f5-big-ip-with-vcd/ with that method.

Hope that helps.

Chris

Thanks, that worked like a charm.

One more recommendation I got from F5 support was to also add "Connection: Close" in the Send String so the end result looks like this:

GET /sdk/vimServiceVersions.xml HTTP/1.1\r\nConnection: Close\r\n\r\n

Glad to hear that it works for you.

I have also updated my post at http://www.edge-cloud.net/2013/05/configuring-f5-big-ip-with-vcd/ with the revised information.

Again, many thanks for pointing out the log file pollution issue.

Chris