Forum Discussion
andrew_C1
Nimbostratus
NimbostratusBest way to set a pool member as Disable from Irule
Hi all,
I have a requirement that needs pool members to be disabled when a certain number of concurrent sessions has been reached to stop new sessions going to the member ( memory locking errors in the app occur above certain user counts and they would rather hard deny users then bring everything down).
I have written an irule that does all this tracking and management but what i cant figure out is a simple good way to disable nodes. This irule will be applied to many pools and 100 odd nodes so it cant be hard coded.
Right now in my dev environment i am lopping over pool members and if any are over threshold using LB:DOWN on that pool member. After looping i then forcing a LB::select, this works because i am relying on a health monitor up delay to keep all the members i just marked as down, down. Thus this logic gets repeated for every new session, and i have nodes constantly going up and down.
i would much rather mark them as disable and bring them back to active if the session count drop below threshold then what i am doing now but i cant figure out at good way. i cant see how you would do it with icall as all the example i see have hardcoded triggers.
So what will work best? i assume some kind of sideband connection? also running 11.6 HF5
All advice and ideas welcome!
cheers
IanBEmployee
Can you not achieve this by placing a connection limit on each pool member (local traffic / pools / [pool] / members / [member] / Connection Limit ) ?
andrew_C1Hi,
number of TCP connections is not a good measure of number of user sessions for this web app when I look at the conn table for these vips a single user has anywhere from 1 to 10 tcp connections for one session depending on task/function. This is all sap web frontend stuff.
- andrew_C1
based off this post https://devcentral.f5.com/questions/how-to-run-a-bash-script-in-irule-with-a-parameter-to-that-bash-script-
i have used a sideband connection with a PUT to icontrol to set the member as user-disabled. The only issue is that i have to use a data group to translate from member ip:port ( what i rules use) to member name (what i control).
Anyone know a better way then a data group to do this?
the magic line for the put looks like:
`set req "PUT /mgmt/tm/ltm/pool/~[lindex $test end-1]~[lindex $test end]/members/~[lindex $test end-1]~$member:$port HTTP/1.1\r\nHost: localhost\r\nAuthorization: Basic BASE64GOESHERE\r\nContent-Type:application/json\r\nContent-Length: 27\r\n\r\n{\"session\":\"user-disabled\"}"`