While this blog might be still interesting to read, I consider the script shown below to be OBSOLETE in favor of the new script blogged here.
In my last post I have been outlining an alternative approach to load-balance TFTP services using NetScaler’s Direct Server Return method. However, a still missing piece is a protocol-level monitor that does not only show that a tftp daemon is listening on port 69 but also can deliver a certain file verified by checking its string contents.
In a good first approach is to use a udp-ecv monitor because it gives you notice of the tftp service not being available. However, it still would not be able to detect if a certain file exists.
The Citrix solution to this is to employ a user space monitor for this. The framework for this is to provide a perl script that follows the user monitor API, i. e., it contains a function that is registered with nsumond, the NetScaler user monitor daemon a process living in FreeBSD country that is contacted by the NetScaler via TCP/IP.
While the perl library has a nice TFTP implementation, the NS does not include it. Thus, I have decided to implement TFTP just because it so trivial (the FTP ) and because I did not want to have the dependency of installing something on the NS. It works by sending a custom created UDP packet to the TFTP server that constitutes a TFTP request for a specific file. If the server has the file, it answers with a UDP packet containing the beginning of the file. This content is checked against a user-provided string. If it matches, the monitor goes green, if it doesn’t or the server doesn’t answer, it goes red. The rest of the protocol is ignored.
Usage is quite simple.
- Download an unpack the attached script.
- In the root of your TFTP server create a short file monitor.txt containing a custom string, e. g. COOKIE.
- Create a user-space monitor uploading the script below. In script arguments, specify the name of the file and the content to be looked for, like file=monitor.txt;content=COOKIE
- If the service uses port *, set the monitor’s destination port to 69.
- Bind the monitor to the respective service.
That’s all. Don’t forget that there’s NO WARRANTY WHATSOEVER. (Tested on 22.214.171.124)
While dusting off the two-year-old code, I have found lots of room for improvement. One is that your TFTP server might create a warning for each run of the monitor, because it does not close the connection properly. If I find time, I’ll redo this in a much nicer way without the downsides.
Only three things would be more cooler: If NetScaler would be packaged with perl’s TFTP library. Also, it would be nice if the packaged cURL would be compiled with TFTP support or if it would have a kernel-level TFTP monitor implementation.
Well it’s christmas. No better time to wish for something. But the message should be: No limits with NetScaler even if – in rare cases – there is no simple check-box to make something work. This product is UNSTOPPABLE.