- MyF5 Home
- Knowledge Centers
- BIG-IQ Centralized Management
- BIG-IQ Centralized Management: Local Traffic and Network Implementations
- Managing Local Traffic Monitors
Manual Chapter :
Managing Local Traffic Monitors
Applies To:
Show VersionsBIG-IQ Centralized Management
- 6.0.0
Managing Local Traffic Monitors
How do I change object settings on a managed device?
To change the object settings on a managed device, there are four tasks to perform.
This figure illustrates the workflow you perform to manage the objects on BIG-IP® devices. Changing the settings is the second step in this process.
Change managed object workflow
What LTM monitor management tasks can I perform?
With HTTP and HTTPS monitors you can track the availability of these services on the nodes, pools, or pool members to which you attach them. To add or edit monitors, you need to log in as an Administrator or ADC Editor.
Note: You
can not make revisions to the root (or parent) monitors that ship with the product; you can only
revise the child monitors that you (or another user) have created.
Create an LTM monitor
You add a new HTTP or HTTPS LTM monitor so that
you can track the availability of these services on the nodes, pools, or pool members to
which you attach that
monitor.
Note: This is a shared object. Shared objects do not deploy to a
device unless they are attached to a device specific object. The table lists device
specific and shared objects. When you create a shared object, remember that you must
associate it with a device specific before it can deploy to a device.
Device Specific Objects | Shared Objects |
---|---|
Node | Certificates and Keys |
Pool | Eviction Policies |
SNAT Pool | iRules |
Virtual Server | Monitors |
Profiles |
-
At the top of the screen, click Configuration, then, on the left,
click
LOCAL TRAFFIC > Monitors
.
The screen displays the list of monitors defined on this device.
-
Click Create.
The New Monitor screen opens.
- In the Name field, type in a name for the monitor you are creating.
- For Partition, type the name of the BIG-IP device partition on which you want to create the monitor.
- In the Description field, type in a brief description for the monitor you are creating.
-
For Type, select the type of monitor you want to
create.
The Monitor Template setting displays.
-
From Monitor Template, select the parent monitor from
which you want your monitor to inherit settings.
A number of additional fields display. The fields that display depend on which monitor template you choose, HTTP or HTTPS.
- For Interval, either use the default, or specify, in seconds, the frequency at which the system issues the monitor check when either the resource is down or the status of the resource is unknown.
-
From Up Interval, specify which interval the system uses
to perform the health check when a resource is up.
Option Description Disabled Specifies that the system uses the interval specified in Interval to check the health of the resource. Enabled Enables specification of a different interval to use when checking the health of a resource that is up. -
For Time Until Up, specify the number of seconds to wait
after a resource first responds correctly to the monitor before setting the
resource to up.
During the interval, all responses from the resource must be correct. When the interval expires, the resource is marked up. The default is 0, meaning that the resource is marked up immediately when the first correct response is received.
-
For Timeout, specify the number of seconds the target
has in which to respond to the monitor request.
The default is 16 seconds. If the target responds within the set time period, it is considered up. If the target does not respond within the set time period, it is considered down. Note that Timeout and Time Until Up combine to control when a resource is set to up.
-
For Manual Resume, specify whether the system
automatically changes the status of a resource to Enabled at the
next successful monitor check.
If you set this option to Yes, you must manually re-enable the resource before the system can use it for load balancing connections. The default is No.
-
For Send String, specify the text string that the
monitor sends to the target object.
You must include \r\n at the end of a non-empty Send String. The default setting is GET /\r\n, which retrieves a default HTML file for a web site. To retrieve a specific page from a web site, specify a fully-qualified path name, for example:
GET /www/siterequest/index.html\r\n
-
For Receive String, specify a regular expression to
represent the text string that the monitor looks for in the returned resource.
The most common receive expressions contain a text string that is included in an HTML file on your site. The text string can be regular text, HTML tags, or image names.Note: If you do not specify both a Send String and a Receive String, the monitor performs a simple service check and connect only.
-
For Receive Disable String, specify a regular expression
to represent the text string that the monitor looks for in the returned
resource.
This setting works like Receive String, except that the system marks the node or pool member disabled when its response matches Receive Disable String.Note: To use this setting, you must specify both Receive String and Receive Disable String.
-
If you selected HTTPS, for Cipher
List, specify the list of ciphers for this monitor.
The default list is DEFAULT:+SHA:+3DES:+kEDH.
- If the monitored target requires authentication, for the User Name, specify the user name.
- If the monitored target requires authentication, for the Password, specify the password.
-
If you selected HTTPS, for
Compatibility, specify the SSL option setting.
If you select Enabled, the SSL option (in OpenSSL) is set to ALL.
-
If you selected HTTPS, for Client
Certificate, select the client certificate that the monitor
sends to the target SSL server.
The default is None.
-
If you selected HTTPS, for Client
Key, select the key for the client certificate that the monitor
sends to the target SSL server.
The default is None.
-
For Reverse, specify whether the system marks the target
resource down when the test is successful.
This setting is useful, for example, if the content on your web site home page is dynamic and changes frequently. You might want to set up a reverse ECV service check that looks for the string Error. A match for this string means that the web server was down. To use this option, you must specify values for Send String and Receive String.
-
For Transparent, specify whether the system operates in
transparent mode.
A monitor in transparent mode directs traffic through the associated pool members or nodes (usually a router or firewall) to the aliased destination (that is, it probes the Alias Address-Alias Service Port combination specified in the monitor). If the monitor cannot successfully reach the aliased destination, the pool member or node through which the monitor traffic was sent is marked down.
-
For Alias Address, specify an alias IP address for the
monitor to check, on behalf of the pools or pool members with which the monitor
is associated.
The default setting is *All Addresses. If the health check for the alias address is successful, the system marks all associated objects up. If the health check for the alias address is not successful, then the system marks all associated objects down.
-
For Alias Service Port, specify an alias port or service
for the monitor to check, on behalf of the pools or pool members with which the
monitor is associated.
The default setting is *All Ports. If the health check for the alias port or service is successful, the system marks all associated objects up. If the health check for the alias port or service is not successful, then the system marks all associated objects down.
-
For IP DSCP, specify the differentiated services code
point (DSCP).
DSCP is a 6-bit value in the Differentiated Services (DS) field of the IP header. It can be used to specify the quality of service wanted for the packet. The valid range for this value is 0 to 63 (hex 0x0 to 0x3f). The default is 0 (zero).
-
For Adaptive, specify whether adaptive response time
monitoring is enabled for this monitor.
Option Description Enabled The monitor determines the state of a service based on how divergent from the mean latency a monitor probe for that service is allowed to be. When enabled, you can set values for the Allowed Divergence, Adaptive Limit, and Sampling Timespan monitor settings. Disabled The monitor determines the state of a service based on the Interval, Up Interval, Time Until Up, and Timeout monitor settings. If you select Enabled for this control, three additional controls are displayed. -
If you enabled Adaptive, for Allowed
Divergence, specify the type of divergence used for adaptive
response time monitoring.
Option Description Absolute The number of milliseconds the latency of a monitor probe can exceed the mean latency of a monitor probe for the service being probed. Tip: In typical cases, if the monitor detects three probes in a row that miss the latency value you set, the pool member or node is marked down. Relative The percentage of deviation the latency of a monitor probe can exceed the mean latency of a monitor probe for the service being probed. -
If you enabled Adaptive, for Allowed
Divergence, specify the absolute number of milliseconds that may
not be exceeded by a monitor probe, regardless of Allowed
Divergence for a probe to be considered successful.
This value applies regardless of the value of the Allowed Divergence setting.
- If you enabled Adaptive, for Sampling Timespan, specify the length, in seconds, of the probe history window that the system uses to calculate the mean latency and standard deviation of a monitor probe.
Edit an LTM monitor
You revise HTTP or HTTPS LTM monitors when you want to change the details of how the
monitor determines when a service is
operational.
Note: You
can not edit monitors root monitors.
-
At the top of the screen, click Configuration, then, on the left,
click
LOCAL TRAFFIC > Monitors
.
The screen displays the list of monitors defined on this device.
-
Select the monitor you want to edit.
The Monitors Properties screen opens to display the current settings for the selected monitor.
- In the Description field, if this is not an imported profile you can add or revise a brief description for the monitor you are editing.
-
From Interval, specify, in seconds, the frequency at
which the system issues the monitor check when either the resource is down or
the status of the resource is unknown.
The default is 5 seconds.
-
For Up Interval, specify which interval the system uses
to perform the health check when a resource is up.
Option Description Disabled Specifies that the system uses the interval specified in Interval to check the health of the resource. Enabled Enables specification of a different interval to use when checking the health of a resource that is up. -
For Time Until Up, specify the number of seconds to wait
after a resource first responds correctly to the monitor before setting the
resource to up.
During the interval, all responses from the resource must be correct. When the interval expires, the resource is marked up. The default is 0, meaning that the resource is marked up immediately when the first correct response is received.
-
From Timeout, specify the number of seconds the target
has in which to respond to the monitor request.
The default is 16 seconds. If the target responds within the set time period, it is considered up. If the target does not respond within the set time period, it is considered down. Note that Timeout and Time Until Up combine to control when a resource is set to up.
-
For Manual Resume, specify whether the system
automatically changes the status of a resource to Enabled at the
next successful monitor check.
If you set this option to Yes, you must manually re-enable the resource before the system can use it for load balancing connections. The default is No.
-
For Send String, specify the text string that the
monitor sends to the target object.
You must include \r\n at the end of a non-empty Send String. The default setting is GET /\r\n, which retrieves a default HTML file for a web site. To retrieve a specific page from a web site, specify a fully-qualified path name, for example:
GET /www/siterequest/index.html\r\n
-
For Receive String, specify a regular expression to
represent the text string that the monitor looks for in the returned resource.
The most common receive expressions contain a text string that is included in an HTML file on your site. The text string can be regular text, HTML tags, or image names.Note: If you do not specify both a Send String and a Receive String, the monitor performs a simple service check and connect only.
-
For Receive Disable String, specify a regular expression
to represent the text string that the monitor looks for in the returned
resource.
This setting works like Receive String, except that the system marks the node or pool member disabled when its response matches Receive Disable String.Note: To use this setting, you must specify both Receive String and Receive Disable String.
-
If you selected HTTPS, for Cipher
List, specify the list of ciphers for this monitor.
The default list is DEFAULT:+SHA:+3DES:+kEDH.
- If the monitored target requires authentication, for the User Name, specify the user name.
-
If the monitored target requires authentication, for the
Password, specify the password.
Important: For imported monitors that use passwords:
- If the monitor was imported from a version 12.0.0 or later device, you do not need to re-enter the password.
- If the monitor was imported from a device earlier than version 12.0.0 and you plan to make changes to the monitor (or if you associate the monitor with an LTM object or child monitor), then you must supply the password for the imported monitor.
- If you do not change any of the parameters for the monitor or associate the monitor with an LTM object or child monitor, then you do not need to re-enter the password.
-
If you selected HTTPS, for
Compatibility specify the SSL option setting.
If you select Enabled, the SSL option (in OpenSSL) is set to ALL.
-
If you selected HTTPS, for Client
Certificate, select the client certificate that the monitor
sends to the target SSL server.
The default is None.
-
If you selected HTTPS, for Client
Key, select the key for the client certificate that the monitor
sends to the target SSL server.
The default is None.
-
For Reverse, specify whether the system marks the target
resource down when the test is successful.
This setting is useful, for example, if the content on your web site home page is dynamic and changes frequently. You might want to set up a reverse ECV service check that looks for the string Error. A match for this string means that the web server was down. To use this option, you must specify values for Send String and Receive String.
-
For Transparent, specify whether the system operates in
transparent mode.
A monitor in transparent mode directs traffic through the associated pool members or nodes (usually a router or firewall) to the aliased destination (that is, it probes the Alias Address-Alias Service Port combination specified in the monitor). If the monitor cannot successfully reach the aliased destination, the pool member or node through which the monitor traffic was sent is marked down.
-
For Alias Address, specify an alias IP address for the
monitor to check, on behalf of the pools or pool members with which the monitor
is associated.
The default setting is *All Addresses. If the health check for the alias address is successful, the system marks all associated objects up. If the health check for the alias address is not successful, then the system marks all associated objects down.
-
For Alias Service Port, specify an alias port or service
for the monitor to check, on behalf of the pools or pool members with which the
monitor is associated.
The default setting is *All Ports. If the health check for the alias port or service is successful, the system marks all associated objects up. If the health check for the alias port or service is not successful, then the system marks all associated objects down.
-
For IP DSCP, specify the differentiated services code
point (DSCP).
DSCP is a 6-bit value in the Differentiated Services (DS) field of the IP header. It can be used to specify the quality of service desired for the packet. The valid range for this value is 0 to 63 (hex 0x0 to 0x3f). The default is 0 (zero).
-
For Adaptive, specify whether adaptive response time
monitoring is enabled for this monitor.
Option Description Enabled The monitor determines the state of a service based on how divergent from the mean latency a monitor probe for that service is allowed to be. When enabled, you can set values for the Allowed Divergence, Adaptive Limit, and Sampling Timespan monitor settings. Disabled The monitor determines the state of a service based on the Interval, Up Interval, Time Until Up, and Timeout monitor settings. If you select Enabled for this control, three additional controls are displayed. -
If you enabled Adaptive, for Allowed
Divergence, specify the type of divergence used for adaptive
response time monitoring.
Option Description Absolute The number of milliseconds the latency of a monitor probe can exceed the mean latency of a monitor probe for the service being probed. Tip: In typical cases, if the monitor detects three probes in a row that miss the latency value you set, the pool member or node is marked down. Relative The percentage of deviation the latency of a monitor probe can exceed the mean latency of a monitor probe for the service being probed. -
If you enabled Adaptive, for Allowed
Divergence, specify the absolute number of milliseconds that may
not be exceeded by a monitor probe, regardless of Allowed
Divergence.
For a probe to be considered successful, this value applies regardless of the value of the Allowed Divergence setting.
- If you enabled Adaptive, for Sampling Timespan, length, in seconds, of the probe history window that the system uses to calculate the mean latency and standard deviation of a monitor probe.
- Click Save & Close.
Copy an LTM monitor from one device to existing objects on another
To copy a monitor from one device to
another there must be objects on the target device that use the monitor. If these
objects do not exist on the target device you can create them as part of the workflow.
Refer to Copy an LTM monitor from one device to new objects on another on
support.f5.com for that workflow.
To copy a monitor from one device to
another, you import the monitor from the source device, associate the monitor to
selected objects on the target device, and then deploy your changes to the target
device.
-
Identify your source and target BIG-IP devices as well as the name of the
monitor you want to copy and the objects that you want to attach the monitor to.
- Identify the source BIG-IP device (the device that has the monitor you want to copy).
- Identify the name of the monitor that you want to copy.
- Identify the target BIG-IP device (the device to which you want to copy the monitor).
- Identify the objects on the target device that you want to attach the monitor to.
-
If you have not already discovered and imported services for both the source
and target device, do that now.
For details on how to discover a device and import services, refer to Device Discovery and Basic Device Management on support.f5.com.When discovery and import is complete, both devices will be under management, the BIG-IQ will have all of the monitors from the source device, and the BIG-IQ will have all of the objects from the target device that you want to use the monitor with.
- At the top of the screen, click Configuration, then, on the left, click LOCAL TRAFFIC.
-
Click the name of a local traffic object that you want to associate the monitor
with when you copy it to the target BIG-IP device.
For example, if you plan to associate the monitor with a pool, click Pools.The list of objects of the type you selected (pools in this case) that reside on the devices managed by this BIG-IQ displays is displayed.
-
Click the name of the object that you want to associate with the copied
monitor.
The properties screen for the selected object opens.
-
The steps for identifying which monitor you want to copy depends on the type of
object you are going to associate it with.
Option Description To copy a monitor to a pool - For Health Monitors, select the specific monitor you want to copy to the selected device.
- To specify an additional monitor to copy to this device, click (+) and then repeat the previous step.
- To remove a monitor you have specified to copy to this device, click (X).
To copy a monitor to a pool member - For Health Monitors, select Member Specific.
- From Select Monitors, select the specific monitors you want to copy to the selected device.
- To specify an additional monitor to copy to this device, click (+) and then repeat the previous step.
- To remove a monitor you have specified to copy to this device, click (X).
To copy a monitor to a node - For Health Monitors, select Node Specific.
- From Select Monitors, select the specific monitors you want to copy to the selected device.
- To specify an additional monitor to copy to this device, click (+) and then repeat the previous step.
- To remove a monitor you have specified to copy to this device, click (X).
-
When you are finished assigning monitors to this object, click Save
& Close.
The system saves the monitor associations for the object you selected.
-
Repeat the previous three steps for the other object types that you want to use
to copy monitors to the target device.
For example, you might specify pools first and then define monitors for pool members and nodes.
-
When you have specified all of the objects and monitors you want to copy,
deploy these changes to the target device.
For details on deploying changes to a managed device, refer to Deploying Changes on support.f5.com.
You must deploy your changes to the
target BIG-IP device before the monitors are copied.
Copy an LTM monitor from one device to new objects on another
To copy a monitor from one device to
another, you import the monitor from the source device, associate the monitor to
selected objects on the target device, and then deploy your changes to the target
device.
-
Identify your source and target BIG-IP devices as well as the name of the
monitor you want to copy and the objects that you want to attach the monitor to.
- Identify the source BIG-IP device (the device that has the monitor you want to copy).
- Identify the name of the monitor that you want to copy.
- Identify the target BIG-IP device (the device to which you want to copy the monitor).
- Identify the objects on the target device that you want to attach the monitor to.
-
If you have not already discovered and imported services for both the source
and target device, do that now.
For details on how to discover a device and import services, refer to Device Discovery and Basic Device Management on support.f5.com.When discovery and import is complete, both devices will be under management, and the BIG-IQ will have all of the monitors from the source device.
- At the top of the screen, click Configuration, then, on the left, click LOCAL TRAFFIC.
-
Click the name of a local traffic object type that you want to associate the
monitor with when you copy it to the target BIG-IP device.
Note: To add a monitor to a new pool member, these two steps are a little different. You don't add a new pool member from the Pool Members screen; instead, you add new pool members by editing an existing pool or adding a new pool and then creating a new member from the pools screen.For example, if you plan to associate the monitor with a pool, click Pools.The list of objects of the type you selected (pools in this case) that reside on the devices managed by this BIG-IQ displays is displayed.
-
Click Create.
The create new object screen for the selected object opens.
- In the Name field, type in a name for the object you are creating.
- From the Device list, select the device on which to create the new object.
- If you are adding a new node, type the IP address for the node in the Address field.
-
The steps for identifying which monitor you want to copy depends on the type of
object you are going to associate it with.
Option Description To copy a monitor to a pool - For Health Monitors, select the specific monitor you want to copy to the selected device.
- To specify an additional monitor to copy to this device, click (+) and then repeat the previous step.
- To remove a monitor you have specified to copy to this device, click (X).
To copy a monitor to a pool member -
Note: Remember, to access the New Pool Member properties screen, you need to add a new member by either editing an existing pool or creating a new pool and then click New Member.
- For Health Monitors, select Member Specific.
- From Select Monitors, select the specific monitors you want to copy to the selected device.
- To specify an additional monitor to copy to this device, click (+) and then repeat the previous step.
- To remove a monitor you have specified to copy to this device, click (X).
To copy a monitor to a node - For Health Monitors, select Node Specific.
- From Select Monitors, select the specific monitors you want to copy to the selected device.
- To specify an additional monitor to copy to this device, click (+) and then repeat the previous step.
- To remove a monitor you have specified to copy to this device, click (X).
-
Specify any additional settings needed to suit the requirements for this
object.
Note: For details about the purpose or function of a particular setting, refer to the BIG-IP reference information on support.f5.com.
-
When you are finished assigning monitors to this object, click Save
& Close.
The system saves the monitor associations for the object you selected.
-
Repeat the previous six steps for the other object types that you want to use
to copy monitors to the target device.
For example, you might specify pools first and then define monitors for pool members and nodes.
-
When you have specified all of the objects and monitors you want to copy,
deploy these changes to the target device.
For details on deploying changes to a managed device, refer to Deploying Changes on support.f5.com.
You must deploy your changes to the
target BIG-IP device before the monitors are copied.