Application health monitors are now a tried and true technology of the Application Delivery Controller, yet traditional monitors require interaction with the application. Inband passive monitors change that requirement and monitor applications transparently.Inband passive monitors finally fuse together intelligence and performance; it's no longer an "or" decision, now it becomes an "and," enabling both application intelligence and performance to co-exist.
F5 White Paper
Inband Passive Monitors-
Maintain Application Performance
and Health
Application health monitors are now a tried and true technology of the Application Delivery Controller, yet traditional monitors require interaction with the application. Inband passive monitors change that requirement and monitor applications transparently.
by Alan Murphy and Ken Salchow Technical MarketingWhite Paper Inband Passive Monitors
Introduction
One of the negative effects of the continued evolution of the load balancer into today's Application Delivery Controller (ADC) is that it is often too easy to forget the basic problem for which these devices where originally created-delivering highly available, scalable, and reliable application services. We get too preoccupied with intelligent application routing, virtualized application services, and shared infrastructure deployments to remember that none of these things are possible without a firm foundation of basic load balancing technology. For example, it is necessary to have a solid base in load balancing to monitor the health of the application servers and to identify and locate when and where there is a problem. Application health monitoring, or the ability to verify that back-end systems are operational before traffic is routed to those systems, is a basic yet critical tenant of load balancing and more sophisticated ADCs. If the ADC is unaware of when an application is malfunctioning or unavailable, its ability to route traffic to the best possible destination becomes impaired.
Like almost all aspects of Application Delivery Networking, health monitoring has been plagued by intelligence versus performance issues since day one, although incorrectly so-monitoring the status and availability of an application by the ADC shouldn't impact the performance of either the application or the ADC.
Application Health Monitoring
An Historical View
The original health monitor for back-end applications, still used by many products, is a simple network test-an ICMP ping of the server hosting the application. While this can certainly communicate that the application server is receiving network traffic-the absence of which is a definite sign that the application or the network is unavailable-it doesn't reveal anything about the actual application state of that server. A successful ping response denotes an answer from a particular IP address, but not what is running on that address, how well it is running (if the application is working correctly), or if there is an application handing traffic. For example, Microsoft Windows NT Server is notorious for responding to a ping even though the system itself has "blue screened" and no real application is running or capable of processing those network packets. Ping, along with other network testing tools, is a useful tool for checking the network and verifying something is on the receiving end, but not much beyond that. 22White Paper Inband Passive Monitors
The next iteration of the health monitor is the migration from an IP-based (layer 3) health monitor to a TCP (layer 4) health monitor. Instead of relying on lower layer responses, these health checks attempt to interact with the TCP port (by completing a full TCP handshake) associated with the application to verify that a connection can be made, signifying that an application is running and available for users. A typical example of this is an attempt to attach to TCP port 80 of a web server. A successful connection to the appropriate port is a far better indicator than a simple network ping that an application is actually listening to the port on the server. While this instills confidence that the application is answering, available, and able to validate and differentiate multiple application requests on a single server, a positive response is still not a definitive indication that the application is capable of handling user traffic. A successful TCP handshake to a web server doesn't reveal if the web server is actually returning HTTP content, for example, only that something is listening and answering on port 80.
The last major iteration of health monitoring is the application health monitor-a monitor that is capable of interacting with and interpreting responses from the application itself. These monitors do more than just connect to the application port and complete a handshake: they interact with ... [download for more]
