Forum Discussion

Bob_10976's avatar
Bob_10976
Icon for Nimbostratus rankNimbostratus
Mar 14, 2014

Block traffic to node during specific time period

Hello all. I have a situation where we need to recycle our AppPools for two servers, that are in the same LTM Pool, during two different times, so I need to create an irule that will block traffic to each specific node for a time period of about 30 minutes.

 

So for example Web1's AppPool will recycle at 2am and Web2's AppPool will recycle at 3am. I need to be able to keep traffic from getting to those servers during that specific time period, and both Web Servers. I've seen a few examples on setting up maintenance windows based on time, but didn't notice anything that addressed stopping traffic to just one node within specific pool.

 

Any suggestion or if anyone can point me in the right direction I'd appreciate it.

 

Just a side note, we can't set a different time within IIS for the AppPool recycles because the AppPools settings are being replicated and the replication software doesn't allow that granularity of changing those settings. Plus I want to make sure I'm reducing the load on the server that the AppPool is being recycled on during that period.

 

I'm running 10.2.4 with HF5 on LTM 3400

 

Thanks, Bob

 

  • Are you sure that a server-based solution wouldn't be best here? Set up your monitor so that it fails during the recycle so that it all gets controlled from the server.

     

  • Hi, Please see if below link could provide some help for writing time-based irule:

     

    link text in the above link use node iso Pool

     

    Alternative approach's (without iRule), which might work:

     

    • use the Priority Group Activation & prefer the nodes (not under maintenance) with high priority group or
    • To use the Slow Ramp Time option on Pool only if the node is down atleast once during maintenance window,..

    SlowRampTime = maintenance window + buffer time say 5 minutes to let server give some time before taking load..

     

    So the trick here is when the node goes down first during maintenance, it will send traffic after Slow Ramp Time option only..

     

    KRgds,Hari

     

  • Here is an idea to get you started which used your link above as a starting point. It assumes that you only have 2 pool members so that during each maintenance period there is only one valid pool member

     

    when CLIENT_ACCEPTED {
    
        Set list of start and end times of each maintenance period
       set lmaint {{0200 0230} {0300 0330}}
        Set list of valid pool member for each maint period
       set lmember {"1.1.1.1" "2.2.2.2"}
        Set current date
       set today [clock format $systemTime -format %D]
        Get the current time in seconds since the Unix epoch of 0-0-1970
       set now [clock seconds]
    
        Cycle through each maintenance period,  checking current time
       foreach maint $lmaint member $lmember {
           Convert start/end times to seconds from the epoch for easier date comparisons
          set start [clock scan "$today [lindex $maint 0]" -format "%D %H%M"]
          set end [clock scan "$today [lindex $maint 1]" -format "%D %H%M"]
    
           Check if the current time is between the start and end times
          if {$now > $start && $now < $end}{
             pool [LB::server pool] member $member 80
          }
       }
        Default action is to use the virtual server default pool
    }
    

     

  • IheartF5 - Thanks a ton for your help thus far! We modified the code slightly as is shown below. However we aren't yet getting the proper result. Can you explain what the expected behavior of this command should be?

    pool [LB::server pool] member $member 80

    Thanks again!

    Set list of start and end times of each maintenance period set lmaint {{1340 1343} {0300 0330}}

    Set list of valid pool member for each maint period set lmember {"1.1.1.1" "2.2.2.2"}

    set systemTime [clock seconds]

    Set current date set today [clock format $systemTime -format %D%H%M]

    Get the current time in seconds since the Unix epoch of 0-0-1970 set now [clock format $systemTime -format %H%M]

    Cycle through each maintenance period, checking current time foreach maint $lmaint member $lmember { Convert start/end times to seconds from the epoch for easier date comparisons set start_scanned_value [clock scan "[lindex $maint 0]"] set end_scanned_value [clock scan "[lindex $maint 1]"] Now format the times converted from the epoch set start [clock format $start_scanned_value -format "%H%M"] set end [clock format $end_scanned_value -format "%H%M"] set server [lindex $member 0] log $server Check if the current time is between the start and end times log now.$now log start.$start log end.$end if {$now > $start && $now < $end}{ log local0. "I'm inside the if" pool [LB::server pool] member $server 80 } } Default action is to use the virtual server default pool } '

  • Hi if you look at the https://devcentral.f5.com/wiki/iRules.pool.ashx you will see a syntax for pool which let's you select not only a pool, but a pool member from that pool. The expected behaviour of

    pool [LB::server pool] member $member 80

    is to select the member denoted by the IP in $member on port 80 (I assumed 80). It's superior to using the node command as it will look at the status of the member within the pool [LB::server pool] (which is just the currently selected pool), and if it's marked down will immediately throw LB_FAILED rather than (with node, where it's not aware of the member status) waiting until syn retransmit limit is hit before deciding the node cannot be reached.

    Try adding in the following logging statements while you troubleshoot;-

     

    when LB_FAILED {
        log local0. "[HTTP::uri] [LB::server]"
    }
    when LB_SELECTED {
        log local0. "[HTTP::uri] [LB::server]"
    }