Versions Compared

Old Version 2

changes.mady.by.user Aliaksei Shautsou

Saved on

compared with

New Version 3

changes.mady.by.user Aliaksei Shautsou

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab, and then click Manage Health Monitors in the Toolbar.
  2. In the Health Monitors Manager, click the arrow next to the Add icon and select PDP Health Monitor.
  3. In the PDP Health Monitor Wizard, complete the following:
    • Name: Enter a name for the PDP health monitor.
    • Interval (seconds): Enter the interval value in seconds. The health monitor runs only for the specified interval and it is measured from the end of the previous monitor cycle. The default value is five.
    • Timeout (seconds): Enter the timeout value in seconds. The monitor waits for the number of seconds that you specify after sending a response. If it does not receive a response within the number of seconds that you specify, then the appliance considers this check as failed. The monitor discards any response it receives after the timeout. The default value is 15.

    • Retry Up Count: Enter a retry up count. When you specify a value, the appliance checks whether the server is up based on the following:

      . For example, if you specify the interval as five seconds and the retry up count as 10 seconds, then the appliance tries to connect to the server every five seconds for a period of 50 seconds. If the server is down initially, the appliance tries to connect to the server for 50 seconds in sequence. When the connection is successful, the PDP monitor considers the server to be up. If the server is unavailable for an entire period of 50 seconds, the appliance considers this connection as a failure.

    • Retry Down Count: Enter a retry down count. The PDP monitor considers the server unavailable only if the server is unavailable during the period:

      interval*retry down count

      . For example, if you specify the interval as five seconds and the retry down count as 10 seconds, then the appliance checks if the server is unavailable for 50 seconds in sequence. If the server is unavailable for an entire period of 50 seconds, the appliance considers the server to be down.

    • Port: Specify a port for PDP connection. The appliance displays 2123by default. You can specify a value between zero and 65535.
    • Comment: Enter information about the PDP health monitor.

4. Click Next to add extensible attributes. For information, see Using Extensible Attributes.To schedule the change, click Next or Schedule for Later. In the Schedule Change panel, select Now to immediately execute this task. Or select Later to schedule this task, and then specify a date, time, and time zone.

5. Save the configuration.

Anchor
Configuring SIP Health Monitors
Configuring SIP Health Monitors
Anchor
bookmark2109
bookmark2109
Configuring SIP Health Monitors

A SIP monitor sends a standard SIP OPTIONS

request to the server. You cannot modify this request. The monitor accepts only direct responses from the server and does not open alternate connections. The SIP monitor determines the health of the SIP server such as SIP proxies and session border controllers, and SIP gateways by issuing SIP OPTIONS

to the server and examining the response provided by the server. The service is considered available if the response received from the server matches the expected response.
The SIP monitor does not support SCTP transport. It does not receive SIP connections. Responses are normally received over the same connection as the request was sent. The server does not attempt to open a new connection to send the response when it encounters an error message.

  1. From the Data Management tab, select the DNS tab -> Traffic Control tab, and then click Manage Health Monitors in the Toolbar.
  2. In the Health Monitors Manager, click the arrow next to the Add icon and select SIP Health Monitor.
  3. In the SIP Health Monitor Wizard, complete the following:
    • Name: Enter a name for the SIP health monitor.
    • Interval (seconds): Enter the interval value in seconds. The health monitor runs only for the specified interval and it is measured from the end of the previous monitor cycle. The default value is five.
    • Timeout (seconds): Enter the timeout value in seconds. The monitor waits for the number of seconds that you specify after sending a response. If it does not receive a response within the number of seconds that you specify, then the appliance considers this check as failed. The monitor discards any response it receives after the timeout. The default value is 15.

    • Retry Up Count: Enter a retry up count. When you specify a value, the appliance checks whether the server is up based on the following:

      interval*retry up count

      . For example, if you specify the interval as five seconds and the retry up count as 10 seconds, then the appliance tries to connect to the server every five seconds for a period of 50 seconds. If the server is down initially, the appliance tries to connect to the server for 50 seconds in sequence. When the connection is successful, the SIP monitor considers the server to be up. If the server is unavailable for an entire period of 50 seconds, the appliance considers this connection as a failure.

    • Retry Down Count: Enter a retry down count. The SIP monitor considers the server unavailable only if the server is unavailable during the period:

      interval*retry down count

      . For example, if you specify the interval as five seconds and the retry down count as 10 seconds, then the appliance checks if the server is unavailable for 50 seconds in sequence. If the server is unavailable for an entire period of 50 seconds, the appliance considers the server to be down.

    • Comment: Enter information about the SIP health monitor.
  4. Click Next and complete the following:
    • Expected Return Code: The response code expected from the server. Select a value from the drop-down list: any, equals, and does not equals. When you select equals or does not equals, the appliance displays 200 by default. You can specify a value between zero and 999.
    • Port: Specify a port for SIP connection. The appliance displays 5060 for TCP and UDP transport by default. When you select SIPS and TLS transport options, the appliance displays 5061 by default. You can specify a value between zero and 65535.
    • Transport: Select a transport option from the drop-down list: SIPS, TCP, TLS, and UDP. If you select SIPS or TLS, specify any of the following related options that become available:

...

      • Client Certificate: Click Certificate to select a client certificate. Select a certificate from the dialog box. Click Clear to delete the certificate that you have uploaded. The monitor does not inspect or validate the server certificate, if any. For information about how to upload certificates, see Managing Health Monitor Certificates.
      • Ciphers: Specify a list of SSL ciphers in an OpenSSL format. You can specify text up to 1024

...

      • character.

The following example commands list some available ciphers:

Example 1: $ openssl ciphers 'HIGH:!DES'
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:
DHE-DSS-CAMELLIA256-SHA:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:AES256-SHA: CAMELLIA256-SHA:PSK-AES256-CBC-SHA:EDH-RSA-DES-CBC3-SHA:
EDH-DSS-DES-CBC3-SHA:ADH-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:
PSK-3DES-EDE-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-DES-CBC3-MD5:DHE-RSA-AES128-SHA: DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:
ADH-AES128-SHA:ADH-CAMELLIA128-SHA:AES128-SHA:CAMELLIA128-SHA: PSK-AES128-CBC-SHA
Example 2:
$ openssl ciphers 'DEFAULT:!EDH+aRSA'
DHE-DSS-AES256-SHA:DHE-DSS-CAMELLIA256-SHA:AES256-SHA:CAMELLIA256-SHA:
PSK-AES256-CBC-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA: KRB5-DES-CBC3-SHA:KRB5-DES-CBC3-MD5:DHE-DSS-AES128-SHA:DHE-DSS-SEED-SHA: DHE-DSS-CAMELLIA128-SHA:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:
PSK-AES128-CBC-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5: EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:KRB5-DES-CBC-SHA:KRB5-DES-CBC-MD5:
EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-KRB5-RC2-CBC-SHA: EXP-KRB5-DES-CBC-SHA:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-RC4-MD5: EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5
Note: The DHE cipher list family ("Diffie-Hellman key agreement" plus "RSA authentication

"Example 2:

...

Note: The DHE cipher list family ("Diffie-Hellman key agreement" plus "RSA authentication") could consume excessive CPU and is excluded from the defaults used by DNS Traffic Control health monitors. Although you can enable these ciphers by explicitly configuring them in the cipher list for HTTPS and SIP monitors, you should be aware that doing so will increase CPU usage. Since health monitoring in general does not require high security, Infoblox recommends that you enable these ciphers only for target servers that do not accept other types of ciphers.

...

    • Enable Certificate Validation: It is highly recommended to select this for the DTC server certificate to be validated by NIOS.

5. Click Next to add extensible attributes. For information, see Using Extensible Attributes.

6. To schedule the change, click Next or Schedule for Later. In the Schedule Change panel, select Now to immediately execute this task. Or select Later to schedule this task, and then specify a date, time, and time zone.

7. Save the configuration.

Anchor
Configuring SNMP Health Monitors
Configuring SNMP Health Monitors
Anchor
bookmark2110
bookmark2110
Configuring SNMP Health Monitors

...

Click Schedule Deletion and in the Schedule Change panel, enter a date, time, and time zone to schedule deletion at a later date and time. For more information, see Scheduling Deletions .


NIOS 8.1NIOS Administrator Guide (Rev. A) 1061
Managing DNS Traffic Control