Probe Configuration Mode Commands
Probe configuration mode commands allow you to configure health monitoring on the ACE to track the state of a server by sending out probes. Also referred to as out-of-band health monitoring, the ACE verifies the server response or checks for any network problems that can prevent a client from reaching a server. Based on the server response, the ACE can place the server in or out of service and can make reliable load-balancing decisions. You can also use health monitoring to detect failures for a gateway or host in high availability configurations. The ACE identifies the health of a server in the following categories:
•
Passed—The server returns a valid response.
•
Failed—The server fails to provide a valid response to the ACE or the ACE is unable to reach a server for a specified number of retries.
By configuring the ACE for health monitoring, the ACE sends active probes periodically to determine the server state. The ACE supports 4096 (ACE module) or 1000 (ACE appliance) unique probe configurations, which includes ICMP, TCP, HTTP, and other predefined health probes. The ACE can execute only up to 200 concurrent script probes at a time. The ACE also allows the opening of 2048 sockets simultaneously.
You can associate the same probe with multiple real servers or server farms. Each time that you use the same probe again, the ACE counts it as another probe instance. You can allocate a maximum of 16 K (ACE module) or 4000 (ACE appliance) probe instances.
To configure probes and access probe configuration mode for that probe type, use the probe command. The CLI prompt changes to (config-probe-probe_type). For information about the commands in all probe configuration modes, see the commands in this section. See the "Command Modes" section for each command to find out to which probe-type configuration modes a specific command applies.
Use the no form of this command to remove a probe from the configuration.
probe probe_type probe_name
no probe probe_type probe_name
Syntax Description
probe_type |
Type of probe to configure. The probe type determines what the probe sends to the server. Enter one of the following types: |
|
• dns—Sends a request to a DNS server that passes a configured domain to the server (by default, the domain is www.cisco.com). To determine whether the server is up, the ACE must receive one of the configured IP addresses for that domain. |
|
• echo {tcp | udp}—Sends a specified string to the server and compares the response to the original string. You must configure the string that needs to be echoed. If the response string matches the original string, the server is marked as passed. If you do not configure a string, the probe behaves like a TCP or UDP probe. |
|
• finger—Uses a Finger query to a server for an expected response string. The ACE searches the response for the configured string. If the ACE finds the expected response string, the server is marked as passed. If you do not configure an expected response string, the ACE ignores the server response. |
|
• ftp —Establishes a TCP connection to the server and then issues a quit command. |
|
• http—Establishes a TCP connection and issues an HTTP request to the server for an expected string and status code. The ACE can compare the received response with configured codes, looking for a configured string in the received HTTP page, or verifying hash for the HTTP page. If any of these checks fail, the server is marked as failed. For example, if you configure an expected string and status code and the ACE finds them both in the server response, the server is marked as passed. However, if the ACE does not receive either the server response string or the expected status code, it marks the server as failed. If you do not configure a status code, any response code from the server is marked as failed. |
|
• https—Similar to an HTTP probe except that it uses Secure Sockets Layer (SSL) to generate encrypted data. |
|
• icmp—Sends an ICMP echo request and listens for a response. If a server returns a response, the ACE marks the server as passed. If the server does not send a response, causing the probe to time out, or if the server sends an unexpected ICMP echo response type, the ACE marks the probe as failed. |
|
• imap—Makes a server connection and sends user credential (login, password, and mailbox) information. The ACE can send a configured command. Based on the server response, the ACE marks the probe as passed or failed. |
|
• pop—Initiates a session and sends the configured credentials. The ACE can send a configured command. Based on the server response, the ACE marks the probe as passed or failed. |
|
• radius—Sends a query using a configured username, password, and shared secret to a RADIUS server. If the server is up, it is marked as passed. If you configure a Network Access Server (NAS) address, the ACE uses it in the outgoing packet. Otherwise, the ACE uses the IP address associated with the outgoing interface as the NAS address. |
|
• rtsp—Establishes a TCP connection and sends a request packet to the server. The ACE compares the response with the configured response code to determine whether the probe has succeeded. |
|
• scripted—Allows you to run a script to execute the probe that you created for health monitoring. You can author specific scripts with features not present in standard health probes. |
|
• sip {tcp | udp}—Establishes a TCP or UDP connection and sends an OPTIONS request packet to the user agent on the server. The ACE compares the response with the configured response code or expected string, or both, to determine whether the probe has succeeded. If you do not configure an expected status code, any response from the server is marked as failed. |
|
• smtp—Initiates an SMTP session by logging into the server, sends a HELLO message, and then disconnects from the server. |
|
• snmp—Establishes a UDP connection and sends a maximum of eight SMNP OID queries to probe the server. The ACE weighs and averages the load information that is retrieved and uses it as input to the least-loaded algorithm for load-balancing decisions. If the retrieved value is within the configured threshold, the server is marked as passed. If the threshold is exceeded, the server is marked as failed. |
|
• tcp—Initiates a TCP 3-way handshake (SYN, SYN-ACK, ACK) and expects the server to send a response. By default, a successful response causes the probe to mark the server as passed and send a FIN to end the session. If the response is not valid or if there is no response, the probe marks the server as failed. |
|
• telnet—Establishes a connection to the server and verifies that a greeting from the application was received. |
|
• udp—Sends a UDP packet to a server and marks the server as failed only if the server returns an ICMP Port Unreachable message. If the ACE does not receive any ICMP errors for the UDP request that was sent, the probe is marked as passed. Optionally, you can configure this probe to send specific data and expect a specific response to mark the server as passed. If the IP interface of the server is down or disconnected, the UDP probe by itself would not know that the UDP application is not reachable. |
|
• vm—Sends a query to the VM controller (Vcenter) to obtain the load information of the local VMs. |
probe_name |
Identifier for the probe. Use the probe name to associate the probe to the server. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. |
Command Modes
Configuration mode
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
A2(1.0) |
This command was revised. |
A4(2.0) |
Added the VM probe type. |
A5(1.0) |
Added IPv6 support. |
|
|
A1(7) |
This command was introduced. |
A3(1.0) |
This command was revised. |
A4(2.0) |
Added the VM probe type. |
A5(1.0) |
Added IPv6 support. |
Usage Guidelines
This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
You can associate only IPv4 probes with IPv4 real servers and only IPv6 probes wth IPv6 real servers. For IPv6, the ACE supports the following probe types:
•
DNS
•
HTTP
•
HTTPs
•
ICMP
•
TCP
•
UDP
•
Scripted
Examples
To define a TCP probe named PROBE, and access its mode, enter:
host1/Admin(config)# probe tcp PROBE1
host1/Admin(config-probe-tcp)#
To delete the TCP probe named PROBE1 for TCP and access its mode, enter:
host1/Admin(config)# probe tcp PROBE1
Related Commands
clear stats
show probe
show running-config
show stats
(config-probe-probe_type) append-port-hosttag
(ACE appliance only) To append port information in the HTTP Host header when you configure a non-default destination port for an HTTP or HTTPS probe, use the append-port-hosttag command.Use the no form of this command to reset the default behavior of not appending the port information in the HTTP Host header.
append-port-hosttag
no append-port-hosttag
Syntax Description
This command has no keywords or arguments.
Command Modes
HTTP and HTTPS probe configuration mode
Admin and user contexts
Command History
|
|
A3(2.7). Not applicable for A4(1.0) or A4(2.0). |
This command was introduced. |
Usage Guidelines
This command has no usage guidelines.
Examples
To configure the ACE to append the port information, enter the following command:
host1/Admin(config-probe-http)# append-port-hosttag
To reset the default behavior, enter the following:
host1/Admin(config-probe-http)# no append-port-hosttag
Related Commands
This command has no related commands.
(config-probe-probe_type) community
To change the community string used by an SNMP probe, use the community command. Use the no form of this command to remove the community string.
community text
no community
Syntax Description
text |
Name of the SNMP community string for the server. Enter a text string with a maximum of 255 alphanumeric characters. |
Command Modes
SNMP probe configuration mode
Admin and user contexts
Command History
|
|
A2(1.0) |
This command was introduced. |
|
|
A3(1.0) |
This command was introduced. |
Usage Guidelines
An ACE Simple Network Management Protocol (SNMP) probe accesses the server through its community string. By default, the community string is not set.
Examples
To configure the private community string, enter:
host1/Admin(config-probe-snmp)# community private
To reset the community string to its default value of public, enter:
host1/Admin(config-probe-snmp)# no community
Related Commands
show probe
(config-probe-probe_type) connection term
To configure the ACE to terminate a TCP connection by sending a RST, use the connection term command. Use the no form of this command to reset its default of graceful termination.
connection term forced
no connection term forced
Syntax Description
This command has no keywords or arguments.
Command Modes
ECHO TCP, Finger, FTP, HTTP, HTTPS, IMAP, POP, RTSP, SIP TCP, SMTP, TCP, and Telnet probe configuration modes
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
This command applies only to TCP-based probes. By default, the ACE terminates a TCP connection gracefully by sending a FIN to the server.
Examples
To terminate a TCP connection by sending a RST for a TCP probe, enter:
host1/Admin(config-probe-tcp)# connection term forced
To reset the method to terminate a connection gracefully, enter:
host1/Admin(config-probe-tcp)# no connection term forced
Related Commands
show probe
(config-probe-probe_type) credentials
To configure the credentials for username and password authentication of a probe to access a server, use the credentials command. For a Remote Authentication Dial-In User Service (RADIUS) probe, a shared secret may also be required. For an Internet Message Access Protocol (IMAP) probe, you can provide a mailbox username. Use the no form of this command to remove the credentials from the configuration.
For HTTP, HTTPS, and POP probes, the syntax is as follows:
credentials username [password]
For RADIUS probes, the syntax is as follows:
credentials username password [secret shared_secret]
For IMAP probes, the syntax is as follows:
credentials {username password} | {mailbox name}
For HTTP, HTTPS, POP, and RADIUS probes, the syntax is as follows:
no credentials
For IMAP probes, the syntax is as follows:
no credentials {username | mailbox}
Syntax Description
username |
User identifier used for authentication. Enter an unquoted text string with a maximum of 64 alphanumeric characters. |
password |
(Optional except for RADIUS and IMAP probes) Password used for authentication. Enter an unquoted text string with a maximum of 64 alphanumeric characters. |
mailbox name |
(IMAP probe) Specifies the user mailbox name from which to retrieve e-mail for an IMAP probe. Enter an unquoted text string with a maximum of 64 alphanumeric characters. |
secret shared_secret |
(RADIUS probe) Specifies the password used for the MD5 hash encryption algorithm. Enter an unquoted text string with a maximum of 64 alphanumeric characters. |
Command Modes
HTTP, HTTPS, IMAP, POP, and RADIUS probe configuration modes
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
You must configure the credentials for an IMAP probe using the credentials command before you configure the mailbox or the ACE will ignore the specified user mailbox name.
Examples
To configure the username ENG1 and a password TEST for an HTTP probe, enter:
host1/Admin(config-probe-http)# credentials ENG1 TEST
To delete the credentials for a probe, enter:
host1/Admin(config-probe-http)# no credentials
To configure the user mailbox LETTERS for an IMAP probe, enter:
host1/Admin(config-probe-imap)# credentials mailbox LETTERS
To delete the mailbox for the IMAP probe, enter:
host1/Admin(config-probe-imap)# no credentials mailbox
Related Commands
show probe
(config-probe-probe_type) description
To provide a description for a probe, use the description command. Use the no form of this command to remove the description for the probe.
description text
no description
Syntax Description
text |
Description for the probe. Enter a text string with a maximum of 240 alphanumeric characters. |
Command Modes
All probe-type configuration modes
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
This command has no usage guidelines.
Examples
To configure a description THIS PROBE IS FOR TCP SERVERS for a TCP probe, enter:
host1/Admin(config-probe-tcp)# description THIS PROBE IS FOR TCP SERVERS
To remove the description THIS PROBE IS FOR TCP SERVERS for a TCP probe, enter:
host1/Admin(config-probe-tcp)# no description
Related Commands
show probe
(config-probe-probe_type) domain
To configure the domain name that the probe sends to the DNS server to resolve, use the domain command. Use the no form of this command to reset the default domain (www.cisco.com) that the probe sends to the server.
domain name
no domain
Syntax Description
name |
Domain that the probe sends to the DNS server. Enter an unquoted text string with a maximum of 255 alphanumeric characters. |
Command Modes
DNS probe configuration mode
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
The DNS probe sends a domain name for the DNS server to resolve. By default, the probe uses the www.cisco.com domain name.
Examples
To configure the domain name of MARKET, enter:
host1/Admin(config-probe-dns)# domain MARKET
To reset the default domain that the probe sends to the DNS server, enter:
host1/Admin(config-probe-dns)# no domain
Related Commands
show probe
(config-probe-probe_type) expect address
To configure one or more IPv6 or IPv4 addresses that the ACE expects as a server response to a DNS request, use the expect address command. The probe matches the received IP address with the configured addresses. Use the no form of this command to remove the expected IP address from the configuration.
expect address ip_address
no expect address ip_address
Syntax Description
ip_address |
IPv6 or IPv4 address expected from the DNS server in response to the DNS probe request for a domain. |
Command Modes
DNS probe configuration mode
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
A5(1.0) |
Added IPv6 support. |
|
|
A1(7) |
This command was introduced. |
A5(1.0) |
Added IPv6 support. |
Usage Guidelines
A DNS probe sends a request for a domain to a DNS server. The ACE uses the IP address specified in the expect address command to decide whether to pass or fail the DNS probe for the server based on the server response. You can specify multiple IP addresses with this command by entering the command with a different address separately.
Examples
IPv6 Example
To configure an expected IPv6 address of 2001:DB8:15::/64, enter:
host1/Admin(config-probe-dns)# expect address 2001:DB8:15::/64
To remove an IPv6 address, use the no expect address command. For example, enter:
host1/Admin(config-probe-dns)# no expect address 2001:DB8:15::/64
IPv4 Example
To configure an expected IPv4 address of 192.8.12.15, enter:
host1/Admin(config-probe-dns)# expect address 192.8.12.15
To remove an IPv4 address, use the no expect address command. For example, enter:
host1/Admin(config-probe-dns)# no expect address 192.8.12.15
Related Commands
show probe
(config-probe-probe_type) expect regex
To configure what the ACE expects as a response from the probe destination server, use the expect regex command. Use the no form of this command to remove the expectation of a response expression.
expect regex string [offset number] [cache [length]]
For TCP and UDP probes, the syntax is as follows:
no expect
For Finger, HTTP, HTTPS, and SIP probes, the syntax is as follows:
no expect regex
Syntax Description
string |
Expected response string from the probe destination. Enter an unquoted text string with no spaces. If the string includes spaces, enclose the string in quotes. The string can be a maximum of 255 alphanumeric characters. |
offset number |
(Optional) Sets the number of characters into the received message or buffer where the probe starts searching for the defined expression. Enter an number from 1 to 4000. (ACE appliance only) If you do not include the cache keyword when entering this command, the number argument is from 1 to 4000. However, if you include the cache keyword, the offset maximum number is 163840. |
cache |
(ACE appliance only, Optional for HTTP and HTTPS probes only) Enables caching when regex parsing long web pages . By default, when you configure the expect regex command for HTTP or HTTPS probes in probe configuration mode, the ACE does not cache the web page parsed by the probes. If the web page is longer than 4kBytes and the regex matching string exceeds this length, the probe fails. |
length |
(ACE appliance only, Optional) Cache length. Enter a number from 1 to 1000. The default cache length is 1000. |
Command Modes
Finger, HTTP, HTTPS, SIP, TCP, and UDP probe configuration modes
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
|
|
A1(7) |
This command was introduced. |
A3(2.7). Not applicable to A4(1.0) or A4(2.0). |
Added the cache [length] option for regex parsing of long web pages. |
Usage Guidelines
When you configure a probe to expect a string from a server, it searches the response for a configured string. If the ACE finds the expected string, the server is marked as passed. If you do not configure an expected string, the ACE ignores the server response.
If you configure the expect regex command for TCP probes, you must configure the send-data command. Otherwise, the probe performs a connection open and close without checking the response from the server.
For HTTP or HTTPS probes, the server response must include the Content-Length header for the expect regex command to function. Otherwise, the probe does not attempt to parse the regex.
(ACE appliance only) For the cache option, consider the following:
•
The HTML file configured with the request method command cannot exceed the length of the offset plus the length of the cache. If the file exceeds this length, the probes fail.
•
For HTTP and HTTPS probes with active and standby ACEs that are running different software versions, any incremental changes made for the expect regex command are not synchronized. Any synchronization changes to the other ACE occur through bulk synchronization. Bulk synchronization takes place as expected.
Examples
To configure a TCP probe to expect an ACK response, enter:
host1/Admin(config-probe-tcp)# expect regex ack
(ACE appliance only) To configure the expected response string with caching with the default cache length of 1000, enter:
host1/Admin(config-probe-http)# expect regex test cache
To remove the expectation of a response expression for a TCP probe, enter:
host1/Admin(config-probe-tcp)# no expect
To remove the expectation of a response expression for an HTTP probe, enter:
host1/Admin(config-probe-http)# no expect regex
Related Commands
show probe
(config-probe-probe_type) expect status
To configure a single status code or a range of status code responses that the ACE expects from the probe destination, use the expect status command. You can specify multiple status code ranges with this command by entering the command with different ranges separately. Use the no form of this command to remove the expected status code or codes from the configuration.
expect status min_number max_number
no expect status min_number max_number
Syntax Description
min_number |
Single status code or the lower limit of a range of status codes. Enter an integer from 0 to 999. |
max_number |
Upper limit of a range of status codes. Enter an integer from 0 to 999. When configuring a single code, reenter the min_number value. |
Command Modes
FTP, HTTP, HTTPS, RTSP, SIP, and SMTP probe configuration modes
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
When the ACE receives a response from the server, it expects a status code to mark a server as passed. By default, no status codes are configured on the ACE. If you do not configure a status code, any response code from the server is marked as failed.
For HTTP and HTTPS, if you configure the expect-regex command without configuring a status code, the probe will pass if the regular expresion response string is present.
You can specify multiple status code ranges with this command by entering the command with different ranges one at a time. Both the min_number and the max_number values can be any integer between 0 and 999 if the max_number is greater than or equal to the min_number. When the min_number and max_number values are the same, the ACE uses a single status code number.
Examples
To configure an expected status code of 200 that indicates that the HTTP request was successful, enter:
host1/Admin(config-probe-http)# expect status 200 200
To configure a range of expected status codes from 200 to 202, enter:
host1/Admin(config-probe-rtsp)# expect status 200 202
To configure multiple ranges of expected status codes from 200 to 202 and 204 to 205, configure each range separately. Enter:
host1/Admin(config-probe-http)# expect status 200 202
host1/Admin(config-probe-http)# expect status 204 205
To remove a single expected status code of 200, enter:
host1/Admin(config-probe-sip-udp)# no expect status 200 200
To remove a range of expected status codes, enter:
host1/Admin(config-probe-http)# no expect status 200 202
To remove multiple ranges of expected status codes, you must remove each range separately. If you have set two different ranges (200 to 202 and 204 to 205), enter:
host1/Admin(config-probe-http)# no expect status 200 202
host1/Admin(config-probe-http)# no expect status 204 205
Related Commands
show probe
(config-probe-probe_type) faildetect
To change the number of consecutive failed probes, use the faildetect command. Use the no form of this command to reset the number of probe retries to its default.
faildetect retry-count
no faildetect
Syntax Description
retry_count |
Consecutive number of failed probes before marking the server as failed. Enter a number from 1 to 65535. The default is 3. |
Command Modes
All probe-type configuration modes
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
Before the ACE marks a server as failed, it must detect that probes have failed a consecutive number of times. By default, when three consecutive probes have failed, the ACE marks the server as failed.
Examples
To set the number of failed probes to 5 before declaring the server as failed for a TCP probe, enter:
host1/Admin(config-probe-tcp)# faildetect 5
To reset the number of probe failures to the default of 3, enter:
host1/Admin(config-probe-tcp)# no faildetect
Related Commands
show probe
(config-probe-probe_type) hash
To configure the ACE to dynamically generate the MD5 hash value or manually configure the value, use the hash command. By default, no hash value is configured on the ACE. Use the no form of this command to configure the ACE to no longer compare the referenced hash value to the computed hash value.
hash [value]
no hash
Syntax Description
value |
(Optional) The MD5 hash value that you want to manually configure. Enter the MD5 hash value as a hexadecimal string with exactly 32 characters (16 bytes). |
Command Modes
HTTP and HTTPS probe configuration mode
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
If you do not use this command to configure the hash value, the ACE does not calculate a hash value on the HTTP data returned by the probe.
When you enter this command with no argument, the ACE generates the hash on the HTTP data returned by the first successful probe. If subsequent HTTP server hash responses match the generated hash value, the ACE marks the server as passed. If a mismatch occurs due to changes to the HTTP data, the probe fails and the show probe ... detail command displays an MD5 mismatch error in the Last disconnect error field.
To clear the reference hash and have the ACE recalculate the hash value at the next successful probe, change the URL or method by using the request method command.
The server response must include the Content-Length header for the hash command to function. Otherwise, the probe does not attempt to parse the hash value.
You can configure the hash command on a probe using the HEAD method, however there is no data to hash and has no effect causing the probe to always succeed.
Examples
To configure the ACE to generate the hash on the HTTP data returned by the first successful probe, enter:
host1/Admin(config-probe-http)# hash
To manually configure a hash value, enter:
host1/Admin(config-probe-http)# hash 0123456789abcdef0123456789abcdef
To configure the ACE to no longer compare the referenced hash value to the computed hash value, enter:
host1/Admin(config-probe-http)# no hash
Related Commands
show probe
(config-probe-probe_type) request method
(config-probe-probe_type) header
To configure a header field value for a probe, use the header command. Use the no form of this command to remove the header field from the probe configuration.
For HTTP and HTTPS probes, the syntax is as follows:
header field_name header-value field_value
no header field_name
For RTSP probes, the syntax is as follows:
header {require | proxy-require} header-value field_value
no header {require | proxy-require}
Syntax Description
field_name |
(HTTP and HTTPS probes) Identifier for a standard header field. Enter a text string with a maximum of 64 alphanumeric characters. If the header field includes spaces, enclose the string in quotation marks ("). You can also enter one of the following header keywords: |
|
• Accept—Accept request header |
|
• Accept-Charset—Accept-Charset request header |
|
• Accept-Encoding—Accept-Encoding request header |
|
• Accept-Language—Accept-Language request header |
|
• Authorization—Authorization request header |
|
• Cache-Control—Cache-Control general header |
|
• Connection—Connection general header |
|
• Content-MD5—Content-MD5 entity header |
|
• Expect—Expect request header |
|
• From—From request header |
|
• Host—Host request header |
|
• If-Match—If-Match request header |
|
• Pragma—Pragma general header |
|
• Referer—Referer request header |
|
• Transfer-Encoding—Transfer-Encoding general header |
|
• User-Agent—User-Agent request header |
|
• Via—Via general header |
header-value field_value |
(HTTP and HTTPS probes) Specifies the value assigned to the header field. Enter a text string with a maximum of 255 alphanumeric characters. If the value string includes spaces, enclose the string in quotation marks ("). |
require |
(RTSP probes) Specifies the Require header. |
proxy-require |
(RTSP probes) Specifies the Proxy-Require header. |
header-value field_value |
(RTSP probes) Specifies the value assigned to the header field. Enter an alphanumeric string with no spaces and a maximum of 255 characters. |
Command Modes
HTTP, HTTPS, and RTSP probe configuration mode
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
A2(1.0) |
This command was revised. |
|
|
A1(7) |
This command was introduced. |
A3(1.0) |
This command was revised. |
Usage Guidelines
For each HTTP or HTTPS probe in your configuration, you can configure multiple header fields.
Examples
To configure the Accept-Encoding HTTP header with a value of identity, enter:
host1/Admin(config-probe-http)# header Accept-Encoding header-value identity
To remove the header with the Accept-Encoding field name from the probe, enter:
host1/Admin(config-probe-http)# no header Accept-Encoding
To configure the RTSP REQUIRE header with a field value of implicit-play, enter:
host1/Admin(config-probe-rtsp)# header require header-value implicit-play
To remove the header configuration for the RTSP probe, enter:
host1/Admin(config-probe-rtsp)# no header require
To remove a Proxy-Require header, enter:
host1/Admin(config-probe-rtsp)# no header proxy-require
Related Commands
show probe
(config-probe-probe_type) interval
To change the time interval between probes, use the interval command. The time interval between probes is the frequency that the ACE sends probes to the server marked as passed. Use the no form of this command to reset the default time interval of 15 seconds.
interval seconds
no interval
Syntax Description
seconds |
Time interval in seconds. Enter a number from 2 to 65535. The default is 15. |
Command Modes
All probe-type configuration modes
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
A4(1.0) |
The default is 15. Previously, it was 120. |
A4(2.0) |
Added the interval command for VM probes. |
|
|
A1(7) |
This command was introduced. |
A4(2.0) |
Added the interval command for VM probes. |
Usage Guidelines
The open timeout value for TCP-based probes and the receive timeout value can impact the execution time for a probe. When the probe interval is less than or equal to these timeout values and the server takes a long time to respond or it fails to reply within the timeout values, the probe is skipped. When the probe is skipped, the No. Probes skipped counter through the show probe detail command increments.
Examples
To configure a time interval of 50 seconds for a TCP probe, enter:
host1/Admin(config-probe-tcp)# interval 50
To reset the time interval to the default of 15 seconds, enter:
host1/Admin(config-probe-tcp)# no interval
Related Commands
show probe
(config-probe-probe_type) ip address
To override the destination address that the probe uses, use the ip address command. By default, the probe uses the IP address from the real server or server farm configuration for the destination IP address. Use the no form of this command to reset the default of the probe.
ip address ip_address [routed]
no ip address
Syntax Description
ip_address |
Destination IP address. The default is the IP address from the real server or server farm configuration. Enter a unique IPv4 address in dotted-decimal notation (for example, 192.168.12.15). |
routed |
(Optional) Routes the address according to the ACE internal routing table. If you are configuring a probe under a redirect server, you must configure this option. (ACE module only) Hardware-initiated SSL probes do not support this option. |
Command Modes
All probe-type configuration modes except scripted probe configuration mode
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
A5(1.0) |
Added IPv6 support. |
|
|
A1(7) |
This command was introduced. |
A3(2.7). Not applicable for A4(1.0). |
Support added to configure a probe under a redirect server or server farm. |
A5(1.0) |
Added IPv6 support. |
Usage Guidelines
This command has no usage guidelines.
Examples
IPv6 Example
To configure an IPv6 address of 2001:DB8:12::15, enter:
host1/Admin(config-probe-type)# ip address 2001:DB8:12::15
To reset the default behavior of the probe using the IPv6 address from the real server or server farm configuration, use the no ip address command. For example, enter:
host1/Admin(config-probe-type)# no ip address
IPv4 Example
To configure an IP address of 192.8.12.15, enter:
host1/Admin(config-probe-type)# ip address 192.8.12.15
To reset the default behavior of the probe using the IP address from the real server or server farm configuration, use the no ip address command. For example, enter:
host1/Admin(config-probe-type)# no ip address
Related Commands
show probe
(config-probe-probe_type) nas ip address
To configure a Network Access Server (NAS) address, use the nas ip address command. Use the no form of this command to remove the NAS address.
nas ip address ip_address
no nas ip address
Syntax Description
ip_address |
NAS IP address. Enter a unique IPv4 address in dotted-decimal notation (for example, 192.168.12.15). By default, if a NAS address is not configured for the Remote Authentication Dial-In User Service (RADIUS) probe, the ACE uses the IP address associated with the outgoing interface as the NAS address. |
Command Modes
RADIUS probe configuration mode
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
If a NAS address is not configured for the RADIUS probe, the ACE performs a route lookup on the RADIUS server IP address.
Examples
To configure a NAS address of 192.168.12.15, enter:
host1/Admin(config-probe-radius)# nas ip address 192.168.12.15
To remove the NAS IP address, enter:
host1/Admin(config-probe-radius)# no nas ip address
Related Commands
show probe
(config-probe-probe_type) oid
To configure an Object Identifier (OID) for an SNMP probe, use the oid command. When you enter this command, the CLI prompt changes to (config-probe-snmp-oid). For information about the commands available in probe SNMP OID configuration mode, see the Probe SNMP OID Configuration Mode Commands section. Use the no form of this command to remove the OID from the probe configuration.
oid string
no oid string
Syntax Description
string |
OID that the probe uses to query the server for a value. Enter an unquoted string with a maximum of 255 alphanumeric characters in dotted-decimal notation. The OID string is based on the server type. |
Command Modes
SNMP probe configuration mode
Admin and user contexts
Command History
|
|
A2(1.0) |
This command was introduced. |
|
|
A3(1.0) |
This command was introduced. |
Usage Guidelines
When the ACE sends a probe with an SNMP OID query, the ACE uses the retrieved value as input to the least-loaded algorithm for load-balancing decisions. Least-loaded load balancing bases the server selection on the server with the lowest load value. If the retrieved value is within the configured threshold, the server is marked as passed. If the threshold is exceeded, the server is marked as failed.
You can configure a maximum of eight OID queries to probe the server.
Examples
To configure the OID string .1.3.6.1.4.1.2021.10.1.3.1 and access probe SNMP OID configuration mode, enter:
host1/Admin(config-probe-snmp)# oid .1.3.6.1.4.1.2021.10.1.3.1
host1/Admin(config-probe-snmp-oid)#
To remove the OID string, enter:
host1/Admin(config-probe-snmp)# no oid .1.3.6.1.4.1.2021.10.1.3.1
Related Commands
show probe
(config-probe-snmp-oid) threshold
(config-probe-snmp-oid) type absolute max
(config-probe-snmp-oid) weight
(config-probe-probe_type) open
To configure the time interval for a connection to be established through a TCP three-way handshake, use the open command. By default, when the ACE sends a probe, it waits 1 second to open and establish the connection with the server. Use the no form of this command to reset its default of 1 second.
open timeout
no open
Syntax Description
timeout |
Time in seconds. Enter an integer from 1 to 65535. The default is 1. |
Command Modes
Echo TCP, Finger, FTP, HTTP, HTTPS, IMAP, POP, RTSP, scripted, SIP TCP, SMTP, TCP, and Telnet probe configuration mode
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
A4(1.0) |
The default is 1. Previously, it was 10. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
The open timeout value for TCP-based probes and the receive timeout value can impact the execution time for a probe. When the probe interval is less than or equal to these timeout values and the server takes a long time to respond or it fails to reply within the timeout values, the probe is skipped. When the probe is skipped, the No. Probes skipped counter increments through the show probe detail command.
Examples
To configure the wait time interval to 25 seconds for a TCP probe, enter:
host1/Admin(config-probe-tcp)# open 25
To reset the time interval to its default of 1 second, enter:
host1/Admin(config-probe-tcp)# no open
Related Commands
show probe
(config-probe-probe_type) passdetect
To configure the time interval to send a probe to a failed server and the number of consecutive successful probe responses required to mark the server as passed, use the passdetect command. Use the no form of this command to reset the default of waiting 60 seconds before sending out a probe to a failed server and marking a server as passed if it receives 3 consecutive successful responses.
passdetect {interval seconds | count number}
no passdetect {interval | count}
Syntax Description
interval seconds |
Specifies the wait time interval in seconds. Enter a number from 2 to 65535. The default is 60. |
count number |
Specifies the number of successful probe responses from the server. Enter a number from 1 to 65535. The default is 3. |
Command Modes
All probe-type configuration modes except scripted probe configuration mode
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
A4(1.0) |
The default is 60. Previously, it was 300. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
For best results, we recommend that you do not configure a passdetect interval value of less than 30 seconds. If you configure a passdetect interval value of less than 30 seconds, the open timeout and receive timeout values are set to their default values, and a real server fails to respond to a probe, overlapping probes may result, which can cause management resources to be consumed unnecessarily and the No. Probes skipped counter to increase.
After the ACE marks a server as failed, it waits a period of time and then sends a probe to the failed server. When the ACE receives a number of consecutive successful probes, it marks the server as passed. By default, the ACE waits 60 seconds before sending out a probe to a failed server and marks a server as passed if it receives 3 consecutive successful responses.
The receive timeout value can impact the execution time for a probe. When the probe interval is less than or equal to this timeout value and the server takes a long time to respond or it fails to reply within the timeout value, the probe is skipped. When the probe is skipped, the No. Probes skipped counter increments through the show probe detail command.
Examples
To configure a wait interval of 10 seconds for a TCP probe, enter:
host1/Admin(config-probe-tcp)# passdetect interval 10
To configure five success probe responses from the server before declaring it as passed, enter:
host1/Admin(config-probe-tcp)# passdetect count 5
To reset the wait interval to its default, enter:
host1/Admin(config-probe-tcp)# no passdetect interval
To reset the successful probe responses to its default, enter:
host1/Admin(config-probe-tcp)# no passdetect count
Related Commands
show probe
(config-probe-probe_type) port
To configure the port number that the probe uses, use the port command. Use the no form of this command to reset the port number based on the probe type.
port port-number
no port
Syntax Description
port-number |
Port number for the probe. Enter an integer from 1 to 65535. |
Command Modes
All probe-type configuration modes except ICMP probe configuration mode
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
A4(1.0) |
This command was revised to support probe port inheritance. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
Table 2-22 lists the default port numbers for each probe type.
Table 2-22 Default Port Numbers for Probe Types
|
|
DNS |
53 |
Echo |
7 |
Finger |
79 |
FTP |
21 |
HTTP |
80 |
HTTPS |
443 |
ICMP |
Not applicable |
IMAP |
143 |
POP |
110 |
RADIUS |
1812 |
RTSP |
554 |
SIP (TCP and UDP) |
5060 |
SMTP |
25 |
Telnet |
23 |
TCP |
80 |
UDP |
53 |
If you choose not to specify a port number for a probe, the ACE can dynamically inherit the port number specified:
•
From the real server specified in a server farm (see the (config-sfarm-host) rserver command).
•
From the VIP specified in a Layer 3 and Layer 4 class map (see the (config-cmap) match virtual-address command).
In this case, all you need is a single probe configuration, which will be sufficient to probe a real server on multiple ports or on all VIP ports. The same probe inherits all of the real server's ports or all of the VIP ports and creates probe instances for each port.
Note
Probe port inheritance is not applicable for the server farm predictor method, a probe assigned to a standalone real server, or a probe configured on the active FT group member in a redundant configuration.
For a Layer 3 and Layer 4 class map, a VIP port will be inherited only if a match command consists of a single port. If you specify a wildcard value for the IP protocol value (the any keyword) or a port range for the port, port inheritance does not apply for those match statements.
The order of precedence for inheriting the probe's port number is as follows:
1.
Probe's configured port
2.
Server farm real server's configured port
3.
VIP's configured port
4.
Probe's default port
For example, if the configured probe does not contain a specified port number, the ACE will look for the configured port associated with the real server specified in a server farm. If a port number is not configured, the ACE looks for the configured port associated with the VIP specified in a Layer 3 and Layer 4 class map. If a port number is also not configured, the ACE then uses the probe's default port to perform health monitoring on the back-end real server.
Examples
To configure a port number of 88 for an HTTP probe, enter:
host1/Admin(config-probe-HTTP)# port 88
To reset the port number to its default, in this case, port 80 for an HTTP probe, enter:
host1/Admin(config-probe-HTTP)# no port
Related Commands
show probe
(config-probe-probe_type) receive
To configure the time period that the ACE expects to receive a server response to the probe, use the receive command. Use the no form of this command to reset its default of 10 seconds.
receive seconds
no receive
Syntax Description
seconds |
Time to wait in seconds. Enter an integer from 1 to 65535. The default is 10. |
Command Modes
All probe-type configuration modes
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
By default, when the ACE sends a probe, it expects a response within a time period of 10 seconds. For example, for an HTTP probe, the timeout period is the number of seconds to receive an HTTP reply for a GET or HEAD request. If the server fails to respond to the probe, the ACE marks the server as failed.
The open timeout value for TCP-based probes and the receive timeout value can impact the execution time for a probe. When the probe interval is less than or equal to these timeout values and the server takes a long time to respond or it fails to reply within the timeout values, the probe is skipped. When the probe is skipped, the No. Probes skipped counter increments through the show probe detail command.
Examples
To configure the timeout period for a response at 5 seconds for a TCP probe, enter:
host1/Admin(config-probe-TCP)# receive 5
To reset the time period to receive a response from the server to its default of 10 seconds, enter:
host1/Admin(config-probe-TCP)# no receive
Related Commands
show probe
(config-probe-probe_type) request command
To configure the request command used by an Internet Message Access Protocol (IMAP) or POP probe, use the request command command. Use the no form of this command to remove the request command from the configuration.
request command command
no request
Syntax Description
command |
Request command for the probe. Enter a text string with a maximum of 32 alphanumeric characters with no spaces. |
Command Modes
IMAP and POP probe configuration modes
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
A2(1.0) |
This command was revised. |
|
|
A1(7) |
This command was introduced. |
A3(1.0) |
This command was revised. |
Usage Guidelines
You must configure the name of the mailbox using the (config-probe-probe_type) credentials command before you configure the request command used by an IMAP probe or the ACE will ignore the specified request command.
Examples
To configure the last request command for an IMAP probe, enter:
host1/Admin(config-probe-imap)# request command last
To remove the request command for the probe, enter:
host1/Admin(config-probe-imap)# no request
Related Commands
show probe
(config-probe-probe_type) request method
To configure the request method and URL used by a probe, use the request method command. Use the no form of this command to reset the default request method.
For HTTP and HTTPS probes, the syntax is as follows:
request method {get | head} [url url_string]
no request method {get | head} [url url_string]
For RTSP probes, the syntax is as follows:
request method {options | describe url url_string}
no request method
For SIP probes, the syntax is as follows:
request method options
no request method
Syntax Description
get |
(HTTP or HTTPS probe) Configures the HTTP GET request method to direct the server to get the page. This method is the default. |
head |
(HTTP or HTTPS probe) Configures the HTTP HEAD request method to direct the server to get only the header for the page. |
url url_string |
(HTTP or HTTPS probe) Specifies the URL string used by the probe. Enter an alphanumeric string with a maximum of 255 characters. The default string is a forward slash (/). |
options |
(RTSP or SIP probe) Specifies the OPTIONS request method. This is the default method. The ACE uses the asterisk (*) request URL for this method. |
describe url url_string |
(RTSP probe) Specifies the DESCRIBE request method. The url_string is the URL request for the RTSP media stream on the server. Enter an alphanumeric string with a maximum of 255 characters. |
Command Modes
HTTP, HTTPS, RTSP, and SIP probe configuration modes
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
A2(1.0) |
This command was revised. |
|
|
A1(7) |
This command was introduced. |
A3(1.0) |
This command was revised. |
Usage Guidelines
By default, the HTTP request method is a GET with the URL of a forward slash (/). If you do not configure a URL, the HTTP or HTTPS probe functions as a TCP probe.
By default, the RTSP request method is the OPTIONS method. You can also configure the DESCRIBE method.
By default, the SIP request method is the OPTIONS method; this method is the only method available for SIP probes.
Examples
To configure the HTTP HEAD request method and the /digital/media/graphics.html URL used by an HTTP probe, enter:
host1/Admin(config-probe-http)# request method head url /digital/media/graphics.html
To reset the HTTP method for the probe to HTTP GET with a URL of "/", enter:
host1/Admin(config-probe-http)# no request method head url /digital/media/graphics.html
To configure an RTSP probe to use the URL rtsp:///media/video.smi, enter:
host1/Admin(config-probe-rtsp)# request method describe url
rtsp://192.168.10.1/media/video.smi
To reset the default RTSP request method (OPTIONS), use the no request method or the request method options command. For example, enter:
host1/Admin(config-probe-rtsp)# no request method
Related Commands
show probe
(config-probe-probe_type) hash
(config-probe-probe_type) script
To specify the script name and the arguments to be passed to a scripted probe, use the script command. Use the no form of this command to remove the script and its arguments from the configuration.
script script_name [script_arguments]
no script
Syntax Description
script_name |
Name of the script. Enter an unquoted text string with no spaces and a maximum of 255 alphanumeric characters. |
script_arguments |
(Optional) Data sent to the script. Enter a text string with a maximum of 255 alphanumeric characters including spaces and quotes. Separate each argument by a space. If a single argument contains spaces, enclose the argument string in quotes. |
Command Modes
Scripted probe configuration mode
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
Scripted probes run probes from a configured script to perform health probing. You can also configure arguments that are passed to the script. Before you can associate a script file with a probe, you must copy and load the script on the ACE. For information about TCL scripts and instructions for copying and loading script files on the ACE, see the Server Load-Balancing Guide, Cisco ACE Application Control Engine.
The ACE allows the configuration of 256 unique script files.
The ACE can simultaneously execute only 200 scripted probe instances. When this limit is exceeded, the show probe detail command displays the "Out-of Resource: Max. script-instance limit reached" error message in the Last disconnect err field and the out-of-sockets counter increments.
Examples
To configure the script name of PROBE-SCRIPT and arguments of double question marks (??), enter:
host1/Admin(config-probe-scrptd)# script PROBE-SCRIPT ??
To remove the script and its arguments from the configuration, enter:
host1/Admin(config-probe-scrptd)# no script
Related Commands
show probe
show script
(config) script file name
(config-probe-probe_type) send-data
To configure the ASCII data that the probe sends when the ACE connects to the server, use the send-data command. Use the no form of this command to remove the data from the configuration.
send-data expression
no send-data
Syntax Description
expression |
ASCII data that the probe sends. Enter an unquoted text string with no spaces and a maximum of 255 alphanumeric characters. |
Command Modes
ECHO, Finger, TCP, and UDP probe configuration modes
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
If you do not configure the send-data command for a UDP probe, the probe sends one byte, 0x00.
When you configure the expect regex command for a TCP probe, you must configure the send-data command for the expect function to work. Otherwise, the TCP probe makes a socket connection and disconnects without checking the data.
Examples
To configure a TCP probe to send TEST as the data, enter:
host1/Admin(config-probe-tcp)# send-data TEST
To remove the data, enter:
host1/Admin(config-probe-tcp)# no send-data
Related Commands
show probe
(config-probe-probe_type) ssl cipher
To configure the probe to expect a specific type of RSA cipher suite from the back-end server, use the ssl cipher command. Use the no form of this command to reset its default of accepting any RSA configured cipher suites.
ssl cipher {RSA_ANY | cipher_suite}
no ssl cipher
Syntax Description
RSA_ANY |
Specifies that the probe accepts any of the RSA configured cipher suites. This is the default. |
cipher_suite |
RSA cipher suite that the probe expects from the back-end server. Enter one of the following keywords: |
|
RSA_EXPORT1024_WITH_DES_CBC_SHA |
|
RSA_EXPORT1024_WITH_RC4_56_MD5 |
|
RSA_EXPORT1024_WITH_RC4_56_SHA |
|
RSA_EXPORT_WITH_DES40_CBC_SHA |
|
RSA_EXPORT_WITH_RC4_40_MD5 |
|
RSA_WITH_3DES_EDE_CBC_SHA |
|
RSA_WITH_AES_128_CBC_SHA |
|
RSA_WITH_AES_256_CBC_SHA |
|
RSA_WITH_DES_CBC_SHA |
|
RSA_WITH_RC4_128_MD5 |
|
RSA_WITH_RC4_128_SHA |
Command Modes
HTTPS probe configuration mode
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
This command has no usage guidelines.
Examples
To configure the HTTPS probes with the RSA_WITH_RC4_128_SHA cipher suite, enter:
host1/Admin(config-probe-https)# ssl cipher RSA_WITH_RC4_128_SHA
To reset the default of the HTTPS probes accepting any RSA cipher suite, enter:
host1/Admin(config-probe-https)# ssl cipher RSA_ANY
To reset the default by using the no ssl cipher command, enter:
host1/Admin(config-probe-https)# no ssl cipher
Related Commands
show probe
(config-probe-probe_type) ssl version
To configure the version of Secure Sockets Layer (SSL) that the probe supports, use the ssl version command. Use the no form of this command to reset the default to SSL version 3.
ssl version {all | SSLv3 | TLSv1}
no ssl version
Syntax Description
all |
Configures the probe to support all SSL versions. |
SSLv3 |
Configures the probe to support SSL version 3. This is the default. |
TLSv1 |
Configures the probe to support TLS version 1. |
Command Modes
HTTPS probe configuration mode
Admin and user contexts
Command History
|
|
3.0(0)A1(2) |
This command was introduced. |
|
|
A1(7) |
This command was introduced. |
Usage Guidelines
The version in the ClientHello message sent to the server indicates the highest supported version.
Examples
To configure the probe to support all SSL versions, enter:
host1/Admin(config-probe-https)# ssl version all
To reset the default of SSL version 3, enter:
host1/Admin(config-probe-https)# no ssl version
Related Commands
show probe
(config-probe-probe_type) version
To configure the version of SNMP that the probe supports, use the version command. Use the no form of this command to reset the version to its default value of SNMP version 1.
version {1 | 2c}
no version
Syntax Description
1 |
Configures the probe to support SNMP version 1. This is the default. |
2c |
Configures the probe to support SNMP version 2c. |
Command Modes
SNMP probe configuration mode
Admin and user contexts
Command History
|
|
A2(1.0) |
This command was introduced. |
|
|
A3(1.0) |
This command was introduced. |
Usage Guidelines
The version in the SNMP OID query sent to the server indicates the supported SNMP version. By default, the probe supports SNMP version 1.
Examples
To configure the probe to use SNMP version 2c, enter:
host1/Admin(config-probe-snmp)# version 2c
To reset the version of SNMP to the default value, SNMP version 1, enter:
host1/Admin(config-probe-snmp)# no version
Related Commands
show probe
(config-probe-sip-udp) rport enable
To force the SIP server to send the 200 OK message from the same port as the destination port of the probe request OPTIONS method per RFC 3581 when you configure the ACE for SIP UDP, use the rport enable command. By default, if the SIP server sends the 200 OK message from a port that is different from the destination port of the probe request, the ACE discards the response packet from the server. Use the no form of this command to reset the default behavior.
rport enable
no rport enable
Syntax Description
This command has no keywords or arguments.
Command Modes
SIP UDP probe configuration modes
Admin and user contexts
Command History
|
|
A2(2.3) |
This command was introduced. |
|
|
A3(2.5) |
This command was introduced. |
Usage Guidelines
This command has no usage guidelines.
Examples
To force the SIP server to send the 200 OK message from the destination port of the probe request OPTIONS method, enter:
host1/Admin(config-probe-sip-udp)# rport enable
To reset the ACE behavior to the default, enter:
host1/Admin(config-probe-sip-udp)# no rport enable
Related Commands
show probe
Probe SNMP OID Configuration Mode Commands
Probe SNMP OID configuration mode commands allow you to configure an OID for an SNMP probe. To configure an OID for an SNMP probe and access probe SNMP OID configuration mode, use the oid command in SNMP probe configuration mode. The CLI prompt changes to (config-probe-snmp-oid). For information about the commands in this mode, see the following commands. Use the no form of this command to remove the OID from the SNMP probe configuration.
oid string
no oid string
Syntax Description
string |
OID that the probe uses to query the server for a value. Enter an unquoted string with a maximum of 255 alphanumeric characters in dotted-decimal notation. The OID string is based on the server type. |
Command Modes
SNMP probe configuration mode
Admin and user contexts
Command History
|
|
A2(1.0) |
This command was introduced. |
|
|
A3(1.0) |
This command was introduced. |
Usage Guidelines
When the ACE sends a probe with an SNMP OID query, the ACE uses the retrieved value as input to the least-loaded algorithm for load-balancing decisions. Least-loaded load balancing bases the server selection on the server with the lowest load value. If the retrieved value is within the configured threshold, the server is marked as passed. If the threshold is exceeded, the server is marked as failed.
You can configure a maximum of eight OID queries to probe the server.
Examples
To configure the OID string .1.3.6.1.4.2021.10.1.3.1 and access probe SNMP OID configuration mode, enter:
host1/Admin(config-probe-snmp)# oid .1.3.6.1.4.2021.10.1.3.1
host1/Admin(config-probe-snmp-oid)#
To remove the OID string, enter:
host1/Admin(config-probe-snmp)# no oid .1.3.6.1.4.2021.10.1.3.1
Related Commands
show probe
(config-probe-snmp-oid) threshold
(config-probe-snmp-oid) type absolute max
(config-probe-snmp-oid) weight
(config-probe-snmp-oid) threshold
To specify the threshold value for an OID, use the threshold command. Use the no form of this command to remove the threshold value.
threshold integer
no threshold integer
Syntax Description
integer |
Threshold value to take the server out of service. When the OID value is based on a percentile, enter an integer from 0 to 100, with a default value of 100. When the OID is based on an absolute value, the threshold range is from 1 to the maximum value specified using the type absolute max command. |
Command Modes
Probe SNMP OID configuration mode
Admin and user contexts
Command History
|
|
A2(1.0) |
This command was introduced. |
|
|
A3(1.0) |
This command was introduced. |
Usage Guidelines
You can configure a threshold for an OID value so that when the threshold is exceeded, the server is taken out of service.
When the ACE sends a probe with an SNMP OID query, the ACE uses the retrieved value as input to the least-loaded algorithm for load-balancing decisions. Least-loaded load balancing bases the server selection on the server with the lowest load value. If the retrieved value is within the configured threshold, the server is marked as passed. If the threshold is exceeded, the server is marked as failed.
By default, the OID value is based on a percentile. If you use the type absolute maximum command to base the OID on an absolute value, the threshold range is from 1 to the maximum value specified with the type absolute maximum command.
Examples
To configure a threshold of 90 for the OID, enter:
host1/Admin(config-probe-snmp-oid)# threshold 90
To remove the threshold from the OID, enter:
host1/Admin(config-probe-snmp-oid)# no threshold
Related Commands
show probe
(config-probe-probe_type) oid
(config-probe-snmp-oid) type absolute max
(config-probe-snmp-oid) weight
(config-probe-snmp-oid) type absolute max
To specify that the retrieved OID value is an absolute value, use the type absolute max command. Use the no form of this command to remove the absolute value.
type absolute max integer
no type
Syntax Description
integer |
Expected OID value. Enter an integer from 1 through 4294967295. |
Command Modes
Probe SNMP OID configuration mode
Admin and user contexts
Command History
|
|
A2(1.0) |
This command was introduced. |
|
|
A3(1.0) |
This command was introduced. |
Usage Guidelines
When the ACE sends a probe with an SNMP OID query, the ACE uses the retrieved value as input to the least-loaded algorithm for load-balancing decisions. By default, the ACE assumes that the retrieved OID value is a percentile value.
Least-loaded load balancing bases the server selection on the server with the lowest load value. If the retrieved value is within the configured threshold, the server is marked as passed. If the threshold is exceeded, the server is marked as failed.
When you configure the type absolute max command, we recommend that you also configure the value for the threshold command because the default threshold value is 100 and is not automatically adjusted with respect to the type absolute max value.
The no type command resets the values of both the type absolute max command and the threshold command to a value of 100.
Examples
To specify that the retrieved maximum OID value is 597, enter:
host1/Admin(config-probe-snmp-oid)# type absolute max 597
To remove the OID value and reset the expected OID to a percentile, enter:
host1/Admin(config-probe-snmp-oid)# no type
Related Commands
show probe
(config-probe-probe_type) oid
(config-probe-snmp-oid) threshold
(config-probe-snmp-oid) weight
(config-probe-snmp-oid) weight
To configure the weight to be assigned to this OID for the SNMP probe, use the weight command. Use the no form of this command to remove the weight.
weight number
no weight
Syntax Description
number |
Weight value assigned to this OID for the SNMP probe. Enter an integer from 0 to 16000. |
Command Modes
Probe SNMP OID configuration mode
Admin and user contexts
Command History
|
|
A2(1.0) |
This command was introduced. |
|
|
A3(1.0) |
This command was introduced. |
Usage Guidelines
If you configure more than one OID and they are used in a load-balancing decision, you must configure a weight value.
When the ACE sends a probe with an SNMP OID query, the ACE uses the retrieved value as input to the least-loaded algorithm for load-balancing decisions. Least-loaded load balancing bases the server selection on the server with the lowest load value. If the retrieved value is within the configured threshold, the server is marked as passed. If the threshold is exceeded, the server is marked as failed.
Examples
To configure a weight of 90 for the OID, enter:
host1/Admin(config-probe-snmp-oid)# weight 90
To remove the threshold from the OID, enter:
host1/Admin(config-probe-snmp-oid)# no weight
Related Commands
show probe
(config-probe-probe_type) oid
(config-probe-snmp-oid) threshold
(config-probe-snmp-oid) type absolute max
Probe VM Configuration Mode Commands
Probe VM configuration mode commands allow you to configure a VM probe that the ACE uses to poll the local VM controller for the load of the local virtual machines (VMs) in a dynamic workload scaling (DWS) configuration. To configure a VM probe and access probe VM configuration mode, use the probe vm command in configuration mode. The CLI prompt changes to (config-probe-vm). For information about the commands in this mode, see the commands in this section. Use the no form of this command to remove the VM probe from the ACE configuration.
probe vm probe_name
no probe vm probe_name
Syntax Description
probe_name |
Unique identifier of the probe that the ACE uses to poll the vCenter for the load of the local VMs. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. |
Command Modes
VM probe configuration mode
Admin and user contexts
Command History
ACE Module/Appliance Release
|
|
A4(2.0) |
This command was introduced. |
Usage Guidelines
All commands in this mode require the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When the ACE sends a VM probe to a VM controller to retrieve the load of the local VMs, the ACE uses the retrieved load value to make a decision about bursting traffic to the remote data center. If the retrieved load equals or exceeds the configured load threshold, the ACE bursts traffic to the remote data center while it continues to load balance traffic to the local data center. When the VM load drops below the configured threshold for CPU and memory usage, the ACE load balances traffic only to the local data center.
The VM probe is not supported with IPv6.
Examples
To configure a VM probe, enter the following command:
host1/Admin(config)# probe vm VM_PROBE
host1/Admin(config-probe-vm)#
To remove the VM probe and all its attributes from the ACE configuration, enter the following command:
host1/Admin(config)# no probe vm
Related Commands
show probe
(config-probe-vm) interval
(config-probe-vm) vm-controller
(config-probe-vm) load
(config-probe-vm) interval
To specify the frequency with which the ACE sends probes to the VM controller, use the interval command. Use the no form of this command to remove the threshold value.
interval value
no interval value
Syntax Description
value |
Specifies the elapsed time between probes. Enter the time interval in seconds as an integer from 300 to 65535. The default is 300 seconds (5 minutes). |
Command Modes
Probe VM configuration mode
Admin and user contexts
Command History
ACE Module/Appliance Release
|
|
A4(2.0) |
This command was introduced. |
Usage Guidelines
This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To configure the ACE to send a probe to the VM controller every 420 seconds (7 minutes), enter the following command:
host1/Admin(config-probe-vm)# interval 420
To reset VM probe interval to the default value of 300 seconds (5 minutes), enter the following command:
host1/Admin(config-probe-vm)# no interval
Related Commands
show probe
(config-probe-vm) vm-controller
(config-probe-vm) load
(config-probe-vm) load
To specify the interesting load of the local VMs, use the load command. You can specify CPU usage, memory usage, or both. Use the no form of this command to remove the load from the configuration.
load {cpu | mem} burst-threshold {max value min value}
no load {cpu | mem} burst-threshold {max value min value}
Syntax Description
load {cpu | mem} |
Specifies the type of load information that the VM controller sends back to the ACE in response to the VM probe. You can specify that the probe poll the VM controller for load information based on CPU usage, memory usage, or both. The default behavior is for the probe to check either the CPU usage or the memory usage against the maximum threshold value. Whichever load type reaches its maximum threshold value first causes the ACE to burst traffic to the remote data center. The VM controller returns the load information of each VM in the local data center to the probe. The ACE ignores any physical servers in the server farm. |
burst-threshold {max value min value} |
Specifies the threshold values that determine when the ACE starts and stops bursting traffic through the local DCI device over the DCI link to the remote data center. Enter a maximum and a minimum threshold value as a load percentage from 1 to 99. The default value is 99 percent for both the max and the min keywords. A maximum burst threshold value of 1 percent instructs the ACE to always burst traffic to the remote data center. A maximum burst threshold value of 99 percent instructs the ACE to always load balance traffic to the local VMs unless the load value is equal to 100 percent or the VMs are not in the OPERATIONAL state. If the average load value returned by the VM controller is greater than or equal to the maximum threshold value, the ACE starts bursting traffic to the remote data center. When the load value returned by the VM controller is less than the minimum threshold value, the ACE stops bursting traffic to the remote data center and load balances traffic to the local VMs. Any active connections to the remote data center are allowed to complete. |
Command Modes
Probe VM configuration mode
Admin and user contexts
Command History
ACE Module/Appliance Release
|
|
A4(2.0) |
This command was introduced. |
Usage Guidelines
This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To instruct the ACE to start bursting traffic to the remote datacenter when the local average VM load exceeds 80 percent CPU usage and to stop bursting traffic when the local average CPU usage drops below 50 percent, enter the following command:
host1/Admin(config-probe-vm)# load cpu burst-threshold max 80 min 50
You can configure an additional load command under the same VM probe to create an OR statement between the CPU usage and the memory usage of the local VMs. Whichever load type reaches its maximum threshold first will cause the ACE to burst traffic to the remote data center. For example, enter the following commands:
host1/Admin(config-probe-vm)# load cpu burst-threshold max 80 min 50
host1/Admin(config-probe-vm)# load mem burst-threshold max 70 min 40
In this case, if the average CPU usage reaches 80 percent or the average memory usage reaches 70 percent, the ACE bursts traffic to the remote data center. The ACE does not stop bursting traffic to the remote data center until both the CPU load and the memory load drop below their respective minimum configured values.
To reset the VM probe behavior to the default of checking the average VM CPU usage and memory usage against the maximum and minimum threshold values of 99 percent each, enter the following command:
host1/Admin(config-probe-vm)# no load cpu burst-threshold max 80 min 50
host1/Admin(config-probe-vm)# no load mem burst-threshold max 70 min 40
Related Commands
show probe
(config-probe-vm) interval
(config-probe-vm) vm-controller
(config-probe-vm) vm-controller
To identify the VM controller for the probe, use the vm-controller command . Use the no form of this command to remove the VM controller name from the VM probe configuration.
vm-controller name
no vm-controller name
Syntax Description
name |
Identifier of the existing VM controller that you previously configured. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. |
Command Modes
Probe VM configuration mode
Admin and user contexts
Command History
ACE Module/Appliance Release
|
|
A4(2.0) |
This command was introduced. |
Usage Guidelines
This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples
To configure the VM controller called VCENTER_1, enter the following command:
host1/Admin(config-probe-vm)# vm-controller VCENTER_1
To remove the VM controller name from the VM probe configuration, enter the following command:
host1/Admin(config-probe-vm)# no vm-controller VCENTER_1
Related Commands
show probe
(config-probe-vm) interval
(config-probe-vm) load