Hi Community,

We are on ISAM 9.0.7

I have a junction set as follow:

junction_point: "/abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
transparent_path_junction: "yes"
junction_settings: "['ping-uri','/abc/ui']"

Without the last setting ISAM was seeing the backend as not responding. We realized that for the HEAD calls to work, they need to be sent to "service_abc.com/abc/ui", not to "service_abc.com"

This last junction setting sets the following in the proxy config file:

[junction:/abc]
ping-uri = /abc/ui

And everything works well.

--

Now we have a very similar Virtual Host junction, which is set as follow (same backend, same port):

junction_junction_point: "vh-abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
junction_virtual_hostname: "abc.other_url.ca.net"
junction_settings: "['ping-uri','/abc/ui']"

This last junction setting sets the following in the proxy config file:

[junction:@vh-abc]
ping-uri = /abc/ui

But this does not work. The service is still flagged as Not Responding.

I also tried:

[junction:vh-abc]
ping-uri = /abc/ui

But that did not work either.

Is there any reason why setting the ping-uri would not work for a VH junction?
Am I missing something?

Thanks,
Louis


------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------

Hello Louis,

For Virtual Host Junctions the 'label' used in per-junction stanzas is the VHJ label without the '@' character:

[junction:vh-abc]
ping-uri = /abc/ui

So that is the correct syntax as per the documentation:

https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/wrp_stza_ref/reference/ref_ping_uri.html

You can quickly troubleshoot any issues using the 'pdweb.debug' tracing at level '9' and tuning down the global 'ping-time' parameter to see the pings happen as expected.

Remember that for it to be a success by default the response must contain a '200' response code.

It's also not explicitly specified that the VHJ version of 'ping-uri' is not supported:
https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/wrp_config/concept/con_stz_entr_ignore_vir_host_jct.html

I tested this in my environment and it for sure worked as expected.

------------------------------
JACK YARBOROUGH
------------------------------

Original Message:
Sent: Thu February 20, 2020 02:36 PM
From: Louis Beaudry
Subject: Junction Specific settings for VH junction

Hi Community,

We are on ISAM 9.0.7

I have a junction set as follow:

junction_point: "/abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
transparent_path_junction: "yes"
junction_settings: "['ping-uri','/abc/ui']"

Without the last setting ISAM was seeing the backend as not responding. We realized that for the HEAD calls to work, they need to be sent to "service_abc.com/abc/ui", not to "service_abc.com"

This last junction setting sets the following in the proxy config file:

[junction:/abc]
ping-uri = /abc/ui

And everything works well.

--

Now we have a very similar Virtual Host junction, which is set as follow (same backend, same port):

junction_junction_point: "vh-abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
junction_virtual_hostname: "abc.other_url.ca.net"
junction_settings: "['ping-uri','/abc/ui']"

This last junction setting sets the following in the proxy config file:

[junction:@vh-abc]
ping-uri = /abc/ui

But this does not work. The service is still flagged as Not Responding.

I also tried:

[junction:vh-abc]
ping-uri = /abc/ui

But that did not work either.

Is there any reason why setting the ping-uri would not work for a VH junction?
Am I missing something?

Thanks,
Louis


------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------

Hi Jack

Thanks for the quick response!

I have just retested the ping-uri setting without the "@" character (and also lowered the ping-time to 15 seconds).

But I still do not see any HTTP HEAD calls to "service_abc.com" in de pdweb.debug file. I see the HEAD calls for all the other junctions that work, but no trace of service_abc.com. If it was because the HTTP reponse code was other than 200, I would expect to see the trace of that call. But nothing. Its like ISAM doesn't even try to ping the backend.

Louis



------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------

Original Message:
Sent: Thu February 20, 2020 02:57 PM
From: JACK YARBOROUGH
Subject: Junction Specific settings for VH junction

Hello Louis,

For Virtual Host Junctions the 'label' used in per-junction stanzas is the VHJ label without the '@' character:

[junction:vh-abc]
ping-uri = /abc/ui

So that is the correct syntax as per the documentation:

https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/wrp_stza_ref/reference/ref_ping_uri.html

You can quickly troubleshoot any issues using the 'pdweb.debug' tracing at level '9' and tuning down the global 'ping-time' parameter to see the pings happen as expected.

Remember that for it to be a success by default the response must contain a '200' response code.

It's also not explicitly specified that the VHJ version of 'ping-uri' is not supported:
https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/wrp_config/concept/con_stz_entr_ignore_vir_host_jct.html

I tested this in my environment and it for sure worked as expected.

------------------------------
JACK YARBOROUGH

Original Message:
Sent: Thu February 20, 2020 02:36 PM
From: Louis Beaudry
Subject: Junction Specific settings for VH junction

Hi Community,

We are on ISAM 9.0.7

I have a junction set as follow:

junction_point: "/abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
transparent_path_junction: "yes"
junction_settings: "['ping-uri','/abc/ui']"

Without the last setting ISAM was seeing the backend as not responding. We realized that for the HEAD calls to work, they need to be sent to "service_abc.com/abc/ui", not to "service_abc.com"

This last junction setting sets the following in the proxy config file:

[junction:/abc]
ping-uri = /abc/ui

And everything works well.

--

Now we have a very similar Virtual Host junction, which is set as follow (same backend, same port):

junction_junction_point: "vh-abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
junction_virtual_hostname: "abc.other_url.ca.net"
junction_settings: "['ping-uri','/abc/ui']"

This last junction setting sets the following in the proxy config file:

[junction:@vh-abc]
ping-uri = /abc/ui

But this does not work. The service is still flagged as Not Responding.

I also tried:

[junction:vh-abc]
ping-uri = /abc/ui

But that did not work either.

Is there any reason why setting the ping-uri would not work for a VH junction?
Am I missing something?

Thanks,
Louis


------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------

as a complement.

When I activate the pdweb.debug traces. For the regular junction for which the ping-uri setting works, I indeed see the following:

2020-02-20-14:07:22.026-05:00I----- thread(50) trace.pdweb.debug:2 /build/isam/src/i4w/pdweb/webseald/ras/trace/debug_log.cpp:231: ----------------- PD ===> BackEnd -----------------
Thread 50; fd 342; local 1.2.3.4:20828; remote 5.6.7.8:443
HEAD /abc/ui HTTP/1.1
host: service_abc.com
iv_server_name: uat_xxx-webseald-xxxx

But for the VH junction for which the ping-uri does not work, I see nothing. Not even a HEAD call that would fail or not get a response.

------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------

Original Message:
Sent: Thu February 20, 2020 02:36 PM
From: Louis Beaudry
Subject: Junction Specific settings for VH junction

Hi Community,

We are on ISAM 9.0.7

I have a junction set as follow:

junction_point: "/abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
transparent_path_junction: "yes"
junction_settings: "['ping-uri','/abc/ui']"

Without the last setting ISAM was seeing the backend as not responding. We realized that for the HEAD calls to work, they need to be sent to "service_abc.com/abc/ui", not to "service_abc.com"

This last junction setting sets the following in the proxy config file:

[junction:/abc]
ping-uri = /abc/ui

And everything works well.

--

Now we have a very similar Virtual Host junction, which is set as follow (same backend, same port):

junction_junction_point: "vh-abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
junction_virtual_hostname: "abc.other_url.ca.net"
junction_settings: "['ping-uri','/abc/ui']"

This last junction setting sets the following in the proxy config file:

[junction:@vh-abc]
ping-uri = /abc/ui

But this does not work. The service is still flagged as Not Responding.

I also tried:

[junction:vh-abc]
ping-uri = /abc/ui

But that did not work either.

Is there any reason why setting the ping-uri would not work for a VH junction?
Am I missing something?

Thanks,
Louis


------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------

Hello Louis,

You should be looking for 'abc.other_url.ca.net' as that is the value of the 'host' header.

------------------------------
JACK YARBOROUGH
------------------------------

Original Message:
Sent: Thu February 20, 2020 02:56 PM
From: Louis Beaudry
Subject: Junction Specific settings for VH junction

as a complement.

When I activate the pdweb.debug traces. For the regular junction for which the ping-uri setting works, I indeed see the following:

2020-02-20-14:07:22.026-05:00I----- thread(50) trace.pdweb.debug:2 /build/isam/src/i4w/pdweb/webseald/ras/trace/debug_log.cpp:231: ----------------- PD ===> BackEnd -----------------
Thread 50; fd 342; local 1.2.3.4:20828; remote 5.6.7.8:443
HEAD /abc/ui HTTP/1.1
host: service_abc.com
iv_server_name: uat_xxx-webseald-xxxx

But for the VH junction for which the ping-uri does not work, I see nothing. Not even a HEAD call that would fail or not get a response.

------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation

Original Message:
Sent: Thu February 20, 2020 02:36 PM
From: Louis Beaudry
Subject: Junction Specific settings for VH junction

Hi Community,

We are on ISAM 9.0.7

I have a junction set as follow:

junction_point: "/abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
transparent_path_junction: "yes"
junction_settings: "['ping-uri','/abc/ui']"

Without the last setting ISAM was seeing the backend as not responding. We realized that for the HEAD calls to work, they need to be sent to "service_abc.com/abc/ui", not to "service_abc.com"

This last junction setting sets the following in the proxy config file:

[junction:/abc]
ping-uri = /abc/ui

And everything works well.

--

Now we have a very similar Virtual Host junction, which is set as follow (same backend, same port):

junction_junction_point: "vh-abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
junction_virtual_hostname: "abc.other_url.ca.net"
junction_settings: "['ping-uri','/abc/ui']"

This last junction setting sets the following in the proxy config file:

[junction:@vh-abc]
ping-uri = /abc/ui

But this does not work. The service is still flagged as Not Responding.

I also tried:

[junction:vh-abc]
ping-uri = /abc/ui

But that did not work either.

Is there any reason why setting the ping-uri would not work for a VH junction?
Am I missing something?

Thanks,
Louis


------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------

Hi,

The target backend server is "service_abc.com".

"abc.other_url.ca.net" is the Virtual Host. ISAM should ping the targeted backend server to test its availability, right?

In any case I see no trace of "abc.other_url.ca.net" either in the pdweb.debug logs.

Regards
Louis

------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------

Original Message:
Sent: Thu February 20, 2020 04:01 PM
From: JACK YARBOROUGH
Subject: Junction Specific settings for VH junction

Hello Louis,

You should be looking for 'abc.other_url.ca.net' as that is the value of the 'host' header.

------------------------------
JACK YARBOROUGH

Original Message:
Sent: Thu February 20, 2020 02:56 PM
From: Louis Beaudry
Subject: Junction Specific settings for VH junction

as a complement.

When I activate the pdweb.debug traces. For the regular junction for which the ping-uri setting works, I indeed see the following:

2020-02-20-14:07:22.026-05:00I----- thread(50) trace.pdweb.debug:2 /build/isam/src/i4w/pdweb/webseald/ras/trace/debug_log.cpp:231: ----------------- PD ===> BackEnd -----------------
Thread 50; fd 342; local 1.2.3.4:20828; remote 5.6.7.8:443
HEAD /abc/ui HTTP/1.1
host: service_abc.com
iv_server_name: uat_xxx-webseald-xxxx

But for the VH junction for which the ping-uri does not work, I see nothing. Not even a HEAD call that would fail or not get a response.

------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation

Original Message:
Sent: Thu February 20, 2020 02:36 PM
From: Louis Beaudry
Subject: Junction Specific settings for VH junction

Hi Community,

We are on ISAM 9.0.7

I have a junction set as follow:

junction_point: "/abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
transparent_path_junction: "yes"
junction_settings: "['ping-uri','/abc/ui']"

Without the last setting ISAM was seeing the backend as not responding. We realized that for the HEAD calls to work, they need to be sent to "service_abc.com/abc/ui", not to "service_abc.com"

This last junction setting sets the following in the proxy config file:

[junction:/abc]
ping-uri = /abc/ui

And everything works well.

--

Now we have a very similar Virtual Host junction, which is set as follow (same backend, same port):

junction_junction_point: "vh-abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
junction_virtual_hostname: "abc.other_url.ca.net"
junction_settings: "['ping-uri','/abc/ui']"

This last junction setting sets the following in the proxy config file:

[junction:@vh-abc]
ping-uri = /abc/ui

But this does not work. The service is still flagged as Not Responding.

I also tried:

[junction:vh-abc]
ping-uri = /abc/ui

But that did not work either.

Is there any reason why setting the ping-uri would not work for a VH junction?
Am I missing something?

Thanks,
Louis


------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------

Hello Louis,

You are correct that the Server that will be pinged is 'service_abc.com' but for a virtual host junction the "host" header used is the value of the 'junction_virtual_hostname'.

Technically you're not supposed to have two junctions going to the same backend host and port.
Try to remove your standard junction and confirm whether the VHJ works as expected.

If you have further issues, please open a support case.

I know that this is not inherently broken so it's something about your setup.

------------------------------
JACK YARBOROUGH
------------------------------

Original Message:
Sent: Thu February 20, 2020 04:14 PM
From: Louis Beaudry
Subject: Junction Specific settings for VH junction

Hi,

The target backend server is "service_abc.com".

"abc.other_url.ca.net" is the Virtual Host. ISAM should ping the targeted backend server to test its availability, right?

In any case I see no trace of "abc.other_url.ca.net" either in the pdweb.debug logs.

Regards
Louis

------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation

Original Message:
Sent: Thu February 20, 2020 04:01 PM
From: JACK YARBOROUGH
Subject: Junction Specific settings for VH junction

Hello Louis,

You should be looking for 'abc.other_url.ca.net' as that is the value of the 'host' header.

------------------------------
JACK YARBOROUGH

Original Message:
Sent: Thu February 20, 2020 02:56 PM
From: Louis Beaudry
Subject: Junction Specific settings for VH junction

as a complement.

When I activate the pdweb.debug traces. For the regular junction for which the ping-uri setting works, I indeed see the following:

2020-02-20-14:07:22.026-05:00I----- thread(50) trace.pdweb.debug:2 /build/isam/src/i4w/pdweb/webseald/ras/trace/debug_log.cpp:231: ----------------- PD ===> BackEnd -----------------
Thread 50; fd 342; local 1.2.3.4:20828; remote 5.6.7.8:443
HEAD /abc/ui HTTP/1.1
host: service_abc.com
iv_server_name: uat_xxx-webseald-xxxx

But for the VH junction for which the ping-uri does not work, I see nothing. Not even a HEAD call that would fail or not get a response.

------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation

Original Message:
Sent: Thu February 20, 2020 02:36 PM
From: Louis Beaudry
Subject: Junction Specific settings for VH junction

Hi Community,

We are on ISAM 9.0.7

I have a junction set as follow:

junction_point: "/abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
transparent_path_junction: "yes"
junction_settings: "['ping-uri','/abc/ui']"

Without the last setting ISAM was seeing the backend as not responding. We realized that for the HEAD calls to work, they need to be sent to "service_abc.com/abc/ui", not to "service_abc.com"

This last junction setting sets the following in the proxy config file:

[junction:/abc]
ping-uri = /abc/ui

And everything works well.

--

Now we have a very similar Virtual Host junction, which is set as follow (same backend, same port):

junction_junction_point: "vh-abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
junction_virtual_hostname: "abc.other_url.ca.net"
junction_settings: "['ping-uri','/abc/ui']"

This last junction setting sets the following in the proxy config file:

[junction:@vh-abc]
ping-uri = /abc/ui

But this does not work. The service is still flagged as Not Responding.

I also tried:

[junction:vh-abc]
ping-uri = /abc/ui

But that did not work either.

Is there any reason why setting the ping-uri would not work for a VH junction?
Am I missing something?

Thanks,
Louis


------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------

Hi Jack,

 

The two junctions are on 2 separated proxies (actually they are on separated appliances all together).

 

With your confirmation that this should be working, I will completely revise my settings once more and, if I find nothing, I will open a support case.

 

Thanks for your help & your input.

Regards,

Louis

------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------

Original Message:
Sent: Thu February 20, 2020 04:54 PM
From: JACK YARBOROUGH
Subject: Junction Specific settings for VH junction

Hello Louis,

You are correct that the Server that will be pinged is 'service_abc.com' but for a virtual host junction the "host" header used is the value of the 'junction_virtual_hostname'.

Technically you're not supposed to have two junctions going to the same backend host and port.
Try to remove your standard junction and confirm whether the VHJ works as expected.

If you have further issues, please open a support case.

I know that this is not inherently broken so it's something about your setup.

------------------------------
JACK YARBOROUGH

Original Message:
Sent: Thu February 20, 2020 04:14 PM
From: Louis Beaudry
Subject: Junction Specific settings for VH junction

Hi,

The target backend server is "service_abc.com".

"abc.other_url.ca.net" is the Virtual Host. ISAM should ping the targeted backend server to test its availability, right?

In any case I see no trace of "abc.other_url.ca.net" either in the pdweb.debug logs.

Regards
Louis

------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation

Original Message:
Sent: Thu February 20, 2020 04:01 PM
From: JACK YARBOROUGH
Subject: Junction Specific settings for VH junction

Hello Louis,

You should be looking for 'abc.other_url.ca.net' as that is the value of the 'host' header.

------------------------------
JACK YARBOROUGH

Original Message:
Sent: Thu February 20, 2020 02:56 PM
From: Louis Beaudry
Subject: Junction Specific settings for VH junction

as a complement.

When I activate the pdweb.debug traces. For the regular junction for which the ping-uri setting works, I indeed see the following:

2020-02-20-14:07:22.026-05:00I----- thread(50) trace.pdweb.debug:2 /build/isam/src/i4w/pdweb/webseald/ras/trace/debug_log.cpp:231: ----------------- PD ===> BackEnd -----------------
Thread 50; fd 342; local 1.2.3.4:20828; remote 5.6.7.8:443
HEAD /abc/ui HTTP/1.1
host: service_abc.com
iv_server_name: uat_xxx-webseald-xxxx

But for the VH junction for which the ping-uri does not work, I see nothing. Not even a HEAD call that would fail or not get a response.

------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation

Original Message:
Sent: Thu February 20, 2020 02:36 PM
From: Louis Beaudry
Subject: Junction Specific settings for VH junction

Hi Community,

We are on ISAM 9.0.7

I have a junction set as follow:

junction_point: "/abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
transparent_path_junction: "yes"
junction_settings: "['ping-uri','/abc/ui']"

Without the last setting ISAM was seeing the backend as not responding. We realized that for the HEAD calls to work, they need to be sent to "service_abc.com/abc/ui", not to "service_abc.com"

This last junction setting sets the following in the proxy config file:

[junction:/abc]
ping-uri = /abc/ui

And everything works well.

--

Now we have a very similar Virtual Host junction, which is set as follow (same backend, same port):

junction_junction_point: "vh-abc"
junction_type: "ssl"
junction_server_hostname: "service_abc.com"
junction_server_port: 443
junction_virtual_hostname: "abc.other_url.ca.net"
junction_settings: "['ping-uri','/abc/ui']"

This last junction setting sets the following in the proxy config file:

[junction:@vh-abc]
ping-uri = /abc/ui

But this does not work. The service is still flagged as Not Responding.

I also tried:

[junction:vh-abc]
ping-uri = /abc/ui

But that did not work either.

Is there any reason why setting the ping-uri would not work for a VH junction?
Am I missing something?

Thanks,
Louis


------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------