NHLD health monitor config examples ?

Hi,


I have a scenario where a non-AS customer has contracted Internet connectivity with 3 ISPs and is doing NHLD.


What would be some commonly-used health monitors to determine which ISP link is up or down?

I've used DNS queries using Internet DNS servers with static routes to each DNS server going through a specific ISP, but that causes problems if one of the ISP CPEs is turned off or has the Ethernet cable disconnected - the static route vanished from the FIB and the destination is reachable through one of the other links, which causes the monitor to mark that gateway as up.


So, to solve that, I thought about combining two health monitors per ISP link, the one mentioned above + a ping to the CPE IP address - but again, this could be reachable through the Internet in case of a network disconnection between the CPE and the A10.


So I ask, what are some good practises and examples for health monitors in this kind of scenario?


BONUS if they are somehow connected to verifying the health of the links (jitter, packet discards, latency, and the such, maybe something similar to RTT...).


Thank you!

Rodolfo

Comments

  • rodolforodolfo Member

    Here's the relevant configuration (non-relevant sections removed)

    PART 1

    interface ethernet 1
     name LOCAL_AREA_NETWORK
     enable
     ip address 192.168.31.1 255.255.255.0
     ip allow-promiscuous-vip
    !
    interface ethernet 2
     name TELEFONICA_VIVO_FIBRA
     enable
     ip address 192.168.15.254 255.255.255.0
    !
    interface ethernet 3
     name CLARO_NET_VIRTUA
     enable
     ip address dhcp
    !
    ip route 208.67.220.220 /32 192.168.0.1
    !
    ip route 208.67.222.222 /32 192.168.15.1
    !
    health monitor MONITOR_DNS_VIVO
      override-ipv4 208.67.222.222
      override-port 53
      interval 3 timeout 3
      method dns domain google.com port 53 expect response-code 0 recurse enabled type A
    !
    health monitor MONITOR_DNS_CLARO
      override-ipv4 208.67.220.220
      override-port 53
      interval 3 timeout 3
      method dns domain google.com port 53 expect response-code 0 recurse enabled type A
    !
    health monitor MONITOR_PING_VIVO
      override-ipv4 192.168.15.1
      interval 3 timeout 3
    !
    health monitor MONITOR_PING_CLARO
      override-ipv4 192.168.0.1
      interval 3 timeout 3
    !
    
  • rodolforodolfo Member

    PART 2

    slb server ISP_CLARO 192.168.0.1
      health-check MONITOR_PING_CLARO
      port 0 tcp
        health-check-disable
      port 0 udp
        health-check-disable
    !
    slb server ISP_VIVO 192.168.15.1
      health-check MONITOR_PING_VIVO
      port 0 tcp
        health-check-disable
      port 0 udp
        health-check-disable
    !
    slb service-group SVCGRP_TCP tcp
      member ISP_CLARO 0
      member ISP_VIVO 0
    !
    slb service-group SVCGRP_UDP udp
      member ISP_CLARO 0
      member ISP_VIVO 0
    !
    slb template persist source-ip PERSIST_SRCIP
      incl-dst-ip
      match-type server
    !
    slb template persist ssl-sid PERSIST_SSL
    !
    slb virtual-server ISP_LB 0.0.0.0 /0
      port 0 others
        name LB_OTHERS
        clientip-sticky-nat
        access-list 1
        source-nat auto
        service-group SVCGRP_TCP
        use-rcv-hop-for-resp
        template persist source-ip PERSIST_SRCIP
        no-dest-nat
      port 0 tcp
        name LB_TCP
        clientip-sticky-nat
        access-list 1
        source-nat auto
        service-group SVCGRP_TCP
        use-rcv-hop-for-resp
        template persist source-ip PERSIST_SRCIP
        no-dest-nat
      port 0 udp
        name LB_UDP
        clientip-sticky-nat
        access-list 1
        source-nat auto
        service-group SVCGRP_UDP
        use-rcv-hop-for-resp
        template persist source-ip PERSIST_SRCIP
        no-dest-nat
    


Sign In or Register to comment.